Refresh CLI for 17.06.1

This commit is contained in:
Misty Stanley-Jones 2017-07-31 15:31:13 -07:00 committed by Misty Stanley-Jones
parent 9969181bf3
commit 07b81a84ac
26 changed files with 470 additions and 220 deletions

View File

@ -12,7 +12,7 @@ long: |-
> not be interacting with the terminal at that time.
You can attach to the same contained process multiple times simultaneously,
even as a different user with the appropriate permissions.
from different sessions on the Docker host.
To stop a container, use `CTRL-c`. This key sequence sends `SIGKILL` to the
container. If `--sig-proxy` is true (the default),`CTRL-c` sends a `SIGINT` to

View File

@ -1,11 +1,11 @@
command: docker build
short: Build an image from a Dockerfile
long: |-
Builds Docker images from a Dockerfile and a "context". A build's context is
the files located in the specified `PATH` or `URL`. The build process can refer
to any of the files in the context. For example, your build can use an
[*ADD*](../builder.md#add) instruction to reference a file in the
context.
The `docker build` command builds Docker images from a Dockerfile and a
"context". A build's context is the set of files located in the specified
`PATH` or `URL`. The build process can refer to any of the files in the
context. For example, your build can use a [*COPY*](../builder.md#copy)
instruction to reference a file in the context.
The `URL` parameter can refer to three kinds of resources: Git repositories,
pre-packaged tarball contexts and plain text files.
@ -16,7 +16,7 @@ long: |-
repository acts as the build context. The system recursively fetches the
repository and its submodules. The commit history is not preserved. A
repository is first pulled into a temporary directory on your local host. After
that succeeds, the directory is sent to the Docker daemon as the context.
the that succeeds, the directory is sent to the Docker daemon as the context.
Local copy gives you the ability to access private repositories using local
user credentials, VPN's, and so forth.
@ -26,7 +26,7 @@ long: |-
Git URLs accept context configuration in their fragment section, separated by a
colon `:`. The first part represents the reference that Git will check out,
this can be either a branch, a tag, or a remote reference. The second part
and can be either a branch, a tag, or a remote reference. The second part
represents a subdirectory inside the repository that will be used as a build
context.

View File

@ -21,7 +21,9 @@ long: |-
the user and primary group at the destination. For example, files copied to a
container are created with `UID:GID` of the root user. Files copied to the local
machine are created with the `UID:GID` of the user which invoked the `docker cp`
command. If you specify the `-L` option, `docker cp` follows any symbolic link
command. However, if you specify the `-a` option, `docker cp` sets the ownership
to the user and primary group at the source.
If you specify the `-L` option, `docker cp` follows any symbolic link
in the `SRC_PATH`. `docker cp` does *not* create parent directories for
`DEST_PATH` if they do not exist.

View File

@ -51,9 +51,9 @@ long: |-
Docker plugins report the following events:
- `install`
- `enable`
- `disable`
- `install`
- `remove`
#### Volumes
@ -61,9 +61,9 @@ long: |-
Docker volumes report the following events:
- `create`
- `destroy`
- `mount`
- `unmount`
- `destroy`
#### Networks
@ -71,8 +71,9 @@ long: |-
- `create`
- `connect`
- `disconnect`
- `destroy`
- `disconnect`
- `remove`
#### Daemons
@ -80,6 +81,38 @@ long: |-
- `reload`
#### Services
Docker services report the following events:
- `create`
- `remove`
- `update`
#### Nodes
Docker nodes report the following events:
- `create`
- `remove`
- `update`
#### Secrets
Docker secrets report the following events:
- `create`
- `remove`
- `update`
#### Configs
Docker configs report the following events:
- `create`
- `remove`
- `update`
### Limiting, filtering, and formatting the output
#### Limit events by time
@ -120,7 +153,8 @@ long: |-
* label (`label=<key>` or `label=<key>=<value>`)
* network (`network=<name or id>`)
* plugin (`plugin=<name or id>`)
* type (`type=<container or image or volume or network or daemon or plugin>`)
* scope (`scope=<local or swarm>`)
* type (`type=<container or image or volume or network or daemon or plugin or service or node or secret or config>`)
* volume (`volume=<name or id>`)
#### Format
@ -299,6 +333,29 @@ examples: |-
2016-07-25T17:30:14.825557616Z plugin pull ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest)
2016-07-25T17:30:14.888127370Z plugin enable ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest)
$ docker events -f type=service
2017-07-12T06:34:07.999446625Z service create wj64st89fzgchxnhiqpn8p4oj (name=reverent_albattani)
2017-07-12T06:34:21.405496207Z service remove wj64st89fzgchxnhiqpn8p4oj (name=reverent_albattani)
$ docker events -f type=node
2017-07-12T06:21:51.951586759Z node update 3xyz5ttp1a253q74z1thwywk9 (name=ip-172-31-23-42, state.new=ready, state.old=unknown)
$ docker events -f type=secret
2017-07-12T06:32:13.915704367Z secret create s8o6tmlnndrgzbmdilyy5ymju (name=new_secret)
2017-07-12T06:32:37.052647783Z secret remove s8o6tmlnndrgzbmdilyy5ymju (name=new_secret)
$ docker events -f type=config
2017-07-12T06:44:13.349037127Z config create u96zlvzdfsyb9sg4mhyxfh3rl (name=abc)
2017-07-12T06:44:36.327694184Z config remove u96zlvzdfsyb9sg4mhyxfh3rl (name=abc)
$ docker events --filter 'scope=swarm'
2017-07-10T07:46:50.250024503Z service create m8qcxu8081woyof7w3jaax6gk (name=affectionate_wilson)
2017-07-10T07:47:31.093797134Z secret create 6g5pufzsv438p9tbvl9j94od4 (name=new_secret)
```
### Format the output

View File

@ -41,53 +41,23 @@ options:
- option: user
shorthand: u
description: 'Username or UID (format: <name|uid>[:<group|gid>])'
examples: |-
### Run `docker exec` on a running container
First, start a container.
```bash
$ docker run --name ubuntu_bash --rm -i -t ubuntu bash
```
This will create a container named `ubuntu_bash` and start a Bash session.
Next, execute a command on the container.
```bash
$ docker exec -d ubuntu_bash touch /tmp/execWorks
```
This will create a new file `/tmp/execWorks` inside the running container
`ubuntu_bash`, in the background.
Next, execute an interactive `bash` shell on the container.
```bash
$ docker exec -it ubuntu_bash bash
```
This will create a new Bash session in the container `ubuntu_bash`.
### Try to run `docker exec` on a paused container
If the container is paused, then the `docker exec` command will fail with an error:
```bash
$ docker pause test
test
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1ae3b36715d2 ubuntu:latest "bash" 17 seconds ago Up 16 seconds (Paused) test
$ docker exec test ls
FATA[0000] Error response from daemon: Container test is paused, unpause the container before exec
$ echo $?
1
```
examples: "### Run `docker exec` on a running container\n\nFirst, start a container.\n\n```bash\n$
docker run --name ubuntu_bash --rm -i -t ubuntu bash\n```\n\nThis will create a
container named `ubuntu_bash` and start a Bash session.\n\nNext, execute a command
on the container.\n\n```bash\n$ docker exec -d ubuntu_bash touch /tmp/execWorks\n```\n\nThis
will create a new file `/tmp/execWorks` inside the running container\n`ubuntu_bash`,
in the background.\n\nNext, execute an interactive `bash` shell on the container.\n\n```bash\n$
docker exec -it ubuntu_bash bash\n```\n\nThis will create a new Bash session in
the container `ubuntu_bash`.\n\nNext, set an environment variable in the current
bash session.\n\n```bash\n$ docker exec -it -e VAR=1 ubuntu_bash bash\n```\n\nThis
will create a new Bash session in the container `ubuntu_bash` with environment \nvariable
`$VAR` set to \"1\". Note that this environment variable will only be valid \non
the current Bash session.\n\n\n### Try to run `docker exec` on a paused container\n\nIf
the container is paused, then the `docker exec` command will fail with an error:\n\n```bash\n$
docker pause test\n\ntest\n\n$ docker ps\n\nCONTAINER ID IMAGE COMMAND
\ CREATED STATUS PORTS NAMES\n1ae3b36715d2
\ ubuntu:latest \"bash\" 17 seconds ago Up 16 seconds
(Paused) test\n\n$ docker exec test ls\n\nFATA[0000] Error
response from daemon: Container test is paused, unpause the container before exec\n\n$
echo $?\n1\n```"

View File

@ -37,7 +37,7 @@ examples: "```bash\n$ docker node ls\n\nID HOSTNAME
following filter matches nodes with the `foo` label regardless of its value.\n\n```bash\n$
docker node ls -f \"label=foo\"\n\nID HOSTNAME STATUS
\ AVAILABILITY MANAGER STATUS\n1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Ready
\ Active\n```\n\n#### membersip\n\nThe `membership` filter matches nodes based
\ Active\n```\n\n#### membership\n\nThe `membership` filter matches nodes based
on the presence of a `membership` and a value\n`accepted` or `pending`.\n\nThe following
filter matches nodes with the `membership` of `accepted`.\n\n```bash\n$ docker node
ls -f \"membership=accepted\"\n\nID HOSTNAME STATUS

View File

@ -66,20 +66,21 @@ examples: |-
The currently supported filters are:
* id (container's id)
* label (`label=<key>` or `label=<key>=<value>`)
* name (container's name)
* exited (int - the code of exited containers. Only useful with `--all`)
* status (`created|restarting|running|removing|paused|exited|dead`)
* ancestor (`<image-name>[:<tag>]`, `<image id>` or `<image@digest>`) - filters containers that were created from the given image or a descendant.
* before (container's id or name) - filters containers created before given id or name
* since (container's id or name) - filters containers created since given id or name
* isolation (`default|process|hyperv`) (Windows daemon only)
* volume (volume name or mount point) - filters containers that mount volumes.
* network (network id or name) - filters containers connected to the provided network
* health (starting|healthy|unhealthy|none) - filters containers based on healthcheck status
* publish=(container's published port) - filters published ports by containers
* expose=(container's exposed port) - filters exposed ports by containers
| Filter | Description |
|:----------------------|:-------------------------------------------------------------------------------------------------------------------------------------|
| `id` | container's ID |
| `name` | container's name |
| `label` | An arbitrary string representing either a key or a key-value pair |
| `exited` | An integer representing the container's exit code. Only useful with `--all`. |
| `status` | One of `created|restarting|running|removing|paused|exited|dead` |
| `ancestor` | Filters containers which share a given image as an ancestor. Expressed as `<image-name>[:<tag>]`, `<image id>`, or `<image@digest>` |
| `before` or `since` | Filters containers created before or after a given container ID or name |
| `volume` | Filters running containers which have mounted a given volume or bind mount. |
| `network` | Filters running containers connected to a given network. |
| `publish` or `expose` | Filters containers which publish or expose a given port. |
| `health` | One of `starting|healthy|unhealthy|none`. Filters containers based on their healthcheck status. |
| `isolation` | Windows daemon only. One of `default|process|hyperv`. |
#### label
@ -371,21 +372,21 @@ examples: |-
Valid placeholders for the Go template are listed below:
Placeholder | Description
--------------|----------------------------------------------------------------------------------------------------
`.ID` | Container ID
`.Image` | Image ID
`.Command` | Quoted command
`.CreatedAt` | Time when the container was created.
`.RunningFor` | Elapsed time since the container was started.
`.Ports` | Exposed ports.
`.Status` | Container status.
`.Size` | Container disk size.
`.Names` | Container names.
`.Labels` | All labels assigned to the container.
`.Label` | Value of a specific label for this container. For example `'{{.Label "com.docker.swarm.cpu"}}'`
`.Mounts` | Names of the volumes mounted in this container.
`.Networks` | Names of the networks attached to this container.
| Placeholder | Description |
|:--------------|:------------------------------------------------------------------------------------------------|
| `.ID` | Container ID |
| `.Image` | Image ID |
| `.Command` | Quoted command |
| `.CreatedAt` | Time when the container was created. |
| `.RunningFor` | Elapsed time since the container was started. |
| `.Ports` | Exposed ports. |
| `.Status` | Container status. |
| `.Size` | Container disk size. |
| `.Names` | Container names. |
| `.Labels` | All labels assigned to the container. |
| `.Label` | Value of a specific label for this container. For example `'{{.Label "com.docker.swarm.cpu"}}'` |
| `.Mounts` | Names of the volumes mounted in this container. |
| `.Networks` | Names of the networks attached to this container. |
When using the `--format` option, the `ps` command will either output the data
exactly as the template declares or, when using the `table` directive, includes

View File

@ -862,6 +862,41 @@ examples: |-
PS C:\> docker run -d --isolation hyperv microsoft/nanoserver powershell echo hyperv
```
### Specify hard limits on memory available to containers (-m, --memory)
These parameters always set an upper limit on the memory available to the container. On Linux, this
is set on the cgroup and applications in a container can query it at `/sys/fs/cgroup/memory/memory.limit_in_bytes`.
On Windows, this will affect containers differently depending on what type of isolation is used.
- With `process` isolation, Windows will report the full memory of the host system, not the limit to applications running inside the container
```powershell
docker run -it -m 2GB --isolation=process microsoft/nanoserver powershell Get-ComputerInfo *memory*
CsTotalPhysicalMemory : 17064509440
CsPhyicallyInstalledMemory : 16777216
OsTotalVisibleMemorySize : 16664560
OsFreePhysicalMemory : 14646720
OsTotalVirtualMemorySize : 19154928
OsFreeVirtualMemory : 17197440
OsInUseVirtualMemory : 1957488
OsMaxProcessMemorySize : 137438953344
```
- With `hyperv` isolation, Windows will create a utility VM that is big enough to hold the memory limit, plus the minimal OS needed to host the container. That size is reported as "Total Physical Memory."
```powershell
docker run -it -m 2GB --isolation=hyperv microsoft/nanoserver powershell Get-ComputerInfo *memory*
CsTotalPhysicalMemory : 2683355136
CsPhyicallyInstalledMemory :
OsTotalVisibleMemorySize : 2620464
OsFreePhysicalMemory : 2306552
OsTotalVirtualMemorySize : 2620464
OsFreeVirtualMemory : 2356692
OsInUseVirtualMemory : 263772
OsMaxProcessMemorySize : 137438953344
```
### Configure namespaced kernel parameters (sysctls) at runtime
The `--sysctl` sets namespaced kernel parameters (sysctls) in the

View File

@ -64,19 +64,19 @@ examples: "### Search images by name\n\nThis example displays images with a name
made from scratch. Comes in git and cURL flavors. 8 [OK]\n```\n\n###
Limit search results (--limit)\n\nThe flag `--limit` is the maximum number of results
returned by a search. This value could\nbe in the range between 1 and 100. The default
value of `--limit` is 25.\n\n\n### Filtering\n\nThe filtering flag (`-f` or `--filter`)
value of `--limit` is 25.\n\n### Filtering\n\nThe filtering flag (`-f` or `--filter`)
format is a `key=value` pair. If there is more\nthan one filter, then pass multiple
flags (e.g. `--filter \"foo=bar\" --filter \"bif=baz\"`)\n\nThe currently supported
filters are:\n\n* stars (int - number of stars the image has)\n* is-automated (true|false)
- is the image automated or not\n* is-official (true|false) - is the image official
or not\n\n\n#### stars\n\nThis example displays images with a name containing 'busybox'
and at\nleast 3 stars:\n\n```bash\n$ docker search --filter stars=3 busybox\n\nNAME
\ DESCRIPTION STARS OFFICIAL
\ AUTOMATED\nbusybox Busybox base image. 325
filters are:\n\n* stars (int - number of stars the image has)\n* is-automated (boolean
- true or false) - is the image automated or not\n* is-official (boolean - true
or false) - is the image official or not\n\n#### stars\n\nThis example displays
images with a name containing 'busybox' and at\nleast 3 stars:\n\n```bash\n$ docker
search --filter stars=3 busybox\n\nNAME DESCRIPTION STARS
\ OFFICIAL AUTOMATED\nbusybox Busybox base image. 325
\ [OK] \nprogrium/busybox 50
\ [OK]\nradial/busyboxplus Full-chain, Internet enabled, busybox
made... 8 [OK]\n```\n\n\n#### is-automated\n\nThis example
displays images with a name containing 'busybox'\nand are automated builds:\n\n```bash\n$
made... 8 [OK]\n```\n\n#### is-automated\n\nThis example displays
images with a name containing 'busybox'\nand are automated builds:\n\n```bash\n$
docker search --filter is-automated busybox\n\nNAME DESCRIPTION
\ STARS OFFICIAL AUTOMATED\nprogrium/busybox
\ 50 [OK]\nradial/busyboxplus

View File

@ -249,6 +249,8 @@ examples: |-
4cdgfyky7ozwh3htjfw0d12qv
```
To grant a service access to multiple secrets, use multiple `--secret` flags.
Secrets are located in `/run/secrets` in the container. If no target is
specified, the name of the secret will be used as the in memory file in the
container. If a target is specified, that will be the filename. In the
@ -273,10 +275,26 @@ examples: |-
### Set environment variables (-e, --env)
This sets environmental variables for all tasks in a service. For example:
This sets an environmental variable for all tasks in a service. For example:
```bash
$ docker service create --name redis_2 --replicas 5 --env MYVAR=foo redis:3.0.6
$ docker service create \
--name redis_2 \
--replicas 5 \
--env MYVAR=foo \
redis:3.0.6
```
To specify multiple environment variables, specify multiple `--env` flags, each
with a separate key-value pair.
```bash
$ docker service create \
--name redis_2 \
--replicas 5 \
--env MYVAR=foo \
--env MYVAR2=bar \
redis:3.0.6
```
### Create a service with specific hostname (--hostname)
@ -843,6 +861,24 @@ examples: |-
$ docker service create --name dns-cache -p 53:53/udp dns-cache
```
### Provide credential specs for managed service accounts (Windows only)
This option is only used for services using Windows containers. The
`--credential-spec` must be in the format `file://<filename>` or
`registry://<value-name>`.
When using the `file://<filename>` format, the referenced file must be
present in the `CredentialSpecs` subdirectory in the docker data directory,
which defaults to `C:\ProgramData\Docker\` on Windows. For example,
specifying `file://spec.json` loads `C:\ProgramData\Docker\CredentialSpecs\spec.json`.
When using the `registry://<value-name>` format, the credential spec is
read from the Windows registry on the daemon's host. The specified
registry value must be located in:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs
### Create services using templates
You can use templates for some flags of `service create`, using the syntax

View File

@ -26,7 +26,7 @@ options:
examples: |-
### Compose file
The `deploy` command supports compose file version `3.0` and above."
The `deploy` command supports compose file version `3.0` and above.
```bash
$ docker stack deploy --compose-file docker-compose.yml vossibility
@ -43,7 +43,28 @@ examples: |-
Creating service vossibility_lookupd
```
You can verify that the services were correctly created
Only a single Compose file is accepted. If your configuration is split between
multiple Compose files, e.g. a base configuration and environment-specific overrides,
you can combine these by passing them to `docker-compose config` with the `-f` option
and redirecting the merged output into a new file.
```bash
$ docker-compose -f docker-compose.yml -f docker-compose.prod.yml config > docker-stack.yml
$ docker stack deploy --compose-file docker-stack.yml vossibility
Ignoring unsupported options: links
Creating network vossibility_vossibility
Creating network vossibility_default
Creating service vossibility_nsqd
Creating service vossibility_logstash
Creating service vossibility_elasticsearch
Creating service vossibility_kibana
Creating service vossibility_ghollector
Creating service vossibility_lookupd
```
You can verify that the services were correctly created:
```bash
$ docker service ls

View File

@ -16,6 +16,9 @@ options:
shorthand: f
default_value: "false"
description: Do not prompt for confirmation
- option: volumes
default_value: "false"
description: Prune volumes
examples: "```bash\n$ docker system prune -a\n\nWARNING! This will remove:\n\t- all
stopped containers\n\t- all volumes not used by at least one container\n\t- all
networks not used by at least one container\n\t- all images without at least one

View File

@ -145,11 +145,11 @@ examples: |-
Placeholder | Description
--------------|------------------------------------------------------------------------------------------
`.Name` | Network name
`.Driver` | Network driver
`.Scope` | Network scope (local, global)
`.Mountpoint` | Whether the network is internal or not.
`.Labels` | All labels assigned to the volume.
`.Name` | Volume name
`.Driver` | Volume driver
`.Scope` | Volume scope (local, global)
`.Mountpoint` | The mount point of the volume on the host
`.Labels` | All labels assigned to the volume
`.Label` | Value of a specific label for this volume. For example `{{.Label "project.version"}}`
When using the `--format` option, the `volume ls` command will either

View File

@ -12,7 +12,7 @@ long: |-
> not be interacting with the terminal at that time.
You can attach to the same contained process multiple times simultaneously,
even as a different user with the appropriate permissions.
from different sessions on the Docker host.
To stop a container, use `CTRL-c`. This key sequence sends `SIGKILL` to the
container. If `--sig-proxy` is true (the default),`CTRL-c` sends a `SIGINT` to

View File

@ -1,11 +1,11 @@
command: docker build
short: Build an image from a Dockerfile
long: |-
Builds Docker images from a Dockerfile and a "context". A build's context is
the files located in the specified `PATH` or `URL`. The build process can refer
to any of the files in the context. For example, your build can use an
[*ADD*](../builder.md#add) instruction to reference a file in the
context.
The `docker build` command builds Docker images from a Dockerfile and a
"context". A build's context is the set of files located in the specified
`PATH` or `URL`. The build process can refer to any of the files in the
context. For example, your build can use a [*COPY*](../builder.md#copy)
instruction to reference a file in the context.
The `URL` parameter can refer to three kinds of resources: Git repositories,
pre-packaged tarball contexts and plain text files.
@ -16,7 +16,7 @@ long: |-
repository acts as the build context. The system recursively fetches the
repository and its submodules. The commit history is not preserved. A
repository is first pulled into a temporary directory on your local host. After
that succeeds, the directory is sent to the Docker daemon as the context.
the that succeeds, the directory is sent to the Docker daemon as the context.
Local copy gives you the ability to access private repositories using local
user credentials, VPN's, and so forth.
@ -26,7 +26,7 @@ long: |-
Git URLs accept context configuration in their fragment section, separated by a
colon `:`. The first part represents the reference that Git will check out,
this can be either a branch, a tag, or a remote reference. The second part
and can be either a branch, a tag, or a remote reference. The second part
represents a subdirectory inside the repository that will be used as a build
context.

View File

@ -21,7 +21,9 @@ long: |-
the user and primary group at the destination. For example, files copied to a
container are created with `UID:GID` of the root user. Files copied to the local
machine are created with the `UID:GID` of the user which invoked the `docker cp`
command. If you specify the `-L` option, `docker cp` follows any symbolic link
command. However, if you specify the `-a` option, `docker cp` sets the ownership
to the user and primary group at the source.
If you specify the `-L` option, `docker cp` follows any symbolic link
in the `SRC_PATH`. `docker cp` does *not* create parent directories for
`DEST_PATH` if they do not exist.

View File

@ -51,9 +51,9 @@ long: |-
Docker plugins report the following events:
- `install`
- `enable`
- `disable`
- `install`
- `remove`
#### Volumes
@ -61,9 +61,9 @@ long: |-
Docker volumes report the following events:
- `create`
- `destroy`
- `mount`
- `unmount`
- `destroy`
#### Networks
@ -71,8 +71,9 @@ long: |-
- `create`
- `connect`
- `disconnect`
- `destroy`
- `disconnect`
- `remove`
#### Daemons
@ -80,6 +81,38 @@ long: |-
- `reload`
#### Services
Docker services report the following events:
- `create`
- `remove`
- `update`
#### Nodes
Docker nodes report the following events:
- `create`
- `remove`
- `update`
#### Secrets
Docker secrets report the following events:
- `create`
- `remove`
- `update`
#### Configs
Docker configs report the following events:
- `create`
- `remove`
- `update`
### Limiting, filtering, and formatting the output
#### Limit events by time
@ -120,7 +153,8 @@ long: |-
* label (`label=<key>` or `label=<key>=<value>`)
* network (`network=<name or id>`)
* plugin (`plugin=<name or id>`)
* type (`type=<container or image or volume or network or daemon or plugin>`)
* scope (`scope=<local or swarm>`)
* type (`type=<container or image or volume or network or daemon or plugin or service or node or secret or config>`)
* volume (`volume=<name or id>`)
#### Format
@ -299,6 +333,29 @@ examples: |-
2016-07-25T17:30:14.825557616Z plugin pull ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest)
2016-07-25T17:30:14.888127370Z plugin enable ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest)
$ docker events -f type=service
2017-07-12T06:34:07.999446625Z service create wj64st89fzgchxnhiqpn8p4oj (name=reverent_albattani)
2017-07-12T06:34:21.405496207Z service remove wj64st89fzgchxnhiqpn8p4oj (name=reverent_albattani)
$ docker events -f type=node
2017-07-12T06:21:51.951586759Z node update 3xyz5ttp1a253q74z1thwywk9 (name=ip-172-31-23-42, state.new=ready, state.old=unknown)
$ docker events -f type=secret
2017-07-12T06:32:13.915704367Z secret create s8o6tmlnndrgzbmdilyy5ymju (name=new_secret)
2017-07-12T06:32:37.052647783Z secret remove s8o6tmlnndrgzbmdilyy5ymju (name=new_secret)
$ docker events -f type=config
2017-07-12T06:44:13.349037127Z config create u96zlvzdfsyb9sg4mhyxfh3rl (name=abc)
2017-07-12T06:44:36.327694184Z config remove u96zlvzdfsyb9sg4mhyxfh3rl (name=abc)
$ docker events --filter 'scope=swarm'
2017-07-10T07:46:50.250024503Z service create m8qcxu8081woyof7w3jaax6gk (name=affectionate_wilson)
2017-07-10T07:47:31.093797134Z secret create 6g5pufzsv438p9tbvl9j94od4 (name=new_secret)
```
### Format the output

View File

@ -41,53 +41,23 @@ options:
- option: user
shorthand: u
description: 'Username or UID (format: <name|uid>[:<group|gid>])'
examples: |-
### Run `docker exec` on a running container
First, start a container.
```bash
$ docker run --name ubuntu_bash --rm -i -t ubuntu bash
```
This will create a container named `ubuntu_bash` and start a Bash session.
Next, execute a command on the container.
```bash
$ docker exec -d ubuntu_bash touch /tmp/execWorks
```
This will create a new file `/tmp/execWorks` inside the running container
`ubuntu_bash`, in the background.
Next, execute an interactive `bash` shell on the container.
```bash
$ docker exec -it ubuntu_bash bash
```
This will create a new Bash session in the container `ubuntu_bash`.
### Try to run `docker exec` on a paused container
If the container is paused, then the `docker exec` command will fail with an error:
```bash
$ docker pause test
test
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1ae3b36715d2 ubuntu:latest "bash" 17 seconds ago Up 16 seconds (Paused) test
$ docker exec test ls
FATA[0000] Error response from daemon: Container test is paused, unpause the container before exec
$ echo $?
1
```
examples: "### Run `docker exec` on a running container\n\nFirst, start a container.\n\n```bash\n$
docker run --name ubuntu_bash --rm -i -t ubuntu bash\n```\n\nThis will create a
container named `ubuntu_bash` and start a Bash session.\n\nNext, execute a command
on the container.\n\n```bash\n$ docker exec -d ubuntu_bash touch /tmp/execWorks\n```\n\nThis
will create a new file `/tmp/execWorks` inside the running container\n`ubuntu_bash`,
in the background.\n\nNext, execute an interactive `bash` shell on the container.\n\n```bash\n$
docker exec -it ubuntu_bash bash\n```\n\nThis will create a new Bash session in
the container `ubuntu_bash`.\n\nNext, set an environment variable in the current
bash session.\n\n```bash\n$ docker exec -it -e VAR=1 ubuntu_bash bash\n```\n\nThis
will create a new Bash session in the container `ubuntu_bash` with environment \nvariable
`$VAR` set to \"1\". Note that this environment variable will only be valid \non
the current Bash session.\n\n\n### Try to run `docker exec` on a paused container\n\nIf
the container is paused, then the `docker exec` command will fail with an error:\n\n```bash\n$
docker pause test\n\ntest\n\n$ docker ps\n\nCONTAINER ID IMAGE COMMAND
\ CREATED STATUS PORTS NAMES\n1ae3b36715d2
\ ubuntu:latest \"bash\" 17 seconds ago Up 16 seconds
(Paused) test\n\n$ docker exec test ls\n\nFATA[0000] Error
response from daemon: Container test is paused, unpause the container before exec\n\n$
echo $?\n1\n```"

View File

@ -37,7 +37,7 @@ examples: "```bash\n$ docker node ls\n\nID HOSTNAME
following filter matches nodes with the `foo` label regardless of its value.\n\n```bash\n$
docker node ls -f \"label=foo\"\n\nID HOSTNAME STATUS
\ AVAILABILITY MANAGER STATUS\n1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Ready
\ Active\n```\n\n#### membersip\n\nThe `membership` filter matches nodes based
\ Active\n```\n\n#### membership\n\nThe `membership` filter matches nodes based
on the presence of a `membership` and a value\n`accepted` or `pending`.\n\nThe following
filter matches nodes with the `membership` of `accepted`.\n\n```bash\n$ docker node
ls -f \"membership=accepted\"\n\nID HOSTNAME STATUS

View File

@ -66,20 +66,21 @@ examples: |-
The currently supported filters are:
* id (container's id)
* label (`label=<key>` or `label=<key>=<value>`)
* name (container's name)
* exited (int - the code of exited containers. Only useful with `--all`)
* status (`created|restarting|running|removing|paused|exited|dead`)
* ancestor (`<image-name>[:<tag>]`, `<image id>` or `<image@digest>`) - filters containers that were created from the given image or a descendant.
* before (container's id or name) - filters containers created before given id or name
* since (container's id or name) - filters containers created since given id or name
* isolation (`default|process|hyperv`) (Windows daemon only)
* volume (volume name or mount point) - filters containers that mount volumes.
* network (network id or name) - filters containers connected to the provided network
* health (starting|healthy|unhealthy|none) - filters containers based on healthcheck status
* publish=(container's published port) - filters published ports by containers
* expose=(container's exposed port) - filters exposed ports by containers
| Filter | Description |
|:----------------------|:-------------------------------------------------------------------------------------------------------------------------------------|
| `id` | container's ID |
| `name` | container's name |
| `label` | An arbitrary string representing either a key or a key-value pair |
| `exited` | An integer representing the container's exit code. Only useful with `--all`. |
| `status` | One of `created|restarting|running|removing|paused|exited|dead` |
| `ancestor` | Filters containers which share a given image as an ancestor. Expressed as `<image-name>[:<tag>]`, `<image id>`, or `<image@digest>` |
| `before` or `since` | Filters containers created before or after a given container ID or name |
| `volume` | Filters running containers which have mounted a given volume or bind mount. |
| `network` | Filters running containers connected to a given network. |
| `publish` or `expose` | Filters containers which publish or expose a given port. |
| `health` | One of `starting|healthy|unhealthy|none`. Filters containers based on their healthcheck status. |
| `isolation` | Windows daemon only. One of `default|process|hyperv`. |
#### label
@ -371,21 +372,21 @@ examples: |-
Valid placeholders for the Go template are listed below:
Placeholder | Description
--------------|----------------------------------------------------------------------------------------------------
`.ID` | Container ID
`.Image` | Image ID
`.Command` | Quoted command
`.CreatedAt` | Time when the container was created.
`.RunningFor` | Elapsed time since the container was started.
`.Ports` | Exposed ports.
`.Status` | Container status.
`.Size` | Container disk size.
`.Names` | Container names.
`.Labels` | All labels assigned to the container.
`.Label` | Value of a specific label for this container. For example `'{{.Label "com.docker.swarm.cpu"}}'`
`.Mounts` | Names of the volumes mounted in this container.
`.Networks` | Names of the networks attached to this container.
| Placeholder | Description |
|:--------------|:------------------------------------------------------------------------------------------------|
| `.ID` | Container ID |
| `.Image` | Image ID |
| `.Command` | Quoted command |
| `.CreatedAt` | Time when the container was created. |
| `.RunningFor` | Elapsed time since the container was started. |
| `.Ports` | Exposed ports. |
| `.Status` | Container status. |
| `.Size` | Container disk size. |
| `.Names` | Container names. |
| `.Labels` | All labels assigned to the container. |
| `.Label` | Value of a specific label for this container. For example `'{{.Label "com.docker.swarm.cpu"}}'` |
| `.Mounts` | Names of the volumes mounted in this container. |
| `.Networks` | Names of the networks attached to this container. |
When using the `--format` option, the `ps` command will either output the data
exactly as the template declares or, when using the `table` directive, includes

View File

@ -862,6 +862,41 @@ examples: |-
PS C:\> docker run -d --isolation hyperv microsoft/nanoserver powershell echo hyperv
```
### Specify hard limits on memory available to containers (-m, --memory)
These parameters always set an upper limit on the memory available to the container. On Linux, this
is set on the cgroup and applications in a container can query it at `/sys/fs/cgroup/memory/memory.limit_in_bytes`.
On Windows, this will affect containers differently depending on what type of isolation is used.
- With `process` isolation, Windows will report the full memory of the host system, not the limit to applications running inside the container
```powershell
docker run -it -m 2GB --isolation=process microsoft/nanoserver powershell Get-ComputerInfo *memory*
CsTotalPhysicalMemory : 17064509440
CsPhyicallyInstalledMemory : 16777216
OsTotalVisibleMemorySize : 16664560
OsFreePhysicalMemory : 14646720
OsTotalVirtualMemorySize : 19154928
OsFreeVirtualMemory : 17197440
OsInUseVirtualMemory : 1957488
OsMaxProcessMemorySize : 137438953344
```
- With `hyperv` isolation, Windows will create a utility VM that is big enough to hold the memory limit, plus the minimal OS needed to host the container. That size is reported as "Total Physical Memory."
```powershell
docker run -it -m 2GB --isolation=hyperv microsoft/nanoserver powershell Get-ComputerInfo *memory*
CsTotalPhysicalMemory : 2683355136
CsPhyicallyInstalledMemory :
OsTotalVisibleMemorySize : 2620464
OsFreePhysicalMemory : 2306552
OsTotalVirtualMemorySize : 2620464
OsFreeVirtualMemory : 2356692
OsInUseVirtualMemory : 263772
OsMaxProcessMemorySize : 137438953344
```
### Configure namespaced kernel parameters (sysctls) at runtime
The `--sysctl` sets namespaced kernel parameters (sysctls) in the

View File

@ -64,19 +64,19 @@ examples: "### Search images by name\n\nThis example displays images with a name
made from scratch. Comes in git and cURL flavors. 8 [OK]\n```\n\n###
Limit search results (--limit)\n\nThe flag `--limit` is the maximum number of results
returned by a search. This value could\nbe in the range between 1 and 100. The default
value of `--limit` is 25.\n\n\n### Filtering\n\nThe filtering flag (`-f` or `--filter`)
value of `--limit` is 25.\n\n### Filtering\n\nThe filtering flag (`-f` or `--filter`)
format is a `key=value` pair. If there is more\nthan one filter, then pass multiple
flags (e.g. `--filter \"foo=bar\" --filter \"bif=baz\"`)\n\nThe currently supported
filters are:\n\n* stars (int - number of stars the image has)\n* is-automated (true|false)
- is the image automated or not\n* is-official (true|false) - is the image official
or not\n\n\n#### stars\n\nThis example displays images with a name containing 'busybox'
and at\nleast 3 stars:\n\n```bash\n$ docker search --filter stars=3 busybox\n\nNAME
\ DESCRIPTION STARS OFFICIAL
\ AUTOMATED\nbusybox Busybox base image. 325
filters are:\n\n* stars (int - number of stars the image has)\n* is-automated (boolean
- true or false) - is the image automated or not\n* is-official (boolean - true
or false) - is the image official or not\n\n#### stars\n\nThis example displays
images with a name containing 'busybox' and at\nleast 3 stars:\n\n```bash\n$ docker
search --filter stars=3 busybox\n\nNAME DESCRIPTION STARS
\ OFFICIAL AUTOMATED\nbusybox Busybox base image. 325
\ [OK] \nprogrium/busybox 50
\ [OK]\nradial/busyboxplus Full-chain, Internet enabled, busybox
made... 8 [OK]\n```\n\n\n#### is-automated\n\nThis example
displays images with a name containing 'busybox'\nand are automated builds:\n\n```bash\n$
made... 8 [OK]\n```\n\n#### is-automated\n\nThis example displays
images with a name containing 'busybox'\nand are automated builds:\n\n```bash\n$
docker search --filter is-automated busybox\n\nNAME DESCRIPTION
\ STARS OFFICIAL AUTOMATED\nprogrium/busybox
\ 50 [OK]\nradial/busyboxplus

View File

@ -249,6 +249,8 @@ examples: |-
4cdgfyky7ozwh3htjfw0d12qv
```
To grant a service access to multiple secrets, use multiple `--secret` flags.
Secrets are located in `/run/secrets` in the container. If no target is
specified, the name of the secret will be used as the in memory file in the
container. If a target is specified, that will be the filename. In the
@ -273,10 +275,26 @@ examples: |-
### Set environment variables (-e, --env)
This sets environmental variables for all tasks in a service. For example:
This sets an environmental variable for all tasks in a service. For example:
```bash
$ docker service create --name redis_2 --replicas 5 --env MYVAR=foo redis:3.0.6
$ docker service create \
--name redis_2 \
--replicas 5 \
--env MYVAR=foo \
redis:3.0.6
```
To specify multiple environment variables, specify multiple `--env` flags, each
with a separate key-value pair.
```bash
$ docker service create \
--name redis_2 \
--replicas 5 \
--env MYVAR=foo \
--env MYVAR2=bar \
redis:3.0.6
```
### Create a service with specific hostname (--hostname)
@ -843,6 +861,24 @@ examples: |-
$ docker service create --name dns-cache -p 53:53/udp dns-cache
```
### Provide credential specs for managed service accounts (Windows only)
This option is only used for services using Windows containers. The
`--credential-spec` must be in the format `file://<filename>` or
`registry://<value-name>`.
When using the `file://<filename>` format, the referenced file must be
present in the `CredentialSpecs` subdirectory in the docker data directory,
which defaults to `C:\ProgramData\Docker\` on Windows. For example,
specifying `file://spec.json` loads `C:\ProgramData\Docker\CredentialSpecs\spec.json`.
When using the `registry://<value-name>` format, the credential spec is
read from the Windows registry on the daemon's host. The specified
registry value must be located in:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs
### Create services using templates
You can use templates for some flags of `service create`, using the syntax

View File

@ -26,7 +26,7 @@ options:
examples: |-
### Compose file
The `deploy` command supports compose file version `3.0` and above."
The `deploy` command supports compose file version `3.0` and above.
```bash
$ docker stack deploy --compose-file docker-compose.yml vossibility
@ -43,7 +43,28 @@ examples: |-
Creating service vossibility_lookupd
```
You can verify that the services were correctly created
Only a single Compose file is accepted. If your configuration is split between
multiple Compose files, e.g. a base configuration and environment-specific overrides,
you can combine these by passing them to `docker-compose config` with the `-f` option
and redirecting the merged output into a new file.
```bash
$ docker-compose -f docker-compose.yml -f docker-compose.prod.yml config > docker-stack.yml
$ docker stack deploy --compose-file docker-stack.yml vossibility
Ignoring unsupported options: links
Creating network vossibility_vossibility
Creating network vossibility_default
Creating service vossibility_nsqd
Creating service vossibility_logstash
Creating service vossibility_elasticsearch
Creating service vossibility_kibana
Creating service vossibility_ghollector
Creating service vossibility_lookupd
```
You can verify that the services were correctly created:
```bash
$ docker service ls

View File

@ -16,6 +16,9 @@ options:
shorthand: f
default_value: "false"
description: Do not prompt for confirmation
- option: volumes
default_value: "false"
description: Prune volumes
examples: "```bash\n$ docker system prune -a\n\nWARNING! This will remove:\n\t- all
stopped containers\n\t- all volumes not used by at least one container\n\t- all
networks not used by at least one container\n\t- all images without at least one

View File

@ -145,11 +145,11 @@ examples: |-
Placeholder | Description
--------------|------------------------------------------------------------------------------------------
`.Name` | Network name
`.Driver` | Network driver
`.Scope` | Network scope (local, global)
`.Mountpoint` | Whether the network is internal or not.
`.Labels` | All labels assigned to the volume.
`.Name` | Volume name
`.Driver` | Volume driver
`.Scope` | Volume scope (local, global)
`.Mountpoint` | The mount point of the volume on the host
`.Labels` | All labels assigned to the volume
`.Label` | Value of a specific label for this volume. For example `{{.Label "project.version"}}`
When using the `--format` option, the `volume ls` command will either