Commit Graph

1606 Commits

Author SHA1 Message Date
Kai Qiang Wu(Kennan) 2422bc30f5 Add the missed volume filter
Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2017-06-02 00:07:32 +00:00
Vivek Goyal 8db4ee005a devmapper: Add a new option dm.min_free_space
Once thin pool gets full, bad things can happen. Especially in case of xfs
it is possible that xfs keeps on retrying IO infinitely (for certain kind
of IO) and container hangs. 

One way to mitigate the problem is that once thin pool is about to get full,
start failing some of the docker operations like pulling new images or
creation of new containers. That way user will get warning ahead of time
and can try to rectify it by creating more free space in thin pool. This
can be done either by deleting existing images/containers or by adding more
free space to thin pool.

This patch adds a new option dm.min_free_space to devicemapper graph
driver. Say one specifies dm.min_free_space=10%. This means atleast
10% of data and metadata blocks should be free in pool before new device
creation is allowed, otherwise operation will fail.

By default min_free_space is 10%. User can change it by specifying
dm.min_free_space=X% on command line. A value of 0% will disable the
check.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
2017-06-02 00:07:32 +00:00
Liron Levin ce28fa45b0 Run privileged containers when userns are specified
Following #19995 and #17409 this PR enables skipping userns re-mapping
when creating a container (or when executing a command). Thus, enabling
privileged containers running side by side with userns remapped
containers.

The feature is enabled by specifying ```--userns:host```, which will not
remapped the user if userns are applied. If this flag is not specified,
the existing behavior (which blocks specific privileged operation)
remains.

Signed-off-by: Liron Levin <liron@twistlock.com>
2017-06-02 00:07:32 +00:00
Aaron Lehmann b2b5bc9937 Add support for identity tokens in client credentials store
Update unit test and documentation to handle the new case where Username
is set to <token> to indicate an identity token is involved.

Change the "Password" field in communications with the credential helper
to "Secret" to make clear it has a more generic purpose.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:07:31 +00:00
Madhu Venugopal 2168c53ee9 Include all endpoints in network inspect object
Prior to this change, the "docker network inspect" contains only the
endpoints that have active local container. This excludes all the remote
and stale endpoints. By including all the endpoints, it makes debugging
much simpler and also allows the user to cleanup any stale endpoints
using "docker network disconnect -f {network} {endpoint-name}".

Signed-off-by: Madhu Venugopal <madhu@docker.com>
2017-06-02 00:07:31 +00:00
Kai Qiang Wu(Kennan) 6aae59673e Fix the typo url and info
Some info is not consistent between context and word.

Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2017-06-02 00:07:31 +00:00
Brent Salisbury 3362f6c8fd docs for experimental vlan net drivers
Signed-off-by: Brent Salisbury <brent@docker.com>
2017-06-02 00:07:31 +00:00
Shijiang Wei 4982947250 docs: fix broken links
Signed-off-by: Shijiang Wei <mountkin@gmail.com>
2017-06-02 00:07:31 +00:00
Antonio Murdaca d437e32541 docs: add $ before HOME
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:31 +00:00
David Calavera 02a1c138d0 Move registry service options to the daemon configuration.
Allowing to set their values in the daemon configuration file.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:31 +00:00
Dan Walsh b5c9713ee0 Add a parent man page for docker volumes command
It is difficult to gather information about docker volumes command
without a parent man page.

This man page attempts to explain docker volumes and then references
the command man pages.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2017-06-02 00:07:31 +00:00
Antonio Murdaca b20a425cd9 docs: extend: plugins: mention the sdk + systemd socket activation
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:31 +00:00
Jessica Frazelle fd1c2150ad pids limit support
update bash commpletion for pids limit

update check config for kernel

add docs for pids limit

add pids stats

add stats to docker client

Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2017-06-02 00:07:31 +00:00
Mrunal Patel d3f632156e Add support for NoNewPrivileges in docker
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

Add tests for no-new-privileges

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

Update documentation for no-new-privileges

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-06-02 00:07:31 +00:00
Antonio Murdaca 8f095a76ab cliconfig: credentials: set default for unix
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:31 +00:00
Sebastiaan van Stijn 82fe889a6d Update links to Docker Hub
Updates links to Docker Hub with their new
URLs to prevent redirects.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:31 +00:00
Micah Zoltu 31e78dd369 Adds clarification to behavior of missing directories.
Closes #20920

Signed-off-by: Micah Zoltu <micah@zoltu.net>
2017-06-02 00:07:31 +00:00
Brian Goff b1bac487a6 Support mount opts for `local` volume driver
Allows users to submit options similar to the `mount` command when
creating a volume with the `local` volume driver.

For example:

```go
$ docker volume create -d local --opt type=nfs --opt device=myNfsServer:/data --opt o=noatime,nosuid
```

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-06-02 00:07:31 +00:00
Qiang Huang 09f4e2e654 Add CgroupDriver to docker info
Fixes: #19539

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:07:31 +00:00
Sebastiaan van Stijn ecd12ef145 docs: improve note for Fedora 22
Move the note more up, to prevent people from starting
the daemon with --userns-remap before touching the files.

Also clarify that these steps must be done *before* enabling
userns-remap and starting the daemon.

Also fixed some minor Markup formatting issues.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:31 +00:00
Mike Danese f18d114874 daemon/logger: Add logging driver for Google Cloud Logging
Signed-off-by: Mike Danese <mikedanese@google.com>
2017-06-02 00:07:30 +00:00
Sebastiaan van Stijn 6c61d29231 Remove some references to "register" through login
These were left-overs from the now deprecated
and removed functionality to registrer a new account
through "docker login"

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:30 +00:00
Ken Cochrane 317cfbd7bd Remove email address field from login
This removes the email prompt when you use docker login, and also removes the ability to register via the docker cli. Docker login, will strictly be used for logging into a registry server.

Signed-off-by: Ken Cochrane <kencochrane@gmail.com>
2017-06-02 00:07:30 +00:00
Vincent Bernat a305246793 zsh: Reword some descriptions
Use of "Set ..." and "Specify ..." are removed in favor of directly
using nouns.

Also:

 - add description for `run --isolation`
 - reduce description of `run --shm-size`
 - fix `daemon --bip` argument handling

Signed-off-by: Vincent Bernat <vincent@bernat.im>
2017-06-02 00:07:30 +00:00
Qiang Huang 119605fc24 Add docs for cgroup-parent of systemd cgroup
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:07:30 +00:00
David Calavera 6ee9d8a187 Client credentials store.
This change implements communication with an external credentials store,
ala git-credential-helper. The client falls back the plain text store,
what we're currently using, if there is no remote store configured.

It shells out to helper program when a credential store is
configured. Those programs can be implemented with any language as long as they
follow the convention to pass arguments and information.

There is an implementation for the OS X keychain in https://github.com/calavera/docker-credential-helpers.
That package also provides basic structure to create other helpers.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:30 +00:00
Antonio Murdaca 4d6a232fc0 Revert "resolve the config file from the sudo user"
This reverts commit afde6450ee7bd4a43765fdc0a9799b411276d9e4.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:30 +00:00
Linus Heckemann acc094305b Remove experimental GraphDriver plugin type
Signed-off-by: Linus Heckemann <anonymouse2048@gmail.com>
2017-06-02 00:07:30 +00:00
Linus Heckemann 54afb61288 Document interfaces a plugin can implement
Signed-off-by: Linus Heckemann <lheckemann@twig-world.com>
2017-06-02 00:07:30 +00:00
Lei Jitang a0399720ce Fix configuration reloading
There are five options 'debug' 'labels' 'cluster-store' 'cluster-store-opts'
and 'cluster-advertise' that can be reconfigured, configure any of these
options should not affect other options which may have configured in flags.
But this is not true, for example, I start a daemon with -D to enable the
debugging, and after a while, I want reconfigure the 'label', so I add a file
'/etc/docker/daemon.json' with content '"labels":["test"]' and send SIGHUP to daemon
to reconfigure the daemon, it work, but the debugging of the daemon is also diabled.
I don't think this is a expeted behaviour.
This patch also have some minor refactor of reconfiguration of cluster-advertiser.
Enable user to reconfigure cluster-advertiser without cluster-store in config file
since cluster-store could also be already set in flag, and we only want to reconfigure
the cluster-advertiser.

Signed-off-by: Lei Jitang <leijitang@huawei.com>
2017-06-02 00:07:30 +00:00
Antonio Murdaca b610528a6a resolve the config file from the sudo user
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:30 +00:00
Cameron Spear aa86373f28 Add the Local Persist plugin
I wasn't 100% sure if it was appropriate to add plugin here, but @thaJeztah invited me to do so, so here it is!

(see https://github.com/CWSpear/local-persist/issues/17#issuecomment-188523784)

Signed-off-by: Cameron Spear <cameronspear@gmail.com>
2017-06-02 00:07:30 +00:00
Jian Zhang d83df084d3 Fix some flaws in man.
Signed-off-by: Jian Zhang <zhangjian.fnst@cn.fujitsu.com>
2017-06-02 00:07:30 +00:00
Tomasz Kopczynski a429c0e84f Docs: add note about CMD and ENTRYPOINT commands
Signed-off-by: Tomasz Kopczynski <tomek@kopczynski.net.pl>
2017-06-02 00:07:30 +00:00
Antonio Murdaca 6f778ea663 docs: reference: commandline: daemon: fedora 23+ has mapping files
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:30 +00:00
David Calavera beb7b68810 Add mounts to docker ps.
- Allow to filter containers by volume with `--filter volume=name` and `filter volume=/dest`.
- Show their names in the list with the custom format `{{ .Mounts }}`.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:30 +00:00
Aidan Hobson Sayers 543ca10394 Update docs for enableipv6
Signed-off-by: Aidan Hobson Sayers <aidanhs@cantab.net>
2017-06-02 00:07:30 +00:00
Stefan Weil fafe6f2ab2 Fix some typos in comments and strings
Most of them were found and fixed by codespell.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
2017-06-02 00:07:29 +00:00
Zhu Guihua 06e3a6ccd0 Fix markdown style error in man page
Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
2017-06-02 00:07:29 +00:00
Harald Albers 0649b4f517 bash completion for `docker update --restart`
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:29 +00:00
Harald Albers 50f87e458e bash completion for etwlogs logging driver
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:29 +00:00
Zhu Guihua fad60a834e fix storage driver options in man page
Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
2017-06-02 00:07:29 +00:00
Zhang Wei 623082a1eb Update RestartPolicy of container
Add `--restart` flag for `update` command, so we can change restart
policy for a container no matter it's running or stopped.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:07:29 +00:00
Jian Zhang 776757ac28 Fix some flaws in docs
Signed-off-by: Jian Zhang <zhangjian.fnst@cn.fujitsu.com>
2017-06-02 00:07:29 +00:00
Andrew Macpherson 7eed2da516 Document .Names format placeholder in docker-ps man page, fixes #20503.
Signed-off-by: Andrew Macpherson <hopscotch23@gmail.com>
2017-06-02 00:07:29 +00:00
Alessandro Boch 15eb38dfb1 Invoke ReloadConfiguration on network controller
- It reverts fa163f5619bb01cabca1c21 plus a small change
  in order to allow passing the global scope datastore
  to libnetwork after damon boot.

Signed-off-by: Alessandro Boch <aboch@docker.com>
2017-06-02 00:07:29 +00:00
ozlerhakan 79a3c42030 add a section to each volume page
Signed-off-by: ozlerhakan <hakan.ozler@kodcu.com>
2017-06-02 00:07:29 +00:00
Aidan Hobson Sayers 65c94a34be Add docs for --ipv6 option, also add --internal as appropriate
Signed-off-by: Aidan Hobson Sayers <aidanhs@cantab.net>
2017-06-02 00:07:29 +00:00
Zhang Wei c7b4d1c449 Fix docs
Fix wrong descriptions in docs

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:07:29 +00:00
Cedric Davies 56965a4d1d Windows: Add ETW logging driver plug-in
Signed-off-by: Cedric Davies <cedricda@microsoft.com>
2017-06-02 00:07:29 +00:00