From 15836782038638a20f4e214af6e92bdd01624726 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 14 Aug 2021 14:45:19 +0200 Subject: [PATCH] Add missing code-hints, and minor markdown edits - Add missing code-hints (console, yaml) - Consistently add an empty line after code-blocks - Combine some examples where the output and the command were put in separate blocks. With the "console" code-hint, this is no longer nescessary. - fix indentation in cloud/ecs-integration.md, which caused the numbered-list to be interrupted. Signed-off-by: Sebastiaan van Stijn --- _includes/content/compose-var-sub.md | 2 +- _includes/enable-buildkit.md | 2 +- cloud/ecs-integration.md | 54 ++++++++++--------- components.md | 1 + compose/completion.md | 1 + compose/compose-file/compose-file-v3.md | 5 +- compose/environment-variables.md | 4 +- compose/gpu-support.md | 9 ++-- compose/install.md | 2 + compose/networking.md | 1 + compose/reference/index.md | 8 +-- config/containers/resource_constraints.md | 1 + config/daemon/index.md | 4 +- config/formatting.md | 36 ++++++------- desktop/mac/index.md | 4 +- desktop/mac/networking.md | 4 +- desktop/mac/space.md | 9 ++-- desktop/windows/networking.md | 4 +- desktop/windows/troubleshoot.md | 4 +- desktop/windows/wsl.md | 4 +- .../dockerfile_best-practices.md | 1 + docker-hub/publish/certify-images.md | 10 ++-- docker-hub/publish/certify-plugins-logging.md | 32 +++++------ docsarchive.md | 10 ++-- engine/api/sdk/examples.md | 1 + engine/context/working-with-contexts.md | 32 +++++------ engine/reference/commandline/app.md | 43 +++++++-------- engine/release-notes/18.09.md | 1 + engine/scan/index.md | 1 + engine/security/rootless.md | 1 + engine/security/seccomp.md | 2 +- engine/security/trust/index.md | 16 +++--- engine/security/trust/trust_automation.md | 6 +-- engine/security/trust/trust_delegation.md | 12 ++--- engine/security/trust/trust_key_mng.md | 2 +- engine/swarm/configs.md | 1 + engine/swarm/secrets.md | 1 + engine/swarm/services.md | 19 ++++--- engine/swarm/swarm-mode.md | 1 + get-started/08_using_compose.md | 5 +- get-started/index.md | 5 +- language/golang/build-images.md | 12 ++--- language/golang/develop.md | 6 +-- language/golang/run-containers.md | 15 ++---- language/golang/run-tests.md | 3 -- language/nodejs/build-images.md | 2 +- language/nodejs/run-containers.md | 2 +- machine/drivers/hyper-v.md | 5 +- machine/reference/mount.md | 1 + network/host.md | 2 +- registry/garbage-collection.md | 2 +- registry/notifications.md | 2 +- registry/storage-drivers/s3.md | 3 +- samples/aspnet-mssql-compose.md | 4 +- samples/dotnetcore.md | 1 + samples/rails.md | 13 ++--- storage/volumes.md | 13 ++--- 57 files changed, 226 insertions(+), 221 deletions(-) diff --git a/_includes/content/compose-var-sub.md b/_includes/content/compose-var-sub.md index 2628e7eef1..2859687fb8 100644 --- a/_includes/content/compose-var-sub.md +++ b/_includes/content/compose-var-sub.md @@ -61,6 +61,6 @@ web: If you forget and use a single dollar sign (`$`), Compose interprets the value as an environment variable and warns you: -``` +```console The VAR_NOT_INTERPOLATED_BY_COMPOSE is not set. Substituting an empty string. ``` diff --git a/_includes/enable-buildkit.md b/_includes/enable-buildkit.md index aee2624039..c69911e86c 100644 --- a/_includes/enable-buildkit.md +++ b/_includes/enable-buildkit.md @@ -14,7 +14,7 @@ variable or by making BuildKit the default setting. To set the BuildKit environment variable when running the `docker build` command, run: -``` +```console $ DOCKER_BUILDKIT=1 docker build . ``` diff --git a/cloud/ecs-integration.md b/cloud/ecs-integration.md index ca0f574605..c9c0960aa0 100644 --- a/cloud/ecs-integration.md +++ b/cloud/ecs-integration.md @@ -522,35 +522,37 @@ use an existing domain name for your application: 1. Use the AWS web console or CLI to get your VPC and Subnets IDs. You can retrieve the default VPC ID and attached subnets using this AWS CLI commands: -```console -$ aws ec2 describe-vpcs --filters Name=isDefault,Values=true --query 'Vpcs[0].VpcId' + ```console + $ aws ec2 describe-vpcs --filters Name=isDefault,Values=true --query 'Vpcs[0].VpcId' + + "vpc-123456" + $ aws ec2 describe-subnets --filters Name=vpc-id,Values=vpc-123456 --query 'Subnets[*].SubnetId' + + [ + "subnet-1234abcd", + "subnet-6789ef00", + ] + ``` + +2. Use the AWS CLI to create your load balancer. The AWS Web Console can also be used but will require adding at least one listener, which we don't need here. -"vpc-123456" -$ aws ec2 describe-subnets --filters Name=vpc-id,Values=vpc-123456 --query 'Subnets[*].SubnetId' - -[ - "subnet-1234abcd", - "subnet-6789ef00", -] -``` -1. Use the AWS CLI to create your load balancer. The AWS Web Console can also be used but will require adding at least one listener, which we don't need here. - -```console -$ aws elbv2 create-load-balancer --name myloadbalancer --type application --subnets "subnet-1234abcd" "subnet-6789ef00" - -{ - "LoadBalancers": [ + ```console + $ aws elbv2 create-load-balancer --name myloadbalancer --type application --subnets "subnet-1234abcd" "subnet-6789ef00" + { - "IpAddressType": "ipv4", - "VpcId": "vpc-123456", - "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-1:1234567890:loadbalancer/app/myloadbalancer/123abcd456", - "DNSName": "myloadbalancer-123456.us-east-1.elb.amazonaws.com", -... -``` -1. To assign your application an existing domain name, you can configure your DNS with a -CNAME entry pointing to just-created loadbalancer's `DNSName` reported as you created the loadbalancer. + "LoadBalancers": [ + { + "IpAddressType": "ipv4", + "VpcId": "vpc-123456", + "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-1:1234567890:loadbalancer/app/myloadbalancer/123abcd456", + "DNSName": "myloadbalancer-123456.us-east-1.elb.amazonaws.com", + <...> + ``` + +3. To assign your application an existing domain name, you can configure your DNS with a + CNAME entry pointing to just-created loadbalancer's `DNSName` reported as you created the loadbalancer. -1. Use Loadbalancer ARN to set `x-aws-loadbalancer` in your compose file, and deploy your application using `docker compose up` command. +4. Use Loadbalancer ARN to set `x-aws-loadbalancer` in your compose file, and deploy your application using `docker compose up` command. Please note Docker ECS integration won't be aware of this domain name, so `docker compose ps` command will report URLs with loadbalancer DNSName, not your own domain. diff --git a/components.md b/components.md index 36d0990983..355684ac34 100644 --- a/components.md +++ b/components.md @@ -29,6 +29,7 @@ For components and controls we are using [Bootstrap](https://getbootstrap.com) ``` +
diff --git a/engine/context/working-with-contexts.md b/engine/context/working-with-contexts.md index 65d17f59ff..d986a1ad9f 100644 --- a/engine/context/working-with-contexts.md +++ b/engine/context/working-with-contexts.md @@ -40,7 +40,7 @@ A context is a combination of several properties. These include: The easiest way to see what a context looks like is to view the **default** context. -``` +```console $ docker context ls NAME DESCRIPTION DOCKER ENDPOINT KUBERNETES ENDPOINT ORCHESTRATOR default * Current... unix:///var/run/docker.sock swarm @@ -52,7 +52,7 @@ The asterisk in the `NAME` column indicates that this is the active context. Thi Dig a bit deeper with `docker context inspect`. In this example, we're inspecting the context called `default`. -``` +```console $ docker context inspect default [ { @@ -86,7 +86,7 @@ The following example creates a new context called "docker-test" and specifies t - Default orchestrator = Swarm - Issue commands to the local Unix socket `/var/run/docker.sock` -``` +```console $ docker context create docker-test \ --default-stack-orchestrator=swarm \ --docker host=unix:///var/run/docker.sock @@ -102,7 +102,7 @@ You can view the new context with `docker context ls` and `docker context inspec The following can be used to create a config with Kubernetes as the default orchestrator using the existing kubeconfig stored in `/home/ubuntu/.kube/config`. For this to work, you will need a valid kubeconfig file in `/home/ubuntu/.kube/config`. If your kubeconfig has more than one context, the current context (`kubectl config current-context`) will be used. -``` +```console $ docker context create k8s-test \ --default-stack-orchestrator=kubernetes \ --kubernetes config-file=/home/ubuntu/.kube/config \ @@ -113,7 +113,7 @@ Successfully created context "k8s-test" You can view all contexts on the system with `docker context ls`. -``` +```console $ docker context ls NAME DESCRIPTION DOCKER ENDPOINT KUBERNETES ENDPOINT ORCHESTRATOR default * Current unix:///var/run/docker.sock https://35.226.99.100 (default) swarm @@ -129,7 +129,7 @@ You can use `docker context use` to quickly switch between contexts. The following command will switch the `docker` CLI to use the "k8s-test" context. -``` +```console $ docker context use k8s-test k8s-test @@ -138,7 +138,7 @@ Current context is now "k8s-test" Verify the operation by listing all contexts and ensuring the asterisk ("\*") is against the "k8s-test" context. -``` +```console $ docker context ls NAME DESCRIPTION DOCKER ENDPOINT KUBERNETES ENDPOINT ORCHESTRATOR default Current DOCKER_HOST based configuration unix:///var/run/docker.sock https://35.226.99.100 (default) swarm @@ -154,13 +154,13 @@ Use the appropriate command below to set the context to `docker-test` using an e Windows PowerShell: -``` +```console > $Env:DOCKER_CONTEXT=docker-test ``` Linux: -``` +```console $ export DOCKER_CONTEXT=docker-test ``` @@ -168,7 +168,7 @@ Run a `docker context ls` to verify that the "docker-test" context is now the ac You can also use the global `--context` flag to override the context specified by the `DOCKER_CONTEXT` environment variable. For example, the following will send the command to a context called "production". -``` +```console $ docker --context production container ls ``` @@ -188,21 +188,21 @@ Let's look at exporting and importing a native Docker context. The following example exports an existing context called "docker-test". It will be written to a file called `docker-test.dockercontext`. -``` +```console $ docker context export docker-test Written file "docker-test.dockercontext" ``` Check the contents of the export file. -``` +```console $ cat docker-test.dockercontext meta.json0000644000000000000000000000022300000000000011023 0ustar0000000000000000{"Name":"docker-test","Metadata":{"StackOrchestrator":"swarm"},"Endpoints":{"docker":{"Host":"unix:///var/run/docker.sock","SkipTLSVerify":false}}}tls0000700000000000000000000000000000000000000007716 5ustar0000000000000000 ``` This file can be imported on another host using `docker context import`. The target host must have the Docker client installed. -``` +```console $ docker context import docker-test docker-test.dockercontext docker-test Successfully imported context "docker-test" @@ -220,14 +220,14 @@ You can export a Kubernetes context only if the context you are exporting has a These steps will use the `--kubeconfig` flag to export **only** the Kubernetes elements of the existing `k8s-test` context to a file called "k8s-test.kubeconfig". The `cat` command will then show that it's exported as a valid kubeconfig file. -``` +```console $ docker context export k8s-test --kubeconfig Written file "k8s-test.kubeconfig" ``` Verify that the exported file contains a valid kubectl config. -``` +```console $ cat k8s-test.kubeconfig apiVersion: v1 clusters: @@ -265,7 +265,7 @@ You can use `docker context update` to update fields in an existing context. The following example updates the "Description" field in the existing `k8s-test` context. -``` +```console $ docker context update k8s-test --description "Test Kubernetes cluster" k8s-test Successfully updated context "k8s-test" diff --git a/engine/reference/commandline/app.md b/engine/reference/commandline/app.md index 79d12adaf6..a39dc7a35c 100644 --- a/engine/reference/commandline/app.md +++ b/engine/reference/commandline/app.md @@ -68,7 +68,7 @@ it initializes a new project based on the Compose file. Use the following command to initialize a new empty project called "hello-world". -``` +```console $ docker app init hello-world Created "hello-world.dockerapp" ``` @@ -82,7 +82,7 @@ project with `.dockerapp` appended, and the three YAML files are: Inspect the YAML files with the following commands. -``` +```console $ cd hello-world.dockerapp/ $ cat docker-compose.yml @@ -116,19 +116,19 @@ This section describes editing the project YAML files so that it runs a simple w Use your preferred editor to edit the `docker-compose.yml` YAML file and update it with the following information: -``` +```yaml version: "3.6" services: hello: image: hashicorp/http-echo command: ["-text", "${hello.text}"] ports: - - ${hello.port}:5678 + - "${hello.port}:5678" ``` Update the `parameters.yml` file to the following: -``` +```yaml hello: port: 8080 text: Hello world! @@ -147,7 +147,7 @@ It is a quick way to check how to configure the application before deployment, w the `Compose file`. It's important to note that the application is not running at this point, and that the `inspect` operation inspects the configuration file(s). -``` +```console $ docker app inspect hello-world.dockerapp hello-world 0.1.0 @@ -171,7 +171,7 @@ The application is ready to be validated and rendered. Docker App provides the `validate` subcommand to check syntax and other aspects of the configuration. If the app passes validation, the command returns no arguments. -``` +```console $ docker app validate hello-world.dockerapp Validated "hello-world.dockerapp" ``` @@ -199,7 +199,7 @@ Use `docker app install` to deploy the application. Use the following command to deploy (install) the application. -``` +```console $ docker app install hello-world.dockerapp --name my-app Creating network my-app_default Creating service my-app_hello @@ -211,7 +211,7 @@ installation container and as a target context to deploy the application. You ca using the flag `--target-context` or by using the environment variable `DOCKER_TARGET_CONTEXT`. This flag is also available for the commands `status`, `upgrade`, and `uninstall`. -``` +```console $ docker app install hello-world.dockerapp --name my-app --target-context=my-big-production-cluster Creating network my-app_default Creating service my-app_hello @@ -223,7 +223,7 @@ valid if they are deployed on different target contexts. You can check the status of the app with the `docker app status ` command. -``` +```console $ docker app status my-app INSTALLATION ------------ @@ -254,7 +254,7 @@ miqdk1v7j3zk my-app_hello replicated 1/1 hashicorp/http-echo:la The app is deployed using the stack orchestrator. This means you can also inspect it using the regular `docker stack` commands. -``` +```console $ docker stack ls NAME SERVICES ORCHESTRATOR my-app 1 Swarm @@ -265,7 +265,8 @@ port 8080 and see the app. You must ensure traffic to port 8080 is allowed on the connection from your browser to your Docker host. Now change the port of the application using `docker app upgrade ` command. -``` + +```console $ docker app upgrade my-app --set hello.port=8181 Upgrading service my-app_hello Application "my-app" upgraded on context "default" @@ -286,13 +287,13 @@ Rendering is the process of reading the entire application configuration and out Use the following command to render the app to a Compose file called `docker-compose.yml` in the current directory. -``` +```console $ docker app render --output docker-compose.yml hello-world.dockerapp ``` Check the contents of the resulting `docker-compose.yml` file. -``` +```console $ cat docker-compose.yml version: "3.6" services: @@ -315,7 +316,7 @@ section of the project's YAML file. For example, `${hello.text}` has been expand Try to render the application with a different text: -``` +```console $ docker app render hello-world.dockerapp --set hello.text="Hello whales!" version: "3.6" services: @@ -333,7 +334,7 @@ services: Use `docker-compose up` to deploy the app. -``` +```console $ docker-compose up --detach WARNING: The Docker Engine you're using is running in swarm mode. @@ -354,7 +355,7 @@ Deploying the app as a Docker stack is a two-step process very similar to deploy Complete the steps in the previous section to render the Docker app project as a Compose file and make sure you're ready to deploy it as a Docker Stack. Your Docker host must be in Swarm mode. -``` +```console $ docker stack deploy hello-world-app -c docker-compose.yml Creating network hello-world-app_default Creating service hello-world-app_hello @@ -394,7 +395,7 @@ $ docker app push my-app --platform="linux/amd64" --tag /:0.1.0 Now that the app is pushed to the registry, try an `inspect` and `install` command against it. The location of your app is different from the one provided in the examples. -``` +```console $ docker app inspect myuser/hello-world:0.1.0 hello-world 0.1.0 @@ -412,7 +413,7 @@ This action was performed directly against the app in the registry. Now install it as a native Docker App by referencing the app in the registry, with a different port. -``` +```console $ docker app install myuser/hello-world:0.1.0 --set hello.port=8181 Creating network hello-world_default Creating service hello-world_hello @@ -424,14 +425,14 @@ Test that the app is working. The app used in these examples is a simple web server that displays the text "Hello world!" on port 8181, your app might be different. -``` +```console $ curl http://localhost:8181 Hello world! ``` Uninstall the app. -``` +```console $ docker app uninstall hello-world Removing service hello-world_hello Removing network hello-world_default diff --git a/engine/release-notes/18.09.md b/engine/release-notes/18.09.md index d26b1f849b..d66826473b 100644 --- a/engine/release-notes/18.09.md +++ b/engine/release-notes/18.09.md @@ -192,6 +192,7 @@ Run the following command to get the current value of the `MountFlags` property $ sudo systemctl show --property=MountFlags docker.service MountFlags= ``` + Update your configuration if this command prints a non-empty value for `MountFlags`, and restart the docker service. ### Security fixes diff --git a/engine/scan/index.md b/engine/scan/index.md index 4ee07235b7..e949682c2b 100644 --- a/engine/scan/index.md +++ b/engine/scan/index.md @@ -205,6 +205,7 @@ $ docker scan --json --group-issues docker-scan:e2e "path": "docker-scan:e2e" } ``` + You can find all the sources of the vulnerability in the `from` section. ### Checking the dependency tree diff --git a/engine/security/rootless.md b/engine/security/rootless.md index 0ab5148919..ff5ccb100a 100644 --- a/engine/security/rootless.md +++ b/engine/security/rootless.md @@ -176,6 +176,7 @@ If `dockerd-rootless-setuptool.sh` is not present, you may need to install the ` ```console $ sudo apt-get install -y docker-ce-rootless-extras ``` +
If you do not have permission to run package managers like `apt-get` and `dnf`, diff --git a/engine/security/seccomp.md b/engine/security/seccomp.md index 6ac67a1886..b4f51d3662 100644 --- a/engine/security/seccomp.md +++ b/engine/security/seccomp.md @@ -120,7 +120,7 @@ the reason each syscall is blocked rather than white-listed. You can pass `unconfined` to run a container without the default seccomp profile. -``` +```console $ docker run --rm -it --security-opt seccomp=unconfined debian:jessie \ unshare --map-root-user --user sh -c whoami ``` diff --git a/engine/security/trust/index.md b/engine/security/trust/index.md index 24cb2c12f0..9b5ac9e3aa 100644 --- a/engine/security/trust/index.md +++ b/engine/security/trust/index.md @@ -130,7 +130,7 @@ is automatically added to the local trust store. If you are importing a separate key, you will need to use the `$ docker trust key load` command. -``` +```console $ docker trust key generate jeff Generating key for jeff... Enter passphrase for new jeff key with ID 9deed25: @@ -140,7 +140,7 @@ Successfully generated and loaded private key. Corresponding public key availabl Or if you have an existing key: -``` +```console $ docker trust key load key.pem --name jeff Loading key from "key.pem"... Enter passphrase for new jeff key with ID 8ae710e: @@ -156,7 +156,7 @@ canonical root key. To understand more about initiating a repository, and the role of delegations, head to [delegations for content trust](trust_delegation.md). -``` +```console $ docker trust signer add --key cert.pem jeff registry.example.com/admin/demo Adding signer "jeff" to registry.example.com/admin/demo... Enter passphrase for new repository key with ID 10b5e94: @@ -165,7 +165,7 @@ Enter passphrase for new repository key with ID 10b5e94: Finally, we will use the delegation private key to sign a particular tag and push it up to the registry. -``` +```console $ docker trust sign registry.example.com/admin/demo:1 Signing and pushing trust data for local image registry.example.com/admin/demo:1, may overwrite remote trust data The push refers to repository [registry.example.com/admin/demo] @@ -179,7 +179,7 @@ Successfully signed registry.example.com/admin/demo:1 Alternatively, once the keys have been imported an image can be pushed with the `$ docker push` command, by exporting the DCT environmental variable. -``` +```console $ export DOCKER_CONTENT_TRUST=1 $ docker push registry.example.com/admin/demo:1 @@ -194,7 +194,7 @@ Successfully signed registry.example.com/admin/demo:1 Remote trust data for a tag or a repository can be viewed by the `$ docker trust inspect` command: -``` +```console $ docker trust inspect --pretty registry.example.com/admin/demo:1 Signatures for registry.example.com/admin/demo:1 @@ -215,7 +215,7 @@ Administrative keys for registry.example.com/admin/demo:1 Remote Trust data for a tag can be removed by the `$ docker trust revoke` command: -``` +```console $ docker trust revoke registry.example.com/admin/demo:1 Enter passphrase for signer key with ID 8ae710e: Successfully deleted signature for registry.example.com/admin/demo:1 @@ -241,7 +241,7 @@ For example, with DCT enabled a `docker pull someimage:latest` only succeeds if `someimage:latest` is signed. However, an operation with an explicit content hash always succeeds as long as the hash exists: -``` +```console $ docker pull registry.example.com/user/image:1 Error: remote trust data does not exist for registry.example.com/user/image: registry.example.com does not have trust data for registry.example.com/user/image diff --git a/engine/security/trust/trust_automation.md b/engine/security/trust/trust_automation.md index f1647cf4f8..3f59a96047 100644 --- a/engine/security/trust/trust_automation.md +++ b/engine/security/trust/trust_automation.md @@ -20,7 +20,7 @@ To automate importing a delegation private key to the local Docker trust store, need to pass a passphrase for the new key. This passphrase will be required everytime that delegation signs a tag. -``` +```console $ export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="mypassphrase123" $ docker trust key load delegation.key --name jeff @@ -35,7 +35,7 @@ public key, then you will need to use the local Notary Canonical Root Key's passphrase to create the repositories trust data. If the repository has already been initiated then you only need the repositories passphrase. -``` +```console # Export the Local Root Key Passphrase if required. $ export DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE="rootpassphrase123" @@ -56,7 +56,7 @@ Finally when signing an image, we will need to export the passphrase of the signing key. This was created when the key was loaded into the local Docker trust store with `$ docker trust key load`. -``` +```console $ export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="mypassphrase123" $ docker trust sign registry.example.com/admin/demo:1 diff --git a/engine/security/trust/trust_delegation.md b/engine/security/trust/trust_delegation.md index a5c4480573..21d5bd15df 100644 --- a/engine/security/trust/trust_delegation.md +++ b/engine/security/trust/trust_delegation.md @@ -28,28 +28,28 @@ server URL is the same as the registry URL. However, for self-hosted environments or 3rd party registries, you will need to specify an alternative URL for the notary server. This is done with: -``` -export DOCKER_CONTENT_TRUST_SERVER=https://: +```console +$ export DOCKER_CONTENT_TRUST_SERVER=https://: ``` If you do not export this variable in self-hosted environments, you may see errors such as: -``` +```console $ docker trust signer add --key cert.pem jeff registry.example.com/admin/demo Adding signer "jeff" to registry.example.com/admin/demo... -[...] +<...> Error: trust data missing for remote repository registry.example.com/admin/demo or remote repository not found: timestamp key trust data unavailable. Has a notary repository been initialized? $ docker trust inspect registry.example.com/admin/demo --pretty WARN[0000] Error while downloading remote metadata, using cached timestamp - this might not be the latest version available remotely -[...] +<...> ``` If you have enabled authentication for your notary server, or are using DTR, you will need to log in before you can push data to the notary server. -``` +```console $ docker login registry.example.com/user/repo Username: admin Password: diff --git a/engine/security/trust/trust_key_mng.md b/engine/security/trust/trust_key_mng.md index e5da1f7a6e..a8aa06b8e5 100644 --- a/engine/security/trust/trust_key_mng.md +++ b/engine/security/trust/trust_key_mng.md @@ -79,7 +79,7 @@ This loss also requires **manual intervention** from every consumer that pulled the tagged image prior to the loss. Image consumers would get an error for content that they already downloaded: -``` +```console Warning: potential malicious behavior - trust data has insufficient signatures for remote repository docker.io/my/image: valid signatures did not meet threshold ``` diff --git a/engine/swarm/configs.md b/engine/swarm/configs.md index edcdbb732f..fc2f7dbe9a 100644 --- a/engine/swarm/configs.md +++ b/engine/swarm/configs.md @@ -244,6 +244,7 @@ This example assumes that you have PowerShell installed. ``` + 2. If you have not already done so, initialize or join the swarm. ```powershell diff --git a/engine/swarm/secrets.md b/engine/swarm/secrets.md index 95098ae6a8..c7aacb8328 100644 --- a/engine/swarm/secrets.md +++ b/engine/swarm/secrets.md @@ -276,6 +276,7 @@ This example assumes that you have PowerShell installed. ``` + 2. If you have not already done so, initialize or join the swarm. ```powershell diff --git a/engine/swarm/services.md b/engine/swarm/services.md index f5a68b8a71..ee9e5a51e9 100644 --- a/engine/swarm/services.md +++ b/engine/swarm/services.md @@ -132,22 +132,25 @@ The credential spec contained in the specified `config` is used. The following simple example retrieves the gMSA name and JSON contents from your Active Directory (AD) instance: - ``` -name="mygmsa" -contents="{...}" -echo $contents > contents.json + ```console +$ name="mygmsa" +$ contents="{...}" +$ echo $contents > contents.json ``` + Make sure that the nodes to which you are deploying are correctly configured for the gMSA. To use a Config as a credential spec, create a Docker Config in a credential spec file named `credpspec.json`. You can specify any name for the name of the `config`. +```console +$ docker config create --label com.docker.gmsa.name=mygmsa credspec credspec.json ``` -docker config create --label com.docker.gmsa.name=mygmsa credspec credspec.json -``` + Now you can create a service using this credential spec. Specify the `--credential-spec` flag with the config name: -``` -docker service create --credential-spec="config://credspec" + +```console +$ docker service create --credential-spec="config://credspec" ``` Your service uses the gMSA credential spec when it starts, but unlike a typical Docker Config (used by passing the --config flag), the credential spec is not mounted into the container. diff --git a/engine/swarm/swarm-mode.md b/engine/swarm/swarm-mode.md index 956fda59e8..9636b66482 100644 --- a/engine/swarm/swarm-mode.md +++ b/engine/swarm/swarm-mode.md @@ -63,6 +63,7 @@ To add a worker to this swarm, run the following command: To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions. ``` + ### Configuring default address pools By default Docker Swarm uses a default address pool `10.0.0.0/8` for global scope (overlay) networks. Every diff --git a/get-started/08_using_compose.md b/get-started/08_using_compose.md index 7e55a1670a..62af7e919f 100644 --- a/get-started/08_using_compose.md +++ b/get-started/08_using_compose.md @@ -117,7 +117,8 @@ docker run -dp 3000:3000 ` ports: - 3000:3000 ``` -4. Next, we'll migrate both the working directory (`-w /app`) and the volume mapping (`-v "$(pwd):/app"`) by using + +5. Next, we'll migrate both the working directory (`-w /app`) and the volume mapping (`-v "$(pwd):/app"`) by using the `working_dir` and `volumes` definitions. Volumes also has a [short](../compose/compose-file/compose-file-v3.md#short-syntax-3) and [long](../compose/compose-file/compose-file-v3.md#long-syntax-3) syntax. One advantage of Docker Compose volume definitions is we can use relative paths from the current directory. @@ -136,7 +137,7 @@ docker run -dp 3000:3000 ` - ./:/app ``` -5. Finally, we need to migrate the environment variable definitions using the `environment` key. +6. Finally, we need to migrate the environment variable definitions using the `environment` key. ```yaml version: "3.7" diff --git a/get-started/index.md b/get-started/index.md index f60620149a..d439aa095d 100644 --- a/get-started/index.md +++ b/get-started/index.md @@ -107,8 +107,9 @@ You'll notice a few flags being used. Here's some more info on them: > > You can combine single character flags to shorten the full command. > As an example, the command above could be written as: -> ``` -> docker run -dp 80:80 docker/getting-started +> +> ```console +> $ docker run -dp 80:80 docker/getting-started > ``` ## The Docker Dashboard diff --git a/language/golang/build-images.md b/language/golang/build-images.md index 39a8cdea0e..8a15eaa38f 100644 --- a/language/golang/build-images.md +++ b/language/golang/build-images.md @@ -236,9 +236,7 @@ Let's build our first Docker image! ```console $ docker build --tag docker-gs-ping . -``` -``` [+] Building 3.6s (12/12) FINISHED => [internal] load build definition from Dockerfile 0.1s => => transferring dockerfile: 38B 0.0s @@ -273,9 +271,7 @@ To list images, simply run the `images` command: ```console $ docker images -``` -``` REPOSITORY TAG IMAGE ID CREATED SIZE docker-gs-ping latest 336a3f164d0f 39 minutes ago 540MB postgres 13.2 c5ec7353d87d 7 weeks ago 314MB @@ -301,9 +297,7 @@ Now run the `docker images` command to see the updated list of local images: ```console $ docker images -``` -``` REPOSITORY TAG IMAGE ID CREATED SIZE docker-gs-ping latest 336a3f164d0f 43 minutes ago 540MB docker-gs-ping v1.0 336a3f164d0f 43 minutes ago 540MB @@ -323,9 +317,7 @@ Notice that the response from Docker tells us that the image has not been remove ```console $ docker images -``` -``` REPOSITORY TAG IMAGE ID CREATED SIZE docker-gs-ping latest 336a3f164d0f 45 minutes ago 540MB postgres 13.2 c5ec7353d87d 7 weeks ago 314MB @@ -385,7 +377,9 @@ $ docker build -t docker-gs-ping:multistage -f Dockerfile.multistage . Comparing the sizes of `docker-gs-ping:multistage` and `docker-gs-ping:latest` we see an order-of-magnitude difference! -``` +```console +$ docker images + REPOSITORY TAG IMAGE ID CREATED SIZE docker-gs-ping multistage e3fdde09f172 About a minute ago 27.1MB docker-gs-ping latest 336a3f164d0f About an hour ago 540MB diff --git a/language/golang/develop.md b/language/golang/develop.md index 75a317354b..3342892ef3 100644 --- a/language/golang/develop.md +++ b/language/golang/develop.md @@ -132,8 +132,8 @@ $ docker exec -it roach ./cockroach sql --insecure An example of interaction with the SQL shell is presented below. {% raw %} -``` -oliver@hki:~$ sudo docker exec -it roach ./cockroach sql --insecure +```console +$ sudo docker exec -it roach ./cockroach sql --insecure # # Welcome to the CockroachDB SQL shell. # All statements must be terminated by a semicolon. @@ -580,7 +580,7 @@ This Docker Compose configuration is super convenient as we do not have to type Docker Compose will automatically read environment variables from a `.env` file if it is available. Since our Compose file requires `PGPASSWORD` to be set, we add the following content to the `.env` file: -``` +```bash PGPASSWORD=whatever ``` diff --git a/language/golang/run-containers.md b/language/golang/run-containers.md index aa65e90d24..ad720d921d 100644 --- a/language/golang/run-containers.md +++ b/language/golang/run-containers.md @@ -92,9 +92,7 @@ Since we ran our container in the background, how do we know if our container is ```console $ docker ps -``` -``` CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d75e61fcad1e docker-gs-ping "/docker-gs-ping" 41 seconds ago Up 40 seconds 0.0.0.0:8080->8080/tcp inspiring_ishizaka ``` @@ -112,6 +110,7 @@ Now rerun the `docker ps` command to see a list of running containers. ```console $ docker ps + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ``` @@ -120,10 +119,8 @@ CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES Docker containers can be started, stopped and restarted. When we stop a container, it is not removed but the status is changed to stopped and the process inside of the container is stopped. When we ran the `docker ps` command, the default output is to only show running containers. If we pass the `--all` or `-a` for short, we will see all containers on our system, that is stopped containers and running containers. ```console -$ docker ps -a -``` +$ docker ps -all -``` CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d75e61fcad1e docker-gs-ping "/docker-gs-ping" About a minute ago Exited (2) 23 seconds ago inspiring_ishizaka f65dbbb9a548 docker-gs-ping "/docker-gs-ping" 3 minutes ago Exited (2) 2 minutes ago wizardly_joliot @@ -142,10 +139,8 @@ $ docker restart inspiring_ishizaka Now, list all the containers again using the `ps` command: ```console -$ docker ps --all -``` +$ docker ps -a -``` CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d75e61fcad1e docker-gs-ping "/docker-gs-ping" 2 minutes ago Up 5 seconds 0.0.0.0:8080->8080/tcp inspiring_ishizaka f65dbbb9a548 docker-gs-ping "/docker-gs-ping" 4 minutes ago Exited (2) 2 minutes ago wizardly_joliot @@ -172,9 +167,7 @@ Again, make sure you replace the containers names in the below command with the ```console $ docker rm inspiring_ishizaka wizardly_joliot magical_carson gifted_mestorf -``` -``` inspiring_ishizaka wizardly_joliot magical_carson @@ -194,9 +187,7 @@ $ docker run -d -p 8080:8080 --name rest-server docker-gs-ping ```console $ docker ps -``` -``` CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 3bbc6a3102ea docker-gs-ping "/docker-gs-ping" 25 seconds ago Up 24 seconds 0.0.0.0:8080->8080/tcp rest-server ``` diff --git a/language/golang/run-tests.md b/language/golang/run-tests.md index 244e3e6a79..6925ebc024 100644 --- a/language/golang/run-tests.md +++ b/language/golang/run-tests.md @@ -84,9 +84,6 @@ That was a bit... underwhelming? Let's ask it to print a bit more detail, just t ```console $ go test -v ./... -``` - -``` === RUN TestRespondsWithLove main_test.go:47: container not ready, waiting... --- PASS: TestRespondsWithLove (5.24s) diff --git a/language/nodejs/build-images.md b/language/nodejs/build-images.md index 3d93ba6740..8957892e68 100644 --- a/language/nodejs/build-images.md +++ b/language/nodejs/build-images.md @@ -255,7 +255,7 @@ The Docker tag command creates a new tag for an image. It does not create a new Now run the `docker images` command to see a list of our local images. -``` +```console $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE node-docker latest 3809733582bc 24 minutes ago 945MB diff --git a/language/nodejs/run-containers.md b/language/nodejs/run-containers.md index 564f9057ac..64ad1fe8ca 100644 --- a/language/nodejs/run-containers.md +++ b/language/nodejs/run-containers.md @@ -93,7 +93,7 @@ $ curl --request POST \ Since we ran our container in the background, how do we know if our container is running or what other containers are running on our machine? Well, we can run the `docker ps` command. Just like on Linux, to see a list of processes on your machine we would run the ps command. In the same spirit, we can run the `docker ps` command which will show us a list of containers running on our machine. -``` +```console $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ce02b3179f0f node-docker "docker-entrypoint.s…" 6 minutes ago Up 6 minutes 0.0.0.0:8000->8000/tcp wonderful_kalam diff --git a/machine/drivers/hyper-v.md b/machine/drivers/hyper-v.md index e38f7a8870..dfc5947cf2 100644 --- a/machine/drivers/hyper-v.md +++ b/machine/drivers/hyper-v.md @@ -93,7 +93,7 @@ Reboot your desktop system to clear out any routing table problems. Without a re which asks you to create [three networked host machines](../../engine/swarm/swarm-tutorial/index.md#three-networked-host-machines), you can create these swarm nodes: `manager1`, `worker1`, `worker2`. -* Use the Microsoft Hyper-V driver and reference the new virtual switch you created. +* Use the Microsoft Hyper-V driver and reference the new virtual switch you created. ```console $ docker-machine create -d hyperv --hyperv-virtual-switch @@ -127,7 +127,8 @@ Reboot your desktop system to clear out any routing table problems. Without a re ker\Docker\Resources\bin\docker-machine.exe env manager1 PS C:\WINDOWS\system32> ``` -* Use the same process, driver, and network switch to create the other nodes. + +* Use the same process, driver, and network switch to create the other nodes. For our example, the commands are: diff --git a/machine/reference/mount.md b/machine/reference/mount.md index b9e487179b..26c8216ae0 100644 --- a/machine/reference/mount.md +++ b/machine/reference/mount.md @@ -46,5 +46,6 @@ You can also call `fuserunmount` (or `fusermount -u`) commands directly. $ docker-machine mount -u dev:/home/docker/foo foo $ rmdir foo ``` + **Files are actually being stored on the machine, *not* on the host.** So make sure to make a copy of any files you want to keep, before removing it! diff --git a/network/host.md b/network/host.md index b02575bfbf..d7ed3706c3 100644 --- a/network/host.md +++ b/network/host.md @@ -16,7 +16,7 @@ address. > take effect, and the `-p`, `--publish`, `-P`, and `--publish-all` option are > ignored, producing a warning instead: > -> ``` +> ```console > WARNING: Published ports are discarded when using host network mode > ``` diff --git a/registry/garbage-collection.md b/registry/garbage-collection.md index 7683286501..688238be83 100644 --- a/registry/garbage-collection.md +++ b/registry/garbage-collection.md @@ -100,7 +100,7 @@ gives a clear indication of items eligible for deletion. The config.yml file should be in the following format: -``` +```yaml version: 0.1 storage: filesystem: diff --git a/registry/notifications.md b/registry/notifications.md index 7d190392cc..2bdaa97164 100644 --- a/registry/notifications.md +++ b/registry/notifications.md @@ -159,7 +159,7 @@ request coming to an endpoint. An example of a full event may look as follows: -``` +```http request GET /callback HTTP/1.1 Host: application/vnd.docker.distribution.events.v1+json Authorization: Bearer diff --git a/registry/storage-drivers/s3.md b/registry/storage-drivers/s3.md index 91a13dc632..39cafa5a88 100644 --- a/registry/storage-drivers/s3.md +++ b/registry/storage-drivers/s3.md @@ -84,6 +84,7 @@ The following AWS policy is required by the registry for push and pull. Make sur ] } ``` + See [the S3 policy documentation](http://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) for more details. # CloudFront as Middleware with S3 backend @@ -135,7 +136,7 @@ are still directly written to S3. The following example shows a minimum configuration: -``` +```yaml ... storage: s3: diff --git a/samples/aspnet-mssql-compose.md b/samples/aspnet-mssql-compose.md index eb913841c3..3db6c8ca2b 100644 --- a/samples/aspnet-mssql-compose.md +++ b/samples/aspnet-mssql-compose.md @@ -127,7 +127,7 @@ configure this app to use our SQL Server database, and then create a > variable below to the one you defined in the `docker-compose.yml` file. ```csharp - [...] + <...> public void ConfigureServices(IServiceCollection services) { // Database connection string. @@ -149,7 +149,7 @@ configure this app to use our SQL Server database, and then create a services.AddTransient(); services.AddTransient(); } - [...] + <...> ``` 1. Go to `app.csproj`. You see a line like: diff --git a/samples/dotnetcore.md b/samples/dotnetcore.md index 77155595fa..ae398b8491 100644 --- a/samples/dotnetcore.md +++ b/samples/dotnetcore.md @@ -73,6 +73,7 @@ ENTRYPOINT ["dotnet", "aspnetapp.dll"] bin/ obj/ ``` + ### Method 2 (build app outside Docker container): 1. Create a `Dockerfile` in your project folder. diff --git a/samples/rails.md b/samples/rails.md index 4c065d9078..2ccfac77ac 100644 --- a/samples/rails.md +++ b/samples/rails.md @@ -50,6 +50,7 @@ Create an empty `Gemfile.lock` file to build our `Dockerfile`. ```console $ touch Gemfile.lock ``` + Next, provide an entrypoint script to fix a Rails-specific issue that prevents the server from restarting when a certain `server.pid` file pre-exists. This script will be executed every time the container gets started. @@ -184,14 +185,12 @@ test: database: myapp_test ``` -You can now boot the app with [docker-compose up](../compose/reference/up.md): +You can now boot the app with [docker-compose up](../compose/reference/up.md). +If all is well, you should see some PostgreSQL output: ```console $ docker-compose up -``` -If all's well, you should see some PostgreSQL output. -```bash rails_db_1 is up-to-date Creating rails_web_1 ... done Attaching to rails_db_1, rails_web_1 @@ -208,12 +207,6 @@ Finally, you need to create the database. In another terminal, run: ```console $ docker-compose run web rake db:create -``` -Here is an example of the output from that command: - -```console -$ docker-compose run web rake db:create - Starting rails_db_1 ... done Created database 'myapp_development' Created database 'myapp_test' diff --git a/storage/volumes.md b/storage/volumes.md index eb214690d0..b8c2f7763c 100644 --- a/storage/volumes.md +++ b/storage/volumes.md @@ -511,6 +511,7 @@ $ docker volume create \ --opt o=addr=uxxxxx.your-server.de,username=uxxxxxxx,password=*****,file_mode=0777,dir_mode=0777 \ --name cif-volume ``` + Notice the `addr` option is required if using a hostname instead of an IP so docker can perform the hostname lookup. ## Backup, restore, or migrate data volumes @@ -522,7 +523,7 @@ Volumes are useful for backups, restores, and migrations. Use the For example, create a new container named `dbstore`: -``` +```console $ docker run -v /dbdata --name dbstore ubuntu /bin/bash ``` @@ -532,7 +533,7 @@ Then in the next command, we: - Mount a local host directory as `/backup` - Pass a command that tars the contents of the `dbdata` volume to a `backup.tar` file inside our `/backup` directory. -``` +```console $ docker run --rm --volumes-from dbstore -v $(pwd):/backup ubuntu tar cvf /backup/backup.tar /dbdata ``` @@ -546,13 +547,13 @@ another that you made elsewhere. For example, create a new container named `dbstore2`: -``` +```console $ docker run -v /dbdata --name dbstore2 ubuntu /bin/bash ``` Then un-tar the backup file in the new container`s data volume: -``` +```console $ docker run --rm --volumes-from dbstore2 -v $(pwd):/backup ubuntu bash -c "cd /dbdata && tar xvf /backup/backup.tar --strip 1" ``` @@ -573,7 +574,7 @@ To automatically remove anonymous volumes, use the `--rm` option. For example, this command creates an anonymous `/foo` volume. When the container is removed, the Docker Engine removes the `/foo` volume but not the `awesome` volume. -``` +```console $ docker run --rm -v /foo -v awesome:/bar busybox top ``` @@ -581,7 +582,7 @@ $ docker run --rm -v /foo -v awesome:/bar busybox top To remove all unused volumes and free up space: -``` +```console $ docker volume prune ```