docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into consolidation-changes

This commit is contained in:
Jeffrey Morgan 2018-11-14 18:29:09 -05:00
parent 3d05605978 ba65aeabbb
commit d15739c5e7
165 changed files with 1314 additions and 720 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -307,7 +307,7 @@ In order to keep the Git repository light, _please_ compress the images
(losslessly). On Mac you may use (ImageOptim)[https://imageoptim.com] for
instance. Be sure to compress the images *before* adding them to the
repository, doing it afterwards actually worsens the impact on the Git repo (but
still optimizes the bandwith during browsing).
still optimizes the bandwidth during browsing).
## Building archives and the live published docs

18
_config.yml
View File

@ -23,7 +23,7 @@ latest_stable_docker_engine_api_version: "1.37"
docker_ce_stable_version: "18.03"
docker_ce_edge_version: "18.05"
docker_ee_version: "17.06"
compose_version: "1.22.0"
compose_version: "1.23.1"
machine_version: "0.14.0"
distribution_version: "2.6"
dtr_version: "2.5"
@ -92,7 +92,7 @@ defaults:
- scope:
path: "install"
values:
win_latest_build: "docker-17.06.2-ee-16"
win_latest_build: "docker-17.06.2-ee-17"
- scope:
path: "datacenter"
values:
@ -102,21 +102,21 @@ defaults:
values:
dtr_org: "docker"
dtr_repo: "dtr"
dtr_version: "2.5.5"
dtr_version: "2.5.6"
- scope:
path: "datacenter/dtr/2.4"
values:
hide_from_sitemap: true
dtr_org: "docker"
dtr_repo: "dtr"
dtr_version: "2.4.6"
dtr_version: "2.4.7"
- scope:
path: "datacenter/dtr/2.3"
values:
hide_from_sitemap: true
dtr_org: "docker"
dtr_repo: "dtr"
dtr_version: "2.3.8"
dtr_version: "2.3.9"
- scope:
path: "datacenter/dtr/2.2"
values:
@ -138,23 +138,23 @@ defaults:
values:
ucp_org: "docker"
ucp_repo: "ucp"
ucp_version: "3.0.5"
ucp_version: "3.0.6"
- scope: # This is a bit of a hack for the get-support.md topic.
path: "ee"
values:
ucp_org: "docker"
ucp_repo: "ucp"
dtr_repo: "dtr"
ucp_version: "3.0.5"
ucp_version: "3.0.6"
dtr_version: "2.5.0"
dtr_latest_image: "docker/dtr:2.5.5"
dtr_latest_image: "docker/dtr:2.5.6"
- scope:
path: "datacenter/ucp/2.2"
values:
hide_from_sitemap: true
ucp_org: "docker"
ucp_repo: "ucp"
ucp_version: "2.2.13"
ucp_version: "2.2.14"
- scope:
path: "datacenter/ucp/2.1"
values:

34
_data/ddc_offline_files_2.yaml
View File

@ -6,6 +6,16 @@
- product: "ucp"
version: "3.0"
tar-files:
- description: "3.0.6 Linux"
url: https://packages.docker.com/caas/ucp_images_3.0.6.tar.gz
- description: "3.0.6 IBM Z"
url: https://packages.docker.com/caas/ucp_images_s390x_3.0.6.tar.gz
- description: "3.0.6 Windows Server 2016 LTSC"
url: https://packages.docker.com/caas/ucp_images_win_2016_3.0.6.tar.gz
- description: "3.0.6 Windows Server 1709"
url: https://packages.docker.com/caas/ucp_images_win_1709_3.0.6.tar.gz
- description: "3.0.6 Windows Server 1803"
url: https://packages.docker.com/caas/ucp_images_win_1803_3.0.6.tar.gz
- description: "3.0.5 Linux"
url: https://packages.docker.com/caas/ucp_images_3.0.5.tar.gz
- description: "3.0.5 IBM Z"
@ -53,6 +63,12 @@
- product: "ucp"
version: "2.2"
tar-files:
- description: "2.2.14 Linux"
url: https://packages.docker.com/caas/ucp_images_2.2.14.tar.gz
- description: "2.2.14 IBM Z"
url: https://packages.docker.com/caas/ucp_images_s390x_2.2.14.tar.gz
- description: "2.2.14 Windows"
url: https://packages.docker.com/caas/ucp_images_win_2.2.14.tar.gz
- description: "2.2.13 Linux"
url: https://packages.docker.com/caas/ucp_images_2.2.13.tar.gz
- description: "2.2.13 IBM Z"
@ -128,33 +144,27 @@
- product: "dtr"
version: "2.5"
tar-files:
- description: "DTR 2.5.6 Linux x86"
url: https://packages.docker.com/caas/dtr_images_2.5.6.tar.gz
- description: "DTR 2.5.5 Linux x86"
url: https://packages.docker.com/caas/dtr_images_2.5.5.tar.gz
- description: "DTR 2.5.5 IBM Z"
url: https://packages.docker.com/caas/dtr_images_s390x_2.5.5.tar.gz
- description: "DTR 2.5.3 Linux x86"
url: https://packages.docker.com/caas/dtr_images_2.5.3.tar.gz
- description: "DTR 2.5.3 IBM Z"
url: https://packages.docker.com/caas/dtr_images_s390x_2.5.3.tar.gz
- description: "DTR 2.5.2 Linux x86"
url: https://packages.docker.com/caas/dtr_images_2.5.2.tar.gz
- description: "DTR 2.5.2 IBM Z"
url: https://packages.docker.com/caas/dtr_images_s390x_2.5.2.tar.gz
- description: "DTR 2.5.1 Linux x86"
url: https://packages.docker.com/caas/dtr_images_2.5.1.tar.gz
- description: "DTR 2.5.1 IBM Z"
url: https://packages.docker.com/caas/dtr_images_s390x_2.5.1.tar.gz
- description: "DTR 2.5.0 Linux x86"
url: https://packages.docker.com/caas/dtr_images_2.5.0.tar.gz
- description: "DTR 2.5.0 IBM Z"
url: https://packages.docker.com/caas/dtr_images_s390x_2.5.0.tar.gz
- product: "dtr"
version: "2.4"
tar-files:
- description: "DTR 2.4.7 Linux x86"
url: https://packages.docker.com/caas/dtr_images_2.4.7.tar.gz
- description: "DTR 2.4.6 Linux x86"
url: https://packages.docker.com/caas/dtr_images_2.4.6.tar.gz
- description: "DTR 2.4.6 IBM Z"
url: https://packages.docker.com/caas/dtr_images_s390x_2.4.6.tar.gz
url: https://packages.docker.com/caas/dtr_images_s390x_2.4.6.tar.gz
- description: "DTR 2.4.5 Linux x86"
url: https://packages.docker.com/caas/dtr_images_2.4.5.tar.gz
- description: "DTR 2.4.5 IBM Z"
@ -182,6 +192,8 @@
- product: "dtr"
version: "2.3"
tar-files:
- description: "DTR 2.3.9"
url: https://packages.docker.com/caas/dtr_images_2.3.9.tar.gz
- description: "DTR 2.3.8"
url: https://packages.docker.com/caas/dtr_images_2.3.8.tar.gz
- description: "DTR 2.3.7"

12
_includes/ee-linux-install-reuse.md
View File

@ -116,6 +116,16 @@ You only need to set up the repository once, after which you can install Docker
{% endif %}
{% if linux-dist == "oraclelinux" %}
5. Enable the `ol7_addons` Oracle repository. This ensures access to the `container-selinux` package required by `docker-ee`.
```bash
$ sudo yum-config-manager --enable ol7_addons
```
{% endif %}
6. Add the Docker EE **stable** repository:
```bash
@ -301,6 +311,6 @@ You must delete any edited configuration files manually.
- Continue to [Post-installation steps for Linux](/install/linux/linux-postinstall.md){: target="_blank" class="_" }
- Continue with user guides on [Universal Control Plane (UCP)](/datacenter/ucp/2.2/guides/){: target="_blank" class="_" } and [Docker Trusted Registry (DTR)](/datacenter/dtr/2.4/guides/){: target="_blank" class="_" }
- Continue with user guides on [Universal Control Plane (UCP)](/ee/ucp/){: target="_blank" class="_" } and [Docker Trusted Registry (DTR)](/ee/dtr/){: target="_blank" class="_" }
{% endif %}

16
_includes/install-script.md
View File

@ -42,20 +42,24 @@ $ curl -fsSL https://get.docker.com -o get-docker.sh
$ sudo sh get-docker.sh
<output truncated>
```
If you would like to use Docker as a non-root user, you should now consider
adding your user to the "docker" group with something like:
```bash
sudo usermod -aG docker your-user
```
Remember to log out and back in for this to take effect!
WARNING: Adding a user to the "docker" group grants the ability to run
containers which can be used to obtain root privileges on the
docker host.
Refer to https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
for more information.
```
> **Warning**:
>
> Adding a user to the "docker" group grants the ability to run containers
> which can be used to obtain root privileges on the docker host. Refer to
> [Docker Daemon Attack Surface](https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface)
> for more information.
{:.warning}
Docker CE is installed. It starts automatically on `DEB`-based distributions. On
`RPM`-based distributions, you need to start it manually using the appropriate

22
_includes/kubernetes-mac-win.md
View File

@ -12,12 +12,11 @@ Usage: {% include kubernetes-mac-win.md platform="mac" %}
{% if platform == "mac" %}
{% assign product = "Docker for Mac" %}
{% capture min-version %}{{ product }} 17.12 CE Edge{% endcapture %}
{% capture min-version %}{{ product }} **17.12 CE Edge**{% endcapture %}
{% capture version-caveat %}
**Kubernetes is only available in {{ min-version }} and higher, on the Edge
channel.** Kubernetes support is not included in Docker for Mac Stable releases.
{% endcapture %}
Kubernetes is available in {{ min-version }} and higher, and **18.06 Stable** and higher
{% endcapture%}
{% capture local-kubectl-warning %}
> If you independently installed the Kubernetes CLI, `kubectl`, make sure that
@ -32,26 +31,21 @@ channel.** Kubernetes support is not included in Docker for Mac Stable releases.
{% elsif platform == "windows" %}
{% assign product = "Docker for Windows" %}
{% capture min-version %}{{ product }} 18.02 CE Edge{% endcapture %}
{% capture min-version %}{{ product }} **18.02 CE Edge**{% endcapture %}
{% capture version-caveat %}
**Kubernetes is only available in {{ min-version }}.** Kubernetes
support is not included in {{ product }} 18.02 CE Stable.
Kubernetes is available in {{ min-version }} and higher, and **18.06 Stable** and higher
{% endcapture %}
{% capture local-kubectl-warning %}
If you installed `kubectl` by another method, and experience conflicts, remove it.
If you installed `kubectl` by another method, and experience conflicts, remove it.
{% endcapture %}
{% assign kubectl-path = "C:\>Program Files\Docker\Docker\Resources\bin\kubectl.exe" %}
{% endif %}
{{ version-caveat }} To find out more about Stable and Edge channels and how to
switch between them, see
[General configuration](/docker-for-{{ platform }}/#general).
{{ min-version }} includes a standalone Kubernetes server and client,
{{ version-caveat }}, this includes a standalone Kubernetes server and client,
as well as Docker CLI integration. The Kubernetes server runs locally within
your Docker instance, is not configurable, and is a single-node cluster.

6
compose/aspnet-mssql-compose.md
View File

@ -55,8 +55,8 @@ configure this app to use our SQL Server database, and then create a
This file defines how to build the web app image. It uses the
[microsoft/aspnetcore-build](https://hub.docker.com/r/microsoft/aspnetcore-build/),
map the volume with the generated code, restore the dependencies, build the
project and expose port 80. After that, it calls an `entrypoint` script
maps the volume with the generated code, restores the dependencies, builds the
project and exposes port 80. After that, it calls an `entrypoint` script
that we create in the next step.
1. The `Dockerfile` makes use of an entrypoint to your webapp Docker
@ -186,7 +186,7 @@ configure this app to use our SQL Server database, and then create a
Go ahead and try out the website! This sample uses the SQL Server
database image in the back-end for authentication.
Ready! You now have a ASP.NET Core application running against SQL Server in
Ready! You now have an ASP.NET Core application running against SQL Server in
Docker Compose! This sample made use of some of the most popular Microsoft
products for Linux. To learn more about Windows Containers, check out
[Docker Labs for Windows Containers](https://github.com/docker/labs/tree/master/windows)

2
compose/completion.md
View File

@ -29,7 +29,7 @@ On a Mac, add the following to your `~/.bash_profile`:
```shell
if [ -f $(brew --prefix)/etc/bash_completion ]; then
. $(brew --prefix)/etc/bash_completion
. $(brew --prefix)/etc/bash_completion
fi
```

2
compose/compose-file/compose-file-v1.md
View File

@ -415,7 +415,7 @@ id.
Sets the PID mode to the host PID mode. This turns on sharing between
container and the host operating system the PID address space. Containers
launched with this flag can access and manipulate other
containers in the bare-metal machine's namespace and vise-versa.
containers in the bare-metal machine's namespace and vice versa.
### ports

6
compose/compose-file/compose-file-v2.md
View File

@ -1006,7 +1006,7 @@ designated container or service.
If set to "host", the service's PID mode is the host PID mode. This turns
on sharing between container and the host operating system the PID address
space. Containers launched with this flag can access and manipulate
other containers in the bare-metal machine's namespace and vise-versa.
other containers in the bare-metal machine's namespace and vice versa.
> **Note**: the `service:` and `container:` forms require
> [version 2.1](compose-versioning.md#version-21) or above
@ -1483,7 +1483,7 @@ Set a custom name for this volume.
data:
name: my-app-data
It can also be used in conjuction with the `external` property:
It can also be used in conjunction with the `external` property:
version: '2.1'
volumes:
@ -1641,7 +1641,7 @@ Set a custom name for this network.
network1:
name: my-app-net
It can also be used in conjuction with the `external` property:
It can also be used in conjunction with the `external` property:
version: '2.1'
networks:

6
compose/compose-file/index.md
View File

@ -1409,7 +1409,7 @@ networks:
Sets the PID mode to the host PID mode. This turns on sharing between
container and the host operating system the PID address space. Containers
launched with this flag can access and manipulate other
containers in the bare-metal machine's namespace and vise-versa.
containers in the bare-metal machine's namespace and vice versa.
### ports
@ -2029,7 +2029,7 @@ and will **not** be scoped with the stack name.
data:
name: my-app-data
It can also be used in conjuction with the `external` property:
It can also be used in conjunction with the `external` property:
version: '3.4'
volumes:
@ -2257,7 +2257,7 @@ and will **not** be scoped with the stack name.
network1:
name: my-app-net
It can also be used in conjuction with the `external` property:
It can also be used in conjunction with the `external` property:
version: '3.5'
networks:

2
compose/rails.md
View File

@ -230,7 +230,7 @@ web_1 | A server is already
running. Check /myapp/tmp/pids/server.pid.
```
To resolve this, delete the file `tmp/pids/server.pid`, and then re-start the
To resolve this, delete the file `tmp/pids/server.pid`, and then restart the
application with `docker-compose up`.
### Restart the application

1
compose/reference/build.md
View File

@ -16,6 +16,7 @@ Options:
--pull Always attempt to pull a newer version of the image.
-m, --memory MEM Sets memory limit for the build container.
--build-arg key=val Set build-time variables for services.
--parallel Build images in parallel.
```
Services are built once and then tagged, by default as `project_service`. For

6
compose/reference/config.md
View File

@ -10,10 +10,12 @@ Usage: config [options]
Options:
--resolve-image-digests Pin image tags to digests.
-q, --quiet Only validate the configuration, don't print
anything.
-q, --quiet Only validate the configuration do not print anything.
--services Print the service names, one per line.
--volumes Print the volume names, one per line.
--hash="*" Print the service config hash, one per line.
Set "service1,service2" for a list of specified services
or use the wildcard symbol to display all services.
```
Validate and view the Compose file.

2
compose/startup-order.md
View File

@ -54,7 +54,7 @@ script:
check. For example, you might want to wait until Postgres is definitely
ready to accept commands:
#!/bin/bash
#!/bin/sh
# wait-for-postgres.sh
set -e

4
config/containers/container-networking.md
View File

@ -49,7 +49,7 @@ When you connect an existing container to a different network using
`docker network connect`, you can use the `--ip` or `--ip6` flags on that
command to specify the container's IP address on the additional network.
In the same way, a container's hostname defaults to be the container's name in
In the same way, a container's hostname defaults to be the container's ID in
Docker. You can override the hostname using `--hostname`. When connecting to an
existing network using `docker network connect`, you can use the `--alias`
flag to specify an additional network alias for the container on that network.
@ -65,7 +65,7 @@ settings on a per-container basis.
| `--dns` | The IP address of a DNS server. To specify multiple DNS servers, use multiple `--dns` flags. If the container cannot reach any of the IP addresses you specify, Google's public DNS server `8.8.8.8` is added, so that your container can resolve internet domains. |
| `--dns-search` | A DNS search domain to search non-fully-qualified hostnames. To specify multiple DNS search prefixes, use multiple `--dns-search` flags. |
| `--dns-opt` | A key-value pair representing a DNS option and its value. See your operating system's documentation for `resolv.conf` for valid options. |
| `--hostname` | The hostname a container uses for itself. Defaults to the container's name if not specified. |
| `--hostname` | The hostname a container uses for itself. Defaults to the container's ID if not specified. |
## Proxy server

2
config/containers/logging/journald.md
View File

@ -57,7 +57,7 @@ driver options.
| Option | Required | Description |
|:------------|:---------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `tag` | optional | Specify template to set `CONTAINER_TAG` and `SYSLOG_IDENTIFIER` value in journald logs. Refer to [log tag option documentation](/engine/admin/logging/log_tags/) to customize the log tag format |
| `label` | optional | Comma-separated list of keys of labels, which should be included in message, if these labels are specified for the container. |
| `labels` | optional | Comma-separated list of keys of labels, which should be included in message, if these labels are specified for the container. |
| `env` | optional | Comma-separated list of keys of environment variables, which should be included in message, if these variables are specified for the container. |
| `env-regex` | optional | Similar to and compatible with env. A regular expression to match logging-related environment variables. Used for advanced [log tag options](/engine/admin/logging/log_tags/). |

2
config/containers/logging/splunk.md
View File

@ -49,7 +49,7 @@ The following properties let you configure the splunk logging driver.
- To configure the `splunk` driver across the Docker environment, edit
`daemon.json` with the key, `"log-opts": {"NAME": "VALUE", ...}`.
- To configure the `splunk` driver for an indiviual container, use `docker run`
- To configure the `splunk` driver for an individual container, use `docker run`
with the flag, `--log-opt NAME=VALUE ...`.
| Option | Required | Description |

2
config/containers/resource_constraints.md
View File

@ -9,7 +9,7 @@ keywords: "docker, daemon, configuration"
By default, a container has no resource constraints and can use as much of a
given resource as the host's kernel scheduler allows. Docker provides ways
to control how much memory, CPU, or block IO a container can use, setting runtime
to control how much memory, or CPU a container can use, setting runtime
configuration flags of the `docker run` command. This section provides details
on when you should set such limits and the possible implications of setting them.

2
datacenter/dtr/2.0/install/upgrade/index.md
View File

@ -11,7 +11,7 @@ is ensuring you're running DTR 2.0. If that's not the case, start by upgrading
your installation to version 2.0.0, and then upgrade to the latest version
available.
There is no downtime when upgrading an highly-available DTR cluster. If your
There is no downtime when upgrading a highly-available DTR cluster. If your
DTR deployment has a single replica, schedule the upgrade to take place outside
business peak hours to ensure the impact on your business is close to none.

2
datacenter/dtr/2.1/guides/install/upgrade.md
View File

@ -9,7 +9,7 @@ is ensuring you're running DTR 2.0. If that's not the case, start by upgrading
your installation to version 2.0.0, and then upgrade to the latest version
available.
There is no downtime when upgrading an highly-available DTR cluster. If your
There is no downtime when upgrading a highly-available DTR cluster. If your
DTR deployment has a single replica, schedule the upgrade to take place outside
business peak hours to ensure the impact on your business is close to none.

8
datacenter/dtr/2.1/reference/api/swagger-ui.js
View File

@ -2121,7 +2121,7 @@ SuperagentHttpClient.prototype.execute = function (obj) {
} else if (res && obj.on && obj.on.response) {
var possibleObj;
// Already parsed by by superagent?
// Already parsed by superagent?
if(res.body && Object.keys(res.body).length > 0) {
possibleObj = res.body;
} else {
@ -12442,7 +12442,7 @@ var iframe,
elemdisplay = {};
/**
* Retrieve the actual display of a element
* Retrieve the actual display of an element
* @param {String} name nodeName of the element
* @param {Object} doc Document object
*/
@ -13862,7 +13862,7 @@ jQuery.fx.speeds = {
};
// Based off of the plugin by Clint Helfers, with permission.
// Based on the plugin by Clint Helfers, with permission.
// http://blindsignals.com/index.php/2009/07/jquery-delay/
jQuery.fn.delay = function( time, type ) {
time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time;
@ -26068,7 +26068,7 @@ var baseCreate = require('./baseCreate'),
* @private
* @param {*} value The value to wrap.
* @param {boolean} [chainAll] Enable chaining for all wrapper methods.
* @param {Array} [actions=[]] Actions to peform to resolve the unwrapped value.
* @param {Array} [actions=[]] Actions to perform to resolve the unwrapped value.
*/
function LodashWrapper(value, chainAll, actions) {
this.__wrapped__ = value;

2
datacenter/dtr/2.2/guides/admin/configure/external-storage/s3.md
View File

@ -24,7 +24,7 @@ Start by
Then, as a best practice you should
[create a new IAM user](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html)
just for the DTR
integration and apply a IAM policy that ensures the user has limited permissions.
integration and apply an IAM policy that ensures the user has limited permissions.
This user only needs permissions to access the bucket that you use to store
images, and to read, write, and delete files.

2
datacenter/dtr/2.2/guides/admin/configure/garbage-collection.md
View File

@ -18,7 +18,7 @@ pushes will fail
The GC cron schedule is set to run in **UTC time**. Containers typically run in
UTC time (unless the system time is mounted), therefore remember that the cron
schedule will run based off of UTC time when configuring.
schedule will run based on UTC time when configuring.
GC puts DTR into read-only mode; pulls succeed while pushes fail. Pushing an
image while GC runs may lead to undefined behavior and data loss, therefore

2
datacenter/dtr/2.2/guides/admin/monitor-and-troubleshoot/troubleshoot-batch-jobs.md
View File

@ -68,7 +68,7 @@ Jobs can be in one of the following status:
## Job capacity
Each job runner has a limited capacity and doesn't claim jobs that require an
Each job runner has a limited capacity and doesn't claim jobs that require a
higher capacity. You can see the capacity of a job runner using the
`GET /api/v0/workers` endpoint:

8
datacenter/dtr/2.2/reference/api/swagger-ui.js
View File

@ -2121,7 +2121,7 @@ SuperagentHttpClient.prototype.execute = function (obj) {
} else if (res && obj.on && obj.on.response) {
var possibleObj;
// Already parsed by by superagent?
// Already parsed by superagent?
if(res.body && Object.keys(res.body).length > 0) {
possibleObj = res.body;
} else {
@ -12442,7 +12442,7 @@ var iframe,
elemdisplay = {};
/**
* Retrieve the actual display of a element
* Retrieve the actual display of an element
* @param {String} name nodeName of the element
* @param {Object} doc Document object
*/
@ -13862,7 +13862,7 @@ jQuery.fx.speeds = {
};
// Based off of the plugin by Clint Helfers, with permission.
// Based on the plugin by Clint Helfers, with permission.
// http://blindsignals.com/index.php/2009/07/jquery-delay/
jQuery.fn.delay = function( time, type ) {
time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time;
@ -26068,7 +26068,7 @@ var baseCreate = require('./baseCreate'),
* @private
* @param {*} value The value to wrap.
* @param {boolean} [chainAll] Enable chaining for all wrapper methods.
* @param {Array} [actions=[]] Actions to peform to resolve the unwrapped value.
* @param {Array} [actions=[]] Actions to perform to resolve the unwrapped value.
*/
function LodashWrapper(value, chainAll, actions) {
this.__wrapped__ = value;

8
datacenter/dtr/2.2/reference/api/swagger-ui.js.original
View File

@ -2121,7 +2121,7 @@ SuperagentHttpClient.prototype.execute = function (obj) {
} else if (res && obj.on && obj.on.response) {
var possibleObj;
// Already parsed by by superagent?
// Already parsed by superagent?
if(res.body && Object.keys(res.body).length > 0) {
possibleObj = res.body;
} else {
@ -12442,7 +12442,7 @@ var iframe,
elemdisplay = {};
/**
* Retrieve the actual display of a element
* Retrieve the actual display of an element
* @param {String} name nodeName of the element
* @param {Object} doc Document object
*/
@ -13862,7 +13862,7 @@ jQuery.fx.speeds = {
};
// Based off of the plugin by Clint Helfers, with permission.
// Based on the plugin by Clint Helfers, with permission.
// http://blindsignals.com/index.php/2009/07/jquery-delay/
jQuery.fn.delay = function( time, type ) {
time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time;
@ -26068,7 +26068,7 @@ var baseCreate = require('./baseCreate'),
* @private
* @param {*} value The value to wrap.
* @param {boolean} [chainAll] Enable chaining for all wrapper methods.
* @param {Array} [actions=[]] Actions to peform to resolve the unwrapped value.
* @param {Array} [actions=[]] Actions to perform to resolve the unwrapped value.
*/
function LodashWrapper(value, chainAll, actions) {
this.__wrapped__ = value;

2
datacenter/dtr/2.3/guides/admin/configure/use-a-load-balancer.md
View File

@ -54,7 +54,7 @@ with more details on any one of these services:
* Content trust (notary)
This endpoint is for checking the health of a *single* replica. To get
the health of every replica in a cluster, querying each replica individiually is
the health of every replica in a cluster, querying each replica individually is
the preferred way to do it in real time.
The `/api/v0/meta/cluster_status`

2
datacenter/dtr/2.3/guides/admin/monitor-and-troubleshoot/troubleshoot-batch-jobs.md
View File

@ -69,7 +69,7 @@ Jobs can be in one of the following status:
## Job capacity
Each job runner has a limited capacity and doesn't claim jobs that require an
Each job runner has a limited capacity and doesn't claim jobs that require a
higher capacity. You can see the capacity of a job runner using the
`GET /api/v0/workers` endpoint:

12
datacenter/dtr/2.3/guides/release-notes.md
View File

@ -11,6 +11,18 @@ known issues for each DTR version.
You can then use [the upgrade instructions](admin/upgrade.md),
to upgrade your installation to the latest release.
## Version 2.3.9
(25 October 2018)
### Bug Fixes
* Added CSP (Content Security Policy). (docker/dhe-deploy#9368 and docker/dhe-deploy#9588)
* Fixed critical vulnerability in RethinkDB. (docker/dhe-deploy#9575)
### Changelog
* Patched security vulnerabilities in the load balancer.
* Patch packages and base OS to eliminate and address some critical vulnerabilities in DTR dependencies.
## Version 2.3.8
(26 July 2018)

2
datacenter/dtr/2.3/guides/user/create-promotion-policies.md
View File

@ -97,5 +97,5 @@ pipelines.
Also, users don't need access to all repositories in the promotion pipeline.
A repository admin can define the promotion policies, and only
allow access to push to the first repository in that pipeline. Once users push
to the fist repository, the image gets promoted to the other repositories as
to the first repository, the image gets promoted to the other repositories as
long as it satisfies the promotion policies.

2
datacenter/dtr/2.3/guides/user/manage-images/sign-images/index.md
View File

@ -47,7 +47,7 @@ need to do the same procedure for every one of them.
### Configure your Notary client
Start by [configuring your Notary client](../../access-dtr/configure-your-notary-client.md).
This ensures the Docker an Notary CLI clients know about your UCP private keys.
This ensures the Docker and Notary CLI clients know about your UCP private keys.
### Initialize the trust metadata

8
datacenter/dtr/2.3/reference/api/swagger-ui.js
View File

@ -2132,7 +2132,7 @@ SuperagentHttpClient.prototype.execute = function (obj) {
} else if (res && obj.on && obj.on.response) {
var possibleObj;
// Already parsed by by superagent?
// Already parsed by superagent?
if(res.body && Object.keys(res.body).length > 0) {
possibleObj = res.body;
} else {
@ -12457,7 +12457,7 @@ var iframe,
elemdisplay = {};
/**
* Retrieve the actual display of a element
* Retrieve the actual display of an element
* @param {String} name nodeName of the element
* @param {Object} doc Document object
*/
@ -13877,7 +13877,7 @@ jQuery.fx.speeds = {
};
// Based off of the plugin by Clint Helfers, with permission.
// Based on the plugin by Clint Helfers, with permission.
// http://blindsignals.com/index.php/2009/07/jquery-delay/
jQuery.fn.delay = function( time, type ) {
time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time;
@ -26083,7 +26083,7 @@ var baseCreate = require('./baseCreate'),
* @private
* @param {*} value The value to wrap.
* @param {boolean} [chainAll] Enable chaining for all wrapper methods.
* @param {Array} [actions=[]] Actions to peform to resolve the unwrapped value.
* @param {Array} [actions=[]] Actions to perform to resolve the unwrapped value.
*/
function LodashWrapper(value, chainAll, actions) {
this.__wrapped__ = value;

8
datacenter/dtr/2.3/reference/api/swagger-ui.js.original
View File

@ -2121,7 +2121,7 @@ SuperagentHttpClient.prototype.execute = function (obj) {
} else if (res && obj.on && obj.on.response) {
var possibleObj;
// Already parsed by by superagent?
// Already parsed by superagent?
if(res.body && Object.keys(res.body).length > 0) {
possibleObj = res.body;
} else {
@ -12442,7 +12442,7 @@ var iframe,
elemdisplay = {};
/**
* Retrieve the actual display of a element
* Retrieve the actual display of an element
* @param {String} name nodeName of the element
* @param {Object} doc Document object
*/
@ -13862,7 +13862,7 @@ jQuery.fx.speeds = {
};
// Based off of the plugin by Clint Helfers, with permission.
// Based on the plugin by Clint Helfers, with permission.
// http://blindsignals.com/index.php/2009/07/jquery-delay/
jQuery.fn.delay = function( time, type ) {
time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time;
@ -26068,7 +26068,7 @@ var baseCreate = require('./baseCreate'),
* @private
* @param {*} value The value to wrap.
* @param {boolean} [chainAll] Enable chaining for all wrapper methods.
* @param {Array} [actions=[]] Actions to peform to resolve the unwrapped value.
* @param {Array} [actions=[]] Actions to perform to resolve the unwrapped value.
*/
function LodashWrapper(value, chainAll, actions) {
this.__wrapped__ = value;

4
datacenter/dtr/2.3/reference/cli/install.md
View File

@ -49,9 +49,9 @@ Note: Use --ucp-ca "$(cat ca.pem)" instead of --ucp-insecure-tls for a productio
| `--https-proxy` | $DTR_HTTPS_PROXY | The HTTPS proxy used for outgoing requests. |
| `--log-host` | $LOG_HOST | Where to send logs to.The endpoint to send logs to. Use this flag if you set --log-protocol to tcp or udp. |
| `--log-level` | $LOG_LEVEL | Log level for all container logs when logging to syslog. Default: INFO. |
| `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal.This allows to define the protocol used to send container logs to an external system. The supported protocals are tcp, udp, or internal. Use this flag with --log-host. |
| `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal.This allows to define the protocol used to send container logs to an external system. The supported protocols are tcp, udp, or internal. Use this flag with --log-host. |
| `--nfs-storage-url` | $NFS_STORAGE_URL | NFS to store Docker images. Format nfs://<ip&#124;hostname>/<mountpoint>.By default DTR creates a volume to store the Docker images in the local filesystem of the node where DTR is running, without high-availability. Use this flag to specify an NFS mount for DTR to store images, using the format nfs://<ip&#124;hostname>/<mountpoint>. To use this flag, you need to install an NFS client library like nfs-common in the node where you're deploying DTR. You can test this by running showmount -e <nfs-server>. When you join new replicas, they will start using NFS so you don't need to use this flag. To reconfigure DTR to stop using NFS, leave this option empty. |
| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route throught the proxy. Format acme.com[, acme.org]. |
| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route through the proxy. Format acme.com[, acme.org]. |
| `--overlay-subnet` | $DTR_OVERLAY_SUBNET | The subnet used by the dtr-ol overlay network. Example: 10.0.0.0/24.For high-availalibity, DTR creates an overlay network between UCP nodes. This flag allows you to choose the subnet for that network. Make sure the subnet you choose is not used on any machine where DTR replicas are deployed. |
| `--replica-http-port` | $REPLICA_HTTP_PORT | The public HTTP port for the DTR replica. Default is 80.This allows you to customize the HTTP port where users can reach DTR. Once users access the HTTP port, they are redirected to use an HTTPS connection, using the port specified with --replica-https-port. This port can also be used for unencrypted health checks. |
| `--replica-https-port` | $REPLICA_HTTPS_PORT | The public HTTPS port for the DTR replica. Default is 443.This allows you to customize the HTTPS port where users can reach DTR. Each replica can use a different port. |

4
datacenter/dtr/2.3/reference/cli/reconfigure.md
View File

@ -42,9 +42,9 @@ time, configure your DTR for high-availability.
| `--https-proxy` | $DTR_HTTPS_PROXY | The HTTPS proxy used for outgoing requests. |
| `--log-host` | $LOG_HOST | Where to send logs to. The endpoint to send logs to. Use this flag if you set `--log-protocol` to tcp or udp. |
| `--log-level` | $LOG_LEVEL | Log level for all container logs when logging to syslog. Default: INFO. |
| `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal. This allows to define the protocol used to send container logs to an external system. The supported protocals are tcp, udp, or internal. Use this flag with `--log-host`. |
| `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal. This allows to define the protocol used to send container logs to an external system. The supported protocols are tcp, udp, or internal. Use this flag with `--log-host`. |
| `--nfs-storage-url` | $NFS_STORAGE_URL | NFS to store Docker images. Format nfs://<ip&#124;hostname>/<mountpoint>. By default DTR creates a volume to store the Docker images in the local filesystem of the node where DTR is running, without high-availability. Use this flag to specify an NFS mount for DTR to store images, using the format nfs://<ip&#124;hostname>/<mountpoint>. To use this flag, you need to install an NFS client library like nfs-common in the node where you're deploying DTR. You can test this by running showmount -e <nfs-server>. When you join new replicas, they will start using NFS so you don't need to use this flag. To reconfigure DTR to stop using NFS, leave this option empty. |
| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for. When using `--http-proxy` you can use this flag to specify a list of domains that you don't want to route throught the proxy. Format acme.com[, acme.org]. |
| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for. When using `--http-proxy` you can use this flag to specify a list of domains that you don't want to route through the proxy. Format acme.com[, acme.org]. |
| `--replica-http-port` | $REPLICA_HTTP_PORT | The public HTTP port for the DTR replica. Default is 80. This allows you to customize the HTTP port where users can reach DTR. Once users access the HTTP port, they are redirected to use an HTTPS connection, using the port specified with `--replica-https-port`. This port can also be used for unencrypted health checks. |
| `--replica-https-port` | $REPLICA_HTTPS_PORT | The public HTTPS port for the DTR replica. Default is 443. This allows you to customize the HTTPS port where users can reach DTR. Each replica can use a different port. |
| `--ucp-ca` | $UCP_CA | Use a PEM-encoded TLS CA certificate for UCP. Download the UCP TLS CA certificate from https://<ucp-url>/ca, and use --ucp-ca "$(cat ca.pem)". |

6
datacenter/dtr/2.3/reference/cli/restore.md
View File

@ -24,7 +24,7 @@ restore procedure for the Docker images stored in your registry, taking in
consideration whether your DTR installation is configured to store images on
the local filesystem or using a cloud provider.
After restoring, you can add more DTR replicas by using the the 'join' command.
After restoring, you can add more DTR replicas by using the 'join' command.
## Options
@ -46,9 +46,9 @@ After restoring, you can add more DTR replicas by using the the 'join' command.
| `--https-proxy` | $DTR_HTTPS_PROXY | The HTTPS proxy used for outgoing requests. |
| `--log-host` | $LOG_HOST | Where to send logs to.The endpoint to send logs to. Use this flag if you set --log-protocol to tcp or udp. |
| `--log-level` | $LOG_LEVEL | Log level for all container logs when logging to syslog. Default: INFO. |
| `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal.This allows to define the protocol used to send container logs to an external system. The supported protocals are tcp, udp, or internal. Use this flag with --log-host. |
| `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal.This allows to define the protocol used to send container logs to an external system. The supported protocols are tcp, udp, or internal. Use this flag with --log-host. |
| `--nfs-storage-url` | $NFS_STORAGE_URL | NFS to store Docker images. Format nfs://<ip&#124;hostname>/<mountpoint>.By default DTR creates a volume to store the Docker images in the local filesystem of the node where DTR is running, without high-availability. Use this flag to specify an NFS mount for DTR to store images, using the format nfs://<ip&#124;hostname>/<mountpoint>. To use this flag, you need to install an NFS client library like nfs-common in the node where you're deploying DTR. You can test this by running showmount -e <nfs-server>. When you join new replicas, they will start using NFS so you don't need to use this flag. To reconfigure DTR to stop using NFS, leave this option empty. |
| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route throught the proxy. Format acme.com[, acme.org]. |
| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route through the proxy. Format acme.com[, acme.org]. |
| `--replica-http-port` | $REPLICA_HTTP_PORT | The public HTTP port for the DTR replica. Default is 80.This allows you to customize the HTTP port where users can reach DTR. Once users access the HTTP port, they are redirected to use an HTTPS connection, using the port specified with --replica-https-port. This port can also be used for unencrypted health checks. |
| `--replica-https-port` | $REPLICA_HTTPS_PORT | The public HTTPS port for the DTR replica. Default is 443.This allows you to customize the HTTPS port where users can reach DTR. Each replica can use a different port. |
| `--replica-id` | $DTR_INSTALL_REPLICA_ID | Assign an ID to the DTR replica. Random by default. |

2
datacenter/dtr/2.4/guides/admin/configure/use-a-load-balancer.md
View File

@ -54,7 +54,7 @@ with more details on any one of these services:
* Content trust (notary)
This endpoint is for checking the health of a *single* replica. To get
the health of every replica in a cluster, querying each replica individiually is
the health of every replica in a cluster, querying each replica individually is
the preferred way to do it in real time.
The `/api/v0/meta/cluster_status`

4
datacenter/dtr/2.4/guides/admin/monitor-and-troubleshoot/troubleshoot-batch-jobs.md
View File

@ -69,8 +69,8 @@ Jobs can be in one of the following status:
## Job capacity
Each job runner has a limited capacity and doesn't claim jobs that require an
higher capacity. You can see the capacity of a job runner using the
Each job runner has a limited capacity and doesn't claim jobs that require a
higher capacity. You can see the capacity of a job runner using the
`GET /api/v0/workers` endpoint:
```json

4
datacenter/dtr/2.4/reference/cli/install.md
View File

@ -46,9 +46,9 @@ Note: Use --ucp-ca "$(cat ca.pem)" instead of --ucp-insecure-tls for a productio
| `--https-proxy` | $DTR_HTTPS_PROXY | The HTTPS proxy used for outgoing requests. |
| `--log-host` | $LOG_HOST | Where to send logs to.The endpoint to send logs to. Use this flag if you set --log-protocol to tcp or udp. |
| `--log-level` | $LOG_LEVEL | Log level for all container logs when logging to syslog. Default: INFO. |
| `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal.This allows to define the protocol used to send container logs to an external system. The supported protocals are tcp, udp, or internal. Use this flag with --log-host. |
| `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal.This allows to define the protocol used to send container logs to an external system. The supported protocols are tcp, udp, or internal. Use this flag with --log-host. |
| `--nfs-storage-url` | $NFS_STORAGE_URL | NFS to store Docker images. Format nfs://<ip&#124;hostname>/<mountpoint>.By default DTR creates a volume to store the Docker images in the local filesystem of the node where DTR is running, without high-availability. Use this flag to specify an NFS mount for DTR to store images, using the format nfs://<ip&#124;hostname>/<mountpoint>. To use this flag, you need to install an NFS client library like nfs-common in the node where you're deploying DTR. You can test this by running showmount -e <nfs-server>. When you join new replicas, they will start using NFS so you don't need to use this flag. To reconfigure DTR to stop using NFS, leave this option empty. |
| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route throught the proxy. Format acme.com[, acme.org]. |
| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route through the proxy. Format acme.com[, acme.org]. |
| `--overlay-subnet` | $DTR_OVERLAY_SUBNET | The subnet used by the dtr-ol overlay network. Example: 10.0.0.0/24.For high-availalibity, DTR creates an overlay network between UCP nodes. This flag allows you to choose the subnet for that network. Make sure the subnet you choose is not used on any machine where DTR replicas are deployed. |
| `--replica-http-port` | $REPLICA_HTTP_PORT | The public HTTP port for the DTR replica. Default is 80.This allows you to customize the HTTP port where users can reach DTR. Once users access the HTTP port, they are redirected to use an HTTPS connection, using the port specified with --replica-https-port. This port can also be used for unencrypted health checks. |
| `--replica-https-port` | $REPLICA_HTTPS_PORT | The public HTTPS port for the DTR replica. Default is 443.This allows you to customize the HTTPS port where users can reach DTR. Each replica can use a different port. |

4
datacenter/dtr/2.4/reference/cli/reconfigure.md
View File

@ -39,9 +39,9 @@ time, configure your DTR for high-availability.
| `--https-proxy` | $DTR_HTTPS_PROXY | The HTTPS proxy used for outgoing requests. |
| `--log-host` | $LOG_HOST | Where to send logs to.The endpoint to send logs to. Use this flag if you set --log-protocol to tcp or udp. |
| `--log-level` | $LOG_LEVEL | Log level for all container logs when logging to syslog. Default: INFO. |
| `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal.This allows to define the protocol used to send container logs to an external system. The supported protocals are tcp, udp, or internal. Use this flag with --log-host. |
| `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal.This allows to define the protocol used to send container logs to an external system. The supported protocols are tcp, udp, or internal. Use this flag with --log-host. |
| `--nfs-storage-url` | $NFS_STORAGE_URL | NFS to store Docker images. Format nfs://<ip&#124;hostname>/<mountpoint>.By default DTR creates a volume to store the Docker images in the local filesystem of the node where DTR is running, without high-availability. Use this flag to specify an NFS mount for DTR to store images, using the format nfs://<ip&#124;hostname>/<mountpoint>. To use this flag, you need to install an NFS client library like nfs-common in the node where you're deploying DTR. You can test this by running showmount -e <nfs-server>. When you join new replicas, they will start using NFS so you don't need to use this flag. To reconfigure DTR to stop using NFS, leave this option empty. |
| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route throught the proxy. Format acme.com[, acme.org]. |
| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route through the proxy. Format acme.com[, acme.org]. |
| `--replica-http-port` | $REPLICA_HTTP_PORT | The public HTTP port for the DTR replica. Default is 80.This allows you to customize the HTTP port where users can reach DTR. Once users access the HTTP port, they are redirected to use an HTTPS connection, using the port specified with --replica-https-port. This port can also be used for unencrypted health checks. |
| `--replica-https-port` | $REPLICA_HTTPS_PORT | The public HTTPS port for the DTR replica. Default is 443.This allows you to customize the HTTPS port where users can reach DTR. Each replica can use a different port. |
| `--ucp-ca` | $UCP_CA | Use a PEM-encoded TLS CA certificate for UCP.Download the UCP TLS CA certificate from https://<ucp-url>/ca, and use --ucp-ca "$(cat ca.pem)". |

6
datacenter/dtr/2.4/reference/cli/restore.md
View File

@ -24,7 +24,7 @@ restore procedure for the Docker images stored in your registry, taking in
consideration whether your DTR installation is configured to store images on
the local filesystem or using a cloud provider.
After restoring, you can add more DTR replicas by using the the 'join' command.
After restoring, you can add more DTR replicas by using the 'join' command.
## Options
@ -43,9 +43,9 @@ After restoring, you can add more DTR replicas by using the the 'join' command.
| `--https-proxy` | $DTR_HTTPS_PROXY | The HTTPS proxy used for outgoing requests. |
| `--log-host` | $LOG_HOST | Where to send logs to.The endpoint to send logs to. Use this flag if you set --log-protocol to tcp or udp. |
| `--log-level` | $LOG_LEVEL | Log level for all container logs when logging to syslog. Default: INFO. |
| `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal.This allows to define the protocol used to send container logs to an external system. The supported protocals are tcp, udp, or internal. Use this flag with --log-host. |
| `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal.This allows to define the protocol used to send container logs to an external system. The supported protocols are tcp, udp, or internal. Use this flag with --log-host. |
| `--nfs-storage-url` | $NFS_STORAGE_URL | NFS to store Docker images. Format nfs://<ip&#124;hostname>/<mountpoint>.By default DTR creates a volume to store the Docker images in the local filesystem of the node where DTR is running, without high-availability. Use this flag to specify an NFS mount for DTR to store images, using the format nfs://<ip&#124;hostname>/<mountpoint>. To use this flag, you need to install an NFS client library like nfs-common in the node where you're deploying DTR. You can test this by running showmount -e <nfs-server>. When you join new replicas, they will start using NFS so you don't need to use this flag. To reconfigure DTR to stop using NFS, leave this option empty. |
| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route throught the proxy. Format acme.com[, acme.org]. |
| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route through the proxy. Format acme.com[, acme.org]. |
| `--replica-http-port` | $REPLICA_HTTP_PORT | The public HTTP port for the DTR replica. Default is 80.This allows you to customize the HTTP port where users can reach DTR. Once users access the HTTP port, they are redirected to use an HTTPS connection, using the port specified with --replica-https-port. This port can also be used for unencrypted health checks. |
| `--replica-https-port` | $REPLICA_HTTPS_PORT | The public HTTPS port for the DTR replica. Default is 443.This allows you to customize the HTTPS port where users can reach DTR. Each replica can use a different port. |
| `--replica-id` | $DTR_INSTALL_REPLICA_ID | Assign an ID to the DTR replica. Random by default. |

2
datacenter/ucp/1.1/configuration/dtr-integration.md
View File

@ -10,7 +10,7 @@ title: Integrate with Docker Trusted Registry
You can integrate UCP with Docker Trusted Registry (DTR). This allows you to
securely store and manage the Docker images that are used in your UCP cluster.
At an high-level, there are three steps to integrate UCP with DTR:
At a high-level, there are three steps to integrate UCP with DTR:
* Configure UCP to know about DTR,
* Configure DTR to trust UCP,

2
datacenter/ucp/1.1/configuration/multi-host-networking.md
View File

@ -150,7 +150,7 @@ To enable the networking feature, do the following.
5. Restart the Engine `daemon`.
The Engine `daemon` is a OS service process running on each node in your
The Engine `daemon` is an OS service process running on each node in your
cluster. How you restart a service is operating-system dependent. Some
examples appear below but keep in mind that on your system, the restart
operation may differ. Check with your system administrator if you are not

2
datacenter/ucp/1.1/user-management/create-and-manage-users.md
View File

@ -32,7 +32,7 @@ in the cluster. There are four permission levels:
| `No Access` | The user can't view any resource, like volumes, networks, images, or containers. |
| `View Only` | The user can view volumes, networks and images, but can't create any containers. |
| `Restricted Control` | The user can view and edit volumes, networks, and images. They can create containers, but can't see other users containers, run `docker exec`, or run containers that require privileged access to the host. |
| `Full Control` | The user can view and edit volumes, networks, and images, They can create containers without any restriction, but can't see other users containers. |
| `Full Control` | The user can view and edit volumes, networks, and images. They can create containers without any restriction, but can't see other users containers. |
[Learn more about the UCP permission levels](permission-levels.md). Finally,
click the **Create User** button, to create the user.

2
datacenter/ucp/1.1/user-management/permission-levels.md
View File

@ -34,7 +34,7 @@ access to full control over the resources.
| `No Access` | The user can't view any resource, like volumes, networks, images, or containers. |
| `View Only` | The user can view volumes, networks and images, but can't create any containers. |
| `Restricted Control` | The user can view and edit volumes, networks, and images. They can create containers, but can't see other users containers, run `docker exec`, or run containers that require privileged access to the host. |
| `Full Control` | The user can view and edit volumes, networks, and images, They can create containers without any restriction, but can't see other users containers. |
| `Full Control` | The user can view and edit volumes, networks, and images. They can create containers without any restriction, but can't see other users containers. |
When a user only has a default permission assigned, only them and admin
users can see the containers they deploy in the cluster.

2
datacenter/ucp/2.0/guides/content-trust/index.md
View File

@ -145,7 +145,7 @@ user certificates:
$ notary delegation add -p <dtr_url>/<account>/<repository> targets/releases --all-paths user1.pem user2.pem
```
The above command adds the the `targets/releases` delegation role to a trusted
The above command adds the `targets/releases` delegation role to a trusted
repository.
This role is treated as an actual release branch for Docker Content Trust,
since `docker pull` commands with trust enabled will pull directly from this

2
datacenter/ucp/2.0/guides/installation/scale-your-cluster.md
View File

@ -16,7 +16,7 @@ you use the [docker swarm join](/engine/swarm/swarm-tutorial/add-nodes.md)
command to add more nodes to your cluster. When joining new nodes, the UCP
services automatically start running in that node.
When joining a node a a cluster you can specify its role: manager or worker.
When joining a node a cluster you can specify its role: manager or worker.
* **Manager nodes**

2
datacenter/ucp/2.0/guides/user-management/permission-levels.md
View File

@ -32,7 +32,7 @@ access to full control over the resources.
| `No Access` | The user can't view any resource, like volumes, networks, images, or containers. |
| `View Only` | The user can view volumes, networks and images, but can't create any containers. |
| `Restricted Control` | The user can view and edit volumes, networks, and images. They can create containers, but can't see other users containers, run `docker exec`, or run containers that require privileged access to the host. |
| `Full Control` | The user can view and edit volumes, networks, and images, They can create containers without any restriction, but can't see other users containers. |
| `Full Control` | The user can view and edit volumes, networks, and images. They can create containers without any restriction, but can't see other users containers. |
When a user only has a default permission assigned, only them and admin
users can see the containers they deploy in the cluster.

2
datacenter/ucp/2.1/guides/admin/manage-users/permission-levels.md
View File

@ -32,7 +32,7 @@ access to full control over the resources.
| `No Access` | The user can't view any resource, like volumes, networks, images, or containers. |
| `View Only` | The user can view volumes, networks, and images, but can't create any containers. |
| `Restricted Control` | The user can view and edit volumes, networks, and images. They can create containers, but can't see other users' containers, run `docker exec`, or run containers that require privileged access to the host. |
| `Full Control` | The user can view and edit volumes, networks, and images, They can create containers without any restriction, but can't see other users' containers. |
| `Full Control` | The user can view and edit volumes, networks, and images. They can create containers without any restriction, but can't see other users' containers. |
If a user has Restricted Control or Full Control default permissions, they can create resources without labels, and only the user and Admins can see and access the resources. Default permissions also affect ability for a user to access things that can't have labels, images and nodes.

2
datacenter/ucp/2.1/guides/user/secrets/index.md
View File

@ -11,7 +11,7 @@ services with sensitive information like passwords, TLS certificates, or
private keys.
Universal Control Plane allows you to store this sensitive information, also
know as secrets, in a secure way. It also gives you role-based access control
known as secrets, in a secure way. It also gives you role-based access control
so that you can control which users can use a secret in their services
and which ones can manage the secret.

2
datacenter/ucp/2.2/guides/access-control/permission-levels.md
View File

@ -39,7 +39,7 @@ The system provides the following default roles:
| `View Only` | The user can view resources like services, volumes, and networks but can't create them. |
| `Restricted Control` | The user can view and edit volumes, networks, and images but can't run a service or container in a way that might affect the node where it's running. The user can't mount a node directory and can't `exec` into containers. Also, The user can't run containers in privileged mode or with additional kernel capabilities. |
| `Scheduler` | The user can view nodes and schedule workloads on them. Worker nodes and manager nodes are affected by `Scheduler` grants. Having `Scheduler` access doesn't allow the user to view workloads on these nodes. They need the appropriate resource permissions, like `Container View`. By default, all users get a grant with the `Scheduler` role against the `/Shared` collection. |
| `Full Control` | The user can view and edit volumes, networks, and images, They can create containers without any restriction, but can't see other users' containers. |
| `Full Control` | The user can view and edit volumes, networks, and images. They can create containers without any restriction, but can't see other users' containers. |
![Diagram showing UCP permission levels](../images/permissions-ucp.svg)

2
datacenter/ucp/2.2/guides/admin/configure/ucp-configuration-file.md
View File

@ -139,7 +139,7 @@ Settings for syncing users.
## auth.ldap.admin_sync_opts (optional)
Settings for syncing system admininistrator users.
Settings for syncing system administrator users.
| Parameter | Required | Description |
|:-----------------------|:---------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|

2
datacenter/ucp/2.2/guides/user/services/use-domain-names-to-access-services.md
View File

@ -223,5 +223,5 @@ you can create an overlay network that contains the `com.docker.mesh.http` label
docker network create -d overlay --label com.docker.ucp.mesh.http=true new-hrm-network
```
If you're creating a a new HRM network you need to disable the HRM service first, or disable
If you're creating a new HRM network you need to disable the HRM service first, or disable
and enable the HRM service after you create the network else HRM will not be available on new network.

8
datacenter/ucp/2.2/reference/api/swagger-ui.js
View File

@ -2121,7 +2121,7 @@ SuperagentHttpClient.prototype.execute = function (obj) {
} else if (res && obj.on && obj.on.response) {
var possibleObj;
// Already parsed by by superagent?
// Already parsed by superagent?
if(res.body && Object.keys(res.body).length > 0) {
possibleObj = res.body;
} else {
@ -12442,7 +12442,7 @@ var iframe,
elemdisplay = {};
/**
* Retrieve the actual display of a element
* Retrieve the actual display of an element
* @param {String} name nodeName of the element
* @param {Object} doc Document object
*/
@ -13862,7 +13862,7 @@ jQuery.fx.speeds = {
};
// Based off of the plugin by Clint Helfers, with permission.
// Based on the plugin by Clint Helfers, with permission.
// http://blindsignals.com/index.php/2009/07/jquery-delay/
jQuery.fn.delay = function( time, type ) {
time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time;
@ -26068,7 +26068,7 @@ var baseCreate = require('./baseCreate'),
* @private
* @param {*} value The value to wrap.
* @param {boolean} [chainAll] Enable chaining for all wrapper methods.
* @param {Array} [actions=[]] Actions to peform to resolve the unwrapped value.
* @param {Array} [actions=[]] Actions to perform to resolve the unwrapped value.
*/
function LodashWrapper(value, chainAll, actions) {
this.__wrapped__ = value;

8
datacenter/ucp/2.2/reference/api/swagger-ui.js.original
View File

@ -2121,7 +2121,7 @@ SuperagentHttpClient.prototype.execute = function (obj) {
} else if (res && obj.on && obj.on.response) {
var possibleObj;
// Already parsed by by superagent?
// Already parsed by superagent?
if(res.body && Object.keys(res.body).length > 0) {
possibleObj = res.body;
} else {
@ -12442,7 +12442,7 @@ var iframe,
elemdisplay = {};
/**
* Retrieve the actual display of a element
* Retrieve the actual display of an element
* @param {String} name nodeName of the element
* @param {Object} doc Document object
*/
@ -13862,7 +13862,7 @@ jQuery.fx.speeds = {
};
// Based off of the plugin by Clint Helfers, with permission.
// Based on the plugin by Clint Helfers, with permission.
// http://blindsignals.com/index.php/2009/07/jquery-delay/
jQuery.fn.delay = function( time, type ) {
time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time;
@ -26068,7 +26068,7 @@ var baseCreate = require('./baseCreate'),
* @private
* @param {*} value The value to wrap.
* @param {boolean} [chainAll] Enable chaining for all wrapper methods.
* @param {Array} [actions=[]] Actions to peform to resolve the unwrapped value.
* @param {Array} [actions=[]] Actions to perform to resolve the unwrapped value.
*/
function LodashWrapper(value, chainAll, actions) {
this.__wrapped__ = value;

2
docker-for-azure/release-notes.md
View File

@ -9,8 +9,6 @@ title: Docker for Azure Release Notes
## Enterprise Edition
[Docker Enterprise Edition Lifecycle](https://success.docker.com/Policies/Maintenance_Lifecycle){: target="_blank"}<!--_-->
[Deploy Docker Enterprise Edition (EE) for AWS](https://hub.docker.com/editions/enterprise/docker-ee-aws?tab=description){: target="_blank" class="button outline-btn"}
### 17.06 EE
- Docker engine 17.06 EE

4
docker-for-mac/edge-release-notes.md
View File

@ -123,7 +123,7 @@ for Mac](install.md#download-docker-for-mac).
- [Notary 0.6.1](https://github.com/docker/notary/releases/tag/v0.6.1)
* New
- Re-enable raw as the the default disk format for users running macOS 10.13.4 and higher. Note this change only takes effect after a "reset to factory defaults" or "remove all data" (from the Whale menu -> Preferences -> Reset). Related to [docker/for-mac#2625](https://github.com/docker/for-mac/issues/2625)
- Re-enable raw as the default disk format for users running macOS 10.13.4 and higher. Note this change only takes effect after a "reset to factory defaults" or "remove all data" (from the Whale menu -> Preferences -> Reset). Related to [docker/for-mac#2625](https://github.com/docker/for-mac/issues/2625)
* Bug fixes and minor changes
- Fix Docker for Mac not starting due to socket file paths being too long (typically HOME folder path being too long). Fixes [docker/for-mac#2727](https://github.com/docker/for-mac/issues/2727), [docker/for-mac#2731](https://github.com/docker/for-mac/issues/2731).
@ -239,7 +239,7 @@ for Mac](install.md#download-docker-for-mac).
* Bug fixes and minor changes
- Added "Restart" menu item. See [docker/for-mac#2407](https://github.com/docker/for-mac/issues/2407)
- Keep any existing kubectl binary when activating Kubenetes in Docker for Mac, and restore it when disabling Kubernetes. Fixes [docker/for-mac#2508](https://github.com/docker/for-mac/issues/2508), [docker/for-mac#2368](https://github.com/docker/for-mac/issues/2368)
- Keep any existing kubectl binary when activating Kubernetes in Docker for Mac, and restore it when disabling Kubernetes. Fixes [docker/for-mac#2508](https://github.com/docker/for-mac/issues/2508), [docker/for-mac#2368](https://github.com/docker/for-mac/issues/2368)
- Fix Kubernetes context selector. Fixes [docker/for-mac#2495](https://github.com/docker/for-mac/issues/2495)
### Docker Community Edition 18.01.0-ce-mac48 2018-01-19

BIN
docker-for-mac/images/diagnose-feedback-id.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 375 KiB

After

Width:  |  Height:  |  Size: 132 KiB

BIN
docker-for-mac/images/diagnose-feedback.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 245 KiB

After

Width:  |  Height:  |  Size: 128 KiB

BIN
docker-for-mac/images/mac-install-success-docker-cloud.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 246 KiB

After

Width:  |  Height:  |  Size: 125 KiB

BIN
docker-for-mac/images/menu/prefs-kubernetes.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 82 KiB

After

Width:  |  Height:  |  Size: 112 KiB

285
docker-for-mac/index.md
View File

@ -18,11 +18,14 @@ Welcome to Docker for Mac! Docker is a full development platform for creating
containerized apps, and Docker for Mac is the best way to get started with
Docker _on a Mac_.
> See [Install Docker for Mac](install.md){: target="_blank" class="_"} for information on system requirements and stable & edge channels.
> See [Install Docker for Mac](install.md){: target="_blank" class="_"} for
> information on system requirements and stable & edge channels.
## Check versions
Ensure your versions of `docker`, `docker-compose`, and `docker-machine` are up-to-date and compatible with `Docker.app`. Your output may differ if you are running different versions.
Ensure your versions of `docker`, `docker-compose`, and `docker-machine` are
up-to-date and compatible with `Docker.app`. Your output may differ if you are
running different versions.
```shell
$ docker --version
@ -38,7 +41,9 @@ docker-machine version {{ site.machine_version }}, build 9ba6da9
## Explore the application
1. Open a command-line terminal and test that your installation works by
running the simple Docker image, [hello-world](https://hub.docker.com/_/hello-world/){: target="_blank" class="_"}:
running the simple Docker image,
[hello-world](https://hub.docker.com/_/hello-world/){: target="_blank"
class="_"}:
```shell
$ docker run hello-world
@ -61,15 +66,18 @@ docker-machine version {{ site.machine_version }}, build 9ba6da9
$ docker run -d -p 80:80 --name webserver nginx
```
3. In a web browser, go to `http://localhost/` to view the nginx homepage. Because we specified the default HTTP port, it isn't necessary to append `:80` at the end of the URL.
3. In a web browser, go to `http://localhost/` to view the nginx homepage.
Because we specified the default HTTP port, it isn't necessary to append
`:80` at the end of the URL.
![nginx home page](images/hello-world-nginx.png){:width="500px"}
> Early beta releases used `docker` as the hostname to build the
> URL. Now, ports are exposed on the private IP addresses of the VM and
> forwarded to `localhost` with no other host name set.
> Early beta releases used `docker` as the hostname to build the URL. Now,
> ports are exposed on the private IP addresses of the VM and forwarded to
> `localhost` with no other host name set.
4. View the details on the container while your web server is running (with `docker container ls` or `docker ps`):
4. View the details on the container while your web server is running (with
`docker container ls` or `docker ps`):
```none
$ docker container ls
@ -77,7 +85,8 @@ docker-machine version {{ site.machine_version }}, build 9ba6da9
56f433965490 nginx "nginx -g 'daemon off" About a minute ago Up About a minute 0.0.0.0:80->80/tcp, 443/tcp webserver
```
5. Stop and remove containers and images with the following commands. Use the "all" flag (`--all` or `-a`) to view stopped containers.
5. Stop and remove containers and images with the following commands. Use the
"all" flag (`--all` or `-a`) to view stopped containers.
```shell
$ docker container ls
@ -90,7 +99,8 @@ docker-machine version {{ site.machine_version }}, build 9ba6da9
## Preferences menu
Choose ![whale menu](images/whale-x.png){: .inline} -> **Preferences** from the menu bar and configure the runtime options described below.
Choose ![whale menu](images/whale-x.png){: .inline} → **Preferences** from the
menu bar and configure the runtime options described below.
![Docker context menu](images/menu/prefs.png){:width="250px"}
@ -100,18 +110,24 @@ Choose ![whale menu](images/whale-x.png){: .inline} -> **Preferences** from the
General settings are:
- **Start Docker when you log in**: Uncheck this option if you don't want Docker to start when you open your session.
- **Start Docker when you log in**: Uncheck this option if you don't want Docker
to start when you open your session.
- **Automatically check for updates** notifies you when an update is available.
Click **OK** to accept and install updates (or cancel to keep the current
version). If you disable this option, you can still find out about updates
manually by choosing ![whale menu](images/whale-x.png){: .inline} -> **Check for Updates**.
manually by choosing ![whale menu](images/whale-x.png){: .inline} → **Check
for Updates**.
- **Include VM in Time Machine backups** backs up the Docker for Mac virtual machine. (Disabled by default.)
- **Include VM in Time Machine backups** backs up the Docker for Mac virtual
machine. (Disabled by default.)
- **Securely store Docker logins in MacOS keychain** stores your Docker login credentials. (Enabled by default.)
- **Securely store Docker logins in MacOS keychain** stores your Docker login
credentials. (Enabled by default.)
- **Send usage statistics** &mdash; Send diagnostics, crash reports, and usage data to Docker. This information helps Docker improve the application and get more context for troubleshooting problems. (Enabled by default.)
- **Send usage statistics** &mdash; Send diagnostics, crash reports, and usage
data to Docker. This information helps Docker improve the application and get
more context for troubleshooting problems. (Enabled by default.)
### File sharing
@ -127,7 +143,8 @@ File share settings are:
- **Add a Directory**: Click `+` and navigate to the directory you want to add.
- **Apply & Restart** makes the directory available to containers using Docker's bind mount (`-v`) feature.
- **Apply & Restart** makes the directory available to containers using Docker's
bind mount (`-v`) feature.
There are some limitations on the directories that can be shared:
@ -136,30 +153,34 @@ File share settings are:
For more information, see:
- [Namespaces](osxfs.md#namespaces){: target="_blank" class="_"} in the topic on [osxfs file system sharing](osxfs.md).
- [Volume mounting requires file sharing for any project directories outside of `/Users`](troubleshoot.md#volume-mounting-requires-file-sharing-for-any-project-directories-outside-of-users).)
- [Namespaces](osxfs.md#namespaces){: target="_blank" class="_"} in the topic on
[osxfs file system sharing](osxfs.md).
- [Volume mounting requires file sharing for any project directories outside of
`/Users`](troubleshoot.md#volume-mounting-requires-file-sharing-for-any-project-directories-outside-of-users).)
### Advanced
On the Advanced tab, you can limit resources available to Docker.
![Advanced Preference settings-advanced](images/menu/prefs-advanced.png){:width="400px"}
![Advanced Preference
settings-advanced](images/menu/prefs-advanced.png){:width="400px"}
Advanced settings are:
**CPUs**: By default, Docker for Mac is set to use half the number of processors available
on the host machine. To increase processing power, set this to a higher number;
to decrease, lower the number.
**CPUs**: By default, Docker for Mac is set to use half the number of processors
available on the host machine. To increase processing power, set this to a
higher number; to decrease, lower the number.
**Memory**: By default, Docker for Mac is set to use `2` GB runtime memory, allocated from
the total available memory on your Mac. To increase RAM, set this to a higher number;
to decrease it, lower the number.
**Memory**: By default, Docker for Mac is set to use `2` GB runtime memory,
allocated from the total available memory on your Mac. To increase RAM, set this
to a higher number; to decrease it, lower the number.
**Swap**: Configure swap file size as needed. The default is 1 GB.
### Disk
Specify the **Disk image location** of the Linux volume, where containers and images are stored.
Specify the **Disk image location** of the Linux volume, where containers and
images are stored.
You can also move the disk image location. If you attempt to move the disk image
to a location that already has one, you get a prompt asking if you want to use
@ -178,8 +199,8 @@ pulling containers.
![macOS Proxy Settings](images/proxy-settings.png){:width="600px"}
When you start a container, your proxy settings propagate into
the containers. For example:
When you start a container, your proxy settings propagate into the containers.
For example:
```
$ docker run -it alpine env
@ -202,7 +223,8 @@ using [restart policies](/engine/reference/run/#restart-policies-restart).
### Daemon
You can configure options on the Docker daemon that determine how your containers run.
You can configure options on the Docker daemon that determine how your
containers run.
Select **Basic** to configure the daemon with interactive settings, or select
**Advanced** to edit the JSON directly.
@ -213,12 +235,18 @@ Select **Basic** to configure the daemon with interactive settings, or select
#### Experimental features
Both Docker for Mac Stable and Edge releases have experimental features enabled
on Docker Engine, as described [Docker Experimental Features README](https://github.com/docker/docker-ce/blob/master/components/cli/experimental/README.md){: target="_blank" class="_"}. If you uncheck **experimental mode**, Docker for Mac uses the current generally available
release of Docker Engine.
on Docker Engine, as described [Docker Experimental Features
README](https://github.com/docker/docker-ce/blob/master/components/cli/experimental/README.md){:
target="_blank" class="_"}. If you uncheck **experimental mode**, Docker for Mac
uses the current generally available release of Docker Engine.
> Don't enable experimental features in production
>
> Experimental features are not appropriate for production environments or workloads. They are meant to be sandbox experiments for new ideas. Some experimental features may become incorporated into upcoming stable releases, but others may be modified or pulled from subsequent Edge releases, and never released on Stable.
>Experimental features are not appropriate for production environments or
>workloads. They are meant to be sandbox experiments for new ideas. Some
>experimental features may become incorporated into upcoming stable releases,
>but others may be modified or pulled from subsequent Edge releases, and never
>released on Stable.
You can see whether you are running experimental mode at the command line. If
`Experimental` is `true`, then Docker is running in experimental mode, as shown
@ -231,30 +259,41 @@ true
#### Insecure registries
You can set up a custom and insecure [registry](/registry/introduction.md){: target="_blank" class="_"}
to store your public or private images (instead of using [Docker Hub](https://hub.docker.com/){:target="_blank" class="_"}
or [Docker Trusted Registry](/datacenter/dtr/2.1/guides/index.md)).
Add URLs for your insecure registries and registry mirrors on which to host your images.
You can set up a custom and insecure [registry](/registry/introduction.md){:
target="_blank" class="_"} to store your public or private images (instead of
using [Docker Hub](https://hub.docker.com/){:target="_blank" class="_"} or
[Docker Trusted Registry](/datacenter/dtr/2.1/guides/index.md)). Add URLs for
your insecure registries and registry mirrors on which to host your images.
See also:
- [How do I add custom CA certificates?](faqs.md#how-do-i-add-custom-ca-certificates){:target="_blank" class="_"}
- [How do I add client certificates](faqs.md#how-do-i-client-certificates){:target="_blank" class="_"}
- [How do I add custom CA
certificates?](faqs.md#how-do-i-add-custom-ca-certificates){:target="_blank"
class="_"}
- [How do I add client
certificates](faqs.md#how-do-i-client-certificates){:target="_blank"
class="_"}
#### Daemon configuration file
Click the **Advanced** tab to configure the daemon from the JSON file. For a full
list of options, see the Docker Engine [dockerd commandline reference](/engine/reference/commandline/dockerd.md){:target="_blank" class="_"}.
Click the **Advanced** tab to configure the daemon from the JSON file. For a
full list of options, see the Docker Engine [dockerd commandline
reference](/engine/reference/commandline/dockerd.md){:target="_blank"
class="_"}.
Click **Apply & Restart** to save your settings and reboot Docker. Or, to cancel
changes, click another preference tab, then choose to discard or not apply changes when asked.
changes, click another preference tab, then choose to discard or not apply
changes when asked.
![Docker Daemon](images/menu/prefs-daemon-adv.png){:width="400px"}
### Kubernetes
Docker for Mac 17.12 CE (and higher) includes a standalone Kubernetes server
that runs on your Mac, so that you can test deploying your Docker workloads on
Kubernetes.
In Docker for Mac [17.12 Edge
(mac45)](/docker-for-mac/edge-relese-notes/#docker-community-edition-17120-ce-mac45-2018-01-05)
and higher, and [18.06 Stable
(mac70)](/docker-for-mac/release-notes/#docker-community-edition-18060-ce-mac70-2018-07-25)
and higher, a standalone Kubernetes server is included that runs on your Mac, so
that you can test deploying your Docker workloads on Kubernetes.
The Kubernetes client command, `kubectl`, is included and configured to connect
to the local Kubernetes server. If you have `kubectl` already installed and
@ -270,10 +309,13 @@ If you installed `kubectl` with Homebrew, or by some other method, and
experience conflicts, remove `/usr/local/bin/kubectl`.
- To enable Kubernetes support and install a standalone instance of Kubernetes
running as a Docker container, select **Enable Kubernetes** and click the
**Apply** button.
running as a Docker container, select **Enable Kubernetes**, choose the
[default
orchestrator](/docker-for-mac/kubernetes/#override-the-default-orchestrator)
and click the **Apply** button.
![Enable Kubernetes](images/menu/prefs-kubernetes.png){: .with-border width="400px"}
![Enable Kubernetes](images/menu/prefs-kubernetes.png){: .with-border
width="400px"}
An Internet connection is required. Images required to run the Kubernetes
@ -283,29 +325,32 @@ experience conflicts, remove `/usr/local/bin/kubectl`.
When Kubernetes is enabled and running, an additional status bar item displays
at the bottom right of the Docker for Mac Preferences dialog.
![Installation complete](images/kubernetes/kubernetes-install-complete.png){:width="400px"}
![Installation
complete](images/kubernetes/kubernetes-install-complete.png){:width="400px"}
The status of Kubernetes shows in the Docker menu and the context points to `docker-for-desktop`.
The status of Kubernetes shows in the Docker menu and the context points to
`docker-for-desktop`.
![Docker Menu with Kubernetes](images/menu/kube-context.png){: .with-border width="400px"}
![Docker Menu with Kubernetes](images/menu/kube-context.png){: .with-border
width="400px"}
- By default, Kubernetes containers are hidden from commands like `docker
service ls`, because managing them manually is not supported. To make them
visible, select **Show system containers (advanced)** and click **Apply and restart**.
Most users do not need this option.
visible, select **Show system containers (advanced)** and click **Apply and
restart**. Most users do not need this option.
- To disable Kubernetes support at any time, deselect **Enable Kubernetes**.
The Kubernetes containers are stopped and removed, and the
- To disable Kubernetes support at any time, deselect **Enable Kubernetes**. The
Kubernetes containers are stopped and removed, and the
`/usr/local/bin/kubectl` command is removed.
For more about using the Kubernetes integration with
Docker for Mac, see [Deploy on Kubernetes](kubernetes.md){:target="_blank" class="_"}.
For more about using the Kubernetes integration with Docker for Mac, see
[Deploy on Kubernetes](kubernetes.md){:target="_blank" class="_"}.
### Reset
Select ![whale menu](images/whale-x.png){: .inline} ->
**Preferences** from the menu bar, then click **Reset** to reset factory
defaults, restart the Docker daemon, or uninstall.
Select ![whale menu](images/whale-x.png){: .inline} -> **Preferences** from the
menu bar, then click **Reset** to reset factory defaults, restart the Docker
daemon, or uninstall.
![Uninstall or reset Docker](images/menu/prefs-reset.png){:width="400px"}
@ -313,27 +358,28 @@ Reset settings are:
* **Restart** - Select to restart the Docker daemon.
* **Remove all data** - This option removes/resets all Docker data _without_
a reset to factory defaults (which would cause you to lose settings).
* **Remove all data** - This option removes/resets all Docker data _without_ a
reset to factory defaults (which would cause you to lose settings).
* **Reset to factory defaults** - Choose this option to reset all options on
Docker for Mac to its initial state, the same as when it was first installed.
* **Uninstall** - Choose this option to remove Docker for Mac from your system.
* **Uninstall** - Choose this option to remove Docker for Mac from your
system.
> Uninstall Docker for Mac from the commandline
>
> To uninstall Docker from Mac from a terminal, run: `<DockerforMacPath> --uninstall`.
> If your instance is installed in the default location, this command provides a
> clean uninstall:
>To uninstall Docker from Mac from a terminal, run: `<DockerforMacPath>
>--uninstall`. If your instance is installed in the default location, this
>command provides a clean uninstall:
>
> ```shell
> $ /Applications/Docker.app/Contents/MacOS/Docker --uninstall
> Docker is running, exiting...
> Docker uninstalled successfully. You can move the Docker application to the trash.
> ```
> You might want to use the command-line uninstall if, for example, you find that
> the app is non-functional, and you cannot uninstall it from the menu.
>```shell
>$ /Applications/Docker.app/Contents/MacOS/Docker --uninstall
>Docker is running, exiting...
>Docker uninstalled successfully. You can move the Docker application to the trash.
>```
>You might want to use the command-line uninstall if, for example, you find that
>the app is non-functional, and you cannot uninstall it from the menu.
## Add TLS certificates
@ -343,15 +389,14 @@ registries) to your Docker daemon.
### Add custom CA certificates (server side)
All trusted CAs (root or intermediate) are supported.
Docker for Mac creates a certificate bundle of all user-trusted CAs based on the
Mac Keychain, and appends it to Moby trusted certificates. So if an enterprise
SSL certificate is trusted by the user on the host, it is trusted by Docker
for Mac.
All trusted CAs (root or intermediate) are supported. Docker for Mac creates a
certificate bundle of all user-trusted CAs based on the Mac Keychain, and
appends it to Moby trusted certificates. So if an enterprise SSL certificate is
trusted by the user on the host, it is trusted by Docker for Mac.
To manually add a custom, self-signed certificate, start by adding
the certificate to the macOS keychain, which is picked up by Docker for
Mac. Here is an example.
To manually add a custom, self-signed certificate, start by adding the
certificate to the macOS keychain, which is picked up by Docker for Mac. Here is
an example.
```bash
$ sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ca.crt
@ -364,14 +409,17 @@ than for all users), run this command instead:
$ security add-trusted-cert -d -r trustRoot -k ~/Library/Keychains/login.keychain ca.crt
```
See also, [Directory structures for certificates](#directory-structures-for-certificates).
See also, [Directory structures for
certificates](#directory-structures-for-certificates).
> **Note:** You need to restart Docker for Mac after making any changes to
the keychain or to the `~/.docker/certs.d` directory in order for
the changes to take effect.
> **Note:** You need to restart Docker for Mac after making any changes to the
keychain or to the `~/.docker/certs.d` directory in order for the changes to
take effect.
For a complete explanation of how to do this, see the blog post
[Adding Self-signed Registry Certs to Docker & Docker for Mac](http://container-solutions.com/adding-self-signed-registry-certs-docker-mac/){:target="_blank" class="_"}.
For a complete explanation of how to do this, see the blog post [Adding
Self-signed Registry Certs to Docker & Docker for
Mac](http://container-solutions.com/adding-self-signed-registry-certs-docker-mac/){:target="_blank"
class="_"}.
### Add client certificates
@ -384,15 +432,14 @@ folder on your Mac to the `/etc/docker/certs.d` directory on Moby (the Docker
for Mac `xhyve` virtual machine).
> * You need to restart Docker for Mac after making any changes to the keychain
> or to the `~/.docker/certs.d` directory in order for the changes to take
> effect.
> or to the `~/.docker/certs.d` directory in order for the changes to take
> effect.
>
> * The registry cannot be listed as an _insecure registry_ (see [Docker
> Daemon](index.md#docker-daemon)). Docker for Mac ignores
> certificates listed under insecure registries, and does not send client
> certificates. Commands like `docker run` that attempt to pull from the
> registry produce error messages on the command line, as well as on the
> registry.
> Daemon](index.md#docker-daemon)). Docker for Mac ignores certificates listed
> under insecure registries, and does not send client certificates. Commands
> like `docker run` that attempt to pull from the registry produce error
> messages on the command line, as well as on the registry.
### Directory structures for certificates
@ -443,10 +490,11 @@ installed both in Bash and Zsh.
### Bash
Bash has [built-in support for completion](https://www.debian-administration.org/article/316/An_introduction_to_bash_completion_part_1){:target="_blank" class="_"}
To activate completion for Docker commands, these files need to be copied or
symlinked to your `bash_completion.d/` directory. For example, if you installed
bash via [Homebrew](http://brew.sh/):
Bash has [built-in support for
completion](https://www.debian-administration.org/article/316/An_introduction_to_bash_completion_part_1){:target="_blank"
class="_"} To activate completion for Docker commands, these files need to be
copied or symlinked to your `bash_completion.d/` directory. For example, if you
installed bash via [Homebrew](http://brew.sh/):
```bash
etc=/Applications/Docker.app/Contents/Resources/etc
@ -457,10 +505,11 @@ ln -s $etc/docker-compose.bash-completion $(brew --prefix)/etc/bash_completion.d
### Zsh
In Zsh, the [completion system](http://zsh.sourceforge.net/Doc/Release/Completion-System.html){:target="_blank" class="_"}
takes care of things. To activate completion for Docker commands, these files
need to be copied or symlinked to your Zsh `site-functions/` directory. For
example, if you installed Zsh via [Homebrew](http://brew.sh/):
In Zsh, the [completion
system](http://zsh.sourceforge.net/Doc/Release/Completion-System.html){:target="_blank"
class="_"} takes care of things. To activate completion for Docker commands,
these files need to be copied or symlinked to your Zsh `site-functions/`
directory. For example, if you installed Zsh via [Homebrew](http://brew.sh/):
```bash
etc=/Applications/Docker.app/Contents/Resources/etc
@ -485,31 +534,37 @@ options at the bottom of each docs page.
## Docker Hub
Choose **Docker Hub** (or on older versions, **Docker Store**) from the Docker for Mac menu to get to the Docker app
downloads site. [Docker hub](https://hub.docker.com/){:target="_blank" class="_"} is the best place to find compliant, trusted software distributed as Docker Images.
You can access your [Docker ID](/docker-id/index.md){:target="_blank"
class="_"} account from within Docker for Mac.
## Docker Hub
![Docker ID](images/docker-cloud.png){:width="550px"}
You can access your [Docker Hub](/docker-hub/index.md){:target="_blank" class="_"} account from within Docker for Mac.
From the Docker for Mac menu, sign in to Docker Hub with your Docker ID, or
create one.
From the Docker for Mac menu, sign in to Docker Hub with your Docker ID, or create one.
![Docker Hub sign-in](images/menu/sign-in.png){: .with-border width="250px"}
![Docker ID sign-in](images/menu/sign-in.png){: .with-border width="250px"}
Then use the Docker for Mac menu to create, view, or navigate directly to your
Cloud resources, including **organizations**, **repositories**, and **swarms**.
Check out these [Docker Hub topics](/docker-cloud/index.md){:target="_blank" class="_"} to learn more:
Check out these [Docker Hub topics](/docker-hub/index.md){:target="_blank"
class="_"} to learn more:
* [Organizations and Teams in Docker Hub](/docker-hub/orgs.md){:target="_blank" class="_"}
* [Builds and Images](/docker-hub/builds/index.md){:target="_blank" class="_"}
* [Organizations and Teams in Docker
Hub](/docker-cloud/orgs/index.md){:target="_blank" class="_"}
* [Builds](/docker-hub/builds/index.md){:target="_blank" class="_"}
## Where to go next
* Try out the walkthrough at [Get Started](/get-started/){: target="_blank" class="_"}.
* Try out the walkthrough at [Get Started](/get-started/){: target="_blank"
class="_"}.
* Dig in deeper with [Docker Labs](https://github.com/docker/labs/) example walkthroughs and source code.
* Dig in deeper with [Docker Labs](https://github.com/docker/labs/) example
walkthroughs and source code.
* For a summary of Docker command line interface (CLI) commands, see [Docker CLI Reference Guide](/engine/api.md){: target="_blank" class="_"}.
* For a summary of Docker command line interface (CLI) commands, see [Docker CLI
Reference Guide](/engine/api.md){: target="_blank" class="_"}.
* Check out the blog post, [Whats New in Docker 17.06 Community Edition (CE)](https://blog.docker.com/2017/07/whats-new-docker-17-06-community-edition-ce/){: target="_blank" class="_"}.
* Check out the blog post, [Whats New in Docker 17.06 Community Edition
(CE)](https://blog.docker.com/2017/07/whats-new-docker-17-06-community-edition-ce/){:
target="_blank" class="_"}.

2
docker-for-mac/opensource.md
View File

@ -7,7 +7,7 @@ notoc: true
Docker Desktop Editions are built using open source software.
For details on the licensing, choose
![whale menu](images/whale-x.png){: .inline} -->
![whale menu](images/whale-x.png){: .inline}
**About Docker** from within the application, then click **Acknowledgements**.
Docker Desktop Editions distribute some components that are licensed under the

2
docker-for-mac/release-notes.md
View File

@ -44,7 +44,7 @@ for Mac](install.md#download-docker-for-mac).
* New
- Kubernetes Support. You can now run a single-node Kubernetes cluster from the "Kubernetes" Pane in Docker For Mac Preferences and use kubectl commands as well as docker commands. See https://docs.docker.com/docker-for-mac/kubernetes/
- Add an experimental SOCKS server to allow access to container networks, see [docker/for-mac#2670](https://github.com/docker/for-mac/issues/2670#issuecomment-372365274). Also see [docker/for-mac#2721](https://github.com/docker/for-mac/issues/2721)
- Re-enable raw as the the default disk format for users running macOS 10.13.4 and higher. Note this change only takes effect after a "reset to factory defaults" or "remove all data" (from the Whale menu -> Preferences -> Reset). Related to [docker/for-mac#2625](https://github.com/docker/for-mac/issues/2625)
- Re-enable raw as the default disk format for users running macOS 10.13.4 and higher. Note this change only takes effect after a "reset to factory defaults" or "remove all data" (from the Whale menu -> Preferences -> Reset). Related to [docker/for-mac#2625](https://github.com/docker/for-mac/issues/2625)
* Bug fixes and minor changes
- AUFS storage driver is deprecated in Docker Desktop and AUFS support will be removed in the next major release. You can continue with AUFS in Docker Desktop 18.06.x, but you will need to reset disk image (in Preferences > Reset menu) before updating to the next major update. You can check documentation to [save images](https://docs.docker.com/engine/reference/commandline/save/#examples) and [backup volumes](https://docs.docker.com/storage/volumes/#backup-restore-or-migrate-data-volumes)

134
docker-for-mac/troubleshoot.md
View File

@ -25,21 +25,24 @@ GitHub](https://github.com/docker/for-mac/issues), or the [Docker for Mac
forum](https://forums.docker.com/c/docker-for-mac), we can help you troubleshoot
the log data.
Choose ![whale menu](images/whale-x.png){: .inline} -->
**Diagnose & Feedback** from the menu bar.
Choose ![whale menu](images/whale-x.png){: .inline} → **Diagnose & Feedback**
from the menu bar.
![Diagnose & Feedback](images/diagnose-feedback.png){:width="600px"}
Select **Diagnose**. It runs diagnostics, shows results, and uploads the
results to Docker. A diagnostic ID is generated, which must be provided when
communicating with the Docker Team. Optionally, you can open an issue on GitHub
using the uploaded results and ID as a basis.
Once the diagnostics are available, you can upload them and obtain a
**Diagnostic ID**, which must be provided when communicating with the Docker
team. For more information on our policy regarding personal data you can read
[how is personal data handled in Docker
Desktop](https://docs.docker.com/docker-for-mac/faqs/#how-is-personal-data-handled-in-docker-desktop).
![Diagnostics & Feedback with ID](images/diagnose-feedback-id.png){:width="600px"}
![Diagnostics & Feedback with
ID](images/diagnose-feedback-id.png){:width="600px"}
If you click **Report an issue**, this opens [Docker for Mac issues on
GitHub](https://github.com/docker/for-mac/issues/) in your web browser in a
“create new issue” template, to be completed before submission.
"create new issue" template, to be completed before submission. Do not forget to
copy/paste your diagnostic ID.
![issue template](images/issues-template.png){:width="600px"}
@ -48,57 +51,34 @@ GitHub](https://github.com/docker/for-mac/issues/) in your web browser in a
On occasions it is useful to run the diagnostics yourself, for instance if
Docker for Mac cannot start.
First locate the `docker-diagnose` tool. If you installed Docker for Mac in the
Applications directory, then it is
`/Applications/Docker.app/Contents/Resources/bin/docker-diagnose`. Pass
`--help` to see the supported options:
```sh
$ /Applications/Docker.app/Contents/Resources/bin/docker-diagnose --help
```
First locate the `com.docker.diagnose` tool. If you installed Docker for Mac in
the Applications directory, then it is
`/Applications/Docker.app/Contents/MacOS/com.docker.diagnose`.
Then to create *and upload* diagnostics, run:
```sh
$ /Applications/Docker.app/Contents/Resources/bin/docker-diagnose \
--upload --last 1d
macOS: version 10.13.4 (build: 17E202)
Docker.app: version: 18.06.0-ce-rc1-mac67 (1fa4e2acfc1a52f79623add2390604515d32297e)
Local time: Fri May 25 14:50:51 CEST 2018
UTC: Fri May 25 12:50:51 UTC 2018
Timestamp: 20180525-145051
Running diagnostic tests:
[OK] Files
[OK] console-ring does not exist
[OK] Kubernetes (disabled)
[OK] Docker CLI
[OK] environment
[OK] vmnetd
[OK] osxfs
[OK] VPNKit
[OK] driver.amd64-linux
[OK] Docker
[OK] VT-x
[OK] kern.hv_support
[OK] Hypervisor
[OK] Disk
Docker logs are being collected into /tmp/D1F48686-F045-4708-85E3-0635B729A596/20180525-145051.tar.gz
Your unique id is: D1F48686-F045-4708-85E3-0635B729A596
Please quote this in all correspondence.
$ /Applications/Docker.app/Contents/MacOS/com.docker.diagnose gather -upload
```
After the diagnostics have finished, you should have the following output,
containing your diagnostics ID:
```sh
Diagnostics Bundle: /tmp/B8CF8400-47B3-4068-ADA4-3BBDCE3985D9/20180726143610.zip
Diagnostics ID: B8CF8400-47B3-4068-ADA4-3BBDCE3985D9/20180726143610 (uploaded)
```
The diagnostics ID (here D1F48686-F045-4708-85E3-0635B729A596/20180525-145051)
is composed of your user ID (D1F48686-F045-4708-85E3-0635B729A596) and a
timestamp (20180525-145051). Be sure to provide us with the full diagnostics
ID, not just the user ID.
The diagnostics ID (here B8CF8400-47B3-4068-ADA4-3BBDCE3985D9/20180726143610) is
composed of your user ID (D1F48686-F045-4708-85E3-0635B729A596) and a timestamp
(20180525-145051). Be sure to provide us with the full diagnostics ID, not just
the user ID.
Don't hesitate browsing the content of these diagnostics:
```sh
$ open /tmp/D1F48686-F045-4708-85E3-0635B729A596/20180525-145051.tar.gz
$ open /tmp/D1F48686-F045-4708-85E3-0635B729A596/20180525-145051.zip
```
<a name="logs"></a>
## Check the logs
@ -147,10 +127,9 @@ ways, and create reports.
### Make sure certificates are set up correctly
Docker for Mac ignores certificates listed under insecure registries, and
does not send client certificates to them. Commands like `docker run` that
attempt to pull from the registry produces error messages on the command
line, like this:
Docker for Mac ignores certificates listed under insecure registries, and does
not send client certificates to them. Commands like `docker run` that attempt to
pull from the registry produces error messages on the command line, like this:
```
Error response from daemon: Get http://192.168.203.139:5858/v2/: malformed HTTP response "\x15\x03\x01\x00\x02\x02"
@ -163,9 +142,8 @@ As well as on the registry. For example:
2017/06/20 18:15:30 http: TLS handshake error from 192.168.203.139:52883: tls: first record does not look like a TLS handshake
```
For more about using client and server side certificates, see [Adding
TLS certificates](index.md#adding-tls-certificates) in
the Getting Started topic.
For more about using client and server side certificates, see [Adding TLS
certificates](index.md#adding-tls-certificates) in the Getting Started topic.
### Docker for Mac does not start if Mac user account and home folder are renamed after installing the app
@ -181,8 +159,8 @@ cannot start, such as when using [Docker Compose](/compose/gettingstarted.md),
you might need to enable [file sharing](index.md#file-sharing).
Volume mounting requires shared drives for projects that live outside of the
`/Users` directory. Go to ![whale menu](images/whale-x.png){: .inline} -->
**Preferences** --> **File sharing** and share the drive that contains the
`/Users` directory. Go to ![whale menu](images/whale-x.png){: .inline}
**Preferences** **File sharing** and share the drive that contains the
Dockerfile and volume.
### Incompatible CPU detected
@ -204,8 +182,8 @@ terminal window.
sysctl kern.hv_support
```
If your Mac supports the Hypervisor Framework,
the command prints `kern.hv_support: 1`.
If your Mac supports the Hypervisor Framework, the command prints
`kern.hv_support: 1`.
If not, the command prints `kern.hv_support: 0`.
@ -220,9 +198,9 @@ know before you install](install.md#what-to-know-before-you-install).
* If Docker for Mac fails to install or start properly:
* Make sure you quit Docker for Mac before installing a new version of the
application (![whale menu](images/whale-x.png){: .inline} --> **Quit
Docker**). Otherwise, you get an "application in use" error when you try to
copy the new app from the `.dmg` to `/Applications`.
application (![whale menu](images/whale-x.png){: .inline} **Quit
Docker**). Otherwise, you get an "application in use" error when you try to
copy the new app from the `.dmg` to `/Applications`.
* Restart your Mac to stop / discard any vestige of the daemon running from
the previously installed version.
@ -251,10 +229,10 @@ know before you install](install.md#what-to-know-before-you-install).
* For the `hello-world-nginx` example, Docker for Mac must be running to get to
the webserver on `http://localhost/`. Make sure that the Docker whale is
showing in the menu bar, and that you run the Docker commands in a shell that
is connected to the Docker for Mac Engine (not Engine from
Toolbox). Otherwise, you might start the webserver container but get a "web
page not available" error when you go to `localhost`. For more on
distinguishing between the two environments, see [Docker for Mac vs. Docker
is connected to the Docker for Mac Engine (not Engine from Toolbox).
Otherwise, you might start the webserver container but get a "web page not
available" error when you go to `localhost`. For more on distinguishing
between the two environments, see [Docker for Mac vs. Docker
Toolbox](docker-toolbox.md).
<p></p>
@ -274,7 +252,7 @@ know before you install](install.md#what-to-know-before-you-install).
* IPv6 is not (yet) supported on Docker for Mac.
A workaround is provided that auto-filters out the IPv6 addresses in DNS
server lists and enables successful network accesss. For example,
server lists and enables successful network access. For example,
`2001:4860:4860::8888` would become `8.8.8.8`. To learn more, see these
issues on GitHub and Docker for Mac forums:
@ -297,9 +275,8 @@ know before you install](install.md#what-to-know-before-you-install).
resources. Reboot and restart Docker to resolve these issues.
* Docker does not auto-start on login even when it is enabled in ![whale
menu](images/whale-x.png){: .inline} --> **Preferences**. This
is related to a set of issues with Docker helper, registration, and
versioning.
menu](images/whale-x.png){: .inline} → **Preferences**. This is related to a
set of issues with Docker helper, registration, and versioning.
<p></p>
@ -309,9 +286,9 @@ know before you install](install.md#what-to-know-before-you-install).
[Intel Hardware Accelerated Execution Manager
(HAXM)](https://software.intel.com/en-us/android/articles/intel-hardware-accelerated-execution-manager/),
the current workaround is not to run them at the same time. You can pause
`HyperKit` by quitting Docker for Mac temporarily while you work with
HAXM. This allows you to continue work with the other tools and prevent
`HyperKit` from interfering.
`HyperKit` by quitting Docker for Mac temporarily while you work with HAXM.
This allows you to continue work with the other tools and prevent `HyperKit`
from interfering.
* If you are working with applications like [Apache
@ -351,7 +328,8 @@ know before you install](install.md#what-to-know-before-you-install).
- Symfony
- Magento
- Zend Framework
- PHP applications that use [Composer](https://getcomposer.org) to install dependencies in a ```vendor``` folder<br><br>
- PHP applications that use [Composer](https://getcomposer.org) to install
dependencies in a ```vendor``` folder<br><br>
As a work-around for this behavior, you can put vendor or third-party library
directories in Docker volumes, perform temporary file system operations
@ -362,15 +340,17 @@ know before you install](install.md#what-to-know-before-you-install).
and roadmap](osxfs.md#performance-issues-solutions-and-roadmap).
* If your system does not have access to an NTP server, then after a hibernate
the time seen by Docker for Mac may be considerably out of sync with the
host. Furthermore, the time may slowly drift out of sync during use. To
manually reset the time after hibernation, run:
the time seen by Docker for Mac may be considerably out of sync with the host.
Furthermore, the time may slowly drift out of sync during use. To manually
reset the time after hibernation, run:
```bash
docker run --rm --privileged alpine hwclock -s
```
Or, to resolve both issues, you can add the local clock as a low-priority (high stratum) fallback NTP time source for the host. To do this, edit the host's `/etc/ntp-restrict.conf` to add:
Or, to resolve both issues, you can add the local clock as a low-priority
(high stratum) fallback NTP time source for the host. To do this, edit the
host's `/etc/ntp-restrict.conf` to add:
```
server 127.127.1.1 # LCL, local clock

21
docker-for-windows/edge-release-notes.md
View File

@ -18,6 +18,27 @@ for Windows](install.md#download-docker-for-windows).
## Edge Releases of 2018
### Docker Community Edition 2.0.0.0-beta1-win75 2018-09-14
[Download](https://download.docker.com/win/edge/19925/Docker%20for%20Windows%20Installer.exe)
* Upgrades
- [Docker 18.09.0-ce-beta1](https://github.com/docker/docker-ce/releases/tag/v18.09.0-ce-beta1)
- Linux Kernel 4.9.125
* New
- New version scheme
* Deprecation
- Removed support of AUFS
* Bug fixes and minor changes
- LCOW does not anymore need --platform flag on multi-arch images
- Better WCOW host.docker.internal resolution on host, don't rewrite it if not modified. From [docker/for-win#1976](https://github.com/docker/for-win/issues/1976)
- Disk size can now be ajusted from 32GiB to drive space.
- Fix dns update too verbose in logs
- Fix panic in diagnose
### Docker Community Edition 18.06.1-ce-win74 2018-08-29
[Download](https://download.docker.com/win/edge/19508/Docker%20for%20Windows%20Installer.exe)

12
docker-for-windows/faqs.md
View File

@ -24,7 +24,7 @@ Two different download channels are available for Docker for Windows:
* The **Stable channel** provides a general availability release-ready installer
for a fully baked and tested, more reliable app. The Stable version of Docker
for Windows comes with the latest released version of Docker Engine. The
release schedule is synched with Docker Engine releases and hotfixes. On the
release schedule is synced with Docker Engine releases and hotfixes. On the
Stable channel, you can select whether to send usage statistics and other data.
* The **Edge channel** provides an installer with new features we are working on,
@ -69,7 +69,8 @@ Do the following each time:
4. Install a different version of the app (Stable or Edge).
### Feeback
### Feedback
#### What kind of feedback are we looking for?
Everything is fair game. We'd like your impressions on the download-install
@ -150,8 +151,8 @@ topic
No, at this point, Docker for Windows does not enable you to control (`chmod`)
the Unix-style permissions on [shared volumes](/docker-for-windows#shared-drives) for
deployed containers, but rather sets permissions to a default value of
[0755](http://permissions-calculator.org/decode/0755/){: target="_blank" class="_"}
(`read`, `write`, `execute` permissions for `user`, `read` and `execute` for
[0777](http://permissions-calculator.org/decode/0777/){: target="_blank" class="_"}
(`read`, `write`, `execute` permissions for `user` and for
`group`) which is not configurable.
For workarounds and to learn more, see
@ -281,5 +282,4 @@ in [Troubleshooting](troubleshoot).
You might decide that you do not need Toolbox now that you have Docker for
Windows, and want to uninstall it. For details on how to perform a clean
uninstall of Toolbox on Windows, see
[How to uninstall Toolbox](/toolbox/toolbox_install_windows#how-to-uninstall-toolbox) in the
Toolbox Windows topics.
[How to uninstall Toolbox](/toolbox/toolbox_install_windows#how-to-uninstall-toolbox) in the Toolbox Windows topics.

BIN
docker-for-windows/images/diagnose-feedback.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 110 KiB

BIN
docker-for-windows/images/diagnostic-id.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 213 KiB

After

Width:  |  Height:  |  Size: 123 KiB

BIN
docker-for-windows/images/docker-app-welcome.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 212 KiB

After

Width:  |  Height:  |  Size: 95 KiB

BIN
docker-for-windows/images/docker-menu-context-switch.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 38 KiB

BIN
docker-for-windows/images/docker-menu-settings.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 51 KiB

After

Width:  |  Height:  |  Size: 24 KiB

BIN
docker-for-windows/images/docker-menu-switch.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 52 KiB

After

Width:  |  Height:  |  Size: 9.0 KiB

BIN
docker-for-windows/images/issue-template.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 138 KiB

BIN
docker-for-windows/images/settings-advanced.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 148 KiB

After

Width:  |  Height:  |  Size: 82 KiB

BIN
docker-for-windows/images/settings-daemon-advanced.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 113 KiB

After

Width:  |  Height:  |  Size: 90 KiB

BIN
docker-for-windows/images/settings-daemon-basic.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 113 KiB

After

Width:  |  Height:  |  Size: 90 KiB

BIN
docker-for-windows/images/settings-diagnose.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 176 KiB

BIN
docker-for-windows/images/settings-general.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 138 KiB

After

Width:  |  Height:  |  Size: 103 KiB

BIN
docker-for-windows/images/settings-kubernetes.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 92 KiB

After

Width:  |  Height:  |  Size: 68 KiB

BIN
docker-for-windows/images/settings-network.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 123 KiB

After

Width:  |  Height:  |  Size: 85 KiB

BIN
docker-for-windows/images/settings-proxies.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 120 KiB

After

Width:  |  Height:  |  Size: 82 KiB

BIN
docker-for-windows/images/settings-reset.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 105 KiB

After

Width:  |  Height:  |  Size: 73 KiB

BIN
docker-for-windows/images/settings-shared-drives.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 96 KiB

After

Width:  |  Height:  |  Size: 70 KiB

38
docker-for-windows/index.md
View File

@ -240,8 +240,7 @@ credentials so that you don't need to enter them every time.
There are a number of issues with using host-mounted volumes and network paths
for database files. See [Volume mounts from host paths use a nobrl option to override database locking](troubleshoot.md#volume-mounts-from-host-paths-use-a-nobrl-option-to-override-database-locking).
>
* Docker for Windows sets permissions to read/write/execute for users and
read/execute for groups and others [0755 or u+rwx,go+rx](http://permissions-calculator.org/decode/0755/).
* Docker for Windows sets permissions to read/write/execute for users, groups and others [0777 or a+rwx](http://permissions-calculator.org/decode/0777/).
This is not configurable. See [Permissions errors on data directories for shared volumes](troubleshoot.md#permissions-errors-on-data-directories-for-shared-volumes).
>
* Ensure the domain user has access to shared drives, as described in [Verify domain user has permissions for shared drives](troubleshoot.md#verify-domain-user-has-permissions-for-shared-drives-volumes).
@ -297,7 +296,7 @@ You can configure Docker for Windows networking to work on a virtual private net
![Network settings](images/settings-network.png){:width="600px"}
* **Internal Virtual Switch** - You can specify a network address translation (NAT) prefix and subnet mask to enable internet connectivity.
* **Internal Virtual Switch** - You can specify a network address translation (NAT) prefix and subnet mask to enable Internet connectivity.
* **DNS Server** - You can configure the DNS server to use dynamic or static IP addressing.
@ -427,12 +426,11 @@ For a full list of options on the Docker daemon, see [daemon](/engine/reference/
[Kubernetes on Docker for Windows](/docker-for-windows/kubernetes/){: target="_blank" class="_"}
is available in
[18.02 Edge (win50)](/docker-for-windows/edge-release-notes/#docker-community-edition-18020-ce-rc1-win50-2018-01-26){: target="_blank" class="_"} and higher edge channels only.
[18.02 Edge (win50)](/docker-for-windows/edge-release-notes/#docker-community-edition-18020-ce-rc1-win50-2018-01-26){: target="_blank" class="_"} and higher, and in [18.06 Stable (win70)](/docker-for-windows/edge-release-notes/#docker-community-edition-18060-ce-win70-2018-07-25) and higher.
![Enable Kubernetes](images/settings-kubernetes.png){:width="600px"}
Docker for Windows 18.02 CE Edge and higher include a standalone Kubernetes
server that runs on your Windows host, so that you can test deploying your
From Docker for Windows 18.02 CE Edge and 18.06 CE Stable a standalone Kubernetes server is included that runs on your Windows host, so that you can test deploying your
Docker workloads on Kubernetes.
The Kubernetes client command, `kubectl`, is included and configured to connect
@ -445,6 +443,10 @@ to change context so that `kubectl` is pointing to `docker-for-desktop`:
> kubectl config use-context docker-for-desktop
```
You can also change it through the Docker for Windows menu:
![Change Kubernetes Context](images/docker-menu-context-switch.png){:width="600px"}
If you installed `kubectl` by another method, and
experience conflicts, remove it.
@ -452,7 +454,7 @@ experience conflicts, remove it.
running as a Docker container, select **Enable Kubernetes** and click the
**Apply and restart** button.
An internet connection is required. Images required to run the Kubernetes
An Internet connection is required. Images required to run the Kubernetes
server are downloaded and instantiated as containers, and the
> Program Files\Docker\Docker\Resources\bin\kubectl.exe` command is installed.
@ -468,18 +470,6 @@ experience conflicts, remove it.
For more about using the Kubernetes integration with Docker for Windows,
see [Deploy on Kubernetes](kubernetes.md).
### Diagnose & feedback
Use this tab to troubleshoot problems and get help from Docker.
![Reset](images/settings-diagnose.png){:width="600px"}
Log on to our [Docker for Windows forum](https://forums.docker.com/c/docker-for-windows) to get help from the community, review current user topics, or join a discussion.
Log on to [Docker for Windows issues on GitHub](https://github.com/docker/for-win/issues) to report bugs or problems and review community reported issues. See [Logs and Troubleshooting](troubleshoot.md) for more details.
To give feedback on the documentation or update it yourself, use the Feedback options at the bottom of each docs page.
### Reset
On the Reset tab, you can restart Docker or reset its configuration.
@ -491,6 +481,16 @@ On the Reset tab, you can restart Docker or reset its configuration.
* **Reset to factory defaults** - Resets Docker to factory defaults. This is
useful in cases where Docker stops working or becomes unresponsive.
### Diagnose & feedback
Visit our [Logs and Troubleshooting](troubleshoot.md) guide for more details.
Log on to our [Docker for Windows forum](https://forums.docker.com/c/docker-for-windows) to get help from the community, review current user topics, or join a discussion.
Log on to [Docker for Windows issues on GitHub](https://github.com/docker/for-win/issues) to report bugs or problems and review community reported issues.
To give feedback on the documentation or update it yourself, use the Feedback options at the bottom of each docs page.
## Switch between Windows and Linux containers
From the Docker for Windows menu, you can toggle which daemon (Linux or Windows)

104
docker-for-windows/install.md
View File

@ -4,59 +4,83 @@ keywords: windows, beta, edge, alpha, install, download
title: Install Docker for Windows
---
Docker for Windows is the [Community Edition
(CE)](https://www.docker.com/community-edition) of Docker for Microsoft Windows.
To download Docker for Windows, head to Docker Hub.
[Download Docker for Windows](https://hub.docker.com/editions/community/docker-ce-desktop-windows){: .button .outline-btn}
[Download from Docker
Hub](https://hub.docker.com/editions/community/docker-ce-desktop-windows){:
.button .outline-btn}
## What to know before you install
If your system does not meet the requirements to run Docker for Windows, you can install
[Docker Toolbox](/toolbox/overview.md), which uses Oracle Virtual Box instead of
Hyper-V.
* **README FIRST for Docker Toolbox and Docker Machine users**: Docker for
Windows requires Microsoft Hyper-V to run. The Docker for Windows installer
enables Hyper-V for you, if needed, and restart your machine. After Hyper-V is
enabled, VirtualBox no longer works, but any VirtualBox VM images remain.
VirtualBox VMs created with `docker-machine` (including the `default` one
typically created during Toolbox install) no longer start. These VMs cannot be
used side-by-side with Docker for Windows. However, you can still use
`docker-machine` to manage remote VMs.
* **README FIRST for Docker Toolbox and Docker Machine users**: Docker for Windows requires Microsoft Hyper-V to run. The Docker for Windows installer enables Hyper-V for you, if needed, and restart your machine. After Hyper-V is
enabled, VirtualBox no longer works, but any VirtualBox VM images
remain. VirtualBox VMs created with `docker-machine` (including the `default`
one typically created during Toolbox install) no longer start. These VMs
cannot be used side-by-side with Docker for Windows. However, you can still use
`docker-machine` to manage remote VMs.
* Virtualization must be enabled in BIOS and CPU SLAT-capable. Typically, virtualization is enabled by default. This is different from having Hyper-V enabled. For more
detail see [Virtualization must be
enabled](troubleshoot.md#virtualization-must-be-enabled) in Troubleshooting.
* The current version of Docker for Windows runs on 64bit Windows 10 Pro, Enterprise and Education (1607 Anniversary Update, Build 14393 or later).
* Containers and images created with Docker for Windows are shared between all user accounts on machines where it is installed. This is because all
Windows accounts use the same VM to build and run containers.
* Nested virtualization scenarios, such as running Docker for Windows
on a VMWare or Parallels instance, might work, but come with no
guarantees. For more information, see
[Running Docker for Windows in nested virtualization scenarios](troubleshoot.md#running-docker-for-windows-in-nested-virtualization-scenarios)
* **What the Docker for Windows install includes**: The installation provides [Docker Engine](/engine/userguide/), Docker CLI client, [Docker Compose](/compose/overview.md), [Docker Machine](/machine/overview.md), and [Kitematic](/kitematic/userguide.md).
* **System Requirements**:
- Windows 10 64bit: Pro, Enterprise or Education (1607 Anniversary Update,
Build 14393 or later).
- Virtualization is enabled in BIOS. Typically, virtualization is enabled by
default. This is different from having Hyper-V enabled. For more detail see
[Virtualization must be
enabled](troubleshoot.md#virtualization-must-be-enabled) in Troubleshooting.
- CPU SLAT-capable feature.
- At least 4GB of RAM.
> **Note**: If your system does not meet the requirements to run Docker for
> Windows, you can install [Docker Toolbox](/toolbox/overview.md), which uses
> Oracle Virtual Box instead of Hyper-V.
* **What the Docker for Windows install includes**: The installation provides
[Docker Engine](/engine/userguide/), Docker CLI client, [Docker
Compose](/compose/overview.md), [Docker Machine](/machine/overview.md), and
[Kitematic](/kitematic/userguide.md).
* Containers and images created with Docker for Windows are shared between all
user accounts on machines where it is installed. This is because all Windows
accounts use the same VM to build and run containers.
* Nested virtualization scenarios, such as running Docker for Windows on a
VMWare or Parallels instance, might work, but come with no guarantees. For
more information, see [Running Docker for Windows in nested virtualization
scenarios](troubleshoot.md#running-docker-for-windows-in-nested-virtualization-scenarios)
### About Windows containers
Looking for information on using Windows containers?
* [Switch between Windows and Linux containers](index.md#switch-between-windows-and-linux-containers) describes the Linux / Windows containers toggle in Docker for Windows and points you to the tutorial mentioned above.
* [Getting Started with Windows Containers (Lab)](https://github.com/docker/labs/blob/master/windows/windows-containers/README.md)
provides a tutorial on how to set up and run Windows containers on Windows 10 or
with Windows Server 2016. It shows you how to use a MusicStore application with
Windows containers.
* Docker Container Platform for Windows Server 2016 [articles and blog posts](https://www.docker.com/microsoft/) on the Docker website
* [Switch between Windows and Linux
containers](https://docs.docker.com/docker-for-windows/#switch-between-windows-and-linux-containers)
describes the Linux / Windows containers toggle in Docker for Windows and
points you to the tutorial mentioned above.
* [Getting Started with Windows Containers
(Lab)](https://github.com/docker/labs/blob/master/windows/windows-containers/README.md)
provides a tutorial on how to set up and run Windows containers on Windows 10
or with Windows Server 2016. It shows you how to use a MusicStore application
with Windows containers.
* Docker Container Platform for Windows Server 2016 [articles and blog
posts](https://www.docker.com/microsoft/) on the Docker website
## Install Docker for Windows desktop app
1. Double-click **Docker for Windows Installer.exe** to run the installer.
If you haven't already downloaded the installer (`Docker for Windows Installer.exe`), you can get it from
If you haven't already downloaded the installer (`Docker for Windows
Installer.exe`), you can get it from
[**download.docker.com**](https://download.docker.com/win/stable/Docker%20for%20Windows%20Installer.exe).
It typically downloads to your `Downloads folder`, or you can run it from the recent downloads bar at the
bottom of your web browser.
It typically downloads to your `Downloads folder`, or you can run it from
the recent downloads bar at the bottom of your web browser.
2. Follow the install wizard to accept the license, authorize the installer, and proceed with the install.
2. Follow the install wizard to accept the license, authorize the installer, and
proceed with the install.
You are asked to authorize `Docker.app` with your system password during the install process.
Privileged access is needed to install networking components, links to the Docker apps, and manage the
Hyper-V VMs.
You are asked to authorize `Docker.app` with your system password during the
install process. Privileged access is needed to install networking
components, links to the Docker apps, and manage the Hyper-V VMs.
3. Click **Finish** on the setup complete dialog to launch Docker.
@ -74,7 +98,8 @@ accessible from any terminal window.
![whale on taskbar](images/whale-icon-systray.png)
If the whale is hidden in the Notifications area, click the up arrow on the
taskbar to show it. To learn more, see [Docker Settings](index.md#docker-settings).
taskbar to show it. To learn more, see [Docker
Settings](index.md#docker-settings-dialog).
If you just installed the app, you also get a popup success message with
suggested next steps, and a link to this documentation.
@ -89,7 +114,10 @@ Congratulations! You are up and running with Docker for Windows.
## Where to go next
* [Getting started](index.md) introduces Docker for Windows.
* [Get started with Docker](/get-started/) is a tutorial that teaches you how to deploy a multi-service stack.
* [Troubleshooting](troubleshoot.md) describes common problems, workarounds, and how to get support.
* [Get started with Docker](/get-started/) is a tutorial that teaches you how to
deploy a multi-service stack.
* [Troubleshooting](troubleshoot.md) describes common problems, workarounds, and
how to get support.
* [FAQs](faqs.md) provides answers to frequently asked questions.
* [Stable Release Notes](release-notes.md) or [Edge Release Notes](edge-release-notes.md).
* [Stable Release Notes](release-notes.md) or [Edge Release
Notes](edge-release-notes.md).

2
docker-for-windows/networking.md
View File

@ -76,7 +76,7 @@ This is for development purpose and will not work in a production environment ou
The gateway is also reachable as `gateway.docker.internal`.
#### I want to connect to a container from the Windows
#### I want to connect to a container from Windows
Port forwarding works for `localhost`; `--publish`, `-p`, or `-P` all work.
Ports exposed from Linux are forwarded to the host.

2
docker-for-windows/opensource.md
View File

@ -7,7 +7,7 @@ notoc: true
Docker Desktop Editions are built using open source software. For details on the
licensing, choose ![whale menu](/docker-for-mac/images/whale-x.png){: .inline}
-->&nbsp;**About** from within the application, then click **Acknowledgements**.
&nbsp;**About** from within the application, then click **Acknowledgements**.
Docker Desktop Editions distribute some components that are licensed under the
GNU General Public License. You can download the source for these components

269
docker-for-windows/troubleshoot.md
View File

@ -7,18 +7,68 @@ redirect_from:
title: Logs and troubleshooting
---
This page explains how to diagnose and troubleshoot problems you may be having with Docker for Windows.
Here is information about how to diagnose and troubleshoot problems, send logs
and communicate with the Docker for Windows team, use our forums and Knowledge
Hub, browse and log issues on GitHub, and find workarounds for known problems.
## Getting help
## Docker Knowledge Hub
There are several ways to get the support you need with Docker for Windows. If you encounter problems not addressed here in the documentation:
**Looking for help with Docker for Windows?** Check out the [Docker Knowledge
Hub](http://success.docker.com/q) for knowledge base articles, FAQs, and
technical support for various subscription levels.
- Refer to the knowledge base articles at the [Docker Success Center](https://success.docker.com/q/).
- Browse the logs (in `User\AppData\Local\Docker`) by clicking **log file** in the Diagnose & Feedback window.
- Ask questions on the [Docker for Windows forum](https://forums.docker.com/c/docker-for-windows).
- Upload diagnostics in the Diagnose & Feedback window. You'll get a unique ID in return. You can then use this ID to submit issues at the [Docker for Windows GitHub repo](https://github.com/docker/for-win/issues).
## Diagnose problems, send feedack, and create GitHub issues
![Diagnose & Feedback with ID](images/diagnostic-id.png){:width="500px"}
### In-app diagnostics
If you encounter problems for which you do not find solutions in this
documentation, on [Docker for Windows issues on
GitHub](https://github.com/docker/for-win/issues), or the [Docker for Win
forum](https://forums.docker.com/c/docker-for-windows), we can help you
troubleshoot the log data.
Choose ![whale menu](images/whale-x.png){: .inline} → **Diagnose & Feedback**
from the menu bar.
![Diagnose & Feedback](images/diagnose-feedback.png){:width="600px"}
Once the **Diagnose & Feedback** window is opened, it will start to collect the
dignostics. When the diagnostics are available, you can upload them and obtain a
**Diagnostic ID**, which must be provided when communicating with the Docker
team. For more information on our policy regarding personal data you can read
[how is personal data handled in Docker
Desktop](https://docs.docker.com/docker-for-mac/faqs/#how-is-personal-data-handled-in-docker-desktop).
![Diagnose & Feedback with ID](images/diagnostic-id.png){:width="600px"}
If you click on **Report an issue**, this opens [Docker for Windows issues on
GitHub](https://github.com/docker/for-win/issues/) in your web browser in a
"create new issue" template, to be completed before submision. Do not forget to
copy/paste your diagnistic ID.
![issue-template](images/issue-template.png){:width="600px"}
### Diagnosing from the terminal
On occasions it is useful to run the diagnostics yourself, for instance if
Docker for Windows cannot start.
First locate the `com.docker.diagnose`, that should be in `C:\Program
Files\Docker\Docker\resources\com.docker.diagnose.exe`.
To create *and upload* diagnostics in Powershell, run:
```powershell
PS C:\> & "C:\Program Files\Docker\Docker\resources\com.docker.diagnose.exe" gather -upload
```
After the diagnostics have finished, you should have the following output,
containing your diagnostic ID:
```sh
Diagnostics Bundle: C:\Users\User\AppData\Local\Temp\CD6CF862-9CBD-4007-9C2F-5FBE0572BBC2\20180720152545.zip
Diagnostics ID: CD6CF862-9CBD-4007-9C2F-5FBE0572BBC2/20180720152545 (uploaded)
```
## Troubleshooting topics
@ -41,25 +91,17 @@ As well as on the registry. For example:
```
For more about using client and server side certificates, see [How do I add
custom CA certificates?](index.md#how-do-i-add-custom-ca
certificates) and [How do I add client
certificates?](index.md#how-do-i-add-client-certificates) in
the Getting Started topic.
custom CA certificates?](index.md#how-do-i-add-custom-ca certificates) and [How
do I add client certificates?](index.md#how-do-i-add-client-certificates) in the
Getting Started topic.
### Volumes
#### Permissions errors on data directories for shared volumes
Docker for Windows sets permissions on [shared
volumes](index.md#shared-drives) to a default value of
[0755](http://permissions-calculator.org/decode/0755/) (`read`, `write`,
`execute` permissions for `user`, `read` and `execute` for `group`). If you are
working with applications that require permissions different than this default,
you may get errors similar to the following.
```none
Data directory (/var/www/html/data) is readable by other users. Please change the permissions to 0755 so that the directory cannot be listed by other users.
```
Docker for Windows sets permissions on [shared volumes](index.md#shared-drives)
to a default value of [0777](http://permissions-calculator.org/decode/0777/)
(`read`, `write`, `execute` permissions for `user` and for `group`).
The default permissions on shared volumes are not configurable. If you are
working with applications that require permissions different from the shared
@ -67,9 +109,17 @@ volume defaults at container runtime, you need to either use non-host-mounted
volumes or find a way to make the applications work with the default file
permissions.
Docker for Windows currrently implements host-mounted volumes based on the [Microsoft SMB protocol](https://msdn.microsoft.com/en-us/library/windows/desktop/aa365233(v=vs.85).aspx), which does not support fine-grained, `chmod` control over these permissions.
Docker for Windows currrently implements host-mounted volumes based on the
[Microsoft SMB
protocol](https://msdn.microsoft.com/en-us/library/windows/desktop/aa365233(v=vs.85).aspx),
which does not support fine-grained, `chmod` control over these permissions.
See also, [Can I change permissions on shared volumes for container-specific deployment requirements?](faqs.md#can-i-change-permissions-on-shared-volumes-for-container-specific-deployment-requirements) in the FAQs, and for more of an explanation, the GitHub issue, [Controlling Unix-style perms on directories passed through from shared Windows drives](https://github.com/docker/docker.github.io/issues/3298).
See also, [Can I change permissions on shared volumes for container-specific
deployment
requirements?](faqs.md#can-i-change-permissions-on-shared-volumes-for-container-specific-deployment-requirements)
in the FAQs, and for more of an explanation, the GitHub issue, [Controlling
Unix-style perms on directories passed through from shared Windows
drives](https://github.com/docker/docker.github.io/issues/3298).
#### inotify on shared drives does not work
@ -78,39 +128,48 @@ for example, when an application needs to read/write to a container across a
mounted drive. Instead of relying on filesystem inotify, we recommend using
polling features for your framework or programming language.
* **Workaround for nodemon and Node.js** - If you are using [nodemon](https://github.com/remy/nodemon) with `Node.js`, try the fallback polling mode described here: [nodemon isn't restarting node applications](https://github.com/remy/nodemon#application-isnt-restarting)
* **Workaround for nodemon and Node.js** - If you are using
[nodemon](https://github.com/remy/nodemon) with `Node.js`, try the fallback
polling mode described here: [nodemon isn't restarting node
applications](https://github.com/remy/nodemon#application-isnt-restarting)
* **Docker for Windows issue on GitHub** - See the issue [Inotify on shared drives does not work](https://github.com/docker/for-win/issues/56#issuecomment-242135705)
* **Docker for Windows issue on GitHub** - See the issue [Inotify on shared
drives does not
work](https://github.com/docker/for-win/issues/56#issuecomment-242135705)
#### Volume mounting requires shared drives for Linux containers
If you are using mounted volumes and get runtime errors indicating an application file is not found, access is denied to a volume mount, or a service cannot start, such as when using [Docker Compose](/compose/gettingstarted.md), you might need to enable [shared drives](index.md#shared-drives).
If you are using mounted volumes and get runtime errors indicating an
application file is not found, access is denied to a volume mount, or a service
cannot start, such as when using [Docker Compose](/compose/gettingstarted.md),
you might need to enable [shared drives](index.md#shared-drives).
Volume mounting requires shared drives for Linux containers (not for Windows
containers). Go to ![whale menu](/docker-for-mac/images/whale-x.png){: .inline}
--> **Settings** --> **Shared Drives** and share the drive that contains the
**Settings** **Shared Drives** and share the drive that contains the
Dockerfile and volume.
#### Verify domain user has permissions for shared drives (volumes)
> **Tip**: Shared drives are only required for volume mounting [Linux
> containers](index.md#switch-between-windows-and-linux-containers),
> not Windows containers.
> containers](index.md#switch-between-windows-and-linux-containers), not Windows
> containers.
Permissions to access shared drives are tied to the username and password you
use to set up [shared drives](index.md#shared-drives). If
you run `docker` commands and tasks under a different username than the one used
to set up shared drives, your containers don't have permissions to access the
mounted volumes. The volumes show as empty.
use to set up [shared drives](index.md#shared-drives). If you run `docker`
commands and tasks under a different username than the one used to set up shared
drives, your containers don't have permissions to access the mounted volumes.
The volumes show as empty.
The solution to this is to switch to the domain user account and reset
credentials on shared drives.
Here is an example of how to de-bug this problem, given a scenario where you
Here is an example of how to debug this problem, given a scenario where you
shared the `C` drive as a local user instead of as the domain user. Assume the
local user is `samstevens` and the domain user is `merlin`.
1. Make sure you are logged in as the Windows domain user (for our example, `merlin`).
1. Make sure you are logged in as the Windows domain user (for our example,
`merlin`).
2. Run `net share c` to view user permissions for `<host>\<username>, FULL`.
@ -132,9 +191,8 @@ local user is `samstevens` and the domain user is `merlin`.
> net share c /delete
```
4. Re-share the drive via the [Shared Drives
dialog](index.md#shared-drives), and provide the Windows
domain user account credentials.
4. Re-share the drive via the [Shared Drives dialog](index.md#shared-drives),
and provide the Windows domain user account credentials.
5. Re-run `net share c`.
@ -199,7 +257,8 @@ error(5): I/O error Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
mount: mounting //10.0.75.1/C on /c failed: Invalid argument
```
See also, <a href="https://github.com/docker/for-win/issues/98">Docker for Windows issue #98</a>.
See also, <a href="https://github.com/docker/for-win/issues/98">Docker for
Windows issue #98</a>.
#### Understand symlinks limitations
@ -229,7 +288,8 @@ script](https://github.com/moby/moby/issues/24388).
In order for Docker for Windows to function properly your machine needs:
1. [Hyper-V](https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/hyper-v-technology-overview) installed and working
1. [Hyper-V](https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/hyper-v-technology-overview)
installed and working
2. Virtualization enabled
@ -241,10 +301,17 @@ Docker for Windows requires a Hyper-V as well as the Hyper-V Module for Windows
Powershell to be installed and enabled. The Docker for Windows installer enables
it for you.
See [these instructions](https://msdn.microsoft.com/en-us/virtualization/hyperv_on_windows/quick_start/walkthrough_install) to install Hyper-V manually. A reboot is *required*. If you install Hyper-V without the reboot, Docker for Windows does not work correctly. On some systems, Virtualization needs to be enabled in the BIOS. The steps to do so are Vendor specific, but typically the BIOS option is called `Virtualization Technology (VTx)` or similar.
See [these
instructions](https://msdn.microsoft.com/en-us/virtualization/hyperv_on_windows/quick_start/walkthrough_install)
to install Hyper-V manually. A reboot is *required*. If you install Hyper-V
without the reboot, Docker for Windows does not work correctly. On some systems,
Virtualization needs to be enabled in the BIOS. The steps to do so are Vendor
specific, but typically the BIOS option is called `Virtualization Technology
(VTx)` or similar.
From the start menu, type in "Turn Windows features on or off" and hit enter. In the subequent screen, verify Hyper-V is enabled and has a checkmark:
From the start menu, type in "Turn Windows features on or off" and hit enter.
In the subequent screen, verify Hyper-V is enabled and has a checkmark:
![Hyper-V on Windows features](images/hyperv-enabled.png){:width="600px"}
@ -264,13 +331,14 @@ Machine driver example](/machine/drivers/hyper-v.md#example).
#### Virtualization must be enabled
In addition to [Hyper-V](#hyper-v), virtualization must be enabled. Check the Performance tab on the
Task Manager:
In addition to [Hyper-V](#hyper-v), virtualization must be enabled. Check the
Performance tab on the Task Manager:
![Task Manager](images/virtualization-enabled.png){:width="700px"}
If, at some point, if you manually uninstall Hyper-V or disable virtualization,
Docker for Windows cannot start. See: [Unable to run Docker for Windows on Windows 10 Enterprise](https://github.com/docker/for-win/issues/74).
Docker for Windows cannot start. See: [Unable to run Docker for Windows on
Windows 10 Enterprise](https://github.com/docker/for-win/issues/74).
### Networking and WiFi problems upon Docker for Windows install
@ -278,42 +346,50 @@ Some users have encountered networking issues during install and startup of
Docker for Windows. For example, upon install or auto-reboot, network adapters
and/or WiFi gets disabled. In some scenarios, problems are due to having
VirtualBox or its network adapters still installed, but in other scenarios this
is not the case. (See also, Docker for Windows issue on GitHub:
[Enabling Hyper-V feature turns my wi-fi off
](https://github.com/docker/for-win/issues/139).)
is not the case. (See also, Docker for Windows issue on GitHub: [Enabling
Hyper-V feature turns my wi-fi
off](https://github.com/docker/for-win/issues/139).)
Here are some steps to take if you encounter similar problems:
1. Ensure **virtualization** is enabled, as described above in [Virtualization must be enabled](#virtualization-must-be-enabled).
1. Ensure **virtualization** is enabled, as described above in [Virtualization
must be enabled](#virtualization-must-be-enabled).
2. Ensure **Hyper-V** is installed and enabled, as described above in [Hyper-V must be enabled](#hyper-v-must-be-enabled).
2. Ensure **Hyper-V** is installed and enabled, as described above in [Hyper-V
must be enabled](#hyper-v-must-be-enabled).
3. Ensure **DockerNAT** is enabled by checking the **Virtual Switch Manager** on the Actions tab on the right side of the **Hyper-V Manager**.
3. Ensure **DockerNAT** is enabled by checking the **Virtual Switch Manager**
on the Actions tab on the right side of the **Hyper-V Manager**.
![Hyper-V manager](images/hyperv-manager.png)
4. Set up an external network switch. If you plan at any point to use
[Docker Machine](/machine/overview.md) to set up multiple local VMs, you
need this anyway, as described in the topic on the
[Hyper-V driver for Docker Machine](/machine/drivers/hyper-v.md#example).
You can replace `DockerNAT` with this switch.
4. Set up an external network switch. If you plan at any point to use [Docker
Machine](/machine/overview.md) to set up multiple local VMs, you need this
anyway, as described in the topic on the [Hyper-V driver for Docker
Machine](/machine/drivers/hyper-v.md#example). You can replace `DockerNAT`
with this switch.
5. If previous steps fail to solve the problems, follow steps on the
[Cleanup README](https://github.com/Microsoft/Virtualization-Documentation/blob/master/windows-server-container-tools/CleanupContainerHostNetworking/README.md).
5. If previous steps fail to solve the problems, follow steps on the [Cleanup
README](https://github.com/Microsoft/Virtualization-Documentation/blob/master/windows-server-container-tools/CleanupContainerHostNetworking/README.md).
> Read full description before you run Windows cleanup script
>
> The cleanup command has two flags, `-Cleanup` and `-ForceDeleteAllSwitches`.
> Read the whole page before running any scripts, especially warnings about `-ForceDeleteAllSwitches`.
> {: .warning}
>The cleanup command has two flags, `-Cleanup` and
>`-ForceDeleteAllSwitches`. Read the whole page before running any scripts,
>especially warnings about `-ForceDeleteAllSwitches`. {: .warning}
### Windows containers and Windows Server 2016
If you have questions about how to set up and run Windows containers on Windows
Server 2016 or Windows 10, see [About Windows containers and Windows Server 2016](index.md#about-windows-containers-and-windows-server-2016).
Docker Desktop is not supported on Windows Server 2016, instead you can use
[Docker Enterprise Basic Edition](/ee/index) at no aditional cost.
If you have questions about how to run Windows containers on Windows 10, see
[Switch between Windows and Linux
containers](index.md#switch-between-windows-and-linux-containers).
A full tutorial is available in [docker/labs](https://github.com/docker/labs) at
[Getting Started with Windows Containers](https://github.com/docker/labs/blob/master/windows/windows-containers/README.md).
[Getting Started with Windows
Containers](https://github.com/docker/labs/blob/master/windows/windows-containers/README.md).
You can install a native Windows binary which allows you to develop and run
Windows containers without Docker for Windows. However, if you install Docker
@ -349,10 +425,14 @@ Using `curl http://localhost`, or pointing your web browser at
`http://localhost` does not display the `nginx` web page (as it would do with
Linux containers).
To reach a Windows container from the local host, you need to specify
the IP address and port for the container that is running the service.
To reach a Windows container from the local host, you need to specify the IP
address and port for the container that is running the service.
You can get the container IP address by using [`docker inspect`](/engine/reference/commandline/inspect.md) with some `--format` options and the ID or name of the container. For the example above, the command would look like this, using the name we gave to the container (`webserver`) instead of the container ID:
You can get the container IP address by using [`docker
inspect`](/engine/reference/commandline/inspect.md) with some `--format` options
and the ID or name of the container. For the example above, the command would
look like this, using the name we gave to the container (`webserver`) instead of
the container ID:
{% raw %}
```bash
@ -391,7 +471,12 @@ For more information, see:
### Running Docker for Windows in nested virtualization scenarios
Docker for Windows can run inside a Windows 10 virtual machine (VM) running on apps like Parallels or VMware Fusion on a Mac provided that the VM is properly configured. However, problems and intermittent failures may still occur due to the way these apps virtualize the hardware. For these reasons, _**Docker for Windows is not supported for nested virtualization scenarios**_. It might work in some cases, and not in others.
Docker for Windows can run inside a Windows 10 virtual machine (VM) running on
apps like Parallels or VMware Fusion on a Mac provided that the VM is properly
configured. However, problems and intermittent failures may still occur due to
the way these apps virtualize the hardware. For these reasons, _**Docker for
Windows is not supported for nested virtualization scenarios**_. It might work
in some cases, and not in others.
The better solution is to run Docker for Windows natively on a Windows system
(to work with Windows or Linux containers), or Docker for Mac on Mac to work
@ -400,8 +485,8 @@ with Linux containers.
#### If you still want to use nested virtualization
* Make sure nested virtualization support is enabled in VMWare or Parallels.
Check the settings in **Hardware -> CPU & Memory -> Advanced Options -> Enable
nested virtualization** (the exact menu sequence might vary slightly).
Check the settings in **Hardware → CPU & Memory → Advanced Options → Enable
nested virtualization** (the exact menu sequence might vary slightly).
* Configure your VM with at least 2 CPUs and sufficient memory to run your
workloads.
@ -421,10 +506,10 @@ nested virtualization** (the exact menu sequence might vary slightly).
prefixed with `Moby`. On real hardware, it takes 5-10 seconds to boot the
Linux VM; roughly the time between the `Connected` log entry and the `*
Starting Docker ... [ ok ]` log entry. If you boot the Linux VM inside a
Windows VM, this may take considerably longer. We have a timeout of 60s or
so. If the VM hasn't started by that time, we retry. If the retry fails we
print an error. You can sometimes work around this by providing more resources
to the Windows VM.
Windows VM, this may take considerably longer. We have a timeout of 60s or so.
If the VM hasn't started by that time, we retry. If the retry fails we print
an error. You can sometimes work around this by providing more resources to
the Windows VM.
* Sometimes the VM fails to boot when Linux tries to calibrate the time stamp
counter (TSC). This process is quite timing sensitive and may fail when
@ -433,11 +518,13 @@ nested virtualization** (the exact menu sequence might vary slightly).
#### Related issues
Discussion thread on GitHub at [Docker for Windows issue 267](https://github.com/docker/for-win/issues/267)
Discussion thread on GitHub at [Docker for Windows issue
267](https://github.com/docker/for-win/issues/267)
### Networking issues
Some users have reported problems connecting to Docker Hub on the Docker for Windows stable version. (See GitHub issue
Some users have reported problems connecting to Docker Hub on the Docker for
Windows stable version. (See GitHub issue
[22567](https://github.com/moby/moby/issues/22567).)
Here is an example command and error message:
@ -453,9 +540,9 @@ See 'C:\Program Files\Docker\Docker\Resources\bin\docker.exe run --help'.
As an immediate workaround to this problem, reset the DNS server to use the
Google DNS fixed address: `8.8.8.8`. You can configure this via the **Settings**
-> **Network** dialog, as described in the topic
[Network](index.md#network). Docker automatically restarts
when you apply this setting, which could take some time.
**Network** dialog, as described in the topic [Network](index.md#network).
Docker automatically restarts when you apply this setting, which could take some
time.
We are currently investigating this issue.
@ -471,10 +558,10 @@ under [Settings](index.md#docker-settings).
### `inotify` currently does not work on Docker for Windows
If you are using `Node.js` with `nodemon`, a temporary workaround is to try the
fallback polling mode described here:
[nodemon isn't restarting node applications](https://github.com/remy/nodemon#application-isnt-restarting). See
also this issue on GitHub
[Inotify on shared drives does not work](https://github.com/docker/for-win/issues/56#issuecomment-242135705).
fallback polling mode described here: [nodemon isn't restarting node
applications](https://github.com/remy/nodemon#application-isnt-restarting). See
also this issue on GitHub [Inotify on shared drives does not
work](https://github.com/docker/for-win/issues/56#issuecomment-242135705).
### Reboot
@ -503,7 +590,7 @@ or `listen tcp:0.0.0.0:8080: bind: address is already in use` ...
These errors are often caused by some other software on Windows using those
ports. To discover the identity of this software, either use the `resmon.exe`
GUI and click "Network" and then "Listening Ports" or in a powershell use
GUI and click "Network" and then "Listening Ports" or in a Powershell use
`netstat -aon | find /i "listening "` to discover the PID of the process
currently using the port (the PID is the number in the rightmost column). Decide
whether to shut the other process down, or to use a different port in your
@ -519,13 +606,13 @@ start failure**. The Comodo Firewall was one example of this problem, but users
report that software has since been updated to work with these Windows 10
builds.
See the Comodo forums topics
[Comodo Firewall conflict with Hyper-V](https://forums.comodo.com/bug-reports-cis/comodo-firewall-began-conflict-with-hyperv-t116351.0.html)
and
[Windows 10 Anniversary build doesn't allow Comodo drivers to be installed](https://forums.comodo.com/install-setup-configuration-help-cis/windows-10-aniversary-build-doesnt-allow-comodo-drivers-to-be-installed-t116322.0.html).
See the Comodo forums topics [Comodo Firewall conflict with
Hyper-V](https://forums.comodo.com/bug-reports-cis/comodo-firewall-began-conflict-with-hyperv-t116351.0.html)
and [Windows 10 Anniversary build doesn't allow Comodo drivers to be
installed](https://forums.comodo.com/install-setup-configuration-help-cis/windows-10-aniversary-build-doesnt-allow-comodo-drivers-to-be-installed-t116322.0.html).
A Docker for Windows user-created issue describes the problem specifically as it
relates to Docker:
[Docker fails to start on Windows 10](https://github.com/docker/for-win/issues/27).
relates to Docker: [Docker fails to start on Windows
10](https://github.com/docker/for-win/issues/27).
For a temporary workaround, uninstall the firewall or anti-virus software, or
explore other workarounds suggested on the forum.

2
docker-hub/builds/automated-build.md
View File

@ -178,7 +178,7 @@ to an Organization, the Cancel and Retry buttons only appear if you have `Read &
Automated builds are enabled per branch or tag, and can be disabled and
re-enabled easily. You might do this when you want to only build manually for
awhile, for example when you are doing major refactoring in your code. Disabling
a while, for example when you are doing major refactoring in your code. Disabling
autobuilds does not disable [autotests](automated-testing.md).
To disable an automated build:

118
docker-hub/builds/github.md
View File

@ -9,87 +9,63 @@ skip to [Creating an Automated Build](github.md#creating-an-automated-build).
## Linking Docker Hub to a GitHub account
> *Note:*
> Automated Build Permissions
> Automated Builds currently require *read* and *write* access since
> [Docker Hub](https://hub.docker.com) needs to set up a GitHub service
> hook. We have no choice here, this is how GitHub manages permissions.
> [Docker Hub](https://hub.docker.com) needs to set up a GitHub webhook.
> We have no choice here &ndash; this is how GitHub manages permissions.
> We do guarantee nothing else is touched in your account.
To set up an Automated Build of a repository on GitHub, you need to
link [Docker Hub](https://hub.docker.com/account/authorized-services/) to your
GitHub account. This allows the registry to see your GitHub repositories.
To add, remove or view your linked account, go to the "Linked Accounts &
Services" section of your Hub profile "Settings".
To add, remove or view your linked account, log in to your Docker Hub account. Select **Settings > Linked Accounts & Services**.
![authorized-services](images/authorized-services.png)
When linking to GitHub, select either "Public and Private",
or "Limited Access" linking.
![add-authorized-github-service.png](images/add-authorized-github-service.png)
The "Public and Private" option is the easiest to use, as it grants the Docker
Hub full access to all of your repositories. GitHub also allows you to grant
access to repositories belonging to your GitHub organizations.
If you choose "Limited Access", Docker Hub only gets permission to access your
public data and public repositories.
Follow the onscreen instructions to authorize and link your GitHub account to
Docker Hub. Once it is linked, you can choose a source repository from
which to create the Automatic Build.
Linking to Github grants Docker Hub access to all of your repositories. Follow the
onscreen instructions to authorize and link your GitHub account to Docker Hub.
Once it is linked, you can choose a source repository from which to create the Automatic Build.
You can review and revoke Docker Hub's access by visiting the
[GitHub User's Applications settings](https://github.com/settings/applications).
> **Note**: If you delete the GitHub account linkage that is used for one of your
> automated build repositories, the previously built images are still available.
> **Note**: If you delete the connection to the GitHub account that is used for one of your
> automated build repositories, previously built images are still available.
> If you re-link to that GitHub account later, the automated build can be started
> using the "Start Build" button on the Hub, or if the webhook on the GitHub repository
> using the **Start Build** button on the Hub, or if the webhook on the GitHub repository
> still exists, it is triggered by any subsequent commits.
## Auto builds and limited linked GitHub accounts.
If you selected to link your GitHub account with only a "Limited Access" link,
then after creating your automated build, you need to either manually
trigger a Docker Hub build using the "Start a Build" button, or add the GitHub
webhook manually, as described in [GitHub Service
Hooks](github.md#github-service-hooks). This only works for repositories
under the user account, and adding an automated build to a public GitHub
organization using a "Limited Access" link is not possible.
## Changing the GitHub user link
If you want to remove, or change the level of linking between your GitHub
account and the Docker Hub, you need to do this in two places.
account and Docker Hub, you need to make the change in two places.
First, remove the "Linked Account" from your Docker Hub "Settings". Then go to
your GitHub account's Personal settings, and in the "Applications" section,
"Revoke access".
First, remove the **Linked Account** from your Docker Hub **Settings**. Then go to
your GitHub account's Personal settings, and in the **Applications** section,
***Revoke access***.
You can now re-link your account at any time.
## GitHub organizations
GitHub organizations and private repositories forked from organizations are
made available to auto build using the "Docker Hub Registry" application, which
needs to be added to the organization - and then applies to all users.
made available for autobuilds using the "Docker Hub Registry" application, which
needs to be added to the organization - and then applied to all users.
To check, or request access, go to your GitHub user's "Setting" page, select the
"Applications" section from the left side bar, then click the "View" button for
To verify or request access, go to your GitHub **Settings** page. Select the
**Applications** section from the left side bar, then click the **View** button for
"Docker Hub Registry".
![Check User access to GitHub](images/gh-check-user-org-dh-app-access.png)
The organization's administrators may need to go to the Organization's "Third
party access" screen in "Settings" to grant or deny access to the Docker Hub
The organization's administrators may need to go to the Organization's **Third
party access** screen in **Settings** to grant or deny access to Docker Hub
Registry application. This change applies to all organization members.
![Check Docker Hub application access to Organization](images/gh-check-admin-org-dh-app-access.png)
More detailed access controls to specific users and GitHub repositories can be
managed using the GitHub "People and Teams" interfaces.
managed using the GitHub **People and Teams** interfaces.
## Creating an Automated Build
@ -102,8 +78,8 @@ Once you've selected the source repository, you can then configure:
- The Hub user/org namespace the repository is built to - either your Docker ID name, or the name of any Hub organizations your account is in
- The Docker repository name the image is built to
- The description of the repository
- If the visibility of the Docker repository: "Public" or "Private"
You can change the accessibility options after the repository has been created.
- If the visibility of the Docker repository is "Public" or "Private",
you can change the accessibility options after the repository has been created.
If you add a Private repository to a Hub user namespace, then you can only add other users
as collaborators, and those users can view and pull all images in that
repository. To configure more granular access permissions, such as using teams of
@ -111,23 +87,23 @@ Once you've selected the source repository, you can then configure:
to add the Private repository to a Hub organization for which your user has Administrator
privileges.
- Enable or disable rebuilding the Docker image when a commit is pushed to the
GitHub repository.
GitHub repository
You can also select one or more:
- The git branch/tag,
- A repository sub-directory to use as the context,
- The git branch/tag
- A repository sub-directory to use as the context
- The Docker image tag name
You can modify the description for the repository by clicking the "Description" section
of the repository view.
The "Full Description" is over-written by the README.md file when the
The "Full Description" is overwritten by the **README.md** file when the
next build is triggered.
## GitHub private submodules
If your GitHub repository contains links to private submodules, your build fails.
Normally, the Docker Hub sets up a deploy key in your GitHub repository.
Normally, Docker Hub sets up a deploy key in your GitHub repository.
Unfortunately, GitHub only allows a repository deploy key to access a single
repository.
@ -178,26 +154,32 @@ build.
</tbody>
</table>
## GitHub service hooks
## GitHub webhook
A GitHub Service hook allows GitHub to notify the Docker Hub when something has
been committed to a given git repository.
A GitHub webhook allows GitHub to notify Docker Hub when something has
been committed to a given Git repository.
When you create an Automated Build from a GitHub user that has full "Public and
Private" linking, a Service Hook should get automatically added to your GitHub
When you create an Automated Build, a webhook should get automatically added to your GitHub
repository.
If your GitHub account link to the Docker Hub is "Limited Access", then you
need to add the Service Hook manually.
To add, confirm, or modify the webhook, log in to GitHub, then navigate to
the repository. Within the repository, select **Settings > Webhooks**.
You must have admin privileges on the repository to view or modify
this setting. Click **Add webhook**, and use the following settings:
To add, confirm, or modify the service hook, log in to GitHub, then navigate to
the repository, click "Settings" (the gear), then select "Webhooks & Services".
You must have Administrator privileges on the repository to view or modify
this setting.
The image below shows the "Docker" Service Hook.
| Field | Value |
| ------|------ |
| Payload URL | https://registry.hub.docker.com/hooks/github |
| Content type | application/json |
| Which events would you like to trigger this webhook? | Just the push event |
| Active | checked |
The image below shows the **Webhooks/Add webhook** form with the above settings reflected:
![github-webhook-add](images/github-webhook-add.png)
If configured correctly, you'll see this in the **Webhooks** view
![github-webhook](images/github-webhook.png)
![bitbucket-hooks](images/github-side-hook.png)
If you add the "Docker" service manually, make sure the "Active" checkbox is
selected and click the "Update service" button to save your changes.

BIN
docker-hub/images/github-webhook-add.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 255 KiB

BIN
docker-hub/images/github-webhook.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 125 KiB

2
docker-hub/publish/certify-plugins-logging.md
View File

@ -552,7 +552,7 @@ if [[ $? -ne 0 ]]; then
fi
#######################################################################################################################################
# Run a alpine container with the plugin and send data to it
# Run an alpine container with the plugin and send data to it
#######################################################################################################################################
docker container run \
--rm \

20
docker-hub/publish/publisher_faq.md
View File

@ -1,6 +1,6 @@
---
description: Docker Hub frequently asked questions
keywords: Docker, docker, store, purchase images
keywords: Docker, docker, hub, purchase images
title: Docker Hub Publisher FAQs
---
@ -25,7 +25,7 @@ Infrastructure, Images, and Plugins in more detail.
Start by applying to be a Docker Technology Partner at https://goto.docker.com/partner and click on "Publisher".
* Requires acceptance of partnership agreement for completion
* Identify content that can be listed on Store and includes a support offering
* Identify content that can be listed on Hub and includes a support offering
* Test your image against Docker Certified Infrastructure version 17.03 and
above (Plugins must run on 17.03 and above).
* Submit your image for Certification through the publisher portal. Docker
@ -39,7 +39,7 @@ Publishers product page is updated to reflect Certified status.
1-2 weeks.
### Can we have a group of people work on the same product and publish to Store? (This replicates our internal workflow where more than one person is working on Dockerizing our product.)
### Can we have a group of people work on the same product and publish to Docker Hub? (This replicates our internal workflow where more than one person is working on Dockerizing our product.)
Yes. You can submit your content as a team.
@ -94,7 +94,7 @@ We aim to have product listings published with the concept of versions, allowing
*Documentation* maps to *Documentation Link* in the publish process.
*Feedback* is provided via customer reviews. https://hub.docker.com/images/node?tab=reviews is an example.
*Tier Description* is what you see once users get entitled to a plan. For instance, in https://hub.docker.com/images/openmaptiles-openstreetmap-maps/plans/f1fc533a-76f0-493a-80a1-4e0a2b38a563?tab=instructions `A detailed street map of any place on a planet. Evaluation and non-production use. Production use license available separately` is what this publisher entered in the Tier description
*Installation instructions* is documentation on installing your software. In this case the documentation is just `Just launch the container and the map is going to be available on port 80 - ready-to-use - with instructions and list of available styles.` (We recommend more details for any content thats a certification candidate).
*Installation instructions* is documentation on installing your software. In this case the documentation is just `Just launch the container and the map is going to be available on port 80 - ready-to-use - with instructions and list of available styles.` (We recommend more details for any content that's a certification candidate).
### How can I remove a submission? I dont want to currently have this image published as it is missing several information.
@ -112,7 +112,7 @@ in the readme).
### Regarding source repo tags: it says not to use “latest”. However, if we want users to be able to download the images without specifying a tag, then presumably an image tagged “latest” is required. So how do we go about that?
You can not submit "latest" tags via the certification/store publish workflow.
You can not submit "latest" tags via the certification/hub publish workflow.
The reason we do this is so that users are aware of the exact version they
download. To make the user experience easy we have a copy widget that users can
use to copy the pull command and paste in their command line. Here is a
@ -138,24 +138,24 @@ Here is a [screenshot](https://user-images.githubusercontent.com/2453622/3206729
### If something is published as a free tier, for subscribed users only, does a user need to explicitly click Accept on the license terms for which we provide the link before they can download the image?
Yes
### Do you have a license enforcement system for docker images sold on store? How are they protected, once they have been downloaded? What happens if a customer stop paying for the image I am selling after, let's say, 2 months?
### Do you have a license enforcement system for docker images sold on Docker Hub? How are they protected, once they have been downloaded? What happens if a customer stop paying for the image I am selling after, let's say, 2 months?
We provide the following licensing option to customers:
* Bring your own License or BYOL.
The expectation is that the publisher would take care of License Keys within the
container. The License Key itself can be presented to the customer via Docker
Store. We expect the Publisher to build short circuits into the container, so
Hub. We expect the Publisher to build short circuits into the container, so
the container stops running once the License Key expires. Once a customer
cancels, or if the customer subscription expires - the customer cannot
download updates from the Store.
download updates from Docker Hub.
If a user cancels their subscription, they cannot download updates
from the Store. The container may continue running. If you have a licensing
from Docker Hub. The container may continue running. If you have a licensing
scheme built into the container, the licensing scheme can be a forcing function
and stop the container. (_We do not build anything into the container, it is up to the publisher_).
### How does a customer transition from a Trial to a Paid subscription? Question assumes these are two separate pulls from Store, or can they just drop in a license via Store?
### How does a customer transition from a Trial to a Paid subscription? Question assumes these are two separate pulls from Docker Hub, or can they just drop in a license via Docker Hub?
Publisher can provide two different tokens or let customers use the same token
and internally map the customer to a paid plan vs a free trial.

2
docker-hub/repos.md
View File

@ -100,7 +100,7 @@ Now you can push this repository to the registry designated by its name or tag.
$ docker push <hub-user>/<repo-name>:<tag>
The image is then uploaded and available for use by your team-mates and/or
The image is then uploaded and available for use by your teammates and/or
the community.
## Stars

2
ee/dtr/admin/monitor-and-troubleshoot/troubleshoot-batch-jobs.md
View File

@ -76,7 +76,7 @@ Jobs can be in one of the following status:
## Job capacity
Each job runner has a limited capacity and won't claim jobs that require an
Each job runner has a limited capacity and won't claim jobs that require a
higher capacity. You can see the capacity of a job runner using the
`GET /api/v0/workers` endpoint:

23
ee/dtr/release-notes.md
View File

@ -20,6 +20,17 @@ to upgrade your installation to the latest release.
# Version 2.5
## 2.5.6 (2018-10-25)
### Bug Fixes
* Fixed a bug where Windows images could not be promoted. (docker/dhe-deploy#9215)
* Removed Python3 from base image. (docker/dhe-deploy#9219)
* Added CSP (docker/dhe-deploy#9366)
* Included foreign layers in scanned images. (docker/dhe-deploy#9488)
* Added dotnet.marsu to nautilus base image. (docker/dhe-deploy#9503)
* Backported ManifestList fixes. (docker/dhe-deploy#9547)
* Removed support sidebar link and associated content. (docker/dhe-deploy#9411)
## 2.5.5 (2018-8-30)
### Bug Fixes
@ -161,6 +172,18 @@ specify `--log-protocol`.
# Version 2.4
## Version 2.4.7
(25 October 2018)
### Bug Fixes
* Added CSP (Content Security Policy). (docker/dhe-deploy#9367 and docker/dhe-deploy#9584)
* Fixed critical vulnerability in RethinkDB. (docker/dhe-deploy#9574)
### Changelog
* Patched security vulnerabilities in the load balancer.
* Patch packages and base OS to eliminate and address some critical vulnerabilities in DTR dependencies.
## Version 2.4.6
(26 July 2018)

11
ee/dtr/user/manage-images/override-a-vulnerability.md
View File

@ -14,7 +14,7 @@ In the **DTR web UI**, navigate to the repository that has been scanned.
![Tag list](../../images/override-vulnerability-1.png){: .with-border}
Click **View details** for the image you want to see the scan results, and
and choose **Components** to see the vulnerabilities for each component packaged
choose **Components** to see the vulnerabilities for each component packaged
in the image.
Select the component with the vulnerability you want to ignore, navigate to the
@ -22,12 +22,13 @@ vulnerability, and click **hide**.
![Vulnerability list](../../images/override-vulnerability-2.png){: .with-border}
The vulnerability is hidden for the particular image and component. If this
vulnerability shows up in other images, it is still reported.
The vulnerability is hidden system-wide and will no longer be reported as a vulnerability
on other affected images with the same layer IDs or digests.
After dismissing a vulnerability, DTR won't re-evaluate the promotion policies
After dismissing a vulnerability, DTR will not reevaluate the promotion policies
you have set up for the repository.
If you want the promotion policy to be re-evaluated for the image after hiding
If you want the promotion policy to be reevaluated for the image after hiding
a particular vulnerability, click **Promote**.
## Where to go next

Some files were not shown because too many files have changed in this diff Show More