From 60157695d99d1af48b49d044a9db2a61493161cf Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Mon, 8 Jun 2015 10:48:20 -0700 Subject: [PATCH 001/398] Moving man pages out of docs Adding in other areas per comments Updating with comments; equalizing generating man page info Updating with duglin's comments Doug is right here again;fixing. Signed-off-by: Mary Anthony --- Dockerfile | 7 + Dockerfile.5.md | 329 ++++++++++++++++++++++ README.md | 44 +++ docker-attach.1.md | 70 +++++ docker-build.1.md | 215 +++++++++++++++ docker-commit.1.md | 59 ++++ docker-cp.1.md | 70 +++++ docker-create.1.md | 246 +++++++++++++++++ docker-diff.1.md | 49 ++++ docker-events.1.md | 86 ++++++ docker-exec.1.md | 51 ++++ docker-export.1.md | 44 +++ docker-history.1.md | 51 ++++ docker-images.1.md | 84 ++++++ docker-import.1.md | 59 ++++ docker-info.1.md | 49 ++++ docker-inspect.1.md | 267 ++++++++++++++++++ docker-kill.1.md | 28 ++ docker-load.1.md | 45 +++ docker-login.1.md | 51 ++++ docker-logout.1.md | 32 +++ docker-logs.1.md | 55 ++++ docker-pause.1.md | 30 ++ docker-port.1.md | 47 ++++ docker-ps.1.md | 91 ++++++ docker-pull.1.md | 73 +++++ docker-push.1.md | 51 ++++ docker-rename.1.md | 13 + docker-restart.1.md | 26 ++ docker-rm.1.md | 56 ++++ docker-rmi.1.md | 42 +++ docker-run.1.md | 658 ++++++++++++++++++++++++++++++++++++++++++++ docker-save.1.md | 45 +++ docker-search.1.md | 65 +++++ docker-start.1.md | 34 +++ docker-stats.1.md | 31 +++ docker-stop.1.md | 30 ++ docker-tag.1.md | 65 +++++ docker-top.1.md | 33 +++ docker-unpause.1.md | 27 ++ docker-version.1.md | 15 + docker-wait.1.md | 30 ++ docker.1.md | 393 ++++++++++++++++++++++++++ md2man-all.sh | 22 ++ 44 files changed, 3868 insertions(+) create mode 100644 Dockerfile create mode 100644 Dockerfile.5.md create mode 100644 README.md create mode 100644 docker-attach.1.md create mode 100644 docker-build.1.md create mode 100644 docker-commit.1.md create mode 100644 docker-cp.1.md create mode 100644 docker-create.1.md create mode 100644 docker-diff.1.md create mode 100644 docker-events.1.md create mode 100644 docker-exec.1.md create mode 100644 docker-export.1.md create mode 100644 docker-history.1.md create mode 100644 docker-images.1.md create mode 100644 docker-import.1.md create mode 100644 docker-info.1.md create mode 100644 docker-inspect.1.md create mode 100644 docker-kill.1.md create mode 100644 docker-load.1.md create mode 100644 docker-login.1.md create mode 100644 docker-logout.1.md create mode 100644 docker-logs.1.md create mode 100644 docker-pause.1.md create mode 100644 docker-port.1.md create mode 100644 docker-ps.1.md create mode 100644 docker-pull.1.md create mode 100644 docker-push.1.md create mode 100644 docker-rename.1.md create mode 100644 docker-restart.1.md create mode 100644 docker-rm.1.md create mode 100644 docker-rmi.1.md create mode 100644 docker-run.1.md create mode 100644 docker-save.1.md create mode 100644 docker-search.1.md create mode 100644 docker-start.1.md create mode 100644 docker-stats.1.md create mode 100644 docker-stop.1.md create mode 100644 docker-tag.1.md create mode 100644 docker-top.1.md create mode 100644 docker-unpause.1.md create mode 100644 docker-version.1.md create mode 100644 docker-wait.1.md create mode 100644 docker.1.md create mode 100755 md2man-all.sh diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000000..9910bd48f908 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,7 @@ +FROM golang:1.3 +RUN mkdir -p /go/src/github.com/cpuguy83 +RUN mkdir -p /go/src/github.com/cpuguy83 \ + && git clone -b v1 https://github.com/cpuguy83/go-md2man.git /go/src/github.com/cpuguy83/go-md2man \ + && cd /go/src/github.com/cpuguy83/go-md2man \ + && go get -v ./... +CMD ["/go/bin/go-md2man", "--help"] diff --git a/Dockerfile.5.md b/Dockerfile.5.md new file mode 100644 index 000000000000..b4ef771a45e4 --- /dev/null +++ b/Dockerfile.5.md @@ -0,0 +1,329 @@ +% DOCKERFILE(5) Docker User Manuals +% Zac Dover +% May 2014 +# NAME + +Dockerfile - automate the steps of creating a Docker image + +# INTRODUCTION + +The **Dockerfile** is a configuration file that automates the steps of creating +a Docker image. It is similar to a Makefile. Docker reads instructions from the +**Dockerfile** to automate the steps otherwise performed manually to create an +image. To build an image, create a file called **Dockerfile**. + +The **Dockerfile** describes the steps taken to assemble the image. When the +**Dockerfile** has been created, call the `docker build` command, using the +path of directory that contains **Dockerfile** as the argument. + +# SYNOPSIS + +INSTRUCTION arguments + +For example: + + FROM image + +# DESCRIPTION + +A Dockerfile is a file that automates the steps of creating a Docker image. +A Dockerfile is similar to a Makefile. + +# USAGE + + docker build . + + -- Runs the steps and commits them, building a final image. + The path to the source repository defines where to find the context of the + build. The build is run by the Docker daemon, not the CLI. The whole + context must be transferred to the daemon. The Docker CLI reports + `"Sending build context to Docker daemon"` when the context is sent to the + daemon. + + ``` + docker build -t repository/tag . + ``` + + -- specifies a repository and tag at which to save the new image if the build + succeeds. The Docker daemon runs the steps one-by-one, committing the result + to a new image if necessary, before finally outputting the ID of the new + image. The Docker daemon automatically cleans up the context it is given. + + Docker re-uses intermediate images whenever possible. This significantly + accelerates the *docker build* process. + +# FORMAT + + `FROM image` + + `FROM image:tag` + + -- The **FROM** instruction sets the base image for subsequent instructions. A + valid Dockerfile must have **FROM** as its first instruction. The image can be any + valid image. It is easy to start by pulling an image from the public + repositories. + + -- **FROM** must be the first non-comment instruction in Dockerfile. + + -- **FROM** may appear multiple times within a single Dockerfile in order to create + multiple images. Make a note of the last image ID output by the commit before + each new **FROM** command. + + -- If no tag is given to the **FROM** instruction, Docker applies the + `latest` tag. If the used tag does not exist, an error is returned. + +**MAINTAINER** + -- **MAINTAINER** sets the Author field for the generated images. + +**RUN** + -- **RUN** has two forms: + + ``` + # the command is run in a shell - /bin/sh -c + RUN + + # Executable form + RUN ["executable", "param1", "param2"] + ``` + + + -- The **RUN** instruction executes any commands in a new layer on top of the current + image and commits the results. The committed image is used for the next step in + Dockerfile. + + -- Layering **RUN** instructions and generating commits conforms to the core + concepts of Docker where commits are cheap and containers can be created from + any point in the history of an image. This is similar to source control. The + exec form makes it possible to avoid shell string munging. The exec form makes + it possible to **RUN** commands using a base image that does not contain `/bin/sh`. + + Note that the exec form is parsed as a JSON array, which means that you must + use double-quotes (") around words not single-quotes ('). + +**CMD** + -- **CMD** has three forms: + + ``` + # Executable form + CMD ["executable", "param1", "param2"]` + + # Provide default arguments to ENTRYPOINT + CMD ["param1", "param2"]` + + # the command is run in a shell - /bin/sh -c + CMD command param1 param2 + ``` + + -- There can be only one **CMD** in a Dockerfile. If more than one **CMD** is listed, only + the last **CMD** takes effect. + The main purpose of a **CMD** is to provide defaults for an executing container. + These defaults may include an executable, or they can omit the executable. If + they omit the executable, an **ENTRYPOINT** must be specified. + When used in the shell or exec formats, the **CMD** instruction sets the command to + be executed when running the image. + If you use the shell form of the **CMD**, the `` executes in `/bin/sh -c`: + + Note that the exec form is parsed as a JSON array, which means that you must + use double-quotes (") around words not single-quotes ('). + + ``` + FROM ubuntu + CMD echo "This is a test." | wc - + ``` + + -- If you run **command** without a shell, then you must express the command as a + JSON array and give the full path to the executable. This array form is the + preferred form of **CMD**. All additional parameters must be individually expressed + as strings in the array: + + ``` + FROM ubuntu + CMD ["/usr/bin/wc","--help"] + ``` + + -- To make the container run the same executable every time, use **ENTRYPOINT** in + combination with **CMD**. + If the user specifies arguments to `docker run`, the specified commands + override the default in **CMD**. + Do not confuse **RUN** with **CMD**. **RUN** runs a command and commits the result. + **CMD** executes nothing at build time, but specifies the intended command for + the image. + +**LABEL** + -- `LABEL [=] [[=] ...]` + The **LABEL** instruction adds metadata to an image. A **LABEL** is a + key-value pair. To include spaces within a **LABEL** value, use quotes and + backslashes as you would in command-line parsing. + + ``` + LABEL "com.example.vendor"="ACME Incorporated" + ``` + + An image can have more than one label. To specify multiple labels, separate + each key-value pair by a space. + + Labels are additive including `LABEL`s in `FROM` images. As the system + encounters and then applies a new label, new `key`s override any previous + labels with identical keys. + + To display an image's labels, use the `docker inspect` command. + +**EXPOSE** + -- `EXPOSE [...]` + The **EXPOSE** instruction informs Docker that the container listens on the + specified network ports at runtime. Docker uses this information to + interconnect containers using links, and to set up port redirection on the host + system. + +**ENV** + -- `ENV ` + The **ENV** instruction sets the environment variable to + the value ``. This value is passed to all future + RUN, **ENTRYPOINT**, and **CMD** instructions. This is + functionally equivalent to prefixing the command with `=`. The + environment variables that are set with **ENV** persist when a container is run + from the resulting image. Use `docker inspect` to inspect these values, and + change them using `docker run --env =`. + + Note that setting "`ENV DEBIAN_FRONTEND noninteractive`" may cause + unintended consequences, because it will persist when the container is run + interactively, as with the following command: `docker run -t -i image bash` + +**ADD** + -- **ADD** has two forms: + + ``` + ADD + + # Required for paths with whitespace + ADD ["",... ""] + ``` + + The **ADD** instruction copies new files, directories + or remote file URLs to the filesystem of the container at path ``. + Multiple `` resources may be specified but if they are files or directories + then they must be relative to the source directory that is being built + (the context of the build). The `` is the absolute path, or path relative + to **WORKDIR**, into which the source is copied inside the target container. + All new files and directories are created with mode 0755 and with the uid + and gid of **0**. + +**COPY** + -- **COPY** has two forms: + + ``` + COPY + + # Required for paths with whitespace + COPY ["",... ""] + ``` + + The **COPY** instruction copies new files from `` and + adds them to the filesystem of the container at path . The `` must be + the path to a file or directory relative to the source directory that is + being built (the context of the build) or a remote file URL. The `` is an + absolute path, or a path relative to **WORKDIR**, into which the source will + be copied inside the target container. All new files and directories are + created with mode **0755** and with the uid and gid of **0**. + +**ENTRYPOINT** + -- **ENTRYPOINT** has two forms: + + ``` + # executable form + ENTRYPOINT ["executable", "param1", "param2"]` + + # run command in a shell - /bin/sh -c + ENTRYPOINT command param1 param2 + ``` + + -- An **ENTRYPOINT** helps you configure a + container that can be run as an executable. When you specify an **ENTRYPOINT**, + the whole container runs as if it was only that executable. The **ENTRYPOINT** + instruction adds an entry command that is not overwritten when arguments are + passed to docker run. This is different from the behavior of CMD. This allows + arguments to be passed to the entrypoint, for instance `docker run -d` + passes the -d argument to the **ENTRYPOINT**. Specify parameters either in the + **ENTRYPOINT** JSON array (as in the preferred exec form above), or by using a **CMD** + statement. Parameters in the **ENTRYPOINT** are not overwritten by the docker run + arguments. Parameters specified via **CMD** are overwritten by docker run + arguments. Specify a plain string for the **ENTRYPOINT**, and it will execute in + `/bin/sh -c`, like a **CMD** instruction: + + ``` + FROM ubuntu + ENTRYPOINT wc -l - + ``` + + This means that the Dockerfile's image always takes stdin as input (that's + what "-" means), and prints the number of lines (that's what "-l" means). To + make this optional but default, use a **CMD**: + + ``` + FROM ubuntu + CMD ["-l", "-"] + ENTRYPOINT ["/usr/bin/wc"] + ``` + +**VOLUME** + -- `VOLUME ["/data"]` + The **VOLUME** instruction creates a mount point with the specified name and marks + it as holding externally-mounted volumes from the native host or from other + containers. + +**USER** + -- `USER daemon` + Sets the username or UID used for running subsequent commands. + + The **USER** instruction can optionally be used to set the group or GID. The + followings examples are all valid: + USER [user | user:group | uid | uid:gid | user:gid | uid:group ] + + Until the **USER** instruction is set, instructions will be run as root. The USER + instruction can be used any number of times in a Dockerfile, and will only affect + subsequent commands. + +**WORKDIR** + -- `WORKDIR /path/to/workdir` + The **WORKDIR** instruction sets the working directory for the **RUN**, **CMD**, + **ENTRYPOINT**, **COPY** and **ADD** Dockerfile commands that follow it. It can + be used multiple times in a single Dockerfile. Relative paths are defined + relative to the path of the previous **WORKDIR** instruction. For example: + + ``` + WORKDIR /a + WORKDIR b + WORKDIR c + RUN pwd + ``` + + In the above example, the output of the **pwd** command is **a/b/c**. + +**ONBUILD** + -- `ONBUILD [INSTRUCTION]` + The **ONBUILD** instruction adds a trigger instruction to an image. The + trigger is executed at a later time, when the image is used as the base for + another build. Docker executes the trigger in the context of the downstream + build, as if the trigger existed immediately after the **FROM** instruction in + the downstream Dockerfile. + + You can register any build instruction as a trigger. A trigger is useful if + you are defining an image to use as a base for building other images. For + example, if you are defining an application build environment or a daemon that + is customized with a user-specific configuration. + + Consider an image intended as a reusable python application builder. It must + add application source code to a particular directory, and might need a build + script called after that. You can't just call **ADD** and **RUN** now, because + you don't yet have access to the application source code, and it is different + for each application build. + + -- Providing application developers with a boilerplate Dockerfile to copy-paste + into their application is inefficient, error-prone, and + difficult to update because it mixes with application-specific code. + The solution is to use **ONBUILD** to register instructions in advance, to + run later, during the next build stage. + +# HISTORY +*May 2014, Compiled by Zac Dover (zdover at redhat dot com) based on docker.com Dockerfile documentation. +*Feb 2015, updated by Brian Goff (cpuguy83@gmail.com) for readability diff --git a/README.md b/README.md new file mode 100644 index 000000000000..9a5ed7eb55b7 --- /dev/null +++ b/README.md @@ -0,0 +1,44 @@ +Docker Documentation +==================== + +This directory contains the Docker user manual in the Markdown format. +Do *not* edit the man pages in the man1 directory. Instead, amend the +Markdown (*.md) files. + +# Generating man pages from the Markdown files + +The recommended approach for generating the man pages is via a Docker +container using the supplied `Dockerfile` to create an image with the correct +environment. This uses `go-md2man`, a pure Go Markdown to man page generator. + +### Generate the man pages + +On Linux installations, Docker includes a set of man pages you can access by typing `man command-name` on the command line. For example, `man docker` displays the `docker` man page. When using Docker on Mac OSX the man pages are not automatically included. + +You can generate and install the `man` pages yourself by following these steps: + +1. Checkout the `docker` source. + + $ git clone https://github.com/docker/docker.git + + If you are using Boot2Docker, you must clone into your `/Users` directory + because Boot2Docker can only share this path with the docker containers. + +2. Build the docker image. + + $ cd docker/man + $ docker build -t docker/md2man . + +3. Build the man pages. + + $ docker run -v /docker/man:/man:rw -w /man -i docker/md2man /man/md2man-all.sh + + The `md2man` Docker container processes the Markdown files and generates + a `man1` and `man5` subdirectories in the `docker/man` directory. + +4. Copy the generated man pages to `/usr/share/man` + + $ cp -R man* /usr/share/man/ + + + diff --git a/docker-attach.1.md b/docker-attach.1.md new file mode 100644 index 000000000000..1f73d8c9bb6d --- /dev/null +++ b/docker-attach.1.md @@ -0,0 +1,70 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-attach - Attach to a running container + +# SYNOPSIS +**docker attach** +[**--help**]/ +[**--no-stdin**[=*false*]] +[**--sig-proxy**[=*true*]] +CONTAINER + +# DESCRIPTION +The **docker attach** command allows you to attach to a running container using +the container's ID or name, either to view its ongoing output or to control it +interactively. You can attach to the same contained process multiple times +simultaneously, screen sharing style, or quickly view the progress of your +daemonized process. + +You can detach from the container (and leave it running) with `CTRL-p CTRL-q` +(for a quiet exit) or `CTRL-c` which will send a `SIGKILL` to the container. +When you are attached to a container, and exit its main process, the process's +exit code will be returned to the client. + +It is forbidden to redirect the standard input of a `docker attach` command while +attaching to a tty-enabled container (i.e.: launched with `-t`). + +# OPTIONS +**--help** + Print usage statement + +**--no-stdin**=*true*|*false* + Do not attach STDIN. The default is *false*. + +**--sig-proxy**=*true*|*false* + Proxy all received signals to the process (non-TTY mode only). SIGCHLD, SIGKILL, and SIGSTOP are not proxied. The default is *true*. + +# EXAMPLES + +## Attaching to a container + +In this example the top command is run inside a container, from an image called +fedora, in detached mode. The ID from the container is passed into the **docker +attach** command: + + # ID=$(sudo docker run -d fedora /usr/bin/top -b) + # sudo docker attach $ID + top - 02:05:52 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 + Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie + Cpu(s): 0.1%us, 0.2%sy, 0.0%ni, 99.7%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st + Mem: 373572k total, 355560k used, 18012k free, 27872k buffers + Swap: 786428k total, 0k used, 786428k free, 221740k cached + + PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND + 1 root 20 0 17200 1116 912 R 0 0.3 0:00.03 top + + top - 02:05:55 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 + Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie + Cpu(s): 0.0%us, 0.2%sy, 0.0%ni, 99.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st + Mem: 373572k total, 355244k used, 18328k free, 27872k buffers + Swap: 786428k total, 0k used, 786428k free, 221776k cached + + PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND + 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/docker-build.1.md b/docker-build.1.md new file mode 100644 index 000000000000..7a5ceab0e29e --- /dev/null +++ b/docker-build.1.md @@ -0,0 +1,215 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-build - Build a new image from the source code at PATH + +# SYNOPSIS +**docker build** +[**--help**] +[**-f**|**--file**[=*PATH/Dockerfile*]] +[**--force-rm**[=*false*]] +[**--no-cache**[=*false*]] +[**--pull**[=*false*]] +[**-q**|**--quiet**[=*false*]] +[**--rm**[=*true*]] +[**-t**|**--tag**[=*TAG*]] +[**-m**|**--memory**[=*MEMORY*]] +[**--memory-swap**[=*MEMORY-SWAP*]] +[**-c**|**--cpu-shares**[=*0*]] +[**--cpu-period**[=*0*]] +[**--cpu-quota**[=*0*]] +[**--cpuset-cpus**[=*CPUSET-CPUS*]] +[**--cpuset-mems**[=*CPUSET-MEMS*]] +[**--cgroup-parent**[=*CGROUP-PARENT*]] + +PATH | URL | - + +# DESCRIPTION +This will read the Dockerfile from the directory specified in **PATH**. +It also sends any other files and directories found in the current +directory to the Docker daemon. The contents of this directory would +be used by **ADD** commands found within the Dockerfile. + +Warning, this will send a lot of data to the Docker daemon depending +on the contents of the current directory. The build is run by the Docker +daemon, not by the CLI, so the whole context must be transferred to the daemon. +The Docker CLI reports "Sending build context to Docker daemon" when the context is sent to +the daemon. + +When a single Dockerfile is given as the URL, then no context is set. +When a Git repository is set as the **URL**, the repository is used +as context. + +# OPTIONS +**-f**, **--file**=*PATH/Dockerfile* + Path to the Dockerfile to use. If the path is a relative path then it must be relative to the current directory. The file must be within the build context. The default is *Dockerfile*. + +**--force-rm**=*true*|*false* + Always remove intermediate containers, even after unsuccessful builds. The default is *false*. + +**--no-cache**=*true*|*false* + Do not use cache when building the image. The default is *false*. + +**--help** + Print usage statement + +**--pull**=*true*|*false* + Always attempt to pull a newer version of the image. The default is *false*. + +**-q**, **--quiet**=*true*|*false* + Suppress the verbose output generated by the containers. The default is *false*. + +**--rm**=*true*|*false* + Remove intermediate containers after a successful build. The default is *true*. + +**-t**, **--tag**="" + Repository name (and optionally a tag) to be applied to the resulting image in case of success + +**-m**, **--memory**=*MEMORY* + Memory limit + +**--memory-swap**=*MEMORY-SWAP* + Total memory (memory + swap), '-1' to disable swap. + +**-c**, **--cpu-shares**=*0* + CPU shares (relative weight). + + By default, all containers get the same proportion of CPU cycles. You can + change this proportion by adjusting the container's CPU share weighting + relative to the weighting of all other running containers. + + To modify the proportion from the default of 1024, use the **-c** or + **--cpu-shares** flag to set the weighting to 2 or higher. + + The proportion is only applied when CPU-intensive processes are running. + When tasks in one container are idle, the other containers can use the + left-over CPU time. The actual amount of CPU time used varies depending on + the number of containers running on the system. + + For example, consider three containers, one has a cpu-share of 1024 and + two others have a cpu-share setting of 512. When processes in all three + containers attempt to use 100% of CPU, the first container would receive + 50% of the total CPU time. If you add a fourth container with a cpu-share + of 1024, the first container only gets 33% of the CPU. The remaining containers + receive 16.5%, 16.5% and 33% of the CPU. + + On a multi-core system, the shares of CPU time are distributed across the CPU + cores. Even if a container is limited to less than 100% of CPU time, it can + use 100% of each individual CPU core. + + For example, consider a system with more than three cores. If you start one + container **{C0}** with **-c=512** running one process, and another container + **{C1}** with **-c=1024** running two processes, this can result in the following + division of CPU shares: + + PID container CPU CPU share + 100 {C0} 0 100% of CPU0 + 101 {C1} 1 100% of CPU1 + 102 {C1} 2 100% of CPU2 + +**--cpu-period**=*0* + Limit the CPU CFS (Completely Fair Scheduler) period. + + Limit the container's CPU usage. This flag causes the kernel to restrict the + container's CPU usage to the period you specify. + +**--cpu-quota**=*0* + Limit the CPU CFS (Completely Fair Scheduler) quota. + + By default, containers run with the full CPU resource. This flag causes the +kernel to restrict the container's CPU usage to the quota you specify. + +**--cpuset-cpus**=*CPUSET-CPUS* + CPUs in which to allow execution (0-3, 0,1). + +**--cpuset-mems**=*CPUSET-MEMS* + Memory nodes (MEMs) in which to allow execution (-1-3, 0,1). Only effective on + NUMA systems. + + For example, if you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1` +to ensure the processes in your Docker container only use memory from the first +two memory nodes. + +**--cgroup-parent**=*CGROUP-PARENT* + Path to `cgroups` under which the container's `cgroup` are created. + + If the path is not absolute, the path is considered relative to the `cgroups` path of the init process. +Cgroups are created if they do not already exist. + +# EXAMPLES + +## Building an image using a Dockerfile located inside the current directory + +Docker images can be built using the build command and a Dockerfile: + + docker build . + +During the build process Docker creates intermediate images. In order to +keep them, you must explicitly set `--rm=false`. + + docker build --rm=false . + +A good practice is to make a sub-directory with a related name and create +the Dockerfile in that directory. For example, a directory called mongo may +contain a Dockerfile to create a Docker MongoDB image. Likewise, another +directory called httpd may be used to store Dockerfiles for Apache web +server images. + +It is also a good practice to add the files required for the image to the +sub-directory. These files will then be specified with the `COPY` or `ADD` +instructions in the `Dockerfile`. + +Note: If you include a tar file (a good practice), then Docker will +automatically extract the contents of the tar file specified within the `ADD` +instruction into the specified target. + +## Building an image and naming that image + +A good practice is to give a name to the image you are building. There are +no hard rules here but it is best to give the names consideration. + +The **-t**/**--tag** flag is used to rename an image. Here are some examples: + +Though it is not a good practice, image names can be arbitrary: + + docker build -t myimage . + +A better approach is to provide a fully qualified and meaningful repository, +name, and tag (where the tag in this context means the qualifier after +the ":"). In this example we build a JBoss image for the Fedora repository +and give it the version 1.0: + + docker build -t fedora/jboss:1.0 + +The next example is for the "whenry" user repository and uses Fedora and +JBoss and gives it the version 2.1 : + + docker build -t whenry/fedora-jboss:V2.1 + +If you do not provide a version tag then Docker will assign `latest`: + + docker build -t whenry/fedora-jboss + +When you list the images, the image above will have the tag `latest`. + +So renaming an image is arbitrary but consideration should be given to +a useful convention that makes sense for consumers and should also take +into account Docker community conventions. + + +## Building an image using a URL + +This will clone the specified Github repository from the URL and use it +as context. The Dockerfile at the root of the repository is used as +Dockerfile. This only works if the Github repository is a dedicated +repository. + + docker build github.com/scollier/Fedora-Dockerfiles/tree/master/apache + +Note: You can set an arbitrary Git repository via the `git://` schema. + +# HISTORY +March 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/docker-commit.1.md b/docker-commit.1.md new file mode 100644 index 000000000000..5a290682d09f --- /dev/null +++ b/docker-commit.1.md @@ -0,0 +1,59 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-commit - Create a new image from a container's changes + +# SYNOPSIS +**docker commit** +[**-a**|**--author**[=*AUTHOR*]] +[**--help**] +[**-c**|**--change**[= []**]] +[**-m**|**--message**[=*MESSAGE*]] +[**-p**|**--pause**[=*true*]] +CONTAINER [REPOSITORY[:TAG]] + +# DESCRIPTION +Using an existing container's name or ID you can create a new image. + +# OPTIONS +**-a**, **--author**="" + Author (e.g., "John Hannibal Smith ") + +**-c** , **--change**=[] + Apply specified Dockerfile instructions while committing the image + Supported Dockerfile instructions: `CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR` + +**--help** + Print usage statement + +**-m**, **--message**="" + Commit message + +**-p**, **--pause**=*true*|*false* + Pause container during commit. The default is *true*. + +# EXAMPLES + +## Creating a new image from an existing container +An existing Fedora based container has had Apache installed while running +in interactive mode with the bash shell. Apache is also running. To +create a new image run `docker ps` to find the container's ID and then run: + + # docker commit -m="Added Apache to Fedora base image" \ + -a="A D Ministrator" 98bd7fc99854 fedora/fedora_httpd:20 + +## Apply specified Dockerfile instructions while committing the image +If an existing container was created without the DEBUG environment +variable set to "true", you can create a new image based on that +container by first getting the container's ID with `docker ps` and +then running: + + # docker commit -c="ENV DEBUG true" 98bd7fc99854 debug-image + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and in +June 2014, updated by Sven Dowideit +July 2014, updated by Sven Dowideit +Oct 2014, updated by Daniel, Dao Quang Minh diff --git a/docker-cp.1.md b/docker-cp.1.md new file mode 100644 index 000000000000..3cd203a83df2 --- /dev/null +++ b/docker-cp.1.md @@ -0,0 +1,70 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-cp - Copy files or folders from a container's PATH to a HOSTDIR +or to STDOUT. + +# SYNOPSIS +**docker cp** +[**--help**] +CONTAINER:PATH HOSTDIR|- + +# DESCRIPTION + +Copy files or folders from a `CONTAINER:PATH` to the `HOSTDIR` or to `STDOUT`. +The `CONTAINER:PATH` is relative to the root of the container's filesystem. You +can copy from either a running or stopped container. + +The `PATH` can be a file or directory. The `docker cp` command assumes all +`PATH` values start at the `/` (root) directory. This means supplying the +initial forward slash is optional; The command sees +`compassionate_darwin:/tmp/foo/myfile.txt` and +`compassionate_darwin:tmp/foo/myfile.txt` as identical. + +The `HOSTDIR` refers to a directory on the host. If you do not specify an +absolute path for your `HOSTDIR` value, Docker creates the directory relative to +where you run the `docker cp` command. For example, suppose you want to copy the +`/tmp/foo` directory from a container to the `/tmp` directory on your host. If +you run `docker cp` in your `~` (home) directory on the host: + + $ docker cp compassionate_darwin:tmp/foo /tmp + +Docker creates a `/tmp/foo` directory on your host. Alternatively, you can omit +the leading slash in the command. If you execute this command from your home directory: + + $ docker cp compassionate_darwin:tmp/foo tmp + +Docker creates a `~/tmp/foo` subdirectory. + +When copying files to an existing `HOSTDIR`, the `cp` command adds the new files to +the directory. For example, this command: + + $ docker cp sharp_ptolemy:/tmp/foo/myfile.txt /tmp + +Creates a `/tmp/foo` directory on the host containing the `myfile.txt` file. If +you repeat the command but change the filename: + + $ docker cp sharp_ptolemy:/tmp/foo/secondfile.txt /tmp + +Your host's `/tmp/foo` directory will contain both files: + + $ ls /tmp/foo + myfile.txt secondfile.txt + +Finally, use '-' to write the data as a `tar` file to STDOUT. + +# OPTIONS +**--help** + Print usage statement + +# EXAMPLES +An important shell script file, created in a bash shell, is copied from +the exited container to the current dir on the host: + + # docker cp c071f3c3ee81:setup.sh . + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/docker-create.1.md b/docker-create.1.md new file mode 100644 index 000000000000..939fcbc1cf0d --- /dev/null +++ b/docker-create.1.md @@ -0,0 +1,246 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-create - Create a new container + +# SYNOPSIS +**docker create** +[**-a**|**--attach**[=*[]*]] +[**--add-host**[=*[]*]] +[**--blkio-weight**[=*[BLKIO-WEIGHT]*]] +[**-c**|**--cpu-shares**[=*0*]] +[**--cap-add**[=*[]*]] +[**--cap-drop**[=*[]*]] +[**--cidfile**[=*CIDFILE*]] +[**--cpu-period**[=*0*]] +[**--cpuset-cpus**[=*CPUSET-CPUS*]] +[**--cpuset-mems**[=*CPUSET-MEMS*]] +[**--cpu-quota**[=*0*]] +[**--device**[=*[]*]] +[**--dns-search**[=*[]*]] +[**--dns**[=*[]*]] +[**-e**|**--env**[=*[]*]] +[**--entrypoint**[=*ENTRYPOINT*]] +[**--env-file**[=*[]*]] +[**--expose**[=*[]*]] +[**-h**|**--hostname**[=*HOSTNAME*]] +[**--help**] +[**-i**|**--interactive**[=*false*]] +[**--ipc**[=*IPC*]] +[**-l**|**--label**[=*[]*]] +[**--label-file**[=*[]*]] +[**--link**[=*[]*]] +[**--lxc-conf**[=*[]*]] +[**--log-driver**[=*[]*]] +[**--log-opt**[=*[]*]] +[**-m**|**--memory**[=*MEMORY*]] +[**--memory-swap**[=*MEMORY-SWAP*]] +[**--mac-address**[=*MAC-ADDRESS*]] +[**--name**[=*NAME*]] +[**--net**[=*"bridge"*]] +[**--oom-kill-disable**[=*false*]] +[**-P**|**--publish-all**[=*false*]] +[**-p**|**--publish**[=*[]*]] +[**--pid**[=*[]*]] +[**--uts**[=*[]*]] +[**--privileged**[=*false*]] +[**--read-only**[=*false*]] +[**--restart**[=*RESTART*]] +[**--security-opt**[=*[]*]] +[**-t**|**--tty**[=*false*]] +[**-u**|**--user**[=*USER*]] +[**-v**|**--volume**[=*[]*]] +[**--volumes-from**[=*[]*]] +[**-w**|**--workdir**[=*WORKDIR*]] +[**--cgroup-parent**[=*CGROUP-PATH*]] +IMAGE [COMMAND] [ARG...] + +# DESCRIPTION + +Creates a writeable container layer over the specified image and prepares it for +running the specified command. The container ID is then printed to STDOUT. This +is similar to **docker run -d** except the container is never started. You can +then use the **docker start ** command to start the container at +any point. + +The initial status of the container created with **docker create** is 'created'. + +# OPTIONS +**-a**, **--attach**=[] + Attach to STDIN, STDOUT or STDERR. + +**--add-host**=[] + Add a custom host-to-IP mapping (host:ip) + +**--blkio-weight**=0 + Block IO weight (relative weight) accepts a weight value between 10 and 1000. + +**-c**, **--cpu-shares**=0 + CPU shares (relative weight) + +**--cap-add**=[] + Add Linux capabilities + +**--cap-drop**=[] + Drop Linux capabilities + +**--cidfile**="" + Write the container ID to the file + +**--cgroup-parent**="" + Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist. + +**--cpu-peroid**=0 + Limit the CPU CFS (Completely Fair Scheduler) period + +**--cpuset-cpus**="" + CPUs in which to allow execution (0-3, 0,1) + +**--cpuset-mems**="" + Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems. + + If you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1` +then processes in your Docker container will only use memory from the first +two memory nodes. + +**-cpu-quota**=0 + Limit the CPU CFS (Completely Fair Scheduler) quota + +**--device**=[] + Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) + +**--dns-search**=[] + Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) + +**--dns**=[] + Set custom DNS servers + +**-e**, **--env**=[] + Set environment variables + +**--entrypoint**="" + Overwrite the default ENTRYPOINT of the image + +**--env-file**=[] + Read in a line delimited file of environment variables + +**--expose**=[] + Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host + +**-h**, **--hostname**="" + Container host name + +**--help** + Print usage statement + +**-i**, **--interactive**=*true*|*false* + Keep STDIN open even if not attached. The default is *false*. + +**--ipc**="" + Default is to create a private IPC namespace (POSIX SysV IPC) for the container + 'container:': reuses another container shared memory, semaphores and message queues + 'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. + +**-l**, **--label**=[] + Adds metadata to a container (e.g., --label=com.example.key=value) + +**--label-file**=[] + Read labels from a file. Delimit each label with an EOL. + +**--link**=[] + Add link to another container in the form of :alias or just + in which case the alias will match the name. + +**--lxc-conf**=[] + (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" + +**--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*none*" + Logging driver for container. Default is defined by daemon `--log-driver` flag. + **Warning**: `docker logs` command works only for `json-file` logging driver. + +**--log-opt**=[] + Logging driver specific options. + +**-m**, **--memory**="" + Memory limit (format: , where unit = b, k, m or g) + + Allows you to constrain the memory available to a container. If the host +supports swap memory, then the **-m** memory setting can be larger than physical +RAM. If a limit of 0 is specified (not using **-m**), the container's memory is +not limited. The actual limit may be rounded up to a multiple of the operating +system's page size (the value would be very large, that's millions of trillions). + +**--memory-swap**="" + Total memory limit (memory + swap) + + Set `-1` to disable swap (format: , where unit = b, k, m or g). +This value should always larger than **-m**, so you should always use this with **-m**. + +**--mac-address**="" + Container MAC address (e.g. 92:d0:c6:0a:29:33) + +**--name**="" + Assign a name to the container + +**--net**="bridge" + Set the Network mode for the container + 'bridge': creates a new network stack for the container on the docker bridge + 'none': no networking for this container + 'container:': reuses another container network stack + 'host': use the host network stack inside the container. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. + +**--oom-kill-disable**=*true*|*false* + Whether to disable OOM Killer for the container or not. + +**-P**, **--publish-all**=*true*|*false* + Publish all exposed ports to random ports on the host interfaces. The default is *false*. + +**-p**, **--publish**=[] + Publish a container's port, or a range of ports, to the host + format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort + Both hostPort and containerPort can be specified as a range of ports. + When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`) + (use 'docker port' to see the actual mapping) + +**--pid**=host + Set the PID mode for the container + **host**: use the host's PID namespace inside the container. + Note: the host mode gives the container full access to local PID and is therefore considered insecure. + +**--uts**=host + Set the UTS mode for the container + **host**: use the host's UTS namespace inside the container. + Note: the host mode gives the container access to changing the host's hostname and is therefore considered insecure. + +**--privileged**=*true*|*false* + Give extended privileges to this container. The default is *false*. + +**--read-only**=*true*|*false* + Mount the container's root filesystem as read only. + +**--restart**="no" + Restart policy to apply when a container exits (no, on-failure[:max-retry], always) + +**--security-opt**=[] + Security Options + +**-t**, **--tty**=*true*|*false* + Allocate a pseudo-TTY. The default is *false*. + +**-u**, **--user**="" + Username or UID + +**-v**, **--volume**=[] + Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) + +**--volumes-from**=[] + Mount volumes from the specified container(s) + +**-w**, **--workdir**="" + Working directory inside the container + +# HISTORY +August 2014, updated by Sven Dowideit +September 2014, updated by Sven Dowideit +November 2014, updated by Sven Dowideit diff --git a/docker-diff.1.md b/docker-diff.1.md new file mode 100644 index 000000000000..6c6c5025332b --- /dev/null +++ b/docker-diff.1.md @@ -0,0 +1,49 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-diff - Inspect changes on a container's filesystem + +# SYNOPSIS +**docker diff** +[**--help**] +CONTAINER + +# DESCRIPTION +Inspect changes on a container's filesystem. You can use the full or +shortened container ID or the container name set using +**docker run --name** option. + +# OPTIONS +**--help** + Print usage statement + +# EXAMPLES +Inspect the changes to on a nginx container: + + # docker diff 1fdfd1f54c1b + C /dev + C /dev/console + C /dev/core + C /dev/stdout + C /dev/fd + C /dev/ptmx + C /dev/stderr + C /dev/stdin + C /run + A /run/nginx.pid + C /var/lib/nginx/tmp + A /var/lib/nginx/tmp/client_body + A /var/lib/nginx/tmp/fastcgi + A /var/lib/nginx/tmp/proxy + A /var/lib/nginx/tmp/scgi + A /var/lib/nginx/tmp/uwsgi + C /var/log/nginx + A /var/log/nginx/access.log + A /var/log/nginx/error.log + + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/docker-events.1.md b/docker-events.1.md new file mode 100644 index 000000000000..f854bbc1ad40 --- /dev/null +++ b/docker-events.1.md @@ -0,0 +1,86 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-events - Get real time events from the server + +# SYNOPSIS +**docker events** +[**--help**] +[**-f**|**--filter**[=*[]*]] +[**--since**[=*SINCE*]] +[**--until**[=*UNTIL*]] + + +# DESCRIPTION +Get event information from the Docker daemon. Information can include historical +information and real-time information. + +Docker containers will report the following events: + + create, destroy, die, export, kill, pause, restart, start, stop, unpause + +and Docker images will report: + + untag, delete + +# OPTIONS +**--help** + Print usage statement + +**-f**, **--filter**=[] + Provide filter values (i.e., 'event=stop') + +**--since**="" + Show all events created since timestamp + +**--until**="" + Stream events until this timestamp + +You can specify `--since` and `--until` parameters as an RFC 3339 date, +a UNIX timestamp, or a Go duration string (e.g. `1m30s`, `3h`). Docker computes +the date relative to the client machine’s time. + +# EXAMPLES + +## Listening for Docker events + +After running docker events a container 786d698004576 is started and stopped +(The container name has been shortened in the output below): + + # docker events + 2015-01-28T20:21:31.000000000-08:00 59211849bc10: (from whenry/testimage:latest) start + 2015-01-28T20:21:31.000000000-08:00 59211849bc10: (from whenry/testimage:latest) die + 2015-01-28T20:21:32.000000000-08:00 59211849bc10: (from whenry/testimage:latest) stop + +## Listening for events since a given date +Again the output container IDs have been shortened for the purposes of this document: + + # docker events --since '2015-01-28' + 2015-01-28T20:25:38.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) create + 2015-01-28T20:25:38.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) start + 2015-01-28T20:25:39.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) create + 2015-01-28T20:25:39.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) start + 2015-01-28T20:25:40.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) die + 2015-01-28T20:25:42.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) stop + 2015-01-28T20:25:45.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) start + 2015-01-28T20:25:45.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) die + 2015-01-28T20:25:46.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) stop + +The following example outputs all events that were generated in the last 3 minutes, +relative to the current time on the client machine: + + # docker events --since '3m' + 2015-05-12T11:51:30.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die + 2015-05-12T15:52:12.999999999Z07:00 4 4386fb97867d: (from ubuntu-1:14.04) stop + 2015-05-12T15:53:45.999999999Z07:00 7805c1d35632: (from redis:2.8) die + 2015-05-12T15:54:03.999999999Z07:00 7805c1d35632: (from redis:2.8) stop + +If you do not provide the --since option, the command returns only new and/or +live events. + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit +June 2015, updated by Brian Goff diff --git a/docker-exec.1.md b/docker-exec.1.md new file mode 100644 index 000000000000..c1de7b59ed9f --- /dev/null +++ b/docker-exec.1.md @@ -0,0 +1,51 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-exec - Run a command in a running container + +# SYNOPSIS +**docker exec** +[**-d**|**--detach**[=*false*]] +[**--help**] +[**-i**|**--interactive**[=*false*]] +[**-t**|**--tty**[=*false*]] +[**-u**|**--user**[=*USER*]] +CONTAINER COMMAND [ARG...] + +# DESCRIPTION + +Run a process in a running container. + +The command started using `docker exec` will only run while the container's primary +process (`PID 1`) is running, and will not be restarted if the container is restarted. + +If the container is paused, then the `docker exec` command will wait until the +container is unpaused, and then run + +# OPTIONS +**-d**, **--detach**=*true*|*false* + Detached mode: run command in the background. The default is *false*. + +**--help** + Print usage statement + +**-i**, **--interactive**=*true*|*false* + Keep STDIN open even if not attached. The default is *false*. + +**-t**, **--tty**=*true*|*false* + Allocate a pseudo-TTY. The default is *false*. + +**-u**, **--user**="" + Sets the username or UID used and optionally the groupname or GID for the specified command. + + The followings examples are all valid: + --user [user | user:group | uid | uid:gid | user:gid | uid:group ] + + Without this argument the command will be run as root in the container. + +The **-t** option is incompatible with a redirection of the docker client +standard input. + +# HISTORY +November 2014, updated by Sven Dowideit diff --git a/docker-export.1.md b/docker-export.1.md new file mode 100644 index 000000000000..0bc71ad89f22 --- /dev/null +++ b/docker-export.1.md @@ -0,0 +1,44 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-export - Export the contents of a filesystem as a tar archive to STDOUT + +# SYNOPSIS +**docker export** +[**--help**] +CONTAINER + +# DESCRIPTION +Export the contents of a container's filesystem using the full or shortened +container ID or container name. The output is exported to STDOUT and can be +redirected to a tar file. + +Stream to a file instead of STDOUT by using **-o**. + +# OPTIONS +**--help** + Print usage statement +**-o**, **--output**="" + Write to a file, instead of STDOUT + +# EXAMPLES +Export the contents of the container called angry_bell to a tar file +called angry_bell.tar: + + # docker export angry_bell > angry_bell.tar + # docker export --output=angry_bell-latest.tar angry_bell + # ls -sh angry_bell.tar + 321M angry_bell.tar + # ls -sh angry_bell-latest.tar + 321M angry_bell-latest.tar + +# See also +**docker-import(1)** to create an empty filesystem image +and import the contents of the tarball into it, then optionally tag it. + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit +January 2015, updated by Joseph Kern (josephakern at gmail dot com) diff --git a/docker-history.1.md b/docker-history.1.md new file mode 100644 index 000000000000..268e378d0609 --- /dev/null +++ b/docker-history.1.md @@ -0,0 +1,51 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-history - Show the history of an image + +# SYNOPSIS +**docker history** +[**--help**] +[**--no-trunc**[=*false*]] +[**-q**|**--quiet**[=*false*]] +IMAGE + +# DESCRIPTION + +Show the history of when and how an image was created. + +# OPTIONS +**--help** + Print usage statement + +**-H**. **--human**=*true*|*false* + Print sizes and dates in human readable format. The default is *true*. + +**--no-trunc**=*true*|*false* + Don't truncate output. The default is *false*. + +**-q**, **--quiet**=*true*|*false* + Only show numeric IDs. The default is *false*. + +# EXAMPLES + $ docker history fedora + IMAGE CREATED CREATED BY SIZE COMMENT + 105182bb5e8b 5 days ago /bin/sh -c #(nop) ADD file:71356d2ad59aa3119d 372.7 MB + 73bd853d2ea5 13 days ago /bin/sh -c #(nop) MAINTAINER Lokesh Mandvekar 0 B + 511136ea3c5a 10 months ago 0 B Imported from - + +## Display comments in the image history +The `docker commit` command has a **-m** flag for adding comments to the image. These comments will be displayed in the image history. + + $ sudo docker history docker:scm + IMAGE CREATED CREATED BY SIZE COMMENT + 2ac9d1098bf1 3 months ago /bin/bash 241.4 MB Added Apache to Fedora base image + 88b42ffd1f7c 5 months ago /bin/sh -c #(nop) ADD file:1fd8d7f9f6557cafc7 373.7 MB + c69cab00d6ef 5 months ago /bin/sh -c #(nop) MAINTAINER Lokesh Mandvekar 0 B + 511136ea3c5a 19 months ago 0 B Imported from - + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/docker-images.1.md b/docker-images.1.md new file mode 100644 index 000000000000..16dd86476741 --- /dev/null +++ b/docker-images.1.md @@ -0,0 +1,84 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-images - List images + +# SYNOPSIS +**docker images** +[**--help**] +[**-a**|**--all**[=*false*]] +[**--digests**[=*false*]] +[**-f**|**--filter**[=*[]*]] +[**--no-trunc**[=*false*]] +[**-q**|**--quiet**[=*false*]] +[REPOSITORY] + +# DESCRIPTION +This command lists the images stored in the local Docker repository. + +By default, intermediate images, used during builds, are not listed. Some of the +output, e.g., image ID, is truncated, for space reasons. However the truncated +image ID, and often the first few characters, are enough to be used in other +Docker commands that use the image ID. The output includes repository, tag, image +ID, date created and the virtual size. + +The title REPOSITORY for the first title may seem confusing. It is essentially +the image name. However, because you can tag a specific image, and multiple tags +(image instances) can be associated with a single name, the name is really a +repository for all tagged images of the same name. For example consider an image +called fedora. It may be tagged with 18, 19, or 20, etc. to manage different +versions. + +# OPTIONS +**-a**, **--all**=*true*|*false* + Show all images (by default filter out the intermediate image layers). The default is *false*. + +**--digests**=*true*|*false* + Show image digests. The default is *false*. + +**-f**, **--filter**=[] + Filters the output. The dangling=true filter finds unused images. While label=com.foo=amd64 filters for images with a com.foo value of amd64. The label=com.foo filter finds images with the label com.foo of any value. + +**--help** + Print usage statement + +**--no-trunc**=*true*|*false* + Don't truncate output. The default is *false*. + +**-q**, **--quiet**=*true*|*false* + Only show numeric IDs. The default is *false*. + +# EXAMPLES + +## Listing the images + +To list the images in a local repository (not the registry) run: + + docker images + +The list will contain the image repository name, a tag for the image, and an +image ID, when it was created and its virtual size. Columns: REPOSITORY, TAG, +IMAGE ID, CREATED, and VIRTUAL SIZE. + +To get a verbose list of images which contains all the intermediate images +used in builds use **-a**: + + docker images -a + +Previously, the docker images command supported the --tree and --dot arguments, +which displayed different visualizations of the image data. Docker core removed +this functionality in the 1.7 version. If you liked this functionality, you can +still find it in the third-party dockviz tool: https://github.com/justone/dockviz. + +## Listing only the shortened image IDs + +Listing just the shortened image IDs. This can be useful for some automated +tools. + + docker images -q + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/docker-import.1.md b/docker-import.1.md new file mode 100644 index 000000000000..b45bf5d4c6bb --- /dev/null +++ b/docker-import.1.md @@ -0,0 +1,59 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-import - Create an empty filesystem image and import the contents of the tarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then optionally tag it. + +# SYNOPSIS +**docker import** +[**-c**|**--change**[= []**]] +[**--help**] +URL|- [REPOSITORY[:TAG]] + +# OPTIONS +**-c**, **--change**=[] + Apply specified Dockerfile instructions while importing the image + Supported Dockerfile instructions: `CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR` + +# DESCRIPTION +Create a new filesystem image from the contents of a tarball (`.tar`, +`.tar.gz`, `.tgz`, `.bzip`, `.tar.xz`, `.txz`) into it, then optionally tag it. + +# OPTIONS +**--help** + Print usage statement + +# EXAMPLES + +## Import from a remote location + + # docker import http://example.com/exampleimage.tgz example/imagerepo + +## Import from a local file + +Import to docker via pipe and stdin: + + # cat exampleimage.tgz | docker import - example/imagelocal + +## Import from a local file and tag + +Import to docker via pipe and stdin: + + # cat exampleimageV2.tgz | docker import - example/imagelocal:V-2.0 + +## Import from a local directory + + # tar -c . | docker import - exampleimagedir + +## Apply specified Dockerfile instructions while importing the image +This example sets the docker image ENV variable DEBUG to true by default. + + # tar -c . | docker import -c="ENV DEBUG true" - exampleimagedir + +# See also +**docker-export(1)** to export the contents of a filesystem as a tar archive to STDOUT. + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/docker-info.1.md b/docker-info.1.md new file mode 100644 index 000000000000..a3bbd798281f --- /dev/null +++ b/docker-info.1.md @@ -0,0 +1,49 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-info - Display system-wide information + +# SYNOPSIS +**docker info** +[**--help**] + + +# DESCRIPTION +This command displays system wide information regarding the Docker installation. +Information displayed includes the number of containers and images, pool name, +data file, metadata file, data space used, total data space, metadata space used +, total metadata space, execution driver, and the kernel version. + +The data file is where the images are stored and the metadata file is where the +meta data regarding those images are stored. When run for the first time Docker +allocates a certain amount of data space and meta data space from the space +available on the volume where `/var/lib/docker` is mounted. + +# OPTIONS +**--help** + Print usage statement + +# EXAMPLES + +## Display Docker system information + +Here is a sample output: + + # docker info + Containers: 14 + Images: 52 + Storage Driver: aufs + Root Dir: /var/lib/docker/aufs + Dirs: 80 + Execution Driver: native-0.2 + Logging Driver: json-file + Kernel Version: 3.13.0-24-generic + Operating System: Ubuntu 14.04 LTS + CPUs: 1 + Total Memory: 2 GiB + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/docker-inspect.1.md b/docker-inspect.1.md new file mode 100644 index 000000000000..a8a2d8f4932d --- /dev/null +++ b/docker-inspect.1.md @@ -0,0 +1,267 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-inspect - Return low-level information on a container or image + +# SYNOPSIS +**docker inspect** +[**--help**] +[**-f**|**--format**[=*FORMAT*]] +CONTAINER|IMAGE [CONTAINER|IMAGE...] + +# DESCRIPTION + +This displays all the information available in Docker for a given +container or image. By default, this will render all results in a JSON +array. If a format is specified, the given template will be executed for +each result. + +# OPTIONS +**--help** + Print usage statement + +**-f**, **--format**="" + Format the output using the given go template. + +# EXAMPLES + +## Getting information on a container + +To get information on a container use its ID or instance name: + + $ docker inspect 1eb5fabf5a03 + [{ + "AppArmorProfile": "", + "Args": [], + "Config": { + "AttachStderr": false, + "AttachStdin": false, + "AttachStdout": false, + "Cmd": [ + "/usr/sbin/nginx" + ], + "Domainname": "", + "Entrypoint": null, + "Env": [ + "HOME=/", + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ], + "ExposedPorts": { + "80/tcp": {} + }, + "Hostname": "1eb5fabf5a03", + "Image": "summit/nginx", + "Labels": { + "com.example.vendor": "Acme", + "com.example.license": "GPL", + "com.example.version": "1.0" + }, + "MacAddress": "", + "NetworkDisabled": false, + "OnBuild": null, + "OpenStdin": false, + "StdinOnce": false, + "Tty": true, + "User": "", + "Volumes": null, + "WorkingDir": "", + }, + "Created": "2014-04-04T21:33:52.02361335Z", + "Driver": "devicemapper", + "ExecDriver": "native-0.1", + "ExecIDs": null, + "HostConfig": { + "Binds": null, + "CapAdd": null, + "CapDrop": null, + "CgroupParent": "", + "ContainerIDFile": "", + "CpuShares": 512, + "CpusetCpus": "0,1", + "CpusetMems": "", + "Devices": [], + "Dns": null, + "DnsSearch": null, + "ExtraHosts": null, + "IpcMode": "", + "Links": null, + "LogConfig": { + "Config": null, + "Type": "json-file" + }, + "LxcConf": null, + "Memory": 16777216, + "MemorySwap": -1, + "NetworkMode": "", + "PidMode": "", + "PortBindings": { + "80/tcp": [ + { + "HostIp": "0.0.0.0", + "HostPort": "80" + } + ] + }, + "Privileged": false, + "PublishAllPorts": false, + "ReadonlyRootfs": false, + "RestartPolicy": { + "MaximumRetryCount": 0, + "Name": "" + }, + "SecurityOpt": null, + "Ulimits": null, + "VolumesFrom": null + } + "HostnamePath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/hostname", + "HostsPath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/hosts", + "ID": "1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b", + "Image": "df53773a4390e25936f9fd3739e0c0e60a62d024ea7b669282b27e65ae8458e6", + "LogPath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log", + "MountLabel": "", + "Name": "/ecstatic_ptolemy", + "NetworkSettings": { + "Bridge": "docker0", + "Gateway": "172.17.42.1", + "GlobalIPv6Address": "", + "GlobalIPv6PrefixLen": 0, + "IPAddress": "172.17.0.2", + "IPPrefixLen": 16, + "IPv6Gateway": "", + "LinkLocalIPv6Address": "", + "LinkLocalIPv6PrefixLen": 0, + "MacAddress": "", + "PortMapping": null, + "Ports": { + "80/tcp": [ + { + "HostIp": "0.0.0.0", + "HostPort": "80" + } + ] + } + }, + "Path": "/usr/sbin/nginx", + "ProcessLabel": "", + "ResolvConfPath": "/etc/resolv.conf", + "RestartCount": 0, + "State": { + "Dead": false, + "Error": "", + "ExitCode": 0, + "FinishedAt": "0001-01-01T00:00:00Z", + "OOMKilled": false, + "Paused": false, + "Pid": 858, + "Restarting": false, + "Running": true, + "StartedAt": "2014-04-04T21:33:54.16259207Z", + }, + "Volumes": {}, + "VolumesRW": {}, + } + +## Getting the IP address of a container instance + +To get the IP address of a container use: + + $ docker inspect --format='{{.NetworkSettings.IPAddress}}' 1eb5fabf5a03 + 172.17.0.2 + +## Listing all port bindings + +One can loop over arrays and maps in the results to produce simple text +output: + + $ docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} \ + {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' 1eb5fabf5a03 + 80/tcp -> 80 + +You can get more information about how to write a go template from: +http://golang.org/pkg/text/template/. + +## Getting information on an image + +Use an image's ID or name (e.g., repository/name[:tag]) to get information +on it. + + $ docker inspect fc1203419df2 + [{ + "Architecture": "amd64", + "Author": "", + "Comment": "", + "Config": { + "AttachStderr": false, + "AttachStdin": false, + "AttachStdout": false, + "Cmd": [ + "make", + "direct-test" + ], + "Domainname": "", + "Entrypoint": [ + "/dind" + ], + "Env": [ + "PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + ], + "ExposedPorts": null, + "Hostname": "242978536a06", + "Image": "c2b774c744afc5bea603b5e6c5218539e506649326de3ea0135182f299d0519a", + "Labels": {}, + "MacAddress": "", + "NetworkDisabled": false, + "OnBuild": [], + "OpenStdin": false, + "StdinOnce": false, + "Tty": false, + "User": "", + "Volumes": null, + "WorkingDir": "/go/src/github.com/docker/libcontainer" + }, + "Container": "1c00417f3812a96d3ebc29e7fdee69f3d586d703ab89c8233fd4678d50707b39", + "ContainerConfig": { + "AttachStderr": false, + "AttachStdin": false, + "AttachStdout": false, + "Cmd": [ + "/bin/sh", + "-c", + "#(nop) CMD [\"make\" \"direct-test\"]" + ], + "Domainname": "", + "Entrypoint": [ + "/dind" + ], + "Env": [ + "PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + ], + "ExposedPorts": null, + "Hostname": "242978536a06", + "Image": "c2b774c744afc5bea603b5e6c5218539e506649326de3ea0135182f299d0519a", + "Labels": {}, + "MacAddress": "", + "NetworkDisabled": false, + "OnBuild": [], + "OpenStdin": false, + "StdinOnce": false, + "Tty": false, + "User": "", + "Volumes": null, + "WorkingDir": "/go/src/github.com/docker/libcontainer" + }, + "Created": "2015-04-07T05:34:39.079489206Z", + "DockerVersion": "1.5.0-dev", + "Id": "fc1203419df26ca82cad1dd04c709cb1b8a8a947bd5bcbdfbef8241a76f031db", + "Os": "linux", + "Parent": "c2b774c744afc5bea603b5e6c5218539e506649326de3ea0135182f299d0519a", + "Size": 0, + "VirtualSize": 613136466 + }] + +# HISTORY +April 2014, originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit +April 2015, updated by Qiang Huang diff --git a/docker-kill.1.md b/docker-kill.1.md new file mode 100644 index 000000000000..cfab3f8e4204 --- /dev/null +++ b/docker-kill.1.md @@ -0,0 +1,28 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-kill - Kill a running container using SIGKILL or a specified signal + +# SYNOPSIS +**docker kill** +[**--help**] +[**-s**|**--signal**[=*"KILL"*]] +CONTAINER [CONTAINER...] + +# DESCRIPTION + +The main process inside each container specified will be sent SIGKILL, + or any signal specified with option --signal. + +# OPTIONS +**--help** + Print usage statement + +**-s**, **--signal**="KILL" + Signal to send to the container + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) + based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/docker-load.1.md b/docker-load.1.md new file mode 100644 index 000000000000..c045443689ad --- /dev/null +++ b/docker-load.1.md @@ -0,0 +1,45 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-load - Load an image from a tar archive on STDIN + +# SYNOPSIS +**docker load** +[**--help**] +[**-i**|**--input**[=*INPUT*]] + + +# DESCRIPTION + +Loads a tarred repository from a file or the standard input stream. +Restores both images and tags. + +# OPTIONS +**--help** + Print usage statement + +**-i**, **--input**="" + Read from a tar archive file, instead of STDIN + +# EXAMPLES + + $ docker images + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + busybox latest 769b9341d937 7 weeks ago 2.489 MB + $ docker load --input fedora.tar + $ docker images + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + busybox latest 769b9341d937 7 weeks ago 2.489 MB + fedora rawhide 0d20aec6529d 7 weeks ago 387 MB + fedora 20 58394af37342 7 weeks ago 385.5 MB + fedora heisenbug 58394af37342 7 weeks ago 385.5 MB + fedora latest 58394af37342 7 weeks ago 385.5 MB + +# See also +**docker-save(1)** to save an image(s) to a tar archive (streamed to STDOUT by default). + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/docker-login.1.md b/docker-login.1.md new file mode 100644 index 000000000000..87ad31b703c9 --- /dev/null +++ b/docker-login.1.md @@ -0,0 +1,51 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-login - Register or log in to a Docker registry. + +# SYNOPSIS +**docker login** +[**-e**|**--email**[=*EMAIL*]] +[**--help**] +[**-p**|**--password**[=*PASSWORD*]] +[**-u**|**--username**[=*USERNAME*]] +[SERVER] + +# DESCRIPTION +Register or log in to a Docker Registry located on the specified +`SERVER`. You can specify a URL or a `hostname` for the `SERVER` value. If you +do not specify a `SERVER`, the command uses Docker's public registry located at +`https://registry-1.docker.io/` by default. To get a username/password for Docker's public registry, create an account on Docker Hub. + +You can log into any public or private repository for which you have +credentials. When you log in, the command stores encoded credentials in +`$HOME/.dockercfg` on Linux or `%USERPROFILE%/.dockercfg` on Windows. + +# OPTIONS +**-e**, **--email**="" + Email + +**--help** + Print usage statement + +**-p**, **--password**="" + Password + +**-u**, **--username**="" + Username + +# EXAMPLES + +## Login to a registry on your localhost + + # docker login localhost:8080 + +# See also +**docker-logout(1)** to log out from a Docker registry. + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit +April 2015, updated by Mary Anthony for v2 diff --git a/docker-logout.1.md b/docker-logout.1.md new file mode 100644 index 000000000000..3726fd66ca02 --- /dev/null +++ b/docker-logout.1.md @@ -0,0 +1,32 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-logout - Log out from a Docker Registry. + +# SYNOPSIS +**docker logout** +[SERVER] + +# DESCRIPTION +Log out of a Docker Registry located on the specified `SERVER`. You can +specify a URL or a `hostname` for the `SERVER` value. If you do not specify a +`SERVER`, the command attempts to log you out of Docker's public registry +located at `https://registry-1.docker.io/` by default. + +# OPTIONS +There are no available options. + +# EXAMPLES + +## Log out from a registry on your localhost + + # docker logout localhost:8080 + +# See also +**docker-login(1)** to register or log in to a Docker registry server. + +# HISTORY +June 2014, Originally compiled by Daniel, Dao Quang Minh (daniel at nitrous dot io) +July 2014, updated by Sven Dowideit +April 2015, updated by Mary Anthony for v2 diff --git a/docker-logs.1.md b/docker-logs.1.md new file mode 100644 index 000000000000..8ecc20df2438 --- /dev/null +++ b/docker-logs.1.md @@ -0,0 +1,55 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-logs - Fetch the logs of a container + +# SYNOPSIS +**docker logs** +[**-f**|**--follow**[=*false*]] +[**--help**] +[**--since**[=*SINCE*]] +[**-t**|**--timestamps**[=*false*]] +[**--tail**[=*"all"*]] +CONTAINER + +# DESCRIPTION +The **docker logs** command batch-retrieves whatever logs are present for +a container at the time of execution. This does not guarantee execution +order when combined with a docker run (i.e., your run may not have generated +any logs at the time you execute docker logs). + +The **docker logs --follow** command combines commands **docker logs** and +**docker attach**. It will first return all logs from the beginning and +then continue streaming new output from the container’s stdout and stderr. + +**Warning**: This command works only for **json-file** logging driver. + +# OPTIONS +**--help** + Print usage statement + +**-f**, **--follow**=*true*|*false* + Follow log output. The default is *false*. + +**--since**="" + Show logs since timestamp + +**-t**, **--timestamps**=*true*|*false* + Show timestamps. The default is *false*. + +**--tail**="all" + Output the specified number of lines at the end of logs (defaults to all logs) + +The `--since` option shows only the container logs generated after +a given date. You can specify the date as an RFC 3339 date, a UNIX +timestamp, or a Go duration string (e.g. `1m30s`, `3h`). Docker computes +the date relative to the client machine’s time. You can combine +the `--since` option with either or both of the `--follow` or `--tail` options. + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit +July 2014, updated by Sven Dowideit +April 2015, updated by Ahmet Alp Balkan diff --git a/docker-pause.1.md b/docker-pause.1.md new file mode 100644 index 000000000000..5d2267af62da --- /dev/null +++ b/docker-pause.1.md @@ -0,0 +1,30 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-pause - Pause all processes within a container + +# SYNOPSIS +**docker pause** +CONTAINER [CONTAINER...] + +# DESCRIPTION + +The `docker pause` command uses the cgroups freezer to suspend all processes in +a container. Traditionally when suspending a process the `SIGSTOP` signal is +used, which is observable by the process being suspended. With the cgroups freezer +the process is unaware, and unable to capture, that it is being suspended, +and subsequently resumed. + +See the [cgroups freezer documentation] +(https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) for +further details. + +# OPTIONS +There are no available options. + +# See also +**docker-unpause(1)** to unpause all processes within a container. + +# HISTORY +June 2014, updated by Sven Dowideit diff --git a/docker-port.1.md b/docker-port.1.md new file mode 100644 index 000000000000..83e9cf93b698 --- /dev/null +++ b/docker-port.1.md @@ -0,0 +1,47 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-port - List port mappings for the CONTAINER, or lookup the public-facing port that is NAT-ed to the PRIVATE_PORT + +# SYNOPSIS +**docker port** +[**--help**] +CONTAINER [PRIVATE_PORT[/PROTO]] + +# DESCRIPTION +List port mappings for the CONTAINER, or lookup the public-facing port that is NAT-ed to the PRIVATE_PORT + +# OPTIONS +**--help** + Print usage statement + +# EXAMPLES + + # docker ps + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + b650456536c7 busybox:latest top 54 minutes ago Up 54 minutes 0.0.0.0:1234->9876/tcp, 0.0.0.0:4321->7890/tcp test + +## Find out all the ports mapped + + # docker port test + 7890/tcp -> 0.0.0.0:4321 + 9876/tcp -> 0.0.0.0:1234 + +## Find out a specific mapping + + # docker port test 7890/tcp + 0.0.0.0:4321 + + # docker port test 7890 + 0.0.0.0:4321 + +## An example showing error for non-existent mapping + + # docker port test 7890/udp + 2014/06/24 11:53:36 Error: No public port '7890/udp' published for test + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +June 2014, updated by Sven Dowideit +November 2014, updated by Sven Dowideit diff --git a/docker-ps.1.md b/docker-ps.1.md new file mode 100644 index 000000000000..6c7b18ee34b1 --- /dev/null +++ b/docker-ps.1.md @@ -0,0 +1,91 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% FEBRUARY 2015 +# NAME +docker-ps - List containers + +# SYNOPSIS +**docker ps** +[**-a**|**--all**[=*false*]] +[**--before**[=*BEFORE*]] +[**--help**] +[**-f**|**--filter**[=*[]*]] +[**-l**|**--latest**[=*false*]] +[**-n**[=*-1*]] +[**--no-trunc**[=*false*]] +[**-q**|**--quiet**[=*false*]] +[**-s**|**--size**[=*false*]] +[**--since**[=*SINCE*]] + + +# DESCRIPTION + +List the containers in the local repository. By default this show only +the running containers. + +# OPTIONS +**-a**, **--all**=*true*|*false* + Show all containers. Only running containers are shown by default. The default is *false*. + +**--before**="" + Show only container created before Id or Name, include non-running ones. + +**--help** + Print usage statement + +**-f**, **--filter**=[] + Provide filter values. Valid filters: + exited= - containers with exit code of + label= or label== + status=(created|restarting|running|paused|exited) + name= - container's name + id= - container's ID + +**-l**, **--latest**=*true*|*false* + Show only the latest created container, include non-running ones. The default is *false*. + +**-n**=-1 + Show n last created containers, include non-running ones. + +**--no-trunc**=*true*|*false* + Don't truncate output. The default is *false*. + +**-q**, **--quiet**=*true*|*false* + Only display numeric IDs. The default is *false*. + +**-s**, **--size**=*true*|*false* + Display total file sizes. The default is *false*. + +**--since**="" + Show only containers created since Id or Name, include non-running ones. + +# EXAMPLES +# Display all containers, including non-running + + # docker ps -a + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + a87ecb4f327c fedora:20 /bin/sh -c #(nop) MA 20 minutes ago Exit 0 desperate_brattain + 01946d9d34d8 vpavlin/rhel7:latest /bin/sh -c #(nop) MA 33 minutes ago Exit 0 thirsty_bell + c1d3b0166030 acffc0358b9e /bin/sh -c yum -y up 2 weeks ago Exit 1 determined_torvalds + 41d50ecd2f57 fedora:20 /bin/sh -c #(nop) MA 2 weeks ago Exit 0 drunk_pike + +# Display only IDs of all containers, including non-running + + # docker ps -a -q + a87ecb4f327c + 01946d9d34d8 + c1d3b0166030 + 41d50ecd2f57 + +# Display only IDs of all containers that have the name `determined_torvalds` + + # docker ps -a -q --filter=name=determined_torvalds + c1d3b0166030 + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit +August 2014, updated by Sven Dowideit +November 2014, updated by Sven Dowideit +February 2015, updated by André Martins diff --git a/docker-pull.1.md b/docker-pull.1.md new file mode 100644 index 000000000000..30a949e81ec4 --- /dev/null +++ b/docker-pull.1.md @@ -0,0 +1,73 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-pull - Pull an image or a repository from a registry + +# SYNOPSIS +**docker pull** +[**-a**|**--all-tags**[=*false*]] +[**--help**] +NAME[:TAG] | [REGISTRY_HOST[:REGISTRY_PORT]/]NAME[:TAG] + +# DESCRIPTION + +This command pulls down an image or a repository from a registry. If +there is more than one image for a repository (e.g., fedora) then all +images for that repository name are pulled down including any tags. + +If you do not specify a `REGISTRY_HOST`, the command uses Docker's public +registry located at `registry-1.docker.io` by default. + +# OPTIONS +**-a**, **--all-tags**=*true*|*false* + Download all tagged images in the repository. The default is *false*. +**--help** + Print usage statement + +# EXAMPLE + +# Pull a repository with multiple images +# Note that if the image is previously downloaded then the status would be +# 'Status: Image is up to date for fedora' + + $ docker pull fedora + Pulling repository fedora + ad57ef8d78d7: Download complete + 105182bb5e8b: Download complete + 511136ea3c5a: Download complete + 73bd853d2ea5: Download complete + + Status: Downloaded newer image for fedora + + $ docker images + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + fedora rawhide ad57ef8d78d7 5 days ago 359.3 MB + fedora 20 105182bb5e8b 5 days ago 372.7 MB + fedora heisenbug 105182bb5e8b 5 days ago 372.7 MB + fedora latest 105182bb5e8b 5 days ago 372.7 MB + +# Pull an image, manually specifying path to Docker's public registry and tag +# Note that if the image is previously downloaded then the status would be +# 'Status: Image is up to date for registry.hub.docker.com/fedora:20' + + $ docker pull registry.hub.docker.com/fedora:20 + Pulling repository fedora + 3f2fed40e4b0: Download complete + 511136ea3c5a: Download complete + fd241224e9cf: Download complete + + Status: Downloaded newer image for registry.hub.docker.com/fedora:20 + + $ docker images + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + fedora 20 3f2fed40e4b0 4 days ago 372.7 MB + + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit +August 2014, updated by Sven Dowideit +April 2015, updated by John Willis +April 2015, updated by Mary Anthony for v2 diff --git a/docker-push.1.md b/docker-push.1.md new file mode 100644 index 000000000000..b51bf5d281a9 --- /dev/null +++ b/docker-push.1.md @@ -0,0 +1,51 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-push - Push an image or a repository to a registry + +# SYNOPSIS +**docker push** +[**--help**] +NAME[:TAG] | [REGISTRY_HOST[:REGISTRY_PORT]/]NAME[:TAG] + +# DESCRIPTION + +This command pushes an image or a repository to a registry. If you do not +specify a `REGISTRY_HOST`, the command uses Docker's public registry located at +`registry-1.docker.io` by default. + +# OPTIONS +**--help** + Print usage statement + +# EXAMPLES + +# Pushing a new image to a registry + +First save the new image by finding the container ID (using **docker ps**) +and then committing it to a new image name: + + # docker commit c16378f943fe rhel-httpd + +Now, push the image to the registry using the image ID. In this example the +registry is on host named `registry-host` and listening on port `5000`. To do +this, tag the image with the host name or IP address, and the port of the +registry: + + # docker tag rhel-httpd registry-host:5000/myadmin/rhel-httpd + # docker push registry-host:5000/myadmin/rhel-httpd + +Check that this worked by running: + + # docker images + +You should see both `rhel-httpd` and `registry-host:5000/myadmin/rhel-httpd` +listed. + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit +April 2015, updated by Mary Anthony for v2 + diff --git a/docker-rename.1.md b/docker-rename.1.md new file mode 100644 index 000000000000..f741a15b479d --- /dev/null +++ b/docker-rename.1.md @@ -0,0 +1,13 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% OCTOBER 2014 +# NAME +docker-rename - Rename a container + +# SYNOPSIS +**docker rename** +OLD_NAME NEW_NAME + +# OPTIONS +There are no available options. + diff --git a/docker-restart.1.md b/docker-restart.1.md new file mode 100644 index 000000000000..77f99d51a63c --- /dev/null +++ b/docker-restart.1.md @@ -0,0 +1,26 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-restart - Restart a running container + +# SYNOPSIS +**docker restart** +[**--help**] +[**-t**|**--time**[=*10*]] +CONTAINER [CONTAINER...] + +# DESCRIPTION +Restart each container listed. + +# OPTIONS +**--help** + Print usage statement + +**-t**, **--time**=10 + Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default is 10 seconds. + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/docker-rm.1.md b/docker-rm.1.md new file mode 100644 index 000000000000..82850a395a57 --- /dev/null +++ b/docker-rm.1.md @@ -0,0 +1,56 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-rm - Remove one or more containers + +# SYNOPSIS +**docker rm** +[**-f**|**--force**[=*false*]] +[**-l**|**--link**[=*false*]] +[**-v**|**--volumes**[=*false*]] +CONTAINER [CONTAINER...] + +# DESCRIPTION + +**docker rm** will remove one or more containers from the host node. The +container name or ID can be used. This does not remove images. You cannot +remove a running container unless you use the \fB-f\fR option. To see all +containers on a host use the **docker ps -a** command. + +# OPTIONS +**--help** + Print usage statement + +**-f**, **--force**=*true*|*false* + Force the removal of a running container (uses SIGKILL). The default is *false*. + +**-l**, **--link**=*true*|*false* + Remove the specified link and not the underlying container. The default is *false*. + +**-v**, **--volumes**=*true*|*false* + Remove the volumes associated with the container. The default is *false*. + +# EXAMPLES + +##Removing a container using its ID## + +To remove a container using its ID, find either from a **docker ps -a** +command, or use the ID returned from the **docker run** command, or retrieve +it from a file used to store it using the **docker run --cidfile**: + + docker rm abebf7571666 + +##Removing a container using the container name## + +The name of the container can be found using the **docker ps -a** +command. The use that name as follows: + + docker rm hopeful_morse + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit +July 2014, updated by Sven Dowideit +August 2014, updated by Sven Dowideit diff --git a/docker-rmi.1.md b/docker-rmi.1.md new file mode 100644 index 000000000000..c288a4e85cbb --- /dev/null +++ b/docker-rmi.1.md @@ -0,0 +1,42 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-rmi - Remove one or more images + +# SYNOPSIS +**docker rmi** +[**-f**|**--force**[=*false*]] +[**--help**] +[**--no-prune**[=*false*]] +IMAGE [IMAGE...] + +# DESCRIPTION + +Removes one or more images from the host node. This does not remove images from +a registry. You cannot remove an image of a running container unless you use the +**-f** option. To see all images on a host use the **docker images** command. + +# OPTIONS +**-f**, **--force**=*true*|*false* + Force removal of the image. The default is *false*. + +**--help** + Print usage statement + +**--no-prune**=*true*|*false* + Do not delete untagged parents. The default is *false*. + +# EXAMPLES + +## Removing an image + +Here is an example of removing and image: + + docker rmi fedora/httpd + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit +April 2015, updated by Mary Anthony for v2 diff --git a/docker-run.1.md b/docker-run.1.md new file mode 100644 index 000000000000..3c754434914d --- /dev/null +++ b/docker-run.1.md @@ -0,0 +1,658 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-run - Run a command in a new container + +# SYNOPSIS +**docker run** +[**-a**|**--attach**[=*[]*]] +[**--add-host**[=*[]*]] +[**--blkio-weight**[=*[BLKIO-WEIGHT]*]] +[**-c**|**--cpu-shares**[=*0*]] +[**--cap-add**[=*[]*]] +[**--cap-drop**[=*[]*]] +[**--cidfile**[=*CIDFILE*]] +[**--cpu-period**[=*0*]] +[**--cpuset-cpus**[=*CPUSET-CPUS*]] +[**--cpuset-mems**[=*CPUSET-MEMS*]] +[**-d**|**--detach**[=*false*]] +[**--cpu-quota**[=*0*]] +[**--device**[=*[]*]] +[**--dns-search**[=*[]*]] +[**--dns**[=*[]*]] +[**-e**|**--env**[=*[]*]] +[**--entrypoint**[=*ENTRYPOINT*]] +[**--env-file**[=*[]*]] +[**--expose**[=*[]*]] +[**-h**|**--hostname**[=*HOSTNAME*]] +[**--help**] +[**-i**|**--interactive**[=*false*]] +[**--ipc**[=*IPC*]] +[**-l**|**--label**[=*[]*]] +[**--label-file**[=*[]*]] +[**--link**[=*[]*]] +[**--lxc-conf**[=*[]*]] +[**--log-driver**[=*[]*]] +[**--log-opt**[=*[]*]] +[**-m**|**--memory**[=*MEMORY*]] +[**--memory-swap**[=*MEMORY-SWAP*]] +[**--mac-address**[=*MAC-ADDRESS*]] +[**--name**[=*NAME*]] +[**--net**[=*"bridge"*]] +[**--oom-kill-disable**[=*false*]] +[**-P**|**--publish-all**[=*false*]] +[**-p**|**--publish**[=*[]*]] +[**--pid**[=*[]*]] +[**--uts**[=*[]*]] +[**--privileged**[=*false*]] +[**--read-only**[=*false*]] +[**--restart**[=*RESTART*]] +[**--rm**[=*false*]] +[**--security-opt**[=*[]*]] +[**--sig-proxy**[=*true*]] +[**-t**|**--tty**[=*false*]] +[**-u**|**--user**[=*USER*]] +[**-v**|**--volume**[=*[]*]] +[**--volumes-from**[=*[]*]] +[**-w**|**--workdir**[=*WORKDIR*]] +[**--cgroup-parent**[=*CGROUP-PATH*]] +IMAGE [COMMAND] [ARG...] + +# DESCRIPTION + +Run a process in a new container. **docker run** starts a process with its own +file system, its own networking, and its own isolated process tree. The IMAGE +which starts the process may define defaults related to the process that will be +run in the container, the networking to expose, and more, but **docker run** +gives final control to the operator or administrator who starts the container +from the image. For that reason **docker run** has more options than any other +Docker command. + +If the IMAGE is not already loaded then **docker run** will pull the IMAGE, and +all image dependencies, from the repository in the same way running **docker +pull** IMAGE, before it starts the container from that image. + +# OPTIONS +**-a**, **--attach**=[] + Attach to STDIN, STDOUT or STDERR. + + In foreground mode (the default when **-d** +is not specified), **docker run** can start the process in the container +and attach the console to the process’s standard input, output, and standard +error. It can even pretend to be a TTY (this is what most commandline +executables expect) and pass along signals. The **-a** option can be set for +each of stdin, stdout, and stderr. + +**--add-host**=[] + Add a custom host-to-IP mapping (host:ip) + + Add a line to /etc/hosts. The format is hostname:ip. The **--add-host** +option can be set multiple times. + +**--blkio-weight**=0 + Block IO weight (relative weight) accepts a weight value between 10 and 1000. + +**-c**, **--cpu-shares**=0 + CPU shares (relative weight) + + By default, all containers get the same proportion of CPU cycles. This proportion +can be modified by changing the container's CPU share weighting relative +to the weighting of all other running containers. + +To modify the proportion from the default of 1024, use the **-c** or **--cpu-shares** +flag to set the weighting to 2 or higher. + +The proportion will only apply when CPU-intensive processes are running. +When tasks in one container are idle, other containers can use the +left-over CPU time. The actual amount of CPU time will vary depending on +the number of containers running on the system. + +For example, consider three containers, one has a cpu-share of 1024 and +two others have a cpu-share setting of 512. When processes in all three +containers attempt to use 100% of CPU, the first container would receive +50% of the total CPU time. If you add a fourth container with a cpu-share +of 1024, the first container only gets 33% of the CPU. The remaining containers +receive 16.5%, 16.5% and 33% of the CPU. + +On a multi-core system, the shares of CPU time are distributed over all CPU +cores. Even if a container is limited to less than 100% of CPU time, it can +use 100% of each individual CPU core. + +For example, consider a system with more than three cores. If you start one +container **{C0}** with **-c=512** running one process, and another container +**{C1}** with **-c=1024** running two processes, this can result in the following +division of CPU shares: + + PID container CPU CPU share + 100 {C0} 0 100% of CPU0 + 101 {C1} 1 100% of CPU1 + 102 {C1} 2 100% of CPU2 + +**--cap-add**=[] + Add Linux capabilities + +**--cap-drop**=[] + Drop Linux capabilities + +**--cgroup-parent**="" + Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist. + +**--cidfile**="" + Write the container ID to the file + +**--cpu-period**=0 + Limit the CPU CFS (Completely Fair Scheduler) period + + Limit the container's CPU usage. This flag tell the kernel to restrict the container's CPU usage to the period you specify. + +**--cpuset-cpus**="" + CPUs in which to allow execution (0-3, 0,1) + +**--cpuset-mems**="" + Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems. + + If you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1` +then processes in your Docker container will only use memory from the first +two memory nodes. + +**--cpu-quota**=0 + Limit the CPU CFS (Completely Fair Scheduler) quota + + Limit the container's CPU usage. By default, containers run with the full +CPU resource. This flag tell the kernel to restrict the container's CPU usage +to the quota you specify. + +**-d**, **--detach**=*true*|*false* + Detached mode: run the container in the background and print the new container ID. The default is *false*. + + At any time you can run **docker ps** in +the other shell to view a list of the running containers. You can reattach to a +detached container with **docker attach**. If you choose to run a container in +the detached mode, then you cannot use the **-rm** option. + + When attached in the tty mode, you can detach from a running container without +stopping the process by pressing the keys CTRL-P CTRL-Q. + +**--device**=[] + Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) + +**--dns-search**=[] + Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) + +**--dns**=[] + Set custom DNS servers + + This option can be used to override the DNS +configuration passed to the container. Typically this is necessary when the +host DNS configuration is invalid for the container (e.g., 127.0.0.1). When this +is the case the **--dns** flags is necessary for every run. + +**-e**, **--env**=[] + Set environment variables + + This option allows you to specify arbitrary +environment variables that are available for the process that will be launched +inside of the container. + +**--entrypoint**="" + Overwrite the default ENTRYPOINT of the image + + This option allows you to overwrite the default entrypoint of the image that +is set in the Dockerfile. The ENTRYPOINT of an image is similar to a COMMAND +because it specifies what executable to run when the container starts, but it is +(purposely) more difficult to override. The ENTRYPOINT gives a container its +default nature or behavior, so that when you set an ENTRYPOINT you can run the +container as if it were that binary, complete with default options, and you can +pass in more options via the COMMAND. But, sometimes an operator may want to run +something else inside the container, so you can override the default ENTRYPOINT +at runtime by using a **--entrypoint** and a string to specify the new +ENTRYPOINT. + +**--env-file**=[] + Read in a line delimited file of environment variables + +**--expose**=[] + Expose a port, or a range of ports (e.g. --expose=3300-3310), from the container without publishing it to your host + +**-h**, **--hostname**="" + Container host name + + Sets the container host name that is available inside the container. + +**--help** + Print usage statement + +**-i**, **--interactive**=*true*|*false* + Keep STDIN open even if not attached. The default is *false*. + + When set to true, keep stdin open even if not attached. The default is false. + +**--ipc**="" + Default is to create a private IPC namespace (POSIX SysV IPC) for the container + 'container:': reuses another container shared memory, semaphores and message queues + 'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. + +**-l**, **--label**=[] + Set metadata on the container (e.g., --label com.example.key=value) + +**--label-file**=[] + Read in a line delimited file of labels + +**--link**=[] + Add link to another container in the form of :alias or just +in which case the alias will match the name + + If the operator +uses **--link** when starting the new client container, then the client +container can access the exposed port via a private networking interface. Docker +will set some environment variables in the client container to help indicate +which interface and port to use. + +**--lxc-conf**=[] + (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" + +**--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*none*" + Logging driver for container. Default is defined by daemon `--log-driver` flag. + **Warning**: `docker logs` command works only for `json-file` logging driver. + +**--log-opt**=[] + Logging driver specific options. + +**-m**, **--memory**="" + Memory limit (format: , where unit = b, k, m or g) + + Allows you to constrain the memory available to a container. If the host +supports swap memory, then the **-m** memory setting can be larger than physical +RAM. If a limit of 0 is specified (not using **-m**), the container's memory is +not limited. The actual limit may be rounded up to a multiple of the operating +system's page size (the value would be very large, that's millions of trillions). + +**--memory-swap**="" + Total memory limit (memory + swap) + + Set `-1` to disable swap (format: , where unit = b, k, m or g). +This value should always larger than **-m**, so you should always use this with **-m**. + +**--mac-address**="" + Container MAC address (e.g. 92:d0:c6:0a:29:33) + + Remember that the MAC address in an Ethernet network must be unique. +The IPv6 link-local address will be based on the device's MAC address +according to RFC4862. + +**--name**="" + Assign a name to the container + + The operator can identify a container in three ways: + UUID long identifier (“f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778”) + UUID short identifier (“f78375b1c487”) + Name (“jonah”) + + The UUID identifiers come from the Docker daemon, and if a name is not assigned +to the container with **--name** then the daemon will also generate a random +string name. The name is useful when defining links (see **--link**) (or any +other place you need to identify a container). This works for both background +and foreground Docker containers. + +**--net**="bridge" + Set the Network mode for the container + 'bridge': creates a new network stack for the container on the docker bridge + 'none': no networking for this container + 'container:': reuses another container network stack + 'host': use the host network stack inside the container. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. + +**--oom-kill-disable**=*true*|*false* + Whether to disable OOM Killer for the container or not. + +**-P**, **--publish-all**=*true*|*false* + Publish all exposed ports to random ports on the host interfaces. The default is *false*. + + When set to true publish all exposed ports to the host interfaces. The +default is false. If the operator uses -P (or -p) then Docker will make the +exposed port accessible on the host and the ports will be available to any +client that can reach the host. When using -P, Docker will bind any exposed +port to a random port on the host within an *ephemeral port range* defined by +`/proc/sys/net/ipv4/ip_local_port_range`. To find the mapping between the host +ports and the exposed ports, use `docker port`. + +**-p**, **--publish**=[] + Publish a container's port, or range of ports, to the host. + format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort + Both hostPort and containerPort can be specified as a range of ports. + When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`) + (use 'docker port' to see the actual mapping) + +**--pid**=host + Set the PID mode for the container + **host**: use the host's PID namespace inside the container. + Note: the host mode gives the container full access to local PID and is therefore considered insecure. + +**--uts**=host + Set the UTS mode for the container + **host**: use the host's UTS namespace inside the container. + Note: the host mode gives the container access to changing the host's hostname and is therefore considered insecure. + +**--privileged**=*true*|*false* + Give extended privileges to this container. The default is *false*. + + By default, Docker containers are +“unprivileged” (=false) and cannot, for example, run a Docker daemon inside the +Docker container. This is because by default a container is not allowed to +access any devices. A “privileged” container is given access to all devices. + + When the operator executes **docker run --privileged**, Docker will enable access +to all devices on the host as well as set some configuration in AppArmor to +allow the container nearly all the same access to the host as processes running +outside of a container on the host. + +**--read-only**=*true*|*false* + Mount the container's root filesystem as read only. + + By default a container will have its root filesystem writable allowing processes +to write files anywhere. By specifying the `--read-only` flag the container will have +its root filesystem mounted as read only prohibiting any writes. + +**--restart**="no" + Restart policy to apply when a container exits (no, on-failure[:max-retry], always) + +**--rm**=*true*|*false* + Automatically remove the container when it exits (incompatible with -d). The default is *false*. + +**--security-opt**=[] + Security Options + + "label:user:USER" : Set the label user for the container + "label:role:ROLE" : Set the label role for the container + "label:type:TYPE" : Set the label type for the container + "label:level:LEVEL" : Set the label level for the container + "label:disable" : Turn off label confinement for the container + +**--sig-proxy**=*true*|*false* + Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is *true*. + +**-t**, **--tty**=*true*|*false* + Allocate a pseudo-TTY. The default is *false*. + + When set to true Docker can allocate a pseudo-tty and attach to the standard +input of any container. This can be used, for example, to run a throwaway +interactive shell. The default is value is false. + +The **-t** option is incompatible with a redirection of the docker client +standard input. + +**-u**, **--user**="" + Sets the username or UID used and optionally the groupname or GID for the specified command. + + The followings examples are all valid: + --user [user | user:group | uid | uid:gid | user:gid | uid:group ] + + Without this argument the command will be run as root in the container. + +**-v**, **--volume**=[] + Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) + + The **-v** option can be used one or +more times to add one or more mounts to a container. These mounts can then be +used in other containers using the **--volumes-from** option. + + The volume may be optionally suffixed with :ro or :rw to mount the volumes in +read-only or read-write mode, respectively. By default, the volumes are mounted +read-write. See examples. + +Labeling systems like SELinux require that proper labels are placed on volume +content mounted into a container. Without a label, the security system might +prevent the processes running inside the container from using the content. By +default, Docker does not change the labels set by the OS. + +To change a label in the container context, you can add either of two suffixes +`:z` or `:Z` to the volume mount. These suffixes tell Docker to relabel file +objects on the shared volumes. The `z` option tells Docker that two containers +share the volume content. As a result, Docker labels the content with a shared +content label. Shared volume labels allow all containers to read/write content. +The `Z` option tells Docker to label the content with a private unshared label. +Only the current container can use a private volume. + +Note: Multiple Volume options can be added separated by a "," + +**--volumes-from**=[] + Mount volumes from the specified container(s) + + Mounts already mounted volumes from a source container onto another + container. You must supply the source's container-id. To share + a volume, use the **--volumes-from** option when running + the target container. You can share volumes even if the source container + is not running. + + By default, Docker mounts the volumes in the same mode (read-write or + read-only) as it is mounted in the source container. Optionally, you + can change this by suffixing the container-id with either the `:ro` or + `:rw ` keyword. + + If the location of the volume from the source container overlaps with + data residing on a target container, then the volume hides + that data on the target. + +**-w**, **--workdir**="" + Working directory inside the container + + The default working directory for +running binaries within a container is the root directory (/). The developer can +set a different default with the Dockerfile WORKDIR instruction. The operator +can override the working directory by using the **-w** option. + +# EXAMPLES + +## Exposing log messages from the container to the host's log + +If you want messages that are logged in your container to show up in the host's +syslog/journal then you should bind mount the /dev/log directory as follows. + + # docker run -v /dev/log:/dev/log -i -t fedora /bin/bash + +From inside the container you can test this by sending a message to the log. + + (bash)# logger "Hello from my container" + +Then exit and check the journal. + + # exit + + # journalctl -b | grep Hello + +This should list the message sent to logger. + +## Attaching to one or more from STDIN, STDOUT, STDERR + +If you do not specify -a then Docker will attach everything (stdin,stdout,stderr) +. You can specify to which of the three standard streams (stdin, stdout, stderr) +you’d like to connect instead, as in: + + # docker run -a stdin -a stdout -i -t fedora /bin/bash + +## Sharing IPC between containers + +Using shm_server.c available here: https://www.cs.cf.ac.uk/Dave/C/node27.html + +Testing `--ipc=host` mode: + +Host shows a shared memory segment with 7 pids attached, happens to be from httpd: + +``` + $ sudo ipcs -m + + ------ Shared Memory Segments -------- + key shmid owner perms bytes nattch status + 0x01128e25 0 root 600 1000 7 +``` + +Now run a regular container, and it correctly does NOT see the shared memory segment from the host: + +``` + $ docker run -it shm ipcs -m + + ------ Shared Memory Segments -------- + key shmid owner perms bytes nattch status +``` + +Run a container with the new `--ipc=host` option, and it now sees the shared memory segment from the host httpd: + + ``` + $ docker run -it --ipc=host shm ipcs -m + + ------ Shared Memory Segments -------- + key shmid owner perms bytes nattch status + 0x01128e25 0 root 600 1000 7 +``` +Testing `--ipc=container:CONTAINERID` mode: + +Start a container with a program to create a shared memory segment: +``` + $ docker run -it shm bash + $ sudo shm/shm_server & + $ sudo ipcs -m + + ------ Shared Memory Segments -------- + key shmid owner perms bytes nattch status + 0x0000162e 0 root 666 27 1 +``` +Create a 2nd container correctly shows no shared memory segment from 1st container: +``` + $ docker run shm ipcs -m + + ------ Shared Memory Segments -------- + key shmid owner perms bytes nattch status +``` + +Create a 3rd container using the new --ipc=container:CONTAINERID option, now it shows the shared memory segment from the first: + +``` + $ docker run -it --ipc=container:ed735b2264ac shm ipcs -m + $ sudo ipcs -m + + ------ Shared Memory Segments -------- + key shmid owner perms bytes nattch status + 0x0000162e 0 root 666 27 1 +``` + +## Linking Containers + +The link feature allows multiple containers to communicate with each other. For +example, a container whose Dockerfile has exposed port 80 can be run and named +as follows: + + # docker run --name=link-test -d -i -t fedora/httpd + +A second container, in this case called linker, can communicate with the httpd +container, named link-test, by running with the **--link=:** + + # docker run -t -i --link=link-test:lt --name=linker fedora /bin/bash + +Now the container linker is linked to container link-test with the alias lt. +Running the **env** command in the linker container shows environment variables + with the LT (alias) context (**LT_**) + + # env + HOSTNAME=668231cb0978 + TERM=xterm + LT_PORT_80_TCP=tcp://172.17.0.3:80 + LT_PORT_80_TCP_PORT=80 + LT_PORT_80_TCP_PROTO=tcp + LT_PORT=tcp://172.17.0.3:80 + PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + PWD=/ + LT_NAME=/linker/lt + SHLVL=1 + HOME=/ + LT_PORT_80_TCP_ADDR=172.17.0.3 + _=/usr/bin/env + +When linking two containers Docker will use the exposed ports of the container +to create a secure tunnel for the parent to access. + + +## Mapping Ports for External Usage + +The exposed port of an application can be mapped to a host port using the **-p** +flag. For example, a httpd port 80 can be mapped to the host port 8080 using the +following: + + # docker run -p 8080:80 -d -i -t fedora/httpd + +## Creating and Mounting a Data Volume Container + +Many applications require the sharing of persistent data across several +containers. Docker allows you to create a Data Volume Container that other +containers can mount from. For example, create a named container that contains +directories /var/volume1 and /tmp/volume2. The image will need to contain these +directories so a couple of RUN mkdir instructions might be required for you +fedora-data image: + + # docker run --name=data -v /var/volume1 -v /tmp/volume2 -i -t fedora-data true + # docker run --volumes-from=data --name=fedora-container1 -i -t fedora bash + +Multiple --volumes-from parameters will bring together multiple data volumes from +multiple containers. And it's possible to mount the volumes that came from the +DATA container in yet another container via the fedora-container1 intermediary +container, allowing to abstract the actual data source from users of that data: + + # docker run --volumes-from=fedora-container1 --name=fedora-container2 -i -t fedora bash + +## Mounting External Volumes + +To mount a host directory as a container volume, specify the absolute path to +the directory and the absolute path for the container directory separated by a +colon: + + # docker run -v /var/db:/data1 -i -t fedora bash + +When using SELinux, be aware that the host has no knowledge of container SELinux +policy. Therefore, in the above example, if SELinux policy is enforced, the +`/var/db` directory is not writable to the container. A "Permission Denied" +message will occur and an avc: message in the host's syslog. + + +To work around this, at time of writing this man page, the following command +needs to be run in order for the proper SELinux policy type label to be attached +to the host directory: + + # chcon -Rt svirt_sandbox_file_t /var/db + + +Now, writing to the /data1 volume in the container will be allowed and the +changes will also be reflected on the host in /var/db. + +## Using alternative security labeling + +You can override the default labeling scheme for each container by specifying +the `--security-opt` flag. For example, you can specify the MCS/MLS level, a +requirement for MLS systems. Specifying the level in the following command +allows you to share the same content between containers. + + # docker run --security-opt label:level:s0:c100,c200 -i -t fedora bash + +An MLS example might be: + + # docker run --security-opt label:level:TopSecret -i -t rhel7 bash + +To disable the security labeling for this container versus running with the +`--permissive` flag, use the following command: + + # docker run --security-opt label:disable -i -t fedora bash + +If you want a tighter security policy on the processes within a container, +you can specify an alternate type for the container. You could run a container +that is only allowed to listen on Apache ports by executing the following +command: + + # docker run --security-opt label:type:svirt_apache_t -i -t centos bash + +Note: + +You would have to write policy defining a `svirt_apache_t` type. + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit +July 2014, updated by Sven Dowideit diff --git a/docker-save.1.md b/docker-save.1.md new file mode 100644 index 000000000000..5f336ffd3457 --- /dev/null +++ b/docker-save.1.md @@ -0,0 +1,45 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-save - Save an image(s) to a tar archive (streamed to STDOUT by default) + +# SYNOPSIS +**docker save** +[**--help**] +[**-o**|**--output**[=*OUTPUT*]] +IMAGE [IMAGE...] + +# DESCRIPTION +Produces a tarred repository to the standard output stream. Contains all +parent layers, and all tags + versions, or specified repo:tag. + +Stream to a file instead of STDOUT by using **-o**. + +# OPTIONS +**--help** + Print usage statement + +**-o**, **--output**="" + Write to a file, instead of STDOUT + +# EXAMPLES + +Save all fedora repository images to a fedora-all.tar and save the latest +fedora image to a fedora-latest.tar: + + $ docker save fedora > fedora-all.tar + $ docker save --output=fedora-latest.tar fedora:latest + $ ls -sh fedora-all.tar + 721M fedora-all.tar + $ ls -sh fedora-latest.tar + 367M fedora-latest.tar + +# See also +**docker-load(1)** to load an image from a tar archive on STDIN. + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit +November 2014, updated by Sven Dowideit diff --git a/docker-search.1.md b/docker-search.1.md new file mode 100644 index 000000000000..6316008f502b --- /dev/null +++ b/docker-search.1.md @@ -0,0 +1,65 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-search - Search the Docker Hub for images + +# SYNOPSIS +**docker search** +[**--automated**[=*false*]] +[**--help**] +[**--no-trunc**[=*false*]] +[**-s**|**--stars**[=*0*]] +TERM + +# DESCRIPTION + +Search Docker Hub for an image with that matches the specified `TERM`. The table +of images returned displays the name, description (truncated by default), number +of stars awarded, whether the image is official, and whether it is automated. + +*Note* - Search queries will only return up to 25 results + +# OPTIONS +**--automated**=*true*|*false* + Only show automated builds. The default is *false*. + +**--help** + Print usage statement + +**--no-trunc**=*true*|*false* + Don't truncate output. The default is *false*. + +**-s**, **--stars**=0 + Only displays with at least x stars + +# EXAMPLES + +## Search Docker Hub for ranked images + +Search a registry for the term 'fedora' and only display those images +ranked 3 or higher: + + $ docker search -s 3 fedora + NAME DESCRIPTION STARS OFFICIAL AUTOMATED + mattdm/fedora A basic Fedora image corresponding roughly... 50 + fedora (Semi) Official Fedora base image. 38 + mattdm/fedora-small A small Fedora image on which to build. Co... 8 + goldmann/wildfly A WildFly application server running on a ... 3 [OK] + +## Search Docker Hub for automated images + +Search Docker Hub for the term 'fedora' and only display automated images +ranked 1 or higher: + + $ docker search -s 1 -t fedora + NAME DESCRIPTION STARS OFFICIAL AUTOMATED + goldmann/wildfly A WildFly application server running on a ... 3 [OK] + tutum/fedora-20 Fedora 20 image with SSH access. For the r... 1 [OK] + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit +April 2015, updated by Mary Anthony for v2 + diff --git a/docker-start.1.md b/docker-start.1.md new file mode 100644 index 000000000000..523b315594ca --- /dev/null +++ b/docker-start.1.md @@ -0,0 +1,34 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-start - Start one or more stopped containers + +# SYNOPSIS +**docker start** +[**-a**|**--attach**[=*false*]] +[**--help**] +[**-i**|**--interactive**[=*false*]] +CONTAINER [CONTAINER...] + +# DESCRIPTION + +Start one or more stopped containers. + +# OPTIONS +**-a**, **--attach**=*true*|*false* + Attach container's STDOUT and STDERR and forward all signals to the process. The default is *false*. + +**--help** + Print usage statement + +**-i**, **--interactive**=*true*|*false* + Attach container's STDIN. The default is *false*. + +# See also +**docker-stop(1)** to stop a running container. + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/docker-stats.1.md b/docker-stats.1.md new file mode 100644 index 000000000000..4b4858855956 --- /dev/null +++ b/docker-stats.1.md @@ -0,0 +1,31 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-stats - Display a live stream of one or more containers' resource usage statistics + +# SYNOPSIS +**docker stats** +[**--help**] +CONTAINER [CONTAINER...] + +# DESCRIPTION + +Display a live stream of one or more containers' resource usage statistics + +# OPTIONS +**--help** + Print usage statement + +**--no-stream**="false" + Disable streaming stats and only pull the first result + +# EXAMPLES + +Run **docker stats** with multiple containers. + + $ docker stats redis1 redis2 + CONTAINER CPU % MEM USAGE/LIMIT MEM % NET I/O + redis1 0.07% 796 KB/64 MB 1.21% 788 B/648 B + redis2 0.07% 2.746 MB/64 MB 4.29% 1.266 KB/648 B + diff --git a/docker-stop.1.md b/docker-stop.1.md new file mode 100644 index 000000000000..9b882db49d1a --- /dev/null +++ b/docker-stop.1.md @@ -0,0 +1,30 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-stop - Stop a running container by sending SIGTERM and then SIGKILL after a grace period + +# SYNOPSIS +**docker stop** +[**--help**] +[**-t**|**--time**[=*10*]] +CONTAINER [CONTAINER...] + +# DESCRIPTION +Stop a running container (Send SIGTERM, and then SIGKILL after + grace period) + +# OPTIONS +**--help** + Print usage statement + +**-t**, **--time**=10 + Number of seconds to wait for the container to stop before killing it. Default is 10 seconds. + +#See also +**docker-start(1)** to restart a stopped container. + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/docker-tag.1.md b/docker-tag.1.md new file mode 100644 index 000000000000..898ecd8a1caa --- /dev/null +++ b/docker-tag.1.md @@ -0,0 +1,65 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-tag - Tag an image into a repository + +# SYNOPSIS +**docker tag** +[**-f**|**--force**[=*false*]] +[**--help**] +IMAGE[:TAG] [REGISTRY_HOST/][USERNAME/]NAME[:TAG] + +# DESCRIPTION +Assigns a new alias to an image in a registry. An alias refers to the +entire image name including the optional `TAG` after the ':'. + +If you do not specify a `REGISTRY_HOST`, the command uses Docker's public +registry located at `registry-1.docker.io` by default. + +# "OPTIONS" +**-f**, **--force**=*true*|*false* + When set to true, force the alias. The default is *false*. + +**REGISTRYHOST** + The hostname of the registry if required. This may also include the port +separated by a ':' + +**USERNAME** + The username or other qualifying identifier for the image. + +**NAME** + The image name. + +**TAG** + The tag you are assigning to the image. Though this is arbitrary it is +recommended to be used for a version to distinguish images with the same name. +Note that here TAG is a part of the overall name or "tag". + +# OPTIONS +**-f**, **--force**=*true*|*false* + Force. The default is *false*. + +# EXAMPLES + +## Giving an image a new alias + +Here is an example of aliasing an image (e.g., 0e5574283393) as "httpd" and +tagging it into the "fedora" repository with "version1.0": + + docker tag 0e5574283393 fedora/httpd:version1.0 + +## Tagging an image for a private repository + +To push an image to an private registry and not the central Docker +registry you must tag it with the registry hostname and port (if needed). + + docker tag 0e5574283393 myregistryhost:5000/fedora/httpd:version1.0 + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit +July 2014, updated by Sven Dowideit +April 2015, updated by Mary Anthony for v2 + diff --git a/docker-top.1.md b/docker-top.1.md new file mode 100644 index 000000000000..c3bbf883f794 --- /dev/null +++ b/docker-top.1.md @@ -0,0 +1,33 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-top - Display the running processes of a container + +# SYNOPSIS +**docker top** +[**--help**] +CONTAINER [ps OPTIONS] + +# DESCRIPTION + +Look up the running process of the container. ps-OPTION can be any of the + options you would pass to a Linux ps command. + +# OPTIONS +**--help** + Print usage statement + +# EXAMPLES + +Run **docker top** with the ps option of -x: + + $ docker top 8601afda2b -x + PID TTY STAT TIME COMMAND + 16623 ? Ss 0:00 sleep 99999 + + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/docker-unpause.1.md b/docker-unpause.1.md new file mode 100644 index 000000000000..466e1bb1a3ea --- /dev/null +++ b/docker-unpause.1.md @@ -0,0 +1,27 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-unpause - Unpause all processes within a container + +# SYNOPSIS +**docker unpause** +CONTAINER [CONTAINER...] + +# DESCRIPTION + +The `docker unpause` command uses the cgroups freezer to un-suspend all +processes in a container. + +See the [cgroups freezer documentation] +(https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) for +further details. + +# OPTIONS +There are no available options. + +# See also +**docker-pause(1)** to pause all processes within a container. + +# HISTORY +June 2014, updated by Sven Dowideit diff --git a/docker-version.1.md b/docker-version.1.md new file mode 100644 index 000000000000..9c029b239d64 --- /dev/null +++ b/docker-version.1.md @@ -0,0 +1,15 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-version - Show the Docker version information. + +# SYNOPSIS +**docker version** + + +# OPTIONS +There are no available options. + +# HISTORY +June 2014, updated by Sven Dowideit diff --git a/docker-wait.1.md b/docker-wait.1.md new file mode 100644 index 000000000000..5f07bacc0e2c --- /dev/null +++ b/docker-wait.1.md @@ -0,0 +1,30 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-wait - Block until a container stops, then print its exit code. + +# SYNOPSIS +**docker wait** +[**--help**] +CONTAINER [CONTAINER...] + +# DESCRIPTION + +Block until a container stops, then print its exit code. + +# OPTIONS +**--help** + Print usage statement + +# EXAMPLES + + $ docker run -d fedora sleep 99 + 079b83f558a2bc52ecad6b2a5de13622d584e6bb1aea058c11b36511e85e7622 + $ docker wait 079b83f558a2bc + 0 + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/docker.1.md b/docker.1.md new file mode 100644 index 000000000000..f77038139ac0 --- /dev/null +++ b/docker.1.md @@ -0,0 +1,393 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker \- Docker image and container command line interface + +# SYNOPSIS +**docker** [OPTIONS] COMMAND [arg...] + +# DESCRIPTION +**docker** has two distinct functions. It is used for starting the Docker +daemon and to run the CLI (i.e., to command the daemon to manage images, +containers etc.) So **docker** is both a server, as a daemon, and a client +to the daemon, through the CLI. + +To run the Docker daemon you do not specify any of the commands listed below but +must specify the **-d** option. The other options listed below are for the +daemon only. + +The Docker CLI has over 30 commands. The commands are listed below and each has +its own man page which explain usage and arguments. + +To see the man page for a command run **man docker **. + +# OPTIONS +**-h**, **--help** + Print usage statement + +**--api-cors-header**="" + Set CORS headers in the remote API. Default is cors disabled. Give urls like "http://foo, http://bar, ...". Give "*" to allow all. + +**-b**, **--bridge**="" + Attach containers to a pre\-existing network bridge; use 'none' to disable container networking + +**--bip**="" + Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of \-b + +**-D**, **--debug**=*true*|*false* + Enable debug mode. Default is false. + +**-d**, **--daemon**=*true*|*false* + Enable daemon mode. Default is false. + +**--default-gateway**="" + IPv4 address of the container default gateway; this address must be part of the bridge subnet (which is defined by \-b or \--bip) + +**--default-gateway-v6**="" + IPv6 address of the container default gateway + +**--dns**="" + Force Docker to use specific DNS servers + +**-e**, **--exec-driver**="" + Force Docker to use specific exec driver. Default is `native`. + +**--exec-opt**=[] + Set exec driver options. See EXEC DRIVER OPTIONS. + +**--exec-root**="" + Path to use as the root of the Docker execdriver. Default is `/var/run/docker`. + +**--fixed-cidr**="" + IPv4 subnet for fixed IPs (e.g., 10.20.0.0/16); this subnet must be nested in the bridge subnet (which is defined by \-b or \-\-bip) + +**--fixed-cidr-v6**="" + IPv6 subnet for global IPv6 addresses (e.g., 2a00:1450::/64) + +**-G**, **--group**="" + Group to assign the unix socket specified by -H when running in daemon mode. + use '' (the empty string) to disable setting of a group. Default is `docker`. + +**-g**, **--graph**="" + Path to use as the root of the Docker runtime. Default is `/var/lib/docker`. + +**-H**, **--host**=[unix:///var/run/docker.sock]: tcp://[host:port] to bind or +unix://[/path/to/socket] to use. + The socket(s) to bind to in daemon mode specified using one or more + tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. + +**--icc**=*true*|*false* + Allow unrestricted inter\-container and Docker daemon host communication. If disabled, containers can still be linked together using **--link** option (see **docker-run(1)**). Default is true. + +**--ip**="" + Default IP address to use when binding container ports. Default is `0.0.0.0`. + +**--ip-forward**=*true*|*false* + Enables IP forwarding on the Docker host. The default is `true`. This flag interacts with the IP forwarding setting on your host system's kernel. If your system has IP forwarding disabled, this setting enables it. If your system has IP forwarding enabled, setting this flag to `--ip-forward=false` has no effect. + + This setting will also enable IPv6 forwarding if you have both `--ip-forward=true` and `--fixed-cidr-v6` set. Note that this may reject Router Advertisements and interfere with the host's existing IPv6 configuration. For more information, please consult the documentation about "Advanced Networking - IPv6". + +**--ip-masq**=*true*|*false* + Enable IP masquerading for bridge's IP range. Default is true. + +**--iptables**=*true*|*false* + Enable Docker's addition of iptables rules. Default is true. + +**--ipv6**=*true*|*false* + Enable IPv6 support. Default is false. Docker will create an IPv6-enabled bridge with address fe80::1 which will allow you to create IPv6-enabled containers. Use together with `--fixed-cidr-v6` to provide globally routable IPv6 addresses. IPv6 forwarding will be enabled if not used with `--ip-forward=false`. This may collide with your host's current IPv6 settings. For more information please consult the documentation about "Advanced Networking - IPv6". + +**-l**, **--log-level**="*debug*|*info*|*warn*|*error*|*fatal*"" + Set the logging level. Default is `info`. + +**--label**="[]" + Set key=value labels to the daemon (displayed in `docker info`) + +**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*none*" + Default driver for container logs. Default is `json-file`. + **Warning**: `docker logs` command works only for `json-file` logging driver. + +**--log-opt**=[] + Logging driver specific options. + +**--mtu**=VALUE + Set the containers network mtu. Default is `0`. + +**-p**, **--pidfile**="" + Path to use for daemon PID file. Default is `/var/run/docker.pid` + +**--registry-mirror**=:// + Prepend a registry mirror to be used for image pulls. May be specified multiple times. + +**-s**, **--storage-driver**="" + Force the Docker runtime to use a specific storage driver. + +**--selinux-enabled**=*true*|*false* + Enable selinux support. Default is false. SELinux does not presently support the BTRFS storage driver. + +**--storage-opt**=[] + Set storage driver options. See STORAGE DRIVER OPTIONS. + +**-tls**=*true*|*false* + Use TLS; implied by --tlsverify. Default is false. + +**-tlsverify**=*true*|*false* + Use TLS and verify the remote (daemon: verify client, client: verify daemon). + Default is false. + +**--userland-proxy**=*true*|*false* + Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is true. + +**-v**, **--version**=*true*|*false* + Print version information and quit. Default is false. + +# COMMANDS +**attach** + Attach to a running container + See **docker-attach(1)** for full documentation on the **attach** command. + +**build** + Build an image from a Dockerfile + See **docker-build(1)** for full documentation on the **build** command. + +**commit** + Create a new image from a container's changes + See **docker-commit(1)** for full documentation on the **commit** command. + +**cp** + Copy files/folders from a container's filesystem to the host + See **docker-cp(1)** for full documentation on the **cp** command. + +**create** + Create a new container + See **docker-create(1)** for full documentation on the **create** command. + +**diff** + Inspect changes on a container's filesystem + See **docker-diff(1)** for full documentation on the **diff** command. + +**events** + Get real time events from the server + See **docker-events(1)** for full documentation on the **events** command. + +**exec** + Run a command in a running container + See **docker-exec(1)** for full documentation on the **exec** command. + +**export** + Stream the contents of a container as a tar archive + See **docker-export(1)** for full documentation on the **export** command. + +**history** + Show the history of an image + See **docker-history(1)** for full documentation on the **history** command. + +**images** + List images + See **docker-images(1)** for full documentation on the **images** command. + +**import** + Create a new filesystem image from the contents of a tarball + See **docker-import(1)** for full documentation on the **import** command. + +**info** + Display system-wide information + See **docker-info(1)** for full documentation on the **info** command. + +**inspect** + Return low-level information on a container or image + See **docker-inspect(1)** for full documentation on the **inspect** command. + +**kill** + Kill a running container (which includes the wrapper process and everything +inside it) + See **docker-kill(1)** for full documentation on the **kill** command. + +**load** + Load an image from a tar archive + See **docker-load(1)** for full documentation on the **load** command. + +**login** + Register or login to a Docker Registry + See **docker-login(1)** for full documentation on the **login** command. + +**logout** + Log the user out of a Docker Registry + See **docker-logout(1)** for full documentation on the **logout** command. + +**logs** + Fetch the logs of a container + See **docker-logs(1)** for full documentation on the **logs** command. + +**pause** + Pause all processes within a container + See **docker-pause(1)** for full documentation on the **pause** command. + +**port** + Lookup the public-facing port which is NAT-ed to PRIVATE_PORT + See **docker-port(1)** for full documentation on the **port** command. + +**ps** + List containers + See **docker-ps(1)** for full documentation on the **ps** command. + +**pull** + Pull an image or a repository from a Docker Registry + See **docker-pull(1)** for full documentation on the **pull** command. + +**push** + Push an image or a repository to a Docker Registry + See **docker-push(1)** for full documentation on the **push** command. + +**restart** + Restart a running container + See **docker-restart(1)** for full documentation on the **restart** command. + +**rm** + Remove one or more containers + See **docker-rm(1)** for full documentation on the **rm** command. + +**rmi** + Remove one or more images + See **docker-rmi(1)** for full documentation on the **rmi** command. + +**run** + Run a command in a new container + See **docker-run(1)** for full documentation on the **run** command. + +**save** + Save an image to a tar archive + See **docker-save(1)** for full documentation on the **save** command. + +**search** + Search for an image in the Docker index + See **docker-search(1)** for full documentation on the **search** command. + +**start** + Start a stopped container + See **docker-start(1)** for full documentation on the **start** command. + +**stats** + Display a live stream of one or more containers' resource usage statistics + See **docker-stats(1)** for full documentation on the **stats** command. + +**stop** + Stop a running container + See **docker-stop(1)** for full documentation on the **stop** command. + +**tag** + Tag an image into a repository + See **docker-tag(1)** for full documentation on the **tag** command. + +**top** + Lookup the running processes of a container + See **docker-top(1)** for full documentation on the **top** command. + +**unpause** + Unpause all processes within a container + See **docker-unpause(1)** for full documentation on the **unpause** command. + +**version** + Show the Docker version information + See **docker-version(1)** for full documentation on the **version** command. + +**wait** + Block until a container stops, then print its exit code + See **docker-wait(1)** for full documentation on the **wait** command. + +# STORAGE DRIVER OPTIONS + +Options to storage backend can be specified with **--storage-opt** flags. The +only backend which currently takes options is *devicemapper*. Therefore use these +flags with **-s=**devicemapper. + +Here is the list of *devicemapper* options: + +#### dm.basesize +Specifies the size to use when creating the base device, which limits the size +of images and containers. The default value is 10G. Note, thin devices are +inherently "sparse", so a 10G device which is mostly empty doesn't use 10 GB +of space on the pool. However, the filesystem will use more space for the empty +case the larger the device is. **Warning**: This value affects the system-wide +"base" empty filesystem that may already be initialized and inherited by pulled +images. + +#### dm.loopdatasize +Specifies the size to use when creating the loopback file for the "data" +device which is used for the thin pool. The default size is 100G. Note that the +file is sparse, so it will not initially take up this much space. + +#### dm.loopmetadatasize +Specifies the size to use when creating the loopback file for the "metadadata" +device which is used for the thin pool. The default size is 2G. Note that the +file is sparse, so it will not initially take up this much space. + +#### dm.fs +Specifies the filesystem type to use for the base device. The supported +options are "ext4" and "xfs". The default is "ext4" + +#### dm.mkfsarg +Specifies extra mkfs arguments to be used when creating the base device. + +#### dm.mountopt +Specifies extra mount options used when mounting the thin devices. + +#### dm.datadev +Specifies a custom blockdevice to use for data for the thin pool. + +If using a block device for device mapper storage, ideally both datadev and +metadatadev should be specified to completely avoid using the loopback device. + +#### dm.metadatadev +Specifies a custom blockdevice to use for metadata for the thin pool. + +For best performance the metadata should be on a different spindle than the +data, or even better on an SSD. + +If setting up a new metadata pool it is required to be valid. This can be +achieved by zeroing the first 4k to indicate empty metadata, like this: + + dd if=/dev/zero of=/dev/metadata_dev bs=4096 count=1 + +#### dm.blocksize +Specifies a custom blocksize to use for the thin pool. The default blocksize +is 64K. + +#### dm.blkdiscard +Enables or disables the use of blkdiscard when removing devicemapper devices. +This is enabled by default (only) if using loopback devices and is required to +resparsify the loopback file on image/container removal. + +Disabling this on loopback can lead to *much* faster container removal times, +but will prevent the space used in `/var/lib/docker` directory from being returned to +the system for other use when containers are removed. + +# EXAMPLES +Launching docker daemon with *devicemapper* backend with particular block devices +for data and metadata: + + docker -d -s=devicemapper \ + --storage-opt dm.datadev=/dev/vdb \ + --storage-opt dm.metadatadev=/dev/vdc \ + --storage-opt dm.basesize=20G + +# EXEC DRIVER OPTIONS + +Use the **--exec-opt** flags to specify options to the exec-driver. The only +driver that accepts this flag is the *native* (libcontainer) driver. As a +result, you must also specify **-s=**native for this option to have effect. The +following is the only *native* option: + +#### native.cgroupdriver +Specifies the management of the container's `cgroups`. You can specify +`cgroupfs` or `systemd`. If you specify `systemd` and it is not available, the +system uses `cgroupfs`. + +#### Client +For specific client examples please see the man page for the specific Docker +command. For example: + + man docker-run + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. diff --git a/md2man-all.sh b/md2man-all.sh new file mode 100755 index 000000000000..97c65c93bc32 --- /dev/null +++ b/md2man-all.sh @@ -0,0 +1,22 @@ +#!/bin/bash +set -e + +# get into this script's directory +cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" + +[ "$1" = '-q' ] || { + set -x + pwd +} + +for FILE in *.md; do + base="$(basename "$FILE")" + name="${base%.md}" + num="${name##*.}" + if [ -z "$num" -o "$name" = "$num" ]; then + # skip files that aren't of the format xxxx.N.md (like README.md) + continue + fi + mkdir -p "./man${num}" + go-md2man -in "$FILE" -out "./man${num}/${name}" +done From 90e5ee1ef44ba1c25e8f33d08c034e54165033dd Mon Sep 17 00:00:00 2001 From: "Brian (bex) Exelbierd" Date: Mon, 8 Jun 2015 14:30:33 +0200 Subject: [PATCH 002/398] Update man page Dockerfile to use go-md2man v1.0.1 and go-lang 1.4 The main Dockerfile to was updated - this update brings the sub-directory specific file inline with it. Fixes #12866 Signed-off-by: Brian Exelbierd --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9910bd48f908..33e515d85cbe 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ -FROM golang:1.3 +FROM golang:1.4 RUN mkdir -p /go/src/github.com/cpuguy83 RUN mkdir -p /go/src/github.com/cpuguy83 \ - && git clone -b v1 https://github.com/cpuguy83/go-md2man.git /go/src/github.com/cpuguy83/go-md2man \ + && git clone -b v1.0.1 https://github.com/cpuguy83/go-md2man.git /go/src/github.com/cpuguy83/go-md2man \ && cd /go/src/github.com/cpuguy83/go-md2man \ && go get -v ./... CMD ["/go/bin/go-md2man", "--help"] From fbc8a780aace4f93f0161905d7e839d75301cfba Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Sat, 13 Jun 2015 09:21:50 -0700 Subject: [PATCH 003/398] Carry of PR #13520 Removinig files Signed-off-by: Mary Anthony --- docker-build.1.md | 4 ++-- docker-create.1.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docker-build.1.md b/docker-build.1.md index 7a5ceab0e29e..089091789ef0 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -200,9 +200,9 @@ into account Docker community conventions. ## Building an image using a URL -This will clone the specified Github repository from the URL and use it +This will clone the specified GitHub repository from the URL and use it as context. The Dockerfile at the root of the repository is used as -Dockerfile. This only works if the Github repository is a dedicated +Dockerfile. This only works if the GitHub repository is a dedicated repository. docker build github.com/scollier/Fedora-Dockerfiles/tree/master/apache diff --git a/docker-create.1.md b/docker-create.1.md index 939fcbc1cf0d..3882fbf03124 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -91,7 +91,7 @@ The initial status of the container created with **docker create** is 'created'. **--cgroup-parent**="" Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist. -**--cpu-peroid**=0 +**--cpu-period**=0 Limit the CPU CFS (Completely Fair Scheduler) period **--cpuset-cpus**="" From 1ca24579cd388a1fbf87cb7d7aa4f201614bd6c0 Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Mon, 15 Jun 2015 14:05:10 -0400 Subject: [PATCH 004/398] docker-inspect: Extend docker inspect to export image/container metadata related to graph driver Export image/container metadata stored in graph driver. Right now 3 fields DeviceId, DeviceSize and DeviceName are being exported from devicemapper. Other graph drivers can export fields as they see fit. This data can be used to mount the thin device outside of docker and tools can look into image/container and do some kind of inspection. Signed-off-by: Vivek Goyal --- docker-inspect.1.md | 409 ++++++++++++++++++++++---------------------- 1 file changed, 205 insertions(+), 204 deletions(-) diff --git a/docker-inspect.1.md b/docker-inspect.1.md index a8a2d8f4932d..1b87ef088ed4 100644 --- a/docker-inspect.1.md +++ b/docker-inspect.1.md @@ -30,143 +30,144 @@ each result. To get information on a container use its ID or instance name: - $ docker inspect 1eb5fabf5a03 - [{ - "AppArmorProfile": "", - "Args": [], - "Config": { - "AttachStderr": false, - "AttachStdin": false, - "AttachStdout": false, - "Cmd": [ - "/usr/sbin/nginx" - ], - "Domainname": "", - "Entrypoint": null, - "Env": [ - "HOME=/", - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - ], - "ExposedPorts": { - "80/tcp": {} - }, - "Hostname": "1eb5fabf5a03", - "Image": "summit/nginx", - "Labels": { - "com.example.vendor": "Acme", - "com.example.license": "GPL", - "com.example.version": "1.0" - }, - "MacAddress": "", - "NetworkDisabled": false, - "OnBuild": null, - "OpenStdin": false, - "StdinOnce": false, - "Tty": true, - "User": "", - "Volumes": null, - "WorkingDir": "", + $ docker inspect d2cc496561d6 +[{ + "Id": "d2cc496561d6d520cbc0236b4ba88c362c446a7619992123f11c809cded25b47", + "Created": "2015-06-08T16:18:02.505155285Z", + "Path": "bash", + "Args": [], + "State": { + "Running": false, + "Paused": false, + "Restarting": false, + "OOMKilled": false, + "Dead": false, + "Pid": 0, + "ExitCode": 0, + "Error": "", + "StartedAt": "2015-06-08T16:18:03.643865954Z", + "FinishedAt": "2015-06-08T16:57:06.448552862Z" + }, + "Image": "ded7cd95e059788f2586a51c275a4f151653779d6a7f4dad77c2bd34601d94e4", + "NetworkSettings": { + "Bridge": "", + "EndpointID": "", + "Gateway": "", + "GlobalIPv6Address": "", + "GlobalIPv6PrefixLen": 0, + "HairpinMode": false, + "IPAddress": "", + "IPPrefixLen": 0, + "IPv6Gateway": "", + "LinkLocalIPv6Address": "", + "LinkLocalIPv6PrefixLen": 0, + "MacAddress": "", + "NetworkID": "", + "PortMapping": null, + "Ports": null, + "SandboxKey": "", + "SecondaryIPAddresses": null, + "SecondaryIPv6Addresses": null + }, + "ResolvConfPath": "/var/lib/docker/containers/d2cc496561d6d520cbc0236b4ba88c362c446a7619992123f11c809cded25b47/resolv.conf", + "HostnamePath": "/var/lib/docker/containers/d2cc496561d6d520cbc0236b4ba88c362c446a7619992123f11c809cded25b47/hostname", + "HostsPath": "/var/lib/docker/containers/d2cc496561d6d520cbc0236b4ba88c362c446a7619992123f11c809cded25b47/hosts", + "LogPath": "/var/lib/docker/containers/d2cc496561d6d520cbc0236b4ba88c362c446a7619992123f11c809cded25b47/d2cc496561d6d520cbc0236b4ba88c362c446a7619992123f11c809cded25b47-json.log", + "Name": "/adoring_wozniak", + "RestartCount": 0, + "Driver": "devicemapper", + "ExecDriver": "native-0.2", + "MountLabel": "", + "ProcessLabel": "", + "Volumes": {}, + "VolumesRW": {}, + "AppArmorProfile": "", + "ExecIDs": null, + "HostConfig": { + "Binds": null, + "ContainerIDFile": "", + "LxcConf": [], + "Memory": 0, + "MemorySwap": 0, + "CpuShares": 0, + "CpuPeriod": 0, + "CpusetCpus": "", + "CpusetMems": "", + "CpuQuota": 0, + "BlkioWeight": 0, + "OomKillDisable": false, + "Privileged": false, + "PortBindings": {}, + "Links": null, + "PublishAllPorts": false, + "Dns": null, + "DnsSearch": null, + "ExtraHosts": null, + "VolumesFrom": null, + "Devices": [], + "NetworkMode": "bridge", + "IpcMode": "", + "PidMode": "", + "UTSMode": "", + "CapAdd": null, + "CapDrop": null, + "RestartPolicy": { + "Name": "no", + "MaximumRetryCount": 0 }, - "Created": "2014-04-04T21:33:52.02361335Z", - "Driver": "devicemapper", - "ExecDriver": "native-0.1", - "ExecIDs": null, - "HostConfig": { - "Binds": null, - "CapAdd": null, - "CapDrop": null, - "CgroupParent": "", - "ContainerIDFile": "", - "CpuShares": 512, - "CpusetCpus": "0,1", - "CpusetMems": "", - "Devices": [], - "Dns": null, - "DnsSearch": null, - "ExtraHosts": null, - "IpcMode": "", - "Links": null, - "LogConfig": { - "Config": null, - "Type": "json-file" - }, - "LxcConf": null, - "Memory": 16777216, - "MemorySwap": -1, - "NetworkMode": "", - "PidMode": "", - "PortBindings": { - "80/tcp": [ - { - "HostIp": "0.0.0.0", - "HostPort": "80" - } - ] - }, - "Privileged": false, - "PublishAllPorts": false, - "ReadonlyRootfs": false, - "RestartPolicy": { - "MaximumRetryCount": 0, - "Name": "" - }, - "SecurityOpt": null, - "Ulimits": null, - "VolumesFrom": null - } - "HostnamePath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/hostname", - "HostsPath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/hosts", - "ID": "1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b", - "Image": "df53773a4390e25936f9fd3739e0c0e60a62d024ea7b669282b27e65ae8458e6", - "LogPath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log", - "MountLabel": "", - "Name": "/ecstatic_ptolemy", - "NetworkSettings": { - "Bridge": "docker0", - "Gateway": "172.17.42.1", - "GlobalIPv6Address": "", - "GlobalIPv6PrefixLen": 0, - "IPAddress": "172.17.0.2", - "IPPrefixLen": 16, - "IPv6Gateway": "", - "LinkLocalIPv6Address": "", - "LinkLocalIPv6PrefixLen": 0, - "MacAddress": "", - "PortMapping": null, - "Ports": { - "80/tcp": [ - { - "HostIp": "0.0.0.0", - "HostPort": "80" - } - ] - } - }, - "Path": "/usr/sbin/nginx", - "ProcessLabel": "", - "ResolvConfPath": "/etc/resolv.conf", - "RestartCount": 0, - "State": { - "Dead": false, - "Error": "", - "ExitCode": 0, - "FinishedAt": "0001-01-01T00:00:00Z", - "OOMKilled": false, - "Paused": false, - "Pid": 858, - "Restarting": false, - "Running": true, - "StartedAt": "2014-04-04T21:33:54.16259207Z", + "SecurityOpt": null, + "ReadonlyRootfs": false, + "Ulimits": null, + "LogConfig": { + "Type": "json-file", + "Config": {} }, - "Volumes": {}, - "VolumesRW": {}, + "CgroupParent": "" + }, + "GraphDriver": { + "Name": "devicemapper", + "Data": { + "DeviceId": "5", + "DeviceName": "docker-253:1-2763198-d2cc496561d6d520cbc0236b4ba88c362c446a7619992123f11c809cded25b47", + "DeviceSize": "171798691840" + } + }, + "Config": { + "Hostname": "d2cc496561d6", + "Domainname": "", + "User": "", + "AttachStdin": true, + "AttachStdout": true, + "AttachStderr": true, + "ExposedPorts": null, + "Tty": true, + "OpenStdin": true, + "StdinOnce": true, + "Env": null, + "Cmd": [ + "bash" + ], + "Image": "fedora", + "Volumes": null, + "VolumeDriver": "", + "WorkingDir": "", + "Entrypoint": null, + "NetworkDisabled": false, + "MacAddress": "", + "OnBuild": null, + "Labels": {}, + "Memory": 0, + "MemorySwap": 0, + "CpuShares": 0, + "Cpuset": "" } - +} +] ## Getting the IP address of a container instance To get the IP address of a container use: - $ docker inspect --format='{{.NetworkSettings.IPAddress}}' 1eb5fabf5a03 + $ docker inspect --format='{{.NetworkSettings.IPAddress}}' d2cc496561d6 172.17.0.2 ## Listing all port bindings @@ -175,7 +176,7 @@ One can loop over arrays and maps in the results to produce simple text output: $ docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} \ - {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' 1eb5fabf5a03 + {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' d2cc496561d6 80/tcp -> 80 You can get more information about how to write a go template from: @@ -186,79 +187,79 @@ http://golang.org/pkg/text/template/. Use an image's ID or name (e.g., repository/name[:tag]) to get information on it. - $ docker inspect fc1203419df2 - [{ - "Architecture": "amd64", - "Author": "", - "Comment": "", - "Config": { - "AttachStderr": false, - "AttachStdin": false, - "AttachStdout": false, - "Cmd": [ - "make", - "direct-test" - ], - "Domainname": "", - "Entrypoint": [ - "/dind" - ], - "Env": [ - "PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", - ], - "ExposedPorts": null, - "Hostname": "242978536a06", - "Image": "c2b774c744afc5bea603b5e6c5218539e506649326de3ea0135182f299d0519a", - "Labels": {}, - "MacAddress": "", - "NetworkDisabled": false, - "OnBuild": [], - "OpenStdin": false, - "StdinOnce": false, - "Tty": false, - "User": "", - "Volumes": null, - "WorkingDir": "/go/src/github.com/docker/libcontainer" - }, - "Container": "1c00417f3812a96d3ebc29e7fdee69f3d586d703ab89c8233fd4678d50707b39", - "ContainerConfig": { - "AttachStderr": false, - "AttachStdin": false, - "AttachStdout": false, - "Cmd": [ - "/bin/sh", - "-c", - "#(nop) CMD [\"make\" \"direct-test\"]" - ], - "Domainname": "", - "Entrypoint": [ - "/dind" - ], - "Env": [ - "PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", - ], - "ExposedPorts": null, - "Hostname": "242978536a06", - "Image": "c2b774c744afc5bea603b5e6c5218539e506649326de3ea0135182f299d0519a", - "Labels": {}, - "MacAddress": "", - "NetworkDisabled": false, - "OnBuild": [], - "OpenStdin": false, - "StdinOnce": false, - "Tty": false, - "User": "", - "Volumes": null, - "WorkingDir": "/go/src/github.com/docker/libcontainer" - }, - "Created": "2015-04-07T05:34:39.079489206Z", - "DockerVersion": "1.5.0-dev", - "Id": "fc1203419df26ca82cad1dd04c709cb1b8a8a947bd5bcbdfbef8241a76f031db", - "Os": "linux", - "Parent": "c2b774c744afc5bea603b5e6c5218539e506649326de3ea0135182f299d0519a", - "Size": 0, - "VirtualSize": 613136466 - }] + $ docker inspect ded7cd95e059 +[{ + "Id": "ded7cd95e059788f2586a51c275a4f151653779d6a7f4dad77c2bd34601d94e4", + "Parent": "48ecf305d2cf7046c1f5f8fcbcd4994403173441d4a7f125b1bb0ceead9de731", + "Comment": "", + "Created": "2015-05-27T16:58:22.937503085Z", + "Container": "76cf7f67d83a7a047454b33007d03e32a8f474ad332c3a03c94537edd22b312b", + "ContainerConfig": { + "Hostname": "76cf7f67d83a", + "Domainname": "", + "User": "", + "AttachStdin": false, + "AttachStdout": false, + "AttachStderr": false, + "ExposedPorts": null, + "Tty": false, + "OpenStdin": false, + "StdinOnce": false, + "Env": null, + "Cmd": [ + "/bin/sh", + "-c", + "#(nop) ADD file:4be46382bcf2b095fcb9fe8334206b584eff60bb3fad8178cbd97697fcb2ea83 in /" + ], + "Image": "48ecf305d2cf7046c1f5f8fcbcd4994403173441d4a7f125b1bb0ceead9de731", + "Volumes": null, + "VolumeDriver": "", + "WorkingDir": "", + "Entrypoint": null, + "NetworkDisabled": false, + "MacAddress": "", + "OnBuild": null, + "Labels": {} + }, + "DockerVersion": "1.6.0", + "Author": "Lokesh Mandvekar \u003clsm5@fedoraproject.org\u003e", + "Config": { + "Hostname": "76cf7f67d83a", + "Domainname": "", + "User": "", + "AttachStdin": false, + "AttachStdout": false, + "AttachStderr": false, + "ExposedPorts": null, + "Tty": false, + "OpenStdin": false, + "StdinOnce": false, + "Env": null, + "Cmd": null, + "Image": "48ecf305d2cf7046c1f5f8fcbcd4994403173441d4a7f125b1bb0ceead9de731", + "Volumes": null, + "VolumeDriver": "", + "WorkingDir": "", + "Entrypoint": null, + "NetworkDisabled": false, + "MacAddress": "", + "OnBuild": null, + "Labels": {} + }, + "Architecture": "amd64", + "Os": "linux", + "Size": 186507296, + "VirtualSize": 186507296, + "GraphDriver": { + "Name": "devicemapper", + "Data": { + "DeviceId": "3", + "DeviceName": "docker-253:1-2763198-ded7cd95e059788f2586a51c275a4f151653779d6a7f4dad77c2bd34601d94e4", + "DeviceSize": "171798691840" + } + } +} +] # HISTORY April 2014, originally compiled by William Henry (whenry at redhat dot com) From ff9ae28d76ca330ff0b3d12c51104126c85cbbda Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Sun, 7 Jun 2015 20:07:20 -0700 Subject: [PATCH 005/398] retooling for hugo Tweaking for Hugo Updating the Dockerfile with new sed; fix broken link on Kitematic Fixing image pull for Dockerfile Removing docs targets Signed-off-by: Mary Anthony --- README.md | 37 +++++++++++++------------------------ 1 file changed, 13 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 9a5ed7eb55b7..e25a925adb71 100644 --- a/README.md +++ b/README.md @@ -11,34 +11,23 @@ The recommended approach for generating the man pages is via a Docker container using the supplied `Dockerfile` to create an image with the correct environment. This uses `go-md2man`, a pure Go Markdown to man page generator. -### Generate the man pages +## Building the md2man image -On Linux installations, Docker includes a set of man pages you can access by typing `man command-name` on the command line. For example, `man docker` displays the `docker` man page. When using Docker on Mac OSX the man pages are not automatically included. +There is a `Dockerfile` provided in the `docker/docs/man` directory. -You can generate and install the `man` pages yourself by following these steps: +Using this `Dockerfile`, create a Docker image tagged `docker/md2man`: -1. Checkout the `docker` source. + docker build -t docker/md2man . - $ git clone https://github.com/docker/docker.git - - If you are using Boot2Docker, you must clone into your `/Users` directory - because Boot2Docker can only share this path with the docker containers. - -2. Build the docker image. - - $ cd docker/man - $ docker build -t docker/md2man . - -3. Build the man pages. - - $ docker run -v /docker/man:/man:rw -w /man -i docker/md2man /man/md2man-all.sh - - The `md2man` Docker container processes the Markdown files and generates - a `man1` and `man5` subdirectories in the `docker/man` directory. - -4. Copy the generated man pages to `/usr/share/man` - - $ cp -R man* /usr/share/man/ +## Utilizing the image +Once the image is built, run a container using the image with *volumes*: + docker run -v //docker/docs/man:/docs:rw \ + -w /docs -i docker/md2man /docs/md2man-all.sh +The `md2man` Docker container will process the Markdown files and generate +the man pages inside the `docker/docs/man/man1` directory using +Docker volumes. For more information on Docker volumes see the man page for +`docker run` and also look at the article [Sharing Directories via Volumes] +(https://docs.docker.com/use/working_with_volumes/). From 958ebff302eba0fcc2196c294a9812178c37050d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moys=C3=A9s=20Borges?= Date: Sat, 4 Apr 2015 11:54:43 -0300 Subject: [PATCH 006/398] Support downloading remote tarball contexts in builder jobs. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Moysés Borges --- docker-build.1.md | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/docker-build.1.md b/docker-build.1.md index 089091789ef0..94bea5d2c154 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -37,13 +37,18 @@ daemon, not by the CLI, so the whole context must be transferred to the daemon. The Docker CLI reports "Sending build context to Docker daemon" when the context is sent to the daemon. -When a single Dockerfile is given as the URL, then no context is set. -When a Git repository is set as the **URL**, the repository is used -as context. +When the URL to a tarball archive or to a single Dockerfile is given, no context is sent from +the client to the Docker daemon. When a Git repository is set as the **URL**, the repository is +cloned locally and then sent as the context. # OPTIONS **-f**, **--file**=*PATH/Dockerfile* - Path to the Dockerfile to use. If the path is a relative path then it must be relative to the current directory. The file must be within the build context. The default is *Dockerfile*. + Path to the Dockerfile to use. If the path is a relative path and you are + building from a local directory, then the path must be relative to that + directory. If you are building from a remote URL pointing to either a + tarball or a Git repository, then the path must be relative to the root of + the remote context. In all cases, the file must be within the build context. + The default is *Dockerfile*. **--force-rm**=*true*|*false* Always remove intermediate containers, even after unsuccessful builds. The default is *false*. @@ -209,6 +214,17 @@ repository. Note: You can set an arbitrary Git repository via the `git://` schema. +## Building an image using a URL to a tarball'ed context + +This will send the URL itself to the Docker daemon. The daemon will fetch the +tarball archive, decompress it and use its contents as the build context. If you +pass an *-f PATH/Dockerfile* option as well, the system will look for that file +inside the contents of the tarball. + + docker build -f dev/Dockerfile https://10.10.10.1/docker/context.tar.gz + +Note: supported compression formats are 'xz', 'bzip2', 'gzip' and 'identity' (no compression). + # HISTORY March 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. From 722bc73e96124e09a664dfbcf474721751d4db27 Mon Sep 17 00:00:00 2001 From: Gildas Cuisinier Date: Sun, 29 Mar 2015 19:42:11 +0200 Subject: [PATCH 007/398] work on #11094 allow import from local file Signed-off-by: Gildas Cuisinier --- docker-import.1.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docker-import.1.md b/docker-import.1.md index b45bf5d4c6bb..5ac686677b24 100644 --- a/docker-import.1.md +++ b/docker-import.1.md @@ -8,7 +8,7 @@ docker-import - Create an empty filesystem image and import the contents of the **docker import** [**-c**|**--change**[= []**]] [**--help**] -URL|- [REPOSITORY[:TAG]] +file|URL|- [REPOSITORY[:TAG]] # OPTIONS **-c**, **--change**=[] @@ -35,6 +35,11 @@ Import to docker via pipe and stdin: # cat exampleimage.tgz | docker import - example/imagelocal +Import to a Docker image from a local file. + + # docker import /path/to/exampleimage.tgz + + ## Import from a local file and tag Import to docker via pipe and stdin: From f3e05bf823641ee7dfb5b2016a0780bc019c4a6a Mon Sep 17 00:00:00 2001 From: Lai Jiangshan Date: Wed, 24 Jun 2015 23:30:22 +0800 Subject: [PATCH 008/398] man: convert `docker/docs/man` to `docker/man` Signed-off-by: Lai Jiangshan --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index e25a925adb71..ca964026e815 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ environment. This uses `go-md2man`, a pure Go Markdown to man page generator. ## Building the md2man image -There is a `Dockerfile` provided in the `docker/docs/man` directory. +There is a `Dockerfile` provided in the `docker/man` directory. Using this `Dockerfile`, create a Docker image tagged `docker/md2man`: @@ -23,11 +23,11 @@ Using this `Dockerfile`, create a Docker image tagged `docker/md2man`: Once the image is built, run a container using the image with *volumes*: - docker run -v //docker/docs/man:/docs:rw \ + docker run -v //docker/man:/docs:rw \ -w /docs -i docker/md2man /docs/md2man-all.sh The `md2man` Docker container will process the Markdown files and generate -the man pages inside the `docker/docs/man/man1` directory using +the man pages inside the `docker/man/man1` directory using Docker volumes. For more information on Docker volumes see the man page for `docker run` and also look at the article [Sharing Directories via Volumes] (https://docs.docker.com/use/working_with_volumes/). From 0ea9cdb27e481b94e7d7aa31bcdde5776c35d5d9 Mon Sep 17 00:00:00 2001 From: John Howard Date: Thu, 25 Jun 2015 09:55:46 -0700 Subject: [PATCH 009/398] Fix docs for #14047 Signed-off-by: John Howard --- docker-version.1.md | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/docker-version.1.md b/docker-version.1.md index 9c029b239d64..ffdd48e70bc8 100644 --- a/docker-version.1.md +++ b/docker-version.1.md @@ -1,15 +1,42 @@ % DOCKER(1) Docker User Manuals % Docker Community -% JUNE 2014 +% JUNE 2015 # NAME docker-version - Show the Docker version information. # SYNOPSIS **docker version** +# DESCRIPTION +This command displays version information for both the Docker client and +daemon. # OPTIONS There are no available options. +# EXAMPLES + +## Display Docker version information + +Here is a sample output: + + $ docker version + Client: + Version: 1.8.0 + API version: 1.20 + Go version: go1.4.2 + Git commit: f5bae0a + Built: Tue Jun 23 17:56:00 UTC 2015 + OS/Arch: linux/amd64 + + Server: + Version: 1.8.0 + API version: 1.20 + Go version: go1.4.2 + Git commit: f5bae0a + Built: Tue Jun 23 17:56:00 UTC 2015 + OS/Arch: linux/amd64 + # HISTORY June 2014, updated by Sven Dowideit +June 2015, updated by John Howard From f4ddae124148286643dccfd0e69530b4f02c3ea0 Mon Sep 17 00:00:00 2001 From: TAGOMORI Satoshi Date: Sat, 20 Jun 2015 13:07:50 +0900 Subject: [PATCH 010/398] Add new logging driver: fluentd Signed-off-by: TAGOMORI Satoshi --- docker-create.1.md | 2 +- docker-run.1.md | 2 +- docker.1.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docker-create.1.md b/docker-create.1.md index 3882fbf03124..a41ca04bc1cd 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -155,7 +155,7 @@ two memory nodes. **--lxc-conf**=[] (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" -**--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*none*" +**--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. **Warning**: `docker logs` command works only for `json-file` logging driver. diff --git a/docker-run.1.md b/docker-run.1.md index 3c754434914d..c81f3f8e3e91 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -252,7 +252,7 @@ which interface and port to use. **--lxc-conf**=[] (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" -**--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*none*" +**--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. **Warning**: `docker logs` command works only for `json-file` logging driver. diff --git a/docker.1.md b/docker.1.md index f77038139ac0..9b9320db3a45 100644 --- a/docker.1.md +++ b/docker.1.md @@ -103,7 +103,7 @@ unix://[/path/to/socket] to use. **--label**="[]" Set key=value labels to the daemon (displayed in `docker info`) -**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*none*" +**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*none*" Default driver for container logs. Default is `json-file`. **Warning**: `docker logs` command works only for `json-file` logging driver. From 5c0e17ac68d63cf99cfff1b5e6b7388e72068891 Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Sun, 28 Jun 2015 20:04:24 -0700 Subject: [PATCH 011/398] Closes #13323 and carries Entering comments Signed-off-by: Mary Anthony --- docker.1.md | 213 ++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 166 insertions(+), 47 deletions(-) diff --git a/docker.1.md b/docker.1.md index 9b9320db3a45..98135e50ff5b 100644 --- a/docker.1.md +++ b/docker.1.md @@ -297,79 +297,198 @@ inside it) # STORAGE DRIVER OPTIONS -Options to storage backend can be specified with **--storage-opt** flags. The -only backend which currently takes options is *devicemapper*. Therefore use these +Docker uses storage backends (known as "graphdrivers" in the Docker +internals) to create writable containers from images. Many of these +backends use operating system level technologies and can be +configured. + +Specify options to the storage backend with **--storage-opt** flags. The only +backend that currently takes options is *devicemapper*. Therefore use these flags with **-s=**devicemapper. +Specifically for devicemapper, the default is a "loopback" model which +requires no pre-configuration, but is extremely inefficient. Do not +use it in production. + +To make the best use of Docker with the devicemapper backend, you must +have a recent version of LVM. Use `lvm` to create a thin pool; for +more information see `man lvmthin`. Then, use `--storage-opt +dm.thinpooldev` to tell the Docker engine to use that pool for +allocating images and container snapshots. + Here is the list of *devicemapper* options: +#### dm.thinpooldev + +Specifies a custom block storage device to use for the thin pool. + +If using a block device for device mapper storage, it is best to use +`lvm` to create and manage the thin-pool volume. This volume is then +handed to Docker to create snapshot volumes needed for images and +containers. + +Managing the thin-pool outside of Docker makes for the most feature-rich method +of having Docker utilize device mapper thin provisioning as the backing storage +for Docker's containers. The highlights of the LVM-based thin-pool management +feature include: automatic or interactive thin-pool resize support, dynamically +changing thin-pool features, automatic thinp metadata checking when lvm activates +the thin-pool, etc. + +Example use: `docker -d --storage-opt dm.thinpooldev=/dev/mapper/thin-pool` + #### dm.basesize -Specifies the size to use when creating the base device, which limits the size -of images and containers. The default value is 10G. Note, thin devices are -inherently "sparse", so a 10G device which is mostly empty doesn't use 10 GB -of space on the pool. However, the filesystem will use more space for the empty -case the larger the device is. **Warning**: This value affects the system-wide -"base" empty filesystem that may already be initialized and inherited by pulled -images. -#### dm.loopdatasize -Specifies the size to use when creating the loopback file for the "data" -device which is used for the thin pool. The default size is 100G. Note that the -file is sparse, so it will not initially take up this much space. +Specifies the size to use when creating the base device, which limits +the size of images and containers. The default value is 10G. Note, +thin devices are inherently "sparse", so a 10G device which is mostly +empty doesn't use 10 GB of space on the pool. However, the filesystem +will use more space for base images the larger the device +is. -#### dm.loopmetadatasize -Specifies the size to use when creating the loopback file for the "metadadata" -device which is used for the thin pool. The default size is 2G. Note that the -file is sparse, so it will not initially take up this much space. +This value affects the system-wide "base" empty filesystem that may already +be initialized and inherited by pulled images. Typically, a change to this +value requires additional steps to take effect: + + $ sudo service docker stop + $ sudo rm -rf /var/lib/docker + $ sudo service docker start + +Example use: `docker -d --storage-opt dm.basesize=20G` #### dm.fs -Specifies the filesystem type to use for the base device. The supported -options are "ext4" and "xfs". The default is "ext4" + +Specifies the filesystem type to use for the base device. The +supported options are `ext4` and `xfs`. The default is `ext4`. + +Example use: `docker -d --storage-opt dm.fs=xfs` #### dm.mkfsarg + Specifies extra mkfs arguments to be used when creating the base device. +Example use: `docker -d --storage-opt "dm.mkfsarg=-O ^has_journal"` + #### dm.mountopt + Specifies extra mount options used when mounting the thin devices. +Example use: `docker -d --storage-opt dm.mountopt=nodiscard` + +#### dm.use_deferred_removal + +Enables use of deferred device removal if `libdm` and the kernel driver +support the mechanism. + +Deferred device removal means that if device is busy when devices are +being removed/deactivated, then a deferred removal is scheduled on +device. And devices automatically go away when last user of the device +exits. + +For example, when a container exits, its associated thin device is removed. If +that device has leaked into some other mount namespace and can't be removed, +the container exit still succeeds and this option causes the system to schedule +the device for deferred removal. It does not wait in a loop trying to remove a busy +device. + +Example use: `docker -d --storage-opt dm.use_deferred_removal=true` + +#### dm.loopdatasize + +**Note**: This option configures devicemapper loopback, which should not be used in production. + +Specifies the size to use when creating the loopback file for the +"data" device which is used for the thin pool. The default size is +100G. The file is sparse, so it will not initially take up +this much space. + +Example use: `docker -d --storage-opt dm.loopdatasize=200G` + +#### dm.loopmetadatasize + +**Note**: This option configures devicemapper loopback, which should not be used in production. + +Specifies the size to use when creating the loopback file for the +"metadadata" device which is used for the thin pool. The default size +is 2G. The file is sparse, so it will not initially take up +this much space. + +Example use: `docker -d --storage-opt dm.loopmetadatasize=4G` + #### dm.datadev -Specifies a custom blockdevice to use for data for the thin pool. -If using a block device for device mapper storage, ideally both datadev and -metadatadev should be specified to completely avoid using the loopback device. +(Deprecated, use `dm.thinpooldev`) -#### dm.metadatadev -Specifies a custom blockdevice to use for metadata for the thin pool. +Specifies a custom blockdevice to use for data for a +Docker-managed thin pool. It is better to use `dm.thinpooldev` - see +the documentation for it above for discussion of the advantages. -For best performance the metadata should be on a different spindle than the -data, or even better on an SSD. +#### dm.metadatadev -If setting up a new metadata pool it is required to be valid. This can be -achieved by zeroing the first 4k to indicate empty metadata, like this: +(Deprecated, use `dm.thinpooldev`) - dd if=/dev/zero of=/dev/metadata_dev bs=4096 count=1 +Specifies a custom blockdevice to use for metadata for a +Docker-managed thin pool. See `dm.datadev` for why this is +deprecated. #### dm.blocksize -Specifies a custom blocksize to use for the thin pool. The default blocksize -is 64K. + +Specifies a custom blocksize to use for the thin pool. The default +blocksize is 64K. + +Example use: `docker -d --storage-opt dm.blocksize=512K` #### dm.blkdiscard -Enables or disables the use of blkdiscard when removing devicemapper devices. -This is enabled by default (only) if using loopback devices and is required to -resparsify the loopback file on image/container removal. - -Disabling this on loopback can lead to *much* faster container removal times, -but will prevent the space used in `/var/lib/docker` directory from being returned to -the system for other use when containers are removed. - -# EXAMPLES -Launching docker daemon with *devicemapper* backend with particular block devices -for data and metadata: - - docker -d -s=devicemapper \ - --storage-opt dm.datadev=/dev/vdb \ - --storage-opt dm.metadatadev=/dev/vdc \ - --storage-opt dm.basesize=20G + +Enables or disables the use of `blkdiscard` when removing devicemapper +devices. This is disabled by default due to the additional latency, +but as a special case with loopback devices it will be enabled, in +order to re-sparsify the loopback file on image/container removal. + +Disabling this on loopback can lead to *much* faster container removal +times, but it also prevents the space used in `/var/lib/docker` directory +from being returned to the system for other use when containers are +removed. + +Example use: `docker -d --storage-opt dm.blkdiscard=false` + +#### dm.override_udev_sync_check + +By default, the devicemapper backend attempts to synchronize with the +`udev` device manager for the Linux kernel. This option allows +disabling that synchronization, to continue even though the +configuration may be buggy. + +To view the `udev` sync support of a Docker daemon that is using the +`devicemapper` driver, run: + + $ docker info + [...] + Udev Sync Supported: true + [...] + +When `udev` sync support is `true`, then `devicemapper` and `udev` can +coordinate the activation and deactivation of devices for containers. + +When `udev` sync support is `false`, a race condition occurs between +the`devicemapper` and `udev` during create and cleanup. The race +condition results in errors and failures. (For information on these +failures, see +[docker#4036](https://github.com/docker/docker/issues/4036)) + +To allow the `docker` daemon to start, regardless of whether `udev` sync is +`false`, set `dm.override_udev_sync_check` to true: + + $ docker -d --storage-opt dm.override_udev_sync_check=true + +When this value is `true`, the driver continues and simply warns you +the errors are happening. + +**Note**: The ideal is to pursue a `docker` daemon and environment +that does support synchronizing with `udev`. For further discussion on +this topic, see +[docker#4036](https://github.com/docker/docker/issues/4036). +Otherwise, set this flag for migrating existing Docker daemons to a +daemon with a supported environment. # EXEC DRIVER OPTIONS From 760a78cd19bfc185600aa3e51b413aa44d69208e Mon Sep 17 00:00:00 2001 From: Shishir Mahajan Date: Fri, 26 Jun 2015 10:47:31 -0400 Subject: [PATCH 012/398] Flag Addition: --type flag added for docker inspect command Signed-off-by: Shishir Mahajan --- docker-inspect.1.md | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/docker-inspect.1.md b/docker-inspect.1.md index 1b87ef088ed4..1860480ea870 100644 --- a/docker-inspect.1.md +++ b/docker-inspect.1.md @@ -8,6 +8,7 @@ docker-inspect - Return low-level information on a container or image **docker inspect** [**--help**] [**-f**|**--format**[=*FORMAT*]] +[**--type**=*container*|*image*] CONTAINER|IMAGE [CONTAINER|IMAGE...] # DESCRIPTION @@ -24,14 +25,29 @@ each result. **-f**, **--format**="" Format the output using the given go template. +**--type**=*container*|*image* + Return JSON for specified type, permissible values are "image" or "container" + # EXAMPLES +Getting information on an image where image name conflict with the container name, +e,g both image and container are named rhel7. + + $ docker inspect --type=image rhel7 + [ + { + "Id": "fe01a428b9d9de35d29531e9994157978e8c48fa693e1bf1d221dffbbb67b170", + "Parent": "10acc31def5d6f249b548e01e8ffbaccfd61af0240c17315a7ad393d022c5ca2", + .... + } + ] + ## Getting information on a container To get information on a container use its ID or instance name: $ docker inspect d2cc496561d6 -[{ + [{ "Id": "d2cc496561d6d520cbc0236b4ba88c362c446a7619992123f11c809cded25b47", "Created": "2015-06-08T16:18:02.505155285Z", "Path": "bash", @@ -161,8 +177,8 @@ To get information on a container use its ID or instance name: "CpuShares": 0, "Cpuset": "" } -} -] + } + ] ## Getting the IP address of a container instance To get the IP address of a container use: @@ -188,7 +204,7 @@ Use an image's ID or name (e.g., repository/name[:tag]) to get information on it. $ docker inspect ded7cd95e059 -[{ + [{ "Id": "ded7cd95e059788f2586a51c275a4f151653779d6a7f4dad77c2bd34601d94e4", "Parent": "48ecf305d2cf7046c1f5f8fcbcd4994403173441d4a7f125b1bb0ceead9de731", "Comment": "", @@ -258,8 +274,8 @@ on it. "DeviceSize": "171798691840" } } -} -] + } + ] # HISTORY April 2014, originally compiled by William Henry (whenry at redhat dot com) From 24c821248a16e0b5e68b4df48ad6fe25e76dd769 Mon Sep 17 00:00:00 2001 From: Ma Shimiao Date: Tue, 9 Jun 2015 21:33:41 +0800 Subject: [PATCH 013/398] Unify docker commands' usage in man and help Signed-off-by: Ma Shimiao --- docker-export.1.md | 2 +- docker-load.1.md | 2 +- docker-logout.1.md | 2 +- docker-top.1.md | 3 ++- 4 files changed, 5 insertions(+), 4 deletions(-) diff --git a/docker-export.1.md b/docker-export.1.md index 0bc71ad89f22..f3096eacfc7d 100644 --- a/docker-export.1.md +++ b/docker-export.1.md @@ -2,7 +2,7 @@ % Docker Community % JUNE 2014 # NAME -docker-export - Export the contents of a filesystem as a tar archive to STDOUT +docker-export - Export the contents of a container's filesystem as a tar archive # SYNOPSIS **docker export** diff --git a/docker-load.1.md b/docker-load.1.md index c045443689ad..1a43a5e0d994 100644 --- a/docker-load.1.md +++ b/docker-load.1.md @@ -2,7 +2,7 @@ % Docker Community % JUNE 2014 # NAME -docker-load - Load an image from a tar archive on STDIN +docker-load - Load an image from a tar archive or STDIN # SYNOPSIS **docker load** diff --git a/docker-logout.1.md b/docker-logout.1.md index 3726fd66ca02..d11698679813 100644 --- a/docker-logout.1.md +++ b/docker-logout.1.md @@ -2,7 +2,7 @@ % Docker Community % JUNE 2014 # NAME -docker-logout - Log out from a Docker Registry. +docker-logout - Log out from a Docker registry. # SYNOPSIS **docker logout** diff --git a/docker-top.1.md b/docker-top.1.md index c3bbf883f794..9828d98be532 100644 --- a/docker-top.1.md +++ b/docker-top.1.md @@ -11,7 +11,7 @@ CONTAINER [ps OPTIONS] # DESCRIPTION -Look up the running process of the container. ps-OPTION can be any of the +Display the running process of the container. ps-OPTION can be any of the options you would pass to a Linux ps command. # OPTIONS @@ -31,3 +31,4 @@ Run **docker top** with the ps option of -x: April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. June 2014, updated by Sven Dowideit +June 2015, updated by Ma Shimiao From 1dc38405da3dade8cf4b6e7bab6b867de3a1f587 Mon Sep 17 00:00:00 2001 From: David Calavera Date: Tue, 30 Jun 2015 09:00:02 -0700 Subject: [PATCH 014/398] Fix implicit DeviceMapper selection DeviceMapper must be explicitly selected because the Docker binary might not be linked to the right devmapper library. With this change, Docker fails fast if the driver detection finds the devicemapper directory but the driver is not the default option. The option `override_udev_sync_check` doesn't make sense anymore, since the user must be explicit to select devicemapper, so it's being removed. Docker fails to use devicemapper only if Docker has been built statically unless the option was explicit. Signed-off-by: David Calavera --- docker.1.md | 39 --------------------------------------- 1 file changed, 39 deletions(-) diff --git a/docker.1.md b/docker.1.md index 98135e50ff5b..ee0344a14f1b 100644 --- a/docker.1.md +++ b/docker.1.md @@ -451,45 +451,6 @@ removed. Example use: `docker -d --storage-opt dm.blkdiscard=false` -#### dm.override_udev_sync_check - -By default, the devicemapper backend attempts to synchronize with the -`udev` device manager for the Linux kernel. This option allows -disabling that synchronization, to continue even though the -configuration may be buggy. - -To view the `udev` sync support of a Docker daemon that is using the -`devicemapper` driver, run: - - $ docker info - [...] - Udev Sync Supported: true - [...] - -When `udev` sync support is `true`, then `devicemapper` and `udev` can -coordinate the activation and deactivation of devices for containers. - -When `udev` sync support is `false`, a race condition occurs between -the`devicemapper` and `udev` during create and cleanup. The race -condition results in errors and failures. (For information on these -failures, see -[docker#4036](https://github.com/docker/docker/issues/4036)) - -To allow the `docker` daemon to start, regardless of whether `udev` sync is -`false`, set `dm.override_udev_sync_check` to true: - - $ docker -d --storage-opt dm.override_udev_sync_check=true - -When this value is `true`, the driver continues and simply warns you -the errors are happening. - -**Note**: The ideal is to pursue a `docker` daemon and environment -that does support synchronizing with `udev`. For further discussion on -this topic, see -[docker#4036](https://github.com/docker/docker/issues/4036). -Otherwise, set this flag for migrating existing Docker daemons to a -daemon with a supported environment. - # EXEC DRIVER OPTIONS Use the **--exec-opt** flags to specify options to the exec-driver. The only From 6f7f5475eaea8d254aaebcc0004beb0d6dd0d282 Mon Sep 17 00:00:00 2001 From: Lars Kellogg-Stedman Date: Wed, 17 Jun 2015 09:04:41 -0400 Subject: [PATCH 015/398] Update docker commit man page re: volumes Update the man page for 'docker commit' to make explicit the fact that 'commit' does not save data in volumes. Addresses comments in #7583 Signed-off-by: Lars Kellogg-Stedman --- docker-commit.1.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/docker-commit.1.md b/docker-commit.1.md index 5a290682d09f..875a9b70594c 100644 --- a/docker-commit.1.md +++ b/docker-commit.1.md @@ -14,7 +14,14 @@ docker-commit - Create a new image from a container's changes CONTAINER [REPOSITORY[:TAG]] # DESCRIPTION -Using an existing container's name or ID you can create a new image. +Create a new image from an existing container specified by name or +container ID. The new image will contain the contents of the +container filesystem, *excluding* any data volumes. + +While the `docker commit` command is a convenient way of extending an +existing image, you should prefer the use of a Dockerfile and `docker +build` for generating images that you intend to share with other +people. # OPTIONS **-a**, **--author**="" From e34c76fbee0b942c47596be74e3f87bbd79571e2 Mon Sep 17 00:00:00 2001 From: David Calavera Date: Tue, 7 Jul 2015 12:27:19 -0700 Subject: [PATCH 016/398] Revert "Fix implicit DeviceMapper selection" This reverts commit 0a376291b2213699f986a7bca1cc8c4f4ed00f8d. Signed-off-by: David Calavera --- docker.1.md | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/docker.1.md b/docker.1.md index ee0344a14f1b..98135e50ff5b 100644 --- a/docker.1.md +++ b/docker.1.md @@ -451,6 +451,45 @@ removed. Example use: `docker -d --storage-opt dm.blkdiscard=false` +#### dm.override_udev_sync_check + +By default, the devicemapper backend attempts to synchronize with the +`udev` device manager for the Linux kernel. This option allows +disabling that synchronization, to continue even though the +configuration may be buggy. + +To view the `udev` sync support of a Docker daemon that is using the +`devicemapper` driver, run: + + $ docker info + [...] + Udev Sync Supported: true + [...] + +When `udev` sync support is `true`, then `devicemapper` and `udev` can +coordinate the activation and deactivation of devices for containers. + +When `udev` sync support is `false`, a race condition occurs between +the`devicemapper` and `udev` during create and cleanup. The race +condition results in errors and failures. (For information on these +failures, see +[docker#4036](https://github.com/docker/docker/issues/4036)) + +To allow the `docker` daemon to start, regardless of whether `udev` sync is +`false`, set `dm.override_udev_sync_check` to true: + + $ docker -d --storage-opt dm.override_udev_sync_check=true + +When this value is `true`, the driver continues and simply warns you +the errors are happening. + +**Note**: The ideal is to pursue a `docker` daemon and environment +that does support synchronizing with `udev`. For further discussion on +this topic, see +[docker#4036](https://github.com/docker/docker/issues/4036). +Otherwise, set this flag for migrating existing Docker daemons to a +daemon with a supported environment. + # EXEC DRIVER OPTIONS Use the **--exec-opt** flags to specify options to the exec-driver. The only From f3d87ac6d0aa2f81c8a3d7506f47612fef243a9e Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Thu, 9 Jul 2015 09:57:42 -0700 Subject: [PATCH 017/398] Align 'docker commit' docs with the code It was missing some variants and 'maintainer' isn't actually supported. Also sorted the list of allowed cmds in the code just to make it easier to diff with the docs. Signed-off-by: Doug Davis --- docker-commit.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-commit.1.md b/docker-commit.1.md index 875a9b70594c..bc813ae71b02 100644 --- a/docker-commit.1.md +++ b/docker-commit.1.md @@ -29,7 +29,7 @@ people. **-c** , **--change**=[] Apply specified Dockerfile instructions while committing the image - Supported Dockerfile instructions: `CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR` + Supported Dockerfile instructions: `CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`LABEL`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR` **--help** Print usage statement From 589e028e19d370585656d504ede6fcf287057661 Mon Sep 17 00:00:00 2001 From: Nate Brennand Date: Fri, 10 Jul 2015 18:49:57 +0000 Subject: [PATCH 018/398] update reference to config file `docker login` in 1.7 produces a config file in `~/docker/config.json` instead of a `~/.dockercfg`. Signed-off-by: Nate Brennand --- docker-login.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-login.1.md b/docker-login.1.md index 87ad31b703c9..b87e2c1591e3 100644 --- a/docker-login.1.md +++ b/docker-login.1.md @@ -20,7 +20,7 @@ do not specify a `SERVER`, the command uses Docker's public registry located at You can log into any public or private repository for which you have credentials. When you log in, the command stores encoded credentials in -`$HOME/.dockercfg` on Linux or `%USERPROFILE%/.dockercfg` on Windows. +`$HOME/.docker/config.json` on Linux or `%USERPROFILE%/.docker/config.json` on Windows. # OPTIONS **-e**, **--email**="" From 2cfe234e5d9ec6785e5b9cc5c4cb23175d6cf8ab Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Tue, 28 Apr 2015 08:00:18 -0700 Subject: [PATCH 019/398] Add support for DOCKER_CONFIG/--config to specific config file dir Carry #11675 Aside from what #11675 says, to me a key usecase for this is to support more than one Docker cli running at the same time but each may have its own set of config files. Signed-off-by: Doug Davis --- docker.1.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docker.1.md b/docker.1.md index 98135e50ff5b..25c799a0b58a 100644 --- a/docker.1.md +++ b/docker.1.md @@ -35,6 +35,9 @@ To see the man page for a command run **man docker **. **--bip**="" Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of \-b +**--config**="" + Specifies the location of the Docker client configuration files. The default is '~/.docker'. + **-D**, **--debug**=*true*|*false* Enable debug mode. Default is false. From 525a718d146736cdda174a2e53197fef8a4e295c Mon Sep 17 00:00:00 2001 From: Raghavendra K T Date: Sun, 12 Jul 2015 13:16:33 +0530 Subject: [PATCH 020/398] Add the memory swappiness tuning option to docker. Memory swappiness option takes 0-100, and helps to tune swappiness behavior per container. For example, When a lower value of swappiness is chosen the container will see minimum major faults. When no value is specified for memory-swappiness in docker UI, it is inherited from parent cgroup. (generally 60 unless it is changed). Signed-off-by: Raghavendra K T --- docker-create.1.md | 4 ++++ docker-run.1.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/docker-create.1.md b/docker-create.1.md index a41ca04bc1cd..0bde6271e866 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -48,6 +48,7 @@ docker-create - Create a new container [**--read-only**[=*false*]] [**--restart**[=*RESTART*]] [**--security-opt**[=*[]*]] +[**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] [**-t**|**--tty**[=*false*]] [**-u**|**--user**[=*USER*]] [**-v**|**--volume**[=*[]*]] @@ -225,6 +226,9 @@ This value should always larger than **-m**, so you should always use this with **--security-opt**=[] Security Options +**--memory-swappiness**="" + Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. + **-t**, **--tty**=*true*|*false* Allocate a pseudo-TTY. The default is *false*. diff --git a/docker-run.1.md b/docker-run.1.md index c81f3f8e3e91..cdecee846196 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -51,6 +51,7 @@ docker-run - Run a command in a new container [**--rm**[=*false*]] [**--security-opt**[=*[]*]] [**--sig-proxy**[=*true*]] +[**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] [**-t**|**--tty**[=*false*]] [**-u**|**--user**[=*USER*]] [**-v**|**--volume**[=*[]*]] @@ -371,6 +372,9 @@ its root filesystem mounted as read only prohibiting any writes. **--sig-proxy**=*true*|*false* Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is *true*. +**--memory-swappiness**="" + Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. + **-t**, **--tty**=*true*|*false* Allocate a pseudo-TTY. The default is *false*. From f1319d73163463a6fd1424a946e7dfe19a58938d Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Mon, 13 Jul 2015 08:56:58 -0400 Subject: [PATCH 021/398] Robert P.J. Day found this problems in man pages Example in docker search has an extranious -t docker rmi has a typo Docker-DCO-1.1-Signed-off-by: Dan Walsh (github: rhatdan) --- docker-rmi.1.md | 2 +- docker-search.1.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-rmi.1.md b/docker-rmi.1.md index c288a4e85cbb..01dc64f52a5a 100644 --- a/docker-rmi.1.md +++ b/docker-rmi.1.md @@ -31,7 +31,7 @@ a registry. You cannot remove an image of a running container unless you use the ## Removing an image -Here is an example of removing and image: +Here is an example of removing an image: docker rmi fedora/httpd diff --git a/docker-search.1.md b/docker-search.1.md index 6316008f502b..b65ff5fe7687 100644 --- a/docker-search.1.md +++ b/docker-search.1.md @@ -52,7 +52,7 @@ ranked 3 or higher: Search Docker Hub for the term 'fedora' and only display automated images ranked 1 or higher: - $ docker search -s 1 -t fedora + $ docker search -s 1 fedora NAME DESCRIPTION STARS OFFICIAL AUTOMATED goldmann/wildfly A WildFly application server running on a ... 3 [OK] tutum/fedora-20 Fedora 20 image with SSH access. For the r... 1 [OK] From 70ccdf0b49a6266a766321b439a9b4e55e0e1471 Mon Sep 17 00:00:00 2001 From: Mrunal Patel Date: Wed, 17 Jun 2015 16:25:53 -0400 Subject: [PATCH 022/398] Adds documentation for additional groups. Signed-off-by: Mrunal Patel --- docker-create.1.md | 4 ++++ docker-run.1.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/docker-create.1.md b/docker-create.1.md index 0bde6271e866..2badefa39e59 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -24,6 +24,7 @@ docker-create - Create a new container [**--entrypoint**[=*ENTRYPOINT*]] [**--env-file**[=*[]*]] [**--expose**[=*[]*]] +[**--group-add**[=*[]*]] [**-h**|**--hostname**[=*HOSTNAME*]] [**--help**] [**-i**|**--interactive**[=*false*]] @@ -129,6 +130,9 @@ two memory nodes. **--expose**=[] Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host +**--group-add**=[] + Add additional groups to run as + **-h**, **--hostname**="" Container host name diff --git a/docker-run.1.md b/docker-run.1.md index cdecee846196..0d98de85b670 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -25,6 +25,7 @@ docker-run - Run a command in a new container [**--entrypoint**[=*ENTRYPOINT*]] [**--env-file**[=*[]*]] [**--expose**[=*[]*]] +[**--group-add**[=*[]*]] [**-h**|**--hostname**[=*HOSTNAME*]] [**--help**] [**-i**|**--interactive**[=*false*]] @@ -216,6 +217,9 @@ ENTRYPOINT. **--expose**=[] Expose a port, or a range of ports (e.g. --expose=3300-3310), from the container without publishing it to your host +**--group-add**=[] + Add additional groups to run as + **-h**, **--hostname**="" Container host name From 54d217486ea6829d3b661f8dca6a415fc929e8db Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Wed, 1 Jul 2015 11:15:17 -0400 Subject: [PATCH 023/398] Modify man pages for image-naming This PR adds recommendations in man pages to use only [a-z0-9-_.] when naming and tagging images. The purpose of this is to add consistency and to make image naming caps rules seem less arbitrary. This PR addresses confusion with: 1. BaseImage:Tagged (not allowed) 2. baseimage:Tagged (allowed) 3. baseimage/tagged:V1 (allowed) 4. baseimage/Tagged:V1 (not allowed) Signed-off-by: Sally O'Malley --- docker-build.1.md | 7 ++++--- docker-commit.1.md | 4 ++++ docker-push.1.md | 5 +++-- docker-tag.1.md | 3 ++- 4 files changed, 13 insertions(+), 6 deletions(-) diff --git a/docker-build.1.md b/docker-build.1.md index 94bea5d2c154..2d9e694d4368 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -171,8 +171,8 @@ instruction into the specified target. ## Building an image and naming that image -A good practice is to give a name to the image you are building. There are -no hard rules here but it is best to give the names consideration. +A good practice is to give a name to the image you are building. Note that +only a-z0-9-_. should be used for consistency. There are no hard rules here but it is best to give the names consideration. The **-t**/**--tag** flag is used to rename an image. Here are some examples: @@ -190,7 +190,7 @@ and give it the version 1.0: The next example is for the "whenry" user repository and uses Fedora and JBoss and gives it the version 2.1 : - docker build -t whenry/fedora-jboss:V2.1 + docker build -t whenry/fedora-jboss:v2.1 If you do not provide a version tag then Docker will assign `latest`: @@ -229,3 +229,4 @@ Note: supported compression formats are 'xz', 'bzip2', 'gzip' and 'identity' (no March 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. June 2014, updated by Sven Dowideit +June 2015, updated by Sally O'Malley diff --git a/docker-commit.1.md b/docker-commit.1.md index bc813ae71b02..329bc0c66302 100644 --- a/docker-commit.1.md +++ b/docker-commit.1.md @@ -50,6 +50,9 @@ create a new image run `docker ps` to find the container's ID and then run: # docker commit -m="Added Apache to Fedora base image" \ -a="A D Ministrator" 98bd7fc99854 fedora/fedora_httpd:20 +Note that only a-z0-9-_. are allowed when naming images from an +existing container. + ## Apply specified Dockerfile instructions while committing the image If an existing container was created without the DEBUG environment variable set to "true", you can create a new image based on that @@ -64,3 +67,4 @@ based on docker.com source material and in June 2014, updated by Sven Dowideit July 2014, updated by Sven Dowideit Oct 2014, updated by Daniel, Dao Quang Minh +June 2015, updated by Sally O'Malley diff --git a/docker-push.1.md b/docker-push.1.md index b51bf5d281a9..cf4bc255f19b 100644 --- a/docker-push.1.md +++ b/docker-push.1.md @@ -24,7 +24,8 @@ specify a `REGISTRY_HOST`, the command uses Docker's public registry located at # Pushing a new image to a registry First save the new image by finding the container ID (using **docker ps**) -and then committing it to a new image name: +and then committing it to a new image name. Note that only a-z0-9-_. are +allowed when naming images: # docker commit c16378f943fe rhel-httpd @@ -48,4 +49,4 @@ April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. June 2014, updated by Sven Dowideit April 2015, updated by Mary Anthony for v2 - +June 2015, updated by Sally O'Malley diff --git a/docker-tag.1.md b/docker-tag.1.md index 898ecd8a1caa..5bdc9d9b68bb 100644 --- a/docker-tag.1.md +++ b/docker-tag.1.md @@ -34,6 +34,7 @@ separated by a ':' **TAG** The tag you are assigning to the image. Though this is arbitrary it is recommended to be used for a version to distinguish images with the same name. +Also, for consistency tags should only include a-z0-9-_. . Note that here TAG is a part of the overall name or "tag". # OPTIONS @@ -62,4 +63,4 @@ based on docker.com source material and internal work. June 2014, updated by Sven Dowideit July 2014, updated by Sven Dowideit April 2015, updated by Mary Anthony for v2 - +June 2015, updated by Sally O'Malley From 19c4c193259d967813c8a21adc0854793e5d145d Mon Sep 17 00:00:00 2001 From: Patrick Hemmer Date: Thu, 25 Jun 2015 21:25:41 -0400 Subject: [PATCH 024/398] add --format flag to `docker version` Signed-off-by: Patrick Hemmer --- docker-version.1.md | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/docker-version.1.md b/docker-version.1.md index ffdd48e70bc8..04ae3464f847 100644 --- a/docker-version.1.md +++ b/docker-version.1.md @@ -6,19 +6,25 @@ docker-version - Show the Docker version information. # SYNOPSIS **docker version** +[**--help**] +[**-f**|**--format**[=*FORMAT*]] # DESCRIPTION This command displays version information for both the Docker client and daemon. # OPTIONS -There are no available options. +**--help** + Print usage statement + +**-f**, **--format**="" + Format the output using the given go template. # EXAMPLES ## Display Docker version information -Here is a sample output: +The default output: $ docker version Client: @@ -36,7 +42,21 @@ Here is a sample output: Git commit: f5bae0a Built: Tue Jun 23 17:56:00 UTC 2015 OS/Arch: linux/amd64 + +Get server version: + + $ docker version --format '{{.Server.Version}}' + 1.8.0 + +Dump raw data: + +To view all available fields, you can use the format `{{json .}}`. + + $ docker version --format '{{json .}}' + {"Client":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"},"ServerOK":true,"Server":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","KernelVersion":"3.13.2-gentoo","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"}} + # HISTORY June 2014, updated by Sven Dowideit June 2015, updated by John Howard +June 2015, updated by Patrick Hemmer Date: Tue, 14 Jul 2015 09:26:59 +0800 Subject: [PATCH 025/398] Docs: fix commandline doc create.md and run.md Signed-off-by: Qiang Huang --- docker-create.1.md | 18 +++++++++++------- docker-run.1.md | 18 +++++++++++------- 2 files changed, 22 insertions(+), 14 deletions(-) diff --git a/docker-create.1.md b/docker-create.1.md index 2badefa39e59..fb70cabf4af3 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -12,14 +12,15 @@ docker-create - Create a new container [**-c**|**--cpu-shares**[=*0*]] [**--cap-add**[=*[]*]] [**--cap-drop**[=*[]*]] +[**--cgroup-parent**[=*CGROUP-PATH*]] [**--cidfile**[=*CIDFILE*]] [**--cpu-period**[=*0*]] +[**--cpu-quota**[=*0*]] [**--cpuset-cpus**[=*CPUSET-CPUS*]] [**--cpuset-mems**[=*CPUSET-MEMS*]] -[**--cpu-quota**[=*0*]] [**--device**[=*[]*]] -[**--dns-search**[=*[]*]] [**--dns**[=*[]*]] +[**--dns-search**[=*[]*]] [**-e**|**--env**[=*[]*]] [**--entrypoint**[=*ENTRYPOINT*]] [**--env-file**[=*[]*]] @@ -32,30 +33,30 @@ docker-create - Create a new container [**-l**|**--label**[=*[]*]] [**--label-file**[=*[]*]] [**--link**[=*[]*]] -[**--lxc-conf**[=*[]*]] [**--log-driver**[=*[]*]] [**--log-opt**[=*[]*]] +[**--lxc-conf**[=*[]*]] [**-m**|**--memory**[=*MEMORY*]] -[**--memory-swap**[=*MEMORY-SWAP*]] [**--mac-address**[=*MAC-ADDRESS*]] +[**--memory-swap**[=*MEMORY-SWAP*]] +[**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] [**--name**[=*NAME*]] [**--net**[=*"bridge"*]] [**--oom-kill-disable**[=*false*]] [**-P**|**--publish-all**[=*false*]] [**-p**|**--publish**[=*[]*]] [**--pid**[=*[]*]] -[**--uts**[=*[]*]] [**--privileged**[=*false*]] [**--read-only**[=*false*]] [**--restart**[=*RESTART*]] [**--security-opt**[=*[]*]] -[**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] [**-t**|**--tty**[=*false*]] [**-u**|**--user**[=*USER*]] +[**--ulimit**[=*[]*]] +[**--uts**[=*[]*]] [**-v**|**--volume**[=*[]*]] [**--volumes-from**[=*[]*]] [**-w**|**--workdir**[=*WORKDIR*]] -[**--cgroup-parent**[=*CGROUP-PATH*]] IMAGE [COMMAND] [ARG...] # DESCRIPTION @@ -239,6 +240,9 @@ This value should always larger than **-m**, so you should always use this with **-u**, **--user**="" Username or UID +**--ulimit**=[] + Ulimit options + **-v**, **--volume**=[] Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) diff --git a/docker-run.1.md b/docker-run.1.md index 0d98de85b670..d48e41257387 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -12,15 +12,16 @@ docker-run - Run a command in a new container [**-c**|**--cpu-shares**[=*0*]] [**--cap-add**[=*[]*]] [**--cap-drop**[=*[]*]] +[**--cgroup-parent**[=*CGROUP-PATH*]] [**--cidfile**[=*CIDFILE*]] [**--cpu-period**[=*0*]] +[**--cpu-quota**[=*0*]] [**--cpuset-cpus**[=*CPUSET-CPUS*]] [**--cpuset-mems**[=*CPUSET-MEMS*]] [**-d**|**--detach**[=*false*]] -[**--cpu-quota**[=*0*]] [**--device**[=*[]*]] -[**--dns-search**[=*[]*]] [**--dns**[=*[]*]] +[**--dns-search**[=*[]*]] [**-e**|**--env**[=*[]*]] [**--entrypoint**[=*ENTRYPOINT*]] [**--env-file**[=*[]*]] @@ -33,32 +34,32 @@ docker-run - Run a command in a new container [**-l**|**--label**[=*[]*]] [**--label-file**[=*[]*]] [**--link**[=*[]*]] -[**--lxc-conf**[=*[]*]] [**--log-driver**[=*[]*]] [**--log-opt**[=*[]*]] +[**--lxc-conf**[=*[]*]] [**-m**|**--memory**[=*MEMORY*]] -[**--memory-swap**[=*MEMORY-SWAP*]] [**--mac-address**[=*MAC-ADDRESS*]] +[**--memory-swap**[=*MEMORY-SWAP*]] +[**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] [**--name**[=*NAME*]] [**--net**[=*"bridge"*]] [**--oom-kill-disable**[=*false*]] [**-P**|**--publish-all**[=*false*]] [**-p**|**--publish**[=*[]*]] [**--pid**[=*[]*]] -[**--uts**[=*[]*]] [**--privileged**[=*false*]] [**--read-only**[=*false*]] [**--restart**[=*RESTART*]] [**--rm**[=*false*]] [**--security-opt**[=*[]*]] [**--sig-proxy**[=*true*]] -[**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] [**-t**|**--tty**[=*false*]] [**-u**|**--user**[=*USER*]] [**-v**|**--volume**[=*[]*]] +[**--ulimit**[=*[]*]] +[**--uts**[=*[]*]] [**--volumes-from**[=*[]*]] [**-w**|**--workdir**[=*WORKDIR*]] -[**--cgroup-parent**[=*CGROUP-PATH*]] IMAGE [COMMAND] [ARG...] # DESCRIPTION @@ -397,6 +398,9 @@ standard input. Without this argument the command will be run as root in the container. +""--ulimit""=[] + Ulimit options + **-v**, **--volume**=[] Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) From 28a3a48a7beefc60b1d082fe6969cd9e33c6b31b Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Mon, 20 Jul 2015 11:46:50 -0400 Subject: [PATCH 026/398] Fix man pages Docker-DCO-1.1-Signed-off-by: Dan Walsh (github: rhatdan) --- docker-ps.1.md | 4 ++-- docker-pull.1.md | 1 + docker-search.1.md | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/docker-ps.1.md b/docker-ps.1.md index 6c7b18ee34b1..f60b5730399b 100644 --- a/docker-ps.1.md +++ b/docker-ps.1.md @@ -20,7 +20,7 @@ docker-ps - List containers # DESCRIPTION -List the containers in the local repository. By default this show only +List the containers in the local repository. By default this shows only the running containers. # OPTIONS @@ -28,7 +28,7 @@ the running containers. Show all containers. Only running containers are shown by default. The default is *false*. **--before**="" - Show only container created before Id or Name, include non-running ones. + Show only containers created before Id or Name, including non-running containers. **--help** Print usage statement diff --git a/docker-pull.1.md b/docker-pull.1.md index 30a949e81ec4..5a2cd83ecf92 100644 --- a/docker-pull.1.md +++ b/docker-pull.1.md @@ -22,6 +22,7 @@ registry located at `registry-1.docker.io` by default. # OPTIONS **-a**, **--all-tags**=*true*|*false* Download all tagged images in the repository. The default is *false*. + **--help** Print usage statement diff --git a/docker-search.1.md b/docker-search.1.md index b65ff5fe7687..3eaefd068ada 100644 --- a/docker-search.1.md +++ b/docker-search.1.md @@ -14,7 +14,7 @@ TERM # DESCRIPTION -Search Docker Hub for an image with that matches the specified `TERM`. The table +Search Docker Hub for images that match the specified `TERM`. The table of images returned displays the name, description (truncated by default), number of stars awarded, whether the image is official, and whether it is automated. From ce43855146f600bc47c93c2da8bdb29459e4e10b Mon Sep 17 00:00:00 2001 From: David Calavera Date: Fri, 1 May 2015 14:23:27 -0700 Subject: [PATCH 027/398] Docker ps custom formatting. Docker-DCO-1.1-Signed-off-by: David Calavera --- docker-ps.1.md | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/docker-ps.1.md b/docker-ps.1.md index f60b5730399b..25032a47c78a 100644 --- a/docker-ps.1.md +++ b/docker-ps.1.md @@ -16,6 +16,7 @@ docker-ps - List containers [**-q**|**--quiet**[=*false*]] [**-s**|**--size**[=*false*]] [**--since**[=*SINCE*]] +[**-F**|**--format**=*"TEMPLATE"*] # DESCRIPTION @@ -59,6 +60,20 @@ the running containers. **--since**="" Show only containers created since Id or Name, include non-running ones. +**-F**, **--format**=*"TEMPLATE"* + Pretty-print containers using a Go template. + Valid placeholders: + .ID - Container ID + .Image - Image ID + .Command - Quoted command + .CreatedAt - Time when the container was created. + .RunningFor - Elapsed time since the container was started. + .Ports - Exposed ports. + .Status - Container status. + .Size - Container disk size. + .Labels - All labels asigned to the container. + .Label - Value of a specific label for this container. For example `{{.Label "com.docker.swarm.cpu"}}` + # EXAMPLES # Display all containers, including non-running @@ -82,6 +97,32 @@ the running containers. # docker ps -a -q --filter=name=determined_torvalds c1d3b0166030 +# Display containers with their commands + + # docker ps --format "{{.ID}}: {{.Command}}" + a87ecb4f327c: /bin/sh -c #(nop) MA + 01946d9d34d8: /bin/sh -c #(nop) MA + c1d3b0166030: /bin/sh -c yum -y up + 41d50ecd2f57: /bin/sh -c #(nop) MA + +# Display containers with their labels in a table + + # docker ps --format "table {{.ID}}\t{{.Labels}}" + CONTAINER ID LABELS + a87ecb4f327c com.docker.swarm.node=ubuntu,com.docker.swarm.storage=ssd + 01946d9d34d8 + c1d3b0166030 com.docker.swarm.node=debian,com.docker.swarm.cpu=6 + 41d50ecd2f57 com.docker.swarm.node=fedora,com.docker.swarm.cpu=3,com.docker.swarm.storage=ssd + +# Display containers with their node label in a table + + # docker ps --format 'table {{.ID}}\t{{(.Label "com.docker.swarm.node")}}' + CONTAINER ID NODE + a87ecb4f327c ubuntu + 01946d9d34d8 + c1d3b0166030 debian + 41d50ecd2f57 fedora + # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. From adf733584e79680c0968faa352f0b97d816fff25 Mon Sep 17 00:00:00 2001 From: Lei Date: Tue, 21 Jul 2015 20:46:31 +0800 Subject: [PATCH 028/398] Docs: update the devicemapper default basesize from 10G to 100G Signed-off-by: Lei Jitang --- docker.1.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker.1.md b/docker.1.md index 25c799a0b58a..96f62bd2c621 100644 --- a/docker.1.md +++ b/docker.1.md @@ -342,9 +342,9 @@ Example use: `docker -d --storage-opt dm.thinpooldev=/dev/mapper/thin-pool` #### dm.basesize Specifies the size to use when creating the base device, which limits -the size of images and containers. The default value is 10G. Note, -thin devices are inherently "sparse", so a 10G device which is mostly -empty doesn't use 10 GB of space on the pool. However, the filesystem +the size of images and containers. The default value is 100G. Note, +thin devices are inherently "sparse", so a 100G device which is mostly +empty doesn't use 100 GB of space on the pool. However, the filesystem will use more space for base images the larger the device is. From 6147f3fca14f1ec743b59f62d214099a32fde535 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Tue, 21 Jul 2015 10:42:02 -0400 Subject: [PATCH 029/398] Bump go-md2man to 1.0.3 Fixes an issue with curly braces being escaped when they should not be. This was particularly an issue in places where `--format '{{ ... }}'` is used in the man docs. Signed-off-by: Brian Goff --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 33e515d85cbe..af2319524b5e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ FROM golang:1.4 RUN mkdir -p /go/src/github.com/cpuguy83 RUN mkdir -p /go/src/github.com/cpuguy83 \ - && git clone -b v1.0.1 https://github.com/cpuguy83/go-md2man.git /go/src/github.com/cpuguy83/go-md2man \ + && git clone -b v1.0.3 https://github.com/cpuguy83/go-md2man.git /go/src/github.com/cpuguy83/go-md2man \ && cd /go/src/github.com/cpuguy83/go-md2man \ && go get -v ./... CMD ["/go/bin/go-md2man", "--help"] From cc72c998ce7e0b9f159879990fa4c3320d26949d Mon Sep 17 00:00:00 2001 From: Josh Hawn Date: Fri, 15 May 2015 11:35:41 -0700 Subject: [PATCH 030/398] docs: Updated for docker cp and its API changes Documented changes to API to enable new `docker cp` behavior. Added documentation on `docker cp` usage and behavior. Docker-DCO-1.1-Signed-off-by: Josh Hawn (github: jlhawn) --- docker-cp.1.md | 151 +++++++++++++++++++++++++++++++++++++------------ 1 file changed, 116 insertions(+), 35 deletions(-) diff --git a/docker-cp.1.md b/docker-cp.1.md index 3cd203a83df2..fe1cd9c9cc60 100644 --- a/docker-cp.1.md +++ b/docker-cp.1.md @@ -2,69 +2,150 @@ % Docker Community % JUNE 2014 # NAME -docker-cp - Copy files or folders from a container's PATH to a HOSTDIR -or to STDOUT. +docker-cp - Copy files/folders between a container and the local filesystem. # SYNOPSIS **docker cp** [**--help**] -CONTAINER:PATH HOSTDIR|- +CONTAINER:PATH LOCALPATH|- +LOCALPATH|- CONTAINER:PATH # DESCRIPTION -Copy files or folders from a `CONTAINER:PATH` to the `HOSTDIR` or to `STDOUT`. -The `CONTAINER:PATH` is relative to the root of the container's filesystem. You -can copy from either a running or stopped container. +In the first synopsis form, the `docker cp` utility copies the contents of +`PATH` from the filesystem of `CONTAINER` to the `LOCALPATH` (or stream as +a tar archive to `STDOUT` if `-` is specified). -The `PATH` can be a file or directory. The `docker cp` command assumes all -`PATH` values start at the `/` (root) directory. This means supplying the -initial forward slash is optional; The command sees +In the second synopsis form, the contents of `LOCALPATH` (or a tar archive +streamed from `STDIN` if `-` is specified) are copied from the local machine to +`PATH` in the filesystem of `CONTAINER`. + +You can copy to or from either a running or stopped container. The `PATH` can +be a file or directory. The `docker cp` command assumes all `CONTAINER:PATH` +values are relative to the `/` (root) directory of the container. This means +supplying the initial forward slash is optional; The command sees `compassionate_darwin:/tmp/foo/myfile.txt` and -`compassionate_darwin:tmp/foo/myfile.txt` as identical. +`compassionate_darwin:tmp/foo/myfile.txt` as identical. If a `LOCALPATH` value +is not absolute, is it considered relative to the current working directory. + +Behavior is similar to the common Unix utility `cp -a` in that directories are +copied recursively with permissions preserved if possible. Ownership is set to +the user and primary group on the receiving end of the transfer. For example, +files copied to a container will be created with `UID:GID` of the root user. +Files copied to the local machine will be created with the `UID:GID` of the +user which invoked the `docker cp` command. + +Assuming a path separator of `/`, a first argument of `SRC_PATH` and second +argument of `DST_PATH`, the behavior is as follows: + +- `SRC_PATH` specifies a file + - `DST_PATH` does not exist + - the file is saved to a file created at `DST_PATH` + - `DST_PATH` does not exist and ends with `/` + - Error condition: the destination directory must exist. + - `DST_PATH` exists and is a file + - the destination is overwritten with the contents of the source file + - `DST_PATH` exists and is a directory + - the file is copied into this directory using the basename from + `SRC_PATH` +- `SRC_PATH` specifies a directory + - `DST_PATH` does not exist + - `DST_PATH` is created as a directory and the *contents* of the source + directory are copied into this directory + - `DST_PATH` exists and is a file + - Error condition: cannot copy a directory to a file + - `DST_PATH` exists and is a directory + - `SRC_PATH` does not end with `/.` + - the source directory is copied into this directory + - `SRC_PAPTH` does end with `/.` + - the *content* of the source directory is copied into this + directory + +The command requires `SRC_PATH` and `DST_PATH` to exist according to the above +rules. If `SRC_PATH` is local and is a symbolic link, the symbolic link, not +the target, is copied. + +A colon (`:`) is used as a delimiter between `CONTAINER` and `PATH`, but `:` +could also be in a valid `LOCALPATH`, like `file:name.txt`. This ambiguity is +resolved by requiring a `LOCALPATH` with a `:` to be made explicit with a +relative or absolute path, for example: + + `/path/to/file:name.txt` or `./file:name.txt` + +It is not possible to copy certain system files such as resources under +`/proc`, `/sys`, `/dev`, and mounts created by the user in the container. + +Using `-` as the first argument in place of a `LOCALPATH` will stream the +contents of `STDIN` as a tar archive which will be extracted to the `PATH` in +the filesystem of the destination container. In this case, `PATH` must specify +a directory. + +Using `-` as the second argument in place of a `LOCALPATH` will stream the +contents of the resource from the source container as a tar archive to +`STDOUT`. + +# OPTIONS +**--help** + Print usage statement + +# EXAMPLES + +Suppose a container has finished producing some output as a file it saves +to somewhere in its filesystem. This could be the output of a build job or +some other computation. You can copy these outputs from the container to a +location on your local host. -The `HOSTDIR` refers to a directory on the host. If you do not specify an -absolute path for your `HOSTDIR` value, Docker creates the directory relative to -where you run the `docker cp` command. For example, suppose you want to copy the -`/tmp/foo` directory from a container to the `/tmp` directory on your host. If -you run `docker cp` in your `~` (home) directory on the host: +If you want to copy the `/tmp/foo` directory from a container to the +existing `/tmp` directory on your host. If you run `docker cp` in your `~` +(home) directory on the local host: $ docker cp compassionate_darwin:tmp/foo /tmp Docker creates a `/tmp/foo` directory on your host. Alternatively, you can omit -the leading slash in the command. If you execute this command from your home directory: +the leading slash in the command. If you execute this command from your home +directory: $ docker cp compassionate_darwin:tmp/foo tmp -Docker creates a `~/tmp/foo` subdirectory. +If `~/tmp` does not exist, Docker will create it and copy the contents of +`/tmp/foo` from the container into this new directory. If `~/tmp` already +exists as a directory, then Docker will copy the contents of `/tmp/foo` from +the container into a directory at `~/tmp/foo`. -When copying files to an existing `HOSTDIR`, the `cp` command adds the new files to -the directory. For example, this command: +When copying a single file to an existing `LOCALPATH`, the `docker cp` command +will either overwrite the contents of `LOCALPATH` if it is a file or place it +into `LOCALPATH` if it is a directory, overwriting an existing file of the same +name if one exists. For example, this command: - $ docker cp sharp_ptolemy:/tmp/foo/myfile.txt /tmp + $ docker cp sharp_ptolemy:/tmp/foo/myfile.txt /test -Creates a `/tmp/foo` directory on the host containing the `myfile.txt` file. If -you repeat the command but change the filename: +If `/test` does not exist on the local machine, it will be created as a file +with the contents of `/tmp/foo/myfile.txt` from the container. If `/test` +exists as a file, it will be overwritten. Lastly, if `/tmp` exists as a +directory, the file will be copied to `/test/myfile.txt`. - $ docker cp sharp_ptolemy:/tmp/foo/secondfile.txt /tmp +Next, suppose you want to copy a file or folder into a container. For example, +this could be a configuration file or some other input to a long running +computation that you would like to place into a created container before it +starts. This is useful because it does not require the configuration file or +other input to exist in the container image. -Your host's `/tmp/foo` directory will contain both files: +If you have a file, `config.yml`, in the current directory on your local host +and wish to copy it to an existing directory at `/etc/my-app.d` in a container, +this command can be used: - $ ls /tmp/foo - myfile.txt secondfile.txt - -Finally, use '-' to write the data as a `tar` file to STDOUT. + $ docker cp config.yml myappcontainer:/etc/my-app.d -# OPTIONS -**--help** - Print usage statement +If you have several files in a local directory `/config` which you need to copy +to a directory `/etc/my-app.d` in a container: -# EXAMPLES -An important shell script file, created in a bash shell, is copied from -the exited container to the current dir on the host: + $ docker cp /config/. myappcontainer:/etc/my-app.d - # docker cp c071f3c3ee81:setup.sh . +The above command will copy the contents of the local `/config` directory into +the directory `/etc/my-app.d` in the container. # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. June 2014, updated by Sven Dowideit +May 2015, updated by Josh Hawn From 7763efd12f7c4f91b2f85d33e9f5bb2c38405ea8 Mon Sep 17 00:00:00 2001 From: David Calavera Date: Wed, 3 Jun 2015 12:21:38 -0700 Subject: [PATCH 031/398] Expose new mount points structs in inspect. Keep old hashes around for old api version calls. Signed-off-by: David Calavera --- docker-inspect.1.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/docker-inspect.1.md b/docker-inspect.1.md index 1860480ea870..d423431944d2 100644 --- a/docker-inspect.1.md +++ b/docker-inspect.1.md @@ -95,8 +95,14 @@ To get information on a container use its ID or instance name: "ExecDriver": "native-0.2", "MountLabel": "", "ProcessLabel": "", - "Volumes": {}, - "VolumesRW": {}, + "Mounts": [ + { + "Source": "/data", + "Destination": "/data", + "Mode": "ro,Z", + "RW": false + } + ], "AppArmorProfile": "", "ExecIDs": null, "HostConfig": { From 0eff8102f26be2cabac92a681a97e0de188f717e Mon Sep 17 00:00:00 2001 From: Phil Estes Date: Fri, 17 Jul 2015 00:03:16 -0400 Subject: [PATCH 032/398] ps --format: Add config.js doc, fix gofmt, add integration tests Re-add the docs from @calavera's PR to the moved cli cmd reference docs. Fix gofmt and vet issues from carried commits Add integration test for using format with --no-trunc and multi-names Fix custom_test map order dependency on expected value check Add docs to reference/commandline/ps.md Remove "-F" flag option from original carried PR content Docker-DCO-1.1-Signed-off-by: Phil Estes (github: estesp) --- docker-ps.1.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-ps.1.md b/docker-ps.1.md index 25032a47c78a..0fdf7ccc9384 100644 --- a/docker-ps.1.md +++ b/docker-ps.1.md @@ -16,7 +16,7 @@ docker-ps - List containers [**-q**|**--quiet**[=*false*]] [**-s**|**--size**[=*false*]] [**--since**[=*SINCE*]] -[**-F**|**--format**=*"TEMPLATE"*] +[**--format**=*"TEMPLATE"*] # DESCRIPTION @@ -60,7 +60,7 @@ the running containers. **--since**="" Show only containers created since Id or Name, include non-running ones. -**-F**, **--format**=*"TEMPLATE"* +**--format**=*"TEMPLATE"* Pretty-print containers using a Go template. Valid placeholders: .ID - Container ID From 889ddd121b3231cce0b87d6d78f2e683c8df35a6 Mon Sep 17 00:00:00 2001 From: Lei Date: Thu, 23 Jul 2015 10:26:06 +0800 Subject: [PATCH 033/398] Add ulimit to docker build. Signed-off-by: Lei Jitang --- docker-build.1.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docker-build.1.md b/docker-build.1.md index 2d9e694d4368..a8714b775acc 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -22,6 +22,7 @@ docker-build - Build a new image from the source code at PATH [**--cpuset-cpus**[=*CPUSET-CPUS*]] [**--cpuset-mems**[=*CPUSET-MEMS*]] [**--cgroup-parent**[=*CGROUP-PARENT*]] +[**--ulimit**[=*[]*]] PATH | URL | - @@ -142,6 +143,12 @@ two memory nodes. If the path is not absolute, the path is considered relative to the `cgroups` path of the init process. Cgroups are created if they do not already exist. +**--ulimit**=[] + Ulimit options + + For more information about `ulimit` see [Setting ulimits in a +container](https://docs.docker.com/reference/commandline/run/#setting-ulimits-in-a-container) + # EXAMPLES ## Building an image using a Dockerfile located inside the current directory From 7ac6f44b82a3065930c5e13ab95c84669850101c Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Fri, 24 Jul 2015 13:39:29 -0700 Subject: [PATCH 034/398] Carry man page for 14637 Signed-off-by: Mary Anthony --- docker-load.1.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker-load.1.md b/docker-load.1.md index 1a43a5e0d994..508ab6bbb9ba 100644 --- a/docker-load.1.md +++ b/docker-load.1.md @@ -20,7 +20,7 @@ Restores both images and tags. Print usage statement **-i**, **--input**="" - Read from a tar archive file, instead of STDIN + Read from a tar archive file, instead of STDIN. The tarball may be compressed with gzip, bzip, or xz. # EXAMPLES @@ -43,3 +43,4 @@ Restores both images and tags. April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. June 2014, updated by Sven Dowideit +July 2015 update by Mary Anthony From 1eede1be31e6d261451041bb827d9716022d468c Mon Sep 17 00:00:00 2001 From: Denis Ollier Date: Sun, 26 Jul 2015 04:18:48 +0200 Subject: [PATCH 035/398] Fix docker-rm man page formatting Signed-off-by: Denis Ollier --- docker-rm.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-rm.1.md b/docker-rm.1.md index 82850a395a57..5753cb1cd7f8 100644 --- a/docker-rm.1.md +++ b/docker-rm.1.md @@ -15,7 +15,7 @@ CONTAINER [CONTAINER...] **docker rm** will remove one or more containers from the host node. The container name or ID can be used. This does not remove images. You cannot -remove a running container unless you use the \fB-f\fR option. To see all +remove a running container unless you use the **-f** option. To see all containers on a host use the **docker ps -a** command. # OPTIONS From 11946ee6a753b548f10b1c856724222b41e94cee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Otto=20Kek=C3=A4l=C3=A4inen?= Date: Wed, 29 Jul 2015 14:12:57 +0300 Subject: [PATCH 036/398] Multiple fixes to 'docker stats' output: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add space between values in docker stats output for easier parsing Old output could not be parsed easily because there were columns that did not have any separator. Also values that are together without any space is difficult to read even for humans. * Update unit.HumanSize comment to match what the does actually does Signed-off-by: Otto Kekäläinen --- docker-stats.1.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/docker-stats.1.md b/docker-stats.1.md index 4b4858855956..08502f44a555 100644 --- a/docker-stats.1.md +++ b/docker-stats.1.md @@ -25,7 +25,6 @@ Display a live stream of one or more containers' resource usage statistics Run **docker stats** with multiple containers. $ docker stats redis1 redis2 - CONTAINER CPU % MEM USAGE/LIMIT MEM % NET I/O - redis1 0.07% 796 KB/64 MB 1.21% 788 B/648 B - redis2 0.07% 2.746 MB/64 MB 4.29% 1.266 KB/648 B - + CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O + redis1 0.07% 796 KB / 64 MB 1.21% 788 B / 648 B + redis2 0.07% 2.746 MB / 64 MB 4.29% 1.266 KB / 648 B From d74ee82e6b9d0465983a77afd4c97d916a0f7f8c Mon Sep 17 00:00:00 2001 From: Zhang Wei Date: Sun, 26 Jul 2015 16:14:00 +0800 Subject: [PATCH 037/398] Docker stats: display Block IO stats Signed-off-by: Zhang Wei --- docker-stats.1.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker-stats.1.md b/docker-stats.1.md index 08502f44a555..b8dd119138d2 100644 --- a/docker-stats.1.md +++ b/docker-stats.1.md @@ -25,6 +25,6 @@ Display a live stream of one or more containers' resource usage statistics Run **docker stats** with multiple containers. $ docker stats redis1 redis2 - CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O - redis1 0.07% 796 KB / 64 MB 1.21% 788 B / 648 B - redis2 0.07% 2.746 MB / 64 MB 4.29% 1.266 KB / 648 B + CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O + redis1 0.07% 796 KB / 64 MB 1.21% 788 B / 648 B 3.568 MB / 512 KB + redis2 0.07% 2.746 MB / 64 MB 4.29% 1.266 KB / 648 B 12.4 MB / 0 B From 31b71861797ae3eec45d390c8800eb9bb7d9babf Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Mon, 3 Aug 2015 12:51:10 -0400 Subject: [PATCH 038/398] Typo fix: man/docker-tag.1.md Signed-off-by: Sally O'Malley --- docker-tag.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-tag.1.md b/docker-tag.1.md index 5bdc9d9b68bb..1a4a4a145dde 100644 --- a/docker-tag.1.md +++ b/docker-tag.1.md @@ -52,7 +52,7 @@ tagging it into the "fedora" repository with "version1.0": ## Tagging an image for a private repository -To push an image to an private registry and not the central Docker +To push an image to a private registry and not the central Docker registry you must tag it with the registry hostname and port (if needed). docker tag 0e5574283393 myregistryhost:5000/fedora/httpd:version1.0 From 720ba8fa3eaacc26d9476a8ed8d720ce31706b02 Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Mon, 3 Aug 2015 12:36:37 -0400 Subject: [PATCH 039/398] make man/docker.1.md consistent with docker --help "Options:" listed when you run "docker --help" and "docker daemon --help" do not match the options listed in "man/docker.1.md". This PR makes 'docker --help', 'docker daemon --help' and 'man docker' consistent. Also 2 typo fixes. Signed-off-by: Sally O'Malley --- docker.1.md | 32 +++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) diff --git a/docker.1.md b/docker.1.md index 96f62bd2c621..898ff08a56a0 100644 --- a/docker.1.md +++ b/docker.1.md @@ -50,9 +50,15 @@ To see the man page for a command run **man docker **. **--default-gateway-v6**="" IPv6 address of the container default gateway +**--default-ulimit**=[] + Set default ulimits for containers. + **--dns**="" Force Docker to use specific DNS servers +**--dns-search**=[] + DNS search domains to use. + **-e**, **--exec-driver**="" Force Docker to use specific exec driver. Default is `native`. @@ -60,7 +66,7 @@ To see the man page for a command run **man docker **. Set exec driver options. See EXEC DRIVER OPTIONS. **--exec-root**="" - Path to use as the root of the Docker execdriver. Default is `/var/run/docker`. + Path to use as the root of the Docker exec driver. Default is `/var/run/docker`. **--fixed-cidr**="" IPv4 subnet for fixed IPs (e.g., 10.20.0.0/16); this subnet must be nested in the bridge subnet (which is defined by \-b or \-\-bip) @@ -83,6 +89,9 @@ unix://[/path/to/socket] to use. **--icc**=*true*|*false* Allow unrestricted inter\-container and Docker daemon host communication. If disabled, containers can still be linked together using **--link** option (see **docker-run(1)**). Default is true. +**--insecure-registry**=[] + Enable insecure registry communication. + **--ip**="" Default IP address to use when binding container ports. Default is `0.0.0.0`. @@ -131,10 +140,19 @@ unix://[/path/to/socket] to use. **--storage-opt**=[] Set storage driver options. See STORAGE DRIVER OPTIONS. -**-tls**=*true*|*false* +**--tls**=*true*|*false* Use TLS; implied by --tlsverify. Default is false. -**-tlsverify**=*true*|*false* +**--tlscacert**=~/.docker/ca.pem + Trust certs signed only by this CA. + +**--tlscert**=~/.docker/cert.pem + Path to TLS certificate file. + +**--tlskey**=~/.docker/key.pem + Path to TLS key file. + +**--tlsverify**=*true*|*false* Use TLS and verify the remote (daemon: verify client, client: verify daemon). Default is false. @@ -242,6 +260,10 @@ inside it) Push an image or a repository to a Docker Registry See **docker-push(1)** for full documentation on the **push** command. +**rename** + Rename a container. + See **docker-rename(1)** for full documentation on the **rename** command. + **restart** Restart a running container See **docker-restart(1)** for full documentation on the **restart** command. @@ -411,7 +433,7 @@ Example use: `docker -d --storage-opt dm.loopdatasize=200G` **Note**: This option configures devicemapper loopback, which should not be used in production. Specifies the size to use when creating the loopback file for the -"metadadata" device which is used for the thin pool. The default size +"metadata" device which is used for the thin pool. The default size is 2G. The file is sparse, so it will not initially take up this much space. @@ -473,7 +495,7 @@ When `udev` sync support is `true`, then `devicemapper` and `udev` can coordinate the activation and deactivation of devices for containers. When `udev` sync support is `false`, a race condition occurs between -the`devicemapper` and `udev` during create and cleanup. The race +the `devicemapper` and `udev` during create and cleanup. The race condition results in errors and failures. (For information on these failures, see [docker#4036](https://github.com/docker/docker/issues/4036)) From b1d9ea5a8cfa26604fa7e35e2f6e35b2f74dad63 Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Mon, 10 Aug 2015 20:48:08 +0800 Subject: [PATCH 040/398] Change all docker -d to docker daemon Signed-off-by: Qiang Huang --- docker.1.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/docker.1.md b/docker.1.md index 898ff08a56a0..dd38d74a50c9 100644 --- a/docker.1.md +++ b/docker.1.md @@ -359,7 +359,7 @@ feature include: automatic or interactive thin-pool resize support, dynamically changing thin-pool features, automatic thinp metadata checking when lvm activates the thin-pool, etc. -Example use: `docker -d --storage-opt dm.thinpooldev=/dev/mapper/thin-pool` +Example use: `docker daemon --storage-opt dm.thinpooldev=/dev/mapper/thin-pool` #### dm.basesize @@ -378,26 +378,26 @@ value requires additional steps to take effect: $ sudo rm -rf /var/lib/docker $ sudo service docker start -Example use: `docker -d --storage-opt dm.basesize=20G` +Example use: `docker daemon --storage-opt dm.basesize=20G` #### dm.fs Specifies the filesystem type to use for the base device. The supported options are `ext4` and `xfs`. The default is `ext4`. -Example use: `docker -d --storage-opt dm.fs=xfs` +Example use: `docker daemon --storage-opt dm.fs=xfs` #### dm.mkfsarg Specifies extra mkfs arguments to be used when creating the base device. -Example use: `docker -d --storage-opt "dm.mkfsarg=-O ^has_journal"` +Example use: `docker daemon --storage-opt "dm.mkfsarg=-O ^has_journal"` #### dm.mountopt Specifies extra mount options used when mounting the thin devices. -Example use: `docker -d --storage-opt dm.mountopt=nodiscard` +Example use: `docker daemon --storage-opt dm.mountopt=nodiscard` #### dm.use_deferred_removal @@ -415,7 +415,7 @@ the container exit still succeeds and this option causes the system to schedule the device for deferred removal. It does not wait in a loop trying to remove a busy device. -Example use: `docker -d --storage-opt dm.use_deferred_removal=true` +Example use: `docker daemon --storage-opt dm.use_deferred_removal=true` #### dm.loopdatasize @@ -426,7 +426,7 @@ Specifies the size to use when creating the loopback file for the 100G. The file is sparse, so it will not initially take up this much space. -Example use: `docker -d --storage-opt dm.loopdatasize=200G` +Example use: `docker daemon --storage-opt dm.loopdatasize=200G` #### dm.loopmetadatasize @@ -437,7 +437,7 @@ Specifies the size to use when creating the loopback file for the is 2G. The file is sparse, so it will not initially take up this much space. -Example use: `docker -d --storage-opt dm.loopmetadatasize=4G` +Example use: `docker daemon --storage-opt dm.loopmetadatasize=4G` #### dm.datadev @@ -460,7 +460,7 @@ deprecated. Specifies a custom blocksize to use for the thin pool. The default blocksize is 64K. -Example use: `docker -d --storage-opt dm.blocksize=512K` +Example use: `docker daemon --storage-opt dm.blocksize=512K` #### dm.blkdiscard @@ -474,7 +474,7 @@ times, but it also prevents the space used in `/var/lib/docker` directory from being returned to the system for other use when containers are removed. -Example use: `docker -d --storage-opt dm.blkdiscard=false` +Example use: `docker daemon --storage-opt dm.blkdiscard=false` #### dm.override_udev_sync_check @@ -503,7 +503,7 @@ failures, see To allow the `docker` daemon to start, regardless of whether `udev` sync is `false`, set `dm.override_udev_sync_check` to true: - $ docker -d --storage-opt dm.override_udev_sync_check=true + $ docker daemon --storage-opt dm.override_udev_sync_check=true When this value is `true`, the driver continues and simply warns you the errors are happening. From 0fe313780d4996183df3d406576116e230f66741 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 10 Aug 2015 07:07:50 -0700 Subject: [PATCH 041/398] Remove -h flag from completion and daemon reference All docker subcommands support `-h` as an alias for `--help` unless they have `-h` aliased to something else like `docker run`, which uses `-h` for `--hostname`. `-h` is not included in the help messages of the commands, though. It ist visible in * reference: only in `docker daemon` reference, see output of `grep -Rse --help=false docs` * man pages: only in `docker` man page see output of `grep -RF '**-h**' man` For consistency reasons, this commit removes `-h` as an alias for `--help` from the reference page, man page and the bash completion. Signed-off-by: Harald Albers --- docker.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker.1.md b/docker.1.md index dd38d74a50c9..20983f494c79 100644 --- a/docker.1.md +++ b/docker.1.md @@ -23,7 +23,7 @@ its own man page which explain usage and arguments. To see the man page for a command run **man docker **. # OPTIONS -**-h**, **--help** +**--help** Print usage statement **--api-cors-header**="" From 7d86a3de70574a930d591e7e361567b9c5981372 Mon Sep 17 00:00:00 2001 From: Tim Dettrick Date: Fri, 19 Jun 2015 16:01:50 +1000 Subject: [PATCH 042/398] Revert "Revert "Add docker exec run a command in privileged mode"" This reverts commit 40b71adee390e9c06471b89ed845132b4ec80177. Original commit (for which this is effectively a rebased version) is 72a500e9e5929b038816d8bd18d462a19e571c99 and was provided by Lei Jitang . Signed-off-by: Tim Dettrick --- docker-exec.1.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docker-exec.1.md b/docker-exec.1.md index c1de7b59ed9f..312fa397f5be 100644 --- a/docker-exec.1.md +++ b/docker-exec.1.md @@ -9,6 +9,7 @@ docker-exec - Run a command in a running container [**-d**|**--detach**[=*false*]] [**--help**] [**-i**|**--interactive**[=*false*]] +[**--privileged**[=*false*]] [**-t**|**--tty**[=*false*]] [**-u**|**--user**[=*USER*]] CONTAINER COMMAND [ARG...] @@ -33,6 +34,13 @@ container is unpaused, and then run **-i**, **--interactive**=*true*|*false* Keep STDIN open even if not attached. The default is *false*. +**--privileged**=*true*|*false* + Give extended privileges to the process to run in a running container. The default is *false*. + + By default, the process run by docker exec in a running container +have the same capabilities of the container. By setting --privileged will give +all the capabilities to the process. + **-t**, **--tty**=*true*|*false* Allocate a pseudo-TTY. The default is *false*. From 6f50fe5bcf3299d1ab623faef37455852a396a94 Mon Sep 17 00:00:00 2001 From: Tim Dettrick Date: Mon, 22 Jun 2015 13:06:07 +1000 Subject: [PATCH 043/398] Updated test to check for `exec --privileged` side-effects Also improving documentation for same feature as part of docker/docker#14113 docs review. Signed-off-by: Tim Dettrick --- docker-exec.1.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/docker-exec.1.md b/docker-exec.1.md index 312fa397f5be..5cfdb5434b06 100644 --- a/docker-exec.1.md +++ b/docker-exec.1.md @@ -16,7 +16,7 @@ CONTAINER COMMAND [ARG...] # DESCRIPTION -Run a process in a running container. +Run a process in a running container. The command started using `docker exec` will only run while the container's primary process (`PID 1`) is running, and will not be restarted if the container is restarted. @@ -35,11 +35,12 @@ container is unpaused, and then run Keep STDIN open even if not attached. The default is *false*. **--privileged**=*true*|*false* - Give extended privileges to the process to run in a running container. The default is *false*. + Give the process extended [Linux capabilities](http://man7.org/linux/man-pages/man7/capabilities.7.html) +when running in a container. The default is *false*. - By default, the process run by docker exec in a running container -have the same capabilities of the container. By setting --privileged will give -all the capabilities to the process. + Without this flag, the process run by `docker exec` in a running container has +the same capabilities as the container, which may be limited. Set +`--privileged` to give all capabilities to the process. **-t**, **--tty**=*true*|*false* Allocate a pseudo-TTY. The default is *false*. From 77ef5fe474dff6115fea6d0623622f1cb9375770 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Sat, 8 Aug 2015 15:58:48 +0200 Subject: [PATCH 044/398] Fix #8048 : make `docker images repository:tag` work Make command like "docker images ubuntu:14.04" work and filter out the image with the given tag. Closes #8048. Signed-off-by: Vincent Demeester --- docker-images.1.md | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/docker-images.1.md b/docker-images.1.md index 16dd86476741..de4fee05c9c4 100644 --- a/docker-images.1.md +++ b/docker-images.1.md @@ -12,7 +12,7 @@ docker-images - List images [**-f**|**--filter**[=*[]*]] [**--no-trunc**[=*false*]] [**-q**|**--quiet**[=*false*]] -[REPOSITORY] +[REPOSITORY[:TAG]] # DESCRIPTION This command lists the images stored in the local Docker repository. @@ -61,6 +61,22 @@ The list will contain the image repository name, a tag for the image, and an image ID, when it was created and its virtual size. Columns: REPOSITORY, TAG, IMAGE ID, CREATED, and VIRTUAL SIZE. +The `docker images` command takes an optional `[REPOSITORY[:TAG]]` argument +that restricts the list to images that match the argument. If you specify +`REPOSITORY`but no `TAG`, the `docker images` command lists all images in the +given repository. + + docker images java + +The `[REPOSITORY[:TAG]]` value must be an "exact match". This means that, for example, +`docker images jav` does not match the image `java`. + +If both `REPOSITORY` and `TAG` are provided, only images matching that +repository and tag are listed. To find all local images in the "java" +repository with tag "8" you can use: + + docker images java:8 + To get a verbose list of images which contains all the intermediate images used in builds use **-a**: From 8afd5aeaf7d7c2852e0e432d47196cb38153f2a0 Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Tue, 18 Aug 2015 08:16:57 -0400 Subject: [PATCH 045/398] fix SYNOPSIS alphabetical order man-create Signed-off-by: Sally O'Malley --- docker-create.1.md | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/docker-create.1.md b/docker-create.1.md index fb70cabf4af3..dd968400c807 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -88,12 +88,12 @@ The initial status of the container created with **docker create** is 'created'. **--cap-drop**=[] Drop Linux capabilities -**--cidfile**="" - Write the container ID to the file - **--cgroup-parent**="" Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist. +**--cidfile**="" + Write the container ID to the file + **--cpu-period**=0 Limit the CPU CFS (Completely Fair Scheduler) period @@ -107,18 +107,18 @@ The initial status of the container created with **docker create** is 'created'. then processes in your Docker container will only use memory from the first two memory nodes. -**-cpu-quota**=0 +**--cpu-quota**=0 Limit the CPU CFS (Completely Fair Scheduler) quota **--device**=[] Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) -**--dns-search**=[] - Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) - **--dns**=[] Set custom DNS servers +**--dns-search**=[] + Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) + **-e**, **--env**=[] Set environment variables @@ -126,7 +126,7 @@ two memory nodes. Overwrite the default ENTRYPOINT of the image **--env-file**=[] - Read in a line delimited file of environment variables + Read in a line-delimited file of environment variables **--expose**=[] Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host @@ -158,9 +158,6 @@ two memory nodes. Add link to another container in the form of :alias or just in which case the alias will match the name. -**--lxc-conf**=[] - (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" - **--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. **Warning**: `docker logs` command works only for `json-file` logging driver. @@ -168,6 +165,9 @@ two memory nodes. **--log-opt**=[] Logging driver specific options. +**--lxc-conf**=[] + (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" + **-m**, **--memory**="" Memory limit (format: , where unit = b, k, m or g) @@ -177,14 +177,17 @@ RAM. If a limit of 0 is specified (not using **-m**), the container's memory is not limited. The actual limit may be rounded up to a multiple of the operating system's page size (the value would be very large, that's millions of trillions). +**--mac-address**="" + Container MAC address (e.g. 92:d0:c6:0a:29:33) + **--memory-swap**="" Total memory limit (memory + swap) Set `-1` to disable swap (format: , where unit = b, k, m or g). This value should always larger than **-m**, so you should always use this with **-m**. -**--mac-address**="" - Container MAC address (e.g. 92:d0:c6:0a:29:33) +**--memory-swappiness**="" + Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. **--name**="" Assign a name to the container @@ -214,11 +217,6 @@ This value should always larger than **-m**, so you should always use this with **host**: use the host's PID namespace inside the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure. -**--uts**=host - Set the UTS mode for the container - **host**: use the host's UTS namespace inside the container. - Note: the host mode gives the container access to changing the host's hostname and is therefore considered insecure. - **--privileged**=*true*|*false* Give extended privileges to this container. The default is *false*. @@ -231,9 +229,6 @@ This value should always larger than **-m**, so you should always use this with **--security-opt**=[] Security Options -**--memory-swappiness**="" - Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. - **-t**, **--tty**=*true*|*false* Allocate a pseudo-TTY. The default is *false*. @@ -243,6 +238,11 @@ This value should always larger than **-m**, so you should always use this with **--ulimit**=[] Ulimit options +**--uts**=host + Set the UTS mode for the container + **host**: use the host's UTS namespace inside the container. + Note: the host mode gives the container access to changing the host's hostname and is therefore considered insecure. + **-v**, **--volume**=[] Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) From 2a67a1e24604ed03da109b8ad96448e631aaa9bb Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Tue, 18 Aug 2015 07:47:54 -0400 Subject: [PATCH 046/398] typo man-inspect Signed-off-by: Sally O'Malley --- docker-inspect.1.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker-inspect.1.md b/docker-inspect.1.md index d423431944d2..5aaa1ca83a17 100644 --- a/docker-inspect.1.md +++ b/docker-inspect.1.md @@ -23,7 +23,7 @@ each result. Print usage statement **-f**, **--format**="" - Format the output using the given go template. + Format the output using the given Go template. **--type**=*container*|*image* Return JSON for specified type, permissible values are "image" or "container" @@ -201,8 +201,8 @@ output: {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' d2cc496561d6 80/tcp -> 80 -You can get more information about how to write a go template from: -http://golang.org/pkg/text/template/. +You can get more information about how to write a Go template from: +https://golang.org/pkg/text/template/. ## Getting information on an image From 1ef30029b4a57fa3b17a8fe7cd3faa1b738ef3a2 Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Wed, 5 Aug 2015 14:09:08 -0700 Subject: [PATCH 047/398] Add unless-stopped restart policy Fixes #11008 Signed-off-by: Tonis Tiigi --- docker-create.1.md | 2 +- docker-run.1.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-create.1.md b/docker-create.1.md index dd968400c807..689d2d058a8d 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -224,7 +224,7 @@ This value should always larger than **-m**, so you should always use this with Mount the container's root filesystem as read only. **--restart**="no" - Restart policy to apply when a container exits (no, on-failure[:max-retry], always) + Restart policy to apply when a container exits (no, on-failure[:max-retry], always, unless-stopped). **--security-opt**=[] Security Options diff --git a/docker-run.1.md b/docker-run.1.md index d48e41257387..50a5013ee832 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -360,7 +360,7 @@ to write files anywhere. By specifying the `--read-only` flag the container wil its root filesystem mounted as read only prohibiting any writes. **--restart**="no" - Restart policy to apply when a container exits (no, on-failure[:max-retry], always) + Restart policy to apply when a container exits (no, on-failure[:max-retry], always, unless-stopped). **--rm**=*true*|*false* Automatically remove the container when it exits (incompatible with -d). The default is *false*. From 046c14198cba0ac4e5f4a0d2d83c2089365db582 Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Wed, 19 Aug 2015 09:35:52 -0400 Subject: [PATCH 048/398] add -H to SYNOPSIS man-history Signed-off-by: Sally O'Malley --- docker-history.1.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker-history.1.md b/docker-history.1.md index 268e378d0609..247d6503ee31 100644 --- a/docker-history.1.md +++ b/docker-history.1.md @@ -7,6 +7,7 @@ docker-history - Show the history of an image # SYNOPSIS **docker history** [**--help**] +[**-H**|**--human**[=*true*]] [**--no-trunc**[=*false*]] [**-q**|**--quiet**[=*false*]] IMAGE @@ -19,7 +20,7 @@ Show the history of when and how an image was created. **--help** Print usage statement -**-H**. **--human**=*true*|*false* +**-H**, **--human**=*true*|*false* Print sizes and dates in human readable format. The default is *true*. **--no-trunc**=*true*|*false* From 6fa8f155c07a0a04fdcf986af9f607b0fdfb2480 Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Wed, 19 Aug 2015 09:59:44 -0400 Subject: [PATCH 049/398] fix format man-commit Signed-off-by: Sally O'Malley --- docker-commit.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-commit.1.md b/docker-commit.1.md index 329bc0c66302..b17b37c6bc46 100644 --- a/docker-commit.1.md +++ b/docker-commit.1.md @@ -8,7 +8,7 @@ docker-commit - Create a new image from a container's changes **docker commit** [**-a**|**--author**[=*AUTHOR*]] [**--help**] -[**-c**|**--change**[= []**]] +[**-c**|**--change**[=\[*DOCKERFILE INSTRUCTIONS*\]]] [**-m**|**--message**[=*MESSAGE*]] [**-p**|**--pause**[=*true*]] CONTAINER [REPOSITORY[:TAG]] From 946dd14544ed3693ff1703f034b12bbd6ad8eae4 Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Wed, 19 Aug 2015 23:56:55 +0800 Subject: [PATCH 050/398] Add support for kernel memory limit Signed-off-by: Qiang Huang --- docker-create.1.md | 10 ++++++++++ docker-run.1.md | 10 ++++++++++ 2 files changed, 20 insertions(+) diff --git a/docker-create.1.md b/docker-create.1.md index 689d2d058a8d..1fe92c59e2b6 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -30,6 +30,7 @@ docker-create - Create a new container [**--help**] [**-i**|**--interactive**[=*false*]] [**--ipc**[=*IPC*]] +[**--kernel-memory**[=*KERNEL-MEMORY*]] [**-l**|**--label**[=*[]*]] [**--label-file**[=*[]*]] [**--link**[=*[]*]] @@ -148,6 +149,15 @@ two memory nodes. 'container:': reuses another container shared memory, semaphores and message queues 'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. +**--kernel-memory**="" + Kernel memory limit (format: `[]`, where unit = b, k, m or g) + + Constrains the kernel memory available to a container. If a limit of 0 +is specified (not using `--kernel-memory`), the container's kernel memory +is not limited. If you specify a limit, it may be rounded up to a multiple +of the operating system's page size and the value can be very large, +millions of trillions. + **-l**, **--label**=[] Adds metadata to a container (e.g., --label=com.example.key=value) diff --git a/docker-run.1.md b/docker-run.1.md index 50a5013ee832..89b45005a79f 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -31,6 +31,7 @@ docker-run - Run a command in a new container [**--help**] [**-i**|**--interactive**[=*false*]] [**--ipc**[=*IPC*]] +[**--kernel-memory**[=*KERNEL-MEMORY*]] [**-l**|**--label**[=*[]*]] [**--label-file**[=*[]*]] [**--link**[=*[]*]] @@ -242,6 +243,15 @@ ENTRYPOINT. **-l**, **--label**=[] Set metadata on the container (e.g., --label com.example.key=value) +**--kernel-memory**="" + Kernel memory limit (format: `[]`, where unit = b, k, m or g) + + Constrains the kernel memory available to a container. If a limit of 0 +is specified (not using `--kernel-memory`), the container's kernel memory +is not limited. If you specify a limit, it may be rounded up to a multiple +of the operating system's page size and the value can be very large, +millions of trillions. + **--label-file**=[] Read in a line delimited file of labels From c9dacd458440e18dcc6f9027b630f72e4a581331 Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Fri, 21 Aug 2015 21:29:52 -0700 Subject: [PATCH 051/398] Change all optional unit to [unit] As suggested before, we should change every signal one. Signed-off-by: Qiang Huang --- docker-create.1.md | 4 ++-- docker-run.1.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docker-create.1.md b/docker-create.1.md index 1fe92c59e2b6..13ea642441aa 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -179,7 +179,7 @@ millions of trillions. (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" **-m**, **--memory**="" - Memory limit (format: , where unit = b, k, m or g) + Memory limit (format: [], where unit = b, k, m or g) Allows you to constrain the memory available to a container. If the host supports swap memory, then the **-m** memory setting can be larger than physical @@ -193,7 +193,7 @@ system's page size (the value would be very large, that's millions of trillions) **--memory-swap**="" Total memory limit (memory + swap) - Set `-1` to disable swap (format: , where unit = b, k, m or g). + Set `-1` to disable swap (format: [], where unit = b, k, m or g). This value should always larger than **-m**, so you should always use this with **-m**. **--memory-swappiness**="" diff --git a/docker-run.1.md b/docker-run.1.md index 89b45005a79f..7fb9d0f162cd 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -276,7 +276,7 @@ which interface and port to use. Logging driver specific options. **-m**, **--memory**="" - Memory limit (format: , where unit = b, k, m or g) + Memory limit (format: [], where unit = b, k, m or g) Allows you to constrain the memory available to a container. If the host supports swap memory, then the **-m** memory setting can be larger than physical @@ -287,7 +287,7 @@ system's page size (the value would be very large, that's millions of trillions) **--memory-swap**="" Total memory limit (memory + swap) - Set `-1` to disable swap (format: , where unit = b, k, m or g). + Set `-1` to disable swap (format: [], where unit = b, k, m or g). This value should always larger than **-m**, so you should always use this with **-m**. **--mac-address**="" From 91e1440db45bb698d1f7f2b7aa65a662042776b2 Mon Sep 17 00:00:00 2001 From: Taylor Jones Date: Thu, 20 Aug 2015 04:01:50 +0000 Subject: [PATCH 052/398] adding message option to the import subcommand Signed-off-by: Taylor Jones --- docker-import.1.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docker-import.1.md b/docker-import.1.md index 5ac686677b24..b812b8306856 100644 --- a/docker-import.1.md +++ b/docker-import.1.md @@ -7,6 +7,7 @@ docker-import - Create an empty filesystem image and import the contents of the # SYNOPSIS **docker import** [**-c**|**--change**[= []**]] +[**-m**|**--message**[=*MESSAGE*]] [**--help**] file|URL|- [REPOSITORY[:TAG]] @@ -15,6 +16,9 @@ file|URL|- [REPOSITORY[:TAG]] Apply specified Dockerfile instructions while importing the image Supported Dockerfile instructions: `CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR` +**-m**, **--message**="" + Set commit message for imported image + # DESCRIPTION Create a new filesystem image from the contents of a tarball (`.tar`, `.tar.gz`, `.tgz`, `.bzip`, `.tar.xz`, `.txz`) into it, then optionally tag it. @@ -35,6 +39,10 @@ Import to docker via pipe and stdin: # cat exampleimage.tgz | docker import - example/imagelocal +Import with a commit message + + # cat exampleimage.tgz | docker import --message "New image imported from tarball" - exampleimagelocal:new + Import to a Docker image from a local file. # docker import /path/to/exampleimage.tgz From e20be90b807e8638e987659c32879ff24447e8bb Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Fri, 12 Jun 2015 09:25:32 -0400 Subject: [PATCH 053/398] Add volume API/CLI Signed-off-by: Brian Goff --- docker-volume-create.1.md | 51 ++++++++++++++++++++++++++++++++++++++ docker-volume-inspect.1.md | 26 +++++++++++++++++++ docker-volume-ls.1.md | 27 ++++++++++++++++++++ docker-volume-rm.1.md | 24 ++++++++++++++++++ 4 files changed, 128 insertions(+) create mode 100644 docker-volume-create.1.md create mode 100644 docker-volume-inspect.1.md create mode 100644 docker-volume-ls.1.md create mode 100644 docker-volume-rm.1.md diff --git a/docker-volume-create.1.md b/docker-volume-create.1.md new file mode 100644 index 000000000000..37089e4d98d7 --- /dev/null +++ b/docker-volume-create.1.md @@ -0,0 +1,51 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JULY 2015 +# NAME +docker-volume-create - Create a new volume + +# SYNOPSIS +**docker volume create** +[**-d**|**--driver**[=*local*]] +[**--name**[=**]] +[**-o**|**--opt**[=**]] + +[OPTIONS] + +# DESCRIPTION + +Creates a new volume that containers can consume and store data in. If a name is not specified, Docker generates a random name. You create a volume and then configure the container to use it, for example: + + ``` + $ docker volume create --name hello + hello + $ docker run -d -v hello:/world busybox ls /world + ``` + +The mount is created inside the container's `/src` directory. Docker doesn't not support relative paths for mount points inside the container. + +Multiple containers can use the same volume in the same time period. This is useful if two containers need access to shared data. For example, if one container writes and the other reads the data. + +## Driver specific options + +Some volume drivers may take options to customize the volume creation. Use the `-o` or `--opt` flags to pass driver options: + + ``` + $ docker volume create --driver fake --opt tardis=blue --opt timey=wimey + ``` + +These options are passed directly to the volume driver. Options for +different volume drivers may do different things (or nothing at all). + +*Note*: The built-in `local` volume driver does not currently accept any options. + +# OPTIONS +**-d**, **--driver**=[] + Specify volume driver name +**--name**="" + Specify volume name +**-o**, **--opt**=map[] + Set driver specific options + +# HISTORY +July 2015, created by Brian Goff diff --git a/docker-volume-inspect.1.md b/docker-volume-inspect.1.md new file mode 100644 index 000000000000..cc9d753bdb94 --- /dev/null +++ b/docker-volume-inspect.1.md @@ -0,0 +1,26 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JULY 2015 +# NAME +docker-volume-inspect - Get low-level information about a volume + +# SYNOPSIS +**docker volume inspect** +[**-f**|**--format**[=**]] + +[OPTIONS] [VOLUME NAME] + +# DESCRIPTION + +Returns information about a volume. By default, this command renders all results +in a JSON array. You can specify an alternate format to execute a given template +is executed for each result. Go's +http://golang.org/pkg/text/template/ package describes all the details of the +format. + +# OPTIONS +**-f**, **--format**="" + Format the output using the given go template. + +# HISTORY +July 2015, created by Brian Goff diff --git a/docker-volume-ls.1.md b/docker-volume-ls.1.md new file mode 100644 index 000000000000..785fd62550c3 --- /dev/null +++ b/docker-volume-ls.1.md @@ -0,0 +1,27 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JULY 2015 +# NAME +docker-volume-ls - List all volumes + +# SYNOPSIS +**docker volume ls** +[**-f**|**--filter**[=**]] +[**-q**|**--quiet**[=**]] + +[OPTIONS] + +# DESCRIPTION + +Lists all the volumes Docker knows about. You can filter using the `-f` or `--filter` flag. The filtering format is a `key=value` pair. To specify more than one filter, pass multiple flags (for example, `--filter "foo=bar" --filter "bif=baz"`) + +There is a single supported filter `dangling=value` which takes a boolean of `true` or `false`. + +# OPTIONS +**-f**, **--filter**="" + Provide filter values (i.e. 'dangling=true') +**-q**, **--quiet**=false + Only display volume names + +# HISTORY +July 2015, created by Brian Goff diff --git a/docker-volume-rm.1.md b/docker-volume-rm.1.md new file mode 100644 index 000000000000..ff7c6d316828 --- /dev/null +++ b/docker-volume-rm.1.md @@ -0,0 +1,24 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JULY 2015 +# NAME +docker-volume-rm - Remove a volume + +# SYNOPSIS +**docker volume rm** + +[OPTIONS] [VOLUME NAME] + +# DESCRIPTION + +Removes a volume. You cannot remove a volume that is in use by a container. + + ``` + $ docker volume rm hello + hello + ``` + +# OPTIONS + +# HISTORY +July 2015, created by Brian Goff From 5bfab44a4c1e183382f57ffa294ddb476e3efb74 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Thu, 20 Aug 2015 09:57:15 +0200 Subject: [PATCH 054/398] Add 'ancestor' ps filter for image Makes it possible to filter containers by image, using --filter=ancestor=busybox and get all the container running busybox image and image based on busybox (to the bottom). Signed-off-by: Vincent Demeester --- docker-ps.1.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-ps.1.md b/docker-ps.1.md index 0fdf7ccc9384..5e21926d7368 100644 --- a/docker-ps.1.md +++ b/docker-ps.1.md @@ -41,6 +41,8 @@ the running containers. status=(created|restarting|running|paused|exited) name= - container's name id= - container's ID + ancestor=([:tag]||) - filters containers that were + created from the given image or a descendant. **-l**, **--latest**=*true*|*false* Show only the latest created container, include non-running ones. The default is *false*. From 5cedd0747a480b607f24a295b720b409a925bd9e Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Wed, 2 Sep 2015 14:01:25 +0200 Subject: [PATCH 055/398] Remove PortMapping from container NetworkSettings Signed-off-by: Antonio Murdaca --- docker-inspect.1.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docker-inspect.1.md b/docker-inspect.1.md index 5aaa1ca83a17..a1bbb317a914 100644 --- a/docker-inspect.1.md +++ b/docker-inspect.1.md @@ -79,7 +79,6 @@ To get information on a container use its ID or instance name: "LinkLocalIPv6PrefixLen": 0, "MacAddress": "", "NetworkID": "", - "PortMapping": null, "Ports": null, "SandboxKey": "", "SecondaryIPAddresses": null, From 85351bbe1f1be29aa45a221d6ede06d46030db88 Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Thu, 3 Sep 2015 05:49:19 -0400 Subject: [PATCH 056/398] man Dockerfile ADD/COPY/FROM clarify Signed-off-by: Sally O'Malley --- Dockerfile.5.md | 37 ++++++++++++++++++++++++++++--------- 1 file changed, 28 insertions(+), 9 deletions(-) diff --git a/Dockerfile.5.md b/Dockerfile.5.md index b4ef771a45e4..0b188ac33058 100644 --- a/Dockerfile.5.md +++ b/Dockerfile.5.md @@ -58,6 +58,8 @@ A Dockerfile is similar to a Makefile. `FROM image:tag` + `FROM image@digest` + -- The **FROM** instruction sets the base image for subsequent instructions. A valid Dockerfile must have **FROM** as its first instruction. The image can be any valid image. It is easy to start by pulling an image from the public @@ -72,8 +74,12 @@ A Dockerfile is similar to a Makefile. -- If no tag is given to the **FROM** instruction, Docker applies the `latest` tag. If the used tag does not exist, an error is returned. + -- If no digest is given to the **FROM** instruction, Docker applies the + `latest` tag. If the used tag does not exist, an error is returned. + **MAINTAINER** -- **MAINTAINER** sets the Author field for the generated images. + Useful for providing users with an email or url for support. **RUN** -- **RUN** has two forms: @@ -114,7 +120,7 @@ A Dockerfile is similar to a Makefile. CMD command param1 param2 ``` - -- There can be only one **CMD** in a Dockerfile. If more than one **CMD** is listed, only + -- There should be only one **CMD** in a Dockerfile. If more than one **CMD** is listed, only the last **CMD** takes effect. The main purpose of a **CMD** is to provide defaults for an executing container. These defaults may include an executable, or they can omit the executable. If @@ -150,13 +156,20 @@ A Dockerfile is similar to a Makefile. the image. **LABEL** - -- `LABEL [=] [[=] ...]` + -- `LABEL [=] [[=] ...]`or + ``` + LABEL [ ] + LABEL [ ] + ... + ``` The **LABEL** instruction adds metadata to an image. A **LABEL** is a key-value pair. To include spaces within a **LABEL** value, use quotes and backslashes as you would in command-line parsing. ``` - LABEL "com.example.vendor"="ACME Incorporated" + LABEL com.example.vendor="ACME Incorporated" + or + LABEL com.example.vendor "ACME Incorporated" ``` An image can have more than one label. To specify multiple labels, separate @@ -179,7 +192,7 @@ A Dockerfile is similar to a Makefile. -- `ENV ` The **ENV** instruction sets the environment variable to the value ``. This value is passed to all future - RUN, **ENTRYPOINT**, and **CMD** instructions. This is + **RUN**, **ENTRYPOINT**, and **CMD** instructions. This is functionally equivalent to prefixing the command with `=`. The environment variables that are set with **ENV** persist when a container is run from the resulting image. Use `docker inspect` to inspect these values, and @@ -205,8 +218,11 @@ A Dockerfile is similar to a Makefile. then they must be relative to the source directory that is being built (the context of the build). The `` is the absolute path, or path relative to **WORKDIR**, into which the source is copied inside the target container. - All new files and directories are created with mode 0755 and with the uid - and gid of **0**. + If the `` argument is a local file in a recognized compression format + (tar, gzip, bzip2, etc) then it is unpacked at the specified `` in the + container's filesystem. Note that only local compressed files will be unpacked, + i.e., the URL download and archive unpacking features cannot be used together. + All new directories are created with mode 0755 and with the uid and gid of **0**. **COPY** -- **COPY** has two forms: @@ -223,8 +239,10 @@ A Dockerfile is similar to a Makefile. the path to a file or directory relative to the source directory that is being built (the context of the build) or a remote file URL. The `` is an absolute path, or a path relative to **WORKDIR**, into which the source will - be copied inside the target container. All new files and directories are - created with mode **0755** and with the uid and gid of **0**. + be copied inside the target container. If you **COPY** an archive file it will + land in the container exactly as it appears in the build context without any + attempt to unpack it. All new files and directories are created with mode **0755** + and with the uid and gid of **0**. **ENTRYPOINT** -- **ENTRYPOINT** has two forms: @@ -241,7 +259,7 @@ A Dockerfile is similar to a Makefile. container that can be run as an executable. When you specify an **ENTRYPOINT**, the whole container runs as if it was only that executable. The **ENTRYPOINT** instruction adds an entry command that is not overwritten when arguments are - passed to docker run. This is different from the behavior of CMD. This allows + passed to docker run. This is different from the behavior of **CMD**. This allows arguments to be passed to the entrypoint, for instance `docker run -d` passes the -d argument to the **ENTRYPOINT**. Specify parameters either in the **ENTRYPOINT** JSON array (as in the preferred exec form above), or by using a **CMD** @@ -327,3 +345,4 @@ A Dockerfile is similar to a Makefile. # HISTORY *May 2014, Compiled by Zac Dover (zdover at redhat dot com) based on docker.com Dockerfile documentation. *Feb 2015, updated by Brian Goff (cpuguy83@gmail.com) for readability +*Sept 2015, updated by Sally O'Malley (somalley@redhat.com) From 47a643791b8ade9542df28718c973140122651d1 Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Thu, 3 Sep 2015 14:10:41 -0400 Subject: [PATCH 057/398] clarify --insecure-registry in man docker Signed-off-by: Sally O'Malley --- docker.1.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docker.1.md b/docker.1.md index 20983f494c79..d6bba74eecbc 100644 --- a/docker.1.md +++ b/docker.1.md @@ -90,7 +90,11 @@ unix://[/path/to/socket] to use. Allow unrestricted inter\-container and Docker daemon host communication. If disabled, containers can still be linked together using **--link** option (see **docker-run(1)**). Default is true. **--insecure-registry**=[] - Enable insecure registry communication. + Enable insecure registry communication, i.e., enable un-encrypted and/or untrusted communication. + + List of insecure registries can contain an element with CIDR notation to specify a whole subnet. Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs. + + Enabling `--insecure-registry` is useful when running a local registry. However, because its use creates security vulnerabilities it should ONLY be enabled for testing purposes. For increased security, users should add their CA to their system's list of trusted CAs instead of using `--insecure-registry`. **--ip**="" Default IP address to use when binding container ports. Default is `0.0.0.0`. From de75a81418d1319eb6fb346dfb025149d376cf2d Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Thu, 3 Sep 2015 12:15:08 -0400 Subject: [PATCH 058/398] man docker-tag minor fixup Signed-off-by: Sally O'Malley --- docker-tag.1.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/docker-tag.1.md b/docker-tag.1.md index 1a4a4a145dde..ed4bffadb6d6 100644 --- a/docker-tag.1.md +++ b/docker-tag.1.md @@ -21,7 +21,10 @@ registry located at `registry-1.docker.io` by default. **-f**, **--force**=*true*|*false* When set to true, force the alias. The default is *false*. -**REGISTRYHOST** +**--help** + Print usage statement. + +**REGISTRY_HOST** The hostname of the registry if required. This may also include the port separated by a ':' @@ -37,10 +40,6 @@ recommended to be used for a version to distinguish images with the same name. Also, for consistency tags should only include a-z0-9-_. . Note that here TAG is a part of the overall name or "tag". -# OPTIONS -**-f**, **--force**=*true*|*false* - Force. The default is *false*. - # EXAMPLES ## Giving an image a new alias From bde1677f395637d02021c450e1a42c0d8e1cb23f Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Fri, 4 Sep 2015 16:14:58 -0400 Subject: [PATCH 059/398] correct man docker-pull Signed-off-by: Sally O'Malley --- docker-pull.1.md | 35 ++++++++++++++++++++++++++--------- 1 file changed, 26 insertions(+), 9 deletions(-) diff --git a/docker-pull.1.md b/docker-pull.1.md index 5a2cd83ecf92..c4359fbdadc9 100644 --- a/docker-pull.1.md +++ b/docker-pull.1.md @@ -14,8 +14,9 @@ NAME[:TAG] | [REGISTRY_HOST[:REGISTRY_PORT]/]NAME[:TAG] This command pulls down an image or a repository from a registry. If there is more than one image for a repository (e.g., fedora) then all -images for that repository name are pulled down including any tags. - +images for that repository name can be pulled down including any tags +(see the option **-a** or **--all-tags**). + If you do not specify a `REGISTRY_HOST`, the command uses Docker's public registry located at `registry-1.docker.io` by default. @@ -28,11 +29,11 @@ registry located at `registry-1.docker.io` by default. # EXAMPLE -# Pull a repository with multiple images -# Note that if the image is previously downloaded then the status would be -# 'Status: Image is up to date for fedora' +## Pull a repository with multiple images with the -a|--all-tags option set to true. +Note that if the image is previously downloaded then the status would be +`Status: Image is up to date for fedora`. - $ docker pull fedora + $ docker pull --all-tags fedora Pulling repository fedora ad57ef8d78d7: Download complete 105182bb5e8b: Download complete @@ -48,9 +49,24 @@ registry located at `registry-1.docker.io` by default. fedora heisenbug 105182bb5e8b 5 days ago 372.7 MB fedora latest 105182bb5e8b 5 days ago 372.7 MB -# Pull an image, manually specifying path to Docker's public registry and tag -# Note that if the image is previously downloaded then the status would be -# 'Status: Image is up to date for registry.hub.docker.com/fedora:20' +## Pull a repository with the -a|--all-tags option set to false (this is the default). + + $ docker pull debian + Using default tag: latest + latest: Pulling from library/debian + 2c49f83e0b13: Pull complete + 4a5e6db8c069: Pull complete + + Status: Downloaded newer image for debian:latest + + $ docker images + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + debian latest 4a5e6db8c069 5 days ago 125.1 MB + + +## Pull an image, manually specifying path to Docker's public registry and tag +Note that if the image is previously downloaded then the status would be +`Status: Image is up to date for registry.hub.docker.com/fedora:20` $ docker pull registry.hub.docker.com/fedora:20 Pulling repository fedora @@ -72,3 +88,4 @@ June 2014, updated by Sven Dowideit August 2014, updated by Sven Dowideit April 2015, updated by John Willis April 2015, updated by Mary Anthony for v2 +September 2015, updated by Sally O'Malley From 64c47352e95271f7383135726fa71e9db63a0bea Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 8 Sep 2015 09:02:16 -0700 Subject: [PATCH 060/398] Fix usage for `docker volume inspect` and `docker volume rm` For both commands, volume is _not_ optional. Several volumes may be specified. Both commands now use the same name (VOLUME) for the command argument. Signed-off-by: Harald Albers --- docker-volume-inspect.1.md | 4 ++-- docker-volume-rm.1.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docker-volume-inspect.1.md b/docker-volume-inspect.1.md index cc9d753bdb94..afba3e6aca9e 100644 --- a/docker-volume-inspect.1.md +++ b/docker-volume-inspect.1.md @@ -8,11 +8,11 @@ docker-volume-inspect - Get low-level information about a volume **docker volume inspect** [**-f**|**--format**[=**]] -[OPTIONS] [VOLUME NAME] +[OPTIONS] VOLUME [VOLUME...] # DESCRIPTION -Returns information about a volume. By default, this command renders all results +Returns information about one or more volumes. By default, this command renders all results in a JSON array. You can specify an alternate format to execute a given template is executed for each result. Go's http://golang.org/pkg/text/template/ package describes all the details of the diff --git a/docker-volume-rm.1.md b/docker-volume-rm.1.md index ff7c6d316828..a1d519012fe2 100644 --- a/docker-volume-rm.1.md +++ b/docker-volume-rm.1.md @@ -7,11 +7,11 @@ docker-volume-rm - Remove a volume # SYNOPSIS **docker volume rm** -[OPTIONS] [VOLUME NAME] +[OPTIONS] VOLUME [VOLUME...] # DESCRIPTION -Removes a volume. You cannot remove a volume that is in use by a container. +Removes one or more volumes. You cannot remove a volume that is in use by a container. ``` $ docker volume rm hello From 910671f1a09edaeb41665a99bb5dc00ace7bb879 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 9 Sep 2015 17:45:28 +0200 Subject: [PATCH 061/398] update docker volume man pages - added --help option - fixed several formatting problems Also added --help to volume inspect reference page. Signed-off-by: Harald Albers --- docker-volume-create.1.md | 20 ++++++++++++-------- docker-volume-inspect.1.md | 11 +++++++---- docker-volume-ls.1.md | 13 ++++++++----- docker-volume-rm.1.md | 14 ++++++++------ 4 files changed, 35 insertions(+), 23 deletions(-) diff --git a/docker-volume-create.1.md b/docker-volume-create.1.md index 37089e4d98d7..b0cb10cbee9f 100644 --- a/docker-volume-create.1.md +++ b/docker-volume-create.1.md @@ -6,11 +6,10 @@ docker-volume-create - Create a new volume # SYNOPSIS **docker volume create** -[**-d**|**--driver**[=*local*]] -[**--name**[=**]] -[**-o**|**--opt**[=**]] - -[OPTIONS] +[**-d**|**--driver**[=*DRIVER*]] +[**--help**] +[**--name**[=*NAME*]] +[**-o**|**--opt**[=*[]*]] # DESCRIPTION @@ -40,11 +39,16 @@ different volume drivers may do different things (or nothing at all). *Note*: The built-in `local` volume driver does not currently accept any options. # OPTIONS -**-d**, **--driver**=[] - Specify volume driver name +**-d**, **--driver**="local" + Specify volume driver name + +**--help** + Print usage statement + **--name**="" Specify volume name -**-o**, **--opt**=map[] + +**-o**, **--opt**=[] Set driver specific options # HISTORY diff --git a/docker-volume-inspect.1.md b/docker-volume-inspect.1.md index afba3e6aca9e..6097e96e1305 100644 --- a/docker-volume-inspect.1.md +++ b/docker-volume-inspect.1.md @@ -6,9 +6,9 @@ docker-volume-inspect - Get low-level information about a volume # SYNOPSIS **docker volume inspect** -[**-f**|**--format**[=**]] - -[OPTIONS] VOLUME [VOLUME...] +[**-f**|**--format**[=*FORMAT*]] +[**--help**] +VOLUME [VOLUME...] # DESCRIPTION @@ -20,7 +20,10 @@ format. # OPTIONS **-f**, **--format**="" - Format the output using the given go template. + Format the output using the given go template. + +**--help** + Print usage statement # HISTORY July 2015, created by Brian Goff diff --git a/docker-volume-ls.1.md b/docker-volume-ls.1.md index 785fd62550c3..dd79cae8a644 100644 --- a/docker-volume-ls.1.md +++ b/docker-volume-ls.1.md @@ -6,10 +6,9 @@ docker-volume-ls - List all volumes # SYNOPSIS **docker volume ls** -[**-f**|**--filter**[=**]] -[**-q**|**--quiet**[=**]] - -[OPTIONS] +[**-f**|**--filter**[=*FILTER*]] +[**--help**] +[**-q**|**--quiet**[=*true*|*false*]] # DESCRIPTION @@ -19,7 +18,11 @@ There is a single supported filter `dangling=value` which takes a boolean of `tr # OPTIONS **-f**, **--filter**="" - Provide filter values (i.e. 'dangling=true') + Provide filter values (i.e. 'dangling=true') + +**--help** + Print usage statement + **-q**, **--quiet**=false Only display volume names diff --git a/docker-volume-rm.1.md b/docker-volume-rm.1.md index a1d519012fe2..876700d4d426 100644 --- a/docker-volume-rm.1.md +++ b/docker-volume-rm.1.md @@ -6,19 +6,21 @@ docker-volume-rm - Remove a volume # SYNOPSIS **docker volume rm** - -[OPTIONS] VOLUME [VOLUME...] +[**--help**] +VOLUME [VOLUME...] # DESCRIPTION Removes one or more volumes. You cannot remove a volume that is in use by a container. - ``` - $ docker volume rm hello - hello - ``` + ``` + $ docker volume rm hello + hello + ``` # OPTIONS +**--help** + Print usage statement # HISTORY July 2015, created by Brian Goff From 74c0725aa8cc4d64ffab3c31be946611471c3f31 Mon Sep 17 00:00:00 2001 From: Samuel Karp Date: Wed, 5 Aug 2015 00:35:06 +0000 Subject: [PATCH 062/398] Add awslogs driver for Amazon CloudWatch Logs Signed-off-by: Samuel Karp --- docker-create.1.md | 2 +- docker-run.1.md | 2 +- docker.1.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docker-create.1.md b/docker-create.1.md index 13ea642441aa..9385c882be22 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -168,7 +168,7 @@ millions of trillions. Add link to another container in the form of :alias or just in which case the alias will match the name. -**--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*none*" +**--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. **Warning**: `docker logs` command works only for `json-file` logging driver. diff --git a/docker-run.1.md b/docker-run.1.md index 7fb9d0f162cd..0bb339d34e60 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -268,7 +268,7 @@ which interface and port to use. **--lxc-conf**=[] (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" -**--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*none*" +**--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. **Warning**: `docker logs` command works only for `json-file` logging driver. diff --git a/docker.1.md b/docker.1.md index d6bba74eecbc..42410c4d91d1 100644 --- a/docker.1.md +++ b/docker.1.md @@ -119,7 +119,7 @@ unix://[/path/to/socket] to use. **--label**="[]" Set key=value labels to the daemon (displayed in `docker info`) -**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*none*" +**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*none*" Default driver for container logs. Default is `json-file`. **Warning**: `docker logs` command works only for `json-file` logging driver. From 887e822b167d0387916ca2ec55962dc63adafa25 Mon Sep 17 00:00:00 2001 From: David Calavera Date: Tue, 4 Aug 2015 13:51:48 -0700 Subject: [PATCH 063/398] Signal to stop a container. Allow to set the signal to stop a container in `docker run`: - Use `--stop-signal` with docker-run to set the default signal the container will use to exit. Signed-off-by: David Calavera --- docker-create.1.md | 4 ++++ docker-inspect.1.md | 3 ++- docker-run.1.md | 6 +++++- docker-stop.1.md | 2 +- 4 files changed, 12 insertions(+), 3 deletions(-) diff --git a/docker-create.1.md b/docker-create.1.md index 9385c882be22..d040e62b7b23 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -51,6 +51,7 @@ docker-create - Create a new container [**--read-only**[=*false*]] [**--restart**[=*RESTART*]] [**--security-opt**[=*[]*]] +[**--stop-signal**[=*SIGNAL*]] [**-t**|**--tty**[=*false*]] [**-u**|**--user**[=*USER*]] [**--ulimit**[=*[]*]] @@ -239,6 +240,9 @@ This value should always larger than **-m**, so you should always use this with **--security-opt**=[] Security Options +**--stop-signal**=SIGTERM + Signal to stop a container. Default is SIGTERM. + **-t**, **--tty**=*true*|*false* Allocate a pseudo-TTY. The default is *false*. diff --git a/docker-inspect.1.md b/docker-inspect.1.md index a1bbb317a914..e289899bbba5 100644 --- a/docker-inspect.1.md +++ b/docker-inspect.1.md @@ -180,7 +180,8 @@ To get information on a container use its ID or instance name: "Memory": 0, "MemorySwap": 0, "CpuShares": 0, - "Cpuset": "" + "Cpuset": "", + "StopSignal": 15, } } ] diff --git a/docker-run.1.md b/docker-run.1.md index 0bb339d34e60..b37d07b0e9f5 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -53,6 +53,7 @@ docker-run - Run a command in a new container [**--restart**[=*RESTART*]] [**--rm**[=*false*]] [**--security-opt**[=*[]*]] +[**--stop-signal**[=*SIGNAL*]] [**--sig-proxy**[=*true*]] [**-t**|**--tty**[=*false*]] [**-u**|**--user**[=*USER*]] @@ -371,7 +372,7 @@ its root filesystem mounted as read only prohibiting any writes. **--restart**="no" Restart policy to apply when a container exits (no, on-failure[:max-retry], always, unless-stopped). - + **--rm**=*true*|*false* Automatically remove the container when it exits (incompatible with -d). The default is *false*. @@ -384,6 +385,9 @@ its root filesystem mounted as read only prohibiting any writes. "label:level:LEVEL" : Set the label level for the container "label:disable" : Turn off label confinement for the container +**--stop-signal**=SIGTERM + Signal to stop a container. Default is SIGTERM. + **--sig-proxy**=*true*|*false* Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is *true*. diff --git a/docker-stop.1.md b/docker-stop.1.md index 9b882db49d1a..4939070d9751 100644 --- a/docker-stop.1.md +++ b/docker-stop.1.md @@ -19,7 +19,7 @@ Stop a running container (Send SIGTERM, and then SIGKILL after Print usage statement **-t**, **--time**=10 - Number of seconds to wait for the container to stop before killing it. Default is 10 seconds. + Number of seconds to wait for the container to stop before killing it. Default is 10 seconds. #See also **docker-start(1)** to restart a stopped container. From ba6617f6027156104c272c6adf60c5cb04ff6424 Mon Sep 17 00:00:00 2001 From: David Calavera Date: Tue, 18 Aug 2015 10:30:44 -0700 Subject: [PATCH 064/398] Add `STOPSIGNAL` instruction to dockerfiles. This way, images creators can set the exit signal their programs use. Signed-off-by: David Calavera --- docker-inspect.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-inspect.1.md b/docker-inspect.1.md index e289899bbba5..f7faf4a7b26f 100644 --- a/docker-inspect.1.md +++ b/docker-inspect.1.md @@ -181,7 +181,7 @@ To get information on a container use its ID or instance name: "MemorySwap": 0, "CpuShares": 0, "Cpuset": "", - "StopSignal": 15, + "StopSignal": "SIGTERM" } } ] From b0aaff4a7ef58bcb1fb65fadb50bcc77c0caafd3 Mon Sep 17 00:00:00 2001 From: xlgao-zju Date: Sun, 6 Sep 2015 11:09:29 +0800 Subject: [PATCH 065/398] fix doc about vol Signed-off-by: xlgao-zju --- docker-run.1.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/docker-run.1.md b/docker-run.1.md index b37d07b0e9f5..bece7edfb7e3 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -439,7 +439,20 @@ content label. Shared volume labels allow all containers to read/write content. The `Z` option tells Docker to label the content with a private unshared label. Only the current container can use a private volume. -Note: Multiple Volume options can be added separated by a "," +The `container-dir` must always be an absolute path such as `/src/docs`. +The `host-dir` can either be an absolute path or a `name` value. If you +supply an absolute path for the `host-dir`, Docker bind-mounts to the path +you specify. If you supply a `name`, Docker creates a named volume by that `name`. + +A `name` value must start with start with an alphanumeric character, +followed by `a-z0-9`, `_` (underscore), `.` (period) or `-` (hyphen). +An absolute path starts with a `/` (forward slash). + +For example, you can specify either `/foo` or `foo` for a `host-dir` value. +If you supply the `/foo` value, Docker creates a bind-mount. If you supply +the `foo` specification, Docker creates a named volume. + +**Note:** Multiple Volume options can be added separated by a , (comma). **--volumes-from**=[] Mount volumes from the specified container(s) From 0b2a0c0ff2877362fc1f1e80d3d3d2857381ea72 Mon Sep 17 00:00:00 2001 From: Jana Radhakrishnan Date: Fri, 24 Jul 2015 14:32:30 -0700 Subject: [PATCH 066/398] Make daemon to start with no userlandproxy by default This PR makes a user visible behavior change with userland proxy disabled by default and rely on hairpin NAT to be enabled by default. This may not work in older (unsupported) kernels where the user will be forced to enable userlandproxy if needed. - Updated the Docs - Changed the integration-cli to start with userlandproxy desiabled by default. Signed-off-by: Jana Radhakrishnan --- docker.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker.1.md b/docker.1.md index 42410c4d91d1..2d001138f2bf 100644 --- a/docker.1.md +++ b/docker.1.md @@ -161,7 +161,7 @@ unix://[/path/to/socket] to use. Default is false. **--userland-proxy**=*true*|*false* - Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is true. + Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is false. **-v**, **--version**=*true*|*false* Print version information and quit. Default is false. From 2d050b1417c94b3ed10866ecc1c4d555605c4348 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Thu, 23 Jul 2015 11:02:56 -0400 Subject: [PATCH 067/398] Add log reading to the journald log driver If a logdriver doesn't register a callback function to validate log options, it won't be usable. Fix the journald driver by adding a dummy validator. Teach the client and the daemon's "logs" logic that the server can also supply "logs" data via the "journald" driver. Update documentation and tests that depend on error messages. Add support for reading log data from the systemd journal to the journald log driver. The internal logic uses a goroutine to scan the journal for matching entries after any specified cutoff time, formats the messages from those entries as JSONLog messages, and stuffs the results down a pipe whose reading end we hand back to the caller. If we are missing any of the 'linux', 'cgo', or 'journald' build tags, however, we don't implement a reader, so the 'logs' endpoint will still return an error. Make the necessary changes to the build setup to ensure that support for reading container logs from the systemd journal is built. Rename the Jmap member of the journald logdriver's struct to "vars" to make it non-public, and to make it easier to tell that it's just there to hold additional variable values that we want journald to record along with log data that we're sending to it. In the client, don't assume that we know which logdrivers the server implements, and remove the check that looks at the server. It's redundant because the server already knows, and the check also makes using older clients with newer servers (which may have new logdrivers in them) unnecessarily hard. When we try to "logs" and have to report that the container's logdriver doesn't support reading, send the error message through the might-be-a-multiplexer so that clients which are expecting multiplexed data will be able to properly display the error, instead of tripping over the data and printing a less helpful "Unrecognized input header" error. Signed-off-by: Nalin Dahyabhai (github: nalind) --- docker-create.1.md | 3 ++- docker-logs.1.md | 3 ++- docker-run.1.md | 3 ++- docker.1.md | 3 ++- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/docker-create.1.md b/docker-create.1.md index d040e62b7b23..21f411a716ad 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -171,7 +171,8 @@ millions of trillions. **--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. - **Warning**: `docker logs` command works only for `json-file` logging driver. + **Warning**: the `docker logs` command works only for the `json-file` and + `journald` logging drivers. **--log-opt**=[] Logging driver specific options. diff --git a/docker-logs.1.md b/docker-logs.1.md index 8ecc20df2438..2925c3500982 100644 --- a/docker-logs.1.md +++ b/docker-logs.1.md @@ -23,7 +23,8 @@ The **docker logs --follow** command combines commands **docker logs** and **docker attach**. It will first return all logs from the beginning and then continue streaming new output from the container’s stdout and stderr. -**Warning**: This command works only for **json-file** logging driver. +**Warning**: This command works only for the **json-file** or **journald** +logging drivers. # OPTIONS **--help** diff --git a/docker-run.1.md b/docker-run.1.md index bece7edfb7e3..532f943f71b5 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -271,7 +271,8 @@ which interface and port to use. **--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. - **Warning**: `docker logs` command works only for `json-file` logging driver. + **Warning**: the `docker logs` command works only for the `json-file` and + `journald` logging drivers. **--log-opt**=[] Logging driver specific options. diff --git a/docker.1.md b/docker.1.md index 2d001138f2bf..b5b93ba4b5a7 100644 --- a/docker.1.md +++ b/docker.1.md @@ -121,7 +121,8 @@ unix://[/path/to/socket] to use. **--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*none*" Default driver for container logs. Default is `json-file`. - **Warning**: `docker logs` command works only for `json-file` logging driver. + **Warning**: the `docker logs` command works only for the `json-file` and + `journald` logging drivers. **--log-opt**=[] Logging driver specific options. From 3037725cb29a9fdc85145304d031c66e412e86ce Mon Sep 17 00:00:00 2001 From: Bill W Date: Tue, 15 Sep 2015 11:47:16 +1000 Subject: [PATCH 068/398] typo Signed-off-by: Bill Wang --- docker-cp.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-cp.1.md b/docker-cp.1.md index fe1cd9c9cc60..7b56957579c6 100644 --- a/docker-cp.1.md +++ b/docker-cp.1.md @@ -57,7 +57,7 @@ argument of `DST_PATH`, the behavior is as follows: - `DST_PATH` exists and is a directory - `SRC_PATH` does not end with `/.` - the source directory is copied into this directory - - `SRC_PAPTH` does end with `/.` + - `SRC_PATH` does end with `/.` - the *content* of the source directory is copied into this directory From 76e741db9eebde80dc34f6c1a0b6e91b21bd8a1f Mon Sep 17 00:00:00 2001 From: Mike Brown Date: Mon, 14 Sep 2015 16:10:33 -0500 Subject: [PATCH 069/398] updates to readme documents for manual page Signed-off-by: Mike Brown --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index ca964026e815..922bc3cc7463 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,8 @@ environment. This uses `go-md2man`, a pure Go Markdown to man page generator. ## Building the md2man image -There is a `Dockerfile` provided in the `docker/man` directory. +There is a `Dockerfile` provided in the `/man` directory of your +'docker/docker' fork. Using this `Dockerfile`, create a Docker image tagged `docker/md2man`: @@ -21,13 +22,12 @@ Using this `Dockerfile`, create a Docker image tagged `docker/md2man`: ## Utilizing the image -Once the image is built, run a container using the image with *volumes*: - - docker run -v //docker/man:/docs:rw \ - -w /docs -i docker/md2man /docs/md2man-all.sh +From within the `/man` directory run the following command: + docker run -v $(pwd):/man -w /man -i docker/md2man ./md2man-all.sh + The `md2man` Docker container will process the Markdown files and generate -the man pages inside the `docker/man/man1` directory using +the man pages inside the `/man/man1` directory of your fork using Docker volumes. For more information on Docker volumes see the man page for `docker run` and also look at the article [Sharing Directories via Volumes] (https://docs.docker.com/use/working_with_volumes/). From 34a8be58e31a85bc098336090092b323152cbc33 Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Wed, 16 Sep 2015 09:55:14 -0700 Subject: [PATCH 070/398] Revert "Make daemon to start with no userlandproxy by default" This reverts commit bf2b8ec8165468d7454f6bd86f4a78e7e8b58d8e. Signed-off-by: Jessica Frazelle --- docker.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker.1.md b/docker.1.md index b5b93ba4b5a7..50c9baa20771 100644 --- a/docker.1.md +++ b/docker.1.md @@ -162,7 +162,7 @@ unix://[/path/to/socket] to use. Default is false. **--userland-proxy**=*true*|*false* - Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is false. + Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is true. **-v**, **--version**=*true*|*false* Print version information and quit. Default is false. From 7191ea559023f425ea62177ec7328c1a61d0f5db Mon Sep 17 00:00:00 2001 From: Tim Hockin Date: Mon, 31 Aug 2015 11:47:25 -0700 Subject: [PATCH 071/398] Add support for DNS options Signed-off-by: Tim Hockin --- docker-create.1.md | 4 ++++ docker-inspect.1.md | 1 + docker-run.1.md | 4 ++++ docker.1.md | 3 +++ 4 files changed, 12 insertions(+) diff --git a/docker-create.1.md b/docker-create.1.md index 21f411a716ad..e82ac3381c35 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -21,6 +21,7 @@ docker-create - Create a new container [**--device**[=*[]*]] [**--dns**[=*[]*]] [**--dns-search**[=*[]*]] +[**--dns-opt**[=*[]*]] [**-e**|**--env**[=*[]*]] [**--entrypoint**[=*ENTRYPOINT*]] [**--env-file**[=*[]*]] @@ -118,6 +119,9 @@ two memory nodes. **--dns**=[] Set custom DNS servers +**--dns-opt**=[] + Set custom DNS options + **--dns-search**=[] Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) diff --git a/docker-inspect.1.md b/docker-inspect.1.md index f7faf4a7b26f..3d1db2ed3ecb 100644 --- a/docker-inspect.1.md +++ b/docker-inspect.1.md @@ -123,6 +123,7 @@ To get information on a container use its ID or instance name: "PublishAllPorts": false, "Dns": null, "DnsSearch": null, + "DnsOptions": null, "ExtraHosts": null, "VolumesFrom": null, "Devices": [], diff --git a/docker-run.1.md b/docker-run.1.md index 532f943f71b5..ebb65d71c735 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -21,6 +21,7 @@ docker-run - Run a command in a new container [**-d**|**--detach**[=*false*]] [**--device**[=*[]*]] [**--dns**[=*[]*]] +[**--dns-opt**[=*[]*]] [**--dns-search**[=*[]*]] [**-e**|**--env**[=*[]*]] [**--entrypoint**[=*ENTRYPOINT*]] @@ -185,6 +186,9 @@ stopping the process by pressing the keys CTRL-P CTRL-Q. **--dns-search**=[] Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) +**--dns-opt**=[] + Set custom DNS options + **--dns**=[] Set custom DNS servers diff --git a/docker.1.md b/docker.1.md index 50c9baa20771..17b92849bf2c 100644 --- a/docker.1.md +++ b/docker.1.md @@ -56,6 +56,9 @@ To see the man page for a command run **man docker **. **--dns**="" Force Docker to use specific DNS servers +**--dns-opt**=[] + DNS options to use. + **--dns-search**=[] DNS search domains to use. From a0d94211eb1b82876da35280bc9c85475c4b5dcc Mon Sep 17 00:00:00 2001 From: Madhav Puri Date: Fri, 14 Nov 2014 10:59:14 -0800 Subject: [PATCH 072/398] Support for passing build-time variables in build context - The build-time variables are passed as environment-context for command(s) run as part of the RUN primitve. These variables are not persisted in environment of intermediate and final images when passed as context for RUN. The build environment is prepended to the intermediate continer's command string for aiding cache lookups. It also helps with build traceability. But this also makes the feature less secure from point of view of passing build time secrets. - The build-time variables also get used to expand the symbols used in certain Dockerfile primitves like ADD, COPY, USER etc, without an explicit prior definiton using a ENV primitive. These variables get persisted in the intermediate and final images whenever they are expanded. - The build-time variables are only expanded or passed to the RUN primtive if they are defined in Dockerfile using the ARG primitive or belong to list of built-in variables. HTTP_PROXY, HTTPS_PROXY, http_proxy, https_proxy, FTP_PROXY and NO_PROXY are built-in variables that needn't be explicitly defined in Dockerfile to use this feature. Signed-off-by: Madhav Puri --- Dockerfile.5.md | 120 ++++++++++++++++++++++++++++++++++++++++++++++ docker-build.1.md | 19 ++++++++ 2 files changed, 139 insertions(+) diff --git a/Dockerfile.5.md b/Dockerfile.5.md index 0b188ac33058..b29745e2e78e 100644 --- a/Dockerfile.5.md +++ b/Dockerfile.5.md @@ -317,6 +317,126 @@ A Dockerfile is similar to a Makefile. In the above example, the output of the **pwd** command is **a/b/c**. +**ARG** + -- ARG [=] + + The `ARG` instruction defines a variable that users can pass at build-time to + the builder with the `docker build` command using the `--build-arg + =` flag. If a user specifies a build argument that was not + defined in the Dockerfile, the build outputs an error. + + ``` + One or more build-args were not consumed, failing build. + ``` + + The Dockerfile author can define a single variable by specifying `ARG` once or many + variables by specifying `ARG` more than once. For example, a valid Dockerfile: + + ``` + FROM busybox + ARG user1 + ARG buildno + ... + ``` + + A Dockerfile author may optionally specify a default value for an `ARG` instruction: + + ``` + FROM busybox + ARG user1=someuser + ARG buildno=1 + ... + ``` + + If an `ARG` value has a default and if there is no value passed at build-time, the + builder uses the default. + + An `ARG` variable definition comes into effect from the line on which it is + defined in the `Dockerfile` not from the argument's use on the command-line or + elsewhere. For example, consider this Dockerfile: + + ``` + 1 FROM busybox + 2 USER ${user:-some_user} + 3 ARG user + 4 USER $user + ... + ``` + A user builds this file by calling: + + ``` + $ docker build --build-arg user=what_user Dockerfile + ``` + + The `USER` at line 2 evaluates to `some_user` as the `user` variable is defined on the + subsequent line 3. The `USER` at line 4 evaluates to `what_user` as `user` is + defined and the `what_user` value was passed on the command line. Prior to its definition by an + `ARG` instruction, any use of a variable results in an empty string. + + > **Note:** It is not recommended to use build-time variables for + > passing secrets like github keys, user credentials etc. + + You can use an `ARG` or an `ENV` instruction to specify variables that are + available to the `RUN` instruction. Environment variables defined using the + `ENV` instruction always override an `ARG` instruction of the same name. Consider + this Dockerfile with an `ENV` and `ARG` instruction. + + ``` + 1 FROM ubuntu + 2 ARG CONT_IMG_VER + 3 ENV CONT_IMG_VER v1.0.0 + 4 RUN echo $CONT_IMG_VER + ``` + Then, assume this image is built with this command: + + ``` + $ docker build --build-arg CONT_IMG_VER=v2.0.1 Dockerfile + ``` + + In this case, the `RUN` instruction uses `v1.0.0` instead of the `ARG` setting + passed by the user:`v2.0.1` This behavior is similar to a shell + script where a locally scoped variable overrides the variables passed as + arguments or inherited from environment, from its point of definition. + + Using the example above but a different `ENV` specification you can create more + useful interactions between `ARG` and `ENV` instructions: + + ``` + 1 FROM ubuntu + 2 ARG CONT_IMG_VER + 3 ENV CONT_IMG_VER ${CONT_IMG_VER:-v1.0.0} + 4 RUN echo $CONT_IMG_VER + ``` + + The command line passes the `--build-arg` and sets the `v2.0.1` value. And the `ARG + CONT_IMG_VER` is defined on line 2 of the Dockerfile. On line 3, the `ENV` + instruction of the same name resolves to `v2.0.1` as the build-time variable + was passed from the command line and expanded here. + + The variable expansion technique in this example allows you to pass arguments + from the command line and persist them in the final image by leveraging the `ENV` + instruction. Variable expansion is only supported for the `Dockerfile` instructions + described [here](#environment-replacement). + + Unlike an `ARG` instruction, `ENV` values are always persisted in the built image. If + `docker build` were run without setting the `--build-arg` flag, then + `CONT_IMG_VER` is still persisted in the image but its value would be `v1.0.0`. + + Docker has a set of predefined `ARG` variables that you can use without a + corresponding `ARG` instruction in the Dockerfile. + + * `HTTP_PROXY` + * `http_proxy` + * `HTTPS_PROXY` + * `https_proxy` + * `FTP_PROXY` + * `ftp_proxy` + * `NO_PROXY` + * `no_proxy` + + To use these, simply pass them on the command line using the `--build-arg + =` flag. + **ONBUILD** -- `ONBUILD [INSTRUCTION]` The **ONBUILD** instruction adds a trigger instruction to an image. The diff --git a/docker-build.1.md b/docker-build.1.md index a8714b775acc..f725f83aa81e 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -8,6 +8,7 @@ docker-build - Build a new image from the source code at PATH **docker build** [**--help**] [**-f**|**--file**[=*PATH/Dockerfile*]] +[**--build-arg**[=*[]*]] [**--force-rm**[=*false*]] [**--no-cache**[=*false*]] [**--pull**[=*false*]] @@ -51,6 +52,24 @@ cloned locally and then sent as the context. the remote context. In all cases, the file must be within the build context. The default is *Dockerfile*. +**--build-arg**=*variable* + Set value for build-time variable. This option allows you to specify +values of the variables that are available for expansion/substitution in the +Dockerfile instructions like ADD, COPY etc, without an explicit prior definition by +the ENV instruction. The build-time variables are also passed as environment +context for the command(s) that will be executed as part of RUN instruction +of Dockerfile, if there is no explicit prior definition by the ENV instruction. +Normally, these variables are not persisted in the resulting Docker image. This gives +the flexibility to build an image by passing host specific environment variables (like +http_proxy) that will be used on the RUN commands without affecting portability +of the generated image. +However, as with any variable, they can be persisted in the final image if they are used in an +ENV instruction (e.g. ENV myName=$myName will save myName in the image). + +Only the build-time variables that are defined using the ARG instruction of Dockerfile +are allowed to be expanded or passed as environment to the RUN command. Read more about +ARG instruction in Dockerfile reference. + **--force-rm**=*true*|*false* Always remove intermediate containers, even after unsuccessful builds. The default is *false*. From 4cd58dab8f5e07451fd7a0e520b5d7e8f4408972 Mon Sep 17 00:00:00 2001 From: Madhav Puri Date: Wed, 16 Sep 2015 01:47:10 -0700 Subject: [PATCH 073/398] incorporate doc review comments Signed-off-by: Madhav Puri --- Dockerfile.5.md | 23 ++++++++++++----------- docker-build.1.md | 25 +++++++++---------------- 2 files changed, 21 insertions(+), 27 deletions(-) diff --git a/Dockerfile.5.md b/Dockerfile.5.md index b29745e2e78e..528fb675223f 100644 --- a/Dockerfile.5.md +++ b/Dockerfile.5.md @@ -408,19 +408,20 @@ A Dockerfile is similar to a Makefile. 4 RUN echo $CONT_IMG_VER ``` - The command line passes the `--build-arg` and sets the `v2.0.1` value. And the `ARG - CONT_IMG_VER` is defined on line 2 of the Dockerfile. On line 3, the `ENV` - instruction of the same name resolves to `v2.0.1` as the build-time variable - was passed from the command line and expanded here. + Unlike an `ARG` instruction, `ENV` values are always persisted in the built + image. Consider a docker build without the --build-arg flag: - The variable expansion technique in this example allows you to pass arguments - from the command line and persist them in the final image by leveraging the `ENV` - instruction. Variable expansion is only supported for the `Dockerfile` instructions - described [here](#environment-replacement). + ``` + $ docker build Dockerfile + ``` - Unlike an `ARG` instruction, `ENV` values are always persisted in the built image. If - `docker build` were run without setting the `--build-arg` flag, then - `CONT_IMG_VER` is still persisted in the image but its value would be `v1.0.0`. + Using this Dockerfile example, `CONT_IMG_VER` is still persisted in the image but + its value would be `v1.0.0` as it is the default set in line 3 by the `ENV` instruction. + + The variable expansion technique in this example allows you to pass arguments + from the command line and persist them in the final image by leveraging the + `ENV` instruction. Variable expansion is only supported for [a limited set of + Dockerfile instructions.](#environment-replacement) Docker has a set of predefined `ARG` variables that you can use without a corresponding `ARG` instruction in the Dockerfile. diff --git a/docker-build.1.md b/docker-build.1.md index f725f83aa81e..06cdefff1ef7 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -53,22 +53,15 @@ cloned locally and then sent as the context. The default is *Dockerfile*. **--build-arg**=*variable* - Set value for build-time variable. This option allows you to specify -values of the variables that are available for expansion/substitution in the -Dockerfile instructions like ADD, COPY etc, without an explicit prior definition by -the ENV instruction. The build-time variables are also passed as environment -context for the command(s) that will be executed as part of RUN instruction -of Dockerfile, if there is no explicit prior definition by the ENV instruction. -Normally, these variables are not persisted in the resulting Docker image. This gives -the flexibility to build an image by passing host specific environment variables (like -http_proxy) that will be used on the RUN commands without affecting portability -of the generated image. -However, as with any variable, they can be persisted in the final image if they are used in an -ENV instruction (e.g. ENV myName=$myName will save myName in the image). - -Only the build-time variables that are defined using the ARG instruction of Dockerfile -are allowed to be expanded or passed as environment to the RUN command. Read more about -ARG instruction in Dockerfile reference. + name and value of a **buildarg**. + + For example, if you want to pass a value for `http_proxy`, use + `--bulid-arg=http_proxy="http://some.proxy.url"` + + Users pass these values at build-time. Docker uses the `buildargs` as the + environment context for command(s) run via the Dockerfile's `RUN` instruction + or for variable expansion in other Dockerfile instructions. This is not meant + for passing secret values. [Read more about the buildargs instruction](/reference/builder/#arg) **--force-rm**=*true*|*false* Always remove intermediate containers, even after unsuccessful builds. The default is *false*. From 3411e1b985f0d653dde878b067d5ee00c323e54a Mon Sep 17 00:00:00 2001 From: Mike Brown Date: Mon, 14 Sep 2015 14:42:31 -0500 Subject: [PATCH 074/398] man update for docker run with host volumes Signed-off-by: Mike Brown cleaning up docker run -v documentation for man and web reference guide Signed-off-by: Mike Brown --- docker-run.1.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/docker-run.1.md b/docker-run.1.md index ebb65d71c735..8639e5364da6 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -420,9 +420,17 @@ standard input. ""--ulimit""=[] Ulimit options -**-v**, **--volume**=[] - Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) - +**-v**, **--volume**=[] Create a bind mount + (format: `[host-dir:]container-dir[:]`, where suffix options +are comma delimited and selected from [rw|ro] and [z|Z].) + + (e.g., using -v /host-dir:/container-dir, bind mounts /host-dir in the +host to /container-dir in the Docker container) + + If 'host-dir' is missing, then docker automatically creates the new volume +on the host. **This auto-creation of the host path has been deprecated in +Release: v1.9.** + The **-v** option can be used one or more times to add one or more mounts to a container. These mounts can then be used in other containers using the **--volumes-from** option. @@ -457,8 +465,6 @@ For example, you can specify either `/foo` or `foo` for a `host-dir` value. If you supply the `/foo` value, Docker creates a bind-mount. If you supply the `foo` specification, Docker creates a named volume. -**Note:** Multiple Volume options can be added separated by a , (comma). - **--volumes-from**=[] Mount volumes from the specified container(s) From 8ec1fb5de10633c4d6509a6b5c58b07159425d86 Mon Sep 17 00:00:00 2001 From: Lei Jitang Date: Sun, 20 Sep 2015 18:02:28 +0800 Subject: [PATCH 075/398] Docs: correct the description of docker cp Signed-off-by: Lei Jitang --- docker.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker.1.md b/docker.1.md index 17b92849bf2c..2447fc0fa28c 100644 --- a/docker.1.md +++ b/docker.1.md @@ -184,7 +184,7 @@ unix://[/path/to/socket] to use. See **docker-commit(1)** for full documentation on the **commit** command. **cp** - Copy files/folders from a container's filesystem to the host + Copy files/folders between a container and the local filesystem See **docker-cp(1)** for full documentation on the **cp** command. **create** From 7b1be54d3b5e572e8c6deee300cb54c7e3171fed Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Wed, 9 Sep 2015 06:27:41 -0400 Subject: [PATCH 076/398] docker restarts running OR stopped containers, docs edit rm "running" Signed-off-by: Sally O'Malley --- docker-restart.1.md | 2 +- docker.1.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-restart.1.md b/docker-restart.1.md index 77f99d51a63c..9f60bc543433 100644 --- a/docker-restart.1.md +++ b/docker-restart.1.md @@ -2,7 +2,7 @@ % Docker Community % JUNE 2014 # NAME -docker-restart - Restart a running container +docker-restart - Restart a container # SYNOPSIS **docker restart** diff --git a/docker.1.md b/docker.1.md index 2447fc0fa28c..ddcfab858b0e 100644 --- a/docker.1.md +++ b/docker.1.md @@ -273,7 +273,7 @@ inside it) See **docker-rename(1)** for full documentation on the **rename** command. **restart** - Restart a running container + Restart a container See **docker-restart(1)** for full documentation on the **restart** command. **rm** From 480beabac9ea0a12f229f9e8c53fc93431c8a156 Mon Sep 17 00:00:00 2001 From: Zhang Kun Date: Mon, 21 Sep 2015 12:23:54 +0800 Subject: [PATCH 077/398] add docker server version to /info Signed-off-by: Zhang Kun --- docker-info.1.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-info.1.md b/docker-info.1.md index a3bbd798281f..1aca0b5b201f 100644 --- a/docker-info.1.md +++ b/docker-info.1.md @@ -33,6 +33,7 @@ Here is a sample output: # docker info Containers: 14 Images: 52 + Engine Version: 1.9.0 Storage Driver: aufs Root Dir: /var/lib/docker/aufs Dirs: 80 From 3a03d61a5fdaa9c34a4bc6ae41a1f6288d4c4715 Mon Sep 17 00:00:00 2001 From: qhuang Date: Wed, 23 Sep 2015 14:02:45 +0800 Subject: [PATCH 078/398] Add support for memory reservation Signed-off-by: qhuang --- docker-create.1.md | 10 ++++++++++ docker-run.1.md | 10 ++++++++++ 2 files changed, 20 insertions(+) diff --git a/docker-create.1.md b/docker-create.1.md index e82ac3381c35..e845befe97bd 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -40,6 +40,7 @@ docker-create - Create a new container [**--lxc-conf**[=*[]*]] [**-m**|**--memory**[=*MEMORY*]] [**--mac-address**[=*MAC-ADDRESS*]] +[**--memory-reservation**[=*MEMORY-RESERVATION*]] [**--memory-swap**[=*MEMORY-SWAP*]] [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] [**--name**[=*NAME*]] @@ -196,6 +197,15 @@ system's page size (the value would be very large, that's millions of trillions) **--mac-address**="" Container MAC address (e.g. 92:d0:c6:0a:29:33) +**--memory-reservation**="" + Memory soft limit (format: [], where unit = b, k, m or g) + + After setting memory reservation, when the system detects memory contention +or low memory, containers are forced to restrict their consumption to their +reservation. So you should always set the value below **--memory**, otherwise the +hard limit will take precedence. By default, memory reservation will be the same +as memory limit. + **--memory-swap**="" Total memory limit (memory + swap) diff --git a/docker-run.1.md b/docker-run.1.md index 8639e5364da6..bb7c38e01acd 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -41,6 +41,7 @@ docker-run - Run a command in a new container [**--lxc-conf**[=*[]*]] [**-m**|**--memory**[=*MEMORY*]] [**--mac-address**[=*MAC-ADDRESS*]] +[**--memory-reservation**[=*MEMORY-RESERVATION*]] [**--memory-swap**[=*MEMORY-SWAP*]] [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] [**--name**[=*NAME*]] @@ -290,6 +291,15 @@ RAM. If a limit of 0 is specified (not using **-m**), the container's memory is not limited. The actual limit may be rounded up to a multiple of the operating system's page size (the value would be very large, that's millions of trillions). +**--memory-reservation**="" + Memory soft limit (format: [], where unit = b, k, m or g) + + After setting memory reservation, when the system detects memory contention +or low memory, containers are forced to restrict their consumption to their +reservation. So you should always set the value below **--memory**, otherwise the +hard limit will take precedence. By default, memory reservation will be the same +as memory limit. + **--memory-swap**="" Total memory limit (memory + swap) From 2419e5426993174b1fcaba840bc33f4c80fb6de5 Mon Sep 17 00:00:00 2001 From: Morgan Bauer Date: Wed, 23 Sep 2015 17:38:09 -0700 Subject: [PATCH 079/398] fix typo in man page - resolve #16536 Signed-off-by: Morgan Bauer --- docker-build.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-build.1.md b/docker-build.1.md index 06cdefff1ef7..fcf2c633cd63 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -56,7 +56,7 @@ cloned locally and then sent as the context. name and value of a **buildarg**. For example, if you want to pass a value for `http_proxy`, use - `--bulid-arg=http_proxy="http://some.proxy.url"` + `--build-arg=http_proxy="http://some.proxy.url"` Users pass these values at build-time. Docker uses the `buildargs` as the environment context for command(s) run via the Dockerfile's `RUN` instruction From 774ce3a44cea8d1fbf6c45c4dca09da5bc7640d8 Mon Sep 17 00:00:00 2001 From: Shishir Mahajan Date: Thu, 17 Sep 2015 10:07:22 -0400 Subject: [PATCH 080/398] man page for docker daemon command Signed-off-by: Shishir Mahajan --- docker-daemon.8.md | 400 +++++++++++++++++++++++++++++++++++++++++++++ docker.1.md | 316 +---------------------------------- 2 files changed, 407 insertions(+), 309 deletions(-) create mode 100644 docker-daemon.8.md diff --git a/docker-daemon.8.md b/docker-daemon.8.md new file mode 100644 index 000000000000..63c43c36a464 --- /dev/null +++ b/docker-daemon.8.md @@ -0,0 +1,400 @@ +% DOCKER(1) Docker User Manuals + +% Shishir Mahajan + +% SEPTEMBER 2015 + +# NAME +docker-daemon - Enable daemon mode + +# SYNOPSIS +**docker daemon** +[**--api-cors-header**=[=*API-CORS-HEADER*]] +[**-b**|**--bridge**[=*BRIDGE*]] +[**--bip**[=*BIP*]] +[**-D**|**--debug**[=*false*]] +[**--default-gateway**[=*DEFAULT-GATEWAY*]] +[**--default-gateway-v6**[=*DEFAULT-GATEWAY-V6*]] +[**--default-ulimit**[=*[]*]] +[**--dns**[=*[]*]] +[**--dns-search**[=*[]*]] +[**-e**|**--exec-driver**[=*native*]] +[**--exec-opt**[=*[]*]] +[**--exec-root**[=*/var/run/docker*]] +[**--fixed-cidr**[=*FIXED-CIDR*]] +[**--fixed-cidr-v6**[=*FIXED-CIDR-V6*]] +[**-G**|**--group**[=*docker*]] +[**-g**|**--graph**[=*/var/lib/docker*]] +[**-H**|**--host**[=*[]*]] +[**--help**] +[**--icc**[=*true*]] +[**--insecure-registry**[=*[]*]] +[**--ip**[=*0.0.0.0*]] +[**--ip-forward**[=*true*]] +[**--ip-masq**[=*true*]] +[**--iptables**[=*true*]] +[**--ipv6**[=*false*]] +[**-l**|**--log-level**[=*info*]] +[**--label**[=*[]*]] +[**--log-driver**[=*json-file*]] +[**--log-opt**[=*map[]*]] +[**--mtu**[=*0*]] +[**-p**|**--pidfile**[=*/var/run/docker.pid*]] +[**--registry-mirror**[=*[]*]] +[**-s**|**--storage-driver**[=*STORAGE-DRIVER*]] +[**--selinux-enabled**[=*false*]] +[**--storage-opt**[=*[]*]] +[**--tls**[=*false*]] +[**--tlscacert**[=*~/.docker/ca.pem*]] +[**--tlscert**[=*~/.docker/cert.pem*]] +[**--tlskey**[=*~/.docker/key.pem*]] +[**--tlsverify**[=*false*]] +[**--userland-proxy**[=*true*]] + +# DESCRIPTION +**docker** has two distinct functions. It is used for starting the Docker +daemon and to run the CLI (i.e., to command the daemon to manage images, +containers etc.) So **docker** is both a server, as a daemon, and a client +to the daemon, through the CLI. + +To run the Docker daemon you can specify **docker daemon**. +You can check the daemon options using **docker daemon --help**. +Daemon options should be specified after the **daemon** keyword in the following +format. + +**docker daemon [OPTIONS]** + +# OPTIONS + +**--api-cors-header**="" + Set CORS headers in the remote API. Default is cors disabled. Give urls like "http://foo, http://bar, ...". Give "*" to allow all. + +**-b**, **--bridge**="" + Attach containers to a pre\-existing network bridge; use 'none' to disable container networking + +**--bip**="" + Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of \-b + +**-D**, **--debug**=*true*|*false* + Enable debug mode. Default is false. + +**--default-gateway**="" + IPv4 address of the container default gateway; this address must be part of the bridge subnet (which is defined by \-b or \--bip) + +**--default-gateway-v6**="" + IPv6 address of the container default gateway + +**--default-ulimit**=[] + Set default ulimits for containers. + +**--dns**="" + Force Docker to use specific DNS servers + +**--dns-search**=[] + DNS search domains to use. + +**-e**, **--exec-driver**="" + Force Docker to use specific exec driver. Default is `native`. + +**--exec-opt**=[] + Set exec driver options. See EXEC DRIVER OPTIONS. + +**--exec-root**="" + Path to use as the root of the Docker exec driver. Default is `/var/run/docker`. + +**--fixed-cidr**="" + IPv4 subnet for fixed IPs (e.g., 10.20.0.0/16); this subnet must be nested in the bridge subnet (which is defined by \-b or \-\-bip) + +**--fixed-cidr-v6**="" + IPv6 subnet for global IPv6 addresses (e.g., 2a00:1450::/64) + +**-G**, **--group**="" + Group to assign the unix socket specified by -H when running in daemon mode. + use '' (the empty string) to disable setting of a group. Default is `docker`. + +**-g**, **--graph**="" + Path to use as the root of the Docker runtime. Default is `/var/lib/docker`. + +**-H**, **--host**=[unix:///var/run/docker.sock]: tcp://[host:port] to bind or +unix://[/path/to/socket] to use. + The socket(s) to bind to in daemon mode specified using one or more + tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. + +**--help** + Print usage statement + +**--icc**=*true*|*false* + Allow unrestricted inter\-container and Docker daemon host communication. If disabled, containers can still be linked together using the **--link** option (see **docker-run(1)**). Default is true. + +**--insecure-registry**=[] + Enable insecure registry communication, i.e., enable un-encrypted and/or untrusted communication. + + List of insecure registries can contain an element with CIDR notation to specify a whole subnet. Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs. + + Enabling `--insecure-registry` is useful when running a local registry. However, because its use creates security vulnerabilities it should ONLY be enabled for testing purposes. For increased security, users should add their CA to their system's list of trusted CAs instead of using `--insecure-registry`. + +**--ip**="" + Default IP address to use when binding container ports. Default is `0.0.0.0`. + +**--ip-forward**=*true*|*false* + Enables IP forwarding on the Docker host. The default is `true`. This flag interacts with the IP forwarding setting on your host system's kernel. If your system has IP forwarding disabled, this setting enables it. If your system has IP forwarding enabled, setting this flag to `--ip-forward=false` has no effect. + + This setting will also enable IPv6 forwarding if you have both `--ip-forward=true` and `--fixed-cidr-v6` set. Note that this may reject Router Advertisements and interfere with the host's existing IPv6 configuration. For more information, please consult the documentation about "Advanced Networking - IPv6". + +**--ip-masq**=*true*|*false* + Enable IP masquerading for bridge's IP range. Default is true. + +**--iptables**=*true*|*false* + Enable Docker's addition of iptables rules. Default is true. + +**--ipv6**=*true*|*false* + Enable IPv6 support. Default is false. Docker will create an IPv6-enabled bridge with address fe80::1 which will allow you to create IPv6-enabled containers. Use together with `--fixed-cidr-v6` to provide globally routable IPv6 addresses. IPv6 forwarding will be enabled if not used with `--ip-forward=false`. This may collide with your host's current IPv6 settings. For more information please consult the documentation about "Advanced Networking - IPv6". + +**-l**, **--log-level**="*debug*|*info*|*warn*|*error*|*fatal*"" + Set the logging level. Default is `info`. + +**--label**="[]" + Set key=value labels to the daemon (displayed in `docker info`) + +**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*none*" + Default driver for container logs. Default is `json-file`. + **Warning**: `docker logs` command works only for `json-file` logging driver. + +**--log-opt**=[] + Logging driver specific options. + +**--mtu**=VALUE + Set the containers network mtu. Default is `0`. + +**-p**, **--pidfile**="" + Path to use for daemon PID file. Default is `/var/run/docker.pid` + +**--registry-mirror**=:// + Prepend a registry mirror to be used for image pulls. May be specified multiple times. + +**-s**, **--storage-driver**="" + Force the Docker runtime to use a specific storage driver. + +**--selinux-enabled**=*true*|*false* + Enable selinux support. Default is false. SELinux does not presently support the BTRFS storage driver. + +**--storage-opt**=[] + Set storage driver options. See STORAGE DRIVER OPTIONS. + +**--tls**=*true*|*false* + Use TLS; implied by --tlsverify. Default is false. + +**--tlscacert**=~/.docker/ca.pem + Trust certs signed only by this CA. + +**--tlscert**=~/.docker/cert.pem + Path to TLS certificate file. + +**--tlskey**=~/.docker/key.pem + Path to TLS key file. + +**--tlsverify**=*true*|*false* + Use TLS and verify the remote (daemon: verify client, client: verify daemon). + Default is false. + +**--userland-proxy**=*true*|*false* + Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is true. + +# STORAGE DRIVER OPTIONS + +Docker uses storage backends (known as "graphdrivers" in the Docker +internals) to create writable containers from images. Many of these +backends use operating system level technologies and can be +configured. + +Specify options to the storage backend with **--storage-opt** flags. The only +backend that currently takes options is *devicemapper*. Therefore use these +flags with **-s=**devicemapper. + +Specifically for devicemapper, the default is a "loopback" model which +requires no pre-configuration, but is extremely inefficient. Do not +use it in production. + +To make the best use of Docker with the devicemapper backend, you must +have a recent version of LVM. Use `lvm` to create a thin pool; for +more information see `man lvmthin`. Then, use `--storage-opt +dm.thinpooldev` to tell the Docker engine to use that pool for +allocating images and container snapshots. + +Here is the list of *devicemapper* options: + +#### dm.thinpooldev + +Specifies a custom block storage device to use for the thin pool. + +If using a block device for device mapper storage, it is best to use +`lvm` to create and manage the thin-pool volume. This volume is then +handed to Docker to create snapshot volumes needed for images and +containers. + +Managing the thin-pool outside of Docker makes for the most feature-rich method +of having Docker utilize device mapper thin provisioning as the backing storage +for Docker's containers. The highlights of the LVM-based thin-pool management +feature include: automatic or interactive thin-pool resize support, dynamically +changing thin-pool features, automatic thinp metadata checking when lvm activates +the thin-pool, etc. + +Example use: `docker daemon --storage-opt dm.thinpooldev=/dev/mapper/thin-pool` + +#### dm.basesize + +Specifies the size to use when creating the base device, which limits +the size of images and containers. The default value is 100G. Note, +thin devices are inherently "sparse", so a 100G device which is mostly +empty doesn't use 100 GB of space on the pool. However, the filesystem +will use more space for base images the larger the device +is. + +This value affects the system-wide "base" empty filesystem that may already +be initialized and inherited by pulled images. Typically, a change to this +value requires additional steps to take effect: + + $ sudo service docker stop + $ sudo rm -rf /var/lib/docker + $ sudo service docker start + +Example use: `docker daemon --storage-opt dm.basesize=20G` + +#### dm.fs + +Specifies the filesystem type to use for the base device. The +supported options are `ext4` and `xfs`. The default is `ext4`. + +Example use: `docker daemon --storage-opt dm.fs=xfs` + +#### dm.mkfsarg + +Specifies extra mkfs arguments to be used when creating the base device. + +Example use: `docker daemon --storage-opt "dm.mkfsarg=-O ^has_journal"` + +#### dm.mountopt + +Specifies extra mount options used when mounting the thin devices. + +Example use: `docker daemon --storage-opt dm.mountopt=nodiscard` + +#### dm.use_deferred_removal + +Enables use of deferred device removal if `libdm` and the kernel driver +support the mechanism. + +Deferred device removal means that if device is busy when devices are +being removed/deactivated, then a deferred removal is scheduled on +device. And devices automatically go away when last user of the device +exits. + +For example, when a container exits, its associated thin device is removed. If +that device has leaked into some other mount namespace and can't be removed, +the container exit still succeeds and this option causes the system to schedule +the device for deferred removal. It does not wait in a loop trying to remove a busy +device. + +Example use: `docker daemon --storage-opt dm.use_deferred_removal=true` + +#### dm.loopdatasize + +**Note**: This option configures devicemapper loopback, which should not be used in production. + +Specifies the size to use when creating the loopback file for the +"data" device which is used for the thin pool. The default size is +100G. The file is sparse, so it will not initially take up +this much space. + +Example use: `docker daemon --storage-opt dm.loopdatasize=200G` + +#### dm.loopmetadatasize + +**Note**: This option configures devicemapper loopback, which should not be used in production. + +Specifies the size to use when creating the loopback file for the +"metadata" device which is used for the thin pool. The default size +is 2G. The file is sparse, so it will not initially take up +this much space. + +Example use: `docker daemon --storage-opt dm.loopmetadatasize=4G` + +#### dm.datadev + +(Deprecated, use `dm.thinpooldev`) + +Specifies a custom blockdevice to use for data for a +Docker-managed thin pool. It is better to use `dm.thinpooldev` - see +the documentation for it above for discussion of the advantages. + +#### dm.metadatadev + +(Deprecated, use `dm.thinpooldev`) + +Specifies a custom blockdevice to use for metadata for a +Docker-managed thin pool. See `dm.datadev` for why this is +deprecated. + +#### dm.blocksize + +Specifies a custom blocksize to use for the thin pool. The default +blocksize is 64K. + +Example use: `docker daemon --storage-opt dm.blocksize=512K` + +#### dm.blkdiscard + +Enables or disables the use of `blkdiscard` when removing devicemapper +devices. This is disabled by default due to the additional latency, +but as a special case with loopback devices it will be enabled, in +order to re-sparsify the loopback file on image/container removal. + +Disabling this on loopback can lead to *much* faster container removal +times, but it also prevents the space used in `/var/lib/docker` directory +from being returned to the system for other use when containers are +removed. + +Example use: `docker daemon --storage-opt dm.blkdiscard=false` + +#### dm.override_udev_sync_check + +By default, the devicemapper backend attempts to synchronize with the +`udev` device manager for the Linux kernel. This option allows +disabling that synchronization, to continue even though the +configuration may be buggy. + +To view the `udev` sync support of a Docker daemon that is using the +`devicemapper` driver, run: + + $ docker info + [...] + Udev Sync Supported: true + [...] + +When `udev` sync support is `true`, then `devicemapper` and `udev` can +coordinate the activation and deactivation of devices for containers. + +When `udev` sync support is `false`, a race condition occurs between +the `devicemapper` and `udev` during create and cleanup. The race +condition results in errors and failures. (For information on these +failures, see +[docker#4036](https://github.com/docker/docker/issues/4036)) + +To allow the `docker` daemon to start, regardless of whether `udev` sync is +`false`, set `dm.override_udev_sync_check` to true: + + $ docker daemon --storage-opt dm.override_udev_sync_check=true + +When this value is `true`, the driver continues and simply warns you +the errors are happening. + +**Note**: The ideal is to pursue a `docker` daemon and environment +that does support synchronizing with `udev`. For further discussion on +this topic, see +[docker#4036](https://github.com/docker/docker/issues/4036). +Otherwise, set this flag for migrating existing Docker daemons to a +daemon with a supported environment. + +# HISTORY +Sept 2015, Originally compiled by Shishir Mahajan +based on docker.com source material and internal work. diff --git a/docker.1.md b/docker.1.md index ddcfab858b0e..88c62e7eeba8 100644 --- a/docker.1.md +++ b/docker.1.md @@ -7,15 +7,19 @@ docker \- Docker image and container command line interface # SYNOPSIS **docker** [OPTIONS] COMMAND [arg...] +**docker** daemon [ --help | ... ] + +**docker** [ --help | -v | --version ] + # DESCRIPTION **docker** has two distinct functions. It is used for starting the Docker daemon and to run the CLI (i.e., to command the daemon to manage images, containers etc.) So **docker** is both a server, as a daemon, and a client to the daemon, through the CLI. -To run the Docker daemon you do not specify any of the commands listed below but -must specify the **-d** option. The other options listed below are for the -daemon only. +To run the Docker daemon you can specify **docker daemon**. +You can view the daemon options using **docker daemon --help**. +To see the man page for the daemon, run **man docker daemon**. The Docker CLI has over 30 commands. The commands are listed below and each has its own man page which explain usage and arguments. @@ -26,128 +30,20 @@ To see the man page for a command run **man docker **. **--help** Print usage statement -**--api-cors-header**="" - Set CORS headers in the remote API. Default is cors disabled. Give urls like "http://foo, http://bar, ...". Give "*" to allow all. - -**-b**, **--bridge**="" - Attach containers to a pre\-existing network bridge; use 'none' to disable container networking - -**--bip**="" - Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of \-b - **--config**="" Specifies the location of the Docker client configuration files. The default is '~/.docker'. **-D**, **--debug**=*true*|*false* Enable debug mode. Default is false. -**-d**, **--daemon**=*true*|*false* - Enable daemon mode. Default is false. - -**--default-gateway**="" - IPv4 address of the container default gateway; this address must be part of the bridge subnet (which is defined by \-b or \--bip) - -**--default-gateway-v6**="" - IPv6 address of the container default gateway - -**--default-ulimit**=[] - Set default ulimits for containers. - -**--dns**="" - Force Docker to use specific DNS servers - -**--dns-opt**=[] - DNS options to use. - -**--dns-search**=[] - DNS search domains to use. - -**-e**, **--exec-driver**="" - Force Docker to use specific exec driver. Default is `native`. - -**--exec-opt**=[] - Set exec driver options. See EXEC DRIVER OPTIONS. - -**--exec-root**="" - Path to use as the root of the Docker exec driver. Default is `/var/run/docker`. - -**--fixed-cidr**="" - IPv4 subnet for fixed IPs (e.g., 10.20.0.0/16); this subnet must be nested in the bridge subnet (which is defined by \-b or \-\-bip) - -**--fixed-cidr-v6**="" - IPv6 subnet for global IPv6 addresses (e.g., 2a00:1450::/64) - -**-G**, **--group**="" - Group to assign the unix socket specified by -H when running in daemon mode. - use '' (the empty string) to disable setting of a group. Default is `docker`. - -**-g**, **--graph**="" - Path to use as the root of the Docker runtime. Default is `/var/lib/docker`. - **-H**, **--host**=[unix:///var/run/docker.sock]: tcp://[host:port] to bind or unix://[/path/to/socket] to use. The socket(s) to bind to in daemon mode specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. -**--icc**=*true*|*false* - Allow unrestricted inter\-container and Docker daemon host communication. If disabled, containers can still be linked together using **--link** option (see **docker-run(1)**). Default is true. - -**--insecure-registry**=[] - Enable insecure registry communication, i.e., enable un-encrypted and/or untrusted communication. - - List of insecure registries can contain an element with CIDR notation to specify a whole subnet. Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs. - - Enabling `--insecure-registry` is useful when running a local registry. However, because its use creates security vulnerabilities it should ONLY be enabled for testing purposes. For increased security, users should add their CA to their system's list of trusted CAs instead of using `--insecure-registry`. - -**--ip**="" - Default IP address to use when binding container ports. Default is `0.0.0.0`. - -**--ip-forward**=*true*|*false* - Enables IP forwarding on the Docker host. The default is `true`. This flag interacts with the IP forwarding setting on your host system's kernel. If your system has IP forwarding disabled, this setting enables it. If your system has IP forwarding enabled, setting this flag to `--ip-forward=false` has no effect. - - This setting will also enable IPv6 forwarding if you have both `--ip-forward=true` and `--fixed-cidr-v6` set. Note that this may reject Router Advertisements and interfere with the host's existing IPv6 configuration. For more information, please consult the documentation about "Advanced Networking - IPv6". - -**--ip-masq**=*true*|*false* - Enable IP masquerading for bridge's IP range. Default is true. - -**--iptables**=*true*|*false* - Enable Docker's addition of iptables rules. Default is true. - -**--ipv6**=*true*|*false* - Enable IPv6 support. Default is false. Docker will create an IPv6-enabled bridge with address fe80::1 which will allow you to create IPv6-enabled containers. Use together with `--fixed-cidr-v6` to provide globally routable IPv6 addresses. IPv6 forwarding will be enabled if not used with `--ip-forward=false`. This may collide with your host's current IPv6 settings. For more information please consult the documentation about "Advanced Networking - IPv6". - **-l**, **--log-level**="*debug*|*info*|*warn*|*error*|*fatal*"" Set the logging level. Default is `info`. -**--label**="[]" - Set key=value labels to the daemon (displayed in `docker info`) - -**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*none*" - Default driver for container logs. Default is `json-file`. - **Warning**: the `docker logs` command works only for the `json-file` and - `journald` logging drivers. - -**--log-opt**=[] - Logging driver specific options. - -**--mtu**=VALUE - Set the containers network mtu. Default is `0`. - -**-p**, **--pidfile**="" - Path to use for daemon PID file. Default is `/var/run/docker.pid` - -**--registry-mirror**=:// - Prepend a registry mirror to be used for image pulls. May be specified multiple times. - -**-s**, **--storage-driver**="" - Force the Docker runtime to use a specific storage driver. - -**--selinux-enabled**=*true*|*false* - Enable selinux support. Default is false. SELinux does not presently support the BTRFS storage driver. - -**--storage-opt**=[] - Set storage driver options. See STORAGE DRIVER OPTIONS. - **--tls**=*true*|*false* Use TLS; implied by --tlsverify. Default is false. @@ -164,9 +60,6 @@ unix://[/path/to/socket] to use. Use TLS and verify the remote (daemon: verify client, client: verify daemon). Default is false. -**--userland-proxy**=*true*|*false* - Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is true. - **-v**, **--version**=*true*|*false* Print version information and quit. Default is false. @@ -328,201 +221,6 @@ inside it) Block until a container stops, then print its exit code See **docker-wait(1)** for full documentation on the **wait** command. -# STORAGE DRIVER OPTIONS - -Docker uses storage backends (known as "graphdrivers" in the Docker -internals) to create writable containers from images. Many of these -backends use operating system level technologies and can be -configured. - -Specify options to the storage backend with **--storage-opt** flags. The only -backend that currently takes options is *devicemapper*. Therefore use these -flags with **-s=**devicemapper. - -Specifically for devicemapper, the default is a "loopback" model which -requires no pre-configuration, but is extremely inefficient. Do not -use it in production. - -To make the best use of Docker with the devicemapper backend, you must -have a recent version of LVM. Use `lvm` to create a thin pool; for -more information see `man lvmthin`. Then, use `--storage-opt -dm.thinpooldev` to tell the Docker engine to use that pool for -allocating images and container snapshots. - -Here is the list of *devicemapper* options: - -#### dm.thinpooldev - -Specifies a custom block storage device to use for the thin pool. - -If using a block device for device mapper storage, it is best to use -`lvm` to create and manage the thin-pool volume. This volume is then -handed to Docker to create snapshot volumes needed for images and -containers. - -Managing the thin-pool outside of Docker makes for the most feature-rich method -of having Docker utilize device mapper thin provisioning as the backing storage -for Docker's containers. The highlights of the LVM-based thin-pool management -feature include: automatic or interactive thin-pool resize support, dynamically -changing thin-pool features, automatic thinp metadata checking when lvm activates -the thin-pool, etc. - -Example use: `docker daemon --storage-opt dm.thinpooldev=/dev/mapper/thin-pool` - -#### dm.basesize - -Specifies the size to use when creating the base device, which limits -the size of images and containers. The default value is 100G. Note, -thin devices are inherently "sparse", so a 100G device which is mostly -empty doesn't use 100 GB of space on the pool. However, the filesystem -will use more space for base images the larger the device -is. - -This value affects the system-wide "base" empty filesystem that may already -be initialized and inherited by pulled images. Typically, a change to this -value requires additional steps to take effect: - - $ sudo service docker stop - $ sudo rm -rf /var/lib/docker - $ sudo service docker start - -Example use: `docker daemon --storage-opt dm.basesize=20G` - -#### dm.fs - -Specifies the filesystem type to use for the base device. The -supported options are `ext4` and `xfs`. The default is `ext4`. - -Example use: `docker daemon --storage-opt dm.fs=xfs` - -#### dm.mkfsarg - -Specifies extra mkfs arguments to be used when creating the base device. - -Example use: `docker daemon --storage-opt "dm.mkfsarg=-O ^has_journal"` - -#### dm.mountopt - -Specifies extra mount options used when mounting the thin devices. - -Example use: `docker daemon --storage-opt dm.mountopt=nodiscard` - -#### dm.use_deferred_removal - -Enables use of deferred device removal if `libdm` and the kernel driver -support the mechanism. - -Deferred device removal means that if device is busy when devices are -being removed/deactivated, then a deferred removal is scheduled on -device. And devices automatically go away when last user of the device -exits. - -For example, when a container exits, its associated thin device is removed. If -that device has leaked into some other mount namespace and can't be removed, -the container exit still succeeds and this option causes the system to schedule -the device for deferred removal. It does not wait in a loop trying to remove a busy -device. - -Example use: `docker daemon --storage-opt dm.use_deferred_removal=true` - -#### dm.loopdatasize - -**Note**: This option configures devicemapper loopback, which should not be used in production. - -Specifies the size to use when creating the loopback file for the -"data" device which is used for the thin pool. The default size is -100G. The file is sparse, so it will not initially take up -this much space. - -Example use: `docker daemon --storage-opt dm.loopdatasize=200G` - -#### dm.loopmetadatasize - -**Note**: This option configures devicemapper loopback, which should not be used in production. - -Specifies the size to use when creating the loopback file for the -"metadata" device which is used for the thin pool. The default size -is 2G. The file is sparse, so it will not initially take up -this much space. - -Example use: `docker daemon --storage-opt dm.loopmetadatasize=4G` - -#### dm.datadev - -(Deprecated, use `dm.thinpooldev`) - -Specifies a custom blockdevice to use for data for a -Docker-managed thin pool. It is better to use `dm.thinpooldev` - see -the documentation for it above for discussion of the advantages. - -#### dm.metadatadev - -(Deprecated, use `dm.thinpooldev`) - -Specifies a custom blockdevice to use for metadata for a -Docker-managed thin pool. See `dm.datadev` for why this is -deprecated. - -#### dm.blocksize - -Specifies a custom blocksize to use for the thin pool. The default -blocksize is 64K. - -Example use: `docker daemon --storage-opt dm.blocksize=512K` - -#### dm.blkdiscard - -Enables or disables the use of `blkdiscard` when removing devicemapper -devices. This is disabled by default due to the additional latency, -but as a special case with loopback devices it will be enabled, in -order to re-sparsify the loopback file on image/container removal. - -Disabling this on loopback can lead to *much* faster container removal -times, but it also prevents the space used in `/var/lib/docker` directory -from being returned to the system for other use when containers are -removed. - -Example use: `docker daemon --storage-opt dm.blkdiscard=false` - -#### dm.override_udev_sync_check - -By default, the devicemapper backend attempts to synchronize with the -`udev` device manager for the Linux kernel. This option allows -disabling that synchronization, to continue even though the -configuration may be buggy. - -To view the `udev` sync support of a Docker daemon that is using the -`devicemapper` driver, run: - - $ docker info - [...] - Udev Sync Supported: true - [...] - -When `udev` sync support is `true`, then `devicemapper` and `udev` can -coordinate the activation and deactivation of devices for containers. - -When `udev` sync support is `false`, a race condition occurs between -the `devicemapper` and `udev` during create and cleanup. The race -condition results in errors and failures. (For information on these -failures, see -[docker#4036](https://github.com/docker/docker/issues/4036)) - -To allow the `docker` daemon to start, regardless of whether `udev` sync is -`false`, set `dm.override_udev_sync_check` to true: - - $ docker daemon --storage-opt dm.override_udev_sync_check=true - -When this value is `true`, the driver continues and simply warns you -the errors are happening. - -**Note**: The ideal is to pursue a `docker` daemon and environment -that does support synchronizing with `udev`. For further discussion on -this topic, see -[docker#4036](https://github.com/docker/docker/issues/4036). -Otherwise, set this flag for migrating existing Docker daemons to a -daemon with a supported environment. - # EXEC DRIVER OPTIONS Use the **--exec-opt** flags to specify options to the exec-driver. The only From 0e6ff7c2271a9524d610624d230935e8b90a57c7 Mon Sep 17 00:00:00 2001 From: Richard Scothern Date: Fri, 25 Sep 2015 13:49:50 -0700 Subject: [PATCH 081/398] Command line, manpage and deprecation documentation. Signed-off-by: Richard Scothern --- docker-daemon.8.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker-daemon.8.md b/docker-daemon.8.md index 63c43c36a464..e8edc1add422 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -39,6 +39,7 @@ docker-daemon - Enable daemon mode [**--log-driver**[=*json-file*]] [**--log-opt**[=*map[]*]] [**--mtu**[=*0*]] +[**--no-legacy-registry**[=*false*]] [**-p**|**--pidfile**[=*/var/run/docker.pid*]] [**--registry-mirror**[=*[]*]] [**-s**|**--storage-driver**[=*STORAGE-DRIVER*]] @@ -166,6 +167,9 @@ unix://[/path/to/socket] to use. **--mtu**=VALUE Set the containers network mtu. Default is `0`. +**--no-legacy-registry**=*true*|*false* + Do not contact legacy registries + **-p**, **--pidfile**="" Path to use for daemon PID file. Default is `/var/run/docker.pid` From 6b65fb662b5a0160429c9dfb91d92abff20de86b Mon Sep 17 00:00:00 2001 From: Shishir Mahajan Date: Tue, 29 Sep 2015 12:31:51 -0400 Subject: [PATCH 082/398] Add dns-opt option to docker daemon man page Signed-off-by: Shishir Mahajan --- docker-daemon.8.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker-daemon.8.md b/docker-daemon.8.md index e8edc1add422..20e5e5b3707c 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -17,6 +17,7 @@ docker-daemon - Enable daemon mode [**--default-gateway-v6**[=*DEFAULT-GATEWAY-V6*]] [**--default-ulimit**[=*[]*]] [**--dns**[=*[]*]] +[**--dns-opt**[=*[]*]] [**--dns-search**[=*[]*]] [**-e**|**--exec-driver**[=*native*]] [**--exec-opt**[=*[]*]] @@ -91,6 +92,9 @@ format. **--dns**="" Force Docker to use specific DNS servers +**--dns-opt**="" + DNS options to use. + **--dns-search**=[] DNS search domains to use. From 498571ba7851e8c42cde0fc01c89fe4dd7544f22 Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Fri, 2 Oct 2015 11:24:31 -0400 Subject: [PATCH 083/398] typo man/search Signed-off-by: Sally O'Malley --- docker-search.1.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker-search.1.md b/docker-search.1.md index 3eaefd068ada..a199f80db7fc 100644 --- a/docker-search.1.md +++ b/docker-search.1.md @@ -30,8 +30,8 @@ of stars awarded, whether the image is official, and whether it is automated. **--no-trunc**=*true*|*false* Don't truncate output. The default is *false*. -**-s**, **--stars**=0 - Only displays with at least x stars +**-s**, **--stars**=X + Only displays with at least X stars. The default is zero. # EXAMPLES @@ -52,7 +52,7 @@ ranked 3 or higher: Search Docker Hub for the term 'fedora' and only display automated images ranked 1 or higher: - $ docker search -s 1 fedora + $ docker search --automated -s 1 fedora NAME DESCRIPTION STARS OFFICIAL AUTOMATED goldmann/wildfly A WildFly application server running on a ... 3 [OK] tutum/fedora-20 Fedora 20 image with SSH access. For the r... 1 [OK] From 3ba59f1e2487915bad00a2d15d6d9e2f7bd5d4be Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Sat, 3 Oct 2015 17:56:41 +0200 Subject: [PATCH 084/398] Fix man and commandline docs - missing help option in `docs/reference/commandline/*.md` (some files have it, the other I fixed didn't) - missing `[OPTIONS]` in Usage description - missing options - formatting - start/stop idempotence Signed-off-by: Antonio Murdaca --- docker-build.1.md | 11 +++++------ docker-commit.1.md | 2 +- docker-daemon.8.md | 5 +---- docker-ps.1.md | 39 +++++++++++++++++++-------------------- docker-start.1.md | 6 +++--- docker-stop.1.md | 4 ++-- docker.1.md | 4 ++-- 7 files changed, 33 insertions(+), 38 deletions(-) diff --git a/docker-build.1.md b/docker-build.1.md index fcf2c633cd63..bcf8ed2f228e 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -6,9 +6,11 @@ docker-build - Build a new image from the source code at PATH # SYNOPSIS **docker build** +[**--build-arg**[=*[]*]] +[**-c**|**--cpu-shares**[=*0*]] +[**--cgroup-parent**[=*CGROUP-PARENT*]] [**--help**] [**-f**|**--file**[=*PATH/Dockerfile*]] -[**--build-arg**[=*[]*]] [**--force-rm**[=*false*]] [**--no-cache**[=*false*]] [**--pull**[=*false*]] @@ -17,14 +19,11 @@ docker-build - Build a new image from the source code at PATH [**-t**|**--tag**[=*TAG*]] [**-m**|**--memory**[=*MEMORY*]] [**--memory-swap**[=*MEMORY-SWAP*]] -[**-c**|**--cpu-shares**[=*0*]] [**--cpu-period**[=*0*]] [**--cpu-quota**[=*0*]] [**--cpuset-cpus**[=*CPUSET-CPUS*]] [**--cpuset-mems**[=*CPUSET-MEMS*]] -[**--cgroup-parent**[=*CGROUP-PARENT*]] [**--ulimit**[=*[]*]] - PATH | URL | - # DESCRIPTION @@ -34,9 +33,9 @@ directory to the Docker daemon. The contents of this directory would be used by **ADD** commands found within the Dockerfile. Warning, this will send a lot of data to the Docker daemon depending -on the contents of the current directory. The build is run by the Docker +on the contents of the current directory. The build is run by the Docker daemon, not by the CLI, so the whole context must be transferred to the daemon. -The Docker CLI reports "Sending build context to Docker daemon" when the context is sent to +The Docker CLI reports "Sending build context to Docker daemon" when the context is sent to the daemon. When the URL to a tarball archive or to a single Dockerfile is given, no context is sent from diff --git a/docker-commit.1.md b/docker-commit.1.md index b17b37c6bc46..5912d3636d46 100644 --- a/docker-commit.1.md +++ b/docker-commit.1.md @@ -7,8 +7,8 @@ docker-commit - Create a new image from a container's changes # SYNOPSIS **docker commit** [**-a**|**--author**[=*AUTHOR*]] -[**--help**] [**-c**|**--change**[=\[*DOCKERFILE INSTRUCTIONS*\]]] +[**--help**] [**-m**|**--message**[=*MESSAGE*]] [**-p**|**--pause**[=*true*]] CONTAINER [REPOSITORY[:TAG]] diff --git a/docker-daemon.8.md b/docker-daemon.8.md index 20e5e5b3707c..b37bd25e0d28 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -1,9 +1,6 @@ % DOCKER(1) Docker User Manuals - -% Shishir Mahajan - +% Shishir Mahajan % SEPTEMBER 2015 - # NAME docker-daemon - Enable daemon mode diff --git a/docker-ps.1.md b/docker-ps.1.md index 5e21926d7368..3f3e0a39082e 100644 --- a/docker-ps.1.md +++ b/docker-ps.1.md @@ -8,16 +8,15 @@ docker-ps - List containers **docker ps** [**-a**|**--all**[=*false*]] [**--before**[=*BEFORE*]] -[**--help**] [**-f**|**--filter**[=*[]*]] +[**--format**=*"TEMPLATE"*] +[**--help**] [**-l**|**--latest**[=*false*]] [**-n**[=*-1*]] [**--no-trunc**[=*false*]] [**-q**|**--quiet**[=*false*]] [**-s**|**--size**[=*false*]] [**--since**[=*SINCE*]] -[**--format**=*"TEMPLATE"*] - # DESCRIPTION @@ -31,9 +30,6 @@ the running containers. **--before**="" Show only containers created before Id or Name, including non-running containers. -**--help** - Print usage statement - **-f**, **--filter**=[] Provide filter values. Valid filters: exited= - containers with exit code of @@ -44,6 +40,23 @@ the running containers. ancestor=([:tag]||) - filters containers that were created from the given image or a descendant. +**--format**=*"TEMPLATE"* + Pretty-print containers using a Go template. + Valid placeholders: + .ID - Container ID + .Image - Image ID + .Command - Quoted command + .CreatedAt - Time when the container was created. + .RunningFor - Elapsed time since the container was started. + .Ports - Exposed ports. + .Status - Container status. + .Size - Container disk size. + .Labels - All labels asigned to the container. + .Label - Value of a specific label for this container. For example `{{.Label "com.docker.swarm.cpu"}}` + +**--help** + Print usage statement + **-l**, **--latest**=*true*|*false* Show only the latest created container, include non-running ones. The default is *false*. @@ -62,20 +75,6 @@ the running containers. **--since**="" Show only containers created since Id or Name, include non-running ones. -**--format**=*"TEMPLATE"* - Pretty-print containers using a Go template. - Valid placeholders: - .ID - Container ID - .Image - Image ID - .Command - Quoted command - .CreatedAt - Time when the container was created. - .RunningFor - Elapsed time since the container was started. - .Ports - Exposed ports. - .Status - Container status. - .Size - Container disk size. - .Labels - All labels asigned to the container. - .Label - Value of a specific label for this container. For example `{{.Label "com.docker.swarm.cpu"}}` - # EXAMPLES # Display all containers, including non-running diff --git a/docker-start.1.md b/docker-start.1.md index 523b315594ca..2e1191b09503 100644 --- a/docker-start.1.md +++ b/docker-start.1.md @@ -2,7 +2,7 @@ % Docker Community % JUNE 2014 # NAME -docker-start - Start one or more stopped containers +docker-start - Start one or more containers # SYNOPSIS **docker start** @@ -13,7 +13,7 @@ CONTAINER [CONTAINER...] # DESCRIPTION -Start one or more stopped containers. +Start one or more containers. # OPTIONS **-a**, **--attach**=*true*|*false* @@ -26,7 +26,7 @@ Start one or more stopped containers. Attach container's STDIN. The default is *false*. # See also -**docker-stop(1)** to stop a running container. +**docker-stop(1)** to stop a container. # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) diff --git a/docker-stop.1.md b/docker-stop.1.md index 4939070d9751..c4daffa3bb90 100644 --- a/docker-stop.1.md +++ b/docker-stop.1.md @@ -2,7 +2,7 @@ % Docker Community % JUNE 2014 # NAME -docker-stop - Stop a running container by sending SIGTERM and then SIGKILL after a grace period +docker-stop - Stop a container by sending SIGTERM and then SIGKILL after a grace period # SYNOPSIS **docker stop** @@ -11,7 +11,7 @@ docker-stop - Stop a running container by sending SIGTERM and then SIGKILL after CONTAINER [CONTAINER...] # DESCRIPTION -Stop a running container (Send SIGTERM, and then SIGKILL after +Stop a container (Send SIGTERM, and then SIGKILL after grace period) # OPTIONS diff --git a/docker.1.md b/docker.1.md index 88c62e7eeba8..41329deb3bb0 100644 --- a/docker.1.md +++ b/docker.1.md @@ -190,7 +190,7 @@ inside it) See **docker-search(1)** for full documentation on the **search** command. **start** - Start a stopped container + Start a container See **docker-start(1)** for full documentation on the **start** command. **stats** @@ -198,7 +198,7 @@ inside it) See **docker-stats(1)** for full documentation on the **stats** command. **stop** - Stop a running container + Stop a container See **docker-stop(1)** for full documentation on the **stop** command. **tag** From 44c92253e2000a5eb7b1e5854aa414810571f05e Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Tue, 6 Oct 2015 17:37:21 -0400 Subject: [PATCH 085/398] devmapper: Provide option to enabled deferred device deletion Provide a command line option dm.use_deferred_deletion to enable deferred device deletion feature. By default feature will be turned off. Not sure if there is much value in deferred deletion being turned on without deferred removal being turned on. So for now, this feature can be enabled only if deferred removal is on. Signed-off-by: Vivek Goyal --- docker-daemon.8.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/docker-daemon.8.md b/docker-daemon.8.md index b37bd25e0d28..59ba4d54f23a 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -302,6 +302,28 @@ device. Example use: `docker daemon --storage-opt dm.use_deferred_removal=true` +#### dm.use_deferred_deletion + +Enables use of deferred device deletion for thin pool devices. By default, +thin pool device deletion is synchronous. Before a container is deleted, the +Docker daemon removes any associated devices. If the storage driver can not +remove a device, the container deletion fails and daemon returns. + +`Error deleting container: Error response from daemon: Cannot destroy container` + +To avoid this failure, enable both deferred device deletion and deferred +device removal on the daemon. + +`docker daemon --storage-opt dm.use_deferred_deletion=true --storage-opt dm.use_deferred_removal=true` + +With these two options enabled, if a device is busy when the driver is +deleting a container, the driver marks the device as deleted. Later, when the +device isn't in use, the driver deletes it. + +In general it should be safe to enable this option by default. It will help +when unintentional leaking of mount point happens across multiple mount +namespaces. + #### dm.loopdatasize **Note**: This option configures devicemapper loopback, which should not be used in production. From 325e354490a3b3be1ebc3f3d4184af51046a4e30 Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Tue, 6 Oct 2015 15:45:32 -0700 Subject: [PATCH 086/398] change flag name to better follow the other flags that start with disable; Signed-off-by: Jessica Frazelle --- docker-daemon.8.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docker-daemon.8.md b/docker-daemon.8.md index 59ba4d54f23a..c9bec5d552eb 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -13,6 +13,7 @@ docker-daemon - Enable daemon mode [**--default-gateway**[=*DEFAULT-GATEWAY*]] [**--default-gateway-v6**[=*DEFAULT-GATEWAY-V6*]] [**--default-ulimit**[=*[]*]] +[**--disable-legacy-registry**[=*false*]] [**--dns**[=*[]*]] [**--dns-opt**[=*[]*]] [**--dns-search**[=*[]*]] @@ -37,7 +38,6 @@ docker-daemon - Enable daemon mode [**--log-driver**[=*json-file*]] [**--log-opt**[=*map[]*]] [**--mtu**[=*0*]] -[**--no-legacy-registry**[=*false*]] [**-p**|**--pidfile**[=*/var/run/docker.pid*]] [**--registry-mirror**[=*[]*]] [**-s**|**--storage-driver**[=*STORAGE-DRIVER*]] @@ -86,6 +86,9 @@ format. **--default-ulimit**=[] Set default ulimits for containers. +**--disable-legacy-registry**=*true*|*false* + Do not contact legacy registries + **--dns**="" Force Docker to use specific DNS servers @@ -133,7 +136,7 @@ unix://[/path/to/socket] to use. List of insecure registries can contain an element with CIDR notation to specify a whole subnet. Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs. - Enabling `--insecure-registry` is useful when running a local registry. However, because its use creates security vulnerabilities it should ONLY be enabled for testing purposes. For increased security, users should add their CA to their system's list of trusted CAs instead of using `--insecure-registry`. + Enabling `--insecure-registry` is useful when running a local registry. However, because its use creates security vulnerabilities it should ONLY be enabled for testing purposes. For increased security, users should add their CA to their system's list of trusted CAs instead of using `--insecure-registry`. **--ip**="" Default IP address to use when binding container ports. Default is `0.0.0.0`. @@ -168,9 +171,6 @@ unix://[/path/to/socket] to use. **--mtu**=VALUE Set the containers network mtu. Default is `0`. -**--no-legacy-registry**=*true*|*false* - Do not contact legacy registries - **-p**, **--pidfile**="" Path to use for daemon PID file. Default is `/var/run/docker.pid` From 3c62ee271a550cbc0af95d597f02a7c445124b0d Mon Sep 17 00:00:00 2001 From: Luca Marturana Date: Fri, 9 Oct 2015 10:48:18 +0200 Subject: [PATCH 087/398] Sync with remote API Signed-off-by: Luca Marturana Sync also container events Signed-off-by: Luca Marturana Sync also man page Signed-off-by: Luca Marturana --- docker-events.1.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-events.1.md b/docker-events.1.md index f854bbc1ad40..87d921cdaaa7 100644 --- a/docker-events.1.md +++ b/docker-events.1.md @@ -18,11 +18,11 @@ information and real-time information. Docker containers will report the following events: - create, destroy, die, export, kill, pause, restart, start, stop, unpause + attach, commit, copy, create, destroy, die, exec_create, exec_start, export, kill, oom, pause, rename, resize, restart, start, stop, top, unpause and Docker images will report: - untag, delete + delete, import, pull, push, tag, untag # OPTIONS **--help** From f4b817037ad9a8959ab3feb2e8bc0e2f79b96bc8 Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Fri, 2 Oct 2015 07:26:13 -0400 Subject: [PATCH 088/398] add clarity/fix typos man/docker-build add needed clarity for 1) using STDIN to pass build context 2) --cpu-shares flag use also a few typos Signed-off-by: Sally O'Malley --- docker-build.1.md | 62 +++++++++++++++++++++++++++++++---------------- 1 file changed, 41 insertions(+), 21 deletions(-) diff --git a/docker-build.1.md b/docker-build.1.md index bcf8ed2f228e..4bfadcbe49e5 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -39,8 +39,9 @@ The Docker CLI reports "Sending build context to Docker daemon" when the context the daemon. When the URL to a tarball archive or to a single Dockerfile is given, no context is sent from -the client to the Docker daemon. When a Git repository is set as the **URL**, the repository is -cloned locally and then sent as the context. +the client to the Docker daemon. In this case, the Dockerfile at the root of the archive and +the rest of the archive will get used as the context of the build. When a Git repository is +set as the **URL**, the repository is cloned locally and then sent as the context. # OPTIONS **-f**, **--file**=*PATH/Dockerfile* @@ -92,32 +93,50 @@ cloned locally and then sent as the context. **-c**, **--cpu-shares**=*0* CPU shares (relative weight). - By default, all containers get the same proportion of CPU cycles. You can - change this proportion by adjusting the container's CPU share weighting - relative to the weighting of all other running containers. + By default, all containers get the same proportion of CPU cycles. + CPU shares is a 'relative weight', relative to the default setting of 1024. + This default value is defined here: + ``` + cat /sys/fs/cgroup/cpu/cpu.shares + 1024 + ``` + You can change this proportion by adjusting the container's CPU share + weighting relative to the weighting of all other running containers. - To modify the proportion from the default of 1024, use the **-c** or - **--cpu-shares** flag to set the weighting to 2 or higher. + To modify the proportion from the default of 1024, use the **--cpu-shares** + flag to set the weighting to 2 or higher. + + Container CPU share Flag + {C0} 60% of CPU --cpu-shares=614 (614 is 60% of 1024) + {C1} 40% of CPU --cpu-shares=410 (410 is 40% of 1024) The proportion is only applied when CPU-intensive processes are running. When tasks in one container are idle, the other containers can use the left-over CPU time. The actual amount of CPU time used varies depending on the number of containers running on the system. - For example, consider three containers, one has a cpu-share of 1024 and - two others have a cpu-share setting of 512. When processes in all three + For example, consider three containers, where one has **--cpu-shares=1024** and + two others have **--cpu-shares=512**. When processes in all three containers attempt to use 100% of CPU, the first container would receive - 50% of the total CPU time. If you add a fourth container with a cpu-share - of 1024, the first container only gets 33% of the CPU. The remaining containers + 50% of the total CPU time. If you add a fourth container with **--cpu-shares=1024**, + the first container only gets 33% of the CPU. The remaining containers receive 16.5%, 16.5% and 33% of the CPU. + + Container CPU share Flag CPU time + {C0} 100% --cpu-shares=1024 33% + {C1} 50% --cpu-shares=512 16.5% + {C2} 50% --cpu-shares=512 16.5% + {C4} 100% --cpu-shares=1024 33% + + On a multi-core system, the shares of CPU time are distributed across the CPU cores. Even if a container is limited to less than 100% of CPU time, it can use 100% of each individual CPU core. For example, consider a system with more than three cores. If you start one - container **{C0}** with **-c=512** running one process, and another container - **{C1}** with **-c=1024** running two processes, this can result in the following + container **{C0}** with **--cpu-shares=512** running one process, and another container + **{C1}** with **--cpu-shares=1024** running two processes, this can result in the following division of CPU shares: PID container CPU CPU share @@ -141,7 +160,7 @@ kernel to restrict the container's CPU usage to the quota you specify. CPUs in which to allow execution (0-3, 0,1). **--cpuset-mems**=*CPUSET-MEMS* - Memory nodes (MEMs) in which to allow execution (-1-3, 0,1). Only effective on + Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems. For example, if you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1` @@ -203,16 +222,16 @@ name, and tag (where the tag in this context means the qualifier after the ":"). In this example we build a JBoss image for the Fedora repository and give it the version 1.0: - docker build -t fedora/jboss:1.0 + docker build -t fedora/jboss:1.0 . The next example is for the "whenry" user repository and uses Fedora and JBoss and gives it the version 2.1 : - docker build -t whenry/fedora-jboss:v2.1 + docker build -t whenry/fedora-jboss:v2.1 . If you do not provide a version tag then Docker will assign `latest`: - docker build -t whenry/fedora-jboss + docker build -t whenry/fedora-jboss . When you list the images, the image above will have the tag `latest`. @@ -228,16 +247,17 @@ as context. The Dockerfile at the root of the repository is used as Dockerfile. This only works if the GitHub repository is a dedicated repository. - docker build github.com/scollier/Fedora-Dockerfiles/tree/master/apache + docker build github.com/scollier/purpletest Note: You can set an arbitrary Git repository via the `git://` schema. ## Building an image using a URL to a tarball'ed context This will send the URL itself to the Docker daemon. The daemon will fetch the -tarball archive, decompress it and use its contents as the build context. If you -pass an *-f PATH/Dockerfile* option as well, the system will look for that file -inside the contents of the tarball. +tarball archive, decompress it and use its contents as the build context. The +Dockerfile at the root of the archive and the rest of the archive will get used +as the context of the build. If you pass an **-f PATH/Dockerfile** option as well, +the system will look for that file inside the contents of the tarball. docker build -f dev/Dockerfile https://10.10.10.1/docker/context.tar.gz From 92b65b18636417b7575ffdafb5680da85b3f865c Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Fri, 21 Aug 2015 23:28:49 +1000 Subject: [PATCH 089/398] Default the tcp port to 2376 if tls is on, and 2375 if not Refactor so that the Host flag validation doesn't destroy the user's input, and then post process the flags when we know the TLS options Signed-off-by: Sven Dowideit --- docker.1.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docker.1.md b/docker.1.md index 41329deb3bb0..18df3b5cf297 100644 --- a/docker.1.md +++ b/docker.1.md @@ -36,10 +36,12 @@ To see the man page for a command run **man docker **. **-D**, **--debug**=*true*|*false* Enable debug mode. Default is false. -**-H**, **--host**=[unix:///var/run/docker.sock]: tcp://[host:port] to bind or +**-H**, **--host**=[unix:///var/run/docker.sock]: tcp://[host]:[port][path] to bind or unix://[/path/to/socket] to use. The socket(s) to bind to in daemon mode specified using one or more - tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. + tcp://host:port/path, unix:///path/to/socket, fd://* or fd://socketfd. + If the tcp port is not specified, then it will default to either `2375` when + `--tls` is off, or `2376` when `--tls` is on, or `--tlsverify` is specified. **-l**, **--log-level**="*debug*|*info*|*warn*|*error*|*fatal*"" Set the logging level. Default is `info`. From b02bdb255e01bee6070257494cb4cafe6b433eac Mon Sep 17 00:00:00 2001 From: Zhang Kun Date: Fri, 25 Sep 2015 20:49:02 +0800 Subject: [PATCH 090/398] add size to inspect Signed-off-by: Zhang Kun --- docker-inspect.1.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/docker-inspect.1.md b/docker-inspect.1.md index 3d1db2ed3ecb..3a5168b9793a 100644 --- a/docker-inspect.1.md +++ b/docker-inspect.1.md @@ -8,6 +8,7 @@ docker-inspect - Return low-level information on a container or image **docker inspect** [**--help**] [**-f**|**--format**[=*FORMAT*]] +[**-s**|**--size**[=*false*]] [**--type**=*container*|*image*] CONTAINER|IMAGE [CONTAINER|IMAGE...] @@ -25,6 +26,9 @@ each result. **-f**, **--format**="" Format the output using the given Go template. +**-s**, **--size**=false + Display total file sizes if the type is container. + **--type**=*container*|*image* Return JSON for specified type, permissible values are "image" or "container" @@ -205,6 +209,18 @@ output: You can get more information about how to write a Go template from: https://golang.org/pkg/text/template/. +## Getting size information on an container + + $ docker inspect -s d2cc496561d6 + [ + { + .... + "SizeRw": 0, + "SizeRootFs": 972, + .... + } + ] + ## Getting information on an image Use an image's ID or name (e.g., repository/name[:tag]) to get information From 579216eb017194706246ecc4f680421e1294fd99 Mon Sep 17 00:00:00 2001 From: Daniel Hiltgen Date: Fri, 9 Oct 2015 09:04:34 -0700 Subject: [PATCH 091/398] Document updates for cluster-store-opt This updates the docs for the daemon based on the new cluster-store-opt for TLS support. Signed-off-by: Daniel Hiltgen --- docker-daemon.8.md | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/docker-daemon.8.md b/docker-daemon.8.md index c9bec5d552eb..accc3b1dbb2c 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -9,6 +9,9 @@ docker-daemon - Enable daemon mode [**--api-cors-header**=[=*API-CORS-HEADER*]] [**-b**|**--bridge**[=*BRIDGE*]] [**--bip**[=*BIP*]] +[**--cluster-store**[=*[]*]] +[**--cluster-advertise**[=*[]*]] +[**--cluster-store-opt**[=*map[]*]] [**-D**|**--debug**[=*false*]] [**--default-gateway**[=*DEFAULT-GATEWAY*]] [**--default-gateway-v6**[=*DEFAULT-GATEWAY-V6*]] @@ -74,6 +77,16 @@ format. **--bip**="" Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of \-b +**--cluster-store**="" + URL of the distributed storage backend + +**--cluster-advertise**="" + Specifies the 'host:port' combination that this particular daemon instance should use when advertising + itself to the cluster. The daemon is reached by remote hosts on this 'host:port' combination. + +**--cluster-store-opt**="" + Specifies options for the Key/Value store. + **-D**, **--debug**=*true*|*false* Enable debug mode. Default is false. @@ -422,6 +435,31 @@ this topic, see Otherwise, set this flag for migrating existing Docker daemons to a daemon with a supported environment. +# CLUSTER STORE OPTIONS + +The daemon uses libkv to advertise +the node within the cluster. Some Key/Value backends support mutual +TLS, and the client TLS settings used by the daemon can be configured +using the **--cluster-store-opt** flag, specifying the paths to PEM encoded +files. + +#### kv.cacertfile + +Specifies the path to a local file with PEM encoded CA certificates to trust + +#### kv.certfile + +Specifies the path to a local file with a PEM encoded certificate. This +certificate is used as the client cert for communication with the +Key/Value store. + +#### kv.keyfile + +Specifies the path to a local file with a PEM encoded private key. This +private key is used as the client key for communication with the +Key/Value store. + + # HISTORY Sept 2015, Originally compiled by Shishir Mahajan based on docker.com source material and internal work. From 3dcac6f034ee9babddc2bc783edb0976694287e3 Mon Sep 17 00:00:00 2001 From: Mike Brown Date: Mon, 12 Oct 2015 16:59:25 -0500 Subject: [PATCH 092/398] updating docs for EXPOSE option on run command; fixes #16634 Signed-off-by: Mike Brown --- Dockerfile.5.md | 2 +- docker-run.1.md | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/Dockerfile.5.md b/Dockerfile.5.md index 528fb675223f..c5e5bea518b1 100644 --- a/Dockerfile.5.md +++ b/Dockerfile.5.md @@ -185,7 +185,7 @@ A Dockerfile is similar to a Makefile. -- `EXPOSE [...]` The **EXPOSE** instruction informs Docker that the container listens on the specified network ports at runtime. Docker uses this information to - interconnect containers using links, and to set up port redirection on the host + interconnect containers using links and to set up port redirection on the host system. **ENV** diff --git a/docker-run.1.md b/docker-run.1.md index bb7c38e01acd..443933457f2d 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -223,7 +223,10 @@ ENTRYPOINT. Read in a line delimited file of environment variables **--expose**=[] - Expose a port, or a range of ports (e.g. --expose=3300-3310), from the container without publishing it to your host + Expose a port, or a range of ports (e.g. --expose=3300-3310) informs Docker +that the container listens on the specified network ports at runtime. Docker +uses this information to interconnect containers using links and to set up port +redirection on the host system. **--group-add**=[] Add additional groups to run as From 76960ebf9668def793356671163c7d7506fd3345 Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Tue, 13 Oct 2015 11:12:30 -0400 Subject: [PATCH 093/398] various man page typos Signed-off-by: Sally O'Malley --- docker-attach.1.md | 2 +- docker-export.1.md | 4 +++- docker-import.1.md | 10 +++++----- docker-inspect.1.md | 7 ++++--- docker-rename.1.md | 2 ++ docker-rm.1.md | 4 ++-- docker-stats.1.md | 1 + 7 files changed, 18 insertions(+), 12 deletions(-) diff --git a/docker-attach.1.md b/docker-attach.1.md index 1f73d8c9bb6d..658228cddbd5 100644 --- a/docker-attach.1.md +++ b/docker-attach.1.md @@ -6,7 +6,7 @@ docker-attach - Attach to a running container # SYNOPSIS **docker attach** -[**--help**]/ +[**--help**] [**--no-stdin**[=*false*]] [**--sig-proxy**[=*true*]] CONTAINER diff --git a/docker-export.1.md b/docker-export.1.md index f3096eacfc7d..3d59e4788ed1 100644 --- a/docker-export.1.md +++ b/docker-export.1.md @@ -7,6 +7,7 @@ docker-export - Export the contents of a container's filesystem as a tar archive # SYNOPSIS **docker export** [**--help**] +[**-o**|**--output**[=*""*]] CONTAINER # DESCRIPTION @@ -19,8 +20,9 @@ Stream to a file instead of STDOUT by using **-o**. # OPTIONS **--help** Print usage statement + **-o**, **--output**="" - Write to a file, instead of STDOUT + Write to a file, instead of STDOUT # EXAMPLES Export the contents of the container called angry_bell to a tar file diff --git a/docker-import.1.md b/docker-import.1.md index b812b8306856..0509dd0d677e 100644 --- a/docker-import.1.md +++ b/docker-import.1.md @@ -6,16 +6,19 @@ docker-import - Create an empty filesystem image and import the contents of the # SYNOPSIS **docker import** -[**-c**|**--change**[= []**]] +[**-c**|**--change**[=*[]*]] [**-m**|**--message**[=*MESSAGE*]] [**--help**] -file|URL|- [REPOSITORY[:TAG]] +file|URL|**-**[REPOSITORY[:TAG]] # OPTIONS **-c**, **--change**=[] Apply specified Dockerfile instructions while importing the image Supported Dockerfile instructions: `CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR` +**--help** + Print usage statement + **-m**, **--message**="" Set commit message for imported image @@ -23,9 +26,6 @@ file|URL|- [REPOSITORY[:TAG]] Create a new filesystem image from the contents of a tarball (`.tar`, `.tar.gz`, `.tgz`, `.bzip`, `.tar.xz`, `.txz`) into it, then optionally tag it. -# OPTIONS -**--help** - Print usage statement # EXAMPLES diff --git a/docker-inspect.1.md b/docker-inspect.1.md index 3a5168b9793a..82a7907d2206 100644 --- a/docker-inspect.1.md +++ b/docker-inspect.1.md @@ -34,8 +34,8 @@ each result. # EXAMPLES -Getting information on an image where image name conflict with the container name, -e,g both image and container are named rhel7. +Get information about an image when image name conflicts with the container name, +e.g. both image and container are named rhel7: $ docker inspect --type=image rhel7 [ @@ -224,7 +224,7 @@ https://golang.org/pkg/text/template/. ## Getting information on an image Use an image's ID or name (e.g., repository/name[:tag]) to get information -on it. +about the image: $ docker inspect ded7cd95e059 [{ @@ -305,3 +305,4 @@ April 2014, originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. June 2014, updated by Sven Dowideit April 2015, updated by Qiang Huang +October 2015, updated by Sally O'Malley diff --git a/docker-rename.1.md b/docker-rename.1.md index f741a15b479d..aa19a03ae784 100644 --- a/docker-rename.1.md +++ b/docker-rename.1.md @@ -11,3 +11,5 @@ OLD_NAME NEW_NAME # OPTIONS There are no available options. +# DESCRIPTION +Rename a container. Container may be running, paused or stopped. diff --git a/docker-rm.1.md b/docker-rm.1.md index 5753cb1cd7f8..af73b804c97a 100644 --- a/docker-rm.1.md +++ b/docker-rm.1.md @@ -33,7 +33,7 @@ containers on a host use the **docker ps -a** command. # EXAMPLES -##Removing a container using its ID## +## Removing a container using its ID To remove a container using its ID, find either from a **docker ps -a** command, or use the ID returned from the **docker run** command, or retrieve @@ -41,7 +41,7 @@ it from a file used to store it using the **docker run --cidfile**: docker rm abebf7571666 -##Removing a container using the container name## +## Removing a container using the container name The name of the container can be found using the **docker ps -a** command. The use that name as follows: diff --git a/docker-stats.1.md b/docker-stats.1.md index b8dd119138d2..6bfa59e40fd3 100644 --- a/docker-stats.1.md +++ b/docker-stats.1.md @@ -7,6 +7,7 @@ docker-stats - Display a live stream of one or more containers' resource usage s # SYNOPSIS **docker stats** [**--help**] +[**--no-stream**[=*false*]] CONTAINER [CONTAINER...] # DESCRIPTION From c1bb4711d989ee2a03d0ccfe556fbcc4fd78fcde Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Wed, 14 Oct 2015 10:45:12 -0400 Subject: [PATCH 094/398] add clarity to -p option Signed-off-by: Sally O'Malley --- docker-run.1.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/docker-run.1.md b/docker-run.1.md index 443933457f2d..e59e414f3e15 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -353,10 +353,14 @@ ports and the exposed ports, use `docker port`. **-p**, **--publish**=[] Publish a container's port, or range of ports, to the host. - format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort - Both hostPort and containerPort can be specified as a range of ports. - When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`) - (use 'docker port' to see the actual mapping) + + Format: `ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort` +Both hostPort and containerPort can be specified as a range of ports. +When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. +(e.g., `docker run -p 1234-1236:1222-1224 --name thisWorks -t busybox` +but not `docker run -p 1230-1236:1230-1240 --name RangeContainerPortsBiggerThanRangeHostPorts -t busybox`) +With ip: `docker run -p 127.0.0.1:$HOSTPORT:$CONTAINERPORT --name CONTAINER -t someimage` +Use `docker port` to see the actual mapping: `docker port CONTAINER $CONTAINERPORT` **--pid**=host Set the PID mode for the container From fc0731c7815df963fa3bf232730af0a470e1d7d1 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Wed, 14 Oct 2015 17:24:13 -0700 Subject: [PATCH 095/398] use Server Version Signed-off-by: Victor Vieux --- docker-info.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-info.1.md b/docker-info.1.md index 1aca0b5b201f..f67a4fb00cce 100644 --- a/docker-info.1.md +++ b/docker-info.1.md @@ -33,7 +33,7 @@ Here is a sample output: # docker info Containers: 14 Images: 52 - Engine Version: 1.9.0 + Server Version: 1.9.0 Storage Driver: aufs Root Dir: /var/lib/docker/aufs Dirs: 80 From 49df46506bb2caf16f18f55753058d09b8605e3b Mon Sep 17 00:00:00 2001 From: GabrielNicolasAvellaneda Date: Thu, 15 Oct 2015 19:54:35 -0300 Subject: [PATCH 096/398] MINOR typo fix. Signed-off-by: GabrielNicolasAvellaneda --- docker-run.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-run.1.md b/docker-run.1.md index e59e414f3e15..11fbbcd5a140 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -421,7 +421,7 @@ its root filesystem mounted as read only prohibiting any writes. When set to true Docker can allocate a pseudo-tty and attach to the standard input of any container. This can be used, for example, to run a throwaway -interactive shell. The default is value is false. +interactive shell. The default is false. The **-t** option is incompatible with a redirection of the docker client standard input. From 436b535e9afbbea1eed7155b378ecc6ca6585b63 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Fri, 16 Oct 2015 21:05:18 +0200 Subject: [PATCH 097/398] Deprecate -c cli short variant flag in docker cli - build - create Signed-off-by: Vincent Demeester --- docker-build.1.md | 4 ++-- docker-create.1.md | 4 ++-- docker-run.1.md | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docker-build.1.md b/docker-build.1.md index 4bfadcbe49e5..876d6fa9bb3a 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -7,7 +7,7 @@ docker-build - Build a new image from the source code at PATH # SYNOPSIS **docker build** [**--build-arg**[=*[]*]] -[**-c**|**--cpu-shares**[=*0*]] +[**--cpu-shares**[=*0*]] [**--cgroup-parent**[=*CGROUP-PARENT*]] [**--help**] [**-f**|**--file**[=*PATH/Dockerfile*]] @@ -90,7 +90,7 @@ set as the **URL**, the repository is cloned locally and then sent as the contex **--memory-swap**=*MEMORY-SWAP* Total memory (memory + swap), '-1' to disable swap. -**-c**, **--cpu-shares**=*0* +**--cpu-shares**=*0* CPU shares (relative weight). By default, all containers get the same proportion of CPU cycles. diff --git a/docker-create.1.md b/docker-create.1.md index e845befe97bd..ecea12c5f842 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -9,7 +9,7 @@ docker-create - Create a new container [**-a**|**--attach**[=*[]*]] [**--add-host**[=*[]*]] [**--blkio-weight**[=*[BLKIO-WEIGHT]*]] -[**-c**|**--cpu-shares**[=*0*]] +[**--cpu-shares**[=*0*]] [**--cap-add**[=*[]*]] [**--cap-drop**[=*[]*]] [**--cgroup-parent**[=*CGROUP-PATH*]] @@ -83,7 +83,7 @@ The initial status of the container created with **docker create** is 'created'. **--blkio-weight**=0 Block IO weight (relative weight) accepts a weight value between 10 and 1000. -**-c**, **--cpu-shares**=0 +**--cpu-shares**=0 CPU shares (relative weight) **--cap-add**=[] diff --git a/docker-run.1.md b/docker-run.1.md index 11fbbcd5a140..cb00f971e54d 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -9,7 +9,7 @@ docker-run - Run a command in a new container [**-a**|**--attach**[=*[]*]] [**--add-host**[=*[]*]] [**--blkio-weight**[=*[BLKIO-WEIGHT]*]] -[**-c**|**--cpu-shares**[=*0*]] +[**--cpu-shares**[=*0*]] [**--cap-add**[=*[]*]] [**--cap-drop**[=*[]*]] [**--cgroup-parent**[=*CGROUP-PATH*]] @@ -100,14 +100,14 @@ option can be set multiple times. **--blkio-weight**=0 Block IO weight (relative weight) accepts a weight value between 10 and 1000. -**-c**, **--cpu-shares**=0 +**--cpu-shares**=0 CPU shares (relative weight) By default, all containers get the same proportion of CPU cycles. This proportion can be modified by changing the container's CPU share weighting relative to the weighting of all other running containers. -To modify the proportion from the default of 1024, use the **-c** or **--cpu-shares** +To modify the proportion from the default of 1024, use the **--cpu-shares** flag to set the weighting to 2 or higher. The proportion will only apply when CPU-intensive processes are running. From 69a6a4fbf0b0dbaf428f5faf2d7a9f592bcef7c7 Mon Sep 17 00:00:00 2001 From: Shijiang Wei Date: Sun, 30 Aug 2015 21:48:03 +0800 Subject: [PATCH 098/398] Add ability to add multiple tags with docker build Signed-off-by: Shijiang Wei --- docker-build.1.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/docker-build.1.md b/docker-build.1.md index 876d6fa9bb3a..4bf4deea591b 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -16,7 +16,7 @@ docker-build - Build a new image from the source code at PATH [**--pull**[=*false*]] [**-q**|**--quiet**[=*false*]] [**--rm**[=*true*]] -[**-t**|**--tag**[=*TAG*]] +[**-t**|**--tag**[=*[]*]] [**-m**|**--memory**[=*MEMORY*]] [**--memory-swap**[=*MEMORY-SWAP*]] [**--cpu-period**[=*0*]] @@ -82,7 +82,7 @@ set as the **URL**, the repository is cloned locally and then sent as the contex Remove intermediate containers after a successful build. The default is *true*. **-t**, **--tag**="" - Repository name (and optionally a tag) to be applied to the resulting image in case of success + Repository names (and optionally with tags) to be applied to the resulting image in case of success. **-m**, **--memory**=*MEMORY* Memory limit @@ -235,6 +235,14 @@ If you do not provide a version tag then Docker will assign `latest`: When you list the images, the image above will have the tag `latest`. +You can apply multiple tags to an image. For example, you can apply the `latest` +tag to a newly built image and add another tag that references a specific +version. +For example, to tag an image both as `whenry/fedora-jboss:latest` and +`whenry/fedora-jboss:v2.1`, use the following: + + docker build -t whenry/fedora-jboss:latest -t whenry/fedora-jboss:v2.1 . + So renaming an image is arbitrary but consideration should be given to a useful convention that makes sense for consumers and should also take into account Docker community conventions. From 40a24fc976e8c82387c30a825edc7afb236188bb Mon Sep 17 00:00:00 2001 From: Denis Gladkikh Date: Thu, 27 Aug 2015 16:03:46 -0700 Subject: [PATCH 099/398] Add Splunk logging driver #16207 Allow to send Splunk logs using Http Event Collector Signed-off-by: Denis Gladkikh --- docker-create.1.md | 2 +- docker-run.1.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-create.1.md b/docker-create.1.md index ecea12c5f842..362000400503 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -174,7 +174,7 @@ millions of trillions. Add link to another container in the form of :alias or just in which case the alias will match the name. -**--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*none*" +**--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. **Warning**: the `docker logs` command works only for the `json-file` and `journald` logging drivers. diff --git a/docker-run.1.md b/docker-run.1.md index cb00f971e54d..f40df07442c3 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -277,7 +277,7 @@ which interface and port to use. **--lxc-conf**=[] (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" -**--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*none*" +**--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. **Warning**: the `docker logs` command works only for the `json-file` and `journald` logging drivers. From 4e37cff952f8fc5d086e02ad100ca7fb0b66f3ba Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Sun, 18 Oct 2015 16:47:32 -0700 Subject: [PATCH 100/398] Updating network commands: adding man pages Adding Related information blocks Final first draft pass: ready for review Review comments Entering comments from the gang Updating connect to include paused Signed-off-by: Mary Anthony --- docker-network-connect.1.md | 55 ++++++++++++ docker-network-create.1.md | 149 +++++++++++++++++++++++++++++++++ docker-network-disconnect.1.md | 32 +++++++ docker-network-inspect.1.md | 58 +++++++++++++ docker-network-ls.1.md | 51 +++++++++++ docker-network-rm.1.md | 29 +++++++ 6 files changed, 374 insertions(+) create mode 100644 docker-network-connect.1.md create mode 100644 docker-network-create.1.md create mode 100644 docker-network-disconnect.1.md create mode 100644 docker-network-inspect.1.md create mode 100644 docker-network-ls.1.md create mode 100644 docker-network-rm.1.md diff --git a/docker-network-connect.1.md b/docker-network-connect.1.md new file mode 100644 index 000000000000..7dc23eb313b6 --- /dev/null +++ b/docker-network-connect.1.md @@ -0,0 +1,55 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% OCT 2015 +# NAME +docker-network-connect - connect a container to a network + +# SYNOPSIS +**docker network connect NAME CONTAINER** + +[**--help**] + +# DESCRIPTION + +Connects a running container to a network. You can connect a container by name +or by ID. Once connected, the container can communicate with other containers in +the same network. + +```bash +$ docker network connect multi-host-network container1 +``` + +You can also use the `docker run --net=` option to start a container and immediately connect it to a network. + +```bash +$ docker run -itd --net=multi-host-network busybox +``` + +You can pause, restart, and stop containers that are connected to a network. +Paused containers remain connected and a revealed by a `network inspect`. When +the container is stopped, it does not appear on the network until you restart +it. The container's IP address is not guaranteed to remain the same when a +stopped container rejoins the network. + +To verify the container is connected, use the `docker network inspect` command. Use `docker network disconnect` to remove a container from the network. + +Once connected in network, containers can communicate using only another +container's IP address or name. For `overlay` networks or custom plugins that +support multi-host connectivity, containers connected to the same multi-host +network but launched from different Engines can also communicate in this way. + +You can connect a container to one or more networks. The networks need not be the same type. For example, you can connect a single container bridge and overlay networks. + + +# OPTIONS +**NAME** + Specify network driver name + +**CONTAINER** + Specify container name + +**--help** + Print usage statement + +# HISTORY +OCT 2015, created by Mary Anthony diff --git a/docker-network-create.1.md b/docker-network-create.1.md new file mode 100644 index 000000000000..308f2d6bfcd3 --- /dev/null +++ b/docker-network-create.1.md @@ -0,0 +1,149 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% OCT 2015 +# NAME +docker-network-create - create a new network + +# SYNOPSIS +**docker network create** + +**--aux-address=map[]** +**-d** | **--driver=DRIVER** +**--gateway=[]** +**--help=false** +**--ip-range=[]** +**--ipam-driver=default** +**-o** | **--opt=map[]** +**--subnet=[]** + +# DESCRIPTION + +Creates a new network. The `DRIVER` accepts `bridge` or `overlay` which are the +built-in network drivers. If you have installed a third party or your own custom +network driver you can specify that `DRIVER` here also. If you don't specify the +`--driver` option, the command automatically creates a `bridge` network for you. +When you install Docker Engine it creates a `bridge` network automatically. This +network corresponds to the `docker0` bridge that Engine has traditionally relied +on. When launch a new container with `docker run` it automatically connects to +this bridge network. You cannot remove this default bridge network but you can +create new ones using the `network create` command. + +```bash +$ docker network create -d bridge my-bridge-network +``` + +Bridge networks are isolated networks on a single Engine installation. If you +want to create a network that spans multiple Docker hosts each running an +Engine, you must create an `overlay` network. Unlike `bridge` networks overlay +networks require some pre-existing conditions before you can create one. These +conditions are: + +* Access to a key-value store. Engine supports Consul, Etcd, and Zookeeper (Distributed store) key-value stores. +* A cluster of hosts with connectivity to the key-value store. +* A properly configured Engine `daemon` on each host in the cluster. + +The `docker daemon` options that support the `overlay` network are: + +* `--cluster-store` +* `--cluster-store-opt` +* `--cluster-advertise` + +To read more about these options and how to configure them, see ["*Get started +with multi-host +network*"](https://www.docker.com/engine/userguide/networking/get-started-overlay.md). + +It is also a good idea, though not required, that you install Docker Swarm on to +manage the cluster that makes up your network. Swarm provides sophisticated +discovery and server management that can assist your implementation. + +Once you have prepared the `overlay` network prerequisites you simply choose a +Docker host in the cluster and issue the following to create the network: + +```bash +$ docker network create -d overlay my-multihost-network +``` + +Network names must be unique. The Docker daemon attempts to identify naming +conflicts but this is not guaranteed. It is the user's responsibility to avoid +name conflicts. + +## Connect containers + +When you start a container use the `--net` flag to connect it to a network. +This adds the `busybox` container to the `mynet` network. + +```bash +$ docker run -itd --net=mynet busybox +``` + +If you want to add a container to a network after the container is already +running use the `docker network connect` subcommand. + +You can connect multiple containers to the same network. Once connected, the +containers can communicate using only another container's IP address or name. +For `overlay` networks or custom plugins that support multi-host connectivity, +containers connected to the same multi-host network but launched from different +Engines can also communicate in this way. + +You can disconnect a container from a network using the `docker network +disconnect` command. + +## Specifying advanced options + +When you create a network, Engine creates a non-overlapping subnetwork for the +network by default. This subnetwork is not a subdivision of an existing network. +It is purely for ip-addressing purposes. You can override this default and +specify subnetwork values directly using the the `--subnet` option. On a +`bridge` network you can only create a single subnet: + +```bash +docker network create -d --subnet=192.168.0.0/16 +``` +Additionally, you also specify the `--gateway` `--ip-range` and `--aux-address` options. + +```bash +network create --driver=bridge --subnet=172.28.0.0/16 --ip-range=172.28.5.0/24 --gateway=172.28.5.254 br0 +``` + +If you omit the `--gateway` flag the Engine selects one for you from inside a +preferred pool. For `overlay` networks and for network driver plugins that +support it you can create multiple subnetworks. + +```bash +docker network create -d overlay + --subnet=192.168.0.0/16 --subnet=192.170.0.0/16 + --gateway=192.168.0.100 --gateway=192.170.0.100 + --ip-range=192.168.1.0/24 + --aux-address a=192.168.1.5 --aux-address b=192.168.1.6 + --aux-address a=192.170.1.5 --aux-address b=192.170.1.6 + my-multihost-newtork +``` +Be sure that your subnetworks do not overlap. If they do, the network create fails and Engine returns an error. + +# OPTIONS +**--aux-address=map[]** + Auxiliary ipv4 or ipv6 addresses used by network driver + +**-d** | **--driver=DRIVER** + Driver to manage the Network bridge or overlay. The default is bridge. + +**--gateway=[] ** + ipv4 or ipv6 Gateway for the master subnet + +**--help=false ** + Print usage + +**--ip-range=[] ** + Allocate container ip from a sub-range + +**--ipam-driver=default ** + IP Address Management Driver + +**-o | --opt=map[]** + Set custom network plugin options + +**--subnet=[]** + Subnet in CIDR format that represents a network segment + +# HISTORY +OCT 2015, created by Mary Anthony diff --git a/docker-network-disconnect.1.md b/docker-network-disconnect.1.md new file mode 100644 index 000000000000..6cbc441195fa --- /dev/null +++ b/docker-network-disconnect.1.md @@ -0,0 +1,32 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% OCT 2015 +# NAME +docker-network-disconnect - disconnect a container from a network + +# SYNOPSIS +**docker network disconnect NETWORK CONTAINER** + +[**--help**] + +# DESCRIPTION + +Disconnects a container from a network. The container must be running to disconnect it from the network. + +```bash + $ docker network disconnect multi-host-network container1 +``` + + +# OPTIONS +**NETWORK** + Specify network name + +**CONTAINER** + Specify container name + +**--help** + Print usage statement + +# HISTORY +OCT 2015, created by Mary Anthony diff --git a/docker-network-inspect.1.md b/docker-network-inspect.1.md new file mode 100644 index 000000000000..3b128223c6f2 --- /dev/null +++ b/docker-network-inspect.1.md @@ -0,0 +1,58 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% OCT 2015 +# NAME +docker-network-inspect - inspect a network + +# SYNOPSIS +**docker network inspect NETWORK [NETWORK...]** + +[**--help**] + +# DESCRIPTION + +Returns information about one or more networks. By default, this command renders all results in a JSON object. For example, if you connect two containers to a network: + +```bash +$ sudo docker run -itd --name=container1 busybox +f2870c98fd504370fb86e59f32cd0753b1ac9b69b7d80566ffc7192a82b3ed27 + +$ sudo docker run -itd --name=container2 busybox +bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727 +``` + +The `network inspect` command shows the containers, by id, in its results. + +```bash +$ sudo docker network inspect bridge +[ + { + "name": "bridge", + "id": "7fca4eb8c647e57e9d46c32714271e0c3f8bf8d17d346629e2820547b2d90039", + "driver": "bridge", + "containers": { + "bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727": { + "endpoint": "e0ac95934f803d7e36384a2029b8d1eeb56cb88727aa2e8b7edfeebaa6dfd758", + "mac_address": "02:42:ac:11:00:03", + "ipv4_address": "172.17.0.3/16", + "ipv6_address": "" + }, + "f2870c98fd504370fb86e59f32cd0753b1ac9b69b7d80566ffc7192a82b3ed27": { + "endpoint": "31de280881d2a774345bbfb1594159ade4ae4024ebfb1320cb74a30225f6a8ae", + "mac_address": "02:42:ac:11:00:02", + "ipv4_address": "172.17.0.2/16", + "ipv6_address": "" + } + } + } +] +``` + + +# OPTIONS + +**--help** + Print usage statement + +# HISTORY +OCT 2015, created by Mary Anthony diff --git a/docker-network-ls.1.md b/docker-network-ls.1.md new file mode 100644 index 000000000000..5dd2ad480426 --- /dev/null +++ b/docker-network-ls.1.md @@ -0,0 +1,51 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% OCT 2015 +# NAME +docker-network-ls - list networks + +# SYNOPSIS +**docker network ls** + +[**--no-trunc**] +[**-q** | **--quiet**] +[**--help**] + +# DESCRIPTION + +Lists all the networks the Engine `daemon` knows about. This includes the +networks that span across multiple hosts in a cluster, for example: + +```bash + $ sudo docker network ls + NETWORK ID NAME DRIVER + 7fca4eb8c647 bridge bridge + 9f904ee27bf5 none null + cf03ee007fb4 host host + 78b03ee04fc4 multi-host overlay +``` + +Use the `--no-trunc` option to display the full network id: + +```bash +docker network ls --no-trunc +NETWORK ID NAME DRIVER +18a2866682b85619a026c81b98a5e375bd33e1b0936a26cc497c283d27bae9b3 none null +c288470c46f6c8949c5f7e5099b5b7947b07eabe8d9a27d79a9cbf111adcbf47 host host +7b369448dccbf865d397c8d2be0cda7cf7edc6b0945f77d2529912ae917a0185 bridge bridge +95e74588f40db048e86320c6526440c504650a1ff3e9f7d60a497c4d2163e5bd foo bridge +``` + +# OPTIONS + +[**--no-trunc**] + Do not truncate the output + +[**-q** | **--quiet**] + Only display numeric IDs + +**--help** + Print usage statement + +# HISTORY +OCT 2015, created by Mary Anthony diff --git a/docker-network-rm.1.md b/docker-network-rm.1.md new file mode 100644 index 000000000000..d5c4515f6717 --- /dev/null +++ b/docker-network-rm.1.md @@ -0,0 +1,29 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% OCT 2015 +# NAME +docker-network-rm - remove a new network + +# SYNOPSIS +**docker network rm NETWORK** + +[**--help**] + +# DESCRIPTION + +Removes a network by name or identifier. To remove a network, you must first disconnect any containers connected to it. + +``` + $ docker network rm my-network +``` + + +# OPTIONS +**NETWORK** + Specify network name + +**--help** + Print usage statement + +# HISTORY +OCT 2015, created by Mary Anthony From 544518ddce0fe620e71fd1c53d04b144f57bc56b Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Wed, 30 Sep 2015 13:11:36 -0700 Subject: [PATCH 101/398] First pass at consolidating Removing old networking.md Updating dockernetworks.md with images Adding information on network plugins Adding blurb about links to docker networking Updating the working documentation Adding Overlay Getting Started Downplaying links by removing refs/examples, adding refs/examples for network. Updating getting started to reflect networks not links Pulling out old network material Updating per discussion with Madhu to add Default docs section Updating with bridge default Fix bad merge Updating with new cluster-advertise behavior Update working and NetworkSettings examples Correcting example for default bridge discovery behavior Entering comments Fixing broken Markdown Syntax Updating with comments Updating all the links Signed-off-by: Mary Anthony --- docker-attach.1.md | 2 +- docker-daemon.8.md | 5 +++-- docker-inspect.1.md | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/docker-attach.1.md b/docker-attach.1.md index 658228cddbd5..96fb3756a34d 100644 --- a/docker-attach.1.md +++ b/docker-attach.1.md @@ -16,7 +16,7 @@ The **docker attach** command allows you to attach to a running container using the container's ID or name, either to view its ongoing output or to control it interactively. You can attach to the same contained process multiple times simultaneously, screen sharing style, or quickly view the progress of your -daemonized process. +detached process. You can detach from the container (and leave it running) with `CTRL-p CTRL-q` (for a quiet exit) or `CTRL-c` which will send a `SIGKILL` to the container. diff --git a/docker-daemon.8.md b/docker-daemon.8.md index accc3b1dbb2c..b85a9a76fa61 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -81,8 +81,9 @@ format. URL of the distributed storage backend **--cluster-advertise**="" - Specifies the 'host:port' combination that this particular daemon instance should use when advertising - itself to the cluster. The daemon is reached by remote hosts on this 'host:port' combination. + Specifies the 'host:port' or `interface:port` combination that this particular + daemon instance should use when advertising itself to the cluster. The daemon + is reached through this value. **--cluster-store-opt**="" Specifies options for the Key/Value store. diff --git a/docker-inspect.1.md b/docker-inspect.1.md index 82a7907d2206..34dd04a93ad1 100644 --- a/docker-inspect.1.md +++ b/docker-inspect.1.md @@ -194,7 +194,7 @@ To get information on a container use its ID or instance name: To get the IP address of a container use: - $ docker inspect --format='{{.NetworkSettings.IPAddress}}' d2cc496561d6 + $ docker inspect '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' d2cc496561d6 172.17.0.2 ## Listing all port bindings From 5cfbf8802fbda461b478d4cc62e213a5d0345872 Mon Sep 17 00:00:00 2001 From: Madhu Venugopal Date: Tue, 3 Nov 2015 06:15:56 -0800 Subject: [PATCH 102/398] Updating networking docs with technical information - the /etc/hosts read caveat due to dynamic update - information about docker_gwbridge - Carries and closes #17654 - Updating with last change by Madhu - Updating with the IPAM api 1.22 Signed-off-by: Mary Anthony --- docker-run.1.md | 47 ++++++++++++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 19 deletions(-) diff --git a/docker-run.1.md b/docker-run.1.md index f40df07442c3..e556ecfbd6a3 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -355,9 +355,9 @@ ports and the exposed ports, use `docker port`. Publish a container's port, or range of ports, to the host. Format: `ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort` -Both hostPort and containerPort can be specified as a range of ports. +Both hostPort and containerPort can be specified as a range of ports. When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. -(e.g., `docker run -p 1234-1236:1222-1224 --name thisWorks -t busybox` +(e.g., `docker run -p 1234-1236:1222-1224 --name thisWorks -t busybox` but not `docker run -p 1230-1236:1230-1240 --name RangeContainerPortsBiggerThanRangeHostPorts -t busybox`) With ip: `docker run -p 127.0.0.1:$HOSTPORT:$CONTAINERPORT --name CONTAINER -t someimage` Use `docker port` to see the actual mapping: `docker port CONTAINER $CONTAINERPORT` @@ -437,17 +437,17 @@ standard input. ""--ulimit""=[] Ulimit options -**-v**, **--volume**=[] Create a bind mount +**-v**, **--volume**=[] Create a bind mount (format: `[host-dir:]container-dir[:]`, where suffix options are comma delimited and selected from [rw|ro] and [z|Z].) - + (e.g., using -v /host-dir:/container-dir, bind mounts /host-dir in the host to /container-dir in the Docker container) - + If 'host-dir' is missing, then docker automatically creates the new volume on the host. **This auto-creation of the host path has been deprecated in Release: v1.9.** - + The **-v** option can be used one or more times to add one or more mounts to a container. These mounts can then be used in other containers using the **--volumes-from** option. @@ -469,31 +469,31 @@ content label. Shared volume labels allow all containers to read/write content. The `Z` option tells Docker to label the content with a private unshared label. Only the current container can use a private volume. -The `container-dir` must always be an absolute path such as `/src/docs`. -The `host-dir` can either be an absolute path or a `name` value. If you -supply an absolute path for the `host-dir`, Docker bind-mounts to the path +The `container-dir` must always be an absolute path such as `/src/docs`. +The `host-dir` can either be an absolute path or a `name` value. If you +supply an absolute path for the `host-dir`, Docker bind-mounts to the path you specify. If you supply a `name`, Docker creates a named volume by that `name`. -A `name` value must start with start with an alphanumeric character, -followed by `a-z0-9`, `_` (underscore), `.` (period) or `-` (hyphen). +A `name` value must start with start with an alphanumeric character, +followed by `a-z0-9`, `_` (underscore), `.` (period) or `-` (hyphen). An absolute path starts with a `/` (forward slash). -For example, you can specify either `/foo` or `foo` for a `host-dir` value. -If you supply the `/foo` value, Docker creates a bind-mount. If you supply +For example, you can specify either `/foo` or `foo` for a `host-dir` value. +If you supply the `/foo` value, Docker creates a bind-mount. If you supply the `foo` specification, Docker creates a named volume. **--volumes-from**=[] Mount volumes from the specified container(s) Mounts already mounted volumes from a source container onto another - container. You must supply the source's container-id. To share + container. You must supply the source's container-id. To share a volume, use the **--volumes-from** option when running - the target container. You can share volumes even if the source container + the target container. You can share volumes even if the source container is not running. - By default, Docker mounts the volumes in the same mode (read-write or - read-only) as it is mounted in the source container. Optionally, you - can change this by suffixing the container-id with either the `:ro` or + By default, Docker mounts the volumes in the same mode (read-write or + read-only) as it is mounted in the source container. Optionally, you + can change this by suffixing the container-id with either the `:ro` or `:rw ` keyword. If the location of the volume from the source container overlaps with @@ -558,7 +558,7 @@ Now run a regular container, and it correctly does NOT see the shared memory seg ``` $ docker run -it shm ipcs -m - ------ Shared Memory Segments -------- + ------ Shared Memory Segments -------- key shmid owner perms bytes nattch status ``` @@ -637,6 +637,15 @@ Running the **env** command in the linker container shows environment variables When linking two containers Docker will use the exposed ports of the container to create a secure tunnel for the parent to access. +If a container is connected to the default bridge network and `linked` +with other containers, then the container's `/etc/hosts` file is updated +with the linked container's name. + +> **Note** Since Docker may live update the container’s `/etc/hosts` file, there +may be situations when processes inside the container can end up reading an +empty or incomplete `/etc/hosts` file. In most cases, retrying the read again +should fix the problem. + ## Mapping Ports for External Usage From 7d6a5b164290fcaee8a98cf223b1b34c28f14c63 Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Wed, 29 Jul 2015 08:21:16 -0400 Subject: [PATCH 103/398] Change 'docker run' exit codes to distinguish docker/contained errors The purpose of this PR is for users to distinguish Docker errors from contained command errors. This PR modifies 'docker run' exit codes to follow the chroot standard for exit codes. Exit status: 125 if 'docker run' itself fails 126 if contained command cannot be invoked 127 if contained command cannot be found the exit status otherwise Signed-off-by: Sally O'Malley --- docker-run.1.md | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/docker-run.1.md b/docker-run.1.md index e556ecfbd6a3..1fdb1bc7d89d 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -508,6 +508,38 @@ running binaries within a container is the root directory (/). The developer can set a different default with the Dockerfile WORKDIR instruction. The operator can override the working directory by using the **-w** option. +# Exit Status + +The exit code from `docker run` gives information about why the container +failed to run or why it exited. When `docker run` exits with a non-zero code, +the exit codes follow the `chroot` standard, see below: + +**_125_** if the error is with Docker daemon **_itself_** + + $ docker run --foo busybox; echo $? + # flag provided but not defined: --foo + See 'docker run --help'. + 125 + +**_126_** if the **_contained command_** cannot be invoked + + $ docker run busybox /etc; echo $? + # exec: "/etc": permission denied + docker: Error response from daemon: Contained command could not be invoked + 126 + +**_127_** if the **_contained command_** cannot be found + + $ docker run busybox foo; echo $? + # exec: "foo": executable file not found in $PATH + docker: Error response from daemon: Contained command not found or does not exist + 127 + +**_Exit code_** of **_contained command_** otherwise + + $ docker run busybox /bin/sh -c 'exit 3' + # 3 + # EXAMPLES ## Exposing log messages from the container to the host's log @@ -732,3 +764,4 @@ April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. June 2014, updated by Sven Dowideit July 2014, updated by Sven Dowideit +November 2015, updated by Sally O'Malley From 66fa338a5c573961b3121c35ac70c8574ba1311b Mon Sep 17 00:00:00 2001 From: Zhang Wei Date: Thu, 5 Nov 2015 14:17:37 +0800 Subject: [PATCH 104/398] Fix docs typo and wrong word Signed-off-by: Zhang Wei --- docker-cp.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-cp.1.md b/docker-cp.1.md index 7b56957579c6..70ee7f466de6 100644 --- a/docker-cp.1.md +++ b/docker-cp.1.md @@ -121,7 +121,7 @@ name if one exists. For example, this command: If `/test` does not exist on the local machine, it will be created as a file with the contents of `/tmp/foo/myfile.txt` from the container. If `/test` -exists as a file, it will be overwritten. Lastly, if `/tmp` exists as a +exists as a file, it will be overwritten. Lastly, if `/test` exists as a directory, the file will be copied to `/test/myfile.txt`. Next, suppose you want to copy a file or folder into a container. For example, From 5d534532944c4d2541679eb8ccc29c16a3298419 Mon Sep 17 00:00:00 2001 From: David Calavera Date: Wed, 4 Nov 2015 14:39:12 -0500 Subject: [PATCH 105/398] Remove LXC support. The LXC driver was deprecated in Docker 1.8. Following the deprecation rules, we can remove a deprecated feature after two major releases. LXC won't be supported anymore starting on Docker 1.10. Signed-off-by: David Calavera --- docker-create.1.md | 4 ---- docker-inspect.1.md | 1 - docker-run.1.md | 4 ---- 3 files changed, 9 deletions(-) diff --git a/docker-create.1.md b/docker-create.1.md index 362000400503..5317f1807361 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -37,7 +37,6 @@ docker-create - Create a new container [**--link**[=*[]*]] [**--log-driver**[=*[]*]] [**--log-opt**[=*[]*]] -[**--lxc-conf**[=*[]*]] [**-m**|**--memory**[=*MEMORY*]] [**--mac-address**[=*MAC-ADDRESS*]] [**--memory-reservation**[=*MEMORY-RESERVATION*]] @@ -182,9 +181,6 @@ millions of trillions. **--log-opt**=[] Logging driver specific options. -**--lxc-conf**=[] - (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" - **-m**, **--memory**="" Memory limit (format: [], where unit = b, k, m or g) diff --git a/docker-inspect.1.md b/docker-inspect.1.md index 34dd04a93ad1..b738f439524b 100644 --- a/docker-inspect.1.md +++ b/docker-inspect.1.md @@ -111,7 +111,6 @@ To get information on a container use its ID or instance name: "HostConfig": { "Binds": null, "ContainerIDFile": "", - "LxcConf": [], "Memory": 0, "MemorySwap": 0, "CpuShares": 0, diff --git a/docker-run.1.md b/docker-run.1.md index 1fdb1bc7d89d..6b2b6d704fab 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -38,7 +38,6 @@ docker-run - Run a command in a new container [**--link**[=*[]*]] [**--log-driver**[=*[]*]] [**--log-opt**[=*[]*]] -[**--lxc-conf**[=*[]*]] [**-m**|**--memory**[=*MEMORY*]] [**--mac-address**[=*MAC-ADDRESS*]] [**--memory-reservation**[=*MEMORY-RESERVATION*]] @@ -274,9 +273,6 @@ container can access the exposed port via a private networking interface. Docker will set some environment variables in the client container to help indicate which interface and port to use. -**--lxc-conf**=[] - (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" - **--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. **Warning**: the `docker logs` command works only for the `json-file` and From e9111e97acd59cc14f77e544336431bd6f54406b Mon Sep 17 00:00:00 2001 From: David Calavera Date: Wed, 4 Nov 2015 19:40:58 -0500 Subject: [PATCH 106/398] Remove exec-driver global daemon option. Each platform has only a driver now. Signed-off-by: David Calavera --- docker-daemon.8.md | 4 ---- docker.1.md | 4 ++-- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/docker-daemon.8.md b/docker-daemon.8.md index b85a9a76fa61..c16d4d352a52 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -20,7 +20,6 @@ docker-daemon - Enable daemon mode [**--dns**[=*[]*]] [**--dns-opt**[=*[]*]] [**--dns-search**[=*[]*]] -[**-e**|**--exec-driver**[=*native*]] [**--exec-opt**[=*[]*]] [**--exec-root**[=*/var/run/docker*]] [**--fixed-cidr**[=*FIXED-CIDR*]] @@ -112,9 +111,6 @@ format. **--dns-search**=[] DNS search domains to use. -**-e**, **--exec-driver**="" - Force Docker to use specific exec driver. Default is `native`. - **--exec-opt**=[] Set exec driver options. See EXEC DRIVER OPTIONS. diff --git a/docker.1.md b/docker.1.md index 18df3b5cf297..eaed589df754 100644 --- a/docker.1.md +++ b/docker.1.md @@ -225,8 +225,8 @@ inside it) # EXEC DRIVER OPTIONS -Use the **--exec-opt** flags to specify options to the exec-driver. The only -driver that accepts this flag is the *native* (libcontainer) driver. As a +Use the **--exec-opt** flags to specify options to the execution driver. The only +runtime that accepts any options is Linux. As a result, you must also specify **-s=**native for this option to have effect. The following is the only *native* option: From fac127dccc1a78b3cd350db4ba020e058fdd49b8 Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Sat, 3 Oct 2015 14:53:25 +0200 Subject: [PATCH 107/398] Allow docker stats without arguments This patch adds the ability to run `docker stats` w/o arguments and get statistics for all running containers by default. Also add a new `--all` flag to list statistics for all containers (like `docker ps`). New running containers are added to the list as they show up also. Add integration tests for this new behavior. Docs updated accordingly. Fix missing stuff in man/commandline reference for `docker stats`. Signed-off-by: Antonio Murdaca --- docker-stats.1.md | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/docker-stats.1.md b/docker-stats.1.md index 6bfa59e40fd3..67399bb6c2d1 100644 --- a/docker-stats.1.md +++ b/docker-stats.1.md @@ -6,15 +6,19 @@ docker-stats - Display a live stream of one or more containers' resource usage s # SYNOPSIS **docker stats** +[**-a**|**--all**[=*false*]] [**--help**] [**--no-stream**[=*false*]] -CONTAINER [CONTAINER...] +[CONTAINER...] # DESCRIPTION Display a live stream of one or more containers' resource usage statistics # OPTIONS +**-a**, **--all**=*true*|*false* + Show all containers. Only running containers are shown by default. The default is *false*. + **--help** Print usage statement @@ -23,9 +27,17 @@ Display a live stream of one or more containers' resource usage statistics # EXAMPLES -Run **docker stats** with multiple containers. +Running `docker stats` on all running containers - $ docker stats redis1 redis2 + $ docker stats CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O redis1 0.07% 796 KB / 64 MB 1.21% 788 B / 648 B 3.568 MB / 512 KB redis2 0.07% 2.746 MB / 64 MB 4.29% 1.266 KB / 648 B 12.4 MB / 0 B + nginx1 0.03% 4.583 MB / 64 MB 6.30% 2.854 KB / 648 B 27.7 MB / 0 B + +Running `docker stats` on multiple containers by name and id. + + $ docker stats fervent_panini 5acfcb1b4fd1 + CONTAINER CPU % MEM USAGE/LIMIT MEM % NET I/O + 5acfcb1b4fd1 0.00% 115.2 MB/1.045 GB 11.03% 1.422 kB/648 B + fervent_panini 0.02% 11.08 MB/1.045 GB 1.06% 648 B/648 B From 309ae8fb4543ff2e8e68ec91365a798ed29c172a Mon Sep 17 00:00:00 2001 From: Zhang Wei Date: Tue, 10 Nov 2015 09:33:55 +0800 Subject: [PATCH 108/398] Fix man pages Add contents and fix format problem for man pages. Signed-off-by: Zhang Wei --- docker-cp.1.md | 3 +++ docker-create.1.md | 20 +++++++++---------- docker-daemon.8.md | 14 ++++++------- docker-inspect.1.md | 4 ++-- docker-kill.1.md | 2 +- docker-logs.1.md | 2 +- docker-network-connect.1.md | 8 ++++---- docker-network-create.1.md | 36 +++++++++++++++++----------------- docker-network-disconnect.1.md | 4 ++-- docker-network-inspect.1.md | 4 ++-- docker-network-ls.1.md | 9 ++++----- docker-network-rm.1.md | 5 ++--- docker-ps.1.md | 4 ++-- docker-restart.1.md | 2 +- docker-run.1.md | 22 ++++++++++----------- docker-search.1.md | 2 +- docker-stats.1.md | 4 ++-- docker-stop.1.md | 2 +- docker-volume-create.1.md | 2 +- docker-volume-ls.1.md | 2 +- docker.1.md | 14 ++++++------- 21 files changed, 83 insertions(+), 82 deletions(-) diff --git a/docker-cp.1.md b/docker-cp.1.md index 70ee7f466de6..667fc543b1e0 100644 --- a/docker-cp.1.md +++ b/docker-cp.1.md @@ -8,6 +8,9 @@ docker-cp - Copy files/folders between a container and the local filesystem. **docker cp** [**--help**] CONTAINER:PATH LOCALPATH|- + +**docker cp** +[**--help**] LOCALPATH|- CONTAINER:PATH # DESCRIPTION diff --git a/docker-create.1.md b/docker-create.1.md index 5317f1807361..939baf91ae60 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -79,10 +79,10 @@ The initial status of the container created with **docker create** is 'created'. **--add-host**=[] Add a custom host-to-IP mapping (host:ip) -**--blkio-weight**=0 +**--blkio-weight**=*0* Block IO weight (relative weight) accepts a weight value between 10 and 1000. -**--cpu-shares**=0 +**--cpu-shares**=*0* CPU shares (relative weight) **--cap-add**=[] @@ -97,7 +97,7 @@ The initial status of the container created with **docker create** is 'created'. **--cidfile**="" Write the container ID to the file -**--cpu-period**=0 +**--cpu-period**=*0* Limit the CPU CFS (Completely Fair Scheduler) period **--cpuset-cpus**="" @@ -110,7 +110,7 @@ The initial status of the container created with **docker create** is 'created'. then processes in your Docker container will only use memory from the first two memory nodes. -**--cpu-quota**=0 +**--cpu-quota**=*0* Limit the CPU CFS (Completely Fair Scheduler) quota **--device**=[] @@ -173,7 +173,7 @@ millions of trillions. Add link to another container in the form of :alias or just in which case the alias will match the name. -**--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*none*" +**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. **Warning**: the `docker logs` command works only for the `json-file` and `journald` logging drivers. @@ -214,7 +214,7 @@ This value should always larger than **-m**, so you should always use this with **--name**="" Assign a name to the container -**--net**="bridge" +**--net**="*bridge*" Set the Network mode for the container 'bridge': creates a new network stack for the container on the docker bridge 'none': no networking for this container @@ -234,7 +234,7 @@ This value should always larger than **-m**, so you should always use this with When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`) (use 'docker port' to see the actual mapping) -**--pid**=host +**--pid**=*host* Set the PID mode for the container **host**: use the host's PID namespace inside the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure. @@ -245,13 +245,13 @@ This value should always larger than **-m**, so you should always use this with **--read-only**=*true*|*false* Mount the container's root filesystem as read only. -**--restart**="no" +**--restart**="*no*" Restart policy to apply when a container exits (no, on-failure[:max-retry], always, unless-stopped). **--security-opt**=[] Security Options -**--stop-signal**=SIGTERM +**--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. **-t**, **--tty**=*true*|*false* @@ -263,7 +263,7 @@ This value should always larger than **-m**, so you should always use this with **--ulimit**=[] Ulimit options -**--uts**=host +**--uts**=*host* Set the UTS mode for the container **host**: use the host's UTS namespace inside the container. Note: the host mode gives the container access to changing the host's hostname and is therefore considered insecure. diff --git a/docker-daemon.8.md b/docker-daemon.8.md index c16d4d352a52..31e20c7c67d4 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -130,7 +130,7 @@ format. **-g**, **--graph**="" Path to use as the root of the Docker runtime. Default is `/var/lib/docker`. -**-H**, **--host**=[unix:///var/run/docker.sock]: tcp://[host:port] to bind or +**-H**, **--host**=[*unix:///var/run/docker.sock*]: tcp://[host:port] to bind or unix://[/path/to/socket] to use. The socket(s) to bind to in daemon mode specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. @@ -165,7 +165,7 @@ unix://[/path/to/socket] to use. **--ipv6**=*true*|*false* Enable IPv6 support. Default is false. Docker will create an IPv6-enabled bridge with address fe80::1 which will allow you to create IPv6-enabled containers. Use together with `--fixed-cidr-v6` to provide globally routable IPv6 addresses. IPv6 forwarding will be enabled if not used with `--ip-forward=false`. This may collide with your host's current IPv6 settings. For more information please consult the documentation about "Advanced Networking - IPv6". -**-l**, **--log-level**="*debug*|*info*|*warn*|*error*|*fatal*"" +**-l**, **--log-level**="*debug*|*info*|*warn*|*error*|*fatal*" Set the logging level. Default is `info`. **--label**="[]" @@ -178,13 +178,13 @@ unix://[/path/to/socket] to use. **--log-opt**=[] Logging driver specific options. -**--mtu**=VALUE +**--mtu**=*0* Set the containers network mtu. Default is `0`. **-p**, **--pidfile**="" Path to use for daemon PID file. Default is `/var/run/docker.pid` -**--registry-mirror**=:// +**--registry-mirror**=*://* Prepend a registry mirror to be used for image pulls. May be specified multiple times. **-s**, **--storage-driver**="" @@ -199,13 +199,13 @@ unix://[/path/to/socket] to use. **--tls**=*true*|*false* Use TLS; implied by --tlsverify. Default is false. -**--tlscacert**=~/.docker/ca.pem +**--tlscacert**=*~/.docker/ca.pem* Trust certs signed only by this CA. -**--tlscert**=~/.docker/cert.pem +**--tlscert**=*~/.docker/cert.pem* Path to TLS certificate file. -**--tlskey**=~/.docker/key.pem +**--tlskey**=*~/.docker/key.pem* Path to TLS key file. **--tlsverify**=*true*|*false* diff --git a/docker-inspect.1.md b/docker-inspect.1.md index b738f439524b..097515245206 100644 --- a/docker-inspect.1.md +++ b/docker-inspect.1.md @@ -26,10 +26,10 @@ each result. **-f**, **--format**="" Format the output using the given Go template. -**-s**, **--size**=false +**-s**, **--size**=*false* Display total file sizes if the type is container. -**--type**=*container*|*image* +**--type**="*container*|*image*" Return JSON for specified type, permissible values are "image" or "container" # EXAMPLES diff --git a/docker-kill.1.md b/docker-kill.1.md index cfab3f8e4204..36cbdb90ea3f 100644 --- a/docker-kill.1.md +++ b/docker-kill.1.md @@ -19,7 +19,7 @@ The main process inside each container specified will be sent SIGKILL, **--help** Print usage statement -**-s**, **--signal**="KILL" +**-s**, **--signal**="*KILL*" Signal to send to the container # HISTORY diff --git a/docker-logs.1.md b/docker-logs.1.md index 2925c3500982..b0656f9c50e5 100644 --- a/docker-logs.1.md +++ b/docker-logs.1.md @@ -39,7 +39,7 @@ logging drivers. **-t**, **--timestamps**=*true*|*false* Show timestamps. The default is *false*. -**--tail**="all" +**--tail**="*all*" Output the specified number of lines at the end of logs (defaults to all logs) The `--since` option shows only the container logs generated after diff --git a/docker-network-connect.1.md b/docker-network-connect.1.md index 7dc23eb313b6..6a77bfef467b 100644 --- a/docker-network-connect.1.md +++ b/docker-network-connect.1.md @@ -5,9 +5,9 @@ docker-network-connect - connect a container to a network # SYNOPSIS -**docker network connect NAME CONTAINER** - +**docker network connect** [**--help**] +NETWORK CONTAINER # DESCRIPTION @@ -42,8 +42,8 @@ You can connect a container to one or more networks. The networks need not be th # OPTIONS -**NAME** - Specify network driver name +**NETWORK** + Specify network name **CONTAINER** Specify container name diff --git a/docker-network-create.1.md b/docker-network-create.1.md index 308f2d6bfcd3..acbe267208fe 100644 --- a/docker-network-create.1.md +++ b/docker-network-create.1.md @@ -6,15 +6,15 @@ docker-network-create - create a new network # SYNOPSIS **docker network create** - -**--aux-address=map[]** -**-d** | **--driver=DRIVER** -**--gateway=[]** -**--help=false** -**--ip-range=[]** -**--ipam-driver=default** -**-o** | **--opt=map[]** -**--subnet=[]** +[**--aux-address**=*map[]*] +[**-d**|**--driver**=*DRIVER*] +[**--gateway**=*[]*] +[**--help**] +[**--ip-range**=*[]*] +[**--ipam-driver**=*default*] +[**-o**|**--opt**=*map[]*] +[**--subnet**=*[]*] +NETWORK-NAME # DESCRIPTION @@ -97,7 +97,7 @@ specify subnetwork values directly using the the `--subnet` option. On a `bridge` network you can only create a single subnet: ```bash -docker network create -d --subnet=192.168.0.0/16 +docker network create -d bridge --subnet=192.168.0.0/16 br0 ``` Additionally, you also specify the `--gateway` `--ip-range` and `--aux-address` options. @@ -121,28 +121,28 @@ docker network create -d overlay Be sure that your subnetworks do not overlap. If they do, the network create fails and Engine returns an error. # OPTIONS -**--aux-address=map[]** +**--aux-address**=map[] Auxiliary ipv4 or ipv6 addresses used by network driver -**-d** | **--driver=DRIVER** +**-d**, **--driver**=*DRIVER* Driver to manage the Network bridge or overlay. The default is bridge. -**--gateway=[] ** +**--gateway**=[] ipv4 or ipv6 Gateway for the master subnet -**--help=false ** +**--help** Print usage -**--ip-range=[] ** +**--ip-range**=[] Allocate container ip from a sub-range -**--ipam-driver=default ** +**--ipam-driver**=*default* IP Address Management Driver -**-o | --opt=map[]** +**-o**, **--opt**=map[] Set custom network plugin options -**--subnet=[]** +**--subnet**=[] Subnet in CIDR format that represents a network segment # HISTORY diff --git a/docker-network-disconnect.1.md b/docker-network-disconnect.1.md index 6cbc441195fa..81b0387d85c7 100644 --- a/docker-network-disconnect.1.md +++ b/docker-network-disconnect.1.md @@ -5,9 +5,9 @@ docker-network-disconnect - disconnect a container from a network # SYNOPSIS -**docker network disconnect NETWORK CONTAINER** - +**docker network disconnect** [**--help**] +NETWORK CONTAINER # DESCRIPTION diff --git a/docker-network-inspect.1.md b/docker-network-inspect.1.md index 3b128223c6f2..0af6470101ad 100644 --- a/docker-network-inspect.1.md +++ b/docker-network-inspect.1.md @@ -5,9 +5,9 @@ docker-network-inspect - inspect a network # SYNOPSIS -**docker network inspect NETWORK [NETWORK...]** - +**docker network inspect** [**--help**] +NETWORK [NETWORK...] # DESCRIPTION diff --git a/docker-network-ls.1.md b/docker-network-ls.1.md index 5dd2ad480426..3d1a1fbe46b0 100644 --- a/docker-network-ls.1.md +++ b/docker-network-ls.1.md @@ -6,9 +6,8 @@ docker-network-ls - list networks # SYNOPSIS **docker network ls** - -[**--no-trunc**] -[**-q** | **--quiet**] +[**--no-trunc**[=*true*|*false*]] +[**-q**|**--quiet**[=*true*|*false*]] [**--help**] # DESCRIPTION @@ -38,10 +37,10 @@ c288470c46f6c8949c5f7e5099b5b7947b07eabe8d9a27d79a9cbf111adcbf47 host # OPTIONS -[**--no-trunc**] +**--no-trunc**=*true*|*false* Do not truncate the output -[**-q** | **--quiet**] +**-q**, **--quiet**=*true*|*false* Only display numeric IDs **--help** diff --git a/docker-network-rm.1.md b/docker-network-rm.1.md index d5c4515f6717..149503104a8e 100644 --- a/docker-network-rm.1.md +++ b/docker-network-rm.1.md @@ -5,9 +5,9 @@ docker-network-rm - remove a new network # SYNOPSIS -**docker network rm NETWORK** - +**docker network rm** [**--help**] +NETWORK # DESCRIPTION @@ -17,7 +17,6 @@ Removes a network by name or identifier. To remove a network, you must first dis $ docker network rm my-network ``` - # OPTIONS **NETWORK** Specify network name diff --git a/docker-ps.1.md b/docker-ps.1.md index 3f3e0a39082e..41f3caf88a39 100644 --- a/docker-ps.1.md +++ b/docker-ps.1.md @@ -40,7 +40,7 @@ the running containers. ancestor=([:tag]||) - filters containers that were created from the given image or a descendant. -**--format**=*"TEMPLATE"* +**--format**="*TEMPLATE*" Pretty-print containers using a Go template. Valid placeholders: .ID - Container ID @@ -60,7 +60,7 @@ the running containers. **-l**, **--latest**=*true*|*false* Show only the latest created container, include non-running ones. The default is *false*. -**-n**=-1 +**-n**=*-1* Show n last created containers, include non-running ones. **--no-trunc**=*true*|*false* diff --git a/docker-restart.1.md b/docker-restart.1.md index 9f60bc543433..e0ffb32db265 100644 --- a/docker-restart.1.md +++ b/docker-restart.1.md @@ -17,7 +17,7 @@ Restart each container listed. **--help** Print usage statement -**-t**, **--time**=10 +**-t**, **--time**=*10* Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default is 10 seconds. # HISTORY diff --git a/docker-run.1.md b/docker-run.1.md index 6b2b6d704fab..76d207a760e0 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -96,10 +96,10 @@ each of stdin, stdout, and stderr. Add a line to /etc/hosts. The format is hostname:ip. The **--add-host** option can be set multiple times. -**--blkio-weight**=0 +**--blkio-weight**=*0* Block IO weight (relative weight) accepts a weight value between 10 and 1000. -**--cpu-shares**=0 +**--cpu-shares**=*0* CPU shares (relative weight) By default, all containers get the same proportion of CPU cycles. This proportion @@ -147,7 +147,7 @@ division of CPU shares: **--cidfile**="" Write the container ID to the file -**--cpu-period**=0 +**--cpu-period**=*0* Limit the CPU CFS (Completely Fair Scheduler) period Limit the container's CPU usage. This flag tell the kernel to restrict the container's CPU usage to the period you specify. @@ -162,7 +162,7 @@ division of CPU shares: then processes in your Docker container will only use memory from the first two memory nodes. -**--cpu-quota**=0 +**--cpu-quota**=*0* Limit the CPU CFS (Completely Fair Scheduler) quota Limit the container's CPU usage. By default, containers run with the full @@ -273,7 +273,7 @@ container can access the exposed port via a private networking interface. Docker will set some environment variables in the client container to help indicate which interface and port to use. -**--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*none*" +**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. **Warning**: the `docker logs` command works only for the `json-file` and `journald` logging drivers. @@ -326,7 +326,7 @@ string name. The name is useful when defining links (see **--link**) (or any other place you need to identify a container). This works for both background and foreground Docker containers. -**--net**="bridge" +**--net**="*bridge*" Set the Network mode for the container 'bridge': creates a new network stack for the container on the docker bridge 'none': no networking for this container @@ -358,12 +358,12 @@ but not `docker run -p 1230-1236:1230-1240 --name RangeContainerPortsBiggerThanR With ip: `docker run -p 127.0.0.1:$HOSTPORT:$CONTAINERPORT --name CONTAINER -t someimage` Use `docker port` to see the actual mapping: `docker port CONTAINER $CONTAINERPORT` -**--pid**=host +**--pid**=*host* Set the PID mode for the container **host**: use the host's PID namespace inside the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure. -**--uts**=host +**--uts**=*host* Set the UTS mode for the container **host**: use the host's UTS namespace inside the container. Note: the host mode gives the container access to changing the host's hostname and is therefore considered insecure. @@ -388,7 +388,7 @@ outside of a container on the host. to write files anywhere. By specifying the `--read-only` flag the container will have its root filesystem mounted as read only prohibiting any writes. -**--restart**="no" +**--restart**="*no*" Restart policy to apply when a container exits (no, on-failure[:max-retry], always, unless-stopped). **--rm**=*true*|*false* @@ -403,7 +403,7 @@ its root filesystem mounted as read only prohibiting any writes. "label:level:LEVEL" : Set the label level for the container "label:disable" : Turn off label confinement for the container -**--stop-signal**=SIGTERM +**--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. **--sig-proxy**=*true*|*false* @@ -430,7 +430,7 @@ standard input. Without this argument the command will be run as root in the container. -""--ulimit""=[] +**--ulimit**=[] Ulimit options **-v**, **--volume**=[] Create a bind mount diff --git a/docker-search.1.md b/docker-search.1.md index a199f80db7fc..0b205f4bee02 100644 --- a/docker-search.1.md +++ b/docker-search.1.md @@ -30,7 +30,7 @@ of stars awarded, whether the image is official, and whether it is automated. **--no-trunc**=*true*|*false* Don't truncate output. The default is *false*. -**-s**, **--stars**=X +**-s**, **--stars**=*X* Only displays with at least X stars. The default is zero. # EXAMPLES diff --git a/docker-stats.1.md b/docker-stats.1.md index 67399bb6c2d1..543a88837818 100644 --- a/docker-stats.1.md +++ b/docker-stats.1.md @@ -22,8 +22,8 @@ Display a live stream of one or more containers' resource usage statistics **--help** Print usage statement -**--no-stream**="false" - Disable streaming stats and only pull the first result +**--no-stream**=*true*|*false* + Disable streaming stats and only pull the first result, default setting is false. # EXAMPLES diff --git a/docker-stop.1.md b/docker-stop.1.md index c4daffa3bb90..fa377c92c44d 100644 --- a/docker-stop.1.md +++ b/docker-stop.1.md @@ -18,7 +18,7 @@ Stop a container (Send SIGTERM, and then SIGKILL after **--help** Print usage statement -**-t**, **--time**=10 +**-t**, **--time**=*10* Number of seconds to wait for the container to stop before killing it. Default is 10 seconds. #See also diff --git a/docker-volume-create.1.md b/docker-volume-create.1.md index b0cb10cbee9f..24b39bc5a213 100644 --- a/docker-volume-create.1.md +++ b/docker-volume-create.1.md @@ -39,7 +39,7 @@ different volume drivers may do different things (or nothing at all). *Note*: The built-in `local` volume driver does not currently accept any options. # OPTIONS -**-d**, **--driver**="local" +**-d**, **--driver**="*local*" Specify volume driver name **--help** diff --git a/docker-volume-ls.1.md b/docker-volume-ls.1.md index dd79cae8a644..b115a039d5fe 100644 --- a/docker-volume-ls.1.md +++ b/docker-volume-ls.1.md @@ -23,7 +23,7 @@ There is a single supported filter `dangling=value` which takes a boolean of `tr **--help** Print usage statement -**-q**, **--quiet**=false +**-q**, **--quiet**=*true*|*false* Only display volume names # HISTORY diff --git a/docker.1.md b/docker.1.md index eaed589df754..fc7cd58a65f1 100644 --- a/docker.1.md +++ b/docker.1.md @@ -7,9 +7,9 @@ docker \- Docker image and container command line interface # SYNOPSIS **docker** [OPTIONS] COMMAND [arg...] -**docker** daemon [ --help | ... ] +**docker** daemon [--help|...] -**docker** [ --help | -v | --version ] +**docker** [--help|-v|--version] # DESCRIPTION **docker** has two distinct functions. It is used for starting the Docker @@ -36,26 +36,26 @@ To see the man page for a command run **man docker **. **-D**, **--debug**=*true*|*false* Enable debug mode. Default is false. -**-H**, **--host**=[unix:///var/run/docker.sock]: tcp://[host]:[port][path] to bind or +**-H**, **--host**=[*unix:///var/run/docker.sock*]: tcp://[host]:[port][path] to bind or unix://[/path/to/socket] to use. The socket(s) to bind to in daemon mode specified using one or more tcp://host:port/path, unix:///path/to/socket, fd://* or fd://socketfd. If the tcp port is not specified, then it will default to either `2375` when `--tls` is off, or `2376` when `--tls` is on, or `--tlsverify` is specified. -**-l**, **--log-level**="*debug*|*info*|*warn*|*error*|*fatal*"" +**-l**, **--log-level**="*debug*|*info*|*warn*|*error*|*fatal*" Set the logging level. Default is `info`. **--tls**=*true*|*false* Use TLS; implied by --tlsverify. Default is false. -**--tlscacert**=~/.docker/ca.pem +**--tlscacert**=*~/.docker/ca.pem* Trust certs signed only by this CA. -**--tlscert**=~/.docker/cert.pem +**--tlscert**=*~/.docker/cert.pem* Path to TLS certificate file. -**--tlskey**=~/.docker/key.pem +**--tlskey**=*~/.docker/key.pem* Path to TLS key file. **--tlsverify**=*true*|*false* From 49d5e6e5f0ab79ec32021bd4e75e4d233b0f5fa5 Mon Sep 17 00:00:00 2001 From: Ma Shimiao Date: Fri, 12 Jun 2015 08:34:20 +0800 Subject: [PATCH 109/398] Add support for blkio.weight_device Signed-off-by: Ma Shimiao --- docker-create.1.md | 4 ++++ docker-run.1.md | 11 +++++++++++ 2 files changed, 15 insertions(+) diff --git a/docker-create.1.md b/docker-create.1.md index 939baf91ae60..b91923407372 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -9,6 +9,7 @@ docker-create - Create a new container [**-a**|**--attach**[=*[]*]] [**--add-host**[=*[]*]] [**--blkio-weight**[=*[BLKIO-WEIGHT]*]] +[**--blkio-weight-device**[=*[]*]] [**--cpu-shares**[=*0*]] [**--cap-add**[=*[]*]] [**--cap-drop**[=*[]*]] @@ -82,6 +83,9 @@ The initial status of the container created with **docker create** is 'created'. **--blkio-weight**=*0* Block IO weight (relative weight) accepts a weight value between 10 and 1000. +**--blkio-weight-device**=[] + Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`). + **--cpu-shares**=*0* CPU shares (relative weight) diff --git a/docker-run.1.md b/docker-run.1.md index 76d207a760e0..72475b098aa4 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -9,6 +9,7 @@ docker-run - Run a command in a new container [**-a**|**--attach**[=*[]*]] [**--add-host**[=*[]*]] [**--blkio-weight**[=*[BLKIO-WEIGHT]*]] +[**--blkio-weight-device**[=*[]*]] [**--cpu-shares**[=*0*]] [**--cap-add**[=*[]*]] [**--cap-drop**[=*[]*]] @@ -99,6 +100,9 @@ option can be set multiple times. **--blkio-weight**=*0* Block IO weight (relative weight) accepts a weight value between 10 and 1000. +**--blkio-weight-device**=[] + Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`). + **--cpu-shares**=*0* CPU shares (relative weight) @@ -755,6 +759,13 @@ Note: You would have to write policy defining a `svirt_apache_t` type. +## Setting device weight + +If you want to set `/dev/sda` device weight to `200`, you can specify the device +weight by `--blkio-weight-device` flag. Use the following command: + + # docker run -it --blkio-weight-device "/dev/sda:200" ubuntu + # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. From ce92bcc9cf38325e4182c5bf0def8f30f2d8a86b Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Wed, 28 Oct 2015 09:19:51 -0400 Subject: [PATCH 110/398] Relabel BTRFS Content on container Creation This change will allow us to run SELinux in a container with BTRFS back end. We continue to work on fixing the kernel/BTRFS but this change will allow SELinux Security separation on BTRFS. It basically relabels the content on container creation. Just relabling -init directory in BTRFS use case. Everything looks like it works. I don't believe tar/achive stores the SELinux labels, so we are good as far as docker commit. Tested Speed on startup with BTRFS on top of loopback directory. BTRFS not on loopback should get even better perfomance on startup time. The more inodes inside of the container image will increase the relabel time. This patch will give people who care more about security the option of runnin BTRFS with SELinux. Those who don't want to take the slow down can disable SELinux either in individual containers or for all containers by continuing to disable SELinux in the daemon. Without relabel: > time docker run --security-opt label:disable fedora echo test test real 0m0.918s user 0m0.009s sys 0m0.026s With Relabel test real 0m1.942s user 0m0.007s sys 0m0.030s Signed-off-by: Dan Walsh Signed-off-by: Dan Walsh --- docker-daemon.8.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-daemon.8.md b/docker-daemon.8.md index 31e20c7c67d4..de16f6849e34 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -191,7 +191,7 @@ unix://[/path/to/socket] to use. Force the Docker runtime to use a specific storage driver. **--selinux-enabled**=*true*|*false* - Enable selinux support. Default is false. SELinux does not presently support the BTRFS storage driver. + Enable selinux support. Default is false. SELinux does not presently support the overlay storage driver. **--storage-opt**=[] Set storage driver options. See STORAGE DRIVER OPTIONS. From 98b51c4c5bf9fc66061c50e3e061529bb184ea39 Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Mon, 2 Nov 2015 17:20:38 -0500 Subject: [PATCH 111/398] docker-login man/doc add security info Signed-off-by: Sally O'Malley --- docker-login.1.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docker-login.1.md b/docker-login.1.md index b87e2c1591e3..c32a49b07528 100644 --- a/docker-login.1.md +++ b/docker-login.1.md @@ -18,10 +18,18 @@ Register or log in to a Docker Registry located on the specified do not specify a `SERVER`, the command uses Docker's public registry located at `https://registry-1.docker.io/` by default. To get a username/password for Docker's public registry, create an account on Docker Hub. +`docker login` requires user to use `sudo` or be `root`, except when: + +1. connecting to a remote daemon, such as a `docker-machine` provisioned `docker engine`. +2. user is added to the `docker` group. This will impact the security of your system; the `docker` group is `root` equivalent. See [Docker Daemon Attack Surface](https://docs.docker.com/articles/security/#docker-daemon-attack-surface) for details. + You can log into any public or private repository for which you have credentials. When you log in, the command stores encoded credentials in `$HOME/.docker/config.json` on Linux or `%USERPROFILE%/.docker/config.json` on Windows. +> **Note**: When running `sudo docker login` credentials are saved in `/root/.docker/config.json`. +> + # OPTIONS **-e**, **--email**="" Email @@ -49,3 +57,4 @@ April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. June 2014, updated by Sven Dowideit April 2015, updated by Mary Anthony for v2 +November 2015, updated by Sally O'Malley From 29bbbbf3c433479a32198200755ea8871df3d933 Mon Sep 17 00:00:00 2001 From: Mike Brown Date: Thu, 29 Oct 2015 12:51:36 -0500 Subject: [PATCH 112/398] modifying docker --since and --until to support nanoseconds and time zones Signed-off-by: Mike Brown --- docker-events.1.md | 22 ++++++++++++++++------ docker-logs.1.md | 18 +++++++++++++----- 2 files changed, 29 insertions(+), 11 deletions(-) diff --git a/docker-events.1.md b/docker-events.1.md index 87d921cdaaa7..bf0eda92ebbf 100644 --- a/docker-events.1.md +++ b/docker-events.1.md @@ -37,10 +37,19 @@ and Docker images will report: **--until**="" Stream events until this timestamp -You can specify `--since` and `--until` parameters as an RFC 3339 date, -a UNIX timestamp, or a Go duration string (e.g. `1m30s`, `3h`). Docker computes -the date relative to the client machine’s time. - +The `--since` and `--until` parameters can be Unix timestamps, date formated +timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed +relative to the client machine’s time. If you do not provide the --since option, +the command returns only new and/or live events. Supported formats for date +formated time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, +`2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local +timezone on the client will be used if you do not provide either a `Z` or a +`+-00:00` timezone offset at the end of the timestamp. When providing Unix +timestamps enter seconds[.nanoseconds], where seconds is the number of seconds +that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap +seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a +fraction of a second no more than nine digits long. + # EXAMPLES ## Listening for Docker events @@ -71,8 +80,8 @@ The following example outputs all events that were generated in the last 3 minut relative to the current time on the client machine: # docker events --since '3m' - 2015-05-12T11:51:30.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die - 2015-05-12T15:52:12.999999999Z07:00 4 4386fb97867d: (from ubuntu-1:14.04) stop + 2015-05-12T11:51:30.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die + 2015-05-12T15:52:12.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop 2015-05-12T15:53:45.999999999Z07:00 7805c1d35632: (from redis:2.8) die 2015-05-12T15:54:03.999999999Z07:00 7805c1d35632: (from redis:2.8) stop @@ -84,3 +93,4 @@ April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. June 2014, updated by Sven Dowideit June 2015, updated by Brian Goff +October 2015, updated by Mike Brown diff --git a/docker-logs.1.md b/docker-logs.1.md index b0656f9c50e5..7374e6cd489d 100644 --- a/docker-logs.1.md +++ b/docker-logs.1.md @@ -42,11 +42,18 @@ logging drivers. **--tail**="*all*" Output the specified number of lines at the end of logs (defaults to all logs) -The `--since` option shows only the container logs generated after -a given date. You can specify the date as an RFC 3339 date, a UNIX -timestamp, or a Go duration string (e.g. `1m30s`, `3h`). Docker computes -the date relative to the client machine’s time. You can combine -the `--since` option with either or both of the `--follow` or `--tail` options. +The `--since` option can be Unix timestamps, date formated timestamps, or Go +duration strings (e.g. `10m`, `1h30m`) computed relative to the client machine’s +time. Supported formats for date formated time stamps include RFC3339Nano, +RFC3339, `2006-01-02T15:04:05`, `2006-01-02T15:04:05.999999999`, +`2006-01-02Z07:00`, and `2006-01-02`. The local timezone on the client will be +used if you do not provide either a `Z` or a `+-00:00` timezone offset at the +end of the timestamp. When providing Unix timestamps enter +seconds[.nanoseconds], where seconds is the number of seconds that have elapsed +since January 1, 1970 (midnight UTC/GMT), not counting leap seconds (aka Unix +epoch or Unix time), and the optional .nanoseconds field is a fraction of a +second no more than nine digits long. You can combine the `--since` option with +either or both of the `--follow` or `--tail` options. # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) @@ -54,3 +61,4 @@ based on docker.com source material and internal work. June 2014, updated by Sven Dowideit July 2014, updated by Sven Dowideit April 2015, updated by Ahmet Alp Balkan +October 2015, updated by Mike Brown From daf8b851b60213f999f233509a5d4f18d68b83fc Mon Sep 17 00:00:00 2001 From: Olle Jonsson Date: Sat, 13 Jun 2015 09:39:19 +0200 Subject: [PATCH 113/398] /info: Add keys Architecture, OSType - introduces Swarm-relevant keys, see #13634 - docs updated Signed-off-by: Olle Jonsson --- docker-info.1.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-info.1.md b/docker-info.1.md index f67a4fb00cce..208d3423a380 100644 --- a/docker-info.1.md +++ b/docker-info.1.md @@ -41,6 +41,8 @@ Here is a sample output: Logging Driver: json-file Kernel Version: 3.13.0-24-generic Operating System: Ubuntu 14.04 LTS + OSType: linux + Architecture: amd64 CPUs: 1 Total Memory: 2 GiB From 3ca9db871ebed7a61b832f9e9847fbf4c80978b4 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Sat, 14 Nov 2015 23:03:02 +0100 Subject: [PATCH 114/398] Add pkg/parsers/architecture and pkg/platform Signed-off-by: Vincent Demeester --- docker-info.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-info.1.md b/docker-info.1.md index 208d3423a380..4e451a3b3de3 100644 --- a/docker-info.1.md +++ b/docker-info.1.md @@ -42,7 +42,7 @@ Here is a sample output: Kernel Version: 3.13.0-24-generic Operating System: Ubuntu 14.04 LTS OSType: linux - Architecture: amd64 + Architecture: x86_64 CPUs: 1 Total Memory: 2 GiB From deb2ebca914f6c90d7e19fd702769cce2b0b103e Mon Sep 17 00:00:00 2001 From: Kunal Kushwaha Date: Fri, 23 Oct 2015 15:08:26 +0900 Subject: [PATCH 115/398] Supported added for reterving Plugin list for Network and Volume. Also, plugin information in docker info output. Signed-off-by: Kunal Kushwaha --- docker-info.1.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docker-info.1.md b/docker-info.1.md index 4e451a3b3de3..ae04e49edf4f 100644 --- a/docker-info.1.md +++ b/docker-info.1.md @@ -39,6 +39,9 @@ Here is a sample output: Dirs: 80 Execution Driver: native-0.2 Logging Driver: json-file + Plugins: + Volume: local + Network: bridge null host Kernel Version: 3.13.0-24-generic Operating System: Ubuntu 14.04 LTS OSType: linux From 28ec0ce2fe4e210d0060394d28d7943db1228318 Mon Sep 17 00:00:00 2001 From: NIWA Hideyuki Date: Wed, 9 Sep 2015 15:30:56 +0900 Subject: [PATCH 116/398] Addition of "--shm-size" to which size of /dev/shm is changed. - Optional "--shm-size=" was added to the sub-command(run, create,and build). - The size of /dev/shm in the container can be changed when container is made. - Being able to specify is a numerical value that applies number, b, k, m, and g. - The default value is 64MB, when this option is not set. - It deals with both native and lxc drivers. Signed-off-by: NIWA Hideyuki --- docker-build.1.md | 6 ++++++ docker-create.1.md | 6 ++++++ docker-run.1.md | 6 ++++++ 3 files changed, 18 insertions(+) diff --git a/docker-build.1.md b/docker-build.1.md index 4bf4deea591b..01889f76d2ff 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -19,6 +19,7 @@ docker-build - Build a new image from the source code at PATH [**-t**|**--tag**[=*[]*]] [**-m**|**--memory**[=*MEMORY*]] [**--memory-swap**[=*MEMORY-SWAP*]] +[**--shm-size**[=*SHM-SIZE*]] [**--cpu-period**[=*0*]] [**--cpu-quota**[=*0*]] [**--cpuset-cpus**[=*CPUSET-CPUS*]] @@ -90,6 +91,11 @@ set as the **URL**, the repository is cloned locally and then sent as the contex **--memory-swap**=*MEMORY-SWAP* Total memory (memory + swap), '-1' to disable swap. +**--shm-size**=*SHM-SIZE* + Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. + Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. + If you omit the size entirely, the system uses `64m`. + **--cpu-shares**=*0* CPU shares (relative weight). diff --git a/docker-create.1.md b/docker-create.1.md index b91923407372..fed6278afe41 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -54,6 +54,7 @@ docker-create - Create a new container [**--restart**[=*RESTART*]] [**--security-opt**[=*[]*]] [**--stop-signal**[=*SIGNAL*]] +[**--shm-size**[=*[]*]] [**-t**|**--tty**[=*false*]] [**-u**|**--user**[=*USER*]] [**--ulimit**[=*[]*]] @@ -252,6 +253,11 @@ This value should always larger than **-m**, so you should always use this with **--restart**="*no*" Restart policy to apply when a container exits (no, on-failure[:max-retry], always, unless-stopped). +**--shm-size**="" + Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. + Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. + If you omit the size entirely, the system uses `64m`. + **--security-opt**=[] Security Options diff --git a/docker-run.1.md b/docker-run.1.md index 72475b098aa4..2be6b1b5c0d1 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -56,6 +56,7 @@ docker-run - Run a command in a new container [**--rm**[=*false*]] [**--security-opt**[=*[]*]] [**--stop-signal**[=*SIGNAL*]] +[**--shm-size**[=*[]*]] [**--sig-proxy**[=*true*]] [**-t**|**--tty**[=*false*]] [**-u**|**--user**[=*USER*]] @@ -410,6 +411,11 @@ its root filesystem mounted as read only prohibiting any writes. **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. +**--shm-size**="" + Size of `/dev/shm`. The format is ``. + `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m`(megabytes), or `g` (gigabytes). + If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`. + **--sig-proxy**=*true*|*false* Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is *true*. From a206c8ae8698889497af6fa9b56f543b274d3708 Mon Sep 17 00:00:00 2001 From: Wen Cheng Ma Date: Thu, 5 Nov 2015 15:08:00 +0800 Subject: [PATCH 117/398] Re-implement --before and --since as options for --filter * This commit will mark --before and --since as deprecated, but leave their behavior unchanged until they are removed, then re-implement them as options for --filter. * And update the related docs. * Update the integration tests. Fixes issue #17716 Signed-off-by: Wen Cheng Ma --- docker-ps.1.md | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/docker-ps.1.md b/docker-ps.1.md index 41f3caf88a39..cee553a237cf 100644 --- a/docker-ps.1.md +++ b/docker-ps.1.md @@ -7,7 +7,6 @@ docker-ps - List containers # SYNOPSIS **docker ps** [**-a**|**--all**[=*false*]] -[**--before**[=*BEFORE*]] [**-f**|**--filter**[=*[]*]] [**--format**=*"TEMPLATE"*] [**--help**] @@ -16,7 +15,6 @@ docker-ps - List containers [**--no-trunc**[=*false*]] [**-q**|**--quiet**[=*false*]] [**-s**|**--size**[=*false*]] -[**--since**[=*SINCE*]] # DESCRIPTION @@ -27,9 +25,6 @@ the running containers. **-a**, **--all**=*true*|*false* Show all containers. Only running containers are shown by default. The default is *false*. -**--before**="" - Show only containers created before Id or Name, including non-running containers. - **-f**, **--filter**=[] Provide filter values. Valid filters: exited= - containers with exit code of @@ -37,6 +32,8 @@ the running containers. status=(created|restarting|running|paused|exited) name= - container's name id= - container's ID + before=(|) + since=(|) ancestor=([:tag]||) - filters containers that were created from the given image or a descendant. @@ -58,10 +55,10 @@ the running containers. Print usage statement **-l**, **--latest**=*true*|*false* - Show only the latest created container, include non-running ones. The default is *false*. + Show only the latest created container (includes all states). The default is *false*. **-n**=*-1* - Show n last created containers, include non-running ones. + Show n last created containers (includes all states). **--no-trunc**=*true*|*false* Don't truncate output. The default is *false*. @@ -72,9 +69,6 @@ the running containers. **-s**, **--size**=*true*|*false* Display total file sizes. The default is *false*. -**--since**="" - Show only containers created since Id or Name, include non-running ones. - # EXAMPLES # Display all containers, including non-running From 6e9498382731f477c6b4261614838cf1e2ac19a4 Mon Sep 17 00:00:00 2001 From: Zhang Wei Date: Thu, 1 Oct 2015 15:56:39 +0800 Subject: [PATCH 118/398] Add '-L' option for `cp` Fixes #16555 Original docker `cp` always copy symbol link itself instead of target, now we provide '-L' option to allow docker to follow symbol link to real target. Signed-off-by: Zhang Wei --- docker-cp.1.md | 117 +++++++++++++++++++++++++++---------------------- 1 file changed, 64 insertions(+), 53 deletions(-) diff --git a/docker-cp.1.md b/docker-cp.1.md index 667fc543b1e0..bd15625e1b75 100644 --- a/docker-cp.1.md +++ b/docker-cp.1.md @@ -7,87 +7,87 @@ docker-cp - Copy files/folders between a container and the local filesystem. # SYNOPSIS **docker cp** [**--help**] -CONTAINER:PATH LOCALPATH|- +CONTAINER:SRC_PATH DEST_PATH|- **docker cp** [**--help**] -LOCALPATH|- CONTAINER:PATH +SRC_PATH|- CONTAINER:DEST_PATH # DESCRIPTION -In the first synopsis form, the `docker cp` utility copies the contents of -`PATH` from the filesystem of `CONTAINER` to the `LOCALPATH` (or stream as -a tar archive to `STDOUT` if `-` is specified). - -In the second synopsis form, the contents of `LOCALPATH` (or a tar archive -streamed from `STDIN` if `-` is specified) are copied from the local machine to -`PATH` in the filesystem of `CONTAINER`. - -You can copy to or from either a running or stopped container. The `PATH` can -be a file or directory. The `docker cp` command assumes all `CONTAINER:PATH` -values are relative to the `/` (root) directory of the container. This means -supplying the initial forward slash is optional; The command sees -`compassionate_darwin:/tmp/foo/myfile.txt` and -`compassionate_darwin:tmp/foo/myfile.txt` as identical. If a `LOCALPATH` value -is not absolute, is it considered relative to the current working directory. - -Behavior is similar to the common Unix utility `cp -a` in that directories are +The `docker cp` utility copies the contents of `SRC_PATH` to the `DEST_PATH`. +You can copy from the container's file system to the local machine or the +reverse, from the local filesystem to the container. If `-` is specified for +either the `SRC_PATH` or `DEST_PATH`, you can also stream a tar archive from +`STDIN` or to `STDOUT`. The `CONTAINER` can be a running or stopped container. +The `SRC_PATH` or `DEST_PATH` be a file or directory. + +The `docker cp` command assumes container paths are relative to the container's +`/` (root) directory. This means supplying the initial forward slash is optional; +The command sees `compassionate_darwin:/tmp/foo/myfile.txt` and +`compassionate_darwin:tmp/foo/myfile.txt` as identical. Local machine paths can +be an absolute or relative value. The command interprets a local machine's +relative paths as relative to the current working directory where `docker cp` is +run. + +The `cp` command behaves like the Unix `cp -a` command in that directories are copied recursively with permissions preserved if possible. Ownership is set to -the user and primary group on the receiving end of the transfer. For example, -files copied to a container will be created with `UID:GID` of the root user. -Files copied to the local machine will be created with the `UID:GID` of the -user which invoked the `docker cp` command. +the user and primary group at the destination. For example, files copied to a +container are created with `UID:GID` of the root user. Files copied to the local +machine are created with the `UID:GID` of the user which invoked the `docker cp` +command. If you specify the `-L` option, `docker cp` follows any symbolic link +in the `SRC_PATH`. Assuming a path separator of `/`, a first argument of `SRC_PATH` and second -argument of `DST_PATH`, the behavior is as follows: +argument of `DEST_PATH`, the behavior is as follows: - `SRC_PATH` specifies a file - - `DST_PATH` does not exist - - the file is saved to a file created at `DST_PATH` - - `DST_PATH` does not exist and ends with `/` + - `DEST_PATH` does not exist + - the file is saved to a file created at `DEST_PATH` + - `DEST_PATH` does not exist and ends with `/` - Error condition: the destination directory must exist. - - `DST_PATH` exists and is a file - - the destination is overwritten with the contents of the source file - - `DST_PATH` exists and is a directory + - `DEST_PATH` exists and is a file + - the destination is overwritten with the source file's contents + - `DEST_PATH` exists and is a directory - the file is copied into this directory using the basename from `SRC_PATH` - `SRC_PATH` specifies a directory - - `DST_PATH` does not exist - - `DST_PATH` is created as a directory and the *contents* of the source + - `DEST_PATH` does not exist + - `DEST_PATH` is created as a directory and the *contents* of the source directory are copied into this directory - - `DST_PATH` exists and is a file + - `DEST_PATH` exists and is a file - Error condition: cannot copy a directory to a file - - `DST_PATH` exists and is a directory + - `DEST_PATH` exists and is a directory - `SRC_PATH` does not end with `/.` - the source directory is copied into this directory - `SRC_PATH` does end with `/.` - the *content* of the source directory is copied into this directory -The command requires `SRC_PATH` and `DST_PATH` to exist according to the above +The command requires `SRC_PATH` and `DEST_PATH` to exist according to the above rules. If `SRC_PATH` is local and is a symbolic link, the symbolic link, not -the target, is copied. +the target, is copied by default. To copy the link target and not the link, +specify the `-L` option. -A colon (`:`) is used as a delimiter between `CONTAINER` and `PATH`, but `:` -could also be in a valid `LOCALPATH`, like `file:name.txt`. This ambiguity is -resolved by requiring a `LOCALPATH` with a `:` to be made explicit with a -relative or absolute path, for example: +A colon (`:`) is used as a delimiter between `CONTAINER` and its path. You can +also use `:` when specifying paths to a `SRC_PATH` or `DEST_PATH` on a local +machine, for example `file:name.txt`. If you use a `:` in a local machine path, +you must be explicit with a relative or absolute path, for example: `/path/to/file:name.txt` or `./file:name.txt` It is not possible to copy certain system files such as resources under `/proc`, `/sys`, `/dev`, and mounts created by the user in the container. -Using `-` as the first argument in place of a `LOCALPATH` will stream the -contents of `STDIN` as a tar archive which will be extracted to the `PATH` in -the filesystem of the destination container. In this case, `PATH` must specify -a directory. - -Using `-` as the second argument in place of a `LOCALPATH` will stream the -contents of the resource from the source container as a tar archive to -`STDOUT`. +Using `-` as the `SRC_PATH` streams the contents of `STDIN` as a tar archive. +The command extracts the content of the tar to the `DEST_PATH` in container's +filesystem. In this case, `DEST_PATH` must specify a directory. Using `-` as +`DEST_PATH` streams the contents of the resource as a tar archive to `STDOUT`. # OPTIONS +**-L**, **--follow-link**=*true*|*false* + Follow symbol link in SRC_PATH + **--help** Print usage statement @@ -102,13 +102,13 @@ If you want to copy the `/tmp/foo` directory from a container to the existing `/tmp` directory on your host. If you run `docker cp` in your `~` (home) directory on the local host: - $ docker cp compassionate_darwin:tmp/foo /tmp + $ docker cp compassionate_darwin:tmp/foo /tmp Docker creates a `/tmp/foo` directory on your host. Alternatively, you can omit the leading slash in the command. If you execute this command from your home directory: - $ docker cp compassionate_darwin:tmp/foo tmp + $ docker cp compassionate_darwin:tmp/foo tmp If `~/tmp` does not exist, Docker will create it and copy the contents of `/tmp/foo` from the container into this new directory. If `~/tmp` already @@ -120,7 +120,7 @@ will either overwrite the contents of `LOCALPATH` if it is a file or place it into `LOCALPATH` if it is a directory, overwriting an existing file of the same name if one exists. For example, this command: - $ docker cp sharp_ptolemy:/tmp/foo/myfile.txt /test + $ docker cp sharp_ptolemy:/tmp/foo/myfile.txt /test If `/test` does not exist on the local machine, it will be created as a file with the contents of `/tmp/foo/myfile.txt` from the container. If `/test` @@ -137,16 +137,27 @@ If you have a file, `config.yml`, in the current directory on your local host and wish to copy it to an existing directory at `/etc/my-app.d` in a container, this command can be used: - $ docker cp config.yml myappcontainer:/etc/my-app.d + $ docker cp config.yml myappcontainer:/etc/my-app.d If you have several files in a local directory `/config` which you need to copy to a directory `/etc/my-app.d` in a container: - $ docker cp /config/. myappcontainer:/etc/my-app.d + $ docker cp /config/. myappcontainer:/etc/my-app.d The above command will copy the contents of the local `/config` directory into the directory `/etc/my-app.d` in the container. +Finally, if you want to copy a symbolic link into a container, you typically +want to copy the linked target and not the link itself. To copy the target, use +the `-L` option, for example: + + $ ln -s /tmp/somefile /tmp/somefile.ln + $ docker cp -L /tmp/somefile.ln myappcontainer:/tmp/ + +This command copies content of the local `/tmp/somefile` into the file +`/tmp/somefile.ln` in the container. Without `-L` option, the `/tmp/somefile.ln` +preserves its symbolic link but not its content. + # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. From 2a5d8c242ed06ab1908a5d8ac68f8dfc768c4e14 Mon Sep 17 00:00:00 2001 From: Zhang Wei Date: Fri, 30 Oct 2015 00:10:20 +0800 Subject: [PATCH 119/398] Enhance `docker network rm` to delete multi net This commit enhance `docker network rm` command to allow user to delete multi networks at the same time. Signed-off-by: Zhang Wei --- docker-network-rm.1.md | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/docker-network-rm.1.md b/docker-network-rm.1.md index 149503104a8e..7f8e3dae53e3 100644 --- a/docker-network-rm.1.md +++ b/docker-network-rm.1.md @@ -2,24 +2,39 @@ % Docker Community % OCT 2015 # NAME -docker-network-rm - remove a new network +docker-network-rm - remove one or more networks # SYNOPSIS -**docker network rm** +**docker network rm** [**--help**] -NETWORK +NETWORK [NETWORK...] # DESCRIPTION -Removes a network by name or identifier. To remove a network, you must first disconnect any containers connected to it. +Removes one or more networks by name or identifier. To remove a network, +you must first disconnect any containers connected to it. +To remove the network named 'my-network': -``` +```bash $ docker network rm my-network ``` +To delete multiple networks in a single `docker network rm` command, provide +multiple network names or id's. The following example deletes a network with id +`3695c422697f` and a network named `my-network`: + +```bash + $ docker network rm 3695c422697f my-network +``` + +When you specify multiple networks, the command attempts to delete each in turn. +If the deletion of one network fails, the command continues to the next on the +list and tries to delete that. The command reports success or failure for each +deletion. + # OPTIONS **NETWORK** - Specify network name + Specify network name or id **--help** Print usage statement From 855fb1fc87f301a0b365b24754213ec421a44fa4 Mon Sep 17 00:00:00 2001 From: Zhang Wei Date: Fri, 20 Nov 2015 19:41:25 +0800 Subject: [PATCH 120/398] Add API change to docs Add API change description to docs due to `docker network inspect` returns different data structure. Signed-off-by: Zhang Wei --- docker-network-inspect.1.md | 59 ++++++++++++++++++++++++------------- 1 file changed, 39 insertions(+), 20 deletions(-) diff --git a/docker-network-inspect.1.md b/docker-network-inspect.1.md index 0af6470101ad..90bd808ad6a0 100644 --- a/docker-network-inspect.1.md +++ b/docker-network-inspect.1.md @@ -26,29 +26,48 @@ The `network inspect` command shows the containers, by id, in its results. ```bash $ sudo docker network inspect bridge [ - { - "name": "bridge", - "id": "7fca4eb8c647e57e9d46c32714271e0c3f8bf8d17d346629e2820547b2d90039", - "driver": "bridge", - "containers": { - "bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727": { - "endpoint": "e0ac95934f803d7e36384a2029b8d1eeb56cb88727aa2e8b7edfeebaa6dfd758", - "mac_address": "02:42:ac:11:00:03", - "ipv4_address": "172.17.0.3/16", - "ipv6_address": "" - }, - "f2870c98fd504370fb86e59f32cd0753b1ac9b69b7d80566ffc7192a82b3ed27": { - "endpoint": "31de280881d2a774345bbfb1594159ade4ae4024ebfb1320cb74a30225f6a8ae", - "mac_address": "02:42:ac:11:00:02", - "ipv4_address": "172.17.0.2/16", - "ipv6_address": "" - } - } - } + { + "Name": "bridge", + "Id": "b2b1a2cba717161d984383fd68218cf70bbbd17d328496885f7c921333228b0f", + "Scope": "local", + "Driver": "bridge", + "IPAM": { + "Driver": "default", + "Config": [ + { + "Subnet": "172.17.42.1/16", + "Gateway": "172.17.42.1" + } + ] + }, + "Containers": { + "bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727": { + "Name": "container2", + "EndpointID": "0aebb8fcd2b282abe1365979536f21ee4ceaf3ed56177c628eae9f706e00e019", + "MacAddress": "02:42:ac:11:00:02", + "IPv4Address": "172.17.0.2/16", + "IPv6Address": "" + }, + "f2870c98fd504370fb86e59f32cd0753b1ac9b69b7d80566ffc7192a82b3ed27": { + "Name": "container1", + "EndpointID": "a00676d9c91a96bbe5bcfb34f705387a33d7cc365bac1a29e4e9728df92d10ad", + "MacAddress": "02:42:ac:11:00:01", + "IPv4Address": "172.17.0.1/16", + "IPv6Address": "" + } + }, + "Options": { + "com.docker.network.bridge.default_bridge": "true", + "com.docker.network.bridge.enable_icc": "true", + "com.docker.network.bridge.enable_ip_masquerade": "true", + "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", + "com.docker.network.bridge.name": "docker0", + "com.docker.network.driver.mtu": "1500" + } + } ] ``` - # OPTIONS **--help** From c5c9f68c289178d335af2b3095a9bbbd13d87602 Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Tue, 13 Oct 2015 11:26:27 +0200 Subject: [PATCH 121/398] Add OomScoreAdj to configure container oom killer preferences libcontainer v0.0.4 introduces setting `/proc/self/oom_score_adj` to better tune oom killing preferences for container process. This patch simply integrates OomScoreAdj libcontainer's config option and adjust the cli with this new option. Signed-off-by: Antonio Murdaca Signed-off-by: Antonio Murdaca --- docker-create.1.md | 4 ++++ docker-run.1.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/docker-create.1.md b/docker-create.1.md index fed6278afe41..596963751fe1 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -46,6 +46,7 @@ docker-create - Create a new container [**--name**[=*NAME*]] [**--net**[=*"bridge"*]] [**--oom-kill-disable**[=*false*]] +[**--oom-score-adj**[=*0*]] [**-P**|**--publish-all**[=*false*]] [**-p**|**--publish**[=*[]*]] [**--pid**[=*[]*]] @@ -229,6 +230,9 @@ This value should always larger than **-m**, so you should always use this with **--oom-kill-disable**=*true*|*false* Whether to disable OOM Killer for the container or not. +**--oom-score-adj**="" + Tune the host's OOM preferences for containers (accepts -1000 to 1000) + **-P**, **--publish-all**=*true*|*false* Publish all exposed ports to random ports on the host interfaces. The default is *false*. diff --git a/docker-run.1.md b/docker-run.1.md index 2be6b1b5c0d1..7529d95dff71 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -47,6 +47,7 @@ docker-run - Run a command in a new container [**--name**[=*NAME*]] [**--net**[=*"bridge"*]] [**--oom-kill-disable**[=*false*]] +[**--oom-score-adj**[=*0*]] [**-P**|**--publish-all**[=*false*]] [**-p**|**--publish**[=*[]*]] [**--pid**[=*[]*]] @@ -341,6 +342,9 @@ and foreground Docker containers. **--oom-kill-disable**=*true*|*false* Whether to disable OOM Killer for the container or not. +**--oom-score-adj**="" + Tune the host's OOM preferences for containers (accepts -1000 to 1000) + **-P**, **--publish-all**=*true*|*false* Publish all exposed ports to random ports on the host interfaces. The default is *false*. From bd09cd69fd61cd1841a5e7b83d57a2914b458724 Mon Sep 17 00:00:00 2001 From: Chris Weyl Date: Mon, 30 Nov 2015 23:33:55 -0600 Subject: [PATCH 122/398] newtork -> network (minor spelling correction) ...yeah, that was bugging me. :) Signed-off-by: Chris Weyl --- docker-network-create.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-network-create.1.md b/docker-network-create.1.md index acbe267208fe..4d0782b697b8 100644 --- a/docker-network-create.1.md +++ b/docker-network-create.1.md @@ -116,7 +116,7 @@ docker network create -d overlay --ip-range=192.168.1.0/24 --aux-address a=192.168.1.5 --aux-address b=192.168.1.6 --aux-address a=192.170.1.5 --aux-address b=192.170.1.6 - my-multihost-newtork + my-multihost-network ``` Be sure that your subnetworks do not overlap. If they do, the network create fails and Engine returns an error. From 3e5cb94ae73a199db8e3b304057b728656a3284b Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Tue, 1 Dec 2015 14:02:02 -0800 Subject: [PATCH 123/398] Deprecate -f flag from docker tag Closes #9798 @maintainers please note that this is a change to the UX. We no longer require the -f flag on `docker tag` to move a tag from an existing image. However, this does make us more consistent across our commands, see https://github.com/docker/docker/issues/9798 for the history. Signed-off-by: Doug Davis --- docker-tag.1.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/docker-tag.1.md b/docker-tag.1.md index ed4bffadb6d6..68c90b765c4e 100644 --- a/docker-tag.1.md +++ b/docker-tag.1.md @@ -6,7 +6,6 @@ docker-tag - Tag an image into a repository # SYNOPSIS **docker tag** -[**-f**|**--force**[=*false*]] [**--help**] IMAGE[:TAG] [REGISTRY_HOST/][USERNAME/]NAME[:TAG] @@ -18,9 +17,6 @@ If you do not specify a `REGISTRY_HOST`, the command uses Docker's public registry located at `registry-1.docker.io` by default. # "OPTIONS" -**-f**, **--force**=*true*|*false* - When set to true, force the alias. The default is *false*. - **--help** Print usage statement. From bb3d643e95cd15e22dae9ec20e8897714d7e0cc9 Mon Sep 17 00:00:00 2001 From: Zhang Wei Date: Mon, 9 Nov 2015 17:11:10 +0800 Subject: [PATCH 124/398] Add docs for option `--isolation` Add docs for `run`/`create`/`build` command option `isolation` Signed-off-by: Zhang Wei --- docker-build.1.md | 17 +++++++++++++++++ docker-create.1.md | 19 +++++++++++++++++++ docker-run.1.md | 36 ++++++++++++++++++++++++++++++++++++ 3 files changed, 72 insertions(+) diff --git a/docker-build.1.md b/docker-build.1.md index 01889f76d2ff..4a87c4d51548 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -12,6 +12,7 @@ docker-build - Build a new image from the source code at PATH [**--help**] [**-f**|**--file**[=*PATH/Dockerfile*]] [**--force-rm**[=*false*]] +[**--isolation**[=*default*]] [**--no-cache**[=*false*]] [**--pull**[=*false*]] [**-q**|**--quiet**[=*false*]] @@ -67,6 +68,9 @@ set as the **URL**, the repository is cloned locally and then sent as the contex **--force-rm**=*true*|*false* Always remove intermediate containers, even after unsuccessful builds. The default is *false*. +**--isolation**="*default*" + Isolation specifies the type of isolation technology used by containers. + **--no-cache**=*true*|*false* Do not use cache when building the image. The default is *false*. @@ -277,6 +281,19 @@ the system will look for that file inside the contents of the tarball. Note: supported compression formats are 'xz', 'bzip2', 'gzip' and 'identity' (no compression). +## Specify isolation technology for container (--isolation) + +This option is useful in situations where you are running Docker containers on +Windows. The `--isolation=` option sets a container's isolation +technology. On Linux, the only supported is the `default` option which uses +Linux namespaces. On Microsoft Windows, you can specify these values: + +* `default`: Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value. +* `process`: Namespace isolation only. +* `hyperv`: Hyper-V hypervisor partition-based isolation. + +Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`. + # HISTORY March 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. diff --git a/docker-create.1.md b/docker-create.1.md index 596963751fe1..ff902fcd124b 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -32,6 +32,7 @@ docker-create - Create a new container [**--help**] [**-i**|**--interactive**[=*false*]] [**--ipc**[=*IPC*]] +[**--isolation**[=*default*]] [**--kernel-memory**[=*KERNEL-MEMORY*]] [**-l**|**--label**[=*[]*]] [**--label-file**[=*[]*]] @@ -160,6 +161,9 @@ two memory nodes. 'container:': reuses another container shared memory, semaphores and message queues 'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. +**--isolation**="*default*" + Isolation specifies the type of isolation technology used by containers. + **--kernel-memory**="" Kernel memory limit (format: `[]`, where unit = b, k, m or g) @@ -291,6 +295,21 @@ This value should always larger than **-m**, so you should always use this with **-w**, **--workdir**="" Working directory inside the container +# EXAMPLES + +## Specify isolation technology for container (--isolation) + +This option is useful in situations where you are running Docker containers on +Windows. The `--isolation=` option sets a container's isolation +technology. On Linux, the only supported is the `default` option which uses +Linux namespaces. On Microsoft Windows, you can specify these values: + +* `default`: Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value. +* `process`: Namespace isolation only. +* `hyperv`: Hyper-V hypervisor partition-based isolation. + +Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`. + # HISTORY August 2014, updated by Sven Dowideit September 2014, updated by Sven Dowideit diff --git a/docker-run.1.md b/docker-run.1.md index 7529d95dff71..5d93ee41440a 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -33,6 +33,7 @@ docker-run - Run a command in a new container [**--help**] [**-i**|**--interactive**[=*false*]] [**--ipc**[=*IPC*]] +[**--isolation**[=*default*]] [**--kernel-memory**[=*KERNEL-MEMORY*]] [**-l**|**--label**[=*[]*]] [**--label-file**[=*[]*]] @@ -254,6 +255,9 @@ redirection on the host system. 'container:': reuses another container shared memory, semaphores and message queues 'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. +**--isolation**="*default*" + Isolation specifies the type of isolation technology used by containers. + **-l**, **--label**=[] Set metadata on the container (e.g., --label com.example.key=value) @@ -776,6 +780,38 @@ weight by `--blkio-weight-device` flag. Use the following command: # docker run -it --blkio-weight-device "/dev/sda:200" ubuntu +## Specify isolation technology for container (--isolation) + +This option is useful in situations where you are running Docker containers on +Microsoft Windows. The `--isolation ` option sets a container's isolation +technology. On Linux, the only supported is the `default` option which uses +Linux namespaces. These two commands are equivalent on Linux: + +``` +$ docker run -d busybox top +$ docker run -d --isolation default busybox top +``` + +On Microsoft Windows, can take any of these values: + +* `default`: Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value. +* `process`: Namespace isolation only. +* `hyperv`: Hyper-V hypervisor partition-based isolation. + +In practice, when running on Microsoft Windows without a `daemon` option set, these two commands are equivalent: + +``` +$ docker run -d --isolation default busybox top +$ docker run -d --isolation process busybox top +``` + +If you have set the `--exec-opt isolation=hyperv` option on the Docker `daemon`, any of these commands also result in `hyperv` isolation: + +``` +$ docker run -d --isolation default busybox top +$ docker run -d --isolation hyperv busybox top +``` + # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. From fd8ea7cb2ed0226f151beb0322588a33ba744e31 Mon Sep 17 00:00:00 2001 From: Wen Cheng Ma Date: Mon, 30 Nov 2015 16:28:54 +0800 Subject: [PATCH 125/398] Add NETWORK_NAME_or_ID value for --net= option Signed-off-by: Wen Cheng Ma --- docker-create.1.md | 9 +++++---- docker-run.1.md | 9 +++++---- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/docker-create.1.md b/docker-create.1.md index ff902fcd124b..84db7ae9f534 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -226,10 +226,11 @@ This value should always larger than **-m**, so you should always use this with **--net**="*bridge*" Set the Network mode for the container - 'bridge': creates a new network stack for the container on the docker bridge - 'none': no networking for this container - 'container:': reuses another container network stack - 'host': use the host network stack inside the container. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. + 'bridge': create a network stack on the default Docker bridge + 'none': no networking + 'container:': reuse another container's network stack + 'host': use the Docker host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. + '|': connect to a user-defined network **--oom-kill-disable**=*true*|*false* Whether to disable OOM Killer for the container or not. diff --git a/docker-run.1.md b/docker-run.1.md index 5d93ee41440a..9d15173dd8f7 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -338,10 +338,11 @@ and foreground Docker containers. **--net**="*bridge*" Set the Network mode for the container - 'bridge': creates a new network stack for the container on the docker bridge - 'none': no networking for this container - 'container:': reuses another container network stack - 'host': use the host network stack inside the container. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. + 'bridge': create a network stack on the default Docker bridge + 'none': no networking + 'container:': reuse another container's network stack + 'host': use the Docker host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. + '|': connect to a user-defined network **--oom-kill-disable**=*true*|*false* Whether to disable OOM Killer for the container or not. From ed7f22ddd86d8812379c6fef04bbc4b4870687f0 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Tue, 1 Dec 2015 13:39:34 -0500 Subject: [PATCH 126/398] This patch adds --tmpfs as a option for mounting tmpfs on directories It will Tar up contents of child directory onto tmpfs if mounted over This patch will use the new PreMount and PostMount hooks to "tar" up the contents of the base image on top of tmpfs mount points. Signed-off-by: Dan Walsh --- docker-create.1.md | 15 +++++++++++++++ docker-run.1.md | 28 ++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/docker-create.1.md b/docker-create.1.md index 84db7ae9f534..1e1d2df6f7af 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -58,6 +58,7 @@ docker-create - Create a new container [**--stop-signal**[=*SIGNAL*]] [**--shm-size**[=*[]*]] [**-t**|**--tty**[=*false*]] +[**--tmpfs**[=*[CONTAINER-DIR[:]*]] [**-u**|**--user**[=*USER*]] [**--ulimit**[=*[]*]] [**--uts**[=*[]*]] @@ -276,6 +277,20 @@ This value should always larger than **-m**, so you should always use this with **-t**, **--tty**=*true*|*false* Allocate a pseudo-TTY. The default is *false*. +**--tmpfs**=[] Create a tmpfs mount + + Mount a temporary filesystem (`tmpfs`) mount into a container, for example: + + $ docker run -d --tmpfs /tmp:rw,size=787448k,mode=1777 my_image + + This command mounts a `tmpfs` at `/tmp` within the container. The mount copies +the underlying content of `my_image` into `/tmp`. For example if there was a +directory `/tmp/content` in the base image, docker will copy this directory and +all of its content on top of the tmpfs mounted on `/tmp`. The supported mount +options are the same as the Linux default `mount` flags. If you do not specify +any options, the systems uses the following options: +`rw,noexec,nosuid,nodev,size=65536k`. + **-u**, **--user**="" Username or UID diff --git a/docker-run.1.md b/docker-run.1.md index 9d15173dd8f7..a423d55fac6c 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -61,6 +61,7 @@ docker-run - Run a command in a new container [**--shm-size**[=*[]*]] [**--sig-proxy**[=*true*]] [**-t**|**--tty**[=*false*]] +[**--tmpfs**[=*[CONTAINER-DIR[:]*]] [**-u**|**--user**[=*USER*]] [**-v**|**--volume**[=*[]*]] [**--ulimit**[=*[]*]] @@ -441,6 +442,20 @@ interactive shell. The default is false. The **-t** option is incompatible with a redirection of the docker client standard input. +**--tmpfs**=[] Create a tmpfs mount + + Mount a temporary filesystem (`tmpfs`) mount into a container, for example: + + $ docker run -d --tmpfs /tmp:rw,size=787448k,mode=1777 my_image + + This command mounts a `tmpfs` at `/tmp` within the container. The mount copies +the underlying content of `my_image` into `/tmp`. For example if there was a +directory `/tmp/content` in the base image, docker will copy this directory and +all of its content on top of the tmpfs mounted on `/tmp`. The supported mount +options are the same as the Linux default `mount` flags. If you do not specify +any options, the systems uses the following options: +`rw,noexec,nosuid,nodev,size=65536k`. + **-u**, **--user**="" Sets the username or UID used and optionally the groupname or GID for the specified command. @@ -557,6 +572,19 @@ the exit codes follow the `chroot` standard, see below: # EXAMPLES +## Running container in read-only mode + +During container image development, containers often need to write to the image +content. Installing packages into /usr, for example. In production, +applications seldom need to write to the image. Container applications write +to volumes if they need to write to file systems at all. Applications can be +made more secure by running them in read-only mode using the --read-only switch. +This protects the containers image from modification. Read only containers may +still need to write temporary data. The best way to handle this is to mount +tmpfs directories on /run and /tmp. + + # docker run --read-only --tmpfs /run --tmpfs /tmp -i -t fedora /bin/bash + ## Exposing log messages from the container to the host's log If you want messages that are logged in your container to show up in the host's From 260f81d027d69882bc1f89607cfc47aba1d75957 Mon Sep 17 00:00:00 2001 From: Pavel Pospisil Date: Wed, 2 Dec 2015 18:54:52 +0100 Subject: [PATCH 127/398] Improvement of docker top Man Page Some users expect that the `docker top $CONT` command displays information from the inside container perspective. They expect that the `docker top $CONT` command displays same information as the `docker exec $CONT ps -ef` command. But it does not. That's why the `docker top` man page shall explicitly state that the `docker top $CONT` displays information from the host's point of view. Signed-off-by: Pavel Pospisil --- docker-top.1.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docker-top.1.md b/docker-top.1.md index 9828d98be532..a666f7cd37cc 100644 --- a/docker-top.1.md +++ b/docker-top.1.md @@ -11,8 +11,9 @@ CONTAINER [ps OPTIONS] # DESCRIPTION -Display the running process of the container. ps-OPTION can be any of the - options you would pass to a Linux ps command. +Display the running process of the container. ps-OPTION can be any of the options you would pass to a Linux ps command. + +All displayed information is from host's point of view. # OPTIONS **--help** @@ -32,3 +33,4 @@ April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. June 2014, updated by Sven Dowideit June 2015, updated by Ma Shimiao +December 2015, updated by Pavel Pospisil From e8a6ff67070fda96eaa1e6e96e41e64e1cde0f08 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Wed, 2 Dec 2015 22:32:10 +0100 Subject: [PATCH 128/398] Add format flag to network inspect MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit …for consistency as docker inspect and docker volume inspect supports it too Signed-off-by: Vincent Demeester --- docker-network-inspect.1.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/docker-network-inspect.1.md b/docker-network-inspect.1.md index 90bd808ad6a0..889967ae8559 100644 --- a/docker-network-inspect.1.md +++ b/docker-network-inspect.1.md @@ -6,6 +6,7 @@ docker-network-inspect - inspect a network # SYNOPSIS **docker network inspect** +[**-f**|**--format**[=*FORMAT*]] [**--help**] NETWORK [NETWORK...] @@ -21,7 +22,11 @@ $ sudo docker run -itd --name=container2 busybox bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727 ``` -The `network inspect` command shows the containers, by id, in its results. +The `network inspect` command shows the containers, by id, in its +results. You can specify an alternate format to execute a given +template for each result. Go's +[text/template](http://golang.org/pkg/text/template/) package +describes all the details of the format. ```bash $ sudo docker network inspect bridge @@ -69,6 +74,8 @@ $ sudo docker network inspect bridge ``` # OPTIONS +**-f**, **--format**="" + Format the output using the given go template. **--help** Print usage statement From d94f0b5b9d7dd52ff9d4cbf43280caab1fac8626 Mon Sep 17 00:00:00 2001 From: Ben Firshman Date: Tue, 10 Nov 2015 15:25:53 +0000 Subject: [PATCH 129/398] Add docs and man page entry for --volume-driver Signed-off-by: Ben Firshman --- docker-create.1.md | 8 ++++++++ docker-run.1.md | 10 +++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/docker-create.1.md b/docker-create.1.md index 1e1d2df6f7af..9e946f8c3f0e 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -63,6 +63,7 @@ docker-create - Create a new container [**--ulimit**[=*[]*]] [**--uts**[=*[]*]] [**-v**|**--volume**[=*[]*]] +[**--volume-driver**[=*DRIVER*]] [**--volumes-from**[=*[]*]] [**-w**|**--workdir**[=*WORKDIR*]] IMAGE [COMMAND] [ARG...] @@ -305,6 +306,13 @@ any options, the systems uses the following options: **-v**, **--volume**=[] Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) +**--volume-driver**="" + Optional volume driver for the container + + If the container has a volume either from the `VOLUME` instruction in a + Dockerfile or the `-v` flag, a driver can be specified to create the volumes + with. See **docker-volume-create(1)** for full details. + **--volumes-from**=[] Mount volumes from the specified container(s) diff --git a/docker-run.1.md b/docker-run.1.md index a423d55fac6c..3db446240f11 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -63,9 +63,10 @@ docker-run - Run a command in a new container [**-t**|**--tty**[=*false*]] [**--tmpfs**[=*[CONTAINER-DIR[:]*]] [**-u**|**--user**[=*USER*]] -[**-v**|**--volume**[=*[]*]] [**--ulimit**[=*[]*]] [**--uts**[=*[]*]] +[**-v**|**--volume**[=*[]*]] +[**--volume-driver**[=*DRIVER*]] [**--volumes-from**[=*[]*]] [**-w**|**--workdir**[=*WORKDIR*]] IMAGE [COMMAND] [ARG...] @@ -512,6 +513,13 @@ For example, you can specify either `/foo` or `foo` for a `host-dir` value. If you supply the `/foo` value, Docker creates a bind-mount. If you supply the `foo` specification, Docker creates a named volume. +**--volume-driver**="" + Optional volume driver for the container + + If the container has a volume either from the `VOLUME` instruction in a + Dockerfile or the `-v` flag, a driver can be specified to create the volumes + with. See **docker-volume-create(1)** for full details. + **--volumes-from**=[] Mount volumes from the specified container(s) From 466fd69b9a536ca152961f083aa346cc73ddceca Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 3 Dec 2015 16:07:54 +0100 Subject: [PATCH 130/398] Address review comments. Signed-off-by: Sebastiaan van Stijn --- docker-create.1.md | 8 +++----- docker-run.1.md | 8 +++----- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/docker-create.1.md b/docker-create.1.md index 9e946f8c3f0e..362eef7474d1 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -307,11 +307,9 @@ any options, the systems uses the following options: Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) **--volume-driver**="" - Optional volume driver for the container - - If the container has a volume either from the `VOLUME` instruction in a - Dockerfile or the `-v` flag, a driver can be specified to create the volumes - with. See **docker-volume-create(1)** for full details. + Container's volume driver. This driver creates volumes specified either from + a Dockerfile's `VOLUME` instruction or from the `docker run -v` flag. + See **docker-volume-create(1)** for full details. **--volumes-from**=[] Mount volumes from the specified container(s) diff --git a/docker-run.1.md b/docker-run.1.md index 3db446240f11..5ee9dea044e7 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -514,11 +514,9 @@ If you supply the `/foo` value, Docker creates a bind-mount. If you supply the `foo` specification, Docker creates a named volume. **--volume-driver**="" - Optional volume driver for the container - - If the container has a volume either from the `VOLUME` instruction in a - Dockerfile or the `-v` flag, a driver can be specified to create the volumes - with. See **docker-volume-create(1)** for full details. + Container's volume driver. This driver creates volumes specified either from + a Dockerfile's `VOLUME` instruction or from the `docker run -v` flag. + See **docker-volume-create(1)** for full details. **--volumes-from**=[] Mount volumes from the specified container(s) From 2296cf09ead9fb5566cd5f3d434c7029ab96fcba Mon Sep 17 00:00:00 2001 From: Ma Shimiao Date: Wed, 8 Jul 2015 19:06:48 +0800 Subject: [PATCH 131/398] Add support for blkio read/write bps device Signed-off-by: Ma Shimiao --- docker-create.1.md | 8 ++++++++ docker-run.1.md | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/docker-create.1.md b/docker-create.1.md index 362eef7474d1..8212c6bd8279 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -20,6 +20,8 @@ docker-create - Create a new container [**--cpuset-cpus**[=*CPUSET-CPUS*]] [**--cpuset-mems**[=*CPUSET-MEMS*]] [**--device**[=*[]*]] +[**--device-read-bps**[=*[]*]] +[**--device-write-bps**[=*[]*]] [**--dns**[=*[]*]] [**--dns-search**[=*[]*]] [**--dns-opt**[=*[]*]] @@ -125,6 +127,12 @@ two memory nodes. **--device**=[] Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) +**--device-read-bps**=[] + Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb) + +**--device-write-bps**=[] + Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb) + **--dns**=[] Set custom DNS servers diff --git a/docker-run.1.md b/docker-run.1.md index 5ee9dea044e7..83c901006cf8 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -21,6 +21,8 @@ docker-run - Run a command in a new container [**--cpuset-mems**[=*CPUSET-MEMS*]] [**-d**|**--detach**[=*false*]] [**--device**[=*[]*]] +[**--device-read-bps**[=*[]*]] +[**--device-write-bps**[=*[]*]] [**--dns**[=*[]*]] [**--dns-opt**[=*[]*]] [**--dns-search**[=*[]*]] @@ -192,6 +194,12 @@ stopping the process by pressing the keys CTRL-P CTRL-Q. **--device**=[] Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) +**--device-read-bps**=[] + Limit read rate from a device (e.g. --device-read-bps=/dev/sda:1mb) + +**--device-write-bps**=[] + Limit write rate to a device (e.g. --device-write-bps=/dev/sda:1mb) + **--dns-search**=[] Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) From 43682476df235b405098b19b3ac9a4c5c0853455 Mon Sep 17 00:00:00 2001 From: Dima Stopel Date: Thu, 10 Dec 2015 12:53:27 +0200 Subject: [PATCH 132/398] Fixing documentation comments by @thaJeztah Signed-off-by: Dima Stopel --- docker-daemon.8.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/docker-daemon.8.md b/docker-daemon.8.md index de16f6849e34..b3e3ad65b126 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -7,6 +7,7 @@ docker-daemon - Enable daemon mode # SYNOPSIS **docker daemon** [**--api-cors-header**=[=*API-CORS-HEADER*]] +[**--authz-plugins**[=*[]*]] [**-b**|**--bridge**[=*BRIDGE*]] [**--bip**[=*BIP*]] [**--cluster-store**[=*[]*]] @@ -70,6 +71,9 @@ format. **--api-cors-header**="" Set CORS headers in the remote API. Default is cors disabled. Give urls like "http://foo, http://bar, ...". Give "*" to allow all. +**--authz-plugins**="" + Set authorization plugins to load + **-b**, **--bridge**="" Attach containers to a pre\-existing network bridge; use 'none' to disable container networking @@ -456,6 +460,31 @@ Specifies the path to a local file with a PEM encoded private key. This private key is used as the client key for communication with the Key/Value store. +# Access authorization + +Docker's access authorization can be extended by authorization plugins that your +organization can purchase or build themselves. You can install one or more +authorization plugins when you start the Docker `daemon` using the +`--authz-plugins=PLUGIN_ID` option. + +```bash +docker daemon --authz-plugins=plugin1 --authz-plugins=plugin2,... +``` + +The `PLUGIN_ID` value is either the plugin's name or a path to its specification +file. The plugin's implementation determines whether you can specify a name or +path. Consult with your Docker administrator to get information about the +plugins available to you. + +Once a plugin is installed, requests made to the `daemon` through the command +line or Docker's remote API are allowed or denied by the plugin. If you have +multiple plugins installed, at least one must allow the request for it to +complete. + +For information about how to create an authorization plugin, see [authorization +plugin](https://docs.docker.com/engine/extend/authorization.md) section in the +Docker extend section of this documentation. + # HISTORY Sept 2015, Originally compiled by Shishir Mahajan From 9765852de4372791c95fc8b749d1135f39a8c738 Mon Sep 17 00:00:00 2001 From: Liron Levin Date: Fri, 11 Dec 2015 20:59:15 +0200 Subject: [PATCH 133/398] Change authz plugin argument name Signed-off-by: Liron Levin --- docker-daemon.8.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docker-daemon.8.md b/docker-daemon.8.md index b3e3ad65b126..f06a05e92be5 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -7,7 +7,7 @@ docker-daemon - Enable daemon mode # SYNOPSIS **docker daemon** [**--api-cors-header**=[=*API-CORS-HEADER*]] -[**--authz-plugins**[=*[]*]] +[**--authz-plugin**[=*[]*]] [**-b**|**--bridge**[=*BRIDGE*]] [**--bip**[=*BIP*]] [**--cluster-store**[=*[]*]] @@ -71,7 +71,7 @@ format. **--api-cors-header**="" Set CORS headers in the remote API. Default is cors disabled. Give urls like "http://foo, http://bar, ...". Give "*" to allow all. -**--authz-plugins**="" +**--authz-plugin**="" Set authorization plugins to load **-b**, **--bridge**="" @@ -465,10 +465,10 @@ Key/Value store. Docker's access authorization can be extended by authorization plugins that your organization can purchase or build themselves. You can install one or more authorization plugins when you start the Docker `daemon` using the -`--authz-plugins=PLUGIN_ID` option. +`--authz-plugin=PLUGIN_ID` option. ```bash -docker daemon --authz-plugins=plugin1 --authz-plugins=plugin2,... +docker daemon --authz-plugin=plugin1 --authz-plugin=plugin2,... ``` The `PLUGIN_ID` value is either the plugin's name or a path to its specification From 6cc2929bce95c7513144cad8e7d9e530c67a81a0 Mon Sep 17 00:00:00 2001 From: Justas Brazauskas Date: Sun, 13 Dec 2015 18:00:39 +0200 Subject: [PATCH 134/398] Fix typos found across repository Signed-off-by: Justas Brazauskas --- docker-events.1.md | 6 +++--- docker-ps.1.md | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docker-events.1.md b/docker-events.1.md index bf0eda92ebbf..fb8d7b00b8e2 100644 --- a/docker-events.1.md +++ b/docker-events.1.md @@ -37,11 +37,11 @@ and Docker images will report: **--until**="" Stream events until this timestamp -The `--since` and `--until` parameters can be Unix timestamps, date formated +The `--since` and `--until` parameters can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the client machine’s time. If you do not provide the --since option, the command returns only new and/or live events. Supported formats for date -formated time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, +formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, `2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local timezone on the client will be used if you do not provide either a `Z` or a `+-00:00` timezone offset at the end of the timestamp. When providing Unix @@ -49,7 +49,7 @@ timestamps enter seconds[.nanoseconds], where seconds is the number of seconds that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a fraction of a second no more than nine digits long. - + # EXAMPLES ## Listening for Docker events diff --git a/docker-ps.1.md b/docker-ps.1.md index cee553a237cf..82a4ea20d544 100644 --- a/docker-ps.1.md +++ b/docker-ps.1.md @@ -48,7 +48,7 @@ the running containers. .Ports - Exposed ports. .Status - Container status. .Size - Container disk size. - .Labels - All labels asigned to the container. + .Labels - All labels assigned to the container. .Label - Value of a specific label for this container. For example `{{.Label "com.docker.swarm.cpu"}}` **--help** From 49d4e6fd93524cbd296a153fcd46c57a5faf082d Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 23 Oct 2015 16:57:57 -0400 Subject: [PATCH 135/398] Add capability to specify mount propagation per volume Allow passing mount propagation option shared, slave, or private as volume property. For example. docker run -ti -v /root/mnt-source:/root/mnt-dest:slave fedora bash Signed-off-by: Vivek Goyal --- docker-create.1.md | 76 +++++++++++++++++++++++++++++++++++++++-- docker-inspect.1.md | 1 + docker-run.1.md | 82 ++++++++++++++++++++++++++++++--------------- 3 files changed, 129 insertions(+), 30 deletions(-) diff --git a/docker-create.1.md b/docker-create.1.md index 8212c6bd8279..bca40cbaccd8 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -64,7 +64,7 @@ docker-create - Create a new container [**-u**|**--user**[=*USER*]] [**--ulimit**[=*[]*]] [**--uts**[=*[]*]] -[**-v**|**--volume**[=*[]*]] +[**-v**|**--volume**[=*[[HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*]] [**--volume-driver**[=*DRIVER*]] [**--volumes-from**[=*[]*]] [**-w**|**--workdir**[=*WORKDIR*]] @@ -311,8 +311,78 @@ any options, the systems uses the following options: **host**: use the host's UTS namespace inside the container. Note: the host mode gives the container access to changing the host's hostname and is therefore considered insecure. -**-v**, **--volume**=[] - Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) +**-v**|**--volume**[=*[[HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*] + Create a bind mount. If you specify, ` -v /HOST-DIR:/CONTAINER-DIR`, Docker + bind mounts `/HOST-DIR` in the host to `/CONTAINER-DIR` in the Docker + container. If 'HOST-DIR' is omitted, Docker automatically creates the new + volume on the host. The `OPTIONS` are a comma delimited list and can be: + + * [rw|ro] + * [z|Z] + * [`[r]shared`|`[r]slave`|`[r]private`] + +The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The `HOST-DIR` +can be an absolute path or a `name` value. A `name` value must start with an +alphanumeric character, followed by `a-z0-9`, `_` (underscore), `.` (period) or +`-` (hyphen). An absolute path starts with a `/` (forward slash). + +If you supply a `HOST-DIR` that is an absolute path, Docker bind-mounts to the +path you specify. If you supply a `name`, Docker creates a named volume by that +`name`. For example, you can specify either `/foo` or `foo` for a `HOST-DIR` +value. If you supply the `/foo` value, Docker creates a bind-mount. If you +supply the `foo` specification, Docker creates a named volume. + +You can specify multiple **-v** options to mount one or more mounts to a +container. To use these same mounts in other containers, specify the +**--volumes-from** option also. + +You can add `:ro` or `:rw` suffix to a volume to mount it read-only or +read-write mode, respectively. By default, the volumes are mounted read-write. +See examples. + +Labeling systems like SELinux require that proper labels are placed on volume +content mounted into a container. Without a label, the security system might +prevent the processes running inside the container from using the content. By +default, Docker does not change the labels set by the OS. + +To change a label in the container context, you can add either of two suffixes +`:z` or `:Z` to the volume mount. These suffixes tell Docker to relabel file +objects on the shared volumes. The `z` option tells Docker that two containers +share the volume content. As a result, Docker labels the content with a shared +content label. Shared volume labels allow all containers to read/write content. +The `Z` option tells Docker to label the content with a private unshared label. +Only the current container can use a private volume. + +By default bind mounted volumes are `private`. That means any mounts done +inside container will not be visible on host and vice-a-versa. One can change +this behavior by specifying a volume mount propagation property. Making a +volume `shared` mounts done under that volume inside container will be +visible on host and vice-a-versa. Making a volume `slave` enables only one +way mount propagation and that is mounts done on host under that volume +will be visible inside container but not the other way around. + +To control mount propagation property of volume one can use `:[r]shared`, +`:[r]slave` or `:[r]private` propagation flag. Propagation property can +be specified only for bind mounted volumes and not for internal volumes or +named volumes. For mount propagation to work source mount point (mount point +where source dir is mounted on) has to have right propagation properties. For +shared volumes, source mount point has to be shared. And for slave volumes, +source mount has to be either shared or slave. + +Use `df ` to figure out the source mount and then use +`findmnt -o TARGET,PROPAGATION ` to figure out propagation +properties of source mount. If `findmnt` utility is not available, then one +can look at mount entry for source mount point in `/proc/self/mountinfo`. Look +at `optional fields` and see if any propagaion properties are specified. +`shared:X` means mount is `shared`, `master:X` means mount is `slave` and if +nothing is there that means mount is `private`. + +To change propagation properties of a mount point use `mount` command. For +example, if one wants to bind mount source directory `/foo` one can do +`mount --bind /foo /foo` and `mount --make-private --make-shared /foo`. This +will convert /foo into a `shared` mount point. Alternatively one can directly +change propagation properties of source mount. Say `/` is source mount for +`/foo`, then use `mount --make-shared /` to convert `/` into a `shared` mount. **--volume-driver**="" Container's volume driver. This driver creates volumes specified either from diff --git a/docker-inspect.1.md b/docker-inspect.1.md index 097515245206..c2e32cfd676e 100644 --- a/docker-inspect.1.md +++ b/docker-inspect.1.md @@ -104,6 +104,7 @@ To get information on a container use its ID or instance name: "Destination": "/data", "Mode": "ro,Z", "RW": false + "Propagation": "" } ], "AppArmorProfile": "", diff --git a/docker-run.1.md b/docker-run.1.md index 83c901006cf8..603db39b7f00 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -67,7 +67,7 @@ docker-run - Run a command in a new container [**-u**|**--user**[=*USER*]] [**--ulimit**[=*[]*]] [**--uts**[=*[]*]] -[**-v**|**--volume**[=*[]*]] +[**-v**|**--volume**[=*[[HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*]] [**--volume-driver**[=*DRIVER*]] [**--volumes-from**[=*[]*]] [**-w**|**--workdir**[=*WORKDIR*]] @@ -476,24 +476,34 @@ any options, the systems uses the following options: **--ulimit**=[] Ulimit options -**-v**, **--volume**=[] Create a bind mount - (format: `[host-dir:]container-dir[:]`, where suffix options -are comma delimited and selected from [rw|ro] and [z|Z].) +**-v**|**--volume**[=*[[HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*] + Create a bind mount. If you specify, ` -v /HOST-DIR:/CONTAINER-DIR`, Docker + bind mounts `/HOST-DIR` in the host to `/CONTAINER-DIR` in the Docker + container. If 'HOST-DIR' is omitted, Docker automatically creates the new + volume on the host. The `OPTIONS` are a comma delimited list and can be: - (e.g., using -v /host-dir:/container-dir, bind mounts /host-dir in the -host to /container-dir in the Docker container) + * [rw|ro] + * [z|Z] + * [`[r]shared`|`[r]slave`|`[r]private`] - If 'host-dir' is missing, then docker automatically creates the new volume -on the host. **This auto-creation of the host path has been deprecated in -Release: v1.9.** +The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The `HOST-DIR` +can be an absolute path or a `name` value. A `name` value must start with an +alphanumeric character, followed by `a-z0-9`, `_` (underscore), `.` (period) or +`-` (hyphen). An absolute path starts with a `/` (forward slash). - The **-v** option can be used one or -more times to add one or more mounts to a container. These mounts can then be -used in other containers using the **--volumes-from** option. +If you supply a `HOST-DIR` that is an absolute path, Docker bind-mounts to the +path you specify. If you supply a `name`, Docker creates a named volume by that +`name`. For example, you can specify either `/foo` or `foo` for a `HOST-DIR` +value. If you supply the `/foo` value, Docker creates a bind-mount. If you +supply the `foo` specification, Docker creates a named volume. - The volume may be optionally suffixed with :ro or :rw to mount the volumes in -read-only or read-write mode, respectively. By default, the volumes are mounted -read-write. See examples. +You can specify multiple **-v** options to mount one or more mounts to a +container. To use these same mounts in other containers, specify the +**--volumes-from** option also. + +You can add `:ro` or `:rw` suffix to a volume to mount it read-only or +read-write mode, respectively. By default, the volumes are mounted read-write. +See examples. Labeling systems like SELinux require that proper labels are placed on volume content mounted into a container. Without a label, the security system might @@ -508,18 +518,36 @@ content label. Shared volume labels allow all containers to read/write content. The `Z` option tells Docker to label the content with a private unshared label. Only the current container can use a private volume. -The `container-dir` must always be an absolute path such as `/src/docs`. -The `host-dir` can either be an absolute path or a `name` value. If you -supply an absolute path for the `host-dir`, Docker bind-mounts to the path -you specify. If you supply a `name`, Docker creates a named volume by that `name`. - -A `name` value must start with start with an alphanumeric character, -followed by `a-z0-9`, `_` (underscore), `.` (period) or `-` (hyphen). -An absolute path starts with a `/` (forward slash). - -For example, you can specify either `/foo` or `foo` for a `host-dir` value. -If you supply the `/foo` value, Docker creates a bind-mount. If you supply -the `foo` specification, Docker creates a named volume. +By default bind mounted volumes are `private`. That means any mounts done +inside container will not be visible on host and vice-a-versa. One can change +this behavior by specifying a volume mount propagation property. Making a +volume `shared` mounts done under that volume inside container will be +visible on host and vice-a-versa. Making a volume `slave` enables only one +way mount propagation and that is mounts done on host under that volume +will be visible inside container but not the other way around. + +To control mount propagation property of volume one can use `:[r]shared`, +`:[r]slave` or `:[r]private` propagation flag. Propagation property can +be specified only for bind mounted volumes and not for internal volumes or +named volumes. For mount propagation to work source mount point (mount point +where source dir is mounted on) has to have right propagation properties. For +shared volumes, source mount point has to be shared. And for slave volumes, +source mount has to be either shared or slave. + +Use `df ` to figure out the source mount and then use +`findmnt -o TARGET,PROPAGATION ` to figure out propagation +properties of source mount. If `findmnt` utility is not available, then one +can look at mount entry for source mount point in `/proc/self/mountinfo`. Look +at `optional fields` and see if any propagaion properties are specified. +`shared:X` means mount is `shared`, `master:X` means mount is `slave` and if +nothing is there that means mount is `private`. + +To change propagation properties of a mount point use `mount` command. For +example, if one wants to bind mount source directory `/foo` one can do +`mount --bind /foo /foo` and `mount --make-private --make-shared /foo`. This +will convert /foo into a `shared` mount point. Alternatively one can directly +change propagation properties of source mount. Say `/` is source mount for +`/foo`, then use `mount --make-shared /` to convert `/` into a `shared` mount. **--volume-driver**="" Container's volume driver. This driver creates volumes specified either from From f567a0e31d7cd0f3f40546ae008b0baedf245456 Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Wed, 16 Dec 2015 13:43:41 +0100 Subject: [PATCH 136/398] docs: userguide: labels-custom-metadsata.md: update syntax for emtpy value labels Signed-off-by: Antonio Murdaca --- Dockerfile.5.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/Dockerfile.5.md b/Dockerfile.5.md index c5e5bea518b1..7d56bda0fa8b 100644 --- a/Dockerfile.5.md +++ b/Dockerfile.5.md @@ -156,20 +156,23 @@ A Dockerfile is similar to a Makefile. the image. **LABEL** - -- `LABEL [=] [[=] ...]`or + -- `LABEL = [= ...]`or ``` LABEL [ ] LABEL [ ] ... ``` The **LABEL** instruction adds metadata to an image. A **LABEL** is a - key-value pair. To include spaces within a **LABEL** value, use quotes and + key-value pair. To specify a **LABEL** without a value, simply use an empty + string. To include spaces within a **LABEL** value, use quotes and backslashes as you would in command-line parsing. ``` LABEL com.example.vendor="ACME Incorporated" - or LABEL com.example.vendor "ACME Incorporated" + LABEL com.example.vendor.is-beta "" + LABEL com.example.vendor.is-beta= + LABEL com.example.vendor.is-beta="" ``` An image can have more than one label. To specify multiple labels, separate From 436491cbcb5799d5e1aed9676679226e41be99e6 Mon Sep 17 00:00:00 2001 From: Ma Shimiao Date: Wed, 8 Jul 2015 19:06:48 +0800 Subject: [PATCH 137/398] Add support for blkio read/write iops device Signed-off-by: Ma Shimiao --- docker-create.1.md | 8 ++++++++ docker-run.1.md | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/docker-create.1.md b/docker-create.1.md index bca40cbaccd8..d473a624e99f 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -21,7 +21,9 @@ docker-create - Create a new container [**--cpuset-mems**[=*CPUSET-MEMS*]] [**--device**[=*[]*]] [**--device-read-bps**[=*[]*]] +[**--device-read-iops**[=*[]*]] [**--device-write-bps**[=*[]*]] +[**--device-write-iops**[=*[]*]] [**--dns**[=*[]*]] [**--dns-search**[=*[]*]] [**--dns-opt**[=*[]*]] @@ -130,9 +132,15 @@ two memory nodes. **--device-read-bps**=[] Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb) +**--device-read-iops**=[] + Limit read rate (IO per second) from a device (e.g. --device-read-iops=/dev/sda:1000) + **--device-write-bps**=[] Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb) +**--device-write-iops**=[] + Limit write rate (IO per second) to a device (e.g. --device-write-iops=/dev/sda:1000) + **--dns**=[] Set custom DNS servers diff --git a/docker-run.1.md b/docker-run.1.md index 603db39b7f00..17c6e3268b6c 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -22,7 +22,9 @@ docker-run - Run a command in a new container [**-d**|**--detach**[=*false*]] [**--device**[=*[]*]] [**--device-read-bps**[=*[]*]] +[**--device-read-iops**[=*[]*]] [**--device-write-bps**[=*[]*]] +[**--device-write-iops**[=*[]*]] [**--dns**[=*[]*]] [**--dns-opt**[=*[]*]] [**--dns-search**[=*[]*]] @@ -197,9 +199,15 @@ stopping the process by pressing the keys CTRL-P CTRL-Q. **--device-read-bps**=[] Limit read rate from a device (e.g. --device-read-bps=/dev/sda:1mb) +**--device-read-iops**=[] + Limit read rate from a device (e.g. --device-read-iops=/dev/sda:1000) + **--device-write-bps**=[] Limit write rate to a device (e.g. --device-write-bps=/dev/sda:1mb) +**--device-write-iops**=[] + Limit write rate a a device (e.g. --device-write-iops=/dev/sda:1000) + **--dns-search**=[] Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) From 4c58889a5dc7822213ad180e45857c866bb92c43 Mon Sep 17 00:00:00 2001 From: Boaz Shuster Date: Wed, 28 Oct 2015 02:29:21 +0200 Subject: [PATCH 138/398] Change the quiet flag behavior in the build command Right now, the quiet (-q, --quiet) flag ignores the output generated from within the container. However, it ought to be quiet in a way that all kind of diagnostic output should be ignored, unless the build process fails. This patch makes the quiet flag behave in the following way: 1. If the build process succeeds, stdout contains the image ID and stderr is empty. 2. If the build process fails, stdout is empty and stderr has the error message and the diagnostic output of that process. If the quiet flag is not set, then everything goes to stdout and error messages, if there are any, go to stderr. Signed-off-by: Boaz Shuster --- docker-build.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-build.1.md b/docker-build.1.md index 4a87c4d51548..52451c1d755d 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -81,7 +81,7 @@ set as the **URL**, the repository is cloned locally and then sent as the contex Always attempt to pull a newer version of the image. The default is *false*. **-q**, **--quiet**=*true*|*false* - Suppress the verbose output generated by the containers. The default is *false*. + Suppress the build output and print image ID on success. The default is *false*. **--rm**=*true*|*false* Remove intermediate containers after a successful build. The default is *true*. From 6620a428846711e69856bdca9f30d70a8995a76e Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Fri, 18 Dec 2015 14:03:41 +0100 Subject: [PATCH 139/398] Add --format support to images command - rename `api/client/ps` to `api/client/formatter` - add a a image formatter Signed-off-by: Vincent Demeester --- docker-images.1.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docker-images.1.md b/docker-images.1.md index de4fee05c9c4..921a14168438 100644 --- a/docker-images.1.md +++ b/docker-images.1.md @@ -40,6 +40,17 @@ versions. **-f**, **--filter**=[] Filters the output. The dangling=true filter finds unused images. While label=com.foo=amd64 filters for images with a com.foo value of amd64. The label=com.foo filter finds images with the label com.foo of any value. +**--format**="*TEMPLATE*" + Pretty-print containers using a Go template. + Valid placeholders: + .ID - Image ID + .Repository - Image repository + .Tag - Image tag + .Digest - Image digest + .CreatedSince - Elapsed time since the image was created. + .CreatedAt - Time when the image was created.. + .Size - Image disk size. + **--help** Print usage statement From ca7ff16a8f52b3dcae7dcd941503a332c8e1d738 Mon Sep 17 00:00:00 2001 From: Zhang Wei Date: Tue, 10 Nov 2015 16:57:06 +0800 Subject: [PATCH 140/398] Add filter for `network ls` to hide predefined net Add filter support for `network ls` to hide predefined network, then user can use "docker network rm `docker network ls -f type=custom`" to delete a bundle of userdefined networks. Signed-off-by: Zhang Wei --- docker-network-ls.1.md | 92 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 90 insertions(+), 2 deletions(-) diff --git a/docker-network-ls.1.md b/docker-network-ls.1.md index 3d1a1fbe46b0..ceca40573c53 100644 --- a/docker-network-ls.1.md +++ b/docker-network-ls.1.md @@ -6,6 +6,7 @@ docker-network-ls - list networks # SYNOPSIS **docker network ls** +[**-f**|**--filter**[=*[]*]] [**--no-trunc**[=*true*|*false*]] [**-q**|**--quiet**[=*true*|*false*]] [**--help**] @@ -16,7 +17,7 @@ Lists all the networks the Engine `daemon` knows about. This includes the networks that span across multiple hosts in a cluster, for example: ```bash - $ sudo docker network ls + $ docker network ls NETWORK ID NAME DRIVER 7fca4eb8c647 bridge bridge 9f904ee27bf5 none null @@ -27,16 +28,103 @@ networks that span across multiple hosts in a cluster, for example: Use the `--no-trunc` option to display the full network id: ```bash -docker network ls --no-trunc +$ docker network ls --no-trunc NETWORK ID NAME DRIVER 18a2866682b85619a026c81b98a5e375bd33e1b0936a26cc497c283d27bae9b3 none null c288470c46f6c8949c5f7e5099b5b7947b07eabe8d9a27d79a9cbf111adcbf47 host host 7b369448dccbf865d397c8d2be0cda7cf7edc6b0945f77d2529912ae917a0185 bridge bridge 95e74588f40db048e86320c6526440c504650a1ff3e9f7d60a497c4d2163e5bd foo bridge +63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161 dev bridge +``` + +## Filtering + +The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there +is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`). +Multiple filter flags are combined as an `OR` filter. For example, +`-f type=custom -f type=builtin` returns both `custom` and `builtin` networks. + +The currently supported filters are: + +* id (network's id) +* name (network's name) +* type (custom|builtin) + +#### Type + +The `type` filter supports two values; `builtin` displays predefined networks +(`bridge`, `none`, `host`), whereas `custom` displays user defined networks. + +The following filter matches all user defined networks: + +```bash +$ docker network ls --filter type=custom +NETWORK ID NAME DRIVER +95e74588f40d foo bridge +63d1ff1f77b0 dev bridge +``` + +By having this flag it allows for batch cleanup. For example, use this filter +to delete all user defined networks: + +```bash +$ docker network rm `docker network ls --filter type=custom -q` +``` + +A warning will be issued when trying to remove a network that has containers +attached. + +#### Name + +The `name` filter matches on all or part of a network's name. + +The following filter matches all networks with a name containing the `foobar` string. + +```bash +$ docker network ls --filter name=foobar +NETWORK ID NAME DRIVER +06e7eef0a170 foobar bridge +``` + +You can also filter for a substring in a name as this shows: + +```bash +$ docker ps --filter name=foo +NETWORK ID NAME DRIVER +95e74588f40d foo bridge +06e7eef0a170 foobar bridge +``` + +#### ID + +The `id` filter matches on all or part of a network's ID. + +The following filter matches all networks with a name containing the +`06e7eef01700` string. + +```bash +$ docker network ls --filter id=63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161 +NETWORK ID NAME DRIVER +63d1ff1f77b0 dev bridge +``` + +You can also filter for a substring in a ID as this shows: + +```bash +$ docker ps --filter id=95e74588f40d +NETWORK ID NAME DRIVER +95e74588f40d foo bridge + +$ docker ps --filter id=95e +NETWORK ID NAME DRIVER +95e74588f40d foo bridge ``` # OPTIONS +**-f**, **--filter**=*[]* + filter output based on conditions provided. + **--no-trunc**=*true*|*false* Do not truncate the output From cd2fb0e22449cbecd65685ea4c76ede00d340a38 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Wed, 23 Dec 2015 06:37:06 -0800 Subject: [PATCH 141/398] remove =false from options that default to false in the docs This re-aligns the docs with what the cmd line now does. Signed-off-by: Doug Davis --- docker-attach.1.md | 2 +- docker-build.1.md | 8 ++++---- docker-create.1.md | 12 ++++++------ docker-daemon.8.md | 12 ++++++------ docker-exec.1.md | 8 ++++---- docker-history.1.md | 4 ++-- docker-images.1.md | 8 ++++---- docker-inspect.1.md | 4 ++-- docker-logs.1.md | 4 ++-- docker-ps.1.md | 10 +++++----- docker-pull.1.md | 2 +- docker-rm.1.md | 6 +++--- docker-rmi.1.md | 4 ++-- docker-run.1.md | 16 ++++++++-------- docker-search.1.md | 4 ++-- docker-start.1.md | 4 ++-- docker-stats.1.md | 4 ++-- 17 files changed, 56 insertions(+), 56 deletions(-) diff --git a/docker-attach.1.md b/docker-attach.1.md index 96fb3756a34d..260593201f33 100644 --- a/docker-attach.1.md +++ b/docker-attach.1.md @@ -7,7 +7,7 @@ docker-attach - Attach to a running container # SYNOPSIS **docker attach** [**--help**] -[**--no-stdin**[=*false*]] +[**--no-stdin**] [**--sig-proxy**[=*true*]] CONTAINER diff --git a/docker-build.1.md b/docker-build.1.md index 52451c1d755d..3decabe174de 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -11,11 +11,11 @@ docker-build - Build a new image from the source code at PATH [**--cgroup-parent**[=*CGROUP-PARENT*]] [**--help**] [**-f**|**--file**[=*PATH/Dockerfile*]] -[**--force-rm**[=*false*]] +[**--force-rm**] [**--isolation**[=*default*]] -[**--no-cache**[=*false*]] -[**--pull**[=*false*]] -[**-q**|**--quiet**[=*false*]] +[**--no-cache**] +[**--pull**] +[**-q**|**--quiet**] [**--rm**[=*true*]] [**-t**|**--tag**[=*[]*]] [**-m**|**--memory**[=*MEMORY*]] diff --git a/docker-create.1.md b/docker-create.1.md index d473a624e99f..f35571a356fc 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -34,7 +34,7 @@ docker-create - Create a new container [**--group-add**[=*[]*]] [**-h**|**--hostname**[=*HOSTNAME*]] [**--help**] -[**-i**|**--interactive**[=*false*]] +[**-i**|**--interactive**] [**--ipc**[=*IPC*]] [**--isolation**[=*default*]] [**--kernel-memory**[=*KERNEL-MEMORY*]] @@ -50,18 +50,18 @@ docker-create - Create a new container [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] [**--name**[=*NAME*]] [**--net**[=*"bridge"*]] -[**--oom-kill-disable**[=*false*]] +[**--oom-kill-disable**] [**--oom-score-adj**[=*0*]] -[**-P**|**--publish-all**[=*false*]] +[**-P**|**--publish-all**] [**-p**|**--publish**[=*[]*]] [**--pid**[=*[]*]] -[**--privileged**[=*false*]] -[**--read-only**[=*false*]] +[**--privileged**] +[**--read-only**] [**--restart**[=*RESTART*]] [**--security-opt**[=*[]*]] [**--stop-signal**[=*SIGNAL*]] [**--shm-size**[=*[]*]] -[**-t**|**--tty**[=*false*]] +[**-t**|**--tty**] [**--tmpfs**[=*[CONTAINER-DIR[:]*]] [**-u**|**--user**[=*USER*]] [**--ulimit**[=*[]*]] diff --git a/docker-daemon.8.md b/docker-daemon.8.md index f06a05e92be5..904ae428abf3 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -13,11 +13,11 @@ docker-daemon - Enable daemon mode [**--cluster-store**[=*[]*]] [**--cluster-advertise**[=*[]*]] [**--cluster-store-opt**[=*map[]*]] -[**-D**|**--debug**[=*false*]] +[**-D**|**--debug**] [**--default-gateway**[=*DEFAULT-GATEWAY*]] [**--default-gateway-v6**[=*DEFAULT-GATEWAY-V6*]] [**--default-ulimit**[=*[]*]] -[**--disable-legacy-registry**[=*false*]] +[**--disable-legacy-registry**] [**--dns**[=*[]*]] [**--dns-opt**[=*[]*]] [**--dns-search**[=*[]*]] @@ -35,7 +35,7 @@ docker-daemon - Enable daemon mode [**--ip-forward**[=*true*]] [**--ip-masq**[=*true*]] [**--iptables**[=*true*]] -[**--ipv6**[=*false*]] +[**--ipv6**] [**-l**|**--log-level**[=*info*]] [**--label**[=*[]*]] [**--log-driver**[=*json-file*]] @@ -44,13 +44,13 @@ docker-daemon - Enable daemon mode [**-p**|**--pidfile**[=*/var/run/docker.pid*]] [**--registry-mirror**[=*[]*]] [**-s**|**--storage-driver**[=*STORAGE-DRIVER*]] -[**--selinux-enabled**[=*false*]] +[**--selinux-enabled**] [**--storage-opt**[=*[]*]] -[**--tls**[=*false*]] +[**--tls**] [**--tlscacert**[=*~/.docker/ca.pem*]] [**--tlscert**[=*~/.docker/cert.pem*]] [**--tlskey**[=*~/.docker/key.pem*]] -[**--tlsverify**[=*false*]] +[**--tlsverify**] [**--userland-proxy**[=*true*]] # DESCRIPTION diff --git a/docker-exec.1.md b/docker-exec.1.md index 5cfdb5434b06..388fe81b2c6b 100644 --- a/docker-exec.1.md +++ b/docker-exec.1.md @@ -6,11 +6,11 @@ docker-exec - Run a command in a running container # SYNOPSIS **docker exec** -[**-d**|**--detach**[=*false*]] +[**-d**|**--detach**] [**--help**] -[**-i**|**--interactive**[=*false*]] -[**--privileged**[=*false*]] -[**-t**|**--tty**[=*false*]] +[**-i**|**--interactive**] +[**--privileged**] +[**-t**|**--tty**] [**-u**|**--user**[=*USER*]] CONTAINER COMMAND [ARG...] diff --git a/docker-history.1.md b/docker-history.1.md index 247d6503ee31..91edefe25fba 100644 --- a/docker-history.1.md +++ b/docker-history.1.md @@ -8,8 +8,8 @@ docker-history - Show the history of an image **docker history** [**--help**] [**-H**|**--human**[=*true*]] -[**--no-trunc**[=*false*]] -[**-q**|**--quiet**[=*false*]] +[**--no-trunc**] +[**-q**|**--quiet**] IMAGE # DESCRIPTION diff --git a/docker-images.1.md b/docker-images.1.md index 921a14168438..75355ac5c0e5 100644 --- a/docker-images.1.md +++ b/docker-images.1.md @@ -7,11 +7,11 @@ docker-images - List images # SYNOPSIS **docker images** [**--help**] -[**-a**|**--all**[=*false*]] -[**--digests**[=*false*]] +[**-a**|**--all**] +[**--digests**] [**-f**|**--filter**[=*[]*]] -[**--no-trunc**[=*false*]] -[**-q**|**--quiet**[=*false*]] +[**--no-trunc**] +[**-q**|**--quiet**] [REPOSITORY[:TAG]] # DESCRIPTION diff --git a/docker-inspect.1.md b/docker-inspect.1.md index c2e32cfd676e..81f48ceedfe6 100644 --- a/docker-inspect.1.md +++ b/docker-inspect.1.md @@ -8,7 +8,7 @@ docker-inspect - Return low-level information on a container or image **docker inspect** [**--help**] [**-f**|**--format**[=*FORMAT*]] -[**-s**|**--size**[=*false*]] +[**-s**|**--size**] [**--type**=*container*|*image*] CONTAINER|IMAGE [CONTAINER|IMAGE...] @@ -26,7 +26,7 @@ each result. **-f**, **--format**="" Format the output using the given Go template. -**-s**, **--size**=*false* +**-s**, **--size** Display total file sizes if the type is container. **--type**="*container*|*image*" diff --git a/docker-logs.1.md b/docker-logs.1.md index 7374e6cd489d..21501dc51db4 100644 --- a/docker-logs.1.md +++ b/docker-logs.1.md @@ -6,10 +6,10 @@ docker-logs - Fetch the logs of a container # SYNOPSIS **docker logs** -[**-f**|**--follow**[=*false*]] +[**-f**|**--follow**] [**--help**] [**--since**[=*SINCE*]] -[**-t**|**--timestamps**[=*false*]] +[**-t**|**--timestamps**] [**--tail**[=*"all"*]] CONTAINER diff --git a/docker-ps.1.md b/docker-ps.1.md index 82a4ea20d544..770cd26498a3 100644 --- a/docker-ps.1.md +++ b/docker-ps.1.md @@ -6,15 +6,15 @@ docker-ps - List containers # SYNOPSIS **docker ps** -[**-a**|**--all**[=*false*]] +[**-a**|**--all**] [**-f**|**--filter**[=*[]*]] [**--format**=*"TEMPLATE"*] [**--help**] -[**-l**|**--latest**[=*false*]] +[**-l**|**--latest**] [**-n**[=*-1*]] -[**--no-trunc**[=*false*]] -[**-q**|**--quiet**[=*false*]] -[**-s**|**--size**[=*false*]] +[**--no-trunc**] +[**-q**|**--quiet**] +[**-s**|**--size**] # DESCRIPTION diff --git a/docker-pull.1.md b/docker-pull.1.md index c4359fbdadc9..9e0e2ca81802 100644 --- a/docker-pull.1.md +++ b/docker-pull.1.md @@ -6,7 +6,7 @@ docker-pull - Pull an image or a repository from a registry # SYNOPSIS **docker pull** -[**-a**|**--all-tags**[=*false*]] +[**-a**|**--all-tags**] [**--help**] NAME[:TAG] | [REGISTRY_HOST[:REGISTRY_PORT]/]NAME[:TAG] diff --git a/docker-rm.1.md b/docker-rm.1.md index af73b804c97a..d99c1d836bd1 100644 --- a/docker-rm.1.md +++ b/docker-rm.1.md @@ -6,9 +6,9 @@ docker-rm - Remove one or more containers # SYNOPSIS **docker rm** -[**-f**|**--force**[=*false*]] -[**-l**|**--link**[=*false*]] -[**-v**|**--volumes**[=*false*]] +[**-f**|**--force**] +[**-l**|**--link**] +[**-v**|**--volumes**] CONTAINER [CONTAINER...] # DESCRIPTION diff --git a/docker-rmi.1.md b/docker-rmi.1.md index 01dc64f52a5a..35bf8aac6a13 100644 --- a/docker-rmi.1.md +++ b/docker-rmi.1.md @@ -6,9 +6,9 @@ docker-rmi - Remove one or more images # SYNOPSIS **docker rmi** -[**-f**|**--force**[=*false*]] +[**-f**|**--force**] [**--help**] -[**--no-prune**[=*false*]] +[**--no-prune**] IMAGE [IMAGE...] # DESCRIPTION diff --git a/docker-run.1.md b/docker-run.1.md index 17c6e3268b6c..e963d5277edd 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -19,7 +19,7 @@ docker-run - Run a command in a new container [**--cpu-quota**[=*0*]] [**--cpuset-cpus**[=*CPUSET-CPUS*]] [**--cpuset-mems**[=*CPUSET-MEMS*]] -[**-d**|**--detach**[=*false*]] +[**-d**|**--detach**] [**--device**[=*[]*]] [**--device-read-bps**[=*[]*]] [**--device-read-iops**[=*[]*]] @@ -35,7 +35,7 @@ docker-run - Run a command in a new container [**--group-add**[=*[]*]] [**-h**|**--hostname**[=*HOSTNAME*]] [**--help**] -[**-i**|**--interactive**[=*false*]] +[**-i**|**--interactive**] [**--ipc**[=*IPC*]] [**--isolation**[=*default*]] [**--kernel-memory**[=*KERNEL-MEMORY*]] @@ -51,20 +51,20 @@ docker-run - Run a command in a new container [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] [**--name**[=*NAME*]] [**--net**[=*"bridge"*]] -[**--oom-kill-disable**[=*false*]] +[**--oom-kill-disable**] [**--oom-score-adj**[=*0*]] -[**-P**|**--publish-all**[=*false*]] +[**-P**|**--publish-all**] [**-p**|**--publish**[=*[]*]] [**--pid**[=*[]*]] -[**--privileged**[=*false*]] -[**--read-only**[=*false*]] +[**--privileged**] +[**--read-only**] [**--restart**[=*RESTART*]] -[**--rm**[=*false*]] +[**--rm**] [**--security-opt**[=*[]*]] [**--stop-signal**[=*SIGNAL*]] [**--shm-size**[=*[]*]] [**--sig-proxy**[=*true*]] -[**-t**|**--tty**[=*false*]] +[**-t**|**--tty**] [**--tmpfs**[=*[CONTAINER-DIR[:]*]] [**-u**|**--user**[=*USER*]] [**--ulimit**[=*[]*]] diff --git a/docker-search.1.md b/docker-search.1.md index 0b205f4bee02..a95c0237736e 100644 --- a/docker-search.1.md +++ b/docker-search.1.md @@ -6,9 +6,9 @@ docker-search - Search the Docker Hub for images # SYNOPSIS **docker search** -[**--automated**[=*false*]] +[**--automated**] [**--help**] -[**--no-trunc**[=*false*]] +[**--no-trunc**] [**-s**|**--stars**[=*0*]] TERM diff --git a/docker-start.1.md b/docker-start.1.md index 2e1191b09503..678f687f86b5 100644 --- a/docker-start.1.md +++ b/docker-start.1.md @@ -6,9 +6,9 @@ docker-start - Start one or more containers # SYNOPSIS **docker start** -[**-a**|**--attach**[=*false*]] +[**-a**|**--attach**] [**--help**] -[**-i**|**--interactive**[=*false*]] +[**-i**|**--interactive**] CONTAINER [CONTAINER...] # DESCRIPTION diff --git a/docker-stats.1.md b/docker-stats.1.md index 543a88837818..c7fa7d504fd7 100644 --- a/docker-stats.1.md +++ b/docker-stats.1.md @@ -6,9 +6,9 @@ docker-stats - Display a live stream of one or more containers' resource usage s # SYNOPSIS **docker stats** -[**-a**|**--all**[=*false*]] +[**-a**|**--all**] [**--help**] -[**--no-stream**[=*false*]] +[**--no-stream**] [CONTAINER...] # DESCRIPTION From 45ef07d92068ea11f00eb47b10153fc58bdbf95e Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Mon, 28 Dec 2015 19:19:26 +0800 Subject: [PATCH 142/398] Implemet docker update command It's used for updating properties of one or more containers, we only support resource configs for now. It can be extended in the future. Signed-off-by: Qiang Huang --- docker-update.1.md | 93 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 docker-update.1.md diff --git a/docker-update.1.md b/docker-update.1.md new file mode 100644 index 000000000000..a49fbd83d35b --- /dev/null +++ b/docker-update.1.md @@ -0,0 +1,93 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-update - Update resource configs of one or more containers + +# SYNOPSIS +**docker update** +[**--blkio-weight**[=*[BLKIO-WEIGHT]*]] +[**--cpu-shares**[=*0*]] +[**--cpu-period**[=*0*]] +[**--cpu-quota**[=*0*]] +[**--cpuset-cpus**[=*CPUSET-CPUS*]] +[**--cpuset-mems**[=*CPUSET-MEMS*]] +[**--help**] +[**--kernel-memory**[=*KERNEL-MEMORY*]] +[**-m**|**--memory**[=*MEMORY*]] +[**--memory-reservation**[=*MEMORY-RESERVATION*]] +[**--memory-swap**[=*MEMORY-SWAP*]] +CONTAINER [CONTAINER...] + +# DESCRIPTION + +The `docker update` command dynamically updates container resources. Use this +command to prevent containers from consuming too many resources from their +Docker host. With a single command, you can place limits on a single +container or on many. To specify more than one container, provide +space-separated list of container names or IDs. + +With the exception of the `--kernel-memory` value, you can specify these +options on a running or a stopped container. You can only update +`--kernel-memory` on a stopped container. When you run `docker update` on +stopped container, the next time you restart it, the container uses those +values. + +# OPTIONS +**--blkio-weight**=0 + Block IO weight (relative weight) accepts a weight value between 10 and 1000. + +**--cpu-shares**=0 + CPU shares (relative weight) + +**--cpu-period**=0 + Limit the CPU CFS (Completely Fair Scheduler) period + +**--cpu-quota**=0 + Limit the CPU CFS (Completely Fair Scheduler) quota + +**--cpuset-cpus**="" + CPUs in which to allow execution (0-3, 0,1) + +**--cpuset-mems**="" + Memory nodes(MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems. + +**--help** + Print usage statement + +**--kernel-memory**="" + Kernel memory limit (format: `[]`, where unit = b, k, m or g) + + Note that you can not update kernel memory to a running container, it can only +be updated to a stopped container, and affect after it's started. + +**-m**, **--memory**="" + Memory limit (format: , where unit = b, k, m or g) + +**--memory-reservation**="" + Memory soft limit (format: [], where unit = b, k, m or g) + +**--memory-swap**="" + Total memory limit (memory + swap) + +# EXAMPLES + +The following sections illustrate ways to use this command. + +### Update a container with cpu-shares=512 + +To limit a container's cpu-shares to 512, first identify the container +name or ID. You can use **docker ps** to find these values. You can also +use the ID returned from the **docker run** command. Then, do the following: + +```bash +$ docker update --cpu-shares 512 abebf7571666 +``` + +### Update a container with cpu-shares and memory + +To update multiple resource configurations for multiple containers: + +```bash +$ docker update --cpu-shares 512 -m 300M abebf7571666 hopeful_morse +``` From 48e1653650eb2e4c03577489c728cb29ee84ba03 Mon Sep 17 00:00:00 2001 From: Wen Cheng Ma Date: Mon, 28 Dec 2015 16:29:39 +0800 Subject: [PATCH 143/398] Update integration tests when container and image have same name Signed-off-by: Wen Cheng Ma --- docker-inspect.1.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docker-inspect.1.md b/docker-inspect.1.md index 81f48ceedfe6..9babd569acb7 100644 --- a/docker-inspect.1.md +++ b/docker-inspect.1.md @@ -16,8 +16,9 @@ CONTAINER|IMAGE [CONTAINER|IMAGE...] This displays all the information available in Docker for a given container or image. By default, this will render all results in a JSON -array. If a format is specified, the given template will be executed for -each result. +array. If the container and image have the same name, this will return +container JSON for unspecified type. If a format is specified, the given +template will be executed for each result. # OPTIONS **--help** From 6ccfb81d590bc232f96ad8ffb57881e6b1233d2a Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Wed, 30 Dec 2015 09:23:35 +0800 Subject: [PATCH 144/398] Fix docs for memory-swap Fixes: #18894 Signed-off-by: Qiang Huang --- docker-build.1.md | 12 +++++++++--- docker-create.1.md | 13 ++++++++----- docker-run.1.md | 13 ++++++++----- 3 files changed, 25 insertions(+), 13 deletions(-) diff --git a/docker-build.1.md b/docker-build.1.md index 3decabe174de..91f15fe0d470 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -19,7 +19,7 @@ docker-build - Build a new image from the source code at PATH [**--rm**[=*true*]] [**-t**|**--tag**[=*[]*]] [**-m**|**--memory**[=*MEMORY*]] -[**--memory-swap**[=*MEMORY-SWAP*]] +[**--memory-swap**[=*LIMIT*]] [**--shm-size**[=*SHM-SIZE*]] [**--cpu-period**[=*0*]] [**--cpu-quota**[=*0*]] @@ -92,8 +92,14 @@ set as the **URL**, the repository is cloned locally and then sent as the contex **-m**, **--memory**=*MEMORY* Memory limit -**--memory-swap**=*MEMORY-SWAP* - Total memory (memory + swap), '-1' to disable swap. +**--memory-swap**=*LIMIT* + A limit value equal to memory plus swap. Must be used with the **-m** +(**--memory**) flag. The swap `LIMIT` should always be larger than **-m** +(**--memory**) value. + + The format of `LIMIT` is `[]`. Unit can be `b` (bytes), +`k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a +unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. **--shm-size**=*SHM-SIZE* Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. diff --git a/docker-create.1.md b/docker-create.1.md index f35571a356fc..f0499e60f971 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -46,7 +46,7 @@ docker-create - Create a new container [**-m**|**--memory**[=*MEMORY*]] [**--mac-address**[=*MAC-ADDRESS*]] [**--memory-reservation**[=*MEMORY-RESERVATION*]] -[**--memory-swap**[=*MEMORY-SWAP*]] +[**--memory-swap**[=*LIMIT*]] [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] [**--name**[=*NAME*]] [**--net**[=*"bridge"*]] @@ -230,11 +230,14 @@ reservation. So you should always set the value below **--memory**, otherwise th hard limit will take precedence. By default, memory reservation will be the same as memory limit. -**--memory-swap**="" - Total memory limit (memory + swap) +**--memory-swap**="LIMIT" + A limit value equal to memory plus swap. Must be used with the **-m** +(**--memory**) flag. The swap `LIMIT` should always be larger than **-m** +(**--memory**) value. - Set `-1` to disable swap (format: [], where unit = b, k, m or g). -This value should always larger than **-m**, so you should always use this with **-m**. + The format of `LIMIT` is `[]`. Unit can be `b` (bytes), +`k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a +unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. **--memory-swappiness**="" Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. diff --git a/docker-run.1.md b/docker-run.1.md index e963d5277edd..6d787295ec6d 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -47,7 +47,7 @@ docker-run - Run a command in a new container [**-m**|**--memory**[=*MEMORY*]] [**--mac-address**[=*MAC-ADDRESS*]] [**--memory-reservation**[=*MEMORY-RESERVATION*]] -[**--memory-swap**[=*MEMORY-SWAP*]] +[**--memory-swap**[=*LIMIT*]] [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] [**--name**[=*NAME*]] [**--net**[=*"bridge"*]] @@ -327,11 +327,14 @@ reservation. So you should always set the value below **--memory**, otherwise th hard limit will take precedence. By default, memory reservation will be the same as memory limit. -**--memory-swap**="" - Total memory limit (memory + swap) +**--memory-swap**="LIMIT" + A limit value equal to memory plus swap. Must be used with the **-m** +(**--memory**) flag. The swap `LIMIT` should always be larger than **-m** +(**--memory**) value. - Set `-1` to disable swap (format: [], where unit = b, k, m or g). -This value should always larger than **-m**, so you should always use this with **-m**. + The format of `LIMIT` is `[]`. Unit can be `b` (bytes), +`k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a +unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. **--mac-address**="" Container MAC address (e.g. 92:d0:c6:0a:29:33) From 64f5ea4a05be11fd90d8ff55132d98202db3cd0f Mon Sep 17 00:00:00 2001 From: Wen Cheng Ma Date: Thu, 3 Dec 2015 15:16:53 +0800 Subject: [PATCH 145/398] Improvement for docker subcommand's help messages Signed-off-by: Wen Cheng Ma --- docker-ps.1.md | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/docker-ps.1.md b/docker-ps.1.md index 770cd26498a3..0d0cae57920d 100644 --- a/docker-ps.1.md +++ b/docker-ps.1.md @@ -26,16 +26,15 @@ the running containers. Show all containers. Only running containers are shown by default. The default is *false*. **-f**, **--filter**=[] - Provide filter values. Valid filters: - exited= - containers with exit code of - label= or label== - status=(created|restarting|running|paused|exited) - name= - container's name - id= - container's ID - before=(|) - since=(|) - ancestor=([:tag]||) - filters containers that were - created from the given image or a descendant. + Filter output based on these conditions: + - exited= an exit code of + - label= or label== + - status=(created|restarting|running|paused|exited) + - name= a container's name + - id= a container's ID + - before=(|) + - since=(|) + - ancestor=([:tag]||) - containers created from an image or a descendant. **--format**="*TEMPLATE*" Pretty-print containers using a Go template. From fbb4df3acb9b6b0617fb4f3cc49e1b0849cc853e Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Sat, 2 Jan 2016 19:30:31 -0800 Subject: [PATCH 146/398] Creating a man page for the configuration file Signed-off-by: Mary Anthony Adding comments. Fixing bit in daemon Signed-off-by: Mary Anthony Arrrgggh Signed-off-by: Mary Anthony --- config-json.5.md | 72 ++++++++++++++++++++++++++++++++++++++++++++++ docker-daemon.8.md | 2 +- 2 files changed, 73 insertions(+), 1 deletion(-) create mode 100644 config-json.5.md diff --git a/config-json.5.md b/config-json.5.md new file mode 100644 index 000000000000..af274c90a759 --- /dev/null +++ b/config-json.5.md @@ -0,0 +1,72 @@ +% CONFIG.JSON(5) Docker User Manuals +% Docker Community +% JANUARY 2016 +# NAME +HOME/.docker/confg.json - Default Docker configuration file + +# INTRODUCTION + +By default, the Docker command line stores its configuration files in a +directory called `.docker` within your `HOME` directory. Docker manages most of +the files in the configuration directory and you should not modify them. +However, you *can modify* the `config.json` file to control certain aspects of +how the `docker` command behaves. + +Currently, you can modify the `docker` command behavior using environment +variables or command-line options. You can also use options within +`config.json` to modify some of the same behavior. When using these +mechanisms, you must keep in mind the order of precedence among them. Command +line options override environment variables and environment variables override +properties you specify in a `config.json` file. + +The `config.json` file stores a JSON encoding of several properties: + +* The `HttpHeaders` property specifies a set of headers to include in all messages +sent from the Docker client to the daemon. Docker does not try to interpret or +understand these header; it simply puts them into the messages. Docker does not +allow these headers to change any headers it sets for itself. + +* The `psFormat` property specifies the default format for `docker ps` output. +When the `--format` flag is not provided with the `docker ps` command, +Docker's client uses this property. If this property is not set, the client +falls back to the default table format. For a list of supported formatting +directives, see **docker-ps(1)**. + +* The `detachKeys` property specifies the default key sequence which +detaches the container. When the `--detach-keys` flag is not provide +with the `docker attach`, `docker exec`, `docker run` or `docker +start`, Docker's client uses this property. If this property is not +set, the client falls back to the default sequence `ctrl-p,ctrl-q`. + + +* The `imagesFormat` property specifies the default format for `docker images` +output. When the `--format` flag is not provided with the `docker images` +command, Docker's client uses this property. If this property is not set, the +client falls back to the default table format. For a list of supported +formatting directives, see **docker-images(1)**. + +You can specify a different location for the configuration files via the +`DOCKER_CONFIG` environment variable or the `--config` command line option. If +both are specified, then the `--config` option overrides the `DOCKER_CONFIG` +environment variable: + + docker --config ~/testconfigs/ ps + +This command instructs Docker to use the configuration files in the +`~/testconfigs/` directory when running the `ps` command. + +## Examples + +Following is a sample `config.json` file: + + { + "HttpHeaders": { + "MyHeader": "MyValue" + }, + "psFormat": "table {{.ID}}\\t{{.Image}}\\t{{.Command}}\\t{{.Labels}}", + "imagesFormat": "table {{.ID}}\\t{{.Repository}}\\t{{.Tag}}\\t{{.CreatedAt}}", + "detachKeys": "ctrl-e,e" + } + +# HISTORY +January 2016, created by Moxiegirl diff --git a/docker-daemon.8.md b/docker-daemon.8.md index 904ae428abf3..466b80537ca9 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -1,4 +1,4 @@ -% DOCKER(1) Docker User Manuals +% DOCKER(8) Docker User Manuals % Shishir Mahajan % SEPTEMBER 2015 # NAME From bdb2c7102dc6110ab4961ae59a3b00de73e159b3 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Sun, 3 Jan 2016 23:03:39 +0100 Subject: [PATCH 147/398] Implement configurable detach key Implement configurable detach keys (for `attach`, exec`, `run` and `start`) using the client-side configuration - Adds a `--detach-keys` flag to `attach`, `exec`, `run` and `start` commands. - Adds a new configuration field (in `~/.docker/config.json`) to configure the default escape keys for docker client. Signed-off-by: Vincent Demeester --- docker-attach.1.md | 37 +++++++++++++++++++++++++++++++++---- docker-exec.1.md | 6 +++++- docker-run.1.md | 10 ++++++++-- docker-start.1.md | 7 ++++++- docker.1.md | 1 + 5 files changed, 53 insertions(+), 8 deletions(-) diff --git a/docker-attach.1.md b/docker-attach.1.md index 260593201f33..adecceb37fe0 100644 --- a/docker-attach.1.md +++ b/docker-attach.1.md @@ -6,6 +6,7 @@ docker-attach - Attach to a running container # SYNOPSIS **docker attach** +[**--detach-keys**[=*[]*]] [**--help**] [**--no-stdin**] [**--sig-proxy**[=*true*]] @@ -18,15 +19,19 @@ interactively. You can attach to the same contained process multiple times simultaneously, screen sharing style, or quickly view the progress of your detached process. -You can detach from the container (and leave it running) with `CTRL-p CTRL-q` -(for a quiet exit) or `CTRL-c` which will send a `SIGKILL` to the container. -When you are attached to a container, and exit its main process, the process's -exit code will be returned to the client. +To stop a container, use `CTRL-c`. This key sequence sends `SIGKILL` to the +container. You can detach from the container (and leave it running) using a +configurable key sequence. The default sequence is `CTRL-p CTRL-q`. You +configure the key sequence using the **--detach-keys** option or a configuration +file. See **config-json(5)** for documentation on using a configuration file. It is forbidden to redirect the standard input of a `docker attach` command while attaching to a tty-enabled container (i.e.: launched with `-t`). # OPTIONS +**--detach-keys**="" + Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-` where `` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. + **--help** Print usage statement @@ -36,6 +41,30 @@ attaching to a tty-enabled container (i.e.: launched with `-t`). **--sig-proxy**=*true*|*false* Proxy all received signals to the process (non-TTY mode only). SIGCHLD, SIGKILL, and SIGSTOP are not proxied. The default is *true*. +# Override the detach sequence + +If you want, you can configure a override the Docker key sequence for detach. +This is is useful if the Docker default sequence conflicts with key squence you +use for other applications. There are two ways to defines a your own detach key +sequence, as a per-container override or as a configuration property on your +entire configuration. + +To override the sequence for an individual container, use the +`--detach-keys=""` flag with the `docker attach` command. The format of +the `` is either a letter [a-Z], or the `ctrl-` combined with any of +the following: + +* `a-z` (a single lowercase alpha character ) +* `@` (ampersand) +* `[` (left bracket) +* `\\` (two backward slashes) +* `_` (underscore) +* `^` (caret) + +These `a`, `ctrl-a`, `X`, or `ctrl-\\` values are all examples of valid key +sequences. To configure a different configuration default key sequence for all +containers, see **docker(1)**. + # EXAMPLES ## Attaching to a container diff --git a/docker-exec.1.md b/docker-exec.1.md index 388fe81b2c6b..49f6dbc2869f 100644 --- a/docker-exec.1.md +++ b/docker-exec.1.md @@ -7,6 +7,7 @@ docker-exec - Run a command in a running container # SYNOPSIS **docker exec** [**-d**|**--detach**] +[**--detach-keys**[=*[]*]] [**--help**] [**-i**|**--interactive**] [**--privileged**] @@ -26,7 +27,10 @@ container is unpaused, and then run # OPTIONS **-d**, **--detach**=*true*|*false* - Detached mode: run command in the background. The default is *false*. + Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-` where `` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. + +**--detach-keys**="" + Define the key sequence which detaches the container. **--help** Print usage statement diff --git a/docker-run.1.md b/docker-run.1.md index 6d787295ec6d..71790d0aa64a 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -20,6 +20,7 @@ docker-run - Run a command in a new container [**--cpuset-cpus**[=*CPUSET-CPUS*]] [**--cpuset-mems**[=*CPUSET-MEMS*]] [**-d**|**--detach**] +[**--detach-keys**[=*[]*]] [**--device**[=*[]*]] [**--device-read-bps**[=*[]*]] [**--device-read-iops**[=*[]*]] @@ -190,8 +191,13 @@ the other shell to view a list of the running containers. You can reattach to a detached container with **docker attach**. If you choose to run a container in the detached mode, then you cannot use the **-rm** option. - When attached in the tty mode, you can detach from a running container without -stopping the process by pressing the keys CTRL-P CTRL-Q. + When attached in the tty mode, you can detach from the container (and leave it +running) using a configurable key sequence. The default sequence is `CTRL-p CTRL-q`. +You configure the key sequence using the **--detach-keys** option or a configuration file. +See **config-json(5)** for documentation on using a configuration file. + +**--detach-keys**="" + Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-` where `` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. **--device**=[] Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) diff --git a/docker-start.1.md b/docker-start.1.md index 678f687f86b5..c00b0a166817 100644 --- a/docker-start.1.md +++ b/docker-start.1.md @@ -7,6 +7,7 @@ docker-start - Start one or more containers # SYNOPSIS **docker start** [**-a**|**--attach**] +[**--detach-keys**[=*[]*]] [**--help**] [**-i**|**--interactive**] CONTAINER [CONTAINER...] @@ -17,7 +18,11 @@ Start one or more containers. # OPTIONS **-a**, **--attach**=*true*|*false* - Attach container's STDOUT and STDERR and forward all signals to the process. The default is *false*. + Attach container's STDOUT and STDERR and forward all signals to the + process. The default is *false*. + +**--detach-keys**="" + Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-` where `` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. **--help** Print usage statement diff --git a/docker.1.md b/docker.1.md index fc7cd58a65f1..83e57affa2c3 100644 --- a/docker.1.md +++ b/docker.1.md @@ -223,6 +223,7 @@ inside it) Block until a container stops, then print its exit code See **docker-wait(1)** for full documentation on the **wait** command. + # EXEC DRIVER OPTIONS Use the **--exec-opt** flags to specify options to the execution driver. The only From fa6a47f67b11fb539eb6cb0fe17d90fb1ae42f80 Mon Sep 17 00:00:00 2001 From: Alexander Morozov Date: Mon, 7 Dec 2015 09:55:33 -0800 Subject: [PATCH 148/398] Add ability to set cgroup parent for all containers Fix #18022 Signed-off-by: Alexander Morozov --- docker-daemon.8.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker-daemon.8.md b/docker-daemon.8.md index 466b80537ca9..269268a1d150 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -10,6 +10,7 @@ docker-daemon - Enable daemon mode [**--authz-plugin**[=*[]*]] [**-b**|**--bridge**[=*BRIDGE*]] [**--bip**[=*BIP*]] +[**--cgroup-parent**[=*/docker*]] [**--cluster-store**[=*[]*]] [**--cluster-advertise**[=*[]*]] [**--cluster-store-opt**[=*map[]*]] @@ -80,6 +81,9 @@ format. **--bip**="" Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of \-b +**--cgroup-parent**="" + Set parent cgroup for all containers. Default is "/docker". + **--cluster-store**="" URL of the distributed storage backend From edd468a12ea230ab53d8d13870277868b0b782b6 Mon Sep 17 00:00:00 2001 From: Alexander Morozov Date: Wed, 6 Jan 2016 13:59:01 -0800 Subject: [PATCH 149/398] Choose default-cgroup parent by cgroup driver It's "/docker" for cgroupfs and "system.slice" for systemd. Fix #19140 Signed-off-by: Alexander Morozov --- docker-daemon.8.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-daemon.8.md b/docker-daemon.8.md index 269268a1d150..8001c72d658b 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -10,7 +10,7 @@ docker-daemon - Enable daemon mode [**--authz-plugin**[=*[]*]] [**-b**|**--bridge**[=*BRIDGE*]] [**--bip**[=*BIP*]] -[**--cgroup-parent**[=*/docker*]] +[**--cgroup-parent**[=*[]*]] [**--cluster-store**[=*[]*]] [**--cluster-advertise**[=*[]*]] [**--cluster-store-opt**[=*map[]*]] @@ -82,7 +82,7 @@ format. Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of \-b **--cgroup-parent**="" - Set parent cgroup for all containers. Default is "/docker". + Set parent cgroup for all containers. Default is "/docker" for fs cgroup driver and "system.slice" for systemd cgroup driver. **--cluster-store**="" URL of the distributed storage backend From 1afd87e578e19b802b17c41a5bd35fdb743768fb Mon Sep 17 00:00:00 2001 From: Shishir Mahajan Date: Thu, 7 Jan 2016 11:08:30 -0500 Subject: [PATCH 150/398] man page fix: remove -e/--exec-drive=native related description Signed-off-by: Shishir Mahajan --- docker.1.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/docker.1.md b/docker.1.md index 83e57affa2c3..f2bb68f2ce45 100644 --- a/docker.1.md +++ b/docker.1.md @@ -226,10 +226,8 @@ inside it) # EXEC DRIVER OPTIONS -Use the **--exec-opt** flags to specify options to the execution driver. The only -runtime that accepts any options is Linux. As a -result, you must also specify **-s=**native for this option to have effect. The -following is the only *native* option: +Use the **--exec-opt** flags to specify options to the execution driver. +The following options are available: #### native.cgroupdriver Specifies the management of the container's `cgroups`. You can specify From 4aa3cb7ed35fbe0395cb0be03cd6bfe66f768fd7 Mon Sep 17 00:00:00 2001 From: Kim Eik Date: Tue, 27 Oct 2015 21:12:33 +0100 Subject: [PATCH 151/398] Added additional container information to "docker info". Instead of just showing the number of containers this patch will show the number of running, paused and stopped containers as well. Signed-off-by: Kim Eik (cherry picked from commit a9804ab1cb117a132cbf460067d55f5146d50956) --- docker-info.1.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docker-info.1.md b/docker-info.1.md index ae04e49edf4f..0dc46c14ed9d 100644 --- a/docker-info.1.md +++ b/docker-info.1.md @@ -32,6 +32,9 @@ Here is a sample output: # docker info Containers: 14 + Running: 3 + Paused: 1 + Stopped: 10 Images: 52 Server Version: 1.9.0 Storage Driver: aufs From ca0d4100c933b0eae4ce3089899f6a9a9850c570 Mon Sep 17 00:00:00 2001 From: Lei Jitang Date: Mon, 11 Jan 2016 20:13:39 -0500 Subject: [PATCH 152/398] Add docker network connect/disconnect to non-running container Signed-off-by: Lei Jitang --- docker-network-connect.1.md | 2 +- docker-network-disconnect.1.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-network-connect.1.md b/docker-network-connect.1.md index 6a77bfef467b..e61874c80a54 100644 --- a/docker-network-connect.1.md +++ b/docker-network-connect.1.md @@ -11,7 +11,7 @@ NETWORK CONTAINER # DESCRIPTION -Connects a running container to a network. You can connect a container by name +Connects a container to a network. You can connect a container by name or by ID. Once connected, the container can communicate with other containers in the same network. diff --git a/docker-network-disconnect.1.md b/docker-network-disconnect.1.md index 81b0387d85c7..bfe85ad23a97 100644 --- a/docker-network-disconnect.1.md +++ b/docker-network-disconnect.1.md @@ -11,7 +11,7 @@ NETWORK CONTAINER # DESCRIPTION -Disconnects a container from a network. The container must be running to disconnect it from the network. +Disconnects a container from a network. ```bash $ docker network disconnect multi-host-network container1 From 7c854f43901db483553705f93300979299053ac5 Mon Sep 17 00:00:00 2001 From: Phil Estes Date: Fri, 8 Jan 2016 10:07:46 -0500 Subject: [PATCH 153/398] Add daemon documentation on user namespaces feature Remove the experimental docs for user namespaces and add similar content to the `docker daemon` command documentation. Docker-DCO-1.1-Signed-off-by: Phil Estes (github: estesp) --- docker-daemon.8.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker-daemon.8.md b/docker-daemon.8.md index 8001c72d658b..8e4a3acc0b49 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -53,6 +53,7 @@ docker-daemon - Enable daemon mode [**--tlskey**[=*~/.docker/key.pem*]] [**--tlsverify**] [**--userland-proxy**[=*true*]] +[**--userns-remap**[=*default*]] # DESCRIPTION **docker** has two distinct functions. It is used for starting the Docker @@ -223,6 +224,9 @@ unix://[/path/to/socket] to use. **--userland-proxy**=*true*|*false* Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is true. +**--userns-remap**=*default*|*uid:gid*|*user:group*|*user*|*uid* + Enable user namespaces for containers on the daemon. Specifying "default" will cause a new user and group to be created to handle UID and GID range remapping for the user namespace mappings used for contained processes. Specifying a user (or uid) and optionally a group (or gid) will cause the daemon to lookup the user and group's subordinate ID ranges for use as the user namespace mappings for contained processes. + # STORAGE DRIVER OPTIONS Docker uses storage backends (known as "graphdrivers" in the Docker From 716f3601be1644eca85c14974e4ea64307e72b98 Mon Sep 17 00:00:00 2001 From: Chun Chen Date: Mon, 28 Dec 2015 10:15:50 +0800 Subject: [PATCH 154/398] Add network interal mode Signed-off-by: Chun Chen Signed-off-by: David Calavera --- docker-network-create.1.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docker-network-create.1.md b/docker-network-create.1.md index 4d0782b697b8..1c876d6b24d0 100644 --- a/docker-network-create.1.md +++ b/docker-network-create.1.md @@ -10,6 +10,7 @@ docker-network-create - create a new network [**-d**|**--driver**=*DRIVER*] [**--gateway**=*[]*] [**--help**] +[**--internal**] [**--ip-range**=*[]*] [**--ipam-driver**=*default*] [**-o**|**--opt**=*map[]*] @@ -120,6 +121,11 @@ docker network create -d overlay ``` Be sure that your subnetworks do not overlap. If they do, the network create fails and Engine returns an error. +### Network internal mode + +By default, when you connect a container to an `overlay` network, Docker also connects a bridge network to it to provide external connectivity. +If you want to create an externally isolated `overlay` network, you can specify the `--internal` option. + # OPTIONS **--aux-address**=map[] Auxiliary ipv4 or ipv6 addresses used by network driver @@ -133,6 +139,9 @@ Be sure that your subnetworks do not overlap. If they do, the network create fai **--help** Print usage +**--internal** + Restricts external access to the network + **--ip-range**=[] Allocate container ip from a sub-range From b86510e894f0810973a14be4a9f542dfb9dd750a Mon Sep 17 00:00:00 2001 From: Shishir Mahajan Date: Tue, 12 Jan 2016 13:44:13 -0500 Subject: [PATCH 155/398] daemon option (--storage-opt dm.basesize) for increasing the base device size on daemon restart Signed-off-by: Shishir Mahajan --- docker-daemon.8.md | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/docker-daemon.8.md b/docker-daemon.8.md index 8e4a3acc0b49..a65874749e15 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -271,12 +271,22 @@ Example use: `docker daemon --storage-opt dm.thinpooldev=/dev/mapper/thin-pool` #### dm.basesize Specifies the size to use when creating the base device, which limits -the size of images and containers. The default value is 100G. Note, -thin devices are inherently "sparse", so a 100G device which is mostly -empty doesn't use 100 GB of space on the pool. However, the filesystem +the size of images and containers. The default value is 10G. Note, +thin devices are inherently "sparse", so a 10G device which is mostly +empty doesn't use 10 GB of space on the pool. However, the filesystem will use more space for base images the larger the device is. +The base device size can be increased at daemon restart which will allow +all future images and containers (based on those new images) to be of the +new base device size. + +Example use: `docker daemon --storage-opt dm.basesize=50G` + +This will increase the base device size to 50G. The Docker daemon will throw an +error if existing base device size is larger than 50G. A user can use +this option to expand the base device size however shrinking is not permitted. + This value affects the system-wide "base" empty filesystem that may already be initialized and inherited by pulled images. Typically, a change to this value requires additional steps to take effect: From 422798e436445dd9ef16ed317e70219a5e17dcc7 Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Tue, 12 Jan 2016 19:38:18 -0500 Subject: [PATCH 156/398] Rename authz to authorization for greater clarity Signed-off-by: Tibor Vass --- docker-daemon.8.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docker-daemon.8.md b/docker-daemon.8.md index a65874749e15..94a31a3df7d0 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -7,7 +7,7 @@ docker-daemon - Enable daemon mode # SYNOPSIS **docker daemon** [**--api-cors-header**=[=*API-CORS-HEADER*]] -[**--authz-plugin**[=*[]*]] +[**--authorization-plugin**[=*[]*]] [**-b**|**--bridge**[=*BRIDGE*]] [**--bip**[=*BIP*]] [**--cgroup-parent**[=*[]*]] @@ -73,7 +73,7 @@ format. **--api-cors-header**="" Set CORS headers in the remote API. Default is cors disabled. Give urls like "http://foo, http://bar, ...". Give "*" to allow all. -**--authz-plugin**="" +**--authorization-plugin**="" Set authorization plugins to load **-b**, **--bridge**="" @@ -483,10 +483,10 @@ Key/Value store. Docker's access authorization can be extended by authorization plugins that your organization can purchase or build themselves. You can install one or more authorization plugins when you start the Docker `daemon` using the -`--authz-plugin=PLUGIN_ID` option. +`--authorization-plugin=PLUGIN_ID` option. ```bash -docker daemon --authz-plugin=plugin1 --authz-plugin=plugin2,... +docker daemon --authorization-plugin=plugin1 --authorization-plugin=plugin2,... ``` The `PLUGIN_ID` value is either the plugin's name or a path to its specification From 3049e51a549813bd7be9b42c0dade5ac0b4ef2bd Mon Sep 17 00:00:00 2001 From: Alessandro Boch Date: Mon, 11 Jan 2016 18:03:40 -0800 Subject: [PATCH 157/398] Add missing documentation for static IP options Signed-off-by: Alessandro Boch --- docker-create.1.md | 12 ++++++++++++ docker-network-connect.1.md | 22 +++++++++++++++++----- docker-run.1.md | 12 ++++++++++++ 3 files changed, 41 insertions(+), 5 deletions(-) diff --git a/docker-create.1.md b/docker-create.1.md index f0499e60f971..ca859bd66d6c 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -35,6 +35,8 @@ docker-create - Create a new container [**-h**|**--hostname**[=*HOSTNAME*]] [**--help**] [**-i**|**--interactive**] +[**--ip**[=*IPv4-ADDRESS*]] +[**--ip6**[=*IPv6-ADDRESS*]] [**--ipc**[=*IPC*]] [**--isolation**[=*default*]] [**--kernel-memory**[=*KERNEL-MEMORY*]] @@ -174,6 +176,16 @@ two memory nodes. **-i**, **--interactive**=*true*|*false* Keep STDIN open even if not attached. The default is *false*. +**--ip**="" + Sets the container's interface IPv4 address (e.g. 172.23.0.9) + + It can only be used in conjunction with **--net** for user-defined networks + +**--ip6**="" + Sets the container's interface IPv6 address (e.g. 2001:db8::1b99) + + It can only be used in conjunction with **--net** for user-defined networks + **--ipc**="" Default is to create a private IPC namespace (POSIX SysV IPC) for the container 'container:': reuses another container shared memory, semaphores and message queues diff --git a/docker-network-connect.1.md b/docker-network-connect.1.md index e61874c80a54..0fc4d4cf49fb 100644 --- a/docker-network-connect.1.md +++ b/docker-network-connect.1.md @@ -22,14 +22,26 @@ $ docker network connect multi-host-network container1 You can also use the `docker run --net=` option to start a container and immediately connect it to a network. ```bash -$ docker run -itd --net=multi-host-network busybox +$ docker run -itd --net=multi-host-network --ip 172.20.88.22 --ip6 2001:db8::8822 busybox ``` You can pause, restart, and stop containers that are connected to a network. -Paused containers remain connected and a revealed by a `network inspect`. When -the container is stopped, it does not appear on the network until you restart -it. The container's IP address is not guaranteed to remain the same when a -stopped container rejoins the network. +Paused containers remain connected and can be revealed by a `network inspect`. +When the container is stopped, it does not appear on the network until you restart +it. If specified, the container's IP address(es) will be reapplied (if still available) +when a stopped container rejoins the network. One way to guarantee that the container +will be assigned the same IP addresses when it rejoins the network after a stop +or a disconnect, is to specify the `--ip-range` when creating the network, and choose +the static IP address(es) from outside the range. This will ensure that the IP address +will not be given to other dynamic containers while this container is not on the network. + +```bash +$ docker network create --subnet 172.20.0.0/16 --ip-range 172.20.240.0/20 multi-host-network +``` + +```bash +$ docker network connect --ip 172.20.128.2 multi-host-network container2 +``` To verify the container is connected, use the `docker network inspect` command. Use `docker network disconnect` to remove a container from the network. diff --git a/docker-run.1.md b/docker-run.1.md index 71790d0aa64a..c639b1438055 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -37,6 +37,8 @@ docker-run - Run a command in a new container [**-h**|**--hostname**[=*HOSTNAME*]] [**--help**] [**-i**|**--interactive**] +[**--ip**[=*IPv4-ADDRESS*]] +[**--ip6**[=*IPv6-ADDRESS*]] [**--ipc**[=*IPC*]] [**--isolation**[=*default*]] [**--kernel-memory**[=*KERNEL-MEMORY*]] @@ -274,6 +276,16 @@ redirection on the host system. When set to true, keep stdin open even if not attached. The default is false. +**--ip**="" + Sets the container's interface IPv4 address (e.g. 172.23.0.9) + + It can only be used in conjunction with **--net** for user-defined networks + +**--ip6**="" + Sets the container's interface IPv6 address (e.g. 2001:db8::1b99) + + It can only be used in conjunction with **--net** for user-defined networks + **--ipc**="" Default is to create a private IPC namespace (POSIX SysV IPC) for the container 'container:': reuses another container shared memory, semaphores and message queues From 79c8a65718e3352fe1736b3ac837b57be7fade87 Mon Sep 17 00:00:00 2001 From: Madhu Venugopal Date: Tue, 12 Jan 2016 20:56:36 -0800 Subject: [PATCH 158/398] Forced endpoint cleanup docker's network disconnect api now supports `Force` option which can be used to force cleanup an endpoint from any host in the cluster. Signed-off-by: Madhu Venugopal --- docker-network-disconnect.1.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker-network-disconnect.1.md b/docker-network-disconnect.1.md index bfe85ad23a97..09bcac51b056 100644 --- a/docker-network-disconnect.1.md +++ b/docker-network-disconnect.1.md @@ -7,6 +7,7 @@ docker-network-disconnect - disconnect a container from a network # SYNOPSIS **docker network disconnect** [**--help**] +[**--force**] NETWORK CONTAINER # DESCRIPTION @@ -25,6 +26,9 @@ Disconnects a container from a network. **CONTAINER** Specify container name +**--force** + Force the container to disconnect from a network + **--help** Print usage statement From 4b28c05bc3a44d30b8d9a90a6c9fb05e9c0593a8 Mon Sep 17 00:00:00 2001 From: Wen Cheng Ma Date: Thu, 14 Jan 2016 13:46:59 +0800 Subject: [PATCH 159/398] Add network ID to container inspect Fixes issue #19089 Signed-off-by: Wen Cheng Ma --- docker-inspect.1.md | 38 ++++++++++++++++++++++++++------------ 1 file changed, 26 insertions(+), 12 deletions(-) diff --git a/docker-inspect.1.md b/docker-inspect.1.md index 9babd569acb7..05c60787ea10 100644 --- a/docker-inspect.1.md +++ b/docker-inspect.1.md @@ -72,22 +72,36 @@ To get information on a container use its ID or instance name: "Image": "ded7cd95e059788f2586a51c275a4f151653779d6a7f4dad77c2bd34601d94e4", "NetworkSettings": { "Bridge": "", - "EndpointID": "", - "Gateway": "", - "GlobalIPv6Address": "", - "GlobalIPv6PrefixLen": 0, + "SandboxID": "6b4851d1903e16dd6a567bd526553a86664361f31036eaaa2f8454d6f4611f6f", "HairpinMode": false, - "IPAddress": "", - "IPPrefixLen": 0, - "IPv6Gateway": "", "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, - "MacAddress": "", - "NetworkID": "", - "Ports": null, - "SandboxKey": "", + "Ports": {}, + "SandboxKey": "/var/run/docker/netns/6b4851d1903e", "SecondaryIPAddresses": null, - "SecondaryIPv6Addresses": null + "SecondaryIPv6Addresses": null, + "EndpointID": "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d", + "Gateway": "172.17.0.1", + "GlobalIPv6Address": "", + "GlobalIPv6PrefixLen": 0, + "IPAddress": "172.17.0.2", + "IPPrefixLen": 16, + "IPv6Gateway": "", + "MacAddress": "02:42:ac:12:00:02", + "Networks": { + "bridge": { + "NetworkID": "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812", + "EndpointID": "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d", + "Gateway": "172.17.0.1", + "IPAddress": "172.17.0.2", + "IPPrefixLen": 16, + "IPv6Gateway": "", + "GlobalIPv6Address": "", + "GlobalIPv6PrefixLen": 0, + "MacAddress": "02:42:ac:12:00:02" + } + } + }, "ResolvConfPath": "/var/lib/docker/containers/d2cc496561d6d520cbc0236b4ba88c362c446a7619992123f11c809cded25b47/resolv.conf", "HostnamePath": "/var/lib/docker/containers/d2cc496561d6d520cbc0236b4ba88c362c446a7619992123f11c809cded25b47/hostname", From 33c90c269311dd4ef877267cbea1d3c83c158f24 Mon Sep 17 00:00:00 2001 From: Madhu Venugopal Date: Fri, 8 Jan 2016 05:45:56 -0800 Subject: [PATCH 160/398] Network scoped alias support Signed-off-by: Madhu Venugopal --- docker-create.1.md | 4 ++++ docker-run.1.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/docker-create.1.md b/docker-create.1.md index ca859bd66d6c..08074ac43176 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -52,6 +52,7 @@ docker-create - Create a new container [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] [**--name**[=*NAME*]] [**--net**[=*"bridge"*]] +[**--net-alias**[=*[]*]] [**--oom-kill-disable**] [**--oom-score-adj**[=*0*]] [**-P**|**--publish-all**] @@ -265,6 +266,9 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. 'host': use the Docker host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. '|': connect to a user-defined network +**--net-alias**=[] + Add network-scoped alias for the container + **--oom-kill-disable**=*true*|*false* Whether to disable OOM Killer for the container or not. diff --git a/docker-run.1.md b/docker-run.1.md index c639b1438055..ea9b0b816867 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -54,6 +54,7 @@ docker-run - Run a command in a new container [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] [**--name**[=*NAME*]] [**--net**[=*"bridge"*]] +[**--net-alias**[=*[]*]] [**--oom-kill-disable**] [**--oom-score-adj**[=*0*]] [**-P**|**--publish-all**] @@ -383,6 +384,9 @@ and foreground Docker containers. 'host': use the Docker host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. '|': connect to a user-defined network +**--net-alias**=[] + Add network-scoped alias for the container + **--oom-kill-disable**=*true*|*false* Whether to disable OOM Killer for the container or not. From 8dbba9e5150b323ed5d4025dc3d110d81035b45c Mon Sep 17 00:00:00 2001 From: Ryan Belgrave Date: Fri, 23 Oct 2015 15:28:39 -0400 Subject: [PATCH 161/398] Add IPAM Config Options to match libnetwork Signed-off-by: Ryan Belgrave --- docker-network-create.1.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker-network-create.1.md b/docker-network-create.1.md index 1c876d6b24d0..c560f7a5f35d 100644 --- a/docker-network-create.1.md +++ b/docker-network-create.1.md @@ -13,6 +13,7 @@ docker-network-create - create a new network [**--internal**] [**--ip-range**=*[]*] [**--ipam-driver**=*default*] +[**--ipam-opt**=*map[]*] [**-o**|**--opt**=*map[]*] [**--subnet**=*[]*] NETWORK-NAME @@ -148,6 +149,9 @@ If you want to create an externally isolated `overlay` network, you can specify **--ipam-driver**=*default* IP Address Management Driver +**--ipam-opt**=map[] + Set custom IPAM plugin options + **-o**, **--opt**=map[] Set custom network plugin options From bd7f6fc3da1ac4cc47e76936928d57eafe42e2d8 Mon Sep 17 00:00:00 2001 From: David Calavera Date: Thu, 10 Dec 2015 18:35:10 -0500 Subject: [PATCH 162/398] Allow to set daemon and server configurations in a file. Read configuration after flags making this the priority: 1- Apply configuration from file. 2- Apply configuration from flags. Reload configuration when a signal is received, USR2 in Linux: - Reload router if the debug configuration changes. - Reload daemon labels. - Reload cluster discovery. Signed-off-by: David Calavera --- docker-daemon.8.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker-daemon.8.md b/docker-daemon.8.md index 94a31a3df7d0..02adaeda9111 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -14,6 +14,7 @@ docker-daemon - Enable daemon mode [**--cluster-store**[=*[]*]] [**--cluster-advertise**[=*[]*]] [**--cluster-store-opt**[=*map[]*]] +[**--config-file**[=*/etc/docker/daemon.json*]] [**-D**|**--debug**] [**--default-gateway**[=*DEFAULT-GATEWAY*]] [**--default-gateway-v6**[=*DEFAULT-GATEWAY-V6*]] @@ -96,6 +97,9 @@ format. **--cluster-store-opt**="" Specifies options for the Key/Value store. +**--config-file**="/etc/docker/daemon.json" + Specifies the JSON file path to load the configuration from. + **-D**, **--debug**=*true*|*false* Enable debug mode. Default is false. From efe1db8286ae0edea887241bc5d4d2b46baaaab5 Mon Sep 17 00:00:00 2001 From: Wen Cheng Ma Date: Mon, 28 Dec 2015 12:56:57 +0800 Subject: [PATCH 163/398] Add Subnets info for user-defined network * If user doesn't specify the subnets to create a network, it will pick subnets from inside preferred pool. This PR aims to inspect these subnets info * Add integration tests for docker inspect the subnets. * docker-py project is already synchronized. * jenkins checks depend on https://github.com/docker/docker-py/pull/888 Fixes issue #18626 Signed-off-by: Wen Cheng Ma --- docker-network-inspect.1.md | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/docker-network-inspect.1.md b/docker-network-inspect.1.md index 889967ae8559..ceba3688fe3c 100644 --- a/docker-network-inspect.1.md +++ b/docker-network-inspect.1.md @@ -12,7 +12,7 @@ NETWORK [NETWORK...] # DESCRIPTION -Returns information about one or more networks. By default, this command renders all results in a JSON object. For example, if you connect two containers to a network: +Returns information about one or more networks. By default, this command renders all results in a JSON object. For example, if you connect two containers to the default `bridge` network: ```bash $ sudo docker run -itd --name=container1 busybox @@ -73,6 +73,33 @@ $ sudo docker network inspect bridge ] ``` +Returns the information about the user-defined network: + +```bash +$ docker network create simple-network +69568e6336d8c96bbf57869030919f7c69524f71183b44d80948bd3927c87f6a +$ docker network inspect simple-network +[ + { + "Name": "simple-network", + "Id": "69568e6336d8c96bbf57869030919f7c69524f71183b44d80948bd3927c87f6a", + "Scope": "local", + "Driver": "bridge", + "IPAM": { + "Driver": "default", + "Config": [ + { + "Subnet": "172.22.0.0/16", + "Gateway": "172.22.0.1/16" + } + ] + }, + "Containers": {}, + "Options": {} + } +] +``` + # OPTIONS **-f**, **--format**="" Format the output using the given go template. From 26b01ec5288adb32436a0bba7ff459f302d0c26b Mon Sep 17 00:00:00 2001 From: Kareem Khazem Date: Wed, 13 Jan 2016 16:34:18 +0000 Subject: [PATCH 164/398] Added `dead` to docs for docker ps -f status=... It is possible to invoke `docker ps -f status=dead`, but the documentation for docker-ps does not mention `dead` as a valid option. This commit fixes that. Signed-off-by: Kareem Khazem --- docker-ps.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-ps.1.md b/docker-ps.1.md index 0d0cae57920d..91d1b2173373 100644 --- a/docker-ps.1.md +++ b/docker-ps.1.md @@ -29,7 +29,7 @@ the running containers. Filter output based on these conditions: - exited= an exit code of - label= or label== - - status=(created|restarting|running|paused|exited) + - status=(created|restarting|running|paused|exited|dead) - name= a container's name - id= a container's ID - before=(|) From 3bb809db2c4df4566d21f1e930feaec02f2f01a0 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Thu, 21 Jan 2016 21:57:53 -0500 Subject: [PATCH 165/398] On container rm, don't remove named mountpoints This makes it so when calling `docker run --rm`, or `docker rm -v`, only volumes specified without a name, e.g. `docker run -v /foo` instead of `docker run -v awesome:/foo` are removed. Note that all volumes are named, some are named by the user, some get a generated name. This is specifically about how the volume was specified on `run`, assuming that if the user specified it with a name they expect it to persist after the container is cleaned up. Signed-off-by: Brian Goff --- docker-rm.1.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/docker-rm.1.md b/docker-rm.1.md index d99c1d836bd1..9ae3142a6c6c 100644 --- a/docker-rm.1.md +++ b/docker-rm.1.md @@ -48,6 +48,22 @@ command. The use that name as follows: docker rm hopeful_morse +## Removing a container and all associated volumes + + $ docker rm -v redis + redis + +This command will remove the container and any volumes associated with it. +Note that if a volume was specified with a name, it will not be removed. + + $ docker create -v awesome:/foo -v /bar --name hello redis + hello + $ docker rm -v hello + +In this example, the volume for `/foo` will remain in tact, but the volume for +`/bar` will be removed. The same behavior holds for volumes inherited with +`--volumes-from`. + # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. From 18b8b865959e5447e6f8d61b2d8c464bec47deb8 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Tue, 26 Jan 2016 15:53:11 -0500 Subject: [PATCH 166/398] Add note about mount propagation on systemd Signed-off-by: Brian Goff --- docker-create.1.md | 8 ++++++++ docker-run.1.md | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/docker-create.1.md b/docker-create.1.md index 08074ac43176..e92e36c24bbd 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -411,6 +411,14 @@ will convert /foo into a `shared` mount point. Alternatively one can directly change propagation properties of source mount. Say `/` is source mount for `/foo`, then use `mount --make-shared /` to convert `/` into a `shared` mount. +> **Note**: +> When using systemd to manage the Docker daemon's start and stop, in the systemd +> unit file there is an option to control mount propagation for the Docker daemon +> itself, called `MountFlags`. The value of this setting may cause Docker to not +> see mount propagation changes made on the mount point. For example, if this value +> is `slave`, you may not be able to use the `shared` or `rshared` propagation on +> a volume. + **--volume-driver**="" Container's volume driver. This driver creates volumes specified either from a Dockerfile's `VOLUME` instruction or from the `docker run -v` flag. diff --git a/docker-run.1.md b/docker-run.1.md index ea9b0b816867..f1de10e273a2 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -582,6 +582,14 @@ will convert /foo into a `shared` mount point. Alternatively one can directly change propagation properties of source mount. Say `/` is source mount for `/foo`, then use `mount --make-shared /` to convert `/` into a `shared` mount. +> **Note**: +> When using systemd to manage the Docker daemon's start and stop, in the systemd +> unit file there is an option to control mount propagation for the Docker daemon +> itself, called `MountFlags`. The value of this setting may cause Docker to not +> see mount propagation changes made on the mount point. For example, if this value +> is `slave`, you may not be able to use the `shared` or `rshared` propagation on +> a volume. + **--volume-driver**="" Container's volume driver. This driver creates volumes specified either from a Dockerfile's `VOLUME` instruction or from the `docker run -v` flag. From c01cdd730a416df7312a12fc8fa9036a77da363e Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Mon, 25 Jan 2016 14:48:23 -0800 Subject: [PATCH 167/398] Move tar copy-up for tmpfs mounts We cannot rely on the tar command for this type of operation because tar versions, flags, and functionality can very from distro to distro. Since this is in the container execution path it is not safe to have this as a dependency from dockers POV where the user cannot change the fact that docker is adding these pre and post mount commands. Signed-off-by: Michael Crosby --- docker-create.1.md | 5 +---- docker-run.1.md | 5 +---- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/docker-create.1.md b/docker-create.1.md index e92e36c24bbd..a45eef7d638c 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -319,10 +319,7 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. $ docker run -d --tmpfs /tmp:rw,size=787448k,mode=1777 my_image - This command mounts a `tmpfs` at `/tmp` within the container. The mount copies -the underlying content of `my_image` into `/tmp`. For example if there was a -directory `/tmp/content` in the base image, docker will copy this directory and -all of its content on top of the tmpfs mounted on `/tmp`. The supported mount + This command mounts a `tmpfs` at `/tmp` within the container. The supported mount options are the same as the Linux default `mount` flags. If you do not specify any options, the systems uses the following options: `rw,noexec,nosuid,nodev,size=65536k`. diff --git a/docker-run.1.md b/docker-run.1.md index f1de10e273a2..ab668e62aeec 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -490,10 +490,7 @@ standard input. $ docker run -d --tmpfs /tmp:rw,size=787448k,mode=1777 my_image - This command mounts a `tmpfs` at `/tmp` within the container. The mount copies -the underlying content of `my_image` into `/tmp`. For example if there was a -directory `/tmp/content` in the base image, docker will copy this directory and -all of its content on top of the tmpfs mounted on `/tmp`. The supported mount + This command mounts a `tmpfs` at `/tmp` within the container. The supported mount options are the same as the Linux default `mount` flags. If you do not specify any options, the systems uses the following options: `rw,noexec,nosuid,nodev,size=65536k`. From 5c1eff2ca439ab63932f4be5d86b6b752f1664ff Mon Sep 17 00:00:00 2001 From: Bryan Boreham Date: Tue, 26 Jan 2016 14:43:07 +0000 Subject: [PATCH 168/398] Improve wording about re-assigning IP addresses Signed-off-by: Bryan Boreham --- docker-network-connect.1.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/docker-network-connect.1.md b/docker-network-connect.1.md index 0fc4d4cf49fb..d6ee15939117 100644 --- a/docker-network-connect.1.md +++ b/docker-network-connect.1.md @@ -28,12 +28,14 @@ $ docker run -itd --net=multi-host-network --ip 172.20.88.22 --ip6 2001:db8::882 You can pause, restart, and stop containers that are connected to a network. Paused containers remain connected and can be revealed by a `network inspect`. When the container is stopped, it does not appear on the network until you restart -it. If specified, the container's IP address(es) will be reapplied (if still available) -when a stopped container rejoins the network. One way to guarantee that the container -will be assigned the same IP addresses when it rejoins the network after a stop -or a disconnect, is to specify the `--ip-range` when creating the network, and choose -the static IP address(es) from outside the range. This will ensure that the IP address -will not be given to other dynamic containers while this container is not on the network. +it. + +If specified, the container's IP address(es) is reapplied when a stopped +container is restarted. If the IP address is no longer available, the container +fails to start. One way to guarantee that the IP address is available is +to specify an `--ip-range` when creating the network, and choose the static IP +address(es) from outside that range. This ensures that the IP address is not +given to another container while this container is not on the network. ```bash $ docker network create --subnet 172.20.0.0/16 --ip-range 172.20.240.0/20 multi-host-network From f8f354678e08364579daaaef088826e1c58e4a9a Mon Sep 17 00:00:00 2001 From: Wen Cheng Ma Date: Mon, 18 Jan 2016 13:02:10 +0800 Subject: [PATCH 169/398] docs: document options for default network driver Fixes issue #18410 Signed-off-by: Wen Cheng Ma --- docker-network-create.1.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-network-create.1.md b/docker-network-create.1.md index c560f7a5f35d..e1fea9f3674d 100644 --- a/docker-network-create.1.md +++ b/docker-network-create.1.md @@ -150,10 +150,10 @@ If you want to create an externally isolated `overlay` network, you can specify IP Address Management Driver **--ipam-opt**=map[] - Set custom IPAM plugin options + Set custom IPAM driver options **-o**, **--opt**=map[] - Set custom network plugin options + Set custom driver options **--subnet**=[] Subnet in CIDR format that represents a network segment From ea42c4ecc844c704c6dbf96093a88bb91275ee42 Mon Sep 17 00:00:00 2001 From: Wen Cheng Ma Date: Fri, 29 Jan 2016 13:54:28 +0800 Subject: [PATCH 170/398] Change container name to id as actual results Signed-off-by: Wen Cheng Ma --- docker-stats.1.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker-stats.1.md b/docker-stats.1.md index c7fa7d504fd7..520466b5b8a2 100644 --- a/docker-stats.1.md +++ b/docker-stats.1.md @@ -31,9 +31,9 @@ Running `docker stats` on all running containers $ docker stats CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O - redis1 0.07% 796 KB / 64 MB 1.21% 788 B / 648 B 3.568 MB / 512 KB - redis2 0.07% 2.746 MB / 64 MB 4.29% 1.266 KB / 648 B 12.4 MB / 0 B - nginx1 0.03% 4.583 MB / 64 MB 6.30% 2.854 KB / 648 B 27.7 MB / 0 B + 1285939c1fd3 0.07% 796 KB / 64 MB 1.21% 788 B / 648 B 3.568 MB / 512 KB + 9c76f7834ae2 0.07% 2.746 MB / 64 MB 4.29% 1.266 KB / 648 B 12.4 MB / 0 B + d1ea048f04e4 0.03% 4.583 MB / 64 MB 6.30% 2.854 KB / 648 B 27.7 MB / 0 B Running `docker stats` on multiple containers by name and id. From ae918a19033fadd328a1049542d784d69d6786a5 Mon Sep 17 00:00:00 2001 From: Vincent Woo Date: Sun, 13 Dec 2015 02:10:41 -0800 Subject: [PATCH 171/398] Allow disabling of colored Docker logs via daemon flag. Signed-off-by: Vincent Woo Signed-off-by: David Calavera --- docker-daemon.8.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docker-daemon.8.md b/docker-daemon.8.md index 02adaeda9111..051c9e074823 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -44,6 +44,7 @@ docker-daemon - Enable daemon mode [**--log-opt**[=*map[]*]] [**--mtu**[=*0*]] [**-p**|**--pidfile**[=*/var/run/docker.pid*]] +[**--raw-logs**] [**--registry-mirror**[=*[]*]] [**-s**|**--storage-driver**[=*STORAGE-DRIVER*]] [**--selinux-enabled**] @@ -197,6 +198,11 @@ unix://[/path/to/socket] to use. **-p**, **--pidfile**="" Path to use for daemon PID file. Default is `/var/run/docker.pid` +**--raw-logs** +Output daemon logs in full timestamp format without ANSI coloring. If this flag is not set, +the daemon outputs condensed, colorized logs if a terminal is detected, or full ("raw") +output otherwise. + **--registry-mirror**=*://* Prepend a registry mirror to be used for image pulls. May be specified multiple times. From 17172c9aa95561fe6b4030f06f5cd90145855854 Mon Sep 17 00:00:00 2001 From: "Kai Qiang Wu(Kennan)" Date: Tue, 2 Feb 2016 05:57:59 +0000 Subject: [PATCH 172/398] Correct old virtual size In new content addressable model, image no longer have virtual size column, it is now 'size'. So we need to update related docs about them. Signed-off-by: Kai Qiang Wu(Kennan) --- docker-images.1.md | 2 +- docker-load.1.md | 4 ++-- docker-pull.1.md | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docker-images.1.md b/docker-images.1.md index 75355ac5c0e5..8410280a1df3 100644 --- a/docker-images.1.md +++ b/docker-images.1.md @@ -70,7 +70,7 @@ To list the images in a local repository (not the registry) run: The list will contain the image repository name, a tag for the image, and an image ID, when it was created and its virtual size. Columns: REPOSITORY, TAG, -IMAGE ID, CREATED, and VIRTUAL SIZE. +IMAGE ID, CREATED, and SIZE. The `docker images` command takes an optional `[REPOSITORY[:TAG]]` argument that restricts the list to images that match the argument. If you specify diff --git a/docker-load.1.md b/docker-load.1.md index 508ab6bbb9ba..75ae84e6c5d9 100644 --- a/docker-load.1.md +++ b/docker-load.1.md @@ -25,11 +25,11 @@ Restores both images and tags. # EXAMPLES $ docker images - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + REPOSITORY TAG IMAGE ID CREATED SIZE busybox latest 769b9341d937 7 weeks ago 2.489 MB $ docker load --input fedora.tar $ docker images - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + REPOSITORY TAG IMAGE ID CREATED SIZE busybox latest 769b9341d937 7 weeks ago 2.489 MB fedora rawhide 0d20aec6529d 7 weeks ago 387 MB fedora 20 58394af37342 7 weeks ago 385.5 MB diff --git a/docker-pull.1.md b/docker-pull.1.md index 9e0e2ca81802..338ee5d713ca 100644 --- a/docker-pull.1.md +++ b/docker-pull.1.md @@ -43,7 +43,7 @@ Note that if the image is previously downloaded then the status would be Status: Downloaded newer image for fedora $ docker images - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + REPOSITORY TAG IMAGE ID CREATED SIZE fedora rawhide ad57ef8d78d7 5 days ago 359.3 MB fedora 20 105182bb5e8b 5 days ago 372.7 MB fedora heisenbug 105182bb5e8b 5 days ago 372.7 MB @@ -60,7 +60,7 @@ Note that if the image is previously downloaded then the status would be Status: Downloaded newer image for debian:latest $ docker images - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + REPOSITORY TAG IMAGE ID CREATED SIZE debian latest 4a5e6db8c069 5 days ago 125.1 MB @@ -77,7 +77,7 @@ Note that if the image is previously downloaded then the status would be Status: Downloaded newer image for registry.hub.docker.com/fedora:20 $ docker images - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + REPOSITORY TAG IMAGE ID CREATED SIZE fedora 20 3f2fed40e4b0 4 days ago 372.7 MB From a567eae33a003db787e3ead694f2c04d26afbc56 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 1 Feb 2016 16:07:57 +0100 Subject: [PATCH 173/398] Add note about legacy links Signed-off-by: Sebastiaan van Stijn --- docker-run.1.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docker-run.1.md b/docker-run.1.md index ab668e62aeec..210343e3e46c 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -759,6 +759,12 @@ Create a 3rd container using the new --ipc=container:CONTAINERID option, now it ## Linking Containers +> **Note**: This section describes linking between containers on the +> default (bridge) network, also known as "legacy links". Using `--link` +> on user-defined networks uses the DNS-based discovery, which does not add +> entries to `/etc/hosts`, and does not set environment variables for +> discovery. + The link feature allows multiple containers to communicate with each other. For example, a container whose Dockerfile has exposed port 80 can be run and named as follows: From d15652c5332047b0dd69bca6cd0bc30bdc6440c8 Mon Sep 17 00:00:00 2001 From: Chun Chen Date: Fri, 15 Jan 2016 15:31:12 +0800 Subject: [PATCH 174/398] Display `internal` flag on `network inspect` Also adds internal network tests for bridge network Signed-off-by: Chun Chen --- docker-network-inspect.1.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-network-inspect.1.md b/docker-network-inspect.1.md index ceba3688fe3c..da4e7c355037 100644 --- a/docker-network-inspect.1.md +++ b/docker-network-inspect.1.md @@ -45,6 +45,7 @@ $ sudo docker network inspect bridge } ] }, + "Internal": false, "Containers": { "bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727": { "Name": "container2", From b3f4a8e538f3e5b65681de9f60b7b719b396163f Mon Sep 17 00:00:00 2001 From: "Tom X. Tobin" Date: Fri, 5 Feb 2016 09:41:35 -0500 Subject: [PATCH 175/398] Fix typo in config-json man page In the NAME section: "confg.json" -> "config.json" Signed-off-by: Tom X. Tobin --- config-json.5.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config-json.5.md b/config-json.5.md index af274c90a759..7e0b64094800 100644 --- a/config-json.5.md +++ b/config-json.5.md @@ -2,7 +2,7 @@ % Docker Community % JANUARY 2016 # NAME -HOME/.docker/confg.json - Default Docker configuration file +HOME/.docker/config.json - Default Docker configuration file # INTRODUCTION From 9e09a07647943992b8968a922ba1b36998066afa Mon Sep 17 00:00:00 2001 From: "Tom X. Tobin" Date: Fri, 5 Feb 2016 16:47:57 -0500 Subject: [PATCH 176/398] Fix mention of at sign in docs The at sign (`@`) was being referred to in the documentation as an ampersand (`&`). Signed-off-by: Tom X. Tobin --- docker-attach.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-attach.1.md b/docker-attach.1.md index adecceb37fe0..c78f4fbb1b36 100644 --- a/docker-attach.1.md +++ b/docker-attach.1.md @@ -55,7 +55,7 @@ the `` is either a letter [a-Z], or the `ctrl-` combined with any of the following: * `a-z` (a single lowercase alpha character ) -* `@` (ampersand) +* `@` (at sign) * `[` (left bracket) * `\\` (two backward slashes) * `_` (underscore) From a678fd48854184ab340747bb3ba09501cb22352d Mon Sep 17 00:00:00 2001 From: Evan Allrich Date: Sat, 6 Feb 2016 09:39:20 -0600 Subject: [PATCH 177/398] Adding --format= flag Signed-off-by: Evan Allrich --- docker-inspect.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-inspect.1.md b/docker-inspect.1.md index 05c60787ea10..6bb6a5809d95 100644 --- a/docker-inspect.1.md +++ b/docker-inspect.1.md @@ -209,7 +209,7 @@ To get information on a container use its ID or instance name: To get the IP address of a container use: - $ docker inspect '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' d2cc496561d6 + $ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' d2cc496561d6 172.17.0.2 ## Listing all port bindings From 439645ff868fcda94d6f370f8371ead0a175b57b Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Wed, 10 Feb 2016 09:03:20 -0500 Subject: [PATCH 178/398] Add a parent man page for docker volumes command It is difficult to gather information about docker volumes command without a parent man page. This man page attempts to explain docker volumes and then references the command man pages. Signed-off-by: Dan Walsh --- docker-volume.1.md | 62 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 docker-volume.1.md diff --git a/docker-volume.1.md b/docker-volume.1.md new file mode 100644 index 000000000000..c4569bf01afe --- /dev/null +++ b/docker-volume.1.md @@ -0,0 +1,62 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% Feb 2016 +# NAME +docker-volume - Create a new volume + +# SYNOPSIS +**docker volume** [OPTIONS] COMMAND +[**--help**] + +# DESCRIPTION + +docker volume command manages content volumes for docker containers. + +## Data volumes + +A *data volume* is a specially-designated directory within one or more +containers. + +Data volumes provide several useful features for persistent or shared data: + +Volumes are initialized when a container is created. If the container's +base image contains data at the specified mount point, that existing data is +copied into the new volume upon volume initialization. (Note that this does +not apply when [mounting a host directory](#mount-a-host-directory-as-a-data-volume).) + +Data volumes can be shared and reused among containers. + +Changes to a data volume are made directly. + +Changes to a data volume will not be included when you update an image. + +Data volumes persist even if the container itself is deleted. + +Data volumes are designed to persist data, independent of the container's life +cycle. Docker therefore *never* automatically deletes volumes when you remove +a container, nor will it "garbage collect" volumes that are no longer +referenced by a container. + +# OPTIONS +**--help** + Print usage statement + +# COMMANDS +**create** + Create a volume + See **docker-volume-create(1)** for full documentation on the **create** command. + +**inspect** + Return low-level information on a volume + See **docker-volume-inspect(1)** for full documentation on the **inspect** command. + +**ls** + List volumes + See **docker-volume-ls(1)** for full documentation on the **ls** command. + +**rm** + Remove a volume + See **docker-volume-rm(1)** for full documentation on the **rm** command. + +# HISTORY +Feb 2016, created by Dan Walsh From 4eabc1bceb98354f6acbf52e4c80ae8c43927f24 Mon Sep 17 00:00:00 2001 From: Aidan Hobson Sayers Date: Fri, 12 Feb 2016 01:42:15 +0000 Subject: [PATCH 179/398] Add docs for --ipv6 option, also add --internal as appropriate Signed-off-by: Aidan Hobson Sayers --- docker-network-create.1.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker-network-create.1.md b/docker-network-create.1.md index e1fea9f3674d..e2c34bff1794 100644 --- a/docker-network-create.1.md +++ b/docker-network-create.1.md @@ -14,6 +14,7 @@ docker-network-create - create a new network [**--ip-range**=*[]*] [**--ipam-driver**=*default*] [**--ipam-opt**=*map[]*] +[**--ipv6**] [**-o**|**--opt**=*map[]*] [**--subnet**=*[]*] NETWORK-NAME @@ -152,6 +153,9 @@ If you want to create an externally isolated `overlay` network, you can specify **--ipam-opt**=map[] Set custom IPAM driver options +**--ipv6** + Enable IPv6 networking + **-o**, **--opt**=map[] Set custom driver options From ea40c965a1f72e0ba0dae44fe07d77e89cde43d4 Mon Sep 17 00:00:00 2001 From: Vishnu kannan Date: Wed, 3 Feb 2016 18:10:48 -0800 Subject: [PATCH 180/398] Expose docker's root directory by default as part of `docker info`. Signed-off-by: Vishnu kannan --- docker-info.1.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/docker-info.1.md b/docker-info.1.md index 0dc46c14ed9d..93004a83c904 100644 --- a/docker-info.1.md +++ b/docker-info.1.md @@ -51,7 +51,14 @@ Here is a sample output: Architecture: x86_64 CPUs: 1 Total Memory: 2 GiB - + Name: docker + ID: I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S + Docker Root Dir: /var/lib/docker + Debug mode (client): false + Debug mode (server): false + Username: xyz + Registry: https://index.docker.io/v1/ + # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. From 4724a7efaf9a8d5eb5c0b18deafdc365da6a0a34 Mon Sep 17 00:00:00 2001 From: Cedric Davies Date: Mon, 25 Jan 2016 14:49:52 -0800 Subject: [PATCH 181/398] Windows: Add ETW logging driver plug-in Signed-off-by: Cedric Davies --- docker-create.1.md | 2 +- docker-daemon.8.md | 2 +- docker-run.1.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docker-create.1.md b/docker-create.1.md index a45eef7d638c..36f0d94ef34a 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -214,7 +214,7 @@ millions of trillions. Add link to another container in the form of :alias or just in which case the alias will match the name. -**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*none*" +**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. **Warning**: the `docker logs` command works only for the `json-file` and `journald` logging drivers. diff --git a/docker-daemon.8.md b/docker-daemon.8.md index 051c9e074823..7584c91bd13c 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -185,7 +185,7 @@ unix://[/path/to/socket] to use. **--label**="[]" Set key=value labels to the daemon (displayed in `docker info`) -**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*none*" +**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*none*" Default driver for container logs. Default is `json-file`. **Warning**: `docker logs` command works only for `json-file` logging driver. diff --git a/docker-run.1.md b/docker-run.1.md index 210343e3e46c..90e3ebdf44af 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -320,7 +320,7 @@ container can access the exposed port via a private networking interface. Docker will set some environment variables in the client container to help indicate which interface and port to use. -**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*none*" +**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. **Warning**: the `docker logs` command works only for the `json-file` and `journald` logging drivers. From 75f109fcfb9dae057f1cbd9d69c5deaa722379eb Mon Sep 17 00:00:00 2001 From: Zhang Wei Date: Wed, 17 Feb 2016 11:55:56 +0800 Subject: [PATCH 182/398] Fix docs Fix wrong descriptions in docs Signed-off-by: Zhang Wei --- docker-exec.1.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-exec.1.md b/docker-exec.1.md index 49f6dbc2869f..16a061d06929 100644 --- a/docker-exec.1.md +++ b/docker-exec.1.md @@ -27,10 +27,10 @@ container is unpaused, and then run # OPTIONS **-d**, **--detach**=*true*|*false* - Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-` where `` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. + Detached mode: run command in the background. The default is *false*. **--detach-keys**="" - Define the key sequence which detaches the container. + Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-` where `` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. **--help** Print usage statement From fcb77b2174f55ce340ef94d86dc9ff0e472991af Mon Sep 17 00:00:00 2001 From: Andrew Macpherson Date: Fri, 19 Feb 2016 15:13:34 +0000 Subject: [PATCH 183/398] Document .Names format placeholder in docker-ps man page, fixes #20503. Signed-off-by: Andrew Macpherson --- docker-ps.1.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-ps.1.md b/docker-ps.1.md index 91d1b2173373..6e1fe9a6c0c5 100644 --- a/docker-ps.1.md +++ b/docker-ps.1.md @@ -47,6 +47,7 @@ the running containers. .Ports - Exposed ports. .Status - Container status. .Size - Container disk size. + .Names - Container names. .Labels - All labels assigned to the container. .Label - Value of a specific label for this container. For example `{{.Label "com.docker.swarm.cpu"}}` From e13d00e422dbec29d32368f9f7bf0a1c467ac5f7 Mon Sep 17 00:00:00 2001 From: Zhang Wei Date: Mon, 4 Jan 2016 23:58:20 +0800 Subject: [PATCH 184/398] Update RestartPolicy of container Add `--restart` flag for `update` command, so we can change restart policy for a container no matter it's running or stopped. Signed-off-by: Zhang Wei --- docker-update.1.md | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/docker-update.1.md b/docker-update.1.md index a49fbd83d35b..87849ef8d5b6 100644 --- a/docker-update.1.md +++ b/docker-update.1.md @@ -2,7 +2,7 @@ % Docker Community % JUNE 2014 # NAME -docker-update - Update resource configs of one or more containers +docker-update - Update configuration of one or more containers # SYNOPSIS **docker update** @@ -17,15 +17,16 @@ docker-update - Update resource configs of one or more containers [**-m**|**--memory**[=*MEMORY*]] [**--memory-reservation**[=*MEMORY-RESERVATION*]] [**--memory-swap**[=*MEMORY-SWAP*]] +[**--restart**[=*""*]] CONTAINER [CONTAINER...] # DESCRIPTION -The `docker update` command dynamically updates container resources. Use this -command to prevent containers from consuming too many resources from their -Docker host. With a single command, you can place limits on a single -container or on many. To specify more than one container, provide -space-separated list of container names or IDs. +The `docker update` command dynamically updates container configuration. +you can Use this command to prevent containers from consuming too many +resources from their Docker host. With a single command, you can place +limits on a single container or on many. To specify more than one container, +provide space-separated list of container names or IDs. With the exception of the `--kernel-memory` value, you can specify these options on a running or a stopped container. You can only update @@ -33,6 +34,10 @@ options on a running or a stopped container. You can only update stopped container, the next time you restart it, the container uses those values. +Another configuration you can change with this command is restart policy, +new restart policy will take effect instantly after you run `docker update` +on a container. + # OPTIONS **--blkio-weight**=0 Block IO weight (relative weight) accepts a weight value between 10 and 1000. @@ -70,6 +75,9 @@ be updated to a stopped container, and affect after it's started. **--memory-swap**="" Total memory limit (memory + swap) +**--restart**="" + Restart policy to apply when a container exits (no, on-failure[:max-retry], always, unless-stopped). + # EXAMPLES The following sections illustrate ways to use this command. @@ -91,3 +99,10 @@ To update multiple resource configurations for multiple containers: ```bash $ docker update --cpu-shares 512 -m 300M abebf7571666 hopeful_morse ``` + +### Update a container's restart policy + +To update restart policy for one or more containers: +```bash +$ docker update --restart=on-failure:3 abebf7571666 hopeful_morse +``` From 6dc30c4b8d57ad90be94418dc4d4bf833f44c2ff Mon Sep 17 00:00:00 2001 From: Zhu Guihua Date: Fri, 19 Feb 2016 14:13:52 +0800 Subject: [PATCH 185/398] fix storage driver options in man page Signed-off-by: Zhu Guihua --- docker-daemon.8.md | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/docker-daemon.8.md b/docker-daemon.8.md index 7584c91bd13c..9b2fda47fde8 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -244,9 +244,10 @@ internals) to create writable containers from images. Many of these backends use operating system level technologies and can be configured. -Specify options to the storage backend with **--storage-opt** flags. The only -backend that currently takes options is *devicemapper*. Therefore use these -flags with **-s=**devicemapper. +Specify options to the storage backend with **--storage-opt** flags. The +backends that currently take options are *devicemapper* and *zfs*. +Options for *devicemapper* are prefixed with *dm* and options for *zfs* +start with *zfs*. Specifically for devicemapper, the default is a "loopback" model which requires no pre-configuration, but is extremely inefficient. Do not @@ -258,7 +259,7 @@ more information see `man lvmthin`. Then, use `--storage-opt dm.thinpooldev` to tell the Docker engine to use that pool for allocating images and container snapshots. -Here is the list of *devicemapper* options: +##Devicemapper options: #### dm.thinpooldev @@ -464,6 +465,16 @@ this topic, see Otherwise, set this flag for migrating existing Docker daemons to a daemon with a supported environment. +##ZFS options + +#### zfs.fsname + +Set zfs filesystem under which docker will create its own datasets. +By default docker will pick up the zfs filesystem where docker graph +(`/var/lib/docker`) is located. + +Example use: `docker daemon -s zfs --storage-opt zfs.fsname=zroot/docker` + # CLUSTER STORE OPTIONS The daemon uses libkv to advertise From 33275391872ea5521c1b4598cbf16bde321cc6ec Mon Sep 17 00:00:00 2001 From: Stefan Weil Date: Mon, 22 Feb 2016 20:22:20 +0100 Subject: [PATCH 186/398] Fix some typos in comments and strings Most of them were found and fixed by codespell. Signed-off-by: Stefan Weil --- docker-logs.1.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-logs.1.md b/docker-logs.1.md index 21501dc51db4..f910b53574f0 100644 --- a/docker-logs.1.md +++ b/docker-logs.1.md @@ -42,9 +42,9 @@ logging drivers. **--tail**="*all*" Output the specified number of lines at the end of logs (defaults to all logs) -The `--since` option can be Unix timestamps, date formated timestamps, or Go +The `--since` option can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the client machine’s -time. Supported formats for date formated time stamps include RFC3339Nano, +time. Supported formats for date formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, `2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local timezone on the client will be used if you do not provide either a `Z` or a `+-00:00` timezone offset at the From 45621c221f429c54801a465b87a4021d274bf568 Mon Sep 17 00:00:00 2001 From: Zhu Guihua Date: Tue, 23 Feb 2016 16:09:44 +0800 Subject: [PATCH 187/398] Fix markdown style error in man page Signed-off-by: Zhu Guihua --- docker-daemon.8.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-daemon.8.md b/docker-daemon.8.md index 9b2fda47fde8..c7ab68628be9 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -259,7 +259,7 @@ more information see `man lvmthin`. Then, use `--storage-opt dm.thinpooldev` to tell the Docker engine to use that pool for allocating images and container snapshots. -##Devicemapper options: +## Devicemapper options #### dm.thinpooldev @@ -465,7 +465,7 @@ this topic, see Otherwise, set this flag for migrating existing Docker daemons to a daemon with a supported environment. -##ZFS options +## ZFS options #### zfs.fsname From 230d30afa17dbe27544c6540dbc72a3df67163e1 Mon Sep 17 00:00:00 2001 From: David Calavera Date: Wed, 3 Feb 2016 17:46:01 -0500 Subject: [PATCH 188/398] Add mounts to docker ps. - Allow to filter containers by volume with `--filter volume=name` and `filter volume=/dest`. - Show their names in the list with the custom format `{{ .Mounts }}`. Signed-off-by: David Calavera --- docker-ps.1.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/docker-ps.1.md b/docker-ps.1.md index 6e1fe9a6c0c5..f56796648752 100644 --- a/docker-ps.1.md +++ b/docker-ps.1.md @@ -35,6 +35,7 @@ the running containers. - before=(|) - since=(|) - ancestor=([:tag]||) - containers created from an image or a descendant. + - volume=(|) **--format**="*TEMPLATE*" Pretty-print containers using a Go template. @@ -50,6 +51,7 @@ the running containers. .Names - Container names. .Labels - All labels assigned to the container. .Label - Value of a specific label for this container. For example `{{.Label "com.docker.swarm.cpu"}}` + .Mounts - Names of the volumes mounted in this container. **--help** Print usage statement @@ -118,6 +120,18 @@ the running containers. c1d3b0166030 debian 41d50ecd2f57 fedora +# Display containers with `remote-volume` mounted + + $ docker ps --filter volume=remote-volume --format "table {{.ID}}\t{{.Mounts}}" + CONTAINER ID MOUNTS + 9c3527ed70ce remote-volume + +# Display containers with a volume mounted in `/data` + + $ docker ps --filter volume=/data --format "table {{.ID}}\t{{.Mounts}}" + CONTAINER ID MOUNTS + 9c3527ed70ce remote-volume + # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. From 28d962a75b9f91c3b8b168b4be56ad45fc6adefe Mon Sep 17 00:00:00 2001 From: Jian Zhang Date: Thu, 25 Feb 2016 09:48:21 +0800 Subject: [PATCH 189/398] Fix some flaws in man. Signed-off-by: Jian Zhang --- docker-cp.1.md | 4 ++-- docker-events.1.md | 2 +- docker-import.1.md | 2 +- docker-network-ls.1.md | 12 ++++++------ docker-network-rm.1.md | 2 +- docker-rm.1.md | 10 +++++----- 6 files changed, 16 insertions(+), 16 deletions(-) diff --git a/docker-cp.1.md b/docker-cp.1.md index bd15625e1b75..eda3b36031bb 100644 --- a/docker-cp.1.md +++ b/docker-cp.1.md @@ -20,7 +20,7 @@ You can copy from the container's file system to the local machine or the reverse, from the local filesystem to the container. If `-` is specified for either the `SRC_PATH` or `DEST_PATH`, you can also stream a tar archive from `STDIN` or to `STDOUT`. The `CONTAINER` can be a running or stopped container. -The `SRC_PATH` or `DEST_PATH` be a file or directory. +The `SRC_PATH` or `DEST_PATH` can be a file or directory. The `docker cp` command assumes container paths are relative to the container's `/` (root) directory. This means supplying the initial forward slash is optional; @@ -82,7 +82,7 @@ It is not possible to copy certain system files such as resources under Using `-` as the `SRC_PATH` streams the contents of `STDIN` as a tar archive. The command extracts the content of the tar to the `DEST_PATH` in container's filesystem. In this case, `DEST_PATH` must specify a directory. Using `-` as -`DEST_PATH` streams the contents of the resource as a tar archive to `STDOUT`. +the `DEST_PATH` streams the contents of the resource as a tar archive to `STDOUT`. # OPTIONS **-L**, **--follow-link**=*true*|*false* diff --git a/docker-events.1.md b/docker-events.1.md index fb8d7b00b8e2..4d0bff25c539 100644 --- a/docker-events.1.md +++ b/docker-events.1.md @@ -39,7 +39,7 @@ and Docker images will report: The `--since` and `--until` parameters can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed -relative to the client machine’s time. If you do not provide the --since option, +relative to the client machine’s time. If you do not provide the `--since` option, the command returns only new and/or live events. Supported formats for date formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, `2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local diff --git a/docker-import.1.md b/docker-import.1.md index 0509dd0d677e..43d65efe6a80 100644 --- a/docker-import.1.md +++ b/docker-import.1.md @@ -39,7 +39,7 @@ Import to docker via pipe and stdin: # cat exampleimage.tgz | docker import - example/imagelocal -Import with a commit message +Import with a commit message. # cat exampleimage.tgz | docker import --message "New image imported from tarball" - exampleimagelocal:new diff --git a/docker-network-ls.1.md b/docker-network-ls.1.md index ceca40573c53..56a8334ae412 100644 --- a/docker-network-ls.1.md +++ b/docker-network-ls.1.md @@ -89,7 +89,7 @@ NETWORK ID NAME DRIVER You can also filter for a substring in a name as this shows: ```bash -$ docker ps --filter name=foo +$ docker network ls --filter name=foo NETWORK ID NAME DRIVER 95e74588f40d foo bridge 06e7eef0a170 foobar bridge @@ -99,8 +99,8 @@ NETWORK ID NAME DRIVER The `id` filter matches on all or part of a network's ID. -The following filter matches all networks with a name containing the -`06e7eef01700` string. +The following filter matches all networks with an ID containing the +`63d1ff1f77b0...` string. ```bash $ docker network ls --filter id=63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161 @@ -108,14 +108,14 @@ NETWORK ID NAME DRIVER 63d1ff1f77b0 dev bridge ``` -You can also filter for a substring in a ID as this shows: +You can also filter for a substring in an ID as this shows: ```bash -$ docker ps --filter id=95e74588f40d +$ docker network ls --filter id=95e74588f40d NETWORK ID NAME DRIVER 95e74588f40d foo bridge -$ docker ps --filter id=95e +$ docker network ls --filter id=95e NETWORK ID NAME DRIVER 95e74588f40d foo bridge ``` diff --git a/docker-network-rm.1.md b/docker-network-rm.1.md index 7f8e3dae53e3..c094a1528619 100644 --- a/docker-network-rm.1.md +++ b/docker-network-rm.1.md @@ -20,7 +20,7 @@ To remove the network named 'my-network': ``` To delete multiple networks in a single `docker network rm` command, provide -multiple network names or id's. The following example deletes a network with id +multiple network names or ids. The following example deletes a network with id `3695c422697f` and a network named `my-network`: ```bash diff --git a/docker-rm.1.md b/docker-rm.1.md index 9ae3142a6c6c..2105288d0d15 100644 --- a/docker-rm.1.md +++ b/docker-rm.1.md @@ -50,15 +50,15 @@ command. The use that name as follows: ## Removing a container and all associated volumes - $ docker rm -v redis - redis + $ docker rm -v redis + redis This command will remove the container and any volumes associated with it. Note that if a volume was specified with a name, it will not be removed. - $ docker create -v awesome:/foo -v /bar --name hello redis - hello - $ docker rm -v hello + $ docker create -v awesome:/foo -v /bar --name hello redis + hello + $ docker rm -v hello In this example, the volume for `/foo` will remain in tact, but the volume for `/bar` will be removed. The same behavior holds for volumes inherited with From 8a1e3187f49ef37a4cd5b275b33202d8e1c4c6a7 Mon Sep 17 00:00:00 2001 From: Ken Cochrane Date: Mon, 29 Feb 2016 17:51:36 -0800 Subject: [PATCH 190/398] Remove email address field from login This removes the email prompt when you use docker login, and also removes the ability to register via the docker cli. Docker login, will strictly be used for logging into a registry server. Signed-off-by: Ken Cochrane --- docker-login.1.md | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/docker-login.1.md b/docker-login.1.md index c32a49b07528..ea899376441b 100644 --- a/docker-login.1.md +++ b/docker-login.1.md @@ -2,26 +2,25 @@ % Docker Community % JUNE 2014 # NAME -docker-login - Register or log in to a Docker registry. +docker-login - Log in to a Docker registry. # SYNOPSIS **docker login** -[**-e**|**--email**[=*EMAIL*]] [**--help**] [**-p**|**--password**[=*PASSWORD*]] [**-u**|**--username**[=*USERNAME*]] [SERVER] # DESCRIPTION -Register or log in to a Docker Registry located on the specified +Log in to a Docker Registry located on the specified `SERVER`. You can specify a URL or a `hostname` for the `SERVER` value. If you do not specify a `SERVER`, the command uses Docker's public registry located at `https://registry-1.docker.io/` by default. To get a username/password for Docker's public registry, create an account on Docker Hub. -`docker login` requires user to use `sudo` or be `root`, except when: +`docker login` requires user to use `sudo` or be `root`, except when: 1. connecting to a remote daemon, such as a `docker-machine` provisioned `docker engine`. -2. user is added to the `docker` group. This will impact the security of your system; the `docker` group is `root` equivalent. See [Docker Daemon Attack Surface](https://docs.docker.com/articles/security/#docker-daemon-attack-surface) for details. +2. user is added to the `docker` group. This will impact the security of your system; the `docker` group is `root` equivalent. See [Docker Daemon Attack Surface](https://docs.docker.com/articles/security/#docker-daemon-attack-surface) for details. You can log into any public or private repository for which you have credentials. When you log in, the command stores encoded credentials in @@ -31,9 +30,6 @@ credentials. When you log in, the command stores encoded credentials in > # OPTIONS -**-e**, **--email**="" - Email - **--help** Print usage statement From fefcd370cfa26f043cf223b06303cc50df5894f0 Mon Sep 17 00:00:00 2001 From: Mike Danese Date: Fri, 18 Dec 2015 09:43:32 -0800 Subject: [PATCH 191/398] daemon/logger: Add logging driver for Google Cloud Logging Signed-off-by: Mike Danese --- docker-create.1.md | 2 +- docker-daemon.8.md | 2 +- docker-run.1.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docker-create.1.md b/docker-create.1.md index 36f0d94ef34a..6a2640d205ac 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -214,7 +214,7 @@ millions of trillions. Add link to another container in the form of :alias or just in which case the alias will match the name. -**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*none*" +**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. **Warning**: the `docker logs` command works only for the `json-file` and `journald` logging drivers. diff --git a/docker-daemon.8.md b/docker-daemon.8.md index c7ab68628be9..9f699c7124d4 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -185,7 +185,7 @@ unix://[/path/to/socket] to use. **--label**="[]" Set key=value labels to the daemon (displayed in `docker info`) -**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*none*" +**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*" Default driver for container logs. Default is `json-file`. **Warning**: `docker logs` command works only for `json-file` logging driver. diff --git a/docker-run.1.md b/docker-run.1.md index 90e3ebdf44af..bf75fb68ef4f 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -320,7 +320,7 @@ container can access the exposed port via a private networking interface. Docker will set some environment variables in the client container to help indicate which interface and port to use. -**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*none*" +**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. **Warning**: the `docker logs` command works only for the `json-file` and `journald` logging drivers. From b4e1d2cd43a3b32c5e6489381ebc94ca50b5fcd4 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 1 Mar 2016 17:28:42 +0100 Subject: [PATCH 192/398] Remove some references to "register" through login These were left-overs from the now deprecated and removed functionality to registrer a new account through "docker login" Signed-off-by: Sebastiaan van Stijn --- docker-logout.1.md | 2 +- docker.1.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-logout.1.md b/docker-logout.1.md index d11698679813..a8a4b7c3c09a 100644 --- a/docker-logout.1.md +++ b/docker-logout.1.md @@ -24,7 +24,7 @@ There are no available options. # docker logout localhost:8080 # See also -**docker-login(1)** to register or log in to a Docker registry server. +**docker-login(1)** to log in to a Docker registry server. # HISTORY June 2014, Originally compiled by Daniel, Dao Quang Minh (daniel at nitrous dot io) diff --git a/docker.1.md b/docker.1.md index f2bb68f2ce45..f59f98abdf91 100644 --- a/docker.1.md +++ b/docker.1.md @@ -132,7 +132,7 @@ inside it) See **docker-load(1)** for full documentation on the **load** command. **login** - Register or login to a Docker Registry + Log in to a Docker Registry See **docker-login(1)** for full documentation on the **login** command. **logout** From 4a012e2d36010b33351f6df2b7d60d2c73325914 Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Thu, 18 Feb 2016 18:10:31 +0800 Subject: [PATCH 193/398] Add CgroupDriver to docker info Fixes: #19539 Signed-off-by: Qiang Huang --- docker-info.1.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-info.1.md b/docker-info.1.md index 93004a83c904..1ebcd1a41931 100644 --- a/docker-info.1.md +++ b/docker-info.1.md @@ -42,6 +42,7 @@ Here is a sample output: Dirs: 80 Execution Driver: native-0.2 Logging Driver: json-file + Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge null host From 1573044bcdf622bc1603d4ef7381395dfb1acd50 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Thu, 11 Feb 2016 21:48:16 -0500 Subject: [PATCH 194/398] Support mount opts for `local` volume driver Allows users to submit options similar to the `mount` command when creating a volume with the `local` volume driver. For example: ```go $ docker volume create -d local --opt type=nfs --opt device=myNfsServer:/data --opt o=noatime,nosuid ``` Signed-off-by: Brian Goff --- docker-volume-create.1.md | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/docker-volume-create.1.md b/docker-volume-create.1.md index 24b39bc5a213..43338095c7de 100644 --- a/docker-volume-create.1.md +++ b/docker-volume-create.1.md @@ -15,11 +15,9 @@ docker-volume-create - Create a new volume Creates a new volume that containers can consume and store data in. If a name is not specified, Docker generates a random name. You create a volume and then configure the container to use it, for example: - ``` - $ docker volume create --name hello - hello - $ docker run -d -v hello:/world busybox ls /world - ``` + $ docker volume create --name hello + hello + $ docker run -d -v hello:/world busybox ls /world The mount is created inside the container's `/src` directory. Docker doesn't not support relative paths for mount points inside the container. @@ -29,14 +27,22 @@ Multiple containers can use the same volume in the same time period. This is use Some volume drivers may take options to customize the volume creation. Use the `-o` or `--opt` flags to pass driver options: - ``` - $ docker volume create --driver fake --opt tardis=blue --opt timey=wimey - ``` + $ docker volume create --driver fake --opt tardis=blue --opt timey=wimey These options are passed directly to the volume driver. Options for different volume drivers may do different things (or nothing at all). -*Note*: The built-in `local` volume driver does not currently accept any options. +The built-in `local` driver on Windows does not support any options. + +The built-in `local` driver on Linux accepts options similar to the linux `mount` +command: + + $ docker volume create --driver local --opt type=tmpfs --opt device=tmpfs --opt o=size=100m,uid=1000 + +Another example: + + $ docker volume create --driver local --opt type=btrfs --opt device=/dev/sda2 + # OPTIONS **-d**, **--driver**="*local*" From f213a46126a8b6e81335800836d3bc5a7dbfd5ab Mon Sep 17 00:00:00 2001 From: Micah Zoltu Date: Thu, 3 Mar 2016 23:40:28 +0000 Subject: [PATCH 195/398] Adds clarification to behavior of missing directories. Closes #20920 Signed-off-by: Micah Zoltu --- docker-cp.1.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker-cp.1.md b/docker-cp.1.md index eda3b36031bb..84d64c268881 100644 --- a/docker-cp.1.md +++ b/docker-cp.1.md @@ -36,7 +36,8 @@ the user and primary group at the destination. For example, files copied to a container are created with `UID:GID` of the root user. Files copied to the local machine are created with the `UID:GID` of the user which invoked the `docker cp` command. If you specify the `-L` option, `docker cp` follows any symbolic link -in the `SRC_PATH`. +in the `SRC_PATH`. `docker cp` does *not* create parent directories for +`DEST_PATH` if they do not exist. Assuming a path separator of `/`, a first argument of `SRC_PATH` and second argument of `DEST_PATH`, the behavior is as follows: From c5bf50c69eac8235cd9ec8b1263eb6e212f40b2f Mon Sep 17 00:00:00 2001 From: Mrunal Patel Date: Sun, 21 Feb 2016 21:31:21 -0800 Subject: [PATCH 196/398] Add support for NoNewPrivileges in docker Signed-off-by: Mrunal Patel Add tests for no-new-privileges Signed-off-by: Mrunal Patel Update documentation for no-new-privileges Signed-off-by: Mrunal Patel --- docker-run.1.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-run.1.md b/docker-run.1.md index bf75fb68ef4f..7f5c21046f84 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -459,6 +459,8 @@ its root filesystem mounted as read only prohibiting any writes. "label:type:TYPE" : Set the label type for the container "label:level:LEVEL" : Set the label level for the container "label:disable" : Turn off label confinement for the container + "no-new-privileges" : Disable container processes from gaining additional privileges + **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. From f9d68cfdb5fa64ab58389a71a8b0728137ed6eaa Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Mon, 7 Mar 2016 20:27:39 +0000 Subject: [PATCH 197/398] devmapper: Add a new option dm.min_free_space Once thin pool gets full, bad things can happen. Especially in case of xfs it is possible that xfs keeps on retrying IO infinitely (for certain kind of IO) and container hangs. One way to mitigate the problem is that once thin pool is about to get full, start failing some of the docker operations like pulling new images or creation of new containers. That way user will get warning ahead of time and can try to rectify it by creating more free space in thin pool. This can be done either by deleting existing images/containers or by adding more free space to thin pool. This patch adds a new option dm.min_free_space to devicemapper graph driver. Say one specifies dm.min_free_space=10%. This means atleast 10% of data and metadata blocks should be free in pool before new device creation is allowed, otherwise operation will fail. By default min_free_space is 10%. User can change it by specifying dm.min_free_space=X% on command line. A value of 0% will disable the check. Signed-off-by: Vivek Goyal --- docker-daemon.8.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/docker-daemon.8.md b/docker-daemon.8.md index 9f699c7124d4..1f47dea50190 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -475,6 +475,30 @@ By default docker will pick up the zfs filesystem where docker graph Example use: `docker daemon -s zfs --storage-opt zfs.fsname=zroot/docker` +#### dm.min_free_space + +Specifies the min free space percent in thin pool require for new device +creation to succeed. This check applies to both free data space as well +as free metadata space. Valid values are from 0% - 99%. Value 0% disables +free space checking logic. If user does not specify a value for this optoin, +then default value for this option is 10%. + +Whenever a new thin pool device is created (during docker pull or +during container creation), docker will check minimum free space is +available as specified by this parameter. If that is not the case, then +device creation will fail and docker operation will fail. + +One will have to create more free space in thin pool to recover from the +error. Either delete some of the images and containers from thin pool and +create free space or add more storage to thin pool. + +For lvm thin pool, one can add more storage to volume group container thin +pool and that should automatically resolve it. If loop devices are being +used, then stop docker, grow the size of loop files and restart docker and +that should resolve the issue. + +Example use: `docker daemon --storage-opt dm.min_free_space_percent=10%` + # CLUSTER STORE OPTIONS The daemon uses libkv to advertise From 6ac2ae5baf9f52705aae3c5d0b5f256d5364b957 Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Tue, 15 Dec 2015 11:15:43 -0800 Subject: [PATCH 198/398] pids limit support update bash commpletion for pids limit update check config for kernel add docs for pids limit add pids stats add stats to docker client Signed-off-by: Jessica Frazelle --- docker-create.1.md | 4 ++++ docker-run.1.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/docker-create.1.md b/docker-create.1.md index 6a2640d205ac..16f70a958d2f 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -58,6 +58,7 @@ docker-create - Create a new container [**-P**|**--publish-all**] [**-p**|**--publish**[=*[]*]] [**--pid**[=*[]*]] +[**--pids-limit**[=*PIDS_LIMIT*]] [**--privileged**] [**--read-only**] [**--restart**[=*RESTART*]] @@ -290,6 +291,9 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. **host**: use the host's PID namespace inside the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure. +**--pids-limit**="" + Tune the container's pids limit. Set `-1` to have unlimited pids for the container. + **--privileged**=*true*|*false* Give extended privileges to this container. The default is *false*. diff --git a/docker-run.1.md b/docker-run.1.md index 7f5c21046f84..a22d43762d72 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -60,6 +60,7 @@ docker-run - Run a command in a new container [**-P**|**--publish-all**] [**-p**|**--publish**[=*[]*]] [**--pid**[=*[]*]] +[**--pids-limit**[=*PIDS_LIMIT*]] [**--privileged**] [**--read-only**] [**--restart**[=*RESTART*]] @@ -420,6 +421,9 @@ Use `docker port` to see the actual mapping: `docker port CONTAINER $CONTAINERPO **host**: use the host's PID namespace inside the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure. +**--pids-limit**="" + Tune the container's pids limit. Set `-1` to have unlimited pids for the container. + **--uts**=*host* Set the UTS mode for the container **host**: use the host's UTS namespace inside the container. From 55b4cf9be22fad6ae1e5f948f7cc732645f4f2c2 Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Tue, 8 Mar 2016 22:34:35 +0100 Subject: [PATCH 199/398] docs: extend: plugins: mention the sdk + systemd socket activation Signed-off-by: Antonio Murdaca --- docker-daemon.8.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-daemon.8.md b/docker-daemon.8.md index 1f47dea50190..5854c28a557d 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -545,7 +545,7 @@ multiple plugins installed, at least one must allow the request for it to complete. For information about how to create an authorization plugin, see [authorization -plugin](https://docs.docker.com/engine/extend/authorization.md) section in the +plugin](https://docs.docker.com/engine/extend/plugins_authorization.md) section in the Docker extend section of this documentation. From c75e013bb473df16363e8a620c84e4eb5c15905e Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Sat, 12 Mar 2016 14:11:01 +0100 Subject: [PATCH 200/398] docs: add $ before HOME Signed-off-by: Antonio Murdaca --- config-json.5.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config-json.5.md b/config-json.5.md index 7e0b64094800..49987f08b8f9 100644 --- a/config-json.5.md +++ b/config-json.5.md @@ -7,7 +7,7 @@ HOME/.docker/config.json - Default Docker configuration file # INTRODUCTION By default, the Docker command line stores its configuration files in a -directory called `.docker` within your `HOME` directory. Docker manages most of +directory called `.docker` within your `$HOME` directory. Docker manages most of the files in the configuration directory and you should not modify them. However, you *can modify* the `config.json` file to control certain aspects of how the `docker` command behaves. From d99e57f030c3910fac81d99edba6ba78372ca07e Mon Sep 17 00:00:00 2001 From: Shijiang Wei Date: Sat, 12 Mar 2016 21:24:55 +0800 Subject: [PATCH 201/398] docs: fix broken links Signed-off-by: Shijiang Wei --- docker-daemon.8.md | 2 +- docker-network-create.1.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-daemon.8.md b/docker-daemon.8.md index 5854c28a557d..06bcf6438af9 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -545,7 +545,7 @@ multiple plugins installed, at least one must allow the request for it to complete. For information about how to create an authorization plugin, see [authorization -plugin](https://docs.docker.com/engine/extend/plugins_authorization.md) section in the +plugin](https://docs.docker.com/engine/extend/authorization/) section in the Docker extend section of this documentation. diff --git a/docker-network-create.1.md b/docker-network-create.1.md index e2c34bff1794..4d4cee39115f 100644 --- a/docker-network-create.1.md +++ b/docker-network-create.1.md @@ -53,7 +53,7 @@ The `docker daemon` options that support the `overlay` network are: To read more about these options and how to configure them, see ["*Get started with multi-host -network*"](https://www.docker.com/engine/userguide/networking/get-started-overlay.md). +network*"](https://docs.docker.com/engine/userguide/networking/get-started-overlay/). It is also a good idea, though not required, that you install Docker Swarm on to manage the cluster that makes up your network. Swarm provides sophisticated From 7ae694c54dfef712ea9a97dbbd0366c9e0093df3 Mon Sep 17 00:00:00 2001 From: Liron Levin Date: Mon, 8 Feb 2016 16:23:24 +0200 Subject: [PATCH 202/398] Run privileged containers when userns are specified Following #19995 and #17409 this PR enables skipping userns re-mapping when creating a container (or when executing a command). Thus, enabling privileged containers running side by side with userns remapped containers. The feature is enabled by specifying ```--userns:host```, which will not remapped the user if userns are applied. If this flag is not specified, the existing behavior (which blocks specific privileged operation) remains. Signed-off-by: Liron Levin --- docker-create.1.md | 5 +++++ docker-run.1.md | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/docker-create.1.md b/docker-create.1.md index 16f70a958d2f..95d171fec3cc 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -58,6 +58,7 @@ docker-create - Create a new container [**-P**|**--publish-all**] [**-p**|**--publish**[=*[]*]] [**--pid**[=*[]*]] +[**--userns**[=*[]*]] [**--pids-limit**[=*PIDS_LIMIT*]] [**--privileged**] [**--read-only**] @@ -291,6 +292,10 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. **host**: use the host's PID namespace inside the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure. +**--userns**="" + Set the usernamespace mode for the container when `userns-remap` option is enabled. + **host**: use the host usernamespace and enable all privileged options (e.g., `pid=host` or `--privileged`). + **--pids-limit**="" Tune the container's pids limit. Set `-1` to have unlimited pids for the container. diff --git a/docker-run.1.md b/docker-run.1.md index a22d43762d72..c44dd603d047 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -60,6 +60,7 @@ docker-run - Run a command in a new container [**-P**|**--publish-all**] [**-p**|**--publish**[=*[]*]] [**--pid**[=*[]*]] +[**--userns**[=*[]*]] [**--pids-limit**[=*PIDS_LIMIT*]] [**--privileged**] [**--read-only**] @@ -421,6 +422,10 @@ Use `docker port` to see the actual mapping: `docker port CONTAINER $CONTAINERPO **host**: use the host's PID namespace inside the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure. +**--userns**="" + Set the usernamespace mode for the container when `userns-remap` option is enabled. + **host**: use the host usernamespace and enable all privileged options (e.g., `pid=host` or `--privileged`). + **--pids-limit**="" Tune the container's pids limit. Set `-1` to have unlimited pids for the container. From 7fbcc7bddc203905813aaa0114d4e8f4999013d3 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 4 Mar 2016 15:58:07 +0100 Subject: [PATCH 203/398] Update Docker pull examples The old examples no longer worked due to changes in the client and Docker Hub. This updates the "docker pull" documentation and adds more examples and explanation of the features. Signed-off-by: Sebastiaan van Stijn --- docker-pull.1.md | 191 +++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 159 insertions(+), 32 deletions(-) diff --git a/docker-pull.1.md b/docker-pull.1.md index 338ee5d713ca..e4a7550d5b11 100644 --- a/docker-pull.1.md +++ b/docker-pull.1.md @@ -16,7 +16,7 @@ This command pulls down an image or a repository from a registry. If there is more than one image for a repository (e.g., fedora) then all images for that repository name can be pulled down including any tags (see the option **-a** or **--all-tags**). - + If you do not specify a `REGISTRY_HOST`, the command uses Docker's public registry located at `registry-1.docker.io` by default. @@ -27,58 +27,185 @@ registry located at `registry-1.docker.io` by default. **--help** Print usage statement -# EXAMPLE +# EXAMPLES + +### Pull an image from Docker Hub + +To download a particular image, or set of images (i.e., a repository), use +`docker pull`. If no tag is provided, Docker Engine uses the `:latest` tag as a +default. This command pulls the `debian:latest` image: + + $ docker pull debian + + Using default tag: latest + latest: Pulling from library/debian + fdd5d7827f33: Pull complete + a3ed95caeb02: Pull complete + Digest: sha256:e7d38b3517548a1c71e41bffe9c8ae6d6d29546ce46bf62159837aad072c90aa + Status: Downloaded newer image for debian:latest + +Docker images can consist of multiple layers. In the example above, the image +consists of two layers; `fdd5d7827f33` and `a3ed95caeb02`. + +Layers can be reused by images. For example, the `debian:jessie` image shares +both layers with `debian:latest`. Pulling the `debian:jessie` image therefore +only pulls its metadata, but not its layers, because all layers are already +present locally: + + $ docker pull debian:jessie + + jessie: Pulling from library/debian + fdd5d7827f33: Already exists + a3ed95caeb02: Already exists + Digest: sha256:a9c958be96d7d40df920e7041608f2f017af81800ca5ad23e327bc402626b58e + Status: Downloaded newer image for debian:jessie + +To see which images are present locally, use the **docker-images(1)** +command: + + $ docker images + + REPOSITORY TAG IMAGE ID CREATED SIZE + debian jessie f50f9524513f 5 days ago 125.1 MB + debian latest f50f9524513f 5 days ago 125.1 MB + +Docker uses a content-addressable image store, and the image ID is a SHA256 +digest covering the image's configuration and layers. In the example above, +`debian:jessie` and `debian:latest` have the same image ID because they are +actually the *same* image tagged with different names. Because they are the +same image, their layers are stored only once and do not consume extra disk +space. + +For more information about images, layers, and the content-addressable store, +refer to [understand images, containers, and storage drivers](https://docs.docker.com/engine/userguide/storagedriver/imagesandcontainers/) +in the online documentation. + + +## Pull an image by digest (immutable identifier) + +So far, you've pulled images by their name (and "tag"). Using names and tags is +a convenient way to work with images. When using tags, you can `docker pull` an +image again to make sure you have the most up-to-date version of that image. +For example, `docker pull ubuntu:14.04` pulls the latest version of the Ubuntu +14.04 image. + +In some cases you don't want images to be updated to newer versions, but prefer +to use a fixed version of an image. Docker enables you to pull an image by its +*digest*. When pulling an image by digest, you specify *exactly* which version +of an image to pull. Doing so, allows you to "pin" an image to that version, +and guarantee that the image you're using is always the same. + +To know the digest of an image, pull the image first. Let's pull the latest +`ubuntu:14.04` image from Docker Hub: + + $ docker pull ubuntu:14.04 + + 14.04: Pulling from library/ubuntu + 5a132a7e7af1: Pull complete + fd2731e4c50c: Pull complete + 28a2f68d1120: Pull complete + a3ed95caeb02: Pull complete + Digest: sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 + Status: Downloaded newer image for ubuntu:14.04 + +Docker prints the digest of the image after the pull has finished. In the example +above, the digest of the image is: + + sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 + +Docker also prints the digest of an image when *pushing* to a registry. This +may be useful if you want to pin to a version of the image you just pushed. + +A digest takes the place of the tag when pulling an image, for example, to +pull the above image by digest, run the following command: -## Pull a repository with multiple images with the -a|--all-tags option set to true. -Note that if the image is previously downloaded then the status would be -`Status: Image is up to date for fedora`. + $ docker pull ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 + + sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2: Pulling from library/ubuntu + 5a132a7e7af1: Already exists + fd2731e4c50c: Already exists + 28a2f68d1120: Already exists + a3ed95caeb02: Already exists + Digest: sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 + Status: Downloaded newer image for ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 + +Digest can also be used in the `FROM` of a Dockerfile, for example: + + FROM ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 + MAINTAINER some maintainer + +> **Note**: Using this feature "pins" an image to a specific version in time. +> Docker will therefore not pull updated versions of an image, which may include +> security updates. If you want to pull an updated image, you need to change the +> digest accordingly. + +## Pulling from a different registry + +By default, `docker pull` pulls images from Docker Hub. It is also possible to +manually specify the path of a registry to pull from. For example, if you have +set up a local registry, you can specify its path to pull from it. A registry +path is similar to a URL, but does not contain a protocol specifier (`https://`). + +The following command pulls the `testing/test-image` image from a local registry +listening on port 5000 (`myregistry.local:5000`): + + $ docker pull myregistry.local:5000/testing/test-image + +Docker uses the `https://` protocol to communicate with a registry, unless the +registry is allowed to be accessed over an insecure connection. Refer to the +[insecure registries](https://docs.docker.com/engine/reference/commandline/daemon/#insecure-registries) +section in the online documentation for more information. + + +## Pull a repository with multiple images + +By default, `docker pull` pulls a *single* image from the registry. A repository +can contain multiple images. To pull all images from a repository, provide the +`-a` (or `--all-tags`) option when using `docker pull`. + +This command pulls all images from the `fedora` repository: $ docker pull --all-tags fedora + Pulling repository fedora ad57ef8d78d7: Download complete 105182bb5e8b: Download complete 511136ea3c5a: Download complete 73bd853d2ea5: Download complete + .... Status: Downloaded newer image for fedora - $ docker images +After the pull has completed use the `docker images` command to see the +images that were pulled. The example below shows all the `fedora` images +that are present locally: + + $ docker images fedora + REPOSITORY TAG IMAGE ID CREATED SIZE fedora rawhide ad57ef8d78d7 5 days ago 359.3 MB fedora 20 105182bb5e8b 5 days ago 372.7 MB fedora heisenbug 105182bb5e8b 5 days ago 372.7 MB fedora latest 105182bb5e8b 5 days ago 372.7 MB -## Pull a repository with the -a|--all-tags option set to false (this is the default). - - $ docker pull debian - Using default tag: latest - latest: Pulling from library/debian - 2c49f83e0b13: Pull complete - 4a5e6db8c069: Pull complete - - Status: Downloaded newer image for debian:latest - - $ docker images - REPOSITORY TAG IMAGE ID CREATED SIZE - debian latest 4a5e6db8c069 5 days ago 125.1 MB - -## Pull an image, manually specifying path to Docker's public registry and tag -Note that if the image is previously downloaded then the status would be -`Status: Image is up to date for registry.hub.docker.com/fedora:20` +## Canceling a pull - $ docker pull registry.hub.docker.com/fedora:20 - Pulling repository fedora - 3f2fed40e4b0: Download complete - 511136ea3c5a: Download complete - fd241224e9cf: Download complete +Killing the `docker pull` process, for example by pressing `CTRL-c` while it is +running in a terminal, will terminate the pull operation. - Status: Downloaded newer image for registry.hub.docker.com/fedora:20 + $ docker pull fedora - $ docker images - REPOSITORY TAG IMAGE ID CREATED SIZE - fedora 20 3f2fed40e4b0 4 days ago 372.7 MB + Using default tag: latest + latest: Pulling from library/fedora + a3ed95caeb02: Pulling fs layer + 236608c7b546: Pulling fs layer + ^C + +> **Note**: Technically, the Engine terminates a pull operation when the +> connection between the Docker Engine daemon and the Docker Engine client +> initiating the pull is lost. If the connection with the Engine daemon is +> lost for other reasons than a manual interaction, the pull is also aborted. # HISTORY From 30095dc529523147f75be7cd6dde2fb30fa08a6b Mon Sep 17 00:00:00 2001 From: Zhang Wei Date: Thu, 17 Mar 2016 16:13:51 +0800 Subject: [PATCH 204/398] Fix typo Signed-off-by: Zhang Wei --- docker-network-create.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-network-create.1.md b/docker-network-create.1.md index 4d4cee39115f..97505baf3bda 100644 --- a/docker-network-create.1.md +++ b/docker-network-create.1.md @@ -96,7 +96,7 @@ disconnect` command. When you create a network, Engine creates a non-overlapping subnetwork for the network by default. This subnetwork is not a subdivision of an existing network. It is purely for ip-addressing purposes. You can override this default and -specify subnetwork values directly using the the `--subnet` option. On a +specify subnetwork values directly using the `--subnet` option. On a `bridge` network you can only create a single subnet: ```bash From e78c505c8e6a7129c2ee41241cc83a62607eaad6 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Thu, 17 Mar 2016 08:03:50 -0400 Subject: [PATCH 205/398] Fix documentation on --security-opt seccomp Missing documentation and man pages on seccomp options. Signed-off-by: Dan Walsh --- docker-create.1.md | 9 +++++++++ docker-run.1.md | 3 +++ 2 files changed, 12 insertions(+) diff --git a/docker-create.1.md b/docker-create.1.md index 95d171fec3cc..376f8308a53f 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -316,6 +316,15 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. **--security-opt**=[] Security Options + "label:user:USER" : Set the label user for the container + "label:role:ROLE" : Set the label role for the container + "label:type:TYPE" : Set the label type for the container + "label:level:LEVEL" : Set the label level for the container + "label:disable" : Turn off label confinement for the container + "no-new-privileges" : Disable container processes from gaining additional privileges + "seccomp:unconfined" : Turn off seccomp confinement for the container + "seccomp:profile.json : White listed syscalls seccomp Json file to be used as a seccomp filter + **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. diff --git a/docker-run.1.md b/docker-run.1.md index c44dd603d047..c92dd6a2c9b8 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -468,8 +468,11 @@ its root filesystem mounted as read only prohibiting any writes. "label:type:TYPE" : Set the label type for the container "label:level:LEVEL" : Set the label level for the container "label:disable" : Turn off label confinement for the container + "no-new-privileges" : Disable container processes from gaining additional privileges + "seccomp:unconfined" : Turn off seccomp confinement for the container + "seccomp:profile.json : White listed syscalls seccomp Json file to be used as a seccomp filter **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. From 88fd8651a29bf42bb41c0db4cdb0f529f2545879 Mon Sep 17 00:00:00 2001 From: David Calavera Date: Tue, 15 Mar 2016 18:34:29 -0400 Subject: [PATCH 206/398] Consolidate security options to use `=` as separator. All other options we have use `=` as separator, labels, log configurations, graph configurations and so on. We should be consistent and use `=` for the security options too. Signed-off-by: David Calavera --- docker-run.1.md | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/docker-run.1.md b/docker-run.1.md index c92dd6a2c9b8..d63a0b64529d 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -463,16 +463,18 @@ its root filesystem mounted as read only prohibiting any writes. **--security-opt**=[] Security Options - "label:user:USER" : Set the label user for the container - "label:role:ROLE" : Set the label role for the container - "label:type:TYPE" : Set the label type for the container - "label:level:LEVEL" : Set the label level for the container - "label:disable" : Turn off label confinement for the container - + "label=user:USER" : Set the label user for the container + "label=role:ROLE" : Set the label role for the container + "label=type:TYPE" : Set the label type for the container + "label=level:LEVEL" : Set the label level for the container + "label=disable" : Turn off label confinement for the container "no-new-privileges" : Disable container processes from gaining additional privileges - "seccomp:unconfined" : Turn off seccomp confinement for the container - "seccomp:profile.json : White listed syscalls seccomp Json file to be used as a seccomp filter + "seccomp=unconfined" : Turn off seccomp confinement for the container + "seccomp=profile.json : White listed syscalls seccomp Json file to be used as a seccomp filter + + "apparmor=unconfined" : Turn off apparmor confinement for the container + "apparmor=your-profile" : Set the apparmor confinement profile for the container **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. @@ -880,23 +882,23 @@ the `--security-opt` flag. For example, you can specify the MCS/MLS level, a requirement for MLS systems. Specifying the level in the following command allows you to share the same content between containers. - # docker run --security-opt label:level:s0:c100,c200 -i -t fedora bash + # docker run --security-opt label=level:s0:c100,c200 -i -t fedora bash An MLS example might be: - # docker run --security-opt label:level:TopSecret -i -t rhel7 bash + # docker run --security-opt label=level:TopSecret -i -t rhel7 bash To disable the security labeling for this container versus running with the `--permissive` flag, use the following command: - # docker run --security-opt label:disable -i -t fedora bash + # docker run --security-opt label=disable -i -t fedora bash If you want a tighter security policy on the processes within a container, you can specify an alternate type for the container. You could run a container that is only allowed to listen on Apache ports by executing the following command: - # docker run --security-opt label:type:svirt_apache_t -i -t centos bash + # docker run --security-opt label=type:svirt_apache_t -i -t centos bash Note: From bad23963371e5e866fa0eccf8010f8e91dc53221 Mon Sep 17 00:00:00 2001 From: Martin Mosegaard Amdisen Date: Mon, 21 Mar 2016 15:15:40 +0100 Subject: [PATCH 207/398] Fix plural typo in 'save' command help The form "Save an images" is not correct. Either "Save an image" or "Save images" work, but since the save commands accepts multiple images, I chose the latter. Fixed in all places where I could grep "Save an image(s)". Signed-off-by: Martin Mosegaard Amdisen --- docker-load.1.md | 2 +- docker-save.1.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-load.1.md b/docker-load.1.md index 75ae84e6c5d9..feeeaa4c3ed0 100644 --- a/docker-load.1.md +++ b/docker-load.1.md @@ -37,7 +37,7 @@ Restores both images and tags. fedora latest 58394af37342 7 weeks ago 385.5 MB # See also -**docker-save(1)** to save an image(s) to a tar archive (streamed to STDOUT by default). +**docker-save(1)** to save images to a tar archive (streamed to STDOUT by default). # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) diff --git a/docker-save.1.md b/docker-save.1.md index 5f336ffd3457..f1a07c24e613 100644 --- a/docker-save.1.md +++ b/docker-save.1.md @@ -2,7 +2,7 @@ % Docker Community % JUNE 2014 # NAME -docker-save - Save an image(s) to a tar archive (streamed to STDOUT by default) +docker-save - Save images to a tar archive (streamed to STDOUT by default) # SYNOPSIS **docker save** From 039e36f6ff9d1d6cd8c662070a3f9ce7aba432d6 Mon Sep 17 00:00:00 2001 From: Kenfe-Mickael Laventure Date: Fri, 18 Mar 2016 12:43:17 -0700 Subject: [PATCH 208/398] Remove unneeded references to execDriver This includes: - updating the docs - removing dangling variables Signed-off-by: Kenfe-Mickael Laventure --- docker-daemon.8.md | 12 ++++++------ docker-inspect.1.md | 3 +-- docker.1.md | 7 +++---- 3 files changed, 10 insertions(+), 12 deletions(-) diff --git a/docker-daemon.8.md b/docker-daemon.8.md index 06bcf6438af9..e313cd7e76dd 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -126,10 +126,10 @@ format. DNS search domains to use. **--exec-opt**=[] - Set exec driver options. See EXEC DRIVER OPTIONS. + Set runtime execution options. See RUNTIME EXECUTION OPTIONS. **--exec-root**="" - Path to use as the root of the Docker exec driver. Default is `/var/run/docker`. + Path to use as the root of the Docker execution state files. Default is `/var/run/docker`. **--fixed-cidr**="" IPv4 subnet for fixed IPs (e.g., 10.20.0.0/16); this subnet must be nested in the bridge subnet (which is defined by \-b or \-\-bip) @@ -289,13 +289,13 @@ will use more space for base images the larger the device is. The base device size can be increased at daemon restart which will allow -all future images and containers (based on those new images) to be of the +all future images and containers (based on those new images) to be of the new base device size. -Example use: `docker daemon --storage-opt dm.basesize=50G` +Example use: `docker daemon --storage-opt dm.basesize=50G` -This will increase the base device size to 50G. The Docker daemon will throw an -error if existing base device size is larger than 50G. A user can use +This will increase the base device size to 50G. The Docker daemon will throw an +error if existing base device size is larger than 50G. A user can use this option to expand the base device size however shrinking is not permitted. This value affects the system-wide "base" empty filesystem that may already diff --git a/docker-inspect.1.md b/docker-inspect.1.md index 6bb6a5809d95..1bc2cf0b9cea 100644 --- a/docker-inspect.1.md +++ b/docker-inspect.1.md @@ -16,7 +16,7 @@ CONTAINER|IMAGE [CONTAINER|IMAGE...] This displays all the information available in Docker for a given container or image. By default, this will render all results in a JSON -array. If the container and image have the same name, this will return +array. If the container and image have the same name, this will return container JSON for unspecified type. If a format is specified, the given template will be executed for each result. @@ -110,7 +110,6 @@ To get information on a container use its ID or instance name: "Name": "/adoring_wozniak", "RestartCount": 0, "Driver": "devicemapper", - "ExecDriver": "native-0.2", "MountLabel": "", "ProcessLabel": "", "Mounts": [ diff --git a/docker.1.md b/docker.1.md index f59f98abdf91..c34d9c8d9ad9 100644 --- a/docker.1.md +++ b/docker.1.md @@ -224,15 +224,14 @@ inside it) See **docker-wait(1)** for full documentation on the **wait** command. -# EXEC DRIVER OPTIONS +# RUNTIME EXECUTION OPTIONS Use the **--exec-opt** flags to specify options to the execution driver. The following options are available: #### native.cgroupdriver -Specifies the management of the container's `cgroups`. You can specify -`cgroupfs` or `systemd`. If you specify `systemd` and it is not available, the -system uses `cgroupfs`. +Specifies the management of the container's `cgroups`. Only `cgroupfs` can be specified +`cgroupfs` at the moment. #### Client For specific client examples please see the man page for the specific Docker From 077efc4e047217484a88681acd75d715f68a06d0 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Mon, 14 Mar 2016 23:31:42 -0400 Subject: [PATCH 209/398] Add explicit flags for volume cp/no-cp This allows a user to specify explicitly to enable automatic copying of data from the container path to the volume path. This does not change the default behavior of automatically copying, but does allow a user to disable it at runtime. Signed-off-by: Brian Goff --- docker-create.1.md | 4 ++++ docker-run.1.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/docker-create.1.md b/docker-create.1.md index 376f8308a53f..f12edb5483ea 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -434,6 +434,10 @@ change propagation properties of source mount. Say `/` is source mount for > is `slave`, you may not be able to use the `shared` or `rshared` propagation on > a volume. + +To disable automatic copying of data from the container path to the volume, use +the `nocopy` flag. The `nocopy` flag can be set on bind mounts and named volumes. + **--volume-driver**="" Container's volume driver. This driver creates volumes specified either from a Dockerfile's `VOLUME` instruction or from the `docker run -v` flag. diff --git a/docker-run.1.md b/docker-run.1.md index d63a0b64529d..57808f33a09d 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -531,6 +531,7 @@ any options, the systems uses the following options: * [rw|ro] * [z|Z] * [`[r]shared`|`[r]slave`|`[r]private`] + * [nocopy] The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The `HOST-DIR` can be an absolute path or a `name` value. A `name` value must start with an @@ -603,6 +604,9 @@ change propagation properties of source mount. Say `/` is source mount for > is `slave`, you may not be able to use the `shared` or `rshared` propagation on > a volume. +To disable automatic copying of data from the container path to the volume, use +the `nocopy` flag. The `nocopy` flag can be set on bind mounts and named volumes. + **--volume-driver**="" Container's volume driver. This driver creates volumes specified either from a Dockerfile's `VOLUME` instruction or from the `docker run -v` flag. From 120f2e449bb41b055ae5e7f9df947465ffc6d56b Mon Sep 17 00:00:00 2001 From: Zhu Guihua Date: Tue, 22 Mar 2016 14:50:49 +0800 Subject: [PATCH 210/398] Move ZFS options to correct place in man page Signed-off-by: Zhu Guihua --- docker-daemon.8.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/docker-daemon.8.md b/docker-daemon.8.md index e313cd7e76dd..370f0b25e7c9 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -465,16 +465,6 @@ this topic, see Otherwise, set this flag for migrating existing Docker daemons to a daemon with a supported environment. -## ZFS options - -#### zfs.fsname - -Set zfs filesystem under which docker will create its own datasets. -By default docker will pick up the zfs filesystem where docker graph -(`/var/lib/docker`) is located. - -Example use: `docker daemon -s zfs --storage-opt zfs.fsname=zroot/docker` - #### dm.min_free_space Specifies the min free space percent in thin pool require for new device @@ -499,6 +489,16 @@ that should resolve the issue. Example use: `docker daemon --storage-opt dm.min_free_space_percent=10%` +## ZFS options + +#### zfs.fsname + +Set zfs filesystem under which docker will create its own datasets. +By default docker will pick up the zfs filesystem where docker graph +(`/var/lib/docker`) is located. + +Example use: `docker daemon -s zfs --storage-opt zfs.fsname=zroot/docker` + # CLUSTER STORE OPTIONS The daemon uses libkv to advertise From 606e1ece6fb65252c192f2e415bd6e8c329c3864 Mon Sep 17 00:00:00 2001 From: Martin Mosegaard Amdisen Date: Tue, 22 Mar 2016 08:16:52 +0100 Subject: [PATCH 211/398] Update 'save' command help Based on review feedback. Signed-off-by: Martin Mosegaard Amdisen --- docker-load.1.md | 2 +- docker-save.1.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-load.1.md b/docker-load.1.md index feeeaa4c3ed0..6ad45587cfbf 100644 --- a/docker-load.1.md +++ b/docker-load.1.md @@ -37,7 +37,7 @@ Restores both images and tags. fedora latest 58394af37342 7 weeks ago 385.5 MB # See also -**docker-save(1)** to save images to a tar archive (streamed to STDOUT by default). +**docker-save(1)** to save one or more images to a tar archive (streamed to STDOUT by default). # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) diff --git a/docker-save.1.md b/docker-save.1.md index f1a07c24e613..1d1de8a1dfbd 100644 --- a/docker-save.1.md +++ b/docker-save.1.md @@ -2,7 +2,7 @@ % Docker Community % JUNE 2014 # NAME -docker-save - Save images to a tar archive (streamed to STDOUT by default) +docker-save - Save one or more images to a tar archive (streamed to STDOUT by default) # SYNOPSIS **docker save** From 771c525a4257ac73570ebcd17992ad699fc8810a Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Thu, 24 Mar 2016 18:57:44 +0100 Subject: [PATCH 212/398] add docs for `docker load --quiet` Signed-off-by: Harald Albers --- docker-load.1.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docker-load.1.md b/docker-load.1.md index 6ad45587cfbf..c54fe607b95a 100644 --- a/docker-load.1.md +++ b/docker-load.1.md @@ -8,7 +8,7 @@ docker-load - Load an image from a tar archive or STDIN **docker load** [**--help**] [**-i**|**--input**[=*INPUT*]] - +[**-q**|**--quiet**] # DESCRIPTION @@ -22,6 +22,9 @@ Restores both images and tags. **-i**, **--input**="" Read from a tar archive file, instead of STDIN. The tarball may be compressed with gzip, bzip, or xz. +**-q**, **--quiet** + Suppress the load output. Without this option, a progress bar is displayed. + # EXAMPLES $ docker images From 2aac639cc353043e3883f0a24ac1a65a83a58012 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 25 Mar 2016 11:16:19 -0700 Subject: [PATCH 213/398] docs for labels on build, networks and volumes Signed-off-by: Harald Albers --- docker-build.1.md | 4 ++++ docker-network-create.1.md | 4 ++++ docker-volume-create.1.md | 4 ++++ 3 files changed, 12 insertions(+) diff --git a/docker-build.1.md b/docker-build.1.md index 91f15fe0d470..c854bc11483a 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -13,6 +13,7 @@ docker-build - Build a new image from the source code at PATH [**-f**|**--file**[=*PATH/Dockerfile*]] [**--force-rm**] [**--isolation**[=*default*]] +[**--label**[=*[]*]] [**--no-cache**] [**--pull**] [**-q**|**--quiet**] @@ -71,6 +72,9 @@ set as the **URL**, the repository is cloned locally and then sent as the contex **--isolation**="*default*" Isolation specifies the type of isolation technology used by containers. +**--label**=*label* + Set metadata for an image + **--no-cache**=*true*|*false* Do not use cache when building the image. The default is *false*. diff --git a/docker-network-create.1.md b/docker-network-create.1.md index 97505baf3bda..885a109efd2a 100644 --- a/docker-network-create.1.md +++ b/docker-network-create.1.md @@ -15,6 +15,7 @@ docker-network-create - create a new network [**--ipam-driver**=*default*] [**--ipam-opt**=*map[]*] [**--ipv6**] +[**--label**[=*[]*]] [**-o**|**--opt**=*map[]*] [**--subnet**=*[]*] NETWORK-NAME @@ -156,6 +157,9 @@ If you want to create an externally isolated `overlay` network, you can specify **--ipv6** Enable IPv6 networking +**--label**=*label* + Set metadata for a network + **-o**, **--opt**=map[] Set custom driver options diff --git a/docker-volume-create.1.md b/docker-volume-create.1.md index 43338095c7de..e71a2f1df1ce 100644 --- a/docker-volume-create.1.md +++ b/docker-volume-create.1.md @@ -8,6 +8,7 @@ docker-volume-create - Create a new volume **docker volume create** [**-d**|**--driver**[=*DRIVER*]] [**--help**] +[**--label**[=*[]*]] [**--name**[=*NAME*]] [**-o**|**--opt**[=*[]*]] @@ -51,6 +52,9 @@ Another example: **--help** Print usage statement +**--label**=*label* + Set metadata for a volume + **--name**="" Specify volume name From 7cfb9b5e7104f97cc4de2479621743a386d60216 Mon Sep 17 00:00:00 2001 From: "Kai Qiang Wu(Kennan)" Date: Mon, 28 Mar 2016 03:11:06 +0000 Subject: [PATCH 214/398] Add man change for volume filter It was forgetton to add change in man for new-added volume filters. This change adds that. Signed-off-by: Kai Qiang Wu(Kennan) --- docker-volume-ls.1.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docker-volume-ls.1.md b/docker-volume-ls.1.md index b115a039d5fe..c045e43bd57f 100644 --- a/docker-volume-ls.1.md +++ b/docker-volume-ls.1.md @@ -18,7 +18,10 @@ There is a single supported filter `dangling=value` which takes a boolean of `tr # OPTIONS **-f**, **--filter**="" - Provide filter values (i.e. 'dangling=true') + Filter output based on these conditions: + - dangling= a volume if referenced or not + - driver= a volume's driver name + - name= a volume's name **--help** Print usage statement From 6d90b55f0e39d2ff9a157defb372fda1c0e209fd Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 28 Mar 2016 05:20:06 -0700 Subject: [PATCH 215/398] fix wrong option name in `dm.min_free_space` examples Signed-off-by: Harald Albers --- docker-daemon.8.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-daemon.8.md b/docker-daemon.8.md index 370f0b25e7c9..27a0eaa0ff3d 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -487,7 +487,7 @@ pool and that should automatically resolve it. If loop devices are being used, then stop docker, grow the size of loop files and restart docker and that should resolve the issue. -Example use: `docker daemon --storage-opt dm.min_free_space_percent=10%` +Example use: `docker daemon --storage-opt dm.min_free_space=10%` ## ZFS options From 0463ed0a2c3acc8af024f45548df00a265e7027f Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 28 Mar 2016 04:47:24 -0700 Subject: [PATCH 216/398] docs for `docker daemon --containerd` Signed-off-by: Harald Albers --- docker-daemon.8.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker-daemon.8.md b/docker-daemon.8.md index 27a0eaa0ff3d..cdc778178221 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -15,6 +15,7 @@ docker-daemon - Enable daemon mode [**--cluster-advertise**[=*[]*]] [**--cluster-store-opt**[=*map[]*]] [**--config-file**[=*/etc/docker/daemon.json*]] +[**--containerd**[=*SOCKET-PATH*]] [**-D**|**--debug**] [**--default-gateway**[=*DEFAULT-GATEWAY*]] [**--default-gateway-v6**[=*DEFAULT-GATEWAY-V6*]] @@ -101,6 +102,9 @@ format. **--config-file**="/etc/docker/daemon.json" Specifies the JSON file path to load the configuration from. +**--containerd**="" + Path to containerd socket. + **-D**, **--debug**=*true*|*false* Enable debug mode. Default is false. From abbe7f842d7888b0545eda9a69fcbf2d672b6d9d Mon Sep 17 00:00:00 2001 From: Shishir Mahajan Date: Sun, 20 Mar 2016 00:42:58 -0400 Subject: [PATCH 217/398] CLI flag for docker create(run) to change block device size. Signed-off-by: Shishir Mahajan --- docker-create.1.md | 8 ++++++++ docker-run.1.md | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/docker-create.1.md b/docker-create.1.md index f12edb5483ea..d3cb85c78c5e 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -64,6 +64,7 @@ docker-create - Create a new container [**--read-only**] [**--restart**[=*RESTART*]] [**--security-opt**[=*[]*]] +[**--storage-opt**[=*[]*]] [**--stop-signal**[=*SIGNAL*]] [**--shm-size**[=*[]*]] [**-t**|**--tty**] @@ -325,6 +326,13 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. "seccomp:unconfined" : Turn off seccomp confinement for the container "seccomp:profile.json : White listed syscalls seccomp Json file to be used as a seccomp filter +**--storage-opt**=[] + Storage driver options per container + + $ docker create -it --storage-opt size=120G fedora /bin/bash + + This (size) will allow to set the container rootfs size to 120G at creation time. User cannot pass a size less than the Default BaseFS Size. + **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. diff --git a/docker-run.1.md b/docker-run.1.md index 57808f33a09d..e6757fc5126b 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -67,6 +67,7 @@ docker-run - Run a command in a new container [**--restart**[=*RESTART*]] [**--rm**] [**--security-opt**[=*[]*]] +[**--storage-opt**[=*[]*]] [**--stop-signal**[=*SIGNAL*]] [**--shm-size**[=*[]*]] [**--sig-proxy**[=*true*]] @@ -476,6 +477,13 @@ its root filesystem mounted as read only prohibiting any writes. "apparmor=unconfined" : Turn off apparmor confinement for the container "apparmor=your-profile" : Set the apparmor confinement profile for the container +**--storage-opt**=[] + Storage driver options per container + + $ docker run -it --storage-opt size=120G fedora /bin/bash + + This (size) will allow to set the container rootfs size to 120G at creation time. User cannot pass a size less than the Default BaseFS Size. + **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. From 1ee546f7710aa737ecf9f5a081aec06cf2667eb2 Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Mon, 28 Mar 2016 17:10:11 -0700 Subject: [PATCH 218/398] Mention "docker login" in push/pull documentation It was suggested to me that documentation for "docker pull" and "docker push" should reference "docker login", to make clearer how to specify credentials for a push or pull operation. Add a note to the manual pages and reference documentation explaining how registry credentials are managed. Signed-off-by: Aaron Lehmann --- docker-pull.1.md | 2 ++ docker-push.1.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/docker-pull.1.md b/docker-pull.1.md index e4a7550d5b11..c61d005308a8 100644 --- a/docker-pull.1.md +++ b/docker-pull.1.md @@ -151,6 +151,8 @@ listening on port 5000 (`myregistry.local:5000`): $ docker pull myregistry.local:5000/testing/test-image +Registry credentials are managed by **docker-login(1)**. + Docker uses the `https://` protocol to communicate with a registry, unless the registry is allowed to be accessed over an insecure connection. Refer to the [insecure registries](https://docs.docker.com/engine/reference/commandline/daemon/#insecure-registries) diff --git a/docker-push.1.md b/docker-push.1.md index cf4bc255f19b..1b487a0d55c1 100644 --- a/docker-push.1.md +++ b/docker-push.1.md @@ -44,6 +44,8 @@ Check that this worked by running: You should see both `rhel-httpd` and `registry-host:5000/myadmin/rhel-httpd` listed. +Registry credentials are managed by **docker-login(1)**. + # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. From 654c430cefb8721eb370d3371308dffbd6893786 Mon Sep 17 00:00:00 2001 From: Anusha Ragunathan Date: Thu, 24 Mar 2016 09:18:03 -0700 Subject: [PATCH 219/398] When using systemd, pass expected cgroupsPath and cli options to runc. runc expects a systemd cgroupsPath to be in slice:scopePrefix:containerName format and the "--systemd-cgroup" option to be set. Update docker accordingly. Fixes 21475 Signed-off-by: Anusha Ragunathan --- docker.1.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docker.1.md b/docker.1.md index c34d9c8d9ad9..6f4f6ab83615 100644 --- a/docker.1.md +++ b/docker.1.md @@ -230,8 +230,9 @@ Use the **--exec-opt** flags to specify options to the execution driver. The following options are available: #### native.cgroupdriver -Specifies the management of the container's `cgroups`. Only `cgroupfs` can be specified -`cgroupfs` at the moment. +Specifies the management of the container's `cgroups`. You can specify `cgroupfs` +or `systemd`. If you specify `systemd` and it is not available, the system errors +out. #### Client For specific client examples please see the man page for the specific Docker From 9c1934461d7f80e743d36720d09b1a27952d3e65 Mon Sep 17 00:00:00 2001 From: allencloud Date: Tue, 29 Mar 2016 14:36:38 +0800 Subject: [PATCH 220/398] 1.change validateNoSchema into validateNoScheme 2.change schema into scheme in docs and some annotations. Signed-off-by: allencloud --- docker-build.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-build.1.md b/docker-build.1.md index c854bc11483a..69d78cd9a339 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -277,7 +277,7 @@ repository. docker build github.com/scollier/purpletest -Note: You can set an arbitrary Git repository via the `git://` schema. +Note: You can set an arbitrary Git repository via the `git://` scheme. ## Building an image using a URL to a tarball'ed context From 34b5428944937d70d7ecbe20e7d1c25132815484 Mon Sep 17 00:00:00 2001 From: Tomasz Kopczynski Date: Tue, 16 Feb 2016 23:45:48 +0100 Subject: [PATCH 221/398] Add insecure registries to docker info Signed-off-by: Tomasz Kopczynski --- docker-info.1.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docker-info.1.md b/docker-info.1.md index 1ebcd1a41931..d0103df2b114 100644 --- a/docker-info.1.md +++ b/docker-info.1.md @@ -59,6 +59,9 @@ Here is a sample output: Debug mode (server): false Username: xyz Registry: https://index.docker.io/v1/ + Insecure registries: + myinsecurehost:5000 + 127.0.0.0/8 # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) From a76eba65be4486ef119eb2482b091873b60d1773 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Tue, 5 Apr 2016 19:30:35 +0000 Subject: [PATCH 222/398] Change HumanSize to BytesSize for memory output in `docker stats`. This fix tries to fix the discrepancy between `docker stats` and `docker run` where `docker run` uses RAMInBytes for all memory related inputs but `docker stats` uses HumanSize for all memory related outputs. To be consistent, `docker stats` needs to use BytesSize for all memory related outputs to conform to RAMInBytes in `docker run`. This fix addresses this issue. As BytesSize is used, the test cases needs to be adjusted to match `KiB/MiB/GiB` instead of `KB/MB/GB`. The documentation has also been updated. This fix fixes #21765. Signed-off-by: Yong Tang --- docker-stats.1.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docker-stats.1.md b/docker-stats.1.md index 520466b5b8a2..41c4b722a5c0 100644 --- a/docker-stats.1.md +++ b/docker-stats.1.md @@ -31,13 +31,13 @@ Running `docker stats` on all running containers $ docker stats CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O - 1285939c1fd3 0.07% 796 KB / 64 MB 1.21% 788 B / 648 B 3.568 MB / 512 KB - 9c76f7834ae2 0.07% 2.746 MB / 64 MB 4.29% 1.266 KB / 648 B 12.4 MB / 0 B - d1ea048f04e4 0.03% 4.583 MB / 64 MB 6.30% 2.854 KB / 648 B 27.7 MB / 0 B + 1285939c1fd3 0.07% 796 KiB / 64 MiB 1.21% 788 B / 648 B 3.568 MB / 512 KB + 9c76f7834ae2 0.07% 2.746 MiB / 64 MiB 4.29% 1.266 KB / 648 B 12.4 MB / 0 B + d1ea048f04e4 0.03% 4.583 MiB / 64 MiB 6.30% 2.854 KB / 648 B 27.7 MB / 0 B Running `docker stats` on multiple containers by name and id. $ docker stats fervent_panini 5acfcb1b4fd1 CONTAINER CPU % MEM USAGE/LIMIT MEM % NET I/O - 5acfcb1b4fd1 0.00% 115.2 MB/1.045 GB 11.03% 1.422 kB/648 B - fervent_panini 0.02% 11.08 MB/1.045 GB 1.06% 648 B/648 B + 5acfcb1b4fd1 0.00% 115.2 MiB/1.045 GiB 11.03% 1.422 kB/648 B + fervent_panini 0.02% 11.08 MiB/1.045 GiB 1.06% 648 B/648 B From c07971f082885f16bf16a978cc1cc41425795293 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Tue, 29 Mar 2016 08:24:28 -0400 Subject: [PATCH 223/398] Add support for setting sysctls This patch will allow users to specify namespace specific "kernel parameters" for running inside of a container. Signed-off-by: Dan Walsh --- docker-create.1.md | 16 ++++++++++++++++ docker-run.1.md | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) diff --git a/docker-create.1.md b/docker-create.1.md index d3cb85c78c5e..3f90a3a1d852 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -67,6 +67,7 @@ docker-create - Create a new container [**--storage-opt**[=*[]*]] [**--stop-signal**[=*SIGNAL*]] [**--shm-size**[=*[]*]] +[**--sysctl**[=*[]*]] [**-t**|**--tty**] [**--tmpfs**[=*[CONTAINER-DIR[:]*]] [**-u**|**--user**[=*USER*]] @@ -336,6 +337,21 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. +**--sysctl**=SYSCTL + Configure namespaced kernel parameters at runtime + + IPC Namespace - current sysctls allowed: + + kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced + Sysctls beginning with fs.mqueue.* + + Note: if you use --ipc=host using these sysctls will not be allowed. + + Network Namespace - current sysctls allowed: + Sysctls beginning with net.* + + Note: if you use --net=host using these sysctls will not be allowed. + **-t**, **--tty**=*true*|*false* Allocate a pseudo-TTY. The default is *false*. diff --git a/docker-run.1.md b/docker-run.1.md index e6757fc5126b..921ff9a07bf7 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -71,6 +71,7 @@ docker-run - Run a command in a new container [**--stop-signal**[=*SIGNAL*]] [**--shm-size**[=*[]*]] [**--sig-proxy**[=*true*]] +[**--sysctl**[=*[]*]] [**-t**|**--tty**] [**--tmpfs**[=*[CONTAINER-DIR[:]*]] [**-u**|**--user**[=*USER*]] @@ -492,6 +493,21 @@ its root filesystem mounted as read only prohibiting any writes. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m`(megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`. +**--sysctl**=SYSCTL + Configure namespaced kernel parameters at runtime + + IPC Namespace - current sysctls allowed: + + kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced + Sysctls beginning with fs.mqueue.* + + If you use the `--ipc=host` option these sysctls will not be allowed. + + Network Namespace - current sysctls allowed: + Sysctls beginning with net.* + + If you use the `--net=host` option these sysctls will not be allowed. + **--sig-proxy**=*true*|*false* Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is *true*. @@ -955,6 +971,23 @@ $ docker run -d --isolation default busybox top $ docker run -d --isolation hyperv busybox top ``` +## Setting Namespaced Kernel Parameters (Sysctls) + +The `--sysctl` sets namespaced kernel parameters (sysctls) in the +container. For example, to turn on IP forwarding in the containers +network namespace, run this command: + + $ docker run --sysctl net.ipv4.ip_forward=1 someimage + +Note: + +Not all sysctls are namespaced. docker does not support changing sysctls +inside of a container that also modify the host system. As the kernel +evolves we expect to see more sysctls become namespaced. + +See the definition of the `--sysctl` option above for the current list of +supported sysctls. + # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. From 2c6040a8d194fe1dd44d72c4a0c7bef459ec58ea Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Tue, 12 Apr 2016 12:20:03 -0700 Subject: [PATCH 224/398] Fixes #21701 devicemapper docs Copy edit the content Updates to existing material Adding mbentley's comments Updating with last minute comments Update with Seb's comments Signed-off-by: Mary Anthony --- docker-daemon.8.md | 70 ++++++++++++++++++++++++++-------------------- 1 file changed, 40 insertions(+), 30 deletions(-) diff --git a/docker-daemon.8.md b/docker-daemon.8.md index cdc778178221..2b95133bdbac 100644 --- a/docker-daemon.8.md +++ b/docker-daemon.8.md @@ -269,19 +269,27 @@ allocating images and container snapshots. Specifies a custom block storage device to use for the thin pool. -If using a block device for device mapper storage, it is best to use -`lvm` to create and manage the thin-pool volume. This volume is then -handed to Docker to create snapshot volumes needed for images and -containers. +If using a block device for device mapper storage, it is best to use `lvm` +to create and manage the thin-pool volume. This volume is then handed to Docker +to exclusively create snapshot volumes needed for images and containers. -Managing the thin-pool outside of Docker makes for the most feature-rich method -of having Docker utilize device mapper thin provisioning as the backing storage -for Docker's containers. The highlights of the LVM-based thin-pool management -feature include: automatic or interactive thin-pool resize support, dynamically -changing thin-pool features, automatic thinp metadata checking when lvm activates -the thin-pool, etc. +Managing the thin-pool outside of Engine makes for the most feature-rich +method of having Docker utilize device mapper thin provisioning as the +backing storage for Docker containers. The highlights of the lvm-based +thin-pool management feature include: automatic or interactive thin-pool +resize support, dynamically changing thin-pool features, automatic thinp +metadata checking when lvm activates the thin-pool, etc. -Example use: `docker daemon --storage-opt dm.thinpooldev=/dev/mapper/thin-pool` +As a fallback if no thin pool is provided, loopback files are +created. Loopback is very slow, but can be used without any +pre-configuration of storage. It is strongly recommended that you do +not use loopback in production. Ensure your Engine daemon has a +`--storage-opt dm.thinpooldev` argument provided. + +Example use: + + $ docker daemon \ + --storage-opt dm.thinpooldev=/dev/mapper/thin-pool #### dm.basesize @@ -471,27 +479,29 @@ daemon with a supported environment. #### dm.min_free_space -Specifies the min free space percent in thin pool require for new device +Specifies the min free space percent in a thin pool require for new device creation to succeed. This check applies to both free data space as well as free metadata space. Valid values are from 0% - 99%. Value 0% disables -free space checking logic. If user does not specify a value for this optoin, -then default value for this option is 10%. - -Whenever a new thin pool device is created (during docker pull or -during container creation), docker will check minimum free space is -available as specified by this parameter. If that is not the case, then -device creation will fail and docker operation will fail. - -One will have to create more free space in thin pool to recover from the -error. Either delete some of the images and containers from thin pool and -create free space or add more storage to thin pool. - -For lvm thin pool, one can add more storage to volume group container thin -pool and that should automatically resolve it. If loop devices are being -used, then stop docker, grow the size of loop files and restart docker and -that should resolve the issue. - -Example use: `docker daemon --storage-opt dm.min_free_space=10%` +free space checking logic. If user does not specify a value for this option, +the Engine uses a default value of 10%. + +Whenever a new a thin pool device is created (during `docker pull` or during +container creation), the Engine checks if the minimum free space is +available. If the space is unavailable, then device creation fails and any +relevant `docker` operation fails. + +To recover from this error, you must create more free space in the thin pool to +recover from the error. You can create free space by deleting some images +and containers from tge thin pool. You can also add +more storage to the thin pool. + +To add more space to an LVM (logical volume management) thin pool, just add +more storage to the group container thin pool; this should automatically +resolve any errors. If your configuration uses loop devices, then stop the +Engine daemon, grow the size of loop files and restart the daemon to resolve +the issue. + +Example use:: `docker daemon --storage-opt dm.min_free_space=10%` ## ZFS options From 48596d90e1e316450b04f710293f64c524607dd9 Mon Sep 17 00:00:00 2001 From: "Kai Qiang Wu(Kennan)" Date: Thu, 24 Mar 2016 14:31:19 +0000 Subject: [PATCH 225/398] Add network label filter support This patch did following: 1) Make filter check logic same as `docker ps ` filters Right now docker container logic work as following: when same filter used like below: -f name=jack -f name=tom it would get all containers name is jack or tom(it is or logic) when different filter used like below: -f name=jack -f id=7d1 it would get all containers name is jack and id contains 7d1(it is and logic) It would make sense in many user cases, but it did lack of compliate filter cases, like "I want to get containers name is jack or id=7d1", it could work around use (get id=7d1 containers' name and get name=jack containers, and then construct the final containers, they could be done in user side use shell or rest API) 2) Fix one network filter bug which could include duplicate result when use -f name= -f id=, it would get duplicate results 3) Make id filter same as container id filter, which means match any string. not use prefix match. It is for consistent match logic Closes: #21417 Signed-off-by: Kai Qiang Wu(Kennan) --- docker-network-ls.1.md | 71 ++++++++++++++++++++++++++++-------------- 1 file changed, 47 insertions(+), 24 deletions(-) diff --git a/docker-network-ls.1.md b/docker-network-ls.1.md index 56a8334ae412..ff459059e709 100644 --- a/docker-network-ls.1.md +++ b/docker-network-ls.1.md @@ -47,32 +47,56 @@ Multiple filter flags are combined as an `OR` filter. For example, The currently supported filters are: * id (network's id) +* label (`label=` or `label==`) * name (network's name) * type (custom|builtin) -#### Type +#### ID -The `type` filter supports two values; `builtin` displays predefined networks -(`bridge`, `none`, `host`), whereas `custom` displays user defined networks. +The `id` filter matches on all or part of a network's ID. -The following filter matches all user defined networks: +The following filter matches all networks with an ID containing the +`63d1ff1f77b0...` string. ```bash -$ docker network ls --filter type=custom +$ docker network ls --filter id=63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161 NETWORK ID NAME DRIVER -95e74588f40d foo bridge 63d1ff1f77b0 dev bridge ``` -By having this flag it allows for batch cleanup. For example, use this filter -to delete all user defined networks: +You can also filter for a substring in an ID as this shows: ```bash -$ docker network rm `docker network ls --filter type=custom -q` +$ docker network ls --filter id=95e74588f40d +NETWORK ID NAME DRIVER +95e74588f40d foo bridge + +$ docker network ls --filter id=95e +NETWORK ID NAME DRIVER +95e74588f40d foo bridge ``` -A warning will be issued when trying to remove a network that has containers -attached. +#### Label + +The `label` filter matches containers based on the presence of a `label` alone or a `label` and a +value. + +The following filter matches networks with the `usage` label regardless of its value. + +```bash +$ docker network ls -f "label=usage" +NETWORK ID NAME DRIVER +db9db329f835 test1 bridge +f6e212da9dfd test2 bridge +``` + +The following filter matches containers with the `usage` label with the `prod` value. + +```bash +$ docker network ls -f "label=usage=prod" +NETWORK ID NAME DRIVER +f6e212da9dfd test2 bridge +``` #### Name @@ -95,31 +119,30 @@ NETWORK ID NAME DRIVER 06e7eef0a170 foobar bridge ``` -#### ID +#### Type -The `id` filter matches on all or part of a network's ID. +The `type` filter supports two values; `builtin` displays predefined networks +(`bridge`, `none`, `host`), whereas `custom` displays user defined networks. -The following filter matches all networks with an ID containing the -`63d1ff1f77b0...` string. +The following filter matches all user defined networks: ```bash -$ docker network ls --filter id=63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161 +$ docker network ls --filter type=custom NETWORK ID NAME DRIVER +95e74588f40d foo bridge 63d1ff1f77b0 dev bridge ``` -You can also filter for a substring in an ID as this shows: +By having this flag it allows for batch cleanup. For example, use this filter +to delete all user defined networks: ```bash -$ docker network ls --filter id=95e74588f40d -NETWORK ID NAME DRIVER -95e74588f40d foo bridge - -$ docker network ls --filter id=95e -NETWORK ID NAME DRIVER -95e74588f40d foo bridge +$ docker network rm `docker network ls --filter type=custom -q` ``` +A warning will be issued when trying to remove a network that has containers +attached. + # OPTIONS **-f**, **--filter**=*[]* From 462a98ec3c8e94ceebb64cefd4614a25f6f70e92 Mon Sep 17 00:00:00 2001 From: "Kai Qiang Wu(Kennan)" Date: Tue, 19 Apr 2016 04:45:59 +0000 Subject: [PATCH 226/398] Add load/save image event support For every docker load and save operations, it would log related image events. Signed-off-by: Kai Qiang Wu(Kennan) --- docker-events.1.md | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/docker-events.1.md b/docker-events.1.md index 4d0bff25c539..6a1a3649ff79 100644 --- a/docker-events.1.md +++ b/docker-events.1.md @@ -18,11 +18,19 @@ information and real-time information. Docker containers will report the following events: - attach, commit, copy, create, destroy, die, exec_create, exec_start, export, kill, oom, pause, rename, resize, restart, start, stop, top, unpause + attach, commit, copy, create, destroy, die, exec_create, exec_start, export, kill, oom, pause, rename, resize, restart, start, stop, top, unpause, update -and Docker images will report: +Docker images report the following events: - delete, import, pull, push, tag, untag + delete, import, load, pull, push, save, tag, untag + +Docker volumes report the following events: + + create, mount, unmount, destroy + +Docker networks report the following events: + + create, connect, disconnect, destroy # OPTIONS **--help** From ef1888bbc7dbdaa3966caf23ca7317bef465891d Mon Sep 17 00:00:00 2001 From: Wen Cheng Ma Date: Thu, 28 Apr 2016 14:55:22 +0800 Subject: [PATCH 227/398] Update the `docker daemon` to `dockerd` for document Signed-off-by: Wen Cheng Ma --- docker-network-create.1.md | 2 +- docker.1.md | 9 +----- docker-daemon.8.md => dockerd.8.md | 52 ++++++++++++++---------------- 3 files changed, 27 insertions(+), 36 deletions(-) rename docker-daemon.8.md => dockerd.8.md (92%) diff --git a/docker-network-create.1.md b/docker-network-create.1.md index 885a109efd2a..47178aed57b4 100644 --- a/docker-network-create.1.md +++ b/docker-network-create.1.md @@ -46,7 +46,7 @@ conditions are: * A cluster of hosts with connectivity to the key-value store. * A properly configured Engine `daemon` on each host in the cluster. -The `docker daemon` options that support the `overlay` network are: +The `dockerd` options that support the `overlay` network are: * `--cluster-store` * `--cluster-store-opt` diff --git a/docker.1.md b/docker.1.md index 6f4f6ab83615..cf91741c7dfe 100644 --- a/docker.1.md +++ b/docker.1.md @@ -12,14 +12,7 @@ docker \- Docker image and container command line interface **docker** [--help|-v|--version] # DESCRIPTION -**docker** has two distinct functions. It is used for starting the Docker -daemon and to run the CLI (i.e., to command the daemon to manage images, -containers etc.) So **docker** is both a server, as a daemon, and a client -to the daemon, through the CLI. - -To run the Docker daemon you can specify **docker daemon**. -You can view the daemon options using **docker daemon --help**. -To see the man page for the daemon, run **man docker daemon**. +is a client for interacting with the daemon (see **dockerd(8)**) through the CLI. The Docker CLI has over 30 commands. The commands are listed below and each has its own man page which explain usage and arguments. diff --git a/docker-daemon.8.md b/dockerd.8.md similarity index 92% rename from docker-daemon.8.md rename to dockerd.8.md index 2b95133bdbac..74d7ce6aa1a9 100644 --- a/docker-daemon.8.md +++ b/dockerd.8.md @@ -2,10 +2,10 @@ % Shishir Mahajan % SEPTEMBER 2015 # NAME -docker-daemon - Enable daemon mode +dockerd - Enable daemon mode # SYNOPSIS -**docker daemon** +**dockerd** [**--api-cors-header**=[=*API-CORS-HEADER*]] [**--authorization-plugin**[=*[]*]] [**-b**|**--bridge**[=*BRIDGE*]] @@ -59,17 +59,15 @@ docker-daemon - Enable daemon mode [**--userns-remap**[=*default*]] # DESCRIPTION -**docker** has two distinct functions. It is used for starting the Docker -daemon and to run the CLI (i.e., to command the daemon to manage images, -containers etc.) So **docker** is both a server, as a daemon, and a client -to the daemon, through the CLI. - -To run the Docker daemon you can specify **docker daemon**. -You can check the daemon options using **docker daemon --help**. -Daemon options should be specified after the **daemon** keyword in the following +**dockerd** is used for starting the Docker daemon(i.e., to command the daemon to manage images, +containers etc.) So **dockerd** is a server, as a daemon. + +To run the Docker daemon you can specify **dockerd**. +You can check the daemon options using **dockerd --help**. +Daemon options should be specified after the **dockerd** keyword in the following format. -**docker daemon [OPTIONS]** +**dockerd [OPTIONS]** # OPTIONS @@ -288,7 +286,7 @@ not use loopback in production. Ensure your Engine daemon has a Example use: - $ docker daemon \ + $ dockerd \ --storage-opt dm.thinpooldev=/dev/mapper/thin-pool #### dm.basesize @@ -304,7 +302,7 @@ The base device size can be increased at daemon restart which will allow all future images and containers (based on those new images) to be of the new base device size. -Example use: `docker daemon --storage-opt dm.basesize=50G` +Example use: `dockerd --storage-opt dm.basesize=50G` This will increase the base device size to 50G. The Docker daemon will throw an error if existing base device size is larger than 50G. A user can use @@ -318,26 +316,26 @@ value requires additional steps to take effect: $ sudo rm -rf /var/lib/docker $ sudo service docker start -Example use: `docker daemon --storage-opt dm.basesize=20G` +Example use: `dockerd --storage-opt dm.basesize=20G` #### dm.fs Specifies the filesystem type to use for the base device. The supported options are `ext4` and `xfs`. The default is `ext4`. -Example use: `docker daemon --storage-opt dm.fs=xfs` +Example use: `dockerd --storage-opt dm.fs=xfs` #### dm.mkfsarg Specifies extra mkfs arguments to be used when creating the base device. -Example use: `docker daemon --storage-opt "dm.mkfsarg=-O ^has_journal"` +Example use: `dockerd --storage-opt "dm.mkfsarg=-O ^has_journal"` #### dm.mountopt Specifies extra mount options used when mounting the thin devices. -Example use: `docker daemon --storage-opt dm.mountopt=nodiscard` +Example use: `dockerd --storage-opt dm.mountopt=nodiscard` #### dm.use_deferred_removal @@ -355,7 +353,7 @@ the container exit still succeeds and this option causes the system to schedule the device for deferred removal. It does not wait in a loop trying to remove a busy device. -Example use: `docker daemon --storage-opt dm.use_deferred_removal=true` +Example use: `dockerd --storage-opt dm.use_deferred_removal=true` #### dm.use_deferred_deletion @@ -369,7 +367,7 @@ remove a device, the container deletion fails and daemon returns. To avoid this failure, enable both deferred device deletion and deferred device removal on the daemon. -`docker daemon --storage-opt dm.use_deferred_deletion=true --storage-opt dm.use_deferred_removal=true` +`dockerd --storage-opt dm.use_deferred_deletion=true --storage-opt dm.use_deferred_removal=true` With these two options enabled, if a device is busy when the driver is deleting a container, the driver marks the device as deleted. Later, when the @@ -388,7 +386,7 @@ Specifies the size to use when creating the loopback file for the 100G. The file is sparse, so it will not initially take up this much space. -Example use: `docker daemon --storage-opt dm.loopdatasize=200G` +Example use: `dockerd --storage-opt dm.loopdatasize=200G` #### dm.loopmetadatasize @@ -399,7 +397,7 @@ Specifies the size to use when creating the loopback file for the is 2G. The file is sparse, so it will not initially take up this much space. -Example use: `docker daemon --storage-opt dm.loopmetadatasize=4G` +Example use: `dockerd --storage-opt dm.loopmetadatasize=4G` #### dm.datadev @@ -422,7 +420,7 @@ deprecated. Specifies a custom blocksize to use for the thin pool. The default blocksize is 64K. -Example use: `docker daemon --storage-opt dm.blocksize=512K` +Example use: `dockerd --storage-opt dm.blocksize=512K` #### dm.blkdiscard @@ -436,7 +434,7 @@ times, but it also prevents the space used in `/var/lib/docker` directory from being returned to the system for other use when containers are removed. -Example use: `docker daemon --storage-opt dm.blkdiscard=false` +Example use: `dockerd --storage-opt dm.blkdiscard=false` #### dm.override_udev_sync_check @@ -465,7 +463,7 @@ failures, see To allow the `docker` daemon to start, regardless of whether `udev` sync is `false`, set `dm.override_udev_sync_check` to true: - $ docker daemon --storage-opt dm.override_udev_sync_check=true + $ dockerd --storage-opt dm.override_udev_sync_check=true When this value is `true`, the driver continues and simply warns you the errors are happening. @@ -501,7 +499,7 @@ resolve any errors. If your configuration uses loop devices, then stop the Engine daemon, grow the size of loop files and restart the daemon to resolve the issue. -Example use:: `docker daemon --storage-opt dm.min_free_space=10%` +Example use:: `dockerd --storage-opt dm.min_free_space=10%` ## ZFS options @@ -511,7 +509,7 @@ Set zfs filesystem under which docker will create its own datasets. By default docker will pick up the zfs filesystem where docker graph (`/var/lib/docker`) is located. -Example use: `docker daemon -s zfs --storage-opt zfs.fsname=zroot/docker` +Example use: `dockerd -s zfs --storage-opt zfs.fsname=zroot/docker` # CLUSTER STORE OPTIONS @@ -545,7 +543,7 @@ authorization plugins when you start the Docker `daemon` using the `--authorization-plugin=PLUGIN_ID` option. ```bash -docker daemon --authorization-plugin=plugin1 --authorization-plugin=plugin2,... +dockerd --authorization-plugin=plugin1 --authorization-plugin=plugin2,... ``` The `PLUGIN_ID` value is either the plugin's name or a path to its specification From d9d45863d51d8bb11d17be5ab6da87f412b29e7c Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 25 Apr 2016 22:21:11 +0200 Subject: [PATCH 228/398] Add "driver" filter for network ls This add a new filter to 'docker network ls' to allow filtering by driver-name. Contrary to "ID" and "name" filters, this filter only supports an *exact* match. Signed-off-by: Sebastiaan van Stijn --- docker-network-ls.1.md | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/docker-network-ls.1.md b/docker-network-ls.1.md index ff459059e709..3eeff0599300 100644 --- a/docker-network-ls.1.md +++ b/docker-network-ls.1.md @@ -46,11 +46,25 @@ Multiple filter flags are combined as an `OR` filter. For example, The currently supported filters are: +* driver * id (network's id) * label (`label=` or `label==`) * name (network's name) * type (custom|builtin) +#### Driver + +The `driver` filter matches networks based on their driver. + +The following example matches networks with the `bridge` driver: + +```bash +$ docker network ls --filter driver=bridge +NETWORK ID NAME DRIVER +db9db329f835 test1 bridge +f6e212da9dfd test2 bridge +``` + #### ID The `id` filter matches on all or part of a network's ID. @@ -78,7 +92,7 @@ NETWORK ID NAME DRIVER #### Label -The `label` filter matches containers based on the presence of a `label` alone or a `label` and a +The `label` filter matches networks based on the presence of a `label` alone or a `label` and a value. The following filter matches networks with the `usage` label regardless of its value. @@ -90,7 +104,7 @@ db9db329f835 test1 bridge f6e212da9dfd test2 bridge ``` -The following filter matches containers with the `usage` label with the `prod` value. +The following filter matches networks with the `usage` label with the `prod` value. ```bash $ docker network ls -f "label=usage=prod" From 26d54d5965b58d388bfea90c5cab9c695f098017 Mon Sep 17 00:00:00 2001 From: Lucas Chan Date: Mon, 14 Mar 2016 15:53:30 +1100 Subject: [PATCH 229/398] Updated docker-info output and documentation - [x] Update man page description - [x] Update man page sample output to something more current Tested with: `TESTFLAGS='-check.f DockerSuite.TestInfoEnsureSucceeds*' make test-integration-cli` Signed-off-by: Lucas Chan Signed-off-by: Sebastiaan van Stijn --- docker-info.1.md | 99 ++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 84 insertions(+), 15 deletions(-) diff --git a/docker-info.1.md b/docker-info.1.md index d0103df2b114..d777f259f9c8 100644 --- a/docker-info.1.md +++ b/docker-info.1.md @@ -11,9 +11,13 @@ docker-info - Display system-wide information # DESCRIPTION This command displays system wide information regarding the Docker installation. -Information displayed includes the number of containers and images, pool name, -data file, metadata file, data space used, total data space, metadata space used -, total metadata space, execution driver, and the kernel version. +Information displayed includes the kernel version, number of containers and images. +The number of images shown is the number of unique images. The same image tagged +under different names is counted only once. + +Depending on the storage driver in use, additional information can be shown, such +as pool name, data file, metadata file, data space used, total data space, metadata +space used, and total metadata space. The data file is where the images are stored and the metadata file is where the meta data regarding those images are stored. When run for the first time Docker @@ -28,33 +32,98 @@ available on the volume where `/var/lib/docker` is mounted. ## Display Docker system information -Here is a sample output: +Here is a sample output for a daemon running on Ubuntu, using the overlay +storage driver: - # docker info + $ docker -D info Containers: 14 Running: 3 Paused: 1 Stopped: 10 Images: 52 - Server Version: 1.9.0 - Storage Driver: aufs - Root Dir: /var/lib/docker/aufs - Dirs: 80 - Execution Driver: native-0.2 + Server Version: 1.11.1 + Storage Driver: overlay + Backing Filesystem: extfs Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge null host - Kernel Version: 3.13.0-24-generic - Operating System: Ubuntu 14.04 LTS + Kernel Version: 4.4.0-21-generic + Operating System: Ubuntu 16.04 LTS OSType: linux Architecture: x86_64 - CPUs: 1 - Total Memory: 2 GiB + CPUs: 24 + Total Memory: 62.86 GiB Name: docker ID: I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S Docker Root Dir: /var/lib/docker + Debug mode (client): true + Debug mode (server): true + File Descriptors: 59 + Goroutines: 159 + System Time: 2016-04-26T10:04:06.14689342-04:00 + EventsListeners: 0 + Http Proxy: http://test:test@localhost:8080 + Https Proxy: https://test:test@localhost:8080 + No Proxy: localhost,127.0.0.1,docker-registry.somecorporation.com + Username: svendowideit + Registry: https://index.docker.io/v1/ + WARNING: No swap limit support + Labels: + storage=ssd + staging=true + Insecure registries: + myinsecurehost:5000 + 127.0.0.0/8 + +The global `-D` option tells all `docker` commands to output debug information. + +The example below shows the output for a daemon running on Red Hat Enterprise Linux, +using the devicemapper storage driver. As can be seen in the output, additional +information about the devicemapper storage driver is shown: + + $ docker info + Containers: 14 + Running: 3 + Paused: 1 + Stopped: 10 + Untagged Images: 52 + Server Version: 1.10.3 + Storage Driver: devicemapper + Pool Name: docker-202:2-25583803-pool + Pool Blocksize: 65.54 kB + Base Device Size: 10.74 GB + Backing Filesystem: xfs + Data file: /dev/loop0 + Metadata file: /dev/loop1 + Data Space Used: 1.68 GB + Data Space Total: 107.4 GB + Data Space Available: 7.548 GB + Metadata Space Used: 2.322 MB + Metadata Space Total: 2.147 GB + Metadata Space Available: 2.145 GB + Udev Sync Supported: true + Deferred Removal Enabled: false + Deferred Deletion Enabled: false + Deferred Deleted Device Count: 0 + Data loop file: /var/lib/docker/devicemapper/devicemapper/data + Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata + Library Version: 1.02.107-RHEL7 (2015-12-01) + Execution Driver: native-0.2 + Logging Driver: json-file + Plugins: + Volume: local + Network: null host bridge + Kernel Version: 3.10.0-327.el7.x86_64 + Operating System: Red Hat Enterprise Linux Server 7.2 (Maipo) + OSType: linux + Architecture: x86_64 + CPUs: 1 + Total Memory: 991.7 MiB + Name: ip-172-30-0-91.ec2.internal + ID: I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S + Docker Root Dir: /var/lib/docker Debug mode (client): false Debug mode (server): false Username: xyz @@ -62,7 +131,7 @@ Here is a sample output: Insecure registries: myinsecurehost:5000 127.0.0.0/8 - + # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. From 01cd7b9957d237acf7dc666ea0174258aaef9efd Mon Sep 17 00:00:00 2001 From: Zhu Guihua Date: Thu, 24 Mar 2016 09:14:38 +0800 Subject: [PATCH 230/398] Add disk quota support for btrfs Signed-off-by: Zhu Guihua --- docker-create.1.md | 1 + docker-run.1.md | 3 ++- dockerd.8.md | 17 ++++++++++++++--- 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/docker-create.1.md b/docker-create.1.md index 3f90a3a1d852..f8a80cd347ba 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -333,6 +333,7 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. $ docker create -it --storage-opt size=120G fedora /bin/bash This (size) will allow to set the container rootfs size to 120G at creation time. User cannot pass a size less than the Default BaseFS Size. + This option is only available for the `devicemapper`, `btrfs` and `zfs` graphrivers. **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. diff --git a/docker-run.1.md b/docker-run.1.md index 921ff9a07bf7..8fb856b5dc78 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -484,7 +484,8 @@ its root filesystem mounted as read only prohibiting any writes. $ docker run -it --storage-opt size=120G fedora /bin/bash This (size) will allow to set the container rootfs size to 120G at creation time. User cannot pass a size less than the Default BaseFS Size. - + This option is only available for the `devicemapper`, `btrfs` and `zfs` graphrivers. + **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. diff --git a/dockerd.8.md b/dockerd.8.md index 74d7ce6aa1a9..2c381fb0f74c 100644 --- a/dockerd.8.md +++ b/dockerd.8.md @@ -247,9 +247,9 @@ backends use operating system level technologies and can be configured. Specify options to the storage backend with **--storage-opt** flags. The -backends that currently take options are *devicemapper* and *zfs*. -Options for *devicemapper* are prefixed with *dm* and options for *zfs* -start with *zfs*. +backends that currently take options are *devicemapper*, *zfs* and *btrfs*. +Options for *devicemapper* are prefixed with *dm*, options for *zfs* +start with *zfs* and options for *btrfs* start with *btrfs*. Specifically for devicemapper, the default is a "loopback" model which requires no pre-configuration, but is extremely inefficient. Do not @@ -511,6 +511,17 @@ By default docker will pick up the zfs filesystem where docker graph Example use: `dockerd -s zfs --storage-opt zfs.fsname=zroot/docker` +## Btrfs options + +#### btrfs.min_space + +Specifies the mininum size to use when creating the subvolume which is used +for containers. If user uses disk quota for btrfs when creating or running +a container with **--storage-opt size** option, docker should ensure the +**size** cannot be smaller than **btrfs.min_space**. + +Example use: `docker daemon -s btrfs --storage-opt btrfs.min_space=10G` + # CLUSTER STORE OPTIONS The daemon uses libkv to advertise From 1ec2501ce2db0e212f3943e1ec9b64fea9758940 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Fri, 8 Apr 2016 12:15:08 -0400 Subject: [PATCH 231/398] Add support for reading logs extra attrs The jsonlog logger currently allows specifying envs and labels that should be propagated to the log message, however there has been no way to read that back. This adds a new API option to enable inserting these attrs back to the log reader. With timestamps, this looks like so: ``` 92016-04-08T15:28:09.835913720Z foo=bar,hello=world hello ``` The extra attrs are comma separated before the log message but after timestamps. Without timestaps it looks like so: ``` foo=bar,hello=world hello ``` Signed-off-by: Brian Goff --- docker-logs.1.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docker-logs.1.md b/docker-logs.1.md index f910b53574f0..db23a0f137a7 100644 --- a/docker-logs.1.md +++ b/docker-logs.1.md @@ -30,6 +30,9 @@ logging drivers. **--help** Print usage statement +**--details**=*true*|*false* + Show extra details provided to logs + **-f**, **--follow**=*true*|*false* Follow log output. The default is *false*. @@ -55,6 +58,10 @@ epoch or Unix time), and the optional .nanoseconds field is a fraction of a second no more than nine digits long. You can combine the `--since` option with either or both of the `--follow` or `--tail` options. +The `docker logs --details` command will add on extra attributes, such as +environment variables and labels, provided to `--log-opt` when creating the +container. + # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. From ced1317ebc7751ce149da845cd6752da0a10ea7c Mon Sep 17 00:00:00 2001 From: Sean Christopherson Date: Tue, 10 May 2016 09:58:55 -0700 Subject: [PATCH 232/398] Add the swapMemorySupport requirement to OOM tests Add the swapMemorySupport requirement to all tests related to the OOM killer. The --memory option has the subtle side effect of defaulting --memory-swap to double the value of --memory. The OOM killer doesn't kick in until the container exhausts memory+swap, and so without the memory swap cgroup the tests will timeout due to swap being effectively unlimited. Document the default behavior of --memory-swap in the docker run man page. Signed-off-by: Sean Christopherson --- docker-run.1.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker-run.1.md b/docker-run.1.md index 8fb856b5dc78..101acfa606b7 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -353,7 +353,8 @@ as memory limit. **--memory-swap**="LIMIT" A limit value equal to memory plus swap. Must be used with the **-m** (**--memory**) flag. The swap `LIMIT` should always be larger than **-m** -(**--memory**) value. +(**--memory**) value. By default, the swap `LIMIT` will be set to double +the value of --memory. The format of `LIMIT` is `[]`. Unit can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a From 76c123096c7c5213abd6b43958e1916b992cf76d Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Thu, 5 May 2016 21:45:55 -0700 Subject: [PATCH 233/398] Docker pull/push with max concurrency limits. This fix tries to address issues raised in #20936 and #22443 where `docker pull` or `docker push` fails because of the concurrent connection failing. Currently, the number of maximum concurrent connections is controlled by `maxDownloadConcurrency` and `maxUploadConcurrency` which are hardcoded to 3 and 5 respectively. Therefore, in situations where network connections don't support multiple downloads/uploads, failures may encounter for `docker push` or `docker pull`. This fix tries changes `maxDownloadConcurrency` and `maxUploadConcurrency` to adjustable by passing `--max-concurrent-uploads` and `--max-concurrent-downloads` to `docker daemon` command. The documentation related to docker daemon has been updated. Additional test case have been added to cover the changes in this fix. This fix fixes #20936. This fix fixes #22443. Signed-off-by: Yong Tang --- dockerd.8.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/dockerd.8.md b/dockerd.8.md index 2c381fb0f74c..122609ee1974 100644 --- a/dockerd.8.md +++ b/dockerd.8.md @@ -44,6 +44,8 @@ dockerd - Enable daemon mode [**--log-driver**[=*json-file*]] [**--log-opt**[=*map[]*]] [**--mtu**[=*0*]] +[**--max-concurrent-downloads**[=*3*]] +[**--max-concurrent-uploads**[=*5*]] [**-p**|**--pidfile**[=*/var/run/docker.pid*]] [**--raw-logs**] [**--registry-mirror**[=*[]*]] @@ -197,6 +199,12 @@ unix://[/path/to/socket] to use. **--mtu**=*0* Set the containers network mtu. Default is `0`. +**--max-concurrent-downloads**=*3* + Set the max concurrent downloads for each pull. Default is `3`. + +**--max-concurrent-uploads**=*5* + Set the max concurrent uploads for each push. Default is `5`. + **-p**, **--pidfile**="" Path to use for daemon PID file. Default is `/var/run/docker.pid` From fede72a5584958def8606e1d8cdaf3f0c0e6aeb5 Mon Sep 17 00:00:00 2001 From: Mrunal Patel Date: Fri, 6 May 2016 14:56:03 -0400 Subject: [PATCH 234/398] Add support for --pid=container: Signed-off-by: Mrunal Patel --- docker-create.1.md | 9 +++++---- docker-run.1.md | 9 +++++---- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/docker-create.1.md b/docker-create.1.md index f8a80cd347ba..d48e1ac3c4ec 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -57,7 +57,7 @@ docker-create - Create a new container [**--oom-score-adj**[=*0*]] [**-P**|**--publish-all**] [**-p**|**--publish**[=*[]*]] -[**--pid**[=*[]*]] +[**--pid**[=*[PID]*]] [**--userns**[=*[]*]] [**--pids-limit**[=*PIDS_LIMIT*]] [**--privileged**] @@ -289,10 +289,11 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`) (use 'docker port' to see the actual mapping) -**--pid**=*host* +**--pid**="" Set the PID mode for the container - **host**: use the host's PID namespace inside the container. - Note: the host mode gives the container full access to local PID and is therefore considered insecure. + Default is to create a private PID namespace for the container + 'container:': join another container's PID namespace + 'host': use the host's PID namespace for the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure. **--userns**="" Set the usernamespace mode for the container when `userns-remap` option is enabled. diff --git a/docker-run.1.md b/docker-run.1.md index 101acfa606b7..6de2f2d70e48 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -59,7 +59,7 @@ docker-run - Run a command in a new container [**--oom-score-adj**[=*0*]] [**-P**|**--publish-all**] [**-p**|**--publish**[=*[]*]] -[**--pid**[=*[]*]] +[**--pid**[=*[PID]*]] [**--userns**[=*[]*]] [**--pids-limit**[=*PIDS_LIMIT*]] [**--privileged**] @@ -420,10 +420,11 @@ but not `docker run -p 1230-1236:1230-1240 --name RangeContainerPortsBiggerThanR With ip: `docker run -p 127.0.0.1:$HOSTPORT:$CONTAINERPORT --name CONTAINER -t someimage` Use `docker port` to see the actual mapping: `docker port CONTAINER $CONTAINERPORT` -**--pid**=*host* +**--pid**="" Set the PID mode for the container - **host**: use the host's PID namespace inside the container. - Note: the host mode gives the container full access to local PID and is therefore considered insecure. + Default is to create a private PID namespace for the container + 'container:': join another container's PID namespace + 'host': use the host's PID namespace for the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure. **--userns**="" Set the usernamespace mode for the container when `userns-remap` option is enabled. From 8b50845d8654c41c487c9271b8e22a879050b63a Mon Sep 17 00:00:00 2001 From: Fabrizio Soppelsa Date: Fri, 20 May 2016 13:41:28 +0200 Subject: [PATCH 235/398] Add a --filter option to `docker search` The filtering is made server-side, and the following filters are supported: * is-official (boolean) * is-automated (boolean) * has-stars (integer) Signed-off-by: Fabrizio Soppelsa Signed-off-by: Vincent Demeester --- docker-search.1.md | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/docker-search.1.md b/docker-search.1.md index a95c0237736e..c1728f548ca3 100644 --- a/docker-search.1.md +++ b/docker-search.1.md @@ -6,10 +6,9 @@ docker-search - Search the Docker Hub for images # SYNOPSIS **docker search** -[**--automated**] +[**-f**|**--filter**[=*[]*]] [**--help**] [**--no-trunc**] -[**-s**|**--stars**[=*0*]] TERM # DESCRIPTION @@ -21,8 +20,12 @@ of stars awarded, whether the image is official, and whether it is automated. *Note* - Search queries will only return up to 25 results # OPTIONS -**--automated**=*true*|*false* - Only show automated builds. The default is *false*. + +**-f**, **--filter**=[] + Filter output based on these conditions: + - stars= + - is-automated=(true|false) + - is-official=(true|false) **--help** Print usage statement @@ -30,9 +33,6 @@ of stars awarded, whether the image is official, and whether it is automated. **--no-trunc**=*true*|*false* Don't truncate output. The default is *false*. -**-s**, **--stars**=*X* - Only displays with at least X stars. The default is zero. - # EXAMPLES ## Search Docker Hub for ranked images @@ -40,7 +40,7 @@ of stars awarded, whether the image is official, and whether it is automated. Search a registry for the term 'fedora' and only display those images ranked 3 or higher: - $ docker search -s 3 fedora + $ docker search --filter=stars=3 fedora NAME DESCRIPTION STARS OFFICIAL AUTOMATED mattdm/fedora A basic Fedora image corresponding roughly... 50 fedora (Semi) Official Fedora base image. 38 @@ -52,7 +52,7 @@ ranked 3 or higher: Search Docker Hub for the term 'fedora' and only display automated images ranked 1 or higher: - $ docker search --automated -s 1 fedora + $ docker search --filter=is-automated=true --filter=stars=1 fedora NAME DESCRIPTION STARS OFFICIAL AUTOMATED goldmann/wildfly A WildFly application server running on a ... 3 [OK] tutum/fedora-20 Fedora 20 image with SSH access. For the r... 1 [OK] @@ -62,4 +62,5 @@ April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. June 2014, updated by Sven Dowideit April 2015, updated by Mary Anthony for v2 +April 2016, updated by Vincent Demeester From b819438cdcaf9bd8d39d55cbbd54105b51fd1abc Mon Sep 17 00:00:00 2001 From: Christian Persson Date: Fri, 20 May 2016 20:15:57 +0200 Subject: [PATCH 236/398] Replace U+2018 and U+2019 with U+0027 in manpages Signed-off-by: Christian Persson --- docker-events.1.md | 2 +- docker-logs.1.md | 4 ++-- docker-run.1.md | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docker-events.1.md b/docker-events.1.md index 6a1a3649ff79..15a5d516a5c7 100644 --- a/docker-events.1.md +++ b/docker-events.1.md @@ -47,7 +47,7 @@ Docker networks report the following events: The `--since` and `--until` parameters can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed -relative to the client machine’s time. If you do not provide the `--since` option, +relative to the client machine's time. If you do not provide the `--since` option, the command returns only new and/or live events. Supported formats for date formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, `2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local diff --git a/docker-logs.1.md b/docker-logs.1.md index db23a0f137a7..e70f796e2899 100644 --- a/docker-logs.1.md +++ b/docker-logs.1.md @@ -21,7 +21,7 @@ any logs at the time you execute docker logs). The **docker logs --follow** command combines commands **docker logs** and **docker attach**. It will first return all logs from the beginning and -then continue streaming new output from the container’s stdout and stderr. +then continue streaming new output from the container's stdout and stderr. **Warning**: This command works only for the **json-file** or **journald** logging drivers. @@ -46,7 +46,7 @@ logging drivers. Output the specified number of lines at the end of logs (defaults to all logs) The `--since` option can be Unix timestamps, date formatted timestamps, or Go -duration strings (e.g. `10m`, `1h30m`) computed relative to the client machine’s +duration strings (e.g. `10m`, `1h30m`) computed relative to the client machine's time. Supported formats for date formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, `2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local timezone on the client will be diff --git a/docker-run.1.md b/docker-run.1.md index 6de2f2d70e48..fbce215db5ce 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -103,7 +103,7 @@ pull** IMAGE, before it starts the container from that image. In foreground mode (the default when **-d** is not specified), **docker run** can start the process in the container -and attach the console to the process’s standard input, output, and standard +and attach the console to the process's standard input, output, and standard error. It can even pretend to be a TTY (this is what most commandline executables expect) and pass along signals. The **-a** option can be set for each of stdin, stdout, and stderr. @@ -735,7 +735,7 @@ This should list the message sent to logger. If you do not specify -a then Docker will attach everything (stdin,stdout,stderr) . You can specify to which of the three standard streams (stdin, stdout, stderr) -you’d like to connect instead, as in: +you'd like to connect instead, as in: # docker run -a stdin -a stdout -i -t fedora /bin/bash @@ -849,7 +849,7 @@ If a container is connected to the default bridge network and `linked` with other containers, then the container's `/etc/hosts` file is updated with the linked container's name. -> **Note** Since Docker may live update the container’s `/etc/hosts` file, there +> **Note** Since Docker may live update the container's `/etc/hosts` file, there may be situations when processes inside the container can end up reading an empty or incomplete `/etc/hosts` file. In most cases, retrying the read again should fix the problem. From 9aab0b211fd475eac43737cb07c1aaa153aa132c Mon Sep 17 00:00:00 2001 From: John Howard Date: Thu, 14 Apr 2016 17:12:02 -0700 Subject: [PATCH 237/398] Windows: Default to Hyper-V Containers on client Signed-off-by: John Howard --- docker-create.1.md | 4 +++- docker-run.1.md | 4 +++- dockerd.8.md | 6 ++++++ 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/docker-create.1.md b/docker-create.1.md index d48e1ac3c4ec..e630d5fdcdea 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -197,7 +197,9 @@ two memory nodes. 'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. **--isolation**="*default*" - Isolation specifies the type of isolation technology used by containers. + Isolation specifies the type of isolation technology used by containers. Note +that the default on Windows server is `process`, and the default on Windows client +is `hyperv`. Linux only supports `default`. **--kernel-memory**="" Kernel memory limit (format: `[]`, where unit = b, k, m or g) diff --git a/docker-run.1.md b/docker-run.1.md index fbce215db5ce..fb810d32f9d6 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -297,7 +297,9 @@ redirection on the host system. 'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. **--isolation**="*default*" - Isolation specifies the type of isolation technology used by containers. + Isolation specifies the type of isolation technology used by containers. Note +that the default on Windows server is `process`, and the default on Windows client +is `hyperv`. Linux only supports `default`. **-l**, **--label**=[] Set metadata on the container (e.g., --label com.example.key=value) diff --git a/dockerd.8.md b/dockerd.8.md index 122609ee1974..9f980310e4d6 100644 --- a/dockerd.8.md +++ b/dockerd.8.md @@ -39,6 +39,7 @@ dockerd - Enable daemon mode [**--ip-masq**[=*true*]] [**--iptables**[=*true*]] [**--ipv6**] +[**--isolation**[=*default*]] [**-l**|**--log-level**[=*info*]] [**--label**[=*[]*]] [**--log-driver**[=*json-file*]] @@ -183,6 +184,11 @@ unix://[/path/to/socket] to use. **--ipv6**=*true*|*false* Enable IPv6 support. Default is false. Docker will create an IPv6-enabled bridge with address fe80::1 which will allow you to create IPv6-enabled containers. Use together with `--fixed-cidr-v6` to provide globally routable IPv6 addresses. IPv6 forwarding will be enabled if not used with `--ip-forward=false`. This may collide with your host's current IPv6 settings. For more information please consult the documentation about "Advanced Networking - IPv6". +**--isolation**="*default*" + Isolation specifies the type of isolation technology used by containers. Note +that the default on Windows server is `process`, and the default on Windows client +is `hyperv`. Linux only supports `default`. + **-l**, **--log-level**="*debug*|*info*|*warn*|*error*|*fatal*" Set the logging level. Default is `info`. From 3de2c3b8afa22ad2e4e7028fea82eb7d35101b5f Mon Sep 17 00:00:00 2001 From: Subhajit Ghosh Date: Wed, 11 May 2016 14:15:50 +0100 Subject: [PATCH 238/398] Document valid chars in image name and tag - Add link to valid image name and tag formats in referenced files - Per review comments, updated docs to remove reference to `USERNAME` and `REGISTRYHOST`. - Per review comment, removed links from man page. - Per review comment, added and updated examples on `docker tag` Signed-off-by: Subhajit Ghosh --- docker-build.1.md | 4 +++- docker-commit.1.md | 3 ++- docker-push.1.md | 3 ++- docker-tag.1.md | 53 +++++++++++++++++++++++++++++----------------- 4 files changed, 41 insertions(+), 22 deletions(-) diff --git a/docker-build.1.md b/docker-build.1.md index 69d78cd9a339..b654e2d92293 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -91,7 +91,9 @@ set as the **URL**, the repository is cloned locally and then sent as the contex Remove intermediate containers after a successful build. The default is *true*. **-t**, **--tag**="" - Repository names (and optionally with tags) to be applied to the resulting image in case of success. + Repository names (and optionally with tags) to be applied to the resulting + image in case of success. Refer to **docker-tag(1)** for more information + about valid tag names. **-m**, **--memory**=*MEMORY* Memory limit diff --git a/docker-commit.1.md b/docker-commit.1.md index 5912d3636d46..d8a4cf8387a5 100644 --- a/docker-commit.1.md +++ b/docker-commit.1.md @@ -16,7 +16,8 @@ CONTAINER [REPOSITORY[:TAG]] # DESCRIPTION Create a new image from an existing container specified by name or container ID. The new image will contain the contents of the -container filesystem, *excluding* any data volumes. +container filesystem, *excluding* any data volumes. Refer to **docker-tag(1)** +for more information about valid image and tag names. While the `docker commit` command is a convenient way of extending an existing image, you should prefer the use of a Dockerfile and `docker diff --git a/docker-push.1.md b/docker-push.1.md index 1b487a0d55c1..4919489a99a5 100644 --- a/docker-push.1.md +++ b/docker-push.1.md @@ -13,7 +13,8 @@ NAME[:TAG] | [REGISTRY_HOST[:REGISTRY_PORT]/]NAME[:TAG] This command pushes an image or a repository to a registry. If you do not specify a `REGISTRY_HOST`, the command uses Docker's public registry located at -`registry-1.docker.io` by default. +`registry-1.docker.io` by default. Refer to **docker-tag(1)** for more +information about valid image and tag names. # OPTIONS **--help** diff --git a/docker-tag.1.md b/docker-tag.1.md index 68c90b765c4e..9bb252aef083 100644 --- a/docker-tag.1.md +++ b/docker-tag.1.md @@ -7,44 +7,59 @@ docker-tag - Tag an image into a repository # SYNOPSIS **docker tag** [**--help**] -IMAGE[:TAG] [REGISTRY_HOST/][USERNAME/]NAME[:TAG] +NAME[:TAG] NAME[:TAG] # DESCRIPTION Assigns a new alias to an image in a registry. An alias refers to the entire image name including the optional `TAG` after the ':'. -If you do not specify a `REGISTRY_HOST`, the command uses Docker's public -registry located at `registry-1.docker.io` by default. - # "OPTIONS" **--help** Print usage statement. -**REGISTRY_HOST** - The hostname of the registry if required. This may also include the port -separated by a ':' - -**USERNAME** - The username or other qualifying identifier for the image. - **NAME** - The image name. + The image name which is made up of slash-separated name components, + optionally prefixed by a registry hostname. The hostname must comply with + standard DNS rules, but may not contain underscores. If a hostname is + present, it may optionally be followed by a port number in the format + `:8080`. If not present, the command uses Docker's public registry located at + `registry-1.docker.io` by default. Name components may contain lowercase + characters, digits and separators. A separator is defined as a period, one or + two underscores, or one or more dashes. A name component may not start or end + with a separator. **TAG** - The tag you are assigning to the image. Though this is arbitrary it is -recommended to be used for a version to distinguish images with the same name. -Also, for consistency tags should only include a-z0-9-_. . -Note that here TAG is a part of the overall name or "tag". + The tag assigned to the image to version and distinguish images with the same + name. The tag name may contain lowercase and uppercase characters, digits, + underscores, periods and dashes. A tag name may not start with a period or a + dash and may contain a maximum of 128 characters. # EXAMPLES -## Giving an image a new alias +## Tagging an image referenced by ID -Here is an example of aliasing an image (e.g., 0e5574283393) as "httpd" and -tagging it into the "fedora" repository with "version1.0": +To tag a local image with ID "0e5574283393" into the "fedora" repository with +"version1.0": docker tag 0e5574283393 fedora/httpd:version1.0 +## Tagging an image referenced by Name + +To tag a local image with name "httpd" into the "fedora" repository with +"version1.0": + + docker tag httpd fedora/httpd:version1.0 + +Note that since the tag name is not specified, the alias is created for an +existing local version `httpd:latest`. + +## Tagging an image referenced by Name and Tag + +To tag a local image with name "httpd" and tag "test" into the "fedora" +repository with "version1.0.test": + + docker tag httpd:test fedora/httpd:version1.0.test + ## Tagging an image for a private repository To push an image to a private registry and not the central Docker From cefba8542dc4edc9fc15a006319d15316995bdd2 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Mon, 23 May 2016 09:10:14 +0000 Subject: [PATCH 239/398] update docs/reference/commandline/cp.md Close #22020 Signed-off-by: Akihiro Suda --- docker-cp.1.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/docker-cp.1.md b/docker-cp.1.md index 84d64c268881..949d60bb8b0c 100644 --- a/docker-cp.1.md +++ b/docker-cp.1.md @@ -78,7 +78,16 @@ you must be explicit with a relative or absolute path, for example: `/path/to/file:name.txt` or `./file:name.txt` It is not possible to copy certain system files such as resources under -`/proc`, `/sys`, `/dev`, and mounts created by the user in the container. +`/proc`, `/sys`, `/dev`, tmpfs, and mounts created by the user in the container. +However, you can still copy such files by manually running `tar` in `docker exec`. +For example (consider `SRC_PATH` and `DEST_PATH` are directories): + + $ docker exec foo tar Ccf $(dirname SRC_PATH) - $(basename SRC_PATH) | tar Cxf DEST_PATH - + +or + + $ tar Ccf $(dirname SRC_PATH) - $(basename SRC_PATH) | docker exec -i foo tar Cxf DEST_PATH - + Using `-` as the `SRC_PATH` streams the contents of `STDIN` as a tar archive. The command extracts the content of the tar to the `DEST_PATH` in container's From 725ca01742073bda1197a2e83bcd7ef0a1a21ecc Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Wed, 25 May 2016 13:49:10 +0200 Subject: [PATCH 240/398] Add before and since filter to images Add support for two now filter on the `images` command : `before` and `since`. They work the same as the one on the `ps` command but for images. $ docker images --filter before=myimage # display all images older than myimage $ docker images --filter since=myimage # display all images younger than myimage Signed-off-by: Vincent Demeester --- docker-images.1.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docker-images.1.md b/docker-images.1.md index 8410280a1df3..fd551a58db1e 100644 --- a/docker-images.1.md +++ b/docker-images.1.md @@ -38,7 +38,11 @@ versions. Show image digests. The default is *false*. **-f**, **--filter**=[] - Filters the output. The dangling=true filter finds unused images. While label=com.foo=amd64 filters for images with a com.foo value of amd64. The label=com.foo filter finds images with the label com.foo of any value. + Filters the output based on these conditions: + - dangling=(true|false) - finds unused images. + - label= or label== + - before=([:tag]||) + - since=([:tag]||) **--format**="*TEMPLATE*" Pretty-print containers using a Go template. From fafb6cafd9cba4e60d0970b19f5707b2c2b4f996 Mon Sep 17 00:00:00 2001 From: allencloud Date: Sun, 8 May 2016 09:36:10 +0800 Subject: [PATCH 241/398] fix typos Signed-off-by: allencloud --- docker-attach.1.md | 2 +- docker-inspect.1.md | 2 +- docker-run.1.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docker-attach.1.md b/docker-attach.1.md index c78f4fbb1b36..5ddf96f68b3c 100644 --- a/docker-attach.1.md +++ b/docker-attach.1.md @@ -43,7 +43,7 @@ attaching to a tty-enabled container (i.e.: launched with `-t`). # Override the detach sequence -If you want, you can configure a override the Docker key sequence for detach. +If you want, you can configure an override the Docker key sequence for detach. This is is useful if the Docker default sequence conflicts with key squence you use for other applications. There are two ways to defines a your own detach key sequence, as a per-container override or as a configuration property on your diff --git a/docker-inspect.1.md b/docker-inspect.1.md index 1bc2cf0b9cea..6d7a54ad3bc5 100644 --- a/docker-inspect.1.md +++ b/docker-inspect.1.md @@ -223,7 +223,7 @@ output: You can get more information about how to write a Go template from: https://golang.org/pkg/text/template/. -## Getting size information on an container +## Getting size information on a container $ docker inspect -s d2cc496561d6 [ diff --git a/docker-run.1.md b/docker-run.1.md index fb810d32f9d6..2d02b7cbfb1e 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -219,7 +219,7 @@ See **config-json(5)** for documentation on using a configuration file. Limit write rate to a device (e.g. --device-write-bps=/dev/sda:1mb) **--device-write-iops**=[] - Limit write rate a a device (e.g. --device-write-iops=/dev/sda:1000) + Limit write rate to a device (e.g. --device-write-iops=/dev/sda:1000) **--dns-search**=[] Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) From 9e57d0dc4eca24369b3029d1d6bb8e92a268d5b6 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Wed, 1 Jun 2016 13:38:14 -0700 Subject: [PATCH 242/398] Add `--limit` option to `docker search` This fix tries to address the issue raised in #23055. Currently `docker search` result caps at 25 and there is no way to allow getting more results (if exist). This fix adds the flag `--limit` so that it is possible to return more results from the `docker search`. Related documentation has been updated. Additional tests have been added to cover the changes. This fix fixes #23055. Signed-off-by: Yong Tang --- docker-search.1.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker-search.1.md b/docker-search.1.md index c1728f548ca3..ad8bbc78b2bb 100644 --- a/docker-search.1.md +++ b/docker-search.1.md @@ -8,6 +8,7 @@ docker-search - Search the Docker Hub for images **docker search** [**-f**|**--filter**[=*[]*]] [**--help**] +[**--limit**[=*LIMIT*]] [**--no-trunc**] TERM @@ -30,6 +31,9 @@ of stars awarded, whether the image is official, and whether it is automated. **--help** Print usage statement +**--limit**=*LIMIT* + Maximum returned search results. The default is 25. + **--no-trunc**=*true*|*false* Don't truncate output. The default is *false*. From 205176da8291bc2f4fd2b743240bc79ac6a642c8 Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Fri, 3 Jun 2016 15:28:19 +0200 Subject: [PATCH 243/398] man: mv config-json.5 to docker-config-json.5 Signed-off-by: Antonio Murdaca --- config-json.5.md => docker-config-json.5.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename config-json.5.md => docker-config-json.5.md (100%) diff --git a/config-json.5.md b/docker-config-json.5.md similarity index 100% rename from config-json.5.md rename to docker-config-json.5.md From 1b3ad56eda29ef7bf6655bdbce2a7c53a4d82ffd Mon Sep 17 00:00:00 2001 From: Alexander Morozov Date: Fri, 3 Jun 2016 10:11:52 -0700 Subject: [PATCH 244/398] attach: replace interface with simple type Also add docs to detach events Signed-off-by: Alexander Morozov --- docker-events.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-events.1.md b/docker-events.1.md index 15a5d516a5c7..4e38b536879f 100644 --- a/docker-events.1.md +++ b/docker-events.1.md @@ -18,7 +18,7 @@ information and real-time information. Docker containers will report the following events: - attach, commit, copy, create, destroy, die, exec_create, exec_start, export, kill, oom, pause, rename, resize, restart, start, stop, top, unpause, update + attach, commit, copy, create, destroy, detach, die, exec_create, exec_detach, exec_start, export, kill, oom, pause, rename, resize, restart, start, stop, top, unpause, update Docker images report the following events: From c66cc894d531e1c3c523302655441a2213d1006a Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Sun, 5 Jun 2016 14:03:23 -0700 Subject: [PATCH 245/398] Fix a couple of typos in docker attach docs. This fix fixes a couple of typos in docker attach docs: docs/reference/commandline/attach.md man/docker-attach.1.md Signed-off-by: Yong Tang --- docker-attach.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-attach.1.md b/docker-attach.1.md index 5ddf96f68b3c..c02522eb52ca 100644 --- a/docker-attach.1.md +++ b/docker-attach.1.md @@ -44,7 +44,7 @@ attaching to a tty-enabled container (i.e.: launched with `-t`). # Override the detach sequence If you want, you can configure an override the Docker key sequence for detach. -This is is useful if the Docker default sequence conflicts with key squence you +This is useful if the Docker default sequence conflicts with key sequence you use for other applications. There are two ways to defines a your own detach key sequence, as a per-container override or as a configuration property on your entire configuration. From 317f6175f651334959e38d56b27216c5da5fa60e Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 6 Jun 2016 14:20:41 +0200 Subject: [PATCH 246/398] network docs cleanup This fixes some Markup and formatting issues in the network documentation; - wrap text to 80 chars - add missing language hints for code examples - add missing line continuations (\) - update USAGE output for Cobra Signed-off-by: Sebastiaan van Stijn --- docker-network-create.1.md | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/docker-network-create.1.md b/docker-network-create.1.md index 47178aed57b4..0ca1c4cc79ed 100644 --- a/docker-network-create.1.md +++ b/docker-network-create.1.md @@ -101,12 +101,19 @@ specify subnetwork values directly using the `--subnet` option. On a `bridge` network you can only create a single subnet: ```bash -docker network create -d bridge --subnet=192.168.0.0/16 br0 +$ docker network create -d bridge --subnet=192.168.0.0/16 br0 ``` -Additionally, you also specify the `--gateway` `--ip-range` and `--aux-address` options. + +Additionally, you also specify the `--gateway` `--ip-range` and `--aux-address` +options. ```bash -network create --driver=bridge --subnet=172.28.0.0/16 --ip-range=172.28.5.0/24 --gateway=172.28.5.254 br0 +$ docker network create \ + --driver=bridge \ + --subnet=172.28.0.0/16 \ + --ip-range=172.28.5.0/24 \ + --gateway=172.28.5.254 \ + br0 ``` If you omit the `--gateway` flag the Engine selects one for you from inside a @@ -114,20 +121,26 @@ preferred pool. For `overlay` networks and for network driver plugins that support it you can create multiple subnetworks. ```bash -docker network create -d overlay - --subnet=192.168.0.0/16 --subnet=192.170.0.0/16 - --gateway=192.168.0.100 --gateway=192.170.0.100 - --ip-range=192.168.1.0/24 - --aux-address a=192.168.1.5 --aux-address b=192.168.1.6 - --aux-address a=192.170.1.5 --aux-address b=192.170.1.6 +$ docker network create -d overlay \ + --subnet=192.168.0.0/16 \ + --subnet=192.170.0.0/16 \ + --gateway=192.168.0.100 \ + --gateway=192.170.0.100 \ + --ip-range=192.168.1.0/24 \ + --aux-address a=192.168.1.5 --aux-address b=192.168.1.6 \ + --aux-address a=192.170.1.5 --aux-address b=192.170.1.6 \ my-multihost-network ``` -Be sure that your subnetworks do not overlap. If they do, the network create fails and Engine returns an error. + +Be sure that your subnetworks do not overlap. If they do, the network create +fails and Engine returns an error. ### Network internal mode -By default, when you connect a container to an `overlay` network, Docker also connects a bridge network to it to provide external connectivity. -If you want to create an externally isolated `overlay` network, you can specify the `--internal` option. +By default, when you connect a container to an `overlay` network, Docker also +connects a bridge network to it to provide external connectivity. If you want +to create an externally isolated `overlay` network, you can specify the +`--internal` option. # OPTIONS **--aux-address**=map[] From 7283b47a75a4607ac7cc7e8fad3ec0d3b693d9e7 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Mon, 6 Jun 2016 19:06:50 -0700 Subject: [PATCH 247/398] Fix a couple of typos in the docs of `docker attach` This fix fixed a couple of typos in the docs of `docker attach`: docs/reference/commandline/attach.md man/docker-attach.1.md Signed-off-by: Yong Tang --- docker-attach.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-attach.1.md b/docker-attach.1.md index c02522eb52ca..c39d1c9290ee 100644 --- a/docker-attach.1.md +++ b/docker-attach.1.md @@ -45,7 +45,7 @@ attaching to a tty-enabled container (i.e.: launched with `-t`). If you want, you can configure an override the Docker key sequence for detach. This is useful if the Docker default sequence conflicts with key sequence you -use for other applications. There are two ways to defines a your own detach key +use for other applications. There are two ways to define your own detach key sequence, as a per-container override or as a configuration property on your entire configuration. From 3eab4d9a86dce5e22acc48824e18d80416602389 Mon Sep 17 00:00:00 2001 From: Sainath Grandhi Date: Fri, 27 May 2016 12:20:31 -0700 Subject: [PATCH 248/398] Adding network filter to docker ps command Signed-off-by: Sainath Grandhi --- docker-ps.1.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-ps.1.md b/docker-ps.1.md index f56796648752..0c2404b573d3 100644 --- a/docker-ps.1.md +++ b/docker-ps.1.md @@ -36,6 +36,7 @@ the running containers. - since=(|) - ancestor=([:tag]||) - containers created from an image or a descendant. - volume=(|) + - network=() - containers connected to the provided network name **--format**="*TEMPLATE*" Pretty-print containers using a Go template. From 3f3e6d832adef0515b3a157b86f80f7477e8b213 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 6 Jun 2016 02:04:33 +0200 Subject: [PATCH 249/398] add support for filtering by network ID This adds support for filtering by network ID, to be consistent with other filter options. Note that only *full* matches are returned; this is consistent with other filters (e.g. volume), that also return full matches only. Signed-off-by: Sebastiaan van Stijn --- docker-ps.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-ps.1.md b/docker-ps.1.md index 0c2404b573d3..14c770121f6d 100644 --- a/docker-ps.1.md +++ b/docker-ps.1.md @@ -36,7 +36,7 @@ the running containers. - since=(|) - ancestor=([:tag]||) - containers created from an image or a descendant. - volume=(|) - - network=() - containers connected to the provided network name + - network=(|) - containers connected to the provided network **--format**="*TEMPLATE*" Pretty-print containers using a Go template. From 0c87fce09122569477e71b35fb1012a659228d86 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Wed, 8 Jun 2016 17:40:37 +0200 Subject: [PATCH 250/398] Update docker-load documentation Signed-off-by: Vincent Demeester --- docker-load.1.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/docker-load.1.md b/docker-load.1.md index c54fe607b95a..b16517304724 100644 --- a/docker-load.1.md +++ b/docker-load.1.md @@ -13,7 +13,8 @@ docker-load - Load an image from a tar archive or STDIN # DESCRIPTION Loads a tarred repository from a file or the standard input stream. -Restores both images and tags. +Restores both images and tags. Write image names or IDs imported it +standard output stream. # OPTIONS **--help** @@ -23,7 +24,7 @@ Restores both images and tags. Read from a tar archive file, instead of STDIN. The tarball may be compressed with gzip, bzip, or xz. **-q**, **--quiet** - Suppress the load output. Without this option, a progress bar is displayed. + Suppress the load progress bar but still outputs the imported images. # EXAMPLES @@ -31,6 +32,11 @@ Restores both images and tags. REPOSITORY TAG IMAGE ID CREATED SIZE busybox latest 769b9341d937 7 weeks ago 2.489 MB $ docker load --input fedora.tar + # […] + Loaded image: fedora:rawhide + # […] + Loaded image: fedora:20 + # […] $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE busybox latest 769b9341d937 7 weeks ago 2.489 MB @@ -47,3 +53,4 @@ April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. June 2014, updated by Sven Dowideit July 2015 update by Mary Anthony +June 2016 update by Vincent Demeester From 57edd01ff72af274d661b4f24c504fa69a0d7d7a Mon Sep 17 00:00:00 2001 From: Derek McGowan Date: Mon, 13 Jun 2016 11:06:47 -0700 Subject: [PATCH 251/398] Add documentation for using overlay2 Add mention in dockerd command line and storage driver selection documentation. Signed-off-by: Derek McGowan (github: dmcgowan) --- dockerd.8.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dockerd.8.md b/dockerd.8.md index 9f980310e4d6..6fa985913c07 100644 --- a/dockerd.8.md +++ b/dockerd.8.md @@ -226,7 +226,7 @@ output otherwise. Force the Docker runtime to use a specific storage driver. **--selinux-enabled**=*true*|*false* - Enable selinux support. Default is false. SELinux does not presently support the overlay storage driver. + Enable selinux support. Default is false. SELinux does not presently support either of the overlay storage drivers. **--storage-opt**=[] Set storage driver options. See STORAGE DRIVER OPTIONS. From 119016c268180ce6c71b7d7dfc285b177547526d Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Thu, 2 Jun 2016 11:10:55 -0700 Subject: [PATCH 252/398] Add --live-restore flag This flags enables full support of daemonless containers in docker. It ensures that docker does not stop containers on shutdown or restore and properly reconnects to the container when restarted. This is not the default because of backwards compat but should be the desired outcome for people running containers in prod. Signed-off-by: Michael Crosby --- dockerd.8.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/dockerd.8.md b/dockerd.8.md index 6fa985913c07..267592ebbe6e 100644 --- a/dockerd.8.md +++ b/dockerd.8.md @@ -42,6 +42,7 @@ dockerd - Enable daemon mode [**--isolation**[=*default*]] [**-l**|**--log-level**[=*info*]] [**--label**[=*[]*]] +[**--live-restore**[=*false*]] [**--log-driver**[=*json-file*]] [**--log-opt**[=*map[]*]] [**--mtu**[=*0*]] @@ -195,6 +196,9 @@ is `hyperv`. Linux only supports `default`. **--label**="[]" Set key=value labels to the daemon (displayed in `docker info`) +**--live-restore**=*false* + Enable live restore of running containers when the daemon starts so that they are not restarted. + **--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*" Default driver for container logs. Default is `json-file`. **Warning**: `docker logs` command works only for `json-file` logging driver. From 7a4bfc2bc08d846b8913a574f180c4617340c64e Mon Sep 17 00:00:00 2001 From: Alessandro Boch Date: Thu, 9 Jun 2016 15:10:59 -0700 Subject: [PATCH 253/398] Allow user to specify container's link-local addresses Signed-off-by: Alessandro Boch --- docker-create.1.md | 4 ++++ docker-run.1.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/docker-create.1.md b/docker-create.1.md index e630d5fdcdea..4dc90d89d86c 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -43,6 +43,7 @@ docker-create - Create a new container [**-l**|**--label**[=*[]*]] [**--label-file**[=*[]*]] [**--link**[=*[]*]] +[**--link-local-ip**[=*[]*]] [**--log-driver**[=*[]*]] [**--log-opt**[=*[]*]] [**-m**|**--memory**[=*MEMORY*]] @@ -220,6 +221,9 @@ millions of trillions. Add link to another container in the form of :alias or just in which case the alias will match the name. +**--link-local-ip**=[] + Add one or more link-local IPv4/IPv6 addresses to the container's interface + **--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. **Warning**: the `docker logs` command works only for the `json-file` and diff --git a/docker-run.1.md b/docker-run.1.md index 2d02b7cbfb1e..055c8e6d6747 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -45,6 +45,7 @@ docker-run - Run a command in a new container [**-l**|**--label**[=*[]*]] [**--label-file**[=*[]*]] [**--link**[=*[]*]] +[**--link-local-ip**[=*[]*]] [**--log-driver**[=*[]*]] [**--log-opt**[=*[]*]] [**-m**|**--memory**[=*MEMORY*]] @@ -326,6 +327,9 @@ container can access the exposed port via a private networking interface. Docker will set some environment variables in the client container to help indicate which interface and port to use. +**--link-local-ip**=[] + Add one or more link-local IPv4/IPv6 addresses to the container's interface + **--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. **Warning**: the `docker logs` command works only for the `json-file` and From f2bf4ae1ed22793407d2e5a1022ca9f2a6f7874d Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 16 Jun 2016 16:29:23 -0700 Subject: [PATCH 254/398] Update docker info output example Signed-off-by: Sebastiaan van Stijn --- docker-info.1.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/docker-info.1.md b/docker-info.1.md index d777f259f9c8..1d96b562ebfa 100644 --- a/docker-info.1.md +++ b/docker-info.1.md @@ -41,14 +41,22 @@ storage driver: Paused: 1 Stopped: 10 Images: 52 - Server Version: 1.11.1 + Server Version: 1.12.0-dev Storage Driver: overlay Backing Filesystem: extfs Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local - Network: bridge null host + Network: bridge null host overlay + Swarm: + NodeID: 0gac67oclbxq7 + IsManager: YES + Managers: 2 + Nodes: 2 + Runtimes: default + Default Runtime: default + Security Options: apparmor seccomp Kernel Version: 4.4.0-21-generic Operating System: Ubuntu 16.04 LTS OSType: linux From da31efcd1780a1f44dad36123e54b742b4d4d461 Mon Sep 17 00:00:00 2001 From: Shishir Mahajan Date: Tue, 21 Jun 2016 10:49:28 -0400 Subject: [PATCH 255/398] Man page fix: Mention supported drivers for --storage-opt size option in docker create/run Signed-off-by: Shishir Mahajan --- docker-create.1.md | 2 +- docker-run.1.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-create.1.md b/docker-create.1.md index 4dc90d89d86c..be0e5e9d297d 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -340,7 +340,7 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. $ docker create -it --storage-opt size=120G fedora /bin/bash This (size) will allow to set the container rootfs size to 120G at creation time. User cannot pass a size less than the Default BaseFS Size. - This option is only available for the `devicemapper`, `btrfs` and `zfs` graphrivers. + This option is only available for the `devicemapper`, `btrfs`, and `zfs` graph drivers. **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. diff --git a/docker-run.1.md b/docker-run.1.md index 055c8e6d6747..6fdc93cd6077 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -492,7 +492,7 @@ its root filesystem mounted as read only prohibiting any writes. $ docker run -it --storage-opt size=120G fedora /bin/bash This (size) will allow to set the container rootfs size to 120G at creation time. User cannot pass a size less than the Default BaseFS Size. - This option is only available for the `devicemapper`, `btrfs` and `zfs` graphrivers. + This option is only available for the `devicemapper`, `btrfs`, and `zfs` graph drivers. **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. From b1dbdf3835a18e8eeeecb5ed78afd53d65169e72 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Thu, 23 Jun 2016 01:57:00 +0000 Subject: [PATCH 256/398] update go-md2man to v1.0.5 Due to the issue of go-md2man, a numbered list in `man docker login` was not rendered correctly. https://github.com/cpuguy83/go-md2man/commit/a8f937e11314ca0b085aa7a7a5526695e3ca5b49 Signed-off-by: Akihiro Suda --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index af2319524b5e..f04cd56ad224 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ -FROM golang:1.4 +FROM golang:1.6.2 RUN mkdir -p /go/src/github.com/cpuguy83 RUN mkdir -p /go/src/github.com/cpuguy83 \ - && git clone -b v1.0.3 https://github.com/cpuguy83/go-md2man.git /go/src/github.com/cpuguy83/go-md2man \ + && git clone -b v1.0.5 https://github.com/cpuguy83/go-md2man.git /go/src/github.com/cpuguy83/go-md2man \ && cd /go/src/github.com/cpuguy83/go-md2man \ && go get -v ./... CMD ["/go/bin/go-md2man", "--help"] From 41ee4339955672da60dc2cfcd6c140dcf824c10c Mon Sep 17 00:00:00 2001 From: allencloud Date: Thu, 30 Jun 2016 20:13:28 +0800 Subject: [PATCH 257/398] make cmd short short consistency and change docs Signed-off-by: allencloud --- docker-volume.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-volume.1.md b/docker-volume.1.md index c4569bf01afe..1e7044484acb 100644 --- a/docker-volume.1.md +++ b/docker-volume.1.md @@ -47,7 +47,7 @@ referenced by a container. See **docker-volume-create(1)** for full documentation on the **create** command. **inspect** - Return low-level information on a volume + Display detailed information on one or more volumes See **docker-volume-inspect(1)** for full documentation on the **inspect** command. **ls** From 61ede6fa50b026bd2d4dd291013bd1e43f83670d Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Sat, 2 Jul 2016 16:22:23 +0200 Subject: [PATCH 258/398] man: add missing --add-runtime Signed-off-by: Antonio Murdaca --- dockerd.8.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/dockerd.8.md b/dockerd.8.md index 267592ebbe6e..fc9226d38780 100644 --- a/dockerd.8.md +++ b/dockerd.8.md @@ -6,6 +6,7 @@ dockerd - Enable daemon mode # SYNOPSIS **dockerd** +[**--add-runtime**[=*[]*]] [**--api-cors-header**=[=*API-CORS-HEADER*]] [**--authorization-plugin**[=*[]*]] [**-b**|**--bridge**[=*BRIDGE*]] @@ -75,6 +76,9 @@ format. # OPTIONS +**--add-runtime**=[] + Set additional OCI compatible runtime. + **--api-cors-header**="" Set CORS headers in the remote API. Default is cors disabled. Give urls like "http://foo, http://bar, ...". Give "*" to allow all. From 8faf9a161a0f7b0960768ba8b06b69d6511c590e Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Tue, 12 Jul 2016 08:07:24 +0800 Subject: [PATCH 259/398] Soften limitation of update kernel memory Kernel memory is not allowed to be updated if container is running, it's not actually a precise kernel limitation. Before kernel version 4.6, kernel memory will not be accounted until kernel memory limit is set, if a container created with kernel memory initialized, kernel memory is accounted as soon as process created in container, so kernel memory limit update is allowed afterward. If kernel memory is not initialized, kernel memory consumed by processes in container will not be accounted, so we can't update the limit because the account will be wrong. So update kernel memory of a running container with kernel memory initialized is allowed, we should soften the limitation by docker. Signed-off-by: Qiang Huang --- docker-update.1.md | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/docker-update.1.md b/docker-update.1.md index 87849ef8d5b6..9d39d78b130e 100644 --- a/docker-update.1.md +++ b/docker-update.1.md @@ -30,9 +30,23 @@ provide space-separated list of container names or IDs. With the exception of the `--kernel-memory` value, you can specify these options on a running or a stopped container. You can only update -`--kernel-memory` on a stopped container. When you run `docker update` on -stopped container, the next time you restart it, the container uses those -values. +`--kernel-memory` on a stopped container or on a running container with +kernel memory initialized. For example, if you started a container with +command: + + # docker run -ti --name test --kernel-memory 50M ubuntu bash + +You can update kernel memory of this running container: + + # docker update --kernel-memory 80M test + +If you started a container without kernel memory initialized: + + # docker run -ti --name test2 --memory 300M ubuntu bash + +Update kernel memory of running container `test2` will fail, you can only +stop the container and update kernel memory then. The next time you +restart it, the container uses the new value. Another configuration you can change with this command is restart policy, new restart policy will take effect instantly after you run `docker update` @@ -63,8 +77,9 @@ on a container. **--kernel-memory**="" Kernel memory limit (format: `[]`, where unit = b, k, m or g) - Note that you can not update kernel memory to a running container, it can only -be updated to a stopped container, and affect after it's started. + Note that you can not update kernel memory to a running container if the container +is started without kernel memory initialized, in this case, it can only be updated +after it's stopped, and affect after it's started. **-m**, **--memory**="" Memory limit (format: , where unit = b, k, m or g) From 3ecf41754eafd5212d5600b2813d2f9f7c38070d Mon Sep 17 00:00:00 2001 From: Dave Henderson Date: Mon, 11 Jul 2016 21:18:03 -0400 Subject: [PATCH 260/398] Clarify warning against using build-time variables for secrets Signed-off-by: Dave Henderson --- Dockerfile.5.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile.5.md b/Dockerfile.5.md index 7d56bda0fa8b..df69935397a0 100644 --- a/Dockerfile.5.md +++ b/Dockerfile.5.md @@ -376,8 +376,9 @@ A Dockerfile is similar to a Makefile. defined and the `what_user` value was passed on the command line. Prior to its definition by an `ARG` instruction, any use of a variable results in an empty string. - > **Note:** It is not recommended to use build-time variables for - > passing secrets like github keys, user credentials etc. + > **Warning:** It is not recommended to use build-time variables for + > passing secrets like github keys, user credentials etc. Build-time variable + > values are visible to any user of the image with the `docker history` command. You can use an `ARG` or an `ENV` instruction to specify variables that are available to the `RUN` instruction. Environment variables defined using the From cf6e723736219b256ba566ef1d3ab77e6a726b37 Mon Sep 17 00:00:00 2001 From: "Arnaud Porterie (icecrime)" Date: Mon, 6 Jun 2016 16:33:00 -0700 Subject: [PATCH 261/398] Rename `--net` to `--network` Add a `--network` flag which replaces `--net` without deprecating it yet. The `--net` flag remains hidden and supported. Add a `--network-alias` flag which replaces `--net-alias` without deprecating it yet. The `--net-alias` flag remains hidden and supported. Signed-off-by: Arnaud Porterie (icecrime) --- docker-create.1.md | 6 +++--- docker-run.1.md | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docker-create.1.md b/docker-create.1.md index be0e5e9d297d..e9b1ebe31ac0 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -52,8 +52,8 @@ docker-create - Create a new container [**--memory-swap**[=*LIMIT*]] [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] [**--name**[=*NAME*]] -[**--net**[=*"bridge"*]] -[**--net-alias**[=*[]*]] +[**--network-alias**[=*[]*]] +[**--network**[=*"bridge"*]] [**--oom-kill-disable**] [**--oom-score-adj**[=*0*]] [**-P**|**--publish-all**] @@ -276,7 +276,7 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. 'host': use the Docker host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. '|': connect to a user-defined network -**--net-alias**=[] +**--network-alias**=[] Add network-scoped alias for the container **--oom-kill-disable**=*true*|*false* diff --git a/docker-run.1.md b/docker-run.1.md index 6fdc93cd6077..d4a295316101 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -54,8 +54,8 @@ docker-run - Run a command in a new container [**--memory-swap**[=*LIMIT*]] [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] [**--name**[=*NAME*]] -[**--net**[=*"bridge"*]] -[**--net-alias**[=*[]*]] +[**--network-alias**[=*[]*]] +[**--network**[=*"bridge"*]] [**--oom-kill-disable**] [**--oom-score-adj**[=*0*]] [**-P**|**--publish-all**] @@ -395,7 +395,7 @@ and foreground Docker containers. 'host': use the Docker host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. '|': connect to a user-defined network -**--net-alias**=[] +**--network-alias**=[] Add network-scoped alias for the container **--oom-kill-disable**=*true*|*false* From 7d5bd202dfe832f47a38468791711ad99fd7632b Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 12 Jul 2016 14:29:02 +0200 Subject: [PATCH 262/398] docs: cleanup docker update docs move the "kernel memory" examples to the "examples" section, and fix some formatting and grammar. Signed-off-by: Sebastiaan van Stijn --- docker-update.1.md | 72 ++++++++++++++++++++++++++++------------------ 1 file changed, 44 insertions(+), 28 deletions(-) diff --git a/docker-update.1.md b/docker-update.1.md index 9d39d78b130e..3dd6a4f98963 100644 --- a/docker-update.1.md +++ b/docker-update.1.md @@ -22,37 +22,19 @@ CONTAINER [CONTAINER...] # DESCRIPTION -The `docker update` command dynamically updates container configuration. -you can Use this command to prevent containers from consuming too many +The **docker update** command dynamically updates container configuration. +You can use this command to prevent containers from consuming too many resources from their Docker host. With a single command, you can place limits on a single container or on many. To specify more than one container, provide space-separated list of container names or IDs. -With the exception of the `--kernel-memory` value, you can specify these +With the exception of the **--kernel-memory** option, you can specify these options on a running or a stopped container. You can only update -`--kernel-memory` on a stopped container or on a running container with -kernel memory initialized. For example, if you started a container with -command: - - # docker run -ti --name test --kernel-memory 50M ubuntu bash - -You can update kernel memory of this running container: - - # docker update --kernel-memory 80M test - -If you started a container without kernel memory initialized: - - # docker run -ti --name test2 --memory 300M ubuntu bash - -Update kernel memory of running container `test2` will fail, you can only -stop the container and update kernel memory then. The next time you -restart it, the container uses the new value. - -Another configuration you can change with this command is restart policy, -new restart policy will take effect instantly after you run `docker update` -on a container. +**--kernel-memory** on a stopped container or on a running container with +kernel memory initialized. # OPTIONS + **--blkio-weight**=0 Block IO weight (relative weight) accepts a weight value between 10 and 1000. @@ -77,9 +59,9 @@ on a container. **--kernel-memory**="" Kernel memory limit (format: `[]`, where unit = b, k, m or g) - Note that you can not update kernel memory to a running container if the container -is started without kernel memory initialized, in this case, it can only be updated -after it's stopped, and affect after it's started. + Note that you can not update kernel memory on a running container if the container + is started without kernel memory initialized, in this case, it can only be updated + after it's stopped. The new setting takes effect when the container is started. **-m**, **--memory**="" Memory limit (format: , where unit = b, k, m or g) @@ -97,7 +79,7 @@ after it's stopped, and affect after it's started. The following sections illustrate ways to use this command. -### Update a container with cpu-shares=512 +### Update a container's cpu-shares To limit a container's cpu-shares to 512, first identify the container name or ID. You can use **docker ps** to find these values. You can also @@ -115,9 +97,43 @@ To update multiple resource configurations for multiple containers: $ docker update --cpu-shares 512 -m 300M abebf7571666 hopeful_morse ``` +### Update a container's kernel memory constraints + +You can update a container's kernel memory limit using the **--kernel-memory** +option. This option can be updated on a running container only if the container +was started with **--kernel-memory**. If the container was started *without* +**--kernel-memory** you need to stop the container before updating kernel memory. + +For example, if you started a container with this command: + +```bash +$ docker run -dit --name test --kernel-memory 50M ubuntu bash +``` + +You can update kernel memory while the container is running: + +```bash +$ docker update --kernel-memory 80M test +``` + +If you started a container *without* kernel memory initialized: + +```bash +$ docker run -dit --name test2 --memory 300M ubuntu bash +``` + +Update kernel memory of running container `test2` will fail. You need to stop +the container before updating the **--kernel-memory** setting. The next time you +start it, the container uses the new value. + ### Update a container's restart policy +You can change a container's restart policy on a running container. The new +restart policy takes effect instantly after you run `docker update` on a +container. + To update restart policy for one or more containers: + ```bash $ docker update --restart=on-failure:3 abebf7571666 hopeful_morse ``` From 5decb8055512f4da78e2036f95a44ccb4d061709 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 16 Jul 2016 01:52:59 +0200 Subject: [PATCH 263/398] Improve flag help consistency, and update docs This adds the `--live-restore` option to the documentation. Also synched usage description in the documentation with the actual description, and re-phrased some flag descriptions to be a bit more consistent. Signed-off-by: Sebastiaan van Stijn --- docker-create.1.md | 2 +- docker-run.1.md | 2 +- dockerd.8.md | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docker-create.1.md b/docker-create.1.md index e9b1ebe31ac0..980e09c10124 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -225,7 +225,7 @@ millions of trillions. Add one or more link-local IPv4/IPv6 addresses to the container's interface **--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*" - Logging driver for container. Default is defined by daemon `--log-driver` flag. + Logging driver for the container. Default is defined by daemon `--log-driver` flag. **Warning**: the `docker logs` command works only for the `json-file` and `journald` logging drivers. diff --git a/docker-run.1.md b/docker-run.1.md index d4a295316101..65cdc7ae9fc8 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -331,7 +331,7 @@ which interface and port to use. Add one or more link-local IPv4/IPv6 addresses to the container's interface **--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*" - Logging driver for container. Default is defined by daemon `--log-driver` flag. + Logging driver for the container. Default is defined by daemon `--log-driver` flag. **Warning**: the `docker logs` command works only for the `json-file` and `journald` logging drivers. diff --git a/dockerd.8.md b/dockerd.8.md index fc9226d38780..333cf5a5aa28 100644 --- a/dockerd.8.md +++ b/dockerd.8.md @@ -121,10 +121,10 @@ format. IPv6 address of the container default gateway **--default-ulimit**=[] - Set default ulimits for containers. + Default ulimits for containers. **--disable-legacy-registry**=*true*|*false* - Do not contact legacy registries + Disable contacting legacy registries **--dns**="" Force Docker to use specific DNS servers From f8c9ece757ff85ed39d174f53f3de2728b2ad0d5 Mon Sep 17 00:00:00 2001 From: allencloud Date: Sat, 16 Jul 2016 15:32:17 +0800 Subject: [PATCH 264/398] better command `docker network create -h` output Signed-off-by: allencloud --- docker-network-create.1.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker-network-create.1.md b/docker-network-create.1.md index 0ca1c4cc79ed..1505339df8aa 100644 --- a/docker-network-create.1.md +++ b/docker-network-create.1.md @@ -144,19 +144,19 @@ to create an externally isolated `overlay` network, you can specify the # OPTIONS **--aux-address**=map[] - Auxiliary ipv4 or ipv6 addresses used by network driver + Auxiliary IPv4 or IPv6 addresses used by network driver **-d**, **--driver**=*DRIVER* Driver to manage the Network bridge or overlay. The default is bridge. **--gateway**=[] - ipv4 or ipv6 Gateway for the master subnet + IPv4 or IPv6 Gateway for the master subnet **--help** Print usage **--internal** - Restricts external access to the network + Restrict external access to the network **--ip-range**=[] Allocate container ip from a sub-range From 3a2c459c601536c5f605f6e2209b23cb5b5d859d Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 18 Jul 2016 11:52:27 +0200 Subject: [PATCH 265/398] bump Go to 1.6.3 following the announcement; https://groups.google.com/forum/m/#!topic/golang-announce/7JTsd70ZAT0 > [security] Go 1.6.3 and Go 1.7rc2 pre-announcement > > Hello gophers, > We plan to issue Go 1.6.3 and Go 1.7rc2 on Monday July 18 at approximately 2am UTC. > These are minor release to fix a security issue. > > Following our policy at https://golang.org/security, this is the pre-announcement of those releases. > > Because we are so late in the release cycle for Go 1.7, we will not issue a minor release of Go 1.5. > Additionally, we plan to issue Go 1.7rc3 later next week, which will include any changes between 1.7rc1 and tip. > > Cheers, > Chris on behalf of the Go team **Note:** the man/Dockerfile is not yet updated, because the official image for Go 1.6.2 has not yet been updated. Signed-off-by: Sebastiaan van Stijn --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index f04cd56ad224..e513ed1a1228 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.6.2 +FROM golang:1.6.3 RUN mkdir -p /go/src/github.com/cpuguy83 RUN mkdir -p /go/src/github.com/cpuguy83 \ && git clone -b v1.0.5 https://github.com/cpuguy83/go-md2man.git /go/src/github.com/cpuguy83/go-md2man \ From 82b607aa4400b2ac046b627cc4d24e97af839da1 Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Thu, 9 Jun 2016 11:33:28 -0400 Subject: [PATCH 266/398] Add a script to generate man pages from cobra commands. Use the generate.sh script instead of md2man directly. Update Dockerfile for generating man pages. Signed-off-by: Daniel Nephin --- Dockerfile | 27 ++++++++++++++++++++------- README.md | 34 ++++++++-------------------------- generate.go | 39 +++++++++++++++++++++++++++++++++++++++ generate.sh | 15 +++++++++++++++ glide.lock | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ glide.yaml | 12 ++++++++++++ 6 files changed, 146 insertions(+), 33 deletions(-) create mode 100644 generate.go create mode 100755 generate.sh create mode 100644 glide.lock create mode 100644 glide.yaml diff --git a/Dockerfile b/Dockerfile index e513ed1a1228..d4eb76ad6b0e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,20 @@ -FROM golang:1.6.3 -RUN mkdir -p /go/src/github.com/cpuguy83 -RUN mkdir -p /go/src/github.com/cpuguy83 \ - && git clone -b v1.0.5 https://github.com/cpuguy83/go-md2man.git /go/src/github.com/cpuguy83/go-md2man \ - && cd /go/src/github.com/cpuguy83/go-md2man \ - && go get -v ./... -CMD ["/go/bin/go-md2man", "--help"] +FROM golang:1.6.3-alpine + +RUN apk add -U git bash curl gcc musl-dev + +RUN export GLIDE=0.10.2; \ + export SRC=https://github.com/Masterminds/glide/releases/download/; \ + curl -sL ${SRC}/${GLIDE}/glide-${GLIDE}-linux-amd64.tar.gz | \ + tar -xz linux-amd64/glide && \ + mv linux-amd64/glide /usr/bin/glide && \ + chmod +x /usr/bin/glide + +COPY man/glide.yaml /manvendor/ +COPY man/glide.lock /manvendor/ +WORKDIR /manvendor/ +RUN glide install && mv vendor src +ENV GOPATH=$GOPATH:/go/src/github.com/docker/docker/vendor:/manvendor +RUN go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man + +WORKDIR /go/src/github.com/docker/docker/ +ENTRYPOINT ["man/generate.sh"] diff --git a/README.md b/README.md index 922bc3cc7463..4b6f90b2a090 100644 --- a/README.md +++ b/README.md @@ -1,33 +1,15 @@ Docker Documentation ==================== -This directory contains the Docker user manual in the Markdown format. -Do *not* edit the man pages in the man1 directory. Instead, amend the -Markdown (*.md) files. +This directory contains scripts for generating the man pages. Many of the man +pages are generated directly from the `spf13/cobra` `Command` definition. Some +legacy pages are still generated from the markdown files in this directory. +Do *not* edit the man pages in the man1 directory. Instead, update the +Cobra command or amend the Markdown files for legacy pages. -# Generating man pages from the Markdown files -The recommended approach for generating the man pages is via a Docker -container using the supplied `Dockerfile` to create an image with the correct -environment. This uses `go-md2man`, a pure Go Markdown to man page generator. +## Generate the mange pages -## Building the md2man image +From within the project root directory run: -There is a `Dockerfile` provided in the `/man` directory of your -'docker/docker' fork. - -Using this `Dockerfile`, create a Docker image tagged `docker/md2man`: - - docker build -t docker/md2man . - -## Utilizing the image - -From within the `/man` directory run the following command: - - docker run -v $(pwd):/man -w /man -i docker/md2man ./md2man-all.sh - -The `md2man` Docker container will process the Markdown files and generate -the man pages inside the `/man/man1` directory of your fork using -Docker volumes. For more information on Docker volumes see the man page for -`docker run` and also look at the article [Sharing Directories via Volumes] -(https://docs.docker.com/use/working_with_volumes/). + make manpages diff --git a/generate.go b/generate.go new file mode 100644 index 000000000000..7bcc57009e18 --- /dev/null +++ b/generate.go @@ -0,0 +1,39 @@ +package main + +import ( + "fmt" + "os" + + "github.com/docker/docker/cli/cobraadaptor" + cliflags "github.com/docker/docker/cli/flags" + "github.com/spf13/cobra/doc" +) + +func generateManPages(path string) error { + header := &doc.GenManHeader{ + Title: "DOCKER", + Section: "1", + Source: "Docker Community", + } + flags := &cliflags.ClientFlags{ + Common: cliflags.InitCommonFlags(), + } + cmd := cobraadaptor.NewCobraAdaptor(flags).GetRootCommand() + cmd.DisableAutoGenTag = true + return doc.GenManTreeFromOpts(cmd, doc.GenManTreeOptions{ + Header: header, + Path: path, + CommandSeparator: "-", + }) +} + +func main() { + path := "/tmp" + if len(os.Args) > 1 { + path = os.Args[1] + } + fmt.Printf("Generating man pages into %s\n", path) + if err := generateManPages(path); err != nil { + fmt.Fprintf(os.Stderr, "Failed to generate man pages: %s\n", err.Error()) + } +} diff --git a/generate.sh b/generate.sh new file mode 100755 index 000000000000..e4126ba4ac0d --- /dev/null +++ b/generate.sh @@ -0,0 +1,15 @@ +#!/bin/bash +# +# Generate man pages for docker/docker +# + +set -eu + +mkdir -p ./man/man1 + +# Generate man pages from cobra commands +go build -o /tmp/gen-manpages ./man +/tmp/gen-manpages ./man/man1 + +# Generate legacy pages from markdown +./man/md2man-all.sh -q diff --git a/glide.lock b/glide.lock new file mode 100644 index 000000000000..0d34c2c5a96b --- /dev/null +++ b/glide.lock @@ -0,0 +1,52 @@ +hash: ead3ea293a6143fe41069ebec814bf197d8c43a92cc7666b1f7e21a419b46feb +updated: 2016-06-20T21:53:35.420817456Z +imports: +- name: github.com/BurntSushi/toml + version: f0aeabca5a127c4078abb8c8d64298b147264b55 +- name: github.com/cpuguy83/go-md2man + version: 2724a9c9051aa62e9cca11304e7dd518e9e41599 + subpackages: + - md2man +- name: github.com/fsnotify/fsnotify + version: 30411dbcefb7a1da7e84f75530ad3abe4011b4f8 +- name: github.com/hashicorp/hcl + version: da486364306ed66c218be9b7953e19173447c18b + subpackages: + - hcl/ast + - hcl/parser + - hcl/token + - json/parser + - hcl/scanner + - hcl/strconv + - json/scanner + - json/token +- name: github.com/inconshreveable/mousetrap + version: 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75 +- name: github.com/magiconair/properties + version: c265cfa48dda6474e208715ca93e987829f572f8 +- name: github.com/mitchellh/mapstructure + version: d2dd0262208475919e1a362f675cfc0e7c10e905 +- name: github.com/russross/blackfriday + version: 1d6b8e9301e720b08a8938b8c25c018285885438 +- name: github.com/shurcooL/sanitized_anchor_name + version: 10ef21a441db47d8b13ebcc5fd2310f636973c77 +- name: github.com/spf13/cast + version: 27b586b42e29bec072fe7379259cc719e1289da6 +- name: github.com/spf13/jwalterweatherman + version: 33c24e77fb80341fe7130ee7c594256ff08ccc46 +- name: github.com/spf13/pflag + version: 367864438f1b1a3c7db4da06a2f55b144e6784e0 +- name: github.com/spf13/viper + version: c1ccc378a054ea8d4e38d8c67f6938d4760b53dd +- name: golang.org/x/sys + version: 62bee037599929a6e9146f29d10dd5208c43507d + subpackages: + - unix +- name: gopkg.in/yaml.v2 + version: a83829b6f1293c91addabc89d0571c246397bbf4 +- name: github.com/spf13/cobra + repo: https://github.com/dnephin/cobra + subpackages: + - doc + version: dc45219961f875acff5ee07ed263e5dc19e0c5f1 +devImports: [] diff --git a/glide.yaml b/glide.yaml new file mode 100644 index 000000000000..e99b2670d8e2 --- /dev/null +++ b/glide.yaml @@ -0,0 +1,12 @@ +package: github.com/docker/docker/man +import: +- package: github.com/cpuguy83/go-md2man + subpackages: + - md2man +- package: github.com/inconshreveable/mousetrap +- package: github.com/spf13/pflag +- package: github.com/spf13/viper +- package: github.com/spf13/cobra + repo: https://github.com/dnephin/cobra + subpackages: + - doc From b6cf3e77b5cab54c11129c9a7b85f49235740e5a Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Mon, 20 Jun 2016 16:33:53 -0400 Subject: [PATCH 267/398] Set Long text for volume commands so they can be used to generate man pages. Signed-off-by: Daniel Nephin --- docker-volume-create.1.md | 65 -------------------------------------- docker-volume-inspect.1.md | 29 ----------------- docker-volume-ls.1.md | 33 ------------------- docker-volume-rm.1.md | 26 --------------- docker-volume.1.md | 62 ------------------------------------ 5 files changed, 215 deletions(-) delete mode 100644 docker-volume-create.1.md delete mode 100644 docker-volume-inspect.1.md delete mode 100644 docker-volume-ls.1.md delete mode 100644 docker-volume-rm.1.md delete mode 100644 docker-volume.1.md diff --git a/docker-volume-create.1.md b/docker-volume-create.1.md deleted file mode 100644 index e71a2f1df1ce..000000000000 --- a/docker-volume-create.1.md +++ /dev/null @@ -1,65 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JULY 2015 -# NAME -docker-volume-create - Create a new volume - -# SYNOPSIS -**docker volume create** -[**-d**|**--driver**[=*DRIVER*]] -[**--help**] -[**--label**[=*[]*]] -[**--name**[=*NAME*]] -[**-o**|**--opt**[=*[]*]] - -# DESCRIPTION - -Creates a new volume that containers can consume and store data in. If a name is not specified, Docker generates a random name. You create a volume and then configure the container to use it, for example: - - $ docker volume create --name hello - hello - $ docker run -d -v hello:/world busybox ls /world - -The mount is created inside the container's `/src` directory. Docker doesn't not support relative paths for mount points inside the container. - -Multiple containers can use the same volume in the same time period. This is useful if two containers need access to shared data. For example, if one container writes and the other reads the data. - -## Driver specific options - -Some volume drivers may take options to customize the volume creation. Use the `-o` or `--opt` flags to pass driver options: - - $ docker volume create --driver fake --opt tardis=blue --opt timey=wimey - -These options are passed directly to the volume driver. Options for -different volume drivers may do different things (or nothing at all). - -The built-in `local` driver on Windows does not support any options. - -The built-in `local` driver on Linux accepts options similar to the linux `mount` -command: - - $ docker volume create --driver local --opt type=tmpfs --opt device=tmpfs --opt o=size=100m,uid=1000 - -Another example: - - $ docker volume create --driver local --opt type=btrfs --opt device=/dev/sda2 - - -# OPTIONS -**-d**, **--driver**="*local*" - Specify volume driver name - -**--help** - Print usage statement - -**--label**=*label* - Set metadata for a volume - -**--name**="" - Specify volume name - -**-o**, **--opt**=[] - Set driver specific options - -# HISTORY -July 2015, created by Brian Goff diff --git a/docker-volume-inspect.1.md b/docker-volume-inspect.1.md deleted file mode 100644 index 6097e96e1305..000000000000 --- a/docker-volume-inspect.1.md +++ /dev/null @@ -1,29 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JULY 2015 -# NAME -docker-volume-inspect - Get low-level information about a volume - -# SYNOPSIS -**docker volume inspect** -[**-f**|**--format**[=*FORMAT*]] -[**--help**] -VOLUME [VOLUME...] - -# DESCRIPTION - -Returns information about one or more volumes. By default, this command renders all results -in a JSON array. You can specify an alternate format to execute a given template -is executed for each result. Go's -http://golang.org/pkg/text/template/ package describes all the details of the -format. - -# OPTIONS -**-f**, **--format**="" - Format the output using the given go template. - -**--help** - Print usage statement - -# HISTORY -July 2015, created by Brian Goff diff --git a/docker-volume-ls.1.md b/docker-volume-ls.1.md deleted file mode 100644 index c045e43bd57f..000000000000 --- a/docker-volume-ls.1.md +++ /dev/null @@ -1,33 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JULY 2015 -# NAME -docker-volume-ls - List all volumes - -# SYNOPSIS -**docker volume ls** -[**-f**|**--filter**[=*FILTER*]] -[**--help**] -[**-q**|**--quiet**[=*true*|*false*]] - -# DESCRIPTION - -Lists all the volumes Docker knows about. You can filter using the `-f` or `--filter` flag. The filtering format is a `key=value` pair. To specify more than one filter, pass multiple flags (for example, `--filter "foo=bar" --filter "bif=baz"`) - -There is a single supported filter `dangling=value` which takes a boolean of `true` or `false`. - -# OPTIONS -**-f**, **--filter**="" - Filter output based on these conditions: - - dangling= a volume if referenced or not - - driver= a volume's driver name - - name= a volume's name - -**--help** - Print usage statement - -**-q**, **--quiet**=*true*|*false* - Only display volume names - -# HISTORY -July 2015, created by Brian Goff diff --git a/docker-volume-rm.1.md b/docker-volume-rm.1.md deleted file mode 100644 index 876700d4d426..000000000000 --- a/docker-volume-rm.1.md +++ /dev/null @@ -1,26 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JULY 2015 -# NAME -docker-volume-rm - Remove a volume - -# SYNOPSIS -**docker volume rm** -[**--help**] -VOLUME [VOLUME...] - -# DESCRIPTION - -Removes one or more volumes. You cannot remove a volume that is in use by a container. - - ``` - $ docker volume rm hello - hello - ``` - -# OPTIONS -**--help** - Print usage statement - -# HISTORY -July 2015, created by Brian Goff diff --git a/docker-volume.1.md b/docker-volume.1.md deleted file mode 100644 index 1e7044484acb..000000000000 --- a/docker-volume.1.md +++ /dev/null @@ -1,62 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% Feb 2016 -# NAME -docker-volume - Create a new volume - -# SYNOPSIS -**docker volume** [OPTIONS] COMMAND -[**--help**] - -# DESCRIPTION - -docker volume command manages content volumes for docker containers. - -## Data volumes - -A *data volume* is a specially-designated directory within one or more -containers. - -Data volumes provide several useful features for persistent or shared data: - -Volumes are initialized when a container is created. If the container's -base image contains data at the specified mount point, that existing data is -copied into the new volume upon volume initialization. (Note that this does -not apply when [mounting a host directory](#mount-a-host-directory-as-a-data-volume).) - -Data volumes can be shared and reused among containers. - -Changes to a data volume are made directly. - -Changes to a data volume will not be included when you update an image. - -Data volumes persist even if the container itself is deleted. - -Data volumes are designed to persist data, independent of the container's life -cycle. Docker therefore *never* automatically deletes volumes when you remove -a container, nor will it "garbage collect" volumes that are no longer -referenced by a container. - -# OPTIONS -**--help** - Print usage statement - -# COMMANDS -**create** - Create a volume - See **docker-volume-create(1)** for full documentation on the **create** command. - -**inspect** - Display detailed information on one or more volumes - See **docker-volume-inspect(1)** for full documentation on the **inspect** command. - -**ls** - List volumes - See **docker-volume-ls(1)** for full documentation on the **ls** command. - -**rm** - Remove a volume - See **docker-volume-rm(1)** for full documentation on the **rm** command. - -# HISTORY -Feb 2016, created by Dan Walsh From 14abd38ee80fb8ad64311a998726d09beba273c5 Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Wed, 22 Jun 2016 10:12:18 -0400 Subject: [PATCH 268/398] Dont run man generation as part of test-unit. Signed-off-by: Daniel Nephin --- glide.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/glide.lock b/glide.lock index 0d34c2c5a96b..40c5f5a64a6c 100644 --- a/glide.lock +++ b/glide.lock @@ -48,5 +48,5 @@ imports: repo: https://github.com/dnephin/cobra subpackages: - doc - version: dc45219961f875acff5ee07ed263e5dc19e0c5f1 + version: v1.3 devImports: [] From c4b439fd6a97cc5e095fe1061e11340b111617e9 Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Fri, 22 Jul 2016 09:43:08 +0100 Subject: [PATCH 269/398] Make README less scabious Signed-off-by: Justin Cormack --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4b6f90b2a090..82dac650f954 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ Do *not* edit the man pages in the man1 directory. Instead, update the Cobra command or amend the Markdown files for legacy pages. -## Generate the mange pages +## Generate the man pages From within the project root directory run: From babb917eb7400763a6c60bf8b229abbc14ec7119 Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Thu, 30 Jun 2016 18:07:35 -0700 Subject: [PATCH 270/398] Split advertised address from listen address There are currently problems with "swarm init" and "swarm join" when an explicit --listen-addr flag is not provided. swarmkit defaults to finding the IP address associated with the default route, and in cloud setups this is often the wrong choice. Introduce a notion of "advertised address", with the client flag --advertise-addr, and the daemon flag --swarm-default-advertise-addr to provide a default. The default listening address is now 0.0.0.0, but a valid advertised address must be detected or specified. If no explicit advertised address is specified, error out if there is more than one usable candidate IP address on the system. This requires a user to explicitly choose instead of letting swarmkit make the wrong choice. For the purposes of this autodetection, we ignore certain interfaces that are unlikely to be relevant (currently docker*). The user is also required to choose a listen address on swarm init if they specify an explicit advertise address that is a hostname or an IP address that's not local to the system. This is a requirement for overlay networking. Also support specifying interface names to --listen-addr, --advertise-addr, and the daemon flag --swarm-default-advertise-addr. This will fail if the interface has multiple IP addresses (unless it has a single IPv4 address and a single IPv6 address - then we resolve the tie in favor of IPv4). This change also exposes the node's externally-reachable address in docker info, as requested by #24017. Make corresponding API and CLI docs changes. Signed-off-by: Aaron Lehmann --- dockerd.8.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/dockerd.8.md b/dockerd.8.md index 333cf5a5aa28..15e2d9635a60 100644 --- a/dockerd.8.md +++ b/dockerd.8.md @@ -55,6 +55,7 @@ dockerd - Enable daemon mode [**-s**|**--storage-driver**[=*STORAGE-DRIVER*]] [**--selinux-enabled**] [**--storage-opt**[=*[]*]] +[**--swarm-default-advertise-addr**[=*IP|HOSTNAME|INTERFACE*]] [**--tls**] [**--tlscacert**[=*~/.docker/ca.pem*]] [**--tlscert**[=*~/.docker/cert.pem*]] @@ -239,6 +240,11 @@ output otherwise. **--storage-opt**=[] Set storage driver options. See STORAGE DRIVER OPTIONS. +**--swarm-default-advertise-addr**=*IP|HOSTNAME|INTERFACE* + Set default address or interface for swarm to advertise as its externally-reachable address to other cluster + members. This can be a hostname, an IP address, or an interface such as `eth0`. A port cannot be specified with + this option. + **--tls**=*true*|*false* Use TLS; implied by --tlsverify. Default is false. From 515d54853d0f6bd5a868d11471f5e4e3b1a0c367 Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Thu, 21 Jul 2016 10:40:19 -0700 Subject: [PATCH 271/398] Require listen address and advertise address to be an IP address or an interface name Hostnames are not supported for now because libnetwork can't use them for overlay networking yet. Signed-off-by: Aaron Lehmann --- dockerd.8.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dockerd.8.md b/dockerd.8.md index 15e2d9635a60..a098a708a337 100644 --- a/dockerd.8.md +++ b/dockerd.8.md @@ -55,7 +55,7 @@ dockerd - Enable daemon mode [**-s**|**--storage-driver**[=*STORAGE-DRIVER*]] [**--selinux-enabled**] [**--storage-opt**[=*[]*]] -[**--swarm-default-advertise-addr**[=*IP|HOSTNAME|INTERFACE*]] +[**--swarm-default-advertise-addr**[=*IP|INTERFACE*]] [**--tls**] [**--tlscacert**[=*~/.docker/ca.pem*]] [**--tlscert**[=*~/.docker/cert.pem*]] @@ -240,7 +240,7 @@ output otherwise. **--storage-opt**=[] Set storage driver options. See STORAGE DRIVER OPTIONS. -**--swarm-default-advertise-addr**=*IP|HOSTNAME|INTERFACE* +**--swarm-default-advertise-addr**=*IP|INTERFACE* Set default address or interface for swarm to advertise as its externally-reachable address to other cluster members. This can be a hostname, an IP address, or an interface such as `eth0`. A port cannot be specified with this option. From 08e8de4bfd394a265e5bf4de34d40913fc4872ba Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Wed, 27 Jul 2016 09:03:15 +0800 Subject: [PATCH 272/398] Fix kernel memory updating docs Specify that kernel memory updating limitation only applies on kernel version older than 4.6. Signed-off-by: Qiang Huang --- docker-update.1.md | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/docker-update.1.md b/docker-update.1.md index 3dd6a4f98963..68eb0ba4b628 100644 --- a/docker-update.1.md +++ b/docker-update.1.md @@ -29,9 +29,9 @@ limits on a single container or on many. To specify more than one container, provide space-separated list of container names or IDs. With the exception of the **--kernel-memory** option, you can specify these -options on a running or a stopped container. You can only update -**--kernel-memory** on a stopped container or on a running container with -kernel memory initialized. +options on a running or a stopped container. On kernel version older than +4.6, You can only update **--kernel-memory** on a stopped container or on +a running container with kernel memory initialized. # OPTIONS @@ -59,9 +59,10 @@ kernel memory initialized. **--kernel-memory**="" Kernel memory limit (format: `[]`, where unit = b, k, m or g) - Note that you can not update kernel memory on a running container if the container - is started without kernel memory initialized, in this case, it can only be updated - after it's stopped. The new setting takes effect when the container is started. + Note that on kernel version older than 4.6, you can not update kernel memory on + a running container if the container is started without kernel memory initialized, + in this case, it can only be updated after it's stopped. The new setting takes + effect when the container is started. **-m**, **--memory**="" Memory limit (format: , where unit = b, k, m or g) @@ -100,9 +101,10 @@ $ docker update --cpu-shares 512 -m 300M abebf7571666 hopeful_morse ### Update a container's kernel memory constraints You can update a container's kernel memory limit using the **--kernel-memory** -option. This option can be updated on a running container only if the container -was started with **--kernel-memory**. If the container was started *without* -**--kernel-memory** you need to stop the container before updating kernel memory. +option. On kernel version older than 4.6, this option can be updated on a +running container only if the container was started with **--kernel-memory**. +If the container was started *without* **--kernel-memory** you need to stop +the container before updating kernel memory. For example, if you started a container with this command: @@ -126,6 +128,9 @@ Update kernel memory of running container `test2` will fail. You need to stop the container before updating the **--kernel-memory** setting. The next time you start it, the container uses the new value. +Kernel version newer than (include) 4.6 does not have this limitation, you +can use `--kernel-memory` the same way as other options. + ### Update a container's restart policy You can change a container's restart policy on a running container. The new From c8ff32d6beea827a4f94c333a137a78e824098d7 Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Thu, 28 Jul 2016 14:53:08 -0400 Subject: [PATCH 273/398] Fix the man/Dockerfile for arm Signed-off-by: Daniel Nephin --- Dockerfile | 24 ++++++++++++++---------- Dockerfile.armhf | 24 ++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 10 deletions(-) create mode 100644 Dockerfile.armhf diff --git a/Dockerfile b/Dockerfile index d4eb76ad6b0e..5657d13c929a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,16 +1,20 @@ -FROM golang:1.6.3-alpine +FROM alpine:3.4 -RUN apk add -U git bash curl gcc musl-dev +RUN apk add -U git go bash curl gcc musl-dev make -RUN export GLIDE=0.10.2; \ - export SRC=https://github.com/Masterminds/glide/releases/download/; \ - curl -sL ${SRC}/${GLIDE}/glide-${GLIDE}-linux-amd64.tar.gz | \ - tar -xz linux-amd64/glide && \ - mv linux-amd64/glide /usr/bin/glide && \ - chmod +x /usr/bin/glide +RUN mkdir -p /go/src /go/bin /go/pkg +ENV GOPATH=/go +RUN export GLIDE=v0.11.1; \ + export TARGET=/go/src/github.com/Masterminds; \ + mkdir -p ${TARGET} && \ + git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \ + cd ${TARGET}/glide && \ + make build && \ + cp ./glide /usr/bin/glide && \ + cd / && rm -rf /go/src/* /go/bin/* /go/pkg/* -COPY man/glide.yaml /manvendor/ -COPY man/glide.lock /manvendor/ +COPY glide.yaml /manvendor/ +COPY glide.lock /manvendor/ WORKDIR /manvendor/ RUN glide install && mv vendor src ENV GOPATH=$GOPATH:/go/src/github.com/docker/docker/vendor:/manvendor diff --git a/Dockerfile.armhf b/Dockerfile.armhf new file mode 100644 index 000000000000..a3552c660baf --- /dev/null +++ b/Dockerfile.armhf @@ -0,0 +1,24 @@ +FROM armhf/alpine:3.4 + +RUN apk add -U git go bash curl gcc musl-dev make + +RUN mkdir -p /go/src /go/bin /go/pkg +ENV GOPATH=/go +RUN export GLIDE=v0.11.1; \ + export TARGET=/go/src/github.com/Masterminds; \ + mkdir -p ${TARGET} && \ + git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \ + cd ${TARGET}/glide && \ + make build && \ + cp ./glide /usr/bin/glide && \ + cd / && rm -rf /go/src/* /go/bin/* /go/pkg/* + +COPY glide.yaml /manvendor/ +COPY glide.lock /manvendor/ +WORKDIR /manvendor/ +RUN glide install && mv vendor src +ENV GOPATH=$GOPATH:/go/src/github.com/docker/docker/vendor:/manvendor +RUN go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man + +WORKDIR /go/src/github.com/docker/docker/ +ENTRYPOINT ["man/generate.sh"] From d87ef58fa498a08c752b7806ecd122316758a39c Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Wed, 3 Aug 2016 05:36:07 -0700 Subject: [PATCH 274/398] Update `--user`/`-u` flag in man page of `docker create` The `--user`/`-u` of the `docker create` is the same as `docker run`, which could take either `uid` or `uid:gid` format. However, the description in the man page of `docker create` is missing and may cause some confusions (comared with `docker run`). This fix updates the man page of `docker create` so that it is consistent with the man page of `docker run`. This fix is related to 25304. Signed-off-by: Yong Tang --- docker-create.1.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docker-create.1.md b/docker-create.1.md index 980e09c10124..8a7cac8b8070 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -375,7 +375,12 @@ any options, the systems uses the following options: `rw,noexec,nosuid,nodev,size=65536k`. **-u**, **--user**="" - Username or UID + Sets the username or UID used and optionally the groupname or GID for the specified command. + + The followings examples are all valid: + --user [user | user:group | uid | uid:gid | user:gid | uid:group ] + + Without this argument root user will be used in the container by default. **--ulimit**=[] Ulimit options From 4abcc4b9f999dcee58629b950f3818ae252f9be5 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Thu, 4 Aug 2016 14:59:51 +0200 Subject: [PATCH 275/398] Add network --format flag to ls Signed-off-by: Vincent Demeester --- docker-network-ls.1.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/docker-network-ls.1.md b/docker-network-ls.1.md index 3eeff0599300..d5399d7a59ac 100644 --- a/docker-network-ls.1.md +++ b/docker-network-ls.1.md @@ -7,6 +7,7 @@ docker-network-ls - list networks # SYNOPSIS **docker network ls** [**-f**|**--filter**[=*[]*]] +[**--format**=*"TEMPLATE"*] [**--no-trunc**[=*true*|*false*]] [**-q**|**--quiet**[=*true*|*false*]] [**--help**] @@ -162,6 +163,18 @@ attached. **-f**, **--filter**=*[]* filter output based on conditions provided. +**--format**="*TEMPLATE*" + Pretty-print networks using a Go template. + Valid placeholders: + .ID - Network ID + .Name - Network name + .Driver - Network driver + .Scope - Network scope (local, global) + .IPv6 - Whether IPv6 is enabled on the network or not + .Internal - Whether the network is internal or not + .Labels - All labels assigned to the network + .Label - Value of a specific label for this network. For example `{{.Label "project.version"}}` + **--no-trunc**=*true*|*false* Do not truncate the output From 7d85c8686dee436a72fbf8b6eb58bc04aaebcf43 Mon Sep 17 00:00:00 2001 From: Lei Jitang Date: Mon, 8 Aug 2016 18:36:03 +0800 Subject: [PATCH 276/398] Fix update memory without memoryswap The memory should always be smaller than memoryswap, we should error out with message that user know how to do rather than just an invalid argument error if user update the memory limit bigger than already set memory swap. Signed-off-by: Lei Jitang --- docker-update.1.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docker-update.1.md b/docker-update.1.md index 68eb0ba4b628..ad86297a073b 100644 --- a/docker-update.1.md +++ b/docker-update.1.md @@ -67,6 +67,12 @@ a running container with kernel memory initialized. **-m**, **--memory**="" Memory limit (format: , where unit = b, k, m or g) + Note that the memory should be smaller than the already set swap memory limit. + If you want update a memory limit bigger than the already set swap memory limit, + you should update swap memory limit at the same time. If you don't set swap memory + limit on docker create/run but only memory limit, the swap memory is double + the memory limit. + **--memory-reservation**="" Memory soft limit (format: [], where unit = b, k, m or g) From e796ed3ae740c84d71cbe84c964c6d8c665c8c00 Mon Sep 17 00:00:00 2001 From: Zhang Wei Date: Thu, 9 Jun 2016 23:32:20 +0800 Subject: [PATCH 277/398] Wait container's removal via Events API If AutoRemove is set, wait until client get `destroy` events, or get `detach` events that implies container is detached but not stopped. Signed-off-by: Zhang Wei --- docker-run.1.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docker-run.1.md b/docker-run.1.md index 65cdc7ae9fc8..060ec8e035eb 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -468,7 +468,9 @@ its root filesystem mounted as read only prohibiting any writes. Restart policy to apply when a container exits (no, on-failure[:max-retry], always, unless-stopped). **--rm**=*true*|*false* - Automatically remove the container when it exits (incompatible with -d). The default is *false*. + Automatically remove the container when it exits. The default is *false*. + `--rm` flag can work together with `-d`, and auto-removal will be done on daemon side. Note that it's +incompatible with any restart policy other than `none`. **--security-opt**=[] Security Options From 17e2a3ee3d8cd33f765a22846b467b6d7c69e355 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Thu, 11 Aug 2016 09:41:26 -0400 Subject: [PATCH 278/398] Linux upstream kernel Overlay file systems support SELinux Remove checks that prevent overlay and SELinux from working together. Fixes are arriving in the 4.9 kernel. Signed-off-by: Dan Walsh --- dockerd.8.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dockerd.8.md b/dockerd.8.md index a098a708a337..06c382002743 100644 --- a/dockerd.8.md +++ b/dockerd.8.md @@ -235,7 +235,7 @@ output otherwise. Force the Docker runtime to use a specific storage driver. **--selinux-enabled**=*true*|*false* - Enable selinux support. Default is false. SELinux does not presently support either of the overlay storage drivers. + Enable selinux support. Default is false. **--storage-opt**=[] Set storage driver options. See STORAGE DRIVER OPTIONS. From bb3ea66b40916a7994c4571fc5323f3a509f5bf8 Mon Sep 17 00:00:00 2001 From: Lei Jitang Date: Thu, 11 Aug 2016 21:08:54 -0400 Subject: [PATCH 279/398] Fix inspect network show gateway with mask Signed-off-by: Lei Jitang --- docker-network-inspect.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-network-inspect.1.md b/docker-network-inspect.1.md index da4e7c355037..3805fb25a806 100644 --- a/docker-network-inspect.1.md +++ b/docker-network-inspect.1.md @@ -91,7 +91,7 @@ $ docker network inspect simple-network "Config": [ { "Subnet": "172.22.0.0/16", - "Gateway": "172.22.0.1/16" + "Gateway": "172.22.0.1" } ] }, From c95ed915ec6080899f576f45a7c9c139d83e5dc2 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 15 Aug 2016 14:14:41 +0200 Subject: [PATCH 280/398] Fix capitalization Signed-off-by: YuPengZTE Signed-off-by: Sebastiaan van Stijn --- docker-run.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-run.1.md b/docker-run.1.md index 060ec8e035eb..ad62fa0737ea 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -992,7 +992,7 @@ network namespace, run this command: Note: -Not all sysctls are namespaced. docker does not support changing sysctls +Not all sysctls are namespaced. Docker does not support changing sysctls inside of a container that also modify the host system. As the kernel evolves we expect to see more sysctls become namespaced. From 0f979bb6ac0a799df25da4ac2892bd92caa0db61 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Tue, 21 Jun 2016 09:15:17 +0000 Subject: [PATCH 281/398] add `--format` flag to `docker info` Signed-off-by: Akihiro Suda --- docker-info.1.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/docker-info.1.md b/docker-info.1.md index 1d96b562ebfa..810b21536325 100644 --- a/docker-info.1.md +++ b/docker-info.1.md @@ -7,7 +7,7 @@ docker-info - Display system-wide information # SYNOPSIS **docker info** [**--help**] - +[**-f**|**--format**[=*FORMAT*]] # DESCRIPTION This command displays system wide information regarding the Docker installation. @@ -15,6 +15,10 @@ Information displayed includes the kernel version, number of containers and imag The number of images shown is the number of unique images. The same image tagged under different names is counted only once. +If a format is specified, the given template will be executed instead of the +default format. Go's **text/template** package +describes all the details of the format. + Depending on the storage driver in use, additional information can be shown, such as pool name, data file, metadata file, data space used, total data space, metadata space used, and total metadata space. @@ -28,6 +32,9 @@ available on the volume where `/var/lib/docker` is mounted. **--help** Print usage statement +**-f**, **--format**="" + Format the output using the given go template + # EXAMPLES ## Display Docker system information @@ -140,6 +147,11 @@ information about the devicemapper storage driver is shown: myinsecurehost:5000 127.0.0.0/8 +You can also specify the output format: + + $ docker info --format '{{json .}}' + {"ID":"I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S","Containers":14, ...} + # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. From 3c768c6d81f587d00f202c96c82060493ff2e951 Mon Sep 17 00:00:00 2001 From: Zhang Wei Date: Mon, 15 Aug 2016 16:38:47 +0800 Subject: [PATCH 282/398] Forbid update restart policy of container with AutoRemove flag "--restart" and "--rm" are conflict options, if a container is started with AutoRemove flag, we should forbid the update action for its Restart Policy. Signed-off-by: Zhang Wei --- docker-update.1.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker-update.1.md b/docker-update.1.md index ad86297a073b..71fb6e476ac4 100644 --- a/docker-update.1.md +++ b/docker-update.1.md @@ -148,3 +148,7 @@ To update restart policy for one or more containers: ```bash $ docker update --restart=on-failure:3 abebf7571666 hopeful_morse ``` + +Note that if the container is started with "--rm" flag, you cannot update the restart +policy for it. The `AutoRemove` and `RestartPolicy` are mutually exclusive for the +container. From acc122dcd335f48541306b1890d28cf78224e8c1 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Thu, 18 Aug 2016 20:03:08 -0400 Subject: [PATCH 283/398] Use the correct version of glide In `man/Dockerfile` we are specifying a tagged version of glide to checkout, but never actually checking it out. This checks out the requested version before building. Signed-off-by: Brian Goff --- Dockerfile | 1 + Dockerfile.armhf | 1 + 2 files changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 5657d13c929a..6c11bcccffdd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,6 +9,7 @@ RUN export GLIDE=v0.11.1; \ mkdir -p ${TARGET} && \ git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \ cd ${TARGET}/glide && \ + git checkout $GLIDE && \ make build && \ cp ./glide /usr/bin/glide && \ cd / && rm -rf /go/src/* /go/bin/* /go/pkg/* diff --git a/Dockerfile.armhf b/Dockerfile.armhf index a3552c660baf..c8815c30efbf 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -9,6 +9,7 @@ RUN export GLIDE=v0.11.1; \ mkdir -p ${TARGET} && \ git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \ cd ${TARGET}/glide && \ + git checkout $GLIDE && \ make build && \ cp ./glide /usr/bin/glide && \ cd / && rm -rf /go/src/* /go/bin/* /go/pkg/* From 1864e3ee32c4c729ddc87cebad949e7fe85c1db6 Mon Sep 17 00:00:00 2001 From: Christopher Jones Date: Fri, 27 May 2016 17:26:37 -0400 Subject: [PATCH 284/398] ppc64le: add support for building docker debs for xenial This PR adds the ability to make docker debs for xenial on power Signed-off-by: Christopher Jones Signed-off-by: Christopher Jones --- Dockerfile.ppc64le | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 Dockerfile.ppc64le diff --git a/Dockerfile.ppc64le b/Dockerfile.ppc64le new file mode 100644 index 000000000000..4ae0eeee8247 --- /dev/null +++ b/Dockerfile.ppc64le @@ -0,0 +1,25 @@ +FROM ppc64le/ubuntu:xenial + +RUN apt-get update && apt-get install -y git golang-go + +RUN mkdir -p /go/src /go/bin /go/pkg +ENV GOPATH=/go:/usr/lib/go-1.6 +RUN export GLIDE=v0.11.1; \ + export TARGET=/go/src/github.com/Masterminds; \ + mkdir -p ${TARGET} && \ + git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \ + cd ${TARGET}/glide && \ + git checkout $GLIDE && \ + make build && \ + cp ./glide /usr/bin/glide && \ + cd / && rm -rf /go/src/* /go/bin/* /go/pkg/* + +COPY glide.yaml /manvendor/ +COPY glide.lock /manvendor/ +WORKDIR /manvendor/ +RUN glide install && mv vendor src +ENV GOPATH=$GOPATH:/go/src/github.com/docker/docker/vendor:/manvendor +RUN go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man + +WORKDIR /go/src/github.com/docker/docker/ +ENTRYPOINT ["man/generate.sh"] From ef9a851d5ff988551fc4499c781cef55510d4e23 Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Fri, 19 Aug 2016 15:39:21 +0100 Subject: [PATCH 285/398] Add a Dockerfile for generating manpages on aarch64 Signed-off-by: Justin Cormack --- Dockerfile.aarch64 | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 Dockerfile.aarch64 diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 new file mode 100644 index 000000000000..a12cbeda0abc --- /dev/null +++ b/Dockerfile.aarch64 @@ -0,0 +1,25 @@ +FROM aarch64/ubuntu:xenial + +RUN apt-get update && apt-get install -y git golang-go + +RUN mkdir -p /go/src /go/bin /go/pkg +ENV GOPATH=/go +RUN export GLIDE=v0.11.1; \ + export TARGET=/go/src/github.com/Masterminds; \ + mkdir -p ${TARGET} && \ + git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \ + cd ${TARGET}/glide && \ + git checkout $GLIDE && \ + make build && \ + cp ./glide /usr/bin/glide && \ + cd / && rm -rf /go/src/* /go/bin/* /go/pkg/* + +COPY glide.yaml /manvendor/ +COPY glide.lock /manvendor/ +WORKDIR /manvendor/ +RUN glide install && mv vendor src +ENV GOPATH=$GOPATH:/go/src/github.com/docker/docker/vendor:/manvendor +RUN go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man + +WORKDIR /go/src/github.com/docker/docker/ +ENTRYPOINT ["man/generate.sh"] From e35e2a0788cd63560d08ecc6b574bffabbdd78a8 Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Fri, 19 Aug 2016 17:18:49 +0100 Subject: [PATCH 286/398] Add a Dockerfile for generating manpages on s390x Untested. Hoping CI and @michael-holzheu can test... Signed-off-by: Justin Cormack --- Dockerfile.s390x | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 Dockerfile.s390x diff --git a/Dockerfile.s390x b/Dockerfile.s390x new file mode 100644 index 000000000000..a6de5667be48 --- /dev/null +++ b/Dockerfile.s390x @@ -0,0 +1,25 @@ +FROM s390x/ubuntu:xenial + +RUN apt-get update && apt-get install -y git golang-go + +RUN mkdir -p /go/src /go/bin /go/pkg +ENV GOPATH=/go:/usr/lib/go-1.6 +RUN export GLIDE=v0.11.1; \ + export TARGET=/go/src/github.com/Masterminds; \ + mkdir -p ${TARGET} && \ + git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \ + cd ${TARGET}/glide && \ + git checkout $GLIDE && \ + make build && \ + cp ./glide /usr/bin/glide && \ + cd / && rm -rf /go/src/* /go/bin/* /go/pkg/* + +COPY glide.yaml /manvendor/ +COPY glide.lock /manvendor/ +WORKDIR /manvendor/ +RUN glide install && mv vendor src +ENV GOPATH=$GOPATH:/go/src/github.com/docker/docker/vendor:/manvendor +RUN go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man + +WORKDIR /go/src/github.com/docker/docker/ +ENTRYPOINT ["man/generate.sh"] From e12713a5be5c422dd5864cacc131254e2826ab5d Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Thu, 23 Jun 2016 11:25:51 -0400 Subject: [PATCH 287/398] Remove old cli framework. Also consolidate the leftover packages under cli. Remove pkg/mflag. Make manpage generation work with new cobra layout. Remove remaining mflag and fix tests after rebase with master. Signed-off-by: Daniel Nephin --- generate.go | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/generate.go b/generate.go index 7bcc57009e18..cee5a7fdd228 100644 --- a/generate.go +++ b/generate.go @@ -4,8 +4,10 @@ import ( "fmt" "os" - "github.com/docker/docker/cli/cobraadaptor" - cliflags "github.com/docker/docker/cli/flags" + "github.com/docker/docker/api/client" + "github.com/docker/docker/api/client/command" + "github.com/docker/docker/pkg/term" + "github.com/spf13/cobra" "github.com/spf13/cobra/doc" ) @@ -15,10 +17,12 @@ func generateManPages(path string) error { Section: "1", Source: "Docker Community", } - flags := &cliflags.ClientFlags{ - Common: cliflags.InitCommonFlags(), - } - cmd := cobraadaptor.NewCobraAdaptor(flags).GetRootCommand() + + stdin, stdout, stderr := term.StdStreams() + dockerCli := client.NewDockerCli(stdin, stdout, stderr) + cmd := &cobra.Command{Use: "docker"} + command.AddCommands(cmd, dockerCli) + cmd.DisableAutoGenTag = true return doc.GenManTreeFromOpts(cmd, doc.GenManTreeOptions{ Header: header, From ded9ce4cac3e570b8af83deb65add4ae74652c6b Mon Sep 17 00:00:00 2001 From: "Arnaud Porterie (icecrime)" Date: Wed, 15 Jun 2016 21:41:54 -0700 Subject: [PATCH 288/398] Refactor `docker inspect` to work on all types Signed-off-by: Arnaud Porterie (icecrime) --- docker-inspect.1.md | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/docker-inspect.1.md b/docker-inspect.1.md index 6d7a54ad3bc5..3dbf600fde80 100644 --- a/docker-inspect.1.md +++ b/docker-inspect.1.md @@ -2,23 +2,23 @@ % Docker Community % JUNE 2014 # NAME -docker-inspect - Return low-level information on a container or image +docker-inspect - Return low-level information on docker objects # SYNOPSIS **docker inspect** [**--help**] [**-f**|**--format**[=*FORMAT*]] [**-s**|**--size**] -[**--type**=*container*|*image*] -CONTAINER|IMAGE [CONTAINER|IMAGE...] +[**--type**=*container*|*image*|*network*|*node*|*service*|*task*|*volume*] +NAME|ID [NAME|ID...] # DESCRIPTION -This displays all the information available in Docker for a given -container or image. By default, this will render all results in a JSON -array. If the container and image have the same name, this will return -container JSON for unspecified type. If a format is specified, the given -template will be executed for each result. +This displays all the information available in Docker for one or multiple given +containers, images, volumes, networks, nodes, services, or tasks. By default, +this will render all results in a JSON array. If the container and image have +the same name, this will return container JSON for unspecified type. If a format +is specified, the given template will be executed for each result. # OPTIONS **--help** @@ -30,8 +30,9 @@ template will be executed for each result. **-s**, **--size** Display total file sizes if the type is container. -**--type**="*container*|*image*" - Return JSON for specified type, permissible values are "image" or "container" +**--type**=*container*|*image*|*network*|*node*|*service*|*task*|*volume* + Return JSON for specified type, permissible values are "image", "container", + "network", "node", "service", "task", and "volume". # EXAMPLES From f2f37ffca9422042ad1de56886e6731420fa2867 Mon Sep 17 00:00:00 2001 From: zhouhao Date: Tue, 30 Aug 2016 12:07:38 +0800 Subject: [PATCH 289/398] Modify restart function prompt Signed-off-by: zhouhao --- docker.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker.1.md b/docker.1.md index cf91741c7dfe..ecf048ef3931 100644 --- a/docker.1.md +++ b/docker.1.md @@ -161,7 +161,7 @@ inside it) See **docker-rename(1)** for full documentation on the **rename** command. **restart** - Restart a container + Restart one or more containers See **docker-restart(1)** for full documentation on the **restart** command. **rm** From dddf62fa06db8c7b361d51e3978afeead57f667e Mon Sep 17 00:00:00 2001 From: zhouhao Date: Thu, 1 Sep 2016 09:25:11 +0800 Subject: [PATCH 290/398] Modify rename function usage Signed-off-by: zhouhao --- docker-rename.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-rename.1.md b/docker-rename.1.md index aa19a03ae784..eaeea5c6e015 100644 --- a/docker-rename.1.md +++ b/docker-rename.1.md @@ -6,7 +6,7 @@ docker-rename - Rename a container # SYNOPSIS **docker rename** -OLD_NAME NEW_NAME +CONTAINER NEW_NAME # OPTIONS There are no available options. From 83ff336710c10ba8be0426737258f190bf7f4c79 Mon Sep 17 00:00:00 2001 From: zhouhao Date: Fri, 2 Sep 2016 13:06:08 +0800 Subject: [PATCH 291/398] Modify docker-restart.1.md Signed-off-by: zhouhao --- docker-restart.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-restart.1.md b/docker-restart.1.md index e0ffb32db265..271c4eee1b9e 100644 --- a/docker-restart.1.md +++ b/docker-restart.1.md @@ -2,7 +2,7 @@ % Docker Community % JUNE 2014 # NAME -docker-restart - Restart a container +docker-restart - Restart one or more containers # SYNOPSIS **docker restart** From 2e14234fd8d903450e9814be0a2d444155211a65 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Fri, 2 Sep 2016 09:51:41 +0000 Subject: [PATCH 292/398] fix the man page and zsh completion for `docker images` Signed-off-by: Akihiro Suda --- docker-images.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-images.1.md b/docker-images.1.md index fd551a58db1e..d8a4ac4b0336 100644 --- a/docker-images.1.md +++ b/docker-images.1.md @@ -45,7 +45,7 @@ versions. - since=([:tag]||) **--format**="*TEMPLATE*" - Pretty-print containers using a Go template. + Pretty-print images using a Go template. Valid placeholders: .ID - Image ID .Repository - Image repository From 4d8e306f46d461faf65c6b6ff68e6991d0051064 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Mon, 5 Sep 2016 04:44:18 +0000 Subject: [PATCH 293/398] fix docs about `sudo docker login` Signed-off-by: Akihiro Suda --- docker-login.1.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/docker-login.1.md b/docker-login.1.md index ea899376441b..6bb0355946cc 100644 --- a/docker-login.1.md +++ b/docker-login.1.md @@ -26,9 +26,6 @@ You can log into any public or private repository for which you have credentials. When you log in, the command stores encoded credentials in `$HOME/.docker/config.json` on Linux or `%USERPROFILE%/.docker/config.json` on Windows. -> **Note**: When running `sudo docker login` credentials are saved in `/root/.docker/config.json`. -> - # OPTIONS **--help** Print usage statement From 9b3749d0db8996be72bcdfa4f6220d9e2b3266ff Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Mon, 5 Sep 2016 03:11:14 -0700 Subject: [PATCH 294/398] Fix incorrect help output in `docker network ls` As is raised in 26312, in `docker network ls`, the help output was mistaken to `volume names`: ``` -q, --quiet Only display volume names ``` This fix changes the help output to: ``` -q, --quiet Only display network IDs ``` This fix also updates the documentation in: `docs/reference/commandline/network_ls.md` This fix fixes 26312. Signed-off-by: Yong Tang --- docker-network-ls.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-network-ls.1.md b/docker-network-ls.1.md index d5399d7a59ac..4166ba967ae8 100644 --- a/docker-network-ls.1.md +++ b/docker-network-ls.1.md @@ -179,7 +179,7 @@ attached. Do not truncate the output **-q**, **--quiet**=*true*|*false* - Only display numeric IDs + Only display network IDs **--help** Print usage statement From 82b73af36ef029529b978c0cc9377fe5d8bd727f Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Mon, 5 Sep 2016 08:38:32 -0700 Subject: [PATCH 295/398] Update man page for `docker create` to add `--rm` flag The `--rm` flag has been part of the `docker create` and related docs in `docs/reference/commandline/create.md` already includes the `--rm` flag. However, man page `man/docker-create.1.md` has not adds the `--rm` flag yet. This fix adds the description of `--rm` flag to `man/docker-create.1.md` Signed-off-by: Yong Tang --- docker-create.1.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker-create.1.md b/docker-create.1.md index 8a7cac8b8070..f31732d0bfa1 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -64,6 +64,7 @@ docker-create - Create a new container [**--privileged**] [**--read-only**] [**--restart**[=*RESTART*]] +[**--rm**] [**--security-opt**[=*[]*]] [**--storage-opt**[=*[]*]] [**--stop-signal**[=*SIGNAL*]] @@ -317,6 +318,9 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. **--restart**="*no*" Restart policy to apply when a container exits (no, on-failure[:max-retry], always, unless-stopped). +**--rm**=*true*|*false* + Automatically remove the container when it exits. The default is *false*. + **--shm-size**="" Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. From be11f1b5b971b32b24066008b4f255908580511b Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Thu, 8 Sep 2016 17:25:56 +0000 Subject: [PATCH 296/398] update go-md2man to v1.0.6 Signed-off-by: Akihiro Suda --- glide.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/glide.lock b/glide.lock index 40c5f5a64a6c..620a9d4c041c 100644 --- a/glide.lock +++ b/glide.lock @@ -4,7 +4,7 @@ imports: - name: github.com/BurntSushi/toml version: f0aeabca5a127c4078abb8c8d64298b147264b55 - name: github.com/cpuguy83/go-md2man - version: 2724a9c9051aa62e9cca11304e7dd518e9e41599 + version: a65d4d2de4d5f7c74868dfa9b202a3c8be315aaa subpackages: - md2man - name: github.com/fsnotify/fsnotify From d005d05ddc571500603377f734223d231af9489f Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Thu, 8 Sep 2016 13:11:39 -0400 Subject: [PATCH 297/398] Move api/client -> cli/command Using gomvpkg -from github.com/docker/docker/api/client -to github.com/docker/docker/cli/command -vcs_mv_cmd 'git mv {{.Src}} {{.Dst}}' Signed-off-by: Daniel Nephin --- generate.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/generate.go b/generate.go index cee5a7fdd228..f21614d94a0b 100644 --- a/generate.go +++ b/generate.go @@ -4,8 +4,8 @@ import ( "fmt" "os" - "github.com/docker/docker/api/client" - "github.com/docker/docker/api/client/command" + "github.com/docker/docker/cli/command" + "github.com/docker/docker/cli/command/commands" "github.com/docker/docker/pkg/term" "github.com/spf13/cobra" "github.com/spf13/cobra/doc" @@ -19,9 +19,9 @@ func generateManPages(path string) error { } stdin, stdout, stderr := term.StdStreams() - dockerCli := client.NewDockerCli(stdin, stdout, stderr) + dockerCli := command.NewDockerCli(stdin, stdout, stderr) cmd := &cobra.Command{Use: "docker"} - command.AddCommands(cmd, dockerCli) + commands.AddCommands(cmd, dockerCli) cmd.DisableAutoGenTag = true return doc.GenManTreeFromOpts(cmd, doc.GenManTreeOptions{ From f19f6ac7fa3ed7981435003a1ff74a469d5ac487 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Fri, 2 Sep 2016 07:40:06 +0000 Subject: [PATCH 298/398] add `docker events --format` Signed-off-by: Akihiro Suda --- docker-events.1.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/docker-events.1.md b/docker-events.1.md index 4e38b536879f..311020f6eff6 100644 --- a/docker-events.1.md +++ b/docker-events.1.md @@ -10,6 +10,7 @@ docker-events - Get real time events from the server [**-f**|**--filter**[=*[]*]] [**--since**[=*SINCE*]] [**--until**[=*UNTIL*]] +[**--format**[=*FORMAT*]] # DESCRIPTION @@ -45,6 +46,9 @@ Docker networks report the following events: **--until**="" Stream events until this timestamp +**--format**="" + Format the output using the given go template + The `--since` and `--until` parameters can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the client machine's time. If you do not provide the `--since` option, @@ -96,6 +100,31 @@ relative to the current time on the client machine: If you do not provide the --since option, the command returns only new and/or live events. +## Format + +If a format (`--format`) is specified, the given template will be executed +instead of the default format. Go's **text/template** package describes all the +details of the format. + + # docker events --filter 'type=container' --format 'Type={{.Type}} Status={{.Status}} ID={{.ID}}' + Type=container Status=create ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 + Type=container Status=attach ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 + Type=container Status=start ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 + Type=container Status=resize ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 + Type=container Status=die ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 + Type=container Status=destroy ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 + +If a format is set to `{{json .}}`, the events are streamed as valid JSON +Lines. For information about JSON Lines, please refer to http://jsonlines.org/ . + + # docker events --format '{{json .}}' + {"status":"create","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. + {"status":"attach","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. + {"Type":"network","Action":"connect","Actor":{"ID":"1b50a5bf755f6021dfa78e.. + {"status":"start","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f42.. + {"status":"resize","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. + + # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. From 5e388d1ff76cb807a0e71083cb6bf39622aa283d Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 15 Sep 2016 18:53:46 +0200 Subject: [PATCH 299/398] Synchronize push reference with man page Signed-off-by: Sebastiaan van Stijn --- docker-push.1.md | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/docker-push.1.md b/docker-push.1.md index 4919489a99a5..847e66d2e4df 100644 --- a/docker-push.1.md +++ b/docker-push.1.md @@ -11,18 +11,28 @@ NAME[:TAG] | [REGISTRY_HOST[:REGISTRY_PORT]/]NAME[:TAG] # DESCRIPTION -This command pushes an image or a repository to a registry. If you do not -specify a `REGISTRY_HOST`, the command uses Docker's public registry located at -`registry-1.docker.io` by default. Refer to **docker-tag(1)** for more -information about valid image and tag names. +Use `docker push` to share your images to the [Docker Hub](https://hub.docker.com) +registry or to a self-hosted one. + +Refer to **docker-tag(1)** for more information about valid image and tag names. + +Killing the **docker push** process, for example by pressing **CTRL-c** while it +is running in a terminal, terminates the push operation. + +Registry credentials are managed by **docker-login(1)**. + # OPTIONS + +**--disable-content-trust** + Skip image verification (default true) + **--help** Print usage statement # EXAMPLES -# Pushing a new image to a registry +## Pushing a new image to a registry First save the new image by finding the container ID (using **docker ps**) and then committing it to a new image name. Note that only a-z0-9-_. are @@ -45,8 +55,6 @@ Check that this worked by running: You should see both `rhel-httpd` and `registry-host:5000/myadmin/rhel-httpd` listed. -Registry credentials are managed by **docker-login(1)**. - # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. From ef1746ea143e6bd83d45207f5d956bbf82205852 Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Mon, 27 Jun 2016 14:38:47 -0700 Subject: [PATCH 300/398] Add init process for zombie fighting This adds a small C binary for fighting zombies. It is mounted under `/dev/init` and is prepended to the args specified by the user. You enable it via a daemon flag, `dockerd --init`, as it is disable by default for backwards compat. You can also override the daemon option or specify this on a per container basis with `docker run --init=true|false`. You can test this by running a process like this as the pid 1 in a container and see the extra zombie that appears in the container as it is running. ```c int main(int argc, char ** argv) { pid_t pid = fork(); if (pid == 0) { pid = fork(); if (pid == 0) { exit(0); } sleep(3); exit(0); } printf("got pid %d and exited\n", pid); sleep(20); } ``` Signed-off-by: Michael Crosby --- dockerd.8.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/dockerd.8.md b/dockerd.8.md index 06c382002743..a84cd76715b6 100644 --- a/dockerd.8.md +++ b/dockerd.8.md @@ -34,6 +34,7 @@ dockerd - Enable daemon mode [**-H**|**--host**[=*[]*]] [**--help**] [**--icc**[=*true*]] +[**--init**[=*false*]] [**--insecure-registry**[=*[]*]] [**--ip**[=*0.0.0.0*]] [**--ip-forward**[=*true*]] @@ -166,6 +167,9 @@ unix://[/path/to/socket] to use. **--icc**=*true*|*false* Allow unrestricted inter\-container and Docker daemon host communication. If disabled, containers can still be linked together using the **--link** option (see **docker-run(1)**). Default is true. +**--init** +Run an init process inside containers for signal forwarding and process reaping. + **--insecure-registry**=[] Enable insecure registry communication, i.e., enable un-encrypted and/or untrusted communication. From 809276cb13dd7c3bc287df85b2bfca181deefc8a Mon Sep 17 00:00:00 2001 From: Amir Goldstein Date: Sun, 18 Sep 2016 22:35:55 +0300 Subject: [PATCH 301/398] overlay2: add support for --storage-opt size Allow passing --storage-opt size=X to docker create/run commands for the `overlay2` graphriver. The size option is only available if the backing fs is xfs that is mounted with the `pquota` mount option. The user can pass any size less then the backing fs size. Signed-off-by: Amir Goldstein --- docker-create.1.md | 7 +++++-- docker-run.1.md | 7 +++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/docker-create.1.md b/docker-create.1.md index f31732d0bfa1..64365fac74b2 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -343,8 +343,11 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. $ docker create -it --storage-opt size=120G fedora /bin/bash - This (size) will allow to set the container rootfs size to 120G at creation time. User cannot pass a size less than the Default BaseFS Size. - This option is only available for the `devicemapper`, `btrfs`, and `zfs` graph drivers. + This (size) will allow to set the container rootfs size to 120G at creation time. + This option is only available for the `devicemapper`, `btrfs`, `overlay2` and `zfs` graph drivers. + For the `devicemapper`, `btrfs` and `zfs` storage drivers, user cannot pass a size less than the Default BaseFS Size. + For the `overlay2` storage driver, the size option is only available if the backing fs is `xfs` and mounted with the `pquota` mount option. + Under these conditions, user can pass any size less then the backing fs size. **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. diff --git a/docker-run.1.md b/docker-run.1.md index ad62fa0737ea..89166710c4c6 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -493,8 +493,11 @@ incompatible with any restart policy other than `none`. $ docker run -it --storage-opt size=120G fedora /bin/bash - This (size) will allow to set the container rootfs size to 120G at creation time. User cannot pass a size less than the Default BaseFS Size. - This option is only available for the `devicemapper`, `btrfs`, and `zfs` graph drivers. + This (size) will allow to set the container rootfs size to 120G at creation time. + This option is only available for the `devicemapper`, `btrfs`, `overlay2` and `zfs` graph drivers. + For the `devicemapper`, `btrfs` and `zfs` storage drivers, user cannot pass a size less than the Default BaseFS Size. + For the `overlay2` storage driver, the size option is only available if the backing fs is `xfs` and mounted with the `pquota` mount option. + Under these conditions, user can pass any size less then the backing fs size. **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. From c2646f98c73584cb381d5e082dedb0b1458d83cb Mon Sep 17 00:00:00 2001 From: Boaz Shuster Date: Sun, 25 Sep 2016 17:07:15 +0300 Subject: [PATCH 302/398] Add documentation for docker stats --format Signed-off-by: Boaz Shuster --- docker-stats.1.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/docker-stats.1.md b/docker-stats.1.md index 41c4b722a5c0..6c1c7bb36516 100644 --- a/docker-stats.1.md +++ b/docker-stats.1.md @@ -9,6 +9,7 @@ docker-stats - Display a live stream of one or more containers' resource usage s [**-a**|**--all**] [**--help**] [**--no-stream**] +[**--format[="*TEMPLATE*"]**] [CONTAINER...] # DESCRIPTION @@ -25,6 +26,17 @@ Display a live stream of one or more containers' resource usage statistics **--no-stream**=*true*|*false* Disable streaming stats and only pull the first result, default setting is false. +**--format**="*TEMPLATE*" + Pretty-print containers statistics using a Go template. + Valid placeholders: + .Container - Container name or ID. + .CPUPerc - CPU percentage. + .MemUsage - Memory usage. + .NetIO - Network IO. + .BlockIO - Block IO. + .MemPerc - Memory percentage (Not available on Windows). + .PIDs - Number of PIDs (Not available on Windows). + # EXAMPLES Running `docker stats` on all running containers From 500fb3f6d8ad36b07cc21ee99b6e2b3ee32d6d4c Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 26 Sep 2016 15:08:23 +0200 Subject: [PATCH 303/398] Update man page for dm.xfs_nospace_max_retries This option was added through commit 0d03c060c7e6800e60833c4462b917ee9b081440, but didn't update the man page. Signed-off-by: Sebastiaan van Stijn --- dockerd.8.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/dockerd.8.md b/dockerd.8.md index a84cd76715b6..ecbc43c030a2 100644 --- a/dockerd.8.md +++ b/dockerd.8.md @@ -533,6 +533,21 @@ the issue. Example use:: `dockerd --storage-opt dm.min_free_space=10%` +#### dm.xfs_nospace_max_retries + +Specifies the maximum number of retries XFS should attempt to complete +IO when ENOSPC (no space) error is returned by underlying storage device. + +By default XFS retries infinitely for IO to finish and this can result +in unkillable process. To change this behavior one can set +xfs_nospace_max_retries to say 0 and XFS will not retry IO after getting +ENOSPC and will shutdown filesystem. + +Example use: + + $ sudo dockerd --storage-opt dm.xfs_nospace_max_retries=0 + + ## ZFS options #### zfs.fsname From c6116f1c31720ab6bbdef7413dce24f59a467a6a Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 27 Sep 2016 01:02:57 +0200 Subject: [PATCH 304/398] Fix incorrect aux-address examples and test The (host)name for aux-addresses should be unique, otherwise later values overwrite earlier values. Before this change, the example command would send this API request; { "Attachable": false, "CheckDuplicate": true, "Driver": "overlay", "EnableIPv6": false, "IPAM": { "Config": [ { "Gateway": "192.168.0.100", "IPRange": "192.168.1.0/24", "Subnet": "192.168.0.0/16" }, { "AuxiliaryAddresses": { "a": "192.170.1.5", "b": "192.170.1.6" }, "Gateway": "192.170.0.100", "Subnet": "192.170.0.0/16" } ], "Driver": "default", "Options": { } }, "Internal": false, "Labels": { }, "Name": "my-multihost-network", "Options": { } } After this change, the request looks like this (all aux-addresses preserved); { "Attachable": false, "CheckDuplicate": true, "Driver": "overlay", "EnableIPv6": false, "IPAM": { "Config": [ { "AuxiliaryAddresses": { "my-router": "192.168.1.5", "my-switch": "192.168.1.6" }, "Gateway": "192.168.0.100", "IPRange": "192.168.1.0/24", "Subnet": "192.168.0.0/16" }, { "AuxiliaryAddresses": { "my-printer": "192.170.1.5", "my-nas": "192.170.1.6" }, "Gateway": "192.170.0.100", "Subnet": "192.170.0.0/16" } ], "Driver": "default", "Options": { } }, "Internal": false, "Labels": { }, "Name": "my-multihost-network", "Options": { } } Signed-off-by: Sebastiaan van Stijn --- docker-network-create.1.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-network-create.1.md b/docker-network-create.1.md index 1505339df8aa..3000bb213537 100644 --- a/docker-network-create.1.md +++ b/docker-network-create.1.md @@ -127,8 +127,8 @@ $ docker network create -d overlay \ --gateway=192.168.0.100 \ --gateway=192.170.0.100 \ --ip-range=192.168.1.0/24 \ - --aux-address a=192.168.1.5 --aux-address b=192.168.1.6 \ - --aux-address a=192.170.1.5 --aux-address b=192.170.1.6 \ + --aux-address="my-router=192.168.1.5" --aux-address="my-switch=192.168.1.6" \ + --aux-address="my-printer=192.170.1.5" --aux-address="my-nas=192.170.1.6" \ my-multihost-network ``` From deddca722c655a1a05766f4fd77cbba1f52d078d Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Tue, 27 Sep 2016 12:51:42 +0200 Subject: [PATCH 305/398] configure docker-init binary path Signed-off-by: Antonio Murdaca --- dockerd.8.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/dockerd.8.md b/dockerd.8.md index ecbc43c030a2..503b76061e53 100644 --- a/dockerd.8.md +++ b/dockerd.8.md @@ -35,6 +35,7 @@ dockerd - Enable daemon mode [**--help**] [**--icc**[=*true*]] [**--init**[=*false*]] +[**--init-path**[=*""*]] [**--insecure-registry**[=*[]*]] [**--ip**[=*0.0.0.0*]] [**--ip-forward**[=*true*]] @@ -170,6 +171,9 @@ unix://[/path/to/socket] to use. **--init** Run an init process inside containers for signal forwarding and process reaping. +**--init-path** +Path to the docker-init binary. + **--insecure-registry**=[] Enable insecure registry communication, i.e., enable un-encrypted and/or untrusted communication. From 29b5ad448f4d722575d5a515cbf800cecbbad765 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Wed, 28 Sep 2016 12:45:30 +0200 Subject: [PATCH 306/398] Add a new "is-task" ps filter This makes it easier to list containers that are part of a task (swarm mode) and those who are not. Signed-off-by: Vincent Demeester --- docker-ps.1.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-ps.1.md b/docker-ps.1.md index 14c770121f6d..fd6c4e78fac6 100644 --- a/docker-ps.1.md +++ b/docker-ps.1.md @@ -32,6 +32,7 @@ the running containers. - status=(created|restarting|running|paused|exited|dead) - name= a container's name - id= a container's ID + - is-task=(true|false) - containers that are a task (part of a service managed by swarm) - before=(|) - since=(|) - ancestor=([:tag]||) - containers created from an image or a descendant. From 1732bd24f9f36106a1369e80bd37f22ec7dbfcf6 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 18 Aug 2016 16:35:23 +0800 Subject: [PATCH 307/398] Add support for compressing build context during image build When sending a build context to a remote server it may be (significantly) advantageous to compress the build context. This commit adds support for gz compression when constructing a build context using a command like "docker build --compress ." Signed-off-by: Paul Kehrer --- docker-build.1.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker-build.1.md b/docker-build.1.md index b654e2d92293..b07061ea9161 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -16,6 +16,7 @@ docker-build - Build a new image from the source code at PATH [**--label**[=*[]*]] [**--no-cache**] [**--pull**] +[**--compress**] [**-q**|**--quiet**] [**--rm**[=*true*]] [**-t**|**--tag**[=*[]*]] @@ -84,6 +85,9 @@ set as the **URL**, the repository is cloned locally and then sent as the contex **--pull**=*true*|*false* Always attempt to pull a newer version of the image. The default is *false*. +**--compress**=*true*|*false* + Compress the build context using gzip. The default is *false*. + **-q**, **--quiet**=*true*|*false* Suppress the build output and print image ID on success. The default is *false*. From 7f19f46d57e432d8b84888d8ed4cc9d64bbdede2 Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Sat, 24 Sep 2016 15:44:25 +0200 Subject: [PATCH 308/398] daemon: add --userland-proxy-path flag Signed-off-by: Antonio Murdaca --- dockerd.8.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/dockerd.8.md b/dockerd.8.md index 503b76061e53..84ae3df6b4f8 100644 --- a/dockerd.8.md +++ b/dockerd.8.md @@ -64,6 +64,7 @@ dockerd - Enable daemon mode [**--tlskey**[=*~/.docker/key.pem*]] [**--tlsverify**] [**--userland-proxy**[=*true*]] +[**--userland-proxy-path**[=*""*]] [**--userns-remap**[=*default*]] # DESCRIPTION @@ -272,6 +273,9 @@ output otherwise. **--userland-proxy**=*true*|*false* Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is true. +**--userland-proxy-path**="" + Path to the userland proxy binary. + **--userns-remap**=*default*|*uid:gid*|*user:group*|*user*|*uid* Enable user namespaces for containers on the daemon. Specifying "default" will cause a new user and group to be created to handle UID and GID range remapping for the user namespace mappings used for contained processes. Specifying a user (or uid) and optionally a group (or gid) will cause the daemon to lookup the user and group's subordinate ID ranges for use as the user namespace mappings for contained processes. From 1f04714342243f078112e3525c1967b4df7c5fd8 Mon Sep 17 00:00:00 2001 From: Darren Stahl Date: Thu, 8 Sep 2016 17:31:04 -0700 Subject: [PATCH 309/398] Implement Pause Resume support for Windows Signed-off-by: Darren Stahl --- docker-pause.1.md | 11 ++++++----- docker-unpause.1.md | 4 ++-- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/docker-pause.1.md b/docker-pause.1.md index 5d2267af62da..ffc3b35ca02d 100644 --- a/docker-pause.1.md +++ b/docker-pause.1.md @@ -10,11 +10,12 @@ CONTAINER [CONTAINER...] # DESCRIPTION -The `docker pause` command uses the cgroups freezer to suspend all processes in -a container. Traditionally when suspending a process the `SIGSTOP` signal is -used, which is observable by the process being suspended. With the cgroups freezer -the process is unaware, and unable to capture, that it is being suspended, -and subsequently resumed. +The `docker pause` command suspends all processes in a container. On Linux, +this uses the cgroups freezer. Traditionally, when suspending a process the +`SIGSTOP` signal is used, which is observable by the process being suspended. +With the cgroups freezer the process is unaware, and unable to capture, +that it is being suspended, and subsequently resumed. On Windows, only Hyper-V +containers can be paused. See the [cgroups freezer documentation] (https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) for diff --git a/docker-unpause.1.md b/docker-unpause.1.md index 466e1bb1a3ea..8c64e68de6a8 100644 --- a/docker-unpause.1.md +++ b/docker-unpause.1.md @@ -10,8 +10,8 @@ CONTAINER [CONTAINER...] # DESCRIPTION -The `docker unpause` command uses the cgroups freezer to un-suspend all -processes in a container. +The `docker unpause` command un-suspends all processes in a container. +On Linux, it does this using the cgroups freezer. See the [cgroups freezer documentation] (https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) for From 9287e933b2c50043d605f4b5e8f677e6f7502da9 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Thu, 26 May 2016 13:34:48 -0700 Subject: [PATCH 310/398] Add config parameter to change per-container stop timeout during daemon shutdown This fix tries to add a flag `--stop-timeout` to specify the timeout value (in seconds) for the container to stop before SIGKILL is issued. If stop timeout is not specified then the default timeout (10s) is used. Additional test cases have been added to cover the change. This fix is related to #22471. Another pull request will add `--shutdown-timeout` to daemon for #22471. Signed-off-by: Yong Tang --- docker-create.1.md | 4 ++++ docker-run.1.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/docker-create.1.md b/docker-create.1.md index 64365fac74b2..ece8a91f5f03 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -68,6 +68,7 @@ docker-create - Create a new container [**--security-opt**[=*[]*]] [**--storage-opt**[=*[]*]] [**--stop-signal**[=*SIGNAL*]] +[**--stop-timeout**[=*TIMEOUT*]] [**--shm-size**[=*[]*]] [**--sysctl**[=*[]*]] [**-t**|**--tty**] @@ -352,6 +353,9 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. +**--stop-timeout**=*10* + Timeout (in seconds) to stop a container. Default is 10. + **--sysctl**=SYSCTL Configure namespaced kernel parameters at runtime diff --git a/docker-run.1.md b/docker-run.1.md index 89166710c4c6..51df3df153a4 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -70,6 +70,7 @@ docker-run - Run a command in a new container [**--security-opt**[=*[]*]] [**--storage-opt**[=*[]*]] [**--stop-signal**[=*SIGNAL*]] +[**--stop-timeout**[=*TIMEOUT*]] [**--shm-size**[=*[]*]] [**--sig-proxy**[=*true*]] [**--sysctl**[=*[]*]] @@ -502,6 +503,9 @@ incompatible with any restart policy other than `none`. **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. +**--stop-timeout**=*10* + Timeout (in seconds) to stop a container. Default is 10. + **--shm-size**="" Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m`(megabytes), or `g` (gigabytes). From c65e497e4953acb02c64c84a9096c934bfacb401 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Tue, 18 Oct 2016 18:50:11 +0800 Subject: [PATCH 311/398] Fix typs from go to Go Signed-off-by: yuexiao-wang --- docker-events.1.md | 2 +- docker-info.1.md | 2 +- docker-network-inspect.1.md | 2 +- docker-version.1.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docker-events.1.md b/docker-events.1.md index 311020f6eff6..11b3e98e5ae2 100644 --- a/docker-events.1.md +++ b/docker-events.1.md @@ -47,7 +47,7 @@ Docker networks report the following events: Stream events until this timestamp **--format**="" - Format the output using the given go template + Format the output using the given Go template The `--since` and `--until` parameters can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed diff --git a/docker-info.1.md b/docker-info.1.md index 810b21536325..42f1efe8635d 100644 --- a/docker-info.1.md +++ b/docker-info.1.md @@ -33,7 +33,7 @@ available on the volume where `/var/lib/docker` is mounted. Print usage statement **-f**, **--format**="" - Format the output using the given go template + Format the output using the given Go template # EXAMPLES diff --git a/docker-network-inspect.1.md b/docker-network-inspect.1.md index 3805fb25a806..f27c98cb340d 100644 --- a/docker-network-inspect.1.md +++ b/docker-network-inspect.1.md @@ -103,7 +103,7 @@ $ docker network inspect simple-network # OPTIONS **-f**, **--format**="" - Format the output using the given go template. + Format the output using the given Go template. **--help** Print usage statement diff --git a/docker-version.1.md b/docker-version.1.md index 04ae3464f847..bb521c4eed6c 100644 --- a/docker-version.1.md +++ b/docker-version.1.md @@ -18,7 +18,7 @@ daemon. Print usage statement **-f**, **--format**="" - Format the output using the given go template. + Format the output using the given Go template. # EXAMPLES From a32e0a5de64ae4174ef3719e5413b965519933a8 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Thu, 26 May 2016 14:07:30 -0700 Subject: [PATCH 312/398] Add config parameter to change stop timeout during daemon shutdown This fix tries to add a daemon config parameter `--shutdown-timeout` that specifies the timeout value to stop containers gracefully (before SIGKILL). The default value is 15s. The `--shutdown-timeout` parameter is added to daemon options and config file. It will also be updated during daemon reload. Additional test cases have been added to cover the change. This fix fixes #22471. Signed-off-by: Yong Tang --- dockerd.8.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/dockerd.8.md b/dockerd.8.md index 84ae3df6b4f8..24b71811fb4f 100644 --- a/dockerd.8.md +++ b/dockerd.8.md @@ -56,6 +56,7 @@ dockerd - Enable daemon mode [**--registry-mirror**[=*[]*]] [**-s**|**--storage-driver**[=*STORAGE-DRIVER*]] [**--selinux-enabled**] +[**--shutdown-timeout**[=*15*]] [**--storage-opt**[=*[]*]] [**--swarm-default-advertise-addr**[=*IP|INTERFACE*]] [**--tls**] @@ -246,6 +247,9 @@ output otherwise. **--selinux-enabled**=*true*|*false* Enable selinux support. Default is false. +**--shutdown-timeout**=*15* + Set the shutdown timeout value in seconds. Default is `15`. + **--storage-opt**=[] Set storage driver options. See STORAGE DRIVER OPTIONS. From 0321bd05e4e0f6dfdea8ce52a1074501814b0b18 Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Tue, 18 Oct 2016 12:06:55 -0700 Subject: [PATCH 313/398] Update sfp13/pflag Signed-off-by: Daniel Nephin --- glide.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/glide.lock b/glide.lock index 620a9d4c041c..5ec765a4c63c 100644 --- a/glide.lock +++ b/glide.lock @@ -35,7 +35,7 @@ imports: - name: github.com/spf13/jwalterweatherman version: 33c24e77fb80341fe7130ee7c594256ff08ccc46 - name: github.com/spf13/pflag - version: 367864438f1b1a3c7db4da06a2f55b144e6784e0 + version: dabebe21bf790f782ea4c7bbd2efc430de182afd - name: github.com/spf13/viper version: c1ccc378a054ea8d4e38d8c67f6938d4760b53dd - name: golang.org/x/sys From 564e99b54e30fc00b6d1653a3e07639226c8d744 Mon Sep 17 00:00:00 2001 From: YuPengZTE Date: Wed, 19 Oct 2016 17:42:45 +0800 Subject: [PATCH 314/398] Fix the typo of URLs Signed-off-by: YuPengZTE --- docker-build.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-build.1.md b/docker-build.1.md index b07061ea9161..fb7394e03490 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -203,7 +203,7 @@ Cgroups are created if they do not already exist. Ulimit options For more information about `ulimit` see [Setting ulimits in a -container](https://docs.docker.com/reference/commandline/run/#setting-ulimits-in-a-container) +container](https://docs.docker.com/engine/reference/commandline/run/#set-ulimits-in-container---ulimit) # EXAMPLES From c14f1cbc174fad72b09e61193c521524bf7a20a5 Mon Sep 17 00:00:00 2001 From: Jonh Wendell Date: Wed, 13 Jul 2016 14:24:41 -0300 Subject: [PATCH 315/398] Exec: Add ability to set environment variables Keeping the current behavior for exec, i.e., inheriting variables from main process. New variables will be added to current ones. If there's already a variable with that name it will be overwritten. Example of usage: docker exec -it -e TERM=vt100 top Closes #24355. Signed-off-by: Jonh Wendell --- docker-exec.1.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docker-exec.1.md b/docker-exec.1.md index 16a061d06929..fe9c279e7eae 100644 --- a/docker-exec.1.md +++ b/docker-exec.1.md @@ -8,6 +8,7 @@ docker-exec - Run a command in a running container **docker exec** [**-d**|**--detach**] [**--detach-keys**[=*[]*]] +[**-e**|**--env**[=*[]*]] [**--help**] [**-i**|**--interactive**] [**--privileged**] @@ -32,6 +33,12 @@ container is unpaused, and then run **--detach-keys**="" Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-` where `` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. +**-e**, **--env**=[] + Set environment variables + + This option allows you to specify arbitrary environment variables that are +available for the command to be executed. + **--help** Print usage statement From 18191c34f49a470b0cd0249f8ed71f57bd8e102e Mon Sep 17 00:00:00 2001 From: Kenfe-Mickael Laventure Date: Thu, 6 Oct 2016 07:09:54 -0700 Subject: [PATCH 316/398] Make experimental a runtime flag Signed-off-by: Kenfe-Mickael Laventure --- dockerd.8.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/dockerd.8.md b/dockerd.8.md index 24b71811fb4f..c20f0bb140a8 100644 --- a/dockerd.8.md +++ b/dockerd.8.md @@ -27,6 +27,7 @@ dockerd - Enable daemon mode [**--dns-search**[=*[]*]] [**--exec-opt**[=*[]*]] [**--exec-root**[=*/var/run/docker*]] +[**--experimental**[=*false*]] [**--fixed-cidr**[=*FIXED-CIDR*]] [**--fixed-cidr-v6**[=*FIXED-CIDR-V6*]] [**-G**|**--group**[=*docker*]] @@ -146,6 +147,9 @@ format. **--exec-root**="" Path to use as the root of the Docker execution state files. Default is `/var/run/docker`. +**--experimental**="" + Enable the daemon experimental features. + **--fixed-cidr**="" IPv4 subnet for fixed IPs (e.g., 10.20.0.0/16); this subnet must be nested in the bridge subnet (which is defined by \-b or \-\-bip) From 84d4bcfda2aa2203b33a682c0273eb99c2dd4c89 Mon Sep 17 00:00:00 2001 From: sandyskies Date: Sun, 6 Mar 2016 20:29:23 +0800 Subject: [PATCH 317/398] add --network option for docker build Signed-off-by: sandyskies Signed-off-by: Tonis Tiigi --- docker-build.1.md | 4 ++++ docker-run.1.md | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/docker-build.1.md b/docker-build.1.md index fb7394e03490..9dfa496f5b0c 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -22,6 +22,7 @@ docker-build - Build a new image from the source code at PATH [**-t**|**--tag**[=*[]*]] [**-m**|**--memory**[=*MEMORY*]] [**--memory-swap**[=*LIMIT*]] +[**--network**[=*"default"*]] [**--shm-size**[=*SHM-SIZE*]] [**--cpu-period**[=*0*]] [**--cpu-quota**[=*0*]] @@ -111,6 +112,9 @@ set as the **URL**, the repository is cloned locally and then sent as the contex `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. +**--network**=*NETWORK* + + **--shm-size**=*SHM-SIZE* Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. diff --git a/docker-run.1.md b/docker-run.1.md index 51df3df153a4..a18bae469e9c 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -388,7 +388,7 @@ string name. The name is useful when defining links (see **--link**) (or any other place you need to identify a container). This works for both background and foreground Docker containers. -**--net**="*bridge*" +**--network**="*bridge*" Set the Network mode for the container 'bridge': create a network stack on the default Docker bridge 'none': no networking From 058378759655c81af2a677f9d017501f1ea8004a Mon Sep 17 00:00:00 2001 From: "Erik St. Martin" Date: Tue, 7 Jun 2016 15:05:43 -0400 Subject: [PATCH 318/398] Implementing support for --cpu-rt-period and --cpu-rt-runtime so that containers may specify these cgroup values at runtime. This will allow processes to change their priority to real-time within the container when CONFIG_RT_GROUP_SCHED is enabled in the kernel. See #22380. Also added sanity checks for the new --cpu-rt-runtime and --cpu-rt-period flags to ensure that that the kernel supports these features and that runtime is not greater than period. Daemon will support a --cpu-rt-runtime flag to initialize the parent cgroup on startup, this prevents the administrator from alotting runtime to docker after each restart. There are additional checks that could be added but maybe too far? Check parent cgroups to ensure values are <= parent, inspecting rtprio ulimit and issuing a warning. Signed-off-by: Erik St. Martin --- docker-create.1.md | 17 +++++++++++++++++ docker-run.1.md | 15 +++++++++++++++ docker-update.1.md | 17 +++++++++++++++++ 3 files changed, 49 insertions(+) diff --git a/docker-create.1.md b/docker-create.1.md index ece8a91f5f03..08e8665903a9 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -17,6 +17,8 @@ docker-create - Create a new container [**--cidfile**[=*CIDFILE*]] [**--cpu-period**[=*0*]] [**--cpu-quota**[=*0*]] +[**--cpu-rt-period**[=*0*]] +[**--cpu-rt-runtime**[=*0*]] [**--cpuset-cpus**[=*CPUSET-CPUS*]] [**--cpuset-mems**[=*CPUSET-MEMS*]] [**--device**[=*[]*]] @@ -123,6 +125,8 @@ The initial status of the container created with **docker create** is 'created'. **--cpu-period**=*0* Limit the CPU CFS (Completely Fair Scheduler) period + Limit the container's CPU usage. This flag tell the kernel to restrict the container's CPU usage to the period you specify. + **--cpuset-cpus**="" CPUs in which to allow execution (0-3, 0,1) @@ -136,6 +140,19 @@ two memory nodes. **--cpu-quota**=*0* Limit the CPU CFS (Completely Fair Scheduler) quota +**--cpu-rt-period**=0 + Limit the CPU real-time period in microseconds + + Limit the container's Real Time CPU usage. This flag tell the kernel to restrict the container's Real Time CPU usage to the period you specify. + +**--cpu-rt-runtime**=0 + Limit the CPU real-time runtime in microseconds + + Limit the containers Real Time CPU usage. This flag tells the kernel to limit the amount of time in a given CPU period Real Time tasks may consume. Ex: + Period of 1,000,000us and Runtime of 950,000us means that this container could consume 95% of available CPU and leave the remaining 5% to normal priority tasks. + + The sum of all runtimes across containers cannot exceed the amount alotted to the parent cgroup. + **--device**=[] Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) diff --git a/docker-run.1.md b/docker-run.1.md index a18bae469e9c..8cbd26242ca5 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -17,6 +17,8 @@ docker-run - Run a command in a new container [**--cidfile**[=*CIDFILE*]] [**--cpu-period**[=*0*]] [**--cpu-quota**[=*0*]] +[**--cpu-rt-period**[=*0*]] +[**--cpu-rt-runtime**[=*0*]] [**--cpuset-cpus**[=*CPUSET-CPUS*]] [**--cpuset-mems**[=*CPUSET-MEMS*]] [**-d**|**--detach**] @@ -192,6 +194,19 @@ two memory nodes. CPU resource. This flag tell the kernel to restrict the container's CPU usage to the quota you specify. +**--cpu-rt-period**=0 + Limit the CPU real-time period in microseconds + + Limit the container's Real Time CPU usage. This flag tell the kernel to restrict the container's Real Time CPU usage to the period you specify. + +**--cpu-rt-runtime**=0 + Limit the CPU real-time runtime in microseconds + + Limit the containers Real Time CPU usage. This flag tells the kernel to limit the amount of time in a given CPU period Real Time tasks may consume. Ex: + Period of 1,000,000us and Runtime of 950,000us means that this container could consume 95% of available CPU and leave the remaining 5% to normal priority tasks. + + The sum of all runtimes across containers cannot exceed the amount alotted to the parent cgroup. + **-d**, **--detach**=*true*|*false* Detached mode: run the container in the background and print the new container ID. The default is *false*. diff --git a/docker-update.1.md b/docker-update.1.md index 71fb6e476ac4..7ae7099344b2 100644 --- a/docker-update.1.md +++ b/docker-update.1.md @@ -10,6 +10,8 @@ docker-update - Update configuration of one or more containers [**--cpu-shares**[=*0*]] [**--cpu-period**[=*0*]] [**--cpu-quota**[=*0*]] +[**--cpu-rt-period**[=*0*]] +[**--cpu-rt-runtime**[=*0*]] [**--cpuset-cpus**[=*CPUSET-CPUS*]] [**--cpuset-mems**[=*CPUSET-MEMS*]] [**--help**] @@ -44,9 +46,24 @@ a running container with kernel memory initialized. **--cpu-period**=0 Limit the CPU CFS (Completely Fair Scheduler) period + Limit the container's CPU usage. This flag tell the kernel to restrict the container's CPU usage to the period you specify. + **--cpu-quota**=0 Limit the CPU CFS (Completely Fair Scheduler) quota +**--cpu-rt-period**=0 + Limit the CPU real-time period in microseconds + + Limit the container's Real Time CPU usage. This flag tell the kernel to restrict the container's Real Time CPU usage to the period you specify. + +**--cpu-rt-runtime**=0 + Limit the CPU real-time runtime in microseconds + + Limit the containers Real Time CPU usage. This flag tells the kernel to limit the amount of time in a given CPU period Real Time tasks may consume. Ex: + Period of 1,000,000us and Runtime of 950,000us means that this container could consume 95% of available CPU and leave the remaining 5% to normal priority tasks. + + The sum of all runtimes across containers cannot exceed the amount alotted to the parent cgroup. + **--cpuset-cpus**="" CPUs in which to allow execution (0-3, 0,1) From 53864149ebe751ffd17faa4f947a13868b98ca65 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Fri, 28 Oct 2016 22:31:20 +0800 Subject: [PATCH 319/398] Add --format to man and fix some typos Signed-off-by: yuexiao-wang --- docker-images.1.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/docker-images.1.md b/docker-images.1.md index d8a4ac4b0336..bfe31316dca1 100644 --- a/docker-images.1.md +++ b/docker-images.1.md @@ -10,6 +10,7 @@ docker-images - List images [**-a**|**--all**] [**--digests**] [**-f**|**--filter**[=*[]*]] +[**--format**=*"TEMPLATE"*] [**--no-trunc**] [**-q**|**--quiet**] [REPOSITORY[:TAG]] @@ -39,7 +40,7 @@ versions. **-f**, **--filter**=[] Filters the output based on these conditions: - - dangling=(true|false) - finds unused images. + - dangling=(true|false) - find unused images - label= or label== - before=([:tag]||) - since=([:tag]||) @@ -51,9 +52,9 @@ versions. .Repository - Image repository .Tag - Image tag .Digest - Image digest - .CreatedSince - Elapsed time since the image was created. - .CreatedAt - Time when the image was created.. - .Size - Image disk size. + .CreatedSince - Elapsed time since the image was created + .CreatedAt - Time when the image was created + .Size - Image disk size **--help** Print usage statement From 6a0a02118af91b62a1644da323540010597b3b9c Mon Sep 17 00:00:00 2001 From: Josh Horwitz Date: Fri, 15 Jul 2016 14:21:19 -0400 Subject: [PATCH 320/398] Adds container health support to docker ps filter Signed-off-by: Josh Horwitz --- docker-ps.1.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-ps.1.md b/docker-ps.1.md index fd6c4e78fac6..d9aa39f8fdbf 100644 --- a/docker-ps.1.md +++ b/docker-ps.1.md @@ -38,6 +38,7 @@ the running containers. - ancestor=([:tag]||) - containers created from an image or a descendant. - volume=(|) - network=(|) - containers connected to the provided network + - health=(starting|healthy|unhealthy|none) - filters containers based on healthcheck status **--format**="*TEMPLATE*" Pretty-print containers using a Go template. @@ -141,3 +142,4 @@ June 2014, updated by Sven Dowideit August 2014, updated by Sven Dowideit November 2014, updated by Sven Dowideit February 2015, updated by André Martins +October 2016, updated by Josh Horwitz From d22d8cc4634eaeedd189848aef91b388e29c2efd Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Fri, 28 Oct 2016 13:07:00 -0700 Subject: [PATCH 321/398] =?UTF-8?q?Complete=20docker-events=20man=20page?= =?UTF-8?q?=20with=20filter=20list=E2=80=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit … and examples. Signed-off-by: Vincent Demeester --- docker-events.1.md | 49 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 48 insertions(+), 1 deletion(-) diff --git a/docker-events.1.md b/docker-events.1.md index 11b3e98e5ae2..c0909c681764 100644 --- a/docker-events.1.md +++ b/docker-events.1.md @@ -38,7 +38,16 @@ Docker networks report the following events: Print usage statement **-f**, **--filter**=[] - Provide filter values (i.e., 'event=stop') + Filter output based on these conditions + - container (`container=`) + - event (`event=`) + - image (`image=`) + - plugin (experimental) (`plugin=`) + - label (`label=` or `label==`) + - type (`type=`) + - volume (`volume=`) + - network (`network=`) + - daemon (`daemon=`) **--since**="" Show all events created since timestamp @@ -124,6 +133,44 @@ Lines. For information about JSON Lines, please refer to http://jsonlines.org/ . {"status":"start","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f42.. {"status":"resize","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. +## Filters + + $ docker events --filter 'event=stop' + 2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) + 2014-09-03T17:42:14.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) + + $ docker events --filter 'image=ubuntu-1:14.04' + 2014-05-10T17:42:14.999999999Z07:00 container start 4386fb97867d (image=ubuntu-1:14.04) + 2014-05-10T17:42:14.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04) + 2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) + + $ docker events --filter 'container=7805c1d35632' + 2014-05-10T17:42:14.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8) + 2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image= redis:2.8) + + $ docker events --filter 'container=7805c1d35632' --filter 'container=4386fb97867d' + 2014-09-03T15:49:29.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04) + 2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) + 2014-05-10T17:42:14.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8) + 2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) + + $ docker events --filter 'container=7805c1d35632' --filter 'event=stop' + 2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) + + $ docker events --filter 'type=volume' + 2015-12-23T21:05:28.136212689Z volume create test-event-volume-local (driver=local) + 2015-12-23T21:05:28.383462717Z volume mount test-event-volume-local (read/write=true, container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, destination=/foo, driver=local, propagation=rprivate) + 2015-12-23T21:05:28.650314265Z volume unmount test-event-volume-local (container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, driver=local) + 2015-12-23T21:05:28.716218405Z volume destroy test-event-volume-local (driver=local) + + $ docker events --filter 'type=network' + 2015-12-23T21:38:24.705709133Z network create 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, type=bridge) + 2015-12-23T21:38:25.119625123Z network connect 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, container=b4be644031a3d90b400f88ab3d4bdf4dc23adb250e696b6328b85441abe2c54e, type=bridge) + + $ docker events --filter 'type=plugin' (experimental) + 2016-07-25T17:30:14.825557616Z plugin pull ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/no-remove:latest) + 2016-07-25T17:30:14.888127370Z plugin enable ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/no-remove:latest) + # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) From b9e0c7ee66d07a27eea6b0345128fc63bb8999d6 Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Sat, 29 Oct 2016 15:03:26 +0800 Subject: [PATCH 322/398] Fix bunch of typos Signed-off-by: Qiang Huang --- docker-create.1.md | 2 +- docker-run.1.md | 2 +- docker-update.1.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docker-create.1.md b/docker-create.1.md index 08e8665903a9..21cbd9f9d628 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -151,7 +151,7 @@ two memory nodes. Limit the containers Real Time CPU usage. This flag tells the kernel to limit the amount of time in a given CPU period Real Time tasks may consume. Ex: Period of 1,000,000us and Runtime of 950,000us means that this container could consume 95% of available CPU and leave the remaining 5% to normal priority tasks. - The sum of all runtimes across containers cannot exceed the amount alotted to the parent cgroup. + The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup. **--device**=[] Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) diff --git a/docker-run.1.md b/docker-run.1.md index 8cbd26242ca5..0a46f2911087 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -205,7 +205,7 @@ to the quota you specify. Limit the containers Real Time CPU usage. This flag tells the kernel to limit the amount of time in a given CPU period Real Time tasks may consume. Ex: Period of 1,000,000us and Runtime of 950,000us means that this container could consume 95% of available CPU and leave the remaining 5% to normal priority tasks. - The sum of all runtimes across containers cannot exceed the amount alotted to the parent cgroup. + The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup. **-d**, **--detach**=*true*|*false* Detached mode: run the container in the background and print the new container ID. The default is *false*. diff --git a/docker-update.1.md b/docker-update.1.md index 7ae7099344b2..85f3dd07c1e2 100644 --- a/docker-update.1.md +++ b/docker-update.1.md @@ -62,7 +62,7 @@ a running container with kernel memory initialized. Limit the containers Real Time CPU usage. This flag tells the kernel to limit the amount of time in a given CPU period Real Time tasks may consume. Ex: Period of 1,000,000us and Runtime of 950,000us means that this container could consume 95% of available CPU and leave the remaining 5% to normal priority tasks. - The sum of all runtimes across containers cannot exceed the amount alotted to the parent cgroup. + The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup. **--cpuset-cpus**="" CPUs in which to allow execution (0-3, 0,1) From baf4c905ff0c6f8bf987d3f2a0146337b54f15c5 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Sun, 18 Sep 2016 13:11:02 +0800 Subject: [PATCH 323/398] Modify short and flags for docker inspect Signed-off-by: yuexiao-wang --- docker-inspect.1.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docker-inspect.1.md b/docker-inspect.1.md index 3dbf600fde80..21d7ba678a0c 100644 --- a/docker-inspect.1.md +++ b/docker-inspect.1.md @@ -14,8 +14,8 @@ NAME|ID [NAME|ID...] # DESCRIPTION -This displays all the information available in Docker for one or multiple given -containers, images, volumes, networks, nodes, services, or tasks. By default, +This displays the low-level information on Docker object(s) (e.g. container, +image, volume,network, node, service, or task) identified by name or ID. By default, this will render all results in a JSON array. If the container and image have the same name, this will return container JSON for unspecified type. If a format is specified, the given template will be executed for each result. @@ -25,14 +25,14 @@ is specified, the given template will be executed for each result. Print usage statement **-f**, **--format**="" - Format the output using the given Go template. + Format the output using the given Go template **-s**, **--size** - Display total file sizes if the type is container. + Display total file sizes if the type is container **--type**=*container*|*image*|*network*|*node*|*service*|*task*|*volume* Return JSON for specified type, permissible values are "image", "container", - "network", "node", "service", "task", and "volume". + "network", "node", "service", "task", and "volume" # EXAMPLES From 11ce68f968d5c487ca1e49fd441b62b20c1a45b0 Mon Sep 17 00:00:00 2001 From: Addam Hardy Date: Sat, 15 Oct 2016 22:37:15 -0500 Subject: [PATCH 324/398] Convert Unused ARG error to warning Signed-off-by: Addam Hardy --- Dockerfile.5.md | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/Dockerfile.5.md b/Dockerfile.5.md index df69935397a0..5191b1930ace 100644 --- a/Dockerfile.5.md +++ b/Dockerfile.5.md @@ -26,7 +26,7 @@ For example: # DESCRIPTION -A Dockerfile is a file that automates the steps of creating a Docker image. +A Dockerfile is a file that automates the steps of creating a Docker image. A Dockerfile is similar to a Makefile. # USAGE @@ -71,10 +71,10 @@ A Dockerfile is similar to a Makefile. multiple images. Make a note of the last image ID output by the commit before each new **FROM** command. - -- If no tag is given to the **FROM** instruction, Docker applies the + -- If no tag is given to the **FROM** instruction, Docker applies the `latest` tag. If the used tag does not exist, an error is returned. - -- If no digest is given to the **FROM** instruction, Docker applies the + -- If no digest is given to the **FROM** instruction, Docker applies the `latest` tag. If the used tag does not exist, an error is returned. **MAINTAINER** @@ -148,7 +148,7 @@ A Dockerfile is similar to a Makefile. ``` -- To make the container run the same executable every time, use **ENTRYPOINT** in - combination with **CMD**. + combination with **CMD**. If the user specifies arguments to `docker run`, the specified commands override the default in **CMD**. Do not confuse **RUN** with **CMD**. **RUN** runs a command and commits the result. @@ -156,7 +156,7 @@ A Dockerfile is similar to a Makefile. the image. **LABEL** - -- `LABEL = [= ...]`or + -- `LABEL = [= ...]`or ``` LABEL [ ] LABEL [ ] @@ -176,8 +176,8 @@ A Dockerfile is similar to a Makefile. ``` An image can have more than one label. To specify multiple labels, separate - each key-value pair by a space. - + each key-value pair by a space. + Labels are additive including `LABEL`s in `FROM` images. As the system encounters and then applies a new label, new `key`s override any previous labels with identical keys. @@ -194,7 +194,7 @@ A Dockerfile is similar to a Makefile. **ENV** -- `ENV ` The **ENV** instruction sets the environment variable to - the value ``. This value is passed to all future + the value ``. This value is passed to all future **RUN**, **ENTRYPOINT**, and **CMD** instructions. This is functionally equivalent to prefixing the command with `=`. The environment variables that are set with **ENV** persist when a container is run @@ -243,7 +243,7 @@ A Dockerfile is similar to a Makefile. being built (the context of the build) or a remote file URL. The `` is an absolute path, or a path relative to **WORKDIR**, into which the source will be copied inside the target container. If you **COPY** an archive file it will - land in the container exactly as it appears in the build context without any + land in the container exactly as it appears in the build context without any attempt to unpack it. All new files and directories are created with mode **0755** and with the uid and gid of **0**. @@ -326,10 +326,10 @@ A Dockerfile is similar to a Makefile. The `ARG` instruction defines a variable that users can pass at build-time to the builder with the `docker build` command using the `--build-arg =` flag. If a user specifies a build argument that was not - defined in the Dockerfile, the build outputs an error. + defined in the Dockerfile, the build outputs a warning. ``` - One or more build-args were not consumed, failing build. + [Warning] One or more build-args [foo] were not consumed ``` The Dockerfile author can define a single variable by specifying `ARG` once or many @@ -454,7 +454,7 @@ A Dockerfile is similar to a Makefile. you are defining an image to use as a base for building other images. For example, if you are defining an application build environment or a daemon that is customized with a user-specific configuration. - + Consider an image intended as a reusable python application builder. It must add application source code to a particular directory, and might need a build script called after that. You can't just call **ADD** and **RUN** now, because @@ -470,4 +470,5 @@ A Dockerfile is similar to a Makefile. # HISTORY *May 2014, Compiled by Zac Dover (zdover at redhat dot com) based on docker.com Dockerfile documentation. *Feb 2015, updated by Brian Goff (cpuguy83@gmail.com) for readability -*Sept 2015, updated by Sally O'Malley (somalley@redhat.com) +*Sept 2015, updated by Sally O'Malley (somalley@redhat.com) +*Oct 2016, updated by Addam Hardy (addam.hardy@gmail.com) From 1435706d857d6fe60f1ab535cdf827221b27646d Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Thu, 21 Apr 2016 12:08:37 -0400 Subject: [PATCH 325/398] Adds ability to squash image after build Allow built images to be squash to scratch. Squashing does not destroy any images or layers, and preserves the build cache. Introduce a new CLI argument --squash to docker build Introduce a new param to the build API endpoint `squash` Once the build is complete, docker creates a new image loading the diffs from each layer into a single new layer and references all the parent's layers. Signed-off-by: Brian Goff --- docker-build.1.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/docker-build.1.md b/docker-build.1.md index 9dfa496f5b0c..32caaafc74e4 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -11,6 +11,7 @@ docker-build - Build a new image from the source code at PATH [**--cgroup-parent**[=*CGROUP-PARENT*]] [**--help**] [**-f**|**--file**[=*PATH/Dockerfile*]] +[**-squash**] *Experimental* [**--force-rm**] [**--isolation**[=*default*]] [**--label**[=*[]*]] @@ -57,6 +58,22 @@ set as the **URL**, the repository is cloned locally and then sent as the contex the remote context. In all cases, the file must be within the build context. The default is *Dockerfile*. +**--squash**=*true*|*false* + **Experimental Only** + Once the image is built, squash the new layers into a new image with a single + new layer. Squashing does not destroy any existing image, rather it creates a new + image with the content of the squshed layers. This effectively makes it look + like all `Dockerfile` commands were created with a single layer. The build + cache is preserved with this method. + + **Note**: using this option means the new image will not be able to take + advantage of layer sharing with other images and may use significantly more + space. + + **Note**: using this option you may see significantly more space used due to + storing two copies of the image, one for the build cache with all the cache + layers in tact, and one for the squashed version. + **--build-arg**=*variable* name and value of a **buildarg**. From 11f3f4b5565810c1a26e64bf145645dad0f861f3 Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Fri, 2 Sep 2016 15:20:54 +0200 Subject: [PATCH 326/398] daemon: add a flag to override the default seccomp profile Signed-off-by: Antonio Murdaca --- dockerd.8.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/dockerd.8.md b/dockerd.8.md index c20f0bb140a8..f7fd23114945 100644 --- a/dockerd.8.md +++ b/dockerd.8.md @@ -56,6 +56,7 @@ dockerd - Enable daemon mode [**--raw-logs**] [**--registry-mirror**[=*[]*]] [**-s**|**--storage-driver**[=*STORAGE-DRIVER*]] +[**--seccomp-profile**[=*SECCOMP-PROFILE-PATH*]] [**--selinux-enabled**] [**--shutdown-timeout**[=*15*]] [**--storage-opt**[=*[]*]] @@ -248,6 +249,9 @@ output otherwise. **-s**, **--storage-driver**="" Force the Docker runtime to use a specific storage driver. +**--seccomp-profile**="" + Path to seccomp profile. + **--selinux-enabled**=*true*|*false* Enable selinux support. Default is false. From 7e5897434bf99b6e2289a743083c4e5f7fafdc64 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Tue, 25 Oct 2016 03:26:54 +0000 Subject: [PATCH 327/398] cli: add `--mount` to `docker run` Signed-off-by: Akihiro Suda --- docker-create.1.md | 1 + docker-run.1.md | 1 + 2 files changed, 2 insertions(+) diff --git a/docker-create.1.md b/docker-create.1.md index 21cbd9f9d628..fd19ee45c61c 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -53,6 +53,7 @@ docker-create - Create a new container [**--memory-reservation**[=*MEMORY-RESERVATION*]] [**--memory-swap**[=*LIMIT*]] [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] +[**--mount**[=*MOUNT*]] [**--name**[=*NAME*]] [**--network-alias**[=*[]*]] [**--network**[=*"bridge"*]] diff --git a/docker-run.1.md b/docker-run.1.md index 0a46f2911087..d430ff58a5f0 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -55,6 +55,7 @@ docker-run - Run a command in a new container [**--memory-reservation**[=*MEMORY-RESERVATION*]] [**--memory-swap**[=*LIMIT*]] [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] +[**--mount**[=*MOUNT*]] [**--name**[=*NAME*]] [**--network-alias**[=*[]*]] [**--network**[=*"bridge"*]] From 422eb1992af686717dd945f3d0081c3ef1305cd6 Mon Sep 17 00:00:00 2001 From: Alexander Morozov Date: Mon, 31 Oct 2016 11:22:28 -0700 Subject: [PATCH 328/398] project: use vndr for vendoring Signed-off-by: Alexander Morozov --- Dockerfile | 2 +- Dockerfile.aarch64 | 2 +- Dockerfile.armhf | 2 +- Dockerfile.ppc64le | 2 +- Dockerfile.s390x | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6c11bcccffdd..3ed219304c2b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,7 +18,7 @@ COPY glide.yaml /manvendor/ COPY glide.lock /manvendor/ WORKDIR /manvendor/ RUN glide install && mv vendor src -ENV GOPATH=$GOPATH:/go/src/github.com/docker/docker/vendor:/manvendor +ENV GOPATH=$GOPATH:/manvendor RUN go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man WORKDIR /go/src/github.com/docker/docker/ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index a12cbeda0abc..e788eb1c1dcb 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -18,7 +18,7 @@ COPY glide.yaml /manvendor/ COPY glide.lock /manvendor/ WORKDIR /manvendor/ RUN glide install && mv vendor src -ENV GOPATH=$GOPATH:/go/src/github.com/docker/docker/vendor:/manvendor +ENV GOPATH=$GOPATH:/manvendor RUN go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man WORKDIR /go/src/github.com/docker/docker/ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index c8815c30efbf..6fbd178c51a8 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -18,7 +18,7 @@ COPY glide.yaml /manvendor/ COPY glide.lock /manvendor/ WORKDIR /manvendor/ RUN glide install && mv vendor src -ENV GOPATH=$GOPATH:/go/src/github.com/docker/docker/vendor:/manvendor +ENV GOPATH=$GOPATH:/manvendor RUN go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man WORKDIR /go/src/github.com/docker/docker/ diff --git a/Dockerfile.ppc64le b/Dockerfile.ppc64le index 4ae0eeee8247..f55465027415 100644 --- a/Dockerfile.ppc64le +++ b/Dockerfile.ppc64le @@ -18,7 +18,7 @@ COPY glide.yaml /manvendor/ COPY glide.lock /manvendor/ WORKDIR /manvendor/ RUN glide install && mv vendor src -ENV GOPATH=$GOPATH:/go/src/github.com/docker/docker/vendor:/manvendor +ENV GOPATH=$GOPATH:/manvendor RUN go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man WORKDIR /go/src/github.com/docker/docker/ diff --git a/Dockerfile.s390x b/Dockerfile.s390x index a6de5667be48..6292e00cb766 100644 --- a/Dockerfile.s390x +++ b/Dockerfile.s390x @@ -18,7 +18,7 @@ COPY glide.yaml /manvendor/ COPY glide.lock /manvendor/ WORKDIR /manvendor/ RUN glide install && mv vendor src -ENV GOPATH=$GOPATH:/go/src/github.com/docker/docker/vendor:/manvendor +ENV GOPATH=$GOPATH:/manvendor RUN go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man WORKDIR /go/src/github.com/docker/docker/ From 6fd8efb8f9ee9cca18b650f7a357eb8fb41784a9 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Tue, 1 Nov 2016 10:12:29 -0700 Subject: [PATCH 329/398] Add `--cpus` flag to control cpu resources This fix tries to address the proposal raised in 27921 and add `--cpus` flag for `docker run/create`. Basically, `--cpus` will allow user to specify a number (possibly partial) about how many CPUs the container will use. For example, on a 2-CPU system `--cpus 1.5` means the container will take 75% (1.5/2) of the CPU share. This fix adds a `NanoCPUs` field to `HostConfig` since swarmkit alreay have a concept of NanoCPUs for tasks. The `--cpus` flag will translate the number into reused `NanoCPUs` to be consistent. This fix adds integration tests to cover the changes. Related docs (`docker run` and Remote APIs) have been updated. This fix fixes 27921. Signed-off-by: Yong Tang --- docker-create.1.md | 4 ++++ docker-run.1.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/docker-create.1.md b/docker-create.1.md index fd19ee45c61c..ff378397edd8 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -19,6 +19,7 @@ docker-create - Create a new container [**--cpu-quota**[=*0*]] [**--cpu-rt-period**[=*0*]] [**--cpu-rt-runtime**[=*0*]] +[**--cpus**[=*0.0*]] [**--cpuset-cpus**[=*CPUSET-CPUS*]] [**--cpuset-mems**[=*CPUSET-MEMS*]] [**--device**[=*[]*]] @@ -154,6 +155,9 @@ two memory nodes. The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup. +**--cpus**=0.0 + Number of CPUs. The default is *0.0*. + **--device**=[] Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) diff --git a/docker-run.1.md b/docker-run.1.md index d430ff58a5f0..5af64627bea1 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -19,6 +19,7 @@ docker-run - Run a command in a new container [**--cpu-quota**[=*0*]] [**--cpu-rt-period**[=*0*]] [**--cpu-rt-runtime**[=*0*]] +[**--cpus**[=*0.0*]] [**--cpuset-cpus**[=*CPUSET-CPUS*]] [**--cpuset-mems**[=*CPUSET-MEMS*]] [**-d**|**--detach**] @@ -208,6 +209,9 @@ to the quota you specify. The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup. +**--cpus**=0.0 + Number of CPUs. The default is *0.0* which means no limit. + **-d**, **--detach**=*true*|*false* Detached mode: run the container in the background and print the new container ID. The default is *false*. From 7eaabbfca8ac19a58429456a8e45508d08ae1536 Mon Sep 17 00:00:00 2001 From: Darren Stahl Date: Tue, 1 Nov 2016 13:02:46 -0700 Subject: [PATCH 330/398] Windows: Add cpu count option Signed-off-by: Darren Stahl --- docker-create.1.md | 14 ++++++++++++++ docker-run.1.md | 14 ++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/docker-create.1.md b/docker-create.1.md index ff378397edd8..767a7fc30710 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -15,6 +15,8 @@ docker-create - Create a new container [**--cap-drop**[=*[]*]] [**--cgroup-parent**[=*CGROUP-PATH*]] [**--cidfile**[=*CIDFILE*]] +[**--cpu-count**[=*0*]] +[**--cpu-percent**[=*0*]] [**--cpu-period**[=*0*]] [**--cpu-quota**[=*0*]] [**--cpu-rt-period**[=*0*]] @@ -124,6 +126,18 @@ The initial status of the container created with **docker create** is 'created'. **--cidfile**="" Write the container ID to the file +**--cpu-count**=*0* + Limit the number of CPUs available for execution by the container. + + On Windows Server containers, this is approximated as a percentage of total CPU usage. + + On Windows Server containers, the processor resource controls are mutually exclusive, the order of precedence is CPUCount first, then CPUShares, and CPUPercent last. + +**--cpu-percent**=*0* + Limit the percentage of CPU available for execution by a container running on a Windows daemon. + + On Windows Server containers, the processor resource controls are mutually exclusive, the order of precedence is CPUCount first, then CPUShares, and CPUPercent last. + **--cpu-period**=*0* Limit the CPU CFS (Completely Fair Scheduler) period diff --git a/docker-run.1.md b/docker-run.1.md index 5af64627bea1..ebede9a64f89 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -15,6 +15,8 @@ docker-run - Run a command in a new container [**--cap-drop**[=*[]*]] [**--cgroup-parent**[=*CGROUP-PATH*]] [**--cidfile**[=*CIDFILE*]] +[**--cpu-count**[=*0*]] +[**--cpu-percent**[=*0*]] [**--cpu-period**[=*0*]] [**--cpu-quota**[=*0*]] [**--cpu-rt-period**[=*0*]] @@ -174,6 +176,18 @@ division of CPU shares: **--cidfile**="" Write the container ID to the file +**--cpu-count**=*0* + Limit the number of CPUs available for execution by the container. + + On Windows Server containers, this is approximated as a percentage of total CPU usage. + + On Windows Server containers, the processor resource controls are mutually exclusive, the order of precedence is CPUCount first, then CPUShares, and CPUPercent last. + +**--cpu-percent**=*0* + Limit the percentage of CPU available for execution by a container running on a Windows daemon. + + On Windows Server containers, the processor resource controls are mutually exclusive, the order of precedence is CPUCount first, then CPUShares, and CPUPercent last. + **--cpu-period**=*0* Limit the CPU CFS (Completely Fair Scheduler) period From a4840c0c20ddd3fc02502d7c9eba9460640e1692 Mon Sep 17 00:00:00 2001 From: yupeng Date: Sat, 5 Nov 2016 10:45:15 +0800 Subject: [PATCH 331/398] Align arg with other cli Signed-off-by: yupeng --- docker.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker.1.md b/docker.1.md index ecf048ef3931..2a9618443918 100644 --- a/docker.1.md +++ b/docker.1.md @@ -5,7 +5,7 @@ docker \- Docker image and container command line interface # SYNOPSIS -**docker** [OPTIONS] COMMAND [arg...] +**docker** [OPTIONS] COMMAND [ARG...] **docker** daemon [--help|...] From ac2014c6cfb15c849554992b3201437c3f7bb1ba Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Tue, 8 Nov 2016 18:29:10 -0800 Subject: [PATCH 332/398] Add `--dns-option` to `docker run` and hide `--dns-opt` This fix is a follow up to #27567 based on: https://github.com/docker/docker/pull/27567#issuecomment-259295055 In #27567, `--dns-options` has been added to `service create/update`, together with `--dns` and `--dns-search`. The `--dns-opt` was used in `docker run`. This fix add `--dns-option` (not `--dns-options`) to `docker run/create`, and hide `--dns-opt`. It is still possible to use `--dns-opt` with `docker run/create`, though it will not show up in help output. This fix change `--dns-options`to --dns-option` for `docker service create` and `docker service update`. This fix also updates the docs and bash/zsh completion scripts. Signed-off-by: Yong Tang --- docker-create.1.md | 4 ++-- docker-run.1.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docker-create.1.md b/docker-create.1.md index 767a7fc30710..8bb162c2c3c0 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -31,7 +31,7 @@ docker-create - Create a new container [**--device-write-iops**[=*[]*]] [**--dns**[=*[]*]] [**--dns-search**[=*[]*]] -[**--dns-opt**[=*[]*]] +[**--dns-option**[=*[]*]] [**-e**|**--env**[=*[]*]] [**--entrypoint**[=*ENTRYPOINT*]] [**--env-file**[=*[]*]] @@ -190,7 +190,7 @@ two memory nodes. **--dns**=[] Set custom DNS servers -**--dns-opt**=[] +**--dns-option**=[] Set custom DNS options **--dns-search**=[] diff --git a/docker-run.1.md b/docker-run.1.md index ebede9a64f89..5224895c91df 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -32,7 +32,7 @@ docker-run - Run a command in a new container [**--device-write-bps**[=*[]*]] [**--device-write-iops**[=*[]*]] [**--dns**[=*[]*]] -[**--dns-opt**[=*[]*]] +[**--dns-option**[=*[]*]] [**--dns-search**[=*[]*]] [**-e**|**--env**[=*[]*]] [**--entrypoint**[=*ENTRYPOINT*]] @@ -260,7 +260,7 @@ See **config-json(5)** for documentation on using a configuration file. **--dns-search**=[] Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) -**--dns-opt**=[] +**--dns-option**=[] Set custom DNS options **--dns**=[] From 6220ef0c322964b057ef5280cbc7a7ddd0269a1e Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Fri, 11 Nov 2016 09:01:57 -0800 Subject: [PATCH 333/398] Update docs for `docker info` for most recent changes. This fix updates docs for `docker info` for most recent changes. It also made several chagnes: 1. Replace 0.12.0-dev to 0.13.0 for api docs v1.24. 2. Replace 0.13.0-dev to 0.13.0 for api docs v1.25 Signed-off-by: Yong Tang --- docker-info.1.md | 79 +++++++++++++++++++++++++++++++----------------- 1 file changed, 52 insertions(+), 27 deletions(-) diff --git a/docker-info.1.md b/docker-info.1.md index 42f1efe8635d..5ac54848e444 100644 --- a/docker-info.1.md +++ b/docker-info.1.md @@ -39,7 +39,7 @@ available on the volume where `/var/lib/docker` is mounted. ## Display Docker system information -Here is a sample output for a daemon running on Ubuntu, using the overlay +Here is a sample output for a daemon running on Ubuntu, using the overlay2 storage driver: $ docker -D info @@ -48,49 +48,74 @@ storage driver: Paused: 1 Stopped: 10 Images: 52 - Server Version: 1.12.0-dev - Storage Driver: overlay + Server Version: 1.13.0 + Storage Driver: overlay2 Backing Filesystem: extfs + Supports d_type: true + Native Overlay Diff: false Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local - Network: bridge null host overlay - Swarm: - NodeID: 0gac67oclbxq7 - IsManager: YES - Managers: 2 + Network: bridge host macvlan null overlay + Swarm: active + NodeID: rdjq45w1op418waxlairloqbm + Is Manager: true + ClusterID: te8kdyw33n36fqiz74bfjeixd + Managers: 1 Nodes: 2 - Runtimes: default - Default Runtime: default - Security Options: apparmor seccomp - Kernel Version: 4.4.0-21-generic - Operating System: Ubuntu 16.04 LTS + Orchestration: + Task History Retention Limit: 5 + Raft: + Snapshot Interval: 10000 + Number of Old Snapshots to Retain: 0 + Heartbeat Tick: 1 + Election Tick: 3 + Dispatcher: + Heartbeat Period: 5 seconds + CA Configuration: + Expiry Duration: 3 months + Node Address: 172.16.66.128 172.16.66.129 + Manager Addresses: + 172.16.66.128:2477 + Runtimes: runc + Default Runtime: runc + Init Binary: docker-init + containerd version: 8517738ba4b82aff5662c97ca4627e7e4d03b531 + runc version: ac031b5bf1cc92239461125f4c1ffb760522bbf2 + init version: N/A (expected: v0.13.0) + Security Options: + apparmor + seccomp + Profile: default + Kernel Version: 4.4.0-31-generic + Operating System: Ubuntu 16.04.1 LTS OSType: linux Architecture: x86_64 - CPUs: 24 - Total Memory: 62.86 GiB - Name: docker - ID: I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S + CPUs: 2 + Total Memory: 1.937 GiB + Name: ubuntu + ID: H52R:7ZR6:EIIA:76JG:ORIY:BVKF:GSFU:HNPG:B5MK:APSC:SZ3Q:N326 Docker Root Dir: /var/lib/docker - Debug mode (client): true - Debug mode (server): true - File Descriptors: 59 - Goroutines: 159 - System Time: 2016-04-26T10:04:06.14689342-04:00 + Debug Mode (client): true + Debug Mode (server): true + File Descriptors: 30 + Goroutines: 123 + System Time: 2016-11-12T17:24:37.955404361-08:00 EventsListeners: 0 - Http Proxy: http://test:test@localhost:8080 - Https Proxy: https://test:test@localhost:8080 + Http Proxy: http://proxy.example.com:80/ No Proxy: localhost,127.0.0.1,docker-registry.somecorporation.com - Username: svendowideit Registry: https://index.docker.io/v1/ WARNING: No swap limit support Labels: storage=ssd staging=true - Insecure registries: - myinsecurehost:5000 + Experimental: false + Insecure Registries: 127.0.0.0/8 + Live Restore Enabled: false + + The global `-D` option tells all `docker` commands to output debug information. From a5f302289b23d0a7c80997075e82610b65165053 Mon Sep 17 00:00:00 2001 From: Jonathan Boulle Date: Tue, 15 Nov 2016 14:59:47 +0900 Subject: [PATCH 334/398] man page: consistent indents for flag descriptions Signed-off-by: Jonathan Boulle --- dockerd.8.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/dockerd.8.md b/dockerd.8.md index f7fd23114945..3403f121213f 100644 --- a/dockerd.8.md +++ b/dockerd.8.md @@ -176,10 +176,10 @@ unix://[/path/to/socket] to use. Allow unrestricted inter\-container and Docker daemon host communication. If disabled, containers can still be linked together using the **--link** option (see **docker-run(1)**). Default is true. **--init** -Run an init process inside containers for signal forwarding and process reaping. + Run an init process inside containers for signal forwarding and process reaping. **--init-path** -Path to the docker-init binary. + Path to the docker-init binary. **--insecure-registry**=[] Enable insecure registry communication, i.e., enable un-encrypted and/or untrusted communication. @@ -239,7 +239,7 @@ is `hyperv`. Linux only supports `default`. Path to use for daemon PID file. Default is `/var/run/docker.pid` **--raw-logs** -Output daemon logs in full timestamp format without ANSI coloring. If this flag is not set, + Output daemon logs in full timestamp format without ANSI coloring. If this flag is not set, the daemon outputs condensed, colorized logs if a terminal is detected, or full ("raw") output otherwise. @@ -283,13 +283,13 @@ output otherwise. Default is false. **--userland-proxy**=*true*|*false* - Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is true. + Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is true. **--userland-proxy-path**="" Path to the userland proxy binary. **--userns-remap**=*default*|*uid:gid*|*user:group*|*user*|*uid* - Enable user namespaces for containers on the daemon. Specifying "default" will cause a new user and group to be created to handle UID and GID range remapping for the user namespace mappings used for contained processes. Specifying a user (or uid) and optionally a group (or gid) will cause the daemon to lookup the user and group's subordinate ID ranges for use as the user namespace mappings for contained processes. + Enable user namespaces for containers on the daemon. Specifying "default" will cause a new user and group to be created to handle UID and GID range remapping for the user namespace mappings used for contained processes. Specifying a user (or uid) and optionally a group (or gid) will cause the daemon to lookup the user and group's subordinate ID ranges for use as the user namespace mappings for contained processes. # STORAGE DRIVER OPTIONS From 215405254cdc4855086703f04adc7aff88632a1c Mon Sep 17 00:00:00 2001 From: bbayani Date: Mon, 14 Nov 2016 09:56:03 +0000 Subject: [PATCH 335/398] Updated daemon documentation to clarify that live-restore is not suppoted on windows Review comment implementation Signed-off-by: bbayani --- dockerd.8.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dockerd.8.md b/dockerd.8.md index 3403f121213f..2b464abc6b18 100644 --- a/dockerd.8.md +++ b/dockerd.8.md @@ -217,7 +217,7 @@ is `hyperv`. Linux only supports `default`. Set key=value labels to the daemon (displayed in `docker info`) **--live-restore**=*false* - Enable live restore of running containers when the daemon starts so that they are not restarted. + Enable live restore of running containers when the daemon starts so that they are not restarted. This option is applicable only for docker daemon running on Linux host. **--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*" Default driver for container logs. Default is `json-file`. From 8deaff111f498cc6cd1e5ccd38c6fed142e81bb0 Mon Sep 17 00:00:00 2001 From: Jonathan Boulle Date: Tue, 15 Nov 2016 22:46:25 +0900 Subject: [PATCH 336/398] man/docker: wrap lines consistently Quite a few changes, as it seems like previous wrapping was done manually, so it's all over the place. As noted in #28424 Signed-off-by: Jonathan Boulle --- dockerd.8.md | 256 +++++++++++++++++++++++++++++---------------------- 1 file changed, 145 insertions(+), 111 deletions(-) diff --git a/dockerd.8.md b/dockerd.8.md index 2b464abc6b18..dbd68e5f64f4 100644 --- a/dockerd.8.md +++ b/dockerd.8.md @@ -71,13 +71,13 @@ dockerd - Enable daemon mode [**--userns-remap**[=*default*]] # DESCRIPTION -**dockerd** is used for starting the Docker daemon(i.e., to command the daemon to manage images, -containers etc.) So **dockerd** is a server, as a daemon. +**dockerd** is used for starting the Docker daemon (i.e., to command the daemon +to manage images, containers etc). So **dockerd** is a server, as a daemon. To run the Docker daemon you can specify **dockerd**. You can check the daemon options using **dockerd --help**. -Daemon options should be specified after the **dockerd** keyword in the following -format. +Daemon options should be specified after the **dockerd** keyword in the +following format. **dockerd [OPTIONS]** @@ -87,27 +87,31 @@ format. Set additional OCI compatible runtime. **--api-cors-header**="" - Set CORS headers in the remote API. Default is cors disabled. Give urls like "http://foo, http://bar, ...". Give "*" to allow all. + Set CORS headers in the remote API. Default is cors disabled. Give urls like + "http://foo, http://bar, ...". Give "*" to allow all. **--authorization-plugin**="" Set authorization plugins to load **-b**, **--bridge**="" - Attach containers to a pre\-existing network bridge; use 'none' to disable container networking + Attach containers to a pre\-existing network bridge; use 'none' to disable + container networking **--bip**="" - Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of \-b + Use the provided CIDR notation address for the dynamically created bridge + (docker0); Mutually exclusive of \-b **--cgroup-parent**="" - Set parent cgroup for all containers. Default is "/docker" for fs cgroup driver and "system.slice" for systemd cgroup driver. + Set parent cgroup for all containers. Default is "/docker" for fs cgroup + driver and "system.slice" for systemd cgroup driver. **--cluster-store**="" URL of the distributed storage backend **--cluster-advertise**="" - Specifies the 'host:port' or `interface:port` combination that this particular - daemon instance should use when advertising itself to the cluster. The daemon - is reached through this value. + Specifies the 'host:port' or `interface:port` combination that this + particular daemon instance should use when advertising itself to the cluster. + The daemon is reached through this value. **--cluster-store-opt**="" Specifies options for the Key/Value store. @@ -122,7 +126,8 @@ format. Enable debug mode. Default is false. **--default-gateway**="" - IPv4 address of the container default gateway; this address must be part of the bridge subnet (which is defined by \-b or \--bip) + IPv4 address of the container default gateway; this address must be part of + the bridge subnet (which is defined by \-b or \--bip) **--default-gateway-v6**="" IPv6 address of the container default gateway @@ -146,13 +151,15 @@ format. Set runtime execution options. See RUNTIME EXECUTION OPTIONS. **--exec-root**="" - Path to use as the root of the Docker execution state files. Default is `/var/run/docker`. + Path to use as the root of the Docker execution state files. Default is + `/var/run/docker`. **--experimental**="" Enable the daemon experimental features. **--fixed-cidr**="" - IPv4 subnet for fixed IPs (e.g., 10.20.0.0/16); this subnet must be nested in the bridge subnet (which is defined by \-b or \-\-bip) + IPv4 subnet for fixed IPs (e.g., 10.20.0.0/16); this subnet must be nested in + the bridge subnet (which is defined by \-b or \-\-bip). **--fixed-cidr-v6**="" IPv6 subnet for global IPv6 addresses (e.g., 2a00:1450::/64) @@ -173,28 +180,46 @@ unix://[/path/to/socket] to use. Print usage statement **--icc**=*true*|*false* - Allow unrestricted inter\-container and Docker daemon host communication. If disabled, containers can still be linked together using the **--link** option (see **docker-run(1)**). Default is true. + Allow unrestricted inter\-container and Docker daemon host communication. If + disabled, containers can still be linked together using the **--link** option + (see **docker-run(1)**). Default is true. **--init** - Run an init process inside containers for signal forwarding and process reaping. + Run an init process inside containers for signal forwarding and process + reaping. **--init-path** Path to the docker-init binary. **--insecure-registry**=[] - Enable insecure registry communication, i.e., enable un-encrypted and/or untrusted communication. + Enable insecure registry communication, i.e., enable un-encrypted and/or + untrusted communication. - List of insecure registries can contain an element with CIDR notation to specify a whole subnet. Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs. + List of insecure registries can contain an element with CIDR notation to + specify a whole subnet. Insecure registries accept HTTP and/or accept HTTPS + with certificates from unknown CAs. - Enabling `--insecure-registry` is useful when running a local registry. However, because its use creates security vulnerabilities it should ONLY be enabled for testing purposes. For increased security, users should add their CA to their system's list of trusted CAs instead of using `--insecure-registry`. + Enabling `--insecure-registry` is useful when running a local registry. + However, because its use creates security vulnerabilities it should ONLY be + enabled for testing purposes. For increased security, users should add their + CA to their system's list of trusted CAs instead of using + `--insecure-registry`. **--ip**="" Default IP address to use when binding container ports. Default is `0.0.0.0`. **--ip-forward**=*true*|*false* - Enables IP forwarding on the Docker host. The default is `true`. This flag interacts with the IP forwarding setting on your host system's kernel. If your system has IP forwarding disabled, this setting enables it. If your system has IP forwarding enabled, setting this flag to `--ip-forward=false` has no effect. - - This setting will also enable IPv6 forwarding if you have both `--ip-forward=true` and `--fixed-cidr-v6` set. Note that this may reject Router Advertisements and interfere with the host's existing IPv6 configuration. For more information, please consult the documentation about "Advanced Networking - IPv6". + Enables IP forwarding on the Docker host. The default is `true`. This flag + interacts with the IP forwarding setting on your host system's kernel. If + your system has IP forwarding disabled, this setting enables it. If your + system has IP forwarding enabled, setting this flag to `--ip-forward=false` + has no effect. + + This setting will also enable IPv6 forwarding if you have both + `--ip-forward=true` and `--fixed-cidr-v6` set. Note that this may reject + Router Advertisements and interfere with the host's existing IPv6 + configuration. For more information, please consult the documentation about + "Advanced Networking - IPv6". **--ip-masq**=*true*|*false* Enable IP masquerading for bridge's IP range. Default is true. @@ -203,12 +228,18 @@ unix://[/path/to/socket] to use. Enable Docker's addition of iptables rules. Default is true. **--ipv6**=*true*|*false* - Enable IPv6 support. Default is false. Docker will create an IPv6-enabled bridge with address fe80::1 which will allow you to create IPv6-enabled containers. Use together with `--fixed-cidr-v6` to provide globally routable IPv6 addresses. IPv6 forwarding will be enabled if not used with `--ip-forward=false`. This may collide with your host's current IPv6 settings. For more information please consult the documentation about "Advanced Networking - IPv6". + Enable IPv6 support. Default is false. Docker will create an IPv6-enabled + bridge with address fe80::1 which will allow you to create IPv6-enabled + containers. Use together with `--fixed-cidr-v6` to provide globally routable + IPv6 addresses. IPv6 forwarding will be enabled if not used with + `--ip-forward=false`. This may collide with your host's current IPv6 + settings. For more information please consult the documentation about + "Advanced Networking - IPv6". **--isolation**="*default*" - Isolation specifies the type of isolation technology used by containers. Note -that the default on Windows server is `process`, and the default on Windows client -is `hyperv`. Linux only supports `default`. + Isolation specifies the type of isolation technology used by containers. + Note that the default on Windows server is `process`, and the default on + Windows client is `hyperv`. Linux only supports `default`. **-l**, **--log-level**="*debug*|*info*|*warn*|*error*|*fatal*" Set the logging level. Default is `info`. @@ -217,7 +248,9 @@ is `hyperv`. Linux only supports `default`. Set key=value labels to the daemon (displayed in `docker info`) **--live-restore**=*false* - Enable live restore of running containers when the daemon starts so that they are not restarted. This option is applicable only for docker daemon running on Linux host. + Enable live restore of running containers when the daemon starts so that they + are not restarted. This option is applicable only for docker daemon running + on Linux host. **--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*" Default driver for container logs. Default is `json-file`. @@ -239,12 +272,13 @@ is `hyperv`. Linux only supports `default`. Path to use for daemon PID file. Default is `/var/run/docker.pid` **--raw-logs** - Output daemon logs in full timestamp format without ANSI coloring. If this flag is not set, -the daemon outputs condensed, colorized logs if a terminal is detected, or full ("raw") -output otherwise. + Output daemon logs in full timestamp format without ANSI coloring. If this + flag is not set, the daemon outputs condensed, colorized logs if a terminal + is detected, or full ("raw") output otherwise. **--registry-mirror**=*://* - Prepend a registry mirror to be used for image pulls. May be specified multiple times. + Prepend a registry mirror to be used for image pulls. May be specified + multiple times. **-s**, **--storage-driver**="" Force the Docker runtime to use a specific storage driver. @@ -262,9 +296,10 @@ output otherwise. Set storage driver options. See STORAGE DRIVER OPTIONS. **--swarm-default-advertise-addr**=*IP|INTERFACE* - Set default address or interface for swarm to advertise as its externally-reachable address to other cluster - members. This can be a hostname, an IP address, or an interface such as `eth0`. A port cannot be specified with - this option. + Set default address or interface for swarm to advertise as its + externally-reachable address to other cluster members. This can be a + hostname, an IP address, or an interface such as `eth0`. A port cannot be + specified with this option. **--tls**=*true*|*false* Use TLS; implied by --tlsverify. Default is false. @@ -283,13 +318,19 @@ output otherwise. Default is false. **--userland-proxy**=*true*|*false* - Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is true. + Rely on a userland proxy implementation for inter-container and + outside-to-container loopback communications. Default is true. **--userland-proxy-path**="" Path to the userland proxy binary. **--userns-remap**=*default*|*uid:gid*|*user:group*|*user*|*uid* - Enable user namespaces for containers on the daemon. Specifying "default" will cause a new user and group to be created to handle UID and GID range remapping for the user namespace mappings used for contained processes. Specifying a user (or uid) and optionally a group (or gid) will cause the daemon to lookup the user and group's subordinate ID ranges for use as the user namespace mappings for contained processes. + Enable user namespaces for containers on the daemon. Specifying "default" + will cause a new user and group to be created to handle UID and GID range + remapping for the user namespace mappings used for contained processes. + Specifying a user (or uid) and optionally a group (or gid) will cause the + daemon to lookup the user and group's subordinate ID ranges for use as the + user namespace mappings for contained processes. # STORAGE DRIVER OPTIONS @@ -402,8 +443,8 @@ exits. For example, when a container exits, its associated thin device is removed. If that device has leaked into some other mount namespace and can't be removed, the container exit still succeeds and this option causes the system to schedule -the device for deferred removal. It does not wait in a loop trying to remove a busy -device. +the device for deferred removal. It does not wait in a loop trying to remove a +busy device. Example use: `dockerd --storage-opt dm.use_deferred_removal=true` @@ -431,23 +472,23 @@ namespaces. #### dm.loopdatasize -**Note**: This option configures devicemapper loopback, which should not be used in production. +**Note**: This option configures devicemapper loopback, which should not be +used in production. -Specifies the size to use when creating the loopback file for the -"data" device which is used for the thin pool. The default size is -100G. The file is sparse, so it will not initially take up -this much space. +Specifies the size to use when creating the loopback file for the "data" device +which is used for the thin pool. The default size is 100G. The file is sparse, +so it will not initially take up this much space. Example use: `dockerd --storage-opt dm.loopdatasize=200G` #### dm.loopmetadatasize -**Note**: This option configures devicemapper loopback, which should not be used in production. +**Note**: This option configures devicemapper loopback, which should not be +used in production. -Specifies the size to use when creating the loopback file for the -"metadata" device which is used for the thin pool. The default size -is 2G. The file is sparse, so it will not initially take up -this much space. +Specifies the size to use when creating the loopback file for the "metadata" +device which is used for the thin pool. The default size is 2G. The file is +sparse, so it will not initially take up this much space. Example use: `dockerd --storage-opt dm.loopmetadatasize=4G` @@ -455,17 +496,16 @@ Example use: `dockerd --storage-opt dm.loopmetadatasize=4G` (Deprecated, use `dm.thinpooldev`) -Specifies a custom blockdevice to use for data for a -Docker-managed thin pool. It is better to use `dm.thinpooldev` - see -the documentation for it above for discussion of the advantages. +Specifies a custom blockdevice to use for data for a Docker-managed thin pool. +It is better to use `dm.thinpooldev` - see the documentation for it above for +discussion of the advantages. #### dm.metadatadev (Deprecated, use `dm.thinpooldev`) -Specifies a custom blockdevice to use for metadata for a -Docker-managed thin pool. See `dm.datadev` for why this is -deprecated. +Specifies a custom blockdevice to use for metadata for a Docker-managed thin +pool. See `dm.datadev` for why this is deprecated. #### dm.blocksize @@ -476,24 +516,22 @@ Example use: `dockerd --storage-opt dm.blocksize=512K` #### dm.blkdiscard -Enables or disables the use of `blkdiscard` when removing devicemapper -devices. This is disabled by default due to the additional latency, -but as a special case with loopback devices it will be enabled, in -order to re-sparsify the loopback file on image/container removal. +Enables or disables the use of `blkdiscard` when removing devicemapper devices. +This is disabled by default due to the additional latency, but as a special +case with loopback devices it will be enabled, in order to re-sparsify the +loopback file on image/container removal. -Disabling this on loopback can lead to *much* faster container removal -times, but it also prevents the space used in `/var/lib/docker` directory -from being returned to the system for other use when containers are -removed. +Disabling this on loopback can lead to *much* faster container removal times, +but it also prevents the space used in `/var/lib/docker` directory from being +returned to the system for other use when containers are removed. Example use: `dockerd --storage-opt dm.blkdiscard=false` #### dm.override_udev_sync_check -By default, the devicemapper backend attempts to synchronize with the -`udev` device manager for the Linux kernel. This option allows -disabling that synchronization, to continue even though the -configuration may be buggy. +By default, the devicemapper backend attempts to synchronize with the `udev` +device manager for the Linux kernel. This option allows disabling that +synchronization, to continue even though the configuration may be buggy. To view the `udev` sync support of a Docker daemon that is using the `devicemapper` driver, run: @@ -506,10 +544,9 @@ To view the `udev` sync support of a Docker daemon that is using the When `udev` sync support is `true`, then `devicemapper` and `udev` can coordinate the activation and deactivation of devices for containers. -When `udev` sync support is `false`, a race condition occurs between -the `devicemapper` and `udev` during create and cleanup. The race -condition results in errors and failures. (For information on these -failures, see +When `udev` sync support is `false`, a race condition occurs between the +`devicemapper` and `udev` during create and cleanup. The race condition results +in errors and failures. (For information on these failures, see [docker#4036](https://github.com/docker/docker/issues/4036)) To allow the `docker` daemon to start, regardless of whether `udev` sync is @@ -517,15 +554,14 @@ To allow the `docker` daemon to start, regardless of whether `udev` sync is $ dockerd --storage-opt dm.override_udev_sync_check=true -When this value is `true`, the driver continues and simply warns you -the errors are happening. +When this value is `true`, the driver continues and simply warns you the errors +are happening. -**Note**: The ideal is to pursue a `docker` daemon and environment -that does support synchronizing with `udev`. For further discussion on -this topic, see +**Note**: The ideal is to pursue a `docker` daemon and environment that does +support synchronizing with `udev`. For further discussion on this topic, see [docker#4036](https://github.com/docker/docker/issues/4036). -Otherwise, set this flag for migrating existing Docker daemons to a -daemon with a supported environment. +Otherwise, set this flag for migrating existing Docker daemons to a daemon with +a supported environment. #### dm.min_free_space @@ -536,14 +572,13 @@ free space checking logic. If user does not specify a value for this option, the Engine uses a default value of 10%. Whenever a new a thin pool device is created (during `docker pull` or during -container creation), the Engine checks if the minimum free space is -available. If the space is unavailable, then device creation fails and any -relevant `docker` operation fails. +container creation), the Engine checks if the minimum free space is available. +If the space is unavailable, then device creation fails and any relevant +`docker` operation fails. To recover from this error, you must create more free space in the thin pool to -recover from the error. You can create free space by deleting some images -and containers from tge thin pool. You can also add -more storage to the thin pool. +recover from the error. You can create free space by deleting some images and +containers from tge thin pool. You can also add more storage to the thin pool. To add more space to an LVM (logical volume management) thin pool, just add more storage to the group container thin pool; this should automatically @@ -555,13 +590,13 @@ Example use:: `dockerd --storage-opt dm.min_free_space=10%` #### dm.xfs_nospace_max_retries -Specifies the maximum number of retries XFS should attempt to complete -IO when ENOSPC (no space) error is returned by underlying storage device. +Specifies the maximum number of retries XFS should attempt to complete IO when +ENOSPC (no space) error is returned by underlying storage device. -By default XFS retries infinitely for IO to finish and this can result -in unkillable process. To change this behavior one can set -xfs_nospace_max_retries to say 0 and XFS will not retry IO after getting -ENOSPC and will shutdown filesystem. +By default XFS retries infinitely for IO to finish and this can result in +unkillable process. To change this behavior one can set xfs_nospace_max_retries +to say 0 and XFS will not retry IO after getting ENOSPC and will shutdown +filesystem. Example use: @@ -572,9 +607,9 @@ Example use: #### zfs.fsname -Set zfs filesystem under which docker will create its own datasets. -By default docker will pick up the zfs filesystem where docker graph -(`/var/lib/docker`) is located. +Set zfs filesystem under which docker will create its own datasets. By default +docker will pick up the zfs filesystem where docker graph (`/var/lib/docker`) +is located. Example use: `dockerd -s zfs --storage-opt zfs.fsname=zroot/docker` @@ -582,20 +617,19 @@ Example use: `dockerd -s zfs --storage-opt zfs.fsname=zroot/docker` #### btrfs.min_space -Specifies the mininum size to use when creating the subvolume which is used -for containers. If user uses disk quota for btrfs when creating or running -a container with **--storage-opt size** option, docker should ensure the -**size** cannot be smaller than **btrfs.min_space**. +Specifies the mininum size to use when creating the subvolume which is used for +containers. If user uses disk quota for btrfs when creating or running a +container with **--storage-opt size** option, docker should ensure the **size** +cannot be smaller than **btrfs.min_space**. Example use: `docker daemon -s btrfs --storage-opt btrfs.min_space=10G` # CLUSTER STORE OPTIONS -The daemon uses libkv to advertise -the node within the cluster. Some Key/Value backends support mutual -TLS, and the client TLS settings used by the daemon can be configured -using the **--cluster-store-opt** flag, specifying the paths to PEM encoded -files. +The daemon uses libkv to advertise the node within the cluster. Some Key/Value +backends support mutual TLS, and the client TLS settings used by the daemon can +be configured using the **--cluster-store-opt** flag, specifying the paths to +PEM encoded files. #### kv.cacertfile @@ -604,19 +638,19 @@ Specifies the path to a local file with PEM encoded CA certificates to trust #### kv.certfile Specifies the path to a local file with a PEM encoded certificate. This -certificate is used as the client cert for communication with the -Key/Value store. +certificate is used as the client cert for communication with the Key/Value +store. #### kv.keyfile Specifies the path to a local file with a PEM encoded private key. This -private key is used as the client key for communication with the -Key/Value store. +private key is used as the client key for communication with the Key/Value +store. # Access authorization -Docker's access authorization can be extended by authorization plugins that your -organization can purchase or build themselves. You can install one or more +Docker's access authorization can be extended by authorization plugins that +your organization can purchase or build themselves. You can install one or more authorization plugins when you start the Docker `daemon` using the `--authorization-plugin=PLUGIN_ID` option. @@ -624,10 +658,10 @@ authorization plugins when you start the Docker `daemon` using the dockerd --authorization-plugin=plugin1 --authorization-plugin=plugin2,... ``` -The `PLUGIN_ID` value is either the plugin's name or a path to its specification -file. The plugin's implementation determines whether you can specify a name or -path. Consult with your Docker administrator to get information about the -plugins available to you. +The `PLUGIN_ID` value is either the plugin's name or a path to its +specification file. The plugin's implementation determines whether you can +specify a name or path. Consult with your Docker administrator to get +information about the plugins available to you. Once a plugin is installed, requests made to the `daemon` through the command line or Docker's remote API are allowed or denied by the plugin. If you have From 91f407242fc09cd4b1df7df35c0263ef275fa153 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Wed, 16 Nov 2016 15:26:29 +0100 Subject: [PATCH 337/398] Update stats cli reference documentation Signed-off-by: Vincent Demeester --- docker-stats.1.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-stats.1.md b/docker-stats.1.md index 6c1c7bb36516..0f022cd412bf 100644 --- a/docker-stats.1.md +++ b/docker-stats.1.md @@ -30,6 +30,8 @@ Display a live stream of one or more containers' resource usage statistics Pretty-print containers statistics using a Go template. Valid placeholders: .Container - Container name or ID. + .Name - Container name. + .ID - Container ID. .CPUPerc - CPU percentage. .MemUsage - Memory usage. .NetIO - Network IO. From 86aab64bcdfabfc354cdb584331c1874b80fd89a Mon Sep 17 00:00:00 2001 From: allencloud Date: Fri, 18 Nov 2016 15:51:36 +0800 Subject: [PATCH 338/398] fix typo Signed-off-by: allencloud --- docker-run.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-run.1.md b/docker-run.1.md index 5224895c91df..061f509c276e 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -907,7 +907,7 @@ should fix the problem. ## Mapping Ports for External Usage The exposed port of an application can be mapped to a host port using the **-p** -flag. For example, a httpd port 80 can be mapped to the host port 8080 using the +flag. For example, an httpd port 80 can be mapped to the host port 8080 using the following: # docker run -p 8080:80 -d -i -t fedora/httpd From 720e21dc9877d7ee4a5e906b9f0cf0e459899789 Mon Sep 17 00:00:00 2001 From: Boaz Shuster Date: Sun, 13 Nov 2016 10:28:25 +0200 Subject: [PATCH 339/398] Change the docker-tag usage text to be clearer Signed-off-by: Boaz Shuster --- docker-tag.1.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-tag.1.md b/docker-tag.1.md index 9bb252aef083..7f27e1b0e153 100644 --- a/docker-tag.1.md +++ b/docker-tag.1.md @@ -2,12 +2,12 @@ % Docker Community % JUNE 2014 # NAME -docker-tag - Tag an image into a repository +docker-tag - Create a tag `TARGET_IMAGE` that refers to `SOURCE_IMAGE` # SYNOPSIS **docker tag** [**--help**] -NAME[:TAG] NAME[:TAG] +SOURCE_NAME[:TAG] TARGET_NAME[:TAG] # DESCRIPTION Assigns a new alias to an image in a registry. An alias refers to the From 6199f76db500eb0eefcc8342a2b2114b70d1ee1f Mon Sep 17 00:00:00 2001 From: Ben Firshman Date: Tue, 15 Nov 2016 19:45:20 +0000 Subject: [PATCH 340/398] Rename Remote API to Engine API Implementation of https://github.com/docker/docker/issues/28319 Signed-off-by: Ben Firshman --- dockerd.8.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dockerd.8.md b/dockerd.8.md index dbd68e5f64f4..f99e7a7cab33 100644 --- a/dockerd.8.md +++ b/dockerd.8.md @@ -87,7 +87,7 @@ following format. Set additional OCI compatible runtime. **--api-cors-header**="" - Set CORS headers in the remote API. Default is cors disabled. Give urls like + Set CORS headers in the Engine API. Default is cors disabled. Give urls like "http://foo, http://bar, ...". Give "*" to allow all. **--authorization-plugin**="" @@ -664,7 +664,7 @@ specify a name or path. Consult with your Docker administrator to get information about the plugins available to you. Once a plugin is installed, requests made to the `daemon` through the command -line or Docker's remote API are allowed or denied by the plugin. If you have +line or Docker's Engine API are allowed or denied by the plugin. If you have multiple plugins installed, at least one must allow the request for it to complete. From f2afbb4d43c68e79de5ae467c7c33a60fca4c0bd Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Wed, 23 Nov 2016 17:20:12 +0100 Subject: [PATCH 341/398] Update docker info cli reference documentation Signed-off-by: Vincent Demeester --- docker-info.1.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docker-info.1.md b/docker-info.1.md index 5ac54848e444..bb7a8fb4c20e 100644 --- a/docker-info.1.md +++ b/docker-info.1.md @@ -103,7 +103,8 @@ storage driver: Goroutines: 123 System Time: 2016-11-12T17:24:37.955404361-08:00 EventsListeners: 0 - Http Proxy: http://proxy.example.com:80/ + Http Proxy: http://test:test@proxy.example.com:8080 + Https Proxy: https://test:test@proxy.example.com:8080 No Proxy: localhost,127.0.0.1,docker-registry.somecorporation.com Registry: https://index.docker.io/v1/ WARNING: No swap limit support @@ -113,6 +114,9 @@ storage driver: Experimental: false Insecure Registries: 127.0.0.0/8 + Registry Mirrors: + http://192.168.1.2/ + http://registry-mirror.example.com:5000/ Live Restore Enabled: false @@ -166,7 +170,7 @@ information about the devicemapper storage driver is shown: Docker Root Dir: /var/lib/docker Debug mode (client): false Debug mode (server): false - Username: xyz + Username: gordontheturtle Registry: https://index.docker.io/v1/ Insecure registries: myinsecurehost:5000 From c1d8219a0ef486a9333f4a71616ff7e34b51bbf5 Mon Sep 17 00:00:00 2001 From: William Henry Date: Tue, 22 Nov 2016 17:24:17 -0700 Subject: [PATCH 342/398] Added and example of using --format with docker images Docker-DCO-1.1-Signed-off-by: William Henry (github: ipbabble) Signed-off-by: William Henry --- docker-images.1.md | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/docker-images.1.md b/docker-images.1.md index bfe31316dca1..d7958d0dc4ac 100644 --- a/docker-images.1.md +++ b/docker-images.1.md @@ -103,6 +103,43 @@ which displayed different visualizations of the image data. Docker core removed this functionality in the 1.7 version. If you liked this functionality, you can still find it in the third-party dockviz tool: https://github.com/justone/dockviz. +## Listing images in a desired format + +When using the --format option, the image command will either output the data +exactly as the template declares or, when using the `table` directive, will +include column headers as well. You can use special characters like `\t` for +inserting tab spacing between columns. + +The following example uses a template without headers and outputs the ID and +Repository entries separated by a colon for all images: + + docker images --format "{{.ID}}: {{.Repository}}" + 77af4d6b9913: + b6fa739cedf5: committ + 78a85c484bad: ipbabble + 30557a29d5ab: docker + 5ed6274db6ce: + 746b819f315e: postgres + 746b819f315e: postgres + 746b819f315e: postgres + 746b819f315e: postgres + +To list all images with their repository and tag in a table format you can use: + + docker images --format "table {{.ID}}\t{{.Repository}}\t{{.Tag}}" + IMAGE ID REPOSITORY TAG + 77af4d6b9913 + b6fa739cedf5 committ latest + 78a85c484bad ipbabble + 30557a29d5ab docker latest + 5ed6274db6ce + 746b819f315e postgres 9 + 746b819f315e postgres 9.3 + 746b819f315e postgres 9.3.5 + 746b819f315e postgres latest + +Valid template placeholders are listed above. + ## Listing only the shortened image IDs Listing just the shortened image IDs. This can be useful for some automated From 37ce4df488d075eb54b77e992dc204455c4e403f Mon Sep 17 00:00:00 2001 From: dattatrayakumbhar04 Date: Fri, 18 Nov 2016 20:46:10 +0000 Subject: [PATCH 343/398] 28600: Docs: network connect for container in Created/Stopped state Signed-off-by: dattatrayakumbhar04 --- docker-network-connect.1.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/docker-network-connect.1.md b/docker-network-connect.1.md index d6ee15939117..9cc012ea4f7b 100644 --- a/docker-network-connect.1.md +++ b/docker-network-connect.1.md @@ -24,11 +24,8 @@ You can also use the `docker run --net=` option to start a contain ```bash $ docker run -itd --net=multi-host-network --ip 172.20.88.22 --ip6 2001:db8::8822 busybox ``` - You can pause, restart, and stop containers that are connected to a network. -Paused containers remain connected and can be revealed by a `network inspect`. -When the container is stopped, it does not appear on the network until you restart -it. +A container connects to its configured networks when it runs. If specified, the container's IP address(es) is reapplied when a stopped container is restarted. If the IP address is no longer available, the container From f021af3513cf0ccf68d0348784e06bde96b687fa Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Fri, 25 Nov 2016 12:38:30 +0000 Subject: [PATCH 344/398] cli: remove `--mount` from `docker run` This commit reverts 273eeb813c1db0f42c2ad5e053972eeb00907568 (#26825). For the discussion so far, please refer to #28527. Signed-off-by: Akihiro Suda --- docker-create.1.md | 1 - docker-run.1.md | 1 - 2 files changed, 2 deletions(-) diff --git a/docker-create.1.md b/docker-create.1.md index 8bb162c2c3c0..a819904efa71 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -56,7 +56,6 @@ docker-create - Create a new container [**--memory-reservation**[=*MEMORY-RESERVATION*]] [**--memory-swap**[=*LIMIT*]] [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] -[**--mount**[=*MOUNT*]] [**--name**[=*NAME*]] [**--network-alias**[=*[]*]] [**--network**[=*"bridge"*]] diff --git a/docker-run.1.md b/docker-run.1.md index 061f509c276e..a0cbd2ba630d 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -58,7 +58,6 @@ docker-run - Run a command in a new container [**--memory-reservation**[=*MEMORY-RESERVATION*]] [**--memory-swap**[=*LIMIT*]] [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] -[**--mount**[=*MOUNT*]] [**--name**[=*NAME*]] [**--network-alias**[=*[]*]] [**--network**[=*"bridge"*]] From ae04459068f99b99a157fa26a96e461407346b3d Mon Sep 17 00:00:00 2001 From: yupeng Date: Sat, 26 Nov 2016 17:11:19 +0800 Subject: [PATCH 345/398] fix the mistake of present Signed-off-by: yupeng --- docker-run.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-run.1.md b/docker-run.1.md index a0cbd2ba630d..eb5eb9dea096 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -988,7 +988,7 @@ You would have to write policy defining a `svirt_apache_t` type. If you want to set `/dev/sda` device weight to `200`, you can specify the device weight by `--blkio-weight-device` flag. Use the following command: - # docker run -it --blkio-weight-device "/dev/sda:200" ubuntu + # docker run -it --blkio-weight-device "/dev/sda:200" ubuntu ## Specify isolation technology for container (--isolation) From c5c4243cfc3652a0df8220f361d41c39c093e1d6 Mon Sep 17 00:00:00 2001 From: lixiaobing10051267 Date: Wed, 30 Nov 2016 16:48:39 +0800 Subject: [PATCH 346/398] modify some urls related to reference path Signed-off-by: lixiaobing10051267 --- docker-build.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-build.1.md b/docker-build.1.md index 32caaafc74e4..aef3414879ac 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -83,7 +83,7 @@ set as the **URL**, the repository is cloned locally and then sent as the contex Users pass these values at build-time. Docker uses the `buildargs` as the environment context for command(s) run via the Dockerfile's `RUN` instruction or for variable expansion in other Dockerfile instructions. This is not meant - for passing secret values. [Read more about the buildargs instruction](/reference/builder/#arg) + for passing secret values. [Read more about the buildargs instruction](https://docs.docker.com/engine/reference/builder/#arg) **--force-rm**=*true*|*false* Always remove intermediate containers, even after unsuccessful builds. The default is *false*. From d0db94e4ff00d73db9eeff7aa75bea6fe4d1cc8c Mon Sep 17 00:00:00 2001 From: lixiaobing10051267 Date: Thu, 1 Dec 2016 19:35:27 +0800 Subject: [PATCH 347/398] rectify several wrong URLs in branch of man Signed-off-by: lixiaobing10051267 --- docker-login.1.md | 2 +- docker-pause.1.md | 2 +- docker-unpause.1.md | 2 +- docker-version.1.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docker-login.1.md b/docker-login.1.md index 6bb0355946cc..c0d4f795db39 100644 --- a/docker-login.1.md +++ b/docker-login.1.md @@ -20,7 +20,7 @@ do not specify a `SERVER`, the command uses Docker's public registry located at `docker login` requires user to use `sudo` or be `root`, except when: 1. connecting to a remote daemon, such as a `docker-machine` provisioned `docker engine`. -2. user is added to the `docker` group. This will impact the security of your system; the `docker` group is `root` equivalent. See [Docker Daemon Attack Surface](https://docs.docker.com/articles/security/#docker-daemon-attack-surface) for details. +2. user is added to the `docker` group. This will impact the security of your system; the `docker` group is `root` equivalent. See [Docker Daemon Attack Surface](https://docs.docker.com/engine/articles/security/#docker-daemon-attack-surface) for details. You can log into any public or private repository for which you have credentials. When you log in, the command stores encoded credentials in diff --git a/docker-pause.1.md b/docker-pause.1.md index ffc3b35ca02d..1f7d81e749a2 100644 --- a/docker-pause.1.md +++ b/docker-pause.1.md @@ -18,7 +18,7 @@ that it is being suspended, and subsequently resumed. On Windows, only Hyper-V containers can be paused. See the [cgroups freezer documentation] -(https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) for +(https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt) for further details. # OPTIONS diff --git a/docker-unpause.1.md b/docker-unpause.1.md index 8c64e68de6a8..f1ea14bbe2bc 100644 --- a/docker-unpause.1.md +++ b/docker-unpause.1.md @@ -14,7 +14,7 @@ The `docker unpause` command un-suspends all processes in a container. On Linux, it does this using the cgroups freezer. See the [cgroups freezer documentation] -(https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) for +(https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt) for further details. # OPTIONS diff --git a/docker-version.1.md b/docker-version.1.md index bb521c4eed6c..1838f820521b 100644 --- a/docker-version.1.md +++ b/docker-version.1.md @@ -59,4 +59,4 @@ To view all available fields, you can use the format `{{json .}}`. # HISTORY June 2014, updated by Sven Dowideit June 2015, updated by John Howard -June 2015, updated by Patrick Hemmer From d61f48bead1533ad98b73139e72658348481f968 Mon Sep 17 00:00:00 2001 From: lixiaobing10051267 Date: Thu, 8 Dec 2016 16:57:27 +0800 Subject: [PATCH 348/398] add SCOPE field content for docker network ls Signed-off-by: lixiaobing10051267 --- docker-network-ls.1.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docker-network-ls.1.md b/docker-network-ls.1.md index 4166ba967ae8..f319e66035a0 100644 --- a/docker-network-ls.1.md +++ b/docker-network-ls.1.md @@ -19,11 +19,11 @@ networks that span across multiple hosts in a cluster, for example: ```bash $ docker network ls - NETWORK ID NAME DRIVER - 7fca4eb8c647 bridge bridge - 9f904ee27bf5 none null - cf03ee007fb4 host host - 78b03ee04fc4 multi-host overlay + NETWORK ID NAME DRIVER SCOPE + 7fca4eb8c647 bridge bridge local + 9f904ee27bf5 none null local + cf03ee007fb4 host host local + 78b03ee04fc4 multi-host overlay swarm ``` Use the `--no-trunc` option to display the full network id: From b334e25e874b929a156ed8ab9f0b95721dd1777c Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Fri, 9 Dec 2016 23:15:26 +0800 Subject: [PATCH 349/398] Update the option 'network' for docker build Signed-off-by: yuexiao-wang --- docker-build.1.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docker-build.1.md b/docker-build.1.md index aef3414879ac..e41e378cb21f 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -2,7 +2,7 @@ % Docker Community % JUNE 2014 # NAME -docker-build - Build a new image from the source code at PATH +docker-build - Build an image from a Dockerfile # SYNOPSIS **docker build** @@ -130,7 +130,9 @@ set as the **URL**, the repository is cloned locally and then sent as the contex unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. **--network**=*NETWORK* - + Set the networking mode for the RUN instructions during build. Supported standard + values are: `bridge`, `host`, `none` and `container:`. Any other value + is taken as a custom network's name or ID which this container should connect to. **--shm-size**=*SHM-SIZE* Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. From 06a586d2ef98d5090078727adfc3003fe1b388f7 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Wed, 14 Dec 2016 03:58:02 +0800 Subject: [PATCH 350/398] Fix the incorrect option name Signed-off-by: yuexiao-wang --- docker-build.1.md | 2 +- docker-create.1.md | 8 ++++---- docker-network-connect.1.md | 4 ++-- docker-network-create.1.md | 4 ++-- docker-run.1.md | 6 +++--- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/docker-build.1.md b/docker-build.1.md index e41e378cb21f..4beee88e4a08 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -129,7 +129,7 @@ set as the **URL**, the repository is cloned locally and then sent as the contex `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. -**--network**=*NETWORK* +**--network**=*bridge* Set the networking mode for the RUN instructions during build. Supported standard values are: `bridge`, `host`, `none` and `container:`. Any other value is taken as a custom network's name or ID which this container should connect to. diff --git a/docker-create.1.md b/docker-create.1.md index a819904efa71..3f8a076374c7 100644 --- a/docker-create.1.md +++ b/docker-create.1.md @@ -222,12 +222,12 @@ two memory nodes. **--ip**="" Sets the container's interface IPv4 address (e.g. 172.23.0.9) - It can only be used in conjunction with **--net** for user-defined networks + It can only be used in conjunction with **--network** for user-defined networks **--ip6**="" Sets the container's interface IPv6 address (e.g. 2001:db8::1b99) - It can only be used in conjunction with **--net** for user-defined networks + It can only be used in conjunction with **--network** for user-defined networks **--ipc**="" Default is to create a private IPC namespace (POSIX SysV IPC) for the container @@ -305,7 +305,7 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. **--name**="" Assign a name to the container -**--net**="*bridge*" +**--network**="*bridge*" Set the Network mode for the container 'bridge': create a network stack on the default Docker bridge 'none': no networking @@ -404,7 +404,7 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. Network Namespace - current sysctls allowed: Sysctls beginning with net.* - Note: if you use --net=host using these sysctls will not be allowed. + Note: if you use --network=host using these sysctls will not be allowed. **-t**, **--tty**=*true*|*false* Allocate a pseudo-TTY. The default is *false*. diff --git a/docker-network-connect.1.md b/docker-network-connect.1.md index 9cc012ea4f7b..096ec77a4df7 100644 --- a/docker-network-connect.1.md +++ b/docker-network-connect.1.md @@ -19,10 +19,10 @@ the same network. $ docker network connect multi-host-network container1 ``` -You can also use the `docker run --net=` option to start a container and immediately connect it to a network. +You can also use the `docker run --network=` option to start a container and immediately connect it to a network. ```bash -$ docker run -itd --net=multi-host-network --ip 172.20.88.22 --ip6 2001:db8::8822 busybox +$ docker run -itd --network=multi-host-network --ip 172.20.88.22 --ip6 2001:db8::8822 busybox ``` You can pause, restart, and stop containers that are connected to a network. A container connects to its configured networks when it runs. diff --git a/docker-network-create.1.md b/docker-network-create.1.md index 3000bb213537..bea6fb44e4dc 100644 --- a/docker-network-create.1.md +++ b/docker-network-create.1.md @@ -73,11 +73,11 @@ name conflicts. ## Connect containers -When you start a container use the `--net` flag to connect it to a network. +When you start a container use the `--network` flag to connect it to a network. This adds the `busybox` container to the `mynet` network. ```bash -$ docker run -itd --net=mynet busybox +$ docker run -itd --network=mynet busybox ``` If you want to add a container to a network after the container is already diff --git a/docker-run.1.md b/docker-run.1.md index eb5eb9dea096..be3df0be35bd 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -319,12 +319,12 @@ redirection on the host system. **--ip**="" Sets the container's interface IPv4 address (e.g. 172.23.0.9) - It can only be used in conjunction with **--net** for user-defined networks + It can only be used in conjunction with **--network** for user-defined networks **--ip6**="" Sets the container's interface IPv6 address (e.g. 2001:db8::1b99) - It can only be used in conjunction with **--net** for user-defined networks + It can only be used in conjunction with **--network** for user-defined networks **--ipc**="" Default is to create a private IPC namespace (POSIX SysV IPC) for the container @@ -557,7 +557,7 @@ incompatible with any restart policy other than `none`. Network Namespace - current sysctls allowed: Sysctls beginning with net.* - If you use the `--net=host` option these sysctls will not be allowed. + If you use the `--network=host` option these sysctls will not be allowed. **--sig-proxy**=*true*|*false* Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is *true*. From fbda88d2b1a86d9e931d0abb5f7bb394c8558f74 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Wed, 14 Dec 2016 18:22:59 +0800 Subject: [PATCH 351/398] Update the manual for docker wait Signed-off-by: yuexiao-wang --- docker-wait.1.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-wait.1.md b/docker-wait.1.md index 5f07bacc0e2c..678800966b42 100644 --- a/docker-wait.1.md +++ b/docker-wait.1.md @@ -2,7 +2,7 @@ % Docker Community % JUNE 2014 # NAME -docker-wait - Block until a container stops, then print its exit code. +docker-wait - Block until one or more containers stop, then print their exit codes # SYNOPSIS **docker wait** @@ -11,7 +11,7 @@ CONTAINER [CONTAINER...] # DESCRIPTION -Block until a container stops, then print its exit code. +Block until one or more containers stop, then print their exit codes. # OPTIONS **--help** From ce6a8bf61337f789fbca14e30ecda4326934cd80 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 14 Dec 2016 08:39:10 -0800 Subject: [PATCH 352/398] Add docs for `docker network create --attachable` Signed-off-by: Harald Albers --- docker-network-create.1.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker-network-create.1.md b/docker-network-create.1.md index bea6fb44e4dc..44ce8e15c252 100644 --- a/docker-network-create.1.md +++ b/docker-network-create.1.md @@ -6,6 +6,7 @@ docker-network-create - create a new network # SYNOPSIS **docker network create** +[**--attachable**] [**--aux-address**=*map[]*] [**-d**|**--driver**=*DRIVER*] [**--gateway**=*[]*] @@ -143,6 +144,9 @@ to create an externally isolated `overlay` network, you can specify the `--internal` option. # OPTIONS +**--attachable** + Enable manual container attachment + **--aux-address**=map[] Auxiliary IPv4 or IPv6 addresses used by network driver From 70c80435a87ae33ff820bd4ccf0daa8b42efebe2 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Thu, 15 Dec 2016 18:47:57 +0800 Subject: [PATCH 353/398] Fix inconsistency for pause and unpause Signed-off-by: yuexiao-wang --- docker-pause.1.md | 13 +++++++------ docker-unpause.1.md | 9 +++++---- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/docker-pause.1.md b/docker-pause.1.md index 1f7d81e749a2..11eef5321f54 100644 --- a/docker-pause.1.md +++ b/docker-pause.1.md @@ -2,7 +2,7 @@ % Docker Community % JUNE 2014 # NAME -docker-pause - Pause all processes within a container +docker-pause - Pause all processes within one or more containers # SYNOPSIS **docker pause** @@ -10,9 +10,9 @@ CONTAINER [CONTAINER...] # DESCRIPTION -The `docker pause` command suspends all processes in a container. On Linux, -this uses the cgroups freezer. Traditionally, when suspending a process the -`SIGSTOP` signal is used, which is observable by the process being suspended. +The `docker pause` command suspends all processes in the specified containers. +On Linux, this uses the cgroups freezer. Traditionally, when suspending a process +the `SIGSTOP` signal is used, which is observable by the process being suspended. With the cgroups freezer the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed. On Windows, only Hyper-V containers can be paused. @@ -22,10 +22,11 @@ See the [cgroups freezer documentation] further details. # OPTIONS -There are no available options. +**--help** + Print usage statement # See also -**docker-unpause(1)** to unpause all processes within a container. +**docker-unpause(1)** to unpause all processes within one or more containers. # HISTORY June 2014, updated by Sven Dowideit diff --git a/docker-unpause.1.md b/docker-unpause.1.md index f1ea14bbe2bc..e6fd3c4e0158 100644 --- a/docker-unpause.1.md +++ b/docker-unpause.1.md @@ -2,7 +2,7 @@ % Docker Community % JUNE 2014 # NAME -docker-unpause - Unpause all processes within a container +docker-unpause - Unpause all processes within one or more containers # SYNOPSIS **docker unpause** @@ -10,7 +10,7 @@ CONTAINER [CONTAINER...] # DESCRIPTION -The `docker unpause` command un-suspends all processes in a container. +The `docker unpause` command un-suspends all processes in the specified containers. On Linux, it does this using the cgroups freezer. See the [cgroups freezer documentation] @@ -18,10 +18,11 @@ See the [cgroups freezer documentation] further details. # OPTIONS -There are no available options. +**--help** + Print usage statement # See also -**docker-pause(1)** to pause all processes within a container. +**docker-pause(1)** to pause all processes within one or more containers. # HISTORY June 2014, updated by Sven Dowideit From ab52ea08a9f7b662e035ad5bc0dd68fc36b18c94 Mon Sep 17 00:00:00 2001 From: Michael Date: Mon, 19 Dec 2016 01:55:09 +0100 Subject: [PATCH 354/398] [docs,man] Fixed typo (#29516) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michael Käufl --- docker-build.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-build.1.md b/docker-build.1.md index 4beee88e4a08..5676cb80bd36 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -62,7 +62,7 @@ set as the **URL**, the repository is cloned locally and then sent as the contex **Experimental Only** Once the image is built, squash the new layers into a new image with a single new layer. Squashing does not destroy any existing image, rather it creates a new - image with the content of the squshed layers. This effectively makes it look + image with the content of the squashed layers. This effectively makes it look like all `Dockerfile` commands were created with a single layer. The build cache is preserved with this method. From 3d7ab790d29346261abd2fc130ef1de1b4c5e492 Mon Sep 17 00:00:00 2001 From: lixiaobing10051267 Date: Wed, 14 Dec 2016 16:42:31 +0800 Subject: [PATCH 355/398] Add docker-update description ommited in docker.1.md Signed-off-by: lixiaobing10051267 --- docker.1.md | 157 +--------------------------------------------------- 1 file changed, 1 insertion(+), 156 deletions(-) diff --git a/docker.1.md b/docker.1.md index 2a9618443918..84b470ee41bb 100644 --- a/docker.1.md +++ b/docker.1.md @@ -59,163 +59,8 @@ unix://[/path/to/socket] to use. Print version information and quit. Default is false. # COMMANDS -**attach** - Attach to a running container - See **docker-attach(1)** for full documentation on the **attach** command. - -**build** - Build an image from a Dockerfile - See **docker-build(1)** for full documentation on the **build** command. - -**commit** - Create a new image from a container's changes - See **docker-commit(1)** for full documentation on the **commit** command. - -**cp** - Copy files/folders between a container and the local filesystem - See **docker-cp(1)** for full documentation on the **cp** command. - -**create** - Create a new container - See **docker-create(1)** for full documentation on the **create** command. - -**diff** - Inspect changes on a container's filesystem - See **docker-diff(1)** for full documentation on the **diff** command. - -**events** - Get real time events from the server - See **docker-events(1)** for full documentation on the **events** command. - -**exec** - Run a command in a running container - See **docker-exec(1)** for full documentation on the **exec** command. - -**export** - Stream the contents of a container as a tar archive - See **docker-export(1)** for full documentation on the **export** command. - -**history** - Show the history of an image - See **docker-history(1)** for full documentation on the **history** command. - -**images** - List images - See **docker-images(1)** for full documentation on the **images** command. - -**import** - Create a new filesystem image from the contents of a tarball - See **docker-import(1)** for full documentation on the **import** command. - -**info** - Display system-wide information - See **docker-info(1)** for full documentation on the **info** command. - -**inspect** - Return low-level information on a container or image - See **docker-inspect(1)** for full documentation on the **inspect** command. - -**kill** - Kill a running container (which includes the wrapper process and everything -inside it) - See **docker-kill(1)** for full documentation on the **kill** command. - -**load** - Load an image from a tar archive - See **docker-load(1)** for full documentation on the **load** command. - -**login** - Log in to a Docker Registry - See **docker-login(1)** for full documentation on the **login** command. - -**logout** - Log the user out of a Docker Registry - See **docker-logout(1)** for full documentation on the **logout** command. - -**logs** - Fetch the logs of a container - See **docker-logs(1)** for full documentation on the **logs** command. - -**pause** - Pause all processes within a container - See **docker-pause(1)** for full documentation on the **pause** command. - -**port** - Lookup the public-facing port which is NAT-ed to PRIVATE_PORT - See **docker-port(1)** for full documentation on the **port** command. - -**ps** - List containers - See **docker-ps(1)** for full documentation on the **ps** command. - -**pull** - Pull an image or a repository from a Docker Registry - See **docker-pull(1)** for full documentation on the **pull** command. - -**push** - Push an image or a repository to a Docker Registry - See **docker-push(1)** for full documentation on the **push** command. - -**rename** - Rename a container. - See **docker-rename(1)** for full documentation on the **rename** command. - -**restart** - Restart one or more containers - See **docker-restart(1)** for full documentation on the **restart** command. - -**rm** - Remove one or more containers - See **docker-rm(1)** for full documentation on the **rm** command. - -**rmi** - Remove one or more images - See **docker-rmi(1)** for full documentation on the **rmi** command. - -**run** - Run a command in a new container - See **docker-run(1)** for full documentation on the **run** command. - -**save** - Save an image to a tar archive - See **docker-save(1)** for full documentation on the **save** command. - -**search** - Search for an image in the Docker index - See **docker-search(1)** for full documentation on the **search** command. - -**start** - Start a container - See **docker-start(1)** for full documentation on the **start** command. - -**stats** - Display a live stream of one or more containers' resource usage statistics - See **docker-stats(1)** for full documentation on the **stats** command. - -**stop** - Stop a container - See **docker-stop(1)** for full documentation on the **stop** command. - -**tag** - Tag an image into a repository - See **docker-tag(1)** for full documentation on the **tag** command. - -**top** - Lookup the running processes of a container - See **docker-top(1)** for full documentation on the **top** command. - -**unpause** - Unpause all processes within a container - See **docker-unpause(1)** for full documentation on the **unpause** command. - -**version** - Show the Docker version information - See **docker-version(1)** for full documentation on the **version** command. - -**wait** - Block until a container stops, then print its exit code - See **docker-wait(1)** for full documentation on the **wait** command. +Use "docker help" or "docker --help" to get an overview of available commands. # RUNTIME EXECUTION OPTIONS From c286340ee8ad88c7fc489a9c9ddd03e5adebb573 Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Tue, 20 Dec 2016 11:47:54 -0800 Subject: [PATCH 356/398] Clarify what docker diff shows Signed-off-by: Misty Stanley-Jones --- docker-diff.1.md | 62 +++++++++++++++++++++++++++++------------------- 1 file changed, 37 insertions(+), 25 deletions(-) diff --git a/docker-diff.1.md b/docker-diff.1.md index 6c6c5025332b..3342ad1af594 100644 --- a/docker-diff.1.md +++ b/docker-diff.1.md @@ -2,7 +2,7 @@ % Docker Community % JUNE 2014 # NAME -docker-diff - Inspect changes on a container's filesystem +docker-diff - Inspect changes to files or directories on a container's filesystem # SYNOPSIS **docker diff** @@ -10,8 +10,16 @@ docker-diff - Inspect changes on a container's filesystem CONTAINER # DESCRIPTION -Inspect changes on a container's filesystem. You can use the full or -shortened container ID or the container name set using +List the changed files and directories in a container᾿s filesystem since the +container was created. Three different types of change are tracked: + +| Symbol | Description | +|--------|---------------------------------| +| `A` | A file or directory was added | +| `D` | A file or directory was deleted | +| `C` | A file or directory was changed | + +You can use the full or shortened container ID or the container name set using **docker run --name** option. # OPTIONS @@ -19,28 +27,32 @@ shortened container ID or the container name set using Print usage statement # EXAMPLES -Inspect the changes to on a nginx container: - - # docker diff 1fdfd1f54c1b - C /dev - C /dev/console - C /dev/core - C /dev/stdout - C /dev/fd - C /dev/ptmx - C /dev/stderr - C /dev/stdin - C /run - A /run/nginx.pid - C /var/lib/nginx/tmp - A /var/lib/nginx/tmp/client_body - A /var/lib/nginx/tmp/fastcgi - A /var/lib/nginx/tmp/proxy - A /var/lib/nginx/tmp/scgi - A /var/lib/nginx/tmp/uwsgi - C /var/log/nginx - A /var/log/nginx/access.log - A /var/log/nginx/error.log + +Inspect the changes to an `nginx` container: + +```bash +$ docker diff 1fdfd1f54c1b + +C /dev +C /dev/console +C /dev/core +C /dev/stdout +C /dev/fd +C /dev/ptmx +C /dev/stderr +C /dev/stdin +C /run +A /run/nginx.pid +C /var/lib/nginx/tmp +A /var/lib/nginx/tmp/client_body +A /var/lib/nginx/tmp/fastcgi +A /var/lib/nginx/tmp/proxy +A /var/lib/nginx/tmp/scgi +A /var/lib/nginx/tmp/uwsgi +C /var/log/nginx +A /var/log/nginx/access.log +A /var/log/nginx/error.log +``` # HISTORY From ff95df5709292476cd678dcbbcd728420e2839b5 Mon Sep 17 00:00:00 2001 From: Zhang Wei Date: Sat, 17 Dec 2016 22:01:59 +0800 Subject: [PATCH 357/398] Add missing "--default-runtime" flag in manpage Add missing flag and more descriptions in manpage. Signed-off-by: Zhang Wei --- dockerd.8.md | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/dockerd.8.md b/dockerd.8.md index f99e7a7cab33..761dc6b9be01 100644 --- a/dockerd.8.md +++ b/dockerd.8.md @@ -20,6 +20,7 @@ dockerd - Enable daemon mode [**-D**|**--debug**] [**--default-gateway**[=*DEFAULT-GATEWAY*]] [**--default-gateway-v6**[=*DEFAULT-GATEWAY-V6*]] +[**--default-runtime**[=*runc*]] [**--default-ulimit**[=*[]*]] [**--disable-legacy-registry**] [**--dns**[=*[]*]] @@ -84,7 +85,35 @@ following format. # OPTIONS **--add-runtime**=[] - Set additional OCI compatible runtime. + Runtimes can be registered with the daemon either via the +configuration file or using the `--add-runtime` command line argument. + + The following is an example adding 2 runtimes via the configuration: + +```json +{ + "default-runtime": "runc", + "runtimes": { + "runc": { + "path": "runc" + }, + "custom": { + "path": "/usr/local/bin/my-runc-replacement", + "runtimeArgs": [ + "--debug" + ] + } + } +} +``` + + This is the same example via the command line: + +```bash +$ sudo dockerd --add-runtime runc=runc --add-runtime custom=/usr/local/bin/my-runc-replacement +``` + + **Note**: defining runtime arguments via the command line is not supported. **--api-cors-header**="" Set CORS headers in the Engine API. Default is cors disabled. Give urls like @@ -132,6 +161,9 @@ following format. **--default-gateway-v6**="" IPv6 address of the container default gateway +**--default-runtime**="runc" + Set default runtime if there're more than one specified by `--add-runtime`. + **--default-ulimit**=[] Default ulimits for containers. From 8c291d97878d37a59e0a01092e66d4d453dcf11e Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Thu, 22 Dec 2016 19:27:40 +0800 Subject: [PATCH 358/398] Update the manuals of docker and dockerd Signed-off-by: yuexiao-wang --- docker.1.md | 16 ++-------------- dockerd.8.md | 18 ++++++++++++++++++ 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/docker.1.md b/docker.1.md index 84b470ee41bb..abedb45ca9b9 100644 --- a/docker.1.md +++ b/docker.1.md @@ -7,12 +7,10 @@ docker \- Docker image and container command line interface # SYNOPSIS **docker** [OPTIONS] COMMAND [ARG...] -**docker** daemon [--help|...] - **docker** [--help|-v|--version] # DESCRIPTION -is a client for interacting with the daemon (see **dockerd(8)**) through the CLI. +**docker** is a client for interacting with the daemon (see **dockerd(8)**) through the CLI. The Docker CLI has over 30 commands. The commands are listed below and each has its own man page which explain usage and arguments. @@ -62,17 +60,7 @@ unix://[/path/to/socket] to use. Use "docker help" or "docker --help" to get an overview of available commands. -# RUNTIME EXECUTION OPTIONS - -Use the **--exec-opt** flags to specify options to the execution driver. -The following options are available: - -#### native.cgroupdriver -Specifies the management of the container's `cgroups`. You can specify `cgroupfs` -or `systemd`. If you specify `systemd` and it is not available, the system errors -out. - -#### Client +# EXAMPLES For specific client examples please see the man page for the specific Docker command. For example: diff --git a/dockerd.8.md b/dockerd.8.md index 761dc6b9be01..d64fe1f21ecd 100644 --- a/dockerd.8.md +++ b/dockerd.8.md @@ -704,6 +704,24 @@ For information about how to create an authorization plugin, see [authorization plugin](https://docs.docker.com/engine/extend/authorization/) section in the Docker extend section of this documentation. +# RUNTIME EXECUTION OPTIONS + +You can configure the runtime using options specified with the `--exec-opt` flag. +All the flag's options have the `native` prefix. A single `native.cgroupdriver` +option is available. + +The `native.cgroupdriver` option specifies the management of the container's +cgroups. You can only specify `cgroupfs` or `systemd`. If you specify +`systemd` and it is not available, the system errors out. If you omit the +`native.cgroupdriver` option,` cgroupfs` is used. + +This example sets the `cgroupdriver` to `systemd`: + +```bash +$ sudo dockerd --exec-opt native.cgroupdriver=systemd +``` + +Setting this option applies to all containers the daemon launches. # HISTORY Sept 2015, Originally compiled by Shishir Mahajan From 06c53be6d71e6692f2914352af5dbc736d2e428d Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Thu, 22 Sep 2016 14:11:08 -0400 Subject: [PATCH 359/398] Read long description from a file. Signed-off-by: Daniel Nephin --- docker-commit.1.md | 71 --- docker-create.1.md | 553 ------------------ docker-exec.1.md | 71 --- docker-import.1.md | 72 --- docker-kill.1.md | 28 - docker-logs.1.md | 71 --- docker-network-disconnect.1.md | 36 -- docker-pause.1.md | 32 - docker-push.1.md | 63 -- docker-rename.1.md | 15 - docker-restart.1.md | 26 - docker-rm.1.md | 72 --- docker-rmi.1.md | 42 -- docker-save.1.md | 45 -- docker-start.1.md | 39 -- docker-stop.1.md | 30 - docker-top.1.md | 36 -- docker-unpause.1.md | 28 - docker-update.1.md | 171 ------ docker-wait.1.md | 30 - generate.go | 65 +- generate.sh | 2 +- src/attach.md | 2 + src/commit.md | 1 + docker-attach.1.md => src/container/attach.md | 33 -- src/container/commit.md | 30 + docker-cp.1.md => src/container/cp.md | 58 +- src/container/create.md | 99 ++++ docker-diff.1.md => src/container/diff.md | 22 - src/container/exec.md | 25 + docker-export.1.md => src/container/export.md | 26 - src/container/kill.md | 2 + src/container/logs.md | 28 + docker-ps.1.md => src/container/ls.md | 73 +-- src/container/pause.md | 12 + docker-port.1.md => src/container/port.md | 29 +- src/container/rename.md | 1 + src/container/restart.md | 1 + src/container/rm.md | 37 ++ src/container/run.md | 1 + src/container/start.md | 1 + docker-stats.1.md => src/container/stats.md | 35 +- src/container/stop.md | 1 + src/container/top.md | 11 + src/container/unpause.md | 6 + src/container/update.md | 102 ++++ src/container/wait.md | 8 + src/cp.md | 1 + src/create.md | 1 + src/diff.md | 1 + src/events.md | 1 + src/exec.md | 1 + src/export.md | 1 + src/history.md | 1 + src/image/build.md | 1 + docker-history.1.md => src/image/history.md | 34 -- src/image/import.md | 42 ++ docker-load.1.md => src/image/load.md | 33 +- docker-images.1.md => src/image/ls.md | 62 +- docker-pull.1.md => src/image/pull.md | 59 +- src/image/push.md | 34 ++ src/image/rm.md | 11 + src/image/save.md | 19 + docker-tag.1.md => src/image/tag.md | 33 +- src/images.md | 1 + src/import.md | 1 + src/info.md | 1 + docker-inspect.1.md => src/inspect.md | 37 -- src/kill.md | 1 + src/load.md | 1 + docker-login.1.md => src/login.md | 31 - docker-logout.1.md => src/logout.md | 19 - src/logs.md | 1 + .../network/connect.md | 27 - .../network/create.md | 68 --- src/network/disconnect.md | 5 + .../network/inspect.md | 24 - docker-network-ls.1.md => src/network/ls.md | 53 +- docker-network-rm.1.md => src/network/rm.md | 23 - src/pause.md | 1 + src/port.md | 1 + src/ps.md | 1 + src/pull.md | 1 + src/push.md | 1 + src/rename.md | 1 + src/restart.md | 1 + src/rm.md | 1 + src/rmi.md | 1 + src/save.md | 1 + docker-search.1.md => src/search.md | 36 +- src/start.md | 1 + src/stats.md | 1 + src/stop.md | 1 + docker-events.1.md => src/system/events.md | 46 -- docker-info.1.md => src/system/info.md | 24 - src/tag.md | 1 + src/top.md | 1 + src/unpause.md | 1 + src/update.md | 1 + docker-version.1.md => src/version.md | 25 - src/volume.md | 14 + src/volume/create.md | 35 ++ src/volume/inspect.md | 4 + src/volume/ls.md | 11 + src/wait.md | 1 + 105 files changed, 714 insertions(+), 2369 deletions(-) delete mode 100644 docker-commit.1.md delete mode 100644 docker-create.1.md delete mode 100644 docker-exec.1.md delete mode 100644 docker-import.1.md delete mode 100644 docker-kill.1.md delete mode 100644 docker-logs.1.md delete mode 100644 docker-network-disconnect.1.md delete mode 100644 docker-pause.1.md delete mode 100644 docker-push.1.md delete mode 100644 docker-rename.1.md delete mode 100644 docker-restart.1.md delete mode 100644 docker-rm.1.md delete mode 100644 docker-rmi.1.md delete mode 100644 docker-save.1.md delete mode 100644 docker-start.1.md delete mode 100644 docker-stop.1.md delete mode 100644 docker-top.1.md delete mode 100644 docker-unpause.1.md delete mode 100644 docker-update.1.md delete mode 100644 docker-wait.1.md create mode 100644 src/attach.md create mode 100644 src/commit.md rename docker-attach.1.md => src/container/attach.md (76%) create mode 100644 src/container/commit.md rename docker-cp.1.md => src/container/cp.md (81%) create mode 100644 src/container/create.md rename docker-diff.1.md => src/container/diff.md (66%) create mode 100644 src/container/exec.md rename docker-export.1.md => src/container/export.md (52%) create mode 100644 src/container/kill.md create mode 100644 src/container/logs.md rename docker-ps.1.md => src/container/ls.md (63%) create mode 100644 src/container/pause.md rename docker-port.1.md => src/container/port.md (53%) create mode 100644 src/container/rename.md create mode 100644 src/container/restart.md create mode 100644 src/container/rm.md create mode 100644 src/container/run.md create mode 100644 src/container/start.md rename docker-stats.1.md => src/container/stats.md (61%) create mode 100644 src/container/stop.md create mode 100644 src/container/top.md create mode 100644 src/container/unpause.md create mode 100644 src/container/update.md create mode 100644 src/container/wait.md create mode 100644 src/cp.md create mode 100644 src/create.md create mode 100644 src/diff.md create mode 100644 src/events.md create mode 100644 src/exec.md create mode 100644 src/export.md create mode 100644 src/history.md create mode 100644 src/image/build.md rename docker-history.1.md => src/image/history.md (63%) create mode 100644 src/image/import.md rename docker-load.1.md => src/image/load.md (54%) rename docker-images.1.md => src/image/ls.md (73%) rename docker-pull.1.md => src/image/pull.md (81%) create mode 100644 src/image/push.md create mode 100644 src/image/rm.md create mode 100644 src/image/save.md rename docker-tag.1.md => src/image/tag.md (67%) create mode 100644 src/images.md create mode 100644 src/import.md create mode 100644 src/info.md rename docker-inspect.1.md => src/inspect.md (89%) create mode 100644 src/kill.md create mode 100644 src/load.md rename docker-login.1.md => src/login.md (62%) rename docker-logout.1.md => src/logout.md (50%) create mode 100644 src/logs.md rename docker-network-connect.1.md => src/network/connect.md (82%) rename docker-network-create.1.md => src/network/create.md (78%) create mode 100644 src/network/disconnect.md rename docker-network-inspect.1.md => src/network/inspect.md (87%) rename docker-network-ls.1.md => src/network/ls.md (81%) rename docker-network-rm.1.md => src/network/rm.md (67%) create mode 100644 src/pause.md create mode 100644 src/port.md create mode 100644 src/ps.md create mode 100644 src/pull.md create mode 100644 src/push.md create mode 100644 src/rename.md create mode 100644 src/restart.md create mode 100644 src/rm.md create mode 100644 src/rmi.md create mode 100644 src/save.md rename docker-search.1.md => src/search.md (65%) create mode 100644 src/start.md create mode 100644 src/stats.md create mode 100644 src/stop.md rename docker-events.1.md => src/system/events.md (86%) rename docker-info.1.md => src/system/info.md (91%) create mode 100644 src/tag.md create mode 100644 src/top.md create mode 100644 src/unpause.md create mode 100644 src/update.md rename docker-version.1.md => src/version.md (67%) create mode 100644 src/volume.md create mode 100644 src/volume/create.md create mode 100644 src/volume/inspect.md create mode 100644 src/volume/ls.md create mode 100644 src/wait.md diff --git a/docker-commit.1.md b/docker-commit.1.md deleted file mode 100644 index d8a4cf8387a5..000000000000 --- a/docker-commit.1.md +++ /dev/null @@ -1,71 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-commit - Create a new image from a container's changes - -# SYNOPSIS -**docker commit** -[**-a**|**--author**[=*AUTHOR*]] -[**-c**|**--change**[=\[*DOCKERFILE INSTRUCTIONS*\]]] -[**--help**] -[**-m**|**--message**[=*MESSAGE*]] -[**-p**|**--pause**[=*true*]] -CONTAINER [REPOSITORY[:TAG]] - -# DESCRIPTION -Create a new image from an existing container specified by name or -container ID. The new image will contain the contents of the -container filesystem, *excluding* any data volumes. Refer to **docker-tag(1)** -for more information about valid image and tag names. - -While the `docker commit` command is a convenient way of extending an -existing image, you should prefer the use of a Dockerfile and `docker -build` for generating images that you intend to share with other -people. - -# OPTIONS -**-a**, **--author**="" - Author (e.g., "John Hannibal Smith ") - -**-c** , **--change**=[] - Apply specified Dockerfile instructions while committing the image - Supported Dockerfile instructions: `CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`LABEL`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR` - -**--help** - Print usage statement - -**-m**, **--message**="" - Commit message - -**-p**, **--pause**=*true*|*false* - Pause container during commit. The default is *true*. - -# EXAMPLES - -## Creating a new image from an existing container -An existing Fedora based container has had Apache installed while running -in interactive mode with the bash shell. Apache is also running. To -create a new image run `docker ps` to find the container's ID and then run: - - # docker commit -m="Added Apache to Fedora base image" \ - -a="A D Ministrator" 98bd7fc99854 fedora/fedora_httpd:20 - -Note that only a-z0-9-_. are allowed when naming images from an -existing container. - -## Apply specified Dockerfile instructions while committing the image -If an existing container was created without the DEBUG environment -variable set to "true", you can create a new image based on that -container by first getting the container's ID with `docker ps` and -then running: - - # docker commit -c="ENV DEBUG true" 98bd7fc99854 debug-image - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and in -June 2014, updated by Sven Dowideit -July 2014, updated by Sven Dowideit -Oct 2014, updated by Daniel, Dao Quang Minh -June 2015, updated by Sally O'Malley diff --git a/docker-create.1.md b/docker-create.1.md deleted file mode 100644 index 3f8a076374c7..000000000000 --- a/docker-create.1.md +++ /dev/null @@ -1,553 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-create - Create a new container - -# SYNOPSIS -**docker create** -[**-a**|**--attach**[=*[]*]] -[**--add-host**[=*[]*]] -[**--blkio-weight**[=*[BLKIO-WEIGHT]*]] -[**--blkio-weight-device**[=*[]*]] -[**--cpu-shares**[=*0*]] -[**--cap-add**[=*[]*]] -[**--cap-drop**[=*[]*]] -[**--cgroup-parent**[=*CGROUP-PATH*]] -[**--cidfile**[=*CIDFILE*]] -[**--cpu-count**[=*0*]] -[**--cpu-percent**[=*0*]] -[**--cpu-period**[=*0*]] -[**--cpu-quota**[=*0*]] -[**--cpu-rt-period**[=*0*]] -[**--cpu-rt-runtime**[=*0*]] -[**--cpus**[=*0.0*]] -[**--cpuset-cpus**[=*CPUSET-CPUS*]] -[**--cpuset-mems**[=*CPUSET-MEMS*]] -[**--device**[=*[]*]] -[**--device-read-bps**[=*[]*]] -[**--device-read-iops**[=*[]*]] -[**--device-write-bps**[=*[]*]] -[**--device-write-iops**[=*[]*]] -[**--dns**[=*[]*]] -[**--dns-search**[=*[]*]] -[**--dns-option**[=*[]*]] -[**-e**|**--env**[=*[]*]] -[**--entrypoint**[=*ENTRYPOINT*]] -[**--env-file**[=*[]*]] -[**--expose**[=*[]*]] -[**--group-add**[=*[]*]] -[**-h**|**--hostname**[=*HOSTNAME*]] -[**--help**] -[**-i**|**--interactive**] -[**--ip**[=*IPv4-ADDRESS*]] -[**--ip6**[=*IPv6-ADDRESS*]] -[**--ipc**[=*IPC*]] -[**--isolation**[=*default*]] -[**--kernel-memory**[=*KERNEL-MEMORY*]] -[**-l**|**--label**[=*[]*]] -[**--label-file**[=*[]*]] -[**--link**[=*[]*]] -[**--link-local-ip**[=*[]*]] -[**--log-driver**[=*[]*]] -[**--log-opt**[=*[]*]] -[**-m**|**--memory**[=*MEMORY*]] -[**--mac-address**[=*MAC-ADDRESS*]] -[**--memory-reservation**[=*MEMORY-RESERVATION*]] -[**--memory-swap**[=*LIMIT*]] -[**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] -[**--name**[=*NAME*]] -[**--network-alias**[=*[]*]] -[**--network**[=*"bridge"*]] -[**--oom-kill-disable**] -[**--oom-score-adj**[=*0*]] -[**-P**|**--publish-all**] -[**-p**|**--publish**[=*[]*]] -[**--pid**[=*[PID]*]] -[**--userns**[=*[]*]] -[**--pids-limit**[=*PIDS_LIMIT*]] -[**--privileged**] -[**--read-only**] -[**--restart**[=*RESTART*]] -[**--rm**] -[**--security-opt**[=*[]*]] -[**--storage-opt**[=*[]*]] -[**--stop-signal**[=*SIGNAL*]] -[**--stop-timeout**[=*TIMEOUT*]] -[**--shm-size**[=*[]*]] -[**--sysctl**[=*[]*]] -[**-t**|**--tty**] -[**--tmpfs**[=*[CONTAINER-DIR[:]*]] -[**-u**|**--user**[=*USER*]] -[**--ulimit**[=*[]*]] -[**--uts**[=*[]*]] -[**-v**|**--volume**[=*[[HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*]] -[**--volume-driver**[=*DRIVER*]] -[**--volumes-from**[=*[]*]] -[**-w**|**--workdir**[=*WORKDIR*]] -IMAGE [COMMAND] [ARG...] - -# DESCRIPTION - -Creates a writeable container layer over the specified image and prepares it for -running the specified command. The container ID is then printed to STDOUT. This -is similar to **docker run -d** except the container is never started. You can -then use the **docker start ** command to start the container at -any point. - -The initial status of the container created with **docker create** is 'created'. - -# OPTIONS -**-a**, **--attach**=[] - Attach to STDIN, STDOUT or STDERR. - -**--add-host**=[] - Add a custom host-to-IP mapping (host:ip) - -**--blkio-weight**=*0* - Block IO weight (relative weight) accepts a weight value between 10 and 1000. - -**--blkio-weight-device**=[] - Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`). - -**--cpu-shares**=*0* - CPU shares (relative weight) - -**--cap-add**=[] - Add Linux capabilities - -**--cap-drop**=[] - Drop Linux capabilities - -**--cgroup-parent**="" - Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist. - -**--cidfile**="" - Write the container ID to the file - -**--cpu-count**=*0* - Limit the number of CPUs available for execution by the container. - - On Windows Server containers, this is approximated as a percentage of total CPU usage. - - On Windows Server containers, the processor resource controls are mutually exclusive, the order of precedence is CPUCount first, then CPUShares, and CPUPercent last. - -**--cpu-percent**=*0* - Limit the percentage of CPU available for execution by a container running on a Windows daemon. - - On Windows Server containers, the processor resource controls are mutually exclusive, the order of precedence is CPUCount first, then CPUShares, and CPUPercent last. - -**--cpu-period**=*0* - Limit the CPU CFS (Completely Fair Scheduler) period - - Limit the container's CPU usage. This flag tell the kernel to restrict the container's CPU usage to the period you specify. - -**--cpuset-cpus**="" - CPUs in which to allow execution (0-3, 0,1) - -**--cpuset-mems**="" - Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems. - - If you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1` -then processes in your Docker container will only use memory from the first -two memory nodes. - -**--cpu-quota**=*0* - Limit the CPU CFS (Completely Fair Scheduler) quota - -**--cpu-rt-period**=0 - Limit the CPU real-time period in microseconds - - Limit the container's Real Time CPU usage. This flag tell the kernel to restrict the container's Real Time CPU usage to the period you specify. - -**--cpu-rt-runtime**=0 - Limit the CPU real-time runtime in microseconds - - Limit the containers Real Time CPU usage. This flag tells the kernel to limit the amount of time in a given CPU period Real Time tasks may consume. Ex: - Period of 1,000,000us and Runtime of 950,000us means that this container could consume 95% of available CPU and leave the remaining 5% to normal priority tasks. - - The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup. - -**--cpus**=0.0 - Number of CPUs. The default is *0.0*. - -**--device**=[] - Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) - -**--device-read-bps**=[] - Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb) - -**--device-read-iops**=[] - Limit read rate (IO per second) from a device (e.g. --device-read-iops=/dev/sda:1000) - -**--device-write-bps**=[] - Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb) - -**--device-write-iops**=[] - Limit write rate (IO per second) to a device (e.g. --device-write-iops=/dev/sda:1000) - -**--dns**=[] - Set custom DNS servers - -**--dns-option**=[] - Set custom DNS options - -**--dns-search**=[] - Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) - -**-e**, **--env**=[] - Set environment variables - -**--entrypoint**="" - Overwrite the default ENTRYPOINT of the image - -**--env-file**=[] - Read in a line-delimited file of environment variables - -**--expose**=[] - Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host - -**--group-add**=[] - Add additional groups to run as - -**-h**, **--hostname**="" - Container host name - -**--help** - Print usage statement - -**-i**, **--interactive**=*true*|*false* - Keep STDIN open even if not attached. The default is *false*. - -**--ip**="" - Sets the container's interface IPv4 address (e.g. 172.23.0.9) - - It can only be used in conjunction with **--network** for user-defined networks - -**--ip6**="" - Sets the container's interface IPv6 address (e.g. 2001:db8::1b99) - - It can only be used in conjunction with **--network** for user-defined networks - -**--ipc**="" - Default is to create a private IPC namespace (POSIX SysV IPC) for the container - 'container:': reuses another container shared memory, semaphores and message queues - 'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. - -**--isolation**="*default*" - Isolation specifies the type of isolation technology used by containers. Note -that the default on Windows server is `process`, and the default on Windows client -is `hyperv`. Linux only supports `default`. - -**--kernel-memory**="" - Kernel memory limit (format: `[]`, where unit = b, k, m or g) - - Constrains the kernel memory available to a container. If a limit of 0 -is specified (not using `--kernel-memory`), the container's kernel memory -is not limited. If you specify a limit, it may be rounded up to a multiple -of the operating system's page size and the value can be very large, -millions of trillions. - -**-l**, **--label**=[] - Adds metadata to a container (e.g., --label=com.example.key=value) - -**--label-file**=[] - Read labels from a file. Delimit each label with an EOL. - -**--link**=[] - Add link to another container in the form of :alias or just - in which case the alias will match the name. - -**--link-local-ip**=[] - Add one or more link-local IPv4/IPv6 addresses to the container's interface - -**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*" - Logging driver for the container. Default is defined by daemon `--log-driver` flag. - **Warning**: the `docker logs` command works only for the `json-file` and - `journald` logging drivers. - -**--log-opt**=[] - Logging driver specific options. - -**-m**, **--memory**="" - Memory limit (format: [], where unit = b, k, m or g) - - Allows you to constrain the memory available to a container. If the host -supports swap memory, then the **-m** memory setting can be larger than physical -RAM. If a limit of 0 is specified (not using **-m**), the container's memory is -not limited. The actual limit may be rounded up to a multiple of the operating -system's page size (the value would be very large, that's millions of trillions). - -**--mac-address**="" - Container MAC address (e.g. 92:d0:c6:0a:29:33) - -**--memory-reservation**="" - Memory soft limit (format: [], where unit = b, k, m or g) - - After setting memory reservation, when the system detects memory contention -or low memory, containers are forced to restrict their consumption to their -reservation. So you should always set the value below **--memory**, otherwise the -hard limit will take precedence. By default, memory reservation will be the same -as memory limit. - -**--memory-swap**="LIMIT" - A limit value equal to memory plus swap. Must be used with the **-m** -(**--memory**) flag. The swap `LIMIT` should always be larger than **-m** -(**--memory**) value. - - The format of `LIMIT` is `[]`. Unit can be `b` (bytes), -`k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a -unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. - -**--memory-swappiness**="" - Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. - -**--name**="" - Assign a name to the container - -**--network**="*bridge*" - Set the Network mode for the container - 'bridge': create a network stack on the default Docker bridge - 'none': no networking - 'container:': reuse another container's network stack - 'host': use the Docker host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. - '|': connect to a user-defined network - -**--network-alias**=[] - Add network-scoped alias for the container - -**--oom-kill-disable**=*true*|*false* - Whether to disable OOM Killer for the container or not. - -**--oom-score-adj**="" - Tune the host's OOM preferences for containers (accepts -1000 to 1000) - -**-P**, **--publish-all**=*true*|*false* - Publish all exposed ports to random ports on the host interfaces. The default is *false*. - -**-p**, **--publish**=[] - Publish a container's port, or a range of ports, to the host - format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort - Both hostPort and containerPort can be specified as a range of ports. - When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`) - (use 'docker port' to see the actual mapping) - -**--pid**="" - Set the PID mode for the container - Default is to create a private PID namespace for the container - 'container:': join another container's PID namespace - 'host': use the host's PID namespace for the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure. - -**--userns**="" - Set the usernamespace mode for the container when `userns-remap` option is enabled. - **host**: use the host usernamespace and enable all privileged options (e.g., `pid=host` or `--privileged`). - -**--pids-limit**="" - Tune the container's pids limit. Set `-1` to have unlimited pids for the container. - -**--privileged**=*true*|*false* - Give extended privileges to this container. The default is *false*. - -**--read-only**=*true*|*false* - Mount the container's root filesystem as read only. - -**--restart**="*no*" - Restart policy to apply when a container exits (no, on-failure[:max-retry], always, unless-stopped). - -**--rm**=*true*|*false* - Automatically remove the container when it exits. The default is *false*. - -**--shm-size**="" - Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. - Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. - If you omit the size entirely, the system uses `64m`. - -**--security-opt**=[] - Security Options - - "label:user:USER" : Set the label user for the container - "label:role:ROLE" : Set the label role for the container - "label:type:TYPE" : Set the label type for the container - "label:level:LEVEL" : Set the label level for the container - "label:disable" : Turn off label confinement for the container - "no-new-privileges" : Disable container processes from gaining additional privileges - "seccomp:unconfined" : Turn off seccomp confinement for the container - "seccomp:profile.json : White listed syscalls seccomp Json file to be used as a seccomp filter - -**--storage-opt**=[] - Storage driver options per container - - $ docker create -it --storage-opt size=120G fedora /bin/bash - - This (size) will allow to set the container rootfs size to 120G at creation time. - This option is only available for the `devicemapper`, `btrfs`, `overlay2` and `zfs` graph drivers. - For the `devicemapper`, `btrfs` and `zfs` storage drivers, user cannot pass a size less than the Default BaseFS Size. - For the `overlay2` storage driver, the size option is only available if the backing fs is `xfs` and mounted with the `pquota` mount option. - Under these conditions, user can pass any size less then the backing fs size. - -**--stop-signal**=*SIGTERM* - Signal to stop a container. Default is SIGTERM. - -**--stop-timeout**=*10* - Timeout (in seconds) to stop a container. Default is 10. - -**--sysctl**=SYSCTL - Configure namespaced kernel parameters at runtime - - IPC Namespace - current sysctls allowed: - - kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced - Sysctls beginning with fs.mqueue.* - - Note: if you use --ipc=host using these sysctls will not be allowed. - - Network Namespace - current sysctls allowed: - Sysctls beginning with net.* - - Note: if you use --network=host using these sysctls will not be allowed. - -**-t**, **--tty**=*true*|*false* - Allocate a pseudo-TTY. The default is *false*. - -**--tmpfs**=[] Create a tmpfs mount - - Mount a temporary filesystem (`tmpfs`) mount into a container, for example: - - $ docker run -d --tmpfs /tmp:rw,size=787448k,mode=1777 my_image - - This command mounts a `tmpfs` at `/tmp` within the container. The supported mount -options are the same as the Linux default `mount` flags. If you do not specify -any options, the systems uses the following options: -`rw,noexec,nosuid,nodev,size=65536k`. - -**-u**, **--user**="" - Sets the username or UID used and optionally the groupname or GID for the specified command. - - The followings examples are all valid: - --user [user | user:group | uid | uid:gid | user:gid | uid:group ] - - Without this argument root user will be used in the container by default. - -**--ulimit**=[] - Ulimit options - -**--uts**=*host* - Set the UTS mode for the container - **host**: use the host's UTS namespace inside the container. - Note: the host mode gives the container access to changing the host's hostname and is therefore considered insecure. - -**-v**|**--volume**[=*[[HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*] - Create a bind mount. If you specify, ` -v /HOST-DIR:/CONTAINER-DIR`, Docker - bind mounts `/HOST-DIR` in the host to `/CONTAINER-DIR` in the Docker - container. If 'HOST-DIR' is omitted, Docker automatically creates the new - volume on the host. The `OPTIONS` are a comma delimited list and can be: - - * [rw|ro] - * [z|Z] - * [`[r]shared`|`[r]slave`|`[r]private`] - -The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The `HOST-DIR` -can be an absolute path or a `name` value. A `name` value must start with an -alphanumeric character, followed by `a-z0-9`, `_` (underscore), `.` (period) or -`-` (hyphen). An absolute path starts with a `/` (forward slash). - -If you supply a `HOST-DIR` that is an absolute path, Docker bind-mounts to the -path you specify. If you supply a `name`, Docker creates a named volume by that -`name`. For example, you can specify either `/foo` or `foo` for a `HOST-DIR` -value. If you supply the `/foo` value, Docker creates a bind-mount. If you -supply the `foo` specification, Docker creates a named volume. - -You can specify multiple **-v** options to mount one or more mounts to a -container. To use these same mounts in other containers, specify the -**--volumes-from** option also. - -You can add `:ro` or `:rw` suffix to a volume to mount it read-only or -read-write mode, respectively. By default, the volumes are mounted read-write. -See examples. - -Labeling systems like SELinux require that proper labels are placed on volume -content mounted into a container. Without a label, the security system might -prevent the processes running inside the container from using the content. By -default, Docker does not change the labels set by the OS. - -To change a label in the container context, you can add either of two suffixes -`:z` or `:Z` to the volume mount. These suffixes tell Docker to relabel file -objects on the shared volumes. The `z` option tells Docker that two containers -share the volume content. As a result, Docker labels the content with a shared -content label. Shared volume labels allow all containers to read/write content. -The `Z` option tells Docker to label the content with a private unshared label. -Only the current container can use a private volume. - -By default bind mounted volumes are `private`. That means any mounts done -inside container will not be visible on host and vice-a-versa. One can change -this behavior by specifying a volume mount propagation property. Making a -volume `shared` mounts done under that volume inside container will be -visible on host and vice-a-versa. Making a volume `slave` enables only one -way mount propagation and that is mounts done on host under that volume -will be visible inside container but not the other way around. - -To control mount propagation property of volume one can use `:[r]shared`, -`:[r]slave` or `:[r]private` propagation flag. Propagation property can -be specified only for bind mounted volumes and not for internal volumes or -named volumes. For mount propagation to work source mount point (mount point -where source dir is mounted on) has to have right propagation properties. For -shared volumes, source mount point has to be shared. And for slave volumes, -source mount has to be either shared or slave. - -Use `df ` to figure out the source mount and then use -`findmnt -o TARGET,PROPAGATION ` to figure out propagation -properties of source mount. If `findmnt` utility is not available, then one -can look at mount entry for source mount point in `/proc/self/mountinfo`. Look -at `optional fields` and see if any propagaion properties are specified. -`shared:X` means mount is `shared`, `master:X` means mount is `slave` and if -nothing is there that means mount is `private`. - -To change propagation properties of a mount point use `mount` command. For -example, if one wants to bind mount source directory `/foo` one can do -`mount --bind /foo /foo` and `mount --make-private --make-shared /foo`. This -will convert /foo into a `shared` mount point. Alternatively one can directly -change propagation properties of source mount. Say `/` is source mount for -`/foo`, then use `mount --make-shared /` to convert `/` into a `shared` mount. - -> **Note**: -> When using systemd to manage the Docker daemon's start and stop, in the systemd -> unit file there is an option to control mount propagation for the Docker daemon -> itself, called `MountFlags`. The value of this setting may cause Docker to not -> see mount propagation changes made on the mount point. For example, if this value -> is `slave`, you may not be able to use the `shared` or `rshared` propagation on -> a volume. - - -To disable automatic copying of data from the container path to the volume, use -the `nocopy` flag. The `nocopy` flag can be set on bind mounts and named volumes. - -**--volume-driver**="" - Container's volume driver. This driver creates volumes specified either from - a Dockerfile's `VOLUME` instruction or from the `docker run -v` flag. - See **docker-volume-create(1)** for full details. - -**--volumes-from**=[] - Mount volumes from the specified container(s) - -**-w**, **--workdir**="" - Working directory inside the container - -# EXAMPLES - -## Specify isolation technology for container (--isolation) - -This option is useful in situations where you are running Docker containers on -Windows. The `--isolation=` option sets a container's isolation -technology. On Linux, the only supported is the `default` option which uses -Linux namespaces. On Microsoft Windows, you can specify these values: - -* `default`: Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value. -* `process`: Namespace isolation only. -* `hyperv`: Hyper-V hypervisor partition-based isolation. - -Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`. - -# HISTORY -August 2014, updated by Sven Dowideit -September 2014, updated by Sven Dowideit -November 2014, updated by Sven Dowideit diff --git a/docker-exec.1.md b/docker-exec.1.md deleted file mode 100644 index fe9c279e7eae..000000000000 --- a/docker-exec.1.md +++ /dev/null @@ -1,71 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-exec - Run a command in a running container - -# SYNOPSIS -**docker exec** -[**-d**|**--detach**] -[**--detach-keys**[=*[]*]] -[**-e**|**--env**[=*[]*]] -[**--help**] -[**-i**|**--interactive**] -[**--privileged**] -[**-t**|**--tty**] -[**-u**|**--user**[=*USER*]] -CONTAINER COMMAND [ARG...] - -# DESCRIPTION - -Run a process in a running container. - -The command started using `docker exec` will only run while the container's primary -process (`PID 1`) is running, and will not be restarted if the container is restarted. - -If the container is paused, then the `docker exec` command will wait until the -container is unpaused, and then run - -# OPTIONS -**-d**, **--detach**=*true*|*false* - Detached mode: run command in the background. The default is *false*. - -**--detach-keys**="" - Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-` where `` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. - -**-e**, **--env**=[] - Set environment variables - - This option allows you to specify arbitrary environment variables that are -available for the command to be executed. - -**--help** - Print usage statement - -**-i**, **--interactive**=*true*|*false* - Keep STDIN open even if not attached. The default is *false*. - -**--privileged**=*true*|*false* - Give the process extended [Linux capabilities](http://man7.org/linux/man-pages/man7/capabilities.7.html) -when running in a container. The default is *false*. - - Without this flag, the process run by `docker exec` in a running container has -the same capabilities as the container, which may be limited. Set -`--privileged` to give all capabilities to the process. - -**-t**, **--tty**=*true*|*false* - Allocate a pseudo-TTY. The default is *false*. - -**-u**, **--user**="" - Sets the username or UID used and optionally the groupname or GID for the specified command. - - The followings examples are all valid: - --user [user | user:group | uid | uid:gid | user:gid | uid:group ] - - Without this argument the command will be run as root in the container. - -The **-t** option is incompatible with a redirection of the docker client -standard input. - -# HISTORY -November 2014, updated by Sven Dowideit diff --git a/docker-import.1.md b/docker-import.1.md deleted file mode 100644 index 43d65efe6a80..000000000000 --- a/docker-import.1.md +++ /dev/null @@ -1,72 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-import - Create an empty filesystem image and import the contents of the tarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then optionally tag it. - -# SYNOPSIS -**docker import** -[**-c**|**--change**[=*[]*]] -[**-m**|**--message**[=*MESSAGE*]] -[**--help**] -file|URL|**-**[REPOSITORY[:TAG]] - -# OPTIONS -**-c**, **--change**=[] - Apply specified Dockerfile instructions while importing the image - Supported Dockerfile instructions: `CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR` - -**--help** - Print usage statement - -**-m**, **--message**="" - Set commit message for imported image - -# DESCRIPTION -Create a new filesystem image from the contents of a tarball (`.tar`, -`.tar.gz`, `.tgz`, `.bzip`, `.tar.xz`, `.txz`) into it, then optionally tag it. - - -# EXAMPLES - -## Import from a remote location - - # docker import http://example.com/exampleimage.tgz example/imagerepo - -## Import from a local file - -Import to docker via pipe and stdin: - - # cat exampleimage.tgz | docker import - example/imagelocal - -Import with a commit message. - - # cat exampleimage.tgz | docker import --message "New image imported from tarball" - exampleimagelocal:new - -Import to a Docker image from a local file. - - # docker import /path/to/exampleimage.tgz - - -## Import from a local file and tag - -Import to docker via pipe and stdin: - - # cat exampleimageV2.tgz | docker import - example/imagelocal:V-2.0 - -## Import from a local directory - - # tar -c . | docker import - exampleimagedir - -## Apply specified Dockerfile instructions while importing the image -This example sets the docker image ENV variable DEBUG to true by default. - - # tar -c . | docker import -c="ENV DEBUG true" - exampleimagedir - -# See also -**docker-export(1)** to export the contents of a filesystem as a tar archive to STDOUT. - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit diff --git a/docker-kill.1.md b/docker-kill.1.md deleted file mode 100644 index 36cbdb90ea3f..000000000000 --- a/docker-kill.1.md +++ /dev/null @@ -1,28 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-kill - Kill a running container using SIGKILL or a specified signal - -# SYNOPSIS -**docker kill** -[**--help**] -[**-s**|**--signal**[=*"KILL"*]] -CONTAINER [CONTAINER...] - -# DESCRIPTION - -The main process inside each container specified will be sent SIGKILL, - or any signal specified with option --signal. - -# OPTIONS -**--help** - Print usage statement - -**-s**, **--signal**="*KILL*" - Signal to send to the container - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) - based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit diff --git a/docker-logs.1.md b/docker-logs.1.md deleted file mode 100644 index e70f796e2899..000000000000 --- a/docker-logs.1.md +++ /dev/null @@ -1,71 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-logs - Fetch the logs of a container - -# SYNOPSIS -**docker logs** -[**-f**|**--follow**] -[**--help**] -[**--since**[=*SINCE*]] -[**-t**|**--timestamps**] -[**--tail**[=*"all"*]] -CONTAINER - -# DESCRIPTION -The **docker logs** command batch-retrieves whatever logs are present for -a container at the time of execution. This does not guarantee execution -order when combined with a docker run (i.e., your run may not have generated -any logs at the time you execute docker logs). - -The **docker logs --follow** command combines commands **docker logs** and -**docker attach**. It will first return all logs from the beginning and -then continue streaming new output from the container's stdout and stderr. - -**Warning**: This command works only for the **json-file** or **journald** -logging drivers. - -# OPTIONS -**--help** - Print usage statement - -**--details**=*true*|*false* - Show extra details provided to logs - -**-f**, **--follow**=*true*|*false* - Follow log output. The default is *false*. - -**--since**="" - Show logs since timestamp - -**-t**, **--timestamps**=*true*|*false* - Show timestamps. The default is *false*. - -**--tail**="*all*" - Output the specified number of lines at the end of logs (defaults to all logs) - -The `--since` option can be Unix timestamps, date formatted timestamps, or Go -duration strings (e.g. `10m`, `1h30m`) computed relative to the client machine's -time. Supported formats for date formatted time stamps include RFC3339Nano, -RFC3339, `2006-01-02T15:04:05`, `2006-01-02T15:04:05.999999999`, -`2006-01-02Z07:00`, and `2006-01-02`. The local timezone on the client will be -used if you do not provide either a `Z` or a `+-00:00` timezone offset at the -end of the timestamp. When providing Unix timestamps enter -seconds[.nanoseconds], where seconds is the number of seconds that have elapsed -since January 1, 1970 (midnight UTC/GMT), not counting leap seconds (aka Unix -epoch or Unix time), and the optional .nanoseconds field is a fraction of a -second no more than nine digits long. You can combine the `--since` option with -either or both of the `--follow` or `--tail` options. - -The `docker logs --details` command will add on extra attributes, such as -environment variables and labels, provided to `--log-opt` when creating the -container. - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -July 2014, updated by Sven Dowideit -April 2015, updated by Ahmet Alp Balkan -October 2015, updated by Mike Brown diff --git a/docker-network-disconnect.1.md b/docker-network-disconnect.1.md deleted file mode 100644 index 09bcac51b056..000000000000 --- a/docker-network-disconnect.1.md +++ /dev/null @@ -1,36 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% OCT 2015 -# NAME -docker-network-disconnect - disconnect a container from a network - -# SYNOPSIS -**docker network disconnect** -[**--help**] -[**--force**] -NETWORK CONTAINER - -# DESCRIPTION - -Disconnects a container from a network. - -```bash - $ docker network disconnect multi-host-network container1 -``` - - -# OPTIONS -**NETWORK** - Specify network name - -**CONTAINER** - Specify container name - -**--force** - Force the container to disconnect from a network - -**--help** - Print usage statement - -# HISTORY -OCT 2015, created by Mary Anthony diff --git a/docker-pause.1.md b/docker-pause.1.md deleted file mode 100644 index 11eef5321f54..000000000000 --- a/docker-pause.1.md +++ /dev/null @@ -1,32 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-pause - Pause all processes within one or more containers - -# SYNOPSIS -**docker pause** -CONTAINER [CONTAINER...] - -# DESCRIPTION - -The `docker pause` command suspends all processes in the specified containers. -On Linux, this uses the cgroups freezer. Traditionally, when suspending a process -the `SIGSTOP` signal is used, which is observable by the process being suspended. -With the cgroups freezer the process is unaware, and unable to capture, -that it is being suspended, and subsequently resumed. On Windows, only Hyper-V -containers can be paused. - -See the [cgroups freezer documentation] -(https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt) for -further details. - -# OPTIONS -**--help** - Print usage statement - -# See also -**docker-unpause(1)** to unpause all processes within one or more containers. - -# HISTORY -June 2014, updated by Sven Dowideit diff --git a/docker-push.1.md b/docker-push.1.md deleted file mode 100644 index 847e66d2e4df..000000000000 --- a/docker-push.1.md +++ /dev/null @@ -1,63 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-push - Push an image or a repository to a registry - -# SYNOPSIS -**docker push** -[**--help**] -NAME[:TAG] | [REGISTRY_HOST[:REGISTRY_PORT]/]NAME[:TAG] - -# DESCRIPTION - -Use `docker push` to share your images to the [Docker Hub](https://hub.docker.com) -registry or to a self-hosted one. - -Refer to **docker-tag(1)** for more information about valid image and tag names. - -Killing the **docker push** process, for example by pressing **CTRL-c** while it -is running in a terminal, terminates the push operation. - -Registry credentials are managed by **docker-login(1)**. - - -# OPTIONS - -**--disable-content-trust** - Skip image verification (default true) - -**--help** - Print usage statement - -# EXAMPLES - -## Pushing a new image to a registry - -First save the new image by finding the container ID (using **docker ps**) -and then committing it to a new image name. Note that only a-z0-9-_. are -allowed when naming images: - - # docker commit c16378f943fe rhel-httpd - -Now, push the image to the registry using the image ID. In this example the -registry is on host named `registry-host` and listening on port `5000`. To do -this, tag the image with the host name or IP address, and the port of the -registry: - - # docker tag rhel-httpd registry-host:5000/myadmin/rhel-httpd - # docker push registry-host:5000/myadmin/rhel-httpd - -Check that this worked by running: - - # docker images - -You should see both `rhel-httpd` and `registry-host:5000/myadmin/rhel-httpd` -listed. - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -April 2015, updated by Mary Anthony for v2 -June 2015, updated by Sally O'Malley diff --git a/docker-rename.1.md b/docker-rename.1.md deleted file mode 100644 index eaeea5c6e015..000000000000 --- a/docker-rename.1.md +++ /dev/null @@ -1,15 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% OCTOBER 2014 -# NAME -docker-rename - Rename a container - -# SYNOPSIS -**docker rename** -CONTAINER NEW_NAME - -# OPTIONS -There are no available options. - -# DESCRIPTION -Rename a container. Container may be running, paused or stopped. diff --git a/docker-restart.1.md b/docker-restart.1.md deleted file mode 100644 index 271c4eee1b9e..000000000000 --- a/docker-restart.1.md +++ /dev/null @@ -1,26 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-restart - Restart one or more containers - -# SYNOPSIS -**docker restart** -[**--help**] -[**-t**|**--time**[=*10*]] -CONTAINER [CONTAINER...] - -# DESCRIPTION -Restart each container listed. - -# OPTIONS -**--help** - Print usage statement - -**-t**, **--time**=*10* - Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default is 10 seconds. - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit diff --git a/docker-rm.1.md b/docker-rm.1.md deleted file mode 100644 index 2105288d0d15..000000000000 --- a/docker-rm.1.md +++ /dev/null @@ -1,72 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-rm - Remove one or more containers - -# SYNOPSIS -**docker rm** -[**-f**|**--force**] -[**-l**|**--link**] -[**-v**|**--volumes**] -CONTAINER [CONTAINER...] - -# DESCRIPTION - -**docker rm** will remove one or more containers from the host node. The -container name or ID can be used. This does not remove images. You cannot -remove a running container unless you use the **-f** option. To see all -containers on a host use the **docker ps -a** command. - -# OPTIONS -**--help** - Print usage statement - -**-f**, **--force**=*true*|*false* - Force the removal of a running container (uses SIGKILL). The default is *false*. - -**-l**, **--link**=*true*|*false* - Remove the specified link and not the underlying container. The default is *false*. - -**-v**, **--volumes**=*true*|*false* - Remove the volumes associated with the container. The default is *false*. - -# EXAMPLES - -## Removing a container using its ID - -To remove a container using its ID, find either from a **docker ps -a** -command, or use the ID returned from the **docker run** command, or retrieve -it from a file used to store it using the **docker run --cidfile**: - - docker rm abebf7571666 - -## Removing a container using the container name - -The name of the container can be found using the **docker ps -a** -command. The use that name as follows: - - docker rm hopeful_morse - -## Removing a container and all associated volumes - - $ docker rm -v redis - redis - -This command will remove the container and any volumes associated with it. -Note that if a volume was specified with a name, it will not be removed. - - $ docker create -v awesome:/foo -v /bar --name hello redis - hello - $ docker rm -v hello - -In this example, the volume for `/foo` will remain in tact, but the volume for -`/bar` will be removed. The same behavior holds for volumes inherited with -`--volumes-from`. - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -July 2014, updated by Sven Dowideit -August 2014, updated by Sven Dowideit diff --git a/docker-rmi.1.md b/docker-rmi.1.md deleted file mode 100644 index 35bf8aac6a13..000000000000 --- a/docker-rmi.1.md +++ /dev/null @@ -1,42 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-rmi - Remove one or more images - -# SYNOPSIS -**docker rmi** -[**-f**|**--force**] -[**--help**] -[**--no-prune**] -IMAGE [IMAGE...] - -# DESCRIPTION - -Removes one or more images from the host node. This does not remove images from -a registry. You cannot remove an image of a running container unless you use the -**-f** option. To see all images on a host use the **docker images** command. - -# OPTIONS -**-f**, **--force**=*true*|*false* - Force removal of the image. The default is *false*. - -**--help** - Print usage statement - -**--no-prune**=*true*|*false* - Do not delete untagged parents. The default is *false*. - -# EXAMPLES - -## Removing an image - -Here is an example of removing an image: - - docker rmi fedora/httpd - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -April 2015, updated by Mary Anthony for v2 diff --git a/docker-save.1.md b/docker-save.1.md deleted file mode 100644 index 1d1de8a1dfbd..000000000000 --- a/docker-save.1.md +++ /dev/null @@ -1,45 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-save - Save one or more images to a tar archive (streamed to STDOUT by default) - -# SYNOPSIS -**docker save** -[**--help**] -[**-o**|**--output**[=*OUTPUT*]] -IMAGE [IMAGE...] - -# DESCRIPTION -Produces a tarred repository to the standard output stream. Contains all -parent layers, and all tags + versions, or specified repo:tag. - -Stream to a file instead of STDOUT by using **-o**. - -# OPTIONS -**--help** - Print usage statement - -**-o**, **--output**="" - Write to a file, instead of STDOUT - -# EXAMPLES - -Save all fedora repository images to a fedora-all.tar and save the latest -fedora image to a fedora-latest.tar: - - $ docker save fedora > fedora-all.tar - $ docker save --output=fedora-latest.tar fedora:latest - $ ls -sh fedora-all.tar - 721M fedora-all.tar - $ ls -sh fedora-latest.tar - 367M fedora-latest.tar - -# See also -**docker-load(1)** to load an image from a tar archive on STDIN. - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -November 2014, updated by Sven Dowideit diff --git a/docker-start.1.md b/docker-start.1.md deleted file mode 100644 index c00b0a166817..000000000000 --- a/docker-start.1.md +++ /dev/null @@ -1,39 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-start - Start one or more containers - -# SYNOPSIS -**docker start** -[**-a**|**--attach**] -[**--detach-keys**[=*[]*]] -[**--help**] -[**-i**|**--interactive**] -CONTAINER [CONTAINER...] - -# DESCRIPTION - -Start one or more containers. - -# OPTIONS -**-a**, **--attach**=*true*|*false* - Attach container's STDOUT and STDERR and forward all signals to the - process. The default is *false*. - -**--detach-keys**="" - Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-` where `` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. - -**--help** - Print usage statement - -**-i**, **--interactive**=*true*|*false* - Attach container's STDIN. The default is *false*. - -# See also -**docker-stop(1)** to stop a container. - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit diff --git a/docker-stop.1.md b/docker-stop.1.md deleted file mode 100644 index fa377c92c44d..000000000000 --- a/docker-stop.1.md +++ /dev/null @@ -1,30 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-stop - Stop a container by sending SIGTERM and then SIGKILL after a grace period - -# SYNOPSIS -**docker stop** -[**--help**] -[**-t**|**--time**[=*10*]] -CONTAINER [CONTAINER...] - -# DESCRIPTION -Stop a container (Send SIGTERM, and then SIGKILL after - grace period) - -# OPTIONS -**--help** - Print usage statement - -**-t**, **--time**=*10* - Number of seconds to wait for the container to stop before killing it. Default is 10 seconds. - -#See also -**docker-start(1)** to restart a stopped container. - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit diff --git a/docker-top.1.md b/docker-top.1.md deleted file mode 100644 index a666f7cd37cc..000000000000 --- a/docker-top.1.md +++ /dev/null @@ -1,36 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-top - Display the running processes of a container - -# SYNOPSIS -**docker top** -[**--help**] -CONTAINER [ps OPTIONS] - -# DESCRIPTION - -Display the running process of the container. ps-OPTION can be any of the options you would pass to a Linux ps command. - -All displayed information is from host's point of view. - -# OPTIONS -**--help** - Print usage statement - -# EXAMPLES - -Run **docker top** with the ps option of -x: - - $ docker top 8601afda2b -x - PID TTY STAT TIME COMMAND - 16623 ? Ss 0:00 sleep 99999 - - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -June 2015, updated by Ma Shimiao -December 2015, updated by Pavel Pospisil diff --git a/docker-unpause.1.md b/docker-unpause.1.md deleted file mode 100644 index e6fd3c4e0158..000000000000 --- a/docker-unpause.1.md +++ /dev/null @@ -1,28 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-unpause - Unpause all processes within one or more containers - -# SYNOPSIS -**docker unpause** -CONTAINER [CONTAINER...] - -# DESCRIPTION - -The `docker unpause` command un-suspends all processes in the specified containers. -On Linux, it does this using the cgroups freezer. - -See the [cgroups freezer documentation] -(https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt) for -further details. - -# OPTIONS -**--help** - Print usage statement - -# See also -**docker-pause(1)** to pause all processes within one or more containers. - -# HISTORY -June 2014, updated by Sven Dowideit diff --git a/docker-update.1.md b/docker-update.1.md deleted file mode 100644 index 85f3dd07c1e2..000000000000 --- a/docker-update.1.md +++ /dev/null @@ -1,171 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-update - Update configuration of one or more containers - -# SYNOPSIS -**docker update** -[**--blkio-weight**[=*[BLKIO-WEIGHT]*]] -[**--cpu-shares**[=*0*]] -[**--cpu-period**[=*0*]] -[**--cpu-quota**[=*0*]] -[**--cpu-rt-period**[=*0*]] -[**--cpu-rt-runtime**[=*0*]] -[**--cpuset-cpus**[=*CPUSET-CPUS*]] -[**--cpuset-mems**[=*CPUSET-MEMS*]] -[**--help**] -[**--kernel-memory**[=*KERNEL-MEMORY*]] -[**-m**|**--memory**[=*MEMORY*]] -[**--memory-reservation**[=*MEMORY-RESERVATION*]] -[**--memory-swap**[=*MEMORY-SWAP*]] -[**--restart**[=*""*]] -CONTAINER [CONTAINER...] - -# DESCRIPTION - -The **docker update** command dynamically updates container configuration. -You can use this command to prevent containers from consuming too many -resources from their Docker host. With a single command, you can place -limits on a single container or on many. To specify more than one container, -provide space-separated list of container names or IDs. - -With the exception of the **--kernel-memory** option, you can specify these -options on a running or a stopped container. On kernel version older than -4.6, You can only update **--kernel-memory** on a stopped container or on -a running container with kernel memory initialized. - -# OPTIONS - -**--blkio-weight**=0 - Block IO weight (relative weight) accepts a weight value between 10 and 1000. - -**--cpu-shares**=0 - CPU shares (relative weight) - -**--cpu-period**=0 - Limit the CPU CFS (Completely Fair Scheduler) period - - Limit the container's CPU usage. This flag tell the kernel to restrict the container's CPU usage to the period you specify. - -**--cpu-quota**=0 - Limit the CPU CFS (Completely Fair Scheduler) quota - -**--cpu-rt-period**=0 - Limit the CPU real-time period in microseconds - - Limit the container's Real Time CPU usage. This flag tell the kernel to restrict the container's Real Time CPU usage to the period you specify. - -**--cpu-rt-runtime**=0 - Limit the CPU real-time runtime in microseconds - - Limit the containers Real Time CPU usage. This flag tells the kernel to limit the amount of time in a given CPU period Real Time tasks may consume. Ex: - Period of 1,000,000us and Runtime of 950,000us means that this container could consume 95% of available CPU and leave the remaining 5% to normal priority tasks. - - The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup. - -**--cpuset-cpus**="" - CPUs in which to allow execution (0-3, 0,1) - -**--cpuset-mems**="" - Memory nodes(MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems. - -**--help** - Print usage statement - -**--kernel-memory**="" - Kernel memory limit (format: `[]`, where unit = b, k, m or g) - - Note that on kernel version older than 4.6, you can not update kernel memory on - a running container if the container is started without kernel memory initialized, - in this case, it can only be updated after it's stopped. The new setting takes - effect when the container is started. - -**-m**, **--memory**="" - Memory limit (format: , where unit = b, k, m or g) - - Note that the memory should be smaller than the already set swap memory limit. - If you want update a memory limit bigger than the already set swap memory limit, - you should update swap memory limit at the same time. If you don't set swap memory - limit on docker create/run but only memory limit, the swap memory is double - the memory limit. - -**--memory-reservation**="" - Memory soft limit (format: [], where unit = b, k, m or g) - -**--memory-swap**="" - Total memory limit (memory + swap) - -**--restart**="" - Restart policy to apply when a container exits (no, on-failure[:max-retry], always, unless-stopped). - -# EXAMPLES - -The following sections illustrate ways to use this command. - -### Update a container's cpu-shares - -To limit a container's cpu-shares to 512, first identify the container -name or ID. You can use **docker ps** to find these values. You can also -use the ID returned from the **docker run** command. Then, do the following: - -```bash -$ docker update --cpu-shares 512 abebf7571666 -``` - -### Update a container with cpu-shares and memory - -To update multiple resource configurations for multiple containers: - -```bash -$ docker update --cpu-shares 512 -m 300M abebf7571666 hopeful_morse -``` - -### Update a container's kernel memory constraints - -You can update a container's kernel memory limit using the **--kernel-memory** -option. On kernel version older than 4.6, this option can be updated on a -running container only if the container was started with **--kernel-memory**. -If the container was started *without* **--kernel-memory** you need to stop -the container before updating kernel memory. - -For example, if you started a container with this command: - -```bash -$ docker run -dit --name test --kernel-memory 50M ubuntu bash -``` - -You can update kernel memory while the container is running: - -```bash -$ docker update --kernel-memory 80M test -``` - -If you started a container *without* kernel memory initialized: - -```bash -$ docker run -dit --name test2 --memory 300M ubuntu bash -``` - -Update kernel memory of running container `test2` will fail. You need to stop -the container before updating the **--kernel-memory** setting. The next time you -start it, the container uses the new value. - -Kernel version newer than (include) 4.6 does not have this limitation, you -can use `--kernel-memory` the same way as other options. - -### Update a container's restart policy - -You can change a container's restart policy on a running container. The new -restart policy takes effect instantly after you run `docker update` on a -container. - -To update restart policy for one or more containers: - -```bash -$ docker update --restart=on-failure:3 abebf7571666 hopeful_morse -``` - -Note that if the container is started with "--rm" flag, you cannot update the restart -policy for it. The `AutoRemove` and `RestartPolicy` are mutually exclusive for the -container. diff --git a/docker-wait.1.md b/docker-wait.1.md deleted file mode 100644 index 678800966b42..000000000000 --- a/docker-wait.1.md +++ /dev/null @@ -1,30 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-wait - Block until one or more containers stop, then print their exit codes - -# SYNOPSIS -**docker wait** -[**--help**] -CONTAINER [CONTAINER...] - -# DESCRIPTION - -Block until one or more containers stop, then print their exit codes. - -# OPTIONS -**--help** - Print usage statement - -# EXAMPLES - - $ docker run -d fedora sleep 99 - 079b83f558a2bc52ecad6b2a5de13622d584e6bb1aea058c11b36511e85e7622 - $ docker wait 079b83f558a2bc - 0 - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit diff --git a/generate.go b/generate.go index f21614d94a0b..1516158f7ccd 100644 --- a/generate.go +++ b/generate.go @@ -2,16 +2,22 @@ package main import ( "fmt" + "io/ioutil" + "log" "os" + "path/filepath" "github.com/docker/docker/cli/command" "github.com/docker/docker/cli/command/commands" "github.com/docker/docker/pkg/term" "github.com/spf13/cobra" "github.com/spf13/cobra/doc" + "github.com/spf13/pflag" ) -func generateManPages(path string) error { +const descriptionSourcePath = "man/src/" + +func generateManPages(opts *options) error { header := &doc.GenManHeader{ Title: "DOCKER", Section: "1", @@ -22,22 +28,67 @@ func generateManPages(path string) error { dockerCli := command.NewDockerCli(stdin, stdout, stderr) cmd := &cobra.Command{Use: "docker"} commands.AddCommands(cmd, dockerCli) + source := filepath.Join(opts.source, descriptionSourcePath) + if err := loadLongDescription(cmd, source); err != nil { + return err + } cmd.DisableAutoGenTag = true return doc.GenManTreeFromOpts(cmd, doc.GenManTreeOptions{ Header: header, - Path: path, + Path: opts.target, CommandSeparator: "-", }) } +func loadLongDescription(cmd *cobra.Command, path string) error { + for _, cmd := range cmd.Commands() { + if cmd.Name() == "" { + continue + } + fullpath := filepath.Join(path, cmd.Name()+".md") + + if cmd.HasSubCommands() { + loadLongDescription(cmd, filepath.Join(path, cmd.Name())) + } + + if _, err := os.Stat(fullpath); err != nil { + log.Printf("WARN: %s does not exist, skipping\n", fullpath) + continue + } + + content, err := ioutil.ReadFile(fullpath) + if err != nil { + return err + } + cmd.Long = string(content) + } + return nil +} + +type options struct { + source string + target string +} + +func parseArgs() (*options, error) { + opts := &options{} + cwd, _ := os.Getwd() + flags := pflag.NewFlagSet(os.Args[0], pflag.ContinueOnError) + flags.StringVar(&opts.source, "root", cwd, "Path to project root") + flags.StringVar(&opts.target, "target", "/tmp", "Target path for generated man pages") + err := flags.Parse(os.Args[1:]) + return opts, err +} + func main() { - path := "/tmp" - if len(os.Args) > 1 { - path = os.Args[1] + opts, err := parseArgs() + if err != nil { + fmt.Fprintln(os.Stderr, err.Error()) } - fmt.Printf("Generating man pages into %s\n", path) - if err := generateManPages(path); err != nil { + fmt.Printf("Project root: %s\n", opts.source) + fmt.Printf("Generating man pages into %s\n", opts.target) + if err := generateManPages(opts); err != nil { fmt.Fprintf(os.Stderr, "Failed to generate man pages: %s\n", err.Error()) } } diff --git a/generate.sh b/generate.sh index e4126ba4ac0d..c97edb440ded 100755 --- a/generate.sh +++ b/generate.sh @@ -9,7 +9,7 @@ mkdir -p ./man/man1 # Generate man pages from cobra commands go build -o /tmp/gen-manpages ./man -/tmp/gen-manpages ./man/man1 +/tmp/gen-manpages --root . --target ./man/man1 # Generate legacy pages from markdown ./man/md2man-all.sh -q diff --git a/src/attach.md b/src/attach.md new file mode 100644 index 000000000000..ff1102e104b6 --- /dev/null +++ b/src/attach.md @@ -0,0 +1,2 @@ + +Alias for `docker container attach`. diff --git a/src/commit.md b/src/commit.md new file mode 100644 index 000000000000..3deb25bb5572 --- /dev/null +++ b/src/commit.md @@ -0,0 +1 @@ +Alias for `docker container commit`. diff --git a/docker-attach.1.md b/src/container/attach.md similarity index 76% rename from docker-attach.1.md rename to src/container/attach.md index c39d1c9290ee..fff713bcf0b4 100644 --- a/docker-attach.1.md +++ b/src/container/attach.md @@ -1,18 +1,3 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-attach - Attach to a running container - -# SYNOPSIS -**docker attach** -[**--detach-keys**[=*[]*]] -[**--help**] -[**--no-stdin**] -[**--sig-proxy**[=*true*]] -CONTAINER - -# DESCRIPTION The **docker attach** command allows you to attach to a running container using the container's ID or name, either to view its ongoing output or to control it interactively. You can attach to the same contained process multiple times @@ -28,19 +13,6 @@ file. See **config-json(5)** for documentation on using a configuration file. It is forbidden to redirect the standard input of a `docker attach` command while attaching to a tty-enabled container (i.e.: launched with `-t`). -# OPTIONS -**--detach-keys**="" - Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-` where `` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. - -**--help** - Print usage statement - -**--no-stdin**=*true*|*false* - Do not attach STDIN. The default is *false*. - -**--sig-proxy**=*true*|*false* - Proxy all received signals to the process (non-TTY mode only). SIGCHLD, SIGKILL, and SIGSTOP are not proxied. The default is *true*. - # Override the detach sequence If you want, you can configure an override the Docker key sequence for detach. @@ -92,8 +64,3 @@ attach** command: PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit diff --git a/src/container/commit.md b/src/container/commit.md new file mode 100644 index 000000000000..6d619baed85f --- /dev/null +++ b/src/container/commit.md @@ -0,0 +1,30 @@ +Create a new image from an existing container specified by name or +container ID. The new image will contain the contents of the +container filesystem, *excluding* any data volumes. Refer to **docker-tag(1)** +for more information about valid image and tag names. + +While the `docker commit` command is a convenient way of extending an +existing image, you should prefer the use of a Dockerfile and `docker +build` for generating images that you intend to share with other +people. + +# EXAMPLES + +## Creating a new image from an existing container +An existing Fedora based container has had Apache installed while running +in interactive mode with the bash shell. Apache is also running. To +create a new image run `docker ps` to find the container's ID and then run: + + # docker commit -m="Added Apache to Fedora base image" \ + -a="A D Ministrator" 98bd7fc99854 fedora/fedora_httpd:20 + +Note that only a-z0-9-_. are allowed when naming images from an +existing container. + +## Apply specified Dockerfile instructions while committing the image +If an existing container was created without the DEBUG environment +variable set to "true", you can create a new image based on that +container by first getting the container's ID with `docker ps` and +then running: + + # docker container commit -c="ENV DEBUG true" 98bd7fc99854 debug-image diff --git a/docker-cp.1.md b/src/container/cp.md similarity index 81% rename from docker-cp.1.md rename to src/container/cp.md index 949d60bb8b0c..29b3c0ef2e4e 100644 --- a/docker-cp.1.md +++ b/src/container/cp.md @@ -1,42 +1,25 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-cp - Copy files/folders between a container and the local filesystem. - -# SYNOPSIS -**docker cp** -[**--help**] -CONTAINER:SRC_PATH DEST_PATH|- - -**docker cp** -[**--help**] -SRC_PATH|- CONTAINER:DEST_PATH - -# DESCRIPTION - -The `docker cp` utility copies the contents of `SRC_PATH` to the `DEST_PATH`. +The `docker container cp` utility copies the contents of `SRC_PATH` to the `DEST_PATH`. You can copy from the container's file system to the local machine or the reverse, from the local filesystem to the container. If `-` is specified for either the `SRC_PATH` or `DEST_PATH`, you can also stream a tar archive from `STDIN` or to `STDOUT`. The `CONTAINER` can be a running or stopped container. The `SRC_PATH` or `DEST_PATH` can be a file or directory. -The `docker cp` command assumes container paths are relative to the container's +The `docker container cp` command assumes container paths are relative to the container's `/` (root) directory. This means supplying the initial forward slash is optional; The command sees `compassionate_darwin:/tmp/foo/myfile.txt` and `compassionate_darwin:tmp/foo/myfile.txt` as identical. Local machine paths can be an absolute or relative value. The command interprets a local machine's -relative paths as relative to the current working directory where `docker cp` is +relative paths as relative to the current working directory where `docker container cp` is run. The `cp` command behaves like the Unix `cp -a` command in that directories are copied recursively with permissions preserved if possible. Ownership is set to the user and primary group at the destination. For example, files copied to a container are created with `UID:GID` of the root user. Files copied to the local -machine are created with the `UID:GID` of the user which invoked the `docker cp` -command. If you specify the `-L` option, `docker cp` follows any symbolic link -in the `SRC_PATH`. `docker cp` does *not* create parent directories for +machine are created with the `UID:GID` of the user which invoked the `docker container cp` +command. If you specify the `-L` option, `docker container cp` follows any symbolic link +in the `SRC_PATH`. `docker container cp` does *not* create parent directories for `DEST_PATH` if they do not exist. Assuming a path separator of `/`, a first argument of `SRC_PATH` and second @@ -94,13 +77,6 @@ The command extracts the content of the tar to the `DEST_PATH` in container's filesystem. In this case, `DEST_PATH` must specify a directory. Using `-` as the `DEST_PATH` streams the contents of the resource as a tar archive to `STDOUT`. -# OPTIONS -**-L**, **--follow-link**=*true*|*false* - Follow symbol link in SRC_PATH - -**--help** - Print usage statement - # EXAMPLES Suppose a container has finished producing some output as a file it saves @@ -109,28 +85,28 @@ some other computation. You can copy these outputs from the container to a location on your local host. If you want to copy the `/tmp/foo` directory from a container to the -existing `/tmp` directory on your host. If you run `docker cp` in your `~` +existing `/tmp` directory on your host. If you run `docker container cp` in your `~` (home) directory on the local host: - $ docker cp compassionate_darwin:tmp/foo /tmp + $ docker container cp compassionate_darwin:tmp/foo /tmp Docker creates a `/tmp/foo` directory on your host. Alternatively, you can omit the leading slash in the command. If you execute this command from your home directory: - $ docker cp compassionate_darwin:tmp/foo tmp + $ docker container cp compassionate_darwin:tmp/foo tmp If `~/tmp` does not exist, Docker will create it and copy the contents of `/tmp/foo` from the container into this new directory. If `~/tmp` already exists as a directory, then Docker will copy the contents of `/tmp/foo` from the container into a directory at `~/tmp/foo`. -When copying a single file to an existing `LOCALPATH`, the `docker cp` command +When copying a single file to an existing `LOCALPATH`, the `docker container cp` command will either overwrite the contents of `LOCALPATH` if it is a file or place it into `LOCALPATH` if it is a directory, overwriting an existing file of the same name if one exists. For example, this command: - $ docker cp sharp_ptolemy:/tmp/foo/myfile.txt /test + $ docker container cp sharp_ptolemy:/tmp/foo/myfile.txt /test If `/test` does not exist on the local machine, it will be created as a file with the contents of `/tmp/foo/myfile.txt` from the container. If `/test` @@ -147,12 +123,12 @@ If you have a file, `config.yml`, in the current directory on your local host and wish to copy it to an existing directory at `/etc/my-app.d` in a container, this command can be used: - $ docker cp config.yml myappcontainer:/etc/my-app.d + $ docker container cp config.yml myappcontainer:/etc/my-app.d If you have several files in a local directory `/config` which you need to copy to a directory `/etc/my-app.d` in a container: - $ docker cp /config/. myappcontainer:/etc/my-app.d + $ docker container cp /config/. myappcontainer:/etc/my-app.d The above command will copy the contents of the local `/config` directory into the directory `/etc/my-app.d` in the container. @@ -162,14 +138,8 @@ want to copy the linked target and not the link itself. To copy the target, use the `-L` option, for example: $ ln -s /tmp/somefile /tmp/somefile.ln - $ docker cp -L /tmp/somefile.ln myappcontainer:/tmp/ + $ docker container cp -L /tmp/somefile.ln myappcontainer:/tmp/ This command copies content of the local `/tmp/somefile` into the file `/tmp/somefile.ln` in the container. Without `-L` option, the `/tmp/somefile.ln` preserves its symbolic link but not its content. - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -May 2015, updated by Josh Hawn diff --git a/src/container/create.md b/src/container/create.md new file mode 100644 index 000000000000..eeeda373eb04 --- /dev/null +++ b/src/container/create.md @@ -0,0 +1,99 @@ +Creates a writeable container layer over the specified image and prepares it for +running the specified command. The container ID is then printed to STDOUT. This +is similar to **docker run -d** except the container is never started. You can +then use the **docker start ** command to start the container at +any point. + +The initial status of the container created with **docker create** is 'created'. + +# OPTIONS + +The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The `HOST-DIR` +can be an absolute path or a `name` value. A `name` value must start with an +alphanumeric character, followed by `a-z0-9`, `_` (underscore), `.` (period) or +`-` (hyphen). An absolute path starts with a `/` (forward slash). + +If you supply a `HOST-DIR` that is an absolute path, Docker bind-mounts to the +path you specify. If you supply a `name`, Docker creates a named volume by that +`name`. For example, you can specify either `/foo` or `foo` for a `HOST-DIR` +value. If you supply the `/foo` value, Docker creates a bind-mount. If you +supply the `foo` specification, Docker creates a named volume. + +You can specify multiple **-v** options to mount one or more mounts to a +container. To use these same mounts in other containers, specify the +**--volumes-from** option also. + +You can add `:ro` or `:rw` suffix to a volume to mount it read-only or +read-write mode, respectively. By default, the volumes are mounted read-write. +See examples. + +Labeling systems like SELinux require that proper labels are placed on volume +content mounted into a container. Without a label, the security system might +prevent the processes running inside the container from using the content. By +default, Docker does not change the labels set by the OS. + +To change a label in the container context, you can add either of two suffixes +`:z` or `:Z` to the volume mount. These suffixes tell Docker to relabel file +objects on the shared volumes. The `z` option tells Docker that two containers +share the volume content. As a result, Docker labels the content with a shared +content label. Shared volume labels allow all containers to read/write content. +The `Z` option tells Docker to label the content with a private unshared label. +Only the current container can use a private volume. + +By default bind mounted volumes are `private`. That means any mounts done +inside container will not be visible on host and vice-a-versa. One can change +this behavior by specifying a volume mount propagation property. Making a +volume `shared` mounts done under that volume inside container will be +visible on host and vice-a-versa. Making a volume `slave` enables only one +way mount propagation and that is mounts done on host under that volume +will be visible inside container but not the other way around. + +To control mount propagation property of volume one can use `:[r]shared`, +`:[r]slave` or `:[r]private` propagation flag. Propagation property can +be specified only for bind mounted volumes and not for internal volumes or +named volumes. For mount propagation to work source mount point (mount point +where source dir is mounted on) has to have right propagation properties. For +shared volumes, source mount point has to be shared. And for slave volumes, +source mount has to be either shared or slave. + +Use `df ` to figure out the source mount and then use +`findmnt -o TARGET,PROPAGATION ` to figure out propagation +properties of source mount. If `findmnt` utility is not available, then one +can look at mount entry for source mount point in `/proc/self/mountinfo`. Look +at `optional fields` and see if any propagaion properties are specified. +`shared:X` means mount is `shared`, `master:X` means mount is `slave` and if +nothing is there that means mount is `private`. + +To change propagation properties of a mount point use `mount` command. For +example, if one wants to bind mount source directory `/foo` one can do +`mount --bind /foo /foo` and `mount --make-private --make-shared /foo`. This +will convert /foo into a `shared` mount point. Alternatively one can directly +change propagation properties of source mount. Say `/` is source mount for +`/foo`, then use `mount --make-shared /` to convert `/` into a `shared` mount. + +> **Note**: +> When using systemd to manage the Docker daemon's start and stop, in the systemd +> unit file there is an option to control mount propagation for the Docker daemon +> itself, called `MountFlags`. The value of this setting may cause Docker to not +> see mount propagation changes made on the mount point. For example, if this value +> is `slave`, you may not be able to use the `shared` or `rshared` propagation on +> a volume. + + +To disable automatic copying of data from the container path to the volume, use +the `nocopy` flag. The `nocopy` flag can be set on bind mounts and named volumes. + +# EXAMPLES + +## Specify isolation technology for container (--isolation) + +This option is useful in situations where you are running Docker containers on +Windows. The `--isolation=` option sets a container's isolation +technology. On Linux, the only supported is the `default` option which uses +Linux namespaces. On Microsoft Windows, you can specify these values: + +* `default`: Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value. +* `process`: Namespace isolation only. +* `hyperv`: Hyper-V hypervisor partition-based isolation. + +Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`. diff --git a/docker-diff.1.md b/src/container/diff.md similarity index 66% rename from docker-diff.1.md rename to src/container/diff.md index 3342ad1af594..eb485e364ed1 100644 --- a/docker-diff.1.md +++ b/src/container/diff.md @@ -1,15 +1,3 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-diff - Inspect changes to files or directories on a container's filesystem - -# SYNOPSIS -**docker diff** -[**--help**] -CONTAINER - -# DESCRIPTION List the changed files and directories in a container᾿s filesystem since the container was created. Three different types of change are tracked: @@ -22,10 +10,6 @@ container was created. Three different types of change are tracked: You can use the full or shortened container ID or the container name set using **docker run --name** option. -# OPTIONS -**--help** - Print usage statement - # EXAMPLES Inspect the changes to an `nginx` container: @@ -53,9 +37,3 @@ C /var/log/nginx A /var/log/nginx/access.log A /var/log/nginx/error.log ``` - - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit diff --git a/src/container/exec.md b/src/container/exec.md new file mode 100644 index 000000000000..033db426b824 --- /dev/null +++ b/src/container/exec.md @@ -0,0 +1,25 @@ +Run a process in a running container. + +The command started using `docker exec` will only run while the container's primary +process (`PID 1`) is running, and will not be restarted if the container is restarted. + +If the container is paused, then the `docker exec` command will wait until the +container is unpaused, and then run + +# CAPABILITIES + +`privileged` gives the process extended +[Linux capabilities](http://man7.org/linux/man-pages/man7/capabilities.7.html) +when running in a container. + +Without this flag, the process run by `docker exec` in a running container has +the same capabilities as the container, which may be limited. Set +`--privileged` to give all capabilities to the process. + +# USER +`user` sets the username or UID used and optionally the groupname or GID for the specified command. + + The followings examples are all valid: + --user [user | user:group | uid | uid:gid | user:gid | uid:group ] + + Without this argument the command will be run as root in the container. diff --git a/docker-export.1.md b/src/container/export.md similarity index 52% rename from docker-export.1.md rename to src/container/export.md index 3d59e4788ed1..8c9a95a36e9f 100644 --- a/docker-export.1.md +++ b/src/container/export.md @@ -1,29 +1,9 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-export - Export the contents of a container's filesystem as a tar archive - -# SYNOPSIS -**docker export** -[**--help**] -[**-o**|**--output**[=*""*]] -CONTAINER - -# DESCRIPTION Export the contents of a container's filesystem using the full or shortened container ID or container name. The output is exported to STDOUT and can be redirected to a tar file. Stream to a file instead of STDOUT by using **-o**. -# OPTIONS -**--help** - Print usage statement - -**-o**, **--output**="" - Write to a file, instead of STDOUT - # EXAMPLES Export the contents of the container called angry_bell to a tar file called angry_bell.tar: @@ -38,9 +18,3 @@ called angry_bell.tar: # See also **docker-import(1)** to create an empty filesystem image and import the contents of the tarball into it, then optionally tag it. - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -January 2015, updated by Joseph Kern (josephakern at gmail dot com) diff --git a/src/container/kill.md b/src/container/kill.md new file mode 100644 index 000000000000..b8b94e528cfa --- /dev/null +++ b/src/container/kill.md @@ -0,0 +1,2 @@ +The main process inside each container specified will be sent SIGKILL, + or any signal specified with option --signal. diff --git a/src/container/logs.md b/src/container/logs.md new file mode 100644 index 000000000000..c053f85758dc --- /dev/null +++ b/src/container/logs.md @@ -0,0 +1,28 @@ +The **docker container logs** command batch-retrieves whatever logs are present for +a container at the time of execution. This does not guarantee execution +order when combined with a docker run (i.e., your run may not have generated +any logs at the time you execute docker container logs). + +The **docker container logs --follow** command combines commands **docker container logs** and +**docker attach**. It will first return all logs from the beginning and +then continue streaming new output from the container's stdout and stderr. + +**Warning**: This command works only for the **json-file** or **journald** +logging drivers. + +The `--since` option can be Unix timestamps, date formatted timestamps, or Go +duration strings (e.g. `10m`, `1h30m`) computed relative to the client machine's +time. Supported formats for date formatted time stamps include RFC3339Nano, +RFC3339, `2006-01-02T15:04:05`, `2006-01-02T15:04:05.999999999`, +`2006-01-02Z07:00`, and `2006-01-02`. The local timezone on the client will be +used if you do not provide either a `Z` or a `+-00:00` timezone offset at the +end of the timestamp. When providing Unix timestamps enter +seconds[.nanoseconds], where seconds is the number of seconds that have elapsed +since January 1, 1970 (midnight UTC/GMT), not counting leap seconds (aka Unix +epoch or Unix time), and the optional .nanoseconds field is a fraction of a +second no more than nine digits long. You can combine the `--since` option with +either or both of the `--follow` or `--tail` options. + +The `docker container logs --details` command will add on extra attributes, such as +environment variables and labels, provided to `--log-opt` when creating the +container. diff --git a/docker-ps.1.md b/src/container/ls.md similarity index 63% rename from docker-ps.1.md rename to src/container/ls.md index d9aa39f8fdbf..193ebd96c473 100644 --- a/docker-ps.1.md +++ b/src/container/ls.md @@ -1,32 +1,9 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% FEBRUARY 2015 -# NAME -docker-ps - List containers - -# SYNOPSIS -**docker ps** -[**-a**|**--all**] -[**-f**|**--filter**[=*[]*]] -[**--format**=*"TEMPLATE"*] -[**--help**] -[**-l**|**--latest**] -[**-n**[=*-1*]] -[**--no-trunc**] -[**-q**|**--quiet**] -[**-s**|**--size**] - -# DESCRIPTION - List the containers in the local repository. By default this shows only the running containers. -# OPTIONS -**-a**, **--all**=*true*|*false* - Show all containers. Only running containers are shown by default. The default is *false*. +## Filters -**-f**, **--filter**=[] - Filter output based on these conditions: +Filter output based on these conditions: - exited= an exit code of - label= or label== - status=(created|restarting|running|paused|exited|dead) @@ -40,7 +17,8 @@ the running containers. - network=(|) - containers connected to the provided network - health=(starting|healthy|unhealthy|none) - filters containers based on healthcheck status -**--format**="*TEMPLATE*" +## Format + Pretty-print containers using a Go template. Valid placeholders: .ID - Container ID @@ -56,28 +34,10 @@ the running containers. .Label - Value of a specific label for this container. For example `{{.Label "com.docker.swarm.cpu"}}` .Mounts - Names of the volumes mounted in this container. -**--help** - Print usage statement - -**-l**, **--latest**=*true*|*false* - Show only the latest created container (includes all states). The default is *false*. - -**-n**=*-1* - Show n last created containers (includes all states). - -**--no-trunc**=*true*|*false* - Don't truncate output. The default is *false*. - -**-q**, **--quiet**=*true*|*false* - Only display numeric IDs. The default is *false*. - -**-s**, **--size**=*true*|*false* - Display total file sizes. The default is *false*. - # EXAMPLES # Display all containers, including non-running - # docker ps -a + # docker container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES a87ecb4f327c fedora:20 /bin/sh -c #(nop) MA 20 minutes ago Exit 0 desperate_brattain 01946d9d34d8 vpavlin/rhel7:latest /bin/sh -c #(nop) MA 33 minutes ago Exit 0 thirsty_bell @@ -86,7 +46,7 @@ the running containers. # Display only IDs of all containers, including non-running - # docker ps -a -q + # docker container ls -a -q a87ecb4f327c 01946d9d34d8 c1d3b0166030 @@ -94,12 +54,12 @@ the running containers. # Display only IDs of all containers that have the name `determined_torvalds` - # docker ps -a -q --filter=name=determined_torvalds + # docker container ls -a -q --filter=name=determined_torvalds c1d3b0166030 # Display containers with their commands - # docker ps --format "{{.ID}}: {{.Command}}" + # docker container ls --format "{{.ID}}: {{.Command}}" a87ecb4f327c: /bin/sh -c #(nop) MA 01946d9d34d8: /bin/sh -c #(nop) MA c1d3b0166030: /bin/sh -c yum -y up @@ -107,7 +67,7 @@ the running containers. # Display containers with their labels in a table - # docker ps --format "table {{.ID}}\t{{.Labels}}" + # docker container ls --format "table {{.ID}}\t{{.Labels}}" CONTAINER ID LABELS a87ecb4f327c com.docker.swarm.node=ubuntu,com.docker.swarm.storage=ssd 01946d9d34d8 @@ -116,7 +76,7 @@ the running containers. # Display containers with their node label in a table - # docker ps --format 'table {{.ID}}\t{{(.Label "com.docker.swarm.node")}}' + # docker container ls --format 'table {{.ID}}\t{{(.Label "com.docker.swarm.node")}}' CONTAINER ID NODE a87ecb4f327c ubuntu 01946d9d34d8 @@ -125,21 +85,12 @@ the running containers. # Display containers with `remote-volume` mounted - $ docker ps --filter volume=remote-volume --format "table {{.ID}}\t{{.Mounts}}" + $ docker container ls --filter volume=remote-volume --format "table {{.ID}}\t{{.Mounts}}" CONTAINER ID MOUNTS 9c3527ed70ce remote-volume # Display containers with a volume mounted in `/data` - $ docker ps --filter volume=/data --format "table {{.ID}}\t{{.Mounts}}" + $ docker container ls --filter volume=/data --format "table {{.ID}}\t{{.Mounts}}" CONTAINER ID MOUNTS 9c3527ed70ce remote-volume - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -August 2014, updated by Sven Dowideit -November 2014, updated by Sven Dowideit -February 2015, updated by André Martins -October 2016, updated by Josh Horwitz diff --git a/src/container/pause.md b/src/container/pause.md new file mode 100644 index 000000000000..09ea5b93d204 --- /dev/null +++ b/src/container/pause.md @@ -0,0 +1,12 @@ +The `docker container pause` command suspends all processes in the specified containers. +On Linux, this uses the cgroups freezer. Traditionally, when suspending a process +the `SIGSTOP` signal is used, which is observable by the process being suspended. +With the cgroups freezer the process is unaware, and unable to capture, +that it is being suspended, and subsequently resumed. On Windows, only Hyper-V +containers can be paused. + +See the [cgroups freezer documentation] +(https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt) for +further details. + +**docker-container-unpause(1)** to unpause all processes within a container. diff --git a/docker-port.1.md b/src/container/port.md similarity index 53% rename from docker-port.1.md rename to src/container/port.md index 83e9cf93b698..264f43e613e4 100644 --- a/docker-port.1.md +++ b/src/container/port.md @@ -1,21 +1,5 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-port - List port mappings for the CONTAINER, or lookup the public-facing port that is NAT-ed to the PRIVATE_PORT - -# SYNOPSIS -**docker port** -[**--help**] -CONTAINER [PRIVATE_PORT[/PROTO]] - -# DESCRIPTION List port mappings for the CONTAINER, or lookup the public-facing port that is NAT-ed to the PRIVATE_PORT -# OPTIONS -**--help** - Print usage statement - # EXAMPLES # docker ps @@ -24,24 +8,19 @@ List port mappings for the CONTAINER, or lookup the public-facing port that is N ## Find out all the ports mapped - # docker port test + # docker container port test 7890/tcp -> 0.0.0.0:4321 9876/tcp -> 0.0.0.0:1234 ## Find out a specific mapping - # docker port test 7890/tcp + # docker container port test 7890/tcp 0.0.0.0:4321 - # docker port test 7890 + # docker container port test 7890 0.0.0.0:4321 ## An example showing error for non-existent mapping - # docker port test 7890/udp + # docker container port test 7890/udp 2014/06/24 11:53:36 Error: No public port '7890/udp' published for test - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -June 2014, updated by Sven Dowideit -November 2014, updated by Sven Dowideit diff --git a/src/container/rename.md b/src/container/rename.md new file mode 100644 index 000000000000..e6f49a0ebdb2 --- /dev/null +++ b/src/container/rename.md @@ -0,0 +1 @@ +Rename a container. Container may be running, paused or stopped. diff --git a/src/container/restart.md b/src/container/restart.md new file mode 100644 index 000000000000..66ef6688ea90 --- /dev/null +++ b/src/container/restart.md @@ -0,0 +1 @@ +Restart each container listed. diff --git a/src/container/rm.md b/src/container/rm.md new file mode 100644 index 000000000000..561f0e9135d4 --- /dev/null +++ b/src/container/rm.md @@ -0,0 +1,37 @@ +**docker container rm** will remove one or more containers from the host node. The +container name or ID can be used. This does not remove images. You cannot +remove a running container unless you use the **-f** option. To see all +containers on a host use the **docker container ls -a** command. + +# EXAMPLES + +## Removing a container using its ID + +To remove a container using its ID, find either from a **docker ps -a** +command, or use the ID returned from the **docker run** command, or retrieve +it from a file used to store it using the **docker run --cidfile**: + + docker container rm abebf7571666 + +## Removing a container using the container name + +The name of the container can be found using the **docker ps -a** +command. The use that name as follows: + + docker container rm hopeful_morse + +## Removing a container and all associated volumes + + $ docker container rm -v redis + redis + +This command will remove the container and any volumes associated with it. +Note that if a volume was specified with a name, it will not be removed. + + $ docker create -v awesome:/foo -v /bar --name hello redis + hello + $ docker container rm -v hello + +In this example, the volume for `/foo` will remain in tact, but the volume for +`/bar` will be removed. The same behavior holds for volumes inherited with +`--volumes-from`. diff --git a/src/container/run.md b/src/container/run.md new file mode 100644 index 000000000000..5e20273e68ba --- /dev/null +++ b/src/container/run.md @@ -0,0 +1 @@ +Alias for `docker run`. diff --git a/src/container/start.md b/src/container/start.md new file mode 100644 index 000000000000..48d8592c6181 --- /dev/null +++ b/src/container/start.md @@ -0,0 +1 @@ +Start one or more containers. diff --git a/docker-stats.1.md b/src/container/stats.md similarity index 61% rename from docker-stats.1.md rename to src/container/stats.md index 0f022cd412bf..2904482e86c5 100644 --- a/docker-stats.1.md +++ b/src/container/stats.md @@ -1,32 +1,7 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-stats - Display a live stream of one or more containers' resource usage statistics - -# SYNOPSIS -**docker stats** -[**-a**|**--all**] -[**--help**] -[**--no-stream**] -[**--format[="*TEMPLATE*"]**] -[CONTAINER...] - -# DESCRIPTION - Display a live stream of one or more containers' resource usage statistics -# OPTIONS -**-a**, **--all**=*true*|*false* - Show all containers. Only running containers are shown by default. The default is *false*. - -**--help** - Print usage statement - -**--no-stream**=*true*|*false* - Disable streaming stats and only pull the first result, default setting is false. +# Format -**--format**="*TEMPLATE*" Pretty-print containers statistics using a Go template. Valid placeholders: .Container - Container name or ID. @@ -41,17 +16,17 @@ Display a live stream of one or more containers' resource usage statistics # EXAMPLES -Running `docker stats` on all running containers +Running `docker container stats` on all running containers - $ docker stats + $ docker container stats CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O 1285939c1fd3 0.07% 796 KiB / 64 MiB 1.21% 788 B / 648 B 3.568 MB / 512 KB 9c76f7834ae2 0.07% 2.746 MiB / 64 MiB 4.29% 1.266 KB / 648 B 12.4 MB / 0 B d1ea048f04e4 0.03% 4.583 MiB / 64 MiB 6.30% 2.854 KB / 648 B 27.7 MB / 0 B -Running `docker stats` on multiple containers by name and id. +Running `docker container stats` on multiple containers by name and id. - $ docker stats fervent_panini 5acfcb1b4fd1 + $ docker container stats fervent_panini 5acfcb1b4fd1 CONTAINER CPU % MEM USAGE/LIMIT MEM % NET I/O 5acfcb1b4fd1 0.00% 115.2 MiB/1.045 GiB 11.03% 1.422 kB/648 B fervent_panini 0.02% 11.08 MiB/1.045 GiB 1.06% 648 B/648 B diff --git a/src/container/stop.md b/src/container/stop.md new file mode 100644 index 000000000000..e3142481b872 --- /dev/null +++ b/src/container/stop.md @@ -0,0 +1 @@ +Stop a container (Send SIGTERM, and then SIGKILL after grace period) diff --git a/src/container/top.md b/src/container/top.md new file mode 100644 index 000000000000..5524494194cd --- /dev/null +++ b/src/container/top.md @@ -0,0 +1,11 @@ +Display the running process of the container. ps-OPTION can be any of the options you would pass to a Linux ps command. + +All displayed information is from host's point of view. + +# EXAMPLES + +Run **docker container top** with the ps option of -x: + + $ docker top 8601afda2b -x + PID TTY STAT TIME COMMAND + 16623 ? Ss 0:00 sleep 99999 diff --git a/src/container/unpause.md b/src/container/unpause.md new file mode 100644 index 000000000000..d318bb2b6a30 --- /dev/null +++ b/src/container/unpause.md @@ -0,0 +1,6 @@ +The `docker container unpause` command un-suspends all processes in a container. +On Linux, it does this using the cgroups freezer. + +See the [cgroups freezer documentation] +(https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) for +further details. diff --git a/src/container/update.md b/src/container/update.md new file mode 100644 index 000000000000..26ee4e321687 --- /dev/null +++ b/src/container/update.md @@ -0,0 +1,102 @@ +The **docker container update** command dynamically updates container configuration. +You can use this command to prevent containers from consuming too many +resources from their Docker host. With a single command, you can place +limits on a single container or on many. To specify more than one container, +provide space-separated list of container names or IDs. + +With the exception of the **--kernel-memory** option, you can specify these +options on a running or a stopped container. On kernel version older than +4.6, You can only update **--kernel-memory** on a stopped container or on +a running container with kernel memory initialized. + +# OPTIONS + +## kernel-memory + +Kernel memory limit (format: `[]`, where unit = b, k, m or g) + +Note that on kernel version older than 4.6, you can not update kernel memory on +a running container if the container is started without kernel memory initialized, +in this case, it can only be updated after it's stopped. The new setting takes +effect when the container is started. + +## memory + +Memory limit (format: , where unit = b, k, m or g) + +Note that the memory should be smaller than the already set swap memory limit. +If you want update a memory limit bigger than the already set swap memory limit, +you should update swap memory limit at the same time. If you don't set swap memory +limit on docker create/run but only memory limit, the swap memory is double +the memory limit. + +# EXAMPLES + +The following sections illustrate ways to use this command. + +### Update a container's cpu-shares + +To limit a container's cpu-shares to 512, first identify the container +name or ID. You can use **docker ps** to find these values. You can also +use the ID returned from the **docker run** command. Then, do the following: + +```bash +$ docker container update --cpu-shares 512 abebf7571666 +``` + +### Update a container with cpu-shares and memory + +To update multiple resource configurations for multiple containers: + +```bash +$ docker container update --cpu-shares 512 -m 300M abebf7571666 hopeful_morse +``` + +### Update a container's kernel memory constraints + +You can update a container's kernel memory limit using the **--kernel-memory** +option. On kernel version older than 4.6, this option can be updated on a +running container only if the container was started with **--kernel-memory**. +If the container was started *without* **--kernel-memory** you need to stop +the container before updating kernel memory. + +For example, if you started a container with this command: + +```bash +$ docker run -dit --name test --kernel-memory 50M ubuntu bash +``` + +You can update kernel memory while the container is running: + +```bash +$ docker container update --kernel-memory 80M test +``` + +If you started a container *without* kernel memory initialized: + +```bash +$ docker run -dit --name test2 --memory 300M ubuntu bash +``` + +Update kernel memory of running container `test2` will fail. You need to stop +the container before updating the **--kernel-memory** setting. The next time you +start it, the container uses the new value. + +Kernel version newer than (include) 4.6 does not have this limitation, you +can use `--kernel-memory` the same way as other options. + +### Update a container's restart policy + +You can change a container's restart policy on a running container. The new +restart policy takes effect instantly after you run `docker container update` on a +container. + +To update restart policy for one or more containers: + +```bash +$ docker container update --restart=on-failure:3 abebf7571666 hopeful_morse +``` + +Note that if the container is started with "--rm" flag, you cannot update the restart +policy for it. The `AutoRemove` and `RestartPolicy` are mutually exclusive for the +container. diff --git a/src/container/wait.md b/src/container/wait.md new file mode 100644 index 000000000000..63dcc5a48d98 --- /dev/null +++ b/src/container/wait.md @@ -0,0 +1,8 @@ +Block until a container stops, then print its exit code. + +# EXAMPLES + + $ docker run -d fedora sleep 99 + 079b83f558a2bc52ecad6b2a5de13622d584e6bb1aea058c11b36511e85e7622 + $ docker container wait 079b83f558a2bc + 0 diff --git a/src/cp.md b/src/cp.md new file mode 100644 index 000000000000..b1898ffc7c35 --- /dev/null +++ b/src/cp.md @@ -0,0 +1 @@ +Alias for `docker container cp`. diff --git a/src/create.md b/src/create.md new file mode 100644 index 000000000000..f600d7d53591 --- /dev/null +++ b/src/create.md @@ -0,0 +1 @@ +Alias for `docker container create`. diff --git a/src/diff.md b/src/diff.md new file mode 100644 index 000000000000..29a639efa576 --- /dev/null +++ b/src/diff.md @@ -0,0 +1 @@ +Alias for `docker container diff`. diff --git a/src/events.md b/src/events.md new file mode 100644 index 000000000000..05fa614b7dca --- /dev/null +++ b/src/events.md @@ -0,0 +1 @@ +Alias for `docker system events`. diff --git a/src/exec.md b/src/exec.md new file mode 100644 index 000000000000..21d2ce31eed9 --- /dev/null +++ b/src/exec.md @@ -0,0 +1 @@ +Alias for `docker container exec`. diff --git a/src/export.md b/src/export.md new file mode 100644 index 000000000000..1cc97997997a --- /dev/null +++ b/src/export.md @@ -0,0 +1 @@ +Alias for `docker container export`. diff --git a/src/history.md b/src/history.md new file mode 100644 index 000000000000..8b5f3e871a65 --- /dev/null +++ b/src/history.md @@ -0,0 +1 @@ +Alias for `docker image history`. diff --git a/src/image/build.md b/src/image/build.md new file mode 100644 index 000000000000..9dc897584a7e --- /dev/null +++ b/src/image/build.md @@ -0,0 +1 @@ +Alias for `docker build`. diff --git a/docker-history.1.md b/src/image/history.md similarity index 63% rename from docker-history.1.md rename to src/image/history.md index 91edefe25fba..da7e5d64a5b4 100644 --- a/docker-history.1.md +++ b/src/image/history.md @@ -1,34 +1,5 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-history - Show the history of an image - -# SYNOPSIS -**docker history** -[**--help**] -[**-H**|**--human**[=*true*]] -[**--no-trunc**] -[**-q**|**--quiet**] -IMAGE - -# DESCRIPTION - Show the history of when and how an image was created. -# OPTIONS -**--help** - Print usage statement - -**-H**, **--human**=*true*|*false* - Print sizes and dates in human readable format. The default is *true*. - -**--no-trunc**=*true*|*false* - Don't truncate output. The default is *false*. - -**-q**, **--quiet**=*true*|*false* - Only show numeric IDs. The default is *false*. - # EXAMPLES $ docker history fedora IMAGE CREATED CREATED BY SIZE COMMENT @@ -45,8 +16,3 @@ The `docker commit` command has a **-m** flag for adding comments to the image. 88b42ffd1f7c 5 months ago /bin/sh -c #(nop) ADD file:1fd8d7f9f6557cafc7 373.7 MB c69cab00d6ef 5 months ago /bin/sh -c #(nop) MAINTAINER Lokesh Mandvekar 0 B 511136ea3c5a 19 months ago 0 B Imported from - - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit diff --git a/src/image/import.md b/src/image/import.md new file mode 100644 index 000000000000..2814a71e4323 --- /dev/null +++ b/src/image/import.md @@ -0,0 +1,42 @@ +Create a new filesystem image from the contents of a tarball (`.tar`, +`.tar.gz`, `.tgz`, `.bzip`, `.tar.xz`, `.txz`) into it, then optionally tag it. + + +# EXAMPLES + +## Import from a remote location + + # docker image import http://example.com/exampleimage.tgz example/imagerepo + +## Import from a local file + +Import to docker via pipe and stdin: + + # cat exampleimage.tgz | docker image import - example/imagelocal + +Import with a commit message. + + # cat exampleimage.tgz | docker image import --message "New image imported from tarball" - exampleimagelocal:new + +Import to a Docker image from a local file. + + # docker image import /path/to/exampleimage.tgz + + +## Import from a local file and tag + +Import to docker via pipe and stdin: + + # cat exampleimageV2.tgz | docker image import - example/imagelocal:V-2.0 + +## Import from a local directory + + # tar -c . | docker image import - exampleimagedir + +## Apply specified Dockerfile instructions while importing the image +This example sets the docker image ENV variable DEBUG to true by default. + + # tar -c . | docker image import -c="ENV DEBUG true" - exampleimagedir + +# See also +**docker-export(1)** to export the contents of a filesystem as a tar archive to STDOUT. diff --git a/docker-load.1.md b/src/image/load.md similarity index 54% rename from docker-load.1.md rename to src/image/load.md index b16517304724..81f126fdfc01 100644 --- a/docker-load.1.md +++ b/src/image/load.md @@ -1,31 +1,7 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-load - Load an image from a tar archive or STDIN - -# SYNOPSIS -**docker load** -[**--help**] -[**-i**|**--input**[=*INPUT*]] -[**-q**|**--quiet**] - -# DESCRIPTION - Loads a tarred repository from a file or the standard input stream. Restores both images and tags. Write image names or IDs imported it standard output stream. -# OPTIONS -**--help** - Print usage statement - -**-i**, **--input**="" - Read from a tar archive file, instead of STDIN. The tarball may be compressed with gzip, bzip, or xz. - -**-q**, **--quiet** - Suppress the load progress bar but still outputs the imported images. - # EXAMPLES $ docker images @@ -46,11 +22,4 @@ standard output stream. fedora latest 58394af37342 7 weeks ago 385.5 MB # See also -**docker-save(1)** to save one or more images to a tar archive (streamed to STDOUT by default). - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -July 2015 update by Mary Anthony -June 2016 update by Vincent Demeester +**docker-image-save(1)** to save one or more images to a tar archive (streamed to STDOUT by default). diff --git a/docker-images.1.md b/src/image/ls.md similarity index 73% rename from docker-images.1.md rename to src/image/ls.md index d7958d0dc4ac..9943457bee58 100644 --- a/docker-images.1.md +++ b/src/image/ls.md @@ -1,21 +1,3 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-images - List images - -# SYNOPSIS -**docker images** -[**--help**] -[**-a**|**--all**] -[**--digests**] -[**-f**|**--filter**[=*[]*]] -[**--format**=*"TEMPLATE"*] -[**--no-trunc**] -[**-q**|**--quiet**] -[REPOSITORY[:TAG]] - -# DESCRIPTION This command lists the images stored in the local Docker repository. By default, intermediate images, used during builds, are not listed. Some of the @@ -31,21 +13,17 @@ repository for all tagged images of the same name. For example consider an image called fedora. It may be tagged with 18, 19, or 20, etc. to manage different versions. -# OPTIONS -**-a**, **--all**=*true*|*false* - Show all images (by default filter out the intermediate image layers). The default is *false*. +## Filters -**--digests**=*true*|*false* - Show image digests. The default is *false*. +Filters the output based on these conditions: -**-f**, **--filter**=[] - Filters the output based on these conditions: - dangling=(true|false) - find unused images - label= or label== - before=([:tag]||) - since=([:tag]||) -**--format**="*TEMPLATE*" +## Format + Pretty-print images using a Go template. Valid placeholders: .ID - Image ID @@ -56,49 +34,40 @@ versions. .CreatedAt - Time when the image was created .Size - Image disk size -**--help** - Print usage statement - -**--no-trunc**=*true*|*false* - Don't truncate output. The default is *false*. - -**-q**, **--quiet**=*true*|*false* - Only show numeric IDs. The default is *false*. - # EXAMPLES ## Listing the images To list the images in a local repository (not the registry) run: - docker images + docker image ls The list will contain the image repository name, a tag for the image, and an image ID, when it was created and its virtual size. Columns: REPOSITORY, TAG, IMAGE ID, CREATED, and SIZE. -The `docker images` command takes an optional `[REPOSITORY[:TAG]]` argument +The `docker image ls` command takes an optional `[REPOSITORY[:TAG]]` argument that restricts the list to images that match the argument. If you specify -`REPOSITORY`but no `TAG`, the `docker images` command lists all images in the +`REPOSITORY`but no `TAG`, the `docker image ls` command lists all images in the given repository. - docker images java + docker image ls java The `[REPOSITORY[:TAG]]` value must be an "exact match". This means that, for example, -`docker images jav` does not match the image `java`. +`docker image ls jav` does not match the image `java`. If both `REPOSITORY` and `TAG` are provided, only images matching that repository and tag are listed. To find all local images in the "java" repository with tag "8" you can use: - docker images java:8 + docker image ls java:8 To get a verbose list of images which contains all the intermediate images used in builds use **-a**: - docker images -a + docker image ls -a -Previously, the docker images command supported the --tree and --dot arguments, +Previously, the docker image ls command supported the --tree and --dot arguments, which displayed different visualizations of the image data. Docker core removed this functionality in the 1.7 version. If you liked this functionality, you can still find it in the third-party dockviz tool: https://github.com/justone/dockviz. @@ -145,9 +114,4 @@ Valid template placeholders are listed above. Listing just the shortened image IDs. This can be useful for some automated tools. - docker images -q - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit + docker image ls -q diff --git a/docker-pull.1.md b/src/image/pull.md similarity index 81% rename from docker-pull.1.md rename to src/image/pull.md index c61d005308a8..0286ef1502db 100644 --- a/docker-pull.1.md +++ b/src/image/pull.md @@ -1,17 +1,3 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-pull - Pull an image or a repository from a registry - -# SYNOPSIS -**docker pull** -[**-a**|**--all-tags**] -[**--help**] -NAME[:TAG] | [REGISTRY_HOST[:REGISTRY_PORT]/]NAME[:TAG] - -# DESCRIPTION - This command pulls down an image or a repository from a registry. If there is more than one image for a repository (e.g., fedora) then all images for that repository name can be pulled down including any tags @@ -20,22 +6,15 @@ images for that repository name can be pulled down including any tags If you do not specify a `REGISTRY_HOST`, the command uses Docker's public registry located at `registry-1.docker.io` by default. -# OPTIONS -**-a**, **--all-tags**=*true*|*false* - Download all tagged images in the repository. The default is *false*. - -**--help** - Print usage statement - # EXAMPLES ### Pull an image from Docker Hub To download a particular image, or set of images (i.e., a repository), use -`docker pull`. If no tag is provided, Docker Engine uses the `:latest` tag as a +`docker image pull`. If no tag is provided, Docker Engine uses the `:latest` tag as a default. This command pulls the `debian:latest` image: - $ docker pull debian + $ docker image pull debian Using default tag: latest latest: Pulling from library/debian @@ -52,7 +31,7 @@ both layers with `debian:latest`. Pulling the `debian:jessie` image therefore only pulls its metadata, but not its layers, because all layers are already present locally: - $ docker pull debian:jessie + $ docker image pull debian:jessie jessie: Pulling from library/debian fdd5d7827f33: Already exists @@ -84,9 +63,9 @@ in the online documentation. ## Pull an image by digest (immutable identifier) So far, you've pulled images by their name (and "tag"). Using names and tags is -a convenient way to work with images. When using tags, you can `docker pull` an +a convenient way to work with images. When using tags, you can `docker image pull` an image again to make sure you have the most up-to-date version of that image. -For example, `docker pull ubuntu:14.04` pulls the latest version of the Ubuntu +For example, `docker image pull ubuntu:14.04` pulls the latest version of the Ubuntu 14.04 image. In some cases you don't want images to be updated to newer versions, but prefer @@ -98,7 +77,7 @@ and guarantee that the image you're using is always the same. To know the digest of an image, pull the image first. Let's pull the latest `ubuntu:14.04` image from Docker Hub: - $ docker pull ubuntu:14.04 + $ docker image pull ubuntu:14.04 14.04: Pulling from library/ubuntu 5a132a7e7af1: Pull complete @@ -119,7 +98,7 @@ may be useful if you want to pin to a version of the image you just pushed. A digest takes the place of the tag when pulling an image, for example, to pull the above image by digest, run the following command: - $ docker pull ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 + $ docker image pull ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2: Pulling from library/ubuntu 5a132a7e7af1: Already exists @@ -141,7 +120,7 @@ Digest can also be used in the `FROM` of a Dockerfile, for example: ## Pulling from a different registry -By default, `docker pull` pulls images from Docker Hub. It is also possible to +By default, `docker image pull` pulls images from Docker Hub. It is also possible to manually specify the path of a registry to pull from. For example, if you have set up a local registry, you can specify its path to pull from it. A registry path is similar to a URL, but does not contain a protocol specifier (`https://`). @@ -149,7 +128,7 @@ path is similar to a URL, but does not contain a protocol specifier (`https://`) The following command pulls the `testing/test-image` image from a local registry listening on port 5000 (`myregistry.local:5000`): - $ docker pull myregistry.local:5000/testing/test-image + $ docker image pull myregistry.local:5000/testing/test-image Registry credentials are managed by **docker-login(1)**. @@ -161,13 +140,13 @@ section in the online documentation for more information. ## Pull a repository with multiple images -By default, `docker pull` pulls a *single* image from the registry. A repository +By default, `docker image pull` pulls a *single* image from the registry. A repository can contain multiple images. To pull all images from a repository, provide the -`-a` (or `--all-tags`) option when using `docker pull`. +`-a` (or `--all-tags`) option when using `docker image pull`. This command pulls all images from the `fedora` repository: - $ docker pull --all-tags fedora + $ docker image pull --all-tags fedora Pulling repository fedora ad57ef8d78d7: Download complete @@ -193,10 +172,10 @@ that are present locally: ## Canceling a pull -Killing the `docker pull` process, for example by pressing `CTRL-c` while it is +Killing the `docker image pull` process, for example by pressing `CTRL-c` while it is running in a terminal, will terminate the pull operation. - $ docker pull fedora + $ docker image pull fedora Using default tag: latest latest: Pulling from library/fedora @@ -208,13 +187,3 @@ running in a terminal, will terminate the pull operation. > connection between the Docker Engine daemon and the Docker Engine client > initiating the pull is lost. If the connection with the Engine daemon is > lost for other reasons than a manual interaction, the pull is also aborted. - - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -August 2014, updated by Sven Dowideit -April 2015, updated by John Willis -April 2015, updated by Mary Anthony for v2 -September 2015, updated by Sally O'Malley diff --git a/src/image/push.md b/src/image/push.md new file mode 100644 index 000000000000..8b4334d273f5 --- /dev/null +++ b/src/image/push.md @@ -0,0 +1,34 @@ +Use `docker image push` to share your images to the [Docker Hub](https://hub.docker.com) +registry or to a self-hosted one. + +Refer to **docker-image-tag(1)** for more information about valid image and tag names. + +Killing the **docker image push** process, for example by pressing **CTRL-c** while it +is running in a terminal, terminates the push operation. + +Registry credentials are managed by **docker-login(1)**. + +# EXAMPLES + +## Pushing a new image to a registry + +First save the new image by finding the container ID (using **docker container ls**) +and then committing it to a new image name. Note that only a-z0-9-_. are +allowed when naming images: + + # docker container commit c16378f943fe rhel-httpd + +Now, push the image to the registry using the image ID. In this example the +registry is on host named `registry-host` and listening on port `5000`. To do +this, tag the image with the host name or IP address, and the port of the +registry: + + # docker image tag rhel-httpd registry-host:5000/myadmin/rhel-httpd + # docker image push registry-host:5000/myadmin/rhel-httpd + +Check that this worked by running: + + # docker image ls + +You should see both `rhel-httpd` and `registry-host:5000/myadmin/rhel-httpd` +listed. diff --git a/src/image/rm.md b/src/image/rm.md new file mode 100644 index 000000000000..348d45402e4c --- /dev/null +++ b/src/image/rm.md @@ -0,0 +1,11 @@ +Removes one or more images from the host node. This does not remove images from +a registry. You cannot remove an image of a running container unless you use the +**-f** option. To see all images on a host use the **docker image ls** command. + +# EXAMPLES + +## Removing an image + +Here is an example of removing an image: + + docker image rm fedora/httpd diff --git a/src/image/save.md b/src/image/save.md new file mode 100644 index 000000000000..19d885ec618f --- /dev/null +++ b/src/image/save.md @@ -0,0 +1,19 @@ +Produces a tarred repository to the standard output stream. Contains all +parent layers, and all tags + versions, or specified repo:tag. + +Stream to a file instead of STDOUT by using **-o**. + +# EXAMPLES + +Save all fedora repository images to a fedora-all.tar and save the latest +fedora image to a fedora-latest.tar: + + $ docker image save fedora > fedora-all.tar + $ docker image save --output=fedora-latest.tar fedora:latest + $ ls -sh fedora-all.tar + 721M fedora-all.tar + $ ls -sh fedora-latest.tar + 367M fedora-latest.tar + +# See also +**docker-image-load(1)** to load an image from a tar archive on STDIN. diff --git a/docker-tag.1.md b/src/image/tag.md similarity index 67% rename from docker-tag.1.md rename to src/image/tag.md index 7f27e1b0e153..25c1f785d4b9 100644 --- a/docker-tag.1.md +++ b/src/image/tag.md @@ -1,22 +1,7 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-tag - Create a tag `TARGET_IMAGE` that refers to `SOURCE_IMAGE` - -# SYNOPSIS -**docker tag** -[**--help**] -SOURCE_NAME[:TAG] TARGET_NAME[:TAG] - -# DESCRIPTION Assigns a new alias to an image in a registry. An alias refers to the entire image name including the optional `TAG` after the ':'. -# "OPTIONS" -**--help** - Print usage statement. - +# OPTIONS **NAME** The image name which is made up of slash-separated name components, optionally prefixed by a registry hostname. The hostname must comply with @@ -41,14 +26,14 @@ entire image name including the optional `TAG` after the ':'. To tag a local image with ID "0e5574283393" into the "fedora" repository with "version1.0": - docker tag 0e5574283393 fedora/httpd:version1.0 + docker image tag 0e5574283393 fedora/httpd:version1.0 ## Tagging an image referenced by Name To tag a local image with name "httpd" into the "fedora" repository with "version1.0": - docker tag httpd fedora/httpd:version1.0 + docker image tag httpd fedora/httpd:version1.0 Note that since the tag name is not specified, the alias is created for an existing local version `httpd:latest`. @@ -58,19 +43,11 @@ existing local version `httpd:latest`. To tag a local image with name "httpd" and tag "test" into the "fedora" repository with "version1.0.test": - docker tag httpd:test fedora/httpd:version1.0.test + docker image tag httpd:test fedora/httpd:version1.0.test ## Tagging an image for a private repository To push an image to a private registry and not the central Docker registry you must tag it with the registry hostname and port (if needed). - docker tag 0e5574283393 myregistryhost:5000/fedora/httpd:version1.0 - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -July 2014, updated by Sven Dowideit -April 2015, updated by Mary Anthony for v2 -June 2015, updated by Sally O'Malley + docker image tag 0e5574283393 myregistryhost:5000/fedora/httpd:version1.0 diff --git a/src/images.md b/src/images.md new file mode 100644 index 000000000000..ae6a3875eeba --- /dev/null +++ b/src/images.md @@ -0,0 +1 @@ +Alias for `docker image ls`. diff --git a/src/import.md b/src/import.md new file mode 100644 index 000000000000..826c71b1b387 --- /dev/null +++ b/src/import.md @@ -0,0 +1 @@ +Alias for `docker image import`. diff --git a/src/info.md b/src/info.md new file mode 100644 index 000000000000..35e62f86e925 --- /dev/null +++ b/src/info.md @@ -0,0 +1 @@ +Alias for `docker system info`. diff --git a/docker-inspect.1.md b/src/inspect.md similarity index 89% rename from docker-inspect.1.md rename to src/inspect.md index 21d7ba678a0c..d0a2a68378b0 100644 --- a/docker-inspect.1.md +++ b/src/inspect.md @@ -1,39 +1,9 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-inspect - Return low-level information on docker objects - -# SYNOPSIS -**docker inspect** -[**--help**] -[**-f**|**--format**[=*FORMAT*]] -[**-s**|**--size**] -[**--type**=*container*|*image*|*network*|*node*|*service*|*task*|*volume*] -NAME|ID [NAME|ID...] - -# DESCRIPTION - This displays the low-level information on Docker object(s) (e.g. container, image, volume,network, node, service, or task) identified by name or ID. By default, this will render all results in a JSON array. If the container and image have the same name, this will return container JSON for unspecified type. If a format is specified, the given template will be executed for each result. -# OPTIONS -**--help** - Print usage statement - -**-f**, **--format**="" - Format the output using the given Go template - -**-s**, **--size** - Display total file sizes if the type is container - -**--type**=*container*|*image*|*network*|*node*|*service*|*task*|*volume* - Return JSON for specified type, permissible values are "image", "container", - "network", "node", "service", "task", and "volume" - # EXAMPLES Get information about an image when image name conflicts with the container name, @@ -314,10 +284,3 @@ about the image: } } ] - -# HISTORY -April 2014, originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -April 2015, updated by Qiang Huang -October 2015, updated by Sally O'Malley diff --git a/src/kill.md b/src/kill.md new file mode 100644 index 000000000000..50efbcf03075 --- /dev/null +++ b/src/kill.md @@ -0,0 +1 @@ +Alias for `docker container kill`. diff --git a/src/load.md b/src/load.md new file mode 100644 index 000000000000..60e77d7a0e8f --- /dev/null +++ b/src/load.md @@ -0,0 +1 @@ +Alias for `docker image load`. diff --git a/docker-login.1.md b/src/login.md similarity index 62% rename from docker-login.1.md rename to src/login.md index c0d4f795db39..2f83276e457c 100644 --- a/docker-login.1.md +++ b/src/login.md @@ -1,17 +1,3 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-login - Log in to a Docker registry. - -# SYNOPSIS -**docker login** -[**--help**] -[**-p**|**--password**[=*PASSWORD*]] -[**-u**|**--username**[=*USERNAME*]] -[SERVER] - -# DESCRIPTION Log in to a Docker Registry located on the specified `SERVER`. You can specify a URL or a `hostname` for the `SERVER` value. If you do not specify a `SERVER`, the command uses Docker's public registry located at @@ -26,16 +12,6 @@ You can log into any public or private repository for which you have credentials. When you log in, the command stores encoded credentials in `$HOME/.docker/config.json` on Linux or `%USERPROFILE%/.docker/config.json` on Windows. -# OPTIONS -**--help** - Print usage statement - -**-p**, **--password**="" - Password - -**-u**, **--username**="" - Username - # EXAMPLES ## Login to a registry on your localhost @@ -44,10 +20,3 @@ credentials. When you log in, the command stores encoded credentials in # See also **docker-logout(1)** to log out from a Docker registry. - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -April 2015, updated by Mary Anthony for v2 -November 2015, updated by Sally O'Malley diff --git a/docker-logout.1.md b/src/logout.md similarity index 50% rename from docker-logout.1.md rename to src/logout.md index a8a4b7c3c09a..8262018038f0 100644 --- a/docker-logout.1.md +++ b/src/logout.md @@ -1,22 +1,8 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-logout - Log out from a Docker registry. - -# SYNOPSIS -**docker logout** -[SERVER] - -# DESCRIPTION Log out of a Docker Registry located on the specified `SERVER`. You can specify a URL or a `hostname` for the `SERVER` value. If you do not specify a `SERVER`, the command attempts to log you out of Docker's public registry located at `https://registry-1.docker.io/` by default. -# OPTIONS -There are no available options. - # EXAMPLES ## Log out from a registry on your localhost @@ -25,8 +11,3 @@ There are no available options. # See also **docker-login(1)** to log in to a Docker registry server. - -# HISTORY -June 2014, Originally compiled by Daniel, Dao Quang Minh (daniel at nitrous dot io) -July 2014, updated by Sven Dowideit -April 2015, updated by Mary Anthony for v2 diff --git a/src/logs.md b/src/logs.md new file mode 100644 index 000000000000..e528150e292c --- /dev/null +++ b/src/logs.md @@ -0,0 +1 @@ +Alias for `docker container logs`. diff --git a/docker-network-connect.1.md b/src/network/connect.md similarity index 82% rename from docker-network-connect.1.md rename to src/network/connect.md index 096ec77a4df7..59bcc0302bf5 100644 --- a/docker-network-connect.1.md +++ b/src/network/connect.md @@ -1,16 +1,3 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% OCT 2015 -# NAME -docker-network-connect - connect a container to a network - -# SYNOPSIS -**docker network connect** -[**--help**] -NETWORK CONTAINER - -# DESCRIPTION - Connects a container to a network. You can connect a container by name or by ID. Once connected, the container can communicate with other containers in the same network. @@ -50,17 +37,3 @@ support multi-host connectivity, containers connected to the same multi-host network but launched from different Engines can also communicate in this way. You can connect a container to one or more networks. The networks need not be the same type. For example, you can connect a single container bridge and overlay networks. - - -# OPTIONS -**NETWORK** - Specify network name - -**CONTAINER** - Specify container name - -**--help** - Print usage statement - -# HISTORY -OCT 2015, created by Mary Anthony diff --git a/docker-network-create.1.md b/src/network/create.md similarity index 78% rename from docker-network-create.1.md rename to src/network/create.md index 44ce8e15c252..115a41846f9f 100644 --- a/docker-network-create.1.md +++ b/src/network/create.md @@ -1,28 +1,3 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% OCT 2015 -# NAME -docker-network-create - create a new network - -# SYNOPSIS -**docker network create** -[**--attachable**] -[**--aux-address**=*map[]*] -[**-d**|**--driver**=*DRIVER*] -[**--gateway**=*[]*] -[**--help**] -[**--internal**] -[**--ip-range**=*[]*] -[**--ipam-driver**=*default*] -[**--ipam-opt**=*map[]*] -[**--ipv6**] -[**--label**[=*[]*]] -[**-o**|**--opt**=*map[]*] -[**--subnet**=*[]*] -NETWORK-NAME - -# DESCRIPTION - Creates a new network. The `DRIVER` accepts `bridge` or `overlay` which are the built-in network drivers. If you have installed a third party or your own custom network driver you can specify that `DRIVER` here also. If you don't specify the @@ -142,46 +117,3 @@ By default, when you connect a container to an `overlay` network, Docker also connects a bridge network to it to provide external connectivity. If you want to create an externally isolated `overlay` network, you can specify the `--internal` option. - -# OPTIONS -**--attachable** - Enable manual container attachment - -**--aux-address**=map[] - Auxiliary IPv4 or IPv6 addresses used by network driver - -**-d**, **--driver**=*DRIVER* - Driver to manage the Network bridge or overlay. The default is bridge. - -**--gateway**=[] - IPv4 or IPv6 Gateway for the master subnet - -**--help** - Print usage - -**--internal** - Restrict external access to the network - -**--ip-range**=[] - Allocate container ip from a sub-range - -**--ipam-driver**=*default* - IP Address Management Driver - -**--ipam-opt**=map[] - Set custom IPAM driver options - -**--ipv6** - Enable IPv6 networking - -**--label**=*label* - Set metadata for a network - -**-o**, **--opt**=map[] - Set custom driver options - -**--subnet**=[] - Subnet in CIDR format that represents a network segment - -# HISTORY -OCT 2015, created by Mary Anthony diff --git a/src/network/disconnect.md b/src/network/disconnect.md new file mode 100644 index 000000000000..13943f3f8fc6 --- /dev/null +++ b/src/network/disconnect.md @@ -0,0 +1,5 @@ +Disconnects a container from a network. + +```bash +$ docker network disconnect multi-host-network container1 +``` diff --git a/docker-network-inspect.1.md b/src/network/inspect.md similarity index 87% rename from docker-network-inspect.1.md rename to src/network/inspect.md index f27c98cb340d..89fd0e167a10 100644 --- a/docker-network-inspect.1.md +++ b/src/network/inspect.md @@ -1,17 +1,3 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% OCT 2015 -# NAME -docker-network-inspect - inspect a network - -# SYNOPSIS -**docker network inspect** -[**-f**|**--format**[=*FORMAT*]] -[**--help**] -NETWORK [NETWORK...] - -# DESCRIPTION - Returns information about one or more networks. By default, this command renders all results in a JSON object. For example, if you connect two containers to the default `bridge` network: ```bash @@ -100,13 +86,3 @@ $ docker network inspect simple-network } ] ``` - -# OPTIONS -**-f**, **--format**="" - Format the output using the given Go template. - -**--help** - Print usage statement - -# HISTORY -OCT 2015, created by Mary Anthony diff --git a/docker-network-ls.1.md b/src/network/ls.md similarity index 81% rename from docker-network-ls.1.md rename to src/network/ls.md index f319e66035a0..c5182e87e17e 100644 --- a/docker-network-ls.1.md +++ b/src/network/ls.md @@ -1,19 +1,3 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% OCT 2015 -# NAME -docker-network-ls - list networks - -# SYNOPSIS -**docker network ls** -[**-f**|**--filter**[=*[]*]] -[**--format**=*"TEMPLATE"*] -[**--no-trunc**[=*true*|*false*]] -[**-q**|**--quiet**[=*true*|*false*]] -[**--help**] - -# DESCRIPTION - Lists all the networks the Engine `daemon` knows about. This includes the networks that span across multiple hosts in a cluster, for example: @@ -158,31 +142,16 @@ $ docker network rm `docker network ls --filter type=custom -q` A warning will be issued when trying to remove a network that has containers attached. -# OPTIONS - -**-f**, **--filter**=*[]* - filter output based on conditions provided. - -**--format**="*TEMPLATE*" - Pretty-print networks using a Go template. - Valid placeholders: - .ID - Network ID - .Name - Network name - .Driver - Network driver - .Scope - Network scope (local, global) - .IPv6 - Whether IPv6 is enabled on the network or not - .Internal - Whether the network is internal or not - .Labels - All labels assigned to the network - .Label - Value of a specific label for this network. For example `{{.Label "project.version"}}` - -**--no-trunc**=*true*|*false* - Do not truncate the output - -**-q**, **--quiet**=*true*|*false* - Only display network IDs +## Format -**--help** - Print usage statement +Format uses a Go template to print the output. The following variables are +supported: -# HISTORY -OCT 2015, created by Mary Anthony +* .ID - Network ID +* .Name - Network name +* .Driver - Network driver +* .Scope - Network scope (local, global) +* .IPv6 - Whether IPv6 is enabled on the network or not +* .Internal - Whether the network is internal or not +* .Labels - All labels assigned to the network +* .Label - Value of a specific label for this network. For example `{{.Label "project.version"}}` diff --git a/docker-network-rm.1.md b/src/network/rm.md similarity index 67% rename from docker-network-rm.1.md rename to src/network/rm.md index c094a1528619..815b6a487bfb 100644 --- a/docker-network-rm.1.md +++ b/src/network/rm.md @@ -1,16 +1,3 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% OCT 2015 -# NAME -docker-network-rm - remove one or more networks - -# SYNOPSIS -**docker network rm** -[**--help**] -NETWORK [NETWORK...] - -# DESCRIPTION - Removes one or more networks by name or identifier. To remove a network, you must first disconnect any containers connected to it. To remove the network named 'my-network': @@ -31,13 +18,3 @@ When you specify multiple networks, the command attempts to delete each in turn. If the deletion of one network fails, the command continues to the next on the list and tries to delete that. The command reports success or failure for each deletion. - -# OPTIONS -**NETWORK** - Specify network name or id - -**--help** - Print usage statement - -# HISTORY -OCT 2015, created by Mary Anthony diff --git a/src/pause.md b/src/pause.md new file mode 100644 index 000000000000..8779d0601b0c --- /dev/null +++ b/src/pause.md @@ -0,0 +1 @@ +Alias for `docker container pause`. diff --git a/src/port.md b/src/port.md new file mode 100644 index 000000000000..b540ce1776ee --- /dev/null +++ b/src/port.md @@ -0,0 +1 @@ +Alias for `docker container port`. diff --git a/src/ps.md b/src/ps.md new file mode 100644 index 000000000000..83f289e88874 --- /dev/null +++ b/src/ps.md @@ -0,0 +1 @@ +Alias for `docker container ls`. diff --git a/src/pull.md b/src/pull.md new file mode 100644 index 000000000000..78b0ab87c84d --- /dev/null +++ b/src/pull.md @@ -0,0 +1 @@ +Alias for `docker image pull`. diff --git a/src/push.md b/src/push.md new file mode 100644 index 000000000000..84f721e0b5ca --- /dev/null +++ b/src/push.md @@ -0,0 +1 @@ +Alias for `docker image push`. diff --git a/src/rename.md b/src/rename.md new file mode 100644 index 000000000000..7a237f42ff3a --- /dev/null +++ b/src/rename.md @@ -0,0 +1 @@ +Alias for `docker container rename`. diff --git a/src/restart.md b/src/restart.md new file mode 100644 index 000000000000..eddad06b6928 --- /dev/null +++ b/src/restart.md @@ -0,0 +1 @@ +Alias for `docker container restart`. diff --git a/src/rm.md b/src/rm.md new file mode 100644 index 000000000000..8b0cbd658eb8 --- /dev/null +++ b/src/rm.md @@ -0,0 +1 @@ +Alias for `docker container rm`. diff --git a/src/rmi.md b/src/rmi.md new file mode 100644 index 000000000000..b77750493d72 --- /dev/null +++ b/src/rmi.md @@ -0,0 +1 @@ +Alias for `docker image rm`. diff --git a/src/save.md b/src/save.md new file mode 100644 index 000000000000..95127f5a4583 --- /dev/null +++ b/src/save.md @@ -0,0 +1 @@ +Alias for `docker image save`. diff --git a/docker-search.1.md b/src/search.md similarity index 65% rename from docker-search.1.md rename to src/search.md index ad8bbc78b2bb..cf2ac4f1a9e8 100644 --- a/docker-search.1.md +++ b/src/search.md @@ -1,42 +1,16 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-search - Search the Docker Hub for images - -# SYNOPSIS -**docker search** -[**-f**|**--filter**[=*[]*]] -[**--help**] -[**--limit**[=*LIMIT*]] -[**--no-trunc**] -TERM - -# DESCRIPTION - Search Docker Hub for images that match the specified `TERM`. The table of images returned displays the name, description (truncated by default), number of stars awarded, whether the image is official, and whether it is automated. *Note* - Search queries will only return up to 25 results -# OPTIONS +## Filter -**-f**, **--filter**=[] Filter output based on these conditions: - stars= - is-automated=(true|false) - is-official=(true|false) -**--help** - Print usage statement - -**--limit**=*LIMIT* - Maximum returned search results. The default is 25. - -**--no-trunc**=*true*|*false* - Don't truncate output. The default is *false*. - # EXAMPLES ## Search Docker Hub for ranked images @@ -60,11 +34,3 @@ ranked 1 or higher: NAME DESCRIPTION STARS OFFICIAL AUTOMATED goldmann/wildfly A WildFly application server running on a ... 3 [OK] tutum/fedora-20 Fedora 20 image with SSH access. For the r... 1 [OK] - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -April 2015, updated by Mary Anthony for v2 -April 2016, updated by Vincent Demeester - diff --git a/src/start.md b/src/start.md new file mode 100644 index 000000000000..9bab86770416 --- /dev/null +++ b/src/start.md @@ -0,0 +1 @@ +Alias for `docker container start`. diff --git a/src/stats.md b/src/stats.md new file mode 100644 index 000000000000..f709ce4f183a --- /dev/null +++ b/src/stats.md @@ -0,0 +1 @@ +Alias for `docker container stats`. diff --git a/src/stop.md b/src/stop.md new file mode 100644 index 000000000000..35fd07b62ef5 --- /dev/null +++ b/src/stop.md @@ -0,0 +1 @@ +Alias for `docker container stop`. diff --git a/docker-events.1.md b/src/system/events.md similarity index 86% rename from docker-events.1.md rename to src/system/events.md index c0909c681764..e9370e331e58 100644 --- a/docker-events.1.md +++ b/src/system/events.md @@ -1,19 +1,3 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-events - Get real time events from the server - -# SYNOPSIS -**docker events** -[**--help**] -[**-f**|**--filter**[=*[]*]] -[**--since**[=*SINCE*]] -[**--until**[=*UNTIL*]] -[**--format**[=*FORMAT*]] - - -# DESCRIPTION Get event information from the Docker daemon. Information can include historical information and real-time information. @@ -34,29 +18,6 @@ Docker networks report the following events: create, connect, disconnect, destroy # OPTIONS -**--help** - Print usage statement - -**-f**, **--filter**=[] - Filter output based on these conditions - - container (`container=`) - - event (`event=`) - - image (`image=`) - - plugin (experimental) (`plugin=`) - - label (`label=` or `label==`) - - type (`type=`) - - volume (`volume=`) - - network (`network=`) - - daemon (`daemon=`) - -**--since**="" - Show all events created since timestamp - -**--until**="" - Stream events until this timestamp - -**--format**="" - Format the output using the given Go template The `--since` and `--until` parameters can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed @@ -171,10 +132,3 @@ Lines. For information about JSON Lines, please refer to http://jsonlines.org/ . 2016-07-25T17:30:14.825557616Z plugin pull ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/no-remove:latest) 2016-07-25T17:30:14.888127370Z plugin enable ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/no-remove:latest) - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -June 2015, updated by Brian Goff -October 2015, updated by Mike Brown diff --git a/docker-info.1.md b/src/system/info.md similarity index 91% rename from docker-info.1.md rename to src/system/info.md index bb7a8fb4c20e..9a87e985edab 100644 --- a/docker-info.1.md +++ b/src/system/info.md @@ -1,15 +1,3 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-info - Display system-wide information - -# SYNOPSIS -**docker info** -[**--help**] -[**-f**|**--format**[=*FORMAT*]] - -# DESCRIPTION This command displays system wide information regarding the Docker installation. Information displayed includes the kernel version, number of containers and images. The number of images shown is the number of unique images. The same image tagged @@ -28,13 +16,6 @@ meta data regarding those images are stored. When run for the first time Docker allocates a certain amount of data space and meta data space from the space available on the volume where `/var/lib/docker` is mounted. -# OPTIONS -**--help** - Print usage statement - -**-f**, **--format**="" - Format the output using the given Go template - # EXAMPLES ## Display Docker system information @@ -180,8 +161,3 @@ You can also specify the output format: $ docker info --format '{{json .}}' {"ID":"I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S","Containers":14, ...} - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit diff --git a/src/tag.md b/src/tag.md new file mode 100644 index 000000000000..55c4ef1a7998 --- /dev/null +++ b/src/tag.md @@ -0,0 +1 @@ +Alias for `docker image tag`. diff --git a/src/top.md b/src/top.md new file mode 100644 index 000000000000..ac0f0845f486 --- /dev/null +++ b/src/top.md @@ -0,0 +1 @@ +Alias for `docker container top`. diff --git a/src/unpause.md b/src/unpause.md new file mode 100644 index 000000000000..8779d0601b0c --- /dev/null +++ b/src/unpause.md @@ -0,0 +1 @@ +Alias for `docker container pause`. diff --git a/src/update.md b/src/update.md new file mode 100644 index 000000000000..162022ab2981 --- /dev/null +++ b/src/update.md @@ -0,0 +1 @@ +Alias for `docker container update`. diff --git a/docker-version.1.md b/src/version.md similarity index 67% rename from docker-version.1.md rename to src/version.md index 1838f820521b..5dea4a297c52 100644 --- a/docker-version.1.md +++ b/src/version.md @@ -1,25 +1,6 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2015 -# NAME -docker-version - Show the Docker version information. - -# SYNOPSIS -**docker version** -[**--help**] -[**-f**|**--format**[=*FORMAT*]] - -# DESCRIPTION This command displays version information for both the Docker client and daemon. -# OPTIONS -**--help** - Print usage statement - -**-f**, **--format**="" - Format the output using the given Go template. - # EXAMPLES ## Display Docker version information @@ -54,9 +35,3 @@ To view all available fields, you can use the format `{{json .}}`. $ docker version --format '{{json .}}' {"Client":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"},"ServerOK":true,"Server":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","KernelVersion":"3.13.2-gentoo","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"}} - - -# HISTORY -June 2014, updated by Sven Dowideit -June 2015, updated by John Howard -June 2015, updated by Patrick Hemmer diff --git a/src/volume.md b/src/volume.md new file mode 100644 index 000000000000..0a09a41da381 --- /dev/null +++ b/src/volume.md @@ -0,0 +1,14 @@ +The `docker volume` command has subcommands for managing data volumes. A data +volume is a specially-designated directory that by-passes storage driver +management. + +Data volumes persist data independent of a container's life cycle. When you +delete a container, the Docker daemon does not delete any data volumes. You can +share volumes across multiple containers. Moreover, you can share data volumes +with other computing resources in your system. + +To see help for a subcommand, use: + + docker volume COMMAND --help + +For full details on using docker volume visit Docker's online documentation. diff --git a/src/volume/create.md b/src/volume/create.md new file mode 100644 index 000000000000..408079d62d3a --- /dev/null +++ b/src/volume/create.md @@ -0,0 +1,35 @@ +Creates a new volume that containers can consume and store data in. If a name +is not specified, Docker generates a random name. You create a volume and then +configure the container to use it, for example: + + $ docker volume create hello + hello + $ docker run -d -v hello:/world busybox ls /world + +The mount is created inside the container's `/src` directory. Docker doesn't +not support relative paths for mount points inside the container. + +Multiple containers can use the same volume in the same time period. This is +useful if two containers need access to shared data. For example, if one +container writes and the other reads the data. + +## Driver specific options + +Some volume drivers may take options to customize the volume creation. Use the +`-o` or `--opt` flags to pass driver options: + + $ docker volume create --driver fake --opt tardis=blue --opt timey=wimey + +These options are passed directly to the volume driver. Options for different +volume drivers may do different things (or nothing at all). + +The built-in `local` driver on Windows does not support any options. + +The built-in `local` driver on Linux accepts options similar to the linux +`mount` command: + + $ docker volume create --driver local --opt type=tmpfs --opt device=tmpfs --opt o=size=100m,uid=1000 + +Another example: + + $ docker volume create --driver local --opt type=btrfs --opt device=/dev/sda2 diff --git a/src/volume/inspect.md b/src/volume/inspect.md new file mode 100644 index 000000000000..0885caab634d --- /dev/null +++ b/src/volume/inspect.md @@ -0,0 +1,4 @@ +Returns information about one or more volumes. By default, this command renders +all results in a JSON array. You can specify an alternate format to execute a +given template is executed for each result. Go's https://golang.org/pkg/text/template/ +package describes all the details of the format. diff --git a/src/volume/ls.md b/src/volume/ls.md new file mode 100644 index 000000000000..597884278fb4 --- /dev/null +++ b/src/volume/ls.md @@ -0,0 +1,11 @@ +Lists all the volumes Docker manages. You can filter using the `-f` or +`--filter` flag. The filtering format is a `key=value` pair. To specify +more than one filter, pass multiple flags (for example, +`--filter "foo=bar" --filter "bif=baz"`) + +The currently supported filters are: + +* `dangling` (boolean - `true` or `false`, `1` or `0`) +* `driver` (a volume driver's name) +* `label` (`label=` or `label==`) +* `name` (a volume's name) diff --git a/src/wait.md b/src/wait.md new file mode 100644 index 000000000000..8700848ec7e9 --- /dev/null +++ b/src/wait.md @@ -0,0 +1 @@ +Alias for `docker container wait`. From 61e71090689d329d416bb984403d3b0d118d1697 Mon Sep 17 00:00:00 2001 From: Timothy Hobbs Date: Mon, 2 Jan 2017 22:06:46 +0100 Subject: [PATCH 360/398] Docs: Be more clear when specifying valid formats for strings - Use the word letter rather than character to refer to letters ;) when trying to specify that only letters and numbers can be used, and not ANY character... - Small corrections Fixes #29821 Signed-off-by: Timothy Hobbs --- src/image/tag.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/image/tag.md b/src/image/tag.md index 25c1f785d4b9..16abd7529092 100644 --- a/src/image/tag.md +++ b/src/image/tag.md @@ -9,15 +9,16 @@ entire image name including the optional `TAG` after the ':'. present, it may optionally be followed by a port number in the format `:8080`. If not present, the command uses Docker's public registry located at `registry-1.docker.io` by default. Name components may contain lowercase - characters, digits and separators. A separator is defined as a period, one or + letters, digits and separators. A separator is defined as a period, one or two underscores, or one or more dashes. A name component may not start or end with a separator. **TAG** The tag assigned to the image to version and distinguish images with the same - name. The tag name may contain lowercase and uppercase characters, digits, - underscores, periods and dashes. A tag name may not start with a period or a - dash and may contain a maximum of 128 characters. + name. The tag name must be valid ASCII and may contain lowercase and + uppercase letters, digits, underscores, periods and hyphens. A tag name + may not start with a period or a hyphen and may contain a maximum of 128 + characters. # EXAMPLES From 988585230cc2e94b0643c699533d7c31ee32861d Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Wed, 14 Dec 2016 00:35:34 -0800 Subject: [PATCH 361/398] replace no-remove by sample-volume-plugin in docs Signed-off-by: Victor Vieux --- src/system/events.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/system/events.md b/src/system/events.md index e9370e331e58..44adc6c3977f 100644 --- a/src/system/events.md +++ b/src/system/events.md @@ -129,6 +129,6 @@ Lines. For information about JSON Lines, please refer to http://jsonlines.org/ . 2015-12-23T21:38:25.119625123Z network connect 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, container=b4be644031a3d90b400f88ab3d4bdf4dc23adb250e696b6328b85441abe2c54e, type=bridge) $ docker events --filter 'type=plugin' (experimental) - 2016-07-25T17:30:14.825557616Z plugin pull ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/no-remove:latest) - 2016-07-25T17:30:14.888127370Z plugin enable ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/no-remove:latest) + 2016-07-25T17:30:14.825557616Z plugin pull ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest) + 2016-07-25T17:30:14.888127370Z plugin enable ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest) From 27ce16e266c88fd604ff874970521397f63778f7 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Wed, 28 Dec 2016 19:34:32 +0800 Subject: [PATCH 362/398] keep network option consistent between network connect and run Signed-off-by: yuexiao-wang --- docker-run.1.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker-run.1.md b/docker-run.1.md index be3df0be35bd..fe671e54aa19 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -317,12 +317,12 @@ redirection on the host system. When set to true, keep stdin open even if not attached. The default is false. **--ip**="" - Sets the container's interface IPv4 address (e.g. 172.23.0.9) + Sets the container's interface IPv4 address (e.g., 172.23.0.9) It can only be used in conjunction with **--network** for user-defined networks **--ip6**="" - Sets the container's interface IPv6 address (e.g. 2001:db8::1b99) + Sets the container's interface IPv6 address (e.g., 2001:db8::1b99) It can only be used in conjunction with **--network** for user-defined networks @@ -401,7 +401,7 @@ the value of --memory. unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. **--mac-address**="" - Container MAC address (e.g. 92:d0:c6:0a:29:33) + Container MAC address (e.g., 92:d0:c6:0a:29:33) Remember that the MAC address in an Ethernet network must be unique. The IPv6 link-local address will be based on the device's MAC address From 6244e311bb4993ae00229b5c402e8fbbf1aea5d3 Mon Sep 17 00:00:00 2001 From: lixiaobing10051267 Date: Fri, 6 Jan 2017 11:02:02 +0800 Subject: [PATCH 363/398] Provide correct command imformation and URL Signed-off-by: lixiaobing10051267 --- src/container/top.md | 2 +- src/container/unpause.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/container/top.md b/src/container/top.md index 5524494194cd..5e243569aca6 100644 --- a/src/container/top.md +++ b/src/container/top.md @@ -6,6 +6,6 @@ All displayed information is from host's point of view. Run **docker container top** with the ps option of -x: - $ docker top 8601afda2b -x + $ docker container top 8601afda2b -x PID TTY STAT TIME COMMAND 16623 ? Ss 0:00 sleep 99999 diff --git a/src/container/unpause.md b/src/container/unpause.md index d318bb2b6a30..0e77ceed6bd5 100644 --- a/src/container/unpause.md +++ b/src/container/unpause.md @@ -2,5 +2,5 @@ The `docker container unpause` command un-suspends all processes in a container. On Linux, it does this using the cgroups freezer. See the [cgroups freezer documentation] -(https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) for +(https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt) for further details. From 3a9c28bd6ae625985cafc638e05803561de00d7e Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Mon, 9 Jan 2017 20:14:48 +0800 Subject: [PATCH 364/398] Fix incorrect alias and URL Signed-off-by: yuexiao-wang --- src/login.md | 2 +- src/unpause.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/login.md b/src/login.md index 2f83276e457c..4d60882f5f39 100644 --- a/src/login.md +++ b/src/login.md @@ -6,7 +6,7 @@ do not specify a `SERVER`, the command uses Docker's public registry located at `docker login` requires user to use `sudo` or be `root`, except when: 1. connecting to a remote daemon, such as a `docker-machine` provisioned `docker engine`. -2. user is added to the `docker` group. This will impact the security of your system; the `docker` group is `root` equivalent. See [Docker Daemon Attack Surface](https://docs.docker.com/engine/articles/security/#docker-daemon-attack-surface) for details. +2. user is added to the `docker` group. This will impact the security of your system; the `docker` group is `root` equivalent. See [Docker Daemon Attack Surface](https://docs.docker.com/engine/security/security/#/docker-daemon-attack-surface) for details. You can log into any public or private repository for which you have credentials. When you log in, the command stores encoded credentials in diff --git a/src/unpause.md b/src/unpause.md index 8779d0601b0c..df538e135b4f 100644 --- a/src/unpause.md +++ b/src/unpause.md @@ -1 +1 @@ -Alias for `docker container pause`. +Alias for `docker container unpause`. From 70b72d0496b63f35c575b0f814fd5622da77e793 Mon Sep 17 00:00:00 2001 From: Ian Campbell Date: Fri, 13 Jan 2017 13:54:44 +0000 Subject: [PATCH 365/398] Clarify `cp` documentation behaviour with trailing "/." Issue #30082 demonstrated that their is possible confusion with the "/." where the tailing "." can appear to be merely punctuation within the document rather than a highly pertinent part of `SRC_PATH`. Signed-off-by: Ian Campbell --- src/container/cp.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/container/cp.md b/src/container/cp.md index 29b3c0ef2e4e..557e76de95e6 100644 --- a/src/container/cp.md +++ b/src/container/cp.md @@ -42,9 +42,9 @@ argument of `DEST_PATH`, the behavior is as follows: - `DEST_PATH` exists and is a file - Error condition: cannot copy a directory to a file - `DEST_PATH` exists and is a directory - - `SRC_PATH` does not end with `/.` + - `SRC_PATH` does not end with `/.` (that is: _slash_ followed by _dot_) - the source directory is copied into this directory - - `SRC_PATH` does end with `/.` + - `SRC_PATH` does end with `/.` (that is: _slash_ followed by _dot_) - the *content* of the source directory is copied into this directory From 01cc7a87760af52a3cf17beb85e177f8156ffa07 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Thu, 19 Jan 2017 08:47:01 -0800 Subject: [PATCH 366/398] Add docs for `run|create --init|--init-path` Signed-off-by: Harald Albers --- docker-run.1.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/docker-run.1.md b/docker-run.1.md index fe671e54aa19..4e03331521e9 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -41,6 +41,8 @@ docker-run - Run a command in a new container [**--group-add**[=*[]*]] [**-h**|**--hostname**[=*HOSTNAME*]] [**--help**] +[**--init**] +[**--init-path**[=*[]*]] [**-i**|**--interactive**] [**--ip**[=*IPv4-ADDRESS*]] [**--ip6**[=*IPv6-ADDRESS*]] @@ -309,7 +311,13 @@ redirection on the host system. Sets the container host name that is available inside the container. **--help** - Print usage statement + Print usage statement + +**--init** + Run an init inside the container that forwards signals and reaps processes + +**--init-path**="" + Path to the docker-init binary **-i**, **--interactive**=*true*|*false* Keep STDIN open even if not attached. The default is *false*. From 3f8e7f614aa7bb8684e80627074881a156245380 Mon Sep 17 00:00:00 2001 From: Kenfe-Mickael Laventure Date: Fri, 6 May 2016 15:09:46 -0700 Subject: [PATCH 367/398] Allow adding rules to cgroup devices.allow on container create/run This introduce a new `--device-cgroup-rule` flag that allow a user to add one or more entry to the container cgroup device `devices.allow` Signed-off-by: Kenfe-Mickael Laventure --- docker-run.1.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docker-run.1.md b/docker-run.1.md index 4e03331521e9..804aa1309fff 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -27,6 +27,7 @@ docker-run - Run a command in a new container [**-d**|**--detach**] [**--detach-keys**[=*[]*]] [**--device**[=*[]*]] +[**--device-cgroup-rule**[=*[]*]] [**--device-read-bps**[=*[]*]] [**--device-read-iops**[=*[]*]] [**--device-write-bps**[=*[]*]] @@ -246,6 +247,16 @@ See **config-json(5)** for documentation on using a configuration file. **--device**=[] Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) +**--device-cgroup-rule**=[] + Add a rule to the cgroup allowed devices list. + + The rule is expected to be in the format specified in the Linux kernel documentation (Documentation/cgroup-v1/devices.txt): + - type: `a` (all), `c` (char) or `b` (block) + - major and minor: either a number or `*` for all + - permission: a composition of `r` (read), `w` (write) and `m` (mknod) + + Example: `c 1:3 mr`: allow for character device with major `1` and minor `3` to be created (`m`) and read (`r`) + **--device-read-bps**=[] Limit read rate from a device (e.g. --device-read-bps=/dev/sda:1mb) From e9cb01428f16ed5523e28761a043a16faa67f33e Mon Sep 17 00:00:00 2001 From: Kenfe-Mickael Laventure Date: Fri, 13 Jan 2017 09:05:29 -0800 Subject: [PATCH 368/398] Add example for device-cgroup-rule to man Signed-off-by: Kenfe-Mickael Laventure --- generate.go | 12 +++++++++++ src/container/create-example.md | 35 +++++++++++++++++++++++++++++++++ src/container/create.md | 17 +--------------- 3 files changed, 48 insertions(+), 16 deletions(-) create mode 100644 src/container/create-example.md diff --git a/generate.go b/generate.go index 1516158f7ccd..964d69277580 100644 --- a/generate.go +++ b/generate.go @@ -62,6 +62,18 @@ func loadLongDescription(cmd *cobra.Command, path string) error { return err } cmd.Long = string(content) + + fullpath = filepath.Join(path, cmd.Name()+"-example.md") + if _, err := os.Stat(fullpath); err != nil { + continue + } + + content, err = ioutil.ReadFile(fullpath) + if err != nil { + return err + } + cmd.Example = string(content) + } return nil } diff --git a/src/container/create-example.md b/src/container/create-example.md new file mode 100644 index 000000000000..0084eeea2cee --- /dev/null +++ b/src/container/create-example.md @@ -0,0 +1,35 @@ +### Specify isolation technology for container (--isolation) + +This option is useful in situations where you are running Docker containers on +Windows. The `--isolation=` option sets a container's isolation +technology. On Linux, the only supported is the `default` option which uses +Linux namespaces. On Microsoft Windows, you can specify these values: + +* `default`: Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value. +* `process`: Namespace isolation only. +* `hyperv`: Hyper-V hypervisor partition-based isolation. + +Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`. + +### Dealing with dynamically created devices (--device-cgroup-rule) + +Devices available to a container are assigned at creation time. The +assigned devices will both be added to the cgroup.allow file and +created into the container once it is run. This poses a problem when +a new device needs to be added to running container. + +One of the solution is to add a more permissive rule to a container +allowing it access to a wider range of devices. For example, supposing +our container needs access to a character device with major `42` and +any number of minor number (added as new devices appear), the +following rule would be added: + +``` +docker create --device-cgroup-rule='c 42:* rmw' -name my-container my-image +``` + +Then, a user could ask `udev` to execute a script that would `docker exec my-container mknod newDevX c 42 ` +the required device when it is added. + +NOTE: initially present devices still need to be explicitely added to +the create/run command diff --git a/src/container/create.md b/src/container/create.md index eeeda373eb04..3da3502aa143 100644 --- a/src/container/create.md +++ b/src/container/create.md @@ -6,7 +6,7 @@ any point. The initial status of the container created with **docker create** is 'created'. -# OPTIONS +### OPTIONS The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The `HOST-DIR` can be an absolute path or a `name` value. A `name` value must start with an @@ -82,18 +82,3 @@ change propagation properties of source mount. Say `/` is source mount for To disable automatic copying of data from the container path to the volume, use the `nocopy` flag. The `nocopy` flag can be set on bind mounts and named volumes. - -# EXAMPLES - -## Specify isolation technology for container (--isolation) - -This option is useful in situations where you are running Docker containers on -Windows. The `--isolation=` option sets a container's isolation -technology. On Linux, the only supported is the `default` option which uses -Linux namespaces. On Microsoft Windows, you can specify these values: - -* `default`: Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value. -* `process`: Namespace isolation only. -* `hyperv`: Hyper-V hypervisor partition-based isolation. - -Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`. From fb1816ed32b4a112e6d8d6e8ef66906619022f9d Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Sun, 25 Dec 2016 01:11:12 -0800 Subject: [PATCH 369/398] Add daemon option --default-shm-size This fix fixes issue raised in 29492 where it was not possible to specify a default `--default-shm-size` in daemon configuration for each `docker run``. The flag `--default-shm-size` which is reloadable, has been added to the daemon configuation. Related docs has been updated. This fix fixes 29492. Signed-off-by: Yong Tang --- dockerd.8.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/dockerd.8.md b/dockerd.8.md index d64fe1f21ecd..24cec7fa9830 100644 --- a/dockerd.8.md +++ b/dockerd.8.md @@ -21,6 +21,7 @@ dockerd - Enable daemon mode [**--default-gateway**[=*DEFAULT-GATEWAY*]] [**--default-gateway-v6**[=*DEFAULT-GATEWAY-V6*]] [**--default-runtime**[=*runc*]] +[**--default-shm-size**[=*64MiB*]] [**--default-ulimit**[=*[]*]] [**--disable-legacy-registry**] [**--dns**[=*[]*]] @@ -164,6 +165,9 @@ $ sudo dockerd --add-runtime runc=runc --add-runtime custom=/usr/local/bin/my-ru **--default-runtime**="runc" Set default runtime if there're more than one specified by `--add-runtime`. +**--default-shm-size**=*64MiB* + Set the daemon-wide default shm size for containers. Default is `64MiB`. + **--default-ulimit**=[] Default ulimits for containers. From c568032fb446592eea997bd689d62515f57768ef Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Wed, 1 Feb 2017 11:28:12 -0800 Subject: [PATCH 370/398] Add markdown for man page of `docker plugin ls` This fix adds markdown for man page of `docker plugin ls`, based on https://github.com/docker/docker/pull/28627#issuecomment-276731752 Signed-off-by: Yong Tang --- src/plugin/ls.md | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 src/plugin/ls.md diff --git a/src/plugin/ls.md b/src/plugin/ls.md new file mode 100644 index 000000000000..df96a524874b --- /dev/null +++ b/src/plugin/ls.md @@ -0,0 +1,43 @@ +Lists all the plugins that are currently installed. You can install plugins +using the `docker plugin install` command. +You can also filter using the `-f` or `--filter` flag. + +## Filters + +Filter output based on these conditions: + - enabled=(true|false) - plugins that are enabled or not + - capability= - filters plugins based on capabilities (currently `volumedriver`, `networkdriver`, `ipamdriver`, or `authz`) + +## Format + + Pretty-print plugins using a Go template. + Valid placeholders: + .ID - Plugin ID. + .Name - Plugin Name. + .Description - Plugin description. + .Enabled - Whether plugin is enabled or not. + +# EXAMPLES +## Display all plugins + + $ docker plugin ls + ID NAME DESCRIPTION ENABLED + 869080b57404 tiborvass/sample-volume-plugin:latest A sample volume plugin for Docker true + 141bf6c02ddd vieux/sshfs:latest sshFS plugin for Docker false + +## Display plugins with their ID and names + + $ docker plugin ls --format "{{.ID}}: {{.Name}}" + 869080b57404: tiborvass/sample-volume-plugin:latest + +## Display enabled plugins + + $ docker plugin ls --filter enabled=true + ID NAME DESCRIPTION ENABLED + 869080b57404 tiborvass/sample-volume-plugin:latest A sample volume plugin for Docker true + +## Display plguins with `volumedriver` capability + + $ docker plugin ls --filter capability=volumedriver --format "table {{.ID}}\t{{.Name}}" + ID Name + 869080b57404 tiborvass/sample-volume-plugin:latest From a376ca2a5b49e46b0c00ea0296b79181f1209710 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Wed, 1 Feb 2017 18:34:55 -0800 Subject: [PATCH 371/398] Make markdown for man pages of `docker container ...` consistent This fix updates the markdown for man pages of `docker container ...` so that they are consistent. The changes are based on feedback: https://github.com/docker/docker/pull/30645#discussion_r99020188 https://github.com/docker/docker/pull/30645#discussion_r99020304 1. Use `H2 (##)` as needed 2. Use unrpiviledged prompt (`$`) instead of (`#`) This PR convers files under man/src/container/*.md Signed-off-by: Yong Tang --- src/container/attach.md | 4 ++-- src/container/commit.md | 4 ++-- src/container/export.md | 8 ++++---- src/container/ls.md | 28 ++++++++++++++-------------- src/container/port.md | 10 +++++----- 5 files changed, 27 insertions(+), 27 deletions(-) diff --git a/src/container/attach.md b/src/container/attach.md index fff713bcf0b4..e2fa4f8af1b8 100644 --- a/src/container/attach.md +++ b/src/container/attach.md @@ -45,8 +45,8 @@ In this example the top command is run inside a container, from an image called fedora, in detached mode. The ID from the container is passed into the **docker attach** command: - # ID=$(sudo docker run -d fedora /usr/bin/top -b) - # sudo docker attach $ID + $ ID=$(sudo docker run -d fedora /usr/bin/top -b) + $ sudo docker attach $ID top - 02:05:52 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie Cpu(s): 0.1%us, 0.2%sy, 0.0%ni, 99.7%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st diff --git a/src/container/commit.md b/src/container/commit.md index 6d619baed85f..43d2e9c25dac 100644 --- a/src/container/commit.md +++ b/src/container/commit.md @@ -15,7 +15,7 @@ An existing Fedora based container has had Apache installed while running in interactive mode with the bash shell. Apache is also running. To create a new image run `docker ps` to find the container's ID and then run: - # docker commit -m="Added Apache to Fedora base image" \ + $ docker commit -m="Added Apache to Fedora base image" \ -a="A D Ministrator" 98bd7fc99854 fedora/fedora_httpd:20 Note that only a-z0-9-_. are allowed when naming images from an @@ -27,4 +27,4 @@ variable set to "true", you can create a new image based on that container by first getting the container's ID with `docker ps` and then running: - # docker container commit -c="ENV DEBUG true" 98bd7fc99854 debug-image + $ docker container commit -c="ENV DEBUG true" 98bd7fc99854 debug-image diff --git a/src/container/export.md b/src/container/export.md index 8c9a95a36e9f..ac07d96309ec 100644 --- a/src/container/export.md +++ b/src/container/export.md @@ -8,11 +8,11 @@ Stream to a file instead of STDOUT by using **-o**. Export the contents of the container called angry_bell to a tar file called angry_bell.tar: - # docker export angry_bell > angry_bell.tar - # docker export --output=angry_bell-latest.tar angry_bell - # ls -sh angry_bell.tar + $ docker export angry_bell > angry_bell.tar + $ docker export --output=angry_bell-latest.tar angry_bell + $ ls -sh angry_bell.tar 321M angry_bell.tar - # ls -sh angry_bell-latest.tar + $ ls -sh angry_bell-latest.tar 321M angry_bell-latest.tar # See also diff --git a/src/container/ls.md b/src/container/ls.md index 193ebd96c473..f233cecd63bc 100644 --- a/src/container/ls.md +++ b/src/container/ls.md @@ -35,61 +35,61 @@ Filter output based on these conditions: .Mounts - Names of the volumes mounted in this container. # EXAMPLES -# Display all containers, including non-running +## Display all containers, including non-running - # docker container ls -a + $ docker container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES a87ecb4f327c fedora:20 /bin/sh -c #(nop) MA 20 minutes ago Exit 0 desperate_brattain 01946d9d34d8 vpavlin/rhel7:latest /bin/sh -c #(nop) MA 33 minutes ago Exit 0 thirsty_bell c1d3b0166030 acffc0358b9e /bin/sh -c yum -y up 2 weeks ago Exit 1 determined_torvalds 41d50ecd2f57 fedora:20 /bin/sh -c #(nop) MA 2 weeks ago Exit 0 drunk_pike -# Display only IDs of all containers, including non-running +## Display only IDs of all containers, including non-running - # docker container ls -a -q + $ docker container ls -a -q a87ecb4f327c 01946d9d34d8 c1d3b0166030 41d50ecd2f57 -# Display only IDs of all containers that have the name `determined_torvalds` +## Display only IDs of all containers that have the name `determined_torvalds` - # docker container ls -a -q --filter=name=determined_torvalds + $ docker container ls -a -q --filter=name=determined_torvalds c1d3b0166030 -# Display containers with their commands +## Display containers with their commands - # docker container ls --format "{{.ID}}: {{.Command}}" + $ docker container ls --format "{{.ID}}: {{.Command}}" a87ecb4f327c: /bin/sh -c #(nop) MA 01946d9d34d8: /bin/sh -c #(nop) MA c1d3b0166030: /bin/sh -c yum -y up 41d50ecd2f57: /bin/sh -c #(nop) MA -# Display containers with their labels in a table +## Display containers with their labels in a table - # docker container ls --format "table {{.ID}}\t{{.Labels}}" + $ docker container ls --format "table {{.ID}}\t{{.Labels}}" CONTAINER ID LABELS a87ecb4f327c com.docker.swarm.node=ubuntu,com.docker.swarm.storage=ssd 01946d9d34d8 c1d3b0166030 com.docker.swarm.node=debian,com.docker.swarm.cpu=6 41d50ecd2f57 com.docker.swarm.node=fedora,com.docker.swarm.cpu=3,com.docker.swarm.storage=ssd -# Display containers with their node label in a table +## Display containers with their node label in a table - # docker container ls --format 'table {{.ID}}\t{{(.Label "com.docker.swarm.node")}}' + $ docker container ls --format 'table {{.ID}}\t{{(.Label "com.docker.swarm.node")}}' CONTAINER ID NODE a87ecb4f327c ubuntu 01946d9d34d8 c1d3b0166030 debian 41d50ecd2f57 fedora -# Display containers with `remote-volume` mounted +## Display containers with `remote-volume` mounted $ docker container ls --filter volume=remote-volume --format "table {{.ID}}\t{{.Mounts}}" CONTAINER ID MOUNTS 9c3527ed70ce remote-volume -# Display containers with a volume mounted in `/data` +## Display containers with a volume mounted in `/data` $ docker container ls --filter volume=/data --format "table {{.ID}}\t{{.Mounts}}" CONTAINER ID MOUNTS diff --git a/src/container/port.md b/src/container/port.md index 264f43e613e4..a1c8cc6ee42e 100644 --- a/src/container/port.md +++ b/src/container/port.md @@ -2,25 +2,25 @@ List port mappings for the CONTAINER, or lookup the public-facing port that is N # EXAMPLES - # docker ps + $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b650456536c7 busybox:latest top 54 minutes ago Up 54 minutes 0.0.0.0:1234->9876/tcp, 0.0.0.0:4321->7890/tcp test ## Find out all the ports mapped - # docker container port test + $ docker container port test 7890/tcp -> 0.0.0.0:4321 9876/tcp -> 0.0.0.0:1234 ## Find out a specific mapping - # docker container port test 7890/tcp + $ docker container port test 7890/tcp 0.0.0.0:4321 - # docker container port test 7890 + $ docker container port test 7890 0.0.0.0:4321 ## An example showing error for non-existent mapping - # docker container port test 7890/udp + $ docker container port test 7890/udp 2014/06/24 11:53:36 Error: No public port '7890/udp' published for test From a4f91c31eb456714f06c7c5bb080c80a23571f20 Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Sun, 5 Feb 2017 22:40:57 -0800 Subject: [PATCH 372/398] from golang:1.7.5-alpine for docker-manpage-dev Signed-off-by: Andrew Hsu --- Dockerfile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3ed219304c2b..80e97ff01e6c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,8 @@ -FROM alpine:3.4 +FROM golang:1.7.5-alpine -RUN apk add -U git go bash curl gcc musl-dev make +RUN apk add -U git bash curl gcc musl-dev make RUN mkdir -p /go/src /go/bin /go/pkg -ENV GOPATH=/go RUN export GLIDE=v0.11.1; \ export TARGET=/go/src/github.com/Masterminds; \ mkdir -p ${TARGET} && \ From 7e92b541d6f14ef3d29333b6503f53efa8c05efe Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Mon, 6 Feb 2017 11:29:25 -0800 Subject: [PATCH 373/398] use precompiled go from google, needs debian to work Signed-off-by: Andrew Hsu --- Dockerfile.armhf | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/Dockerfile.armhf b/Dockerfile.armhf index 6fbd178c51a8..85ea591fe0c5 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -1,9 +1,28 @@ -FROM armhf/alpine:3.4 +FROM armhf/debian:jessie -RUN apk add -U git go bash curl gcc musl-dev make +# allow replacing httpredir or deb mirror +ARG APT_MIRROR=deb.debian.org +RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list + +RUN apt-get update && apt-get install -y \ + git \ + bash \ + curl \ + gcc \ + musl-dev \ + make + +ENV GO_VERSION 1.7.5 +RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" \ + | tar -xzC /usr/local +ENV PATH /go/bin:/usr/local/go/bin:$PATH +ENV GOPATH /go + +# We're building for armhf, which is ARMv7, so let's be explicit about that +ENV GOARCH arm +ENV GOARM 7 RUN mkdir -p /go/src /go/bin /go/pkg -ENV GOPATH=/go RUN export GLIDE=v0.11.1; \ export TARGET=/go/src/github.com/Masterminds; \ mkdir -p ${TARGET} && \ From b349155ea7d9d7c9fa75f8d437a0ff876da3a6ca Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Mon, 6 Feb 2017 13:32:21 -0800 Subject: [PATCH 374/398] remove musl-dev in man/Dockerfile.armhf Signed-off-by: Andrew Hsu --- Dockerfile.armhf | 1 - 1 file changed, 1 deletion(-) diff --git a/Dockerfile.armhf b/Dockerfile.armhf index 85ea591fe0c5..e7ea4956467a 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -9,7 +9,6 @@ RUN apt-get update && apt-get install -y \ bash \ curl \ gcc \ - musl-dev \ make ENV GO_VERSION 1.7.5 From 336c8a62fffd37726c198977d7ab4378e9340ec6 Mon Sep 17 00:00:00 2001 From: Christopher Jones Date: Mon, 6 Feb 2017 14:43:13 -0500 Subject: [PATCH 375/398] added ppc64le and s390x fixes for manpages Fixes manpages for p and z by downloading a specific version of go instead of relying on the distro version. Signed-off-by: Christopher Jones --- Dockerfile.ppc64le | 14 ++++++++++++-- Dockerfile.s390x | 14 ++++++++++++-- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/Dockerfile.ppc64le b/Dockerfile.ppc64le index f55465027415..fc96ca7691d5 100644 --- a/Dockerfile.ppc64le +++ b/Dockerfile.ppc64le @@ -1,9 +1,19 @@ FROM ppc64le/ubuntu:xenial -RUN apt-get update && apt-get install -y git golang-go +RUN apt-get update && apt-get install -y \ + curl \ + gcc \ + git \ + make \ + tar + +ENV GO_VERSION 1.7.5 +RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" \ + | tar -xzC /usr/local +ENV PATH /usr/local/go/bin:$PATH +ENV GOPATH=/go RUN mkdir -p /go/src /go/bin /go/pkg -ENV GOPATH=/go:/usr/lib/go-1.6 RUN export GLIDE=v0.11.1; \ export TARGET=/go/src/github.com/Masterminds; \ mkdir -p ${TARGET} && \ diff --git a/Dockerfile.s390x b/Dockerfile.s390x index 6292e00cb766..d4bcf1da11b8 100644 --- a/Dockerfile.s390x +++ b/Dockerfile.s390x @@ -1,9 +1,19 @@ FROM s390x/ubuntu:xenial -RUN apt-get update && apt-get install -y git golang-go +RUN apt-get update && apt-get install -y \ + curl \ + gcc \ + git \ + make \ + tar + +ENV GO_VERSION 1.7.5 +RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" \ + | tar -xzC /usr/local +ENV PATH /usr/local/go/bin:$PATH +ENV GOPATH=/go RUN mkdir -p /go/src /go/bin /go/pkg -ENV GOPATH=/go:/usr/lib/go-1.6 RUN export GLIDE=v0.11.1; \ export TARGET=/go/src/github.com/Masterminds; \ mkdir -p ${TARGET} && \ From 3d8721abd2fd753c43b1d300e2d0d26566a19476 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Wed, 1 Feb 2017 19:05:54 -0800 Subject: [PATCH 376/398] Update API history and man page for `--filter expose/publish` This fix updates API history and man page for `docker ps --filter expose/publish`, from the feedback: https://github.com/docker/docker/pull/27557#issuecomment-276832876 Signed-off-by: Yong Tang --- src/container/ls.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/container/ls.md b/src/container/ls.md index f233cecd63bc..5cb63079ecbb 100644 --- a/src/container/ls.md +++ b/src/container/ls.md @@ -16,6 +16,8 @@ Filter output based on these conditions: - volume=(|) - network=(|) - containers connected to the provided network - health=(starting|healthy|unhealthy|none) - filters containers based on healthcheck status + - publish=([/]|/[]) - filters containers based on published ports + - expose=([/]|/[]) - filters containers based on exposed ports ## Format @@ -94,3 +96,15 @@ Filter output based on these conditions: $ docker container ls --filter volume=/data --format "table {{.ID}}\t{{.Mounts}}" CONTAINER ID MOUNTS 9c3527ed70ce remote-volume + +## Display containers that have published port of 80: + + $ docker ps --filter publish=80 + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + fc7e477723b7 busybox "top" About a minute ago Up About a minute 0.0.0.0:32768->80/tcp admiring_roentgen + +## Display containers that have exposed TCP port in the range of `8000-8080`: + + $ docker ps --filter expose=8000-8080/tcp + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 9833437217a5 busybox "top" 21 seconds ago Up 19 seconds 8080/tcp dreamy_mccarthy From 24df13a81ccada65223b7de2182bb7d2f3fe3c6e Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 13 Feb 2017 11:01:54 -0800 Subject: [PATCH 377/398] Convert script shebangs from "#!/bin/bash" to "#!/usr/bin/env bash" This is especially important for distributions like NixOS where `/bin/bash` doesn't exist, or for MacOS users who've installed a newer version of Bash than the one that comes with their OS. Signed-off-by: Andrew "Tianon" Page --- generate.sh | 2 +- md2man-all.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/generate.sh b/generate.sh index c97edb440ded..905b2d7baf6d 100755 --- a/generate.sh +++ b/generate.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Generate man pages for docker/docker # diff --git a/md2man-all.sh b/md2man-all.sh index 97c65c93bc32..46c7b8f08eae 100755 --- a/md2man-all.sh +++ b/md2man-all.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -e # get into this script's directory From f9e95405fb2f8747057526822369d30d84740bda Mon Sep 17 00:00:00 2001 From: Zhang Wei Date: Wed, 15 Feb 2017 14:20:30 +0800 Subject: [PATCH 378/398] [Docs] Add docs for stating stopped containers This commit adds docs with example showing `docker stats` stopped containers. Signed-off-by: Zhang Wei --- src/container/stats.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/container/stats.md b/src/container/stats.md index 2904482e86c5..2de672ee2e2f 100644 --- a/src/container/stats.md +++ b/src/container/stats.md @@ -16,7 +16,7 @@ Display a live stream of one or more containers' resource usage statistics # EXAMPLES -Running `docker container stats` on all running containers +Running `docker container stats` on all running containers. $ docker container stats CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O @@ -30,3 +30,14 @@ Running `docker container stats` on multiple containers by name and id. CONTAINER CPU % MEM USAGE/LIMIT MEM % NET I/O 5acfcb1b4fd1 0.00% 115.2 MiB/1.045 GiB 11.03% 1.422 kB/648 B fervent_panini 0.02% 11.08 MiB/1.045 GiB 1.06% 648 B/648 B + +Running `docker container stats` with customized format on all (Running and Stopped) containers. + + $ docker container stats --all --format "table {{.ID}}\t{{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}" + CONTAINER ID NAME CPU % MEM USAGE / LIMIT + c9dfa83f0317f87637d5b7e67aa4223337d947215c5a9947e697e4f7d3e0f834 ecstatic_noether 0.00% 56KiB / 15.57GiB + 8f92d01cf3b29b4f5fca4cd33d907e05def7af5a3684711b20a2369d211ec67f stoic_goodall 0.07% 32.86MiB / 15.57GiB + 38dd23dba00f307d53d040c1d18a91361bbdcccbf592315927d56cf13d8b7343 drunk_visvesvaraya 0.00% 0B / 0B + 5a8b07ec4cc52823f3cbfdb964018623c1ba307bce2c057ccdbde5f4f6990833 big_heisenberg 0.00% 0B / 0B + +`drunk_visvesvaraya` and `big_heisenberg` are stopped containers in the above example. From 5c383f86dd546fd1ab189c952cd72cf6c71d8e23 Mon Sep 17 00:00:00 2001 From: "Aaron.L.Xu" Date: Thu, 16 Feb 2017 23:56:53 +0800 Subject: [PATCH 379/398] why there are so many mistakes in our repo (up to /cmd) Signed-off-by: Aaron.L.Xu --- docker-run.1.md | 2 +- dockerd.8.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-run.1.md b/docker-run.1.md index 804aa1309fff..4d35b1ec4091 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -679,7 +679,7 @@ Use `df ` to figure out the source mount and then use `findmnt -o TARGET,PROPAGATION ` to figure out propagation properties of source mount. If `findmnt` utility is not available, then one can look at mount entry for source mount point in `/proc/self/mountinfo`. Look -at `optional fields` and see if any propagaion properties are specified. +at `optional fields` and see if any propagation properties are specified. `shared:X` means mount is `shared`, `master:X` means mount is `slave` and if nothing is there that means mount is `private`. diff --git a/dockerd.8.md b/dockerd.8.md index 24cec7fa9830..56408089d4cd 100644 --- a/dockerd.8.md +++ b/dockerd.8.md @@ -653,7 +653,7 @@ Example use: `dockerd -s zfs --storage-opt zfs.fsname=zroot/docker` #### btrfs.min_space -Specifies the mininum size to use when creating the subvolume which is used for +Specifies the minimum size to use when creating the subvolume which is used for containers. If user uses disk quota for btrfs when creating or running a container with **--storage-opt size** option, docker should ensure the **size** cannot be smaller than **btrfs.min_space**. From 3dbc56b9617cf9edc065705cc88bb7ef3de3ca27 Mon Sep 17 00:00:00 2001 From: "Aaron.L.Xu" Date: Thu, 16 Feb 2017 20:08:57 +0800 Subject: [PATCH 380/398] fix some typos from module contrib to man Signed-off-by: Aaron.L.Xu --- src/container/create-example.md | 2 +- src/container/create.md | 2 +- src/plugin/ls.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/container/create-example.md b/src/container/create-example.md index 0084eeea2cee..bd832936671e 100644 --- a/src/container/create-example.md +++ b/src/container/create-example.md @@ -31,5 +31,5 @@ docker create --device-cgroup-rule='c 42:* rmw' -name my-container my-image Then, a user could ask `udev` to execute a script that would `docker exec my-container mknod newDevX c 42 ` the required device when it is added. -NOTE: initially present devices still need to be explicitely added to +NOTE: initially present devices still need to be explicitly added to the create/run command diff --git a/src/container/create.md b/src/container/create.md index 3da3502aa143..66068ff64407 100644 --- a/src/container/create.md +++ b/src/container/create.md @@ -60,7 +60,7 @@ Use `df ` to figure out the source mount and then use `findmnt -o TARGET,PROPAGATION ` to figure out propagation properties of source mount. If `findmnt` utility is not available, then one can look at mount entry for source mount point in `/proc/self/mountinfo`. Look -at `optional fields` and see if any propagaion properties are specified. +at `optional fields` and see if any propagation properties are specified. `shared:X` means mount is `shared`, `master:X` means mount is `slave` and if nothing is there that means mount is `private`. diff --git a/src/plugin/ls.md b/src/plugin/ls.md index df96a524874b..f9f394524488 100644 --- a/src/plugin/ls.md +++ b/src/plugin/ls.md @@ -36,7 +36,7 @@ Filter output based on these conditions: ID NAME DESCRIPTION ENABLED 869080b57404 tiborvass/sample-volume-plugin:latest A sample volume plugin for Docker true -## Display plguins with `volumedriver` capability +## Display plugins with `volumedriver` capability $ docker plugin ls --filter capability=volumedriver --format "table {{.ID}}\t{{.Name}}" ID Name From 9886074a76e618f7a6f3535e492cb925e4db7eb0 Mon Sep 17 00:00:00 2001 From: Andrew McDonnell Date: Sun, 19 Feb 2017 13:26:29 +1030 Subject: [PATCH 381/398] Fix whitespace error. Signed-off-by: Andrew McDonnell --- src/image/ls.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/image/ls.md b/src/image/ls.md index 9943457bee58..bb673b008c55 100644 --- a/src/image/ls.md +++ b/src/image/ls.md @@ -48,7 +48,7 @@ IMAGE ID, CREATED, and SIZE. The `docker image ls` command takes an optional `[REPOSITORY[:TAG]]` argument that restricts the list to images that match the argument. If you specify -`REPOSITORY`but no `TAG`, the `docker image ls` command lists all images in the +`REPOSITORY` but no `TAG`, the `docker image ls` command lists all images in the given repository. docker image ls java From 3289e52988b9cc5c8f3adbfff4d94c48f32c77a4 Mon Sep 17 00:00:00 2001 From: Tony Abboud Date: Fri, 13 Jan 2017 10:01:58 -0500 Subject: [PATCH 382/398] Add --add-host for docker build Signed-off-by: Tony Abboud --- docker-build.1.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docker-build.1.md b/docker-build.1.md index 5676cb80bd36..b650fc3aa2ee 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -6,6 +6,7 @@ docker-build - Build an image from a Dockerfile # SYNOPSIS **docker build** +[**--add-host**[=*[]*]] [**--build-arg**[=*[]*]] [**--cpu-shares**[=*0*]] [**--cgroup-parent**[=*CGROUP-PARENT*]] @@ -74,6 +75,12 @@ set as the **URL**, the repository is cloned locally and then sent as the contex storing two copies of the image, one for the build cache with all the cache layers in tact, and one for the squashed version. +**--add-host**=[] + Add a custom host-to-IP mapping (host:ip) + + Add a line to /etc/hosts. The format is hostname:ip. The **--add-host** +option can be set multiple times. + **--build-arg**=*variable* name and value of a **buildarg**. From 8a1dd98924ea94982844bd64d3a771b5f73250e2 Mon Sep 17 00:00:00 2001 From: Boris Pruessmann Date: Mon, 20 Feb 2017 19:24:24 +0100 Subject: [PATCH 383/398] Improved aarch64 build - Added 'golint', 'yamllint', and 'swagger' - Fixed man/Dockerfile.aarch64 by bootstrapping Go 1.7.5 Signed-off-by: Boris Pruessmann --- Dockerfile.aarch64 | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index e788eb1c1dcb..3edcb56725b5 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,6 +1,25 @@ FROM aarch64/ubuntu:xenial -RUN apt-get update && apt-get install -y git golang-go +# allow replacing httpredir or deb mirror +ARG APT_MIRROR=deb.debian.org +RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list + +RUN apt-get update && apt-get install -y \ + git \ + bash \ + curl \ + gcc \ + gccgo \ + make + +ENV GO_VERSION 1.7.5 +ENV GOARCH arm64 +ENV PATH /go/bin:/usr/src/go/bin:$PATH + +RUN mkdir /usr/src/go && \ + curl -fsSL https://golang.org/dl/go${GO_VERSION}.src.tar.gz | tar -v -C /usr/src/go -xz --strip-components=1 && \ + cd /usr/src/go/src && \ + GOOS=linux GOARCH=arm64 GOROOT_BOOTSTRAP="$(go env GOROOT)" ./make.bash RUN mkdir -p /go/src /go/bin /go/pkg ENV GOPATH=/go From 759a39e1cbc1d13b1514c8c21f2e30bf8aa07ea8 Mon Sep 17 00:00:00 2001 From: Boris Pruessmann Date: Wed, 1 Mar 2017 20:27:53 +0100 Subject: [PATCH 384/398] Incorporated feedback from review Signed-off-by: Boris Pruessmann --- Dockerfile.aarch64 | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 3edcb56725b5..8553d1f76307 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,16 +1,6 @@ FROM aarch64/ubuntu:xenial -# allow replacing httpredir or deb mirror -ARG APT_MIRROR=deb.debian.org -RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list - -RUN apt-get update && apt-get install -y \ - git \ - bash \ - curl \ - gcc \ - gccgo \ - make +RUN apt-get update && apt-get install -y git golang-go curl ENV GO_VERSION 1.7.5 ENV GOARCH arm64 From 5cafdb846e5ddac2311044f4f35632cdbb38e12d Mon Sep 17 00:00:00 2001 From: Santhosh Manohar Date: Thu, 9 Mar 2017 11:42:10 -0800 Subject: [PATCH 385/398] Enhance network inspect to show all tasks, local & non-local, in swarm mode Signed-off-by: Santhosh Manohar --- src/network/inspect.md | 93 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) diff --git a/src/network/inspect.md b/src/network/inspect.md index 89fd0e167a10..a61dfd8c10cf 100644 --- a/src/network/inspect.md +++ b/src/network/inspect.md @@ -86,3 +86,96 @@ $ docker network inspect simple-network } ] ``` + +`docker network inspect --verbose` for swarm mode overlay networks shows service-specific +details such as the service's VIP and port mappings. It also shows IPs of service tasks, +and the IPs of the nodes where the tasks are running. + +Following is an example output for a overlay network `ov1` that has one service `s1` +attached to. service `s1` in this case has three replicas. + +```bash +$ docker network inspect --verbose ov1 +[ + { + "Name": "ov1", + "Id": "ybmyjvao9vtzy3oorxbssj13b", + "Created": "2017-03-13T17:04:39.776106792Z", + "Scope": "swarm", + "Driver": "overlay", + "EnableIPv6": false, + "IPAM": { + "Driver": "default", + "Options": null, + "Config": [ + { + "Subnet": "10.0.0.0/24", + "Gateway": "10.0.0.1" + } + ] + }, + "Internal": false, + "Attachable": false, + "Containers": { + "020403bd88a15f60747fd25d1ad5fa1272eb740e8a97fc547d8ad07b2f721c5e": { + "Name": "s1.1.pjn2ik0sfgkfzed3h0s00gs9o", + "EndpointID": "ad16946f416562d658f3bb30b9830d73ad91ccf6feae44411269cd0ff674714e", + "MacAddress": "02:42:0a:00:00:04", + "IPv4Address": "10.0.0.4/24", + "IPv6Address": "" + } + }, + "Options": { + "com.docker.network.driver.overlay.vxlanid_list": "4097" + }, + "Labels": {}, + "Peers": [ + { + "Name": "net-3-5d3cfd30a58c", + "IP": "192.168.33.13" + }, + { + "Name": "net-1-6ecbc0040a73", + "IP": "192.168.33.11" + }, + { + "Name": "net-2-fb80208efd75", + "IP": "192.168.33.12" + } + ], + "Services": { + "s1": { + "VIP": "10.0.0.2", + "Ports": [], + "LocalLBIndex": 257, + "Tasks": [ + { + "Name": "s1.2.q4hcq2aiiml25ubtrtg4q1txt", + "EndpointID": "040879b027e55fb658e8b60ae3b87c6cdac7d291e86a190a3b5ac6567b26511a", + "EndpointIP": "10.0.0.5", + "Info": { + "Host IP": "192.168.33.11" + } + }, + { + "Name": "s1.3.yawl4cgkp7imkfx469kn9j6lm", + "EndpointID": "106edff9f120efe44068b834e1cddb5b39dd4a3af70211378b2f7a9e562bbad8", + "EndpointIP": "10.0.0.3", + "Info": { + "Host IP": "192.168.33.12" + } + }, + { + "Name": "s1.1.pjn2ik0sfgkfzed3h0s00gs9o", + "EndpointID": "ad16946f416562d658f3bb30b9830d73ad91ccf6feae44411269cd0ff674714e", + "EndpointIP": "10.0.0.4", + "Info": { + "Host IP": "192.168.33.13" + } + } + ] + } + } + } +] +``` From a6eeec3ddca04c90d0dedfb8b25a6392c1e2ec98 Mon Sep 17 00:00:00 2001 From: Jeremy Yallop Date: Fri, 10 Mar 2017 15:02:32 +0000 Subject: [PATCH 386/398] Documentation for bind mount consistency flags. Signed-off-by: Jeremy Yallop --- docker-run.1.md | 10 +++++++--- src/container/create.md | 9 ++++++--- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/docker-run.1.md b/docker-run.1.md index 4d35b1ec4091..66c6b6704bcc 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -625,6 +625,7 @@ any options, the systems uses the following options: * [rw|ro] * [z|Z] * [`[r]shared`|`[r]slave`|`[r]private`] + * [`delegated`|`cached`|`consistent`] * [nocopy] The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The `HOST-DIR` @@ -642,9 +643,12 @@ You can specify multiple **-v** options to mount one or more mounts to a container. To use these same mounts in other containers, specify the **--volumes-from** option also. -You can add `:ro` or `:rw` suffix to a volume to mount it read-only or -read-write mode, respectively. By default, the volumes are mounted read-write. -See examples. +You can supply additional options for each bind-mount following an additional +colon. A `:ro` or `:rw` suffix mounts a volume in read-only or read-write +mode, respectively. By default, volumes are mounted in read-write mode. +You can also specify the consistency requirement for the mount, either +`:consistent` (the default), `:cached`, or `:delegated`. Multiple options are +separated by commas, e.g. `:ro,cached`. Labeling systems like SELinux require that proper labels are placed on volume content mounted into a container. Without a label, the security system might diff --git a/src/container/create.md b/src/container/create.md index 66068ff64407..e47bb38db1e8 100644 --- a/src/container/create.md +++ b/src/container/create.md @@ -23,9 +23,12 @@ You can specify multiple **-v** options to mount one or more mounts to a container. To use these same mounts in other containers, specify the **--volumes-from** option also. -You can add `:ro` or `:rw` suffix to a volume to mount it read-only or -read-write mode, respectively. By default, the volumes are mounted read-write. -See examples. +You can supply additional options for each bind-mount following an additional +colon. A `:ro` or `:rw` suffix mounts a volume in read-only or read-write +mode, respectively. By default, volumes are mounted in read-write mode. +You can also specify the consistency requirement for the mount, either +`:consistent` (the default), `:cached`, or `:delegated`. Multiple options are +separated by commas, e.g. `:ro,cached`. Labeling systems like SELinux require that proper labels are placed on volume content mounted into a container. Without a label, the security system might From 464c68729dc3dbd07d5959263cf9092ce3970196 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Tue, 21 Mar 2017 15:58:12 +0100 Subject: [PATCH 387/398] Add `reference` filter to the list of available filters The `reference` filter is documented in the file, but is not present in the list of available filters. Signed-off-by: Vincent Demeester --- src/image/ls.md | 1 + 1 file changed, 1 insertion(+) diff --git a/src/image/ls.md b/src/image/ls.md index bb673b008c55..7e327499113b 100644 --- a/src/image/ls.md +++ b/src/image/ls.md @@ -21,6 +21,7 @@ Filters the output based on these conditions: - label= or label== - before=([:tag]||) - since=([:tag]||) + - reference=(pattern of an image reference) ## Format From c24f7693d46e2bfaad37845fa8ab7921472d99be Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Fri, 3 Mar 2017 10:45:48 -0800 Subject: [PATCH 388/398] Add `--filter scope=swarm|local` for `docker network ls` This fix tries to address the request in 31324 by adding `--filter scope=swarm|local` for `docker network ls`. As `docker network ls` has a `SCOPE` column by default, it is natural to add the support of `--filter scope=swarm|local`. This fix adds the `scope=swarm|local` support for `docker network ls --filter`. Related docs has been updated. Additional unit test cases have been added. This fix fixes 31324. Signed-off-by: Yong Tang --- src/network/ls.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/src/network/ls.md b/src/network/ls.md index c5182e87e17e..417344951a83 100644 --- a/src/network/ls.md +++ b/src/network/ls.md @@ -35,6 +35,7 @@ The currently supported filters are: * id (network's id) * label (`label=` or `label==`) * name (network's name) +* scope (`swarm|global|local`) * type (custom|builtin) #### Driver @@ -118,6 +119,30 @@ NETWORK ID NAME DRIVER 06e7eef0a170 foobar bridge ``` +#### Scope + +The `scope` filter matches networks based on their scope. + +The following example matches networks with the `swarm` scope: + +```bash +$ docker network ls --filter scope=swarm +NETWORK ID NAME DRIVER SCOPE +xbtm0v4f1lfh ingress overlay swarm +ic6r88twuu92 swarmnet overlay swarm +``` + +The following example matches networks with the `local` scope: + +```bash +$ docker network ls --filter scope=local +NETWORK ID NAME DRIVER SCOPE +e85227439ac7 bridge bridge local +0ca0e19443ed host host local +ca13cc149a36 localnet bridge local +f9e115d2de35 none null local +``` + #### Type The `type` filter supports two values; `builtin` displays predefined networks From fbed3e2776d15e02b05a7a971aee2ae4904538af Mon Sep 17 00:00:00 2001 From: Alessandro Boch Date: Thu, 9 Mar 2017 11:52:25 -0800 Subject: [PATCH 389/398] Allow user to modify ingress network Signed-off-by: Alessandro Boch --- src/network/create.md | 17 +++++++++++++++++ src/network/inspect.md | 2 ++ 2 files changed, 19 insertions(+) diff --git a/src/network/create.md b/src/network/create.md index 115a41846f9f..efbf0d5d46d3 100644 --- a/src/network/create.md +++ b/src/network/create.md @@ -117,3 +117,20 @@ By default, when you connect a container to an `overlay` network, Docker also connects a bridge network to it to provide external connectivity. If you want to create an externally isolated `overlay` network, you can specify the `--internal` option. + +### Network ingress mode + +You can create the network which will be used to provide the routing-mesh in the +swarm cluster. You do so by specifying `--ingress` when creating the network. Only +one ingress network can be created at the time. The network can be removed only +if no services depend on it. Any option available when creating a overlay network +is also available when creating the ingress network, besides the `--attachable` option. + +```bash +$ docker network create -d overlay \ + --subnet=10.11.0.0/16 \ + --ingress \ + --opt com.docker.network.mtu=9216 \ + --opt encrypted=true \ + my-ingress-network +``` diff --git a/src/network/inspect.md b/src/network/inspect.md index a61dfd8c10cf..91cb2dae328c 100644 --- a/src/network/inspect.md +++ b/src/network/inspect.md @@ -32,6 +32,7 @@ $ sudo docker network inspect bridge ] }, "Internal": false, + "Ingress": false, "Containers": { "bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727": { "Name": "container2", @@ -116,6 +117,7 @@ $ docker network inspect --verbose ov1 }, "Internal": false, "Attachable": false, + "Ingress": false, "Containers": { "020403bd88a15f60747fd25d1ad5fa1272eb740e8a97fc547d8ad07b2f721c5e": { "Name": "s1.1.pjn2ik0sfgkfzed3h0s00gs9o", From e2752b0c5d28424900d7efe183b4986d20fb8ea3 Mon Sep 17 00:00:00 2001 From: mapk0y Date: Tue, 28 Mar 2017 02:50:57 +0900 Subject: [PATCH 390/398] Update "man" of docker-run Signed-off-by: mapk0y --- docker-run.1.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docker-run.1.md b/docker-run.1.md index 66c6b6704bcc..0ee0a13ee8a3 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -233,8 +233,7 @@ to the quota you specify. At any time you can run **docker ps** in the other shell to view a list of the running containers. You can reattach to a -detached container with **docker attach**. If you choose to run a container in -the detached mode, then you cannot use the **-rm** option. +detached container with **docker attach**. When attached in the tty mode, you can detach from the container (and leave it running) using a configurable key sequence. The default sequence is `CTRL-p CTRL-q`. From fc4ad8c613d013d1c06210eddbb89882cc8ad040 Mon Sep 17 00:00:00 2001 From: Josh Hawn Date: Mon, 21 Nov 2016 22:17:24 -0800 Subject: [PATCH 391/398] Deprecate --graph flag; Replace with --data-root Docker-DCO-1.1-Signed-off-by: Josh Hawn (github: jlhawn) --- dockerd.8.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/dockerd.8.md b/dockerd.8.md index 56408089d4cd..8304a45dd8f1 100644 --- a/dockerd.8.md +++ b/dockerd.8.md @@ -17,6 +17,7 @@ dockerd - Enable daemon mode [**--cluster-store-opt**[=*map[]*]] [**--config-file**[=*/etc/docker/daemon.json*]] [**--containerd**[=*SOCKET-PATH*]] +[**--data-root**[=*/var/lib/docker*]] [**-D**|**--debug**] [**--default-gateway**[=*DEFAULT-GATEWAY*]] [**--default-gateway-v6**[=*DEFAULT-GATEWAY-V6*]] @@ -33,7 +34,6 @@ dockerd - Enable daemon mode [**--fixed-cidr**[=*FIXED-CIDR*]] [**--fixed-cidr-v6**[=*FIXED-CIDR-V6*]] [**-G**|**--group**[=*docker*]] -[**-g**|**--graph**[=*/var/lib/docker*]] [**-H**|**--host**[=*[]*]] [**--help**] [**--icc**[=*true*]] @@ -152,6 +152,11 @@ $ sudo dockerd --add-runtime runc=runc --add-runtime custom=/usr/local/bin/my-ru **--containerd**="" Path to containerd socket. +**--data-root**="" + Path to the directory used to store persisted Docker data such as + configuration for resources, swarm cluster state, and filesystem data for + images, containers, and local volumes. Default is `/var/lib/docker`. + **-D**, **--debug**=*true*|*false* Enable debug mode. Default is false. @@ -204,9 +209,6 @@ $ sudo dockerd --add-runtime runc=runc --add-runtime custom=/usr/local/bin/my-ru Group to assign the unix socket specified by -H when running in daemon mode. use '' (the empty string) to disable setting of a group. Default is `docker`. -**-g**, **--graph**="" - Path to use as the root of the Docker runtime. Default is `/var/lib/docker`. - **-H**, **--host**=[*unix:///var/run/docker.sock*]: tcp://[host:port] to bind or unix://[/path/to/socket] to use. The socket(s) to bind to in daemon mode specified using one or more From 986fc339b47cd16c9f61d4833db517456d8d839b Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Fri, 31 Mar 2017 06:41:45 +0000 Subject: [PATCH 392/398] cli: add `--mount` to `docker run` Signed-off-by: Akihiro Suda --- docker-run.1.md | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/docker-run.1.md b/docker-run.1.md index 0ee0a13ee8a3..257711d19684 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -61,6 +61,7 @@ docker-run - Run a command in a new container [**--memory-reservation**[=*MEMORY-RESERVATION*]] [**--memory-swap**[=*LIMIT*]] [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] +[**--mount**[=*[MOUNT]*]] [**--name**[=*NAME*]] [**--network-alias**[=*[]*]] [**--network**[=*"bridge"*]] @@ -425,6 +426,42 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. The IPv6 link-local address will be based on the device's MAC address according to RFC4862. +**--mount**=[*[type=TYPE[,TYPE-SPECIFIC-OPTIONS]]*] + Attach a filesystem mount to the container + + Current supported mount `TYPES` are `bind`, `volume`, and `tmpfs`. + + e.g. + + `type=bind,source=/path/on/host,destination=/path/in/container` + + `type=volume,source=my-volume,destination=/path/in/container,volume-label="color=red",volume-label="shape=round"` + + `type=tmpfs,tmpfs-size=512M,destination=/path/in/container` + + Common Options: + + * `src`, `source`: mount source spec for `bind` and `volume`. Mandatory for `bind`. + * `dst`, `destination`, `target`: mount destination spec. + * `ro`, `read-only`: `true` or `false` (default). + + Options specific to `bind`: + + * `bind-propagation`: `shared`, `slave`, `private`, `rshared`, `rslave`, or `rprivate`(default). See also `mount(2)`. + * `consistency`: `consistent`(default), `cached`, or `delegated`. Currently, only effective for Docker for Mac. + + Options specific to `volume`: + + * `volume-driver`: Name of the volume-driver plugin. + * `volume-label`: Custom metadata. + * `volume-nocopy`: `true`(default) or `false`. If set to `false`, the Engine copies existing files and directories under the mount-path into the volume, allowing the host to access them. + * `volume-opt`: specific to a given volume driver. + + Options specific to `tmpfs`: + + * `tmpfs-size`: Size of the tmpfs mount in bytes. Unlimited by default in Linux. + * `tmpfs-mode`: File mode of the tmpfs in octal. (e.g. `700` or `0700`.) Defaults to `1777` in Linux. + **--name**="" Assign a name to the container @@ -604,6 +641,9 @@ options are the same as the Linux default `mount` flags. If you do not specify any options, the systems uses the following options: `rw,noexec,nosuid,nodev,size=65536k`. + See also `--mount`, which is the successor of `--tmpfs` and `--volume`. + Even though there is no plan to deprecate `--tmpfs`, usage of `--mount` is recommended. + **-u**, **--user**="" Sets the username or UID used and optionally the groupname or GID for the specified command. @@ -704,6 +744,9 @@ change propagation properties of source mount. Say `/` is source mount for To disable automatic copying of data from the container path to the volume, use the `nocopy` flag. The `nocopy` flag can be set on bind mounts and named volumes. +See also `--mount`, which is the successor of `--tmpfs` and `--volume`. +Even though there is no plan to deprecate `--volume`, usage of `--mount` is recommended. + **--volume-driver**="" Container's volume driver. This driver creates volumes specified either from a Dockerfile's `VOLUME` instruction or from the `docker run -v` flag. From d5a19ef74b3151168e9bbd89e13438789629dc2f Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Mon, 10 Apr 2017 13:11:58 +0200 Subject: [PATCH 393/398] remove --init-path from client Signed-off-by: Antonio Murdaca --- docker-run.1.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/docker-run.1.md b/docker-run.1.md index 257711d19684..2a743c134e2b 100644 --- a/docker-run.1.md +++ b/docker-run.1.md @@ -43,7 +43,6 @@ docker-run - Run a command in a new container [**-h**|**--hostname**[=*HOSTNAME*]] [**--help**] [**--init**] -[**--init-path**[=*[]*]] [**-i**|**--interactive**] [**--ip**[=*IPv4-ADDRESS*]] [**--ip6**[=*IPv6-ADDRESS*]] @@ -327,9 +326,6 @@ redirection on the host system. **--init** Run an init inside the container that forwards signals and reaps processes -**--init-path**="" - Path to the docker-init binary - **-i**, **--interactive**=*true*|*false* Keep STDIN open even if not attached. The default is *false*. From 63003bf3fff3f71febe506698df74b4a4437588d Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sun, 16 Apr 2017 12:51:29 -0500 Subject: [PATCH 394/398] Minor fixups for history CLI reference This does some minor fix-ups in the CLI reference for "history", and copies the formattting section to the man-pages. Signed-off-by: Sebastiaan van Stijn --- src/image/history.md | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/src/image/history.md b/src/image/history.md index da7e5d64a5b4..cef058e50e1c 100644 --- a/src/image/history.md +++ b/src/image/history.md @@ -16,3 +16,39 @@ The `docker commit` command has a **-m** flag for adding comments to the image. 88b42ffd1f7c 5 months ago /bin/sh -c #(nop) ADD file:1fd8d7f9f6557cafc7 373.7 MB c69cab00d6ef 5 months ago /bin/sh -c #(nop) MAINTAINER Lokesh Mandvekar 0 B 511136ea3c5a 19 months ago 0 B Imported from - + +### Format the output + +The formatting option (`--format`) will pretty-prints history output +using a Go template. + +Valid placeholders for the Go template are listed below: + +| Placeholder | Description | +| --------------- | ----------- | +| `.ID` | Image ID | +| `.CreatedSince` | Elapsed time since the image was created if `--human=true`, otherwise timestamp of when image was created | +| `.CreatedAt` | Timestamp of when image was created | +| `.CreatedBy` | Command that was used to create the image | +| `.Size` | Image disk size | +| `.Comment` | Comment for image | + +When using the `--format` option, the `history` command will either +output the data exactly as the template declares or, when using the +`table` directive, will include column headers as well. + +The following example uses a template without headers and outputs the +`ID` and `CreatedSince` entries separated by a colon for all images: + +```bash +$ docker images --format "{{.ID}}: {{.Created}} ago" + +cc1b61406712: 2 weeks ago +: 2 weeks ago +: 2 weeks ago +: 2 weeks ago +: 2 weeks ago +: 3 weeks ago +: 3 weeks ago +: 3 weeks ago +``` From e2355cbd64dd4a9e01b016191165dc4ecd762f8f Mon Sep 17 00:00:00 2001 From: David Sheets Date: Mon, 1 May 2017 14:27:42 +0100 Subject: [PATCH 395/398] docs/dockerd: correct authz plugin chain semantics Signed-off-by: David Sheets --- dockerd.8.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dockerd.8.md b/dockerd.8.md index 8304a45dd8f1..228a887e15ff 100644 --- a/dockerd.8.md +++ b/dockerd.8.md @@ -701,10 +701,10 @@ specification file. The plugin's implementation determines whether you can specify a name or path. Consult with your Docker administrator to get information about the plugins available to you. -Once a plugin is installed, requests made to the `daemon` through the command -line or Docker's Engine API are allowed or denied by the plugin. If you have -multiple plugins installed, at least one must allow the request for it to -complete. +Once a plugin is installed, requests made to the `daemon` through the +command line or Docker's Engine API are allowed or denied by the plugin. +If you have multiple plugins installed, each plugin, in order, must +allow the request for it to complete. For information about how to create an authorization plugin, see [authorization plugin](https://docs.docker.com/engine/extend/authorization/) section in the From 1594c350f0d28bfadf7c2b3242279729b47fb3d2 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Thu, 16 Feb 2017 15:33:03 -0500 Subject: [PATCH 396/398] Add option to auto-configure blkdev for devmapper Instead of forcing users to manually configure a block device to use with devmapper, this gives the user the option to let the devmapper driver configure a device for them. Adds several new options to the devmapper storage-opts: - dm.directlvm_device="" - path to the block device to configure for direct-lvm - dm.thinp_percent=95 - sets the percentage of space to use for storage from the passed in block device - dm.thinp_metapercent=1 - sets the percentage of space to for metadata storage from the passed in block device - dm.thinp_autoextend_threshold=80 - sets the threshold for when `lvm` should automatically extend the thin pool as a percentage of the total storage space - dm.thinp_autoextend_percent=20 - sets the percentage to increase the thin pool by when an autoextend is triggered. Defaults are taken from [here](https://docs.docker.com/engine/userguide/storagedriver/device-mapper-driver/#/configure-direct-lvm-mode-for-production) The only option that is required is `dm.directlvm_device` for docker to set everything up. Changes to these settings are not currently supported and will error out. Future work could support allowing changes to these values. Signed-off-by: Brian Goff --- dockerd.8.md | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/dockerd.8.md b/dockerd.8.md index 228a887e15ff..6a12d3f1652e 100644 --- a/dockerd.8.md +++ b/dockerd.8.md @@ -420,6 +420,54 @@ Example use: $ dockerd \ --storage-opt dm.thinpooldev=/dev/mapper/thin-pool +#### dm.directlvm_device + +As an alternative to manually creating a thin pool as above, Docker can +automatically configure a block device for you. + +Example use: + + $ dockerd \ + --storage-opt dm.directlvm_device=/dev/xvdf + +##### dm.thinp_percent + +Sets the percentage of passed in block device to use for storage. + +###### Example: + + $ sudo dockerd \ + --storage-opt dm.thinp_percent=95 + +##### `dm.thinp_metapercent` + +Sets the percentage of the passed in block device to use for metadata storage. + +###### Example: + + $ sudo dockerd \ + --storage-opt dm.thinp_metapercent=1 + +##### dm.thinp_autoextend_threshold + +Sets the value of the percentage of space used before `lvm` attempts to +autoextend the available space [100 = disabled] + +###### Example: + + $ sudo dockerd \ + --storage-opt dm.thinp_autoextend_threshold=80 + +##### dm.thinp_autoextend_percent + +Sets the value percentage value to increase the thin pool by when when `lvm` +attempts to autoextend the available space [100 = disabled] + +###### Example: + + $ sudo dockerd \ + --storage-opt dm.thinp_autoextend_percent=20 + #### dm.basesize Specifies the size to use when creating the base device, which limits From 64ae0e3644d46486f2ff3d3eaa291c19865dcc35 Mon Sep 17 00:00:00 2001 From: Ian Campbell Date: Thu, 6 Apr 2017 13:33:56 +0100 Subject: [PATCH 397/398] Add `docker build --iidfile=FILE` This is synonymous with `docker run --cidfile=FILE` and writes the digest of the newly built image to the named file. This is intended to be used by build systems which want to avoid tagging (perhaps because they are in CI or otherwise want to avoid fixed names which can clash) by enabling e.g. Makefile constructs like: image.id: Dockerfile docker build --iidfile=image.id . do-some-more-stuff: image.id do-stuff-with = v1.29 the caller will now see a `JSONMessage` with the `Aux` field containing a `types.BuildResult` in the output stream for each image/layer produced during the build, with the final one being the end product. Having all of the intermediate images might be interesting in some cases. In silent mode (with `-q`) there is no change, on success the only output will be the resulting image digest as it was previosuly. There was no wrapper to just output an Aux section without enclosing it in a Progress, so add one here. Added some tests to integration cli tests. Signed-off-by: Ian Campbell --- docker-build.1.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker-build.1.md b/docker-build.1.md index b650fc3aa2ee..59eba003a064 100644 --- a/docker-build.1.md +++ b/docker-build.1.md @@ -11,6 +11,7 @@ docker-build - Build an image from a Dockerfile [**--cpu-shares**[=*0*]] [**--cgroup-parent**[=*CGROUP-PARENT*]] [**--help**] +[**--iidfile**[=*CIDFILE*]] [**-f**|**--file**[=*PATH/Dockerfile*]] [**-squash**] *Experimental* [**--force-rm**] @@ -104,6 +105,9 @@ option can be set multiple times. **--no-cache**=*true*|*false* Do not use cache when building the image. The default is *false*. +**--iidfile**="" + Write the image ID to the file + **--help** Print usage statement From 019a052550eb53c9f0ed2ac8073cd14f6782df3b Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Wed, 10 May 2017 18:24:32 -0700 Subject: [PATCH 398/398] Reuse main Dockerfile to generate man pages Removes the use of glide, and uses vndr instead. Signed-off-by: Tibor Vass --- .gitignore | 3 ++ Makefile | 12 +++-- docker.Makefile | 5 ++ dockerfiles/Dockerfile.build | 2 +- dockerfiles/Dockerfile.ci | 2 +- gometalinter.json | 2 +- man/Dockerfile | 24 ---------- man/Dockerfile.aarch64 | 34 -------------- man/Dockerfile.armhf | 43 ----------------- man/Dockerfile.ppc64le | 35 -------------- man/Dockerfile.s390x | 35 -------------- man/generate.go | 4 +- man/generate.sh | 27 +++++++++++ man/glide.lock | 52 --------------------- man/glide.yaml | 12 ----- man/vendor.tmp | 4 ++ {script => scripts}/validate/check-git-diff | 0 17 files changed, 53 insertions(+), 243 deletions(-) delete mode 100644 man/Dockerfile delete mode 100644 man/Dockerfile.aarch64 delete mode 100644 man/Dockerfile.armhf delete mode 100644 man/Dockerfile.ppc64le delete mode 100644 man/Dockerfile.s390x delete mode 100644 man/glide.lock delete mode 100644 man/glide.yaml create mode 100644 man/vendor.tmp rename {script => scripts}/validate/check-git-diff (100%) diff --git a/.gitignore b/.gitignore index 30944692f3e9..1eb86323cfbc 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,5 @@ .DS_Store build +/man/man1 +/man/man5 +/man/man8 diff --git a/Makefile b/Makefile index 932568bf731a..116000a5c1b5 100644 --- a/Makefile +++ b/Makefile @@ -11,12 +11,13 @@ build: clean .PHONY: clean clean: @rm -rf ./build/* + @rm -rf ./man/man[1-9] # run go test # the "-tags daemon" part is temporary .PHONY: test test: - @go test -tags daemon -v $(shell go list ./... | grep -v /vendor/) + @go test -tags daemon -v $(shell go list ./... | grep -vE '/vendor/|github.com/docker/cli/man$$') # run linters .PHONY: lint @@ -32,10 +33,15 @@ cross: clean .PHONY: vendor vendor: vendor.conf @vndr 2> /dev/null - @script/validate/check-git-diff vendor + @scripts/validate/check-git-diff vendor + +## Generate man pages from go source and markdown +.PHONY: manpages +manpages: + @man/generate.sh cli/compose/schema/bindata.go: cli/compose/schema/data/*.json go generate github.com/docker/cli/cli/compose/schema compose-jsonschema: cli/compose/schema/bindata.go - @script/validate/check-git-diff cli/compose/schema/bindata.go + @scripts/validate/check-git-diff cli/compose/schema/bindata.go diff --git a/docker.Makefile b/docker.Makefile index e9128f3b8a93..97dda0660563 100644 --- a/docker.Makefile +++ b/docker.Makefile @@ -53,3 +53,8 @@ lint: build_linter_image .PHONY: vendor vendor: build_docker_image vendor.conf @docker run -ti --rm $(MOUNTS) $(DEV_DOCKER_IMAGE_NAME) make vendor + +## Generate man pages from go source and markdown +.PHONY: manpages +manpages: build_docker_image + @docker run -ti --rm $(MOUNTS) $(DEV_DOCKER_IMAGE_NAME) make manpages diff --git a/dockerfiles/Dockerfile.build b/dockerfiles/Dockerfile.build index 13ee07f25292..5d09e18c4ee7 100644 --- a/dockerfiles/Dockerfile.build +++ b/dockerfiles/Dockerfile.build @@ -1,7 +1,7 @@ FROM golang:1.8-alpine -RUN apk add -U git make +RUN apk add -U git make bash RUN go get github.com/LK4D4/vndr && \ cp /go/bin/vndr /usr/bin && \ diff --git a/dockerfiles/Dockerfile.ci b/dockerfiles/Dockerfile.ci index 166239e6176f..b4e2aa38e642 100644 --- a/dockerfiles/Dockerfile.ci +++ b/dockerfiles/Dockerfile.ci @@ -9,7 +9,7 @@ FROM golang:1.8-alpine -RUN apk add -U git make +RUN apk add -U git make bash RUN go get github.com/LK4D4/vndr && \ cp /go/bin/vndr /usr/bin && \ diff --git a/gometalinter.json b/gometalinter.json index f7c6a88a5d32..a508785a7690 100644 --- a/gometalinter.json +++ b/gometalinter.json @@ -2,7 +2,7 @@ "Vendor": true, "Deadline": "2m", "Sort": ["linter", "severity", "path"], - "Exclude": ["cli/compose/schema/bindata.go"], + "Exclude": ["cli/compose/schema/bindata.go", "man/generate.go"], "DisableAll": true, "Enable": [ diff --git a/man/Dockerfile b/man/Dockerfile deleted file mode 100644 index 80e97ff01e6c..000000000000 --- a/man/Dockerfile +++ /dev/null @@ -1,24 +0,0 @@ -FROM golang:1.7.5-alpine - -RUN apk add -U git bash curl gcc musl-dev make - -RUN mkdir -p /go/src /go/bin /go/pkg -RUN export GLIDE=v0.11.1; \ - export TARGET=/go/src/github.com/Masterminds; \ - mkdir -p ${TARGET} && \ - git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \ - cd ${TARGET}/glide && \ - git checkout $GLIDE && \ - make build && \ - cp ./glide /usr/bin/glide && \ - cd / && rm -rf /go/src/* /go/bin/* /go/pkg/* - -COPY glide.yaml /manvendor/ -COPY glide.lock /manvendor/ -WORKDIR /manvendor/ -RUN glide install && mv vendor src -ENV GOPATH=$GOPATH:/manvendor -RUN go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man - -WORKDIR /go/src/github.com/docker/docker/ -ENTRYPOINT ["man/generate.sh"] diff --git a/man/Dockerfile.aarch64 b/man/Dockerfile.aarch64 deleted file mode 100644 index 8553d1f76307..000000000000 --- a/man/Dockerfile.aarch64 +++ /dev/null @@ -1,34 +0,0 @@ -FROM aarch64/ubuntu:xenial - -RUN apt-get update && apt-get install -y git golang-go curl - -ENV GO_VERSION 1.7.5 -ENV GOARCH arm64 -ENV PATH /go/bin:/usr/src/go/bin:$PATH - -RUN mkdir /usr/src/go && \ - curl -fsSL https://golang.org/dl/go${GO_VERSION}.src.tar.gz | tar -v -C /usr/src/go -xz --strip-components=1 && \ - cd /usr/src/go/src && \ - GOOS=linux GOARCH=arm64 GOROOT_BOOTSTRAP="$(go env GOROOT)" ./make.bash - -RUN mkdir -p /go/src /go/bin /go/pkg -ENV GOPATH=/go -RUN export GLIDE=v0.11.1; \ - export TARGET=/go/src/github.com/Masterminds; \ - mkdir -p ${TARGET} && \ - git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \ - cd ${TARGET}/glide && \ - git checkout $GLIDE && \ - make build && \ - cp ./glide /usr/bin/glide && \ - cd / && rm -rf /go/src/* /go/bin/* /go/pkg/* - -COPY glide.yaml /manvendor/ -COPY glide.lock /manvendor/ -WORKDIR /manvendor/ -RUN glide install && mv vendor src -ENV GOPATH=$GOPATH:/manvendor -RUN go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man - -WORKDIR /go/src/github.com/docker/docker/ -ENTRYPOINT ["man/generate.sh"] diff --git a/man/Dockerfile.armhf b/man/Dockerfile.armhf deleted file mode 100644 index e7ea4956467a..000000000000 --- a/man/Dockerfile.armhf +++ /dev/null @@ -1,43 +0,0 @@ -FROM armhf/debian:jessie - -# allow replacing httpredir or deb mirror -ARG APT_MIRROR=deb.debian.org -RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list - -RUN apt-get update && apt-get install -y \ - git \ - bash \ - curl \ - gcc \ - make - -ENV GO_VERSION 1.7.5 -RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" \ - | tar -xzC /usr/local -ENV PATH /go/bin:/usr/local/go/bin:$PATH -ENV GOPATH /go - -# We're building for armhf, which is ARMv7, so let's be explicit about that -ENV GOARCH arm -ENV GOARM 7 - -RUN mkdir -p /go/src /go/bin /go/pkg -RUN export GLIDE=v0.11.1; \ - export TARGET=/go/src/github.com/Masterminds; \ - mkdir -p ${TARGET} && \ - git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \ - cd ${TARGET}/glide && \ - git checkout $GLIDE && \ - make build && \ - cp ./glide /usr/bin/glide && \ - cd / && rm -rf /go/src/* /go/bin/* /go/pkg/* - -COPY glide.yaml /manvendor/ -COPY glide.lock /manvendor/ -WORKDIR /manvendor/ -RUN glide install && mv vendor src -ENV GOPATH=$GOPATH:/manvendor -RUN go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man - -WORKDIR /go/src/github.com/docker/docker/ -ENTRYPOINT ["man/generate.sh"] diff --git a/man/Dockerfile.ppc64le b/man/Dockerfile.ppc64le deleted file mode 100644 index fc96ca7691d5..000000000000 --- a/man/Dockerfile.ppc64le +++ /dev/null @@ -1,35 +0,0 @@ -FROM ppc64le/ubuntu:xenial - -RUN apt-get update && apt-get install -y \ - curl \ - gcc \ - git \ - make \ - tar - -ENV GO_VERSION 1.7.5 -RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" \ - | tar -xzC /usr/local -ENV PATH /usr/local/go/bin:$PATH -ENV GOPATH=/go - -RUN mkdir -p /go/src /go/bin /go/pkg -RUN export GLIDE=v0.11.1; \ - export TARGET=/go/src/github.com/Masterminds; \ - mkdir -p ${TARGET} && \ - git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \ - cd ${TARGET}/glide && \ - git checkout $GLIDE && \ - make build && \ - cp ./glide /usr/bin/glide && \ - cd / && rm -rf /go/src/* /go/bin/* /go/pkg/* - -COPY glide.yaml /manvendor/ -COPY glide.lock /manvendor/ -WORKDIR /manvendor/ -RUN glide install && mv vendor src -ENV GOPATH=$GOPATH:/manvendor -RUN go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man - -WORKDIR /go/src/github.com/docker/docker/ -ENTRYPOINT ["man/generate.sh"] diff --git a/man/Dockerfile.s390x b/man/Dockerfile.s390x deleted file mode 100644 index d4bcf1da11b8..000000000000 --- a/man/Dockerfile.s390x +++ /dev/null @@ -1,35 +0,0 @@ -FROM s390x/ubuntu:xenial - -RUN apt-get update && apt-get install -y \ - curl \ - gcc \ - git \ - make \ - tar - -ENV GO_VERSION 1.7.5 -RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" \ - | tar -xzC /usr/local -ENV PATH /usr/local/go/bin:$PATH -ENV GOPATH=/go - -RUN mkdir -p /go/src /go/bin /go/pkg -RUN export GLIDE=v0.11.1; \ - export TARGET=/go/src/github.com/Masterminds; \ - mkdir -p ${TARGET} && \ - git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \ - cd ${TARGET}/glide && \ - git checkout $GLIDE && \ - make build && \ - cp ./glide /usr/bin/glide && \ - cd / && rm -rf /go/src/* /go/bin/* /go/pkg/* - -COPY glide.yaml /manvendor/ -COPY glide.lock /manvendor/ -WORKDIR /manvendor/ -RUN glide install && mv vendor src -ENV GOPATH=$GOPATH:/manvendor -RUN go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man - -WORKDIR /go/src/github.com/docker/docker/ -ENTRYPOINT ["man/generate.sh"] diff --git a/man/generate.go b/man/generate.go index 964d69277580..f6e28f861d18 100644 --- a/man/generate.go +++ b/man/generate.go @@ -7,8 +7,8 @@ import ( "os" "path/filepath" - "github.com/docker/docker/cli/command" - "github.com/docker/docker/cli/command/commands" + "github.com/docker/cli/cli/command" + "github.com/docker/cli/cli/command/commands" "github.com/docker/docker/pkg/term" "github.com/spf13/cobra" "github.com/spf13/cobra/doc" diff --git a/man/generate.sh b/man/generate.sh index 905b2d7baf6d..61c16ba41d69 100755 --- a/man/generate.sh +++ b/man/generate.sh @@ -7,9 +7,36 @@ set -eu mkdir -p ./man/man1 +MD2MAN_REPO=github.com/cpuguy83/go-md2man +MD2MAN_COMMIT=a65d4d2de4d5f7c74868dfa9b202a3c8be315aaa + +( + go get -d "$MD2MAN_REPO" + cd "$GOPATH"/src/"$MD2MAN_REPO" + git checkout "$MD2MAN_COMMIT" &> /dev/null + go install "$MD2MAN_REPO" +) + +VENDOR_MD5="$(md5sum vendor.conf)" +cp vendor.conf /tmp/vendor.conf +cp man/vendor.tmp vendor.conf + +grep -v '^#' man/vendor.tmp | while read dep; do + vndr $(echo "$dep" | cut -d' ' -f1) +done + +cp /tmp/vendor.conf vendor.conf +[ "$(md5sum vendor.conf)" != "$VENDOR_MD5" ] && echo "/tmp/vendor.conf unexpectedly changed. Expected $VENDOR_MD5" && exit 1 + # Generate man pages from cobra commands go build -o /tmp/gen-manpages ./man /tmp/gen-manpages --root . --target ./man/man1 +# cleanup +grep -v '^#' man/vendor.tmp | while read dep; do + rm -rf vendor/$(echo "$dep" | cut -d' ' -f1) +done +git checkout vendor/ + # Generate legacy pages from markdown ./man/md2man-all.sh -q diff --git a/man/glide.lock b/man/glide.lock deleted file mode 100644 index 5ec765a4c63c..000000000000 --- a/man/glide.lock +++ /dev/null @@ -1,52 +0,0 @@ -hash: ead3ea293a6143fe41069ebec814bf197d8c43a92cc7666b1f7e21a419b46feb -updated: 2016-06-20T21:53:35.420817456Z -imports: -- name: github.com/BurntSushi/toml - version: f0aeabca5a127c4078abb8c8d64298b147264b55 -- name: github.com/cpuguy83/go-md2man - version: a65d4d2de4d5f7c74868dfa9b202a3c8be315aaa - subpackages: - - md2man -- name: github.com/fsnotify/fsnotify - version: 30411dbcefb7a1da7e84f75530ad3abe4011b4f8 -- name: github.com/hashicorp/hcl - version: da486364306ed66c218be9b7953e19173447c18b - subpackages: - - hcl/ast - - hcl/parser - - hcl/token - - json/parser - - hcl/scanner - - hcl/strconv - - json/scanner - - json/token -- name: github.com/inconshreveable/mousetrap - version: 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75 -- name: github.com/magiconair/properties - version: c265cfa48dda6474e208715ca93e987829f572f8 -- name: github.com/mitchellh/mapstructure - version: d2dd0262208475919e1a362f675cfc0e7c10e905 -- name: github.com/russross/blackfriday - version: 1d6b8e9301e720b08a8938b8c25c018285885438 -- name: github.com/shurcooL/sanitized_anchor_name - version: 10ef21a441db47d8b13ebcc5fd2310f636973c77 -- name: github.com/spf13/cast - version: 27b586b42e29bec072fe7379259cc719e1289da6 -- name: github.com/spf13/jwalterweatherman - version: 33c24e77fb80341fe7130ee7c594256ff08ccc46 -- name: github.com/spf13/pflag - version: dabebe21bf790f782ea4c7bbd2efc430de182afd -- name: github.com/spf13/viper - version: c1ccc378a054ea8d4e38d8c67f6938d4760b53dd -- name: golang.org/x/sys - version: 62bee037599929a6e9146f29d10dd5208c43507d - subpackages: - - unix -- name: gopkg.in/yaml.v2 - version: a83829b6f1293c91addabc89d0571c246397bbf4 -- name: github.com/spf13/cobra - repo: https://github.com/dnephin/cobra - subpackages: - - doc - version: v1.3 -devImports: [] diff --git a/man/glide.yaml b/man/glide.yaml deleted file mode 100644 index e99b2670d8e2..000000000000 --- a/man/glide.yaml +++ /dev/null @@ -1,12 +0,0 @@ -package: github.com/docker/docker/man -import: -- package: github.com/cpuguy83/go-md2man - subpackages: - - md2man -- package: github.com/inconshreveable/mousetrap -- package: github.com/spf13/pflag -- package: github.com/spf13/viper -- package: github.com/spf13/cobra - repo: https://github.com/dnephin/cobra - subpackages: - - doc diff --git a/man/vendor.tmp b/man/vendor.tmp new file mode 100644 index 000000000000..8215510b79f7 --- /dev/null +++ b/man/vendor.tmp @@ -0,0 +1,4 @@ +# manpages +github.com/spf13/cobra v1.5.1 https://github.com/dnephin/cobra +github.com/russross/blackfriday 8cec3a854e68dba10faabbe31c089abf4a3e57a6 +github.com/shurcooL/sanitized_anchor_name 10ef21a441db47d8b13ebcc5fd2310f636973c77 diff --git a/script/validate/check-git-diff b/scripts/validate/check-git-diff similarity index 100% rename from script/validate/check-git-diff rename to scripts/validate/check-git-diff