Instead reserve exit code 2 to be future proof, document that it should
not be used. Implementation-wise, it is considered as unhealthy, but
users should not rely on this as it may change in the future.
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 91e9f3831330c63f8351b9fc3f7c31b3229505be)
Signed-off-by: Tibor Vass <tibor@docker.com>
This adds a guide with recommendations on how to setup
Managers and keep the Swarm cluster healthy.
Signed-off-by: Alexandre Beslic <alexandre.beslic@gmail.com>
(cherry picked from commit 24f87f26e73a49383e0606813a86ed96da7f5a18)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Charles Smith <charles.smith@docker.com>
(cherry picked from commit c406711cc0c5c47f2a36a54becae49c24e0c31c9)
Signed-off-by: Tibor Vass <tibor@docker.com>
This changes the default behavior so that rolling updates will not
proceed once an updated task fails to start, or stops running during the
update. Users can use docker service inspect --pretty servicename to see
the update status, and if it pauses due to a failure, it will explain
that the update is paused, and show the task ID that caused it to pause.
It also shows the time since the update started.
A new --update-on-failure=(pause|continue) flag selects the
behavior. Pause means the update stops once a task fails, continue means
the old behavior of continuing the update anyway.
In the future this will be extended with additional behaviors like
automatic rollback, and flags controlling parameters like how many tasks
need to fail for the update to stop proceeding. This is a minimal
solution for 1.12.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 57ae29aa74e77ade3c91b1c77ba766512dae9ab4)
Signed-off-by: Tibor Vass <tibor@docker.com>
Commit cc493a52a46271df82dbebea26038502b85788b9 added
a constraint to network connect/disconnect operations
on "Swarm scoped" networks.
This adds those errors to the API documentation. Also
changes the error to lowercase for consistency.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b0089e48272f18d856ba147b393371c18d5683fb)
Signed-off-by: Tibor Vass <tibor@docker.com>
These docs have AuthzPlugin with a lower case 'z'. What the plugin
api is actually looking for is AuthZPlugin with an upper case 'Z'.
See 46e3a249a1/pkg/authorization/api.go (L5-L8)
Signed-off-by: Everett Toews <everett.toews@rackspace.com>
(cherry picked from commit c42fbc6b0906c7ccafe5a35d9c2288f83361849d)
Signed-off-by: Tibor Vass <tibor@docker.com>
Hostnames are not supported for now because libnetwork can't use them
for overlay networking yet.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit fca0b18dcba99a7fbb8b430a55dc7bf60d5c1356)
Signed-off-by: Tibor Vass <tibor@docker.com>
There are currently problems with "swarm init" and "swarm join" when an
explicit --listen-addr flag is not provided. swarmkit defaults to
finding the IP address associated with the default route, and in cloud
setups this is often the wrong choice.
Introduce a notion of "advertised address", with the client flag
--advertise-addr, and the daemon flag --swarm-default-advertise-addr to
provide a default. The default listening address is now 0.0.0.0, but a
valid advertised address must be detected or specified.
If no explicit advertised address is specified, error out if there is
more than one usable candidate IP address on the system. This requires a
user to explicitly choose instead of letting swarmkit make the wrong
choice. For the purposes of this autodetection, we ignore certain
interfaces that are unlikely to be relevant (currently docker*).
The user is also required to choose a listen address on swarm init if
they specify an explicit advertise address that is a hostname or an IP
address that's not local to the system. This is a requirement for
overlay networking.
Also support specifying interface names to --listen-addr,
--advertise-addr, and the daemon flag --swarm-default-advertise-addr.
This will fail if the interface has multiple IP addresses (unless it has
a single IPv4 address and a single IPv6 address - then we resolve the
tie in favor of IPv4).
This change also exposes the node's externally-reachable address in
docker info, as requested by #24017.
Make corresponding API and CLI docs changes.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit a0ccd0d42fdb0dd2005f67604cb81a5a6b26787e)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 180f8c61bb1d3f05c21e697147b2f75a44bda485)
Signed-off-by: Tibor Vass <tibor@docker.com>
This renames the `rotate_xxx` flags to camelBack, for
consistency with other API query-params, such as
`detachKeys`, `noOverwriteDirNonDir`, and `fromImage`.
Also makes this flag accept a wider range of boolean
values ("0", "1", "true", "false"), and throw an error
if an invalid value is passed.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit bd81df12780b0765e55582574eaa2a125adf65fa)
Signed-off-by: Tibor Vass <tibor@docker.com>
Update documentation to account for the changes in #24952.
docs/swarm/swarm-tutorial/rolling-update.md doesn't need any changes,
but the CLI reference pages should show the current help text.
drain-node.md no longer needs to specify --update-parallelism 1 in its
example.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 933ba8d7f7f95ad0bac97c39ffb3cdf1a5634cc6)
Signed-off-by: Tibor Vass <tibor@docker.com>
f5e1f6f6880391a5a3399023cf93a3c48502e57d replaced "secrets"
with "join tokens", which also removed the "auto-accept"
policy.
This removes some remaining references to those features.
Note that there are other references, but those
are already addressed in another pull request.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 987511712f0cee391c8296b7f789c71e91561773)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Charles Smith <charles.smith@docker.com>
(cherry picked from commit 9ac145d73621b6393be763686b06b9cf5fb22ce2)
Signed-off-by: Tibor Vass <tibor@docker.com>
`--with-registry-auth` is more explicit.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 8426f72107f351b769babadeabbf13f205126514)
Signed-off-by: Tibor Vass <tibor@docker.com>
Implement the proposal from
https://github.com/docker/docker/issues/24430#issuecomment-233100121
Removes acceptance policy and secret in favor of an automatically
generated join token that combines the secret, CA hash, and
manager/worker role into a single opaque string.
Adds a docker swarm join-token subcommand to inspect and rotate the
tokens.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 2cc5bd33eef038bf5721582e2410ba459bb656e9)
Signed-off-by: Tibor Vass <tibor@docker.com>
these values were changed to lowercase in
690cb2d08c,
but not changed accordingly in docker/docker.
this changes the mounttypes to lowercase
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 8f93128cd619e1d11be1bc0ae21f1362b1e3f9ad)
Signed-off-by: Tibor Vass <tibor@docker.com>
At the moment docker's deprecation policy is 2 release cycles by
default, which is around 5 months. This may not be enough for
production environment and there is a need to extend the
deprecation cycle to 3 releases (see #24494).
This fix updates the docs/deprecated.md and extend the deprecation
cycle to 3 releases.
This fix is related to #24494 and #24534.
This fix fixes#24534.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 9414955c608834c20e3764e753854e667f2e0cbe)
Signed-off-by: Tibor Vass <tibor@docker.com>
this improves the formatting, and code-highlighting
of the `docker ps` reference page, and wraps sentences
to 80 chars
also adds single quotes around the formatting
example for labels.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 07ef0a37f85fbb3ba0be4a09bb301108bf461d96)
Signed-off-by: Tibor Vass <tibor@docker.com>
Looks like I copied from the line below, not
from the output :)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 83b12c0c1144dc3778177fab8dc5052108388f1e)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b5503ef0a511f5be11d9dcfa1359976f159d8a67)
Signed-off-by: Tibor Vass <tibor@docker.com>
Adds documentation for "--log-driver" and "--log-opt"
for services.
Also updated the API docs to include the new
options, and generated a more complete JSON
example.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5ece2a6e0d748fe3960a7459b745ceb4302e9202)
Signed-off-by: Tibor Vass <tibor@docker.com>
the output/response slightly changed in
340964db1c8f161a2ad156023eb47dcc93bf804b,
and `:latest` is no longer required for
various actions.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9d532b5e2d4e68888e38ad2793d9075815e230f7)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Charles Smith <charles.smith@docker.com>
(cherry picked from commit 137261f97ce3f27a8c28a50e286429ead4a6fc18)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Charles Smith <charles.smith@docker.com>
(cherry picked from commit 68a9224bd42437e63972dc9c3374c065872363b3)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f49dc528ed29e6285c24ef356652cc8bc637c8c7)
Signed-off-by: Tibor Vass <tibor@docker.com>
This renames the '--bundle' flag for docker (stack) deploy
to be consistent with 'docker build'.
Note that there's no shorthand '-f' added for now,
because this may be confusing on 'docker stack config',
which also takes a file, and for which we may want to
have a '--format' flag in future.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 06f35262c47629fef78e36daaa2742c2c0d7c3a9)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Harry Zhang <harryz@hyper.sh>
(cherry picked from commit 78a5480dfd8dc1b304e38bc9c18854c4ef86de33)
Signed-off-by: Tibor Vass <tibor@docker.com>
this removes a copy/pasta whoopsie on my side,
introduced in de64324109d2694b1525e62b5c0072267282a36c
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit effbd2b76decd00444d963e10eabe2766bb8c89c)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Charles Smith <charles.smith@docker.com>
(cherry picked from commit 9594ac97ce0c6e0777716be2a35b47208d440e8e)
Signed-off-by: Tibor Vass <tibor@docker.com>
Also removes the `-f` flags of bundle to follow the single-letter flags
evaluation.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 10919e890942cbdaa65f180dbcd475d21b9c6713)
Signed-off-by: Tibor Vass <tibor@docker.com>
Fixes#23981
The selinux issue we are seeing in the report is related to the socket
file for docker and nothing else. By removing the socket docker starts
up correctly.
However, there is another motivation for removing socket activation from
docker's systemd files and that is because when you have daemons running
with --restart always whenever you have a host reboot those daemons
will not be started again because the docker daemon is not started by
systemd until a request comes into the docker API.
Leave it for deb based systems because everything is working correctly
for both socket activation and starting normally at boot.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
(cherry picked from commit 04104c3a1e6cad30cb41b762e8832215466c0e95)
Signed-off-by: Tibor Vass <tibor@docker.com>
following the announcement;
https://groups.google.com/forum/m/#!topic/golang-announce/7JTsd70ZAT0
> [security] Go 1.6.3 and Go 1.7rc2 pre-announcement
>
> Hello gophers,
> We plan to issue Go 1.6.3 and Go 1.7rc2 on Monday July 18 at approximately 2am UTC.
> These are minor release to fix a security issue.
>
> Following our policy at https://golang.org/security, this is the pre-announcement of those releases.
>
> Because we are so late in the release cycle for Go 1.7, we will not issue a minor release of Go 1.5.
> Additionally, we plan to issue Go 1.7rc3 later next week, which will include any changes between 1.7rc1 and tip.
>
> Cheers,
> Chris on behalf of the Go team
**Note:**
the man/Dockerfile is not yet updated, because
the official image for Go 1.6.2 has not yet
been updated.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 589bafddf391cbf6aff8b22044266dc819cdcaeb)
Signed-off-by: Tibor Vass <tibor@docker.com>
This adds the `--live-restore` option to the documentation.
Also synched usage description in the documentation
with the actual description, and re-phrased some
flag descriptions to be a bit more consistent.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 64a8317a5a306dffd0ec080d9ec5b4ceb2479a01)
Signed-off-by: Tibor Vass <tibor@docker.com>
In API docs, `CPU` and `Memory` were used for resource settings on
services. The actual settings should be `NanoCPUs` and `MemoryBytes`.
This fix address the inconsistent fields between API docs and actual
settings.
This fix fixes#24058.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 0159ee1f5dcd28dad1f621d17b9321f35f171b29)
Signed-off-by: Tibor Vass <tibor@docker.com>
The none-https url results in a redirect
to https://support.oracle.com/epmos/faces/MosIndex.jspx?......
which our link-checker didn't like.
The https link looks to be a direct link,
and not resulting in a redirect, so updating the URL.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit c15144c4ec25df4234129fbe88b89cd4f709f784)
Signed-off-by: Tibor Vass <tibor@docker.com>
This was only mentioned in docker create documentation.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
(cherry picked from commit 6ba6265d1ad86680ad7f7750ae1f9abb72f1e728)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>
(cherry picked from commit 6f9e310831326b8031a3526282ffd82cee94294f)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Charles Smith <charles.smith@docker.com>
(cherry picked from commit fec803f7793ce347fe276ea93c13fb9022677135)
Signed-off-by: Tibor Vass <tibor@docker.com>
