Commit Graph

1811 Commits

Author SHA1 Message Date
Justin Cormack 8bc84934fb Expand the documentation of "no-new-privileges"
The change to runc in https://github.com/opencontainers/runc/pull/789
was not documented previously. Also say what this affects and clean
up layout of initial table as there was some miscolouration of the
continuation lines.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-06-02 00:07:50 +00:00
Aaron Lehmann 1210363e0f Use spaces, not tabs, to format sample "swarm join" command
Using tabs here seems to cause copy/paste problems in some terminals.
Using spaces is safer.

Fixes #24609

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:07:50 +00:00
Harald Albers 94092e24a7 bash completion for `docker daemon --oom-score-adjust`
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:50 +00:00
Sebastiaan van Stijn c33bc7d99e Remove shorthand flags for "mount", "pretty", and "no-resolve"
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:50 +00:00
Michael Crosby e3f04f5d20 Add --oom-score-adjust to daemon
This adds an `--oom-score-adjust` flag to the daemon so that the value
provided can be set for the docker daemon's process.  The default value
for the flag is -500.  This will allow the docker daemon to have a
less chance of being killed before containers do.  The default value for
processes is 0 with a min/max of -1000/1000.

-500 is a good middle ground because it is less than the default for
most processes and still not -1000 which basically means never kill this
process in an OOM condition on the host machine.  The only processes on
my machine that have a score less than -500 are dbus at -900 and sshd
and xfce( my window manager ) at -1000.  I don't think docker should be
set lower, by default, than dbus or sshd so that is why I chose -500.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-06-02 00:07:50 +00:00
Vincent Demeester 2e844f5e8d Remove --command flag for service update
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:50 +00:00
Sebastiaan van Stijn dd1708d943 Make labels human readable
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:50 +00:00
Harald Albers 5ad5dc4baf Change bash completion for `docker run --net*` to `--network*`
Ref: https://github.com/docker/docker/pull/23324

Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:50 +00:00
Harald Albers a94dee25fc Update bash completion for `docker service {create,update} {--mode,--endpoint-mode}`
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:50 +00:00
Harald Albers 2364392ded bash completion for `docker service {create,update} --registry-auth`
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:50 +00:00
Mei ChunTao 17d3e6264a fix the docker run --readonly example. rename '/icanwrite here' to '/icanwrite/here'
Signed-off-by: Mei ChunTao <mei.chuntao@zte.com.cn>
2017-06-02 00:07:50 +00:00
Arnaud Porterie (icecrime) 253a5f4ea2 Rename `--net` to `--network`
Add a `--network` flag which replaces `--net` without deprecating it
yet. The `--net` flag remains hidden and supported.

Add a `--network-alias` flag which replaces `--net-alias` without deprecating
it yet. The `--net-alias` flag remains hidden and supported.

Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
2017-06-02 00:07:50 +00:00
Sebastiaan van Stijn b41c0c8696 Fix some broken sourceforge.net links
Looks like there's issues with sourceforge project
pages. Given that sourceforge isn't really what
it used to be, trying to find alternative URLs
where possible.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:50 +00:00
Sebastiaan van Stijn 9958abc17d Add "auto-accept=none" to documentation
The "none" option was not added to the documentation.
This adds an example, and adds additional information
on manually accepting or rejecting a node.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:50 +00:00
Charles Smith aa3344679a add caveat for network plugins in swarm mode
Signed-off-by: Charles Smith <charles.smith@docker.com>
2017-06-02 00:07:49 +00:00
Derek McGowan 48e659e30c Allow option to override kernel check in overlay2
Add option to skip kernel check for older kernels which have been patched to support multiple lower directories in overlayfs.

Fixes #24023

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2017-06-02 00:07:49 +00:00
johnharris85 2f3e095768 Add support for comma-separated --auto-accept syntax.
Signed-off-by: John Harris <john@johnharris.io>
2017-06-02 00:07:49 +00:00
Qiang Huang 670a0b8077 Soften limitation of update kernel memory
Kernel memory is not allowed to be updated if container is
running, it's not actually a precise kernel limitation.

Before kernel version 4.6, kernel memory will not be accounted
until kernel memory limit is set, if a container created with
kernel memory initialized, kernel memory is accounted as soon
as process created in container, so kernel memory limit update
is allowed afterward. If kernel memory is not initialized,
kernel memory consumed by processes in container will not be
accounted, so we can't update the limit because the account
will be wrong.

So update kernel memory of a running container with kernel memory
initialized is allowed, we should soften the limitation by docker.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:07:49 +00:00
Dave Henderson e8b87f53ec Clarify warning against using build-time variables for secrets
Signed-off-by: Dave Henderson <dhenderson@gmail.com>
2017-06-02 00:07:49 +00:00
Joao Fernandes 46b571999d Fixes broken link in docs.
Fixes #24428

Signed-off-by: Joao Fernandes <joao.fernandes@docker.com>
2017-06-02 00:07:49 +00:00
Harald Albers 2082c976e8 bash completion for default port on `docker swarm {init,join}`
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:49 +00:00
Harald Albers 14f578eb92 bash completion can be configured to show node and service IDs
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:49 +00:00
Harald Albers e417618387 bash completion for `docker {service,node}` filters
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:49 +00:00
Charles Smith bf31e188d9 add constraint to service create ref
Signed-off-by: Charles Smith <charles.smith@docker.com>
2017-06-02 00:07:49 +00:00
Sebastiaan van Stijn 59e2c57540 add iptables=false to docs for multiple daemons
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:49 +00:00
Vincent Demeester 3ebe3fe752 Updates on cli reference documentation
- Update ps with `--last` flag
- Update commands with current output
- Make sure hugo does not detect the wrong language
- Update usage for `tag` command to be more coherent with the other ones

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:49 +00:00
Aaron Lehmann e632408a37 Generate a swarm joining secret if none is specified
The current behavior of `docker swarm init` is to set up a swarm that
has no secret for joining, and does not require manual acceptance for
workers. Since workers may sometimes receive sensitive data such as pull
credentials, it makes sense to harden the defaults.

This change makes `docker swarm init` generate a random secret if none
is provided, and print it to the terminal. This secret will be needed to
join workers or managers to the swarm. In addition to improving access
control to the cluster, this setup removes an avenue for
denial-of-service attacks, since the secret is necessary to even create
an entry in the node list.

`docker swarm init --secret ""` will set up a swarm without a secret,
matching the old behavior. `docker swarm update --secret ""` removes the
automatically generated secret after `docker swarm init`.

Closes #23785

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:07:49 +00:00
Vincent Demeester de7c6a8355 Use "on-failure" for both containers and services
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:49 +00:00
Anil Madhavapeddy 20859b146b make `docker service --help` text for `--endpoint-mode` more consistent
Previously:

```
      --constraint value             Placement constraints (default [])
      --endpoint-mode string         Endpoint mode(Valid values: vip, dnsrr)
<snip>
      --restart-condition string     Restart when condition is met (none, on_failure, or any)
```

Now:

```
      --constraint value             Placement constraints (default [])
      --endpoint-mode string         Endpoint mode (vip or dnsrr)
<snip>
      --restart-condition string     Restart when condition is met (none, on_failure, or any)
```

Signed-off-by: Anil Madhavapeddy <anil@docker.com>
2017-06-02 00:07:49 +00:00
Yong Tang cab7139a4b Change NAME to HOSTNAME in docs for `docker node ls`
In #24159, the title field of `docker node ls` has been
changed from NAME to HOSTNAME. However, in the docs the
NAMEs are still used for the output of `docker node ls`.

This fix updates docs so that NAME field is changed to
HOSTNAME for all `docker node ls`.

This fix is related to #24159 and #24090.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:07:48 +00:00
Jonathan Lomas 06683c5ea3 Remove unmatched bracket from _docker for zsh
Signed-off-by: Jonathan Lomas <jonathan@floatinglomas.ca>
2017-06-02 00:07:48 +00:00
Vincent Demeester 6abf924253 Merge pull request #24325 from Anvil/plugins_volume.md-unqiue
Fixed typo: s/unqiue/unique/g
(cherry picked from commit 84aa074d18d2f75f54564f21c2b5c0d1bcddd23f)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:48 +00:00
skaasten 1ba0a354fe Fix typo - stacks being managed, not tasks? 2017-06-02 00:07:48 +00:00
Steve Durrheimer c51671ccb9 Add zsh completion for 'docker service' commands
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
2017-06-02 00:07:48 +00:00
Steve Durrheimer 649b3e132d Add zsh completion for 'docker daemon --runtimes' and 'docker run --runtime'
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
2017-06-02 00:07:48 +00:00
Steve Durrheimer b1ea724ae6 Add zsh completion for 'docker plugin' commands
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
2017-06-02 00:07:48 +00:00
Steve Durrheimer e31b0e691a Add zsh completion for 'docker swarm' commands
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
2017-06-02 00:07:48 +00:00
Steve Durrheimer 825b9a3b33 Add zsh completion for 'docker node' commands
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
2017-06-02 00:07:48 +00:00
Otto Kekäläinen 8e2c3efc58 Fix spelling in comments, strings and documentation
Signed-off-by: Otto Kekäläinen <otto@seravo.fi>
2017-06-02 00:07:48 +00:00
Steve Durrheimer 0f61955bdb Add zsh completion for 'docker ps --last'
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
2017-06-02 00:07:48 +00:00
Harald Albers ec37a0b192 Add bash completion for `docker ps --last`
Signed-off-by: Harald Albers <github@albersweb.de>
2017-06-02 00:07:48 +00:00
Antonio Murdaca fac7c67349 man: add missing --add-runtime
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:48 +00:00
Adolfo Ochagavía cbfebbb25a Fix typo
Signed-off-by: Adolfo Ochagavía <aochagavia92@gmail.com>
2017-06-02 00:07:48 +00:00
Sebastiaan van Stijn b4a798e983 fix typo in "readonly" flag in documentation
the flag is named '--read-only', not '--readonly'

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:48 +00:00
Alan Thompson bd67dfdd33 Update network_create.md
minor typos and punctuation.

Signed-off-by: Alan Thompson <cloojure@gmail.com>
2017-06-02 00:07:47 +00:00
Aaron Lehmann ca0240f9c2 Fix --auto-accept documentation
The --auto-accept documentation currently says that both worker and
manager nodes are automatically accepted by default. Correct it.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:07:47 +00:00
Charles Smith a3b4cd7d99 add menu.md, make index.md command line reference, update typos/minor errors in cli docs
Signed-off-by: Charles Smith <charles.smith@docker.com>
2017-06-02 00:07:47 +00:00
Sebastiaan van Stijn b9505045d9 rename desired_state filter to desired-state
For consistency with other filters (such as
"is-official"), this renames the desired_state
filter to "desired-state".

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:47 +00:00
Nicola Kabar f68b707d60 [Docs] clarified local volume driver docs
Signed-off-by: Nico <nicolaka@gmail.com>
2017-06-02 00:07:47 +00:00
Aaron Lehmann 4721039d71 Add documentation for external CA features in API/CLI
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-02 00:07:47 +00:00