Commit Graph

701 Commits

Author SHA1 Message Date
Michael Crosby d72deed554 Add init process for zombie fighting
This adds a small C binary for fighting zombies.  It is mounted under
`/dev/init` and is prepended to the args specified by the user.  You
enable it via a daemon flag, `dockerd --init`, as it is disable by
default for backwards compat.

You can also override the daemon option or specify this on a per
container basis with `docker run --init=true|false`.

You can test this by running a process like this as the pid 1 in a
container and see the extra zombie that appears in the container as it
is running.

```c

int main(int argc, char ** argv) {
	pid_t pid = fork();
	if (pid == 0) {
		pid = fork();
		if (pid == 0) {
			exit(0);
		}
		sleep(3);
		exit(0);
	}
	printf("got pid %d and exited\n", pid);
	sleep(20);
}
```

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-06-02 00:10:10 +00:00
Akihiro Suda 71e220fc11 add `docker events --format`
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2017-06-02 00:10:10 +00:00
Sebastiaan van Stijn efe94b9d92 Fix Markdown formatting and missing prompt in service create
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:10 +00:00
Misty Stanley-Jones b3341fb7af Misty's edits and additions
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
(cherry picked from commit 3de7d725137ee1620ae2050e65ace4990a3af87e)
2017-06-02 00:10:10 +00:00
Sebastiaan van Stijn 060fd9fa5c Add --mount syntax documentation to CLI reference
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:10 +00:00
yuexiao-wang 20463c7b18 fix typo for docs reference
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2017-06-02 00:10:10 +00:00
John Howard f7b0c9b472 Windows: stats support
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-06-02 00:10:10 +00:00
Alessandro Boch f9832ceac0 Fix mtu option in documentation
Signed-off-by: Alessandro Boch <aboch@docker.com>
2017-06-02 00:10:10 +00:00
Josh Bodah 622f3bf19f Remove extra paren in `run --link` docs
Signed-off-by: Josh Bodah <jb3689@yahoo.com>
2017-06-02 00:10:10 +00:00
Sebastiaan van Stijn 36ffab578f Use "sudo" for dockerd examples
Because we standardize on using a non-privileged
prompt (`$`) instead of `#`, replacing the
examples to use `sudo` instead to indicate
this has to be run as root.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:10 +00:00
Sebastiaan van Stijn e3279502d0 Add link to logging drivers reference
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:10 +00:00
Sebastiaan van Stijn 7d50b656d4 Synchronize push reference with man page
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:10 +00:00
Sebastiaan van Stijn 6abd40c653 Restore missing "format" example
The "format" example got lost during the
rewrite of the documentation for Cobra. This
restores the missing example.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:10 +00:00
David Dooling e1a8e15e8d Update ENTRYPOINT/CMD table to agree with docs
Several other places in the document it states that when using the shell
form of ENTRYPOINT, CMD and command line arguments are ignored.  That is
accurate, this table was not.  It is now.

Signed-off-by: David Dooling <dooling@gmail.com>
2017-06-02 00:10:09 +00:00
Anusha Ragunathan d3bfb92962 Update plugin install docs with registry specifics.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2017-06-02 00:10:09 +00:00
lixiaobing10051267 e0c33c5988 fix some incorrect symbols before executing command
Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn>
2017-06-02 00:10:09 +00:00
Phil Estes cf8c2c21ac Remove --read-only restriction when user ns enabled
The restriction is no longer necessary given changes at the runc layer
related to mount options of the rootfs. Also cleaned up the docs on
restrictions left for userns enabled mode. Re-enabled tests related to
--read-only when testing a userns-enabled daemon in integration-cli.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2017-06-02 00:10:09 +00:00
Charles Smith 87c8d755bd add swarm mode terms to the glossary
Signed-off-by: Charles Smith <charles.smith@docker.com>
2017-06-02 00:10:09 +00:00
Justin Cormack 62f35ffbdc Begin process of deprecating MAINTAINER
This may take some time, but start by pointing people at
LABEL instead.

MAINTAINER predates general LABEL and has basically no tooling,
only allows a single item to be added, and is has been
unofficially deprecated for some time, with many images not
including it, but we have never specifically said that it
should be replaced by LABEL as a better more generic metadata
solution.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-06-02 00:10:09 +00:00
yuexiao-wang d7d9f926af update option for docker commands
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2017-06-02 00:10:09 +00:00
Yong Tang 98043e3f79 Fix documentation for `Step 0` to `Step 1` in `docker build`
The indexing of steps in the output of `docker build` starts with `Step 1`.
However, there are several places in the docs that start with `Step 0`.

This fix addresses the issue and changes `Step 0` to `Step 1` (and subsequent steps).

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:10:09 +00:00
Charles Smith 63478d277a carries and closes 25414
Signed-off-by: Charles Smith <charles.smith@docker.com>
2017-06-02 00:10:09 +00:00
Richard Mathie 9163eecf91 Update service_create.md
More info on endpoint setting, and service discovery on swarm mode overlay network.

Signed-off-by: Richard Mathie <richard.mathie@amey.co.uk>
2017-06-02 00:10:09 +00:00
zhouhao bf70112273 Modify rename function usage
Signed-off-by: zhouhao <zhouhao@cn.fujitsu.com>
2017-06-02 00:10:09 +00:00
lixiaobing10051267 80600090cb check inconsistant command in docs/reference/commandline
Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn>
2017-06-02 00:10:09 +00:00
Misty Stanley-Jones e63e3d9fdf Sanitize uses of Swarm as a proper and improper noun
Fixes #24905

Signed-off-by: Misty Stanley-Jones <misty@docker.com>
2017-06-02 00:10:09 +00:00
yuexiao-wang 6d8cf3fb44 Remove the option for the command service rm
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2017-06-02 00:10:08 +00:00
frosforever 865d0e364d Correct typo in run reference docs that use the create command
Signed-off-by: Yosef Fertel <yfertel@gmail.com>
2017-06-02 00:10:08 +00:00
Vivek Goyal 21e45b5ad9 devmapper: Provide a knob dm.xfs_nospace_max_retries
When xfs filesystem is being used on top of thin pool, xfs can get ENOSPC
errors from thin pool when thin pool is full. As of now xfs retries the
IO and keeps on retrying and does not give up. This can result in container
application being stuck for a very long time. In fact I have seen instances
of unkillable processes. So that means once thin pool is full and process
gets stuck, container can't be stopped/killed either and only option left
seems to be power recycle of the box.

In another instance, writer did not block but failed after a while. But
when I tried to exit/stop the container, unmounting xfs hanged and only
thing I could do was power cycle the machine.

Now upstream kernel has committed patches where it allows user space to
customize user space behavior in case of errors. One of the knobs is
max_retries, which specifies how many times an IO should be retried
when ENOSPC is encountered.

This patch sets provides a tunable knob (dm.xfs_nospace_max_retries) so
that user can specify value for max_retries and tune xfs behavior. If
one sets this value to 0, xfs will not retry IO when ENOSPC error is
encountered. It will instead give up and shutdown filesystem.

This knob can be useful if one is running into unkillable
processes/containers issue on top of xfs.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
2017-06-02 00:10:08 +00:00
Akihiro Suda ba7648fa62 fix docs about `sudo docker login`
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2017-06-02 00:10:08 +00:00
Yong Tang 6aa365d7e9 Fix incorrect help output in `docker network ls`
As is raised in 26312, in `docker network ls`, the help output was
mistaken to `volume names`:
```
-q, --quiet Only display volume names
```

This fix changes the help output to:
```
-q, --quiet Only display network IDs
```

This fix also updates the documentation in:
`docs/reference/commandline/network_ls.md`

This fix fixes 26312.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:10:08 +00:00
yuexiao-wang 1d481e22fc Remove -h option for docker cli
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2017-06-02 00:10:08 +00:00
Vincent Demeester 88f17e8ef3 Add health status as action on events documentations
This was missing from the docs for 1.12.0.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:10:08 +00:00
Akihiro Suda d602486346 update docs/reference/commandline/service_create.md
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2017-06-02 00:10:08 +00:00
YuPengZTE c5a30e87bf The first letter docker is small 2017-06-02 00:10:08 +00:00
yuexiao-wang 95b80f2984 Miss the options in some commands
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2017-06-02 00:10:08 +00:00
lixiaobing10051267 8e27afeb39 make command "docker plugin inspect" complete
Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn>
2017-06-02 00:10:08 +00:00
lixiaobing10051267 eb1b81c204 provide actual command format for docker network create
Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn>
2017-06-02 00:10:08 +00:00
yuexiao-wang 79a055386c Update description for docker plugin inspect
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2017-06-02 00:10:08 +00:00
yuexiao-wang 2c9a4c7f0b Modify options for the command plugin install
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2017-06-02 00:10:07 +00:00
allencloud 7b7ff16175 update command description
Signed-off-by: allencloud <allen.sun@daocloud.io>
2017-06-02 00:10:07 +00:00
allencloud 4d1fc99027 make node ps default to self in swarm node
Signed-off-by: allencloud <allen.sun@daocloud.io>
2017-06-02 00:10:07 +00:00
ohmystack fa710a059a Add docs for "--containerd" in dockerd
Signed-off-by: ohmystack <jiangjun1990@gmail.com>
2017-06-02 00:10:07 +00:00
Kris-Mikael Krister 8918ff39e2 Fix typo in builder.md
Signed-off-by: Kris-Mikael Krister <krismikael@protonmail.com>
2017-06-02 00:10:07 +00:00
Yong Tang c37fcc3f49 Support `--group-add` and `--group-rm` in `docker service create/update`
This fix tries to address the issue raised in 25304 to support
`--group-add` and `--group-rm` in `docker service create`.

This fix adds `--group-add` to `docker service create` and `docker service update`,
adds `--group-rm` to `docker service update`.

This fix updates docs for `docker service create` and `docker service update`:
1. Add `--group-add` to `docker service create` and `docker service update`
2. Add `--group-rm` to `docker service update`

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:10:07 +00:00
Victor Vieux 7ebb7c738a add -f to plugin inspect
Signed-off-by: Victor Vieux <vieux@docker.com>

Signed-off-by: Victor Vieux <vieux@docker.com>
2017-06-02 00:10:07 +00:00
yuexiao-wang 2ff594515f clean up the run.md in reference
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2017-06-02 00:10:07 +00:00
Victor Vieux cfa7f94c02 replace active by enabled for consistency in plugins
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-06-02 00:10:07 +00:00
Kara Alexandra 4594e5d50e Add option to specify name without --name in volume create
Signed-off-by: Kara Alexandra <kalexandra@us.ibm.com>
2017-06-02 00:10:07 +00:00
Arnaud Porterie (icecrime) a2b443d1df Refactor `docker inspect` to work on all types
Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
2017-06-02 00:10:07 +00:00
Yong Tang cfb8a110b4 Update docs for `docker create` to include `--rm` flag
Since 20848 has been merged and both `docker create` and
`docker run` share the same `runconfig` parser, now both
`docker run` and `docker create` allow to specify the
`--rm` flag. However, docs for `docker create` has not
been udpated yet.

This fix updates docs for `docker create` so that `--rm`
flag has been included.

This fix is related to 20848 and 25577.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:10:07 +00:00
Rich Moyse 463d68bde9 Fixes #25918 - Changed --permissive to --privileged.
Signed-off-by: Rich Moyse <rich@moyse.us>
2017-06-02 00:10:07 +00:00
yuexiao-wang ed38ec18bf Replace docker command from 'docker daemon' to 'dockerd'
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2017-06-02 00:10:06 +00:00
lixiaobing10051267 2d81ec0fae Remove option "--manager" description for swarm_join.md
Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn>
2017-06-02 00:10:06 +00:00
David Dooling e6c152e5ee Make it clear who is doing variable expansion
Add sentece to RUN, CMD, and ENTRYPOINT exec sections making it clear
that it is the shell doing the environment variable expansion.

Signed-off-by: David Dooling <dooling@gmail.com>
2017-06-02 00:10:06 +00:00
David Dooling 2b84c776d0 Remove erroneous ENTRYPOINT note
The Dockerfile parser does not subsitute ENV variables in any form of
the ENTRYPOINT command.  Any substitution, if done, is done by the shell
when the command is executed.

Signed-off-by: David Dooling <dooling@gmail.com>
2017-06-02 00:10:06 +00:00
Mihai Borobocea 6132c35c04 docs: fix typo in url fragment
I noticed the broken hyperlink in this page:
https://docs.docker.com/engine/reference/builder/
The link should point to `#parser-directives`.

Signed-off-by: Mihai Borobocea <MihaiBorob@gmail.com>
2017-06-02 00:10:06 +00:00
Yong Tang 9a16c4fccd Add `--force` in `docker volume rm` to fix out-of-band volume driver deletion
This fix tries to address the issue in raised #23367 where an out-of-band
volume driver deletion leaves some data in docker. This prevent the
reuse of deleted volume names (by out-of-band volume driver like flocker).

This fix adds a `--force` field in `docker volume rm` to forcefully purge
the data of the volume that has already been deleted.

Related documentations have been updated.

This fix is tested manually with flocker, as is specified in #23367.
An integration test has also been added for the scenario described.

This fix fixes #23367.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:10:06 +00:00
lixiaobing10051267 0c200d4894 Modify usage of docker swarm join-token command
Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn>
2017-06-02 00:10:06 +00:00
timfeirg 280a6f9663 expose RemovalInProgress in StateString #25652
Signed-off-by: timfeirg <kkcocogogo@gmail.com>
2017-06-02 00:10:06 +00:00
lixiaobing10051267 17a0affff1 Specify woker node for docker swarm leave command
Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn>
2017-06-02 00:10:05 +00:00
Justin Cormack ff474eb300 Split list of capabilities into those added by default and those not
The documentation was a bit unhelpful as to what are the default
capabilities, so split.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-06-02 00:10:05 +00:00
Michael Crosby 1ec3668e69 Replace old oci specs import with runtime-specs
Fixes #25804

The upstream repo changed the import paths.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-06-02 00:10:05 +00:00
Sebastiaan van Stijn f68f53f3ec Add missing docs about binary remote contexts
This feature was added in docker 1.8, through
7491f9a9c11ad3fd3b587fa6f7e53b297b3b88c7.

However, the API docs ended up in the wrong
API version (1.19 instead of 1.20), so were
never included in future API docs.

Also, the CLI docs got lost during splitting
up the cli.md docs into separate files;
561bfb268de3c674b04d48895b7e46ae890ef795

This moves the API docs to the correct
versions, and restores the CLI documentation.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:05 +00:00
Zhang Wei f63d53c736 Forbid update restart policy of container with AutoRemove flag
"--restart" and "--rm" are conflict options, if a container is started
with AutoRemove flag, we should forbid the update action for its Restart
Policy.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:10:05 +00:00
Josh Horwitz b5c313651f Add --no-trunc to service/node/stack ps output
Signed-off-by: Josh Horwitz <horwitzja@gmail.com>
2017-06-02 00:10:05 +00:00
Sebastiaan van Stijn 9cec1ce2ee Add missing docs for volume ls filter=label
This filter option was added in be045ee2da7c2c83e859d86cb496e86ec6de8566,
but didn't update the documentation and
man pages.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:05 +00:00
Akihiro Suda 420b6a91af add `--format` flag to `docker info`
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2017-06-02 00:10:05 +00:00
Sebastiaan van Stijn 5a3c9e8c24 Restore missing ps example for killed containers
This example was added in b0b2f979c7c43e2975d5e39340c168da2da42d1d,
but got lost during splitting up the cli.md docs into separate files;
561bfb268de3c674b04d48895b7e46ae890ef795

This restores the missing example.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:05 +00:00
Charles Smith 32a613412e add overlay networking security model node
Signed-off-by: Charles Smith <charles.smith@docker.com>
2017-06-02 00:10:05 +00:00
David Lechner 76d46c3430 Move export from image commands to container commands
The export command operates on containers, not images, so it should be listed under the container commands, not the image commands.

Signed-off-by: David Lechner <david@lechnology.com>
2017-06-02 00:10:04 +00:00
Lei Jitang ac5ac973aa Fix inspect network show gateway with mask
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2017-06-02 00:10:04 +00:00
Tibor Vass e15ee6cec4 Remove --network-add and --network-rm flags from service update
These flags were not supported (daemon returns an error), and it was an
oversight. They were not present in completion scripts.

Signed-off-by: Tibor Vass <tibor@docker.com>
2017-06-02 00:10:04 +00:00
Victor Vieux afbc834a99 add description in docker plugin ls
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-06-02 00:10:04 +00:00
Yong Tang 710f8d8dea Update docs so that log-opts takes map (`{}`) instead of `[]`
This fix updates docs so that log-opts takes map (`{}`) instead
of `[]`, as is defined in the impmenetation (`map[string]string`)

This fix fixes 22311.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:10:04 +00:00
Darren Stahl 7a4dfc4a33 Windows: Added support for storage-opt size
Signed-off-by: Darren Stahl <darst@microsoft.com>
2017-06-02 00:10:04 +00:00
Sebastiaan van Stijn 503690bf4a Update example output for node inspect
commit 41d580c7a610d8111dc63353cbd94319ca854627 added
"Joined at" to the output of node inspect,
but I forgot that docs changes are needed.

This change updates the example output
of node inspect in the documentation.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:04 +00:00
allencloud e5a1e08fa0 update go-units vendor to newest version
Signed-off-by: allencloud <allen.sun@daocloud.io>
2017-06-02 00:10:04 +00:00
Yong Tang 68ea0dc2d0 Update documentation for entrypoint unset with `docker run/create`
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:10:04 +00:00
Charles Smith 86315be2f0 fix typo, change sample cert expiry value
Signed-off-by: Charles Smith <charles.smith@docker.com>
2017-06-02 00:10:04 +00:00
Liron Levin e428a09ae7 Enable to dynamically reload authorization plugins via daemon.config
Following #22729, enable to dynamically reload/remove the daemon
authorization plugins (via standard reloading mechanism).
https://docs.docker.com/engine/reference/commandline/daemon/#daemon-
configuration-file

Daemon must store a reference to the authorization middleware to refresh
the plugin on configuration changes.

Signed-off-by: Liron Levin <liron@twistlock.com>
2017-06-02 00:10:04 +00:00
Vincent Demeester cfd7733d30 Add volume --format flag to ls
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:10:04 +00:00
Vincent Demeester fd30075463 Add network --format flag to ls
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:10:04 +00:00
Victor Vieux 24c39ea25b Add --force to docker plugin remove
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-06-02 00:10:04 +00:00
Kevin Richardson 811862e8ab Fix typo in run command documentation
Signed-off-by: Kevin Richardson <kevin@kevinrichardson.co>
2017-06-02 00:10:04 +00:00
Patrick Böänziger 8b51443ea1 Remove git conflict markers
Signed-off-by: Patrick Bänziger <patrick.baenziger@bsi-software.com>
2017-06-02 00:10:04 +00:00
Diogo Monica f314ccfb47 Add --force to node removal
Signed-off-by: Diogo Monica <diogo.monica@gmail.com>
2017-06-02 00:10:03 +00:00
Josh Horwitz 71f2e0f2a4 Added shutdown to desired-state docs for filter node/service ps
Signed-off-by: Josh Horwitz <horwitzja@gmail.com>

$Updated http docs for /tasks filters

$Signed-off-by: Josh Horwitz <horwitzja@gmail.com>
2017-06-02 00:10:03 +00:00
Sebastiaan van Stijn 231703c3c6 Improve swarm join-token instructions
this change improves the instructions for
swarm join-token and swarm init;

- only print the join-token command for workers
  instead of for both managers and workers, to
  prevent users from copying the wrong command.
  An extra line is added to explain how to obtain
  the manager token.
- print a message that a token was rotated
  sucesfully if '--rotate' is used.
- add some extra white-space before / after
  the join commands, to make copy/pasting
  easier.

this change also does some refactoring of join-token;

- move flagname-constants together with other constants
- use variables for selected role ("worker" / "manager")
  to prevent checking for them multiple times, and to
  keep the "worker" / "manager" sting centralized
- add an extra blank line after "join-token" instructions
  this makes it easier to copy, and cleans up the
  code a tiny bit

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:03 +00:00
Yong Tang aee09a390b Update docs in `docker service create/update` for flag `--user`
In `docker service create/update`, flag `--user` actually supports
`uid:gid` (same as `docker run`). However, this is not reflected
in the help and documentation yet.

This fix updates docs in `docker service create/update` to change
the description to `Username or UID (format: <name|uid>[:<group|gid>])`.

The help message output has also been updated.

This fix is related to 25304.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:10:03 +00:00
Qiang Huang 69eb98ada5 Fix kernel memory updating docs
Specify that kernel memory updating limitation only applies
on kernel version older than 4.6.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:10:03 +00:00
allencloud 0ab07d2bd7 update command description in CLI
Signed-off-by: allencloud <allen.sun@daocloud.io>
2017-06-02 00:10:03 +00:00
Charles Smith 958d9a4844 add advertise address, clarify join token
Signed-off-by: Charles Smith <charles.smith@docker.com>
2017-06-02 00:10:03 +00:00
Sebastiaan van Stijn e2a6cf9fd5 docs: cleanup docker update docs
move the "kernel memory" examples to the "examples" section,
and fix some formatting and grammar.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:03 +00:00
Sebastiaan van Stijn ddc2f8b05a Update usage of "Swarm" for consistency
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:03 +00:00
Stephen J Day 9d114f0fae cli: `docker service|node|stack ps` instead of tasks
Rather than conflict with the unexposed task model, change the names of
the object-oriented task display to `docker <object> ps`. The command
works identically to `docker service tasks`. This change is superficial.

This provides a more sensical docker experience while not trampling on
the task model that may be introduced as a top-level command at a later
date.

The following is an example of the display using `docker service ps`
with a service named `condescending_cori`:

```
$ docker service ps condescending_cori
ID                         NAME                  SERVICE             IMAGE   LAST STATE              DESIRED STATE  NODE
e2cd9vqb62qjk38lw65uoffd2  condescending_cori.1  condescending_cori  alpine  Running 13 minutes ago  Running        6c6d232a5d0e
```

The following shows the output for the node on which the command is
running:

```console
$ docker node ps self
ID                         NAME                  SERVICE             IMAGE   LAST STATE              DESIRED STATE  NODE
b1tpbi43k1ibevg2e94bmqo0s  mad_kalam.1           mad_kalam           apline  Accepted 2 seconds ago  Accepted       6c6d232a5d0e
e2cd9vqb62qjk38lw65uoffd2  condescending_cori.1  condescending_cori  alpine  Running 12 minutes ago  Running        6c6d232a5d0e
4x609m5o0qyn0kgpzvf0ad8x5  furious_davinci.1     furious_davinci     redis   Running 32 minutes ago  Running        6c6d232a5d0e
```

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2017-06-02 00:10:03 +00:00
Anusha Ragunathan 6895b9f339 Make daemon events listen for plugin lifecycle events.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2017-06-02 00:10:03 +00:00
Sebastiaan van Stijn 00a430d255 Remove release-candidate advisories
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:03 +00:00
Charles Smith 2cab081e16 add doc for live-restore setting and daemonless containers, fix admin guide menu
Signed-off-by: Charles Smith <charles.smith@docker.com>
2017-06-02 00:10:03 +00:00
Vincent Demeester 91e476b7e9 Add container labels to service create/update
Swarm mode makes it possible through the API to set labels to containers
but not through command line. This tries to fix it.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:10:03 +00:00
Tibor Vass fa9465f093 healthcheck: do not interpret exit code 2 as "starting"
Instead reserve exit code 2 to be future proof, document that it should
not be used. Implementation-wise, it is considered as unhealthy, but
users should not rely on this as it may change in the future.

Signed-off-by: Tibor Vass <tibor@docker.com>
2017-06-02 00:10:02 +00:00
Aaron Lehmann b41c3dd208 Add failure action for rolling updates
This changes the default behavior so that rolling updates will not
proceed once an updated task fails to start, or stops running during the
update. Users can use docker service inspect --pretty servicename to see
the update status, and if it pauses due to a failure, it will explain
that the update is paused, and show the task ID that caused it to pause.
It also shows the time since the update started.

A new --update-on-failure=(pause|continue) flag selects the
behavior. Pause means the update stops once a task fails, continue means
the old behavior of continuing the update anyway.

In the future this will be extended with additional behaviors like
automatic rollback, and flags controlling parameters like how many tasks
need to fail for the update to stop proceeding. This is a minimal
solution for 1.12.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:10:02 +00:00
Aanand Prasad 897dc90656 Add note about --entrypoint overriding default command
Signed-off-by: Aanand Prasad <aanand.prasad@gmail.com>
2017-06-02 00:10:02 +00:00
Aaron Lehmann 1918ec3987 Require listen address and advertise address to be an IP address or an interface name
Hostnames are not supported for now because libnetwork can't use them
for overlay networking yet.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:10:02 +00:00
Aaron Lehmann 18cd5ac352 Split advertised address from listen address
There are currently problems with "swarm init" and "swarm join" when an
explicit --listen-addr flag is not provided. swarmkit defaults to
finding the IP address associated with the default route, and in cloud
setups this is often the wrong choice.

Introduce a notion of "advertised address", with the client flag
--advertise-addr, and the daemon flag --swarm-default-advertise-addr to
provide a default. The default listening address is now 0.0.0.0, but a
valid advertised address must be detected or specified.

If no explicit advertised address is specified, error out if there is
more than one usable candidate IP address on the system. This requires a
user to explicitly choose instead of letting swarmkit make the wrong
choice. For the purposes of this autodetection, we ignore certain
interfaces that are unlikely to be relevant (currently docker*).

The user is also required to choose a listen address on swarm init if
they specify an explicit advertise address that is a hostname or an IP
address that's not local to the system. This is a requirement for
overlay networking.

Also support specifying interface names to --listen-addr,
--advertise-addr, and the daemon flag --swarm-default-advertise-addr.
This will fail if the interface has multiple IP addresses (unless it has
a single IPv4 address and a single IPv6 address - then we resolve the
tie in favor of IPv4).

This change also exposes the node's externally-reachable address in
docker info, as requested by #24017.

Make corresponding API and CLI docs changes.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:10:02 +00:00
Vincent Demeester 871366c8b4 Update swarm init task-history-limit docs
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:10:02 +00:00
Aaron Lehmann 012fa2fd1b Update --update-parallelism docs
Update documentation to account for the changes in #24952.

docs/swarm/swarm-tutorial/rolling-update.md doesn't need any changes,
but the CLI reference pages should show the current help text.
drain-node.md no longer needs to specify --update-parallelism 1 in its
example.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:10:02 +00:00
Sebastiaan van Stijn 2a87a358d4 Remove "secrets" leftovers from docs
f5e1f6f6880391a5a3399023cf93a3c48502e57d replaced "secrets"
with "join tokens", which also removed the "auto-accept"
policy.

This removes some remaining references to those features.

Note that there are other references, but those
are already addressed in another pull request.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:02 +00:00
Vincent Demeester 2f9e9bcbaa Append --registry-auth with with
`--with-registry-auth` is more explicit.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:10:02 +00:00
Aaron Lehmann acf0bc4b9a Replace secrets with join tokens
Implement the proposal from
https://github.com/docker/docker/issues/24430#issuecomment-233100121

Removes acceptance policy and secret in favor of an automatically
generated join token that combines the secret, CA hash, and
manager/worker role into a single opaque string.

Adds a docker swarm join-token subcommand to inspect and rotate the
tokens.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:10:02 +00:00
Sebastiaan van Stijn 458ff79b0d docs: improve formatting and highlighting of docker ps reference
this improves the formatting, and code-highlighting
of the `docker ps` reference page, and wraps sentences
to 80 chars

also adds single quotes around the formatting
example for labels.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:01 +00:00
Nishant Totla 49f4d8c083 Send registry auth token for service deploy
Signed-off-by: Nishant Totla <nishanttotla@gmail.com>
2017-06-02 00:10:01 +00:00
Sebastiaan van Stijn 99bf996fdf docs: fix copy/pasta error
Looks like I copied from the line below, not
from the output :)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:01 +00:00
Sebastiaan van Stijn 7a206d8667 docs: add code-hints to builder page
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:01 +00:00
Sebastiaan van Stijn c8dd8fe523 Add missing --log-driver and --log-opt docs
Adds documentation for "--log-driver" and "--log-opt"
for services.

Also updated the API docs to include the new
options, and generated a more complete JSON
example.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:01 +00:00
Sebastiaan van Stijn 338cf2edd8 docs: update reference docs for plugins
the output/response slightly changed in
340964db1c8f161a2ad156023eb47dcc93bf804b,
and `:latest` is no longer required for
various actions.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:01 +00:00
Sebastiaan van Stijn 77f90b24c9 docs: add initial reference for "stack services"
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:01 +00:00
Sebastiaan van Stijn b2d71bfbe1 Rename --bundle to --file
This renames the '--bundle' flag for docker (stack) deploy
to be consistent with 'docker build'.

Note that there's no shorthand '-f' added for now,
because this may be confusing on 'docker stack config',
which also takes a file, and for which we may want to
have a '--format' flag in future.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:01 +00:00
Sebastiaan van Stijn 27584ec78a fix duplicated usage in docs
this removes a copy/pasta whoopsie on my side,
introduced in de64324109d2694b1525e62b5c0072267282a36c

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:01 +00:00
Charles Smith 59b234a119 add ref docs for node label
Signed-off-by: Charles Smith <charles.smith@docker.com>
2017-06-02 00:10:01 +00:00
Vincent Demeester ad98aba1b6 Add documentation for stack commands
Also removes the `-f` flags of bundle to follow the single-letter flags
evaluation.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:10:01 +00:00
Dong Chen ab696a54ef Support node label update.
Signed-off-by: Dong Chen <dongluo.chen@docker.com>
2017-06-02 00:07:51 +00:00
Sebastiaan van Stijn 77e4100d00 Improve flag help consistency, and update docs
This adds the `--live-restore` option to the documentation.

Also synched usage description in the documentation
with the actual description, and re-phrased some
flag descriptions to be a bit more consistent.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:51 +00:00
allencloud eb0a4426e2 better command `docker network create -h` output
Signed-off-by: allencloud <allen.sun@daocloud.io>
2017-06-02 00:07:51 +00:00
Justin Cormack 6a983cc502 Document --oom-score-adj flag in docker run
This was only mentioned in docker create documentation.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-06-02 00:07:51 +00:00
Qiang Huang 28a1369b30 Fix aufs docs
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:07:51 +00:00
Anil Madhavapeddy d41a63b2c0 docs: correct the placement constraints `docker service` example
- the constraint expression needs to be quoted
- add an actual redis container to run so the command line works

Signed-off-by: Anil Madhavapeddy <anil@docker.com>
2017-06-02 00:07:51 +00:00
Vincent Demeester ee88be2801 Update service inspect --pretty reference docs
Update the output and fix wrong usage in a tutorial page.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:51 +00:00
Vincent Demeester fa29084b31 Update service update commandline reference docs
Update with the new remove flags

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:50 +00:00
Justin Cormack 8bc84934fb Expand the documentation of "no-new-privileges"
The change to runc in https://github.com/opencontainers/runc/pull/789
was not documented previously. Also say what this affects and clean
up layout of initial table as there was some miscolouration of the
continuation lines.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-06-02 00:07:50 +00:00
Aaron Lehmann 1210363e0f Use spaces, not tabs, to format sample "swarm join" command
Using tabs here seems to cause copy/paste problems in some terminals.
Using spaces is safer.

Fixes #24609

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:07:50 +00:00
Sebastiaan van Stijn c33bc7d99e Remove shorthand flags for "mount", "pretty", and "no-resolve"
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:50 +00:00
Michael Crosby e3f04f5d20 Add --oom-score-adjust to daemon
This adds an `--oom-score-adjust` flag to the daemon so that the value
provided can be set for the docker daemon's process.  The default value
for the flag is -500.  This will allow the docker daemon to have a
less chance of being killed before containers do.  The default value for
processes is 0 with a min/max of -1000/1000.

-500 is a good middle ground because it is less than the default for
most processes and still not -1000 which basically means never kill this
process in an OOM condition on the host machine.  The only processes on
my machine that have a score less than -500 are dbus at -900 and sshd
and xfce( my window manager ) at -1000.  I don't think docker should be
set lower, by default, than dbus or sshd so that is why I chose -500.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-06-02 00:07:50 +00:00
Vincent Demeester 2e844f5e8d Remove --command flag for service update
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:50 +00:00
Sebastiaan van Stijn dd1708d943 Make labels human readable
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:50 +00:00
Mei ChunTao 17d3e6264a fix the docker run --readonly example. rename '/icanwrite here' to '/icanwrite/here'
Signed-off-by: Mei ChunTao <mei.chuntao@zte.com.cn>
2017-06-02 00:07:50 +00:00
Arnaud Porterie (icecrime) 253a5f4ea2 Rename `--net` to `--network`
Add a `--network` flag which replaces `--net` without deprecating it
yet. The `--net` flag remains hidden and supported.

Add a `--network-alias` flag which replaces `--net-alias` without deprecating
it yet. The `--net-alias` flag remains hidden and supported.

Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
2017-06-02 00:07:50 +00:00
Sebastiaan van Stijn b41c0c8696 Fix some broken sourceforge.net links
Looks like there's issues with sourceforge project
pages. Given that sourceforge isn't really what
it used to be, trying to find alternative URLs
where possible.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:50 +00:00
Sebastiaan van Stijn 9958abc17d Add "auto-accept=none" to documentation
The "none" option was not added to the documentation.
This adds an example, and adds additional information
on manually accepting or rejecting a node.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:50 +00:00
Derek McGowan 48e659e30c Allow option to override kernel check in overlay2
Add option to skip kernel check for older kernels which have been patched to support multiple lower directories in overlayfs.

Fixes #24023

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2017-06-02 00:07:49 +00:00
johnharris85 2f3e095768 Add support for comma-separated --auto-accept syntax.
Signed-off-by: John Harris <john@johnharris.io>
2017-06-02 00:07:49 +00:00
Qiang Huang 670a0b8077 Soften limitation of update kernel memory
Kernel memory is not allowed to be updated if container is
running, it's not actually a precise kernel limitation.

Before kernel version 4.6, kernel memory will not be accounted
until kernel memory limit is set, if a container created with
kernel memory initialized, kernel memory is accounted as soon
as process created in container, so kernel memory limit update
is allowed afterward. If kernel memory is not initialized,
kernel memory consumed by processes in container will not be
accounted, so we can't update the limit because the account
will be wrong.

So update kernel memory of a running container with kernel memory
initialized is allowed, we should soften the limitation by docker.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:07:49 +00:00
Dave Henderson e8b87f53ec Clarify warning against using build-time variables for secrets
Signed-off-by: Dave Henderson <dhenderson@gmail.com>
2017-06-02 00:07:49 +00:00
Charles Smith bf31e188d9 add constraint to service create ref
Signed-off-by: Charles Smith <charles.smith@docker.com>
2017-06-02 00:07:49 +00:00
Sebastiaan van Stijn 59e2c57540 add iptables=false to docs for multiple daemons
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:49 +00:00
Vincent Demeester 3ebe3fe752 Updates on cli reference documentation
- Update ps with `--last` flag
- Update commands with current output
- Make sure hugo does not detect the wrong language
- Update usage for `tag` command to be more coherent with the other ones

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:49 +00:00
Aaron Lehmann e632408a37 Generate a swarm joining secret if none is specified
The current behavior of `docker swarm init` is to set up a swarm that
has no secret for joining, and does not require manual acceptance for
workers. Since workers may sometimes receive sensitive data such as pull
credentials, it makes sense to harden the defaults.

This change makes `docker swarm init` generate a random secret if none
is provided, and print it to the terminal. This secret will be needed to
join workers or managers to the swarm. In addition to improving access
control to the cluster, this setup removes an avenue for
denial-of-service attacks, since the secret is necessary to even create
an entry in the node list.

`docker swarm init --secret ""` will set up a swarm without a secret,
matching the old behavior. `docker swarm update --secret ""` removes the
automatically generated secret after `docker swarm init`.

Closes #23785

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:07:49 +00:00
Vincent Demeester de7c6a8355 Use "on-failure" for both containers and services
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:49 +00:00
Anil Madhavapeddy 20859b146b make `docker service --help` text for `--endpoint-mode` more consistent
Previously:

```
      --constraint value             Placement constraints (default [])
      --endpoint-mode string         Endpoint mode(Valid values: vip, dnsrr)
<snip>
      --restart-condition string     Restart when condition is met (none, on_failure, or any)
```

Now:

```
      --constraint value             Placement constraints (default [])
      --endpoint-mode string         Endpoint mode (vip or dnsrr)
<snip>
      --restart-condition string     Restart when condition is met (none, on_failure, or any)
```

Signed-off-by: Anil Madhavapeddy <anil@docker.com>
2017-06-02 00:07:49 +00:00
Yong Tang cab7139a4b Change NAME to HOSTNAME in docs for `docker node ls`
In #24159, the title field of `docker node ls` has been
changed from NAME to HOSTNAME. However, in the docs the
NAMEs are still used for the output of `docker node ls`.

This fix updates docs so that NAME field is changed to
HOSTNAME for all `docker node ls`.

This fix is related to #24159 and #24090.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:48 +00:00