Commit Graph

432 Commits

Author SHA1 Message Date
Yong Tang ebacbb50ae Add `--dns-option` to `docker run` and hide `--dns-opt`
This fix is a follow up to #27567 based on:
https://github.com/docker/docker/pull/27567#issuecomment-259295055

In #27567, `--dns-options` has been added to `service create/update`,
together with `--dns` and `--dns-search`. The `--dns-opt` was used
in `docker run`.

This fix add `--dns-option` (not `--dns-options`) to `docker run/create`, and hide
`--dns-opt`. It is still possible to use `--dns-opt` with
`docker run/create`, though it will not show up in help output.

This fix change `--dns-options`to --dns-option` for `docker service create`
and `docker service update`.

This fix also updates the docs and bash/zsh completion scripts.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:10:36 +00:00
yupeng f5298c5f4d Align arg with other cli
Signed-off-by: yupeng <yu.peng36@zte.com.cn>
2017-06-02 00:10:32 +00:00
Darren Stahl 09e1fc1540 Windows: Add cpu count option
Signed-off-by: Darren Stahl <darst@microsoft.com>
2017-06-02 00:10:32 +00:00
Yong Tang d93d09acaa Add `--cpus` flag to control cpu resources
This fix tries to address the proposal raised in 27921 and add
`--cpus` flag for `docker run/create`.

Basically, `--cpus` will allow user to specify a number (possibly partial)
about how many CPUs the container will use. For example, on a 2-CPU system
`--cpus 1.5` means the container will take 75% (1.5/2) of the CPU share.

This fix adds a `NanoCPUs` field to `HostConfig` since swarmkit alreay
have a concept of NanoCPUs for tasks. The `--cpus` flag will translate
the number into reused `NanoCPUs` to be consistent.

This fix adds integration tests to cover the changes.

Related docs (`docker run` and Remote APIs) have been updated.

This fix fixes 27921.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:10:32 +00:00
Antonio Murdaca 9ba2472a0b daemon: add a flag to override the default seccomp profile
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:10:32 +00:00
Alexander Morozov b823284d4a project: use vndr for vendoring
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2017-06-02 00:10:32 +00:00
Akihiro Suda 0e7bbb55c8 cli: add `--mount` to `docker run`
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2017-06-02 00:10:31 +00:00
Brian Goff e34679982f Adds ability to squash image after build
Allow built images to be squash to scratch.
Squashing does not destroy any images or layers, and preserves the
build cache.

Introduce a new CLI argument --squash to docker build
Introduce a new param to the build API endpoint `squash`

Once the build is complete, docker creates a new image loading the diffs
from each layer into a single new layer and references all the parent's
layers.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-06-02 00:10:31 +00:00
Addam Hardy 44edbbdbc2 Convert Unused ARG error to warning
Signed-off-by: Addam Hardy <addam.hardy@gmail.com>
2017-06-02 00:10:31 +00:00
yuexiao-wang 49a282eb1c Modify short and flags for docker inspect
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2017-06-02 00:10:31 +00:00
Qiang Huang a17a06204d Fix bunch of typos
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:10:30 +00:00
Josh Horwitz dfcd777cbc Adds container health support to docker ps filter
Signed-off-by: Josh Horwitz <horwitzja@gmail.com>
2017-06-02 00:10:30 +00:00
yuexiao-wang baed1a070e Add --format to man and fix some typos
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2017-06-02 00:10:30 +00:00
Vincent Demeester 86c99be0c9 Complete docker-events man page with filter list…
… and examples.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:10:30 +00:00
Erik St. Martin 42ef78911e Implementing support for --cpu-rt-period and --cpu-rt-runtime so that
containers may specify these cgroup values at runtime. This will allow
processes to change their priority to real-time within the container
when CONFIG_RT_GROUP_SCHED is enabled in the kernel. See #22380.

Also added sanity checks for the new --cpu-rt-runtime and --cpu-rt-period
flags to ensure that that the kernel supports these features and that
runtime is not greater than period.

Daemon will support a --cpu-rt-runtime flag to initialize the parent
cgroup on startup, this prevents the administrator from alotting runtime
to docker after each restart.

There are additional checks that could be added but maybe too far? Check
parent cgroups to ensure values are <= parent, inspecting rtprio ulimit
and issuing a warning.

Signed-off-by: Erik St. Martin <alakriti@gmail.com>
2017-06-02 00:10:28 +00:00
sandyskies b4f6b6d970 add --network option for docker build
Signed-off-by: sandyskies <chenmingjie0828@163.com>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2017-06-02 00:10:28 +00:00
Kenfe-Mickael Laventure 47b507e48a Make experimental a runtime flag
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-06-02 00:10:28 +00:00
YuPengZTE c8da630897 Fix the typo of URLs
Signed-off-by: YuPengZTE <yu.peng36@zte.com.cn>
2017-06-02 00:10:25 +00:00
Jonh Wendell 73dd34b2b3 Exec: Add ability to set environment variables
Keeping the current behavior for exec, i.e., inheriting
variables from main process. New variables will be added
to current ones. If there's already a variable with that
name it will be overwritten.

Example of usage: docker exec -it -e TERM=vt100 <container> top

Closes #24355.

Signed-off-by: Jonh Wendell <jonh.wendell@redhat.com>
2017-06-02 00:10:25 +00:00
Yong Tang ef158e3e0a Add config parameter to change stop timeout during daemon shutdown
This fix tries to add a daemon config parameter `--shutdown-timeout`
that specifies the timeout value to stop containers gracefully
(before SIGKILL). The default value is 15s.

The `--shutdown-timeout` parameter is added to daemon options and
config file. It will also be updated during daemon reload.

Additional test cases have been added to cover the change.

This fix fixes #22471.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:10:25 +00:00
Daniel Nephin cfdab875ce Update sfp13/pflag
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-06-02 00:10:25 +00:00
yuexiao-wang 659eab0574 Fix typs from go to Go
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2017-06-02 00:10:24 +00:00
Yong Tang 4ff84a13da Add config parameter to change per-container stop timeout during daemon shutdown
This fix tries to add a flag `--stop-timeout` to specify the timeout value
(in seconds) for the container to stop before SIGKILL is issued. If stop timeout
is not specified then the default timeout (10s) is used.

Additional test cases have been added to cover the change.

This fix is related to #22471. Another pull request will add `--shutdown-timeout`
to daemon for #22471.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:10:24 +00:00
Amir Goldstein 6190d02e62 overlay2: add support for --storage-opt size
Allow passing --storage-opt size=X to docker create/run commands
for the `overlay2` graphriver.

The size option is only available if the backing fs is xfs that is
mounted with the `pquota` mount option.
The user can pass any size less then the backing fs size.

Signed-off-by: Amir Goldstein <amir73il@aquasec.com>
2017-06-02 00:10:24 +00:00
Darren Stahl f7bfe86440 Implement Pause Resume support for Windows
Signed-off-by: Darren Stahl <darst@microsoft.com>
2017-06-02 00:10:13 +00:00
Antonio Murdaca e9cb71acbb daemon: add --userland-proxy-path flag
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:10:12 +00:00
Paul Kehrer 9c85295b1c Add support for compressing build context during image build
When sending a build context to a remote server it may be
(significantly) advantageous to compress the build context. This commit
adds support for gz compression when constructing a build context
using a command like "docker build --compress ."

Signed-off-by: Paul Kehrer <paul.l.kehrer@gmail.com>
2017-06-02 00:10:12 +00:00
Vincent Demeester cd547751df Add a new "is-task" ps filter
This makes it easier to list containers that are part of a task
(swarm mode) and those who are not.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:10:12 +00:00
Antonio Murdaca c17012948e configure docker-init binary path
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:10:12 +00:00
Sebastiaan van Stijn 676773a780 Fix incorrect aux-address examples and test
The (host)name for aux-addresses should
be unique, otherwise later values overwrite
earlier values.

Before this change, the example command
would send this API request;

    {
      "Attachable": false,
      "CheckDuplicate": true,
      "Driver": "overlay",
      "EnableIPv6": false,
      "IPAM": {
        "Config": [
          {
            "Gateway": "192.168.0.100",
            "IPRange": "192.168.1.0/24",
            "Subnet": "192.168.0.0/16"
          },
          {
            "AuxiliaryAddresses": {
              "a": "192.170.1.5",
              "b": "192.170.1.6"
            },
            "Gateway": "192.170.0.100",
            "Subnet": "192.170.0.0/16"
          }
        ],
        "Driver": "default",
        "Options": {
        }
      },
      "Internal": false,
      "Labels": {
      },
      "Name": "my-multihost-network",
      "Options": {
      }
    }

After this change, the request looks
like this (all aux-addresses preserved);

    {
      "Attachable": false,
      "CheckDuplicate": true,
      "Driver": "overlay",
      "EnableIPv6": false,
      "IPAM": {
        "Config": [
          {
            "AuxiliaryAddresses": {
              "my-router": "192.168.1.5",
              "my-switch": "192.168.1.6"
            },
            "Gateway": "192.168.0.100",
            "IPRange": "192.168.1.0/24",
            "Subnet": "192.168.0.0/16"
          },
          {
            "AuxiliaryAddresses": {
              "my-printer": "192.170.1.5",
              "my-nas": "192.170.1.6"
            },
            "Gateway": "192.170.0.100",
            "Subnet": "192.170.0.0/16"
          }
        ],
        "Driver": "default",
        "Options": {
        }
      },
      "Internal": false,
      "Labels": {
      },
      "Name": "my-multihost-network",
      "Options": {
      }
    }

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:12 +00:00
Sebastiaan van Stijn 1f015b1700 Update man page for dm.xfs_nospace_max_retries
This option was added through commit
0d03c060c7e6800e60833c4462b917ee9b081440,
but didn't update the man page.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:11 +00:00
Boaz Shuster 6f4c4e466b Add documentation for docker stats --format
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
2017-06-02 00:10:11 +00:00
Akihiro Suda a64a1aa0ae fix the man page and zsh completion for `docker images`
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2017-06-02 00:10:11 +00:00
Michael Crosby d72deed554 Add init process for zombie fighting
This adds a small C binary for fighting zombies.  It is mounted under
`/dev/init` and is prepended to the args specified by the user.  You
enable it via a daemon flag, `dockerd --init`, as it is disable by
default for backwards compat.

You can also override the daemon option or specify this on a per
container basis with `docker run --init=true|false`.

You can test this by running a process like this as the pid 1 in a
container and see the extra zombie that appears in the container as it
is running.

```c

int main(int argc, char ** argv) {
	pid_t pid = fork();
	if (pid == 0) {
		pid = fork();
		if (pid == 0) {
			exit(0);
		}
		sleep(3);
		exit(0);
	}
	printf("got pid %d and exited\n", pid);
	sleep(20);
}
```

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-06-02 00:10:10 +00:00
Akihiro Suda 71e220fc11 add `docker events --format`
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2017-06-02 00:10:10 +00:00
Sebastiaan van Stijn 7d50b656d4 Synchronize push reference with man page
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:10 +00:00
Daniel Nephin 37eb9061fc Move api/client -> cli/command
Using
  gomvpkg
     -from github.com/docker/docker/api/client
     -to github.com/docker/docker/cli/command
     -vcs_mv_cmd 'git mv {{.Src}} {{.Dst}}'

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-06-02 00:10:09 +00:00
Akihiro Suda 3b2455d983 update go-md2man to v1.0.6
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2017-06-02 00:10:09 +00:00
zhouhao bf70112273 Modify rename function usage
Signed-off-by: zhouhao <zhouhao@cn.fujitsu.com>
2017-06-02 00:10:09 +00:00
Akihiro Suda ba7648fa62 fix docs about `sudo docker login`
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2017-06-02 00:10:08 +00:00
Yong Tang 6aa365d7e9 Fix incorrect help output in `docker network ls`
As is raised in 26312, in `docker network ls`, the help output was
mistaken to `volume names`:
```
-q, --quiet Only display volume names
```

This fix changes the help output to:
```
-q, --quiet Only display network IDs
```

This fix also updates the documentation in:
`docs/reference/commandline/network_ls.md`

This fix fixes 26312.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:10:08 +00:00
Yong Tang 3f171a31b1 Update man page for `docker create` to add `--rm` flag
The `--rm` flag has been part of the `docker create` and
related docs in `docs/reference/commandline/create.md`
already includes the `--rm` flag. However, man page
`man/docker-create.1.md` has not adds the `--rm` flag yet.

This fix adds the description of `--rm` flag to
`man/docker-create.1.md`

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:10:08 +00:00
zhouhao de4127305e Modify docker-restart.1.md
Signed-off-by: zhouhao <zhouhao@cn.fujitsu.com>
2017-06-02 00:10:08 +00:00
Dan Walsh 5f30004f08 Linux upstream kernel Overlay file systems support SELinux
Remove checks that prevent overlay and SELinux from working together.
Fixes are arriving in the 4.9 kernel.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2017-06-02 00:10:08 +00:00
zhouhao d9340c47af Modify restart function prompt
Signed-off-by: zhouhao <zhouhao@cn.fujitsu.com>
2017-06-02 00:10:07 +00:00
Arnaud Porterie (icecrime) a2b443d1df Refactor `docker inspect` to work on all types
Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
2017-06-02 00:10:07 +00:00
Daniel Nephin 6e33dc2d91 Remove old cli framework.
Also consolidate the leftover packages under cli.
Remove pkg/mflag.
Make manpage generation work with new cobra layout.
Remove remaining mflag and fix tests after rebase with master.

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-06-02 00:10:06 +00:00
Justin Cormack a8a90829bb Add a Dockerfile for generating manpages on s390x
Untested.

Hoping CI and @michael-holzheu can test...

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-06-02 00:10:06 +00:00
Justin Cormack 6625943f44 Add a Dockerfile for generating manpages on aarch64
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-06-02 00:10:06 +00:00
Christopher Jones be1a73f200 ppc64le: add support for building docker debs for xenial
This PR adds the ability to make docker debs for xenial on power

Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>

Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
2017-06-02 00:10:06 +00:00
Brian Goff 3ef90ec019 Use the correct version of glide
In `man/Dockerfile` we are specifying a tagged version of glide to
checkout, but never actually checking it out.
This checks out the requested version before building.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-06-02 00:10:06 +00:00
Zhang Wei f63d53c736 Forbid update restart policy of container with AutoRemove flag
"--restart" and "--rm" are conflict options, if a container is started
with AutoRemove flag, we should forbid the update action for its Restart
Policy.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:10:05 +00:00
Akihiro Suda 420b6a91af add `--format` flag to `docker info`
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2017-06-02 00:10:05 +00:00
Sebastiaan van Stijn 4d268629e2 Fix capitalization
Signed-off-by: YuPengZTE <yu.peng36@zte.com.cn>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:05 +00:00
Lei Jitang ac5ac973aa Fix inspect network show gateway with mask
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2017-06-02 00:10:04 +00:00
Lei Jitang 3b2ecd7052 Fix update memory without memoryswap
The memory should always be smaller than memoryswap,
we should error out with message that user know how
to do rather than just an invalid argument error if
user update the memory limit bigger than already set
memory swap.

Signed-off-by: Lei Jitang <leijitang@huawei.com>
2017-06-02 00:10:04 +00:00
Zhang Wei 0f6a96d2a4 Wait container's removal via Events API
If AutoRemove is set, wait until client get `destroy` events, or get
`detach` events that implies container is detached but not stopped.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:10:04 +00:00
Vincent Demeester fd30075463 Add network --format flag to ls
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:10:04 +00:00
Daniel Nephin d30cedfe7c Fix the man/Dockerfile for arm
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-06-02 00:10:04 +00:00
Yong Tang 3a778c9e1f Update `--user`/`-u` flag in man page of `docker create`
The `--user`/`-u` of the `docker create` is the same as
`docker run`, which could take either `uid` or `uid:gid`
format. However, the description in the man page of `docker create`
is missing and may cause some confusions (comared with `docker run`).

This fix updates the man page of `docker create` so that it is
consistent with the man page of `docker run`.

This fix is related to 25304.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:10:03 +00:00
Qiang Huang 69eb98ada5 Fix kernel memory updating docs
Specify that kernel memory updating limitation only applies
on kernel version older than 4.6.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:10:03 +00:00
Sebastiaan van Stijn e2a6cf9fd5 docs: cleanup docker update docs
move the "kernel memory" examples to the "examples" section,
and fix some formatting and grammar.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:03 +00:00
Aaron Lehmann 1918ec3987 Require listen address and advertise address to be an IP address or an interface name
Hostnames are not supported for now because libnetwork can't use them
for overlay networking yet.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:10:02 +00:00
Aaron Lehmann 18cd5ac352 Split advertised address from listen address
There are currently problems with "swarm init" and "swarm join" when an
explicit --listen-addr flag is not provided. swarmkit defaults to
finding the IP address associated with the default route, and in cloud
setups this is often the wrong choice.

Introduce a notion of "advertised address", with the client flag
--advertise-addr, and the daemon flag --swarm-default-advertise-addr to
provide a default. The default listening address is now 0.0.0.0, but a
valid advertised address must be detected or specified.

If no explicit advertised address is specified, error out if there is
more than one usable candidate IP address on the system. This requires a
user to explicitly choose instead of letting swarmkit make the wrong
choice. For the purposes of this autodetection, we ignore certain
interfaces that are unlikely to be relevant (currently docker*).

The user is also required to choose a listen address on swarm init if
they specify an explicit advertise address that is a hostname or an IP
address that's not local to the system. This is a requirement for
overlay networking.

Also support specifying interface names to --listen-addr,
--advertise-addr, and the daemon flag --swarm-default-advertise-addr.
This will fail if the interface has multiple IP addresses (unless it has
a single IPv4 address and a single IPv6 address - then we resolve the
tie in favor of IPv4).

This change also exposes the node's externally-reachable address in
docker info, as requested by #24017.

Make corresponding API and CLI docs changes.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:10:02 +00:00
Justin Cormack 6a891c67fd Make README less scabious
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-06-02 00:10:02 +00:00
Daniel Nephin 04844c2c3d Dont run man generation as part of test-unit.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-06-02 00:10:01 +00:00
Daniel Nephin e08631bb28 Set Long text for volume commands so they can be used to generate man pages.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-06-02 00:09:59 +00:00
Daniel Nephin 106418dbd9 Add a script to generate man pages from cobra commands.
Use the generate.sh script instead of md2man directly.
Update Dockerfile for generating man pages.

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-06-02 00:07:51 +00:00
Sebastiaan van Stijn bc83ebe597 bump Go to 1.6.3
following the announcement;
https://groups.google.com/forum/m/#!topic/golang-announce/7JTsd70ZAT0

> [security] Go 1.6.3 and Go 1.7rc2 pre-announcement
>
> Hello gophers,
> We plan to issue Go 1.6.3 and Go 1.7rc2 on Monday July 18 at approximately 2am UTC.
> These are minor release to fix a security issue.
>
> Following our policy at https://golang.org/security, this is the pre-announcement of those releases.
>
> Because we are so late in the release cycle for Go 1.7, we will not issue a minor release of Go 1.5.
> Additionally, we plan to issue Go 1.7rc3 later next week, which will include any changes between 1.7rc1 and tip.
>
> Cheers,
> Chris on behalf of the Go team

**Note:**
the man/Dockerfile is not yet updated, because
the official image for Go 1.6.2 has not yet
been updated.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:51 +00:00
Sebastiaan van Stijn 77e4100d00 Improve flag help consistency, and update docs
This adds the `--live-restore` option to the documentation.

Also synched usage description in the documentation
with the actual description, and re-phrased some
flag descriptions to be a bit more consistent.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:51 +00:00
allencloud eb0a4426e2 better command `docker network create -h` output
Signed-off-by: allencloud <allen.sun@daocloud.io>
2017-06-02 00:07:51 +00:00
Arnaud Porterie (icecrime) 253a5f4ea2 Rename `--net` to `--network`
Add a `--network` flag which replaces `--net` without deprecating it
yet. The `--net` flag remains hidden and supported.

Add a `--network-alias` flag which replaces `--net-alias` without deprecating
it yet. The `--net-alias` flag remains hidden and supported.

Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
2017-06-02 00:07:50 +00:00
Qiang Huang 670a0b8077 Soften limitation of update kernel memory
Kernel memory is not allowed to be updated if container is
running, it's not actually a precise kernel limitation.

Before kernel version 4.6, kernel memory will not be accounted
until kernel memory limit is set, if a container created with
kernel memory initialized, kernel memory is accounted as soon
as process created in container, so kernel memory limit update
is allowed afterward. If kernel memory is not initialized,
kernel memory consumed by processes in container will not be
accounted, so we can't update the limit because the account
will be wrong.

So update kernel memory of a running container with kernel memory
initialized is allowed, we should soften the limitation by docker.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:07:49 +00:00
Dave Henderson e8b87f53ec Clarify warning against using build-time variables for secrets
Signed-off-by: Dave Henderson <dhenderson@gmail.com>
2017-06-02 00:07:49 +00:00
Antonio Murdaca fac7c67349 man: add missing --add-runtime
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:48 +00:00
allencloud a03b5522fe make cmd short short consistency and change docs
Signed-off-by: allencloud <allen.sun@daocloud.io>
2017-06-02 00:07:47 +00:00
Akihiro Suda e483efc219 update go-md2man to v1.0.5
Due to the issue of go-md2man, a numbered list in `man docker login` was not rendered correctly.
a8f937e113

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2017-06-02 00:07:47 +00:00
Shishir Mahajan 43e6c9864b Man page fix: Mention supported drivers for --storage-opt size option in docker create/run
Signed-off-by: Shishir Mahajan <shishir.mahajan@redhat.com>
2017-06-02 00:07:46 +00:00
Sebastiaan van Stijn 541dcf39ad Update docker info output example
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:44 +00:00
Alessandro Boch 987e5e6d8a Allow user to specify container's link-local addresses
Signed-off-by: Alessandro Boch <aboch@docker.com>
2017-06-02 00:07:44 +00:00
Michael Crosby bfe4e46682 Add --live-restore flag
This flags enables full support of daemonless containers in docker.  It
ensures that docker does not stop containers on shutdown or restore and
properly reconnects to the container when restarted.

This is not the default because of backwards compat but should be the
desired outcome for people running containers in prod.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-06-02 00:07:43 +00:00
Derek McGowan e7fa3c6279 Add documentation for using overlay2
Add mention in dockerd command line and storage driver selection documentation.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2017-06-02 00:07:43 +00:00
Vincent Demeester 478055c89c Update docker-load documentation
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:42 +00:00
Sebastiaan van Stijn bb0afa7381 network docs cleanup
This fixes some Markup and formatting
issues in the network documentation;

- wrap text to 80 chars
- add missing language hints for code examples
- add missing line continuations (\)
- update USAGE output for Cobra

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:42 +00:00
Sebastiaan van Stijn 44cc95141e add support for filtering by network ID
This adds support for filtering by network ID, to be
consistent with other filter options.

Note that only *full* matches are returned; this is
consistent with other filters (e.g. volume), that
also return full matches only.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:42 +00:00
Sainath Grandhi eef6bd0b23 Adding network filter to docker ps command
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
2017-06-02 00:07:42 +00:00
Antonio Murdaca aa8edfdb77 man: mv config-json.5 to docker-config-json.5
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:42 +00:00
Yong Tang 7a63e88e36 Fix a couple of typos in the docs of `docker attach`
This fix fixed a couple of typos in the docs of `docker attach`:
docs/reference/commandline/attach.md
man/docker-attach.1.md

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:42 +00:00
Yong Tang e7ec7bbd33 Fix a couple of typos in docker attach docs.
This fix fixes a couple of typos in docker attach docs:
docs/reference/commandline/attach.md
man/docker-attach.1.md

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:41 +00:00
Alexander Morozov 9c351e61c0 attach: replace interface with simple type
Also add docs to detach events

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2017-06-02 00:07:41 +00:00
Yong Tang 794db50fdf Add `--limit` option to `docker search`
This fix tries to address the issue raised in #23055.
Currently `docker search` result caps at 25 and there is
no way to allow getting more results (if exist).

This fix adds the flag `--limit` so that it is possible
to return more results from the `docker search`.

Related documentation has been updated.

Additional tests have been added to cover the changes.

This fix fixes #23055.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:41 +00:00
allencloud 54df0949b0 fix typos
Signed-off-by: allencloud <allen.sun@daocloud.io>
2017-06-02 00:07:41 +00:00
Vincent Demeester aac0a3ee13 Add before and since filter to images
Add support for two now filter on the `images` command : `before` and
`since`. They work the same as the one on the `ps` command but for
images.

        $ docker images --filter before=myimage
        # display all images older than myimage
        $ docker images --filter since=myimage
        # display all images younger than myimage

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:40 +00:00
Akihiro Suda c27c6d1a4e update docs/reference/commandline/cp.md
Close #22020

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2017-06-02 00:07:40 +00:00
Subhajit Ghosh 2f4d9eb6b1 Document valid chars in image name and tag
- Add link to valid image name and tag formats in referenced files
- Per review comments, updated docs to remove reference to `USERNAME` and
`REGISTRYHOST`.
- Per review comment, removed links from man page.
- Per review comment, added and updated examples on `docker tag`

Signed-off-by: Subhajit Ghosh <isubuz.g@gmail.com>
2017-06-02 00:07:39 +00:00
John Howard 6d54461bd8 Windows: Default to Hyper-V Containers on client
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-06-02 00:07:39 +00:00
Christian Persson 5367c2a4aa Replace U+2018 and U+2019 with U+0027 in manpages
Signed-off-by: Christian Persson <saser@live.se>
2017-06-02 00:07:39 +00:00
Fabrizio Soppelsa 52d265fff9 Add a --filter option to `docker search`
The filtering is made server-side, and the following filters are
supported:

* is-official (boolean)
* is-automated (boolean)
* has-stars (integer)

Signed-off-by: Fabrizio Soppelsa <fsoppelsa@mirantis.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:39 +00:00
Mrunal Patel 637048e176 Add support for --pid=container:<id>
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-06-02 00:07:39 +00:00
Sean Christopherson ab42b091ee Add the swapMemorySupport requirement to OOM tests
Add the swapMemorySupport requirement to all tests related to the OOM killer.  The --memory option has the subtle side effect of defaulting --memory-swap to double the value of --memory.  The OOM killer doesn't kick in until the container exhausts memory+swap, and so without the memory swap cgroup the tests will timeout due to swap being effectively unlimited.

Document the default behavior of --memory-swap in the docker run man page.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
2017-06-02 00:07:38 +00:00
Yong Tang 9bc4cd536e Docker pull/push with max concurrency limits.
This fix tries to address issues raised in #20936 and #22443
where `docker pull` or `docker push` fails because of the
concurrent connection failing.
Currently, the number of maximum concurrent connections is
controlled by `maxDownloadConcurrency` and `maxUploadConcurrency`
which are hardcoded to 3 and 5 respectively. Therefore, in
situations where network connections don't support multiple
downloads/uploads, failures may encounter for `docker push`
or `docker pull`.

This fix tries changes `maxDownloadConcurrency` and
`maxUploadConcurrency` to adjustable by passing
`--max-concurrent-uploads` and `--max-concurrent-downloads` to
`docker daemon` command.

The documentation related to docker daemon has been updated.

Additional test case have been added to cover the changes in this fix.

This fix fixes #20936. This fix fixes #22443.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:38 +00:00
Brian Goff ce224853a2 Add support for reading logs extra attrs
The jsonlog logger currently allows specifying envs and labels that
should be propagated to the log message, however there has been no way
to read that back.

This adds a new API option to enable inserting these attrs back to the
log reader.

With timestamps, this looks like so:
```
92016-04-08T15:28:09.835913720Z foo=bar,hello=world hello
```

The extra attrs are comma separated before the log message but after
timestamps.

Without timestaps it looks like so:
```
foo=bar,hello=world hello
```

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-06-02 00:07:37 +00:00
Zhu Guihua f440f14613 Add disk quota support for btrfs
Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
2017-06-02 00:07:37 +00:00
Lucas Chan 0b4a6c36b7 Updated docker-info output and documentation
- [x] Update man page description
- [x] Update man page sample output to something more current

Tested with: `TESTFLAGS='-check.f DockerSuite.TestInfoEnsureSucceeds*'
make test-integration-cli`

Signed-off-by: Lucas Chan <lucas-github@lucaschan.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:37 +00:00
Wen Cheng Ma bdfe7963f2 Update the `docker daemon` to `dockerd` for document
Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com>
2017-06-02 00:07:37 +00:00
Sebastiaan van Stijn efff6c2b24 Add "driver" filter for network ls
This add a new filter to 'docker network ls'
to allow filtering by driver-name.

Contrary to "ID" and "name" filters, this
filter only supports an *exact* match.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:37 +00:00
Kai Qiang Wu(Kennan) c6d6752550 Add load/save image event support
For every docker load and save operations, it would log related
image events.

Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2017-06-02 00:07:36 +00:00
Kai Qiang Wu(Kennan) 0a8f5574b4 Add network label filter support
This patch did following:

1) Make filter check logic same as `docker ps ` filters

Right now docker container logic work as following:
when same filter used like below:
 -f name=jack -f name=tom
it would get all containers name is jack or tom(it is or logic)

when different filter used like below:

 -f name=jack -f id=7d1
it would get all containers name is jack and id contains 7d1(it is and logic)

It would make sense in many user cases, but it did lack of compliate filter cases,
like "I want to get containers name is jack or id=7d1", it could work around use
(get id=7d1 containers' name and get name=jack containers, and then construct the
final containers, they could be done in user side use shell or rest API)

2) Fix one network filter bug which could include duplicate result
when use -f name=  -f id=, it would get duplicate results

3) Make id filter same as container id filter, which means match any string.
not use prefix match.

It is for consistent match logic

Closes: #21417

Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2017-06-02 00:07:36 +00:00
Dan Walsh a60c612a04 Add support for setting sysctls
This patch will allow users to specify namespace specific "kernel parameters"
for running inside of a container.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2017-06-02 00:07:36 +00:00
Mary Anthony 8850c4ab6e Fixes #21701 devicemapper docs
Copy edit the content
Updates to existing material
Adding mbentley's comments
Updating with last minute comments
Update with Seb's comments

Signed-off-by: Mary Anthony <mary@docker.com>
2017-06-02 00:07:36 +00:00
Yong Tang e450a54119 Change HumanSize to BytesSize for memory output in `docker stats`.
This fix tries to fix the discrepancy between `docker stats` and
`docker run` where `docker run` uses RAMInBytes for all memory
related inputs but `docker stats` uses HumanSize for all memory
related outputs.

To be consistent, `docker stats` needs to use BytesSize for all
memory related outputs to conform to RAMInBytes in `docker run`.

This fix addresses this issue. As BytesSize is used, the test
cases needs to be adjusted to match `KiB/MiB/GiB` instead of
`KB/MB/GB`.

The documentation has also been updated.

This fix fixes #21765.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:35 +00:00
Tomasz Kopczynski 5f02c0a5ab Add insecure registries to docker info
Signed-off-by: Tomasz Kopczynski <tomek@kopczynski.net.pl>
2017-06-02 00:07:35 +00:00
allencloud b45ed4a79d 1.change validateNoSchema into validateNoScheme
2.change schema into scheme in docs and some annotations.

Signed-off-by: allencloud <allen.sun@daocloud.io>
2017-06-02 00:07:35 +00:00
Anusha Ragunathan 31c32956ca When using systemd, pass expected cgroupsPath and cli options to runc.
runc expects a systemd cgroupsPath to be in slice:scopePrefix:containerName
format and the "--systemd-cgroup" option to be set. Update docker accordingly.

Fixes 21475

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2017-06-02 00:07:34 +00:00
Aaron Lehmann 5161f2dc15 Mention "docker login" in push/pull documentation
It was suggested to me that documentation for "docker pull" and "docker
push" should reference "docker login", to make clearer how to specify
credentials for a push or pull operation. Add a note to the manual pages
and reference documentation explaining how registry credentials are
managed.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:07:34 +00:00
Harald Albers 85f983178b docs for `docker daemon --containerd`
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:34 +00:00
Kai Qiang Wu(Kennan) 3f15ba3bdf Add man change for volume filter
It was forgetton to add change in man for new-added volume filters.
This change adds that.

Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2017-06-02 00:07:34 +00:00
Shishir Mahajan 791a5fc5c1 CLI flag for docker create(run) to change block device size.
Signed-off-by: Shishir Mahajan <shishir.mahajan@redhat.com>
2017-06-02 00:07:34 +00:00
Harald Albers 52ccec4cbc fix wrong option name in `dm.min_free_space` examples
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:34 +00:00
Harald Albers f3f9b34d2a docs for labels on build, networks and volumes
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:33 +00:00
Harald Albers 386acc792b add docs for `docker load --quiet`
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:33 +00:00
Kenfe-Mickael Laventure 4ffd1a9433 Remove unneeded references to execDriver
This includes:
 - updating the docs
 - removing dangling variables

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-06-02 00:07:33 +00:00
Brian Goff eba678647b Add explicit flags for volume cp/no-cp
This allows a user to specify explicitly to enable
automatic copying of data from the container path to the volume path.
This does not change the default behavior of automatically copying, but
does allow a user to disable it at runtime.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-06-02 00:07:32 +00:00
Martin Mosegaard Amdisen c0271978f9 Update 'save' command help
Based on review feedback.

Signed-off-by: Martin Mosegaard Amdisen <martin.amdisen@praqma.com>
2017-06-02 00:07:32 +00:00
Martin Mosegaard Amdisen 315c34a25a Fix plural typo in 'save' command help
The form "Save an images" is not correct.
Either "Save an image" or "Save images" work, but since
the save commands accepts multiple images, I chose the
latter.

Fixed in all places where I could grep "Save an image(s)".

Signed-off-by: Martin Mosegaard Amdisen <martin.amdisen@praqma.com>
2017-06-02 00:07:32 +00:00
Zhu Guihua ffcfd1b39c Move ZFS options to correct place in man page
Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
2017-06-02 00:07:32 +00:00
David Calavera a7364b3743 Consolidate security options to use `=` as separator.
All other options we have use `=` as separator, labels,
log configurations, graph configurations and so on.
We should be consistent and use `=` for the security
options too.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:32 +00:00
Dan Walsh 2d0316cb43 Fix documentation on --security-opt seccomp
Missing documentation and man pages on seccomp options.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2017-06-02 00:07:32 +00:00
Zhang Wei d219111855 Fix typo
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:07:32 +00:00
Sebastiaan van Stijn 75bcb4f94a Update Docker pull examples
The old examples no longer worked due to changes in
the client and Docker Hub.

This updates the "docker pull" documentation and
adds more examples and explanation of the features.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:32 +00:00
Vivek Goyal 8db4ee005a devmapper: Add a new option dm.min_free_space
Once thin pool gets full, bad things can happen. Especially in case of xfs
it is possible that xfs keeps on retrying IO infinitely (for certain kind
of IO) and container hangs. 

One way to mitigate the problem is that once thin pool is about to get full,
start failing some of the docker operations like pulling new images or
creation of new containers. That way user will get warning ahead of time
and can try to rectify it by creating more free space in thin pool. This
can be done either by deleting existing images/containers or by adding more
free space to thin pool.

This patch adds a new option dm.min_free_space to devicemapper graph
driver. Say one specifies dm.min_free_space=10%. This means atleast
10% of data and metadata blocks should be free in pool before new device
creation is allowed, otherwise operation will fail.

By default min_free_space is 10%. User can change it by specifying
dm.min_free_space=X% on command line. A value of 0% will disable the
check.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
2017-06-02 00:07:32 +00:00
Liron Levin ce28fa45b0 Run privileged containers when userns are specified
Following #19995 and #17409 this PR enables skipping userns re-mapping
when creating a container (or when executing a command). Thus, enabling
privileged containers running side by side with userns remapped
containers.

The feature is enabled by specifying ```--userns:host```, which will not
remapped the user if userns are applied. If this flag is not specified,
the existing behavior (which blocks specific privileged operation)
remains.

Signed-off-by: Liron Levin <liron@twistlock.com>
2017-06-02 00:07:32 +00:00
Shijiang Wei 4982947250 docs: fix broken links
Signed-off-by: Shijiang Wei <mountkin@gmail.com>
2017-06-02 00:07:31 +00:00
Antonio Murdaca d437e32541 docs: add $ before HOME
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:31 +00:00
Dan Walsh b5c9713ee0 Add a parent man page for docker volumes command
It is difficult to gather information about docker volumes command
without a parent man page.

This man page attempts to explain docker volumes and then references
the command man pages.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2017-06-02 00:07:31 +00:00
Antonio Murdaca b20a425cd9 docs: extend: plugins: mention the sdk + systemd socket activation
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:31 +00:00
Jessica Frazelle fd1c2150ad pids limit support
update bash commpletion for pids limit

update check config for kernel

add docs for pids limit

add pids stats

add stats to docker client

Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2017-06-02 00:07:31 +00:00
Mrunal Patel d3f632156e Add support for NoNewPrivileges in docker
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

Add tests for no-new-privileges

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

Update documentation for no-new-privileges

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-06-02 00:07:31 +00:00
Micah Zoltu 31e78dd369 Adds clarification to behavior of missing directories.
Closes #20920

Signed-off-by: Micah Zoltu <micah@zoltu.net>
2017-06-02 00:07:31 +00:00
Brian Goff b1bac487a6 Support mount opts for `local` volume driver
Allows users to submit options similar to the `mount` command when
creating a volume with the `local` volume driver.

For example:

```go
$ docker volume create -d local --opt type=nfs --opt device=myNfsServer:/data --opt o=noatime,nosuid
```

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-06-02 00:07:31 +00:00
Qiang Huang 09f4e2e654 Add CgroupDriver to docker info
Fixes: #19539

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:07:31 +00:00
Mike Danese f18d114874 daemon/logger: Add logging driver for Google Cloud Logging
Signed-off-by: Mike Danese <mikedanese@google.com>
2017-06-02 00:07:30 +00:00
Sebastiaan van Stijn 6c61d29231 Remove some references to "register" through login
These were left-overs from the now deprecated
and removed functionality to registrer a new account
through "docker login"

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:30 +00:00
Ken Cochrane 317cfbd7bd Remove email address field from login
This removes the email prompt when you use docker login, and also removes the ability to register via the docker cli. Docker login, will strictly be used for logging into a registry server.

Signed-off-by: Ken Cochrane <kencochrane@gmail.com>
2017-06-02 00:07:30 +00:00
Jian Zhang d83df084d3 Fix some flaws in man.
Signed-off-by: Jian Zhang <zhangjian.fnst@cn.fujitsu.com>
2017-06-02 00:07:30 +00:00
David Calavera beb7b68810 Add mounts to docker ps.
- Allow to filter containers by volume with `--filter volume=name` and `filter volume=/dest`.
- Show their names in the list with the custom format `{{ .Mounts }}`.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:30 +00:00
Stefan Weil fafe6f2ab2 Fix some typos in comments and strings
Most of them were found and fixed by codespell.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
2017-06-02 00:07:29 +00:00
Zhu Guihua 06e3a6ccd0 Fix markdown style error in man page
Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
2017-06-02 00:07:29 +00:00
Zhu Guihua fad60a834e fix storage driver options in man page
Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
2017-06-02 00:07:29 +00:00
Zhang Wei 623082a1eb Update RestartPolicy of container
Add `--restart` flag for `update` command, so we can change restart
policy for a container no matter it's running or stopped.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:07:29 +00:00