Commit Graph

85 Commits

Author SHA1 Message Date
Daniel Hiltgen 323fb21864 Add TLS support for discovery backend
This leverages recent additions to libkv enabling client
authentication via TLS so the discovery back-end can be locked
down with mutual TLS.  Example usage:

    docker daemon [other args] \
        --cluster-advertise 192.168.122.168:2376 \
        --cluster-store etcd://192.168.122.168:2379 \
        --cluster-store-opt kv.cacertfile=/path/to/ca.pem \
        --cluster-store-opt kv.certfile=/path/to/cert.pem \
        --cluster-store-opt kv.keyfile=/path/to/key.pem

Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2017-06-02 00:07:11 +00:00
Deng Guangxing b923d8af3e update dockernetwork.md and network api
Signed-off-by: Deng Guangxing <dengguangxing@huawei.com>
2017-06-02 00:07:11 +00:00
Mary Anthony d45666f869 Fixing issues in command ordering. Adding index.md
Adjust bullets
Entering Seb's comments

Signed-off-by: Mary Anthony <mary@docker.com>
2017-06-02 00:07:11 +00:00
Madhu Venugopal da80c0929a Networking API and UX documentation
More doc updates will follow

Signed-off-by: Madhu Venugopal <madhu@docker.com>
2017-06-02 00:07:11 +00:00
Jessica Frazelle 0afb6cc862 change flag name to better follow the other flags that start with disable;
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2017-06-02 00:07:11 +00:00
Vivek Goyal fba8aeb14b devmapper: Provide option to enabled deferred device deletion
Provide a command line option dm.use_deferred_deletion to enable deferred
device deletion feature. By default feature will be turned off.

Not sure if there is much value in deferred deletion being turned on
without deferred removal being turned on. So for now, this feature can
be enabled only if deferred removal is on.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
2017-06-02 00:07:11 +00:00
Vincent Demeester 2a36a93d04 Update documentation on the revert on env validation
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:11 +00:00
Antonio Murdaca cbd33a2b27 Fix man and commandline docs
- missing help option in `docs/reference/commandline/*.md` (some files
  have it, the other I fixed didn't)
- missing `[OPTIONS]` in Usage description
- missing options
- formatting
- start/stop idempotence

Signed-off-by: Antonio Murdaca <amurdaca@redhat.com>
2017-06-02 00:07:11 +00:00
Daniel Nephin f361ebdea6 Documentation for filtering events by label
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-06-02 00:07:10 +00:00
Richard Scothern 2f288fe894 Command line, manpage and deprecation documentation.
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2017-06-02 00:07:10 +00:00
Arnaud Porterie f95e9f7c72 Add builtin nodes discovery
Use `pkg/discovery` to provide nodes discovery between daemon instances.

The functionality is driven by two different command-line flags: the
experimental `--cluster-store` (previously `--kv-store`) and
`--cluster-advertise`. It can be used in two ways by interested
components:

1. Externally by calling the `/info` API and examining the cluster store
   field. The `pkg/discovery` package can then be used to hit the same
   endpoint and watch for appearing or disappearing nodes. That is the
   method that will for example be used by Swarm.
2. Internally by using the `Daemon.discoveryWatcher` instance. That is
   the method that will for example be used by libnetwork.

Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
2017-06-02 00:07:10 +00:00
qhuang d5b1d055b8 Add support for memory reservation
Signed-off-by: qhuang <qhuang@10.0.2.15>
2017-06-02 00:07:10 +00:00
Hu Keping 1ba09d5d08 Format output of docker info
Format those info which will only be displayed when daemon is
in debug mode.

Signed-off-by: Hu Keping <hukeping@huawei.com>
2017-06-02 00:07:10 +00:00
Charles Chan 83a6b3e927 Touch up 'docker logs' documentation.
* Update format for 'Note:' to match other pages.
* Add link to Go's RFC3339Nano timestamp information.

Signed-off-by: Charles Chan <charleswhchan@users.noreply.github.com>
2017-06-02 00:07:10 +00:00
Zhang Kun 708318b076 add docker server version to /info
Signed-off-by: Zhang Kun <zkazure@gmail.com>
2017-06-02 00:07:09 +00:00
Sally O'Malley fac1158156 docker restarts running OR stopped containers, docs edit rm "running"
Signed-off-by: Sally O'Malley <somalley@redhat.com>
2017-06-02 00:07:09 +00:00
Charles Chan 17fda32a53 Add missing '[OPTIONS]' arg to documentation for 'docker version'.
Signed-off-by: Charles Chan <charleswhchan@users.noreply.github.com>
2017-06-02 00:07:09 +00:00
Madhav Puri 40a2dac738 Support for passing build-time variables in build context
- The build-time variables are passed as environment-context for command(s)
run as part of the RUN primitve. These variables are not persisted in environment of
intermediate and final images when passed as context for RUN. The build environment
is prepended to the intermediate continer's command string for aiding cache lookups.
It also helps with build traceability. But this also makes the feature less secure from
point of view of passing build time secrets.

- The build-time variables also get used to expand the symbols used in certain
Dockerfile primitves like ADD, COPY, USER etc, without an explicit prior definiton using a
ENV primitive. These variables get persisted in the intermediate and final images
whenever they are expanded.

- The build-time variables are only expanded or passed to the RUN primtive if they
are defined in Dockerfile using the ARG primitive or belong to list of built-in variables.
HTTP_PROXY, HTTPS_PROXY, http_proxy, https_proxy, FTP_PROXY and NO_PROXY are built-in
variables that needn't be explicitly defined in Dockerfile to use this feature.

Signed-off-by: Madhav Puri <madhav.puri@gmail.com>
2017-06-02 00:07:09 +00:00
Tim Hockin 8bdf17d8fe Add support for DNS options
Signed-off-by: Tim Hockin <thockin@google.com>
2017-06-02 00:07:09 +00:00
Jessica Frazelle 4948783f7c Revert "Make daemon to start with no userlandproxy by default"
This reverts commit bf2b8ec8165468d7454f6bd86f4a78e7e8b58d8e.

Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2017-06-02 00:07:09 +00:00
Nalin Dahyabhai a821292ec8 Add log reading to the journald log driver
If a logdriver doesn't register a callback function to validate log
options, it won't be usable.  Fix the journald driver by adding a dummy
validator.

Teach the client and the daemon's "logs" logic that the server can also
supply "logs" data via the "journald" driver.  Update documentation and
tests that depend on error messages.

Add support for reading log data from the systemd journal to the
journald log driver.  The internal logic uses a goroutine to scan the
journal for matching entries after any specified cutoff time, formats
the messages from those entries as JSONLog messages, and stuffs the
results down a pipe whose reading end we hand back to the caller.

If we are missing any of the 'linux', 'cgo', or 'journald' build tags,
however, we don't implement a reader, so the 'logs' endpoint will still
return an error.

Make the necessary changes to the build setup to ensure that support for
reading container logs from the systemd journal is built.

Rename the Jmap member of the journald logdriver's struct to "vars" to
make it non-public, and to make it easier to tell that it's just there
to hold additional variable values that we want journald to record along
with log data that we're sending to it.

In the client, don't assume that we know which logdrivers the server
implements, and remove the check that looks at the server.  It's
redundant because the server already knows, and the check also makes
using older clients with newer servers (which may have new logdrivers in
them) unnecessarily hard.

When we try to "logs" and have to report that the container's logdriver
doesn't support reading, send the error message through the
might-be-a-multiplexer so that clients which are expecting multiplexed
data will be able to properly display the error, instead of tripping
over the data and printing a less helpful "Unrecognized input header"
error.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> (github: nalind)
2017-06-02 00:07:08 +00:00
Jana Radhakrishnan 3dff6170d6 Make daemon to start with no userlandproxy by default
This PR makes a user visible behavior change with userland
proxy disabled by default and rely on hairpin NAT to be enabled
by default. This may not work in older (unsupported) kernels
where the user will be forced to enable userlandproxy if needed.

      - Updated the Docs
      - Changed the integration-cli to start with userlandproxy
	desiabled by default.

Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
2017-06-02 00:07:08 +00:00
David Calavera f5b80326a1 Add `STOPSIGNAL` instruction to dockerfiles.
This way, images creators can set the exit signal their programs use.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:08 +00:00
Harald Albers e8447c157d update docker volume man pages
- added --help option
- fixed several formatting problems

Also added --help to volume inspect reference page.

Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:08 +00:00
David Calavera 54a47bdcaa Add missing ps placeholder to the docs.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:08 +00:00
Harald Albers 849b5b6d67 Fix usage for `docker volume inspect` and `docker volume rm`
For both commands, volume is _not_ optional. Several volumes may
be specified.
Both commands now use the same name (VOLUME) for the command argument.

Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:08 +00:00
Doug Davis 56b46dca76 Typo in cp.md
Closes #16124

Signed-off-by: Doug Davis <dug@us.ibm.com>
2017-06-02 00:07:08 +00:00
Harald Albers 2edd24ea80 Fix minor typo in docs
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:08 +00:00
Sally O'Malley 5d85be4a3c add --insecure-registry warning to online docs
Signed-off-by: Sally O'Malley <somalley@redhat.com>
2017-06-02 00:07:08 +00:00
Shishir Mahajan d5394a0d5f Warning message for lvm devmapper running on top of loopback devices
Signed-off-by: Shishir Mahajan <shishir.mahajan@redhat.com>
2017-06-02 00:07:07 +00:00
Vincent Demeester 67f663c7bf Add 'ancestor' ps filter for image
Makes it possible to filter containers by image, using
--filter=ancestor=busybox and get all the container running busybox
image and image based on busybox (to the bottom).

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:07 +00:00
Vincent Demeester 898614f30a Update filtering chapters on ps/images references
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:07 +00:00
John Howard 6d275805ad Builder counts from 1
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-06-02 00:07:07 +00:00
Brian Goff 1f10226bfd Add volume API/CLI
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-06-02 00:07:07 +00:00
Taylor Jones f4060b1f65 adding message option to the import subcommand
Signed-off-by: Taylor Jones <monitorjbl@gmail.com>
2017-06-02 00:07:07 +00:00
Tonis Tiigi df39b0146b Add unless-stopped restart policy
Fixes #11008

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2017-06-02 00:07:07 +00:00
Qiang Huang 5731775665 Add support for kernel memory limit
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:07:06 +00:00
Morgan Bauer 4ddb2c2a8d add weight to daemon page so it renders in order
Signed-off-by: Morgan Bauer <mbauer@us.ibm.com>
2017-06-02 00:07:06 +00:00
Tim Dettrick e577c15cec Updated test to check for `exec --privileged` side-effects
Also improving documentation for same feature as part of
docker/docker#14113 docs review.

Signed-off-by: Tim Dettrick <t.dettrick@uq.edu.au>
2017-06-02 00:07:05 +00:00
Tim Dettrick d0fa83e285 Revert "Revert "Add docker exec run a command in privileged mode""
This reverts commit 40b71adee390e9c06471b89ed845132b4ec80177.

Original commit (for which this is effectively a rebased version) is
72a500e9e5929b038816d8bd18d462a19e571c99 and was provided by Lei Jitang
<leijitang@huawei.com>.

Signed-off-by: Tim Dettrick <t.dettrick@uq.edu.au>
2017-06-02 00:07:05 +00:00
Vincent Demeester a395c4af01 Fix #8048 : make `docker images repository:tag` work
Make command like "docker images ubuntu:14.04" work and filter out the
image with the given tag.

Closes #8048.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:05 +00:00
Harald Albers 91300d7db0 Remove -h flag from completion and daemon reference
All docker subcommands support `-h` as an alias for `--help`
unless they have `-h` aliased to something else like `docker run`,
which uses `-h` for `--hostname`.

`-h` is not included in the help messages of the commands, though.

It ist visible in
* reference: only in `docker daemon` reference,
  see output of `grep -Rse --help=false docs`
* man pages: only in `docker` man page
  see output of `grep -RF '**-h**' man`

For consistency reasons, this commit removes `-h` as an alias for
`--help` from the reference page, man page and the bash completion.

Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:05 +00:00
Mary Anthony 8bd8ac0170 - Remove references to sudo in basics.md; see sudo instructions top of file
- Removing references to Boot2Docker replacing with Docker Machine
- Removing sudo warnings in instances where appropriate (no sudo in file)
- Updating with comments

Signed-off-by: Mary Anthony <mary@docker.com>
2017-06-02 00:07:04 +00:00
Zhang Wei 2b4f09abe4 Docker stats: display Block IO stats
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:07:04 +00:00
Otto Kekäläinen ab0de17526 Multiple fixes to 'docker stats' output:
* Add space between values in docker stats output for easier parsing

  Old output could not be parsed easily because there were columns
  that did not have any separator. Also values that are together
  without any space is difficult to read even for humans.

* Update unit.HumanSize comment to match what the does actually does

Signed-off-by: Otto Kekäläinen <otto@seravo.fi>
2017-06-02 00:07:04 +00:00
Ed Costello 67f43a0a8b Copy edits for typos
Signed-off-by: Ed Costello <epc@epcostello.com>
2017-06-02 00:07:04 +00:00
Kir Kolyshkin 7480a999ca daemon.md: do fix placement of exec driver heading
Options for zfs storage driver were incorrectly placed
under 'exec driver options' header. Move the header to
the correct place.

Now, this is the second time I am fixing this. First time
it was commit 68efb27, but the following commit 9af7afb
screwed it up again, so the header appears twice now.

Get rid of the the wrong one.

Cc: David Calavera <david.calavera@gmail.com>
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
2017-06-02 00:07:04 +00:00
Mary Anthony b775ca48e0 Remove references to boot2docker replace with docker-machine
- boot2docker is deprecated in the 1.8.0
- docker-machine replaces it
- this fixes #14563
- Updating with thaJetzah comments

Signed-off-by: Mary Anthony <mary@docker.com>
2017-06-02 00:07:04 +00:00
Vincent Demeester 32d52f1244 Add missing documentation to cli/import.md
PR #11907 added support for import using file (path), but it missed
the update of cli/import.md. This fixes that.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:03 +00:00
Michał Czeraszkiewicz d0b639feb0 Fix typo in JSON config example, in the CLI documetation
Signed-off-by: Michał Czeraszkiewicz <czerasz.hosting@gmail.com>
2017-06-02 00:07:03 +00:00