diff --git a/config/containers/runmetrics.md b/config/containers/runmetrics.md index 3b86e54671..ee2cb828dd 100644 --- a/config/containers/runmetrics.md +++ b/config/containers/runmetrics.md @@ -62,10 +62,10 @@ If `/sys/fs/cgroup/cgroup.controllers` is present on your system, you are using otherwise you are using v1. Refer to the subsection that corresponds to your cgroup version. -> **Note** -> -> As of 2020, Fedora is the only well-known Linux distributon that uses cgroup v2 by default. -> Fedora uses cgroup v2 by default since Fedora 31. +cgroup v2 is used by default on the following distributions: +- Fedora (since 31) +- Debian GNU/Linux (since 11) +- Ubuntu (since 21.10) #### cgroup v1 You can look into `/proc/cgroups` to see the different control group subsystems diff --git a/desktop/windows/install.md b/desktop/windows/install.md index 0ead1004ac..fed487e055 100644 --- a/desktop/windows/install.md +++ b/desktop/windows/install.md @@ -111,7 +111,7 @@ Looking for information on using Windows containers? 4. When the installation is successful, click **Close** to complete the installation process. -5. If your admin account is different to your user account, you must add the user to the **docker-users** group. Run **Computer Management** as an administrator and navigate to **Local Users and Groups** > **Groups** > **docker-users**. Right-click to add the user to the group. +5. If your admin account is different to your user account, you must add the user to the **docker-users** group. Run **Computer Management** as an **administrator** and navigate to **Local Users and Groups** > **Groups** > **docker-users**. Right-click to add the user to the group. Log out and log back in for the changes to take effect. ## Start Docker Desktop diff --git a/docker-hub/access-tokens.md b/docker-hub/access-tokens.md index 210706df6e..1f04593c5e 100644 --- a/docker-hub/access-tokens.md +++ b/docker-hub/access-tokens.md @@ -4,8 +4,8 @@ description: Learn how to create and manage your personal Docker Hub access toke keywords: docker hub, hub, security, PAT, personal access token --- -Docker Hub lets you create personal access tokens as alternatives to your password. -You can use tokens to access Hub images from the Docker CLI. +Docker Hub lets you create personal access tokens as alternatives to your password. You can use tokens to +access Hub images from the Docker CLI. Using personal access tokens provides some advantages over a password: @@ -13,8 +13,12 @@ Using personal access tokens provides some advantages over a password: it if you find any suspicious activity. * When using an access token, you can't perform any admin activity on the account, including changing the password. It protects your account if your computer is compromised. + +Docker provides a [Docker Hub CLI](https://github.com/docker/hub-tool#readme){: target="_blank" rel="noopener" class="_"} +tool (currently experimental) and an API that allows you to interact with Docker Hub. Browse +through the [Docker Hub API](/docker-hub/api/latest/){: target="_blank" rel="noopener" class="_"} documentation to explore the supported endpoints. ->**Important** +> **Important** > > Treat access tokens like your password and keep them secret. Store your > tokens securely (for example, in a credential manager). @@ -24,7 +28,7 @@ Access tokens are valuable for building integrations, as you can issue multiple tokens – one for each integration – and revoke them at any time. - >**Note** + > **Note** > > If you have [two-factor authentication (2FA)](2fa/index.md) enabled on > your account, you must create at least one personal access token. Otherwise, @@ -47,15 +51,21 @@ You can create as many tokens as you need. ![PAT Menu](images/hub-create-token.png){:width="700px"} +The access permissions are scopes that set restrictions in your +repositories. For example, for Read & Write permissions, an automation +pipeline can build an image and then push it to a repository. However, it +can not delete the repository. + 5. The table below lists the tokens available in each subscription: + | Feature | Personal | Pro | Team | Business | | --------------------- | ---- | ----- | ----- |----- | - | Personal Access Tokens (read, write, delete scope only)* | x | x | x | x | - | Scoped Personal Access Tokens | | x | x | x | - | Unlimited Personal Access Tokens | | | x | x | + | Personal Access Tokens (read, write, delete scope only)* |![yes](/images/green-check.svg)| ![yes](/images/green-check.svg) |![yes](/images/green-check.svg) |![yes](/images/green-check.svg)| + | Scoped Personal Access Tokens | |![yes](/images/green-check.svg)| ![yes](/images/green-check.svg)|![yes](/images/green-check.svg)| + | Unlimited Personal Access Tokens | | | ![yes](/images/green-check.svg)|![yes](/images/green-check.svg)| - >*You can create 1 access token as part of the Docker Personal tier, 5 tokens as part of Docker Pro, and Unlimited tokens as part of Docker Team and Business tier. + *You can create 1 access token as part of the Docker Personal subscription, 5 tokens as part of Docker Pro, and Unlimited tokens as part of Docker Team and Business subscriptions. For more information, see [Docker Pricing](https://www.docker.com/pricing?utm_source=docker&utm_medium=webreferral&utm_campaign=docs_driven_upgrade){: target="_blank" rel="noopener" class="_"}. 6. Copy the token that appears on the screen and save it. You will not be able @@ -95,10 +105,3 @@ You can rename, activate, deactivate, or delete a token as needed. ![Modify Token](images/hub-edit-token.png){:width="700px"} 3. After modifying the token, click the **Save** button to save your changes. - -> **Tip: Docker Hub CLI and API** -> -> Docker provides a [Docker Hub CLI](https://github.com/docker/hub-tool#readme){: target="_blank" rel="noopener" class="_"} -> tool (currently experimental) and an API that allows you to interact with Docker -> Hub. Browse through the [Docker Hub API](/docker-hub/api/latest/){: target="_blank" rel="noopener" class="_"} -> documentation to explore the supported endpoints. diff --git a/docker-hub/builds/advanced.md b/docker-hub/builds/advanced.md index edf57d4326..870db9459b 100644 --- a/docker-hub/builds/advanced.md +++ b/docker-hub/builds/advanced.md @@ -30,11 +30,12 @@ If you are using these build environment variables in a service's environment as shown below. ```none -sut: - build: . - command: run_tests.sh - environment: - - SOURCE_BRANCH +services: + sut: + build: . + command: run_tests.sh + environment: + - SOURCE_BRANCH ``` diff --git a/docker-hub/builds/automated-testing.md b/docker-hub/builds/automated-testing.md index 692ee558bf..3d6f75b0cc 100644 --- a/docker-hub/builds/automated-testing.md +++ b/docker-hub/builds/automated-testing.md @@ -25,9 +25,10 @@ contains the Dockerfile used to build the image. For example: ```none -sut: - build: . - command: run_tests.sh +services: + sut: + build: . + command: run_tests.sh ``` The example above builds the repository, and runs the `run_tests.sh` file inside @@ -37,10 +38,8 @@ You can define any number of linked services in this file. The only requirement is that `sut` is defined. Its return code determines if tests passed or not. Tests **pass** if the `sut` service returns `0`, and **fail** otherwise. -> **Note**: Only the `sut` service and all other services listed in `depends_on` -are started. For instance, if you have services that poll for changes in other -services, be sure to include the polling services in the `depends_on` list to -make sure all of your services start. +> **Note**: Only the `sut` service and all other services listed in [`depends_on`](https://docs.docker.com/compose/compose-file/compose-file-v2/#depends_on) are started. For instance, if you have services that poll for changes in other services, be sure to include the polling services in the [`depends_on`](https://docs.docker.com/compose/compose-file/compose-file-v2/#depends_on) list to make sure all of your services start. +Also make sure to include a compose file version from 2.0 upward as `depends_on` was added in [version 2.0](https://docs.docker.com/compose/compose-file/compose-versioning/#version-2) file format. You can define more than one `docker-compose.test.yml` file if needed. Any file that ends in `.test.yml` is used for testing, and the tests run sequentially. diff --git a/docker-hub/image-access-management.md b/docker-hub/image-access-management.md index 441f58d9de..55fafec003 100644 --- a/docker-hub/image-access-management.md +++ b/docker-hub/image-access-management.md @@ -99,4 +99,10 @@ To ensure that each org member uses images in a safe and secure environment, you `Documents/registry.json /Library/Application\ Support/com.docker.docker/registry.json` - Congratulations, you have just created the registry.json file. \ No newline at end of file + Congratulations, you have just created the registry.json file. + +3. To confirm that the restrictions are successful, have each org member pull an image onto their local computer after signing into Docker Desktop. If they are unable to sign in, they will receive an error message. + + For example, if you enable Image Access Management, your members can pull an Organization Image, Docker Official Image, or Verified Publisher Image onto their local machine. If you disable the restrictions, your members can pull any image, including Community Images. + + ![Image Access Management](images/image-access-management-error.png){:width="700px"} diff --git a/docker-hub/images/hub-copy-token.png b/docker-hub/images/hub-copy-token.png index fc28270a30..8d1f76e856 100644 Binary files a/docker-hub/images/hub-copy-token.png and b/docker-hub/images/hub-copy-token.png differ diff --git a/docker-hub/images/hub-create-token.png b/docker-hub/images/hub-create-token.png index 73daa0fca1..8b3390fcb6 100644 Binary files a/docker-hub/images/hub-create-token.png and b/docker-hub/images/hub-create-token.png differ diff --git a/docker-hub/images/hub-delete-edit-token.png b/docker-hub/images/hub-delete-edit-token.png index 24b5af2535..27b04e3b51 100644 Binary files a/docker-hub/images/hub-delete-edit-token.png and b/docker-hub/images/hub-delete-edit-token.png differ diff --git a/docker-hub/images/hub-edit-token.png b/docker-hub/images/hub-edit-token.png index 71fe968f06..cfa75efaa8 100644 Binary files a/docker-hub/images/hub-edit-token.png and b/docker-hub/images/hub-edit-token.png differ diff --git a/docker-hub/images/image-access-management-error.png b/docker-hub/images/image-access-management-error.png new file mode 100644 index 0000000000..fe2bfdfa68 Binary files /dev/null and b/docker-hub/images/image-access-management-error.png differ diff --git a/docker-hub/images/image-access-management.png b/docker-hub/images/image-access-management.png index 29ece40fba..742cafd148 100644 Binary files a/docker-hub/images/image-access-management.png and b/docker-hub/images/image-access-management.png differ diff --git a/engine/install/binaries.md b/engine/install/binaries.md index b145f9f6fd..9a5288e2fe 100644 --- a/engine/install/binaries.md +++ b/engine/install/binaries.md @@ -9,23 +9,43 @@ redirect_from: - /installation/binaries/ --- -> **Note**: You may have been redirected to this page because there is no longer -> a dynamically-linked Docker package for your Linux distribution. +> **Important** +> +> This page contains information on how to install Docker using binaries. These +> instructions are mostly suitable for testing purposes. We do not recommend +> installing Docker using binaries in production environments as they will not be +> updated automatically with security updates. The Linux binaries described on this +> page are statically linked, which means that vulnerabilities in build-time +> dependencies are not automatically patched by security updates of your Linux +> distribution. +> +> Updating binaries is also slightly more involved when compared to Docker packages +> installed using a package manager or through Docker Desktop, as it requires +> (manually) updating the installed version whenever there is a new release of +> Docker. +> +> Also, static binaries may not include all functionalities provided by the dynamic +> packages. +> +> On Windows and Mac, we recommend that you install [Docker Desktop](../../desktop/index.md) +> instead. For Linux, we recommend that you follow the instructions specific for +> your distribution. +{: .important} If you want to try Docker or use it in a testing environment, but you're not on a supported platform, you can try installing from static binaries. If possible, you should use packages built for your operating system, and use your operating system's package management system to manage Docker installation and upgrades. -Be aware that 32-bit static binary archives do not include the Docker daemon. Static binaries for the Docker daemon binary are only available for Linux (as -`dockerd`). -Static binaries for the Docker client are available for Linux and macOS (as `docker`). +`dockerd`) and Windows (as `dockerd.exe`). +Static binaries for the Docker client are available for Linux, Windows, and macOS (as `docker`). -This topic discusses binary installation for both Linux and macOS: +This topic discusses binary installation for Linux, Windows, and macOS: -- [Install daemon and client binaries on Linux](#install-daemon-and-client-binaries-on-linux ) -- [Install client binaries on macOS](#install-client-binaries-on-macos ) +- [Install daemon and client binaries on Linux](#install-daemon-and-client-binaries-on-linux) +- [Install client binaries on macOS](#install-client-binaries-on-macos) +- [Install server and client binaries on Windows](#install-server-and-client-binaries-on-windows) ## Install daemon and client binaries on Linux @@ -78,8 +98,7 @@ instructions for enabling and configuring AppArmor or SELinux. ### Install static binaries 1. Download the static binary archive. Go to - [https://download.docker.com/linux/static/stable/](https://download.docker.com/linux/static/stable/) - (or change `stable` to `nightly` or `test`), + [https://download.docker.com/linux/static/stable/](https://download.docker.com/linux/static/stable/), choose your hardware platform, and download the `.tgz` file relating to the version of Docker Engine you want to install. @@ -120,13 +139,23 @@ instructions for enabling and configuring AppArmor or SELinux. ## Install client binaries on macOS -The macOS binary includes the Docker client only. It does not include the -`dockerd` daemon. +> **Note** +> +> The following instructions are mostly suitable for testing purposes. The macOS +> binary includes the Docker client only. It does not include the `dockerd` daemon +> which is required to run containers. Therefore, we recommend that you install +> [Docker Desktop](../../desktop/index.md) instead. + +The binaries for Mac also do not contain: + +- A runtime environment. You must set up a functional engine either in a Virtual Machine, or on a remote Linux machine. +- Docker components such as `buildx`, `docker scan`, and `docker compose`. + +To install client binaries, perform the following steps: 1. Download the static binary archive. Go to - [https://download.docker.com/mac/static/stable/x86_64/](https://download.docker.com/mac/static/stable/x86_64/), - (or change `stable` to `nightly` or `test`), - and download the `.tgz` file relating to the version of Docker Engine you want + [https://download.docker.com/mac/static/stable/](https://download.docker.com/mac/static/stable/) and select `x86_64` (for Mac on Intel chip) or `aarch64` (for Mac on Apple silicon), + and then download the `.tgz` file relating to the version of Docker Engine you want to install. 2. Extract the archive using the `tar` utility. The `docker` binary is @@ -137,19 +166,13 @@ The macOS binary includes the Docker client only. It does not include the ``` 3. Clear the extended attributes to allow it run. - - In case executing `docker/docker` you get the error message: *'docker' is* - *damaged and cannot be opened. You should move it to the bin.* - - Apple takes care about our security. Hence, we need to remove the security - mechanism preventing us running the executable. - + ```console $ sudo xattr -rc docker ``` - + Now, when you run the following command, you can see the Docker CLI usage instructions: - + ```console $ docker/docker ``` @@ -173,6 +196,48 @@ The macOS binary includes the Docker client only. It does not include the This command downloads a test image and runs it in a container. When the container runs, it prints a message and exits. +## Install server and client binaries on Windows + +> **Note** +> +> The following section describes how to install the Docker daemon on Windows +> Server which allows you to run Windows containers only. The binaries for +> Windows do not contain Docker components such as `buildx`, `docker scan`, and +> `docker compose`. If you are running Windows 10 or 11, we recommend that you +> install [Docker Desktop](../../desktop/index.md) instead. + +Binary packages on Windows include both `dockerd.exe` and `docker.exe`. On Windows, +these binaries only provide the ability to run native Windows containers (not +Linux containers). + +To install server and client binaries, perform the following steps: + +1. Download the static binary archive. Go to + [https://download.docker.com/win/static/stable/x86_64](https://download.docker.com/win/static/stable/x86_64) and select the latest version from the list. + +2. Run the following PowerShell commands to install and extract the archive to your program files: + + ```powershell + PS C:\> Expand-Archive /path/to/.zip -DestinationPath $Env:ProgramFiles + ``` + +3. Register the service and start the Docker Engine: + + ```powershell + PS C:\> $Env:ProgramFiles\Docker\dockerd --register-service + PS C:\> Start-Service docker + ``` + +4. Verify that Docker is installed correctly by running the `hello-world` + image. + + ```powershell + PS C:\> $Env:ProgramFiles\Docker\docker run hello-world:nanoserver + ``` + + This command downloads a test image and runs it in a container. When the + container runs, it prints a message and exits. + ## Upgrade static binaries To upgrade your manual installation of Docker Engine, first stop any