Commit Graph

1259 Commits

Author SHA1 Message Date
Antonio Murdaca d00b518979 authZ: more fixes
- fix naming and formatting
- provide more context when erroring auth
- do not capitalize errors
- fix wrong documentation
- remove ugly remoteError{}

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:20 +00:00
Wen Cheng Ma 752b902123 Fix typo error and update index
Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com>
2017-06-02 00:07:20 +00:00
Antonio Murdaca e79f2fcc21 pkg: authorization: add Err to tweak response status code
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:20 +00:00
Doug Davis 8b3b2571d7 Add a DOCKER_API_VERSION env var
Closes: #11486

Just for @ahmetalpbalkan  :-)

Fixed some comment formatting too while in there.

Signed-off-by: Doug Davis <dug@us.ibm.com>
2017-06-02 00:07:20 +00:00
Ray Tsang 5e6c121c37 Updated REX-Ray plugin platform support.
REX-Ray added Google Compute Engine support: https://github.com/emccode/rexray/issues/113

Signed-off-by: Ray Tsang <rayt@google.com>
2017-06-02 00:07:20 +00:00
Antonio Murdaca 5ea58b57cb docs: extend: plugins_volume.md: Err default to empty string
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:20 +00:00
Vivek Goyal b2cbaa03af Add capability to specify mount propagation per volume
Allow passing mount propagation option shared, slave, or private as volume
property.

For example.
docker run -ti -v /root/mnt-source:/root/mnt-dest:slave fedora bash

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
2017-06-02 00:07:20 +00:00
Harald Albers 9339b4abb5 bash completion for `docker daemon --authz-plugin`
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:20 +00:00
Steve Durrheimer c54cb6f490 Fix small missing equal sign for 'docker daemon --cluster-store-opt'
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
2017-06-02 00:07:20 +00:00
Steve Durrheimer 1df420553c Add zsh completion for 'docker daemon --authz-plugin'
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
2017-06-02 00:07:20 +00:00
Justas Brazauskas b91f98d9f1 Fix typos found across repository
Signed-off-by: Justas Brazauskas <brazauskasjustas@gmail.com>
2017-06-02 00:07:20 +00:00
Liron Levin 53c1cb81c0 Change authz plugin argument name
Signed-off-by: Liron Levin <liron@twistlock.com>
2017-06-02 00:07:20 +00:00
Dima Stopel a8a3c47ee5 Fixing documentation comments by @thaJeztah
Signed-off-by: Dima Stopel <dima@twistlock.com>
2017-06-02 00:07:20 +00:00
Dima Stopel 00962f362b Fixing documentation according to comments by @moxiegirl and @thaJeztah
Signed-off-by: Dima Stopel <dima@twistlock.com>
2017-06-02 00:07:20 +00:00
Liron Levin 67d3265c4b Docker authorization plug-in infrastructure enables extending the functionality of the Docker daemon with respect to user authorization. The infrastructure enables registering a set of external authorization plug-in. Each plug-in receives information about the user and the request and decides whether to allow or deny the request. Only in case all plug-ins allow accessing the resource the access is granted.
Each plug-in operates as a separate service, and registers with Docker
through general (plug-ins API)
[https://blog.docker.com/2015/06/extending-docker-with-plugins/]. No
Docker daemon recompilation is required in order to add / remove an
authentication plug-in. Each plug-in is notified twice for each
operation: 1) before the operation is performed and, 2) before the
response is returned to the client. The plug-ins can modify the response
that is returned to the client.

The authorization depends on the authorization effort that takes place
in parallel [https://github.com/docker/docker/issues/13697].

This is the official issue of the authorization effort:
https://github.com/docker/docker/issues/14674

(Here)[https://github.com/rhatdan/docker-rbac] you can find an open
document that discusses a default RBAC plug-in for Docker.

Signed-off-by: Liron Levin <liron@twistlock.com>
Added container create flow test and extended the verification for ps
2017-06-02 00:07:20 +00:00
Dima Stopel 87f1223216 Adding authorization subsystem documentation
Signed-off-by: Dima Stopel <dima@twistlock.com>
2017-06-02 00:07:20 +00:00
Aaron Lehmann fa96356872 Update docs for addition of transfer manager
Closing the HTTP connection requesting a push or pull will cancel the
push or pull. This behavior also applies to the CLI.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:07:19 +00:00
Qiang Huang d9278dd4a8 Check minimum kernel memory limit to be 4M
Fixes: #18405

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:07:19 +00:00
Sambuddha Basu 93ce6fd9f5 The docs now explain that images with repo:tag as <none>:<none> are dangling images.
Signed-off-by: Sambuddha Basu <sambuddhabasu1@gmail.com>
2017-06-02 00:07:19 +00:00
Harald Albers b4a012656c Improve bash completion for `docker network disconnect`
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:19 +00:00
Sebastiaan van Stijn 7071c15b5f docs: markdown and textual fixups in reference/run.md
This fixes markdown formatting, and formatting of tables;

 - Our markdown engine doesn't support spanning rows, so
   re-wrapped table contents.
 - Added a CSS-styles to prevent "code" blocks in tables
   from wrapping
 - The "logging drivers" table didn't have a header
 - Aligned table borders in source code for better readability.
 - Standardize on using `-it` in stead of -i -t or -ti
 - Some markup issues
 - Some minor textual fixups

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:19 +00:00
Jessica Frazelle ac40ecf711 update bash completion for seccomp
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2017-06-02 00:07:19 +00:00
Chris Weyl 66eef79e58 newtork -> network (minor spelling correction)
...yeah, that was bugging me. :)

Signed-off-by: Chris Weyl <cweyl@alumni.drew.edu>
2017-06-02 00:07:19 +00:00
Ma Shimiao 9480c4763d Add support for blkio read/write bps device
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2017-06-02 00:07:19 +00:00
Ma Shimiao 7880dcf5f2 docs: fix weight-deivce option args
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2017-06-02 00:07:19 +00:00
Vincent Demeester c6162061d9 Add format flag to network inspect
…for consistency as docker inspect and docker volume inspect supports it too

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:19 +00:00
Sebastiaan van Stijn c5f725e1c7 Address review comments.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:19 +00:00
Ben Firshman 22ce4b4448 Add docs and man page entry for --volume-driver
Signed-off-by: Ben Firshman <ben@firshman.co.uk>
2017-06-02 00:07:19 +00:00
Wen Cheng Ma deae0706ea Add NETWORK_NAME_or_ID value for --net= option
Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com>
2017-06-02 00:07:19 +00:00
Sebastiaan van Stijn 178a2cfe7c update order and address review notes
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:19 +00:00
gwx296173 01c09480dc add examples in search.md
Signed-off-by: gwx296173 <gaojing3@huawei.com>
2017-06-02 00:07:19 +00:00
Antonio Murdaca e9287cd43a Add OomScoreAdj to configure container oom killer preferences
libcontainer v0.0.4 introduces setting `/proc/self/oom_score_adj` to
better tune oom killing preferences for container process. This patch
simply integrates OomScoreAdj libcontainer's config option and adjust
the cli with this new option.

Signed-off-by: Antonio Murdaca <amurdaca@redhat.com>
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:19 +00:00
Dan Walsh 65120e8851 This patch adds --tmpfs as a option for mounting tmpfs on directories
It will Tar up contents of child directory onto tmpfs if mounted over

This patch will use the new PreMount and PostMount hooks to "tar"
up the contents of the base image on top of tmpfs mount points.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2017-06-02 00:07:18 +00:00
Pavel Pospisil 70efcb00b4 Improvement of docker top Man Page
Some users expect that the `docker top $CONT` command displays information from the inside container perspective.
They expect that the `docker top $CONT` command displays same information as the `docker exec $CONT ps -ef` command. But it does not.

That's why the `docker top` man page shall explicitly state that the `docker top $CONT` displays information from the host's point of view.

Signed-off-by: Pavel Pospisil <pospispa@gmail.com>
2017-06-02 00:07:18 +00:00
Doug Davis ecfc3613b2 Deprecate -f flag from docker tag
Closes #9798

@maintainers please note that this is a change to the UX. We no longer
require the -f flag on `docker tag` to move a tag from an existing image.
However, this does make us more consistent across our commands,
see https://github.com/docker/docker/issues/9798 for the history.

Signed-off-by: Doug Davis <dug@us.ibm.com>
2017-06-02 00:07:18 +00:00
Zhang Wei 67eea4d814 Add docs for option `--isolation`
Add docs for `run`/`create`/`build` command option `isolation`

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:07:18 +00:00
Madhu Venugopal c072458308 Make discovery ttl and heartbeat configurable
Docker daemon uses kv-store as the host-discovery backend.
Discovery module tracks the liveness of a node through a simple
keepalive mechanism.  The keepalive mechanism depends on every
node performing heartbeat by registering itself with the discovery
module (via KV-Store Put operation). And for every Put operation,
the discovery module in all other nodes will receive a Watch
notification. That keeps the node alive.
Any node that fails to register itself within the TTL timer is
considered dead and removed from the discovery database.

The default timer (heartbeat = 20 seconds & ttl = 60 seconds)
works fine for small clusters.  But for large clusters, these
default timers are extremely aggressive and that causes high CPU
& most of the processing is spent managing the node discovery
and that impacts normal daemon operation.

Hence we need a way to make the discovery ttl and heartbeat
configurable.  As the cluster size grows, the user can change
these timers to make sure the daemon scales.

Signed-off-by: Madhu Venugopal <madhu@docker.com>
2017-06-02 00:07:18 +00:00
Kai Qiang Wu(Kennan) 4fbaeb5f25 Fixing the volume options doc
Fixes #15896
Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2017-06-02 00:07:18 +00:00
Sebastiaan van Stijn 41afe87367 docs: fixups for plugin drivers in docker info
Plugin drivers were added to docker info in
https://github.com/docker/docker/pull/17300

but not added to the example output in the online
docs.

Also fixed mixed tabs/spaces in the API documentation.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:18 +00:00
Christopher Jones 0f6787a636 Fixed broken links, and updated some to https
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
2017-06-02 00:07:18 +00:00
Doug Davis a7eb9308d5 Add more to tag's -f flag's help
Was noticed in #9798

Signed-off-by: Doug Davis <dug@us.ibm.com>
2017-06-02 00:07:18 +00:00
Zhang Wei 87ba148cab Add API change to docs
Add API change description to docs due to `docker network inspect`
returns different data structure.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:07:18 +00:00
Doug Davis ec3aa7ede2 Add some docs about build-arg's impact on the cache
Closes #18017

Signed-off-by: Doug Davis <dug@us.ibm.com>
2017-06-02 00:07:18 +00:00
Zhang Wei 007df1d494 Enhance `docker network rm` to delete multi net
This commit enhance `docker network rm` command to allow user to delete
multi networks at the same time.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:07:18 +00:00
Sven Dowideit d63c19c4ea Fixes found by docs validation tool
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
2017-06-02 00:07:18 +00:00
Zhang Wei 92d0c4bc45 Add '-L' option for `cp`
Fixes #16555

Original docker `cp` always copy symbol link itself instead of target,
now we provide '-L' option to allow docker to follow symbol link to real
target.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:07:18 +00:00
Mike Brown 0eb79491dd modifying docker --since and --until to support nanoseconds and time zones
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2017-06-02 00:07:18 +00:00
Wen Cheng Ma 562c2df97d Re-implement --before and --since as options for --filter
* This commit will mark --before and --since as deprecated, but leave their behavior
  unchanged until they are removed, then re-implement them as options for --filter.

* And update the related docs.

* Update the integration tests.

Fixes issue #17716

Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com>
2017-06-02 00:07:18 +00:00
NIWA Hideyuki fa2f024bc6 Addition of "--shm-size" to which size of /dev/shm is changed.
- Optional "--shm-size=" was added to the sub-command(run, create,and build).
- The size of /dev/shm in the container can be changed
  when container is made.
- Being able to specify is a numerical value that applies number,
  b, k, m, and g.
- The default value is 64MB, when this option is not set.
- It deals with both native and lxc drivers.

Signed-off-by: NIWA Hideyuki <niwa.hiedyuki@jp.fujitsu.com>
2017-06-02 00:07:18 +00:00
Mary Anthony cd4fc83dd1 Small changes to storage driver/commands ref
Entering V's comments

Signed-off-by: Mary Anthony <mary@docker.com>
2017-06-02 00:07:17 +00:00