Commit Graph

1172 Commits

Author SHA1 Message Date
Yong Tang 1a22098ae2 Add support for comment in .dockerignore
This fix tries to address the issue raised in #20083 where
comment is not supported in `.dockerignore`.

This fix updated the processing of `.dockerignore` so that any
lines starting with `#` are ignored, which is similiar to the
behavior of `.gitignore`.

Related documentation has been updated.

Additional tests have been added to cover the changes.

This fix fixes #20083.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:41 +00:00
allencloud 54df0949b0 fix typos
Signed-off-by: allencloud <allen.sun@daocloud.io>
2017-06-02 00:07:41 +00:00
Lukasz Zajaczkowski 25a9609845 Add documentation for running multiple daemons
Signed-off-by: Lukasz Zajaczkowski <lukasz.zajaczkowski@ts.fujitsu.com>
2017-06-02 00:07:41 +00:00
Thomas Leonard 51ddea93a2 Add support for user-defined healthchecks
This PR adds support for user-defined health-check probes for Docker
containers. It adds a `HEALTHCHECK` instruction to the Dockerfile syntax plus
some corresponding "docker run" options. It can be used with a restart policy
to automatically restart a container if the check fails.

The `HEALTHCHECK` instruction has two forms:

* `HEALTHCHECK [OPTIONS] CMD command` (check container health by running a command inside the container)
* `HEALTHCHECK NONE` (disable any healthcheck inherited from the base image)

The `HEALTHCHECK` instruction tells Docker how to test a container to check that
it is still working. This can detect cases such as a web server that is stuck in
an infinite loop and unable to handle new connections, even though the server
process is still running.

When a container has a healthcheck specified, it has a _health status_ in
addition to its normal status. This status is initially `starting`. Whenever a
health check passes, it becomes `healthy` (whatever state it was previously in).
After a certain number of consecutive failures, it becomes `unhealthy`.

The options that can appear before `CMD` are:

* `--interval=DURATION` (default: `30s`)
* `--timeout=DURATION` (default: `30s`)
* `--retries=N` (default: `1`)

The health check will first run **interval** seconds after the container is
started, and then again **interval** seconds after each previous check completes.

If a single run of the check takes longer than **timeout** seconds then the check
is considered to have failed.

It takes **retries** consecutive failures of the health check for the container
to be considered `unhealthy`.

There can only be one `HEALTHCHECK` instruction in a Dockerfile. If you list
more than one then only the last `HEALTHCHECK` will take effect.

The command after the `CMD` keyword can be either a shell command (e.g. `HEALTHCHECK
CMD /bin/check-running`) or an _exec_ array (as with other Dockerfile commands;
see e.g. `ENTRYPOINT` for details).

The command's exit status indicates the health status of the container.
The possible values are:

- 0: success - the container is healthy and ready for use
- 1: unhealthy - the container is not working correctly
- 2: starting - the container is not ready for use yet, but is working correctly

If the probe returns 2 ("starting") when the container has already moved out of the
"starting" state then it is treated as "unhealthy" instead.

For example, to check every five minutes or so that a web-server is able to
serve the site's main page within three seconds:

    HEALTHCHECK --interval=5m --timeout=3s \
      CMD curl -f http://localhost/ || exit 1

To help debug failing probes, any output text (UTF-8 encoded) that the command writes
on stdout or stderr will be stored in the health status and can be queried with
`docker inspect`. Such output should be kept short (only the first 4096 bytes
are stored currently).

When the health status of a container changes, a `health_status` event is
generated with the new status. The health status is also displayed in the
`docker ps` output.

Signed-off-by: Thomas Leonard <thomas.leonard@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:41 +00:00
Ritesh H Shukla cceb74311b Add VMware Docker Volume Plugin.
Add reference to https://github.com/vmware/docker-volume-vsphere to Docker's list of plugins.
This is an officially supported plugin from VMware.

Signed-off-by: Ritesh H Shukla <sritesh@vmware.com>
2017-06-02 00:07:41 +00:00
Yong Tang 4a87769a80 Remove deprecated -f flag on docker tag
The -f flag on docker tag has been deprecated in docker 1.10 and
is expected to be removed in docker 1.12.

This fix removed the -f flag on docker tag and also updated
deprecated.md.

NOTE: A separate pull request for engine-api has been opened to
cover the related changes.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:41 +00:00
Roland Kammerer 263f9666cf Add the DRBD Docker Volume Plugin to the documentation
Signed-off-by: Roland Kammerer <roland.kammerer@linbit.com>
2017-06-02 00:07:40 +00:00
Yong Tang d5a8d411ba Un-deprecated command line short variant options of `-c`.
Since 1.9, the following short variant options have been
deprecated in favor of their long variants:
`docker run -c (--cpu-shares)`
`docker build -c (--cpu-shares)`
`docker create -c (--cpu-shares)`
`docker update -c (--cpu-shares)`

However, `-c` is still widely used and is considered as
a convenient option for swarm (see #16271).

This fix undeprecated the command line short
variant options of `-c` and updated the deprecated.md.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:40 +00:00
Michael Friis b66fb42ff1 Add powershell example and make linux build example consistent with other examples
Signed-off-by: Michael Friis <friism@gmail.com>
2017-06-02 00:07:40 +00:00
Yong Tang 8aa59a76fe Fix error in dockerd.md for incorrect cluster-store-opts example.
This fix fixes an error in documentation (dockerd.md). In the
example given by dockerd.md, the option `cluster-store-opts`
is assigned with an array but this option can only be assigned
as a map.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:40 +00:00
Sven Dowideit f9d80051da Fix up stale links
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
2017-06-02 00:07:40 +00:00
Darren Shepherd 8f23647017 Remove DOCKER_HTTP_HOST_COMPAT env var
Signed-off-by: Darren Shepherd <darren@rancher.com>
2017-06-02 00:07:40 +00:00
John Howard 1bc54f3466 Support platform file paths through escape
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-06-02 00:07:40 +00:00
Vincent Demeester aac0a3ee13 Add before and since filter to images
Add support for two now filter on the `images` command : `before` and
`since`. They work the same as the one on the `ps` command but for
images.

        $ docker images --filter before=myimage
        # display all images older than myimage
        $ docker images --filter since=myimage
        # display all images younger than myimage

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:40 +00:00
Yong Tang d1aaf129f2 The option --add-host and --net=host should not be mutually exclusive.
This fix tries to address the issue raised in #21976 and allows
the options of `--add-host` and `--net=host` to work at the same time.

The documentation has been updated and additional tests have been
added to cover this change.

This fix fixes #21976.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:40 +00:00
Yong Tang f17fb53f53 The option --dns, --dns-search, --dns-opt and --net=host should not be mutually exclusive.
This fix tries to address the issue raised in #21976 and allows
the options of `--dns`, `--dns-search`, `--dns-opt` and `--net=host`
to work at the same time.

The documentation has been updated and additional tests have been
added to cover this change.

This fix fixes #21976.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:40 +00:00
root 909fa15eb2 Fix some mistakes in dockerd.md
Signed-off-by: Wang Xing <hzwangxing@corp.netease.com>
2017-06-02 00:07:40 +00:00
Nahum Shalman b47dd5295d Clarification about 'docker build --build-arg'
See #22860

Signed-off-by: Nahum Shalman <nshalman@omniti.com>
2017-06-02 00:07:40 +00:00
Akihiro Suda c27c6d1a4e update docs/reference/commandline/cp.md
Close #22020

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2017-06-02 00:07:40 +00:00
Yong Tang d4d6b9689d Add filter for events emitted by docker daemon
This fix tries to cover the issue raised in #22463 by adding
filter for events emitted by docker daemon so that user could
utilize filter to receive events of interest.

Documentations have been updated for this fix.

Additional tests have been added to cover the changes in this fix.

This fix fixes #22463.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:39 +00:00
Yong Tang 91466baa3f Emit events for docker daemon
This fix tries to cover the issue raised in #22463 by emitting
events for docker daemon so that user could be notified by
scenarios like config reload, etc.

This fix adds the `daemon reload`, and events for docker daemon.

Additional tests have been added to cover the changes in this fix.

This fix fixes #22463.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:39 +00:00
Michael Friis 3cc96bb891 remove duplicated text
Signed-off-by: Michael Friis <friism@gmail.com>
2017-06-02 00:07:39 +00:00
Subhajit Ghosh 2f4d9eb6b1 Document valid chars in image name and tag
- Add link to valid image name and tag formats in referenced files
- Per review comments, updated docs to remove reference to `USERNAME` and
`REGISTRYHOST`.
- Per review comment, removed links from man page.
- Per review comment, added and updated examples on `docker tag`

Signed-off-by: Subhajit Ghosh <isubuz.g@gmail.com>
2017-06-02 00:07:39 +00:00
John Howard 6d54461bd8 Windows: Default to Hyper-V Containers on client
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-06-02 00:07:39 +00:00
John Howard 560134b63a Docs: JSON vs Shell clarification
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-06-02 00:07:39 +00:00
Fabrizio Soppelsa 52d265fff9 Add a --filter option to `docker search`
The filtering is made server-side, and the following filters are
supported:

* is-official (boolean)
* is-automated (boolean)
* has-stars (integer)

Signed-off-by: Fabrizio Soppelsa <fsoppelsa@mirantis.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:39 +00:00
Sebastiaan van Stijn 563b5dab54 Remove MLS example from SELinux example in run reference
Automatic translation of MLS labels is currently not
supported, so should not be documented as an example.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:39 +00:00
Justin Cormack ba8f5cfbb8 Align default seccomp profile with selected capabilities
Currently the default seccomp profile is fixed. This changes it
so that it varies depending on the Linux capabilities selected with
the --cap-add and --cap-drop options. Without this, if a user adds
privileges, eg to allow ptrace with --cap-add sys_ptrace then still
cannot actually use ptrace as it is still blocked by seccomp, so
they will probably disable seccomp or use --privileged. With this
change the syscalls that are needed for the capability are also
allowed by the seccomp profile based on the selected capabilities.

While this patch makes it easier to do things with for example
cap_sys_admin enabled, as it will now allow creating new namespaces
and use of mount, it still allows less than --cap-add cap_sys_admin
--security-opt seccomp:unconfined would have previously. It is not
recommended that users run containers with cap_sys_admin as this does
give full access to the host machine.

It also cleans up some architecture specific system calls to be
only selected when needed.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-06-02 00:07:39 +00:00
Antonio Murdaca 09be3c1129 Ignore invalid host header between go1.6 and old docker clients
BenchmarkWithHack-4	   50000	     37082 ns/op	  44.50
MB/s	    1920 B/op	      30 allocs/op
BenchmarkNoHack-4  	   50000	     30829 ns/op	  53.52
MB/s	       0 B/op	       0 allocs/op

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:39 +00:00
Mrunal Patel 637048e176 Add support for --pid=container:<id>
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-06-02 00:07:39 +00:00
Lin Lu ff7d6e1eb8 doc:proxy-setting info added in pull cmd.
Replace Note with a new secion, reduce characters in
per line in 80. Add statement suggested by
https://github.com/thaJeztah

Signed-off-by: Lin Lu <doraalin@163.com>
2017-06-02 00:07:39 +00:00
mansinahar cd04941f04 Update 'run' command doc for better readability
Signed-off-by: Mansi Nahar <mansi.nahar@macbookpro-mansinahar.local>
2017-06-02 00:07:39 +00:00
Jeremy Unruh a1cbc5a168 update URL for docker-volume-netshare
Signed-off-by: Jeremy Unruh <jeremybunruh@gmail.com>
2017-06-02 00:07:38 +00:00
Ivan Grcic 062cca7b19 remove double "using" in reference attach docs
Signed-off-by: Ivan Grcic <igrcic@gmail.com>
2017-06-02 00:07:38 +00:00
Yong Tang 14b82790df Update deprecated docs for LXC built-in exec driver
The LXC built-in exec driver has been deprecated in 1.8 and
further removed in 1.10, yet in deprecated.md it still shows:
```
Target For Removal In Release: v1.10
```

This fix changes the above to `Removed In Release:`.

In addition, lxc-conf flag and API fields have already been
removed in 1.10 as well so the related description has also been
updated in this fix.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:38 +00:00
Charles Law cf70da5d08 Fix error for env variables example in docker reference
Signed-off-by: Charles Law <claw@conduce.com>
2017-06-02 00:07:38 +00:00
Yi EungJun 0d227954c5 docs: Remove RequestStatusCode
The requests doesn't include RequestStatusCode field.

Signed-off-by: Yi EungJun <eungjun.yi@navercorp.com>
2017-06-02 00:07:38 +00:00
Yong Tang 9bc4cd536e Docker pull/push with max concurrency limits.
This fix tries to address issues raised in #20936 and #22443
where `docker pull` or `docker push` fails because of the
concurrent connection failing.
Currently, the number of maximum concurrent connections is
controlled by `maxDownloadConcurrency` and `maxUploadConcurrency`
which are hardcoded to 3 and 5 respectively. Therefore, in
situations where network connections don't support multiple
downloads/uploads, failures may encounter for `docker push`
or `docker pull`.

This fix tries changes `maxDownloadConcurrency` and
`maxUploadConcurrency` to adjustable by passing
`--max-concurrent-uploads` and `--max-concurrent-downloads` to
`docker daemon` command.

The documentation related to docker daemon has been updated.

Additional test case have been added to cover the changes in this fix.

This fix fixes #20936. This fix fixes #22443.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:38 +00:00
Yong Tang 7717d82d97 Remove deprecated driver specific log tags
Since 1.9, driver specific log tag options
`syslog-tag`
`gelf-tag`
`fluentd-tag`
have been deprecated in favor of the generic tag
option which is standard across different logging
drivers.

This fix removed the deprecated driver specific
log tag options of `syslog-tag`, `gelf-tag`,
`fluentd-tag` for 1.12 and updated the docs.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:38 +00:00
kevinmeredith a8e16c0079 Correct docs for a docker container's clean-up.
The 'Unix Signals' (https://en.wikipedia.org/wiki/Unix_signal#Handling_signals) wiki explains that:
> 'There are two signals which cannot be intercepted and handled: SIGKILL and SIGSTOP.'

Signed-off-by: kevinmeredith <kevin.m.meredith@gmail.com>
2017-06-02 00:07:38 +00:00
Yong Tang 386bda9aab Update deprecated docs for cli flags removal.
The old command line options have been deprecated in 1.8.0 and
eventually removed in 1.10.0 through PR #17724, though the
deprecated.md still shows `Target For Removal In Release`.

This fix updates the deprecated.md and changes
`Target For Removal In Release` to `Removed In Release`.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:38 +00:00
Tonis Tiigi 47ae76fd08 docs: clarify docker attach
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2017-06-02 00:07:38 +00:00
cyli ba064bea20 Minor tense correction for deprecated docs
Signed-off-by: cyli <cyli@twistedmatrix.com>
2017-06-02 00:07:38 +00:00
Yong Tang e1242ed726 Remove deprecated Docker Content Trust ENV passphrase variables
Since 1.9, Docker Content Trust Offline key has been renamed to
Root key and the Tagging key has been renamed to Repository key.
The corresponding environment variables
`DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE`
`DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE`
have also been deprecated and renamed to
`DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE`
`DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE`

This fix removed the deprecated ENV passphrase variables for
1.12 and updated the docs.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:37 +00:00
Yong Tang cf0f0c3927 Add the missing subtitle in deprecated docs for --security-opt.
The colon separator(`:`) of `--security-opt` flag was deprecated
in 1.11.0. However, the subtitle in deprecated docs is missing
so it is placed under the same subtitle as the deprecated `-e` and
`--email` flags.

This fix adds the missing subtitle in deprecated docs.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:37 +00:00
Brian Goff ce224853a2 Add support for reading logs extra attrs
The jsonlog logger currently allows specifying envs and labels that
should be propagated to the log message, however there has been no way
to read that back.

This adds a new API option to enable inserting these attrs back to the
log reader.

With timestamps, this looks like so:
```
92016-04-08T15:28:09.835913720Z foo=bar,hello=world hello
```

The extra attrs are comma separated before the log message but after
timestamps.

Without timestaps it looks like so:
```
foo=bar,hello=world hello
```

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-06-02 00:07:37 +00:00
Yuan Sun d16947629c from inheritted to inherited
Signed-off-by: Yuan Sun <sunyuan3@huawei.com>
2017-06-02 00:07:37 +00:00
Brian Goff e1265df404 When calling volume driver Mount, send opaque ID
This generates an ID string for calls to Mount/Unmount, allowing drivers
to differentiate between two callers of `Mount` and `Unmount`.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-06-02 00:07:37 +00:00
Zhu Guihua f440f14613 Add disk quota support for btrfs
Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
2017-06-02 00:07:37 +00:00
Doug Davis fe09131526 Remove unnecessary double-double quotes
Signed-off-by: Doug Davis <dug@us.ibm.com>
2017-06-02 00:07:37 +00:00
Lucas Chan 0b4a6c36b7 Updated docker-info output and documentation
- [x] Update man page description
- [x] Update man page sample output to something more current

Tested with: `TESTFLAGS='-check.f DockerSuite.TestInfoEnsureSucceeds*'
make test-integration-cli`

Signed-off-by: Lucas Chan <lucas-github@lucaschan.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:37 +00:00
Wen Cheng Ma bdfe7963f2 Update the `docker daemon` to `dockerd` for document
Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com>
2017-06-02 00:07:37 +00:00
Liron Levin 3e48f4b4ab Remove response modification sections from authorization design doc
Signed-off-by: Liron Levin <liron@twistlock.com>
2017-06-02 00:07:37 +00:00
Yuan Sun 7d3bb7a6d0 remove "the" in docs.
Signed-off-by: Yuan Sun <sunyuan3@huawei.com>
2017-06-02 00:07:37 +00:00
Lorenzo Fontana 51e43d3bda Mention the fact that authz plugins are available today
Signed-off-by: Lorenzo Fontana <fontanalorenzo@me.com>
2017-06-02 00:07:37 +00:00
Sebastiaan van Stijn efff6c2b24 Add "driver" filter for network ls
This add a new filter to 'docker network ls'
to allow filtering by driver-name.

Contrary to "ID" and "name" filters, this
filter only supports an *exact* match.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:37 +00:00
Hao Zhang 64ba15e3a3 update cgroup link in doc of run
Signed-off-by: Hao Zhang <21521210@zju.edu.cn>
2017-06-02 00:07:37 +00:00
Kai Qiang Wu(Kennan) c6d6752550 Add load/save image event support
For every docker load and save operations, it would log related
image events.

Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2017-06-02 00:07:36 +00:00
Darren Stahl bd299d2555 Add IO Resource Controls for Windows
Signed-off-by: Darren Stahl <darst@microsoft.com>
2017-06-02 00:07:36 +00:00
Wen Cheng Ma 0da8f977cb Deprecated of docker ps since and before options for v1.12
Deprecated note https://github.com/docker/docker/blob/master/docs/deprecated.md#docker-ps-before-and-since-options

Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com>
2017-06-02 00:07:36 +00:00
Sebastiaan van Stijn d192f97acc docs: add note about MAC addresses not being unique
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:36 +00:00
Dimitry Andric 4b30db603b The daemon.json storage-opts settings is actually a list.
Signed-off-by: Dimitry Andric <d.andric@activevideo.com>
2017-06-02 00:07:36 +00:00
Kai Qiang Wu(Kennan) 6a5870dcfa Fix the old exit status example
Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2017-06-02 00:07:36 +00:00
Sebastiaan van Stijn a24fe070bb docs: use tables for available plugins
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:36 +00:00
Wen Cheng Ma ddf0b9e873 Fix asa
Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com>
2017-06-02 00:07:36 +00:00
Kai Qiang Wu(Kennan) 0a8f5574b4 Add network label filter support
This patch did following:

1) Make filter check logic same as `docker ps ` filters

Right now docker container logic work as following:
when same filter used like below:
 -f name=jack -f name=tom
it would get all containers name is jack or tom(it is or logic)

when different filter used like below:

 -f name=jack -f id=7d1
it would get all containers name is jack and id contains 7d1(it is and logic)

It would make sense in many user cases, but it did lack of compliate filter cases,
like "I want to get containers name is jack or id=7d1", it could work around use
(get id=7d1 containers' name and get name=jack containers, and then construct the
final containers, they could be done in user side use shell or rest API)

2) Fix one network filter bug which could include duplicate result
when use -f name=  -f id=, it would get duplicate results

3) Make id filter same as container id filter, which means match any string.
not use prefix match.

It is for consistent match logic

Closes: #21417

Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2017-06-02 00:07:36 +00:00
Jared Hocutt f10add47fa Add the NetApp Docker Volume Plugin to the documentation
Signed-off-by: Jared Hocutt <jaredh@netapp.com>
2017-06-02 00:07:36 +00:00
Brian Goff a84e11aaf8 Allow volume drivers to provide a `Status` field
The `Status` field is a `map[string]interface{}` which allows the driver to pass
back low-level details about the underlying volume.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-06-02 00:07:36 +00:00
Darren Stahl 31e123d314 Add CPU count and maximum resource controls for Windows
Signed-off-by: Darren Stahl <darst@microsoft.com>
2017-06-02 00:07:36 +00:00
Dan Walsh a60c612a04 Add support for setting sysctls
This patch will allow users to specify namespace specific "kernel parameters"
for running inside of a container.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2017-06-02 00:07:36 +00:00
Mary Anthony 8850c4ab6e Fixes #21701 devicemapper docs
Copy edit the content
Updates to existing material
Adding mbentley's comments
Updating with last minute comments
Update with Seb's comments

Signed-off-by: Mary Anthony <mary@docker.com>
2017-06-02 00:07:36 +00:00
Thomas Riccardi 6ded7e8279 Improve build cache miss doc for `ARG` and `RUN`
The documentation already says the cache miss happens only at `ARG`
variable usage, not declaration, but there is a very common implicit
usage: `RUN`, which this commit documents even more, improving on #21790.

Also, use `definition` instead of `declaration`: it's the same thing, and
`definition` is already used in this documentation, contrary to
`declaration`.

Also, distinguish between "instructions" and "variables defined by `ARG`
instructions".

Signed-off-by: Thomas Riccardi <riccardi@systran.fr>
2017-06-02 00:07:36 +00:00
Yi EungJun cf2670b8ba Fix errata; s/RequestUri/ReqestURI/
Signed-off-by: Yi EungJun <eungjun.yi@navercorp.com>
2017-06-02 00:07:35 +00:00
Yong Tang e450a54119 Change HumanSize to BytesSize for memory output in `docker stats`.
This fix tries to fix the discrepancy between `docker stats` and
`docker run` where `docker run` uses RAMInBytes for all memory
related inputs but `docker stats` uses HumanSize for all memory
related outputs.

To be consistent, `docker stats` needs to use BytesSize for all
memory related outputs to conform to RAMInBytes in `docker run`.

This fix addresses this issue. As BytesSize is used, the test
cases needs to be adjusted to match `KiB/MiB/GiB` instead of
`KB/MB/GB`.

The documentation has also been updated.

This fix fixes #21765.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:35 +00:00
Hyzhou d4aad85092 Fix the docker image --no-trunk output format
docker 1.10 change the output format of image id.

Signed-off-by: hyzhou.zhy <hyzhou.zhy@alibaba-inc.com>
2017-06-02 00:07:35 +00:00
Kai Qiang Wu(Kennan) a8a29fe7f5 Fix deprecated format for security-opt
Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2017-06-02 00:07:35 +00:00
Yi EungJun 70f932f268 Fix incorrect markdown rendering
The docker document site [1] rendered the list of plugin implements
incorrectly.

[1]: https://docs.docker.com/engine/extend/plugin_api

Signed-off-by: Yi EungJun <eungjun.yi@navercorp.com>
2017-06-02 00:07:35 +00:00
Lei Jitang 42dfcc1d2a Correct the description of --group-add in run.md
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2017-06-02 00:07:35 +00:00
mikelinjie bc060f1f19 make the cache miss clear
Signed-off-by: mikelinjie <294893458@qq.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:35 +00:00
Yi EungJun b394f05fee Use 'null' instead of 'nil' for json
When describe json response, 'null' is better than 'nil' which is not in
json specification.

Signed-off-by: Yi EungJun <eungjun.yi@navercorp.com>
2017-06-02 00:07:35 +00:00
Tomasz Kopczynski 5f02c0a5ab Add insecure registries to docker info
Signed-off-by: Tomasz Kopczynski <tomek@kopczynski.net.pl>
2017-06-02 00:07:35 +00:00
Máximo Cuadros 643715ee74 documentation: adding gce-docker plugin to plugins.md
Signed-off-by: Máximo Cuadros <mcuadros@gmail.com>
2017-06-02 00:07:35 +00:00
allencloud b45ed4a79d 1.change validateNoSchema into validateNoScheme
2.change schema into scheme in docs and some annotations.

Signed-off-by: allencloud <allen.sun@daocloud.io>
2017-06-02 00:07:35 +00:00
Liron Levin 1db38dfe21 Add short description about default authentication method in authorization docs
Following the discussion in #21556, adding a short description of the
default user authentication mechanism (without requiring authentication
plugins)
Signed-off-by: Liron Levin <liron@twistlock.com>
2017-06-02 00:07:35 +00:00
Sebastiaan van Stijn 0a13b2a1ce Un-deprecate auto-creation of host directories for mounts
Auto-creation of host-directories was marked deprecated in
Docker 1.9, but was decided to be too much of an backward-incompatible
change, so it was decided to keep the feature.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:35 +00:00
Anusha Ragunathan 31c32956ca When using systemd, pass expected cgroupsPath and cli options to runc.
runc expects a systemd cgroupsPath to be in slice:scopePrefix:containerName
format and the "--systemd-cgroup" option to be set. Update docker accordingly.

Fixes 21475

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2017-06-02 00:07:34 +00:00
Aaron Lehmann 5161f2dc15 Mention "docker login" in push/pull documentation
It was suggested to me that documentation for "docker pull" and "docker
push" should reference "docker login", to make clearer how to specify
credentials for a push or pull operation. Add a note to the manual pages
and reference documentation explaining how registry credentials are
managed.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:07:34 +00:00
Harald Albers 85f983178b docs for `docker daemon --containerd`
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:34 +00:00
Shishir Mahajan 791a5fc5c1 CLI flag for docker create(run) to change block device size.
Signed-off-by: Shishir Mahajan <shishir.mahajan@redhat.com>
2017-06-02 00:07:34 +00:00
Harald Albers 52ccec4cbc fix wrong option name in `dm.min_free_space` examples
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:34 +00:00
Harald Albers f3f9b34d2a docs for labels on build, networks and volumes
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:33 +00:00
Kai Qiang Wu(Kennan) d69044537c Add name/driver filter support for volume
This change include filter `name` and `driver`,
and also update related docs to reflect that filters usage.

Closes: #21243

Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2017-06-02 00:07:33 +00:00
Harald Albers 386acc792b add docs for `docker load --quiet`
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:33 +00:00
Sven Dowideit 80f5ed58a5 WORKDIR is like calling mkdir - but we've not told people
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
2017-06-02 00:07:33 +00:00
Kenfe-Mickael Laventure 4ffd1a9433 Remove unneeded references to execDriver
This includes:
 - updating the docs
 - removing dangling variables

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-06-02 00:07:33 +00:00
Phil Estes 0926303632 Allow net and IPC namespaces to be shared when userns=on
Now that the namespace sharing code via runc is vendored with the
containerd changes, we can disable the restrictions on container to
container net and IPC namespace sharing when the daemon has user
namespaces enabled.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2017-06-02 00:07:33 +00:00
Brian Goff eba678647b Add explicit flags for volume cp/no-cp
This allows a user to specify explicitly to enable
automatic copying of data from the container path to the volume path.
This does not change the default behavior of automatically copying, but
does allow a user to disable it at runtime.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-06-02 00:07:32 +00:00
Martin Mosegaard Amdisen c0271978f9 Update 'save' command help
Based on review feedback.

Signed-off-by: Martin Mosegaard Amdisen <martin.amdisen@praqma.com>
2017-06-02 00:07:32 +00:00
Martin Mosegaard Amdisen 315c34a25a Fix plural typo in 'save' command help
The form "Save an images" is not correct.
Either "Save an image" or "Save images" work, but since
the save commands accepts multiple images, I chose the
latter.

Fixed in all places where I could grep "Save an image(s)".

Signed-off-by: Martin Mosegaard Amdisen <martin.amdisen@praqma.com>
2017-06-02 00:07:32 +00:00
Yong Tang 1f7e8ae84c Update plugin docs for the covering of remote plugins (#20188).
This fix updates the Plugin API docs to cover the case of remote
plugins which could be deployed on a host different from the
docker host, through spec or json files.

This fix closes #20188.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:32 +00:00
David Calavera a7364b3743 Consolidate security options to use `=` as separator.
All other options we have use `=` as separator, labels,
log configurations, graph configurations and so on.
We should be consistent and use `=` for the security
options too.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:32 +00:00
Dan Walsh 2d0316cb43 Fix documentation on --security-opt seccomp
Missing documentation and man pages on seccomp options.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2017-06-02 00:07:32 +00:00
Zhang Wei d219111855 Fix typo
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:07:32 +00:00
Sebastiaan van Stijn 75bcb4f94a Update Docker pull examples
The old examples no longer worked due to changes in
the client and Docker Hub.

This updates the "docker pull" documentation and
adds more examples and explanation of the features.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:32 +00:00
Jason Heiss 6bcb137d2f Allow --hostname with --net=host
Docker creates a UTS namespace by default, even with --net=host, so it
is reasonable to let the user set the hostname. Note that --hostname is
forbidden if the user specifies --uts=host.

Closes #12076
Signed-off-by: Jason Heiss <jheiss@aput.net>
2017-06-02 00:07:32 +00:00
Kai Qiang Wu(Kennan) 2422bc30f5 Add the missed volume filter
Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2017-06-02 00:07:32 +00:00
Vivek Goyal 8db4ee005a devmapper: Add a new option dm.min_free_space
Once thin pool gets full, bad things can happen. Especially in case of xfs
it is possible that xfs keeps on retrying IO infinitely (for certain kind
of IO) and container hangs. 

One way to mitigate the problem is that once thin pool is about to get full,
start failing some of the docker operations like pulling new images or
creation of new containers. That way user will get warning ahead of time
and can try to rectify it by creating more free space in thin pool. This
can be done either by deleting existing images/containers or by adding more
free space to thin pool.

This patch adds a new option dm.min_free_space to devicemapper graph
driver. Say one specifies dm.min_free_space=10%. This means atleast
10% of data and metadata blocks should be free in pool before new device
creation is allowed, otherwise operation will fail.

By default min_free_space is 10%. User can change it by specifying
dm.min_free_space=X% on command line. A value of 0% will disable the
check.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
2017-06-02 00:07:32 +00:00
Liron Levin ce28fa45b0 Run privileged containers when userns are specified
Following #19995 and #17409 this PR enables skipping userns re-mapping
when creating a container (or when executing a command). Thus, enabling
privileged containers running side by side with userns remapped
containers.

The feature is enabled by specifying ```--userns:host```, which will not
remapped the user if userns are applied. If this flag is not specified,
the existing behavior (which blocks specific privileged operation)
remains.

Signed-off-by: Liron Levin <liron@twistlock.com>
2017-06-02 00:07:32 +00:00
Aaron Lehmann b2b5bc9937 Add support for identity tokens in client credentials store
Update unit test and documentation to handle the new case where Username
is set to <token> to indicate an identity token is involved.

Change the "Password" field in communications with the credential helper
to "Secret" to make clear it has a more generic purpose.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:07:31 +00:00
Madhu Venugopal 2168c53ee9 Include all endpoints in network inspect object
Prior to this change, the "docker network inspect" contains only the
endpoints that have active local container. This excludes all the remote
and stale endpoints. By including all the endpoints, it makes debugging
much simpler and also allows the user to cleanup any stale endpoints
using "docker network disconnect -f {network} {endpoint-name}".

Signed-off-by: Madhu Venugopal <madhu@docker.com>
2017-06-02 00:07:31 +00:00
Antonio Murdaca d437e32541 docs: add $ before HOME
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:31 +00:00
David Calavera 02a1c138d0 Move registry service options to the daemon configuration.
Allowing to set their values in the daemon configuration file.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:31 +00:00
Antonio Murdaca b20a425cd9 docs: extend: plugins: mention the sdk + systemd socket activation
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:31 +00:00
Jessica Frazelle fd1c2150ad pids limit support
update bash commpletion for pids limit

update check config for kernel

add docs for pids limit

add pids stats

add stats to docker client

Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2017-06-02 00:07:31 +00:00
Mrunal Patel d3f632156e Add support for NoNewPrivileges in docker
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

Add tests for no-new-privileges

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

Update documentation for no-new-privileges

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-06-02 00:07:31 +00:00
Antonio Murdaca 8f095a76ab cliconfig: credentials: set default for unix
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:31 +00:00
Sebastiaan van Stijn 82fe889a6d Update links to Docker Hub
Updates links to Docker Hub with their new
URLs to prevent redirects.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:31 +00:00
Micah Zoltu 31e78dd369 Adds clarification to behavior of missing directories.
Closes #20920

Signed-off-by: Micah Zoltu <micah@zoltu.net>
2017-06-02 00:07:31 +00:00
Brian Goff b1bac487a6 Support mount opts for `local` volume driver
Allows users to submit options similar to the `mount` command when
creating a volume with the `local` volume driver.

For example:

```go
$ docker volume create -d local --opt type=nfs --opt device=myNfsServer:/data --opt o=noatime,nosuid
```

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-06-02 00:07:31 +00:00
Qiang Huang 09f4e2e654 Add CgroupDriver to docker info
Fixes: #19539

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:07:31 +00:00
Sebastiaan van Stijn ecd12ef145 docs: improve note for Fedora 22
Move the note more up, to prevent people from starting
the daemon with --userns-remap before touching the files.

Also clarify that these steps must be done *before* enabling
userns-remap and starting the daemon.

Also fixed some minor Markup formatting issues.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:31 +00:00
Ken Cochrane 317cfbd7bd Remove email address field from login
This removes the email prompt when you use docker login, and also removes the ability to register via the docker cli. Docker login, will strictly be used for logging into a registry server.

Signed-off-by: Ken Cochrane <kencochrane@gmail.com>
2017-06-02 00:07:30 +00:00
Qiang Huang 119605fc24 Add docs for cgroup-parent of systemd cgroup
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:07:30 +00:00
David Calavera 6ee9d8a187 Client credentials store.
This change implements communication with an external credentials store,
ala git-credential-helper. The client falls back the plain text store,
what we're currently using, if there is no remote store configured.

It shells out to helper program when a credential store is
configured. Those programs can be implemented with any language as long as they
follow the convention to pass arguments and information.

There is an implementation for the OS X keychain in https://github.com/calavera/docker-credential-helpers.
That package also provides basic structure to create other helpers.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:30 +00:00
Antonio Murdaca 4d6a232fc0 Revert "resolve the config file from the sudo user"
This reverts commit afde6450ee7bd4a43765fdc0a9799b411276d9e4.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:30 +00:00
Linus Heckemann acc094305b Remove experimental GraphDriver plugin type
Signed-off-by: Linus Heckemann <anonymouse2048@gmail.com>
2017-06-02 00:07:30 +00:00
Linus Heckemann 54afb61288 Document interfaces a plugin can implement
Signed-off-by: Linus Heckemann <lheckemann@twig-world.com>
2017-06-02 00:07:30 +00:00
Lei Jitang a0399720ce Fix configuration reloading
There are five options 'debug' 'labels' 'cluster-store' 'cluster-store-opts'
and 'cluster-advertise' that can be reconfigured, configure any of these
options should not affect other options which may have configured in flags.
But this is not true, for example, I start a daemon with -D to enable the
debugging, and after a while, I want reconfigure the 'label', so I add a file
'/etc/docker/daemon.json' with content '"labels":["test"]' and send SIGHUP to daemon
to reconfigure the daemon, it work, but the debugging of the daemon is also diabled.
I don't think this is a expeted behaviour.
This patch also have some minor refactor of reconfiguration of cluster-advertiser.
Enable user to reconfigure cluster-advertiser without cluster-store in config file
since cluster-store could also be already set in flag, and we only want to reconfigure
the cluster-advertiser.

Signed-off-by: Lei Jitang <leijitang@huawei.com>
2017-06-02 00:07:30 +00:00
Antonio Murdaca b610528a6a resolve the config file from the sudo user
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:30 +00:00
Cameron Spear aa86373f28 Add the Local Persist plugin
I wasn't 100% sure if it was appropriate to add plugin here, but @thaJeztah invited me to do so, so here it is!

(see https://github.com/CWSpear/local-persist/issues/17#issuecomment-188523784)

Signed-off-by: Cameron Spear <cameronspear@gmail.com>
2017-06-02 00:07:30 +00:00
Tomasz Kopczynski a429c0e84f Docs: add note about CMD and ENTRYPOINT commands
Signed-off-by: Tomasz Kopczynski <tomek@kopczynski.net.pl>
2017-06-02 00:07:30 +00:00
Antonio Murdaca 6f778ea663 docs: reference: commandline: daemon: fedora 23+ has mapping files
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:30 +00:00
David Calavera beb7b68810 Add mounts to docker ps.
- Allow to filter containers by volume with `--filter volume=name` and `filter volume=/dest`.
- Show their names in the list with the custom format `{{ .Mounts }}`.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:30 +00:00
Aidan Hobson Sayers 543ca10394 Update docs for enableipv6
Signed-off-by: Aidan Hobson Sayers <aidanhs@cantab.net>
2017-06-02 00:07:30 +00:00
Zhang Wei 623082a1eb Update RestartPolicy of container
Add `--restart` flag for `update` command, so we can change restart
policy for a container no matter it's running or stopped.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:07:29 +00:00
Jian Zhang 776757ac28 Fix some flaws in docs
Signed-off-by: Jian Zhang <zhangjian.fnst@cn.fujitsu.com>
2017-06-02 00:07:29 +00:00
Alessandro Boch 15eb38dfb1 Invoke ReloadConfiguration on network controller
- It reverts fa163f5619bb01cabca1c21 plus a small change
  in order to allow passing the global scope datastore
  to libnetwork after damon boot.

Signed-off-by: Alessandro Boch <aboch@docker.com>
2017-06-02 00:07:29 +00:00
ozlerhakan 79a3c42030 add a section to each volume page
Signed-off-by: ozlerhakan <hakan.ozler@kodcu.com>
2017-06-02 00:07:29 +00:00
Aidan Hobson Sayers 65c94a34be Add docs for --ipv6 option, also add --internal as appropriate
Signed-off-by: Aidan Hobson Sayers <aidanhs@cantab.net>
2017-06-02 00:07:29 +00:00
Bastiaan Bakker e56ee5769c add missing trailing slash in ADD and COPY /absoluteDir examples. According to the specs they are mandatory.
Signed-off-by: Bastiaan Bakker <bbakker@xebia.com>
2017-06-02 00:07:29 +00:00
Vishnu kannan cb1279e542 Expose docker's root directory by default as part of `docker info`.
Signed-off-by: Vishnu kannan <vishnuk@google.com>
2017-06-02 00:07:29 +00:00
Robert Wallis 3969f77c86 Fixing mismatched network name.
Using `my-net` to be consistent with:
https://docs.docker.com/engine/reference/run/

Signed-off-by: Robert Wallis <smilingrob@gmail.com>
2017-06-02 00:07:29 +00:00
Victor Vieux c30d9d2fff fix common misspell
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-06-02 00:07:28 +00:00
Jessica Frazelle 91d0d25ee4 update cap-add docs for seccomp
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2017-06-02 00:07:28 +00:00
Sian Lerk Lau 7c85fb1665 Improve usage details on overriding USER command in Docker run reference page
Signed-off-by: Sian Lerk Lau <kiawin@gmail.com>
2017-06-02 00:07:28 +00:00
Tianon Gravi a015293ff7 Remove "--group-add dbus" from busybox example (no dbus group in busybox anymore)
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
2017-06-02 00:07:28 +00:00
Tomasz Kopczynski 680de96eb6 Before and since filters documentation
Signed-off-by: Tomasz Kopczynski <tomek@kopczynski.net.pl>
2017-06-02 00:07:28 +00:00
Doug Davis a26c02199d Make it clear that env vars must be simple
Closes #20169

Signed-off-by: Doug Davis <dug@us.ibm.com>
2017-06-02 00:07:28 +00:00
Muthukumar R a9dd907004 Add Horcrux volume plugin to plugins.md
Signed-off-by: Muthukumar R <muthur@gmail.com>
2017-06-02 00:07:28 +00:00
Tom X. Tobin aa46699081 Fix mention of at sign in docs
The at sign (`@`) was being referred to in the documentation as an
ampersand (`&`).

Signed-off-by: Tom X. Tobin <tomxtobin@tomxtobin.com>
2017-06-02 00:07:28 +00:00