Swarm mode makes it possible through the API to set labels to containers
but not through command line. This tries to fix it.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 4031d70d1be2f02e1c9d6f7738f2a816be7eeef2)
Signed-off-by: Tibor Vass <tibor@docker.com>
This changes the default behavior so that rolling updates will not
proceed once an updated task fails to start, or stops running during the
update. Users can use docker service inspect --pretty servicename to see
the update status, and if it pauses due to a failure, it will explain
that the update is paused, and show the task ID that caused it to pause.
It also shows the time since the update started.
A new --update-on-failure=(pause|continue) flag selects the
behavior. Pause means the update stops once a task fails, continue means
the old behavior of continuing the update anyway.
In the future this will be extended with additional behaviors like
automatic rollback, and flags controlling parameters like how many tasks
need to fail for the update to stop proceeding. This is a minimal
solution for 1.12.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 57ae29aa74e77ade3c91b1c77ba766512dae9ab4)
Signed-off-by: Tibor Vass <tibor@docker.com>
Hostnames are not supported for now because libnetwork can't use them
for overlay networking yet.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit fca0b18dcba99a7fbb8b430a55dc7bf60d5c1356)
Signed-off-by: Tibor Vass <tibor@docker.com>
There are currently problems with "swarm init" and "swarm join" when an
explicit --listen-addr flag is not provided. swarmkit defaults to
finding the IP address associated with the default route, and in cloud
setups this is often the wrong choice.
Introduce a notion of "advertised address", with the client flag
--advertise-addr, and the daemon flag --swarm-default-advertise-addr to
provide a default. The default listening address is now 0.0.0.0, but a
valid advertised address must be detected or specified.
If no explicit advertised address is specified, error out if there is
more than one usable candidate IP address on the system. This requires a
user to explicitly choose instead of letting swarmkit make the wrong
choice. For the purposes of this autodetection, we ignore certain
interfaces that are unlikely to be relevant (currently docker*).
The user is also required to choose a listen address on swarm init if
they specify an explicit advertise address that is a hostname or an IP
address that's not local to the system. This is a requirement for
overlay networking.
Also support specifying interface names to --listen-addr,
--advertise-addr, and the daemon flag --swarm-default-advertise-addr.
This will fail if the interface has multiple IP addresses (unless it has
a single IPv4 address and a single IPv6 address - then we resolve the
tie in favor of IPv4).
This change also exposes the node's externally-reachable address in
docker info, as requested by #24017.
Make corresponding API and CLI docs changes.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit a0ccd0d42fdb0dd2005f67604cb81a5a6b26787e)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 180f8c61bb1d3f05c21e697147b2f75a44bda485)
Signed-off-by: Tibor Vass <tibor@docker.com>
Update documentation to account for the changes in #24952.
docs/swarm/swarm-tutorial/rolling-update.md doesn't need any changes,
but the CLI reference pages should show the current help text.
drain-node.md no longer needs to specify --update-parallelism 1 in its
example.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 933ba8d7f7f95ad0bac97c39ffb3cdf1a5634cc6)
Signed-off-by: Tibor Vass <tibor@docker.com>
f5e1f6f6880391a5a3399023cf93a3c48502e57d replaced "secrets"
with "join tokens", which also removed the "auto-accept"
policy.
This removes some remaining references to those features.
Note that there are other references, but those
are already addressed in another pull request.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 987511712f0cee391c8296b7f789c71e91561773)
Signed-off-by: Tibor Vass <tibor@docker.com>
`--with-registry-auth` is more explicit.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 8426f72107f351b769babadeabbf13f205126514)
Signed-off-by: Tibor Vass <tibor@docker.com>
Implement the proposal from
https://github.com/docker/docker/issues/24430#issuecomment-233100121
Removes acceptance policy and secret in favor of an automatically
generated join token that combines the secret, CA hash, and
manager/worker role into a single opaque string.
Adds a docker swarm join-token subcommand to inspect and rotate the
tokens.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 2cc5bd33eef038bf5721582e2410ba459bb656e9)
Signed-off-by: Tibor Vass <tibor@docker.com>
this improves the formatting, and code-highlighting
of the `docker ps` reference page, and wraps sentences
to 80 chars
also adds single quotes around the formatting
example for labels.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 07ef0a37f85fbb3ba0be4a09bb301108bf461d96)
Signed-off-by: Tibor Vass <tibor@docker.com>
Looks like I copied from the line below, not
from the output :)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 83b12c0c1144dc3778177fab8dc5052108388f1e)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b5503ef0a511f5be11d9dcfa1359976f159d8a67)
Signed-off-by: Tibor Vass <tibor@docker.com>
Adds documentation for "--log-driver" and "--log-opt"
for services.
Also updated the API docs to include the new
options, and generated a more complete JSON
example.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5ece2a6e0d748fe3960a7459b745ceb4302e9202)
Signed-off-by: Tibor Vass <tibor@docker.com>
the output/response slightly changed in
340964db1c8f161a2ad156023eb47dcc93bf804b,
and `:latest` is no longer required for
various actions.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9d532b5e2d4e68888e38ad2793d9075815e230f7)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f49dc528ed29e6285c24ef356652cc8bc637c8c7)
Signed-off-by: Tibor Vass <tibor@docker.com>
This renames the '--bundle' flag for docker (stack) deploy
to be consistent with 'docker build'.
Note that there's no shorthand '-f' added for now,
because this may be confusing on 'docker stack config',
which also takes a file, and for which we may want to
have a '--format' flag in future.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 06f35262c47629fef78e36daaa2742c2c0d7c3a9)
Signed-off-by: Tibor Vass <tibor@docker.com>
this removes a copy/pasta whoopsie on my side,
introduced in de64324109d2694b1525e62b5c0072267282a36c
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit effbd2b76decd00444d963e10eabe2766bb8c89c)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Charles Smith <charles.smith@docker.com>
(cherry picked from commit 9594ac97ce0c6e0777716be2a35b47208d440e8e)
Signed-off-by: Tibor Vass <tibor@docker.com>
Also removes the `-f` flags of bundle to follow the single-letter flags
evaluation.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 10919e890942cbdaa65f180dbcd475d21b9c6713)
Signed-off-by: Tibor Vass <tibor@docker.com>
This adds the `--live-restore` option to the documentation.
Also synched usage description in the documentation
with the actual description, and re-phrased some
flag descriptions to be a bit more consistent.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 64a8317a5a306dffd0ec080d9ec5b4ceb2479a01)
Signed-off-by: Tibor Vass <tibor@docker.com>
- the constraint expression needs to be quoted
- add an actual redis container to run so the command line works
Signed-off-by: Anil Madhavapeddy <anil@docker.com>
(cherry picked from commit c37da1792d232b5a8545227d5819bb245df16023)
Signed-off-by: Tibor Vass <tibor@docker.com>
Update the output and fix wrong usage in a tutorial page.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit cc651bc642e3478062416b50171dbf5595daf4e4)
Signed-off-by: Tibor Vass <tibor@docker.com>
Update with the new remove flags
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit dbe310eff05cf5b67eab99d3cfff66c2680d01ac)
Signed-off-by: Tibor Vass <tibor@docker.com>
Using tabs here seems to cause copy/paste problems in some terminals.
Using spaces is safer.
Fixes#24609
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 6de8fcb2f2baf335fc24e10909078199af528e8d)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 7bf0faf42377a91a8535b443201d9ad62326889b)
Signed-off-by: Tibor Vass <tibor@docker.com>
This adds an `--oom-score-adjust` flag to the daemon so that the value
provided can be set for the docker daemon's process. The default value
for the flag is -500. This will allow the docker daemon to have a
less chance of being killed before containers do. The default value for
processes is 0 with a min/max of -1000/1000.
-500 is a good middle ground because it is less than the default for
most processes and still not -1000 which basically means never kill this
process in an OOM condition on the host machine. The only processes on
my machine that have a score less than -500 are dbus at -900 and sshd
and xfce( my window manager ) at -1000. I don't think docker should be
set lower, by default, than dbus or sshd so that is why I chose -500.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
(cherry picked from commit a894aec8d81de5484152a76d76b80809df9edd71)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit e4a024d5902df1d3db8b9fff8865304afa2305e6)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ea365e4cb37d037046364773d01a744b1258ce4e)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Mei ChunTao <mei.chuntao@zte.com.cn>
(cherry picked from commit acbe38a3ccb85be012d88f3109b688f8b815daaf)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Neil Peterson <neilpeterson@outlook.com>
(cherry picked from commit 8352089e8c78cdf71ac9eec0c125a35f9bf36ebc)
Signed-off-by: Tibor Vass <tibor@docker.com>
Add a `--network` flag which replaces `--net` without deprecating it
yet. The `--net` flag remains hidden and supported.
Add a `--network-alias` flag which replaces `--net-alias` without deprecating
it yet. The `--net-alias` flag remains hidden and supported.
Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
(cherry picked from commit c0c7d5e71586ec8e4d54aef9e061f061e9223cc4)
Signed-off-by: Tibor Vass <tibor@docker.com>
The "none" option was not added to the documentation.
This adds an example, and adds additional information
on manually accepting or rejecting a node.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 06517753c19262129202b224a35965a2686e49e9)
Signed-off-by: Tibor Vass <tibor@docker.com>
Add option to skip kernel check for older kernels which have been patched to support multiple lower directories in overlayfs.
Fixes#24023
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
(cherry picked from commit ff98da0607c4d6a94a2356d9ccaa64cc9d7f6a78)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: John Harris <john@johnharris.io>
(cherry picked from commit 8e148827734a94165156adfd0f6d202d28dff142)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Charles Smith <charles.smith@docker.com>
(cherry picked from commit 093817031acd2b8dc17cba5c3c994b2d6d19dc0e)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 1255e53e2890149df3c919af7aac88237069e1bb)
Signed-off-by: Tibor Vass <tibor@docker.com>
- Update ps with `--last` flag
- Update commands with current output
- Make sure hugo does not detect the wrong language
- Update usage for `tag` command to be more coherent with the other ones
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit f4cfc6b9830ed236eb588d6a4dddca7455145e70)
Signed-off-by: Tibor Vass <tibor@docker.com>
The current behavior of `docker swarm init` is to set up a swarm that
has no secret for joining, and does not require manual acceptance for
workers. Since workers may sometimes receive sensitive data such as pull
credentials, it makes sense to harden the defaults.
This change makes `docker swarm init` generate a random secret if none
is provided, and print it to the terminal. This secret will be needed to
join workers or managers to the swarm. In addition to improving access
control to the cluster, this setup removes an avenue for
denial-of-service attacks, since the secret is necessary to even create
an entry in the node list.
`docker swarm init --secret ""` will set up a swarm without a secret,
matching the old behavior. `docker swarm update --secret ""` removes the
automatically generated secret after `docker swarm init`.
Closes#23785
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 7342e42fcecbc243bcb8723b8422879662452017)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit a859a336475f39c7b7d7739c58a1dae40df86a86)
Signed-off-by: Tibor Vass <tibor@docker.com>
In #24159, the title field of `docker node ls` has been
changed from NAME to HOSTNAME. However, in the docs the
NAMEs are still used for the output of `docker node ls`.
This fix updates docs so that NAME field is changed to
HOSTNAME for all `docker node ls`.
This fix is related to #24159 and #24090.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 668b8a998f5ebbe66c7376c432a5fd87208add73)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Otto Kekäläinen <otto@seravo.fi>
(cherry picked from commit 644a7426cc31c338fedb6574d2b88d1cc2f43a08)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
(cherry picked from commit 585332dfe0b4b38f428deb680086b6d69275100d)
Signed-off-by: Tibor Vass <tibor@docker.com>
the flag is named '--read-only', not '--readonly'
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ac12696ff48aeb115e3d9ce3b13cfa54342b5aee)
Signed-off-by: Tibor Vass <tibor@docker.com>
minor typos and punctuation.
Signed-off-by: Alan Thompson <cloojure@gmail.com>
(cherry picked from commit 68b8cc9735e9f966dd0e7b3b2d56835310100c2a)
Signed-off-by: Tibor Vass <tibor@docker.com>
