docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

removed deleted pages (#15459)

This commit is contained in:
David Karlsson 2022-08-26 07:58:27 +02:00 committed by GitHub
parent 586c46bf50
commit 232d94dc71
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
37 changed files with 8 additions and 2002 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
docker-hub/publish/byol.md
View File

@ -1,43 +0,0 @@
---
description: Submit a product to be listed on Docker Hub
keywords: Docker, docker, hub, purchase images
title: Bring Your Own License (BYOL) products on Docker Hub
redirect_from:
- /docker-store/byol/
---
## What is Bring Your Own License (BYOL)?
Bring Your Own License (BYOL) allows customers with existing software licenses
to easily migrate to the containerized version of the software that you make
available on Docker Hub.
To see and access the BYOL product listing of an Independent Softare Vendor
(ISV), customers simply subscribe to the product with their Docker ID. We call
this **Ungated BYOL**.
ISVs can use the Docker Hub as an entitlement and distribution platform
for their various audiences, such as:
- Existing customers that want their licensed software made available as Docker containers.
- New customers that are only interested in consuming their software as Docker containers.
## Ungated BYOL
### Prerequisites and setup
To use Docker as your fulfillment service, an ISV must:
- [Apply and be approved as a Docker Hub Vendor Partner](https://goto.docker.com/partners)
- Apply and be approved to list an Ungated BYOL product
- Create one or more Ungated BYOL product plans, in the Docker Hub Publisher center.
## Creating an ungated BYOL plan
In Plans & Pricing section of the Publisher Center, ensure the following:
- Price/Month should be set to $0
- There should be no free trial associated with the plan
- Under the Pull Requirements dropdown, "Subscribed users only" should be selected.
## What's next?
More information about the publishing flow can be found [here](publish.md).

794
docker-hub/publish/certify-images.md
View File

@ -1,794 +0,0 @@
---
description: Run certification tests against your images
keywords: Docker, Docker Hub, store, certified content, images
title: Certify Docker images
redirect_from:
- /docker-store/certify-images/
---
## Introduction
Content that qualifies as **Docker Certified** must conform to best practices and pass certain baseline tests.
Docker Hub lets you publish certified images as well as plugins for logging, volumes, and networks. You must certify your own _images and logging plugins_ with the `inspect` tools as explained in these docs. Currently, Docker Hub certifies your volume and networking plugins for you upon submission.
This page explains how publishers can successfully test their **Docker images**. Also available: [Certify your Docker logging plugins](certify-plugins-logging.md).
> Content that requires a non-certified infrastructure environment cannot be published as certified.
> You should perform this Self Certification test prior to submitting your product for publishing.
## Certify your Docker images
You must use the tool, `inspectDockerImage`, to certify your content for publication on Docker Hub by ensuring that your images conform to best practices. Download the tool [here](#syntax).
The `inspectDockerImage` tool does the following:
- Verifies that the Docker image was built from an image in the [Docker Official Image](https://github.com/docker-library/repo-info/tree/master/repos)
- Inspects the Docker image for a Health Check. Although a Health Check is not required, it is recommended.
- Checks if a Linux Docker image is running `supervisord` to launch multiple services.
> Running `supervisord` in a container is not a best practice for images destined for Docker Hub. The recommended best practice is to split the multiple services into separate Docker images and run them in separate containers.
- Attempts to start a container from the Docker image to ensure that the image is functional.
- Displays the running processes in the container.
- Checks the running processes to see if any are running `supervisord`.
- Verifies that the container is sending logs to `stdout/stderr`.
- Attempts to stop the container to ensure that it can be stopped gracefully.
The `inspectDockerImage` tool will detect issues and output them as **warnings** or **errors**. **Errors** must be fixed in order to certify. Resolving **warnings** is not required to certify, but you should try to resolve them.
If you are publishing and certifying multiple versions for a Docker image, you will need to run the `inspectDockerImage` tool on each Docker image and send each result to Docker Hub.
If you are publishing and certifying a multi-architecture Docker image (for example, Linux, Power, s390x, Windows) you will need to run the `inspectDockerImage` tool on the Docker Engine - Enterprise server running on each architecture and send the results to Docker Hub.
Details on how to run the `inspectDockerImage` tool and send the results to Docker Hub are in the sections that follow.
### Prerequisites
Your Docker Engine - Enterprise installation must be running on the server used to verify your submissions. If necessary, request entitlement to a specific [Docker Enterprise Edition](https://hub.docker.com/editions/enterprise/docker-ee-trial).
- Docker Engine - Enterprise (on the server for verifying submissions)
- inspectDockerImage tool
### Set up testing environment
There are two steps: (1) configure credentials, and (2) configure endpoints (or use default endpoints).
1. Configure your Docker Registry credentials by either _defining environment variables_ **or** _passing them as arguments_ to `inspectDockerImage`.
a. Define environment variables for registry credentials, `DOCKER_USER` and `DOCKER_PASSWORD`:
**Linux**
```bash
export DOCKER_USER="my_docker_registry_user_account"
export DOCKER_PASSWORD="my_docker_registry_user_account_password"
```
**Windows command prompt**
```bash
set DOCKER_USER="my_docker_registry_user_account"
set DOCKER_PASSWORD="my_docker_registry_user_account_password"
```
**Windows powershell**
```bash
$env:DOCKER_USER="my_docker_registry_user_account"
$env:DOCKER_PASSWORD="my_docker_registry_user_account_password"
```
b. Pass arguments to `inspectDockerImage` (or be prompted for them):
```
--docker-user
--docker-password
```
2. Configure endpoints (and override default values) by either _defining environment variables_ **or** _passing them as arguments_ to `inspectDockerImage`.
By default, `inspectDockerImage` uses these two endpoints to communicate with the Docker Hub Registry:
- Registry Authentication Endpoint: **https://auth.docker.io**
- Registry API Endpoint: **https://registry-1.docker.io**
You may want to use your private registry for initial testing and override the defaults.
a. Define environment variables, `DOCKER_REGISTRY_AUTH_ENDPOINT` and `DOCKER_REGISTRY_API_ENDPOINT`:
**Linux or MacOS**
```bash
export DOCKER_REGISTRY_AUTH_ENDPOINT="https://my_docker_registry_authentication_endpoint"
export DOCKER_REGISTRY_API_ENDPOINT="https://my_docker_registry_api_enpoint"
```
**Windows command prompt**
```bash
set DOCKER_REGISTRY_AUTH_ENDPOINT="https://my_docker_registry_authentication_endpoint"
set DOCKER_REGISTRY_API_ENDPOINT="https://my_docker_registry_api_enpoint"
```
**Windows powershell**
```bash
$env:DOCKER_REGISTRY_AUTH_ENDPOINT="https://my_docker_registry_authentication_endpoint"
$env:DOCKER_REGISTRY_API_ENDPOINT="https://my_docker_registry_api_enpoint"
```
b. Pass your endpoints as arguments to `inspectDockerImage`:
```
--docker-registry-auth-endpoint
--docker-registry-api-endpoint
```
### Syntax
1. Download `inspectDockerImage` command.
| OS/Architecture | Download Link |
|:-----|:--------|:------|
| Windows/X86 | [https://s3.amazonaws.com/store-logos-us-east-1/certification/windows/inspectDockerImage.exe](https://s3.amazonaws.com/store-logos-us-east-1/certification/windows/inspectDockerImage.exe) |
| Linux/X86 | [https://s3.amazonaws.com/store-logos-us-east-1/certification/linux/inspectDockerImage](https://s3.amazonaws.com/store-logos-us-east-1/certification/linux/inspectDockerImage) |
| Linux/IBMZ | [https://s3.amazonaws.com/store-logos-us-east-1/certification/zlinux/inspectDockerImage](https://s3.amazonaws.com/store-logos-us-east-1/certification/zlinux/inspectDockerImage) |
| Linux/IBMPOWER | [https://s3.amazonaws.com/store-logos-us-east-1/certification/power/inspectDockerImage](https://s3.amazonaws.com/store-logos-us-east-1/certification/power/inspectDockerImage) |
2. Set permissions on `inspectDockerImage` so that it is executable:
```
chmod u+x inspectDockerImage
```
3. Get the product ID from the plan page you'd like to reference for the certification test. Make sure the checkbox is checked and the plan is saved first.
![product ID](images/store-product-id.png)
```none
Inspects a Docker image to see if it conforms to best practices.
Syntax: inspectDockerImage [options] dockerimage
Options:
-docker-password string
Docker Password. This overrides the DOCKER_PASSWORD environment variable.
-docker-registry-api-endpoint string
Docker Registry API Endpoint. This overrides the DOCKER_REGISTRY_API_ENDPOINT environment variable. (default "https://registry-1.docker.io")
-docker-registry-auth-endpoint string
Docker Registry Authentication Endpoint. This overrides the DOCKER_REGISTRY_AUTH_ENDPOINT environment variable. (default "https://auth.docker.io")
-docker-user string
Docker User ID. This overrides the DOCKER_USER environment variable.
-help
Displays the command help.
-html
Generate HTML output.
-json
Generate JSON output.
-log-tail int
Number of lines to show from the end of the container logs. (default 20)
-product-id string
Optional Product identifier from Docker Hub for this image. Please include it when you want the output to be sent to Docker Hub.
-start-script string
An optional custom script used to start the Docker container. The script will get passed one argument, the name of the Docker image.
-start-wait-time int
Number of seconds to wait for the Docker container to start. (default 30)
-stop-wait-time int
Number of seconds to wait for the Docker container to respond to the stop before killing it. (default 60)
dockerimage
The Docker image to inspect. This argument is required.
```
## Inspection Output
By default, `inspectDockerImage` displays output locally to `stdout` (the default), JSON, and HTML. You can also upload output to Docker Hub, which is recommended for administrator verification.
- **Upload to Docker Hub** (by entering `product-id` at the commandline).
- **Send message to `stdout`**. This is the default.
- **JSON sent to `stdout`**. Use the `--json` option to override and replace the messages sent to `stdout`.
- **HTML local file**. Use the `--html` option to generate an HTML report. Both `--json` and `--html` can be specified at the same time.
> Volumes created by Docker image containers are destroyed after `inspectDockerImage` terminates.
## Inspection Examples
This section demonstrates how to inspect your Linux and Windows images.
* [Inspect a Linux Docker image with custom startup script](#linux-startup-script)
* [Inspect a Linux Docker image with JSON output](#linux-with-json)
* [Inspect a Linux Docker image with HTML output](#linux-with-html)
* [Inspect a Microsoft Windows Docker image](#windows)
<a name="linux-startup-script">
### Inspect a Linux Docker image with a custom startup script
The `inspectDockerImage` command expects a custom script to return the container ID (or container name) from the docker image being tested as the last or only line of output to `stdout`. Without the container ID or container name as the last line of output, the inspection fails.
A simple custom script that executes a `docker container run` command, easily outputs the container ID. But a complex script might need testing to ensure it also returns the container ID or container name as the last line of output -- for example, a script that launches multiple containers, or one that runs `docker-compose`.
Some "testing/helper" scripts are available for testing Linux and Windows Docker images on virtual machines running in Amazon. Refer to [Test and Helper Scripts](aws_scripts/README.md)
#### Example startup script
```bash
cat ./run_my_application.sh
```
```bash
#!/usr/bin/env bash
docker container run -d \
-p 80:8080 --name tomcat-wildbook \
--link mysql-wildbook \
$1
```
#### To inspect the Docker image, `gforghetti/tomcat-wildbook:latest`, with a custom startup script and upload the result to Docker Hub (leave out the `-product-id` parameter if you are just testing):
```console
root:[~/] # ./inspectDockerImage --start-script ./run_my_application.sh -product-id=<store-product-id> gforghetti/tomcat-wildbook:latest
```
#### Output:
```
*******************************************************************************************************************************************************************************************************
* Docker image: gforghetti/tomcat-wildbook:latest
*******************************************************************************************************************************************************************************************************
*******************************************************************************************************************************************************************************************************
* Step #1 Loading information on the Docker official base images ...
*******************************************************************************************************************************************************************************************************
The Docker official base images data has been loaded from the docker_official_base_images.json file. Last updated on Fri Oct 27 08:35:14 2017
*******************************************************************************************************************************************************************************************************
* Step #2 Inspecting the Docker image "gforghetti/tomcat-wildbook:latest" ...
*******************************************************************************************************************************************************************************************************
Pulling the Docker image gforghetti/tomcat-wildbook:latest ...
Pulling the Docker image took 13.536641265s
Passed: Docker image "gforghetti/tomcat-wildbook:latest" has been inspected.
*******************************************************************************************************************************************************************************************************
* Step #3 Docker image information
*******************************************************************************************************************************************************************************************************
+---------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Docker image: | gforghetti/tomcat-wildbook:latest |
| Size: | 384MB |
| Layers: | 39 |
| Digest: | sha256:58715d538bba0782f55fa64dede776a2967c08873cd66424bb5a7156734c781e |
| Base layer digest: | sha256:06b22ddb19134ec8c42aaabd3e2e9f5b378e4e53da4a8960eaaaa86351190af3 |
| Official base image: | debian:stretch@sha256:6ccbcbf362dbc4add74711cb774751b59cdfd7aed16c3c29aaecbea871952fe0 |
| Created on: | 2017-08-16T21:39:24 |
| Docker version: | 17.07.0-ce-rc2 |
| Maintainer: | Gary Forghetti, Docker Inc. |
| Operating system: | linux |
| Operating system version: | Debian GNU/Linux 9 (stretch) |
| Architecture: | amd64 |
| User: | |
| WorkingDir: | /usr/local/tomcat |
| Entrypoint: | |
| Cmd: | /usr/local/tomcat/bin/catalina.sh run |
| Shell: | |
| Env: | PATH=/usr/local/tomcat/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin |
| Env: | LANG=C.UTF-8 |
| Env: | JAVA_HOME=/docker-java-home/jre |
| Env: | JAVA_VERSION=8u141 |
| Env: | JAVA_DEBIAN_VERSION=8u141-b15-1~deb9u1 |
| Env: | CA_CERTIFICATES_JAVA_VERSION=20170531+nmu1 |
| Env: | CATALINA_HOME=/usr/local/tomcat |
| Env: | TOMCAT_NATIVE_LIBDIR=/usr/local/tomcat/native-jni-lib |
| Env: | LD_LIBRARY_PATH=/usr/local/tomcat/native-jni-lib |
| Env: | OPENSSL_VERSION=1.1.0f-3 |
| Env: | GPG_KEYS=05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288 |
| Env: | TOMCAT_MAJOR=8 |
| Env: | TOMCAT_VERSION=8.5.20 |
| Env: | TOMCAT_TGZ_URL=https://www.apache.org/dyn/closer.cgi?action=download&filename=tomcat/tomcat-8/v8.5.20/bin/apache-tomcat-8.5.20.tar.gz |
| Env: | TOMCAT_ASC_URL=https://www.apache.org/dist/tomcat/tomcat-8/v8.5.20/bin/apache-tomcat-8.5.20.tar.gz.asc |
| Env: | TOMCAT_TGZ_FALLBACK_URL=https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.20/bin/apache-tomcat-8.5.20.tar.gz |
| Env: | TOMCAT_ASC_FALLBACK_URL=https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.20/bin/apache-tomcat-8.5.20.tar.gz.asc |
| ExposedPorts: | 8080/tcp |
| Healthcheck: | |
| Volumes: | |
+---------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
*******************************************************************************************************************************************************************************************************
* Step #4 Docker image layer information
*******************************************************************************************************************************************************************************************************
+----------+-------+------------------------------------------------------------------------------------------------------+------------+----------+---------------------------------------------------+
| Manifest | Layer | Command | Size | Blob | Matches |
+----------+-------+------------------------------------------------------------------------------------------------------+------------+----------+---------------------------------------------------+
| 58715d53 | 1 | /bin/sh -c #(nop) ADD file:ebba725fb97cea45d0b1b35ccc8144e766fcfc9a78530465c23b0c4674b14042 in / | 43.1 Mib | 06b22ddb | debian:stretch@6ccbcbf3 |
| 58715d53 | 3 | /bin/sh -c apt-get update && apt-get install -y --no-install-recommends ca-certificates curl wget && | 10.6 Mib | 336c28b4 | |
| 58715d53 | 4 | /bin/sh -c set -ex; if ! command -v gpg > /dev/null; then apt-get update; apt-get install -y --no-in | 4.2 Mib | 1f3e6b8d | |
| 58715d53 | 5 | /bin/sh -c apt-get update && apt-get install -y --no-install-recommends bzip2 unzip xz-utils && rm - | 614.7 Kib | aeac5951 | |
| 58715d53 | 7 | /bin/sh -c { echo '#!/bin/sh'; echo 'set -e'; echo; echo 'dirname "$(dirname "$(readlink -f "$(which | 241 Bytes | b01db8bd | |
| 58715d53 | 8 | /bin/sh -c ln -svT "/usr/lib/jvm/java-8-openjdk-$(dpkg --print-architecture)" /docker-java-home | 130 Bytes | f7f398af | |
| 58715d53 | 13 | /bin/sh -c set -ex; if [ ! -d /usr/share/man/man1 ]; then mkdir -p /usr/share/man/man1; fi; apt-get | 52.1 Mib | 1c5595fa | |
| 58715d53 | 14 | /bin/sh -c /var/lib/dpkg/info/ca-certificates-java.postinst configure | 265.6 Kib | e1a6cc83 | |
| 58715d53 | 17 | /bin/sh -c mkdir -p "$CATALINA_HOME" | 144 Bytes | 9efe1c93 | |
| 58715d53 | 23 | /bin/sh -c apt-get update && apt-get install -y --no-install-recommends libapr1 openssl="$OPENSSL_VE | 220.4 Kib | eef936b7 | |
| 58715d53 | 25 | /bin/sh -c set -ex; for key in $GPG_KEYS; do gpg --keyserver ha.pool.sks-keyservers.net --recv-keys | 109.6 Kib | 3c1e7106 | |
| 58715d53 | 32 | /bin/sh -c set -x && { wget -O tomcat.tar.gz "$TOMCAT_TGZ_URL" || wget -O tomcat.tar.gz "$TOMCAT_TGZ | 9.6 Mib | e87d3364 | |
| 58715d53 | 33 | /bin/sh -c set -e && nativeLines="$(catalina.sh configtest 2>&1)" && nativeLines="$(echo "$nativeLin | 128 Bytes | 8ecc2c09 | |
| 58715d53 | 39 | /bin/sh -c #(nop) COPY file:85450fd5b81b7fda5dbbe405f312952d9e786888200ed5fb92171458853e50f7 in /usr | 87.5 Mib | 74329547 | |
+----------+-------+------------------------------------------------------------------------------------------------------+------------+----------+---------------------------------------------------+
*******************************************************************************************************************************************************************************************************
* Step #5 Docker image inspection results
*******************************************************************************************************************************************************************************************************
Passed: Docker image was built from the official Docker base image "debian:stretch".
Warning: Docker image was not built using Docker Enterprise Edition!
Passed: Docker image metadata contains a Maintainer.
Warning: Docker image does not contain a Healthcheck! Although a Healthcheck is not required, it is recommended.
Passed: Docker image Cmd attribute is not running supervisord.
Passed: Docker image Entrypoint attribute is not running supervisord.
*******************************************************************************************************************************************************************************************************
* Step #6 Attempting to start a container from the Docker image "gforghetti/tomcat-wildbook:latest" ...
*******************************************************************************************************************************************************************************************************
Passed: Docker container with the container id aea5d97925c7035e0037ccc79723fd534a26cbb8be2a124e0257b3a8c3fca55f was started.
*******************************************************************************************************************************************************************************************************
* Step #7 Waiting 30 seconds to give the container time to initialize...
*******************************************************************************************************************************************************************************************************
Wait time expired, continuing.
*******************************************************************************************************************************************************************************************************
* Step #8 Checking to see if the container is still running.
*******************************************************************************************************************************************************************************************************
Passed: Docker container with the container id aea5d97925c7035e0037ccc79723fd534a26cbb8be2a124e0257b3a8c3fca55f is running.
*******************************************************************************************************************************************************************************************************
* Step #9 Displaying the running processes in the Docker container
*******************************************************************************************************************************************************************************************************
Passed: Docker container has 1 running process.
UID PID PPID C STIME TTY TIME CMD
root 2609 2592 42 12:59 ? 00:00:12 /docker-java-home/jre/bin/java -Djava.util.logging.config.f
*******************************************************************************************************************************************************************************************************
* Step #10 Checking if supervisord is running in the Docker container
*******************************************************************************************************************************************************************************************************
Passed: Docker container is not running supervisord.
*******************************************************************************************************************************************************************************************************
* Step #11 Displaying Docker container resource usage statistics
*******************************************************************************************************************************************************************************************************
Passed: Docker container resource usage statistics were retrieved.
CPU % MEM % MEM USAGE / LIMIT BLOCK I/O NET I/O PIDS
0.69% 5.26% 844.4MiB / 15.67GiB 1.67MB / 0B 1.17kB / 1.28kB 50
*******************************************************************************************************************************************************************************************************
* Step #12 Displaying the logs from the Docker container (last 20 lines)
*******************************************************************************************************************************************************************************************************
Passed: Docker container logs were retrieved.
2017-10-27T12:59:57.839970103Z
2017-10-27T12:59:57.965093247Z 27-Oct-2017 12:59:57.964 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/usr/local/tomcat/webapps
2017-10-27T12:59:57.966178465Z 27-Oct-2017 12:59:57.965 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/tomcat/web
2017-10-27T12:59:58.051675791Z 27-Oct-2017 12:59:58.050 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/tomcat
2017-10-27T12:59:58.051695596Z 27-Oct-2017 12:59:58.051 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/tomcat/web
2017-10-27T12:59:58.063373978Z 27-Oct-2017 12:59:58.063 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/tomcat
2017-10-27T12:59:58.064087355Z 27-Oct-2017 12:59:58.063 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/tomcat/web
2017-10-27T12:59:58.072187812Z 27-Oct-2017 12:59:58.071 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/tomcat
2017-10-27T12:59:58.072363314Z 27-Oct-2017 12:59:58.072 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/tomcat/web
2017-10-27T12:59:58.079126206Z 27-Oct-2017 12:59:58.078 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/tomcat
2017-10-27T12:59:58.079791893Z 27-Oct-2017 12:59:58.079 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/tomcat/web
2017-10-27T12:59:58.085699688Z 27-Oct-2017 12:59:58.085 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/tomcat
2017-10-27T12:59:58.093847452Z 27-Oct-2017 12:59:58.093 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
2017-10-27T12:59:58.099472816Z 27-Oct-2017 12:59:58.099 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-8009"]
2017-10-27T12:59:58.101352107Z 27-Oct-2017 12:59:58.100 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 10249 ms
2017-10-27T13:00:02.659016400Z WARNING: /var/spool/WildbookScheduledQueue does not exist or is not a directory; skipping
2017-10-27T13:00:02.659037921Z ==== ScheduledQueue run [count 1]; queueDir=/var/spool/WildbookScheduledQueue; continue = true ====
2017-10-27T13:00:08.097747157Z 27-Oct-2017 13:00:08.097 INFO [localhost-startStop-2] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/tomcat/web
2017-10-27T13:00:08.113051631Z 27-Oct-2017 13:00:08.112 INFO [localhost-startStop-2] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/tomcat
2017-10-27T13:00:12.672625154Z WARNING: /var/spool/WildbookScheduledQueue does not exist or is not a directory; skipping
*******************************************************************************************************************************************************************************************************
* Step #13 Attempting to stop the Docker container normally with a timeout of 60 seconds before it is killed ...
*******************************************************************************************************************************************************************************************************
Passed: Docker container aea5d97925c7035e0037ccc79723fd534a26cbb8be2a124e0257b3a8c3fca55f was stopped successfully.
Warning: Docker container did not exit with an exit code of 0! Exit code was 143.
*******************************************************************************************************************************************************************************************************
* Step #14 Removing the Docker container and any associated volumes.
*******************************************************************************************************************************************************************************************************
Passed: Docker container and any associated volumes removed.
*******************************************************************************************************************************************************************************************************
* Step #15 Removing the Docker image "gforghetti/tomcat-wildbook:latest".
*******************************************************************************************************************************************************************************************************
Passed: Docker image "gforghetti/tomcat-wildbook:latest" was removed.
Passed: This test was performed on Docker Enterprise Edition.
*******************************************************************************************************************************************************************************************************
* Summary of the inspection for Docker image: gforghetti/tomcat-wildbook:latest
*******************************************************************************************************************************************************************************************************
Date: Mon May 21 13:29:29 2018
Operating System: Ubuntu 16.04.4 LTS
Architecture: amd64
Docker Client Version: 17.06.2-ee-11
Docker Server Version: 17.06.2-ee-11
There were 3 warnings detected!
Passed: Docker image "gforghetti/tomcat-wildbook:latest" has been inspected.
Passed: Docker image was built from the official Docker base image "debian:stretch".
Warning: Docker image was not built using Docker Enterprise Edition!
Passed: Docker image metadata contains a Maintainer.
Warning: Docker image does not contain a Healthcheck! Although a Healthcheck is not required, it is recommended.
Passed: Docker image Cmd attribute is not running supervisord.
Passed: Docker image Entrypoint attribute is not running supervisord.
Passed: Docker container with the container id aea5d97925c7035e0037ccc79723fd534a26cbb8be2a124e0257b3a8c3fca55f was started.
Passed: Docker container with the container id aea5d97925c7035e0037ccc79723fd534a26cbb8be2a124e0257b3a8c3fca55f is running.
Passed: Docker container has 1 running process.
Passed: Docker container is not running supervisord.
Passed: Docker container resource usage statistics were retrieved.
Passed: Docker container logs were retrieved.
Passed: Docker container aea5d97925c7035e0037ccc79723fd534a26cbb8be2a124e0257b3a8c3fca55f was stopped successfully.
Warning: Docker container did not exit with an exit code of 0! Exit code was 143.
Passed: Docker container and any associated volumes removed.
Passed: Docker image "gforghetti/tomcat-wildbook:latest" was removed.
Passed: This test was performed on Docker Enterprise Edition.
The inspection of the Docker image gforghetti/tomcat-wildbook:latest has completed.
If -product-id is specified on command line:
**************************************************************************************************************************************************************************************************
* Step #16 Upload the test result to Docker Hub.
**************************************************************************************************************************************************************************************************
Passed: The test results are uploaded to Docker Hub.
root:[~/] #
```
<a name="linux-with-json">
### Inspect a Linux Docker image with JSON output
#### To inspect the Docker image, `gforghetti/apache:latest`, with JSON output:
```console
root:[~/] # ./inspectDockerImage --json gforghetti/apache:latest | jq
```
> **Note**: The output was piped to the `jq` command to display it "nicely".
#### Output:
```json
{
"Date": "Mon May 21 13:23:37 2018",
"SystemOperatingSystem": "Operating System: Ubuntu 16.04.4 LTS",
"SystemArchitecture": "amd64",
"SystemDockerClientVersion": "17.06.2-ee-11",
"SystemDockerServerVersion": "17.06.2-ee-11",
"DockerImage": {
"Name": "gforghetti/apache:latest",
"Size": "178MB",
"Layers": "23",
"Digest": "sha256:65db5d0a8b88ee3d5e5a579a70943433d36d3e6d6a974598a5eebeef9e02a346",
"BaseLayerDigest": "sha256:85b1f47fba49da65256f07c8790542a3880e9216f9c491965040f35ce2c6ca7a",
"OfficialBaseImage": "debian:8@sha256:3a5aa6bf675aa71e60df347b29f0a1b1634306cd8db47e1af0a16ad420d1b127",
"CreatedOn": "2017-10-19T17:51:53",
"DockerVersion": "17.09.0-ce",
"Author": "",
"Maintainer": "Gary Forghetti, Docker Inc.",
"OperatingSystem": "linux",
"OperatingSystemVersion": "Debian GNU/Linux 8 (jessie)",
"Architecture": "amd64",
"User": "",
"WorkingDir": "/usr/local/apache2",
"EntryPoint": "",
"Cmd": "httpd-foreground",
"Shell": "",
"Env": "PATH=/usr/local/apache2/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\nHTTPD_PREFIX=/usr/local/apache2\nNGHTTP2_VERSION=1.18.1-1\nOPENSSL_VERSION=1.0.2l-1~bpo8+1\nHTTPD_VERSION=2.4.28\nHTTPD_SHA256=c1197a3a62a4ab5c584ab89b249af38cf28b4adee9c0106b62999fd29f920666\nHTTPD_PATCHES=\nAPACHE_DIST_URLS=https://www.apache.org/dyn/closer.cgi?action=download&filename= \thttps://www-us.apache.org/dist/ \thttps://www.apache.org/dist/ \thttps://archive.apache.org/dist/",
"ExposedPorts": "80/tcp ",
"HealthCheck": "",
"Volumes": ""
},
"Errors": 0,
"Warnings": 2,
"HTMLReportFile": "",
"VulnerabilitiesScanURL": "",
"Results": [
{
"Status": "Passed",
"Message": "Docker image \"gforghetti/apache:latest\" has been inspected."
},
{
"Status": "Passed",
"Message": "Docker image was built from the official Docker base image \"debian:8\"."
},
{
"Status": "Warning",
"Message": "Docker image was not built using Docker Enterprise Edition!"
},
{
"Status": "Passed",
"Message": "Docker image metadata contains a Maintainer."
},
{
"Status": "Warning",
"Message": "Docker image does not contain a Healthcheck! Although a Healthcheck is not required, it is recommended."
},
{
"Status": "Passed",
"Message": "Docker image Cmd attribute is not running supervisord."
},
{
"Status": "Passed",
"Message": "Docker image Entrypoint attribute is not running supervisord."
},
{
"Status": "Passed",
"Message": "Docker container 424de05adfa2c84890513a51d3d5bc210e4d4b41c746c9252648f38d95b8be49 was started."
},
{
"Status": "Passed",
"Message": "Docker container 424de05adfa2c84890513a51d3d5bc210e4d4b41c746c9252648f38d95b8be49 is running."
},
{
"Status": "Passed",
"Message": "Docker container has 4 running processes."
},
{
"Status": "Passed",
"Message": "Docker container is not running supervisord."
},
{
"Status": "Passed",
"Message": "Docker container resource usage statistics were retrieved."
},
{
"Status": "Passed",
"Message": "Docker container logs were retrieved."
},
{
"Status": "Passed",
"Message": "Docker container 424de05adfa2c84890513a51d3d5bc210e4d4b41c746c9252648f38d95b8be49 was stopped successfully."
},
{
"Status": "Passed",
"Message": "Docker container exited with an exit code of 0."
},
{
"Status": "Passed",
"Message": "Docker container and any associated volumes removed."
},
{
"Status": "Passed",
"Message": "Docker image \"gforghetti/apache:latest\" was removed."
},
{
"Status": "Passed",
"Message": "This test was performed on Docker Enterprise Edition."
}
]
}
```
<a name="linux-with-html">
### Inspect a Linux Docker image with HTML output
#### To inspect the Docker image, `gforghetti/apache:latest`, with HTML output:
```console
root:[~/] # ./inspectDockerImage --html gforghetti/apache:latest
```
Note: The majority of the stdout message output has been intentionally omitted below.
#### Output:
```
The inspection of the Docker image gforghetti/apache:latest has completed.
An HTML report has been generated in the file html/gforghetti-apache-latest_inspection_report_2017-10-27_01-03-43.html
root:[~/] #
```
##### Image 1
![HTML Output image 1](/images/gforghetti-apache-latest_inspection_report.html-1.png)
##### Image 2
![HTML Output image 2](/images/gforghetti-apache-latest_inspection_report.html-2.png)
##### Image 3
![HTML Output image 3](/images/gforghetti-apache-latest_inspection_report.html-3.png)
<a name="windows">
### Inspect a Microsoft Windows Docker image
#### To inspect the Docker image, `microsoft/nanoserver:latest`:
```console
PS D:\InspectDockerimage> .\inspectDockerImage microsoft/nanoserver:latest
```
#### Output:
```
*******************************************************************************************************************************************************************************************************
* Docker image: microsoft/nanoserver:latest
*******************************************************************************************************************************************************************************************************
*******************************************************************************************************************************************************************************************************
* Step #1 Loading information on the Docker official base images ...
*******************************************************************************************************************************************************************************************************
The Docker official base images data has been loaded from the docker_official_base_images.json file. Last updated on Sun May 20 16:36:20 2018.
*******************************************************************************************************************************************************************************************************
* Step #2 Inspecting the Docker image "microsoft/nanoserver:latest" ...
*******************************************************************************************************************************************************************************************************
Pulling the Docker Image microsoft/nanoserver:latest ...
Pulling the Docker Image took 13.2107625s
Passed: Docker image "microsoft/nanoserver:latest" has been inspected.
*******************************************************************************************************************************************************************************************************
* Step #3 Docker image information
*******************************************************************************************************************************************************************************************************
+---------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Docker image: | microsoft/nanoserver:latest |
| Size: | 1.13GB |
| Layers: | 2 |
| Digest: | sha256:d3cc51de184f3bdf9262c53077886f78e3fc13282bcfc6daf172df7f47f86806 |
| Base layer digest: | sha256:bce2fbc256ea437a87dadac2f69aabd25bed4f56255549090056c1131fad0277 |
| Official base image: | golang:1.6.4-nanoserver@sha256:38890e2983bd2700145f1b4377ad8d826531a0a15fc68152b2478406f5ead6e2 |
| Created on: | 2018-05-08T10:43:39 |
| Docker version: | |
| Author: | |
| Maintainer: | |
| Operating system: | windows |
| Operating system version: | Microsoft Windows Server 2016 Datacenter |
| Architecture: | amd64 |
| User: | |
| WorkingDir: | |
| Entrypoint: | |
| Cmd: | c:\windows\system32\cmd.exe |
| Shell: | |
| ExposedPorts: | |
| Healthcheck: | |
| Volumes: | |
+---------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
*******************************************************************************************************************************************************************************************************
* Step #4 Docker image layer information
*******************************************************************************************************************************************************************************************************
+----------+-------+------------------------------------------------------------------------------------------------------+------------+----------+---------------------------------------------------+
| Manifest | Layer | Command | Size | Blob | Matches |
+----------+-------+------------------------------------------------------------------------------------------------------+------------+----------+---------------------------------------------------+
| d3cc51de | 1 | Apply image 10.0.14393.0 | 241 Mib | bce2fbc2 | golang:1.6.4-nanoserver@38890e29 |
| d3cc51de | 2 | Install update 10.0.14393.2248 | 157.2 Mib | 58518d66 | |
+----------+-------+------------------------------------------------------------------------------------------------------+------------+----------+---------------------------------------------------+
*******************************************************************************************************************************************************************************************************
* Step #5 Docker image inspection results
*******************************************************************************************************************************************************************************************************
Passed: Docker image was built from the official Docker base image "golang:1.6.4-nanoserver".
Warning: Docker image was not built using Docker Enterprise Edition!
Warning: Docker image metadata does not contain an Author or Maintainer!
Warning: Docker image does not contain a Healthcheck! Although a Healthcheck is not required, it is recommended.
*******************************************************************************************************************************************************************************************************
* Step #6 Attempting to start a container from the Docker image "microsoft/nanoserver:latest" ...
*******************************************************************************************************************************************************************************************************
Passed: Docker container 1cfbc4be9f39944d4e294cf895210c276143768b951159305dbeb30cb2207a1c was started.
*******************************************************************************************************************************************************************************************************
* Step #7 Waiting 30 seconds to give the container time to initialize...
*******************************************************************************************************************************************************************************************************
Wait time expired, continuing.
*******************************************************************************************************************************************************************************************************
* Step #8 Checking to see if the container is still running.
*******************************************************************************************************************************************************************************************************
Passed: Docker container 1cfbc4be9f39944d4e294cf895210c276143768b951159305dbeb30cb2207a1c is running.
*******************************************************************************************************************************************************************************************************
* Step #9 Displaying the running processes in the Docker container
*******************************************************************************************************************************************************************************************************
Passed: Docker container has 16 running processes.
Name PID CPU Private Working Set
smss.exe 852 00:00:00.031 217.1kB
csrss.exe 3436 00:00:00.015 348.2kB
wininit.exe 4728 00:00:00.046 647.2kB
services.exe 4292 00:00:00.125 1.491MB
lsass.exe 3560 00:00:00.203 2.839MB
svchost.exe 4484 00:00:00.078 1.229MB
svchost.exe 3460 00:00:00.031 1.47MB
svchost.exe 5184 00:00:00.078 2.154MB
svchost.exe 5496 00:00:00.046 1.45MB
svchost.exe 4088 00:00:00.078 3.715MB
svchost.exe 6140 00:00:00.046 1.942MB
svchost.exe 5212 00:00:00.015 1.683MB
svchost.exe 5680 00:00:00.375 4.612MB
svchost.exe 3384 00:00:00.234 6.369MB
CExecSvc.exe 5636 00:00:00.015 766kB
cmd.exe 3888 00:00:00.000 401.4kB
*******************************************************************************************************************************************************************************************************
* Step #10 Displaying Docker container resource usage statistics
*******************************************************************************************************************************************************************************************************
Passed: Docker container resource usage statistics were retrieved.
CPU % PRIV WORKING SET BLOCK I/O NET I/O
0.00% 29.88MiB 5.21MB / 14.7MB 1.04MB / 24.1kB
*******************************************************************************************************************************************************************************************************
* Step #11 Displaying the logs from the Docker container (last 20 lines)
*******************************************************************************************************************************************************************************************************
Passed: Docker container logs were retrieved.
2018-05-21T14:29:02.580933000Z (c) 2016 Microsoft Corporation. All rights reserved.
2018-05-21T14:29:02.584933600Z
*******************************************************************************************************************************************************************************************************
* Step #12 Attempting to stop the Docker container normally with a timeout of 60 seconds before it is killed ...
*******************************************************************************************************************************************************************************************************
Passed: Docker container 1cfbc4be9f39944d4e294cf895210c276143768b951159305dbeb30cb2207a1c was stopped successfully.
Passed: Docker container exited with an exit code of 0.
*******************************************************************************************************************************************************************************************************
* Step #13 Removing the Docker container and any associated volumes.
*******************************************************************************************************************************************************************************************************
Passed: Docker container and any associated volumes removed.
*******************************************************************************************************************************************************************************************************
* Step #14 Removing the Docker image "microsoft/nanoserver:latest".
*******************************************************************************************************************************************************************************************************
Passed: Docker image "microsoft/nanoserver:latest" was removed.
Passed: This test was performed on Docker Enterprise Edition.
*******************************************************************************************************************************************************************************************************
* Summary of the inspection for Docker image: microsoft/nanoserver:latest
*******************************************************************************************************************************************************************************************************
Date: Mon May 21 14:28:36 2018
Operating System: Microsoft Windows Server 2016 Datacenter
Architecture: amd64
Docker Client Version: 17.06.1-ee-2
Docker Server Version: 17.06.1-ee-2
There were 3 warnings detected!
Passed: Docker image "microsoft/nanoserver:latest" has been inspected.
Passed: Docker image was built from the official Docker base image "golang:1.6.4-nanoserver".
Warning: Docker image was not built using Docker Enterprise Edition!
Warning: Docker image metadata does not contain an Author or Maintainer!
Warning: Docker image does not contain a Healthcheck! Although a Healthcheck is not required, it is recommended.
Passed: Docker container 1cfbc4be9f39944d4e294cf895210c276143768b951159305dbeb30cb2207a1c was started.
Passed: Docker container 1cfbc4be9f39944d4e294cf895210c276143768b951159305dbeb30cb2207a1c is running.
Passed: Docker container has 16 running processes.
Passed: Docker container resource usage statistics were retrieved.
Passed: Docker container logs were retrieved.
Passed: Docker container 1cfbc4be9f39944d4e294cf895210c276143768b951159305dbeb30cb2207a1c was stopped successfully.
Passed: Docker container exited with an exit code of 0.
Passed: Docker container and any associated volumes removed.
Passed: Docker image "microsoft/nanoserver:latest" was removed.
Passed: This test was performed on Docker Enterprise Edition.
The inspection of the Docker image microsoft/nanoserver:latest has completed.
PS D:\InspectDockerimage>
```

596
docker-hub/publish/certify-plugins-logging.md
View File

@ -1,596 +0,0 @@
---
description: Run certification tests against your images
keywords: Docker, docker, hub, certified content, logging
title: Certify Docker logging plugins
redirect_from:
- /docker-store/certify-plugins-logging/
---
## Introduction
Content that qualifies as **Docker Certified** must conform to best practices and pass certain baseline tests.
Docker Hub lets you publish certified images as well as plugins for logging, volumes, and networks. You must certify your own _images and logging plugins_ with the `inspect` tools as explained in these docs. Currently, Docker Hub certifies your volume and networking plugins for you upon submission.
This page explains how publishers can successfully test their **Docker logging plugins**. Also available: [Certify your Docker images](certify-images).
> Content that requires a non-certified infrastructure environment cannot be published as certified.
> You should perform this Self Certification test prior to submitting your product for publishing.
## Certify your logging plugins
You must use the tool, `inspectDockerLoggingPlugin`, to certify your content for publication on Docker Hub by ensuring that your Docker logging plugins conform to best practices.
The `inspectDockerLoggingPlugin` command verifies that your Docker logging plugin can be installed and works on Docker Enterprise Edition. It also runs a container from an official Docker image of `alpine:latest` and outputs the contents of a file named `quotes.txt` (available for download). In sum, the `inspectDockerLoggingPlugin` command:
- Inspects and displays the Docker logging plugin.
- Installs the Docker logging plugin on Docker EE.
- Runs a Docker service container with the Docker logging plugin, reads a file named `quotes.txt`, echos its contents to `stdout`, and logs the file's content.
- Displays the container logs and compares it to `quotes.txt`. If they match, the test is successful.
The `inspectDockerLoggingPlugin` tool will detect issues and output them as **warnings** or **errors**. **Errors** must be fixed in order to certify. Resolving **warnings** is not required to certify, but you should try to resolve them.
If you are publishing and certifying multiple versions of a Docker logging plugin, you will need to run the `inspectDockerLoggingPlugin` tool on each Docker logging plugin and send each result to Docker Hub.
The syntax for running a specific logging plugin is `docker container run --log-driver`.
No parameters are passed to the logging plugin. If parameters are required for the Docker logging plugin to work correctly, then a custom test script must be written and used. The default `docker container run` command is:
```
docker container run -it --log-driver xxxxxxxxxxxxxxxxxxxxx \
--volume \"$(pwd)/quotes.txt:/quotes.txt\" alpine:latest \
sh -c 'cat /quotes.txt;sleep 20
```
The custom script must log the contents of the `quotes.txt` file. It should also cleanup (remove the container and docker image). Refer to the `--test-script` command argument in the command help.
### Docker container logs
Best practices require Docker logging plugins to support the [ReadLogs API](/engine/extend/plugins_logging/#logdriverreadlogs) so that the logs can be retrieved with the `docker container logs` command. If the `ReadLogs` API is not supported, a custom script is needed to retrieve the logs and print them to `stdout`. Refer to the `--get-logs-script` command argument in the command help.
### Prerequisites
Your Docker Engine - Enterprise installation must be running on the server used to verify your submissions. If necessary, request entitlement to a specific [Docker Enterprise Edition](https://hub.docker.com/editions/enterprise/docker-ee-trial).
- Docker Engine - Enterprise (on the server for verifying submissions)
- git client
- inspectDockerLoggingPlugin tool
### Set up testing environment
There are two steps: (1) configure credentials, and (2) configure endpoints.
1. Configure your Docker Registry credentials by either _defining environment variables_ **or** _passing them as arguments_ to `inspectDockerLoggingPlugin`.
a. Define environment variables for registry credentials, `DOCKER_USER` and `DOCKER_PASSWORD`:
**Linux**
```bash
export DOCKER_USER="my_docker_registry_user_account"
export DOCKER_PASSWORD="my_docker_registry_user_account_password"
```
**Windows command prompt**
```bash
set DOCKER_USER="my_docker_registry_user_account"
set DOCKER_PASSWORD="my_docker_registry_user_account_password"
```
**Windows powershell**
```bash
$env:DOCKER_USER="my_docker_registry_user_account"
$env:DOCKER_PASSWORD="my_docker_registry_user_account_password"
```
b. Pass arguments to `inspectDockerLoggingPlugin` (or be prompted for them):
```
--docker-user
--docker-password
```
2. Configure endpoints (and override default values) by either _defining environment variables_ **or** _passing them as arguments_ to `inspectDockerLoggingPlugin`.
By default, `inspectDockerLoggingPlugin` uses these two endpoints to communicate with the Docker Hub Registry:
- Registry Authentication Endpoint: **https://auth.docker.io**
- Registry API Endpoint: **https://registry-1.docker.io**
You may want to use your private registry for initial testing and override the defaults.
a. Define environment variables, `DOCKER_REGISTRY_AUTH_ENDPOINT` and `DOCKER_REGISTRY_API_ENDPOINT`:
**Linux or MacOS**
```bash
export DOCKER_REGISTRY_AUTH_ENDPOINT="https://my_docker_registry_authentication_endpoint"
export DOCKER_REGISTRY_API_ENDPOINT="https://my_docker_registry_api_enpoint"
```
**Windows command prompt**
```bash
set DOCKER_REGISTRY_AUTH_ENDPOINT="https://my_docker_registry_authentication_endpoint"
set DOCKER_REGISTRY_API_ENDPOINT="https://my_docker_registry_api_enpoint"
```
**Windows powershell**
```bash
$env:DOCKER_REGISTRY_AUTH_ENDPOINT="https://my_docker_registry_authentication_endpoint"
$env:DOCKER_REGISTRY_API_ENDPOINT="https://my_docker_registry_api_enpoint"
```
b. Pass your endpoints as arguments to `inspectDockerLoggingPlugin`:
```
--docker-registry-auth-endpoint
--docker-registry-api-endpoint
```
* If more details are needed for debugging problems communicating to the Docker Registry, the following environment variable can be exported which will generate detailed debugging output to a file named `./dockerAPI.go.log` in the directory where the command is run from.
* Linux or MacOS
```bash
export DOCKER_REGISTRY_API_DEBUG="true"
```
* Windows
* Windows command prompt
```bash
set DOCKER_REGISTRY_API_DEBUG="true"
```
* Windows powershell
```bash
$env:DOCKER_REGISTRY_API_DEBUG="true"
```
### Syntax
1. Download `inspectDockerLoggingPlugin` command.
| OS/Architecture | Download Link |
|-----------------|------------------|
| Windows/X86 | [https://s3.amazonaws.com/store-logos-us-east-1/certification/windows/inspectDockerLoggingPlugin.exe](https://s3.amazonaws.com/store-logos-us-east-1/certification/windows/inspectDockerLoggingPlugin.exe) |
| Linux/X86 | [https://s3.amazonaws.com/store-logos-us-east-1/certification/linux/inspectDockerLoggingPlugin](https://s3.amazonaws.com/store-logos-us-east-1/certification/linux/inspectDockerLoggingPlugin) |
| Linux/IBMZ | [https://s3.amazonaws.com/store-logos-us-east-1/certification/zlinux/inspectDockerLoggingPlugin](https://s3.amazonaws.com/store-logos-us-east-1/certification/zlinux/inspectDockerLoggingPlugin) |
| Linux/IBMPOWER | [https://s3.amazonaws.com/store-logos-us-east-1/certification/power/inspectDockerLoggingPlugin](https://s3.amazonaws.com/store-logos-us-east-1/certification/power/inspectDockerLoggingPlugin) |
2. Set permissions on `inspectDockerLoggingPlugin` for linux, zlinux and power so that it is executable:
```
chmod u+x inspectDockerLoggingPlugin
```
3. Download `http_api_endpoint` command
| OS/Architecture | Download Link |
|-----------------|------------------|
| Windows/X86 | [https://s3.amazonaws.com/store-logos-us-east-1/certification/windows/http_api_endpoint.exe](https://s3.amazonaws.com/store-logos-us-east-1/certification/windows/http_api_endpoint.exe) |
| Linux/X86 | [https://s3.amazonaws.com/store-logos-us-east-1/certification/linux/http_api_endpoint](https://s3.amazonaws.com/store-logos-us-east-1/certification/linux/http_api_endpoint) |
| Linux/IBMZ | [https://s3.amazonaws.com/store-logos-us-east-1/certification/zlinux/http_api_endpoint](https://s3.amazonaws.com/store-logos-us-east-1/certification/zlinux/http_api_endpoint) |
| Linux/IBMPOWER | [https://s3.amazonaws.com/store-logos-us-east-1/certification/power/http_api_endpoint](https://s3.amazonaws.com/store-logos-us-east-1/certification/power/http_api_endpoint) |
4. Set permissions on `http_api_endpoint` for linux, zlinux and power so that it is executable:
```
chmod u+x http_api_endpoint
```
5. Download [`quotes.txt`](https://s3.amazonaws.com/store-logos-us-east-1/certification/quotes.txt) and put it in the same directory.
6. Get the product ID from the plan page you'd like to reference for the certification test. Make sure the checkbox is checked and the plan is saved first.
![product ID](images/store-product-id.png)
```none
Inspects a Docker logging plugin to see if it conforms to best practices.
Syntax: inspectDockerLoggingPlugin [options] dockerLoggingPlugin
Options:
-docker-password string
Docker Password. This overrides the DOCKER_PASSWORD environment variable.
-docker-registry-api-endpoint string
Docker Registry API Endpoint. This overrides the DOCKER_REGISTRY_API_ENDPOINT environment variable. (default "https://registry-1.docker.io")
-docker-registry-auth-endpoint string
Docker Registry Authentication Endpoint. This overrides the DOCKER_REGISTRY_AUTH_ENDPOINT environment variable. (default "https://auth.docker.io")
-docker-user string
Docker User ID. This overrides the DOCKER_USER environment variable.
-get-logs-script string
An optional custom script used to retrieve the logs.
-insecure-skip-verify
Optional. Specifies to disable SSL verification for an insecure private Docker Registry.
-help
Help on the command.
-html
Generate HTML output.
-json
Generate JSON output.
-product-id string
Optional Product identifier from Docker Hub for this plugin. Please include it when you want the output sent to Docker Hub for certification.
-test-script string
An optional custom script used to test the Docker logging plugin. The script gets passed 1 parameter - the Docker logging plugin name.
-verbose
Displays more verbose output.
dockerLoggingPlugin
The Docker logging plugin to inspect. This argument is required.
```
## Inspection Output
By default, `inspectDockerLoggingPlugin` displays output locally to `stdout` (the default), JSON, and HTML. You can also upload output to Docker Hub, which is recommended for admnistrator verification.
- **Upload to Docker Hub** (by entering `product-id` at the commandline).
- **Send message to `stdout`**. This is the default.
- **JSON sent to `stdout`**. Use the `--json` option to override and replace the messages sent to `stdout`.
- **HTML local file**. Use the `--html` option to generate an HTML report. Both `--json` and `--html` can be specified at the same time.
## Inspection Examples
* [Inspect a Docker logging plugin with messages sent to stdout](#inspect-logging-plugin-stdout)
* [Inspect a Docker logging plugin with JSON output](#inspect-logging-plugin-json)
* [Inspect a Docker logging plugin with HTML output](#inspect-logging-plugin-html)
* [Send data to API endpoint on external server](#send-data-to-api-endpoint-on-external-server)
<a name="inspect-logging-plugin-stdout">
### Inspect a Docker logging plugin with messages sent to stdout
#### To inspect the Docker logging plugin "gforghetti/docker-log-driver-test:latest", and upload the result to Docker Hub (leave out the `-product-id` parameter if you are just testing):
```console
$ ./inspectDockerLoggingPlugin -product-id=<store-product-id> gforghetti/docker-log-driver-test:latest
```
#### Output:
```
**************************************************************************************************************************************************************************************************
* Docker Logging Plugin: gforghetti/docker-log-driver-test:latest
**************************************************************************************************************************************************************************************************
**************************************************************************************************************************************************************************************************
* Step #1 Inspecting the Docker Logging Plugin: gforghetti/docker-log-driver-test:latest ...
**************************************************************************************************************************************************************************************************
Passed: Docker Logging Plugin image gforghetti/docker-log-driver-test:latest has been inspected.
**************************************************************************************************************************************************************************************************
* Step #2 Docker Logging Plugin information
**************************************************************************************************************************************************************************************************
+-------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Docker Logging Plugin: | gforghetti/docker-log-driver-test:latest |
| Description: | jsonfilelog as plugin |
| Documentation: | - |
| Digest: | sha256:1cdd79202a7a9f9a53524e904d9f89ed0a6bf6673717bc955ef55744f0826d4c |
| Base layer digest: | sha256:fda008d4a2b0d2c0a9d2e5dc952aefb0188f7a9c96c04e159662fd56b507c174 |
| Docker version: | 17.12.0-ce |
| Interface Socket: | jsonfile.sock |
| Interface Socket Types: | docker.logdriver/1.0 |
| IpcHost: | false |
| PidHost: | false |
| Entrypoint: | /usr/bin/docker-log-driver |
| WorkDir: | |
| User: | |
+-------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Warning: Docker logging plugin was not built using Docker Enterprise Edition!
**************************************************************************************************************************************************************************************************
* Step #3 Installing the Docker logging plugin gforghetti/docker-log-driver-test:latest ...
**************************************************************************************************************************************************************************************************
Passed: Docker logging plugin gforghetti/docker-log-driver-test:latest has been installed successfully.
**************************************************************************************************************************************************************************************************
* Step #4 Testing the Docker logging plugin: gforghetti/docker-log-driver-test:latest ...
**************************************************************************************************************************************************************************************************
Starting a Docker container to test the docker logging plugin gforghetti/docker-log-driver-test:latest
**************************************************************************************************************************************************************************************************
* Step #5 Retrieving the Docker Logs ...
**************************************************************************************************************************************************************************************************
Retrieving the Docker logs using the "docker container logs 4dc3e699dbf3d050a5b582a245c9a4718bb0300d7d55380887c74741d09bd730" command
**************************************************************************************************************************************************************************************************
* Step #6 Verifying that the contents retrieved matches what was sent to the Docker Logging plugin.
**************************************************************************************************************************************************************************************************
Passed: Docker Logging Plugin Test was successful.
**************************************************************************************************************************************************************************************************
* Step #7 Removing the Docker container and any associated volumes.
**************************************************************************************************************************************************************************************************
Passed: Docker container and any associated volumes removed.
**************************************************************************************************************************************************************************************************
* Step #8 Removing the Docker logging plugin
**************************************************************************************************************************************************************************************************
Passed: Docker logging plugin gforghetti/docker-log-driver-test:latest was removed.
Passed: This test was performed on Docker Enterprise Edition.
**************************************************************************************************************************************************************************************************
* Summary of the inspection for the Docker Logging Plugin: gforghetti/docker-log-driver-test:latest
**************************************************************************************************************************************************************************************************
Report Date: Mon May 21 14:40:41 2018
Operating System: Operating System: Ubuntu 16.04.4 LTS
Architecture: amd64
Docker Client Version: 17.06.2-ee-11
Docker Server Version: 17.06.2-ee-11
There were 1 warnings detected!
Passed: Docker Logging Plugin image gforghetti/docker-log-driver-test:latest has been inspected.
Warning: Docker logging plugin was not built using Docker Enterprise Edition!
Passed: Docker logging plugin gforghetti/docker-log-driver-test:latest has been installed successfully.
Passed: Docker Logging Plugin Test was successful.
Passed: Docker container and any associated volumes removed.
Passed: Docker logging plugin gforghetti/docker-log-driver-test:latest was removed.
Passed: This test was performed on Docker Enterprise Edition.
The inspection of the Docker logging plugin gforghetti/docker-log-driver-test:latest has completed.
If -product-id is specified on command line:
**************************************************************************************************************************************************************************************************
* Step #9 Upload the test result to Docker Hub.
**************************************************************************************************************************************************************************************************
Passed: The test results are uploaded to Docker Hub.
gforghetti:~/$
```
<a name="inspect-logging-plugin-json">
### Inspect a Docker logging plugin with JSON Output
#### To inspect the Docker logging plugin `gforghetti/docker-log-driver-test:latest` with JSON Output:
```console
$ ./inspectDockerLoggingPlugin --json gforghetti/docker-log-driver-test:latest | jq
```
> **Note**: The output was piped to the `jq` command to display it "nicely".
#### Output:
```json
{
"Date": "Mon May 21 14:38:28 2018",
"SystemOperatingSystem": "Operating System: Ubuntu 16.04.4 LTS",
"SystemArchitecture": "amd64",
"SystemDockerClientVersion": "17.06.2-ee-11",
"SystemDockerServerVersion": "17.06.2-ee-11",
"DockerLogginPlugin": "gforghetti/docker-log-driver-test:latest",
"Description": "jsonfilelog as plugin",
"Documentation": "-",
"DockerLoggingPluginDigest": "sha256:1cdd79202a7a9f9a53524e904d9f89ed0a6bf6673717bc955ef55744f0826d4c",
"BaseLayerImageDigest": "sha256:fda008d4a2b0d2c0a9d2e5dc952aefb0188f7a9c96c04e159662fd56b507c174",
"DockerVersion": "17.12.0-ce",
"Entrypoint": "/usr/bin/docker-log-driver",
"InterfaceSocket": "jsonfile.sock",
"InterfaceSocketTypes": "docker.logdriver/1.0",
"WorkDir": "",
"User": "",
"IpcHost": false,
"PidHost": false,
"Errors": 0,
"Warnings": 1,
"HTMLReportFile": "",
"VulnerabilitiesScanURL": "",
"Results": [
{
"Status": "Passed",
"Message": "Docker Logging Plugin image gforghetti/docker-log-driver-test:latest has been inspected."
},
{
"Status": "Warning",
"Message": "Docker logging plugin was not built using Docker Enterprise Edition!"
},
{
"Status": "Passed",
"Message": "Docker logging plugin gforghetti/docker-log-driver-test:latest has been installed successfully."
},
{
"Status": "Passed",
"Message": "Docker Logging Plugin Test was successful."
},
{
"Status": "Passed",
"Message": "Docker container and any associated volumes removed."
},
{
"Status": "Passed",
"Message": "Docker logging plugin gforghetti/docker-log-driver-test:latest was removed."
},
{
"Status": "Passed",
"Message": "This test was performed on Docker Enterprise Edition."
}
]
}
```
<a name="inspect-logging-plugin-html">
### Inspect a Docker logging plugin with HTML output
#### To inspect the Docker logging plugin `gforghetti/docker-log-driver-test:latest` with HTML output:
```console
$ ./inspectDockerLoggingPlugin --html gforghetti/docker-log-driver-test:latest
```
#### Output:
Note: The majority of the stdout message output has been intentionally omitted below.
```
The inspection of the Docker logging plugin cpuguy83/docker-logdriver-test:latest has completed.
An HTML report has been generated in the file cpuguy83-docker-logdriver-test-latest_inspection_report.html
```
![HTML Output Image](images/gforghetti-log-driver-latest_inspection_report.html.png)
<a name="send-to-http-api-endpoint">
### Send data to API endpoint on external server
#### Introduction
The **http_api_endpoint** is an HTTP Server that can be used to test docker logging plugins that do not support the read log api and instead send data to an API Endpoint running on an external server.
The [Sumo Logic Logging Plugin](https://hub.docker.com/plugins/sumologic-logging-plugin) is one example.
You can configure those docker logging plugins to send their logging data to the **http_api_endpoint** HTTP Server for testing the plugin and then code a script to retrieve the logs using a curl command.
#### Download
* [Linux/X86](https://s3.amazonaws.com/store-logos-us-east-1/certification/linux/http_api_endpoint)
* [Windows/X86](https://s3.amazonaws.com/store-logos-us-east-1/certification/windows/http_api_endpoint.exe)
#### Syntax
```
./http_api_endpoint [options]
```
Options:
* **--port** (The port for the **http_api_endpoint** HTTP Server to listen on. Defaults to port 80)
* **--debug** (write debugging information)
* **--help** (display the command help)
#### Using and testing the **http_api_endpoint** HTTP Server
The **curl** command can be used to test and use the **http_api_endpoint** HTTP Server.
* Issue the following curl command to send new data to the **http_api_endpoint**:
```
# DATA='Hello World!'
# curl -s -X POST -d "${DATA}" http://127.0.0.1:80
```
Note: if any data was previously sent, it will be replaced.
* Issue the following curl command to send data to the **http_api_endpoint** and append that data to the already collected data:
```
# DATA='Hello World!'
# curl -s -X POST -d "${DATA}" http://127.0.0.1:80
```
* Issue the following curl command to retrieve the data from the http_api_endpoint:
```
# curl -s -X GET http://127.0.0.1:80
```
```
Hello World!
```
* Issue the following curl command to erase any data currently collected by the http_api_endpoint:
```
# curl -s -X DELETE http://127.0.0.1:80
```
* To Terminate:
```
# curl -s http://127.0.0.1:80/EXIT
```
#### Example of using the http_api_endpoint HTTP Server for a Logging Plugin
##### Script to run a container to test the Logging Plugin
```console
$ cat test_new_plugin.sh
```
```bash
#!/usr/bin/env bash
#######################################################################################################################################
# This bash script tests a Docker logging plugin that does not support the read log api and instead sends data to an API Endpoint running on an external server.
#
#######################################################################################################################################
# Docker Inc.
#######################################################################################################################################
#######################################################################################################################################
# Make sure the Docker logging plugin was specified on the command line
#######################################################################################################################################
DOCKER_LOGGING_PLUGIN=$1
if [[ -z $DOCKER_LOGGING_PLUGIN ]]; then
printf 'You must specify the Docker Loggin Plugin!\n'
exit 1
fi
HTTP_API_ENDPOINT='http://localhost:80'
#######################################################################################################################################
# Check to make sure the http_api_endpoint HTTP Server is running
#######################################################################################################################################
curl -s -X POST "${HTTP_API_ENDPOINT}"
if [[ $? -ne 0 ]]; then
printf 'Unable to connect to the HTTP API Endpoint: '"${HTTP_API_ENDPOINT}"'!\n'
exit 1
fi
#######################################################################################################################################
# Run an alpine container with the plugin and send data to it
#######################################################################################################################################
docker container run \
--rm \
--log-driver="${DOCKER_LOGGING_PLUGIN}" \
--log-opt sumo-url="${HTTP_API_ENDPOINT}" \
--log-opt sum-sending-interval=5s \
--log-opt sumo-compress=false \
--volume $(pwd)/quotes.txt:/quotes.txt \
alpine:latest \
sh -c 'cat /quotes.txt;sleep 10'
exit $?
```
##### Script to retrieve the logging data from the http_api_endpoint HTTP Server
```console
$ cat get_plugin_logs.sh
```
```bash
#!/usr/bin/env sh
#######################################################################################################################################
# This bash script retrieves any data logged to the http_api_endpoint HTTP Server.
#######################################################################################################################################
# Docker Inc.
#######################################################################################################################################
curl -s -X GET http://127.0.0.1:80
```
##### To test the Docker logging plugin
```console
$ ./inspectDockerLoggingPlugin --verbose --html --test-script ./test_plugin.sh --get-logs-script ./get_plugin_logs.sh myNamespace/docker-logging-driver:1.0.2
```

46
docker-hub/publish/customer_faq.md
View File

@ -1,46 +0,0 @@
---
description: Publisher & Certified Content FAQs
keywords: Docker, docker, store, purchase images
title: Docker Hub Publisher & Certified Content FAQs
redirect_from:
- /docker-store/customer_faq/
---
## Hub publisher profile
### What is the difference between a Community User and a Verified Publisher?
Community users are users who have signed up to receive a Docker ID and made some of their repositories public on Docker Hub. By contrast, Verified Publishers have engaged directly with Docker's partner team, and enrolled in our Docker Technology Partner program. Verified Publisher profiles indicate that the business entity of the publisher has been validated, and have taken proactive steps to partner with Docker. Unlike community content, Verified Publisher profiles indicate true provenance of the content.
## Certified content
### What are Certified Containers and Plugins, and how are they differentiated from other content on Docker Hub?
The Docker Certification program is
designed for enterprise customers to recognize
high-quality content which is compatible, tested, and supported on Docker Enterprise by a Verified publisher. Docker Certification is aligned to the available
Docker Enterprise products, and gives enterprises a trusted way to run more
technology in containers with the confidence knowing there is a collaborative support relationship in place between Docker and the Verified Publisher.
## End-user experience
### Why do I see the pull command for a few products and no pull command in other products?
If a publisher publishes multiple images as part of their plan - we do not
display the pull command. The pull command visual is exclusively for submissions
that have a single image.
### Where can I see all my subscribed content?
To view your accessible content, go to the account menu at the upper right corner, and
click **My Content**. The page that appears lists all your active
subscriptions, and any lapsed or canceled subscriptions.
### Can I subscribe to content for my organization?
Yes! Members of an Organization's **Owners** team can subscribe to content
for use in their Organization. Once the subscription has been completed, images are available for any
organization member to pull.
Organization owners can view the organization's subscriptions by changing the
selected account on the **My Content** page.

BIN
docker-hub/publish/images/Docker-Hub-tags-system-info.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 12 KiB

BIN
docker-hub/publish/images/Docker-Hub-tags-vulnerabilities.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 24 KiB

BIN
docker-hub/publish/images/Docker-hub-tags-vulnerability-details.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 17 KiB

BIN
docker-hub/publish/images/FAQ-certified-content.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 41 KiB

BIN
docker-hub/publish/images/FAQ-types-of-certified-content.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 51 KiB

BIN
docker-hub/publish/images/certified_container.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 12 KiB

BIN
docker-hub/publish/images/certified_infrastructure.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 12 KiB

BIN
docker-hub/publish/images/certified_plugins.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 12 KiB

BIN
docker-hub/publish/images/gforghetti-apache-latest_inspection_report.html-1.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 542 KiB

BIN
docker-hub/publish/images/gforghetti-apache-latest_inspection_report.html-2.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.0 MiB

BIN
docker-hub/publish/images/gforghetti-apache-latest_inspection_report.html-3.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 807 KiB

BIN
docker-hub/publish/images/gforghetti-log-driver-latest_inspection_report.html.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 624 KiB

BIN
docker-hub/publish/images/image-tags.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 168 KiB

BIN
docker-hub/publish/images/image_0.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 93 KiB

BIN
docker-hub/publish/images/node-tags-system-info.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 115 KiB

BIN
docker-hub/publish/images/node-tags-vulnerabilities.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 188 KiB

BIN
docker-hub/publish/images/node-tags-vulnerability-details.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 158 KiB

BIN
docker-hub/publish/images/publish-diagram.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 215 KiB

BIN
docker-hub/publish/images/publish_byol.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 114 KiB

BIN
docker-hub/publish/images/scan-full-details.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 36 KiB

BIN
docker-hub/publish/images/scan-single.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 25 KiB

BIN
docker-hub/publish/images/scan-tags.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 33 KiB

BIN
docker-hub/publish/images/scan-view.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 20 KiB

BIN
docker-hub/publish/images/store-browse.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 96 KiB

BIN
docker-hub/publish/images/store-get.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 70 KiB

BIN
docker-hub/publish/images/store-product-id.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 150 KiB

BIN
docker-hub/publish/images/store-pullcmd.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 23 KiB

BIN
docker-hub/publish/images/store-search.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 57 KiB

BIN
docker-hub/publish/images/subscribed.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 474 KiB

9
docker-hub/publish/index.md
View File

@ -2,6 +2,13 @@
description: Docker Verified Publisher Program description: Docker Verified Publisher Program
title: Docker Verified Publisher Program title: Docker Verified Publisher Program
redirect_from: redirect_from:
- /docker-store/byol/
- /docker-store/certify-images/
- /docker-store/certify-plugins-logging/
- /docker-store/customer_faq/
- /docker-store/publisher_faq/
- /docker-store/trustchain/
- /docker-store/publish/
- /docker-hub/publish/publish/ - /docker-hub/publish/publish/
- /docker-hub/publish/customer_faq/ - /docker-hub/publish/customer_faq/
- /docker-hub/publish/publisher_faq/ - /docker-hub/publish/publisher_faq/
@ -19,4 +26,4 @@ The **Verified Publisher** badge included on the Docker Hub repositories indicat
To find out more about the Docker Verified and Publisher Program and to sign up for a partnership with Docker, visit the [Docker Verified Publisher Program](https://www.docker.com/partners/programs){:target="_blank" rel="noopener" class="_"} page. To find out more about the Docker Verified and Publisher Program and to sign up for a partnership with Docker, visit the [Docker Verified Publisher Program](https://www.docker.com/partners/programs){:target="_blank" rel="noopener" class="_"} page.
![Verification Badge](images/VerifiedPublisherBadge.png) ![Verification Badge](images/VerifiedPublisherBadge.png)

260
docker-hub/publish/publish.md
View File

@ -1,260 +0,0 @@
---
description: Submit a product for Docker Hub
keywords: Docker, docker, hub, purchase images
title: Publish content on Docker Hub
redirect_from:
- /docker-store/publish/
---
## Permitted content and support options
* Content that runs on Docker Enterprise may be published on Docker Hub under a
Verified Publisher profile. This content may also qualify to become a Docker
Certified Container or Plugin image, and thus become backed by collaborative
Docker/Publisher support.
* Content that runs on the Docker Community may be published in Docker Hub, but
is not supported by Docker nor is it eligible to become Certified.
* Content that requires a non-Certified Infrastructure environment may not be
published.
| If your content: | Can publish | Can be Certified | Supported by publisher |
|:-----|:--------|:------|:-----|
| Works on Docker Community | YES | NO | Optional |
| Does not work on Docker Certified Infrastructure | NO | N/A | N/A |
## Onboarding
The Docker Hub publishing process begins from the landing page: sign in with
your Docker ID and specify a product name and image source from a private or public repository.
After specifying a source, provide the content-manifest items to populate your
product details page. These items include logos, descriptions, and licensing and
support links so that customers can make informed decisions about your image.
These items are submitted alongside the image itself for moderation.
The Docker Hub team then conducts a comprehensive review of your image and
metadata. We use Docker Security Scanning to evaluate the security of your
product images, and share results with you as the publisher. During the
image-moderation phase, we iterate back and forth with publishers to address
outstanding vulnerabilities and content-manifest issues until the image is ready
for publication.
Commercial content and other supported images may qualify for the Docker
Certified Container or Plugins quality mark. The testing for this program goes
beyond the vulnerability scan and also evaluates container images for Docker
best practices developed over years of experience. Collaborative support
capability between Docker and the publisher is also established. Refer to the
diagram below for a high-level summary:
![publishing workflow](images/publish-diagram.png)
## Create great content
Create your content, and follow our best practices to Dockerize it. Keep your
images small, your layers few, and your components secure. Refer to the links
and guidelines listed below to build and deliver great content:
* [Best practices for writing Dockerfiles](/engine/userguide/eng-image/dockerfile_best-practices/)
* [Official Images on Docker Hub](/docker-hub/official_images/)
* [Docker Bench for Security](https://github.com/docker/docker-bench-security){: target="_blank"
class="_"}
Here are some best practices when it comes to building vulnerability-free Docker images:
### Choose a secure base image (See your Dockerfile's `FROM:` directive)
Many base images have a strong record of being secure, including:
* [Debian](https://hub.docker.com/r/library/debian/tags/jessie/){: target="_blank" rel="noopener" class="_"}
Linux: both small and tightly-controlled, Debian-linux is a good alternative
if you're currently using Ubuntu.
* [Alpine](https://hub.docker.com/_/alpine/){: target="_blank" rel="noopener" class="_"} Linux:
Alpine is a minimal linux distribution with an excellent security record.
* Alpine-based application images: these include `python:alpine`, `ruby:alpine`,
and `golang:alpine`. They are secure and minimal, while providing the
convenience of their non-Alpine alternatives.
Docker strongly recommends Alpine Linux. The founder of this Linux distribution
is leading an initiative at Docker to provide safe, compact base images for all
container applications.
### Remove unused components
Often, vulnerabilities exist in components that aren't actually used in the
containerized application. To avoid this, you can:
* Follow best practices when using the `apt-get` command.
* Run `apt-get-remove` to destroy any components required to build but not
actually run your application. Usually, this involves creating multi-line
Dockerfile directives, as seen below. The following example shows how to remove
`curl` and `python-pip` after they are used to install the Python `requests`
package, all in a single Dockerfile directive:
```dockerfile
RUN apt-get update && \
apt-get install -y --no-install-recommends curl python-pip && \
pip install requests && \
apt-get remove -y python-pip curl && \
rm -rf /var/lib/apt/lists/
```
> Files introduced in one directive of your Dockerfile can only be removed in
> the same directive (and not in subsequent directives in your Dockerfile).
### Keep required components up-to-date
Your images are composed of open-source libraries and packages that amass
vulnerabilities over time and are consequently patched. To ensure the integrity
of your product, keep your images up-to-date:
* Periodically update your base image's version, especially if youre using a
version deemed to be vulnerable.
* Re-build your image periodically. Directives including commands such as
`apt-get install ...` pull the latest versions of dependencies, which may
include security fixes.
## Create and maintain your Verified Publisher profile
Let the Docker community know who you are. Add your details, your company
story, and what you do. At the very minimum, we require:
* Legal entity name
* Company website
* Phone number
* Valid company email
* Company icon/logo (square; at least 512x512px)
## Prepare your image-manifest materials
You must provide the namespace (including repository and tags) of a private or public
repository on Docker Hub that contains the source for your product.
This repository path is not shown to users, but the repositories you choose
determine the Product Tiers available for customers to download.
The following content information helps us make your product look great and
discoverable:
1. Product Name
2. Product icon/logo
3. Short description: a one-to-two-sentence summary; up to 140 characters
4. Category: Database, Networking, Business Software, etc. and any search tags
5. Long description: includes product details/pitch
6. Screenshot(s)
7. Support link
8. Product tier name
9. Product tier description
10. Product tier price
11. Installation instructions
12. Link to, or text of, license agreements
### How the manifest information is displayed in the UI
This is an approximate representation, and some elements might shift around as we make enhancements.
![manifest information displayed on store UI](images/subscribed.png)
## Support your users
Docker users who download your content might need help
later, so be prepared for questions! The information you provide with your
submission saves support time in the future.
### Support information
If you provide support along with your content, include that information. Is
there a support website? What email address can users contact for help? Are
there self-help or troubleshooting resources available?
### Support SLA
Include a Service Level Agreement (SLA) for each image you're offering. An SLA is your commitment to your users about the nature and level of
support you provide to them. Make sure your SLA includes support hours and
response-time expectations, where applicable.
## Security and audit policies
Docker Hub
[audits](#usage-audit-and-reporting) consumer activity of your images to provide
you intelligence about the use of your product.
### Usage audit and reporting
Unless otherwise negotiated, an audit of activity on publisher content is
retained for no less than 180 days.
A monthly report of said activity is provided to the publisher with the
following data: (1) report of content download by free and paid customers by
date and time; (2) report of purchase, cancellations, refunds, tax payments,
where applicable, and subscription length for paid customers of the content; and
(3) the consolidated amount to be received by the publisher.
### Certification
There are three types of certification that appear in Docker Hub.
![certified container badge](images/certified_container.png)
Certifies that a container image on Docker Hub has been tested; complies best
practices guidelines; runs on Docker Certified Infrastructure; has proven
provenance; been scanned for vulnerabilities; and is supported by Docker and the
content publisher
![certified plugins badge](images/certified_plugins.png)
This certification is designed for volume, network, and other plugins that
access system level Docker APIs. Docker Certified Plugins provide the same level
of assurance as a Docker Certified Container, but go further by having passed an
additional suite of API compliance testing.
### Docker Certified Publisher FAQ
#### What is the Docker Certified program?
Docker Certified Container images and plugins are meant to differentiate high
quality content on Docker Hub. Customers can consume Certified Containers with
confidence knowing that both Docker and the publisher stands behind the
solution. Further details and an application can be [found here.](https://goto.docker.com/2019-Partner-Program-Technology.html){: target="_blank" rel="noopener" class="_"}.
#### What are the benefits of Docker Certified?
Docker Hub promotes Docker Certified Containers and Plugins running on Docker
Certified Infrastructure trusted and high quality content. The Docker Certified badge
can also be listed alongside external references to your product.
#### How is support handled?
All Docker Certified Container images and plugins running on Docker Enterprise come with support provided directly by the publisher, under your existing SLA.
Normally, a customer contacts the publisher for container and application level
issues. Likewise, a customer contacts Docker for Docker Enterprise support. In the
case where a customer calls Docker (or vice versa) about an issue on the
application, Docker advises the customer about the publisher support process and
performs a handover directly to the publisher if required. TSAnet is required
for exchange of support tickets between the publisher and Docker.
#### How does a publisher apply to the Docker Certified program?
Start by applying to be a [Docker Technology
Partner](https://goto.docker.com/2019-Partner-Program-Technology.html){: target="_blank" rel="noopener" class="_"}
#### What is the difference between Official Images and Docker Certified?
Official Images is a program sponsored by Docker for the curation and packaging of Open Source Software. While upstream vendors are sometimes involved, this is not always the case. Docker Certified content is explicitly provided, maintained, and supported directly by the ISV.
#### How is certification of plugins handled?
Docker Certification program recognizes the need to apply special scrutiny and
testing to containers that access system level interfaces like storage volumes
and networking. Docker identifies these special containers as “Plugins” which
require additional testing by the publisher or Docker.

197
docker-hub/publish/publisher_faq.md
View File

@ -1,197 +0,0 @@
---
description: Docker Hub frequently asked questions for publishers
keywords: Docker, docker, hub, purchase images
title: Docker Hub Publisher FAQs
redirect_from:
- /docker-store/publisher_faq/
---
## Certification program
### What is the certification program for containers and plugins, and what are some benefits?
The Docker Certification program for Containers and Plugins is
designed for both technology partners and enterprise customers to recognize
high-quality Containers and Plugins, provide collaborative support, and ensure
compatibility with the Docker Enterprise platform. Docker Certified products give enterprises a trusted way to run more
technology in containers with support from both Docker and the publisher. The
[Docker Technology Partner guide](https://www.docker.com/sites/default/files/d8/2018-12/Docker-Technology-Partner-Program-Guide-120418.pdf)
explains the Technology Partner program, inclusive of process and requirements to Certify Containers and Plugins.
## Publisher signup and approval
### How do I get started with the publisher signup and approval process?
Start by completing our [Technology Partner application](https://goto.docker.com/2019-Partner-Program-Technology.html). Docker's partner team will review your application, and follow up directly with further steps. If you have any questions or concerns, please reach out directly to us at partners@docker.com!
### Can we have a group of people work on the same product and publish to Docker Hub? (This replicates our internal workflow where more than one person is working on Dockerizing our product.)
Yes. You can submit your content as a team.
## Product submission
### What exactly is a customer given access to once they're entitled to a given product plan?
The customer will be given the permissions to docker pull any tag associated with the source repo specified. We recommend that you create a distinct repo per plan and only use tags for different versions of that specific plan. For example, if you have a community, pro, and enterprise plan of a single product, you should create three separate repos, `namespace/community, namespace/pro, and namespace/enterprise`. Once a customer is entitled to your enterprise plan, they will be able to pull `store/namespace/enterprise:anytag`.
### What is the typical publishing time for new products and updates?
Products are typically published within 24hrs of submission.
### Once a product is published, what is the process for pushing a new build (1.2, 1.3)? Will we simply edit the same product, adding the newly tagged repos?
Edit the same product and update with the newly tagged repos.
Additionally, for product updates, you may include a set of *Release Notes*. These notes will not be published with the product listing itself. Instead, they will be emailed directly to the current subscriber of the product. This ensures that consumers will have timely, valuable alerts about the availability of new images and significant changes.
### On the Information page, organization details are required. Do we need to fill those in again for every product we publish, or are they carried over? And if we change them for a later image publish, are they updated for all images published by our organization?
Organization details need to be filled in only once. Updating organization info
once updates this for all images published by your organization.
### Can we show customers all tags for a specific repository, the way we show all tags for official images?
We don't support the ability to view available tags for published products because published products usually require entitlement.
Official images and community images have available tags visible because anyone can access any tag at any time anonymously.
In the future, we may enable product listings published with the concept of versions, allowing publishers to manage which versions of their products they expose to customers for access.
### On the page for another vendors product on Docker Hub, I see the following chunks of data: How do these fields map to the following that are required in the publish process?
#### Fields I see
* Description
* License
* Feedback
* Contributing Guidelines
* Documentation
#### Fields in the publish process
* Product description
* Support link
* Documentation link
* Screenshots
* Tier description
* Installation instructions
*Description* maps to *Product description* in the publish process.
*License* maps to *Support Link* in the publish process.
*Documentation* maps to *Documentation Link* in the publish process.
*Feedback* is provided through customer reviews. https://hub.docker.com/images/node?tab=reviews is an example.
*Tier Description* is what you see once users get entitled to a plan. For instance, in https://hub.docker.com/images/openmaptiles-openstreetmap-maps/plans/f1fc533a-76f0-493a-80a1-4e0a2b38a563?tab=instructions `A detailed street map of any place on a planet. Evaluation and non-production use. Production use license available separately` is what this publisher entered in the Tier description
*Installation instructions* is documentation on installing your software. In this case the documentation is just `Just launch the container and the map is going to be available on port 80 - ready-to-use - with instructions and list of available styles.` (We recommend more details for any content that's a certification candidate).
### How can I remove a published product?
If you would like to remove your submission, contact us at [publisher-support@docker.com](mailto:publisher-support@docker.com).
### Can publishers publish multi-container apps?
Yes. Publishers can provide multiple images and add a compose file in the
install instructions to describe how the multi-container app can be used. For
now, we recommend asking publishers to look at this example from Microsoft
https://hub.docker.com/images/mssql-server-linux where they have Supported
Tags listed in the Install instructions (you don't necessarily need to list it
in the readme).
### Regarding source repo tags: it says not to use “latest”. However, if we want users to be able to download the images without specifying a tag, then presumably an image tagged “latest” is required. So how do we go about that?
You can not submit "latest" tags through the certification/hub publish workflow.
The reason we do this is so that users are aware of the exact version they
download. To make the user experience easy we have a copy widget that users can
use to copy the pull command and paste in their command line. Here is a
[screenshot](https://user-images.githubusercontent.com/2453622/32354702-1bec633a-bfe8-11e7-9f80-a02c26b1b10c.png)
to provide additional clarity.
### I have two plans, can I use the same repository but different tags for the two plans?
We expect publishers to use a different repository for each plan. If a user is entitled to a plan in your product, the user is entitled to all tags in the relevant.
For instance, if you have a `Developer` Plan, that is mapped to repositories store/`mynamespace`/`myrepo1`:`mytag1`, another plan (say `Production`) **should** map to a different repository.
**_Any user that is entitled to the `Developer` plan will be able to pull all tags in store/`mynamespace`/`myrepo1`_**.
## Licensing, terms and conditions, and pricing
### What options are presented to users to pull an image?
We provide users the following options to access your software
* Logged-in users
* Subscribed users only (requires ToS acceptance)
* All users (including users without Docker Identity)
Here is a [screenshot](https://user-images.githubusercontent.com/2453622/32067299-00cf1210-ba83-11e7-89f8-15deed6fef62.png) to describe how publishers can update the options provided to customers.
### If something is published as a free tier, for subscribed users only, does a user need to explicitly click Accept on the license terms for which we provide the link before they can download the image?
Yes
### Do you have a license enforcement system for docker images sold on Docker Hub? How are they protected, once they have been downloaded? What happens if a customer stop paying for the image I am selling after, let's say, 2 months?
We provide the following licensing option to customers:
* Bring your own License or BYOL.
The expectation is that the publisher would take care of License Keys within the
container. The License Key itself can be presented to the customer through Docker
Hub. We expect the Publisher to build short circuits into the container, so
the container stops running once the License Key expires. Once a customer
cancels, or if the customer subscription expires - the customer cannot
download updates from Docker Hub.
If a user cancels their subscription, they cannot download updates
from Docker Hub. The container may continue running. If you have a licensing
scheme built into the container, the licensing scheme can be a forcing function
and stop the container. (_We do not build anything into the container, it is up to the publisher_).
### Does Docker Hub offer a Subscription service, handle our invoicing, payments, etc? What happened to Pay-via-Docker?
Docker has deprecated the Pay-via-Docker subscription service. At this time, Docker Hub only supports distribution of content, under the BYOL Ungated model. In the future, we intend to release BYOL Gated functionality as well. If neither of these options will work for your product and licensing structure, please do inform your partner manager to help guide our feature prioritization.
### How does Docker handle Export control? Can individual countries be specified if differing from Docker's list of embargoed countries?
We provide export control through blacklisting several countries, IPs and users
based on the national export compliance database. Any export control we do is
across all products, we do not selectively blacklist versions and products for
specific groups. Send us an email at publisher-support if you have questions
## Analytics
### Where can I view customer insights?
Analytics reports are only available to Publishers with Certified. Go to https://hub.docker.com/publisher/center and click on "Actions"
for the product you'd like to view analytics for. Here is a
[screenshot](https://user-images.githubusercontent.com/2453622/32352202-6e87ce6e-bfdd-11e7-8fb0-08fe5a3e8930.png).
### How do metrics differentiate between the different Pull Requirement options?
The Analytics reports contain information about the Subscriber and the
relevant product plan. You can identify subscribers for each plan
for each product. Only anonymous information is available to our publishers. If you'd like the opportunity to receive Lead information, Subscribed Users Only will need to be selected as the pull requirement. Please review the Technology Partner Program guide, and consult with your partner manager, for more information on Lead Generation plans.
### Can I preview my submission before publishing?
Yes. You can preview your submission including the image you've submitted, the look and feel of the detail page and any markdown descriptions you might have.
Here are a few screenshots that illustrate the preview experience for markdown content.
Product Description preview [screenshot](https://user-images.githubusercontent.com/2453622/32344591-9cd6b456-bfc4-11e7-9505-1f7e8235f812.png).
Install instructions description preview [screenshot](https://user-images.githubusercontent.com/2453622/32344592-9cf2e234-bfc4-11e7-9e60-d773b62eae07.png).
## Other FAQs
### Can a publisher respond to a review of their product?
Yes
### Can I have a publish by date for my content?
Not yet. This is a planned enhancement, but we have no specific availability date at this time.
In lieu of an automated approach, you may coordinate publication timeline directly with your partner manager.
### Can I convert my Hub Community profile to a Verified Publisher profile?
No, at this time you will need to separately sign up to become a Verified Publisher. Following that, you may migrate or re-publish your public repo's under the new Verified Publisher profile.
### Once I've completed the process to become a Verified Publisher with my partner manager, how do I get access to the Publisher Portal?
You will need to apply for access. Please either follow [this direct link](https://hub.docker.com/publisher/center) or click the "Publisher Center" link at the bottom of any Docker Hub page. Please note, that you will need to be logged in with a DockerID in order to see this link.
### What kind of DockerID should I use to publish my content?
Publishing should be done with an [Organization level DockerID](../orgs.md). We recommend that this account utilize a shared alias with your corporate email account and only individual DockerIDs with company email are added to that organization.

65
docker-hub/publish/trustchain.md
View File

@ -1,65 +0,0 @@
---
title: Docker Hub Publisher Image Trust Chain
keywords: trust, chain, store, security
redirect_from:
- /docker-store/trustchain/
---
## For consumers
Docker can ensure that all content is securely received and verified from original
producers, and additionally audits images before adding them to the Docker
Hub. Docker cryptographically signs the images upon completion of a
satisfactory image check, so that you can verify and trust certified content
from the Docker Hub.
Heres the full trust chain in detail, with details on how to cryptographically
verify completion of the process when pulling an image from Docker Hub:
1. Publishers sign and push their images using Docker Content Trust to a private staging area.
2. Docker pulls the image, verifies the signatures to guarantee authenticity, integrity, and freshness of the image.
3. The Docker Hub certification team performs a thorough review of the image, looking for vulnerabilities and verifying best practices for image hygiene, such as ensuring minimal image sizes and working health-checks.
4. Upon a successful review, Docker signs the image and makes it officially available on Docker Hub. As a consumer, you can confirm that Docker signed the image by pulling and running with Docker Content Trust:
```shell
DOCKER_CONTENT_TRUST=1 docker pull <image>
DOCKER_CONTENT_TRUST=1 docker run <image>
```
## For publishers
The Docker Hub has a thorough and well-defined certification process to ensure
top-quality content from producers is delivered to consumers in a trusted
manner. As a producer of content, you are required to sign your images so
that Docker can verify that your content is not tampered with upon starting the
image certification and publishing process as outlined below:
1. Producers sign and push their images using Docker Content Trust to a private staging area. To do this, run a `docker push` command with Content Trust enabled:
```shell
DOCKER_CONTENT_TRUST=1 docker push <image>
```
2. Docker verifies the signatures to guarantee authenticity, integrity, and freshness of the image. All of the individual layers of your image, and the combination thereof, are encompassed as part of this verification check. [Read more detail about Content Trust in Docker's documentation](../../engine/security/trust/index.md).
3. Upon a successful signature verification, Docker pulls the original image to a private, internal staging area only accessible to the Docker Hub certification team.
4. The Docker Hub certification team performs a thorough review of the image, looking for vulnerabilities and verifying best practices for image hygiene, such as ensuring minimal image sizes and working health-checks.
5. Upon a successful review, Docker signs the image and makes it officially available on Docker Hub. Similar to artifacts on the Apple Store, this is the final and only signature on the image. Your consumers confirm that the full certification process was completed by checking Dockers signature by pulling and running with Docker Content Trust:
```shell
DOCKER_CONTENT_TRUST=1 docker pull <image>
DOCKER_CONTENT_TRUST=1 docker run <image>
```
![Store Trust Chain signing process](images/image_0.png)
To learn more the trust chain and certification for publishing content, see
[Security and Audit Policies](publish.md#security-and-audit-policies) in the
publishers guide.