Commit Graph

1193 Commits

Author SHA1 Message Date
Charles Smith 2cab081e16 add doc for live-restore setting and daemonless containers, fix admin guide menu
Signed-off-by: Charles Smith <charles.smith@docker.com>
2017-06-02 00:10:03 +00:00
Vincent Demeester 91e476b7e9 Add container labels to service create/update
Swarm mode makes it possible through the API to set labels to containers
but not through command line. This tries to fix it.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:10:03 +00:00
Tibor Vass fa9465f093 healthcheck: do not interpret exit code 2 as "starting"
Instead reserve exit code 2 to be future proof, document that it should
not be used. Implementation-wise, it is considered as unhealthy, but
users should not rely on this as it may change in the future.

Signed-off-by: Tibor Vass <tibor@docker.com>
2017-06-02 00:10:02 +00:00
Aaron Lehmann b41c3dd208 Add failure action for rolling updates
This changes the default behavior so that rolling updates will not
proceed once an updated task fails to start, or stops running during the
update. Users can use docker service inspect --pretty servicename to see
the update status, and if it pauses due to a failure, it will explain
that the update is paused, and show the task ID that caused it to pause.
It also shows the time since the update started.

A new --update-on-failure=(pause|continue) flag selects the
behavior. Pause means the update stops once a task fails, continue means
the old behavior of continuing the update anyway.

In the future this will be extended with additional behaviors like
automatic rollback, and flags controlling parameters like how many tasks
need to fail for the update to stop proceeding. This is a minimal
solution for 1.12.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:10:02 +00:00
Aanand Prasad 897dc90656 Add note about --entrypoint overriding default command
Signed-off-by: Aanand Prasad <aanand.prasad@gmail.com>
2017-06-02 00:10:02 +00:00
Everett Toews d41421140c Fix AuthzPlugin URL fragment in docs
These docs have AuthzPlugin with a lower case 'z'. What the plugin
api is actually looking for is AuthZPlugin with an upper case 'Z'.

See 46e3a249a1/pkg/authorization/api.go (L5-L8)

Signed-off-by: Everett Toews <everett.toews@rackspace.com>
2017-06-02 00:10:02 +00:00
Aaron Lehmann 1918ec3987 Require listen address and advertise address to be an IP address or an interface name
Hostnames are not supported for now because libnetwork can't use them
for overlay networking yet.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:10:02 +00:00
Aaron Lehmann 18cd5ac352 Split advertised address from listen address
There are currently problems with "swarm init" and "swarm join" when an
explicit --listen-addr flag is not provided. swarmkit defaults to
finding the IP address associated with the default route, and in cloud
setups this is often the wrong choice.

Introduce a notion of "advertised address", with the client flag
--advertise-addr, and the daemon flag --swarm-default-advertise-addr to
provide a default. The default listening address is now 0.0.0.0, but a
valid advertised address must be detected or specified.

If no explicit advertised address is specified, error out if there is
more than one usable candidate IP address on the system. This requires a
user to explicitly choose instead of letting swarmkit make the wrong
choice. For the purposes of this autodetection, we ignore certain
interfaces that are unlikely to be relevant (currently docker*).

The user is also required to choose a listen address on swarm init if
they specify an explicit advertise address that is a hostname or an IP
address that's not local to the system. This is a requirement for
overlay networking.

Also support specifying interface names to --listen-addr,
--advertise-addr, and the daemon flag --swarm-default-advertise-addr.
This will fail if the interface has multiple IP addresses (unless it has
a single IPv4 address and a single IPv6 address - then we resolve the
tie in favor of IPv4).

This change also exposes the node's externally-reachable address in
docker info, as requested by #24017.

Make corresponding API and CLI docs changes.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:10:02 +00:00
Vincent Demeester 871366c8b4 Update swarm init task-history-limit docs
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:10:02 +00:00
Aaron Lehmann 012fa2fd1b Update --update-parallelism docs
Update documentation to account for the changes in #24952.

docs/swarm/swarm-tutorial/rolling-update.md doesn't need any changes,
but the CLI reference pages should show the current help text.
drain-node.md no longer needs to specify --update-parallelism 1 in its
example.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:10:02 +00:00
Sebastiaan van Stijn 2a87a358d4 Remove "secrets" leftovers from docs
f5e1f6f6880391a5a3399023cf93a3c48502e57d replaced "secrets"
with "join tokens", which also removed the "auto-accept"
policy.

This removes some remaining references to those features.

Note that there are other references, but those
are already addressed in another pull request.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:02 +00:00
Vincent Demeester 2f9e9bcbaa Append --registry-auth with with
`--with-registry-auth` is more explicit.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:10:02 +00:00
Aaron Lehmann acf0bc4b9a Replace secrets with join tokens
Implement the proposal from
https://github.com/docker/docker/issues/24430#issuecomment-233100121

Removes acceptance policy and secret in favor of an automatically
generated join token that combines the secret, CA hash, and
manager/worker role into a single opaque string.

Adds a docker swarm join-token subcommand to inspect and rotate the
tokens.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:10:02 +00:00
Yong Tang d1228a75e1 Extend deprecation cycle to 3 releases by default
At the moment docker's deprecation policy is 2 release cycles by
default, which is around 5 months. This may not be enough for
production environment and there is a need to extend the
deprecation cycle to 3 releases (see #24494).

This fix updates the docs/deprecated.md and extend the deprecation
cycle to 3 releases.

This fix is related to #24494 and #24534.

This fix fixes #24534.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:10:02 +00:00
Sebastiaan van Stijn 458ff79b0d docs: improve formatting and highlighting of docker ps reference
this improves the formatting, and code-highlighting
of the `docker ps` reference page, and wraps sentences
to 80 chars

also adds single quotes around the formatting
example for labels.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:01 +00:00
Nishant Totla 49f4d8c083 Send registry auth token for service deploy
Signed-off-by: Nishant Totla <nishanttotla@gmail.com>
2017-06-02 00:10:01 +00:00
Sebastiaan van Stijn 99bf996fdf docs: fix copy/pasta error
Looks like I copied from the line below, not
from the output :)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:01 +00:00
Sebastiaan van Stijn 7a206d8667 docs: add code-hints to builder page
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:01 +00:00
Sebastiaan van Stijn c8dd8fe523 Add missing --log-driver and --log-opt docs
Adds documentation for "--log-driver" and "--log-opt"
for services.

Also updated the API docs to include the new
options, and generated a more complete JSON
example.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:01 +00:00
Sebastiaan van Stijn 338cf2edd8 docs: update reference docs for plugins
the output/response slightly changed in
340964db1c8f161a2ad156023eb47dcc93bf804b,
and `:latest` is no longer required for
various actions.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:01 +00:00
Sebastiaan van Stijn 77f90b24c9 docs: add initial reference for "stack services"
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:01 +00:00
Sebastiaan van Stijn b2d71bfbe1 Rename --bundle to --file
This renames the '--bundle' flag for docker (stack) deploy
to be consistent with 'docker build'.

Note that there's no shorthand '-f' added for now,
because this may be confusing on 'docker stack config',
which also takes a file, and for which we may want to
have a '--format' flag in future.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:01 +00:00
Harry Zhang 2a56732a87 Fix nits in deprecated
Signed-off-by: Harry Zhang <harryz@hyper.sh>
2017-06-02 00:10:01 +00:00
Sebastiaan van Stijn 27584ec78a fix duplicated usage in docs
this removes a copy/pasta whoopsie on my side,
introduced in de64324109d2694b1525e62b5c0072267282a36c

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:01 +00:00
Charles Smith 59b234a119 add ref docs for node label
Signed-off-by: Charles Smith <charles.smith@docker.com>
2017-06-02 00:10:01 +00:00
Vincent Demeester ad98aba1b6 Add documentation for stack commands
Also removes the `-f` flags of bundle to follow the single-letter flags
evaluation.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:10:01 +00:00
Dong Chen ab696a54ef Support node label update.
Signed-off-by: Dong Chen <dongluo.chen@docker.com>
2017-06-02 00:07:51 +00:00
Sebastiaan van Stijn 77e4100d00 Improve flag help consistency, and update docs
This adds the `--live-restore` option to the documentation.

Also synched usage description in the documentation
with the actual description, and re-phrased some
flag descriptions to be a bit more consistent.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:51 +00:00
allencloud eb0a4426e2 better command `docker network create -h` output
Signed-off-by: allencloud <allen.sun@daocloud.io>
2017-06-02 00:07:51 +00:00
Justin Cormack 6a983cc502 Document --oom-score-adj flag in docker run
This was only mentioned in docker create documentation.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-06-02 00:07:51 +00:00
Yanqiang Miao c1a192293e Delete redundant content of 'docs/extend/plugins.md'
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>

Update plugins.md

Update plugins.md
2017-06-02 00:07:51 +00:00
Qiang Huang 28a1369b30 Fix aufs docs
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:07:51 +00:00
Anil Madhavapeddy d41a63b2c0 docs: correct the placement constraints `docker service` example
- the constraint expression needs to be quoted
- add an actual redis container to run so the command line works

Signed-off-by: Anil Madhavapeddy <anil@docker.com>
2017-06-02 00:07:51 +00:00
Vincent Demeester ee88be2801 Update service inspect --pretty reference docs
Update the output and fix wrong usage in a tutorial page.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:51 +00:00
Vincent Demeester fa29084b31 Update service update commandline reference docs
Update with the new remove flags

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:50 +00:00
Justin Cormack 8bc84934fb Expand the documentation of "no-new-privileges"
The change to runc in https://github.com/opencontainers/runc/pull/789
was not documented previously. Also say what this affects and clean
up layout of initial table as there was some miscolouration of the
continuation lines.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-06-02 00:07:50 +00:00
Aaron Lehmann 1210363e0f Use spaces, not tabs, to format sample "swarm join" command
Using tabs here seems to cause copy/paste problems in some terminals.
Using spaces is safer.

Fixes #24609

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:07:50 +00:00
Sebastiaan van Stijn c33bc7d99e Remove shorthand flags for "mount", "pretty", and "no-resolve"
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:50 +00:00
Michael Crosby e3f04f5d20 Add --oom-score-adjust to daemon
This adds an `--oom-score-adjust` flag to the daemon so that the value
provided can be set for the docker daemon's process.  The default value
for the flag is -500.  This will allow the docker daemon to have a
less chance of being killed before containers do.  The default value for
processes is 0 with a min/max of -1000/1000.

-500 is a good middle ground because it is less than the default for
most processes and still not -1000 which basically means never kill this
process in an OOM condition on the host machine.  The only processes on
my machine that have a score less than -500 are dbus at -900 and sshd
and xfce( my window manager ) at -1000.  I don't think docker should be
set lower, by default, than dbus or sshd so that is why I chose -500.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-06-02 00:07:50 +00:00
Vincent Demeester 2e844f5e8d Remove --command flag for service update
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:50 +00:00
Sebastiaan van Stijn dd1708d943 Make labels human readable
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:50 +00:00
Mei ChunTao 17d3e6264a fix the docker run --readonly example. rename '/icanwrite here' to '/icanwrite/here'
Signed-off-by: Mei ChunTao <mei.chuntao@zte.com.cn>
2017-06-02 00:07:50 +00:00
Arnaud Porterie (icecrime) 253a5f4ea2 Rename `--net` to `--network`
Add a `--network` flag which replaces `--net` without deprecating it
yet. The `--net` flag remains hidden and supported.

Add a `--network-alias` flag which replaces `--net-alias` without deprecating
it yet. The `--net-alias` flag remains hidden and supported.

Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
2017-06-02 00:07:50 +00:00
Sebastiaan van Stijn b41c0c8696 Fix some broken sourceforge.net links
Looks like there's issues with sourceforge project
pages. Given that sourceforge isn't really what
it used to be, trying to find alternative URLs
where possible.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:50 +00:00
Sebastiaan van Stijn 9958abc17d Add "auto-accept=none" to documentation
The "none" option was not added to the documentation.
This adds an example, and adds additional information
on manually accepting or rejecting a node.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:50 +00:00
Charles Smith aa3344679a add caveat for network plugins in swarm mode
Signed-off-by: Charles Smith <charles.smith@docker.com>
2017-06-02 00:07:49 +00:00
Derek McGowan 48e659e30c Allow option to override kernel check in overlay2
Add option to skip kernel check for older kernels which have been patched to support multiple lower directories in overlayfs.

Fixes #24023

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2017-06-02 00:07:49 +00:00
johnharris85 2f3e095768 Add support for comma-separated --auto-accept syntax.
Signed-off-by: John Harris <john@johnharris.io>
2017-06-02 00:07:49 +00:00
Qiang Huang 670a0b8077 Soften limitation of update kernel memory
Kernel memory is not allowed to be updated if container is
running, it's not actually a precise kernel limitation.

Before kernel version 4.6, kernel memory will not be accounted
until kernel memory limit is set, if a container created with
kernel memory initialized, kernel memory is accounted as soon
as process created in container, so kernel memory limit update
is allowed afterward. If kernel memory is not initialized,
kernel memory consumed by processes in container will not be
accounted, so we can't update the limit because the account
will be wrong.

So update kernel memory of a running container with kernel memory
initialized is allowed, we should soften the limitation by docker.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:07:49 +00:00
Dave Henderson e8b87f53ec Clarify warning against using build-time variables for secrets
Signed-off-by: Dave Henderson <dhenderson@gmail.com>
2017-06-02 00:07:49 +00:00