From 3edb03c17b2f3c6e9ff403394db3cc110680aa1d Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Tue, 17 Oct 2017 17:54:26 -0700 Subject: [PATCH] Add 17.10 CLI ref --- _data/engine-cli-edge/docker.yaml | 2 + .../docker_container_stats.yaml | 6 + _data/engine-cli-edge/docker_events.yaml | 6 +- _data/engine-cli-edge/docker_login.yaml | 89 ++++++----- _data/engine-cli-edge/docker_rmi.yaml | 2 +- .../engine-cli-edge/docker_secret_create.yaml | 9 +- .../docker_service_create.yaml | 27 ++-- .../docker_service_rollback.yaml | 2 +- .../engine-cli-edge/docker_service_scale.yaml | 2 +- .../docker_service_update.yaml | 2 +- _data/engine-cli-edge/docker_stats.yaml | 68 +++++--- _data/engine-cli-edge/docker_swarm_join.yaml | 5 +- .../engine-cli-edge/docker_system_prune.yaml | 146 +++++++++++++----- _data/engine-cli-edge/docker_trust.yaml | 17 ++ .../engine-cli-edge/docker_trust_revoke.yaml | 58 +++++++ _data/engine-cli-edge/docker_trust_sign.yaml | 50 ++++++ _data/engine-cli-edge/docker_trust_view.yaml | 66 ++++++++ _data/toc.yaml | 10 ++ edge/engine/reference/commandline/trust.md | 18 +++ .../reference/commandline/trust_revoke.md | 18 +++ .../reference/commandline/trust_sign.md | 18 +++ .../reference/commandline/trust_view.md | 18 +++ 22 files changed, 520 insertions(+), 119 deletions(-) create mode 100644 _data/engine-cli-edge/docker_trust.yaml create mode 100644 _data/engine-cli-edge/docker_trust_revoke.yaml create mode 100644 _data/engine-cli-edge/docker_trust_sign.yaml create mode 100644 _data/engine-cli-edge/docker_trust_view.yaml create mode 100644 edge/engine/reference/commandline/trust.md create mode 100644 edge/engine/reference/commandline/trust_revoke.md create mode 100644 edge/engine/reference/commandline/trust_sign.md create mode 100644 edge/engine/reference/commandline/trust_view.md diff --git a/_data/engine-cli-edge/docker.yaml b/_data/engine-cli-edge/docker.yaml index a9a9c353ae..074fe34741 100644 --- a/_data/engine-cli-edge/docker.yaml +++ b/_data/engine-cli-edge/docker.yaml @@ -49,6 +49,7 @@ cname: - docker system - docker tag - docker top +- docker trust - docker unpause - docker update - docker version @@ -104,6 +105,7 @@ clink: - docker_system.yaml - docker_tag.yaml - docker_top.yaml +- docker_trust.yaml - docker_unpause.yaml - docker_update.yaml - docker_version.yaml diff --git a/_data/engine-cli-edge/docker_container_stats.yaml b/_data/engine-cli-edge/docker_container_stats.yaml index 89b4f1f170..c7ee08219b 100644 --- a/_data/engine-cli-edge/docker_container_stats.yaml +++ b/_data/engine-cli-edge/docker_container_stats.yaml @@ -23,6 +23,12 @@ options: description: Disable streaming stats and only pull the first result deprecated: false experimental: false +- option: no-trunc + value_type: bool + default_value: "false" + description: Do not truncate output + deprecated: false + experimental: false deprecated: false experimental: false diff --git a/_data/engine-cli-edge/docker_events.yaml b/_data/engine-cli-edge/docker_events.yaml index b6dda97e95..9ecd336ac8 100644 --- a/_data/engine-cli-edge/docker_events.yaml +++ b/_data/engine-cli-edge/docker_events.yaml @@ -146,16 +146,20 @@ long: |- The currently supported filters are: + * config (`config=`) * container (`container=`) * daemon (`daemon=`) * event (`event=`) * image (`image=`) * label (`label=` or `label==`) * network (`network=`) + * node (`node=`) * plugin (`plugin=`) * scope (`scope=`) + * secret (`secret=`) + * service (`service=`) * type (`type=`) - * volume (`volume=`) + * volume (`volume=`) #### Format diff --git a/_data/engine-cli-edge/docker_login.yaml b/_data/engine-cli-edge/docker_login.yaml index 6b467bd54c..b706fcfced 100644 --- a/_data/engine-cli-edge/docker_login.yaml +++ b/_data/engine-cli-edge/docker_login.yaml @@ -14,53 +14,60 @@ long: "Login to a registry.\n\n### Login to a self-hosted registry\n\nIf you wan impact the security of your system; the `docker` group is `root` equivalent. See [Docker Daemon Attack Surface](https://docs.docker.com/security/security/#docker-daemon-attack-surface) for details.\n\nYou can log into any public or private repository for which you - have\ncredentials. When you log in, the command stores encoded credentials in\n`$HOME/.docker/config.json` - on Linux or `%USERPROFILE%/.docker/config.json` on Windows.\n\n### Credentials store\n\nThe - Docker Engine can keep user credentials in an external credentials store,\nsuch - as the native keychain of the operating system. Using an external store\nis more - secure than storing credentials in the Docker configuration file.\n\nTo use a credentials - store, you need an external helper program to interact\nwith a specific keychain - or external store. Docker requires the helper\nprogram to be in the client's host - `$PATH`.\n\nThis is the list of currently available credentials helpers and where\nyou - can download them from:\n\n- D-Bus Secret Service: https://github.com/docker/docker-credential-helpers/releases\n- + have\ncredentials. When you log in, the command stores credentials in\n`$HOME/.docker/config.json` + on Linux or `%USERPROFILE%/.docker/config.json` on\nWindows, via the procedure described + below.\n\n### Credentials store\n\nThe Docker Engine can keep user credentials in + an external credentials store,\nsuch as the native keychain of the operating system. + Using an external store\nis more secure than storing credentials in the Docker configuration + file.\n\nTo use a credentials store, you need an external helper program to interact\nwith + a specific keychain or external store. Docker requires the helper\nprogram to be + in the client's host `$PATH`.\n\nThis is the list of currently available credentials + helpers and where\nyou can download them from:\n\n- D-Bus Secret Service: https://github.com/docker/docker-credential-helpers/releases\n- Apple macOS keychain: https://github.com/docker/docker-credential-helpers/releases\n- - Microsoft Windows Credential Manager: https://github.com/docker/docker-credential-helpers/releases\n\nYou + Microsoft Windows Credential Manager: https://github.com/docker/docker-credential-helpers/releases\n- + [pass](https://www.passwordstore.org/): https://github.com/docker/docker-credential-helpers/releases\n\nYou need to specify the credentials store in `$HOME/.docker/config.json`\nto tell the docker engine to use it. The value of the config property should be\nthe suffix of the program to use (i.e. everything after `docker-credential-`).\nFor example, to use `docker-credential-osxkeychain`:\n\n```json\n{\n\t\"credsStore\": \"osxkeychain\"\n}\n```\n\nIf you are currently logged in, run `docker logout` to remove\nthe credentials from - the file and run `docker login` again.\n\n### Credential helper protocol\n\nCredential - helpers can be any program or script that follows a very simple protocol.\nThis - protocol is heavily inspired by Git, but it differs in the information shared.\n\nThe - helpers always use the first argument in the command to identify the action.\nThere - are only three possible values for that argument: `store`, `get`, and `erase`.\n\nThe - `store` command takes a JSON payload from the standard input. That payload carries\nthe - server address, to identify the credential, the user name, and either a password\nor - an identity token.\n\n```json\n{\n\t\"ServerURL\": \"https://index.docker.io/v1\",\n\t\"Username\": - \"david\",\n\t\"Secret\": \"passw0rd1\"\n}\n```\n\nIf the secret being stored is - an identity token, the Username should be set to\n``.\n\nThe `store` command - can write error messages to `STDOUT` that the docker engine\nwill show if there - was an issue.\n\nThe `get` command takes a string payload from the standard input. - That payload carries\nthe server address that the docker engine needs credentials - for. This is\nan example of that payload: `https://index.docker.io/v1`.\n\nThe `get` - command writes a JSON payload to `STDOUT`. Docker reads the user name\nand password - from this payload:\n\n```json\n{\n\t\"Username\": \"david\",\n\t\"Secret\": \"passw0rd1\"\n}\n```\n\nThe - `erase` command takes a string payload from `STDIN`. That payload carries\nthe server - address that the docker engine wants to remove credentials for. This is\nan example - of that payload: `https://index.docker.io/v1`.\n\nThe `erase` command can write - error messages to `STDOUT` that the docker engine\nwill show if there was an issue.\n\n### - Credential helpers\n\nCredential helpers are similar to the credential store above, - but act as the\ndesignated programs to handle credentials for *specific registries*. - The default\ncredential store (`credsStore` or the config file itself) will not - be used for\noperations concerning credentials of the specified registries.\n\n### - Logging out\n\nIf you are currently logged in, run `docker logout` to remove\nthe - credentials from the default store.\n\nCredential helpers are specified in a similar - way to `credsStore`, but\nallow for multiple helpers to be configured at a time. - Keys specify the\nregistry domain, and values specify the suffix of the program - to use\n(i.e. everything after `docker-credential-`).\nFor example:\n\n```json\n{\n - \ \"credHelpers\": {\n \"registry.example.com\": \"registryhelper\",\n \"awesomereg.example.org\": - \"hip-star\",\n \"unicorn.example.io\": \"vcbait\"\n }\n}\n```" + the file and run `docker login` again.\n\n### Default behavior\n\nBy default, Docker + looks for the native binary on each of the platforms, i.e.\n\"osxkeychain\" on macOS, + \"wincred\" on windows, and \"pass\" on Linux. A special\ncase is that on Linux, + Docker will fall back to the \"secretservice\" binary if\nit cannot find the \"pass\" + binary. If none of these binaries are present, it\nstores the credentials (i.e. + password) in base64 encoding in the config files\ndescribed above.\n\n### Credential + helper protocol\n\nCredential helpers can be any program or script that follows + a very simple protocol.\nThis protocol is heavily inspired by Git, but it differs + in the information shared.\n\nThe helpers always use the first argument in the command + to identify the action.\nThere are only three possible values for that argument: + `store`, `get`, and `erase`.\n\nThe `store` command takes a JSON payload from the + standard input. That payload carries\nthe server address, to identify the credential, + the user name, and either a password\nor an identity token.\n\n```json\n{\n\t\"ServerURL\": + \"https://index.docker.io/v1\",\n\t\"Username\": \"david\",\n\t\"Secret\": \"passw0rd1\"\n}\n```\n\nIf + the secret being stored is an identity token, the Username should be set to\n``.\n\nThe + `store` command can write error messages to `STDOUT` that the docker engine\nwill + show if there was an issue.\n\nThe `get` command takes a string payload from the + standard input. That payload carries\nthe server address that the docker engine + needs credentials for. This is\nan example of that payload: `https://index.docker.io/v1`.\n\nThe + `get` command writes a JSON payload to `STDOUT`. Docker reads the user name\nand + password from this payload:\n\n```json\n{\n\t\"Username\": \"david\",\n\t\"Secret\": + \"passw0rd1\"\n}\n```\n\nThe `erase` command takes a string payload from `STDIN`. + That payload carries\nthe server address that the docker engine wants to remove + credentials for. This is\nan example of that payload: `https://index.docker.io/v1`.\n\nThe + `erase` command can write error messages to `STDOUT` that the docker engine\nwill + show if there was an issue.\n\n### Credential helpers\n\nCredential helpers are + similar to the credential store above, but act as the\ndesignated programs to handle + credentials for *specific registries*. The default\ncredential store (`credsStore` + or the config file itself) will not be used for\noperations concerning credentials + of the specified registries.\n\n### Logging out\n\nIf you are currently logged in, + run `docker logout` to remove\nthe credentials from the default store.\n\nCredential + helpers are specified in a similar way to `credsStore`, but\nallow for multiple + helpers to be configured at a time. Keys specify the\nregistry domain, and values + specify the suffix of the program to use\n(i.e. everything after `docker-credential-`).\nFor + example:\n\n```json\n{\n \"credHelpers\": {\n \"registry.example.com\": \"registryhelper\",\n + \ \"awesomereg.example.org\": \"hip-star\",\n \"unicorn.example.io\": \"vcbait\"\n + \ }\n}\n```" usage: docker login [OPTIONS] [SERVER] pname: docker plink: docker.yaml diff --git a/_data/engine-cli-edge/docker_rmi.yaml b/_data/engine-cli-edge/docker_rmi.yaml index 6477634b6c..3fc2af9c4f 100644 --- a/_data/engine-cli-edge/docker_rmi.yaml +++ b/_data/engine-cli-edge/docker_rmi.yaml @@ -20,7 +20,7 @@ options: experimental: false examples: |- You can remove an image using its short or long ID, its tag, or its digest. If - an image has one or more tag referencing it, you must remove all of them before + an image has one or more tags referencing it, you must remove all of them before the image is removed. Digest references are removed automatically when an image is removed by tag. diff --git a/_data/engine-cli-edge/docker_secret_create.yaml b/_data/engine-cli-edge/docker_secret_create.yaml index f913c7f9cb..904eb723c3 100644 --- a/_data/engine-cli-edge/docker_secret_create.yaml +++ b/_data/engine-cli-edge/docker_secret_create.yaml @@ -3,10 +3,17 @@ short: Create a secret from a file or STDIN as content long: "Creates a secret using standard input or from a file for the secret content. You must run this command on a manager node. \n\nFor detailed information about using secrets, refer to [manage sensitive data with Docker secrets](https://docs.docker.com/engine/swarm/secrets/)." -usage: docker secret create [OPTIONS] SECRET file|- +usage: docker secret create [OPTIONS] SECRET [file|-] pname: docker secret plink: docker_secret.yaml options: +- option: driver + shorthand: d + value_type: string + description: Secret driver + deprecated: false + min_api_version: "1.31" + experimental: false - option: label shorthand: l value_type: list diff --git a/_data/engine-cli-edge/docker_service_create.yaml b/_data/engine-cli-edge/docker_service_create.yaml index 0843fc710b..66ac30bf9f 100644 --- a/_data/engine-cli-edge/docker_service_create.yaml +++ b/_data/engine-cli-edge/docker_service_create.yaml @@ -32,7 +32,7 @@ options: - option: detach shorthand: d value_type: bool - default_value: "true" + default_value: "false" description: | Exit immediately instead of waiting for the service to converge deprecated: false @@ -451,7 +451,7 @@ examples: |- 4cdgfyky7ozwh3htjfw0d12qv ``` - Create a service specifying the secret, target, user/group ID and mode: + Create a service specifying the secret, target, user/group ID, and mode: ```bash $ docker service create --name redis \ @@ -586,8 +586,9 @@ examples: |-

The type of mount, can be either volume, bind, or tmpfs. Defaults to volume if no type is specified.

    -
  • volume: mounts a [managed volume](volume_create.md) into the container.
    • -
  • bind: bind-mounts a directory or file from the host into the container.
    • +
  • volume: mounts a managed volume + into the container.
  • bind: + bind-mounts a directory or file from the host into the container.
  • tmpfs: mount a tmpfs in the container

@@ -690,7 +691,7 @@ examples: |- #### Options for Named Volumes - The following options can only be used for named volumes (`type=volume`); + The following options can only be used for named volumes (`type=volume`): @@ -711,7 +712,7 @@ examples: |- @@ -722,8 +723,8 @@ examples: |- By default, if you attach an empty volume to a container, and files or directories already existed at the mount-path in the container (dst), the Engine copies those files and directories into the volume, allowing - the host to access them. Set `volume-nocopy` to disables copying files - from the container's filesystem to the volume and mount the empty volume. + the host to access them. Set volume-nocopy to disable copying files + from the container's filesystem to the volume and mount the empty volume.
A value is optional: @@ -1125,6 +1126,10 @@ examples: |- + + + + @@ -1143,11 +1148,11 @@ examples: |- #### Template example In this example, we are going to set the template of the created containers based on the - service's name and the node's ID where it sits. + service's name, the node's ID and hostname where it sits. ```bash $ docker service create --name hosttempl \ - --hostname="{{.Node.ID}}-{{.Service.Name}}"\ + --hostname="{{.Node.Hostname}}-{{.Node.ID}}-{{.Service.Name}}"\ busybox top va8ew30grofhjoychbr6iot8c @@ -1157,7 +1162,7 @@ examples: |- ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS wo41w8hg8qan hosttempl.1 busybox:latest@sha256:29f5d56d12684887bdfa50dcd29fc31eea4aaf4ad3bec43daf19026a7ce69912 2e7a8a9c4da2 Running Running about a minute ago - $ docker inspect --format="{{.Config.Hostname}}" hosttempl.1.wo41w8hg8qanxwjwsg4kxpprj + $ docker inspect --format="{{.Config.Hostname}}" 2e7a8a9c4da2-wo41w8hg8qanxwjwsg4kxpprj-hosttempl x3ti0erg11rjpg64m75kej2mz-hosttempl ``` diff --git a/_data/engine-cli-edge/docker_service_rollback.yaml b/_data/engine-cli-edge/docker_service_rollback.yaml index e953bf7605..5cf3cfab93 100644 --- a/_data/engine-cli-edge/docker_service_rollback.yaml +++ b/_data/engine-cli-edge/docker_service_rollback.yaml @@ -10,7 +10,7 @@ options: - option: detach shorthand: d value_type: bool - default_value: "true" + default_value: "false" description: | Exit immediately instead of waiting for the service to converge deprecated: false diff --git a/_data/engine-cli-edge/docker_service_scale.yaml b/_data/engine-cli-edge/docker_service_scale.yaml index 03937d2892..ab8146778a 100644 --- a/_data/engine-cli-edge/docker_service_scale.yaml +++ b/_data/engine-cli-edge/docker_service_scale.yaml @@ -13,7 +13,7 @@ options: - option: detach shorthand: d value_type: bool - default_value: "true" + default_value: "false" description: | Exit immediately instead of waiting for the service to converge deprecated: false diff --git a/_data/engine-cli-edge/docker_service_update.yaml b/_data/engine-cli-edge/docker_service_update.yaml index 1ea04755b1..81a9fa1c73 100644 --- a/_data/engine-cli-edge/docker_service_update.yaml +++ b/_data/engine-cli-edge/docker_service_update.yaml @@ -60,7 +60,7 @@ options: - option: detach shorthand: d value_type: bool - default_value: "true" + default_value: "false" description: | Exit immediately instead of waiting for the service to converge deprecated: false diff --git a/_data/engine-cli-edge/docker_stats.yaml b/_data/engine-cli-edge/docker_stats.yaml index be96d16bec..e29768108f 100644 --- a/_data/engine-cli-edge/docker_stats.yaml +++ b/_data/engine-cli-edge/docker_stats.yaml @@ -26,35 +26,45 @@ options: description: Disable streaming stats and only pull the first result deprecated: false experimental: false +- option: no-trunc + value_type: bool + default_value: "false" + description: Do not truncate output + deprecated: false + experimental: false examples: |- Running `docker stats` on all running containers against a Linux daemon. ```bash $ docker stats - CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O - 1285939c1fd3 0.07% 796 KiB / 64 MiB 1.21% 788 B / 648 B 3.568 MB / 512 KB - 9c76f7834ae2 0.07% 2.746 MiB / 64 MiB 4.29% 1.266 KB / 648 B 12.4 MB / 0 B - d1ea048f04e4 0.03% 4.583 MiB / 64 MiB 6.30% 2.854 KB / 648 B 27.7 MB / 0 B + + CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS + b95a83497c91 awesome_brattain 0.28% 5.629MiB / 1.952GiB 0.28% 916B / 0B 147kB / 0B 9 + 67b2525d8ad1 foobar 0.00% 1.727MiB / 1.952GiB 0.09% 2.48kB / 0B 4.11MB / 0B 2 + e5c383697914 test-1951.1.kay7x1lh1twk9c0oig50sd5tr 0.00% 196KiB / 1.952GiB 0.01% 71.2kB / 0B 770kB / 0B 1 + 4bda148efbc0 random.1.vnc8on831idyr42slu578u3cr 0.00% 1.672MiB / 1.952GiB 0.08% 110kB / 0B 578kB / 0B 2 ``` Running `docker stats` on multiple containers by name and id against a Linux daemon. ```bash - $ docker stats fervent_panini 5acfcb1b4fd1 - CONTAINER CPU % MEM USAGE/LIMIT MEM % NET I/O - 5acfcb1b4fd1 0.00% 115.2 MiB/1.045 GiB 11.03% 1.422 kB/648 B - fervent_panini 0.02% 11.08 MiB/1.045 GiB 1.06% 648 B/648 B + $ docker stats awesome_brattain 67b2525d8ad1 + + CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS + b95a83497c91 awesome_brattain 0.28% 5.629MiB / 1.952GiB 0.28% 916B / 0B 147kB / 0B 9 + 67b2525d8ad1 foobar 0.00% 1.727MiB / 1.952GiB 0.09% 2.48kB / 0B 4.11MB / 0B 2 ``` Running `docker stats` with customized format on all (Running and Stopped) containers. ```bash - $ docker stats --all --format "table {{.ID}}\t{{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}" - CONTAINER ID NAME CPU % MEM USAGE / LIMIT - c9dfa83f0317f87637d5b7e67aa4223337d947215c5a9947e697e4f7d3e0f834 ecstatic_noether 0.00% 56KiB / 15.57GiB - 8f92d01cf3b29b4f5fca4cd33d907e05def7af5a3684711b20a2369d211ec67f stoic_goodall 0.07% 32.86MiB / 15.57GiB - 38dd23dba00f307d53d040c1d18a91361bbdcccbf592315927d56cf13d8b7343 drunk_visvesvaraya 0.00% 0B / 0B - 5a8b07ec4cc52823f3cbfdb964018623c1ba307bce2c057ccdbde5f4f6990833 big_heisenberg 0.00% 0B / 0B + $ docker stats --all --format "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}" fervent_panini 5acfcb1b4fd1 drunk_visvesvaraya big_heisenberg + + CONTAINER CPU % MEM USAGE / LIMIT + fervent_panini 0.00% 56KiB / 15.57GiB + 5acfcb1b4fd1 0.07% 32.86MiB / 15.57GiB + drunk_visvesvaraya 0.00% 0B / 0B + big_heisenberg 0.00% 0B / 0B ``` `drunk_visvesvaraya` and `big_heisenberg` are stopped containers in the above example. @@ -63,7 +73,7 @@ examples: |- ```powershell PS E:\> docker stats - CONTAINER CPU % PRIV WORKING SET NET I/O BLOCK I/O + CONTAINER ID CPU % PRIV WORKING SET NET I/O BLOCK I/O 09d3bb5b1604 6.61% 38.21 MiB 17.1 kB / 7.73 kB 10.7 MB / 3.57 MB 9db7aa4d986d 9.19% 38.26 MiB 15.2 kB / 7.65 kB 10.6 MB / 3.3 MB 3f214c61ad1d 0.00% 28.64 MiB 64 kB / 6.84 kB 4.42 MB / 6.93 MB @@ -73,15 +83,15 @@ examples: |- ```powershell PS E:\> docker ps -a - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 3f214c61ad1d nanoserver "cmd" 2 minutes ago Up 2 minutes big_minsky - 9db7aa4d986d windowsservercore "cmd" 2 minutes ago Up 2 minutes mad_wilson - 09d3bb5b1604 windowsservercore "cmd" 2 minutes ago Up 2 minutes affectionate_easley + CONTAINER ID NAME IMAGE COMMAND CREATED STATUS PORTS NAMES + 3f214c61ad1d awesome_brattain nanoserver "cmd" 2 minutes ago Up 2 minutes big_minsky + 9db7aa4d986d mad_wilson windowsservercore "cmd" 2 minutes ago Up 2 minutes mad_wilson + 09d3bb5b1604 fervent_panini windowsservercore "cmd" 2 minutes ago Up 2 minutes affectionate_easley PS E:\> docker stats 3f214c61ad1d mad_wilson - CONTAINER CPU % PRIV WORKING SET NET I/O BLOCK I/O - 3f214c61ad1d 0.00% 46.25 MiB 76.3 kB / 7.92 kB 10.3 MB / 14.7 MB - mad_wilson 9.59% 40.09 MiB 27.6 kB / 8.81 kB 17 MB / 20.1 MB + CONTAINER ID NAME CPU % PRIV WORKING SET NET I/O BLOCK I/O + 3f214c61ad1d awesome_brattain 0.00% 46.25 MiB 76.3 kB / 7.92 kB 10.3 MB / 14.7 MB + 9db7aa4d986d mad_wilson 9.59% 40.09 MiB 27.6 kB / 8.81 kB 17 MB / 20.1 MB ``` ### Formatting @@ -130,6 +140,20 @@ examples: |- 9c76f7834ae2 0.07% 2.746 MiB / 64 MiB d1ea048f04e4 0.03% 4.583 MiB / 64 MiB ``` + + The default format is as follows: + + On Linux: + + "table {{.ID}}\t{{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.MemPerc}}\t{{.NetIO}}\t{{.BlockIO}}\t{{.PIDs}}" + + On Windows: + + "table {{.ID}}\t{{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.NetIO}}\t{{.BlockIO}}" + + + > **Note**: On Docker 17.09 and older, the `{{.Container}}` column was used, in + > stead of `{{.ID}}\t{{.Name}}`. deprecated: false experimental: false diff --git a/_data/engine-cli-edge/docker_swarm_join.yaml b/_data/engine-cli-edge/docker_swarm_join.yaml index eb753b238b..cf5d91219f 100644 --- a/_data/engine-cli-edge/docker_swarm_join.yaml +++ b/_data/engine-cli-edge/docker_swarm_join.yaml @@ -94,7 +94,10 @@ examples: |- Specifying a port is optional. If the value is a bare IP address, or interface name, the default port 2377 will be used. - This flag is generally not necessary when joining an existing swarm. + This flag is generally not necessary when joining an existing swarm. If + you're joining new nodes through a load balancer, you should use this flag to + ensure the node advertises its IP address and not the IP address of the load + balancer. ### `--data-path-addr` diff --git a/_data/engine-cli-edge/docker_system_prune.yaml b/_data/engine-cli-edge/docker_system_prune.yaml index d89aa09ee8..af6df5574d 100644 --- a/_data/engine-cli-edge/docker_system_prune.yaml +++ b/_data/engine-cli-edge/docker_system_prune.yaml @@ -1,7 +1,8 @@ command: docker system prune short: Remove unused data -long: Remove all unused containers, volumes, networks and images (both dangling and - unreferenced). +long: |- + Remove all unused containers, networks, images (both dangling and unreferenced), + and optionally, volumes. usage: docker system prune [OPTIONS] pname: docker system plink: docker_system.yaml @@ -32,42 +33,111 @@ options: description: Prune volumes deprecated: false experimental: false -examples: "```bash\n$ docker system prune -a\n\nWARNING! This will remove:\n\t- all - stopped containers\n\t- all volumes not used by at least one container\n\t- all - networks not used by at least one container\n\t- all images without at least one - container associated to them\nAre you sure you want to continue? [y/N] y\nDeleted - Containers:\n0998aa37185a1a7036b0e12cf1ac1b6442dcfa30a5c9650a42ed5010046f195b\n73958bfb884fa81fa4cc6baf61055667e940ea2357b4036acbbe25a60f442a4d\n\nDeleted - Volumes:\nnamed-vol\n\nDeleted Images:\nuntagged: my-curl:latest\ndeleted: sha256:7d88582121f2a29031d92017754d62a0d1a215c97e8f0106c586546e7404447d\ndeleted: - sha256:dd14a93d83593d4024152f85d7c63f76aaa4e73e228377ba1d130ef5149f4d8b\nuntagged: - alpine:3.3\ndeleted: sha256:695f3d04125db3266d4ab7bbb3c6b23aa4293923e762aa2562c54f49a28f009f\nuntagged: - alpine:latest\ndeleted: sha256:ee4603260daafe1a8c2f3b78fd760922918ab2441cbb2853ed5c439e59c52f96\ndeleted: - sha256:9007f5987db353ec398a223bc5a135c5a9601798ba20a1abba537ea2f8ac765f\ndeleted: - sha256:71fa90c8f04769c9721459d5aa0936db640b92c8c91c9b589b54abd412d120ab\ndeleted: - sha256:bb1c3357b3c30ece26e6604aea7d2ec0ace4166ff34c3616701279c22444c0f3\nuntagged: - my-jq:latest\ndeleted: sha256:6e66d724542af9bc4c4abf4a909791d7260b6d0110d8e220708b09e4ee1322e1\ndeleted: - sha256:07b3fa89d4b17009eb3988dfc592c7d30ab3ba52d2007832dffcf6d40e3eda7f\ndeleted: - sha256:3a88a5c81eb5c283e72db2dbc6d65cbfd8e80b6c89bb6e714cfaaa0eed99c548\n\nTotal - reclaimed space: 13.5 MB\n```\n\n### Filtering\n\nThe filtering flag (`-f` or `--filter`) - format is of \"key=value\". If there is more\nthan one filter, then pass multiple - flags (e.g., `--filter \"foo=bar\" --filter \"bif=baz\"`)\n\nThe currently supported - filters are:\n\n* until (``) - only remove containers, images, and networks - created before given timestamp\n* label (`label=`, `label==`, `label!=`, - or `label!==`) - only remove containers, images, networks, and volumes - with (or without, in case `label!=...` is used) the specified labels.\n\nThe `until` - filter can be Unix timestamps, date formatted\ntimestamps, or Go duration strings - (e.g. `10m`, `1h30m`) computed\nrelative to the daemon machine’s time. Supported - formats for date\nformatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`,\n`2006-01-02T15:04:05.999999999`, - `2006-01-02Z07:00`, and `2006-01-02`. The local\ntimezone on the daemon will be - used if you do not provide either a `Z` or a\n`+-00:00` timezone offset at the end - of the timestamp. When providing Unix\ntimestamps enter seconds[.nanoseconds], - where seconds is the number of seconds\nthat have elapsed since January 1, 1970 - (midnight UTC/GMT), not counting leap\nseconds (aka Unix epoch or Unix time), and - the optional .nanoseconds field is a\nfraction of a second no more than nine digits - long.\n\nThe `label` filter accepts two formats. One is the `label=...` (`label=` - or `label==`),\nwhich removes containers, images, networks, and volumes - with the specified labels. The other\nformat is the `label!=...` (`label!=` - or `label!==`), which removes\ncontainers, images, networks, and volumes - without the specified labels." +examples: |- + ```bash + $ docker system prune + + WARNING! This will remove: + - all stopped containers + - all networks not used by at least one container + - all dangling images + - all build cache + Are you sure you want to continue? [y/N] y + + Deleted Containers: + f44f9b81948b3919590d5f79a680d8378f1139b41952e219830a33027c80c867 + 792776e68ac9d75bce4092bc1b5cc17b779bc926ab04f4185aec9bf1c0d4641f + + Deleted Networks: + network1 + network2 + + Deleted Images: + untagged: hello-world@sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f + deleted: sha256:1815c82652c03bfd8644afda26fb184f2ed891d921b20a0703b46768f9755c57 + deleted: sha256:45761469c965421a92a69cc50e92c01e0cfa94fe026cdd1233445ea00e96289a + + Total reclaimed space: 1.84kB + ``` + + By default, volumes are not removed to prevent important data from being + deleted if there is currently no container using the volume. Use the `--volumes` + flag when running the command to prune volumes as well: + + ```bash + $ docker system prune -a --volumes + + WARNING! This will remove: + - all stopped containers + - all networks not used by at least one container + - all volumes not used by at least one container + - all images without at least one container associated to them + - all build cache + Are you sure you want to continue? [y/N] y + + Deleted Containers: + 0998aa37185a1a7036b0e12cf1ac1b6442dcfa30a5c9650a42ed5010046f195b + 73958bfb884fa81fa4cc6baf61055667e940ea2357b4036acbbe25a60f442a4d + + Deleted Networks: + my-network-a + my-network-b + + Deleted Volumes: + named-vol + + Deleted Images: + untagged: my-curl:latest + deleted: sha256:7d88582121f2a29031d92017754d62a0d1a215c97e8f0106c586546e7404447d + deleted: sha256:dd14a93d83593d4024152f85d7c63f76aaa4e73e228377ba1d130ef5149f4d8b + untagged: alpine:3.3 + deleted: sha256:695f3d04125db3266d4ab7bbb3c6b23aa4293923e762aa2562c54f49a28f009f + untagged: alpine:latest + deleted: sha256:ee4603260daafe1a8c2f3b78fd760922918ab2441cbb2853ed5c439e59c52f96 + deleted: sha256:9007f5987db353ec398a223bc5a135c5a9601798ba20a1abba537ea2f8ac765f + deleted: sha256:71fa90c8f04769c9721459d5aa0936db640b92c8c91c9b589b54abd412d120ab + deleted: sha256:bb1c3357b3c30ece26e6604aea7d2ec0ace4166ff34c3616701279c22444c0f3 + untagged: my-jq:latest + deleted: sha256:6e66d724542af9bc4c4abf4a909791d7260b6d0110d8e220708b09e4ee1322e1 + deleted: sha256:07b3fa89d4b17009eb3988dfc592c7d30ab3ba52d2007832dffcf6d40e3eda7f + deleted: sha256:3a88a5c81eb5c283e72db2dbc6d65cbfd8e80b6c89bb6e714cfaaa0eed99c548 + + Total reclaimed space: 13.5 MB + ``` + + > **Note**: The `--volumes` option was added in Docker 17.06.1. Older versions + > of Docker prune volumes by default, along with other Docker objects. On older + > versions, run `docker container prune`, `docker network prune`, and + > `docker image prune` separately to remove unused containers, networks, and + > images, without removing volumes. + + + ### Filtering + + The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more + than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) + + The currently supported filters are: + + * until (``) - only remove containers, images, and networks created before given timestamp + * label (`label=`, `label==`, `label!=`, or `label!==`) - only remove containers, images, networks, and volumes with (or without, in case `label!=...` is used) the specified labels. + + The `until` filter can be Unix timestamps, date formatted + timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed + relative to the daemon machine’s time. Supported formats for date + formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, + `2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local + timezone on the daemon will be used if you do not provide either a `Z` or a + `+-00:00` timezone offset at the end of the timestamp. When providing Unix + timestamps enter seconds[.nanoseconds], where seconds is the number of seconds + that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap + seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a + fraction of a second no more than nine digits long. + + The `label` filter accepts two formats. One is the `label=...` (`label=` or `label==`), + which removes containers, images, networks, and volumes with the specified labels. The other + format is the `label!=...` (`label!=` or `label!==`), which removes + containers, images, networks, and volumes without the specified labels. deprecated: false min_api_version: "1.25" experimental: false diff --git a/_data/engine-cli-edge/docker_trust.yaml b/_data/engine-cli-edge/docker_trust.yaml new file mode 100644 index 0000000000..f08f79d8b8 --- /dev/null +++ b/_data/engine-cli-edge/docker_trust.yaml @@ -0,0 +1,17 @@ +command: docker trust +short: Manage trust on Docker images (experimental) +long: Manage trust on Docker images (experimental) +usage: docker trust +pname: docker +plink: docker.yaml +cname: +- docker trust revoke +- docker trust sign +- docker trust view +clink: +- docker_trust_revoke.yaml +- docker_trust_sign.yaml +- docker_trust_view.yaml +deprecated: false +experimental: false + diff --git a/_data/engine-cli-edge/docker_trust_revoke.yaml b/_data/engine-cli-edge/docker_trust_revoke.yaml new file mode 100644 index 0000000000..b5d8362c27 --- /dev/null +++ b/_data/engine-cli-edge/docker_trust_revoke.yaml @@ -0,0 +1,58 @@ +command: docker trust revoke +short: Remove trust for an image +long: |- + `docker trust revoke` removes signatures from tags in signed repositories. + + `docker trust revoke` is currently experimental. +usage: docker trust revoke [OPTIONS] IMAGE[:TAG] +pname: docker trust +plink: docker_trust.yaml +options: +- option: "yes" + shorthand: "y" + value_type: bool + default_value: "false" + description: Do not prompt for confirmation + deprecated: false + experimental: false +examples: "### Revoke signatures from a signed tag\n\nHere's an example of a repo + with two signed tags:\n\n\n```bash\n$ docker trust view example/trust-demo\nSIGNED + TAG DIGEST SIGNERS\nred + \ 852cc04935f930a857b630edc4ed6131e91b22073bcc216698842e44f64d2943 + \ alice\nblue f1c38dbaeeb473c36716f6494d803fbfbe9d8a76916f7c0093f227821e378197 + \ alice, bob\n\nList of signers and their keys for example/trust-demo:\n\nSIGNER + \ KEYS\nalice 05e87edcaecb\nbob 5600f5ab76a2\n\nAdministrative + keys for example/trust-demo:\nRepository Key:\tecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e\nRoot + Key:\t3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949\n```\n\nWhen + `alice`, one of the signers, runs `docker trust revoke`:\n\n```bash\n$ docker trust + revoke example/trust-demo:red\nEnter passphrase for delegation key with ID 27d42a8:\nSuccessfully + deleted signature for example/trust-demo:red\n```\n\nAfter revocation, the tag is + removed from the list of released tags:\n\n```bash\n$ docker trust view example/trust-demo\nSIGNED + TAG DIGEST SIGNERS\nblue + \ f1c38dbaeeb473c36716f6494d803fbfbe9d8a76916f7c0093f227821e378197 + \ alice, bob\n\nList of signers and their keys for example/trust-demo:\n\nSIGNER + \ KEYS\nalice 05e87edcaecb\nbob 5600f5ab76a2\n\nAdministrative + keys for example/trust-demo:\nRepository Key:\tecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e\nRoot + Key:\t3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949\n```\n\n### + Revoke signatures on all tags in a repository\n\nWhen no tag is specified, `docker + trust` revokes all signatures that you have a signing key for.\n\n```bash\n$ docker + trust view example/trust-demo\nSIGNED TAG DIGEST SIGNERS\nred + \ 852cc04935f930a857b630edc4ed6131e91b22073bcc216698842e44f64d2943 + \ alice\nblue f1c38dbaeeb473c36716f6494d803fbfbe9d8a76916f7c0093f227821e378197 + \ alice, bob\n\nList of signers and their keys for example/trust-demo:\n\nSIGNER + \ KEYS\nalice 05e87edcaecb\nbob 5600f5ab76a2\n\nAdministrative + keys for example/trust-demo:\nRepository Key:\tecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e\nRoot + Key:\t3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949\n```\n\nWhen + `alice`, one of the signers, runs `docker trust revoke`:\n\n```bash\n$ docker trust + revoke example/trust-demo\nPlease confirm you would like to delete all signature + data for example/trust-demo? [y/N] y\nEnter passphrase for delegation key with ID + 27d42a8:\nSuccessfully deleted signature for example/trust-demo\n```\n\nAll tags + that have `alice`'s signature on them are removed from the list of released tags:\n\n```bash\n$ + docker trust view example/trust-demo\n\nNo signatures for example/trust-demo\n\n\nList + of signers and their keys for example/trust-demo:\n\nSIGNER KEYS\nalice + \ 05e87edcaecb\nbob 5600f5ab76a2\n\nAdministrative + keys for example/trust-demo:\nRepository Key:\tecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e\nRoot + Key:\t3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949\n```" +deprecated: false +experimental: false + diff --git a/_data/engine-cli-edge/docker_trust_sign.yaml b/_data/engine-cli-edge/docker_trust_sign.yaml new file mode 100644 index 0000000000..177383666a --- /dev/null +++ b/_data/engine-cli-edge/docker_trust_sign.yaml @@ -0,0 +1,50 @@ +command: docker trust sign +short: Sign an image +long: |- + `docker trust sign` adds signatures to tags to create signed repositories. + + `docker trust sign` is currently experimental. +usage: docker trust sign IMAGE:TAG +pname: docker trust +plink: docker_trust.yaml +examples: "### Sign a tag as a repo admin\n\nGiven an image:\n\n```bash\n$ docker + trust view example/trust-demo\nSIGNED TAG DIGEST SIGNERS\nv1 + \ c24134c079c35e698060beabe110bb83ab285d0d978de7d92fed2c8c83570a41 + \ (Repo Admin)\n\nAdministrative keys for example/trust-demo:\nRepository Key:\t36d4c3601102fa7c5712a343c03b94469e5835fb27c191b529c06fd19c14a942\nRoot + Key:\t246d360f7c53a9021ee7d4259e3c5692f3f1f7ad4737b1ea8c7b8da741ad980b\n```\n\nSign + a new tag with `docker trust sign`:\n\n```bash\n$ docker trust sign example/trust-demo:v2\nSigning + and pushing trust metadata for example/trust-demo:v2\nThe push refers to a repository + [docker.io/example/trust-demo]\need4e566104a: Layer already exists\n77edfb6d1e3c: + Layer already exists\nc69f806905c2: Layer already exists\n582f327616f1: Layer already + exists\na3fbb648f0bd: Layer already exists\n5eac2de68a97: Layer already exists\n8d4d1ab5ff74: + Layer already exists\nv2: digest: sha256:8f6f460abf0436922df7eb06d28b3cdf733d2cac1a185456c26debbff0839c56 + size: 1787\nSigning and pushing trust metadata\nEnter passphrase for repository + key with ID 36d4c36:\nSuccessfully signed \"docker.io/example/trust-demo\":v2\n```\n\n`docker + trust view` lists the new signature:\n\n```bash\n$ docker trust view example/trust-demo\nSIGNED + TAG DIGEST SIGNERS\nv1 + \ c24134c079c35e698060beabe110bb83ab285d0d978de7d92fed2c8c83570a41 + \ (Repo Admin)\nv2 8f6f460abf0436922df7eb06d28b3cdf733d2cac1a185456c26debbff0839c56 + \ (Repo Admin)\n\nAdministrative keys for example/trust-demo:\nRepository Key:\t36d4c3601102fa7c5712a343c03b94469e5835fb27c191b529c06fd19c14a942\nRoot + Key:\t246d360f7c53a9021ee7d4259e3c5692f3f1f7ad4737b1ea8c7b8da741ad980b\n```\n\n### + Sign a tag as a signer\n\nGiven an image:\n\n```bash\n$ docker trust view example/trust-demo\n\nNo + signatures for example/trust-demo\n\n\nList of signers and their keys for example/trust-demo:\n\nSIGNER + \ KEYS\nalice 05e87edcaecb\nbob 5600f5ab76a2\n\nAdministrative + keys for example/trust-demo:\nRepository Key:\tecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e\nRoot + Key:\t3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949\n```\n\nSign + a new tag with `docker trust sign`:\n\n```bash\n$ docker trust sign example/trust-demo:v1\nSigning + and pushing trust metadata for example/trust-demo:v1\nThe push refers to a repository + [docker.io/example/trust-demo]\n26b126eb8632: Layer already exists\n220d34b5f6c9: + Layer already exists\n8a5132998025: Layer already exists\naca233ed29c3: Layer already + exists\ne5d2f035d7a4: Layer already exists\nv1: digest: sha256:74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 + size: 1357\nSigning and pushing trust metadata\nEnter passphrase for delegation + key with ID 27d42a8:\nSuccessfully signed \"docker.io/example/trust-demo\":v1\n```\n\n`docker + trust view` lists the new signature:\n\n```bash\n$ docker trust view example/trust-demo\nSIGNED + TAG DIGEST SIGNERS\nv1 + \ 74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 + \ alice\n\nList of signers and their keys for example/trust-demo:\n\nSIGNER KEYS\nalice + \ 05e87edcaecb\nbob 5600f5ab76a2\n\nAdministrative + keys for example/trust-demo:\nRepository Key:\tecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e\nRoot + Key:\t3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949\n```" +deprecated: false +experimental: false + diff --git a/_data/engine-cli-edge/docker_trust_view.yaml b/_data/engine-cli-edge/docker_trust_view.yaml new file mode 100644 index 0000000000..aa3e8b8b30 --- /dev/null +++ b/_data/engine-cli-edge/docker_trust_view.yaml @@ -0,0 +1,66 @@ +command: docker trust view +short: Display detailed information about keys and signatures +long: |- + `docker trust view` provides detailed information on signed repositories. + This includes all image tags that are signed, who signed them, and who can sign + new tags. + + By default, `docker trust view` renders results in a table. + + `docker trust view` is currently experimental. +usage: docker trust view IMAGE[:TAG] +pname: docker trust +plink: docker_trust.yaml +examples: "### Get details about signatures for a single image tag\n\n\n```bash\n$ + docker trust view alpine:latest\n\nSIGNED TAG DIGEST SIGNERS\nlatest + \ 1072e499f3f655a032e88542330cf75b02e7bdf673278f701d7ba61629ee3ebe (Repo + Admin)\n\nAdministrative keys for alpine:latest:\nRepository Key:\t5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd\nRoot + Key:\ta2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce\n```\n\nThe + `SIGNED TAG` is the signed image tag with a unique content-addressable `DIGEST`. + `SIGNERS` lists all entities who have signed.\n\nThe administrative keys listed + specify the root key of trust, as well as the administrative repository key. These + keys are responsible for modifying signers, and rotating keys for the signed repository.\n\nIf + signers are set up for the repository via other `docker trust` commands, `docker + trust view` displays them appropriately as a `SIGNER` and specify their `KEYS`:\n\n```bash\n$ + docker trust view my-image:purple\nSIGNED TAG DIGEST SIGNERS\npurple + \ 941d3dba358621ce3c41ef67b47cf80f701ff80cdf46b5cc86587eaebfe45557 alice, + bob, carol\n\nList of signers and their keys:\n\nSIGNER KEYS\nalice + \ 47caae5b3e61, a85aab9d20a4\nbob 034370bcbd77, 82a66673242c\ncarol + \ b6f9f8e1aab0\n\nAdministrative keys for my-image:\nRepository Key:\t27df2c8187e7543345c2e0bf3a1262e0bc63a72754e9a7395eac3f747ec23a44\nRoot + Key:\t40b66ccc8b176be8c7d365a17f3e046d1c3494e053dd57cfeacfe2e19c4f8e8f\n```\n\nIf + the image tag is unsigned or unavailable, `docker trust view` does not display any + signed tags.\n\n```bash\n$ docker trust view unsigned-img\nNo signatures or cannot + access unsigned-img\n```\n\nHowever, if other tags are signed in the same image + repository, `docker trust view` reports relevant key information.\n\n```bash\n$ + docker trust view alpine:unsigned\n\nNo signatures for alpine:unsigned\n\n\nAdministrative + keys for alpine:unsigned:\nRepository Key:\t5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd\nRoot + Key:\ta2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce\n```\n\n### + Get details about signatures for all image tags in a repository\n\n```bash\n$ docker + trust view alpine\nSIGNED TAG DIGEST SIGNERS\n2.6 + \ 9ace551613070689a12857d62c30ef0daa9a376107ec0fff0e34786cedb3399b + \ (Repo Admin)\n2.7 9f08005dff552038f0ad2f46b8e65ff3d25641747d3912e3ea8da6785046561a + \ (Repo Admin)\n3.1 d9477888b78e8c6392e0be8b2e73f8c67e2894ff9d4b8e467d1488fcceec21c8 + \ (Repo Admin)\n3.2 19826d59171c2eb7e90ce52bfd822993bef6a6fe3ae6bb4a49f8c1d0a01e99c7 + \ (Repo Admin)\n3.3 8fd4b76819e1e5baac82bd0a3d03abfe3906e034cc5ee32100d12aaaf3956dc7 + \ (Repo Admin)\n3.4 833ad81ace8277324f3ca8c91c02bdcf1d13988d8ecf8a3f97ecdd69d0390ce9 + \ (Repo Admin)\n3.5 af2a5bd2f8de8fc1ecabf1c76611cdc6a5f1ada1a2bdd7d3816e121b70300308 + \ (Repo Admin)\n3.6 1072e499f3f655a032e88542330cf75b02e7bdf673278f701d7ba61629ee3ebe + \ (Repo Admin)\nedge 79d50d15bd7ea48ea00cf3dd343b0e740c1afaa8e899bee475236ef338e1b53b + \ (Repo Admin)\nlatest 1072e499f3f655a032e88542330cf75b02e7bdf673278f701d7ba61629ee3ebe + \ (Repo Admin)\n\nAdministrative keys for alpine:\nRepository Key:\t5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd\nRoot + Key:\ta2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce\n```\n\nHere's + an example with signers that are set up by `docker trust` commands:\n\n```bash\n$ + docker trust view my-image\nSIGNED TAG DIGEST SIGNERS\nred + \ 852cc04935f930a857b630edc4ed6131e91b22073bcc216698842e44f64d2943 + \ alice\nblue f1c38dbaeeb473c36716f6494d803fbfbe9d8a76916f7c0093f227821e378197 + \ alice, bob\ngreen cae8fedc840f90c8057e1c24637d11865743ab1e61a972c1c9da06ec2de9a139 + \ alice, bob\nyellow 9cc65fc3126790e683d1b92f307a71f48f75fa7dd47a7b03145a123eaf0b45ba + \ carol\npurple 941d3dba358621ce3c41ef67b47cf80f701ff80cdf46b5cc86587eaebfe45557 + \ alice, bob, carol\norange d6c271baa6d271bcc24ef1cbd65abf39123c17d2e83455bdab545a1a9093fc1c + \ alice\n\nList of signers and their keys for my-image:\n\nSIGNER KEYS\nalice + \ 47caae5b3e61, a85aab9d20a4\nbob 034370bcbd77, 82a66673242c\ncarol + \ b6f9f8e1aab0\n\nAdministrative keys for my-image:\nRepository Key:\t27df2c8187e7543345c2e0bf3a1262e0bc63a72754e9a7395eac3f747ec23a44\nRoot + Key:\t40b66ccc8b176be8c7d365a17f3e046d1c3494e053dd57cfeacfe2e19c4f8e8f\n```" +deprecated: false +experimental: false + diff --git a/_data/toc.yaml b/_data/toc.yaml index b4980d6bda..e10eefc6f0 100644 --- a/_data/toc.yaml +++ b/_data/toc.yaml @@ -1314,6 +1314,16 @@ reference: title: docker tag - path: /edge/engine/reference/commandline/top/ title: docker top + - sectiontitle: docker trust * + section: + - path: /edge/engine/reference/commandline/trust/ + title: docker trust + - path: /edge/engine/reference/commandline/trust_revoke/ + title: docker trust revoke + - path: /edge/engine/reference/commandline/trust_sign/ + title: docker trust sign + - path: /edge/engine/reference/commandline/trust_view/ + title: docker trust view - path: /edge/engine/reference/commandline/unpause/ title: docker unpause - path: /edge/engine/reference/commandline/update/ diff --git a/edge/engine/reference/commandline/trust.md b/edge/engine/reference/commandline/trust.md new file mode 100644 index 0000000000..ca8f86a17c --- /dev/null +++ b/edge/engine/reference/commandline/trust.md @@ -0,0 +1,18 @@ +--- +datafolder: engine-cli-edge +datafile: docker_trust +title: docker trust +--- + + + +{% if page.datafolder contains '-edge' %} + {% include edge_only.md section="cliref" %} +{% endif %} +{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/trust_revoke.md b/edge/engine/reference/commandline/trust_revoke.md new file mode 100644 index 0000000000..8b6895241a --- /dev/null +++ b/edge/engine/reference/commandline/trust_revoke.md @@ -0,0 +1,18 @@ +--- +datafolder: engine-cli-edge +datafile: docker_trust_revoke +title: docker trust revoke +--- + + + +{% if page.datafolder contains '-edge' %} + {% include edge_only.md section="cliref" %} +{% endif %} +{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/trust_sign.md b/edge/engine/reference/commandline/trust_sign.md new file mode 100644 index 0000000000..526e63d60c --- /dev/null +++ b/edge/engine/reference/commandline/trust_sign.md @@ -0,0 +1,18 @@ +--- +datafolder: engine-cli-edge +datafile: docker_trust_sign +title: docker trust sign +--- + + + +{% if page.datafolder contains '-edge' %} + {% include edge_only.md section="cliref" %} +{% endif %} +{% include cli.md datafolder=page.datafolder datafile=page.datafile %} diff --git a/edge/engine/reference/commandline/trust_view.md b/edge/engine/reference/commandline/trust_view.md new file mode 100644 index 0000000000..d2116e9ac5 --- /dev/null +++ b/edge/engine/reference/commandline/trust_view.md @@ -0,0 +1,18 @@ +--- +datafolder: engine-cli-edge +datafile: docker_trust_view +title: docker trust view +--- + + + +{% if page.datafolder contains '-edge' %} + {% include edge_only.md section="cliref" %} +{% endif %} +{% include cli.md datafolder=page.datafolder datafile=page.datafile %}
One or more custom metadata ("labels") to apply to the volume upon creation. For example, - `volume-label=mylabel=hello-world,my-other-label=hello-mars`. For more + volume-label=mylabel=hello-world,my-other-label=hello-mars. For more information about labels, refer to apply custom metadata. .Node.ID Node ID
.Node.HostnameNode Hostname
.Task.ID Task ID