This introduce a new `--device-cgroup-rule` flag that allow a user to
add one or more entry to the container cgroup device `devices.allow`
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
* Depending on the host configuration between the docker engine and the remote host we wish to mount using sshfs, a password may be required.
* Confirmed syntax for optional parameter with @vieux
* Verified change works as desired with engine running on Ubuntu host and mounting a volume from a file system on a Mac.
Signed-off-by: David Williamson <david.williamson@docker.com>
This fix tries to address the issue raised in 29972 where
it was not possible to specify `--read-only` for `docker service create`
and `docker service update`, in order to have the container's root file
system to be read only.
This fix adds `--read-only` and update the `ReadonlyRootfs` in `HostConfig`
through `service create` and `service update`.
Related docs has been updated.
Integration test has been added.
This fix fixes 29972.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
- Use the word letter rather than character to refer to letters ;) when trying to specify that only letters and numbers can be used, and not ANY character...
- Small corrections
Fixes#29821
Signed-off-by: Timothy Hobbs <timothy@hobbs.cz>
This fix tries to add a placeholder `.CreatedAt` for Go
format template in `docker network ls --format`.
While working on 29226, I noticed that it is not possible to
display network's creation time in `docker network ls`, with or
without `--format`.
We are able to find the timestamp through `docker network inspect` though.
However, as we allows networks to be pruned based on the timestamp
(see 29226), showing the timestamp in `docker network ls --format`
would be much useful now.
This fix adds the `.CreatedAt` placeholder for `docker network ls --format`.
The default output was not changed for `docker network ls --format`.
A test case for unit tests has been added.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Commit ed13c3abfb242905ec012e8255dc6f26dcf122f6 added flags
for Docker Content Trust. Depending on the `verify` boolean,
the message is "Skip image verification", or "Skip image signing".
"Signing" is intended for `docker push` / `docker plugin push`.
During the migration to Cobra, this boolean got flipped for
`docker push` (9640e3a4514f96a890310757a09fd77a3c70e931),
causing `docker push` to show the incorrect flag description.
This patch changes the flags to use the correct description
for `docker push`, and `docker plugin push`.
To prevent this confusion in future, the boolean argument
is removed, and a `AddTrustSigningFlags()` function is added.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fix tries to address the enhancement discussed in 28735 to add
`--format` for the output of `docker plugin ls`.
This fix
1. Add `--format` and `--quiet` flags to `docker plugin ls`
2. Convert the current implementation to use `formatter`, consistent with
other docker list commands.
3. Add `pluginsFormat` for config.json.
Related docs has been updated.
Several unit tests have been added to cover the changes.
This fix is related to 28708 and 28735.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Issue #30082 demonstrated that their is possible confusion with the "/."
where the tailing "." can appear to be merely punctuation within the
document rather than a highly pertinent part of `SRC_PATH`.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
This fix adds a new flag `--availability` to `swarm join`.
Related documentation has been updated.
An integration test has been added.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to address the issue raised in 24596 where it was not
possible to join as manager only (`--availability=drain`).
This fix adds a new flag `--availability` to `swarm join`.
Related documentation has been updated.
An integration test has been added.
NOTE: Additional pull request for swarmkit and engine-api will
be created separately.
This fix fixes 24596.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix is a follow up for comment
https://github.com/docker/docker/pull/28535#issuecomment-263215225
This fix provides `--filter until=<timestamp>` for `docker container/image prune`.
This fix adds `--filter until=<timestamp>` to `docker container/image prune`
so that it is possible to specify a timestamp and prune those containers/images
that are earlier than the timestamp.
Related docs has been updated
Several integration tests have been added to cover changes.
This fix fixes#28497.
This fix is related to #28535.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to address issue raised in 25228 to support
multiple service IDs on `docker service ps`.
Multiple IDs are allowed with `docker service ps ...`, and
related documentation has been updated.
A test has been added to cover the changes.
This fix fixes 25228.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
The `DOCKER_HIDE_LEGACY_COMMANDS` environment
variable was added in a7c8bcac2ba60d6dd25a1157085d9245bed556ce
but not documented.
This adds the variable to the documentation.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: zhenghenghuo <zhenghenghuo@zju.edu.cn>
try to pass test
Signed-off-by: zhenghenghuo <zhenghenghuo@zju.edu.cn>
try to pass the test
Signed-off-by: zhenghenghuo <zhenghenghuo@zju.edu.cn>
In #28507 and #28885, `docker service/node ps -a` has been removed so that
information about slots are show up even without `-a` flag.
The output of `docker stack ps` reused the same output as `docker service/node ps`.
However, the `-a` was still there. It might make sense to remove `docker stack ps -a`
as well to bring consistency with `docker service/node ps`.
This fix is related to #28507, #28885, and #25983.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Move plugins to shared distribution stack with images.
Create immutable plugin config that matches schema2 requirements.
Ensure data being pushed is same as pulled/created.
Store distribution artifacts in a blobstore.
Run init layer setup for every plugin start.
Fix breakouts from unsafe file accesses.
Add support for `docker plugin install --alias`
Uses normalized references for default names to avoid collisions when using default hosts/tags.
Some refactoring of the plugin manager to support the change, like removing the singleton manager and adding manager config struct.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
When plugins have a positive refcount, they were not allowed to be
removed. However, plugins could still be disabled when volumes
referenced it and containers using them were running.
This change fixes that by enforcing plugin refcount during disable.
A "force" disable option is also added to ignore reference refcounting.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
This fix tries to address the issue raised in 29291 where
the output of `--replicas` in `service create/update`:
```
--replicas uint Number of tasks (default none)
```
is misleading. User might incorrectly assume the number of replicas
would be `0` (`none`) by default, while the actual default is `1`.
The issue comes from the fact that some of the default values are
from daemon and it is not possible for client to find out the default
value.
In this case, it might be better to just simply not displaying `(default none)`.
This fix returns "" for `Uint64Opt` so that `(default none)` is hidden.
In addition to `--replicas`, this fix also changes
`--restart-delay`, `--restart-max-attempts`, `--stop-grace-period`,
`--health-interval`, `--health-timeout`, and `--restart-window`
in a similiar fashion.
New Output:
```
--health-interval duration Time between running the check (ns|us|ms|s|m|h)
--health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h)
...
--replicas uint Number of tasks
...
--restart-delay duration Delay between restart attempts (ns|us|ms|s|m|h)
--restart-max-attempts uint Maximum number of restarts before giving up
--restart-window duration Window used to evaluate the restart policy (ns|us|ms|s|m|h)
...
--stop-grace-period duration Time to wait before force killing a container (ns|us|ms|s|m|h)
```
The docs has been updated. Note the docs for help output of `service create/update`
is out of sync with the current master. This fix replace with the update-to-date
help output.
This fix fixes 29291.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to address the issue raised in 28581 and 28927
where it is not possible to create a secret from a file (only
through STDIN).
This fix add a flag `--file` to `docker secret create` so that
it is possible to create a secret from a file with:
```
docker secret create --file secret.in secret.name
```
or
```
echo TEST | docker secret create --file - secret.name
```
Related docs has been updated.
An integration test has been added to cover the changes.
This fix fixes 28581.
This fix is related to 28927.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
the "docker swarm leave" command description
mentioned that the command can only be used
for workers, however, the command can also
be used for managers (using the `-f` / `--force`
option).
this patch removes the "(workers only)" part
of the command description.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
commit bbd2018ee19eff5594ae3986bf56fbcd0044699d
changed the output format of `docker service ps`.
this patch updates the reference docs
to match the updated output format.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When inspecting a container, `NetworkSettings` contains top-level
information about the default ("bridge") network;
`EndpointID`, `Gateway`, `GlobalIPv6Address`, `GlobalIPv6PrefixLen`,
`IPAddress`, `IPPrefixLen`, `IPv6Gateway`, and `MacAddress`.
These properties are deprecated in favor of per-network properties in
`NetworkSettings.Networks`. These properties were already "deprecated" in
docker 1.9, but kept around for backward compatibility.
Refer to [#17538](https://github.com/docker/docker/pull/17538) for further
information.
This officially deprecates these properties, and marks them
for removal in 1.16
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Legacy plugins expect host-relative paths (such as for Volume.Mount).
However, a containerized plugin cannot respond with a host-relative
path. Therefore, this commit modifies new volume plugins' paths in Mount
and List to prepend the container's rootfs path.
This introduces a new PropagatedMount field in the Plugin Config.
When it is set for volume plugins, RootfsPropagation is set to rshared
and the path specified by PropagatedMount is bind-mounted with rshared
prior to launching the container. This is so that the daemon code can
access the paths returned by the plugin from the host mount namespace.
Signed-off-by: Tibor Vass <tibor@docker.com>
This fix tries to address the enhancement proposed in 28708 to display
ID field for the output of `docker plugin ls`.
This fix add `ID` field to the output of `docker plugin ls`
Related docs has been updated.
This fix fixes 28708.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to address the issue raised in discussion of
PR 28735 where it was not possible to manage plugin based on
plugin ID. Previously it was not possible to invoke
`docker plugin inspect` with a plugin ID (or ID prefix).
This fix updates the implementation of `docker plugin inspect`
so that it is possbile to search based on a plugin name, or a
plugin ID. A short format of plugin ID (prefix) is also possible,
as long as there is no ambiguity.
Previously the check of `docker plugin inspect` was mostly done
on the client side. This could potentially cause inconsistency
between API and CMD. This fix move all the checks to daemon side
so that API and CMD will be consistent.
An integration test has been added to cover the changes.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This commit reverts 273eeb813c1db0f42c2ad5e053972eeb00907568 (#26825).
For the discussion so far, please refer to #28527.
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
`docker stack config` command does not exists anymore, removing it
from the command reference documentation.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Currently the help output of `docker network ls --filter` is:
```
Options:
-f, --filter value Provide filter values (i.e. 'dangling=true') (default [])
...
```
This caused confusion as only the following filters are supported at the moment:
- `driver`
- `type`
- `name`
- `id`
- `label`
This fix update the help output of `docker network ls --filter` and `network_ls.md`.
The `dangling=true` description has been replace to:
```
Options:
-f, --filter filter Provide filter values (i.e. 'driver=bridge')
...
```
This fix fixes 28786.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
The "--no-trunc" option toggles between showing/hiding
digests.
This updates the reference to show this difference.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
A recent PR added `(ns|us|ms|s|m|h)` to the descriptions of some
duration options, but not all. Add it to the remaining options for
consistency.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Adds section about the hub deprecating the v1 protocol.
Adds note about intent to disable by default and remove support.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
This fix updates docs for `docker info` for most recent changes.
It also made several chagnes:
1. Replace 0.12.0-dev to 0.13.0 for api docs v1.24.
2. Replace 0.13.0-dev to 0.13.0 for api docs v1.25
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This feature was reverted for docker 1.13
in c5251f7116e3d9095a7169fc31bd170dff997c2e,
so removing the documentation as well.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
… for `docker images`.
This deprecates the `filter` param for the `/images` endpoint and make a
new filter called `reference` to replace it. It does change the CLI
side (still possible to do `docker images busybox:musl`) but changes the
cli code to use the filter instead (so that `docker images --filter
busybox:musl` and `docker images busybox:musl` act the same).
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
This fix tries to address 27902 by adding a flag `--host`
to `docker service create` and `--host-add/--host-rm` to
`docker service update`, so that it is possible to
specify extra `host:ip` settings in `/etc/hosts`.
This fix adds `Hosts` in swarmkit's `ContainerSpec` so that it
is possible to specify extra hosts during service creation.
Related docs has been updated.
An integration test has been added.
This fix fixes 27902.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This change incorporates feedback from @thaJeztah in the PR that added
the autolock flag. It changes the descriptions to be different for
"swarm init" and "swarm update" so that the boolean nature so that the
purpose of the flag in both contexts is clearer.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This fix is a follow up to #27567 based on:
https://github.com/docker/docker/pull/27567#issuecomment-259295055
In #27567, `--dns-options` has been added to `service create/update`,
together with `--dns` and `--dns-search`. The `--dns-opt` was used
in `docker run`.
This fix add `--dns-option` (not `--dns-options`) to `docker run/create`, and hide
`--dns-opt`. It is still possible to use `--dns-opt` with
`docker run/create`, though it will not show up in help output.
This fix change `--dns-options`to --dns-option` for `docker service create`
and `docker service update`.
This fix also updates the docs and bash/zsh completion scripts.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix is based on the comment:
https://github.com/docker/docker/pull/28147#discussion_r86996347
Previously the output string of the `DurationOpt` is `duration-ptr`
and `Uint64Opt` is `uint64-ptr`. While it is clear to developers,
for a normal user `-ptr` might not be very informative.
On the other hand, the default value of `DurationOpt` and `Uint64Opt`
has already been quite informative: `none`. That means if no flag
provided, the value will be treated as none.
(like a ptr with nil as the default)
For that reason this fix removes the `-ptr`.
Also, the output in the docs of `service create` has been quite
out-of-sync with the true output. So this fix updates the docs
to have the most up-to-date help output of `service create --help`.
This fix is related to #28147.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
See #21157 for more details.
In a future version of Docker, providing a version to API calls
will be mandatory. An implementation of this is in #27801.
Signed-off-by: Ben Firshman <ben@firshman.co.uk>
Add the following options to "swarm init" and "swarm update":
- --max-snapshots: Retain this many old Raft snapshots in addition
to the latest one
- --snapshot-interval: Number of log entries between Raft snapshots
These options already existed in SwarmKit and the Docker API but were
never exposed in the CLI. I'm adding them here to fix this oversight.
--max-snapshots may be useful for debugging purposes and more
conservative users who want to store rolling backups of old versions of
the Raft state.
--snapshot-interval is most useful for performance tuning. The default
value of 10000 may not be ideal for some setups.
There is also a LogEntriesForSlowFollowers option that is not exposed. I
decided not to expose it along with these others because I don't think
it's generally useful (and I'm not sure what I would call the CLI flag).
But if people want, I can expose it for the sake of completeness.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This fix adds `--dns-add`, `--dns-rm`, `--dns-opt-add`, `--dns-opt-rm`,
`--dns-search-add` and `--dns-search-rm` to `service update`.
An integration test and a unit test have been added to cover the changes in this fix.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to fix the issue raised in 24391 about allowing
custom DNS settings to service definition.
This fix adds `DNSConfig` (`Nameservers`, `Options`, `Search`) to
service definition, as well as `--dns`, `--dns-opt`, and `dns-search`
to `service create`.
An integration test has been added to cover the changes in this fix.
This fix fixes 24391.
A PR in swarmkit will be created separately.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix is based on the comment in
https://github.com/docker/docker/pull/27567#discussion_r86910604
Basically, in the help output of `docker service update`, the `--xxx-add`
flags typically have plural forms while `--xxx-rm` flags have singular
forms.
This fix updates the help output for consistency.
This fix also updates the related docs in `service_update.md`.
The help output in `service_update.md` has been quite out-of-sync
with the actual output so this fix replaces the output with the
most up-to-date output.
This fix is related to #27567.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to add `--tty` to `docker service create/update`. As was
specified in 25644, `TTY` flag has been added to SwarmKit and is
already vendored.
This fix add `--tty` to `docker service create/update`.
Related document has been updated.
Additional integration tests has been added.
This fix fixes 25644.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
PR 24978 adds hint of of progress to the output of `docker build`
for 1.13, in the format of
```
Step 1/5 ...
...
Step 2/5 ...
...
```
Though some of the docs hasn't been updated.
This fix did a grep in docs and updated the related places.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to address the proposal raised in 27921 and add
`--cpus` flag for `docker run/create`.
Basically, `--cpus` will allow user to specify a number (possibly partial)
about how many CPUs the container will use. For example, on a 2-CPU system
`--cpus 1.5` means the container will take 75% (1.5/2) of the CPU share.
This fix adds a `NanoCPUs` field to `HostConfig` since swarmkit alreay
have a concept of NanoCPUs for tasks. The `--cpus` flag will translate
the number into reused `NanoCPUs` to be consistent.
This fix adds integration tests to cover the changes.
Related docs (`docker run` and Remote APIs) have been updated.
This fix fixes 27921.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Manager now auto-detects the address that an agent connects to the cluster
from and stores it. This is useful for many kinds of internal cluster
management tools.
Signed-off-by: Drew Erny <drew.erny@docker.com>
As for `ps`, `images`, `network ls` and `volume ls`, this makes it
possible to define a custom default format.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Allow built images to be squash to scratch.
Squashing does not destroy any images or layers, and preserves the
build cache.
Introduce a new CLI argument --squash to docker build
Introduce a new param to the build API endpoint `squash`
Once the build is complete, docker creates a new image loading the diffs
from each layer into a single new layer and references all the parent's
layers.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
If user namespaces is enabled on the daemon, reveal that via docker info
by adding "userns" to the list of security options reported by the
info endpoint.
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
It seems that `max-concurrent-downloads` and `max-concurrent-uploads`
are supported in Windows for `config.json`. Though that was not
mentioned in the docs for dockerd.md.
This fix adds the following to the example `config.json` file for Windows:
```
"max-concurrent-downloads": 3,
"max-concurrent-uploads": 5,
```
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
--group-add was used for specifying groups for both service create
and service update. For create it was confusing since we don't have
an existing set of groups. Instead I added --group to create, and
moved --group-add to service update only, like --group-rm
This deals with issue 27646
Signed-off-by: Lily Guo <lily.guo@docker.com>
Update flag documentation
Specify that --group, --group-add and --groupd-rm refers to
supplementary user groups
Signed-off-by: Lily Guo <lily.guo@docker.com>
Fix docs for groups and update completion scripts
Signed-off-by: Lily Guo <lily.guo@docker.com>
A HealthConfig entry was added to the ContainerSpec associated with the
service being created or updated.
Signed-off-by: Cezar Sa Espinola <cezarsa@gmail.com>
The --name flag was inadvertently added to
docker service update, but is not supported,
as it has various side-effects (e.g., existing
tasks are not renamed).
This removes the flag from the service update
command.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fix tries to address the issue in 24712 and add
`--env-file` file to `docker create service`.
Related documentation has been updated.
An additional integration has been added.
This fix fixes 24712.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
containers may specify these cgroup values at runtime. This will allow
processes to change their priority to real-time within the container
when CONFIG_RT_GROUP_SCHED is enabled in the kernel. See #22380.
Also added sanity checks for the new --cpu-rt-runtime and --cpu-rt-period
flags to ensure that that the kernel supports these features and that
runtime is not greater than period.
Daemon will support a --cpu-rt-runtime flag to initialize the parent
cgroup on startup, this prevents the administrator from alotting runtime
to docker after each restart.
There are additional checks that could be added but maybe too far? Check
parent cgroups to ensure values are <= parent, inspecting rtprio ulimit
and issuing a warning.
Signed-off-by: Erik St. Martin <alakriti@gmail.com>
`docker network prune` prunes unused networks, including overlay ones.
`docker system prune` also prunes unused networks.
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
The following sentences (introduced in v1.11 via #21160) were misleading for Swarm mode services (>= v1.12)
For networks backed by multi-host network driver, such as Overlay,
this command also shows the container endpoints in other hosts in the
cluster. These endpoints are represented as "ep-{endpoint-id}" in the output.
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
This fix tries to address the issue raised in 24392 where
labels with duplicate keys exist in `docker info`, which
contradicts with the specifications in the docs.
The reason for duplicate keys is that labels are stored as
slice of strings in the format of `A=B` (and the input/output).
This fix tries to address this issue by checking conflict
labels when daemon started, and remove duplicate labels (K-V).
The existing `/info` API has not been changed.
An additional integration test has been added to cover the
changes in this fix.
This fix fixes 24392.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Currently, there's no way to restart the tasks of a service without
making an actual change to the service. This leads to us giving awkward
workarounds as in
https://github.com/docker/docker.github.io/pull/178/files, where we tell
people to scale a service up and down to restore balance, or make
unnecessary changes to trigger a restart.
This change adds a --force option to "docker service update", which
forces the service to be updated even if no changes require that.
Since rolling update parameters are respected, the user can use
"docker service --force" to do a rolling restart. For example, the
following is supported:
docker service update --force --update-parallelism 2 \
--update-delay 5s myservice
Since the default value of --update-parallelism is 1, the default
behavior is to restart the service one task at a time.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Passing {{.Networks}} to the format parameter will prompt ps to
display all the networks the container is connected to.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Keeping the current behavior for exec, i.e., inheriting
variables from main process. New variables will be added
to current ones. If there's already a variable with that
name it will be overwritten.
Example of usage: docker exec -it -e TERM=vt100 <container> top
Closes#24355.
Signed-off-by: Jonh Wendell <jonh.wendell@redhat.com>
This fix tries to add a daemon config parameter `--shutdown-timeout`
that specifies the timeout value to stop containers gracefully
(before SIGKILL). The default value is 15s.
The `--shutdown-timeout` parameter is added to daemon options and
config file. It will also be updated during daemon reload.
Additional test cases have been added to cover the change.
This fix fixes#22471.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This adds support for two enhancements to swarm service rolling updates:
- Failure thresholds: In Docker 1.12, a service update could be set up
to either pause or continue after a single failure occurs. This adds
an --update-max-failure-ratio flag that controls how many tasks need to
fail to update for the update as a whole to be considered a failure. A
counterpart flag, --update-monitor, controls how long to monitor each
task for a failure after starting it during the update.
- Rollback flag: service update --rollback reverts the service to its
previous version. If a service update encounters task failures, or
fails to function properly for some other reason, the user can roll back
the update.
SwarmKit also has the ability to roll back updates automatically after
hitting the failure thresholds, but we've decided not to expose this in
the Docker API/CLI for now, favoring a workflow where the decision to
roll back is always made by an admin. Depending on user feedback, we may
add a "rollback" option to --update-failure-action in the future.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This fix tries to add a flag `--stop-timeout` to specify the timeout value
(in seconds) for the container to stop before SIGKILL is issued. If stop timeout
is not specified then the default timeout (10s) is used.
Additional test cases have been added to cover the change.
This fix is related to #22471. Another pull request will add `--shutdown-timeout`
to daemon for #22471.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Kenfe-Mickael Laventure
John Mulhausen
David Williamson
jroenf
Yong Tang
Anusha Ragunathan
Harald Albers
Janonymous
Timothy Hobbs
allencloud
Michael Irwin
Tibor Vass
Sebastiaan van Stijn
Michael Friis
Victor Vieux
Zhang Wei
John Howard
Yanqiang Miao
Ian Campbell
Dong Chen
Victor Vieux
ttronicum
yuexiao-wang
Ovidio Mallo
zhenghenghuo
Brian Goff
Tonis Tiigi
Anusha Ragunathan
Victoria Bialas
Misty Stanley-Jones
Hongbin Lu
liwenqi
lixiaobing10051267
Michael
Trapier Marshall
Qinglan Peng
Kei Ohmura
Jake Sanders
Chris Gavin
Vincent Demeester
Akihiro Suda
Daniel Nephin
dattatrayakumbhar04
erxian
cyli
Jacob Tomlinson
Ben Firshman
Aaron Lehmann
Derek McGowan
bbayani
Boaz Shuster
Riyaz Faizullabhoy
Andrea Luzzardi
Steve Durrheimer
Santhosh Manohar
Evan Hazlett
milindchawre
Alicia Lauerman
Josh Horwitz
yupeng
Darren Stahl
Antonio Murdaca
Nikolay Milovanov
Gaetan de Villele
Drew Erny
Michael Crosby
Addam Hardy
Qiang Huang
Josh Horwitz
Phil Estes
Lily Guo
Cezar Sa Espinola
Ce Gao
Erik St. Martin
Leo Gallucci
sandyskies
Jonh Wendell
Ding Fei