This use case is currently _working correctly_, which is nice, but there is no documentation to be found about it. This PR fixes that.
Signed-off-by: Per Lundberg <perlun@gmail.com>
Update the docs so that users don't use `echo` when creating
secrets from STDIN. `echo` adds a trailing new line, so users
will probably be confused when their passwords don't work.
Signed-off-by: Joao Fernandes <joao.fernandes@docker.com>
Explicitly stated that you must add --build-arg for each build argument.
Added multiple arguments to example of `--build-arg` usage.
Fix for https://github.com/docker/docker.github.io/issues/6248
Signed-off-by: Preston Cowley <cowlinator@gmail.com>
This clarifies that the behaviour of `unless-stopped` will restart the container on daemon start. This was implied before, but now the restart-on-daemon-start behaviour is mentioned directly.
Signed-off-by: David Beitey <david@davidjb.com>
- explain the either "name" or "id" can be used to reference a container
- explain that signals can be sent by name or number
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This adds the Engine version to `docker node ls`, and `.EngineVersion` as a
template option.
With this patch applied:
docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
wp9231itoqsh4rqceojqo01vp * linuxkit-025000000001 Ready Active Leader 18.01.0-ce
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
`docker stack deploy` now support multiple composefil. This updates the
reference doc to take that fact into account.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
The "-f" flag is an alias for --force, not --filter (as correctly stated at the top of each documents). The system_prune.md didn't have this error.
Signed-off-by: Mateusz Major <apkd@users.noreply.github.com>
Commit ddadd3db49 refactored
the markdown documentation, but accidentally changed
`on-failure` to `failure`.
This patch corrects this change.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- the `--disable-legacy-registry` daemon flag was removed
- duplicate keys with conflicting values for engine labels
now produce an error instead of a warning.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Fix 19 typos, grammatical errors and duplicated words.
These fixes have minimal impact on the code as these are either in the
doc files or in comments inside the code files.
Signed-off-by: Abdur Rehman <abdur_rehman@mentor.com>
The `--host-add` flag adds a new `host:ip` mapping. Even though
adding an entry is idempotent (adding the same mapping multiple
times does not update the service's definition), it does not
_update_ an existing mapping with a new IP-address (multiple
IP-addresses can be defined for a host).
This patch removes the "or update" part from the flag's
description.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The example in the documentation used "runc", which is a
reserved runtime name (as it's the default).
This patch updates the example, and uses a different name.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Since the API and the CLI both have a "Usage" field for memory, clarify
that the CLI does additional calculations to avoid confusion of API
consumers.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
The experimental `docker build --squash` feature has a number
of limitations. For most use-cases, multi-stage builds are
a better alternative.
This patch lists the known limitations, and adds a link to
multi-stage builds.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Commit ddadd3db49 changed
the heading levels of various sections, but as a result,
the "daemon configuration file" section (and other sections)
changed from a H2 to a H4, therefore no longer showing
up in the page's TOC / navigation bar.
This patch changes the heading level to a H3 for
sections that should show up in the page navigation.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `--volumes` flag was added in 37fd6128dc,
but the documentation was not updated.
This patch updates the documentation.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Implement runRollback to not use runUpdate
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Add version tag and add flag quiet to suppress progress output
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Removed flags from warnDetachDefault
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Used command.Cli interface
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Add detach flag on rollback command
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Create a fakeClient for service commands
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Added unit test for rollback command
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Used command.Cli interface instead of *command.DockerCli in service commands
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Revert "Removed flags from warnDetachDefault"
This reverts commit 3e4f601c8a82cc2599a755dc693409bbc47917fc.
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Fixed test.NewFakeCli instanciation
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Removed unused receiver
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Replaced cli by dockerCli
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Revert "Removed unused receiver"
This reverts commit 604ef7c13df3d019949ca81d992db501114dafce.
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Fixed last typo
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
the missing `driver` made my bridge not have the correct MTU when i copied from the example and not the doc table. Brings them into alignment.
Signed-off-by: bryfry <bryon@fryer.io>
This builds (and depends) on https://github.com/moby/moby/pull/34087
Version 2:
- remove --ipc argument validation (it is now done by daemon)
- add/document 'none' value
- docs/reference/run.md: add a table with better modes description
- dockerd(8) typesetting fixes
Version 3:
- remove ipc mode tests from cli/command/container/opts_test.go
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Since CLI was moved to a separate repo, these references are incorrect.
Fixed with the help of sed script, verified manually.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
The `is-task` filter was only documented in the usage
section, but this section is not used in the documentation.
This patch adds the missing filter, synchronises the
man page source, and does some slight rephrasing
and reformatting of the filters.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This is a new option added specifically to allow for debugging of bugs
in Docker's storage drivers or libdm itself.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
The Docker Compose docs suggest using a separate override
configuration file for production-specific settings, but
it is not obvious how to feed this to `docker stack deploy`,
which only supports a single Compose file as input. Thus,
we now describe how to do this by merging the configuration
files with `docker-compose config`.
Signed-off-by: Denis Washington <denis@denisw.de>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 2b8f0eef7338f37104464154ba65aef7db3b9703)
Signed-off-by: Tibor Vass <tibor@docker.com>
remove extra word
(cherry picked from commit 9db03bd8cdad3c8804105cb5794ebad5e728f48f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3eaec0071c3ce1b7201e37859afe5bcb78d4f215)
Signed-off-by: Tibor Vass <tibor@docker.com>
Add note about host-dir in VOLUME
(cherry picked from commit f2fff9d913a8ab0436dd56033189a7c3713a59a2)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 8fd6547fc3eb67e7efa7efb007ae6a4494cd2bb3)
Signed-off-by: Tibor Vass <tibor@docker.com>
Adding more on -m and --memory
(cherry picked from commit c3fbca106552f2dadcb89510ff87945b50f36419)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b4047a849bd3018f8a8eabf34613a4fca57f818e)
Signed-off-by: Tibor Vass <tibor@docker.com>
This patch adds the untilRemoved option to the ContainerWait API which
allows the client to wait until the container is not only exited but
also removed.
This patch also adds some more CLI integration tests for waiting for a
created container and waiting with the new --until-removed flag.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Handle detach sequence in CLI
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Update Container Wait Conditions
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Apply container wait changes to API 1.30
The set of changes to the containerWait API missed the cut for the
Docker 17.05 release (API version 1.29). This patch bumps the version
checks to use 1.30 instead.
This patch also makes a minor update to a testfile which was added to
the builder/dockerfile package.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Remove wait changes from CLI
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Address minor nits on wait changes
- Changed the name of the tty Proxy wrapper to `escapeProxy`
- Removed the unnecessary Error() method on container.State
- Fixes a typo in comment (repeated word)
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Use router.WithCancel in the containerWait handler
This handler previously added this functionality manually but now uses
the existing wrapper which does it for us.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Add WaitCondition constants to api/types/container
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Address more ContainerWait review comments
- Update ContainerWait backend interface to not return pointer values
for container.StateStatus type.
- Updated container state's Wait() method comments to clarify that a
context MUST be used for cancelling the request, setting timeouts,
and to avoid goroutine leaks.
- Removed unnecessary buffering when making channels in the client's
ContainerWait methods.
- Renamed result and error channels in client's ContainerWait methods
to clarify that only a single result or error value would be sent
on the channel.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Move container.WaitCondition type to separate file
... to avoid conflict with swagger-generated code for API response
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Address more ContainerWait review comments
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
The --allow-nondistributable-artifacts daemon option specifies
registries to which foreign layers should be pushed. (By default,
foreign layers are not pushed to registries.)
Additionally, to make this option effective, foreign layers are now
pulled from the registry if possible, falling back to the URLs in the
image manifest otherwise.
This option is useful when pushing images containing foreign layers to a
registry on an air-gapped network so hosts on that network can pull the
images without connecting to another server.
Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
Allows for a plugin type that can be used to scrape metrics.
This is useful because metrics are not neccessarily at a standard
location... `--metrics-addr` must be set, and must currently be a TCP
socket.
Even if metrics are done via a unix socket, there's no guarentee where
the socket may be located on the system, making bind-mounting such a
socket into a container difficult (and racey, failure-prone on daemon
restart).
Metrics plugins side-step this issue by always listening on a unix
socket and then bind-mounting that into a known path in the plugin
container.
Note there has been similar work in the past (and ultimately punted at
the time) for consistent access to the Docker API from within a
container.
Why not add metrics to the Docker API and just provide a plugin with
access to the Docker API? Certainly this can be useful, but gives a lot
of control/access to a plugin that may only need the metrics. We can
look at supporting API plugins separately for this reason.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This is synonymous with `docker run --cidfile=FILE` and writes the digest of
the newly built image to the named file. This is intended to be used by build
systems which want to avoid tagging (perhaps because they are in CI or
otherwise want to avoid fixed names which can clash) by enabling e.g. Makefile
constructs like:
image.id: Dockerfile
docker build --iidfile=image.id .
do-some-more-stuff: image.id
do-stuff-with <image.id
Currently the only way to achieve this is to use `docker build -q` and capture
the stdout, but at the expense of losing the build output.
In non-silent mode (without `-q`) with API >= v1.29 the caller will now see a
`JSONMessage` with the `Aux` field containing a `types.BuildResult` in the
output stream for each image/layer produced during the build, with the final
one being the end product. Having all of the intermediate images might be
interesting in some cases.
In silent mode (with `-q`) there is no change, on success the only output will
be the resulting image digest as it was previosuly.
There was no wrapper to just output an Aux section without enclosing it in a
Progress, so add one here.
Added some tests to integration cli tests.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
Instead of forcing users to manually configure a block device to use
with devmapper, this gives the user the option to let the devmapper
driver configure a device for them.
Adds several new options to the devmapper storage-opts:
- dm.directlvm_device="" - path to the block device to configure for
direct-lvm
- dm.thinp_percent=95 - sets the percentage of space to use for
storage from the passed in block device
- dm.thinp_metapercent=1 - sets the percentage of space to for metadata
storage from the passed in block device
- dm.thinp_autoextend_threshold=80 - sets the threshold for when `lvm`
should automatically extend the thin pool as a percentage of the total
storage space
- dm.thinp_autoextend_percent=20 - sets the percentage to increase the
thin pool by when an autoextend is triggered.
Defaults are taken from
[here](https://docs.docker.com/engine/userguide/storagedriver/device-mapper-driver/#/configure-direct-lvm-mode-for-production)
The only option that is required is `dm.directlvm_device` for docker to
set everything up.
Changes to these settings are not currently supported and will error
out.
Future work could support allowing changes to these values.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
The daemon config for defaulting to no-new-privileges for containers was
added in d7fda019bb7e24f42f8ae1ddecb3fd52df3c48bf, but somehow we
managed to omit the flag itself, but also documented the flag.
This just adds the actual flag.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
added some clarification around why attach can appear hung to some. issue #1456 on docs
Signed-off-by: gary schaetz <gary@schaetzkc.com>
Updated the documentation to reflect what happens when you use a fragment in
the docker build url parameter.
Signed-off-by: Gary Schaetz <gary@schaetzkc.com>
added markup for commands
Signed-off-by: Gary Schaetz <gary@schaetzkc.com>
This new flag will allow the configuration of an interface that
can be used for data path traffic to be isolated from control
plane traffic. This flag is simply percolated down to libnetwork
and will be used by all the global scope drivers (today overlay)
Negative test added for invalid flag arguments
Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
This does some minor fix-ups in the CLI reference
for "history", and copies the formattting section to
the man-pages.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Jeremy Chambers <jeremy@thehipbot.com>
Adds to history documentation for --format
Signed-off-by: Jeremy Chambers <jeremy@thehipbot.com>
Adds MarshalJSON to historyContext for {{json .}} format
Signed-off-by: Jeremy Chambers <jeremy@thehipbot.com>
Adds back the --human option to history command
Signed-off-by: Jeremy Chambers <jeremy@thehipbot.com>
Cleans up formatter around --human option for history, Adds integration test for --format option of history
Signed-off-by: Jeremy Chambers <jeremy@thehipbot.com>
Adds test for history formatter checking full table results, Runs go fmt on touched files
Signed-off-by: Jeremy Chambers <jeremy@thehipbot.com>
Fixes lint errors in formatter/history
Signed-off-by: Jeremy Chambers <jeremy@thehipbot.com>
Runs go fmt on cli/command/formatter/history.go
Signed-off-by: Jeremy Chambers <jeremy@thehipbot.com>
sRemoves integration test for --format option of history
Merges Created and CreatedSince in docker history formatter, Updates docs and tests
Simplified the docs on how to set environment variables in a
container. Makes it clear that you have three options, and how
to use them.
Signed-off-by: Joao Fernandes <joao.fernandes@docker.com>
Also fixed some examples of using `docker build` to clarify that the
positional argument is a directory, not a file.
Also fixed some terminology. Dockerfiles contain instructions, not directives or
commands.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
If no fields related to an update config or restart policy are
specified, these structs should not be created as part of the service,
to avoid hardcoding the current defaults.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Service logs API is now stable. Service logs now support all features,
except retrieving details provided to the log driver.
Signed-off-by: Drew Erny <drew.erny@docker.com>
This fix tries to address the issue raised in 31032 where it was
not possible to specify `--cpus` for `docker update`.
This fix adds `--cpus` support for `docker update`. In case both
`--cpus` and `--cpu-period/--cpu-quota` have been specified,
an error will be returned.
Related docs has been updated.
Integration tests have been added.
This fix fixes 31032.
This fix is related to 27921, 27958.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Resolve networks IDs on the client side.
Avoid filling in deprecated Spec.Networks field.
Sort networks in the TaskSpec for update stability.
Add an integration test for changing service networks.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This parameter controls the order of operations when rolling out an
update task. Either the old task is stopped before starting the new one,
or the new task is started first, and the running tasks will briefly
overlap.
This commit adds Rollout to the API, and --update-order / --rollback-order
flags to the CLI.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This commit adds a hidden placeholder of `.Self` for
`docker node ls --format` so that if the node is the same
as the current docker daemon, then a `*` is outputed.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to address the comment https://github.com/docker/docker/pull/30376#discussion_r97465334
where it was not possible to specify `--format` for `docker node ls`. The `--format` flag
is a quite useful flag that could be used in many places such as completion.
This fix implements `--format` for `docker node ls` and add `nodesFormat` in config.json
so that it is possible to specify the output when `docker node ls` is invoked.
Related documentations have been updated.
A set of unit tests have been added.
This fix is related to #30376.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix is related to 30232 wherw `docker service ls`
does not show `PORTS` information like `docker service ps`.
This fix adds `PORTS` fields for services that publish
ports in ingress mode.
Additional unit tests cases have been updated.
This fix is related to 30232.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Change "service create" and "service update" to wait until the creation
or update finishes, when --detach=false is specified. Show progress bars
for the overall operation and for each individual task (when there are a
small enough number of tasks), unless "-q" / "--quiet" is specified.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This fix tries to address the request in 31324 by adding
`--filter scope=swarm|local` for `docker network ls`.
As `docker network ls` has a `SCOPE` column by default,
it is natural to add the support of `--filter scope=swarm|local`.
This fix adds the `scope=swarm|local` support for
`docker network ls --filter`.
Related docs has been updated.
Additional unit test cases have been added.
This fix fixes 31324.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Removes the build-args from the image history if they are in the
BuiltinAllowedBuildArgs map unless they are explicitly defined in an ARG
instruction.
Signed-off-by: Dave Tucker <dt@docker.com>
The `reference` filter is documented in the file, but is not present
in the list of available filters.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
This fix tries to address the request in 31325 by adding
`--filter mode=global|replicated` to `docker service ls`.
As `docker service ls` has a `MODE` column by default, it is natural
to support `--filter mode=global|replicated` for `docker service ls`.
There are multiple ways to address the issue. One way is to pass
the filter of mode to SwarmKit, another way is to process the filter
of mode in the daemon.
This fix process the filter in the daemon.
Related docs has been updated.
An integration test has been added.
This fix fixes 31325.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Starting with docker 1.10, docker no longer uses
/etc/hosts for service discovery, but uses an
embedded DNS server. This patch removes a reference
to the old (pre 1.10) behavior.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The description claims the directive is appearing after a comment but
the sample Dockerfile has the directive appear after an instruction.
Changed the ordering of the lines to match the example's description.
Signed-off-by: Remy Suen <remy.suen@gmail.com>
This adds support for placement preferences in Swarm services.
- Convert PlacementPreferences between GRPC API and HTTP API
- Add --placement-pref, --placement-pref-add and --placement-pref-rm to CLI
- Add support for placement preferences in service inspect --pretty
- Add integration test
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
These Markdown files are now embedded in a YAML
file for templating in the documentation, and
these special markers are no longer needed.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fix tries to address the issue raised in 25696 where
it was not possible to specify `--stop-signal` for `docker service create`
and `docker service update`, in order to use special signal to stop
the container.
This fix adds `--stop-signal` and update the `StopSignal` in `Config`
through `service create` and `service update`.
Related docs has been updated.
Integration test has been added.
This fix fixes 25696.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
A phrase from the "Text files" section in build.md was incorrectly duplicated under the "Tarball contexts" section.
Signed-off-by: Peter Jaffe <pjaffe@nevo.com>
This fix tries to address the issue raised in 27189 where
it is not possible to support configured formatting stored in
config.json.
Since `--format` was not supported in `docker service ps`,
the flag `--format` has also been added in this fix.
This fix
1. Add `--format` to `docker service ps`
2. Add `tasksFormat` to config.json
3. Add `--format` to `docker stack ps`
4. Add `--format` to `docker node ps`
The related docs has been updated.
An integration test has been added.
This fix fixes 27189.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This is especially important for distributions like NixOS where `/bin/bash` doesn't exist, or for MacOS users who've installed a newer version of Bash than the one that comes with their OS.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Command name should be a H1
Only Description, Examples, and Related Commands should be H2
Changed 'Related information' heading to 'Related commands' since 99% it is only linking commands
Added some examples where relevant
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
Signed-off-by: Lewis Daly <lewisdaly@me.com>
Updated uid/gid reference to be more canonical - and signed commit
Signed-off-by: Lewis Daly <lewisdaly@me.com>
Editorial suggestion
I tried my hand at rewriting this a bit for readability. Can you please verify that the facts are correct, especially about the permission changes? You can feel free to squash my commit with yours so that it's signed. You'll need to pull the change from your fork to work on it locally.
Editorial suggestion
I tried my hand at rewriting this a bit for readability. Can you please verify that the facts are correct, especially about the permission changes? You can feel free to squash my commit with yours so that it's signed. You'll need to pull the change from your fork to work on it locally.
This allows a plugin to be upgraded without requiring to
uninstall/reinstall a plugin.
Since plugin resources (e.g. volumes) are tied to a plugin ID, this is
important to ensure resources aren't lost.
The plugin must be disabled while upgrading (errors out if enabled).
This does not add any convenience flags for automatically
disabling/re-enabling the plugin during before/after upgrade.
Since an upgrade may change requested permissions, the user is required
to accept permissions just like `docker plugin install`.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: John Howard <jhoward@microsoft.com>
Working directory processing was handled differently for Hyper-V and Windows-Server containers, as annotated in the builder documentation (updated in this PR). For Hyper-V containers, the working directory set by WORKDIR was not created. This PR makes Hyper-V containers work the same as Windows Server containers (and the same as Linux).
Example (only applies to Hyper-V containers, so not reproducible under CI environment)
Dockerfile:
FROM microsoft/nanoserver
WORKDIR c:\installer
ENV GOROOT=c:\installer
ADD go.exe .
RUN go --help
Running on Windows Server 2016, using docker master without this change, but with daemon set to --exec-opt isolation=hyperv as it would be for Client operating systems.
PS E:\go\src\github.com\docker\docker> dockerd -g c:\control --exec-opt isolation=hyperv
time="2017-02-01T15:48:09.657286100-08:00" level=info msg="Windows default isolation mode: hyperv"
time="2017-02-01T15:48:09.662720900-08:00" level=info msg="[graphdriver] using prior storage driver: windowsfilter"
time="2017-02-01T15:48:10.011588000-08:00" level=info msg="Graph migration to content-addressability took 0.00 seconds"
time="2017-02-01T15:48:10.016655800-08:00" level=info msg="Loading containers: start."
time="2017-02-01T15:48:10.460820000-08:00" level=info msg="Loading containers: done."
time="2017-02-01T15:48:10.509859600-08:00" level=info msg="Daemon has completed initialization"
time="2017-02-01T15:48:10.509859600-08:00" level=info msg="Docker daemon" commit=3c64061 graphdriver=windowsfilter version=1.14.0-dev
First with no explicit isolation:
PS E:\docker\build\unifyworkdir> docker build --no-cache .
Sending build context to Docker daemon 10.1 MB
Step 1/5 : FROM microsoft/nanoserver
---> 89b8556cb9ca
Step 2/5 : WORKDIR c:\installer
---> 7e0f41d08204
Removing intermediate container 236c7802042a
Step 3/5 : ENV GOROOT c:\installer
---> Running in 8ea5237183c1
---> 394b70435261
Removing intermediate container 8ea5237183c1
Step 4/5 : ADD go.exe .
---> e47401a1745c
Removing intermediate container 88dcc28e74b1
Step 5/5 : RUN go --help
---> Running in efe90e1b6b8b
container efe90e1b6b8b76586abc5c1dc0e2797b75adc26517c48733d90651e767c8463b encountered an error during CreateProcess: failure in a Windows system call: The directory name is invalid. (0x10b) extra info: {"ApplicationName":"","CommandLine":"cmd /S /C go --help","User":"","WorkingDirectory":"C:\\installer","Environment":{"GOROOT":"c:\\installer"},"EmulateConsole":false,"CreateStdInPipe":true,"CreateStdOutPipe":true,"CreateStdErrPipe":true,"ConsoleSize":[0,0]}
PS E:\docker\build\unifyworkdir>
Then forcing process isolation:
PS E:\docker\build\unifyworkdir> docker build --isolation=process --no-cache .
Sending build context to Docker daemon 10.1 MB
Step 1/5 : FROM microsoft/nanoserver
---> 89b8556cb9ca
Step 2/5 : WORKDIR c:\installer
---> 350c955980c8
Removing intermediate container 8339c1e9250c
Step 3/5 : ENV GOROOT c:\installer
---> Running in bde511c5e3e0
---> b8820063b5b6
Removing intermediate container bde511c5e3e0
Step 4/5 : ADD go.exe .
---> e4ac32f8902b
Removing intermediate container d586e8492eda
Step 5/5 : RUN go --help
---> Running in 9e1aa235af5f
Cannot mkdir: C:\installer is not a directory
PS E:\docker\build\unifyworkdir>
Now compare the same results after this PR. Again, first with no explicit isolation (defaulting to Hyper-V containers as that's what the daemon it set to) - note it now succeeds 😄
PS E:\docker\build\unifyworkdir> docker build --no-cache .
Sending build context to Docker daemon 10.1 MB
Step 1/5 : FROM microsoft/nanoserver
---> 89b8556cb9ca
Step 2/5 : WORKDIR c:\installer
---> 4f319f301c69
Removing intermediate container 61b9c0b1ff6f
Step 3/5 : ENV GOROOT c:\installer
---> Running in c464a1d612d8
---> 96a26ab9a7b5
Removing intermediate container c464a1d612d8
Step 4/5 : ADD go.exe .
---> 0290d61faf57
Removing intermediate container dc5a085fffe3
Step 5/5 : RUN go --help
---> Running in 60bd56042ff8
Go is a tool for managing Go source code.
Usage:
go command [arguments]
The commands are:
build compile packages and dependencies
clean remove object files
doc show documentation for package or symbol
env print Go environment information
fix run go tool fix on packages
fmt run gofmt on package sources
generate generate Go files by processing source
get download and install packages and dependencies
install compile and install packages and dependencies
list list packages
run compile and run Go program
test test packages
tool run specified go tool
version print Go version
vet run go tool vet on packages
Use "go help [command]" for more information about a command.
Additional help topics:
c calling between Go and C
buildmode description of build modes
filetype file types
gopath GOPATH environment variable
environment environment variables
importpath import path syntax
packages description of package lists
testflag description of testing flags
testfunc description of testing functions
Use "go help [topic]" for more information about that topic.
The command 'cmd /S /C go --help' returned a non-zero code: 2
And the same with forcing process isolation. Also works 😄
PS E:\docker\build\unifyworkdir> docker build --isolation=process --no-cache .
Sending build context to Docker daemon 10.1 MB
Step 1/5 : FROM microsoft/nanoserver
---> 89b8556cb9ca
Step 2/5 : WORKDIR c:\installer
---> f423b9cc3e78
Removing intermediate container 41330c88893d
Step 3/5 : ENV GOROOT c:\installer
---> Running in 0b99a2d7bf19
---> e051144bf8ec
Removing intermediate container 0b99a2d7bf19
Step 4/5 : ADD go.exe .
---> 7072e32b7c37
Removing intermediate container a7a97aa37fd1
Step 5/5 : RUN go --help
---> Running in 7097438a54e5
Go is a tool for managing Go source code.
Usage:
go command [arguments]
The commands are:
build compile packages and dependencies
clean remove object files
doc show documentation for package or symbol
env print Go environment information
fix run go tool fix on packages
fmt run gofmt on package sources
generate generate Go files by processing source
get download and install packages and dependencies
install compile and install packages and dependencies
list list packages
run compile and run Go program
test test packages
tool run specified go tool
version print Go version
vet run go tool vet on packages
Use "go help [command]" for more information about a command.
Additional help topics:
c calling between Go and C
buildmode description of build modes
filetype file types
gopath GOPATH environment variable
environment environment variables
importpath import path syntax
packages description of package lists
testflag description of testing flags
testfunc description of testing functions
Use "go help [topic]" for more information about that topic.
The command 'cmd /S /C go --help' returned a non-zero code: 2
PS E:\docker\build\unifyworkdir>
This fix tries to improve the display of `docker service ls`
and adds `--format` flag to `docker service ls`.
In addition to `--format` flag, several other improvement:
1. Updates `docker stacks service`.
2. Adds `servicesFormat` to config file.
Related docs has been updated.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix made several updates:
1. Update opts.MemBytes so that default value will not show up.
The reason is that in case a default value is decided by daemon,
instead of client, we actually want to not show default value.
2. Move `docker run/create/build` to use opts.MemBytes for `--shm-size`
This is to bring consistency between daemon and docker run
3. docs updates.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix fixes issue raised in 29492 where it was not
possible to specify a default `--default-shm-size` in daemon
configuration for each `docker run``.
The flag `--default-shm-size` which is reloadable, has been
added to the daemon configuation.
Related docs has been updated.
This fix fixes 29492.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix adds `--filter capability=[volumedriver|authz]` to `docker plugin ls`.
The related docs has been updated.
An integration test has been added.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix adds `--filter enabled=true` to `docker plugin ls`,
as was specified in 28624.
The related API and docs has been updated.
An integration test has been added.
This fix fixes 28624.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to address the enhancement proposal raised in
27178 for filtering based on published or exposed ports of
`docker ps --filter`.
In this fix, two filter options, `publish` and `expose` have
been added to take either `<port>[/<protocol>]` or `<from>-<to>[/<protocol>]`
and filtering on containers.
An integration test has been added to cover the changes.
This fix fixes 27178.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This introduce a new `--device-cgroup-rule` flag that allow a user to
add one or more entry to the container cgroup device `devices.allow`
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
This fix tries to address the issue raised in 29972 where
it was not possible to specify `--read-only` for `docker service create`
and `docker service update`, in order to have the container's root file
system to be read only.
This fix adds `--read-only` and update the `ReadonlyRootfs` in `HostConfig`
through `service create` and `service update`.
Related docs has been updated.
Integration test has been added.
This fix fixes 29972.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
- Use the word letter rather than character to refer to letters ;) when trying to specify that only letters and numbers can be used, and not ANY character...
- Small corrections
Fixes#29821
Signed-off-by: Timothy Hobbs <timothy@hobbs.cz>
This fix tries to add a placeholder `.CreatedAt` for Go
format template in `docker network ls --format`.
While working on 29226, I noticed that it is not possible to
display network's creation time in `docker network ls`, with or
without `--format`.
We are able to find the timestamp through `docker network inspect` though.
However, as we allows networks to be pruned based on the timestamp
(see 29226), showing the timestamp in `docker network ls --format`
would be much useful now.
This fix adds the `.CreatedAt` placeholder for `docker network ls --format`.
The default output was not changed for `docker network ls --format`.
A test case for unit tests has been added.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Commit ed13c3abfb242905ec012e8255dc6f26dcf122f6 added flags
for Docker Content Trust. Depending on the `verify` boolean,
the message is "Skip image verification", or "Skip image signing".
"Signing" is intended for `docker push` / `docker plugin push`.
During the migration to Cobra, this boolean got flipped for
`docker push` (9640e3a4514f96a890310757a09fd77a3c70e931),
causing `docker push` to show the incorrect flag description.
This patch changes the flags to use the correct description
for `docker push`, and `docker plugin push`.
To prevent this confusion in future, the boolean argument
is removed, and a `AddTrustSigningFlags()` function is added.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fix tries to address the enhancement discussed in 28735 to add
`--format` for the output of `docker plugin ls`.
This fix
1. Add `--format` and `--quiet` flags to `docker plugin ls`
2. Convert the current implementation to use `formatter`, consistent with
other docker list commands.
3. Add `pluginsFormat` for config.json.
Related docs has been updated.
Several unit tests have been added to cover the changes.
This fix is related to 28708 and 28735.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Issue #30082 demonstrated that their is possible confusion with the "/."
where the tailing "." can appear to be merely punctuation within the
document rather than a highly pertinent part of `SRC_PATH`.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
This fix adds a new flag `--availability` to `swarm join`.
Related documentation has been updated.
An integration test has been added.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to address the issue raised in 24596 where it was not
possible to join as manager only (`--availability=drain`).
This fix adds a new flag `--availability` to `swarm join`.
Related documentation has been updated.
An integration test has been added.
NOTE: Additional pull request for swarmkit and engine-api will
be created separately.
This fix fixes 24596.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix is a follow up for comment
https://github.com/docker/docker/pull/28535#issuecomment-263215225
This fix provides `--filter until=<timestamp>` for `docker container/image prune`.
This fix adds `--filter until=<timestamp>` to `docker container/image prune`
so that it is possible to specify a timestamp and prune those containers/images
that are earlier than the timestamp.
Related docs has been updated
Several integration tests have been added to cover changes.
This fix fixes#28497.
This fix is related to #28535.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to address issue raised in 25228 to support
multiple service IDs on `docker service ps`.
Multiple IDs are allowed with `docker service ps ...`, and
related documentation has been updated.
A test has been added to cover the changes.
This fix fixes 25228.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
The `DOCKER_HIDE_LEGACY_COMMANDS` environment
variable was added in a7c8bcac2ba60d6dd25a1157085d9245bed556ce
but not documented.
This adds the variable to the documentation.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: zhenghenghuo <zhenghenghuo@zju.edu.cn>
try to pass test
Signed-off-by: zhenghenghuo <zhenghenghuo@zju.edu.cn>
try to pass the test
Signed-off-by: zhenghenghuo <zhenghenghuo@zju.edu.cn>
In #28507 and #28885, `docker service/node ps -a` has been removed so that
information about slots are show up even without `-a` flag.
The output of `docker stack ps` reused the same output as `docker service/node ps`.
However, the `-a` was still there. It might make sense to remove `docker stack ps -a`
as well to bring consistency with `docker service/node ps`.
This fix is related to #28507, #28885, and #25983.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Move plugins to shared distribution stack with images.
Create immutable plugin config that matches schema2 requirements.
Ensure data being pushed is same as pulled/created.
Store distribution artifacts in a blobstore.
Run init layer setup for every plugin start.
Fix breakouts from unsafe file accesses.
Add support for `docker plugin install --alias`
Uses normalized references for default names to avoid collisions when using default hosts/tags.
Some refactoring of the plugin manager to support the change, like removing the singleton manager and adding manager config struct.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
When plugins have a positive refcount, they were not allowed to be
removed. However, plugins could still be disabled when volumes
referenced it and containers using them were running.
This change fixes that by enforcing plugin refcount during disable.
A "force" disable option is also added to ignore reference refcounting.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
This fix tries to address the issue raised in 29291 where
the output of `--replicas` in `service create/update`:
```
--replicas uint Number of tasks (default none)
```
is misleading. User might incorrectly assume the number of replicas
would be `0` (`none`) by default, while the actual default is `1`.
The issue comes from the fact that some of the default values are
from daemon and it is not possible for client to find out the default
value.
In this case, it might be better to just simply not displaying `(default none)`.
This fix returns "" for `Uint64Opt` so that `(default none)` is hidden.
In addition to `--replicas`, this fix also changes
`--restart-delay`, `--restart-max-attempts`, `--stop-grace-period`,
`--health-interval`, `--health-timeout`, and `--restart-window`
in a similiar fashion.
New Output:
```
--health-interval duration Time between running the check (ns|us|ms|s|m|h)
--health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h)
...
--replicas uint Number of tasks
...
--restart-delay duration Delay between restart attempts (ns|us|ms|s|m|h)
--restart-max-attempts uint Maximum number of restarts before giving up
--restart-window duration Window used to evaluate the restart policy (ns|us|ms|s|m|h)
...
--stop-grace-period duration Time to wait before force killing a container (ns|us|ms|s|m|h)
```
The docs has been updated. Note the docs for help output of `service create/update`
is out of sync with the current master. This fix replace with the update-to-date
help output.
This fix fixes 29291.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to address the issue raised in 28581 and 28927
where it is not possible to create a secret from a file (only
through STDIN).
This fix add a flag `--file` to `docker secret create` so that
it is possible to create a secret from a file with:
```
docker secret create --file secret.in secret.name
```
or
```
echo TEST | docker secret create --file - secret.name
```
Related docs has been updated.
An integration test has been added to cover the changes.
This fix fixes 28581.
This fix is related to 28927.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
the "docker swarm leave" command description
mentioned that the command can only be used
for workers, however, the command can also
be used for managers (using the `-f` / `--force`
option).
this patch removes the "(workers only)" part
of the command description.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
commit bbd2018ee19eff5594ae3986bf56fbcd0044699d
changed the output format of `docker service ps`.
this patch updates the reference docs
to match the updated output format.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fix tries to address the enhancement proposed in 28708 to display
ID field for the output of `docker plugin ls`.
This fix add `ID` field to the output of `docker plugin ls`
Related docs has been updated.
This fix fixes 28708.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to address the issue raised in discussion of
PR 28735 where it was not possible to manage plugin based on
plugin ID. Previously it was not possible to invoke
`docker plugin inspect` with a plugin ID (or ID prefix).
This fix updates the implementation of `docker plugin inspect`
so that it is possbile to search based on a plugin name, or a
plugin ID. A short format of plugin ID (prefix) is also possible,
as long as there is no ambiguity.
Previously the check of `docker plugin inspect` was mostly done
on the client side. This could potentially cause inconsistency
between API and CMD. This fix move all the checks to daemon side
so that API and CMD will be consistent.
An integration test has been added to cover the changes.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This commit reverts 273eeb813c1db0f42c2ad5e053972eeb00907568 (#26825).
For the discussion so far, please refer to #28527.
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
`docker stack config` command does not exists anymore, removing it
from the command reference documentation.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Currently the help output of `docker network ls --filter` is:
```
Options:
-f, --filter value Provide filter values (i.e. 'dangling=true') (default [])
...
```
This caused confusion as only the following filters are supported at the moment:
- `driver`
- `type`
- `name`
- `id`
- `label`
This fix update the help output of `docker network ls --filter` and `network_ls.md`.
The `dangling=true` description has been replace to:
```
Options:
-f, --filter filter Provide filter values (i.e. 'driver=bridge')
...
```
This fix fixes 28786.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
The "--no-trunc" option toggles between showing/hiding
digests.
This updates the reference to show this difference.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
A recent PR added `(ns|us|ms|s|m|h)` to the descriptions of some
duration options, but not all. Add it to the remaining options for
consistency.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This fix updates docs for `docker info` for most recent changes.
It also made several chagnes:
1. Replace 0.12.0-dev to 0.13.0 for api docs v1.24.
2. Replace 0.13.0-dev to 0.13.0 for api docs v1.25
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This feature was reverted for docker 1.13
in c5251f7116e3d9095a7169fc31bd170dff997c2e,
so removing the documentation as well.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fix tries to address 27902 by adding a flag `--host`
to `docker service create` and `--host-add/--host-rm` to
`docker service update`, so that it is possible to
specify extra `host:ip` settings in `/etc/hosts`.
This fix adds `Hosts` in swarmkit's `ContainerSpec` so that it
is possible to specify extra hosts during service creation.
Related docs has been updated.
An integration test has been added.
This fix fixes 27902.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This change incorporates feedback from @thaJeztah in the PR that added
the autolock flag. It changes the descriptions to be different for
"swarm init" and "swarm update" so that the boolean nature so that the
purpose of the flag in both contexts is clearer.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This fix is a follow up to #27567 based on:
https://github.com/docker/docker/pull/27567#issuecomment-259295055
In #27567, `--dns-options` has been added to `service create/update`,
together with `--dns` and `--dns-search`. The `--dns-opt` was used
in `docker run`.
This fix add `--dns-option` (not `--dns-options`) to `docker run/create`, and hide
`--dns-opt`. It is still possible to use `--dns-opt` with
`docker run/create`, though it will not show up in help output.
This fix change `--dns-options`to --dns-option` for `docker service create`
and `docker service update`.
This fix also updates the docs and bash/zsh completion scripts.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix is based on the comment:
https://github.com/docker/docker/pull/28147#discussion_r86996347
Previously the output string of the `DurationOpt` is `duration-ptr`
and `Uint64Opt` is `uint64-ptr`. While it is clear to developers,
for a normal user `-ptr` might not be very informative.
On the other hand, the default value of `DurationOpt` and `Uint64Opt`
has already been quite informative: `none`. That means if no flag
provided, the value will be treated as none.
(like a ptr with nil as the default)
For that reason this fix removes the `-ptr`.
Also, the output in the docs of `service create` has been quite
out-of-sync with the true output. So this fix updates the docs
to have the most up-to-date help output of `service create --help`.
This fix is related to #28147.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Add the following options to "swarm init" and "swarm update":
- --max-snapshots: Retain this many old Raft snapshots in addition
to the latest one
- --snapshot-interval: Number of log entries between Raft snapshots
These options already existed in SwarmKit and the Docker API but were
never exposed in the CLI. I'm adding them here to fix this oversight.
--max-snapshots may be useful for debugging purposes and more
conservative users who want to store rolling backups of old versions of
the Raft state.
--snapshot-interval is most useful for performance tuning. The default
value of 10000 may not be ideal for some setups.
There is also a LogEntriesForSlowFollowers option that is not exposed. I
decided not to expose it along with these others because I don't think
it's generally useful (and I'm not sure what I would call the CLI flag).
But if people want, I can expose it for the sake of completeness.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This fix adds `--dns-add`, `--dns-rm`, `--dns-opt-add`, `--dns-opt-rm`,
`--dns-search-add` and `--dns-search-rm` to `service update`.
An integration test and a unit test have been added to cover the changes in this fix.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to fix the issue raised in 24391 about allowing
custom DNS settings to service definition.
This fix adds `DNSConfig` (`Nameservers`, `Options`, `Search`) to
service definition, as well as `--dns`, `--dns-opt`, and `dns-search`
to `service create`.
An integration test has been added to cover the changes in this fix.
This fix fixes 24391.
A PR in swarmkit will be created separately.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix is based on the comment in
https://github.com/docker/docker/pull/27567#discussion_r86910604
Basically, in the help output of `docker service update`, the `--xxx-add`
flags typically have plural forms while `--xxx-rm` flags have singular
forms.
This fix updates the help output for consistency.
This fix also updates the related docs in `service_update.md`.
The help output in `service_update.md` has been quite out-of-sync
with the actual output so this fix replaces the output with the
most up-to-date output.
This fix is related to #27567.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to add `--tty` to `docker service create/update`. As was
specified in 25644, `TTY` flag has been added to SwarmKit and is
already vendored.
This fix add `--tty` to `docker service create/update`.
Related document has been updated.
Additional integration tests has been added.
This fix fixes 25644.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
PR 24978 adds hint of of progress to the output of `docker build`
for 1.13, in the format of
```
Step 1/5 ...
...
Step 2/5 ...
...
```
Though some of the docs hasn't been updated.
This fix did a grep in docs and updated the related places.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to address the proposal raised in 27921 and add
`--cpus` flag for `docker run/create`.
Basically, `--cpus` will allow user to specify a number (possibly partial)
about how many CPUs the container will use. For example, on a 2-CPU system
`--cpus 1.5` means the container will take 75% (1.5/2) of the CPU share.
This fix adds a `NanoCPUs` field to `HostConfig` since swarmkit alreay
have a concept of NanoCPUs for tasks. The `--cpus` flag will translate
the number into reused `NanoCPUs` to be consistent.
This fix adds integration tests to cover the changes.
Related docs (`docker run` and Remote APIs) have been updated.
This fix fixes 27921.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Manager now auto-detects the address that an agent connects to the cluster
from and stores it. This is useful for many kinds of internal cluster
management tools.
Signed-off-by: Drew Erny <drew.erny@docker.com>
As for `ps`, `images`, `network ls` and `volume ls`, this makes it
possible to define a custom default format.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Allow built images to be squash to scratch.
Squashing does not destroy any images or layers, and preserves the
build cache.
Introduce a new CLI argument --squash to docker build
Introduce a new param to the build API endpoint `squash`
Once the build is complete, docker creates a new image loading the diffs
from each layer into a single new layer and references all the parent's
layers.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
If user namespaces is enabled on the daemon, reveal that via docker info
by adding "userns" to the list of security options reported by the
info endpoint.
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
It seems that `max-concurrent-downloads` and `max-concurrent-uploads`
are supported in Windows for `config.json`. Though that was not
mentioned in the docs for dockerd.md.
This fix adds the following to the example `config.json` file for Windows:
```
"max-concurrent-downloads": 3,
"max-concurrent-uploads": 5,
```
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
--group-add was used for specifying groups for both service create
and service update. For create it was confusing since we don't have
an existing set of groups. Instead I added --group to create, and
moved --group-add to service update only, like --group-rm
This deals with issue 27646
Signed-off-by: Lily Guo <lily.guo@docker.com>
Update flag documentation
Specify that --group, --group-add and --groupd-rm refers to
supplementary user groups
Signed-off-by: Lily Guo <lily.guo@docker.com>
Fix docs for groups and update completion scripts
Signed-off-by: Lily Guo <lily.guo@docker.com>
A HealthConfig entry was added to the ContainerSpec associated with the
service being created or updated.
Signed-off-by: Cezar Sa Espinola <cezarsa@gmail.com>
The --name flag was inadvertently added to
docker service update, but is not supported,
as it has various side-effects (e.g., existing
tasks are not renamed).
This removes the flag from the service update
command.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fix tries to address the issue in 24712 and add
`--env-file` file to `docker create service`.
Related documentation has been updated.
An additional integration has been added.
This fix fixes 24712.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
containers may specify these cgroup values at runtime. This will allow
processes to change their priority to real-time within the container
when CONFIG_RT_GROUP_SCHED is enabled in the kernel. See #22380.
Also added sanity checks for the new --cpu-rt-runtime and --cpu-rt-period
flags to ensure that that the kernel supports these features and that
runtime is not greater than period.
Daemon will support a --cpu-rt-runtime flag to initialize the parent
cgroup on startup, this prevents the administrator from alotting runtime
to docker after each restart.
There are additional checks that could be added but maybe too far? Check
parent cgroups to ensure values are <= parent, inspecting rtprio ulimit
and issuing a warning.
Signed-off-by: Erik St. Martin <alakriti@gmail.com>
`docker network prune` prunes unused networks, including overlay ones.
`docker system prune` also prunes unused networks.
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
The following sentences (introduced in v1.11 via #21160) were misleading for Swarm mode services (>= v1.12)
For networks backed by multi-host network driver, such as Overlay,
this command also shows the container endpoints in other hosts in the
cluster. These endpoints are represented as "ep-{endpoint-id}" in the output.
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
Currently, there's no way to restart the tasks of a service without
making an actual change to the service. This leads to us giving awkward
workarounds as in
https://github.com/docker/docker.github.io/pull/178/files, where we tell
people to scale a service up and down to restore balance, or make
unnecessary changes to trigger a restart.
This change adds a --force option to "docker service update", which
forces the service to be updated even if no changes require that.
Since rolling update parameters are respected, the user can use
"docker service --force" to do a rolling restart. For example, the
following is supported:
docker service update --force --update-parallelism 2 \
--update-delay 5s myservice
Since the default value of --update-parallelism is 1, the default
behavior is to restart the service one task at a time.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Passing {{.Networks}} to the format parameter will prompt ps to
display all the networks the container is connected to.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Keeping the current behavior for exec, i.e., inheriting
variables from main process. New variables will be added
to current ones. If there's already a variable with that
name it will be overwritten.
Example of usage: docker exec -it -e TERM=vt100 <container> top
Closes#24355.
Signed-off-by: Jonh Wendell <jonh.wendell@redhat.com>
This fix tries to add a daemon config parameter `--shutdown-timeout`
that specifies the timeout value to stop containers gracefully
(before SIGKILL). The default value is 15s.
The `--shutdown-timeout` parameter is added to daemon options and
config file. It will also be updated during daemon reload.
Additional test cases have been added to cover the change.
This fix fixes#22471.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This adds support for two enhancements to swarm service rolling updates:
- Failure thresholds: In Docker 1.12, a service update could be set up
to either pause or continue after a single failure occurs. This adds
an --update-max-failure-ratio flag that controls how many tasks need to
fail to update for the update as a whole to be considered a failure. A
counterpart flag, --update-monitor, controls how long to monitor each
task for a failure after starting it during the update.
- Rollback flag: service update --rollback reverts the service to its
previous version. If a service update encounters task failures, or
fails to function properly for some other reason, the user can roll back
the update.
SwarmKit also has the ability to roll back updates automatically after
hitting the failure thresholds, but we've decided not to expose this in
the Docker API/CLI for now, favoring a workflow where the decision to
roll back is always made by an admin. Depending on user feedback, we may
add a "rollback" option to --update-failure-action in the future.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This fix tries to add a flag `--stop-timeout` to specify the timeout value
(in seconds) for the container to stop before SIGKILL is issued. If stop timeout
is not specified then the default timeout (10s) is used.
Additional test cases have been added to cover the change.
This fix is related to #22471. Another pull request will add `--shutdown-timeout`
to daemon for #22471.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Allow passing --storage-opt size=X to docker create/run commands
for the `overlay2` graphriver.
The size option is only available if the backing fs is xfs that is
mounted with the `pquota` mount option.
The user can pass any size less then the backing fs size.
Signed-off-by: Amir Goldstein <amir73il@aquasec.com>
Fedora 22 reached end of life on July 19th, and
will no longer receive updates;
https://fedoramagazine.org/fedora-22-end-of-life-2016-july/
With the recent release of Fedora 24, Fedora 22 will officially enter End Of
Life (EOL) status on July 19th, 2016. After July 19th, all packages in the
Fedora 22 repositories will no longer receive security, bugfix, or enhancement
updates, and no new packages will be added to the Fedora 22 collection.
Upgrading to Fedora 23 or Fedora 24 before July 19th 2016 is highly recommended
for all users still running Fedora 22.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Some frontmatter such as the weights, menu stuff, etc is no longer used
'draft=true' becomes 'published: false'
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
This information was added in
1efc940e6f547760e5e8f4648acb120ff19fdc58,
but removed again in
a271eaeba224652e3a12af0287afbae6f82a9333
to make the help-output fit in a 80-chars
terminal.
This adds the available options again
in the help output, and updates the CLI
reference documentation to match actual
output.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Linux kernel 4.3 and later supports "ambient capabilities" which are the
only way to pass capabilities to containers running as a non root uid.
Previously there was no way to allow containers not running as root
capabilities in a useful way.
Fix#8460
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
When sending a build context to a remote server it may be
(significantly) advantageous to compress the build context. This commit
adds support for gz compression when constructing a build context
using a command like "docker build --compress ."
Signed-off-by: Paul Kehrer <paul.l.kehrer@gmail.com>
As is specified in 26964, it is possible to specify
a filter based on the node name or node ID.
This fix updates the related docs for that.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix updates docs for `service ps` as now the TASK ID part has been
removed.
Also, this fix fixes several incorrect sample output.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This commit updates documentation and change log to include
the preliminary validation of the dockerfile before instructions
in dockerfile is run one-by-one.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Allows the user to use `pretty` as the format string.
This enables users to put custom format options into their CLI config
just like is supported for `docker ps` and `docker images`
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This adds a small C binary for fighting zombies. It is mounted under
`/dev/init` and is prepended to the args specified by the user. You
enable it via a daemon flag, `dockerd --init`, as it is disable by
default for backwards compat.
You can also override the daemon option or specify this on a per
container basis with `docker run --init=true|false`.
You can test this by running a process like this as the pid 1 in a
container and see the extra zombie that appears in the container as it
is running.
```c
int main(int argc, char ** argv) {
pid_t pid = fork();
if (pid == 0) {
pid = fork();
if (pid == 0) {
exit(0);
}
sleep(3);
exit(0);
}
printf("got pid %d and exited\n", pid);
sleep(20);
}
```
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Because we standardize on using a non-privileged
prompt (`$`) instead of `#`, replacing the
examples to use `sudo` instead to indicate
this has to be run as root.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Silvin Lubecki
Ioan Eugen Stan
selansen
Sebastiaan van Stijn
Nico Stapelbroek
Henry N
Per Lundberg
Vincent Demeester
Vincent Demeester
Sebastiaan van Stijn
Joao Fernandes
Bogdan Anton
Preston Cowley
David Beitey
Victor Vieux
Lydell Manganti
Akihiro Suda
Alexander Ryabov
Sungwon Han
WTFKr0
Misty Stanley-Jones
Christy Perez
Daniel Nephin
Kat
apkd
T K Sourabh
Lachlan Cooper
Nicolas De Loof
Harald Albers
Riyaz Faizullabhoy
Renaud Gaubert
Rodolfo Ortiz
Simon Ferquel
squeegels
Jamie Hannaford
Patrick Lang
Mikhail Vasin
Daniel Nephin
Abdur Rehman
Kyle Spiers
Jesse Adametz
Brian Goff
BastianHofmann
John Mulhausen
djgoosen
Misty Stanley-Jones
Phil Estes
Frieder Bluemle
Allen Sun
Tycho Andersen
Marc Bihlmaier
Carlo Mion
Tobias Gesellchen
Rubens Figueiredo
Boaz Shuster
Marco Mariani
Christophe Vidal
Jimmy Leger
John Howard
bryfry
Luka Hartwig
Kir Kolyshkin
Jonathan Lee
zebrilee
Hernan Garcia
allencloud
Aleksa Sarai
yuexiao-wang
Valentin Lorentz
Dhawal Yogesh Bhanushali
Slava Semushin
Doug Davis
Tõnis Tiigi
Alessandro Boch
Josh Hawn
Ying Li
Noah Treuhaft
Aaron Lehmann
John V. Martinez
Ian Campbell
Gary Schaetz
MichaelSpets
David Sheets
Denis Defreyne
Dong Chen
Flavio Crisciani
Julien Maitrehenry
Antonio Murdaca
Alvin Deng
Jeremy Chambers
Yong Tang
Drew Erny
Arash Deshmeh
Mike Casas
Elias Faxö
徐俊杰
Ian Philpot
David Xia
EG Noriega
erxian
uhayate
Foysal Iqbal
John Maguire
Wayne Song
Dave Tucker
Jeremy Yallop
Ricardo N Feliciano
Remy Suen
French Ben
Santhosh Manohar
John Laswell
pjaffe
Tony Abboud
yupengzte
Zhang Wei
Daniel Zhang
Kenfe-Mickael Laventure
Tianon Gravi
Nathan LeClaire
Lewis Daly
Ma Shimiao
jroenf
Timothy Hobbs
Michael Irwin
Michael Friis
Yanqiang Miao
Victor Vieux
ttronicum
zhenghenghuo
Anusha Ragunathan
Victoria Bialas
liwenqi
lixiaobing10051267
Michael
Trapier Marshall
Qinglan Peng
Kei Ohmura
Jake Sanders
Chris Gavin
dattatrayakumbhar04
cyli
Jacob Tomlinson
Ben Firshman
bbayani
Andrea Luzzardi
Steve Durrheimer
Evan Hazlett
milindchawre
Alicia Lauerman
Josh Horwitz
Darren Stahl
Nikolay Milovanov
Gaetan de Villele
Michael Crosby
Addam Hardy
Qiang Huang
Josh Horwitz
Phil Estes
Lily Guo
Cezar Sa Espinola
Ce Gao
Erik St. Martin
Leo Gallucci
sandyskies
Jonh Wendell
Ding Fei
Luca Favatella
Amir Goldstein
Alicia Lauerman
Justin Cormack
Paul Kehrer
Josh Bodah