These links were temporarily changed, because the
docs were published before the 1.12.0 tag was
available.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Swarm mode makes it possible through the API to set labels to containers
but not through command line. This tries to fix it.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Instead reserve exit code 2 to be future proof, document that it should
not be used. Implementation-wise, it is considered as unhealthy, but
users should not rely on this as it may change in the future.
Signed-off-by: Tibor Vass <tibor@docker.com>
This changes the default behavior so that rolling updates will not
proceed once an updated task fails to start, or stops running during the
update. Users can use docker service inspect --pretty servicename to see
the update status, and if it pauses due to a failure, it will explain
that the update is paused, and show the task ID that caused it to pause.
It also shows the time since the update started.
A new --update-on-failure=(pause|continue) flag selects the
behavior. Pause means the update stops once a task fails, continue means
the old behavior of continuing the update anyway.
In the future this will be extended with additional behaviors like
automatic rollback, and flags controlling parameters like how many tasks
need to fail for the update to stop proceeding. This is a minimal
solution for 1.12.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
These docs have AuthzPlugin with a lower case 'z'. What the plugin
api is actually looking for is AuthZPlugin with an upper case 'Z'.
See 46e3a249a1/pkg/authorization/api.go (L5-L8)
Signed-off-by: Everett Toews <everett.toews@rackspace.com>
Hostnames are not supported for now because libnetwork can't use them
for overlay networking yet.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
There are currently problems with "swarm init" and "swarm join" when an
explicit --listen-addr flag is not provided. swarmkit defaults to
finding the IP address associated with the default route, and in cloud
setups this is often the wrong choice.
Introduce a notion of "advertised address", with the client flag
--advertise-addr, and the daemon flag --swarm-default-advertise-addr to
provide a default. The default listening address is now 0.0.0.0, but a
valid advertised address must be detected or specified.
If no explicit advertised address is specified, error out if there is
more than one usable candidate IP address on the system. This requires a
user to explicitly choose instead of letting swarmkit make the wrong
choice. For the purposes of this autodetection, we ignore certain
interfaces that are unlikely to be relevant (currently docker*).
The user is also required to choose a listen address on swarm init if
they specify an explicit advertise address that is a hostname or an IP
address that's not local to the system. This is a requirement for
overlay networking.
Also support specifying interface names to --listen-addr,
--advertise-addr, and the daemon flag --swarm-default-advertise-addr.
This will fail if the interface has multiple IP addresses (unless it has
a single IPv4 address and a single IPv6 address - then we resolve the
tie in favor of IPv4).
This change also exposes the node's externally-reachable address in
docker info, as requested by #24017.
Make corresponding API and CLI docs changes.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Update documentation to account for the changes in #24952.
docs/swarm/swarm-tutorial/rolling-update.md doesn't need any changes,
but the CLI reference pages should show the current help text.
drain-node.md no longer needs to specify --update-parallelism 1 in its
example.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
f5e1f6f6880391a5a3399023cf93a3c48502e57d replaced "secrets"
with "join tokens", which also removed the "auto-accept"
policy.
This removes some remaining references to those features.
Note that there are other references, but those
are already addressed in another pull request.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Implement the proposal from
https://github.com/docker/docker/issues/24430#issuecomment-233100121
Removes acceptance policy and secret in favor of an automatically
generated join token that combines the secret, CA hash, and
manager/worker role into a single opaque string.
Adds a docker swarm join-token subcommand to inspect and rotate the
tokens.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
At the moment docker's deprecation policy is 2 release cycles by
default, which is around 5 months. This may not be enough for
production environment and there is a need to extend the
deprecation cycle to 3 releases (see #24494).
This fix updates the docs/deprecated.md and extend the deprecation
cycle to 3 releases.
This fix is related to #24494 and #24534.
This fix fixes#24534.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
this improves the formatting, and code-highlighting
of the `docker ps` reference page, and wraps sentences
to 80 chars
also adds single quotes around the formatting
example for labels.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Adds documentation for "--log-driver" and "--log-opt"
for services.
Also updated the API docs to include the new
options, and generated a more complete JSON
example.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
the output/response slightly changed in
340964db1c8f161a2ad156023eb47dcc93bf804b,
and `:latest` is no longer required for
various actions.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This renames the '--bundle' flag for docker (stack) deploy
to be consistent with 'docker build'.
Note that there's no shorthand '-f' added for now,
because this may be confusing on 'docker stack config',
which also takes a file, and for which we may want to
have a '--format' flag in future.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
this removes a copy/pasta whoopsie on my side,
introduced in de64324109d2694b1525e62b5c0072267282a36c
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This adds the `--live-restore` option to the documentation.
Also synched usage description in the documentation
with the actual description, and re-phrased some
flag descriptions to be a bit more consistent.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- the constraint expression needs to be quoted
- add an actual redis container to run so the command line works
Signed-off-by: Anil Madhavapeddy <anil@docker.com>
The change to runc in https://github.com/opencontainers/runc/pull/789
was not documented previously. Also say what this affects and clean
up layout of initial table as there was some miscolouration of the
continuation lines.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Using tabs here seems to cause copy/paste problems in some terminals.
Using spaces is safer.
Fixes#24609
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This adds an `--oom-score-adjust` flag to the daemon so that the value
provided can be set for the docker daemon's process. The default value
for the flag is -500. This will allow the docker daemon to have a
less chance of being killed before containers do. The default value for
processes is 0 with a min/max of -1000/1000.
-500 is a good middle ground because it is less than the default for
most processes and still not -1000 which basically means never kill this
process in an OOM condition on the host machine. The only processes on
my machine that have a score less than -500 are dbus at -900 and sshd
and xfce( my window manager ) at -1000. I don't think docker should be
set lower, by default, than dbus or sshd so that is why I chose -500.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Add a `--network` flag which replaces `--net` without deprecating it
yet. The `--net` flag remains hidden and supported.
Add a `--network-alias` flag which replaces `--net-alias` without deprecating
it yet. The `--net-alias` flag remains hidden and supported.
Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
Looks like there's issues with sourceforge project
pages. Given that sourceforge isn't really what
it used to be, trying to find alternative URLs
where possible.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The "none" option was not added to the documentation.
This adds an example, and adds additional information
on manually accepting or rejecting a node.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Add option to skip kernel check for older kernels which have been patched to support multiple lower directories in overlayfs.
Fixes#24023
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Kernel memory is not allowed to be updated if container is
running, it's not actually a precise kernel limitation.
Before kernel version 4.6, kernel memory will not be accounted
until kernel memory limit is set, if a container created with
kernel memory initialized, kernel memory is accounted as soon
as process created in container, so kernel memory limit update
is allowed afterward. If kernel memory is not initialized,
kernel memory consumed by processes in container will not be
accounted, so we can't update the limit because the account
will be wrong.
So update kernel memory of a running container with kernel memory
initialized is allowed, we should soften the limitation by docker.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
- Update ps with `--last` flag
- Update commands with current output
- Make sure hugo does not detect the wrong language
- Update usage for `tag` command to be more coherent with the other ones
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
The current behavior of `docker swarm init` is to set up a swarm that
has no secret for joining, and does not require manual acceptance for
workers. Since workers may sometimes receive sensitive data such as pull
credentials, it makes sense to harden the defaults.
This change makes `docker swarm init` generate a random secret if none
is provided, and print it to the terminal. This secret will be needed to
join workers or managers to the swarm. In addition to improving access
control to the cluster, this setup removes an avenue for
denial-of-service attacks, since the secret is necessary to even create
an entry in the node list.
`docker swarm init --secret ""` will set up a swarm without a secret,
matching the old behavior. `docker swarm update --secret ""` removes the
automatically generated secret after `docker swarm init`.
Closes#23785
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
In #24159, the title field of `docker node ls` has been
changed from NAME to HOSTNAME. However, in the docs the
NAMEs are still used for the output of `docker node ls`.
This fix updates docs so that NAME field is changed to
HOSTNAME for all `docker node ls`.
This fix is related to #24159 and #24090.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
The --auto-accept documentation currently says that both worker and
manager nodes are automatically accepted by default. Correct it.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
For consistency with other filters (such as
"is-official"), this renames the desired_state
filter to "desired-state".
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This deprecates the shorthand '-h', because we don't mention it as an option,
and it conflicts with the 'docker create -h/--hostname' option, so cannot be
used for all commands consistently.
This also removes the (single-dash) '-help' option. The single-dash variant was
marked "deprecated" in version 1.5.0 (basically, since it was added in
a2b529ead21e6ab9eafcb1b1d2437c725c43a06a), but still kept around to
prevent '-help' being treated as '-h -e -l -p', causing confusing
warnings.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The reason why the issue occurs is because sh parses the first argument after -c as the whole script to execute.
Everything after isn't executed as one might expect.
When working on the 'fix' I found out the same fix is also done in commit 2af7c5cfe24b4c8e931f751979b5e69e20ba77e2, except only for one occurrence.
Signed-off-by: Serhat Gülçiçek <serhat+signoff@equil.nl>
Make `--dispatcher-heartbeat-period` a duration in `docker swarm
update`, allowing to express the value as "5s", "1h", etc.
Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
fixing links after moving surfacing tutorials
fixing more links for the newly located tutorials
Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>
Signed-off-by: Shoubhik Bose <sbose78@gmail.com>
Added explanation for the example with image's digest ( as per @thaJeztah 's comment
Signed-off-by: Shoubhik Bose <sbose78@gmail.com>
Wrapped to ~80 chars
Signed-off-by: Shoubhik Bose <sbose78@gmail.com>
fixed broken links created from Engine Overview update by adding missing topic to daemon reference page and updating the hrefs in the api pages
Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>
This fixes some Markup and formatting
issues in the network documentation;
- wrap text to 80 chars
- add missing language hints for code examples
- add missing line continuations (\)
- update USAGE output for Cobra
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This adds support for filtering by network ID, to be
consistent with other filter options.
Note that only *full* matches are returned; this is
consistent with other filters (e.g. volume), that
also return full matches only.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This endpoint has been deprecated since 1.8. Return an error starting
from this API version (1.24) in order to make sure it's not used for the
next API version and so that we can remove it some times later.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
This fix fixed a couple of typos in the docs of `docker attach`:
docs/reference/commandline/attach.md
man/docker-attach.1.md
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This is similar to network scopes where a volume can either be `local`
or `global`. A `global` volume is one that exists across the entire
cluster where as a `local` volume exists on a single engine.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This fix fixes a couple of typos in docker attach docs:
docs/reference/commandline/attach.md
man/docker-attach.1.md
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to address several issues in deprecated.md:
1. For deprecated and removal versions, some include link reference
to the release tag but some does not point to the release tag. This
fix adds the missing links as long as the version is <= 1.12.
2. Technically, 1.12 is not released yet so the link to 1.12 does
not exist yet. However, at the time 1.12 is released this
deprecated.md doc should have been part of the release as well.
There is a circular dependency. This fix adds 1.12 for now.
3. `HostConfig at API container start` has already been removed
by #22570 so this fix changes `Target For Removal In Release: v1.12`
to `Removed In Release: v1.12`.
4. `Docker search 'automated' and 'stars' options` has not been removed
yet so this fix changes `Removed In Release: v1.14` to
`Target For Removal In Release: v1.14`
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to address the issue raised in #23055.
Currently `docker search` result caps at 25 and there is
no way to allow getting more results (if exist).
This fix adds the flag `--limit` so that it is possible
to return more results from the `docker search`.
Related documentation has been updated.
Additional tests have been added to cover the changes.
This fix fixes#23055.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to address the issue raised in #20083 where
comment is not supported in `.dockerignore`.
This fix updated the processing of `.dockerignore` so that any
lines starting with `#` are ignored, which is similiar to the
behavior of `.gitignore`.
Related documentation has been updated.
Additional tests have been added to cover the changes.
This fix fixes#20083.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This PR adds support for user-defined health-check probes for Docker
containers. It adds a `HEALTHCHECK` instruction to the Dockerfile syntax plus
some corresponding "docker run" options. It can be used with a restart policy
to automatically restart a container if the check fails.
The `HEALTHCHECK` instruction has two forms:
* `HEALTHCHECK [OPTIONS] CMD command` (check container health by running a command inside the container)
* `HEALTHCHECK NONE` (disable any healthcheck inherited from the base image)
The `HEALTHCHECK` instruction tells Docker how to test a container to check that
it is still working. This can detect cases such as a web server that is stuck in
an infinite loop and unable to handle new connections, even though the server
process is still running.
When a container has a healthcheck specified, it has a _health status_ in
addition to its normal status. This status is initially `starting`. Whenever a
health check passes, it becomes `healthy` (whatever state it was previously in).
After a certain number of consecutive failures, it becomes `unhealthy`.
The options that can appear before `CMD` are:
* `--interval=DURATION` (default: `30s`)
* `--timeout=DURATION` (default: `30s`)
* `--retries=N` (default: `1`)
The health check will first run **interval** seconds after the container is
started, and then again **interval** seconds after each previous check completes.
If a single run of the check takes longer than **timeout** seconds then the check
is considered to have failed.
It takes **retries** consecutive failures of the health check for the container
to be considered `unhealthy`.
There can only be one `HEALTHCHECK` instruction in a Dockerfile. If you list
more than one then only the last `HEALTHCHECK` will take effect.
The command after the `CMD` keyword can be either a shell command (e.g. `HEALTHCHECK
CMD /bin/check-running`) or an _exec_ array (as with other Dockerfile commands;
see e.g. `ENTRYPOINT` for details).
The command's exit status indicates the health status of the container.
The possible values are:
- 0: success - the container is healthy and ready for use
- 1: unhealthy - the container is not working correctly
- 2: starting - the container is not ready for use yet, but is working correctly
If the probe returns 2 ("starting") when the container has already moved out of the
"starting" state then it is treated as "unhealthy" instead.
For example, to check every five minutes or so that a web-server is able to
serve the site's main page within three seconds:
HEALTHCHECK --interval=5m --timeout=3s \
CMD curl -f http://localhost/ || exit 1
To help debug failing probes, any output text (UTF-8 encoded) that the command writes
on stdout or stderr will be stored in the health status and can be queried with
`docker inspect`. Such output should be kept short (only the first 4096 bytes
are stored currently).
When the health status of a container changes, a `health_status` event is
generated with the new status. The health status is also displayed in the
`docker ps` output.
Signed-off-by: Thomas Leonard <thomas.leonard@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Add reference to https://github.com/vmware/docker-volume-vsphere to Docker's list of plugins.
This is an officially supported plugin from VMware.
Signed-off-by: Ritesh H Shukla <sritesh@vmware.com>
The -f flag on docker tag has been deprecated in docker 1.10 and
is expected to be removed in docker 1.12.
This fix removed the -f flag on docker tag and also updated
deprecated.md.
NOTE: A separate pull request for engine-api has been opened to
cover the related changes.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Since 1.9, the following short variant options have been
deprecated in favor of their long variants:
`docker run -c (--cpu-shares)`
`docker build -c (--cpu-shares)`
`docker create -c (--cpu-shares)`
`docker update -c (--cpu-shares)`
However, `-c` is still widely used and is considered as
a convenient option for swarm (see #16271).
This fix undeprecated the command line short
variant options of `-c` and updated the deprecated.md.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix fixes an error in documentation (dockerd.md). In the
example given by dockerd.md, the option `cluster-store-opts`
is assigned with an array but this option can only be assigned
as a map.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Add support for two now filter on the `images` command : `before` and
`since`. They work the same as the one on the `ps` command but for
images.
$ docker images --filter before=myimage
# display all images older than myimage
$ docker images --filter since=myimage
# display all images younger than myimage
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
This fix tries to address the issue raised in #21976 and allows
the options of `--add-host` and `--net=host` to work at the same time.
The documentation has been updated and additional tests have been
added to cover this change.
This fix fixes#21976.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to address the issue raised in #21976 and allows
the options of `--dns`, `--dns-search`, `--dns-opt` and `--net=host`
to work at the same time.
The documentation has been updated and additional tests have been
added to cover this change.
This fix fixes#21976.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to cover the issue raised in #22463 by adding
filter for events emitted by docker daemon so that user could
utilize filter to receive events of interest.
Documentations have been updated for this fix.
Additional tests have been added to cover the changes in this fix.
This fix fixes#22463.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to cover the issue raised in #22463 by emitting
events for docker daemon so that user could be notified by
scenarios like config reload, etc.
This fix adds the `daemon reload`, and events for docker daemon.
Additional tests have been added to cover the changes in this fix.
This fix fixes#22463.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
- Add link to valid image name and tag formats in referenced files
- Per review comments, updated docs to remove reference to `USERNAME` and
`REGISTRYHOST`.
- Per review comment, removed links from man page.
- Per review comment, added and updated examples on `docker tag`
Signed-off-by: Subhajit Ghosh <isubuz.g@gmail.com>
The filtering is made server-side, and the following filters are
supported:
* is-official (boolean)
* is-automated (boolean)
* has-stars (integer)
Signed-off-by: Fabrizio Soppelsa <fsoppelsa@mirantis.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Automatic translation of MLS labels is currently not
supported, so should not be documented as an example.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>