Commit Graph

726 Commits

Author SHA1 Message Date
Qiang Huang 28a1369b30 Fix aufs docs
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:07:51 +00:00
Anil Madhavapeddy d41a63b2c0 docs: correct the placement constraints `docker service` example
- the constraint expression needs to be quoted
- add an actual redis container to run so the command line works

Signed-off-by: Anil Madhavapeddy <anil@docker.com>
2017-06-02 00:07:51 +00:00
Vincent Demeester ee88be2801 Update service inspect --pretty reference docs
Update the output and fix wrong usage in a tutorial page.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:51 +00:00
Vincent Demeester fa29084b31 Update service update commandline reference docs
Update with the new remove flags

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:50 +00:00
Justin Cormack 8bc84934fb Expand the documentation of "no-new-privileges"
The change to runc in https://github.com/opencontainers/runc/pull/789
was not documented previously. Also say what this affects and clean
up layout of initial table as there was some miscolouration of the
continuation lines.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-06-02 00:07:50 +00:00
Aaron Lehmann 1210363e0f Use spaces, not tabs, to format sample "swarm join" command
Using tabs here seems to cause copy/paste problems in some terminals.
Using spaces is safer.

Fixes #24609

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:07:50 +00:00
Sebastiaan van Stijn c33bc7d99e Remove shorthand flags for "mount", "pretty", and "no-resolve"
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:50 +00:00
Michael Crosby e3f04f5d20 Add --oom-score-adjust to daemon
This adds an `--oom-score-adjust` flag to the daemon so that the value
provided can be set for the docker daemon's process.  The default value
for the flag is -500.  This will allow the docker daemon to have a
less chance of being killed before containers do.  The default value for
processes is 0 with a min/max of -1000/1000.

-500 is a good middle ground because it is less than the default for
most processes and still not -1000 which basically means never kill this
process in an OOM condition on the host machine.  The only processes on
my machine that have a score less than -500 are dbus at -900 and sshd
and xfce( my window manager ) at -1000.  I don't think docker should be
set lower, by default, than dbus or sshd so that is why I chose -500.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-06-02 00:07:50 +00:00
Vincent Demeester 2e844f5e8d Remove --command flag for service update
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:50 +00:00
Sebastiaan van Stijn dd1708d943 Make labels human readable
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:50 +00:00
Mei ChunTao 17d3e6264a fix the docker run --readonly example. rename '/icanwrite here' to '/icanwrite/here'
Signed-off-by: Mei ChunTao <mei.chuntao@zte.com.cn>
2017-06-02 00:07:50 +00:00
Arnaud Porterie (icecrime) 253a5f4ea2 Rename `--net` to `--network`
Add a `--network` flag which replaces `--net` without deprecating it
yet. The `--net` flag remains hidden and supported.

Add a `--network-alias` flag which replaces `--net-alias` without deprecating
it yet. The `--net-alias` flag remains hidden and supported.

Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
2017-06-02 00:07:50 +00:00
Sebastiaan van Stijn b41c0c8696 Fix some broken sourceforge.net links
Looks like there's issues with sourceforge project
pages. Given that sourceforge isn't really what
it used to be, trying to find alternative URLs
where possible.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:50 +00:00
Sebastiaan van Stijn 9958abc17d Add "auto-accept=none" to documentation
The "none" option was not added to the documentation.
This adds an example, and adds additional information
on manually accepting or rejecting a node.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:50 +00:00
Derek McGowan 48e659e30c Allow option to override kernel check in overlay2
Add option to skip kernel check for older kernels which have been patched to support multiple lower directories in overlayfs.

Fixes #24023

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2017-06-02 00:07:49 +00:00
johnharris85 2f3e095768 Add support for comma-separated --auto-accept syntax.
Signed-off-by: John Harris <john@johnharris.io>
2017-06-02 00:07:49 +00:00
Qiang Huang 670a0b8077 Soften limitation of update kernel memory
Kernel memory is not allowed to be updated if container is
running, it's not actually a precise kernel limitation.

Before kernel version 4.6, kernel memory will not be accounted
until kernel memory limit is set, if a container created with
kernel memory initialized, kernel memory is accounted as soon
as process created in container, so kernel memory limit update
is allowed afterward. If kernel memory is not initialized,
kernel memory consumed by processes in container will not be
accounted, so we can't update the limit because the account
will be wrong.

So update kernel memory of a running container with kernel memory
initialized is allowed, we should soften the limitation by docker.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:07:49 +00:00
Dave Henderson e8b87f53ec Clarify warning against using build-time variables for secrets
Signed-off-by: Dave Henderson <dhenderson@gmail.com>
2017-06-02 00:07:49 +00:00
Charles Smith bf31e188d9 add constraint to service create ref
Signed-off-by: Charles Smith <charles.smith@docker.com>
2017-06-02 00:07:49 +00:00
Sebastiaan van Stijn 59e2c57540 add iptables=false to docs for multiple daemons
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:49 +00:00
Vincent Demeester 3ebe3fe752 Updates on cli reference documentation
- Update ps with `--last` flag
- Update commands with current output
- Make sure hugo does not detect the wrong language
- Update usage for `tag` command to be more coherent with the other ones

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:49 +00:00
Aaron Lehmann e632408a37 Generate a swarm joining secret if none is specified
The current behavior of `docker swarm init` is to set up a swarm that
has no secret for joining, and does not require manual acceptance for
workers. Since workers may sometimes receive sensitive data such as pull
credentials, it makes sense to harden the defaults.

This change makes `docker swarm init` generate a random secret if none
is provided, and print it to the terminal. This secret will be needed to
join workers or managers to the swarm. In addition to improving access
control to the cluster, this setup removes an avenue for
denial-of-service attacks, since the secret is necessary to even create
an entry in the node list.

`docker swarm init --secret ""` will set up a swarm without a secret,
matching the old behavior. `docker swarm update --secret ""` removes the
automatically generated secret after `docker swarm init`.

Closes #23785

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:07:49 +00:00
Vincent Demeester de7c6a8355 Use "on-failure" for both containers and services
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:49 +00:00
Anil Madhavapeddy 20859b146b make `docker service --help` text for `--endpoint-mode` more consistent
Previously:

```
      --constraint value             Placement constraints (default [])
      --endpoint-mode string         Endpoint mode(Valid values: vip, dnsrr)
<snip>
      --restart-condition string     Restart when condition is met (none, on_failure, or any)
```

Now:

```
      --constraint value             Placement constraints (default [])
      --endpoint-mode string         Endpoint mode (vip or dnsrr)
<snip>
      --restart-condition string     Restart when condition is met (none, on_failure, or any)
```

Signed-off-by: Anil Madhavapeddy <anil@docker.com>
2017-06-02 00:07:49 +00:00
Yong Tang cab7139a4b Change NAME to HOSTNAME in docs for `docker node ls`
In #24159, the title field of `docker node ls` has been
changed from NAME to HOSTNAME. However, in the docs the
NAMEs are still used for the output of `docker node ls`.

This fix updates docs so that NAME field is changed to
HOSTNAME for all `docker node ls`.

This fix is related to #24159 and #24090.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:48 +00:00
Otto Kekäläinen 8e2c3efc58 Fix spelling in comments, strings and documentation
Signed-off-by: Otto Kekäläinen <otto@seravo.fi>
2017-06-02 00:07:48 +00:00
Antonio Murdaca fac7c67349 man: add missing --add-runtime
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:48 +00:00
Adolfo Ochagavía cbfebbb25a Fix typo
Signed-off-by: Adolfo Ochagavía <aochagavia92@gmail.com>
2017-06-02 00:07:48 +00:00
Sebastiaan van Stijn b4a798e983 fix typo in "readonly" flag in documentation
the flag is named '--read-only', not '--readonly'

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:48 +00:00
Alan Thompson bd67dfdd33 Update network_create.md
minor typos and punctuation.

Signed-off-by: Alan Thompson <cloojure@gmail.com>
2017-06-02 00:07:47 +00:00
Aaron Lehmann ca0240f9c2 Fix --auto-accept documentation
The --auto-accept documentation currently says that both worker and
manager nodes are automatically accepted by default. Correct it.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:07:47 +00:00
Charles Smith a3b4cd7d99 add menu.md, make index.md command line reference, update typos/minor errors in cli docs
Signed-off-by: Charles Smith <charles.smith@docker.com>
2017-06-02 00:07:47 +00:00
Sebastiaan van Stijn b9505045d9 rename desired_state filter to desired-state
For consistency with other filters (such as
"is-official"), this renames the desired_state
filter to "desired-state".

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:47 +00:00
Nicola Kabar f68b707d60 [Docs] clarified local volume driver docs
Signed-off-by: Nico <nicolaka@gmail.com>
2017-06-02 00:07:47 +00:00
Aaron Lehmann 4721039d71 Add documentation for external CA features in API/CLI
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:07:47 +00:00
allencloud a03b5522fe make cmd short short consistency and change docs
Signed-off-by: allencloud <allen.sun@daocloud.io>
2017-06-02 00:07:47 +00:00
Harald Albers 77d6b3721e add documentation for desired_state filter
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:47 +00:00
allencloud a9fcf23fb9 uppercase output in node inspect to keep consistency
Signed-off-by: allencloud <allen.sun@daocloud.io>
2017-06-02 00:07:47 +00:00
Serhat Gülçiçek beb09f42d6 Fix error for env variables example in docker reference - 2
The reason why the issue occurs is because sh parses the first argument after -c as the whole script to execute.
Everything after isn't executed as one might expect.

When working on the 'fix' I found out the same fix is also done in commit 2af7c5cfe24b4c8e931f751979b5e69e20ba77e2, except only for one occurrence.

Signed-off-by: Serhat Gülçiçek <serhat+signoff@equil.nl>
2017-06-02 00:07:47 +00:00
orkaa d2f61188f1 For the lulz! (evalulate -> evaluate)
Signed-off-by: orkaa <orkica@gmail.com>
2017-06-02 00:07:46 +00:00
Neil Peterson 32054251c7 Added daemon.json Windows example
Signed-off-by: Neil Peterson <neilpeterson@outlook.com>
2017-06-02 00:07:46 +00:00
Shishir Mahajan 94b45e398f PR 19367 doc change: Mention supported drivers for --storage-opt size option in docker create/run.
Signed-off-by: Shishir Mahajan <shishir.mahajan@redhat.com>
2017-06-02 00:07:45 +00:00
Charles Smith 87591ae9b7 update docker swarm cli
Signed-off-by: Charles Smith <charles.smith@docker.com>
2017-06-02 00:07:45 +00:00
Sven Dowideit b6bfe363f8 Add the advisory=rc metadata
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
2017-06-02 00:07:45 +00:00
Sebastiaan van Stijn 7b22dbd02a remove "RC" warning from Markdown files
A site-wide banner is going to be used, so we don't need this warning

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:45 +00:00
Charles Chan def6847e11 Update help output to match Docker 1.11.
* Also touch up headings.

Signed-off-by: Charles Chan <charleswhchan@users.noreply.github.com>
2017-06-02 00:07:45 +00:00
Sebastiaan van Stijn 03c9762fba Add initial "service" docs
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:45 +00:00
Charles Smith a816f63e57 update output for node commands, minor edits
Signed-off-by: Charles Smith <charles.smith@docker.com>
2017-06-02 00:07:44 +00:00
Tonis Tiigi 308888a8c6 Add cert-expiry to swarm update
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2017-06-02 00:07:44 +00:00
Sebastiaan van Stijn 541dcf39ad Update docker info output example
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:44 +00:00
Sebastiaan van Stijn bfbf538f68 docs: move "advisory" to general metadata
the advisory option should not be
below "menu"

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:44 +00:00
Arnaud Porterie (icecrime) 96150d3faa Make `--dispatcher-heartbeat-period` a duration
Make `--dispatcher-heartbeat-period` a duration in `docker swarm
update`, allowing to express the value as "5s", "1h", etc.

Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
2017-06-02 00:07:44 +00:00
Victor Vieux d8fee0b06e no more 'docker node reject' in docs
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-06-02 00:07:44 +00:00
Sebastiaan van Stijn 6c1739b80d docker plugin commandline reference
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:44 +00:00
Alessandro Boch 987e5e6d8a Allow user to specify container's link-local addresses
Signed-off-by: Alessandro Boch <aboch@docker.com>
2017-06-02 00:07:44 +00:00
Kenfe-Mickael Laventure 090cf185cd Add support for multiples runtimes
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-06-02 00:07:44 +00:00
Victoria Bialas d3b7a2779e surfacing Learn by example topics to top level of Docker Engine docs
fixing links after moving surfacing tutorials

fixing more links for the newly located tutorials

Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>
2017-06-02 00:07:43 +00:00
Amit Shukla 593ee1e29d CLI docs
Signed-off-by: Amit Shukla <amit.shukla@docker.com>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2017-06-02 00:07:43 +00:00
Derek McGowan e7fa3c6279 Add documentation for using overlay2
Add mention in dockerd command line and storage driver selection documentation.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2017-06-02 00:07:43 +00:00
Shoubhik Bose 0a0bb19a33 Added example for using image digest in the docker run command
Signed-off-by: Shoubhik Bose <sbose78@gmail.com>

Added explanation for the example with image's digest ( as per @thaJeztah 's comment

Signed-off-by: Shoubhik Bose <sbose78@gmail.com>

Wrapped to ~80 chars

Signed-off-by: Shoubhik Bose <sbose78@gmail.com>
2017-06-02 00:07:43 +00:00
Charles Chan a443697846 Add link to Docker Hub.
* To make it consistent with similar references in other parts of document.

Signed-off-by: Charles Chan <charleswhchan@users.noreply.github.com>
2017-06-02 00:07:43 +00:00
Kevin Burke 26fdf31cf8 typo in builder.md: its => it's
Signed-off-by: Kevin Burke <kev@inburke.com>
2017-06-02 00:07:43 +00:00
Victoria Bialas 26e3227441 re-doing Docker Engine overview topics for v.1.12
fixed broken links created from Engine Overview update by adding missing topic to daemon reference page and updating the hrefs in the api pages

Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>
2017-06-02 00:07:42 +00:00
Vincent Demeester 478055c89c Update docker-load documentation
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:42 +00:00
Sebastiaan van Stijn bb0afa7381 network docs cleanup
This fixes some Markup and formatting
issues in the network documentation;

- wrap text to 80 chars
- add missing language hints for code examples
- add missing line continuations (\)
- update USAGE output for Cobra

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:42 +00:00
Sebastiaan van Stijn 44cc95141e add support for filtering by network ID
This adds support for filtering by network ID, to be
consistent with other filter options.

Note that only *full* matches are returned; this is
consistent with other filters (e.g. volume), that
also return full matches only.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:42 +00:00
Sainath Grandhi eef6bd0b23 Adding network filter to docker ps command
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
2017-06-02 00:07:42 +00:00
Yong Tang 7a63e88e36 Fix a couple of typos in the docs of `docker attach`
This fix fixed a couple of typos in the docs of `docker attach`:
docs/reference/commandline/attach.md
man/docker-attach.1.md

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:42 +00:00
Shijiang Wei d04810fa14 docs: correct network create command
Signed-off-by: Shijiang Wei <mountkin@gmail.com>
2017-06-02 00:07:42 +00:00
Yong Tang e7ec7bbd33 Fix a couple of typos in docker attach docs.
This fix fixes a couple of typos in docker attach docs:
docs/reference/commandline/attach.md
man/docker-attach.1.md

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:41 +00:00
John Howard 0cb3440a21 Builder default shell
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-06-02 00:07:41 +00:00
Sebastiaan van Stijn 7e00f19c4f Healthcheck: set default retries to 3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:41 +00:00
Alexander Morozov 9c351e61c0 attach: replace interface with simple type
Also add docs to detach events

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2017-06-02 00:07:41 +00:00
Sven Dowideit de82bb1c55 docs validation fixes
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
2017-06-02 00:07:41 +00:00
Yong Tang 794db50fdf Add `--limit` option to `docker search`
This fix tries to address the issue raised in #23055.
Currently `docker search` result caps at 25 and there is
no way to allow getting more results (if exist).

This fix adds the flag `--limit` so that it is possible
to return more results from the `docker search`.

Related documentation has been updated.

Additional tests have been added to cover the changes.

This fix fixes #23055.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:41 +00:00
Yong Tang 1a22098ae2 Add support for comment in .dockerignore
This fix tries to address the issue raised in #20083 where
comment is not supported in `.dockerignore`.

This fix updated the processing of `.dockerignore` so that any
lines starting with `#` are ignored, which is similiar to the
behavior of `.gitignore`.

Related documentation has been updated.

Additional tests have been added to cover the changes.

This fix fixes #20083.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:41 +00:00
allencloud 54df0949b0 fix typos
Signed-off-by: allencloud <allen.sun@daocloud.io>
2017-06-02 00:07:41 +00:00
Lukasz Zajaczkowski 25a9609845 Add documentation for running multiple daemons
Signed-off-by: Lukasz Zajaczkowski <lukasz.zajaczkowski@ts.fujitsu.com>
2017-06-02 00:07:41 +00:00
Thomas Leonard 51ddea93a2 Add support for user-defined healthchecks
This PR adds support for user-defined health-check probes for Docker
containers. It adds a `HEALTHCHECK` instruction to the Dockerfile syntax plus
some corresponding "docker run" options. It can be used with a restart policy
to automatically restart a container if the check fails.

The `HEALTHCHECK` instruction has two forms:

* `HEALTHCHECK [OPTIONS] CMD command` (check container health by running a command inside the container)
* `HEALTHCHECK NONE` (disable any healthcheck inherited from the base image)

The `HEALTHCHECK` instruction tells Docker how to test a container to check that
it is still working. This can detect cases such as a web server that is stuck in
an infinite loop and unable to handle new connections, even though the server
process is still running.

When a container has a healthcheck specified, it has a _health status_ in
addition to its normal status. This status is initially `starting`. Whenever a
health check passes, it becomes `healthy` (whatever state it was previously in).
After a certain number of consecutive failures, it becomes `unhealthy`.

The options that can appear before `CMD` are:

* `--interval=DURATION` (default: `30s`)
* `--timeout=DURATION` (default: `30s`)
* `--retries=N` (default: `1`)

The health check will first run **interval** seconds after the container is
started, and then again **interval** seconds after each previous check completes.

If a single run of the check takes longer than **timeout** seconds then the check
is considered to have failed.

It takes **retries** consecutive failures of the health check for the container
to be considered `unhealthy`.

There can only be one `HEALTHCHECK` instruction in a Dockerfile. If you list
more than one then only the last `HEALTHCHECK` will take effect.

The command after the `CMD` keyword can be either a shell command (e.g. `HEALTHCHECK
CMD /bin/check-running`) or an _exec_ array (as with other Dockerfile commands;
see e.g. `ENTRYPOINT` for details).

The command's exit status indicates the health status of the container.
The possible values are:

- 0: success - the container is healthy and ready for use
- 1: unhealthy - the container is not working correctly
- 2: starting - the container is not ready for use yet, but is working correctly

If the probe returns 2 ("starting") when the container has already moved out of the
"starting" state then it is treated as "unhealthy" instead.

For example, to check every five minutes or so that a web-server is able to
serve the site's main page within three seconds:

    HEALTHCHECK --interval=5m --timeout=3s \
      CMD curl -f http://localhost/ || exit 1

To help debug failing probes, any output text (UTF-8 encoded) that the command writes
on stdout or stderr will be stored in the health status and can be queried with
`docker inspect`. Such output should be kept short (only the first 4096 bytes
are stored currently).

When the health status of a container changes, a `health_status` event is
generated with the new status. The health status is also displayed in the
`docker ps` output.

Signed-off-by: Thomas Leonard <thomas.leonard@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:41 +00:00
Michael Friis b66fb42ff1 Add powershell example and make linux build example consistent with other examples
Signed-off-by: Michael Friis <friism@gmail.com>
2017-06-02 00:07:40 +00:00
Yong Tang 8aa59a76fe Fix error in dockerd.md for incorrect cluster-store-opts example.
This fix fixes an error in documentation (dockerd.md). In the
example given by dockerd.md, the option `cluster-store-opts`
is assigned with an array but this option can only be assigned
as a map.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:40 +00:00
Sven Dowideit f9d80051da Fix up stale links
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
2017-06-02 00:07:40 +00:00
Darren Shepherd 8f23647017 Remove DOCKER_HTTP_HOST_COMPAT env var
Signed-off-by: Darren Shepherd <darren@rancher.com>
2017-06-02 00:07:40 +00:00
John Howard 1bc54f3466 Support platform file paths through escape
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-06-02 00:07:40 +00:00
Vincent Demeester aac0a3ee13 Add before and since filter to images
Add support for two now filter on the `images` command : `before` and
`since`. They work the same as the one on the `ps` command but for
images.

        $ docker images --filter before=myimage
        # display all images older than myimage
        $ docker images --filter since=myimage
        # display all images younger than myimage

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:40 +00:00
Yong Tang d1aaf129f2 The option --add-host and --net=host should not be mutually exclusive.
This fix tries to address the issue raised in #21976 and allows
the options of `--add-host` and `--net=host` to work at the same time.

The documentation has been updated and additional tests have been
added to cover this change.

This fix fixes #21976.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:40 +00:00
Yong Tang f17fb53f53 The option --dns, --dns-search, --dns-opt and --net=host should not be mutually exclusive.
This fix tries to address the issue raised in #21976 and allows
the options of `--dns`, `--dns-search`, `--dns-opt` and `--net=host`
to work at the same time.

The documentation has been updated and additional tests have been
added to cover this change.

This fix fixes #21976.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:40 +00:00
root 909fa15eb2 Fix some mistakes in dockerd.md
Signed-off-by: Wang Xing <hzwangxing@corp.netease.com>
2017-06-02 00:07:40 +00:00
Nahum Shalman b47dd5295d Clarification about 'docker build --build-arg'
See #22860

Signed-off-by: Nahum Shalman <nshalman@omniti.com>
2017-06-02 00:07:40 +00:00
Akihiro Suda c27c6d1a4e update docs/reference/commandline/cp.md
Close #22020

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2017-06-02 00:07:40 +00:00
Yong Tang d4d6b9689d Add filter for events emitted by docker daemon
This fix tries to cover the issue raised in #22463 by adding
filter for events emitted by docker daemon so that user could
utilize filter to receive events of interest.

Documentations have been updated for this fix.

Additional tests have been added to cover the changes in this fix.

This fix fixes #22463.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:39 +00:00
Yong Tang 91466baa3f Emit events for docker daemon
This fix tries to cover the issue raised in #22463 by emitting
events for docker daemon so that user could be notified by
scenarios like config reload, etc.

This fix adds the `daemon reload`, and events for docker daemon.

Additional tests have been added to cover the changes in this fix.

This fix fixes #22463.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:39 +00:00
Michael Friis 3cc96bb891 remove duplicated text
Signed-off-by: Michael Friis <friism@gmail.com>
2017-06-02 00:07:39 +00:00
Subhajit Ghosh 2f4d9eb6b1 Document valid chars in image name and tag
- Add link to valid image name and tag formats in referenced files
- Per review comments, updated docs to remove reference to `USERNAME` and
`REGISTRYHOST`.
- Per review comment, removed links from man page.
- Per review comment, added and updated examples on `docker tag`

Signed-off-by: Subhajit Ghosh <isubuz.g@gmail.com>
2017-06-02 00:07:39 +00:00
John Howard 6d54461bd8 Windows: Default to Hyper-V Containers on client
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-06-02 00:07:39 +00:00
John Howard 560134b63a Docs: JSON vs Shell clarification
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-06-02 00:07:39 +00:00
Fabrizio Soppelsa 52d265fff9 Add a --filter option to `docker search`
The filtering is made server-side, and the following filters are
supported:

* is-official (boolean)
* is-automated (boolean)
* has-stars (integer)

Signed-off-by: Fabrizio Soppelsa <fsoppelsa@mirantis.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:39 +00:00
Sebastiaan van Stijn 563b5dab54 Remove MLS example from SELinux example in run reference
Automatic translation of MLS labels is currently not
supported, so should not be documented as an example.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:39 +00:00
Justin Cormack ba8f5cfbb8 Align default seccomp profile with selected capabilities
Currently the default seccomp profile is fixed. This changes it
so that it varies depending on the Linux capabilities selected with
the --cap-add and --cap-drop options. Without this, if a user adds
privileges, eg to allow ptrace with --cap-add sys_ptrace then still
cannot actually use ptrace as it is still blocked by seccomp, so
they will probably disable seccomp or use --privileged. With this
change the syscalls that are needed for the capability are also
allowed by the seccomp profile based on the selected capabilities.

While this patch makes it easier to do things with for example
cap_sys_admin enabled, as it will now allow creating new namespaces
and use of mount, it still allows less than --cap-add cap_sys_admin
--security-opt seccomp:unconfined would have previously. It is not
recommended that users run containers with cap_sys_admin as this does
give full access to the host machine.

It also cleans up some architecture specific system calls to be
only selected when needed.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-06-02 00:07:39 +00:00
Antonio Murdaca 09be3c1129 Ignore invalid host header between go1.6 and old docker clients
BenchmarkWithHack-4	   50000	     37082 ns/op	  44.50
MB/s	    1920 B/op	      30 allocs/op
BenchmarkNoHack-4  	   50000	     30829 ns/op	  53.52
MB/s	       0 B/op	       0 allocs/op

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:39 +00:00
Mrunal Patel 637048e176 Add support for --pid=container:<id>
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-06-02 00:07:39 +00:00
Lin Lu ff7d6e1eb8 doc:proxy-setting info added in pull cmd.
Replace Note with a new secion, reduce characters in
per line in 80. Add statement suggested by
https://github.com/thaJeztah

Signed-off-by: Lin Lu <doraalin@163.com>
2017-06-02 00:07:39 +00:00
mansinahar cd04941f04 Update 'run' command doc for better readability
Signed-off-by: Mansi Nahar <mansi.nahar@macbookpro-mansinahar.local>
2017-06-02 00:07:39 +00:00
Ivan Grcic 062cca7b19 remove double "using" in reference attach docs
Signed-off-by: Ivan Grcic <igrcic@gmail.com>
2017-06-02 00:07:38 +00:00
Charles Law cf70da5d08 Fix error for env variables example in docker reference
Signed-off-by: Charles Law <claw@conduce.com>
2017-06-02 00:07:38 +00:00
Yong Tang 9bc4cd536e Docker pull/push with max concurrency limits.
This fix tries to address issues raised in #20936 and #22443
where `docker pull` or `docker push` fails because of the
concurrent connection failing.
Currently, the number of maximum concurrent connections is
controlled by `maxDownloadConcurrency` and `maxUploadConcurrency`
which are hardcoded to 3 and 5 respectively. Therefore, in
situations where network connections don't support multiple
downloads/uploads, failures may encounter for `docker push`
or `docker pull`.

This fix tries changes `maxDownloadConcurrency` and
`maxUploadConcurrency` to adjustable by passing
`--max-concurrent-uploads` and `--max-concurrent-downloads` to
`docker daemon` command.

The documentation related to docker daemon has been updated.

Additional test case have been added to cover the changes in this fix.

This fix fixes #20936. This fix fixes #22443.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:38 +00:00
kevinmeredith a8e16c0079 Correct docs for a docker container's clean-up.
The 'Unix Signals' (https://en.wikipedia.org/wiki/Unix_signal#Handling_signals) wiki explains that:
> 'There are two signals which cannot be intercepted and handled: SIGKILL and SIGSTOP.'

Signed-off-by: kevinmeredith <kevin.m.meredith@gmail.com>
2017-06-02 00:07:38 +00:00
Tonis Tiigi 47ae76fd08 docs: clarify docker attach
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2017-06-02 00:07:38 +00:00
Brian Goff ce224853a2 Add support for reading logs extra attrs
The jsonlog logger currently allows specifying envs and labels that
should be propagated to the log message, however there has been no way
to read that back.

This adds a new API option to enable inserting these attrs back to the
log reader.

With timestamps, this looks like so:
```
92016-04-08T15:28:09.835913720Z foo=bar,hello=world hello
```

The extra attrs are comma separated before the log message but after
timestamps.

Without timestaps it looks like so:
```
foo=bar,hello=world hello
```

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-06-02 00:07:37 +00:00
Yuan Sun d16947629c from inheritted to inherited
Signed-off-by: Yuan Sun <sunyuan3@huawei.com>
2017-06-02 00:07:37 +00:00
Zhu Guihua f440f14613 Add disk quota support for btrfs
Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
2017-06-02 00:07:37 +00:00
Doug Davis fe09131526 Remove unnecessary double-double quotes
Signed-off-by: Doug Davis <dug@us.ibm.com>
2017-06-02 00:07:37 +00:00
Lucas Chan 0b4a6c36b7 Updated docker-info output and documentation
- [x] Update man page description
- [x] Update man page sample output to something more current

Tested with: `TESTFLAGS='-check.f DockerSuite.TestInfoEnsureSucceeds*'
make test-integration-cli`

Signed-off-by: Lucas Chan <lucas-github@lucaschan.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:37 +00:00
Wen Cheng Ma bdfe7963f2 Update the `docker daemon` to `dockerd` for document
Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com>
2017-06-02 00:07:37 +00:00
Yuan Sun 7d3bb7a6d0 remove "the" in docs.
Signed-off-by: Yuan Sun <sunyuan3@huawei.com>
2017-06-02 00:07:37 +00:00
Sebastiaan van Stijn efff6c2b24 Add "driver" filter for network ls
This add a new filter to 'docker network ls'
to allow filtering by driver-name.

Contrary to "ID" and "name" filters, this
filter only supports an *exact* match.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:37 +00:00
Hao Zhang 64ba15e3a3 update cgroup link in doc of run
Signed-off-by: Hao Zhang <21521210@zju.edu.cn>
2017-06-02 00:07:37 +00:00
Kai Qiang Wu(Kennan) c6d6752550 Add load/save image event support
For every docker load and save operations, it would log related
image events.

Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2017-06-02 00:07:36 +00:00
Darren Stahl bd299d2555 Add IO Resource Controls for Windows
Signed-off-by: Darren Stahl <darst@microsoft.com>
2017-06-02 00:07:36 +00:00
Sebastiaan van Stijn d192f97acc docs: add note about MAC addresses not being unique
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:36 +00:00
Dimitry Andric 4b30db603b The daemon.json storage-opts settings is actually a list.
Signed-off-by: Dimitry Andric <d.andric@activevideo.com>
2017-06-02 00:07:36 +00:00
Kai Qiang Wu(Kennan) 6a5870dcfa Fix the old exit status example
Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2017-06-02 00:07:36 +00:00
Kai Qiang Wu(Kennan) 0a8f5574b4 Add network label filter support
This patch did following:

1) Make filter check logic same as `docker ps ` filters

Right now docker container logic work as following:
when same filter used like below:
 -f name=jack -f name=tom
it would get all containers name is jack or tom(it is or logic)

when different filter used like below:

 -f name=jack -f id=7d1
it would get all containers name is jack and id contains 7d1(it is and logic)

It would make sense in many user cases, but it did lack of compliate filter cases,
like "I want to get containers name is jack or id=7d1", it could work around use
(get id=7d1 containers' name and get name=jack containers, and then construct the
final containers, they could be done in user side use shell or rest API)

2) Fix one network filter bug which could include duplicate result
when use -f name=  -f id=, it would get duplicate results

3) Make id filter same as container id filter, which means match any string.
not use prefix match.

It is for consistent match logic

Closes: #21417

Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2017-06-02 00:07:36 +00:00
Brian Goff a84e11aaf8 Allow volume drivers to provide a `Status` field
The `Status` field is a `map[string]interface{}` which allows the driver to pass
back low-level details about the underlying volume.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-06-02 00:07:36 +00:00
Darren Stahl 31e123d314 Add CPU count and maximum resource controls for Windows
Signed-off-by: Darren Stahl <darst@microsoft.com>
2017-06-02 00:07:36 +00:00
Dan Walsh a60c612a04 Add support for setting sysctls
This patch will allow users to specify namespace specific "kernel parameters"
for running inside of a container.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2017-06-02 00:07:36 +00:00
Mary Anthony 8850c4ab6e Fixes #21701 devicemapper docs
Copy edit the content
Updates to existing material
Adding mbentley's comments
Updating with last minute comments
Update with Seb's comments

Signed-off-by: Mary Anthony <mary@docker.com>
2017-06-02 00:07:36 +00:00
Thomas Riccardi 6ded7e8279 Improve build cache miss doc for `ARG` and `RUN`
The documentation already says the cache miss happens only at `ARG`
variable usage, not declaration, but there is a very common implicit
usage: `RUN`, which this commit documents even more, improving on #21790.

Also, use `definition` instead of `declaration`: it's the same thing, and
`definition` is already used in this documentation, contrary to
`declaration`.

Also, distinguish between "instructions" and "variables defined by `ARG`
instructions".

Signed-off-by: Thomas Riccardi <riccardi@systran.fr>
2017-06-02 00:07:36 +00:00
Yong Tang e450a54119 Change HumanSize to BytesSize for memory output in `docker stats`.
This fix tries to fix the discrepancy between `docker stats` and
`docker run` where `docker run` uses RAMInBytes for all memory
related inputs but `docker stats` uses HumanSize for all memory
related outputs.

To be consistent, `docker stats` needs to use BytesSize for all
memory related outputs to conform to RAMInBytes in `docker run`.

This fix addresses this issue. As BytesSize is used, the test
cases needs to be adjusted to match `KiB/MiB/GiB` instead of
`KB/MB/GB`.

The documentation has also been updated.

This fix fixes #21765.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:35 +00:00
Hyzhou d4aad85092 Fix the docker image --no-trunk output format
docker 1.10 change the output format of image id.

Signed-off-by: hyzhou.zhy <hyzhou.zhy@alibaba-inc.com>
2017-06-02 00:07:35 +00:00
Kai Qiang Wu(Kennan) a8a29fe7f5 Fix deprecated format for security-opt
Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2017-06-02 00:07:35 +00:00
Lei Jitang 42dfcc1d2a Correct the description of --group-add in run.md
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2017-06-02 00:07:35 +00:00
mikelinjie bc060f1f19 make the cache miss clear
Signed-off-by: mikelinjie <294893458@qq.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:35 +00:00
Tomasz Kopczynski 5f02c0a5ab Add insecure registries to docker info
Signed-off-by: Tomasz Kopczynski <tomek@kopczynski.net.pl>
2017-06-02 00:07:35 +00:00
allencloud b45ed4a79d 1.change validateNoSchema into validateNoScheme
2.change schema into scheme in docs and some annotations.

Signed-off-by: allencloud <allen.sun@daocloud.io>
2017-06-02 00:07:35 +00:00
Sebastiaan van Stijn 0a13b2a1ce Un-deprecate auto-creation of host directories for mounts
Auto-creation of host-directories was marked deprecated in
Docker 1.9, but was decided to be too much of an backward-incompatible
change, so it was decided to keep the feature.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:35 +00:00
Anusha Ragunathan 31c32956ca When using systemd, pass expected cgroupsPath and cli options to runc.
runc expects a systemd cgroupsPath to be in slice:scopePrefix:containerName
format and the "--systemd-cgroup" option to be set. Update docker accordingly.

Fixes 21475

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2017-06-02 00:07:34 +00:00
Aaron Lehmann 5161f2dc15 Mention "docker login" in push/pull documentation
It was suggested to me that documentation for "docker pull" and "docker
push" should reference "docker login", to make clearer how to specify
credentials for a push or pull operation. Add a note to the manual pages
and reference documentation explaining how registry credentials are
managed.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:07:34 +00:00
Harald Albers 85f983178b docs for `docker daemon --containerd`
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:34 +00:00
Shishir Mahajan 791a5fc5c1 CLI flag for docker create(run) to change block device size.
Signed-off-by: Shishir Mahajan <shishir.mahajan@redhat.com>
2017-06-02 00:07:34 +00:00
Harald Albers 52ccec4cbc fix wrong option name in `dm.min_free_space` examples
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:34 +00:00
Harald Albers f3f9b34d2a docs for labels on build, networks and volumes
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:33 +00:00
Kai Qiang Wu(Kennan) d69044537c Add name/driver filter support for volume
This change include filter `name` and `driver`,
and also update related docs to reflect that filters usage.

Closes: #21243

Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2017-06-02 00:07:33 +00:00
Harald Albers 386acc792b add docs for `docker load --quiet`
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:33 +00:00
Sven Dowideit 80f5ed58a5 WORKDIR is like calling mkdir - but we've not told people
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
2017-06-02 00:07:33 +00:00
Kenfe-Mickael Laventure 4ffd1a9433 Remove unneeded references to execDriver
This includes:
 - updating the docs
 - removing dangling variables

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-06-02 00:07:33 +00:00
Phil Estes 0926303632 Allow net and IPC namespaces to be shared when userns=on
Now that the namespace sharing code via runc is vendored with the
containerd changes, we can disable the restrictions on container to
container net and IPC namespace sharing when the daemon has user
namespaces enabled.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2017-06-02 00:07:33 +00:00
Brian Goff eba678647b Add explicit flags for volume cp/no-cp
This allows a user to specify explicitly to enable
automatic copying of data from the container path to the volume path.
This does not change the default behavior of automatically copying, but
does allow a user to disable it at runtime.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-06-02 00:07:32 +00:00
Martin Mosegaard Amdisen c0271978f9 Update 'save' command help
Based on review feedback.

Signed-off-by: Martin Mosegaard Amdisen <martin.amdisen@praqma.com>
2017-06-02 00:07:32 +00:00
Martin Mosegaard Amdisen 315c34a25a Fix plural typo in 'save' command help
The form "Save an images" is not correct.
Either "Save an image" or "Save images" work, but since
the save commands accepts multiple images, I chose the
latter.

Fixed in all places where I could grep "Save an image(s)".

Signed-off-by: Martin Mosegaard Amdisen <martin.amdisen@praqma.com>
2017-06-02 00:07:32 +00:00
David Calavera a7364b3743 Consolidate security options to use `=` as separator.
All other options we have use `=` as separator, labels,
log configurations, graph configurations and so on.
We should be consistent and use `=` for the security
options too.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:32 +00:00
Dan Walsh 2d0316cb43 Fix documentation on --security-opt seccomp
Missing documentation and man pages on seccomp options.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2017-06-02 00:07:32 +00:00
Zhang Wei d219111855 Fix typo
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:07:32 +00:00
Sebastiaan van Stijn 75bcb4f94a Update Docker pull examples
The old examples no longer worked due to changes in
the client and Docker Hub.

This updates the "docker pull" documentation and
adds more examples and explanation of the features.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:32 +00:00
Jason Heiss 6bcb137d2f Allow --hostname with --net=host
Docker creates a UTS namespace by default, even with --net=host, so it
is reasonable to let the user set the hostname. Note that --hostname is
forbidden if the user specifies --uts=host.

Closes #12076
Signed-off-by: Jason Heiss <jheiss@aput.net>
2017-06-02 00:07:32 +00:00
Kai Qiang Wu(Kennan) 2422bc30f5 Add the missed volume filter
Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2017-06-02 00:07:32 +00:00
Vivek Goyal 8db4ee005a devmapper: Add a new option dm.min_free_space
Once thin pool gets full, bad things can happen. Especially in case of xfs
it is possible that xfs keeps on retrying IO infinitely (for certain kind
of IO) and container hangs. 

One way to mitigate the problem is that once thin pool is about to get full,
start failing some of the docker operations like pulling new images or
creation of new containers. That way user will get warning ahead of time
and can try to rectify it by creating more free space in thin pool. This
can be done either by deleting existing images/containers or by adding more
free space to thin pool.

This patch adds a new option dm.min_free_space to devicemapper graph
driver. Say one specifies dm.min_free_space=10%. This means atleast
10% of data and metadata blocks should be free in pool before new device
creation is allowed, otherwise operation will fail.

By default min_free_space is 10%. User can change it by specifying
dm.min_free_space=X% on command line. A value of 0% will disable the
check.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
2017-06-02 00:07:32 +00:00
Liron Levin ce28fa45b0 Run privileged containers when userns are specified
Following #19995 and #17409 this PR enables skipping userns re-mapping
when creating a container (or when executing a command). Thus, enabling
privileged containers running side by side with userns remapped
containers.

The feature is enabled by specifying ```--userns:host```, which will not
remapped the user if userns are applied. If this flag is not specified,
the existing behavior (which blocks specific privileged operation)
remains.

Signed-off-by: Liron Levin <liron@twistlock.com>
2017-06-02 00:07:32 +00:00
Aaron Lehmann b2b5bc9937 Add support for identity tokens in client credentials store
Update unit test and documentation to handle the new case where Username
is set to <token> to indicate an identity token is involved.

Change the "Password" field in communications with the credential helper
to "Secret" to make clear it has a more generic purpose.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:07:31 +00:00
Madhu Venugopal 2168c53ee9 Include all endpoints in network inspect object
Prior to this change, the "docker network inspect" contains only the
endpoints that have active local container. This excludes all the remote
and stale endpoints. By including all the endpoints, it makes debugging
much simpler and also allows the user to cleanup any stale endpoints
using "docker network disconnect -f {network} {endpoint-name}".

Signed-off-by: Madhu Venugopal <madhu@docker.com>
2017-06-02 00:07:31 +00:00
Antonio Murdaca d437e32541 docs: add $ before HOME
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:31 +00:00
David Calavera 02a1c138d0 Move registry service options to the daemon configuration.
Allowing to set their values in the daemon configuration file.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:31 +00:00
Antonio Murdaca b20a425cd9 docs: extend: plugins: mention the sdk + systemd socket activation
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:31 +00:00
Jessica Frazelle fd1c2150ad pids limit support
update bash commpletion for pids limit

update check config for kernel

add docs for pids limit

add pids stats

add stats to docker client

Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2017-06-02 00:07:31 +00:00
Mrunal Patel d3f632156e Add support for NoNewPrivileges in docker
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

Add tests for no-new-privileges

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

Update documentation for no-new-privileges

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-06-02 00:07:31 +00:00
Antonio Murdaca 8f095a76ab cliconfig: credentials: set default for unix
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:31 +00:00
Sebastiaan van Stijn 82fe889a6d Update links to Docker Hub
Updates links to Docker Hub with their new
URLs to prevent redirects.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:31 +00:00
Micah Zoltu 31e78dd369 Adds clarification to behavior of missing directories.
Closes #20920

Signed-off-by: Micah Zoltu <micah@zoltu.net>
2017-06-02 00:07:31 +00:00
Brian Goff b1bac487a6 Support mount opts for `local` volume driver
Allows users to submit options similar to the `mount` command when
creating a volume with the `local` volume driver.

For example:

```go
$ docker volume create -d local --opt type=nfs --opt device=myNfsServer:/data --opt o=noatime,nosuid
```

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-06-02 00:07:31 +00:00
Qiang Huang 09f4e2e654 Add CgroupDriver to docker info
Fixes: #19539

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:07:31 +00:00
Sebastiaan van Stijn ecd12ef145 docs: improve note for Fedora 22
Move the note more up, to prevent people from starting
the daemon with --userns-remap before touching the files.

Also clarify that these steps must be done *before* enabling
userns-remap and starting the daemon.

Also fixed some minor Markup formatting issues.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:31 +00:00
Ken Cochrane 317cfbd7bd Remove email address field from login
This removes the email prompt when you use docker login, and also removes the ability to register via the docker cli. Docker login, will strictly be used for logging into a registry server.

Signed-off-by: Ken Cochrane <kencochrane@gmail.com>
2017-06-02 00:07:30 +00:00
Qiang Huang 119605fc24 Add docs for cgroup-parent of systemd cgroup
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:07:30 +00:00
David Calavera 6ee9d8a187 Client credentials store.
This change implements communication with an external credentials store,
ala git-credential-helper. The client falls back the plain text store,
what we're currently using, if there is no remote store configured.

It shells out to helper program when a credential store is
configured. Those programs can be implemented with any language as long as they
follow the convention to pass arguments and information.

There is an implementation for the OS X keychain in https://github.com/calavera/docker-credential-helpers.
That package also provides basic structure to create other helpers.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:30 +00:00
Antonio Murdaca 4d6a232fc0 Revert "resolve the config file from the sudo user"
This reverts commit afde6450ee7bd4a43765fdc0a9799b411276d9e4.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:30 +00:00
Lei Jitang a0399720ce Fix configuration reloading
There are five options 'debug' 'labels' 'cluster-store' 'cluster-store-opts'
and 'cluster-advertise' that can be reconfigured, configure any of these
options should not affect other options which may have configured in flags.
But this is not true, for example, I start a daemon with -D to enable the
debugging, and after a while, I want reconfigure the 'label', so I add a file
'/etc/docker/daemon.json' with content '"labels":["test"]' and send SIGHUP to daemon
to reconfigure the daemon, it work, but the debugging of the daemon is also diabled.
I don't think this is a expeted behaviour.
This patch also have some minor refactor of reconfiguration of cluster-advertiser.
Enable user to reconfigure cluster-advertiser without cluster-store in config file
since cluster-store could also be already set in flag, and we only want to reconfigure
the cluster-advertiser.

Signed-off-by: Lei Jitang <leijitang@huawei.com>
2017-06-02 00:07:30 +00:00
Antonio Murdaca b610528a6a resolve the config file from the sudo user
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:30 +00:00
Tomasz Kopczynski a429c0e84f Docs: add note about CMD and ENTRYPOINT commands
Signed-off-by: Tomasz Kopczynski <tomek@kopczynski.net.pl>
2017-06-02 00:07:30 +00:00
Antonio Murdaca 6f778ea663 docs: reference: commandline: daemon: fedora 23+ has mapping files
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:30 +00:00
David Calavera beb7b68810 Add mounts to docker ps.
- Allow to filter containers by volume with `--filter volume=name` and `filter volume=/dest`.
- Show their names in the list with the custom format `{{ .Mounts }}`.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:30 +00:00
Aidan Hobson Sayers 543ca10394 Update docs for enableipv6
Signed-off-by: Aidan Hobson Sayers <aidanhs@cantab.net>
2017-06-02 00:07:30 +00:00
Zhang Wei 623082a1eb Update RestartPolicy of container
Add `--restart` flag for `update` command, so we can change restart
policy for a container no matter it's running or stopped.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:07:29 +00:00
Jian Zhang 776757ac28 Fix some flaws in docs
Signed-off-by: Jian Zhang <zhangjian.fnst@cn.fujitsu.com>
2017-06-02 00:07:29 +00:00
Alessandro Boch 15eb38dfb1 Invoke ReloadConfiguration on network controller
- It reverts fa163f5619bb01cabca1c21 plus a small change
  in order to allow passing the global scope datastore
  to libnetwork after damon boot.

Signed-off-by: Alessandro Boch <aboch@docker.com>
2017-06-02 00:07:29 +00:00
ozlerhakan 79a3c42030 add a section to each volume page
Signed-off-by: ozlerhakan <hakan.ozler@kodcu.com>
2017-06-02 00:07:29 +00:00
Aidan Hobson Sayers 65c94a34be Add docs for --ipv6 option, also add --internal as appropriate
Signed-off-by: Aidan Hobson Sayers <aidanhs@cantab.net>
2017-06-02 00:07:29 +00:00
Bastiaan Bakker e56ee5769c add missing trailing slash in ADD and COPY /absoluteDir examples. According to the specs they are mandatory.
Signed-off-by: Bastiaan Bakker <bbakker@xebia.com>
2017-06-02 00:07:29 +00:00
Vishnu kannan cb1279e542 Expose docker's root directory by default as part of `docker info`.
Signed-off-by: Vishnu kannan <vishnuk@google.com>
2017-06-02 00:07:29 +00:00
Robert Wallis 3969f77c86 Fixing mismatched network name.
Using `my-net` to be consistent with:
https://docs.docker.com/engine/reference/run/

Signed-off-by: Robert Wallis <smilingrob@gmail.com>
2017-06-02 00:07:29 +00:00
Victor Vieux c30d9d2fff fix common misspell
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-06-02 00:07:28 +00:00
Jessica Frazelle 91d0d25ee4 update cap-add docs for seccomp
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2017-06-02 00:07:28 +00:00
Sian Lerk Lau 7c85fb1665 Improve usage details on overriding USER command in Docker run reference page
Signed-off-by: Sian Lerk Lau <kiawin@gmail.com>
2017-06-02 00:07:28 +00:00
Tianon Gravi a015293ff7 Remove "--group-add dbus" from busybox example (no dbus group in busybox anymore)
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
2017-06-02 00:07:28 +00:00
Tomasz Kopczynski 680de96eb6 Before and since filters documentation
Signed-off-by: Tomasz Kopczynski <tomek@kopczynski.net.pl>
2017-06-02 00:07:28 +00:00
Doug Davis a26c02199d Make it clear that env vars must be simple
Closes #20169

Signed-off-by: Doug Davis <dug@us.ibm.com>
2017-06-02 00:07:28 +00:00
Tom X. Tobin aa46699081 Fix mention of at sign in docs
The at sign (`@`) was being referred to in the documentation as an
ampersand (`&`).

Signed-off-by: Tom X. Tobin <tomxtobin@tomxtobin.com>
2017-06-02 00:07:28 +00:00
David Calavera 505e1673d6 Add missing debug client mode info in docs.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:28 +00:00
Chun Chen 355a190423 Display `internal` flag on `network inspect`
Also adds internal network tests for bridge network

Signed-off-by: Chun Chen <ramichen@tencent.com>
2017-06-02 00:07:28 +00:00
Kai Qiang Wu(Kennan) 361097ab17 Correct old virtual size
In new content addressable model, image no longer
have virtual size column, it is now 'size'. So we
need to update related docs about them.

Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2017-06-02 00:07:27 +00:00
Vincent Woo 1a10df30ce Allow disabling of colored Docker logs via daemon flag.
Signed-off-by: Vincent Woo <me@vincentwoo.com>
Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:27 +00:00
qg 235927da80 change 'host:port' to `host:port`
Signed-off-by: Gang Qiao <qiaohai8866@gmail.com>
2017-06-02 00:07:27 +00:00
Prayag Verma 6f24713ba0 Fix typo
Signed-off-by: Prayag Verma <prayag.verma@gmail.com>
2017-06-02 00:07:27 +00:00
Wen Cheng Ma 6a0e2f700a Change container name to id as actual results
Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com>
2017-06-02 00:07:27 +00:00
Wen Cheng Ma 27686523be docs: document options for default network driver
Fixes issue #18410

Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com>
2017-06-02 00:07:27 +00:00
Bryan Boreham c1c803cbe8 Improve wording about re-assigning IP addresses
Signed-off-by: Bryan Boreham <bjboreham@gmail.com>
2017-06-02 00:07:27 +00:00
Sebastiaan van Stijn d4fd7fd13b Fix docs for tmpfs (pr 19688)
Underlying files are no longer copied to the tmpfs.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:27 +00:00
David Calavera 045907a71c Remove cluster storage advertise from reload.
Because libnetwork won't really send container information to the new
storage anyways.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:27 +00:00
Mary Anthony 7910f01804 Creating Engine specific menu
Fixing the links
Updating with Seb's comments
Adding weight
Fixing the engine aliases
Updating after Arun pushed
Removing empty file

Signed-off-by: Mary Anthony <mary@docker.com>
2017-06-02 00:07:26 +00:00
Brian Goff 88fa05ccb4 Add note about mount propagation on systemd
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-06-02 00:07:26 +00:00
David Calavera d3f2c73453 Allow network configuration via daemon config file.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:26 +00:00
Brian Goff 8de6a3fc71 On container rm, don't remove named mountpoints
This makes it so when calling `docker run --rm`, or `docker rm -v`, only
volumes specified without a name, e.g. `docker run -v /foo` instead of
`docker run -v awesome:/foo` are removed.

Note that all volumes are named, some are named by the user, some get a
generated name. This is specifically about how the volume was specified
on `run`, assuming that if the user specified it with a name they expect
it to persist after the container is cleaned up.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-06-02 00:07:26 +00:00
Jasmine Hegman 6495ac0c5f Correcting `overlay` -> `bridge` driver in run.md
Correcting `overlay` -> `bridge` driver in run.md to match the preceding paragraph.

Signed-off-by: Jasmine Hegman <jasmine@jhegman.com>
2017-06-02 00:07:25 +00:00
Doug Davis fc57c3a419 Add some helper text for magical ADD
Closes: #15777

Signed-off-by: Doug Davis <dug@us.ibm.com>
2017-06-02 00:07:25 +00:00
Mary Anthony 32e9c9434a Fixing missing certs article; consolidating security material
Entering comments from reviewers
Updating with Derek's comments
Fixing bad links reported by build

Signed-off-by: Mary Anthony <mary@docker.com>
2017-06-02 00:07:25 +00:00
David Calavera 2ac86ababf Make TLSOptions and LogConfig embedded structs.
That way the configuration file becomes flag, without extra keys.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:25 +00:00
David Calavera 9930f31f74 Verify that the configuration keys in the file are valid.
- Return an error if any of the keys don't match valid flags.
- Fix an issue ignoring merged values as named values.
- Fix tlsverify configuration key.
- Fix bug in mflag to avoid panics when one of the flag set doesn't have any flag.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:25 +00:00
Anton Polonskiy b1fbfa3b04 fixed typo
Signed-off-by: Anton Polonskiy <anton.polonskiy@gmail.com>
2017-06-02 00:07:25 +00:00
Kareem Khazem e62e6e8b07 Added `dead` to docs for docker ps -f status=...
It is possible to invoke `docker ps -f status=dead`, but the
documentation for docker-ps does not mention `dead` as a valid option.
This commit fixes that.

Signed-off-by: Kareem Khazem <karkhaz@karkhaz.com>
2017-06-02 00:07:25 +00:00
Azat Khuyiyakhmetov 7e208ef5d0 Fixed typo in "/etc/subUid"
Signed-off-by: Azat Khuziyakhmetov <shadow_uz@mail.ru>
2017-06-02 00:07:25 +00:00
Qiang Huang dd7ea45fae Fix comment about swap limit of docker update
The description "set `-1` to disable swap" is wrong, `build`,
`create` and `run` already fixed, we need to fix `update` as well.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:07:25 +00:00
Kai Qiang Wu(Kennan) 6c5013bc3c Refine the volume mount example
The path here should be absolute, else it would
deem it as volume name.

Also link to release page to contain static binary,
the old link not work, because it is just used to
install docker in os distro, it can not be used
as static binary directly.

Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2017-06-02 00:07:25 +00:00
Kai Qiang Wu(Kennan) 35f4d67cfd Fix the typo in ps
Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2017-06-02 00:07:25 +00:00
Kai Qiang Wu(Kennan) 931232313c Fix the ulimit link
The old link not existed, we need fix it the right one.

Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2017-06-02 00:07:25 +00:00
Kai Qiang Wu(Kennan) 4ed29cad62 Fix commit wrong repository example
The old name is invalid in new repository name spec.
So we need to fix them.

Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2017-06-02 00:07:25 +00:00
Kai Qiang Wu(Kennan) 135fb7a665 Fix ulimit command form
The ulimit is builtin, so we need shell form to execute it.

Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2017-06-02 00:07:24 +00:00
Kai Qiang Wu(Kennan) 1af502f23d Fix add host device example
The example is not right in parameter, and also
one command is same as first one, it should be typo
before, we should use 'rw' as example for that.

Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2017-06-02 00:07:24 +00:00
Kai Qiang Wu(Kennan) 77ff4c9b7f Fix the privileged example
Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2017-06-02 00:07:24 +00:00
Wen Cheng Ma 9f64dc98bd Add Subnets info for user-defined network
* If user doesn't specify the subnets to create a network, it will pick
  subnets from inside preferred pool. This PR aims to inspect these subnets info

* Add integration tests for docker inspect the subnets.

* docker-py project is already synchronized.

* jenkins checks depend on https://github.com/docker/docker-py/pull/888

Fixes issue #18626

Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com>
2017-06-02 00:07:24 +00:00
David Calavera ad43730d0f Allow to set daemon and server configurations in a file.
Read configuration after flags making this the priority:

1- Apply configuration from file.
2- Apply configuration from flags.

Reload configuration when a signal is received, USR2 in Linux:

- Reload router if the debug configuration changes.
- Reload daemon labels.
- Reload cluster discovery.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:24 +00:00
Jessica Frazelle bb94c5077c WIP: Update security docs for seccomp/apparmor
Signed-off-by: Mary Anthony <mary@docker.com>

Updaing and slight re-arrangement of security information

Signed-off-by: Mary Anthony <mary@docker.com>

Updating security files

Signed-off-by: Mary Anthony <mary@docker.com>

Updating links to the security documentation

Signed-off-by: Mary Anthony <mary@docker.com>

removing some extra spaces

Signed-off-by: Mary Anthony <mary@docker.com>

Correcting spelling

Signed-off-by: Mary Anthony <mary@docker.com>
2017-06-02 00:07:24 +00:00
Harald Albers 775e7a02a3 Document that detach keys are a list of key bindings
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:24 +00:00
Ryan Belgrave 82e9cba6d4 Add IPAM Config Options to match libnetwork
Signed-off-by: Ryan Belgrave <rmb1993@gmail.com>
2017-06-02 00:07:24 +00:00
Madhu Venugopal 46db31de0a Network scoped alias support
Signed-off-by: Madhu Venugopal <madhu@docker.com>
2017-06-02 00:07:24 +00:00
Madhu Venugopal e686b4d8be Forced endpoint cleanup
docker's network disconnect api now supports `Force` option which can be
used to force cleanup an endpoint from any host in the cluster.

Signed-off-by: Madhu Venugopal <madhu@docker.com>
2017-06-02 00:07:23 +00:00
Alessandro Boch d3aa590eec Add missing documentation for static IP options
Signed-off-by: Alessandro Boch <aboch@docker.com>
2017-06-02 00:07:23 +00:00
Shishir Mahajan 1e83a27ca1 daemon option (--storage-opt dm.basesize) for increasing the base device size on daemon restart
Signed-off-by: Shishir Mahajan <shishir.mahajan@redhat.com>
2017-06-02 00:07:23 +00:00
Tibor Vass 7f6a7ed8d1 Rename authz to authorization for greater clarity
Signed-off-by: Tibor Vass <tibor@docker.com>
2017-06-02 00:07:23 +00:00
Chun Chen 3f5817fdae Add network interal mode
Signed-off-by: Chun Chen <ramichen@tencent.com>
Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:23 +00:00
Kim Eik 22aaf42a84 Added additional container information to "docker info".
Instead of just showing the number of containers this patch will
show the number of running, paused and stopped containers as well.

Signed-off-by: Kim Eik <kim@heldig.org>
(cherry picked from commit a9804ab1cb117a132cbf460067d55f5146d50956)
2017-06-02 00:07:23 +00:00
Madhu Venugopal bf03439e68 Docs update for link functionality in user-defined networks
Signed-off-by: Madhu Venugopal <madhu@docker.com>
2017-06-02 00:07:23 +00:00
Aaron Lehmann 442cbbfac1 Prune digest references when deleting by tag
When pulling an image with content trust enabled, two references are
created: a digest reference and a tag reference. Deleting by tag
wouldn't actually remove the image, because the digest reference keeps
it alive.

This change modifies the rmi logic so that digest references don't keep
an image alive. If the last tag referencing a given image is deleted,
any digest references to it will be removed as well, so the image can
actually get deleted. This fixes the usability problem with deletions
when content trust is in use, so something like "docker pull busybox;
docker rmi busybox" will work as expected.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:07:23 +00:00
Phil Estes 36960be45f Add daemon documentation on user namespaces feature
Remove the experimental docs for user namespaces and add similar content
to the `docker daemon` command documentation.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2017-06-02 00:07:23 +00:00
Lei Jitang b5843f62f8 Add docker network connect/disconnect to non-running container
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2017-06-02 00:07:23 +00:00
Aidan Hobson Sayers 5142d3a669 Fix ambassador script based on SvenDowideit/dockerfiles#37
Signed-off-by: Aidan Hobson Sayers <aidanhs@cantab.net>
2017-06-02 00:07:23 +00:00
Victor Vieux 06f084a8ec Before that change, etcd and zookeeper would fail to instantiate
the discovery without the key being already there in the store or
created beforehand and implicitely by a 'swarm join'.

Signed-off-by: Alexandre Beslic <abronan@docker.com>
Signed-off-by: Victor Vieux <vieux@docker.com>

This PR allows to configure the discovery path using the
--discovery-opt flag (with "kv.path=path/to/nodes"). We
can point to "docker/nodes" and use the docker discovery.

If docker instances are advertising to the cluster using
the `--cluster-advertise` flag, the swarm join command
becomes unnecessary.

Signed-off-by: Alexandre Beslic <abronan@docker.com>
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-06-02 00:07:22 +00:00
Alessandro Boch 0a3c040a07 Allow user to choose the IP address for the container
Signed-off-by: Alessandro Boch <aboch@docker.com>
2017-06-02 00:07:22 +00:00
Alexander Morozov 6a6c99d7fe Choose default-cgroup parent by cgroup driver
It's "/docker" for cgroupfs and "system.slice" for systemd.

Fix #19140

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2017-06-02 00:07:22 +00:00
Alexander Morozov 61295a1ec8 Add ability to set cgroup parent for all containers
Fix #18022

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2017-06-02 00:07:22 +00:00
David Calavera 5e85f62dbc Add filter by event type and documentation.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:22 +00:00
Sebastiaan van Stijn 31ad32c879 Fix pid=host example in documentation
The existing example didn't illustrate how to
install strace in the container. In addition,
the rhel7 image used is no longer public (and maintained)
so not a good image to use in the example.

This updates the example to use htop (strace is
not working without disabling apparmor for the container)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:22 +00:00
Vincent Demeester 18eb9f2e64 Implement configurable detach key
Implement configurable detach keys (for `attach`, exec`, `run` and
`start`) using the client-side configuration

- Adds a `--detach-keys` flag to `attach`, `exec`, `run` and `start`
  commands.
- Adds a new configuration field (in `~/.docker/config.json`) to
  configure the default escape keys for docker client.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:22 +00:00
Wen Cheng Ma 636ffcc028 Improvement for docker subcommand's help messages
Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com>
2017-06-02 00:07:22 +00:00
Wen Cheng Ma 6bfda2dbbc Update integration tests when container and image have same name
Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com>
2017-06-02 00:07:21 +00:00
Qiang Huang b87dd1342f Fix docs for memory-swap
Fixes: #18894

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:07:21 +00:00
Thomas Swift 2d406c4058 Fix typo in daemon storage-driver docs
Signed-off-by: Thomas Swift <tgs242@gmail.com>
2017-06-02 00:07:21 +00:00
Qiang Huang 3f44418168 Implemet docker update command
It's used for updating properties of one or more containers, we only
support resource configs for now. It can be extended in the future.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:07:21 +00:00
Doug Davis 421578fbd4 remove =false from options that default to false in the docs
This re-aligns the docs with what the cmd line now does.

Signed-off-by: Doug Davis <dug@us.ibm.com>
2017-06-02 00:07:21 +00:00
Zhang Wei ed4cf608e2 Add filter for `network ls` to hide predefined net
Add filter support for `network ls` to hide predefined network,
then user can use "docker network rm `docker network ls -f type=custom`"
to delete a bundle of userdefined networks.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:07:21 +00:00
Ma Shimiao 499d634f32 Add support for blkio read/write iops device
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2017-06-02 00:07:21 +00:00
Vincent Demeester 1e3c5bbe15 Add --format support to images command
- rename `api/client/ps` to `api/client/formatter`
- add a a image formatter

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:21 +00:00
Boaz Shuster fbb25d42f0 Change the quiet flag behavior in the build command
Right now, the quiet (-q, --quiet) flag ignores the output
generated from within the container.

However, it ought to be quiet in a way that all kind
of diagnostic output should be ignored, unless the build
process fails.

This patch makes the quiet flag behave in the following way:
 1. If the build process succeeds, stdout contains the image ID
    and stderr is empty.
 2. If the build process fails, stdout is empty and stderr
    has the error message and the diagnostic output of that process.

If the quiet flag is not set, then everything goes to stdout
and error messages, if there are any, go to stderr.

Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
2017-06-02 00:07:21 +00:00
Aidan Feldman 4620840d57 Update restart description
add a note around restart policies only working in detached mode

Signed-off-by: Aidan Feldman <aidan.feldman@gmail.com>

Update restart description with Mary's comments.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:21 +00:00
Bryan Boreham 1b77149fd4 Explain 'json' function a bit better
Signed-off-by: Bryan Boreham <bjboreham@gmail.com>
2017-06-02 00:07:20 +00:00
Doug Davis 8b3b2571d7 Add a DOCKER_API_VERSION env var
Closes: #11486

Just for @ahmetalpbalkan  :-)

Fixed some comment formatting too while in there.

Signed-off-by: Doug Davis <dug@us.ibm.com>
2017-06-02 00:07:20 +00:00
Vivek Goyal b2cbaa03af Add capability to specify mount propagation per volume
Allow passing mount propagation option shared, slave, or private as volume
property.

For example.
docker run -ti -v /root/mnt-source:/root/mnt-dest:slave fedora bash

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
2017-06-02 00:07:20 +00:00
Justas Brazauskas b91f98d9f1 Fix typos found across repository
Signed-off-by: Justas Brazauskas <brazauskasjustas@gmail.com>
2017-06-02 00:07:20 +00:00
Liron Levin 53c1cb81c0 Change authz plugin argument name
Signed-off-by: Liron Levin <liron@twistlock.com>
2017-06-02 00:07:20 +00:00
Dima Stopel a8a3c47ee5 Fixing documentation comments by @thaJeztah
Signed-off-by: Dima Stopel <dima@twistlock.com>
2017-06-02 00:07:20 +00:00
Dima Stopel 00962f362b Fixing documentation according to comments by @moxiegirl and @thaJeztah
Signed-off-by: Dima Stopel <dima@twistlock.com>
2017-06-02 00:07:20 +00:00
Dima Stopel 87f1223216 Adding authorization subsystem documentation
Signed-off-by: Dima Stopel <dima@twistlock.com>
2017-06-02 00:07:20 +00:00
Aaron Lehmann fa96356872 Update docs for addition of transfer manager
Closing the HTTP connection requesting a push or pull will cancel the
push or pull. This behavior also applies to the CLI.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:07:19 +00:00
Qiang Huang d9278dd4a8 Check minimum kernel memory limit to be 4M
Fixes: #18405

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:07:19 +00:00
Sambuddha Basu 93ce6fd9f5 The docs now explain that images with repo:tag as <none>:<none> are dangling images.
Signed-off-by: Sambuddha Basu <sambuddhabasu1@gmail.com>
2017-06-02 00:07:19 +00:00
Sebastiaan van Stijn 7071c15b5f docs: markdown and textual fixups in reference/run.md
This fixes markdown formatting, and formatting of tables;

 - Our markdown engine doesn't support spanning rows, so
   re-wrapped table contents.
 - Added a CSS-styles to prevent "code" blocks in tables
   from wrapping
 - The "logging drivers" table didn't have a header
 - Aligned table borders in source code for better readability.
 - Standardize on using `-it` in stead of -i -t or -ti
 - Some markup issues
 - Some minor textual fixups

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:19 +00:00
Chris Weyl 66eef79e58 newtork -> network (minor spelling correction)
...yeah, that was bugging me. :)

Signed-off-by: Chris Weyl <cweyl@alumni.drew.edu>
2017-06-02 00:07:19 +00:00
Ma Shimiao 9480c4763d Add support for blkio read/write bps device
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2017-06-02 00:07:19 +00:00
Ma Shimiao 7880dcf5f2 docs: fix weight-deivce option args
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2017-06-02 00:07:19 +00:00
Vincent Demeester c6162061d9 Add format flag to network inspect
…for consistency as docker inspect and docker volume inspect supports it too

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:19 +00:00
Sebastiaan van Stijn c5f725e1c7 Address review comments.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:19 +00:00
Ben Firshman 22ce4b4448 Add docs and man page entry for --volume-driver
Signed-off-by: Ben Firshman <ben@firshman.co.uk>
2017-06-02 00:07:19 +00:00
Wen Cheng Ma deae0706ea Add NETWORK_NAME_or_ID value for --net= option
Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com>
2017-06-02 00:07:19 +00:00
Sebastiaan van Stijn 178a2cfe7c update order and address review notes
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:19 +00:00
gwx296173 01c09480dc add examples in search.md
Signed-off-by: gwx296173 <gaojing3@huawei.com>
2017-06-02 00:07:19 +00:00
Antonio Murdaca e9287cd43a Add OomScoreAdj to configure container oom killer preferences
libcontainer v0.0.4 introduces setting `/proc/self/oom_score_adj` to
better tune oom killing preferences for container process. This patch
simply integrates OomScoreAdj libcontainer's config option and adjust
the cli with this new option.

Signed-off-by: Antonio Murdaca <amurdaca@redhat.com>
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:19 +00:00
Dan Walsh 65120e8851 This patch adds --tmpfs as a option for mounting tmpfs on directories
It will Tar up contents of child directory onto tmpfs if mounted over

This patch will use the new PreMount and PostMount hooks to "tar"
up the contents of the base image on top of tmpfs mount points.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2017-06-02 00:07:18 +00:00
Doug Davis ecfc3613b2 Deprecate -f flag from docker tag
Closes #9798

@maintainers please note that this is a change to the UX. We no longer
require the -f flag on `docker tag` to move a tag from an existing image.
However, this does make us more consistent across our commands,
see https://github.com/docker/docker/issues/9798 for the history.

Signed-off-by: Doug Davis <dug@us.ibm.com>
2017-06-02 00:07:18 +00:00
Zhang Wei 67eea4d814 Add docs for option `--isolation`
Add docs for `run`/`create`/`build` command option `isolation`

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:07:18 +00:00
Madhu Venugopal c072458308 Make discovery ttl and heartbeat configurable
Docker daemon uses kv-store as the host-discovery backend.
Discovery module tracks the liveness of a node through a simple
keepalive mechanism.  The keepalive mechanism depends on every
node performing heartbeat by registering itself with the discovery
module (via KV-Store Put operation). And for every Put operation,
the discovery module in all other nodes will receive a Watch
notification. That keeps the node alive.
Any node that fails to register itself within the TTL timer is
considered dead and removed from the discovery database.

The default timer (heartbeat = 20 seconds & ttl = 60 seconds)
works fine for small clusters.  But for large clusters, these
default timers are extremely aggressive and that causes high CPU
& most of the processing is spent managing the node discovery
and that impacts normal daemon operation.

Hence we need a way to make the discovery ttl and heartbeat
configurable.  As the cluster size grows, the user can change
these timers to make sure the daemon scales.

Signed-off-by: Madhu Venugopal <madhu@docker.com>
2017-06-02 00:07:18 +00:00
Kai Qiang Wu(Kennan) 4fbaeb5f25 Fixing the volume options doc
Fixes #15896
Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2017-06-02 00:07:18 +00:00
Sebastiaan van Stijn 41afe87367 docs: fixups for plugin drivers in docker info
Plugin drivers were added to docker info in
https://github.com/docker/docker/pull/17300

but not added to the example output in the online
docs.

Also fixed mixed tabs/spaces in the API documentation.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:18 +00:00
Doug Davis a7eb9308d5 Add more to tag's -f flag's help
Was noticed in #9798

Signed-off-by: Doug Davis <dug@us.ibm.com>
2017-06-02 00:07:18 +00:00
Zhang Wei 87ba148cab Add API change to docs
Add API change description to docs due to `docker network inspect`
returns different data structure.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:07:18 +00:00
Doug Davis ec3aa7ede2 Add some docs about build-arg's impact on the cache
Closes #18017

Signed-off-by: Doug Davis <dug@us.ibm.com>
2017-06-02 00:07:18 +00:00
Zhang Wei 007df1d494 Enhance `docker network rm` to delete multi net
This commit enhance `docker network rm` command to allow user to delete
multi networks at the same time.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:07:18 +00:00
Sven Dowideit d63c19c4ea Fixes found by docs validation tool
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
2017-06-02 00:07:18 +00:00
Zhang Wei 92d0c4bc45 Add '-L' option for `cp`
Fixes #16555

Original docker `cp` always copy symbol link itself instead of target,
now we provide '-L' option to allow docker to follow symbol link to real
target.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:07:18 +00:00
Mike Brown 0eb79491dd modifying docker --since and --until to support nanoseconds and time zones
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2017-06-02 00:07:18 +00:00
Wen Cheng Ma 562c2df97d Re-implement --before and --since as options for --filter
* This commit will mark --before and --since as deprecated, but leave their behavior
  unchanged until they are removed, then re-implement them as options for --filter.

* And update the related docs.

* Update the integration tests.

Fixes issue #17716

Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com>
2017-06-02 00:07:18 +00:00
NIWA Hideyuki fa2f024bc6 Addition of "--shm-size" to which size of /dev/shm is changed.
- Optional "--shm-size=" was added to the sub-command(run, create,and build).
- The size of /dev/shm in the container can be changed
  when container is made.
- Being able to specify is a numerical value that applies number,
  b, k, m, and g.
- The default value is 64MB, when this option is not set.
- It deals with both native and lxc drivers.

Signed-off-by: NIWA Hideyuki <niwa.hiedyuki@jp.fujitsu.com>
2017-06-02 00:07:18 +00:00
Mary Anthony cd4fc83dd1 Small changes to storage driver/commands ref
Entering V's comments

Signed-off-by: Mary Anthony <mary@docker.com>
2017-06-02 00:07:17 +00:00