Unlike `docker build --secret`, `docker build --ssh` allows the build container to
use SSH keys with passphrases.
$ eval $(ssh-agent)
$ ssh-add ~/.ssh/id_rsa
(Input your passphrase here)
$ docker build --ssh default=$SSH_AUTH_SOCK ...
This feature requires the daemon with `CapExecMountSSH` build capability (moby/moby#37973) .
Currently, the official Dockerfile frontend does not provide the syntax for using the SSH forwarder.
However, the experimental `RUN --mount=type=ssh` syntax can be enabled by using
the Dockerfile frontend image built with the `BUILDTAGS="dfrunmount dfssh"`, via the `# syntax =` "shebang".
The Dockerfile for the Dockerfile frontend is available at github.com/moby/buildkit/frontend/dockerfile/cmd/dockerfile-frontend)
The pre-built image is also available as `tonistiigi/dockerfile:ssh20181002` .
An example Dockerfile with `RUN --mount=type=ssh`:
# syntax = tonistiigi/dockerfile:ssh20181002
FROM alpine
RUN apk add --no-cache openssh-client
RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan gitlab.com >> ~/.ssh/known_hosts
RUN --mount=type=ssh ssh git@gitlab.com | tee /hello
# "Welcome to GitLab, @GITLAB_USERNAME_ASSOCIATED_WITH_SSHKEY" should be printed here
More info available at moby/buildkit#608, moby/buildkit#655
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
ddadd3db49 mass standardized the
formatting, with some errors.
This commit fixes errors on `login.md`:
- revert wrong `Logging out` headline
- restore correct level for some headlines (relative to parent
headline level change)
- re-add `Usage` headlines, with better name
Also add `related commands` headline on `login` and `logout`.
Signed-off-by: Thomas Riccardi <thomas@deepomatic.com>
This feature brings new attribute/option for swarm init command.
default-addr-pool will take string input which can be in below format.
"CIDR,CIDR,CIDR...:SUBNET-SIZE".
Signed-off-by: selansen <elango.siva@docker.com>
e.g. docker -H ssh://me@server
The `docker` CLI also needs to be installed on the remote host to
provide `docker system dial-stdio`, which proxies the daemon socket to stdio.
Please refer to docs/reference/commandline/dockerd.md .
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
Changed unexpected Unicode character 0x1fbf GREEK PSILI that was standing in as an imposter for an apostrophe: an _impostrophe_.
Signed-off-by: Chad Faragher <wyckster@hotmail.com>
Version 1.1
Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
1 Letterman Drive
Suite D4700
San Francisco, CA, 94129
Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.
Developer's Certificate of Origin 1.1
By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license
indicated in the file; or
(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source
license and I have the right under that license to submit that
work with modifications, whether created in whole or in part
by me, under the same open source license (unless I am
permitted to submit under a different license), as indicated
in the file; or
(c) The contribution was provided directly to me by some other
person who certified (a), (b) or (c) and I have not modified
it.
(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including all
personal information I submit with it, including my sign-off) is
maintained indefinitely and may be redistributed consistent with
this project or the open source license(s) involved.
Signed-off-by: nkwangleiGIT <nkwanglei@126.com>
This use case is currently _working correctly_, which is nice, but there is no documentation to be found about it. This PR fixes that.
Signed-off-by: Per Lundberg <perlun@gmail.com>
Update the docs so that users don't use `echo` when creating
secrets from STDIN. `echo` adds a trailing new line, so users
will probably be confused when their passwords don't work.
Signed-off-by: Joao Fernandes <joao.fernandes@docker.com>
Explicitly stated that you must add --build-arg for each build argument.
Added multiple arguments to example of `--build-arg` usage.
Fix for https://github.com/docker/docker.github.io/issues/6248
Signed-off-by: Preston Cowley <cowlinator@gmail.com>
This clarifies that the behaviour of `unless-stopped` will restart the container on daemon start. This was implied before, but now the restart-on-daemon-start behaviour is mentioned directly.
Signed-off-by: David Beitey <david@davidjb.com>
- explain the either "name" or "id" can be used to reference a container
- explain that signals can be sent by name or number
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This adds the Engine version to `docker node ls`, and `.EngineVersion` as a
template option.
With this patch applied:
docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
wp9231itoqsh4rqceojqo01vp * linuxkit-025000000001 Ready Active Leader 18.01.0-ce
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
`docker stack deploy` now support multiple composefil. This updates the
reference doc to take that fact into account.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
The "-f" flag is an alias for --force, not --filter (as correctly stated at the top of each documents). The system_prune.md didn't have this error.
Signed-off-by: Mateusz Major <apkd@users.noreply.github.com>
Commit ddadd3db49 refactored
the markdown documentation, but accidentally changed
`on-failure` to `failure`.
This patch corrects this change.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- the `--disable-legacy-registry` daemon flag was removed
- duplicate keys with conflicting values for engine labels
now produce an error instead of a warning.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Fix 19 typos, grammatical errors and duplicated words.
These fixes have minimal impact on the code as these are either in the
doc files or in comments inside the code files.
Signed-off-by: Abdur Rehman <abdur_rehman@mentor.com>
The `--host-add` flag adds a new `host:ip` mapping. Even though
adding an entry is idempotent (adding the same mapping multiple
times does not update the service's definition), it does not
_update_ an existing mapping with a new IP-address (multiple
IP-addresses can be defined for a host).
This patch removes the "or update" part from the flag's
description.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The example in the documentation used "runc", which is a
reserved runtime name (as it's the default).
This patch updates the example, and uses a different name.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Since the API and the CLI both have a "Usage" field for memory, clarify
that the CLI does additional calculations to avoid confusion of API
consumers.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
The experimental `docker build --squash` feature has a number
of limitations. For most use-cases, multi-stage builds are
a better alternative.
This patch lists the known limitations, and adds a link to
multi-stage builds.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Commit ddadd3db49 changed
the heading levels of various sections, but as a result,
the "daemon configuration file" section (and other sections)
changed from a H2 to a H4, therefore no longer showing
up in the page's TOC / navigation bar.
This patch changes the heading level to a H3 for
sections that should show up in the page navigation.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `--volumes` flag was added in 37fd6128dc,
but the documentation was not updated.
This patch updates the documentation.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Implement runRollback to not use runUpdate
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Add version tag and add flag quiet to suppress progress output
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Removed flags from warnDetachDefault
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Used command.Cli interface
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Add detach flag on rollback command
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Create a fakeClient for service commands
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Added unit test for rollback command
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Used command.Cli interface instead of *command.DockerCli in service commands
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Revert "Removed flags from warnDetachDefault"
This reverts commit 3e4f601c8a82cc2599a755dc693409bbc47917fc.
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Fixed test.NewFakeCli instanciation
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Removed unused receiver
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Replaced cli by dockerCli
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Revert "Removed unused receiver"
This reverts commit 604ef7c13df3d019949ca81d992db501114dafce.
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Fixed last typo
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
the missing `driver` made my bridge not have the correct MTU when i copied from the example and not the doc table. Brings them into alignment.
Signed-off-by: bryfry <bryon@fryer.io>
This builds (and depends) on https://github.com/moby/moby/pull/34087
Version 2:
- remove --ipc argument validation (it is now done by daemon)
- add/document 'none' value
- docs/reference/run.md: add a table with better modes description
- dockerd(8) typesetting fixes
Version 3:
- remove ipc mode tests from cli/command/container/opts_test.go
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Since CLI was moved to a separate repo, these references are incorrect.
Fixed with the help of sed script, verified manually.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
The `is-task` filter was only documented in the usage
section, but this section is not used in the documentation.
This patch adds the missing filter, synchronises the
man page source, and does some slight rephrasing
and reformatting of the filters.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This is a new option added specifically to allow for debugging of bugs
in Docker's storage drivers or libdm itself.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
The Docker Compose docs suggest using a separate override
configuration file for production-specific settings, but
it is not obvious how to feed this to `docker stack deploy`,
which only supports a single Compose file as input. Thus,
we now describe how to do this by merging the configuration
files with `docker-compose config`.
Signed-off-by: Denis Washington <denis@denisw.de>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 2b8f0eef7338f37104464154ba65aef7db3b9703)
Signed-off-by: Tibor Vass <tibor@docker.com>
remove extra word
(cherry picked from commit 9db03bd8cdad3c8804105cb5794ebad5e728f48f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3eaec0071c3ce1b7201e37859afe5bcb78d4f215)
Signed-off-by: Tibor Vass <tibor@docker.com>
Add note about host-dir in VOLUME
(cherry picked from commit f2fff9d913a8ab0436dd56033189a7c3713a59a2)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 8fd6547fc3eb67e7efa7efb007ae6a4494cd2bb3)
Signed-off-by: Tibor Vass <tibor@docker.com>
Adding more on -m and --memory
(cherry picked from commit c3fbca106552f2dadcb89510ff87945b50f36419)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b4047a849bd3018f8a8eabf34613a4fca57f818e)
Signed-off-by: Tibor Vass <tibor@docker.com>
This patch adds the untilRemoved option to the ContainerWait API which
allows the client to wait until the container is not only exited but
also removed.
This patch also adds some more CLI integration tests for waiting for a
created container and waiting with the new --until-removed flag.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Handle detach sequence in CLI
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Update Container Wait Conditions
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Apply container wait changes to API 1.30
The set of changes to the containerWait API missed the cut for the
Docker 17.05 release (API version 1.29). This patch bumps the version
checks to use 1.30 instead.
This patch also makes a minor update to a testfile which was added to
the builder/dockerfile package.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Remove wait changes from CLI
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Address minor nits on wait changes
- Changed the name of the tty Proxy wrapper to `escapeProxy`
- Removed the unnecessary Error() method on container.State
- Fixes a typo in comment (repeated word)
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Use router.WithCancel in the containerWait handler
This handler previously added this functionality manually but now uses
the existing wrapper which does it for us.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Add WaitCondition constants to api/types/container
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Address more ContainerWait review comments
- Update ContainerWait backend interface to not return pointer values
for container.StateStatus type.
- Updated container state's Wait() method comments to clarify that a
context MUST be used for cancelling the request, setting timeouts,
and to avoid goroutine leaks.
- Removed unnecessary buffering when making channels in the client's
ContainerWait methods.
- Renamed result and error channels in client's ContainerWait methods
to clarify that only a single result or error value would be sent
on the channel.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Move container.WaitCondition type to separate file
... to avoid conflict with swagger-generated code for API response
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Address more ContainerWait review comments
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
The --allow-nondistributable-artifacts daemon option specifies
registries to which foreign layers should be pushed. (By default,
foreign layers are not pushed to registries.)
Additionally, to make this option effective, foreign layers are now
pulled from the registry if possible, falling back to the URLs in the
image manifest otherwise.
This option is useful when pushing images containing foreign layers to a
registry on an air-gapped network so hosts on that network can pull the
images without connecting to another server.
Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
Allows for a plugin type that can be used to scrape metrics.
This is useful because metrics are not neccessarily at a standard
location... `--metrics-addr` must be set, and must currently be a TCP
socket.
Even if metrics are done via a unix socket, there's no guarentee where
the socket may be located on the system, making bind-mounting such a
socket into a container difficult (and racey, failure-prone on daemon
restart).
Metrics plugins side-step this issue by always listening on a unix
socket and then bind-mounting that into a known path in the plugin
container.
Note there has been similar work in the past (and ultimately punted at
the time) for consistent access to the Docker API from within a
container.
Why not add metrics to the Docker API and just provide a plugin with
access to the Docker API? Certainly this can be useful, but gives a lot
of control/access to a plugin that may only need the metrics. We can
look at supporting API plugins separately for this reason.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>