docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

engine/swarm: use "console" for shell examples 

This allows for easier copying of the commands, without selecting the
prompt.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2021-08-06 17:06:20 +02:00
parent ba54a6519e
commit 3b71231970
No known key found for this signature in database
GPG Key ID: 76698F39D527CE8C
20 changed files with 227 additions and 228 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
engine/swarm/admin_guide.md
View File

@ -133,8 +133,8 @@ operations like swarm heartbeat or leader elections.
To avoid interference with manager node operation, you can drain manager nodes
to make them unavailable as worker nodes:
```bash
docker node update --availability drain <NODE>
```console
$ docker node update --availability drain <NODE>
```
When you drain a node, the scheduler reassigns any tasks running on the node to
@ -161,8 +161,8 @@ From the command line, run `docker node inspect <id-node>` to query the nodes.
For instance, to query the reachability of the node as a manager:
{% raw %}
```bash
docker node inspect manager1 --format "{{ .ManagerStatus.Reachability }}"
```console
$ docker node inspect manager1 --format "{{ .ManagerStatus.Reachability }}"
reachable
```
{% endraw %}
@ -170,8 +170,8 @@ reachable
To query the status of the node as a worker that accept tasks:
{% raw %}
```bash
docker node inspect manager1 --format "{{ .Status.State }}"
```console
$ docker node inspect manager1 --format "{{ .Status.State }}"
ready
```
{% endraw %}
@ -190,9 +190,8 @@ manager:
Alternatively you can also get an overview of the swarm health from a manager
node with `docker node ls`:
```bash
docker node ls
```console
$ docker node ls
ID HOSTNAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS
1mhtdwhvsgr3c26xxbnzdc3yp node05 Accepted Ready Active
516pacagkqp2xc3fk9t1dhjor node02 Accepted Ready Active Reachable
@ -301,7 +300,7 @@ restore the data to a new swarm.
to connect to nodes that were part of the old swarm, and presumably no
longer exist.
```bash
```console
$ docker swarm init --force-new-cluster
```
@ -350,9 +349,10 @@ except the manager the command was run from. The quorum is achieved because
there is now only one manager. Promote nodes to be managers until you have the
desired number of managers.
```bash
# From the node to recover
docker swarm init --force-new-cluster --advertise-addr node01:2377
From the node to recover, run:
```console
$ docker swarm init --force-new-cluster --advertise-addr node01:2377
```
When you run the `docker swarm init` command with the `--force-new-cluster`

54
engine/swarm/configs.md
View File

@ -141,7 +141,7 @@ real-world example, continue to
input because the last argument, which represents the file to read the
config from, is set to `-`.
```bash
```console
$ echo "This is a config" | docker config create my-config -
```
@ -149,14 +149,14 @@ real-world example, continue to
the container can access the config at `/my-config`, but
you can customize the file name on the container using the `target` option.
```bash
```console
$ docker service create --name redis --config my-config redis:alpine
```
3. Verify that the task is running without issues using `docker service ps`. If
everything is working, the output looks similar to this:
```bash
```console
$ docker service ps redis
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
@ -170,7 +170,7 @@ real-world example, continue to
how to find the container ID, and the second and third commands use shell
completion to do this automatically.
```bash
```console
$ docker ps --filter name=redis -q
5cb1c2348a59
@ -187,7 +187,7 @@ real-world example, continue to
5. Try removing the config. The removal fails because the `redis` service is
running and has access to the config.
```bash
```console
$ docker config ls
@ -204,7 +204,7 @@ real-world example, continue to
6. Remove access to the config from the running `redis` service by updating the
service.
```bash
```console
$ docker service update --config-rm my-config redis
```
@ -220,7 +220,7 @@ real-world example, continue to
8. Stop and remove the service, and remove the config from Docker.
```bash
```console
$ docker service rm redis
$ docker config rm my-config
@ -297,14 +297,14 @@ name as its argument. The template will be rendered when container is created.
2. Save the `index.html.tmpl` file as a swarm config named `homepage`. Provide
parameter `--template-driver` and specify `golang` as template engine.
```bash
```console
$ docker config create --template-driver golang homepage index.html.tmpl
```
3. Create a service that runs Nginx and has access to the environment variable
HELLO and to the config.
```bash
```console
$ docker service create \
--name hello-template \
--env HELLO="Docker" \
@ -316,7 +316,7 @@ name as its argument. The template will be rendered when container is created.
4. Verify that the service is operational: you can reach the Nginx server, and
that the correct output is being served.
```bash
```console
$ curl http://0.0.0.0:3000
<html lang="en">
@ -351,13 +351,13 @@ generate the site key and certificate, name the files `site.key` and
1. Generate a root key.
```bash
```console
$ openssl genrsa -out "root-ca.key" 4096
```
2. Generate a CSR using the root key.
```bash
```console
$ openssl req \
-new -key "root-ca.key" \
-out "root-ca.csr" -sha256 \
@ -377,7 +377,7 @@ generate the site key and certificate, name the files `site.key` and
4. Sign the certificate.
```bash
```console
$ openssl x509 -req -days 3650 -in "root-ca.csr" \
-signkey "root-ca.key" -sha256 -out "root-ca.crt" \
-extfile "root-ca.cnf" -extensions \
@ -386,13 +386,13 @@ generate the site key and certificate, name the files `site.key` and
5. Generate the site key.
```bash
```console
$ openssl genrsa -out "site.key" 4096
```
6. Generate the site certificate and sign it with the site key.
```bash
```console
$ openssl req -new -key "site.key" -out "site.csr" -sha256 \
-subj '/C=US/ST=CA/L=San Francisco/O=Docker/CN=localhost'
```
@ -414,7 +414,7 @@ generate the site key and certificate, name the files `site.key` and
8. Sign the site certificate.
```bash
```console
$ openssl x509 -req -days 750 -in "site.csr" -sha256 \
-CA "root-ca.crt" -CAkey "root-ca.key" -CAcreateserial \
-out "site.crt" -extfile "site.cnf" -extensions server
@ -452,7 +452,7 @@ generate the site key and certificate, name the files `site.key` and
to decouple the key and certificate from the services that use them.
In these examples, the secret name and the file name are the same.
```bash
```console
$ docker secret create site.key site.key
$ docker secret create site.crt site.crt
@ -461,13 +461,13 @@ generate the site key and certificate, name the files `site.key` and
3. Save the `site.conf` file in a Docker config. The first parameter is the
name of the config, and the second parameter is the file to read it from.
```bash
```console
$ docker config create site.conf site.conf
```
List the configs:
```bash
```console
$ docker config ls
ID NAME CREATED UPDATED
@ -479,7 +479,7 @@ generate the site key and certificate, name the files `site.key` and
config. Set the mode to `0440` so that the file is only readable by its
owner and that owner's group, not the world.
```bash
```console
$ docker service create \
--name nginx \
--secret site.key \
@ -498,7 +498,7 @@ generate the site key and certificate, name the files `site.key` and
5. Verify that the Nginx service is running.
```bash
```console
$ docker service ls
ID NAME MODE REPLICAS IMAGE
@ -513,7 +513,7 @@ generate the site key and certificate, name the files `site.key` and
6. Verify that the service is operational: you can reach the Nginx
server, and that the correct TLS certificate is being used.
```bash
```console
$ curl --cacert root-ca.crt https://0.0.0.0:3000
<!DOCTYPE html>
@ -543,7 +543,7 @@ generate the site key and certificate, name the files `site.key` and
</html>
```
```bash
```console
$ openssl s_client -connect 0.0.0.0:3000 -CAfile root-ca.crt
CONNECTED(00000003)
@ -588,7 +588,7 @@ generate the site key and certificate, name the files `site.key` and
this example by removing the `nginx` service and the stored secrets and
config.
```bash
```console
$ docker service rm nginx
$ docker secret rm site.crt site.key
@ -633,7 +633,7 @@ configuration file.
3. Update the `nginx` service to use the new config instead of the old one.
```bash
```console
$ docker service update \
--config-rm site.conf \
--config-add source=site-v2.conf,target=/etc/nginx/conf.d/site.conf,mode=0440 \
@ -644,14 +644,14 @@ configuration file.
`docker service ps nginx`. When it is, you can remove the old `site.conf`
config.
```bash
```console
$ docker config rm site.conf
```
5. To clean up, you can remove the `nginx` service, as well as the secrets and
configs.
```bash
```console
$ docker service rm nginx
$ docker secret rm site.crt site.key

2
engine/swarm/how-swarm-mode-works/swarm-task-states.md
View File

@ -48,7 +48,7 @@ Run `docker service ps <service-name>` to get the state of a task. The
`CURRENT STATE` field shows the task's state and how long it's been
there.
```bash
```console
$ docker service ps webserver
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
owsz0yp6z375 webserver.1 nginx UbuntuVM Running Running 44 seconds ago

22
engine/swarm/ingress.md
View File

@ -31,7 +31,7 @@ specify the port to bind on the routing mesh. If you leave off the `published`
port, a random high-numbered port is bound for each service task. You
need to inspect the task to determine the port.
```bash
```console
$ docker service create \
--name <SERVICE-NAME> \
--publish published=<PUBLISHED-PORT>,target=<CONTAINER-PORT> \
@ -51,7 +51,7 @@ is required.
For example, the following command publishes port 80 in the nginx container to
port 8080 for any node in the swarm:
```bash
```console
$ docker service create \
--name my-web \
--publish published=8080,target=80 \
@ -73,7 +73,7 @@ within the host.
You can publish a port for an existing service using the following command:
```bash
```console
$ docker service update \
--publish-add published=<PUBLISHED-PORT>,target=<CONTAINER-PORT> \
<SERVICE>
@ -83,7 +83,7 @@ You can use `docker service inspect` to view the service's published port. For
instance:
{% raw %}
```bash
```console
$ docker service inspect --format="{{json .Endpoint.Spec.Ports}}" my-web
[{"Protocol":"tcp","TargetPort":80,"PublishedPort":8080}]
@ -105,7 +105,7 @@ set the `protocol` key to either `tcp` or `udp`.
**Long syntax:**
```bash
```console
$ docker service create --name dns-cache \
--publish published=53,target=53 \
dns-cache
@ -113,7 +113,7 @@ $ docker service create --name dns-cache \
**Short syntax:**
```bash
```console
$ docker service create --name dns-cache \
-p 53:53 \
dns-cache
@ -123,7 +123,7 @@ $ docker service create --name dns-cache \
**Long syntax:**
```bash
```console
$ docker service create --name dns-cache \
--publish published=53,target=53 \
--publish published=53,target=53,protocol=udp \
@ -132,7 +132,7 @@ $ docker service create --name dns-cache \
**Short syntax:**
```bash
```console
$ docker service create --name dns-cache \
-p 53:53 \
-p 53:53/udp \
@ -143,7 +143,7 @@ $ docker service create --name dns-cache \
**Long syntax:**
```bash
```console
$ docker service create --name dns-cache \
--publish published=53,target=53,protocol=udp \
dns-cache
@ -151,7 +151,7 @@ $ docker service create --name dns-cache \
**Short syntax:**
```bash
```console
$ docker service create --name dns-cache \
-p 53:53/udp \
dns-cache
@ -180,7 +180,7 @@ set `mode` to `host`. If you omit the `mode` key or set it to `ingress`, the
routing mesh is used. The following command creates a global service using
`host` mode and bypassing the routing mesh.
```bash
```console
$ docker service create --name dns-cache \
--publish published=53,target=53,protocol=udp,mode=host \
--mode global \

8
engine/swarm/join-nodes.md
View File

@ -28,7 +28,7 @@ to [Run Docker Engine in swarm mode](swarm-mode.md#view-the-join-command-or-upda
To retrieve the join command including the join token for worker nodes, run the
following command on a manager node:
```bash
```console
$ docker swarm join-token worker
To add a worker to this swarm, run the following command:
@ -40,7 +40,7 @@ To add a worker to this swarm, run the following command:
Run the command from the output on the worker to join the swarm:
```bash
```console
$ docker swarm join \
--token SWMTKN-1-49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv-8vxv8rssmk743ojnwacrr2e7c \
192.168.99.100:2377
@ -76,7 +76,7 @@ For more detail about swarm managers and administering a swarm, see
To retrieve the join command including the join token for manager nodes, run the
following command on a manager node:
```bash
```console
$ docker swarm join-token manager
To add a manager to this swarm, run the following command:
@ -88,7 +88,7 @@ To add a manager to this swarm, run the following command:
Run the command from the output on the new manager node to join it to the swarm:
```bash
```console
$ docker swarm join \
--token SWMTKN-1-61ztec5kyafptydic6jfc1i33t37flcl4nuipzcusor96k7kby-5vy9t8u35tuqm7vh67lrz9xp6 \
192.168.99.100:2377

16
engine/swarm/manage-nodes.md
View File

@ -15,7 +15,7 @@ As part of the swarm management lifecycle, you may need to view or update a node
To view a list of nodes in the swarm run `docker node ls` from a manager node:
```bash
```console
$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
@ -58,7 +58,7 @@ You can run `docker node inspect <NODE-ID>` on a manager node to view the
details for an individual node. The output defaults to JSON format, but you can
pass the `--pretty` flag to print the results in human-readable format. For example:
```bash
```console
$ docker node inspect self --pretty
ID: ehkv3bcimagdese79dn78otj5
@ -103,7 +103,7 @@ Changing node availability lets you:
For example, to change a manager node to `Drain` availability:
```bash
```console
$ docker node update --availability drain node-1
node-1
@ -124,7 +124,7 @@ pair.
Pass the `--label-add` flag once for each node label you want to add:
```bash
```console
$ docker node update --label-add foo --label-add bar=baz node-1
node-1
@ -164,7 +164,7 @@ maintenance. Similarly, you can demote a manager node to the worker role.
To promote a node or set of nodes, run `docker node promote` from a manager
node:
```bash
```console
$ docker node promote node-3 node-2
Node node-3 promoted to a manager in the swarm.
@ -173,7 +173,7 @@ Node node-2 promoted to a manager in the swarm.
To demote a node or set of nodes, run `docker node demote` from a manager node:
```bash
```console
$ docker node demote node-3 node-2
Manager node-3 demoted in the swarm.
@ -210,7 +210,7 @@ Run the `docker swarm leave` command on a node to remove it from the swarm.
For example to leave the swarm on a worker node:
```bash
```console
$ docker swarm leave
Node left the swarm.
@ -232,7 +232,7 @@ manager node to remove the node from the node list.
For instance:
```bash
```console
$ docker node rm node-2
```

22
engine/swarm/networking.md
View File

@ -60,7 +60,7 @@ each other over the following ports:
To create an overlay network, specify the `overlay` driver when using the
`docker network create` command:
```bash
```console
$ docker network create \
--driver overlay \
my-network
@ -73,7 +73,7 @@ subnet and uses default options. You can see information about the network using
When no containers are connected to the overlay network, its configuration is
not very exciting:
```bash
```console
$ docker network inspect my-network
[
{
@ -110,7 +110,7 @@ connects to the network for the first time. The following example shows
the same network as above, but with three containers of a `redis` service
connected to it.
```bash
```console
$ docker network inspect my-network
[
{
@ -184,7 +184,7 @@ the first service is connected to the network. You can configure these when
creating a network using the `--subnet` and `--gateway` flags. The following
example extends the previous one by configuring the subnet and gateway.
```bash
```console
$ docker network create \
--driver overlay \
--subnet 10.0.9.0/24 \
@ -198,7 +198,7 @@ To customize subnet allocation for your Swarm networks, you can [optionally conf
For example, the following command is used when initializing Swarm:
```bash
```console
$ docker swarm init --default-addr-pool 10.20.0.0/16 --default-addr-pool-mask-length 26`
```
@ -237,7 +237,7 @@ option before using it in production.
To attach a service to an existing overlay network, pass the `--network` flag to
`docker service create`, or the `--network-add` flag to `docker service update`.
```bash
```console
$ docker service create \
--replicas 3 \
--name my-web \
@ -310,7 +310,7 @@ services which publish ports, such as a WordPress service which publishes port
2. Remove the existing `ingress` network:
```bash
```console
$ docker network rm ingress
WARNING! Before removing the routing-mesh network, make sure all the nodes
@ -324,7 +324,7 @@ services which publish ports, such as a WordPress service which publishes port
custom options you want to set. This example sets the MTU to 1200, sets
the subnet to `10.11.0.0/16`, and sets the gateway to `10.11.0.2`.
```bash
```console
$ docker network create \
--driver overlay \
--ingress \
@ -365,7 +365,7 @@ order to delete an existing bridge. The package name is `bridge-utils`.
This example uses the subnet `10.11.0.0/16`. For a full list of customizable
options, see [Bridge driver options](../reference/commandline/network_create.md#bridge-driver-options).
```bash
```console
$ docker network create \
--subnet 10.11.0.0/16 \
--opt com.docker.network.bridge.name=docker_gwbridge \
@ -396,14 +396,14 @@ that your Docker host has two different network interfaces: 10.0.0.1 should be
used for control and management traffic and 192.168.0.1 should be used for
traffic relating to services.
```bash
```console
$ docker swarm init --advertise-addr 10.0.0.1 --data-path-addr 192.168.0.1
```
This example joins the swarm managed by host `192.168.99.100:2377` and sets the
`--advertise-addr` flag to `eth0` and the `--data-path-addr` flag to `eth1`.
```bash
```console
$ docker swarm join \
--token SWMTKN-1-49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv-8vxv8rssmk743ojnwacrr2d7c \
--advertise-addr eth0 \

80
engine/swarm/secrets.md
View File

@ -149,7 +149,7 @@ real-world example, continue to
input because the last argument, which represents the file to read the
secret from, is set to `-`.
```bash
```console
$ printf "This is a secret" | docker secret create my_secret_data -
```
@ -157,14 +157,14 @@ real-world example, continue to
the container can access the secret at `/run/secrets/<secret_name>`, but
you can customize the file name on the container using the `target` option.
```bash
```console
$ docker service create --name redis --secret my_secret_data redis:alpine
```
3. Verify that the task is running without issues using `docker service ps`. If
everything is working, the output looks similar to this:
```bash
```console
$ docker service ps redis
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
@ -174,7 +174,7 @@ real-world example, continue to
If there were an error, and the task were failing and repeatedly restarting,
you would see something like this:
```bash
```console
$ docker service ps redis
NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
@ -192,7 +192,7 @@ real-world example, continue to
how to find the container ID, and the second and third commands use shell
completion to do this automatically.
```bash
```console
$ docker ps --filter name=redis -q
5cb1c2348a59
@ -220,8 +220,7 @@ real-world example, continue to
6. Try removing the secret. The removal fails because the `redis` service is
running and has access to the secret.
```bash
```console
$ docker secret ls
ID NAME CREATED UPDATED
@ -237,7 +236,7 @@ real-world example, continue to
7. Remove access to the secret from the running `redis` service by updating the
service.
```bash
```console
$ docker service update --secret-rm my_secret_data redis
```
@ -253,7 +252,7 @@ real-world example, continue to
7. Stop and remove the service, and remove the secret from Docker.
```bash
```console
$ docker service rm redis
$ docker secret rm my_secret_data
@ -336,13 +335,13 @@ generate the site key and certificate, name the files `site.key` and
1. Generate a root key.
```bash
```console
$ openssl genrsa -out "root-ca.key" 4096
```
2. Generate a CSR using the root key.
```bash
```console
$ openssl req \
-new -key "root-ca.key" \
-out "root-ca.csr" -sha256 \
@ -362,7 +361,7 @@ generate the site key and certificate, name the files `site.key` and
4. Sign the certificate.
```bash
```console
$ openssl x509 -req -days 3650 -in "root-ca.csr" \
-signkey "root-ca.key" -sha256 -out "root-ca.crt" \
-extfile "root-ca.cnf" -extensions \
@ -371,13 +370,13 @@ generate the site key and certificate, name the files `site.key` and
5. Generate the site key.
```bash
```console
$ openssl genrsa -out "site.key" 4096
```
6. Generate the site certificate and sign it with the site key.
```bash
```console
$ openssl req -new -key "site.key" -out "site.csr" -sha256 \
-subj '/C=US/ST=CA/L=San Francisco/O=Docker/CN=localhost'
```
@ -399,7 +398,7 @@ generate the site key and certificate, name the files `site.key` and
8. Sign the site certificate.
```bash
```console
$ openssl x509 -req -days 750 -in "site.csr" -sha256 \
-CA "root-ca.crt" -CAkey "root-ca.key" -CAcreateserial \
-out "site.crt" -extfile "site.cnf" -extensions server
@ -440,7 +439,7 @@ generate the site key and certificate, name the files `site.key` and
secret from on the host machine's filesystem. In these examples, the secret
name and the file name are the same.
```bash
```console
$ docker secret create site.key site.key
$ docker secret create site.crt site.crt
@ -448,7 +447,7 @@ generate the site key and certificate, name the files `site.key` and
$ docker secret create site.conf site.conf
```
```bash
```console
$ docker secret ls
ID NAME CREATED UPDATED
@ -474,7 +473,7 @@ generate the site key and certificate, name the files `site.key` and
secret available in a different path. The example below creates a symbolic
link to the true location of the `site.conf` file so that Nginx can read it:
```bash
```console
$ docker service create \
--name nginx \
--secret site.key \
@ -490,7 +489,7 @@ generate the site key and certificate, name the files `site.key` and
secret is made available at `/etc/nginx/conf.d/site.conf` inside the container
without the use of symbolic links:
```bash
```console
$ docker service create \
--name nginx \
--secret site.key \
@ -512,7 +511,7 @@ generate the site key and certificate, name the files `site.key` and
5. Verify that the Nginx service is running.
```bash
```console
$ docker service ls
ID NAME MODE REPLICAS IMAGE
@ -527,7 +526,7 @@ generate the site key and certificate, name the files `site.key` and
6. Verify that the service is operational: you can reach the Nginx
server, and that the correct TLS certificate is being used.
```bash
```console
$ curl --cacert root-ca.crt https://localhost:3000
<!DOCTYPE html>
@ -557,7 +556,7 @@ generate the site key and certificate, name the files `site.key` and
</html>
```
```bash
```console
$ openssl s_client -connect localhost:3000 -CAfile root-ca.crt
CONNECTED(00000003)
@ -601,7 +600,7 @@ generate the site key and certificate, name the files `site.key` and
7. To clean up after running this example, remove the `nginx` service and the
stored secrets.
```bash
```console
$ docker service rm nginx
$ docker secret rm site.crt site.key site.conf
@ -647,7 +646,7 @@ line.
The last argument is set to `-`, which indicates that the input is read from
standard input.
```bash
```console
$ openssl rand -base64 20 | docker secret create mysql_password -
l1vinzevzhj4goakjap5ya409
@ -660,13 +659,13 @@ line.
shared with the WordPress service created later. It's only needed to
bootstrap the `mysql` service.
```bash
```console
$ openssl rand -base64 20 | docker secret create mysql_root_password -
```
List the secrets managed by Docker using `docker secret ls`:
```bash
```console
$ docker secret ls
ID NAME CREATED UPDATED
@ -680,7 +679,7 @@ line.
between the MySQL and WordPress services. There is no need to expose the
MySQL service to any external host or container.
```bash
```console
$ docker network create -d overlay mysql_private
```
@ -711,7 +710,7 @@ line.
user cannot create or drop databases or change the MySQL
configuration.
```bash
```console
$ docker service create \
--name mysql \
--replicas 1 \
@ -728,7 +727,7 @@ line.
4. Verify that the `mysql` container is running using the `docker service ls` command.
```bash
```console
$ docker service ls
ID NAME MODE REPLICAS IMAGE
@ -768,7 +767,7 @@ line.
- Stores its data, such as themes and plugins, in a volume called `wpdata`
so these files persist when the service restarts.
```bash
```console
$ docker service create \
--name wordpress \
--replicas 1 \
@ -786,7 +785,7 @@ line.
6. Verify the service is running using `docker service ls` and
`docker service ps` commands.
```bash
```console
$ docker service ls
ID NAME MODE REPLICAS IMAGE
@ -794,7 +793,7 @@ line.
nzt5xzae4n62 wordpress replicated 1/1 wordpress:latest
```
```bash
```console
$ docker service ps wordpress
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
@ -836,7 +835,7 @@ use it, then remove the old secret.
1. Create the new password and store it as a secret named `mysql_password_v2`.
```bash
```console
$ openssl rand -base64 20 | docker secret create mysql_password_v2 -
```
@ -844,7 +843,7 @@ use it, then remove the old secret.
Remember that you cannot update or rename a secret, but you can revoke a
secret and grant access to it using a new target filename.
```bash
```console
$ docker service update \
--secret-rm mysql_password mysql
@ -874,7 +873,7 @@ use it, then remove the old secret.
First, find the ID of the `mysql` container task.
```bash
```console
$ docker ps --filter name=mysql -q
c7705cf6176f
@ -883,14 +882,14 @@ use it, then remove the old secret.
Substitute the ID in the command below, or use the second variant which
uses shell expansion to do it all in a single step.
```bash
```console
$ docker container exec <CONTAINER_ID> \
bash -c 'mysqladmin --user=wordpress --password="$(< /run/secrets/old_mysql_password)" password "$(< /run/secrets/mysql_password)"'
```
**or**:
```bash
```console
$ docker container exec $(docker ps --filter name=mysql -q) \
bash -c 'mysqladmin --user=wordpress --password="$(< /run/secrets/old_mysql_password)" password "$(< /run/secrets/mysql_password)"'
```
@ -900,7 +899,7 @@ use it, then remove the old secret.
`0400`. This triggers a rolling restart of the WordPress service and
the new secret is used.
```bash
```console
$ docker service update \
--secret-rm mysql_password \
--secret-add source=mysql_password_v2,target=wp_db_password,mode=0400 \
@ -917,8 +916,7 @@ use it, then remove the old secret.
6. Revoke access to the old secret from the MySQL service and
remove the old secret from Docker.
```bash
```console
$ docker service update \
--secret-rm mysql_password \
mysql
@ -932,7 +930,7 @@ use it, then remove the old secret.
WordPress service, the MySQL container, the `mydata` and `wpdata` volumes,
and the Docker secrets.
```bash
```console
$ docker service rm wordpress mysql
$ docker volume rm mydata wpdata

84
engine/swarm/services.md
View File

@ -29,14 +29,14 @@ to supply the image name. This command starts an Nginx service with a
randomly-generated name and no published ports. This is a naive example, since
you can't interact with the Nginx service.
```bash
```console
$ docker service create nginx
```
The service is scheduled on an available node. To confirm that the service
was created and started successfully, use the `docker service ls` command:
```bash
```console
$ docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
@ -51,7 +51,7 @@ information.
To provide a name for your service, use the `--name` flag:
```bash
```console
$ docker service create --name my_web nginx
```
@ -60,14 +60,14 @@ service's containers should run, by adding it after the image name. This example
starts a service called `helloworld` which uses an `alpine` image and runs the
command `ping docker.com`:
```bash
```console
$ docker service create --name helloworld alpine ping docker.com
```
You can also specify an image tag for the service to use. This example modifies
the previous one to use the `alpine:3.6` tag:
```bash
```console
$ docker service create --name helloworld alpine:3.6 ping docker.com
```
@ -83,14 +83,14 @@ The following example assumes a gMSA and its credential spec (called credspec.js
To use a Config as a credential spec, first create the Docker Config containing the credential spec:
```bash
docker config create credspec credspec.json
```console
$ docker config create credspec credspec.json
```
Now, you should have a Docker Config named credspec, and you can create a service using this credential spec. To do so, use the --credential-spec flag with the config name, like this:
```bash
docker service create --credential-spec="config://credspec" <your image>
```console
$ docker service create --credential-spec="config://credspec" <your image>
```
Your service will use the gMSA credential spec when it starts, but unlike a typical Docker Config (used by passing the --config flag), the credential spec will not be mounted into the container.
@ -102,7 +102,7 @@ If your image is available on a private registry which requires login, use the
your image is stored on `registry.example.com`, which is a private registry, use
a command like the following:
```bash
```console
$ docker login registry.example.com
$ docker service create \
@ -167,13 +167,13 @@ was previously published.
Assuming that the `my_web` service from the previous section still exists, use
the following command to update it to publish port 80.
```bash
```console
$ docker service update --publish-add 80 my_web
```
To verify that it worked, use `docker service ls`:
```bash
```console
$ docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
@ -193,7 +193,7 @@ To remove a service, use the `docker service remove` command. You can remove a
service by its ID or name, as shown in the output of the `docker service ls`
command. The following command removes the `my_web` service.
```bash
```console
$ docker service remove my_web
```
@ -222,7 +222,7 @@ The following service's containers have an environment variable `$MYVAR`
set to `myvalue`, run from the `/tmp/` directory, and run as the
`my_user` user.
```bash
```console
$ docker service create --name helloworld \
--env MYVAR=myvalue \
--workdir /tmp \
@ -237,7 +237,7 @@ The following example updates an existing service called `helloworld` so that
it runs the command `ping docker.com` instead of whatever command it was running
before:
```bash
```console
$ docker service update --args "ping docker.com" helloworld
```
@ -255,7 +255,7 @@ An image version can be expressed in several different ways:
When the request to create a container task is received on a worker node, the
worker node only sees the digest, not the tag.
```bash
```console
$ docker service create --name="myservice" ubuntu:16.04
```
@ -274,7 +274,7 @@ An image version can be expressed in several different ways:
Thus, the following two commands are equivalent:
```bash
```console
$ docker service create --name="myservice" ubuntu
$ docker service create --name="myservice" ubuntu:latest
@ -283,7 +283,7 @@ An image version can be expressed in several different ways:
- If you specify a digest directly, that exact version of the image is always
used when creating service tasks.
```bash
```console
$ docker service create \
--name="myservice" \
ubuntu:16.04@sha256:35bc48a1ca97c3971611dc4662d08d131869daa692acb281c7e9e052924e38b1
@ -318,7 +318,7 @@ To see an image's current digest, issue the command
following is the current digest for `ubuntu:latest` at the time this content
was written. The output is truncated for clarity.
```bash
```console
$ docker inspect ubuntu:latest
```
@ -426,7 +426,7 @@ more details about swarm service networking, see
Imagine that you have a 10-node swarm, and you deploy an Nginx service running
three tasks on a 10-node swarm:
```bash
```console
$ docker service create --name my_web \
--replicas 3 \
--publish published=8080,target=80 \
@ -442,7 +442,7 @@ host, substitute the host's IP address or resolvable host name.
The HTML output is truncated:
```bash
```console
$ curl localhost:8080
<!DOCTYPE html>
@ -483,7 +483,7 @@ web page for (effectively) **a random swarm node** running the service.
The following example runs nginx as a service on each node in your swarm and
exposes nginx port locally on each swarm node.
```bash
```console
$ docker service create \
--mode global \
--publish mode=host,target=80,published=8080 \
@ -506,7 +506,7 @@ You can use overlay networks to connect one or more services within the swarm.
First, create overlay network on a manager node using the `docker network create`
command with the `--driver overlay` flag.
```bash
```console
$ docker network create --driver overlay my-network
```
@ -516,7 +516,7 @@ to the network.
You can create a new service and pass the `--network` flag to attach the service
to the overlay network:
```bash
```console
$ docker service create \
--replicas 3 \
--network my-network \
@ -529,13 +529,13 @@ The swarm extends `my-network` to each node running the service.
You can also connect an existing service to an overlay network using the
`--network-add` flag.
```bash
```console
$ docker service update --network-add my-network my-web
```
To disconnect a running service from a network, use the `--network-rm` flag.
```bash
```console
$ docker service update --network-rm my-network my-web
```
@ -627,7 +627,7 @@ mode, the service defaults to `replicated`. For replicated services, you specify
the number of replica tasks you want to start using the `--replicas` flag. For
example, to start a replicated nginx service with 3 replica tasks:
```bash
```console
$ docker service create \
--name my_web \
--replicas 3 \
@ -639,7 +639,7 @@ To start a global service on each available node, pass `--mode global` to
places a task for the global service on the new node. For example to start a
service that runs alpine on every node in the swarm:
```bash
```console
$ docker service create \
--name myservice \
--mode global \
@ -684,7 +684,7 @@ services run on the same node, or each node only runs one replica, or that some
nodes don't run any replicas. For global services, the service runs on every
node that meets the placement constraint and any [resource requirements](#reserve-memory-or-cpus-for-a-service).
```bash
```console
$ docker service create \
--name my-nginx \
--replicas 5 \
@ -699,7 +699,7 @@ If you specify multiple placement constraints, the service only deploys onto
nodes where they are all met. The following example limits the service to run on
all nodes where `region` is set to `east` and `type` is not set to `devel`:
```bash
```console
$ docker service create \
--name my-nginx \
--mode global \
@ -735,7 +735,7 @@ based on the value of the `datacenter` label. If some nodes have
`datacenter=us-east` and others have `datacenter=us-west`, the service is
deployed as evenly as possible across the two sets of nodes.
```bash
```console
$ docker service create \
--replicas 9 \
--name redis_2 \
@ -758,7 +758,7 @@ order they are encountered. The following example sets up a service with
multiple placement preferences. Tasks are spread first over the various
datacenters, and then over racks (as indicated by the respective labels):
```bash
```console
$ docker service create \
--replicas 9 \
--name redis_2 \
@ -807,7 +807,7 @@ In the example service below, the scheduler applies updates to a maximum of 2
replicas at a time. When an updated task returns either `RUNNING` or `FAILED`,
the scheduler waits 10 seconds before stopping the next task to update:
```bash
```console
$ docker service create \
--replicas 10 \
--name my_web \
@ -840,7 +840,7 @@ to the configuration that was in place before the most recent
Other options can be combined with `--rollback`; for example,
`--update-delay 0s` to execute the rollback without a delay between tasks:
```bash
```console
$ docker service update \
--rollback \
--update-delay 0s
@ -876,7 +876,7 @@ parallel. Tasks are monitored for 20 seconds after rollback to be sure they do
not exit, and a maximum failure ratio of 20% is tolerated. Default values are
used for `--rollback-delay` and `--rollback-failure-action`.
```bash
```console
$ docker service create --name=my_redis \
--replicas=5 \
--rollback-parallelism=2 \
@ -908,7 +908,7 @@ created automatically according to the volume specification on the service.
To use existing data volumes with a service use the `--mount` flag:
```bash
```console
$ docker service create \
--mount src=<VOLUME-NAME>,dst=<CONTAINER-PATH> \
--name myservice \
@ -920,7 +920,7 @@ scheduled to a particular host, then one is created. The default volume
driver is `local`. To use a different volume driver with this create-on-demand
pattern, specify the driver and its options with the `--mount` flag:
```bash
```console
$ docker service create \
--mount type=volume,src=<VOLUME-NAME>,dst=<CONTAINER-PATH>,volume-driver=<DRIVER>,volume-opt=<KEY0>=<VALUE0>,volume-opt=<KEY1>=<VALUE1>
--name myservice \
@ -942,7 +942,7 @@ The following examples show bind mount syntax:
- To mount a read-write bind:
```bash
```console
$ docker service create \
--mount type=bind,src=<HOST-PATH>,dst=<CONTAINER-PATH> \
--name myservice \
@ -951,7 +951,7 @@ The following examples show bind mount syntax:
- To mount a read-only bind:
```bash
```console
$ docker service create \
--mount type=bind,src=<HOST-PATH>,dst=<CONTAINER-PATH>,readonly \
--name myservice \
@ -1005,7 +1005,7 @@ This example sets the template of the created containers based on the
service's name and the ID of the node where the container is running:
{% raw %}
```bash
```console
$ docker service create --name hosttempl \
--hostname="{{.Node.ID}}-{{.Service.Name}}"\
busybox top
@ -1015,7 +1015,7 @@ $ docker service create --name hosttempl \
To see the result of using the template, use the `docker service ps` and
`docker inspect` commands.
```bash
```console
$ docker service ps va8ew30grofhjoychbr6iot8c
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
@ -1023,7 +1023,7 @@ wo41w8hg8qan hosttempl.1 busybox:latest@sha256:29f5d56d12684887bdfa50dcd29fc31
```
{% raw %}
```bash
```console
$ docker inspect --format="{{.Config.Hostname}}" hosttempl.1.wo41w8hg8qanxwjwsg4kxpprj
```
{% endraw %}

30
engine/swarm/stack-deploy.md
View File

@ -39,13 +39,13 @@ a throwaway registry, which you can discard afterward.
1. Start the registry as a service on your swarm:
```bash
```console
$ docker service create --name registry --publish published=5000,target=5000 registry:2
```
2. Check its status with `docker service ls`:
```bash
```console
$ docker service ls
ID NAME REPLICAS IMAGE COMMAND
@ -57,7 +57,7 @@ a throwaway registry, which you can discard afterward.
3. Check that it's working with `curl`:
```bash
```console
$ curl http://localhost:5000/v2/
{}
@ -72,7 +72,7 @@ counter whenever you visit it.
1. Create a directory for the project:
```bash
```console
$ mkdir stackdemo
$ cd stackdemo
```
@ -163,7 +163,7 @@ counter whenever you visit it.
2. Check that the app is running with `docker-compose ps`:
```bash
```console
$ docker-compose ps
Name Command State Ports
@ -174,7 +174,7 @@ counter whenever you visit it.
You can test the app with `curl`:
```bash
```console
$ curl http://localhost:8000
Hello World! I have been seen 1 times.
@ -187,7 +187,7 @@ counter whenever you visit it.
3. Bring the app down:
```bash
```console
$ docker-compose down --volumes
Stopping stackdemo_web_1 ... done
@ -203,7 +203,7 @@ counter whenever you visit it.
To distribute the web app's image across the swarm, it needs to be pushed to the
registry you set up earlier. With Compose, this is very simple:
```bash
```console
$ docker-compose push
Pushing web (127.0.0.1:5000/stackdemo:latest)...
@ -223,7 +223,7 @@ The stack is now ready to be deployed.
1. Create the stack with `docker stack deploy`:
```bash
```console
$ docker stack deploy --compose-file docker-compose.yml stackdemo
Ignoring unsupported options: build
@ -238,7 +238,7 @@ The stack is now ready to be deployed.
2. Check that it's running with `docker stack services stackdemo`:
```bash
```console
$ docker stack services stackdemo
ID NAME MODE REPLICAS IMAGE
@ -252,7 +252,7 @@ The stack is now ready to be deployed.
As before, you can test the app with `curl`:
```bash
```console
$ curl http://localhost:8000
Hello World! I have been seen 1 times.
@ -266,14 +266,14 @@ The stack is now ready to be deployed.
Thanks to Docker's built-in routing mesh, you can access any node in the
swarm on port 8000 and get routed to the app:
```bash
```console
$ curl http://address-of-other-node:8000
Hello World! I have been seen 4 times.
```
3. Bring the stack down with `docker stack rm`:
```bash
```console
$ docker stack rm stackdemo
Removing service stackdemo_web
@ -283,14 +283,14 @@ The stack is now ready to be deployed.
4. Bring the registry down with `docker service rm`:
```bash
```console
$ docker service rm registry
```
5. If you're just testing things out on a local machine and want to bring your
Docker Engine out of swarm mode, use `docker swarm leave`:
```bash
```console
$ docker swarm leave --force
Node left the swarm.

18
engine/swarm/swarm-mode.md
View File

@ -51,7 +51,7 @@ external to the swarm.
The output for `docker swarm init` provides the connection command to use when
you join new worker nodes to the swarm:
```bash
```console
$ docker swarm init
Swarm initialized: current node (dxn1zf6l61qsb1josjja83ngz) is now a manager.
@ -83,20 +83,20 @@ The subnet range comes from the `--default-addr-pool`, (such as `10.10.0.0/16`).
The format of the command is:
```bash
```console
$ docker swarm init --default-addr-pool <IP range in CIDR> [--default-addr-pool <IP range in CIDR> --default-addr-pool-mask-length <CIDR value>]
```
To create a default IP address pool with a /16 (class B) for the 10.20.0.0 network looks like this:
```bash
```console
$ docker swarm init --default-addr-pool 10.20.0.0/16
```
To create a default IP address pool with a `/16` (class B) for the `10.20.0.0` and `10.30.0.0` networks, and to
create a subnet mask of `/26` for each network looks like this:
```bash
```console
$ docker swarm init --default-addr-pool 10.20.0.0/16 --default-addr-pool 10.30.0.0/16 --default-addr-pool-mask-length 26
```
@ -120,7 +120,7 @@ single IP address. If so, Docker uses the IP address with the listening port
correct `--advertise-addr` to enable inter-manager communication and overlay
networking:
```bash
```console
$ docker swarm init --advertise-addr <MANAGER-IP>
```
@ -146,7 +146,7 @@ swarm.
To retrieve the join command including the join token for worker nodes, run:
```bash
```console
$ docker swarm join-token worker
To add a worker to this swarm, run the following command:
@ -160,7 +160,7 @@ This node joined a swarm as a worker.
To view the join command and token for manager nodes, run:
```bash
```console
$ docker swarm join-token manager
To add a worker to this swarm, run the following command:
@ -172,7 +172,7 @@ To add a worker to this swarm, run the following command:
Pass the `--quiet` flag to print only the token:
```bash
```console
$ docker swarm join-token --quiet worker
SWMTKN-1-49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv-8vxv8rssmk743ojnwacrr2e7c
@ -200,7 +200,7 @@ Run `swarm join-token --rotate` to invalidate the old token and generate a new
token. Specify whether you want to rotate the token for `worker` or `manager`
nodes:
```bash
```console
$ docker swarm join-token --rotate worker
To add a worker to this swarm, run the following command:

9
engine/swarm/swarm-tutorial/add-nodes.md
View File

@ -15,7 +15,7 @@ to add worker nodes.
[Create a swarm](create-swarm.md) tutorial step to create a worker node
joined to the existing swarm:
```bash
```console
$ docker swarm join \
--token SWMTKN-1-49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv-8vxv8rssmk743ojnwacrr2e7c \
192.168.99.100:2377
@ -26,7 +26,7 @@ to add worker nodes.
If you don't have the command available, you can run the following command
on a manager node to retrieve the join command for a worker:
```bash
```console
$ docker swarm join-token worker
To add a worker to this swarm, run the following command:
@ -43,7 +43,7 @@ to add worker nodes.
[Create a swarm](create-swarm.md) tutorial step to create a second worker
node joined to the existing swarm:
```bash
```console
$ docker swarm join \
--token SWMTKN-1-49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv-8vxv8rssmk743ojnwacrr2e7c \
192.168.99.100:2377
@ -54,7 +54,8 @@ to add worker nodes.
5. Open a terminal and ssh into the machine where the manager node runs and
run the `docker node ls` command to see the worker nodes:
```bash
```console
$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
03g1y59jwfg7cf99w4lt0f662 worker2 Ready Active
9j68exjopxe7wfl6yuxml7a7j worker1 Ready Active

10
engine/swarm/swarm-tutorial/create-swarm.md
View File

@ -13,13 +13,13 @@ machines.
node. This tutorial uses a machine named `manager1`. If you use Docker Machine,
you can connect to it via SSH using the following command:
```bash
```console
$ docker-machine ssh manager1
```
2. Run the following command to create a new swarm:
```bash
```console
$ docker swarm init --advertise-addr <MANAGER-IP>
```
@ -33,7 +33,7 @@ machines.
In the tutorial, the following command creates a swarm on the `manager1`
machine:
```bash
```console
$ docker swarm init --advertise-addr 192.168.99.100
Swarm initialized: current node (dxn1zf6l61qsb1josjja83ngz) is now a manager.
@ -56,7 +56,7 @@ machines.
2. Run `docker info` to view the current state of the swarm:
```bash
```console
$ docker info
Containers: 2
@ -74,7 +74,7 @@ machines.
3. Run the `docker node ls` command to view information about nodes:
```bash
```console
$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS

6
engine/swarm/swarm-tutorial/delete-service.md
View File

@ -14,7 +14,7 @@ you can delete the service from the swarm.
2. Run `docker service rm helloworld` to remove the `helloworld` service.
```bash
```console
$ docker service rm helloworld
helloworld
@ -24,7 +24,7 @@ you can delete the service from the swarm.
removed the service. The CLI returns a message that the service is not
found:
```bash
```console
$ docker service inspect helloworld
[]
Error: no such service: helloworld
@ -34,7 +34,7 @@ you can delete the service from the swarm.
seconds to clean up. You can use `docker ps` on the nodes to verify when the
tasks have been removed.
```bash
```console
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

4
engine/swarm/swarm-tutorial/deploy-service.md
View File

@ -14,7 +14,7 @@ is not a requirement to deploy a service.
2. Run the following command:
```bash
```console
$ docker service create --replicas 1 --name helloworld alpine ping docker.com
9uk4639qpg7npwf3fn2aasksr
@ -28,7 +28,7 @@ is not a requirement to deploy a service.
3. Run `docker service ls` to see the list of running services:
```bash
```console
$ docker service ls
ID NAME SCALE IMAGE COMMAND

18
engine/swarm/swarm-tutorial/drain-node.md
View File

@ -26,7 +26,7 @@ node and launches replica tasks on a node with `ACTIVE` availability.
2. Verify that all your nodes are actively available.
```bash
```console
$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
@ -38,7 +38,7 @@ node and launches replica tasks on a node with `ACTIVE` availability.
3. If you aren't still running the `redis` service from the
[rolling update](rolling-update.md) tutorial, start it now:
```bash
```console
$ docker service create --replicas 3 --name redis --update-delay 10s redis:3.0.6
c5uo6kdmzpon37mgj9mwglcfw
@ -47,7 +47,7 @@ node and launches replica tasks on a node with `ACTIVE` availability.
4. Run `docker service ps redis` to see how the swarm manager assigned the
tasks to different nodes:
```bash
```console
$ docker service ps redis
NAME IMAGE NODE DESIRED STATE CURRENT STATE
@ -62,15 +62,15 @@ tasks to different nodes:
5. Run `docker node update --availability drain <NODE-ID>` to drain a node that
had a task assigned to it:
```bash
docker node update --availability drain worker1
```console
$ docker node update --availability drain worker1
worker1
```
6. Inspect the node to check its availability:
```bash
```console
$ docker node inspect --pretty worker1
ID: 38ciaotwjuritcdtn9npbnkuz
@ -86,7 +86,7 @@ had a task assigned to it:
7. Run `docker service ps redis` to see how the swarm manager updated the
task assignments for the `redis` service:
```bash
```console
$ docker service ps redis
NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR
@ -103,7 +103,7 @@ task assignments for the `redis` service:
8. Run `docker node update --availability active <NODE-ID>` to return the
drained node to an active state:
```bash
```console
$ docker node update --availability active worker1
worker1
@ -111,7 +111,7 @@ drained node to an active state:
9. Inspect the node to see the updated state:
```bash
```console
$ docker node inspect --pretty worker1
ID: 38ciaotwjuritcdtn9npbnkuz

8
engine/swarm/swarm-tutorial/inspect-service.md
View File

@ -17,7 +17,7 @@ the Docker CLI to see details about the service running in the swarm.
To see the details on the `helloworld` service:
```bash
```console
[manager1]$ docker service inspect --pretty helloworld
ID: 9uk4639qpg7npwf3fn2aasksr
@ -37,7 +37,7 @@ the Docker CLI to see details about the service running in the swarm.
>**Tip**: To return the service details in json format, run the same command
without the `--pretty` flag.
```bash
```console
[manager1]$ docker service inspect helloworld
[
{
@ -89,7 +89,7 @@ the Docker CLI to see details about the service running in the swarm.
4. Run `docker service ps <SERVICE-ID>` to see which nodes are running the
service:
```bash
```console
[manager1]$ docker service ps helloworld
NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
@ -110,7 +110,7 @@ the Docker CLI to see details about the service running in the swarm.
>**Tip**: If `helloworld` is running on a node other than your manager node,
you must ssh to that node.
```bash
```console
[worker2]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

16
engine/swarm/swarm-tutorial/rolling-update.md
View File

@ -17,7 +17,7 @@ Redis 3.0.7 container image using rolling updates.
2. Deploy your Redis tag to the swarm and configure the swarm with a 10 second
update delay. Note that the following example shows an older Redis tag:
```bash
```console
$ docker service create \
--replicas 3 \
--name redis \
@ -47,7 +47,7 @@ Redis 3.0.7 container image using rolling updates.
3. Inspect the `redis` service:
```bash
```console
$ docker service inspect --pretty redis
ID: 0u6a4s31ybk7yw2wyvtikmu50
@ -68,7 +68,7 @@ Redis 3.0.7 container image using rolling updates.
4. Now you can update the container image for `redis`. The swarm manager
applies the update to nodes according to the `UpdateConfig` policy:
```bash
```console
$ docker service update --image redis:3.0.7 redis
redis
```
@ -86,7 +86,7 @@ Redis 3.0.7 container image using rolling updates.
5. Run `docker service inspect --pretty redis` to see the new image in the
desired state:
```bash
```console
$ docker service inspect --pretty redis
ID: 0u6a4s31ybk7yw2wyvtikmu50
@ -106,7 +106,7 @@ Redis 3.0.7 container image using rolling updates.
The output of `service inspect` shows if your update paused due to failure:
```bash
```console
$ docker service inspect --pretty redis
ID: 0u6a4s31ybk7yw2wyvtikmu50
@ -121,8 +121,8 @@ Redis 3.0.7 container image using rolling updates.
To restart a paused update run `docker service update <SERVICE-ID>`. For example:
```bash
docker service update redis
```console
$ docker service update redis
```
To avoid repeating certain update failures, you may need to reconfigure the
@ -130,7 +130,7 @@ Redis 3.0.7 container image using rolling updates.
6. Run `docker service ps <SERVICE-ID>` to watch the rolling update:
```bash
```console
$ docker service ps redis
NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR

8
engine/swarm/swarm-tutorial/scale-service.md
View File

@ -16,13 +16,13 @@ the service. Containers running in a service are called "tasks."
2. Run the following command to change the desired state of the
service running in the swarm:
```bash
```console
$ docker service scale <SERVICE-ID>=<NUMBER-OF-TASKS>
```
For example:
```bash
```console
$ docker service scale helloworld=5
helloworld scaled to 5
@ -30,7 +30,7 @@ the service. Containers running in a service are called "tasks."
3. Run `docker service ps <SERVICE-ID>` to see the updated task list:
```bash
```console
$ docker service ps helloworld
NAME IMAGE NODE DESIRED STATE CURRENT STATE
@ -48,7 +48,7 @@ the service. Containers running in a service are called "tasks."
4. Run `docker ps` to see the containers running on the node where you're
connected. The following example shows the tasks running on `manager1`:
```bash
```console
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

14
engine/swarm/swarm_manager_locking.md
View File

@ -29,7 +29,7 @@ rotate this key encryption key at any time.
When you initialize a new swarm, you can use the `--autolock` flag to
enable autolocking of swarm manager nodes when Docker restarts.
```bash
```console
$ docker swarm init --autolock
Swarm initialized: current node (k1q27tfyx9rncpixhk69sa61v) is now a manager.
@ -54,7 +54,7 @@ When Docker restarts, you need to [unlock the swarm](#unlock-a-swarm). A locked
swarm causes an error like the following when you try to start or restart a
service:
```bash
```console
$ sudo service docker restart
$ docker service ls
@ -66,7 +66,7 @@ Error response from daemon: Swarm is encrypted and needs to be unlocked before i
To enable autolock on an existing swarm, set the `autolock` flag to `true`.
```bash
```console
$ docker swarm update --autolock=true
Swarm updated.
@ -85,7 +85,7 @@ disk. There is a trade-off between the risk of storing the encryption key
unencrypted at rest and the convenience of restarting a swarm without
needing to unlock each manager.
```bash
```console
$ docker swarm update --autolock=false
```
@ -96,7 +96,7 @@ a manager goes down while it is still configured to lock using the old key.
To unlock a locked swarm, use `docker swarm unlock`.
```bash
```console
$ docker swarm unlock
Please enter unlock key:
@ -116,7 +116,7 @@ If the key has not been rotated since the node left the swarm, and you have a
quorum of functional manager nodes in the swarm, you can view the current unlock
key using `docker swarm unlock-key` without any arguments.
```bash
```console
$ docker swarm unlock-key
To unlock a swarm manager after it restarts, run the `docker swarm unlock`
@ -136,7 +136,7 @@ the swarm and join it back to the swarm as a new manager.
You should rotate the locked swarm's unlock key on a regular schedule.
```bash
```console
$ docker swarm unlock-key --rotate
Successfully rotated manager unlock key.