docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add warning class and a linebreake to the warning blogquote (#2937) 

* Update fedora.md

add warning class to blogquote

* Update linux-postinstall.md

add warning class to blogquote

* Update ubuntu.md

add warning class to blogquote

* Update https.md

add warning class to blogquote

* Update swarm_manager_locking.md

add warning class to blogquote

* Update dockerlinks.md

add warning class to blogquote

* Update deploying.md

add warning class to blogquote

* Update deploying.md

add warning class to blogquote

* Update insecure.md

add warning class to blogquote

* Update discovery.md

add warning class to blogquote

* Update dockerd.yaml

add warning class to blogquote

* Update docker_secret_rm.yaml

add warning class to blogquote

* Update docker_service_rm.yaml

add warning class to blogquote

* Update docker_secret_rm.yaml

add warning class to blogquote

* Update scale-your-cluster.md

add warning class to blogquote

* Update resource_constraints.md

add warning class to blogquote

* Update binaries.md

add warning class to blogquote

* Update content_trust.md

add warning class to blogquote

* Update secrets.md

add warning class to blogquote

* Update index.md

add warning class to blogquote

* Update install-sandbox-2.md

add warning class to blogquote

* Update docker-toolbox.md

add warning class to blogquote

* Update index.md

add warning class to blogquote

* Update centos.md

add warning class to blogquote

* Update debian.md

add warning class to blogquote

* Update faqs.md

add linebreak after Looking for popular FAQs on Docker for Windows?

* Update install.md

add linebreake after **Already have Docker for Windows?**

* Revert "Update dockerd.yaml"

This reverts commit 3a98eb86f700ade8941483546c33f69a9dab8ac3.

* Revert "Update docker_secret_rm.yaml"

This reverts commit 5dc1e75f37033932486c11287052b7d64bf83e55.

* Revert "Update docker_service_rm.yaml"

This reverts commit a983380a5625b471f1a03f8ed2301ead72f98f1b.

* Revert "Update docker_secret_rm.yaml"

This reverts commit 4c454b883c300e26fbb056b954bb49ec2933b172.
This commit is contained in:
Lenny Linux 2017-04-25 13:33:27 -05:00 committed by Joao Fernandes
parent 530ea2777e
commit 9a1f99cd11
22 changed files with 71 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
compose/compose-file/index.md
View File

@ -957,11 +957,13 @@ container access to the secret and mounts it at `/run/secrets/<secret_name>`
within the container. The source name and destination mountpoint are both set
to the secret name.
> **Warning**: Due to a bug in Docker 1.13.1, using the short syntax currently
> **Warning**:
> Due to a bug in Docker 1.13.1, using the short syntax currently
> mounts the secret with permissions `000`, which means secrets defined using
> the short syntax are unreadable within the container if the command does not
> run as the `root` user. The workaround is to use the long syntax instead if
> you use Docker 1.13.1 and the secret must be read by a non-`root` user.
{:.warning}
The following example uses the short syntax to grant the `redis` service
access to the `my_secret` and `my_other_secret` secrets. The value of

4
datacenter/ucp/1.1/install-sandbox-2.md
View File

@ -36,8 +36,10 @@ between UCP and DTR, and
between DTR and your Docker Engine/docker-trusted-registry/repos-and-images/,
but for our sandbox deployment we can skip this.
> **Warning**: These steps produce an insecure DTR connection. Do not use these
> **Warning**:
> These steps produce an insecure DTR connection. Do not use these
configuration steps for a production deployment.
{:.warning}
To allow the Docker Engine to connect to DTR despite it having a self-signed
certificate, we'll specify that there is one insecure registry that we'll allow

4
datacenter/ucp/2.1/guides/admin/configure/scale-your-cluster.md
View File

@ -77,8 +77,10 @@ in UCP.
SSH and run `docker swarm leave --force` directly against the local docker
engine.
>**Warning**: Do not perform this step if the node is still a manager, as
>**Warning**:
>Do not perform this step if the node is still a manager, as
>that may cause loss of quorum.
{:.warning}
3. Now that the status of the node is reported as `Down`, you may remove the
node:

5
docker-for-mac/docker-toolbox.md
View File

@ -71,8 +71,9 @@ If you need several VMs and want to manage the version of the Docker client or s
>**Note**: If you have a shell script as part of your profile that sets these `DOCKER` environment variables automatically each time you open a command window, then you will need to unset these each time you want to use Docker for Mac.
> **Warning**: If you install Docker for Mac on a machine where Docker Toolbox is installed, it will replace the `docker` and `docker-compose` command lines in `/usr/local/bin` with symlinks to its own versions.
> **Warning**:
> If you install Docker for Mac on a machine where Docker Toolbox is installed, it will replace the `docker` and `docker-compose` command lines in `/usr/local/bin` with symlinks to its own versions.
{:.warning}
## Docker Toolbox and Docker for Mac coexistence

3
docker-for-windows/faqs.md
View File

@ -4,7 +4,8 @@ keywords: windows faqs
title: Frequently asked questions (FAQ)
---
>**Looking for popular FAQs on Docker for Windows?** Check out the [Docker
>**Looking for popular FAQs on Docker for Windows?**
>Check out the [Docker
Knowledge Hub](http://success.docker.com/) for knowledge base articles, FAQs,
technical support for various subscription levels, and more.

3
docker-for-windows/install.md
View File

@ -10,7 +10,8 @@ install package includes everything you need to run Docker on a Windows system.
This topic describes pre-install considerations, and how to download and install
Docker for Windows.<br><br>
> **Already have Docker for Windows?** If you already have Docker for
> **Already have Docker for Windows?**
> If you already have Docker for
Windows installed, and are ready to get started, skip to
[Get started with Docker for Windows](index.md) for a quick tour of
the command line, settings, and tools.

5
docker-id/index.md
View File

@ -47,7 +47,10 @@ For Docker Cloud, Hub, and Store, log in using the web interface.
You can also log in using the `docker login` command. (You can read more about `docker login` [here](/engine/reference/commandline/login.md).)
> **Warning**: When you use the `docker login` command, your credentials are
> **Warning**:
> When you use the `docker login` command, your credentials are
stored in your home directory in `.docker/config.json`. The password is base64
encoded in this file. If you require secure storage for this password, use the
[Docker credential helpers](https://github.com/moby/moby-credential-helpers).
{:.warning}
>>>>>>> Update index.md

4
engine/admin/resource_constraints.md
View File

@ -131,10 +131,12 @@ realtime scheduler, for tasks which cannot use the CFS scheduler. You need to
before you can [configure the Docker daemon](#configure-the-docker-daemon) or
[configure individual containers](#configure-individual-containers).
>**Warning**: CPU scheduling and prioritization are advanced kernel-level
>**Warning**:
>CPU scheduling and prioritization are advanced kernel-level
features. Most users do not need to change these values from their defaults.
Setting these values incorrectly can cause your host system to become unstable
or unusable.
{:.warning}
#### Configure the host machine's kernel

1
engine/installation/binaries.md
View File

@ -55,6 +55,7 @@ instructions for enabling and configuring AppArmor or SELinux.
> If either of the security mechanisms is enabled, do not disable it as a
> work-around to make Docker or its containers run. Instead, configure it
> correctly to fix any problems.
{:.warning}
##### Docker daemon considerations

4
engine/installation/linux/centos.md
View File

@ -168,10 +168,12 @@ Repository set-up instructions are different for [Docker CE](#docker-ce) and
| Docker CE | `sudo yum install docker-ce` |
| Docker EE | `sudo yum install docker-ee` |
> **Warning**: If you have multiple Docker repositories enabled, installing
> **Warning**:
> If you have multiple Docker repositories enabled, installing
> or updating without specifying a version in the `yum install` or
> `yum update` command will always install the highest possible version,
> which may not be appropriate for your stability needs.
{:.warning}
3. On production systems, you should install a specific version of Docker
instead of always using the latest. List the available versions. This

4
engine/installation/linux/debian.md
View File

@ -204,10 +204,12 @@ from the repository.
$ sudo apt-get install docker-ce
```
> **Warning**: If you have multiple Docker repositories enabled, installing
> **Warning**:
> If you have multiple Docker repositories enabled, installing
> or updating without specifying a version in the `apt-get install` or
> `apt-get update` command will always install the highest possible version,
> which may not be appropriate for your stability needs.
{:.warning}
3. On production systems, you should install a specific version of Docker
instead of always using the latest. This output is truncated. List the

4
engine/installation/linux/fedora.md
View File

@ -124,10 +124,12 @@ the repository.
$ sudo dnf install docker-ce
```
> **Warning**: If you have multiple Docker repositories enabled, installing
> **Warning**:
> If you have multiple Docker repositories enabled, installing
> or updating without specifying a version in the `dnf install` or
> `dnf update` command will always install the highest possible version,
> which may not be appropriate for your stability needs.
{:.warning}
3. On production systems, you should install a specific version of Docker
instead of always using the latest. List the available versions. This

4
engine/installation/linux/linux-postinstall.md
View File

@ -18,9 +18,11 @@ If you don't want to use `sudo` when you use the `docker` command, create a Unix
group called `docker` and add users to it. When the `docker` daemon starts, it
makes the ownership of the Unix socket read/writable by the `docker` group.
> **Warning**: The `docker` group grants privileges equivalent to the `root`
> **Warning**:
> The `docker` group grants privileges equivalent to the `root`
> user. For details on how this impacts security in your system, see
> [*Docker Daemon Attack Surface*](/engine/security/security.md#docker-daemon-attack-surface).
{:.warning}
To create the `docker` group and add your user:

4
engine/installation/linux/ubuntu.md
View File

@ -243,10 +243,12 @@ Docker EE.
</div>
> **Warning**: If you have multiple Docker repositories enabled, installing
> **Warning**:
> If you have multiple Docker repositories enabled, installing
> or updating without specifying a version in the `apt-get install` or
> `apt-get update` command will always install the highest possible version,
> which may not be appropriate for your stability needs.
{:.warning}
3. On production systems, you should install a specific version of Docker
instead of always using the latest. This output is truncated. List the

3
engine/security/https.md
View File

@ -21,11 +21,13 @@ it will only connect to servers with a certificate signed by that CA.
> **Warning**:
> Using TLS and managing a CA is an advanced topic. Please familiarize yourself
> with OpenSSL, x509 and TLS before using it in production.
{:.warning}
> **Warning**:
> These TLS commands will only generate a working set of certificates on Linux.
> macOS comes with a version of OpenSSL that is incompatible with the
> certificates that Docker requires.
{:.warning}
## Create a CA, server and client keys with OpenSSL
@ -160,6 +162,7 @@ need to provide your client keys, certificates and trusted CA:
> That means anyone with the keys can give any instructions to your Docker
> daemon, giving them root access to the machine hosting the daemon. Guard
> these keys as you would a root password!
{:.warning}
## Secure by default

4
engine/security/trust/content_trust.md
View File

@ -109,11 +109,13 @@ The following image depicts the various signing keys and their relationships:
![Content trust components](images/trust_components.png)
>**WARNING**: Loss of the root key is **very difficult** to recover from.
>**WARNING**:
> Loss of the root key is **very difficult** to recover from.
>Correcting this loss requires intervention from [Docker
>Support](https://support.docker.com) to reset the repository state. This loss
>also requires **manual intervention** from every consumer that used a signed
>tag from this repository prior to the loss.
{:.warning}
You should backup the root key somewhere safe. Given that it is only required
to create new repositories, it is a good idea to store it offline in hardware.

4
engine/swarm/secrets.md
View File

@ -45,11 +45,13 @@ encrypted. The entire Raft log is replicated across the other managers, ensuring
the same high availability guarantees for secrets as for the rest of the swarm
management data.
>**Warning**: Raft data is encrypted in Docker 1.13 and higher. If any of your
>**Warning**:
>Raft data is encrypted in Docker 1.13 and higher. If any of your
Swarm managers run an earlier version, and one of those managers becomes the
manager of the swarm, the secrets will be stored unencrypted in that node's Raft
logs. Before adding any secrets, update all of your manager nodes to Docker 1.13
to prevent secrets from being written to plain-text Raft logs.
{:.warning}
When you grant a newly-created or running service access to a secret, the
decrypted secret is mounted into the container in an in-memory filesystem at

4
engine/swarm/swarm_manager_locking.md
View File

@ -151,6 +151,8 @@ Please remember to store this key in a password manager, since without it you
will not be able to restart the manager.
```
> **Warning**: When you rotate the unlock key, keep a record of the old key
> **Warning**:
> When you rotate the unlock key, keep a record of the old key
> around for a few minutes, so that if a manager goes down before it gets the new
> key, it may still be locked with the old one.
{:.warning}

5
engine/userguide/networking/default_network/dockerlinks.md
View File

@ -18,13 +18,15 @@ behave differently between default `bridge` network and
This section briefly discusses connecting via a network port and then goes into
detail on container linking in default `bridge` network.
>**Warning**: The `--link` flag is a deprecated legacy feature of Docker. It may eventually
>**Warning**:
>The `--link` flag is a deprecated legacy feature of Docker. It may eventually
be removed. Unless you absolutely need to continue using it, we recommend that you use
user-defined networks to facilitate communication between two containers instead of using
`--link`. One feature that user-defined networks do not support that you can do
with `--link` is sharing environmental variables between containers. However,
you can use other mechanisms such as volumes to share environment variables
between containers in a more controlled way.
{:.warning}
## Connect using network port mapping
@ -231,6 +233,7 @@ target container of information related to the source container.
> from Docker within a container are made available to *any* container
> that links to it. This could have serious security implications if sensitive
> data is stored in them.
{:.warning}
Docker sets an `<alias>_NAME` environment variable for each target container
listed in the `--link` parameter. For example, if a new container called

10
registry/deploying.md
View File

@ -147,7 +147,9 @@ Except for registries running on secure local networks, registries should always
The simplest way to achieve access restriction is through basic authentication (this is very similar to other web servers' basic authentication mechanism).
> **Warning**: You **cannot** use authentication with an insecure registry. You have to [configure TLS first](deploying.md#running-a-domain-registry) for this to work.
> **Warning**:
> You **cannot** use authentication with an insecure registry. You have to [configure TLS first](deploying.md#running-a-domain-registry) for this to work.
{:.warning}
First create a password file with one entry for the user "testuser", with password "testpassword":
@ -212,7 +214,9 @@ registry:
- /path/auth:/auth
```
> **Warning**: replace `/path` by whatever directory that holds your `certs` and `auth` folder from above.
> **Warning**:
> replace `/path` by whatever directory that holds your `certs` and `auth` folder from above.
{:.warning}
You can then start your registry with a simple
@ -227,4 +231,4 @@ You will find more specific and advanced information in the following sections:
- [Advanced "recipes"](recipes/index.md)
- [Registry API](spec/api.md)
- [Storage driver model](storage-drivers/index.md)
- [Token authentication](spec/auth/token.md)
- [Token authentication](spec/auth/token.md)

8
registry/insecure.md
View File

@ -13,7 +13,9 @@ configuration.
## Deploying a plain HTTP registry
> **Warning**: it's not possible to use an insecure registry with basic authentication.
> **Warning**:
> it's not possible to use an insecure registry with basic authentication.
{:.warning}
This basically tells Docker to entirely disregard security for your registry.
While this is relatively easy to configure the daemon in this way, it is
@ -44,7 +46,9 @@ environment.
## Using self-signed certificates
> **Warning**: using this along with basic authentication requires to **also** trust the certificate into the OS cert store for some versions of docker (see below)
> **Warning**:
> using this along with basic authentication requires to **also** trust the certificate into the OS cert store for some versions of docker (see below)
{:.warning}
This is more secure than the insecure registry solution. You must configure every docker daemon that wants to access your registry

4
swarm/discovery.md
View File

@ -168,7 +168,9 @@ Or with node discovery:
## Docker Hub as a hosted discovery service
> **Warning**: The Docker Hub Hosted Discovery Service **is not recommended** for production use. It's intended to be used for testing/development. See the discovery backends for production use.
> **Warning**:
> The Docker Hub Hosted Discovery Service **is not recommended** for production use. It's intended to be used for testing/development. See the discovery backends for production use.
{:.warning}
This example uses the hosted discovery service on Docker Hub. Using
Docker Hub's hosted discovery service requires that each node in the