Commit Graph

30 Commits

Author SHA1 Message Date
Noah Treuhaft 9810554494 Add daemon option to push foreign layers
The --allow-nondistributable-artifacts daemon option specifies
registries to which foreign layers should be pushed.  (By default,
foreign layers are not pushed to registries.)

Additionally, to make this option effective, foreign layers are now
pulled from the registry if possible, falling back to the URLs in the
image manifest otherwise.

This option is useful when pushing images containing foreign layers to a
registry on an air-gapped network so hosts on that network can pull the
images without connecting to another server.

Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
2017-06-02 00:11:05 +00:00
Brian Goff 20bcf49fb6 Add option to auto-configure blkdev for devmapper
Instead of forcing users to manually configure a block device to use
with devmapper, this gives the user the option to let the devmapper
driver configure a device for them.

Adds several new options to the devmapper storage-opts:

- dm.directlvm_device="" - path to the block device to configure for
  direct-lvm
- dm.thinp_percent=95 - sets the percentage of space to use for
  storage from the passed in block device
- dm.thinp_metapercent=1 - sets the percentage of space to for metadata
  storage from the passed in block device
- dm.thinp_autoextend_threshold=80 - sets the threshold for when `lvm`
  should automatically extend the thin pool as a percentage of the total
  storage space
- dm.thinp_autoextend_percent=20 - sets the percentage to increase the
  thin pool by when an autoextend is triggered.

Defaults are taken from
[here](https://docs.docker.com/engine/userguide/storagedriver/device-mapper-driver/#/configure-direct-lvm-mode-for-production)

The only option that is required is `dm.directlvm_device` for docker to
set everything up.

Changes to these settings are not currently supported and will error
out.
Future work could support allowing changes to these values.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-06-02 00:11:04 +00:00
David Sheets 24b6f3cd6e docs/dockerd: correct authz plugin chain semantics
Signed-off-by: David Sheets <dsheets@docker.com>
2017-06-02 00:11:04 +00:00
Josh Hawn 804858fc6f Deprecate --graph flag; Replace with --data-root
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2017-06-02 00:11:01 +00:00
Aaron.L.Xu 8279870a1f why there are so many mistakes in our repo (up to /cmd)
Signed-off-by: Aaron.L.Xu <likexu@harmonycloud.cn>
2017-06-02 00:10:55 +00:00
Yong Tang 205ebd8d30 Add daemon option --default-shm-size
This fix fixes issue raised in 29492 where it was not
possible to specify a default `--default-shm-size` in daemon
configuration for each `docker run``.

The flag `--default-shm-size` which is reloadable, has been
added to the daemon configuation.
Related docs has been updated.

This fix fixes 29492.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:10:52 +00:00
yuexiao-wang b193004923 Update the manuals of docker and dockerd
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2017-06-02 00:10:46 +00:00
Zhang Wei ef5fb30f61 Add missing "--default-runtime" flag in manpage
Add missing flag and more descriptions in manpage.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:10:46 +00:00
Ben Firshman 2cfcc8a8fa Rename Remote API to Engine API
Implementation of https://github.com/docker/docker/issues/28319

Signed-off-by: Ben Firshman <ben@firshman.co.uk>
2017-06-02 00:10:40 +00:00
Jonathan Boulle 87b3ad76c9 man/docker: wrap lines consistently
Quite a few changes, as it seems like previous wrapping was done
manually, so it's all over the place.

As noted in #28424

Signed-off-by: Jonathan Boulle <jonathanboulle@gmail.com>
2017-06-02 00:10:39 +00:00
bbayani 00f00e726e Updated daemon documentation to clarify that live-restore is not suppoted on windows
Review comment implementation

Signed-off-by: bbayani <bhumikabayani@gmail.com>
2017-06-02 00:10:38 +00:00
Jonathan Boulle 0ceda7965d man page: consistent indents for flag descriptions
Signed-off-by: Jonathan Boulle <jonathanboulle@gmail.com>
2017-06-02 00:10:38 +00:00
Antonio Murdaca 9ba2472a0b daemon: add a flag to override the default seccomp profile
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:10:32 +00:00
Kenfe-Mickael Laventure 47b507e48a Make experimental a runtime flag
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-06-02 00:10:28 +00:00
Yong Tang ef158e3e0a Add config parameter to change stop timeout during daemon shutdown
This fix tries to add a daemon config parameter `--shutdown-timeout`
that specifies the timeout value to stop containers gracefully
(before SIGKILL). The default value is 15s.

The `--shutdown-timeout` parameter is added to daemon options and
config file. It will also be updated during daemon reload.

Additional test cases have been added to cover the change.

This fix fixes #22471.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:10:25 +00:00
Antonio Murdaca e9cb71acbb daemon: add --userland-proxy-path flag
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:10:12 +00:00
Antonio Murdaca c17012948e configure docker-init binary path
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:10:12 +00:00
Sebastiaan van Stijn 1f015b1700 Update man page for dm.xfs_nospace_max_retries
This option was added through commit
0d03c060c7e6800e60833c4462b917ee9b081440,
but didn't update the man page.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:11 +00:00
Michael Crosby d72deed554 Add init process for zombie fighting
This adds a small C binary for fighting zombies.  It is mounted under
`/dev/init` and is prepended to the args specified by the user.  You
enable it via a daemon flag, `dockerd --init`, as it is disable by
default for backwards compat.

You can also override the daemon option or specify this on a per
container basis with `docker run --init=true|false`.

You can test this by running a process like this as the pid 1 in a
container and see the extra zombie that appears in the container as it
is running.

```c

int main(int argc, char ** argv) {
	pid_t pid = fork();
	if (pid == 0) {
		pid = fork();
		if (pid == 0) {
			exit(0);
		}
		sleep(3);
		exit(0);
	}
	printf("got pid %d and exited\n", pid);
	sleep(20);
}
```

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-06-02 00:10:10 +00:00
Dan Walsh 5f30004f08 Linux upstream kernel Overlay file systems support SELinux
Remove checks that prevent overlay and SELinux from working together.
Fixes are arriving in the 4.9 kernel.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2017-06-02 00:10:08 +00:00
Aaron Lehmann 1918ec3987 Require listen address and advertise address to be an IP address or an interface name
Hostnames are not supported for now because libnetwork can't use them
for overlay networking yet.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:10:02 +00:00
Aaron Lehmann 18cd5ac352 Split advertised address from listen address
There are currently problems with "swarm init" and "swarm join" when an
explicit --listen-addr flag is not provided. swarmkit defaults to
finding the IP address associated with the default route, and in cloud
setups this is often the wrong choice.

Introduce a notion of "advertised address", with the client flag
--advertise-addr, and the daemon flag --swarm-default-advertise-addr to
provide a default. The default listening address is now 0.0.0.0, but a
valid advertised address must be detected or specified.

If no explicit advertised address is specified, error out if there is
more than one usable candidate IP address on the system. This requires a
user to explicitly choose instead of letting swarmkit make the wrong
choice. For the purposes of this autodetection, we ignore certain
interfaces that are unlikely to be relevant (currently docker*).

The user is also required to choose a listen address on swarm init if
they specify an explicit advertise address that is a hostname or an IP
address that's not local to the system. This is a requirement for
overlay networking.

Also support specifying interface names to --listen-addr,
--advertise-addr, and the daemon flag --swarm-default-advertise-addr.
This will fail if the interface has multiple IP addresses (unless it has
a single IPv4 address and a single IPv6 address - then we resolve the
tie in favor of IPv4).

This change also exposes the node's externally-reachable address in
docker info, as requested by #24017.

Make corresponding API and CLI docs changes.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:10:02 +00:00
Sebastiaan van Stijn 77e4100d00 Improve flag help consistency, and update docs
This adds the `--live-restore` option to the documentation.

Also synched usage description in the documentation
with the actual description, and re-phrased some
flag descriptions to be a bit more consistent.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:51 +00:00
Antonio Murdaca fac7c67349 man: add missing --add-runtime
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:48 +00:00
Michael Crosby bfe4e46682 Add --live-restore flag
This flags enables full support of daemonless containers in docker.  It
ensures that docker does not stop containers on shutdown or restore and
properly reconnects to the container when restarted.

This is not the default because of backwards compat but should be the
desired outcome for people running containers in prod.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-06-02 00:07:43 +00:00
Derek McGowan e7fa3c6279 Add documentation for using overlay2
Add mention in dockerd command line and storage driver selection documentation.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2017-06-02 00:07:43 +00:00
John Howard 6d54461bd8 Windows: Default to Hyper-V Containers on client
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-06-02 00:07:39 +00:00
Yong Tang 9bc4cd536e Docker pull/push with max concurrency limits.
This fix tries to address issues raised in #20936 and #22443
where `docker pull` or `docker push` fails because of the
concurrent connection failing.
Currently, the number of maximum concurrent connections is
controlled by `maxDownloadConcurrency` and `maxUploadConcurrency`
which are hardcoded to 3 and 5 respectively. Therefore, in
situations where network connections don't support multiple
downloads/uploads, failures may encounter for `docker push`
or `docker pull`.

This fix tries changes `maxDownloadConcurrency` and
`maxUploadConcurrency` to adjustable by passing
`--max-concurrent-uploads` and `--max-concurrent-downloads` to
`docker daemon` command.

The documentation related to docker daemon has been updated.

Additional test case have been added to cover the changes in this fix.

This fix fixes #20936. This fix fixes #22443.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:38 +00:00
Zhu Guihua f440f14613 Add disk quota support for btrfs
Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
2017-06-02 00:07:37 +00:00
Wen Cheng Ma bdfe7963f2 Update the `docker daemon` to `dockerd` for document
Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com>
2017-06-02 00:07:37 +00:00
Renamed from man/docker-daemon.8.md (Browse further)