diff --git a/README.md b/README.md index 25bc3f211a..f6c9bacd60 100644 --- a/README.md +++ b/README.md @@ -307,7 +307,7 @@ In order to keep the Git repository light, _please_ compress the images (losslessly). On Mac you may use (ImageOptim)[https://imageoptim.com] for instance. Be sure to compress the images *before* adding them to the repository, doing it afterwards actually worsens the impact on the Git repo (but -still optimizes the bandwith during browsing). +still optimizes the bandwidth during browsing). ## Building archives and the live published docs diff --git a/_config.yml b/_config.yml index 00069b631f..a280a272b0 100644 --- a/_config.yml +++ b/_config.yml @@ -23,7 +23,7 @@ latest_stable_docker_engine_api_version: "1.37" docker_ce_stable_version: "18.03" docker_ce_edge_version: "18.05" docker_ee_version: "17.06" -compose_version: "1.22.0" +compose_version: "1.23.1" machine_version: "0.14.0" distribution_version: "2.6" dtr_version: "2.5" @@ -92,7 +92,7 @@ defaults: - scope: path: "install" values: - win_latest_build: "docker-17.06.2-ee-16" + win_latest_build: "docker-17.06.2-ee-17" - scope: path: "datacenter" values: @@ -102,21 +102,21 @@ defaults: values: dtr_org: "docker" dtr_repo: "dtr" - dtr_version: "2.5.5" + dtr_version: "2.5.6" - scope: path: "datacenter/dtr/2.4" values: hide_from_sitemap: true dtr_org: "docker" dtr_repo: "dtr" - dtr_version: "2.4.6" + dtr_version: "2.4.7" - scope: path: "datacenter/dtr/2.3" values: hide_from_sitemap: true dtr_org: "docker" dtr_repo: "dtr" - dtr_version: "2.3.8" + dtr_version: "2.3.9" - scope: path: "datacenter/dtr/2.2" values: @@ -138,23 +138,23 @@ defaults: values: ucp_org: "docker" ucp_repo: "ucp" - ucp_version: "3.0.5" + ucp_version: "3.0.6" - scope: # This is a bit of a hack for the get-support.md topic. path: "ee" values: ucp_org: "docker" ucp_repo: "ucp" dtr_repo: "dtr" - ucp_version: "3.0.5" + ucp_version: "3.0.6" dtr_version: "2.5.0" - dtr_latest_image: "docker/dtr:2.5.5" + dtr_latest_image: "docker/dtr:2.5.6" - scope: path: "datacenter/ucp/2.2" values: hide_from_sitemap: true ucp_org: "docker" ucp_repo: "ucp" - ucp_version: "2.2.13" + ucp_version: "2.2.14" - scope: path: "datacenter/ucp/2.1" values: diff --git a/_data/ddc_offline_files_2.yaml b/_data/ddc_offline_files_2.yaml index 1e4252ce24..3ff6d9e6fd 100644 --- a/_data/ddc_offline_files_2.yaml +++ b/_data/ddc_offline_files_2.yaml @@ -6,6 +6,16 @@ - product: "ucp" version: "3.0" tar-files: + - description: "3.0.6 Linux" + url: https://packages.docker.com/caas/ucp_images_3.0.6.tar.gz + - description: "3.0.6 IBM Z" + url: https://packages.docker.com/caas/ucp_images_s390x_3.0.6.tar.gz + - description: "3.0.6 Windows Server 2016 LTSC" + url: https://packages.docker.com/caas/ucp_images_win_2016_3.0.6.tar.gz + - description: "3.0.6 Windows Server 1709" + url: https://packages.docker.com/caas/ucp_images_win_1709_3.0.6.tar.gz + - description: "3.0.6 Windows Server 1803" + url: https://packages.docker.com/caas/ucp_images_win_1803_3.0.6.tar.gz - description: "3.0.5 Linux" url: https://packages.docker.com/caas/ucp_images_3.0.5.tar.gz - description: "3.0.5 IBM Z" @@ -53,6 +63,12 @@ - product: "ucp" version: "2.2" tar-files: + - description: "2.2.14 Linux" + url: https://packages.docker.com/caas/ucp_images_2.2.14.tar.gz + - description: "2.2.14 IBM Z" + url: https://packages.docker.com/caas/ucp_images_s390x_2.2.14.tar.gz + - description: "2.2.14 Windows" + url: https://packages.docker.com/caas/ucp_images_win_2.2.14.tar.gz - description: "2.2.13 Linux" url: https://packages.docker.com/caas/ucp_images_2.2.13.tar.gz - description: "2.2.13 IBM Z" @@ -128,33 +144,27 @@ - product: "dtr" version: "2.5" tar-files: + - description: "DTR 2.5.6 Linux x86" + url: https://packages.docker.com/caas/dtr_images_2.5.6.tar.gz - description: "DTR 2.5.5 Linux x86" url: https://packages.docker.com/caas/dtr_images_2.5.5.tar.gz - - description: "DTR 2.5.5 IBM Z" - url: https://packages.docker.com/caas/dtr_images_s390x_2.5.5.tar.gz - description: "DTR 2.5.3 Linux x86" url: https://packages.docker.com/caas/dtr_images_2.5.3.tar.gz - - description: "DTR 2.5.3 IBM Z" - url: https://packages.docker.com/caas/dtr_images_s390x_2.5.3.tar.gz - description: "DTR 2.5.2 Linux x86" url: https://packages.docker.com/caas/dtr_images_2.5.2.tar.gz - - description: "DTR 2.5.2 IBM Z" - url: https://packages.docker.com/caas/dtr_images_s390x_2.5.2.tar.gz - description: "DTR 2.5.1 Linux x86" url: https://packages.docker.com/caas/dtr_images_2.5.1.tar.gz - - description: "DTR 2.5.1 IBM Z" - url: https://packages.docker.com/caas/dtr_images_s390x_2.5.1.tar.gz - description: "DTR 2.5.0 Linux x86" url: https://packages.docker.com/caas/dtr_images_2.5.0.tar.gz - - description: "DTR 2.5.0 IBM Z" - url: https://packages.docker.com/caas/dtr_images_s390x_2.5.0.tar.gz - product: "dtr" version: "2.4" tar-files: + - description: "DTR 2.4.7 Linux x86" + url: https://packages.docker.com/caas/dtr_images_2.4.7.tar.gz - description: "DTR 2.4.6 Linux x86" url: https://packages.docker.com/caas/dtr_images_2.4.6.tar.gz - description: "DTR 2.4.6 IBM Z" - url: https://packages.docker.com/caas/dtr_images_s390x_2.4.6.tar.gz + url: https://packages.docker.com/caas/dtr_images_s390x_2.4.6.tar.gz - description: "DTR 2.4.5 Linux x86" url: https://packages.docker.com/caas/dtr_images_2.4.5.tar.gz - description: "DTR 2.4.5 IBM Z" @@ -182,6 +192,8 @@ - product: "dtr" version: "2.3" tar-files: + - description: "DTR 2.3.9" + url: https://packages.docker.com/caas/dtr_images_2.3.9.tar.gz - description: "DTR 2.3.8" url: https://packages.docker.com/caas/dtr_images_2.3.8.tar.gz - description: "DTR 2.3.7" diff --git a/_includes/ee-linux-install-reuse.md b/_includes/ee-linux-install-reuse.md index a663792ade..896115fc79 100644 --- a/_includes/ee-linux-install-reuse.md +++ b/_includes/ee-linux-install-reuse.md @@ -116,6 +116,16 @@ You only need to set up the repository once, after which you can install Docker {% endif %} +{% if linux-dist == "oraclelinux" %} + +5. Enable the `ol7_addons` Oracle repository. This ensures access to the `container-selinux` package required by `docker-ee`. + + ```bash + $ sudo yum-config-manager --enable ol7_addons + ``` + +{% endif %} + 6. Add the Docker EE **stable** repository: ```bash @@ -301,6 +311,6 @@ You must delete any edited configuration files manually. - Continue to [Post-installation steps for Linux](/install/linux/linux-postinstall.md){: target="_blank" class="_" } -- Continue with user guides on [Universal Control Plane (UCP)](/datacenter/ucp/2.2/guides/){: target="_blank" class="_" } and [Docker Trusted Registry (DTR)](/datacenter/dtr/2.4/guides/){: target="_blank" class="_" } +- Continue with user guides on [Universal Control Plane (UCP)](/ee/ucp/){: target="_blank" class="_" } and [Docker Trusted Registry (DTR)](/ee/dtr/){: target="_blank" class="_" } {% endif %} diff --git a/_includes/install-script.md b/_includes/install-script.md index 0fbe56ef8e..08e24fbf63 100644 --- a/_includes/install-script.md +++ b/_includes/install-script.md @@ -42,20 +42,24 @@ $ curl -fsSL https://get.docker.com -o get-docker.sh $ sudo sh get-docker.sh +``` If you would like to use Docker as a non-root user, you should now consider adding your user to the "docker" group with something like: +```bash sudo usermod -aG docker your-user +``` Remember to log out and back in for this to take effect! -WARNING: Adding a user to the "docker" group grants the ability to run - containers which can be used to obtain root privileges on the - docker host. - Refer to https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface - for more information. -``` +> **Warning**: +> +> Adding a user to the "docker" group grants the ability to run containers +> which can be used to obtain root privileges on the docker host. Refer to +> [Docker Daemon Attack Surface](https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface) +> for more information. +{:.warning} Docker CE is installed. It starts automatically on `DEB`-based distributions. On `RPM`-based distributions, you need to start it manually using the appropriate diff --git a/_includes/kubernetes-mac-win.md b/_includes/kubernetes-mac-win.md index 9639ed15e7..e4b895d95e 100644 --- a/_includes/kubernetes-mac-win.md +++ b/_includes/kubernetes-mac-win.md @@ -12,12 +12,11 @@ Usage: {% include kubernetes-mac-win.md platform="mac" %} {% if platform == "mac" %} {% assign product = "Docker for Mac" %} - {% capture min-version %}{{ product }} 17.12 CE Edge{% endcapture %} - + {% capture min-version %}{{ product }} **17.12 CE Edge**{% endcapture %} + {% capture version-caveat %} -**Kubernetes is only available in {{ min-version }} and higher, on the Edge -channel.** Kubernetes support is not included in Docker for Mac Stable releases. - {% endcapture %} + Kubernetes is available in {{ min-version }} and higher, and **18.06 Stable** and higher + {% endcapture%} {% capture local-kubectl-warning %} > If you independently installed the Kubernetes CLI, `kubectl`, make sure that @@ -32,26 +31,21 @@ channel.** Kubernetes support is not included in Docker for Mac Stable releases. {% elsif platform == "windows" %} {% assign product = "Docker for Windows" %} - {% capture min-version %}{{ product }} 18.02 CE Edge{% endcapture %} + {% capture min-version %}{{ product }} **18.02 CE Edge**{% endcapture %} {% capture version-caveat %} - **Kubernetes is only available in {{ min-version }}.** Kubernetes - support is not included in {{ product }} 18.02 CE Stable. + Kubernetes is available in {{ min-version }} and higher, and **18.06 Stable** and higher {% endcapture %} {% capture local-kubectl-warning %} -If you installed `kubectl` by another method, and experience conflicts, remove it. + If you installed `kubectl` by another method, and experience conflicts, remove it. {% endcapture %} {% assign kubectl-path = "C:\>Program Files\Docker\Docker\Resources\bin\kubectl.exe" %} {% endif %} -{{ version-caveat }} To find out more about Stable and Edge channels and how to -switch between them, see -[General configuration](/docker-for-{{ platform }}/#general). - -{{ min-version }} includes a standalone Kubernetes server and client, +{{ version-caveat }}, this includes a standalone Kubernetes server and client, as well as Docker CLI integration. The Kubernetes server runs locally within your Docker instance, is not configurable, and is a single-node cluster. diff --git a/compose/aspnet-mssql-compose.md b/compose/aspnet-mssql-compose.md index 36c9111b01..ce60a4db28 100644 --- a/compose/aspnet-mssql-compose.md +++ b/compose/aspnet-mssql-compose.md @@ -55,8 +55,8 @@ configure this app to use our SQL Server database, and then create a This file defines how to build the web app image. It uses the [microsoft/aspnetcore-build](https://hub.docker.com/r/microsoft/aspnetcore-build/), - map the volume with the generated code, restore the dependencies, build the - project and expose port 80. After that, it calls an `entrypoint` script + maps the volume with the generated code, restores the dependencies, builds the + project and exposes port 80. After that, it calls an `entrypoint` script that we create in the next step. 1. The `Dockerfile` makes use of an entrypoint to your webapp Docker @@ -186,7 +186,7 @@ configure this app to use our SQL Server database, and then create a Go ahead and try out the website! This sample uses the SQL Server database image in the back-end for authentication. -Ready! You now have a ASP.NET Core application running against SQL Server in +Ready! You now have an ASP.NET Core application running against SQL Server in Docker Compose! This sample made use of some of the most popular Microsoft products for Linux. To learn more about Windows Containers, check out [Docker Labs for Windows Containers](https://github.com/docker/labs/tree/master/windows) diff --git a/compose/completion.md b/compose/completion.md index 9765cfd2bb..9c03613d90 100644 --- a/compose/completion.md +++ b/compose/completion.md @@ -29,7 +29,7 @@ On a Mac, add the following to your `~/.bash_profile`: ```shell if [ -f $(brew --prefix)/etc/bash_completion ]; then -. $(brew --prefix)/etc/bash_completion + . $(brew --prefix)/etc/bash_completion fi ``` diff --git a/compose/compose-file/compose-file-v1.md b/compose/compose-file/compose-file-v1.md index 23e428e5f7..7e0ede1bc1 100644 --- a/compose/compose-file/compose-file-v1.md +++ b/compose/compose-file/compose-file-v1.md @@ -415,7 +415,7 @@ id. Sets the PID mode to the host PID mode. This turns on sharing between container and the host operating system the PID address space. Containers launched with this flag can access and manipulate other -containers in the bare-metal machine's namespace and vise-versa. +containers in the bare-metal machine's namespace and vice versa. ### ports diff --git a/compose/compose-file/compose-file-v2.md b/compose/compose-file/compose-file-v2.md index 60c574d575..4585410da3 100644 --- a/compose/compose-file/compose-file-v2.md +++ b/compose/compose-file/compose-file-v2.md @@ -1006,7 +1006,7 @@ designated container or service. If set to "host", the service's PID mode is the host PID mode. This turns on sharing between container and the host operating system the PID address space. Containers launched with this flag can access and manipulate -other containers in the bare-metal machine's namespace and vise-versa. +other containers in the bare-metal machine's namespace and vice versa. > **Note**: the `service:` and `container:` forms require > [version 2.1](compose-versioning.md#version-21) or above @@ -1483,7 +1483,7 @@ Set a custom name for this volume. data: name: my-app-data -It can also be used in conjuction with the `external` property: +It can also be used in conjunction with the `external` property: version: '2.1' volumes: @@ -1641,7 +1641,7 @@ Set a custom name for this network. network1: name: my-app-net -It can also be used in conjuction with the `external` property: +It can also be used in conjunction with the `external` property: version: '2.1' networks: diff --git a/compose/compose-file/index.md b/compose/compose-file/index.md index f21990b09c..c34bd24b68 100644 --- a/compose/compose-file/index.md +++ b/compose/compose-file/index.md @@ -1409,7 +1409,7 @@ networks: Sets the PID mode to the host PID mode. This turns on sharing between container and the host operating system the PID address space. Containers launched with this flag can access and manipulate other -containers in the bare-metal machine's namespace and vise-versa. +containers in the bare-metal machine's namespace and vice versa. ### ports @@ -2029,7 +2029,7 @@ and will **not** be scoped with the stack name. data: name: my-app-data -It can also be used in conjuction with the `external` property: +It can also be used in conjunction with the `external` property: version: '3.4' volumes: @@ -2257,7 +2257,7 @@ and will **not** be scoped with the stack name. network1: name: my-app-net -It can also be used in conjuction with the `external` property: +It can also be used in conjunction with the `external` property: version: '3.5' networks: diff --git a/compose/rails.md b/compose/rails.md index d107c14247..19d96dd112 100644 --- a/compose/rails.md +++ b/compose/rails.md @@ -230,7 +230,7 @@ web_1 | A server is already running. Check /myapp/tmp/pids/server.pid. ``` -To resolve this, delete the file `tmp/pids/server.pid`, and then re-start the +To resolve this, delete the file `tmp/pids/server.pid`, and then restart the application with `docker-compose up`. ### Restart the application diff --git a/compose/reference/build.md b/compose/reference/build.md index af41c55888..0bac60a39d 100644 --- a/compose/reference/build.md +++ b/compose/reference/build.md @@ -16,6 +16,7 @@ Options: --pull Always attempt to pull a newer version of the image. -m, --memory MEM Sets memory limit for the build container. --build-arg key=val Set build-time variables for services. + --parallel Build images in parallel. ``` Services are built once and then tagged, by default as `project_service`. For diff --git a/compose/reference/config.md b/compose/reference/config.md index 5292b575f2..56542663ab 100644 --- a/compose/reference/config.md +++ b/compose/reference/config.md @@ -10,10 +10,12 @@ Usage: config [options] Options: --resolve-image-digests Pin image tags to digests. - -q, --quiet Only validate the configuration, don't print - anything. + -q, --quiet Only validate the configuration – do not print anything. --services Print the service names, one per line. --volumes Print the volume names, one per line. + --hash="*" Print the service config hash, one per line. + Set "service1,service2" for a list of specified services + or use the wildcard symbol to display all services. ``` Validate and view the Compose file. diff --git a/compose/startup-order.md b/compose/startup-order.md index 152ade0c88..88477929e2 100644 --- a/compose/startup-order.md +++ b/compose/startup-order.md @@ -54,7 +54,7 @@ script: check. For example, you might want to wait until Postgres is definitely ready to accept commands: - #!/bin/bash + #!/bin/sh # wait-for-postgres.sh set -e diff --git a/config/containers/container-networking.md b/config/containers/container-networking.md index bf27fdd2cb..45acb077ec 100644 --- a/config/containers/container-networking.md +++ b/config/containers/container-networking.md @@ -49,7 +49,7 @@ When you connect an existing container to a different network using `docker network connect`, you can use the `--ip` or `--ip6` flags on that command to specify the container's IP address on the additional network. -In the same way, a container's hostname defaults to be the container's name in +In the same way, a container's hostname defaults to be the container's ID in Docker. You can override the hostname using `--hostname`. When connecting to an existing network using `docker network connect`, you can use the `--alias` flag to specify an additional network alias for the container on that network. @@ -65,7 +65,7 @@ settings on a per-container basis. | `--dns` | The IP address of a DNS server. To specify multiple DNS servers, use multiple `--dns` flags. If the container cannot reach any of the IP addresses you specify, Google's public DNS server `8.8.8.8` is added, so that your container can resolve internet domains. | | `--dns-search` | A DNS search domain to search non-fully-qualified hostnames. To specify multiple DNS search prefixes, use multiple `--dns-search` flags. | | `--dns-opt` | A key-value pair representing a DNS option and its value. See your operating system's documentation for `resolv.conf` for valid options. | -| `--hostname` | The hostname a container uses for itself. Defaults to the container's name if not specified. | +| `--hostname` | The hostname a container uses for itself. Defaults to the container's ID if not specified. | ## Proxy server diff --git a/config/containers/logging/journald.md b/config/containers/logging/journald.md index 83ed38b818..ecd850d63f 100644 --- a/config/containers/logging/journald.md +++ b/config/containers/logging/journald.md @@ -57,7 +57,7 @@ driver options. | Option | Required | Description | |:------------|:---------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `tag` | optional | Specify template to set `CONTAINER_TAG` and `SYSLOG_IDENTIFIER` value in journald logs. Refer to [log tag option documentation](/engine/admin/logging/log_tags/) to customize the log tag format | -| `label` | optional | Comma-separated list of keys of labels, which should be included in message, if these labels are specified for the container. | +| `labels` | optional | Comma-separated list of keys of labels, which should be included in message, if these labels are specified for the container. | | `env` | optional | Comma-separated list of keys of environment variables, which should be included in message, if these variables are specified for the container. | | `env-regex` | optional | Similar to and compatible with env. A regular expression to match logging-related environment variables. Used for advanced [log tag options](/engine/admin/logging/log_tags/). | diff --git a/config/containers/logging/splunk.md b/config/containers/logging/splunk.md index 93983f2a7d..c279c819ff 100644 --- a/config/containers/logging/splunk.md +++ b/config/containers/logging/splunk.md @@ -49,7 +49,7 @@ The following properties let you configure the splunk logging driver. - To configure the `splunk` driver across the Docker environment, edit `daemon.json` with the key, `"log-opts": {"NAME": "VALUE", ...}`. -- To configure the `splunk` driver for an indiviual container, use `docker run` +- To configure the `splunk` driver for an individual container, use `docker run` with the flag, `--log-opt NAME=VALUE ...`. | Option | Required | Description | diff --git a/config/containers/resource_constraints.md b/config/containers/resource_constraints.md index 2ebb2590f9..849283ed8f 100644 --- a/config/containers/resource_constraints.md +++ b/config/containers/resource_constraints.md @@ -9,7 +9,7 @@ keywords: "docker, daemon, configuration" By default, a container has no resource constraints and can use as much of a given resource as the host's kernel scheduler allows. Docker provides ways -to control how much memory, CPU, or block IO a container can use, setting runtime +to control how much memory, or CPU a container can use, setting runtime configuration flags of the `docker run` command. This section provides details on when you should set such limits and the possible implications of setting them. diff --git a/datacenter/dtr/2.0/install/upgrade/index.md b/datacenter/dtr/2.0/install/upgrade/index.md index a246a87222..fec028a1a0 100644 --- a/datacenter/dtr/2.0/install/upgrade/index.md +++ b/datacenter/dtr/2.0/install/upgrade/index.md @@ -11,7 +11,7 @@ is ensuring you're running DTR 2.0. If that's not the case, start by upgrading your installation to version 2.0.0, and then upgrade to the latest version available. -There is no downtime when upgrading an highly-available DTR cluster. If your +There is no downtime when upgrading a highly-available DTR cluster. If your DTR deployment has a single replica, schedule the upgrade to take place outside business peak hours to ensure the impact on your business is close to none. diff --git a/datacenter/dtr/2.1/guides/install/upgrade.md b/datacenter/dtr/2.1/guides/install/upgrade.md index ebf284f607..45cd0e02c1 100644 --- a/datacenter/dtr/2.1/guides/install/upgrade.md +++ b/datacenter/dtr/2.1/guides/install/upgrade.md @@ -9,7 +9,7 @@ is ensuring you're running DTR 2.0. If that's not the case, start by upgrading your installation to version 2.0.0, and then upgrade to the latest version available. -There is no downtime when upgrading an highly-available DTR cluster. If your +There is no downtime when upgrading a highly-available DTR cluster. If your DTR deployment has a single replica, schedule the upgrade to take place outside business peak hours to ensure the impact on your business is close to none. diff --git a/datacenter/dtr/2.1/reference/api/swagger-ui.js b/datacenter/dtr/2.1/reference/api/swagger-ui.js index 207714d300..c9abd09ff8 100644 --- a/datacenter/dtr/2.1/reference/api/swagger-ui.js +++ b/datacenter/dtr/2.1/reference/api/swagger-ui.js @@ -2121,7 +2121,7 @@ SuperagentHttpClient.prototype.execute = function (obj) { } else if (res && obj.on && obj.on.response) { var possibleObj; - // Already parsed by by superagent? + // Already parsed by superagent? if(res.body && Object.keys(res.body).length > 0) { possibleObj = res.body; } else { @@ -12442,7 +12442,7 @@ var iframe, elemdisplay = {}; /** - * Retrieve the actual display of a element + * Retrieve the actual display of an element * @param {String} name nodeName of the element * @param {Object} doc Document object */ @@ -13862,7 +13862,7 @@ jQuery.fx.speeds = { }; -// Based off of the plugin by Clint Helfers, with permission. +// Based on the plugin by Clint Helfers, with permission. // http://blindsignals.com/index.php/2009/07/jquery-delay/ jQuery.fn.delay = function( time, type ) { time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time; @@ -26068,7 +26068,7 @@ var baseCreate = require('./baseCreate'), * @private * @param {*} value The value to wrap. * @param {boolean} [chainAll] Enable chaining for all wrapper methods. - * @param {Array} [actions=[]] Actions to peform to resolve the unwrapped value. + * @param {Array} [actions=[]] Actions to perform to resolve the unwrapped value. */ function LodashWrapper(value, chainAll, actions) { this.__wrapped__ = value; diff --git a/datacenter/dtr/2.2/guides/admin/configure/external-storage/s3.md b/datacenter/dtr/2.2/guides/admin/configure/external-storage/s3.md index 753e29f5d7..13c3175388 100644 --- a/datacenter/dtr/2.2/guides/admin/configure/external-storage/s3.md +++ b/datacenter/dtr/2.2/guides/admin/configure/external-storage/s3.md @@ -24,7 +24,7 @@ Start by Then, as a best practice you should [create a new IAM user](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html) just for the DTR -integration and apply a IAM policy that ensures the user has limited permissions. +integration and apply an IAM policy that ensures the user has limited permissions. This user only needs permissions to access the bucket that you use to store images, and to read, write, and delete files. diff --git a/datacenter/dtr/2.2/guides/admin/configure/garbage-collection.md b/datacenter/dtr/2.2/guides/admin/configure/garbage-collection.md index 971f4911f2..b1286d3dae 100644 --- a/datacenter/dtr/2.2/guides/admin/configure/garbage-collection.md +++ b/datacenter/dtr/2.2/guides/admin/configure/garbage-collection.md @@ -18,7 +18,7 @@ pushes will fail The GC cron schedule is set to run in **UTC time**. Containers typically run in UTC time (unless the system time is mounted), therefore remember that the cron -schedule will run based off of UTC time when configuring. +schedule will run based on UTC time when configuring. GC puts DTR into read-only mode; pulls succeed while pushes fail. Pushing an image while GC runs may lead to undefined behavior and data loss, therefore diff --git a/datacenter/dtr/2.2/guides/admin/monitor-and-troubleshoot/troubleshoot-batch-jobs.md b/datacenter/dtr/2.2/guides/admin/monitor-and-troubleshoot/troubleshoot-batch-jobs.md index 11e58a9ef2..9092d434bc 100644 --- a/datacenter/dtr/2.2/guides/admin/monitor-and-troubleshoot/troubleshoot-batch-jobs.md +++ b/datacenter/dtr/2.2/guides/admin/monitor-and-troubleshoot/troubleshoot-batch-jobs.md @@ -68,7 +68,7 @@ Jobs can be in one of the following status: ## Job capacity -Each job runner has a limited capacity and doesn't claim jobs that require an +Each job runner has a limited capacity and doesn't claim jobs that require a higher capacity. You can see the capacity of a job runner using the `GET /api/v0/workers` endpoint: diff --git a/datacenter/dtr/2.2/reference/api/swagger-ui.js b/datacenter/dtr/2.2/reference/api/swagger-ui.js index 207714d300..c9abd09ff8 100644 --- a/datacenter/dtr/2.2/reference/api/swagger-ui.js +++ b/datacenter/dtr/2.2/reference/api/swagger-ui.js @@ -2121,7 +2121,7 @@ SuperagentHttpClient.prototype.execute = function (obj) { } else if (res && obj.on && obj.on.response) { var possibleObj; - // Already parsed by by superagent? + // Already parsed by superagent? if(res.body && Object.keys(res.body).length > 0) { possibleObj = res.body; } else { @@ -12442,7 +12442,7 @@ var iframe, elemdisplay = {}; /** - * Retrieve the actual display of a element + * Retrieve the actual display of an element * @param {String} name nodeName of the element * @param {Object} doc Document object */ @@ -13862,7 +13862,7 @@ jQuery.fx.speeds = { }; -// Based off of the plugin by Clint Helfers, with permission. +// Based on the plugin by Clint Helfers, with permission. // http://blindsignals.com/index.php/2009/07/jquery-delay/ jQuery.fn.delay = function( time, type ) { time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time; @@ -26068,7 +26068,7 @@ var baseCreate = require('./baseCreate'), * @private * @param {*} value The value to wrap. * @param {boolean} [chainAll] Enable chaining for all wrapper methods. - * @param {Array} [actions=[]] Actions to peform to resolve the unwrapped value. + * @param {Array} [actions=[]] Actions to perform to resolve the unwrapped value. */ function LodashWrapper(value, chainAll, actions) { this.__wrapped__ = value; diff --git a/datacenter/dtr/2.2/reference/api/swagger-ui.js.original b/datacenter/dtr/2.2/reference/api/swagger-ui.js.original index 207714d300..c9abd09ff8 100644 --- a/datacenter/dtr/2.2/reference/api/swagger-ui.js.original +++ b/datacenter/dtr/2.2/reference/api/swagger-ui.js.original @@ -2121,7 +2121,7 @@ SuperagentHttpClient.prototype.execute = function (obj) { } else if (res && obj.on && obj.on.response) { var possibleObj; - // Already parsed by by superagent? + // Already parsed by superagent? if(res.body && Object.keys(res.body).length > 0) { possibleObj = res.body; } else { @@ -12442,7 +12442,7 @@ var iframe, elemdisplay = {}; /** - * Retrieve the actual display of a element + * Retrieve the actual display of an element * @param {String} name nodeName of the element * @param {Object} doc Document object */ @@ -13862,7 +13862,7 @@ jQuery.fx.speeds = { }; -// Based off of the plugin by Clint Helfers, with permission. +// Based on the plugin by Clint Helfers, with permission. // http://blindsignals.com/index.php/2009/07/jquery-delay/ jQuery.fn.delay = function( time, type ) { time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time; @@ -26068,7 +26068,7 @@ var baseCreate = require('./baseCreate'), * @private * @param {*} value The value to wrap. * @param {boolean} [chainAll] Enable chaining for all wrapper methods. - * @param {Array} [actions=[]] Actions to peform to resolve the unwrapped value. + * @param {Array} [actions=[]] Actions to perform to resolve the unwrapped value. */ function LodashWrapper(value, chainAll, actions) { this.__wrapped__ = value; diff --git a/datacenter/dtr/2.3/guides/admin/configure/use-a-load-balancer.md b/datacenter/dtr/2.3/guides/admin/configure/use-a-load-balancer.md index 1251b10c85..826ccf5fc6 100644 --- a/datacenter/dtr/2.3/guides/admin/configure/use-a-load-balancer.md +++ b/datacenter/dtr/2.3/guides/admin/configure/use-a-load-balancer.md @@ -54,7 +54,7 @@ with more details on any one of these services: * Content trust (notary) This endpoint is for checking the health of a *single* replica. To get -the health of every replica in a cluster, querying each replica individiually is +the health of every replica in a cluster, querying each replica individually is the preferred way to do it in real time. The `/api/v0/meta/cluster_status` diff --git a/datacenter/dtr/2.3/guides/admin/monitor-and-troubleshoot/troubleshoot-batch-jobs.md b/datacenter/dtr/2.3/guides/admin/monitor-and-troubleshoot/troubleshoot-batch-jobs.md index 90f25bb594..e05dec0fca 100644 --- a/datacenter/dtr/2.3/guides/admin/monitor-and-troubleshoot/troubleshoot-batch-jobs.md +++ b/datacenter/dtr/2.3/guides/admin/monitor-and-troubleshoot/troubleshoot-batch-jobs.md @@ -69,7 +69,7 @@ Jobs can be in one of the following status: ## Job capacity -Each job runner has a limited capacity and doesn't claim jobs that require an +Each job runner has a limited capacity and doesn't claim jobs that require a higher capacity. You can see the capacity of a job runner using the `GET /api/v0/workers` endpoint: diff --git a/datacenter/dtr/2.3/guides/release-notes.md b/datacenter/dtr/2.3/guides/release-notes.md index cfa07ad6d8..23396ebc11 100644 --- a/datacenter/dtr/2.3/guides/release-notes.md +++ b/datacenter/dtr/2.3/guides/release-notes.md @@ -11,6 +11,18 @@ known issues for each DTR version. You can then use [the upgrade instructions](admin/upgrade.md), to upgrade your installation to the latest release. +## Version 2.3.9 + +(25 October 2018) + +### Bug Fixes +* Added CSP (Content Security Policy). (docker/dhe-deploy#9368 and docker/dhe-deploy#9588) +* Fixed critical vulnerability in RethinkDB. (docker/dhe-deploy#9575) + +### Changelog +* Patched security vulnerabilities in the load balancer. +* Patch packages and base OS to eliminate and address some critical vulnerabilities in DTR dependencies. + ## Version 2.3.8 (26 July 2018) diff --git a/datacenter/dtr/2.3/guides/user/create-promotion-policies.md b/datacenter/dtr/2.3/guides/user/create-promotion-policies.md index 555cd39b32..83b0008fee 100644 --- a/datacenter/dtr/2.3/guides/user/create-promotion-policies.md +++ b/datacenter/dtr/2.3/guides/user/create-promotion-policies.md @@ -97,5 +97,5 @@ pipelines. Also, users don't need access to all repositories in the promotion pipeline. A repository admin can define the promotion policies, and only allow access to push to the first repository in that pipeline. Once users push -to the fist repository, the image gets promoted to the other repositories as +to the first repository, the image gets promoted to the other repositories as long as it satisfies the promotion policies. diff --git a/datacenter/dtr/2.3/guides/user/manage-images/sign-images/index.md b/datacenter/dtr/2.3/guides/user/manage-images/sign-images/index.md index 4ffda257e5..2b72a73769 100644 --- a/datacenter/dtr/2.3/guides/user/manage-images/sign-images/index.md +++ b/datacenter/dtr/2.3/guides/user/manage-images/sign-images/index.md @@ -47,7 +47,7 @@ need to do the same procedure for every one of them. ### Configure your Notary client Start by [configuring your Notary client](../../access-dtr/configure-your-notary-client.md). -This ensures the Docker an Notary CLI clients know about your UCP private keys. +This ensures the Docker and Notary CLI clients know about your UCP private keys. ### Initialize the trust metadata diff --git a/datacenter/dtr/2.3/reference/api/swagger-ui.js b/datacenter/dtr/2.3/reference/api/swagger-ui.js index 3a37440753..ca11fa6ff6 100644 --- a/datacenter/dtr/2.3/reference/api/swagger-ui.js +++ b/datacenter/dtr/2.3/reference/api/swagger-ui.js @@ -2132,7 +2132,7 @@ SuperagentHttpClient.prototype.execute = function (obj) { } else if (res && obj.on && obj.on.response) { var possibleObj; - // Already parsed by by superagent? + // Already parsed by superagent? if(res.body && Object.keys(res.body).length > 0) { possibleObj = res.body; } else { @@ -12457,7 +12457,7 @@ var iframe, elemdisplay = {}; /** - * Retrieve the actual display of a element + * Retrieve the actual display of an element * @param {String} name nodeName of the element * @param {Object} doc Document object */ @@ -13877,7 +13877,7 @@ jQuery.fx.speeds = { }; -// Based off of the plugin by Clint Helfers, with permission. +// Based on the plugin by Clint Helfers, with permission. // http://blindsignals.com/index.php/2009/07/jquery-delay/ jQuery.fn.delay = function( time, type ) { time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time; @@ -26083,7 +26083,7 @@ var baseCreate = require('./baseCreate'), * @private * @param {*} value The value to wrap. * @param {boolean} [chainAll] Enable chaining for all wrapper methods. - * @param {Array} [actions=[]] Actions to peform to resolve the unwrapped value. + * @param {Array} [actions=[]] Actions to perform to resolve the unwrapped value. */ function LodashWrapper(value, chainAll, actions) { this.__wrapped__ = value; diff --git a/datacenter/dtr/2.3/reference/api/swagger-ui.js.original b/datacenter/dtr/2.3/reference/api/swagger-ui.js.original index 207714d300..c9abd09ff8 100644 --- a/datacenter/dtr/2.3/reference/api/swagger-ui.js.original +++ b/datacenter/dtr/2.3/reference/api/swagger-ui.js.original @@ -2121,7 +2121,7 @@ SuperagentHttpClient.prototype.execute = function (obj) { } else if (res && obj.on && obj.on.response) { var possibleObj; - // Already parsed by by superagent? + // Already parsed by superagent? if(res.body && Object.keys(res.body).length > 0) { possibleObj = res.body; } else { @@ -12442,7 +12442,7 @@ var iframe, elemdisplay = {}; /** - * Retrieve the actual display of a element + * Retrieve the actual display of an element * @param {String} name nodeName of the element * @param {Object} doc Document object */ @@ -13862,7 +13862,7 @@ jQuery.fx.speeds = { }; -// Based off of the plugin by Clint Helfers, with permission. +// Based on the plugin by Clint Helfers, with permission. // http://blindsignals.com/index.php/2009/07/jquery-delay/ jQuery.fn.delay = function( time, type ) { time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time; @@ -26068,7 +26068,7 @@ var baseCreate = require('./baseCreate'), * @private * @param {*} value The value to wrap. * @param {boolean} [chainAll] Enable chaining for all wrapper methods. - * @param {Array} [actions=[]] Actions to peform to resolve the unwrapped value. + * @param {Array} [actions=[]] Actions to perform to resolve the unwrapped value. */ function LodashWrapper(value, chainAll, actions) { this.__wrapped__ = value; diff --git a/datacenter/dtr/2.3/reference/cli/install.md b/datacenter/dtr/2.3/reference/cli/install.md index 4890cbd838..8dac003191 100644 --- a/datacenter/dtr/2.3/reference/cli/install.md +++ b/datacenter/dtr/2.3/reference/cli/install.md @@ -49,9 +49,9 @@ Note: Use --ucp-ca "$(cat ca.pem)" instead of --ucp-insecure-tls for a productio | `--https-proxy` | $DTR_HTTPS_PROXY | The HTTPS proxy used for outgoing requests. | | `--log-host` | $LOG_HOST | Where to send logs to.The endpoint to send logs to. Use this flag if you set --log-protocol to tcp or udp. | | `--log-level` | $LOG_LEVEL | Log level for all container logs when logging to syslog. Default: INFO. | -| `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal.This allows to define the protocol used to send container logs to an external system. The supported protocals are tcp, udp, or internal. Use this flag with --log-host. | +| `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal.This allows to define the protocol used to send container logs to an external system. The supported protocols are tcp, udp, or internal. Use this flag with --log-host. | | `--nfs-storage-url` | $NFS_STORAGE_URL | NFS to store Docker images. Format nfs:///.By default DTR creates a volume to store the Docker images in the local filesystem of the node where DTR is running, without high-availability. Use this flag to specify an NFS mount for DTR to store images, using the format nfs:///. To use this flag, you need to install an NFS client library like nfs-common in the node where you're deploying DTR. You can test this by running showmount -e . When you join new replicas, they will start using NFS so you don't need to use this flag. To reconfigure DTR to stop using NFS, leave this option empty. | -| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route throught the proxy. Format acme.com[, acme.org]. | +| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route through the proxy. Format acme.com[, acme.org]. | | `--overlay-subnet` | $DTR_OVERLAY_SUBNET | The subnet used by the dtr-ol overlay network. Example: 10.0.0.0/24.For high-availalibity, DTR creates an overlay network between UCP nodes. This flag allows you to choose the subnet for that network. Make sure the subnet you choose is not used on any machine where DTR replicas are deployed. | | `--replica-http-port` | $REPLICA_HTTP_PORT | The public HTTP port for the DTR replica. Default is 80.This allows you to customize the HTTP port where users can reach DTR. Once users access the HTTP port, they are redirected to use an HTTPS connection, using the port specified with --replica-https-port. This port can also be used for unencrypted health checks. | | `--replica-https-port` | $REPLICA_HTTPS_PORT | The public HTTPS port for the DTR replica. Default is 443.This allows you to customize the HTTPS port where users can reach DTR. Each replica can use a different port. | diff --git a/datacenter/dtr/2.3/reference/cli/reconfigure.md b/datacenter/dtr/2.3/reference/cli/reconfigure.md index 0d358b238a..e14b24dc8e 100644 --- a/datacenter/dtr/2.3/reference/cli/reconfigure.md +++ b/datacenter/dtr/2.3/reference/cli/reconfigure.md @@ -42,9 +42,9 @@ time, configure your DTR for high-availability. | `--https-proxy` | $DTR_HTTPS_PROXY | The HTTPS proxy used for outgoing requests. | | `--log-host` | $LOG_HOST | Where to send logs to. The endpoint to send logs to. Use this flag if you set `--log-protocol` to tcp or udp. | | `--log-level` | $LOG_LEVEL | Log level for all container logs when logging to syslog. Default: INFO. | -| `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal. This allows to define the protocol used to send container logs to an external system. The supported protocals are tcp, udp, or internal. Use this flag with `--log-host`. | +| `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal. This allows to define the protocol used to send container logs to an external system. The supported protocols are tcp, udp, or internal. Use this flag with `--log-host`. | | `--nfs-storage-url` | $NFS_STORAGE_URL | NFS to store Docker images. Format nfs:///. By default DTR creates a volume to store the Docker images in the local filesystem of the node where DTR is running, without high-availability. Use this flag to specify an NFS mount for DTR to store images, using the format nfs:///. To use this flag, you need to install an NFS client library like nfs-common in the node where you're deploying DTR. You can test this by running showmount -e . When you join new replicas, they will start using NFS so you don't need to use this flag. To reconfigure DTR to stop using NFS, leave this option empty. | -| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for. When using `--http-proxy` you can use this flag to specify a list of domains that you don't want to route throught the proxy. Format acme.com[, acme.org]. | +| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for. When using `--http-proxy` you can use this flag to specify a list of domains that you don't want to route through the proxy. Format acme.com[, acme.org]. | | `--replica-http-port` | $REPLICA_HTTP_PORT | The public HTTP port for the DTR replica. Default is 80. This allows you to customize the HTTP port where users can reach DTR. Once users access the HTTP port, they are redirected to use an HTTPS connection, using the port specified with `--replica-https-port`. This port can also be used for unencrypted health checks. | | `--replica-https-port` | $REPLICA_HTTPS_PORT | The public HTTPS port for the DTR replica. Default is 443. This allows you to customize the HTTPS port where users can reach DTR. Each replica can use a different port. | | `--ucp-ca` | $UCP_CA | Use a PEM-encoded TLS CA certificate for UCP. Download the UCP TLS CA certificate from https:///ca, and use --ucp-ca "$(cat ca.pem)". | diff --git a/datacenter/dtr/2.3/reference/cli/restore.md b/datacenter/dtr/2.3/reference/cli/restore.md index dbfaa1aa66..554dcd9705 100644 --- a/datacenter/dtr/2.3/reference/cli/restore.md +++ b/datacenter/dtr/2.3/reference/cli/restore.md @@ -24,7 +24,7 @@ restore procedure for the Docker images stored in your registry, taking in consideration whether your DTR installation is configured to store images on the local filesystem or using a cloud provider. -After restoring, you can add more DTR replicas by using the the 'join' command. +After restoring, you can add more DTR replicas by using the 'join' command. ## Options @@ -46,9 +46,9 @@ After restoring, you can add more DTR replicas by using the the 'join' command. | `--https-proxy` | $DTR_HTTPS_PROXY | The HTTPS proxy used for outgoing requests. | | `--log-host` | $LOG_HOST | Where to send logs to.The endpoint to send logs to. Use this flag if you set --log-protocol to tcp or udp. | | `--log-level` | $LOG_LEVEL | Log level for all container logs when logging to syslog. Default: INFO. | -| `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal.This allows to define the protocol used to send container logs to an external system. The supported protocals are tcp, udp, or internal. Use this flag with --log-host. | +| `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal.This allows to define the protocol used to send container logs to an external system. The supported protocols are tcp, udp, or internal. Use this flag with --log-host. | | `--nfs-storage-url` | $NFS_STORAGE_URL | NFS to store Docker images. Format nfs:///.By default DTR creates a volume to store the Docker images in the local filesystem of the node where DTR is running, without high-availability. Use this flag to specify an NFS mount for DTR to store images, using the format nfs:///. To use this flag, you need to install an NFS client library like nfs-common in the node where you're deploying DTR. You can test this by running showmount -e . When you join new replicas, they will start using NFS so you don't need to use this flag. To reconfigure DTR to stop using NFS, leave this option empty. | -| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route throught the proxy. Format acme.com[, acme.org]. | +| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route through the proxy. Format acme.com[, acme.org]. | | `--replica-http-port` | $REPLICA_HTTP_PORT | The public HTTP port for the DTR replica. Default is 80.This allows you to customize the HTTP port where users can reach DTR. Once users access the HTTP port, they are redirected to use an HTTPS connection, using the port specified with --replica-https-port. This port can also be used for unencrypted health checks. | | `--replica-https-port` | $REPLICA_HTTPS_PORT | The public HTTPS port for the DTR replica. Default is 443.This allows you to customize the HTTPS port where users can reach DTR. Each replica can use a different port. | | `--replica-id` | $DTR_INSTALL_REPLICA_ID | Assign an ID to the DTR replica. Random by default. | diff --git a/datacenter/dtr/2.4/guides/admin/configure/use-a-load-balancer.md b/datacenter/dtr/2.4/guides/admin/configure/use-a-load-balancer.md index 1251b10c85..826ccf5fc6 100644 --- a/datacenter/dtr/2.4/guides/admin/configure/use-a-load-balancer.md +++ b/datacenter/dtr/2.4/guides/admin/configure/use-a-load-balancer.md @@ -54,7 +54,7 @@ with more details on any one of these services: * Content trust (notary) This endpoint is for checking the health of a *single* replica. To get -the health of every replica in a cluster, querying each replica individiually is +the health of every replica in a cluster, querying each replica individually is the preferred way to do it in real time. The `/api/v0/meta/cluster_status` diff --git a/datacenter/dtr/2.4/guides/admin/monitor-and-troubleshoot/troubleshoot-batch-jobs.md b/datacenter/dtr/2.4/guides/admin/monitor-and-troubleshoot/troubleshoot-batch-jobs.md index 3864cc5ec9..d4207da654 100644 --- a/datacenter/dtr/2.4/guides/admin/monitor-and-troubleshoot/troubleshoot-batch-jobs.md +++ b/datacenter/dtr/2.4/guides/admin/monitor-and-troubleshoot/troubleshoot-batch-jobs.md @@ -69,8 +69,8 @@ Jobs can be in one of the following status: ## Job capacity -Each job runner has a limited capacity and doesn't claim jobs that require an -higher capacity. You can see the capacity of a job runner using the +Each job runner has a limited capacity and doesn't claim jobs that require a +higher capacity. You can see the capacity of a job runner using the `GET /api/v0/workers` endpoint: ```json diff --git a/datacenter/dtr/2.4/reference/cli/install.md b/datacenter/dtr/2.4/reference/cli/install.md index 78ebf9b66c..b7699e1e52 100644 --- a/datacenter/dtr/2.4/reference/cli/install.md +++ b/datacenter/dtr/2.4/reference/cli/install.md @@ -46,9 +46,9 @@ Note: Use --ucp-ca "$(cat ca.pem)" instead of --ucp-insecure-tls for a productio | `--https-proxy` | $DTR_HTTPS_PROXY | The HTTPS proxy used for outgoing requests. | | `--log-host` | $LOG_HOST | Where to send logs to.The endpoint to send logs to. Use this flag if you set --log-protocol to tcp or udp. | | `--log-level` | $LOG_LEVEL | Log level for all container logs when logging to syslog. Default: INFO. | -| `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal.This allows to define the protocol used to send container logs to an external system. The supported protocals are tcp, udp, or internal. Use this flag with --log-host. | +| `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal.This allows to define the protocol used to send container logs to an external system. The supported protocols are tcp, udp, or internal. Use this flag with --log-host. | | `--nfs-storage-url` | $NFS_STORAGE_URL | NFS to store Docker images. Format nfs:///.By default DTR creates a volume to store the Docker images in the local filesystem of the node where DTR is running, without high-availability. Use this flag to specify an NFS mount for DTR to store images, using the format nfs:///. To use this flag, you need to install an NFS client library like nfs-common in the node where you're deploying DTR. You can test this by running showmount -e . When you join new replicas, they will start using NFS so you don't need to use this flag. To reconfigure DTR to stop using NFS, leave this option empty. | -| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route throught the proxy. Format acme.com[, acme.org]. | +| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route through the proxy. Format acme.com[, acme.org]. | | `--overlay-subnet` | $DTR_OVERLAY_SUBNET | The subnet used by the dtr-ol overlay network. Example: 10.0.0.0/24.For high-availalibity, DTR creates an overlay network between UCP nodes. This flag allows you to choose the subnet for that network. Make sure the subnet you choose is not used on any machine where DTR replicas are deployed. | | `--replica-http-port` | $REPLICA_HTTP_PORT | The public HTTP port for the DTR replica. Default is 80.This allows you to customize the HTTP port where users can reach DTR. Once users access the HTTP port, they are redirected to use an HTTPS connection, using the port specified with --replica-https-port. This port can also be used for unencrypted health checks. | | `--replica-https-port` | $REPLICA_HTTPS_PORT | The public HTTPS port for the DTR replica. Default is 443.This allows you to customize the HTTPS port where users can reach DTR. Each replica can use a different port. | diff --git a/datacenter/dtr/2.4/reference/cli/reconfigure.md b/datacenter/dtr/2.4/reference/cli/reconfigure.md index a836829c9f..0605098068 100644 --- a/datacenter/dtr/2.4/reference/cli/reconfigure.md +++ b/datacenter/dtr/2.4/reference/cli/reconfigure.md @@ -39,9 +39,9 @@ time, configure your DTR for high-availability. | `--https-proxy` | $DTR_HTTPS_PROXY | The HTTPS proxy used for outgoing requests. | | `--log-host` | $LOG_HOST | Where to send logs to.The endpoint to send logs to. Use this flag if you set --log-protocol to tcp or udp. | | `--log-level` | $LOG_LEVEL | Log level for all container logs when logging to syslog. Default: INFO. | -| `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal.This allows to define the protocol used to send container logs to an external system. The supported protocals are tcp, udp, or internal. Use this flag with --log-host. | +| `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal.This allows to define the protocol used to send container logs to an external system. The supported protocols are tcp, udp, or internal. Use this flag with --log-host. | | `--nfs-storage-url` | $NFS_STORAGE_URL | NFS to store Docker images. Format nfs:///.By default DTR creates a volume to store the Docker images in the local filesystem of the node where DTR is running, without high-availability. Use this flag to specify an NFS mount for DTR to store images, using the format nfs:///. To use this flag, you need to install an NFS client library like nfs-common in the node where you're deploying DTR. You can test this by running showmount -e . When you join new replicas, they will start using NFS so you don't need to use this flag. To reconfigure DTR to stop using NFS, leave this option empty. | -| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route throught the proxy. Format acme.com[, acme.org]. | +| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route through the proxy. Format acme.com[, acme.org]. | | `--replica-http-port` | $REPLICA_HTTP_PORT | The public HTTP port for the DTR replica. Default is 80.This allows you to customize the HTTP port where users can reach DTR. Once users access the HTTP port, they are redirected to use an HTTPS connection, using the port specified with --replica-https-port. This port can also be used for unencrypted health checks. | | `--replica-https-port` | $REPLICA_HTTPS_PORT | The public HTTPS port for the DTR replica. Default is 443.This allows you to customize the HTTPS port where users can reach DTR. Each replica can use a different port. | | `--ucp-ca` | $UCP_CA | Use a PEM-encoded TLS CA certificate for UCP.Download the UCP TLS CA certificate from https:///ca, and use --ucp-ca "$(cat ca.pem)". | diff --git a/datacenter/dtr/2.4/reference/cli/restore.md b/datacenter/dtr/2.4/reference/cli/restore.md index 73a371f9f1..187439cf61 100644 --- a/datacenter/dtr/2.4/reference/cli/restore.md +++ b/datacenter/dtr/2.4/reference/cli/restore.md @@ -24,7 +24,7 @@ restore procedure for the Docker images stored in your registry, taking in consideration whether your DTR installation is configured to store images on the local filesystem or using a cloud provider. -After restoring, you can add more DTR replicas by using the the 'join' command. +After restoring, you can add more DTR replicas by using the 'join' command. ## Options @@ -43,9 +43,9 @@ After restoring, you can add more DTR replicas by using the the 'join' command. | `--https-proxy` | $DTR_HTTPS_PROXY | The HTTPS proxy used for outgoing requests. | | `--log-host` | $LOG_HOST | Where to send logs to.The endpoint to send logs to. Use this flag if you set --log-protocol to tcp or udp. | | `--log-level` | $LOG_LEVEL | Log level for all container logs when logging to syslog. Default: INFO. | -| `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal.This allows to define the protocol used to send container logs to an external system. The supported protocals are tcp, udp, or internal. Use this flag with --log-host. | +| `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal.This allows to define the protocol used to send container logs to an external system. The supported protocols are tcp, udp, or internal. Use this flag with --log-host. | | `--nfs-storage-url` | $NFS_STORAGE_URL | NFS to store Docker images. Format nfs:///.By default DTR creates a volume to store the Docker images in the local filesystem of the node where DTR is running, without high-availability. Use this flag to specify an NFS mount for DTR to store images, using the format nfs:///. To use this flag, you need to install an NFS client library like nfs-common in the node where you're deploying DTR. You can test this by running showmount -e . When you join new replicas, they will start using NFS so you don't need to use this flag. To reconfigure DTR to stop using NFS, leave this option empty. | -| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route throught the proxy. Format acme.com[, acme.org]. | +| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route through the proxy. Format acme.com[, acme.org]. | | `--replica-http-port` | $REPLICA_HTTP_PORT | The public HTTP port for the DTR replica. Default is 80.This allows you to customize the HTTP port where users can reach DTR. Once users access the HTTP port, they are redirected to use an HTTPS connection, using the port specified with --replica-https-port. This port can also be used for unencrypted health checks. | | `--replica-https-port` | $REPLICA_HTTPS_PORT | The public HTTPS port for the DTR replica. Default is 443.This allows you to customize the HTTPS port where users can reach DTR. Each replica can use a different port. | | `--replica-id` | $DTR_INSTALL_REPLICA_ID | Assign an ID to the DTR replica. Random by default. | diff --git a/datacenter/ucp/1.1/configuration/dtr-integration.md b/datacenter/ucp/1.1/configuration/dtr-integration.md index ad7edeaaad..ee89820fd4 100644 --- a/datacenter/ucp/1.1/configuration/dtr-integration.md +++ b/datacenter/ucp/1.1/configuration/dtr-integration.md @@ -10,7 +10,7 @@ title: Integrate with Docker Trusted Registry You can integrate UCP with Docker Trusted Registry (DTR). This allows you to securely store and manage the Docker images that are used in your UCP cluster. -At an high-level, there are three steps to integrate UCP with DTR: +At a high-level, there are three steps to integrate UCP with DTR: * Configure UCP to know about DTR, * Configure DTR to trust UCP, diff --git a/datacenter/ucp/1.1/configuration/multi-host-networking.md b/datacenter/ucp/1.1/configuration/multi-host-networking.md index aa0bb4eafc..7f804cff2a 100644 --- a/datacenter/ucp/1.1/configuration/multi-host-networking.md +++ b/datacenter/ucp/1.1/configuration/multi-host-networking.md @@ -150,7 +150,7 @@ To enable the networking feature, do the following. 5. Restart the Engine `daemon`. - The Engine `daemon` is a OS service process running on each node in your + The Engine `daemon` is an OS service process running on each node in your cluster. How you restart a service is operating-system dependent. Some examples appear below but keep in mind that on your system, the restart operation may differ. Check with your system administrator if you are not diff --git a/datacenter/ucp/1.1/user-management/create-and-manage-users.md b/datacenter/ucp/1.1/user-management/create-and-manage-users.md index c5b7f6db35..5d6782ce4a 100644 --- a/datacenter/ucp/1.1/user-management/create-and-manage-users.md +++ b/datacenter/ucp/1.1/user-management/create-and-manage-users.md @@ -32,7 +32,7 @@ in the cluster. There are four permission levels: | `No Access` | The user can't view any resource, like volumes, networks, images, or containers. | | `View Only` | The user can view volumes, networks and images, but can't create any containers. | | `Restricted Control` | The user can view and edit volumes, networks, and images. They can create containers, but can't see other users containers, run `docker exec`, or run containers that require privileged access to the host. | -| `Full Control` | The user can view and edit volumes, networks, and images, They can create containers without any restriction, but can't see other users containers. | +| `Full Control` | The user can view and edit volumes, networks, and images. They can create containers without any restriction, but can't see other users containers. | [Learn more about the UCP permission levels](permission-levels.md). Finally, click the **Create User** button, to create the user. diff --git a/datacenter/ucp/1.1/user-management/permission-levels.md b/datacenter/ucp/1.1/user-management/permission-levels.md index 9003e28e51..d767015688 100644 --- a/datacenter/ucp/1.1/user-management/permission-levels.md +++ b/datacenter/ucp/1.1/user-management/permission-levels.md @@ -34,7 +34,7 @@ access to full control over the resources. | `No Access` | The user can't view any resource, like volumes, networks, images, or containers. | | `View Only` | The user can view volumes, networks and images, but can't create any containers. | | `Restricted Control` | The user can view and edit volumes, networks, and images. They can create containers, but can't see other users containers, run `docker exec`, or run containers that require privileged access to the host. | -| `Full Control` | The user can view and edit volumes, networks, and images, They can create containers without any restriction, but can't see other users containers. | +| `Full Control` | The user can view and edit volumes, networks, and images. They can create containers without any restriction, but can't see other users containers. | When a user only has a default permission assigned, only them and admin users can see the containers they deploy in the cluster. diff --git a/datacenter/ucp/2.0/guides/content-trust/index.md b/datacenter/ucp/2.0/guides/content-trust/index.md index c00f0bde8c..fd6d824143 100644 --- a/datacenter/ucp/2.0/guides/content-trust/index.md +++ b/datacenter/ucp/2.0/guides/content-trust/index.md @@ -145,7 +145,7 @@ user certificates: $ notary delegation add -p // targets/releases --all-paths user1.pem user2.pem ``` -The above command adds the the `targets/releases` delegation role to a trusted +The above command adds the `targets/releases` delegation role to a trusted repository. This role is treated as an actual release branch for Docker Content Trust, since `docker pull` commands with trust enabled will pull directly from this diff --git a/datacenter/ucp/2.0/guides/installation/scale-your-cluster.md b/datacenter/ucp/2.0/guides/installation/scale-your-cluster.md index 4cb5a3af3c..41bad4213f 100644 --- a/datacenter/ucp/2.0/guides/installation/scale-your-cluster.md +++ b/datacenter/ucp/2.0/guides/installation/scale-your-cluster.md @@ -16,7 +16,7 @@ you use the [docker swarm join](/engine/swarm/swarm-tutorial/add-nodes.md) command to add more nodes to your cluster. When joining new nodes, the UCP services automatically start running in that node. -When joining a node a a cluster you can specify its role: manager or worker. +When joining a node a cluster you can specify its role: manager or worker. * **Manager nodes** diff --git a/datacenter/ucp/2.0/guides/user-management/permission-levels.md b/datacenter/ucp/2.0/guides/user-management/permission-levels.md index 4661527a18..aa10f1d8a5 100644 --- a/datacenter/ucp/2.0/guides/user-management/permission-levels.md +++ b/datacenter/ucp/2.0/guides/user-management/permission-levels.md @@ -32,7 +32,7 @@ access to full control over the resources. | `No Access` | The user can't view any resource, like volumes, networks, images, or containers. | | `View Only` | The user can view volumes, networks and images, but can't create any containers. | | `Restricted Control` | The user can view and edit volumes, networks, and images. They can create containers, but can't see other users containers, run `docker exec`, or run containers that require privileged access to the host. | -| `Full Control` | The user can view and edit volumes, networks, and images, They can create containers without any restriction, but can't see other users containers. | +| `Full Control` | The user can view and edit volumes, networks, and images. They can create containers without any restriction, but can't see other users containers. | When a user only has a default permission assigned, only them and admin users can see the containers they deploy in the cluster. diff --git a/datacenter/ucp/2.1/guides/admin/manage-users/permission-levels.md b/datacenter/ucp/2.1/guides/admin/manage-users/permission-levels.md index f273a37516..487663796a 100644 --- a/datacenter/ucp/2.1/guides/admin/manage-users/permission-levels.md +++ b/datacenter/ucp/2.1/guides/admin/manage-users/permission-levels.md @@ -32,7 +32,7 @@ access to full control over the resources. | `No Access` | The user can't view any resource, like volumes, networks, images, or containers. | | `View Only` | The user can view volumes, networks, and images, but can't create any containers. | | `Restricted Control` | The user can view and edit volumes, networks, and images. They can create containers, but can't see other users' containers, run `docker exec`, or run containers that require privileged access to the host. | -| `Full Control` | The user can view and edit volumes, networks, and images, They can create containers without any restriction, but can't see other users' containers. | +| `Full Control` | The user can view and edit volumes, networks, and images. They can create containers without any restriction, but can't see other users' containers. | If a user has Restricted Control or Full Control default permissions, they can create resources without labels, and only the user and Admins can see and access the resources. Default permissions also affect ability for a user to access things that can't have labels, images and nodes. diff --git a/datacenter/ucp/2.1/guides/user/secrets/index.md b/datacenter/ucp/2.1/guides/user/secrets/index.md index 7a3b83b535..5075af9166 100644 --- a/datacenter/ucp/2.1/guides/user/secrets/index.md +++ b/datacenter/ucp/2.1/guides/user/secrets/index.md @@ -11,7 +11,7 @@ services with sensitive information like passwords, TLS certificates, or private keys. Universal Control Plane allows you to store this sensitive information, also -know as secrets, in a secure way. It also gives you role-based access control +known as secrets, in a secure way. It also gives you role-based access control so that you can control which users can use a secret in their services and which ones can manage the secret. diff --git a/datacenter/ucp/2.2/guides/access-control/permission-levels.md b/datacenter/ucp/2.2/guides/access-control/permission-levels.md index 871f43d2a3..3d677851c3 100644 --- a/datacenter/ucp/2.2/guides/access-control/permission-levels.md +++ b/datacenter/ucp/2.2/guides/access-control/permission-levels.md @@ -39,7 +39,7 @@ The system provides the following default roles: | `View Only` | The user can view resources like services, volumes, and networks but can't create them. | | `Restricted Control` | The user can view and edit volumes, networks, and images but can't run a service or container in a way that might affect the node where it's running. The user can't mount a node directory and can't `exec` into containers. Also, The user can't run containers in privileged mode or with additional kernel capabilities. | | `Scheduler` | The user can view nodes and schedule workloads on them. Worker nodes and manager nodes are affected by `Scheduler` grants. Having `Scheduler` access doesn't allow the user to view workloads on these nodes. They need the appropriate resource permissions, like `Container View`. By default, all users get a grant with the `Scheduler` role against the `/Shared` collection. | -| `Full Control` | The user can view and edit volumes, networks, and images, They can create containers without any restriction, but can't see other users' containers. | +| `Full Control` | The user can view and edit volumes, networks, and images. They can create containers without any restriction, but can't see other users' containers. | ![Diagram showing UCP permission levels](../images/permissions-ucp.svg) diff --git a/datacenter/ucp/2.2/guides/admin/configure/ucp-configuration-file.md b/datacenter/ucp/2.2/guides/admin/configure/ucp-configuration-file.md index 706705a17b..14857deb4d 100644 --- a/datacenter/ucp/2.2/guides/admin/configure/ucp-configuration-file.md +++ b/datacenter/ucp/2.2/guides/admin/configure/ucp-configuration-file.md @@ -139,7 +139,7 @@ Settings for syncing users. ## auth.ldap.admin_sync_opts (optional) -Settings for syncing system admininistrator users. +Settings for syncing system administrator users. | Parameter | Required | Description | |:-----------------------|:---------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| diff --git a/datacenter/ucp/2.2/guides/user/services/use-domain-names-to-access-services.md b/datacenter/ucp/2.2/guides/user/services/use-domain-names-to-access-services.md index f5247fbda5..4f70c76168 100644 --- a/datacenter/ucp/2.2/guides/user/services/use-domain-names-to-access-services.md +++ b/datacenter/ucp/2.2/guides/user/services/use-domain-names-to-access-services.md @@ -223,5 +223,5 @@ you can create an overlay network that contains the `com.docker.mesh.http` label docker network create -d overlay --label com.docker.ucp.mesh.http=true new-hrm-network ``` -If you're creating a a new HRM network you need to disable the HRM service first, or disable +If you're creating a new HRM network you need to disable the HRM service first, or disable and enable the HRM service after you create the network else HRM will not be available on new network. diff --git a/datacenter/ucp/2.2/reference/api/swagger-ui.js b/datacenter/ucp/2.2/reference/api/swagger-ui.js index 207714d300..c9abd09ff8 100644 --- a/datacenter/ucp/2.2/reference/api/swagger-ui.js +++ b/datacenter/ucp/2.2/reference/api/swagger-ui.js @@ -2121,7 +2121,7 @@ SuperagentHttpClient.prototype.execute = function (obj) { } else if (res && obj.on && obj.on.response) { var possibleObj; - // Already parsed by by superagent? + // Already parsed by superagent? if(res.body && Object.keys(res.body).length > 0) { possibleObj = res.body; } else { @@ -12442,7 +12442,7 @@ var iframe, elemdisplay = {}; /** - * Retrieve the actual display of a element + * Retrieve the actual display of an element * @param {String} name nodeName of the element * @param {Object} doc Document object */ @@ -13862,7 +13862,7 @@ jQuery.fx.speeds = { }; -// Based off of the plugin by Clint Helfers, with permission. +// Based on the plugin by Clint Helfers, with permission. // http://blindsignals.com/index.php/2009/07/jquery-delay/ jQuery.fn.delay = function( time, type ) { time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time; @@ -26068,7 +26068,7 @@ var baseCreate = require('./baseCreate'), * @private * @param {*} value The value to wrap. * @param {boolean} [chainAll] Enable chaining for all wrapper methods. - * @param {Array} [actions=[]] Actions to peform to resolve the unwrapped value. + * @param {Array} [actions=[]] Actions to perform to resolve the unwrapped value. */ function LodashWrapper(value, chainAll, actions) { this.__wrapped__ = value; diff --git a/datacenter/ucp/2.2/reference/api/swagger-ui.js.original b/datacenter/ucp/2.2/reference/api/swagger-ui.js.original index 207714d300..c9abd09ff8 100644 --- a/datacenter/ucp/2.2/reference/api/swagger-ui.js.original +++ b/datacenter/ucp/2.2/reference/api/swagger-ui.js.original @@ -2121,7 +2121,7 @@ SuperagentHttpClient.prototype.execute = function (obj) { } else if (res && obj.on && obj.on.response) { var possibleObj; - // Already parsed by by superagent? + // Already parsed by superagent? if(res.body && Object.keys(res.body).length > 0) { possibleObj = res.body; } else { @@ -12442,7 +12442,7 @@ var iframe, elemdisplay = {}; /** - * Retrieve the actual display of a element + * Retrieve the actual display of an element * @param {String} name nodeName of the element * @param {Object} doc Document object */ @@ -13862,7 +13862,7 @@ jQuery.fx.speeds = { }; -// Based off of the plugin by Clint Helfers, with permission. +// Based on the plugin by Clint Helfers, with permission. // http://blindsignals.com/index.php/2009/07/jquery-delay/ jQuery.fn.delay = function( time, type ) { time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time; @@ -26068,7 +26068,7 @@ var baseCreate = require('./baseCreate'), * @private * @param {*} value The value to wrap. * @param {boolean} [chainAll] Enable chaining for all wrapper methods. - * @param {Array} [actions=[]] Actions to peform to resolve the unwrapped value. + * @param {Array} [actions=[]] Actions to perform to resolve the unwrapped value. */ function LodashWrapper(value, chainAll, actions) { this.__wrapped__ = value; diff --git a/docker-for-azure/release-notes.md b/docker-for-azure/release-notes.md index 254b2988d1..c3beb2d86f 100644 --- a/docker-for-azure/release-notes.md +++ b/docker-for-azure/release-notes.md @@ -9,8 +9,6 @@ title: Docker for Azure Release Notes ## Enterprise Edition [Docker Enterprise Edition Lifecycle](https://success.docker.com/Policies/Maintenance_Lifecycle){: target="_blank"} -[Deploy Docker Enterprise Edition (EE) for AWS](https://hub.docker.com/editions/enterprise/docker-ee-aws?tab=description){: target="_blank" class="button outline-btn"} - ### 17.06 EE - Docker engine 17.06 EE diff --git a/docker-for-mac/edge-release-notes.md b/docker-for-mac/edge-release-notes.md index b7a5a00658..fcf0ad830d 100644 --- a/docker-for-mac/edge-release-notes.md +++ b/docker-for-mac/edge-release-notes.md @@ -123,7 +123,7 @@ for Mac](install.md#download-docker-for-mac). - [Notary 0.6.1](https://github.com/docker/notary/releases/tag/v0.6.1) * New - - Re-enable raw as the the default disk format for users running macOS 10.13.4 and higher. Note this change only takes effect after a "reset to factory defaults" or "remove all data" (from the Whale menu -> Preferences -> Reset). Related to [docker/for-mac#2625](https://github.com/docker/for-mac/issues/2625) + - Re-enable raw as the default disk format for users running macOS 10.13.4 and higher. Note this change only takes effect after a "reset to factory defaults" or "remove all data" (from the Whale menu -> Preferences -> Reset). Related to [docker/for-mac#2625](https://github.com/docker/for-mac/issues/2625) * Bug fixes and minor changes - Fix Docker for Mac not starting due to socket file paths being too long (typically HOME folder path being too long). Fixes [docker/for-mac#2727](https://github.com/docker/for-mac/issues/2727), [docker/for-mac#2731](https://github.com/docker/for-mac/issues/2731). @@ -239,7 +239,7 @@ for Mac](install.md#download-docker-for-mac). * Bug fixes and minor changes - Added "Restart" menu item. See [docker/for-mac#2407](https://github.com/docker/for-mac/issues/2407) - - Keep any existing kubectl binary when activating Kubenetes in Docker for Mac, and restore it when disabling Kubernetes. Fixes [docker/for-mac#2508](https://github.com/docker/for-mac/issues/2508), [docker/for-mac#2368](https://github.com/docker/for-mac/issues/2368) + - Keep any existing kubectl binary when activating Kubernetes in Docker for Mac, and restore it when disabling Kubernetes. Fixes [docker/for-mac#2508](https://github.com/docker/for-mac/issues/2508), [docker/for-mac#2368](https://github.com/docker/for-mac/issues/2368) - Fix Kubernetes context selector. Fixes [docker/for-mac#2495](https://github.com/docker/for-mac/issues/2495) ### Docker Community Edition 18.01.0-ce-mac48 2018-01-19 diff --git a/docker-for-mac/images/diagnose-feedback-id.png b/docker-for-mac/images/diagnose-feedback-id.png index 68bf55f4b6..69f5a6b829 100644 Binary files a/docker-for-mac/images/diagnose-feedback-id.png and b/docker-for-mac/images/diagnose-feedback-id.png differ diff --git a/docker-for-mac/images/diagnose-feedback.png b/docker-for-mac/images/diagnose-feedback.png index 79978d68fb..547396db83 100644 Binary files a/docker-for-mac/images/diagnose-feedback.png and b/docker-for-mac/images/diagnose-feedback.png differ diff --git a/docker-for-mac/images/mac-install-success-docker-cloud.png b/docker-for-mac/images/mac-install-success-docker-cloud.png index 3f104562dd..6965c492ab 100644 Binary files a/docker-for-mac/images/mac-install-success-docker-cloud.png and b/docker-for-mac/images/mac-install-success-docker-cloud.png differ diff --git a/docker-for-mac/images/menu/prefs-kubernetes.png b/docker-for-mac/images/menu/prefs-kubernetes.png index ddc7fbe3f2..6b70e15dc8 100644 Binary files a/docker-for-mac/images/menu/prefs-kubernetes.png and b/docker-for-mac/images/menu/prefs-kubernetes.png differ diff --git a/docker-for-mac/index.md b/docker-for-mac/index.md index 8294dae056..7c72f64381 100644 --- a/docker-for-mac/index.md +++ b/docker-for-mac/index.md @@ -18,11 +18,14 @@ Welcome to Docker for Mac! Docker is a full development platform for creating containerized apps, and Docker for Mac is the best way to get started with Docker _on a Mac_. -> See [Install Docker for Mac](install.md){: target="_blank" class="_"} for information on system requirements and stable & edge channels. +> See [Install Docker for Mac](install.md){: target="_blank" class="_"} for +> information on system requirements and stable & edge channels. ## Check versions -Ensure your versions of `docker`, `docker-compose`, and `docker-machine` are up-to-date and compatible with `Docker.app`. Your output may differ if you are running different versions. +Ensure your versions of `docker`, `docker-compose`, and `docker-machine` are +up-to-date and compatible with `Docker.app`. Your output may differ if you are +running different versions. ```shell $ docker --version @@ -38,7 +41,9 @@ docker-machine version {{ site.machine_version }}, build 9ba6da9 ## Explore the application 1. Open a command-line terminal and test that your installation works by - running the simple Docker image, [hello-world](https://hub.docker.com/_/hello-world/){: target="_blank" class="_"}: + running the simple Docker image, + [hello-world](https://hub.docker.com/_/hello-world/){: target="_blank" + class="_"}: ```shell $ docker run hello-world @@ -61,15 +66,18 @@ docker-machine version {{ site.machine_version }}, build 9ba6da9 $ docker run -d -p 80:80 --name webserver nginx ``` -3. In a web browser, go to `http://localhost/` to view the nginx homepage. Because we specified the default HTTP port, it isn't necessary to append `:80` at the end of the URL. +3. In a web browser, go to `http://localhost/` to view the nginx homepage. + Because we specified the default HTTP port, it isn't necessary to append + `:80` at the end of the URL. ![nginx home page](images/hello-world-nginx.png){:width="500px"} - > Early beta releases used `docker` as the hostname to build the - > URL. Now, ports are exposed on the private IP addresses of the VM and - > forwarded to `localhost` with no other host name set. + > Early beta releases used `docker` as the hostname to build the URL. Now, + > ports are exposed on the private IP addresses of the VM and forwarded to + > `localhost` with no other host name set. -4. View the details on the container while your web server is running (with `docker container ls` or `docker ps`): +4. View the details on the container while your web server is running (with + `docker container ls` or `docker ps`): ```none $ docker container ls @@ -77,7 +85,8 @@ docker-machine version {{ site.machine_version }}, build 9ba6da9 56f433965490 nginx "nginx -g 'daemon off" About a minute ago Up About a minute 0.0.0.0:80->80/tcp, 443/tcp webserver ``` -5. Stop and remove containers and images with the following commands. Use the "all" flag (`--all` or `-a`) to view stopped containers. +5. Stop and remove containers and images with the following commands. Use the + "all" flag (`--all` or `-a`) to view stopped containers. ```shell $ docker container ls @@ -90,7 +99,8 @@ docker-machine version {{ site.machine_version }}, build 9ba6da9 ## Preferences menu -Choose ![whale menu](images/whale-x.png){: .inline} -> **Preferences** from the menu bar and configure the runtime options described below. +Choose ![whale menu](images/whale-x.png){: .inline} → **Preferences** from the +menu bar and configure the runtime options described below. ![Docker context menu](images/menu/prefs.png){:width="250px"} @@ -100,18 +110,24 @@ Choose ![whale menu](images/whale-x.png){: .inline} -> **Preferences** from the General settings are: -- **Start Docker when you log in**: Uncheck this option if you don't want Docker to start when you open your session. +- **Start Docker when you log in**: Uncheck this option if you don't want Docker + to start when you open your session. - **Automatically check for updates** notifies you when an update is available. Click **OK** to accept and install updates (or cancel to keep the current version). If you disable this option, you can still find out about updates - manually by choosing ![whale menu](images/whale-x.png){: .inline} -> **Check for Updates**. + manually by choosing ![whale menu](images/whale-x.png){: .inline} → **Check + for Updates**. -- **Include VM in Time Machine backups** backs up the Docker for Mac virtual machine. (Disabled by default.) +- **Include VM in Time Machine backups** backs up the Docker for Mac virtual + machine. (Disabled by default.) -- **Securely store Docker logins in MacOS keychain** stores your Docker login credentials. (Enabled by default.) +- **Securely store Docker logins in MacOS keychain** stores your Docker login + credentials. (Enabled by default.) -- **Send usage statistics** — Send diagnostics, crash reports, and usage data to Docker. This information helps Docker improve the application and get more context for troubleshooting problems. (Enabled by default.) +- **Send usage statistics** — Send diagnostics, crash reports, and usage + data to Docker. This information helps Docker improve the application and get + more context for troubleshooting problems. (Enabled by default.) ### File sharing @@ -127,7 +143,8 @@ File share settings are: - **Add a Directory**: Click `+` and navigate to the directory you want to add. -- **Apply & Restart** makes the directory available to containers using Docker's bind mount (`-v`) feature. +- **Apply & Restart** makes the directory available to containers using Docker's + bind mount (`-v`) feature. There are some limitations on the directories that can be shared: @@ -136,30 +153,34 @@ File share settings are: For more information, see: -- [Namespaces](osxfs.md#namespaces){: target="_blank" class="_"} in the topic on [osxfs file system sharing](osxfs.md). -- [Volume mounting requires file sharing for any project directories outside of `/Users`](troubleshoot.md#volume-mounting-requires-file-sharing-for-any-project-directories-outside-of-users).) +- [Namespaces](osxfs.md#namespaces){: target="_blank" class="_"} in the topic on + [osxfs file system sharing](osxfs.md). +- [Volume mounting requires file sharing for any project directories outside of + `/Users`](troubleshoot.md#volume-mounting-requires-file-sharing-for-any-project-directories-outside-of-users).) ### Advanced On the Advanced tab, you can limit resources available to Docker. -![Advanced Preference settings-advanced](images/menu/prefs-advanced.png){:width="400px"} +![Advanced Preference +settings-advanced](images/menu/prefs-advanced.png){:width="400px"} Advanced settings are: -**CPUs**: By default, Docker for Mac is set to use half the number of processors available -on the host machine. To increase processing power, set this to a higher number; -to decrease, lower the number. +**CPUs**: By default, Docker for Mac is set to use half the number of processors +available on the host machine. To increase processing power, set this to a +higher number; to decrease, lower the number. -**Memory**: By default, Docker for Mac is set to use `2` GB runtime memory, allocated from -the total available memory on your Mac. To increase RAM, set this to a higher number; -to decrease it, lower the number. +**Memory**: By default, Docker for Mac is set to use `2` GB runtime memory, +allocated from the total available memory on your Mac. To increase RAM, set this +to a higher number; to decrease it, lower the number. **Swap**: Configure swap file size as needed. The default is 1 GB. ### Disk -Specify the **Disk image location** of the Linux volume, where containers and images are stored. +Specify the **Disk image location** of the Linux volume, where containers and +images are stored. You can also move the disk image location. If you attempt to move the disk image to a location that already has one, you get a prompt asking if you want to use @@ -178,8 +199,8 @@ pulling containers. ![macOS Proxy Settings](images/proxy-settings.png){:width="600px"} -When you start a container, your proxy settings propagate into -the containers. For example: +When you start a container, your proxy settings propagate into the containers. +For example: ``` $ docker run -it alpine env @@ -202,7 +223,8 @@ using [restart policies](/engine/reference/run/#restart-policies-restart). ### Daemon -You can configure options on the Docker daemon that determine how your containers run. +You can configure options on the Docker daemon that determine how your +containers run. Select **Basic** to configure the daemon with interactive settings, or select **Advanced** to edit the JSON directly. @@ -213,12 +235,18 @@ Select **Basic** to configure the daemon with interactive settings, or select #### Experimental features Both Docker for Mac Stable and Edge releases have experimental features enabled -on Docker Engine, as described [Docker Experimental Features README](https://github.com/docker/docker-ce/blob/master/components/cli/experimental/README.md){: target="_blank" class="_"}. If you uncheck **experimental mode**, Docker for Mac uses the current generally available -release of Docker Engine. +on Docker Engine, as described [Docker Experimental Features +README](https://github.com/docker/docker-ce/blob/master/components/cli/experimental/README.md){: +target="_blank" class="_"}. If you uncheck **experimental mode**, Docker for Mac +uses the current generally available release of Docker Engine. > Don't enable experimental features in production > -> Experimental features are not appropriate for production environments or workloads. They are meant to be sandbox experiments for new ideas. Some experimental features may become incorporated into upcoming stable releases, but others may be modified or pulled from subsequent Edge releases, and never released on Stable. +>Experimental features are not appropriate for production environments or +>workloads. They are meant to be sandbox experiments for new ideas. Some +>experimental features may become incorporated into upcoming stable releases, +>but others may be modified or pulled from subsequent Edge releases, and never +>released on Stable. You can see whether you are running experimental mode at the command line. If `Experimental` is `true`, then Docker is running in experimental mode, as shown @@ -231,30 +259,41 @@ true #### Insecure registries -You can set up a custom and insecure [registry](/registry/introduction.md){: target="_blank" class="_"} -to store your public or private images (instead of using [Docker Hub](https://hub.docker.com/){:target="_blank" class="_"} -or [Docker Trusted Registry](/datacenter/dtr/2.1/guides/index.md)). -Add URLs for your insecure registries and registry mirrors on which to host your images. +You can set up a custom and insecure [registry](/registry/introduction.md){: +target="_blank" class="_"} to store your public or private images (instead of +using [Docker Hub](https://hub.docker.com/){:target="_blank" class="_"} or +[Docker Trusted Registry](/datacenter/dtr/2.1/guides/index.md)). Add URLs for +your insecure registries and registry mirrors on which to host your images. See also: -- [How do I add custom CA certificates?](faqs.md#how-do-i-add-custom-ca-certificates){:target="_blank" class="_"} -- [How do I add client certificates](faqs.md#how-do-i-client-certificates){:target="_blank" class="_"} +- [How do I add custom CA + certificates?](faqs.md#how-do-i-add-custom-ca-certificates){:target="_blank" + class="_"} +- [How do I add client + certificates](faqs.md#how-do-i-client-certificates){:target="_blank" + class="_"} #### Daemon configuration file -Click the **Advanced** tab to configure the daemon from the JSON file. For a full -list of options, see the Docker Engine [dockerd commandline reference](/engine/reference/commandline/dockerd.md){:target="_blank" class="_"}. +Click the **Advanced** tab to configure the daemon from the JSON file. For a +full list of options, see the Docker Engine [dockerd commandline +reference](/engine/reference/commandline/dockerd.md){:target="_blank" +class="_"}. Click **Apply & Restart** to save your settings and reboot Docker. Or, to cancel -changes, click another preference tab, then choose to discard or not apply changes when asked. +changes, click another preference tab, then choose to discard or not apply +changes when asked. ![Docker Daemon](images/menu/prefs-daemon-adv.png){:width="400px"} ### Kubernetes -Docker for Mac 17.12 CE (and higher) includes a standalone Kubernetes server -that runs on your Mac, so that you can test deploying your Docker workloads on -Kubernetes. +In Docker for Mac [17.12 Edge +(mac45)](/docker-for-mac/edge-relese-notes/#docker-community-edition-17120-ce-mac45-2018-01-05) +and higher, and [18.06 Stable +(mac70)](/docker-for-mac/release-notes/#docker-community-edition-18060-ce-mac70-2018-07-25) +and higher, a standalone Kubernetes server is included that runs on your Mac, so +that you can test deploying your Docker workloads on Kubernetes. The Kubernetes client command, `kubectl`, is included and configured to connect to the local Kubernetes server. If you have `kubectl` already installed and @@ -270,10 +309,13 @@ If you installed `kubectl` with Homebrew, or by some other method, and experience conflicts, remove `/usr/local/bin/kubectl`. - To enable Kubernetes support and install a standalone instance of Kubernetes - running as a Docker container, select **Enable Kubernetes** and click the - **Apply** button. + running as a Docker container, select **Enable Kubernetes**, choose the + [default + orchestrator](/docker-for-mac/kubernetes/#override-the-default-orchestrator) + and click the **Apply** button. - ![Enable Kubernetes](images/menu/prefs-kubernetes.png){: .with-border width="400px"} + ![Enable Kubernetes](images/menu/prefs-kubernetes.png){: .with-border + width="400px"} An Internet connection is required. Images required to run the Kubernetes @@ -283,29 +325,32 @@ experience conflicts, remove `/usr/local/bin/kubectl`. When Kubernetes is enabled and running, an additional status bar item displays at the bottom right of the Docker for Mac Preferences dialog. - ![Installation complete](images/kubernetes/kubernetes-install-complete.png){:width="400px"} + ![Installation + complete](images/kubernetes/kubernetes-install-complete.png){:width="400px"} - The status of Kubernetes shows in the Docker menu and the context points to `docker-for-desktop`. + The status of Kubernetes shows in the Docker menu and the context points to + `docker-for-desktop`. - ![Docker Menu with Kubernetes](images/menu/kube-context.png){: .with-border width="400px"} + ![Docker Menu with Kubernetes](images/menu/kube-context.png){: .with-border + width="400px"} - By default, Kubernetes containers are hidden from commands like `docker service ls`, because managing them manually is not supported. To make them - visible, select **Show system containers (advanced)** and click **Apply and restart**. - Most users do not need this option. + visible, select **Show system containers (advanced)** and click **Apply and + restart**. Most users do not need this option. -- To disable Kubernetes support at any time, deselect **Enable Kubernetes**. - The Kubernetes containers are stopped and removed, and the +- To disable Kubernetes support at any time, deselect **Enable Kubernetes**. The + Kubernetes containers are stopped and removed, and the `/usr/local/bin/kubectl` command is removed. - For more about using the Kubernetes integration with - Docker for Mac, see [Deploy on Kubernetes](kubernetes.md){:target="_blank" class="_"}. + For more about using the Kubernetes integration with Docker for Mac, see + [Deploy on Kubernetes](kubernetes.md){:target="_blank" class="_"}. ### Reset -Select ![whale menu](images/whale-x.png){: .inline} -> -**Preferences** from the menu bar, then click **Reset** to reset factory -defaults, restart the Docker daemon, or uninstall. +Select ![whale menu](images/whale-x.png){: .inline} -> **Preferences** from the +menu bar, then click **Reset** to reset factory defaults, restart the Docker +daemon, or uninstall. ![Uninstall or reset Docker](images/menu/prefs-reset.png){:width="400px"} @@ -313,27 +358,28 @@ Reset settings are: * **Restart** - Select to restart the Docker daemon. -* **Remove all data** - This option removes/resets all Docker data _without_ -a reset to factory defaults (which would cause you to lose settings). +* **Remove all data** - This option removes/resets all Docker data _without_ a + reset to factory defaults (which would cause you to lose settings). * **Reset to factory defaults** - Choose this option to reset all options on Docker for Mac to its initial state, the same as when it was first installed. - * **Uninstall** - Choose this option to remove Docker for Mac from your system. + * **Uninstall** - Choose this option to remove Docker for Mac from your + system. > Uninstall Docker for Mac from the commandline > -> To uninstall Docker from Mac from a terminal, run: ` --uninstall`. -> If your instance is installed in the default location, this command provides a -> clean uninstall: +>To uninstall Docker from Mac from a terminal, run: ` +>--uninstall`. If your instance is installed in the default location, this +>command provides a clean uninstall: > -> ```shell -> $ /Applications/Docker.app/Contents/MacOS/Docker --uninstall -> Docker is running, exiting... -> Docker uninstalled successfully. You can move the Docker application to the trash. -> ``` -> You might want to use the command-line uninstall if, for example, you find that -> the app is non-functional, and you cannot uninstall it from the menu. +>```shell +>$ /Applications/Docker.app/Contents/MacOS/Docker --uninstall +>Docker is running, exiting... +>Docker uninstalled successfully. You can move the Docker application to the trash. +>``` +>You might want to use the command-line uninstall if, for example, you find that +>the app is non-functional, and you cannot uninstall it from the menu. ## Add TLS certificates @@ -343,15 +389,14 @@ registries) to your Docker daemon. ### Add custom CA certificates (server side) -All trusted CAs (root or intermediate) are supported. -Docker for Mac creates a certificate bundle of all user-trusted CAs based on the -Mac Keychain, and appends it to Moby trusted certificates. So if an enterprise -SSL certificate is trusted by the user on the host, it is trusted by Docker -for Mac. +All trusted CAs (root or intermediate) are supported. Docker for Mac creates a +certificate bundle of all user-trusted CAs based on the Mac Keychain, and +appends it to Moby trusted certificates. So if an enterprise SSL certificate is +trusted by the user on the host, it is trusted by Docker for Mac. -To manually add a custom, self-signed certificate, start by adding -the certificate to the macOS keychain, which is picked up by Docker for -Mac. Here is an example. +To manually add a custom, self-signed certificate, start by adding the +certificate to the macOS keychain, which is picked up by Docker for Mac. Here is +an example. ```bash $ sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ca.crt @@ -364,14 +409,17 @@ than for all users), run this command instead: $ security add-trusted-cert -d -r trustRoot -k ~/Library/Keychains/login.keychain ca.crt ``` -See also, [Directory structures for certificates](#directory-structures-for-certificates). +See also, [Directory structures for +certificates](#directory-structures-for-certificates). -> **Note:** You need to restart Docker for Mac after making any changes to -the keychain or to the `~/.docker/certs.d` directory in order for -the changes to take effect. +> **Note:** You need to restart Docker for Mac after making any changes to the +keychain or to the `~/.docker/certs.d` directory in order for the changes to +take effect. -For a complete explanation of how to do this, see the blog post -[Adding Self-signed Registry Certs to Docker & Docker for Mac](http://container-solutions.com/adding-self-signed-registry-certs-docker-mac/){:target="_blank" class="_"}. +For a complete explanation of how to do this, see the blog post [Adding +Self-signed Registry Certs to Docker & Docker for +Mac](http://container-solutions.com/adding-self-signed-registry-certs-docker-mac/){:target="_blank" +class="_"}. ### Add client certificates @@ -384,15 +432,14 @@ folder on your Mac to the `/etc/docker/certs.d` directory on Moby (the Docker for Mac `xhyve` virtual machine). > * You need to restart Docker for Mac after making any changes to the keychain -> or to the `~/.docker/certs.d` directory in order for the changes to take -> effect. +> or to the `~/.docker/certs.d` directory in order for the changes to take +> effect. > > * The registry cannot be listed as an _insecure registry_ (see [Docker -> Daemon](index.md#docker-daemon)). Docker for Mac ignores -> certificates listed under insecure registries, and does not send client -> certificates. Commands like `docker run` that attempt to pull from the -> registry produce error messages on the command line, as well as on the -> registry. +> Daemon](index.md#docker-daemon)). Docker for Mac ignores certificates listed +> under insecure registries, and does not send client certificates. Commands +> like `docker run` that attempt to pull from the registry produce error +> messages on the command line, as well as on the registry. ### Directory structures for certificates @@ -443,10 +490,11 @@ installed both in Bash and Zsh. ### Bash -Bash has [built-in support for completion](https://www.debian-administration.org/article/316/An_introduction_to_bash_completion_part_1){:target="_blank" class="_"} -To activate completion for Docker commands, these files need to be copied or -symlinked to your `bash_completion.d/` directory. For example, if you installed -bash via [Homebrew](http://brew.sh/): +Bash has [built-in support for +completion](https://www.debian-administration.org/article/316/An_introduction_to_bash_completion_part_1){:target="_blank" +class="_"} To activate completion for Docker commands, these files need to be +copied or symlinked to your `bash_completion.d/` directory. For example, if you +installed bash via [Homebrew](http://brew.sh/): ```bash etc=/Applications/Docker.app/Contents/Resources/etc @@ -457,10 +505,11 @@ ln -s $etc/docker-compose.bash-completion $(brew --prefix)/etc/bash_completion.d ### Zsh -In Zsh, the [completion system](http://zsh.sourceforge.net/Doc/Release/Completion-System.html){:target="_blank" class="_"} -takes care of things. To activate completion for Docker commands, these files -need to be copied or symlinked to your Zsh `site-functions/` directory. For -example, if you installed Zsh via [Homebrew](http://brew.sh/): +In Zsh, the [completion +system](http://zsh.sourceforge.net/Doc/Release/Completion-System.html){:target="_blank" +class="_"} takes care of things. To activate completion for Docker commands, +these files need to be copied or symlinked to your Zsh `site-functions/` +directory. For example, if you installed Zsh via [Homebrew](http://brew.sh/): ```bash etc=/Applications/Docker.app/Contents/Resources/etc @@ -485,31 +534,37 @@ options at the bottom of each docs page. ## Docker Hub -Choose **Docker Hub** (or on older versions, **Docker Store**) from the Docker for Mac menu to get to the Docker app -downloads site. [Docker hub](https://hub.docker.com/){:target="_blank" class="_"} is the best place to find compliant, trusted software distributed as Docker Images. +You can access your [Docker ID](/docker-id/index.md){:target="_blank" +class="_"} account from within Docker for Mac. -## Docker Hub +![Docker ID](images/docker-cloud.png){:width="550px"} -You can access your [Docker Hub](/docker-hub/index.md){:target="_blank" class="_"} account from within Docker for Mac. +From the Docker for Mac menu, sign in to Docker Hub with your Docker ID, or +create one. -From the Docker for Mac menu, sign in to Docker Hub with your Docker ID, or create one. - -![Docker Hub sign-in](images/menu/sign-in.png){: .with-border width="250px"} +![Docker ID sign-in](images/menu/sign-in.png){: .with-border width="250px"} Then use the Docker for Mac menu to create, view, or navigate directly to your Cloud resources, including **organizations**, **repositories**, and **swarms**. -Check out these [Docker Hub topics](/docker-cloud/index.md){:target="_blank" class="_"} to learn more: +Check out these [Docker Hub topics](/docker-hub/index.md){:target="_blank" +class="_"} to learn more: -* [Organizations and Teams in Docker Hub](/docker-hub/orgs.md){:target="_blank" class="_"} -* [Builds and Images](/docker-hub/builds/index.md){:target="_blank" class="_"} +* [Organizations and Teams in Docker + Hub](/docker-cloud/orgs/index.md){:target="_blank" class="_"} +* [Builds](/docker-hub/builds/index.md){:target="_blank" class="_"} ## Where to go next -* Try out the walkthrough at [Get Started](/get-started/){: target="_blank" class="_"}. +* Try out the walkthrough at [Get Started](/get-started/){: target="_blank" + class="_"}. -* Dig in deeper with [Docker Labs](https://github.com/docker/labs/) example walkthroughs and source code. +* Dig in deeper with [Docker Labs](https://github.com/docker/labs/) example + walkthroughs and source code. -* For a summary of Docker command line interface (CLI) commands, see [Docker CLI Reference Guide](/engine/api.md){: target="_blank" class="_"}. +* For a summary of Docker command line interface (CLI) commands, see [Docker CLI + Reference Guide](/engine/api.md){: target="_blank" class="_"}. -* Check out the blog post, [What’s New in Docker 17.06 Community Edition (CE)](https://blog.docker.com/2017/07/whats-new-docker-17-06-community-edition-ce/){: target="_blank" class="_"}. +* Check out the blog post, [What’s New in Docker 17.06 Community Edition + (CE)](https://blog.docker.com/2017/07/whats-new-docker-17-06-community-edition-ce/){: + target="_blank" class="_"}. diff --git a/docker-for-mac/opensource.md b/docker-for-mac/opensource.md index 8496ef95b2..c6308fb2c7 100644 --- a/docker-for-mac/opensource.md +++ b/docker-for-mac/opensource.md @@ -7,7 +7,7 @@ notoc: true Docker Desktop Editions are built using open source software. For details on the licensing, choose -![whale menu](images/whale-x.png){: .inline} --> +![whale menu](images/whale-x.png){: .inline} → **About Docker** from within the application, then click **Acknowledgements**. Docker Desktop Editions distribute some components that are licensed under the diff --git a/docker-for-mac/release-notes.md b/docker-for-mac/release-notes.md index 32af59d565..30d8f4647c 100644 --- a/docker-for-mac/release-notes.md +++ b/docker-for-mac/release-notes.md @@ -44,7 +44,7 @@ for Mac](install.md#download-docker-for-mac). * New - Kubernetes Support. You can now run a single-node Kubernetes cluster from the "Kubernetes" Pane in Docker For Mac Preferences and use kubectl commands as well as docker commands. See https://docs.docker.com/docker-for-mac/kubernetes/ - Add an experimental SOCKS server to allow access to container networks, see [docker/for-mac#2670](https://github.com/docker/for-mac/issues/2670#issuecomment-372365274). Also see [docker/for-mac#2721](https://github.com/docker/for-mac/issues/2721) - - Re-enable raw as the the default disk format for users running macOS 10.13.4 and higher. Note this change only takes effect after a "reset to factory defaults" or "remove all data" (from the Whale menu -> Preferences -> Reset). Related to [docker/for-mac#2625](https://github.com/docker/for-mac/issues/2625) + - Re-enable raw as the default disk format for users running macOS 10.13.4 and higher. Note this change only takes effect after a "reset to factory defaults" or "remove all data" (from the Whale menu -> Preferences -> Reset). Related to [docker/for-mac#2625](https://github.com/docker/for-mac/issues/2625) * Bug fixes and minor changes - AUFS storage driver is deprecated in Docker Desktop and AUFS support will be removed in the next major release. You can continue with AUFS in Docker Desktop 18.06.x, but you will need to reset disk image (in Preferences > Reset menu) before updating to the next major update. You can check documentation to [save images](https://docs.docker.com/engine/reference/commandline/save/#examples) and [backup volumes](https://docs.docker.com/storage/volumes/#backup-restore-or-migrate-data-volumes) diff --git a/docker-for-mac/troubleshoot.md b/docker-for-mac/troubleshoot.md index b1e21d7b05..1b02df8f75 100644 --- a/docker-for-mac/troubleshoot.md +++ b/docker-for-mac/troubleshoot.md @@ -25,21 +25,24 @@ GitHub](https://github.com/docker/for-mac/issues), or the [Docker for Mac forum](https://forums.docker.com/c/docker-for-mac), we can help you troubleshoot the log data. -Choose ![whale menu](images/whale-x.png){: .inline} --> -**Diagnose & Feedback** from the menu bar. +Choose ![whale menu](images/whale-x.png){: .inline} → **Diagnose & Feedback** +from the menu bar. ![Diagnose & Feedback](images/diagnose-feedback.png){:width="600px"} -Select **Diagnose**. It runs diagnostics, shows results, and uploads the -results to Docker. A diagnostic ID is generated, which must be provided when -communicating with the Docker Team. Optionally, you can open an issue on GitHub -using the uploaded results and ID as a basis. +Once the diagnostics are available, you can upload them and obtain a +**Diagnostic ID**, which must be provided when communicating with the Docker +team. For more information on our policy regarding personal data you can read +[how is personal data handled in Docker +Desktop](https://docs.docker.com/docker-for-mac/faqs/#how-is-personal-data-handled-in-docker-desktop). -![Diagnostics & Feedback with ID](images/diagnose-feedback-id.png){:width="600px"} +![Diagnostics & Feedback with +ID](images/diagnose-feedback-id.png){:width="600px"} If you click **Report an issue**, this opens [Docker for Mac issues on GitHub](https://github.com/docker/for-mac/issues/) in your web browser in a -“create new issue” template, to be completed before submission. +"create new issue" template, to be completed before submission. Do not forget to +copy/paste your diagnostic ID. ![issue template](images/issues-template.png){:width="600px"} @@ -48,57 +51,34 @@ GitHub](https://github.com/docker/for-mac/issues/) in your web browser in a On occasions it is useful to run the diagnostics yourself, for instance if Docker for Mac cannot start. -First locate the `docker-diagnose` tool. If you installed Docker for Mac in the -Applications directory, then it is -`/Applications/Docker.app/Contents/Resources/bin/docker-diagnose`. Pass -`--help` to see the supported options: - -```sh -$ /Applications/Docker.app/Contents/Resources/bin/docker-diagnose --help -``` +First locate the `com.docker.diagnose` tool. If you installed Docker for Mac in +the Applications directory, then it is +`/Applications/Docker.app/Contents/MacOS/com.docker.diagnose`. Then to create *and upload* diagnostics, run: ```sh -$ /Applications/Docker.app/Contents/Resources/bin/docker-diagnose \ - --upload --last 1d -macOS: version 10.13.4 (build: 17E202) -Docker.app: version: 18.06.0-ce-rc1-mac67 (1fa4e2acfc1a52f79623add2390604515d32297e) -Local time: Fri May 25 14:50:51 CEST 2018 -UTC: Fri May 25 12:50:51 UTC 2018 -Timestamp: 20180525-145051 -Running diagnostic tests: -[OK] Files -[OK] console-ring does not exist -[OK] Kubernetes (disabled) -[OK] Docker CLI -[OK] environment -[OK] vmnetd -[OK] osxfs -[OK] VPNKit -[OK] driver.amd64-linux -[OK] Docker -[OK] VT-x -[OK] kern.hv_support -[OK] Hypervisor -[OK] Disk -Docker logs are being collected into /tmp/D1F48686-F045-4708-85E3-0635B729A596/20180525-145051.tar.gz -Your unique id is: D1F48686-F045-4708-85E3-0635B729A596 -Please quote this in all correspondence. +$ /Applications/Docker.app/Contents/MacOS/com.docker.diagnose gather -upload +``` +After the diagnostics have finished, you should have the following output, +containing your diagnostics ID: + +```sh +Diagnostics Bundle: /tmp/B8CF8400-47B3-4068-ADA4-3BBDCE3985D9/20180726143610.zip +Diagnostics ID: B8CF8400-47B3-4068-ADA4-3BBDCE3985D9/20180726143610 (uploaded) ``` -The diagnostics ID (here D1F48686-F045-4708-85E3-0635B729A596/20180525-145051) -is composed of your user ID (D1F48686-F045-4708-85E3-0635B729A596) and a -timestamp (20180525-145051). Be sure to provide us with the full diagnostics -ID, not just the user ID. +The diagnostics ID (here B8CF8400-47B3-4068-ADA4-3BBDCE3985D9/20180726143610) is +composed of your user ID (D1F48686-F045-4708-85E3-0635B729A596) and a timestamp +(20180525-145051). Be sure to provide us with the full diagnostics ID, not just +the user ID. Don't hesitate browsing the content of these diagnostics: ```sh -$ open /tmp/D1F48686-F045-4708-85E3-0635B729A596/20180525-145051.tar.gz +$ open /tmp/D1F48686-F045-4708-85E3-0635B729A596/20180525-145051.zip ``` - ## Check the logs @@ -147,10 +127,9 @@ ways, and create reports. ### Make sure certificates are set up correctly -Docker for Mac ignores certificates listed under insecure registries, and -does not send client certificates to them. Commands like `docker run` that -attempt to pull from the registry produces error messages on the command -line, like this: +Docker for Mac ignores certificates listed under insecure registries, and does +not send client certificates to them. Commands like `docker run` that attempt to +pull from the registry produces error messages on the command line, like this: ``` Error response from daemon: Get http://192.168.203.139:5858/v2/: malformed HTTP response "\x15\x03\x01\x00\x02\x02" @@ -163,9 +142,8 @@ As well as on the registry. For example: 2017/06/20 18:15:30 http: TLS handshake error from 192.168.203.139:52883: tls: first record does not look like a TLS handshake ``` -For more about using client and server side certificates, see [Adding -TLS certificates](index.md#adding-tls-certificates) in -the Getting Started topic. +For more about using client and server side certificates, see [Adding TLS +certificates](index.md#adding-tls-certificates) in the Getting Started topic. ### Docker for Mac does not start if Mac user account and home folder are renamed after installing the app @@ -181,8 +159,8 @@ cannot start, such as when using [Docker Compose](/compose/gettingstarted.md), you might need to enable [file sharing](index.md#file-sharing). Volume mounting requires shared drives for projects that live outside of the -`/Users` directory. Go to ![whale menu](images/whale-x.png){: .inline} --> -**Preferences** --> **File sharing** and share the drive that contains the +`/Users` directory. Go to ![whale menu](images/whale-x.png){: .inline} → +**Preferences** → **File sharing** and share the drive that contains the Dockerfile and volume. ### Incompatible CPU detected @@ -204,8 +182,8 @@ terminal window. sysctl kern.hv_support ``` -If your Mac supports the Hypervisor Framework, -the command prints `kern.hv_support: 1`. +If your Mac supports the Hypervisor Framework, the command prints +`kern.hv_support: 1`. If not, the command prints `kern.hv_support: 0`. @@ -220,9 +198,9 @@ know before you install](install.md#what-to-know-before-you-install). * If Docker for Mac fails to install or start properly: * Make sure you quit Docker for Mac before installing a new version of the - application (![whale menu](images/whale-x.png){: .inline} --> **Quit - Docker**). Otherwise, you get an "application in use" error when you try to - copy the new app from the `.dmg` to `/Applications`. + application (![whale menu](images/whale-x.png){: .inline} → **Quit + Docker**). Otherwise, you get an "application in use" error when you try to + copy the new app from the `.dmg` to `/Applications`. * Restart your Mac to stop / discard any vestige of the daemon running from the previously installed version. @@ -251,10 +229,10 @@ know before you install](install.md#what-to-know-before-you-install). * For the `hello-world-nginx` example, Docker for Mac must be running to get to the webserver on `http://localhost/`. Make sure that the Docker whale is showing in the menu bar, and that you run the Docker commands in a shell that - is connected to the Docker for Mac Engine (not Engine from - Toolbox). Otherwise, you might start the webserver container but get a "web - page not available" error when you go to `localhost`. For more on - distinguishing between the two environments, see [Docker for Mac vs. Docker + is connected to the Docker for Mac Engine (not Engine from Toolbox). + Otherwise, you might start the webserver container but get a "web page not + available" error when you go to `localhost`. For more on distinguishing + between the two environments, see [Docker for Mac vs. Docker Toolbox](docker-toolbox.md).

@@ -274,7 +252,7 @@ know before you install](install.md#what-to-know-before-you-install). * IPv6 is not (yet) supported on Docker for Mac. A workaround is provided that auto-filters out the IPv6 addresses in DNS - server lists and enables successful network accesss. For example, + server lists and enables successful network access. For example, `2001:4860:4860::8888` would become `8.8.8.8`. To learn more, see these issues on GitHub and Docker for Mac forums: @@ -297,9 +275,8 @@ know before you install](install.md#what-to-know-before-you-install). resources. Reboot and restart Docker to resolve these issues. * Docker does not auto-start on login even when it is enabled in ![whale - menu](images/whale-x.png){: .inline} --> **Preferences**. This - is related to a set of issues with Docker helper, registration, and - versioning. + menu](images/whale-x.png){: .inline} → **Preferences**. This is related to a + set of issues with Docker helper, registration, and versioning.

@@ -309,9 +286,9 @@ know before you install](install.md#what-to-know-before-you-install). [Intel Hardware Accelerated Execution Manager (HAXM)](https://software.intel.com/en-us/android/articles/intel-hardware-accelerated-execution-manager/), the current workaround is not to run them at the same time. You can pause - `HyperKit` by quitting Docker for Mac temporarily while you work with - HAXM. This allows you to continue work with the other tools and prevent - `HyperKit` from interfering. + `HyperKit` by quitting Docker for Mac temporarily while you work with HAXM. + This allows you to continue work with the other tools and prevent `HyperKit` + from interfering. * If you are working with applications like [Apache @@ -351,7 +328,8 @@ know before you install](install.md#what-to-know-before-you-install). - Symfony - Magento - Zend Framework - - PHP applications that use [Composer](https://getcomposer.org) to install dependencies in a ```vendor``` folder

+ - PHP applications that use [Composer](https://getcomposer.org) to install + dependencies in a ```vendor``` folder

As a work-around for this behavior, you can put vendor or third-party library directories in Docker volumes, perform temporary file system operations @@ -362,15 +340,17 @@ know before you install](install.md#what-to-know-before-you-install). and roadmap](osxfs.md#performance-issues-solutions-and-roadmap). * If your system does not have access to an NTP server, then after a hibernate - the time seen by Docker for Mac may be considerably out of sync with the - host. Furthermore, the time may slowly drift out of sync during use. To - manually reset the time after hibernation, run: + the time seen by Docker for Mac may be considerably out of sync with the host. + Furthermore, the time may slowly drift out of sync during use. To manually + reset the time after hibernation, run: ```bash docker run --rm --privileged alpine hwclock -s ``` - Or, to resolve both issues, you can add the local clock as a low-priority (high stratum) fallback NTP time source for the host. To do this, edit the host's `/etc/ntp-restrict.conf` to add: + Or, to resolve both issues, you can add the local clock as a low-priority + (high stratum) fallback NTP time source for the host. To do this, edit the + host's `/etc/ntp-restrict.conf` to add: ``` server 127.127.1.1 # LCL, local clock diff --git a/docker-for-windows/edge-release-notes.md b/docker-for-windows/edge-release-notes.md index c36cf0ac3d..d6bd0baa4e 100644 --- a/docker-for-windows/edge-release-notes.md +++ b/docker-for-windows/edge-release-notes.md @@ -18,6 +18,27 @@ for Windows](install.md#download-docker-for-windows). ## Edge Releases of 2018 +### Docker Community Edition 2.0.0.0-beta1-win75 2018-09-14 + +[Download](https://download.docker.com/win/edge/19925/Docker%20for%20Windows%20Installer.exe) + +* Upgrades + - [Docker 18.09.0-ce-beta1](https://github.com/docker/docker-ce/releases/tag/v18.09.0-ce-beta1) + - Linux Kernel 4.9.125 + +* New + - New version scheme + +* Deprecation + - Removed support of AUFS + +* Bug fixes and minor changes + - LCOW does not anymore need --platform flag on multi-arch images + - Better WCOW host.docker.internal resolution on host, don't rewrite it if not modified. From [docker/for-win#1976](https://github.com/docker/for-win/issues/1976) + - Disk size can now be ajusted from 32GiB to drive space. + - Fix dns update too verbose in logs + - Fix panic in diagnose + ### Docker Community Edition 18.06.1-ce-win74 2018-08-29 [Download](https://download.docker.com/win/edge/19508/Docker%20for%20Windows%20Installer.exe) diff --git a/docker-for-windows/faqs.md b/docker-for-windows/faqs.md index fa0564c111..a391b5712e 100644 --- a/docker-for-windows/faqs.md +++ b/docker-for-windows/faqs.md @@ -24,7 +24,7 @@ Two different download channels are available for Docker for Windows: * The **Stable channel** provides a general availability release-ready installer for a fully baked and tested, more reliable app. The Stable version of Docker for Windows comes with the latest released version of Docker Engine. The - release schedule is synched with Docker Engine releases and hotfixes. On the + release schedule is synced with Docker Engine releases and hotfixes. On the Stable channel, you can select whether to send usage statistics and other data. * The **Edge channel** provides an installer with new features we are working on, @@ -69,7 +69,8 @@ Do the following each time: 4. Install a different version of the app (Stable or Edge). -### Feeback +### Feedback + #### What kind of feedback are we looking for? Everything is fair game. We'd like your impressions on the download-install @@ -150,8 +151,8 @@ topic No, at this point, Docker for Windows does not enable you to control (`chmod`) the Unix-style permissions on [shared volumes](/docker-for-windows#shared-drives) for deployed containers, but rather sets permissions to a default value of -[0755](http://permissions-calculator.org/decode/0755/){: target="_blank" class="_"} -(`read`, `write`, `execute` permissions for `user`, `read` and `execute` for +[0777](http://permissions-calculator.org/decode/0777/){: target="_blank" class="_"} +(`read`, `write`, `execute` permissions for `user` and for `group`) which is not configurable. For workarounds and to learn more, see @@ -281,5 +282,4 @@ in [Troubleshooting](troubleshoot). You might decide that you do not need Toolbox now that you have Docker for Windows, and want to uninstall it. For details on how to perform a clean uninstall of Toolbox on Windows, see -[How to uninstall Toolbox](/toolbox/toolbox_install_windows#how-to-uninstall-toolbox) in the -Toolbox Windows topics. +[How to uninstall Toolbox](/toolbox/toolbox_install_windows#how-to-uninstall-toolbox) in the Toolbox Windows topics. diff --git a/docker-for-windows/images/diagnose-feedback.png b/docker-for-windows/images/diagnose-feedback.png new file mode 100644 index 0000000000..b3b7b0a039 Binary files /dev/null and b/docker-for-windows/images/diagnose-feedback.png differ diff --git a/docker-for-windows/images/diagnostic-id.png b/docker-for-windows/images/diagnostic-id.png index 5e0e1f19f4..c5ec51c099 100644 Binary files a/docker-for-windows/images/diagnostic-id.png and b/docker-for-windows/images/diagnostic-id.png differ diff --git a/docker-for-windows/images/docker-app-welcome.png b/docker-for-windows/images/docker-app-welcome.png index dd8acaf2c9..786f4cc521 100644 Binary files a/docker-for-windows/images/docker-app-welcome.png and b/docker-for-windows/images/docker-app-welcome.png differ diff --git a/docker-for-windows/images/docker-menu-context-switch.png b/docker-for-windows/images/docker-menu-context-switch.png new file mode 100644 index 0000000000..f243e02cc5 Binary files /dev/null and b/docker-for-windows/images/docker-menu-context-switch.png differ diff --git a/docker-for-windows/images/docker-menu-settings.png b/docker-for-windows/images/docker-menu-settings.png index 58a9b0db56..12ec3f2ba0 100644 Binary files a/docker-for-windows/images/docker-menu-settings.png and b/docker-for-windows/images/docker-menu-settings.png differ diff --git a/docker-for-windows/images/docker-menu-switch.png b/docker-for-windows/images/docker-menu-switch.png index 09ba080353..d5766c5296 100644 Binary files a/docker-for-windows/images/docker-menu-switch.png and b/docker-for-windows/images/docker-menu-switch.png differ diff --git a/docker-for-windows/images/issue-template.png b/docker-for-windows/images/issue-template.png new file mode 100644 index 0000000000..8f9daa0908 Binary files /dev/null and b/docker-for-windows/images/issue-template.png differ diff --git a/docker-for-windows/images/settings-advanced.png b/docker-for-windows/images/settings-advanced.png index dca2b5194d..b8e1b63add 100644 Binary files a/docker-for-windows/images/settings-advanced.png and b/docker-for-windows/images/settings-advanced.png differ diff --git a/docker-for-windows/images/settings-daemon-advanced.png b/docker-for-windows/images/settings-daemon-advanced.png index c1a032b14e..6ad98a29f6 100644 Binary files a/docker-for-windows/images/settings-daemon-advanced.png and b/docker-for-windows/images/settings-daemon-advanced.png differ diff --git a/docker-for-windows/images/settings-daemon-basic.png b/docker-for-windows/images/settings-daemon-basic.png index 533a810af2..75cf762f0a 100644 Binary files a/docker-for-windows/images/settings-daemon-basic.png and b/docker-for-windows/images/settings-daemon-basic.png differ diff --git a/docker-for-windows/images/settings-diagnose.png b/docker-for-windows/images/settings-diagnose.png deleted file mode 100644 index d0f1fed8a9..0000000000 Binary files a/docker-for-windows/images/settings-diagnose.png and /dev/null differ diff --git a/docker-for-windows/images/settings-general.png b/docker-for-windows/images/settings-general.png index f8300a84b8..80b4c86eea 100644 Binary files a/docker-for-windows/images/settings-general.png and b/docker-for-windows/images/settings-general.png differ diff --git a/docker-for-windows/images/settings-kubernetes.png b/docker-for-windows/images/settings-kubernetes.png index 7cd50e56dd..80285a50fd 100644 Binary files a/docker-for-windows/images/settings-kubernetes.png and b/docker-for-windows/images/settings-kubernetes.png differ diff --git a/docker-for-windows/images/settings-network.png b/docker-for-windows/images/settings-network.png index 0e74c1b237..0d5477e55d 100644 Binary files a/docker-for-windows/images/settings-network.png and b/docker-for-windows/images/settings-network.png differ diff --git a/docker-for-windows/images/settings-proxies.png b/docker-for-windows/images/settings-proxies.png index ace0271a3f..d404ae3c9e 100644 Binary files a/docker-for-windows/images/settings-proxies.png and b/docker-for-windows/images/settings-proxies.png differ diff --git a/docker-for-windows/images/settings-reset.png b/docker-for-windows/images/settings-reset.png index 4d94937a34..18c5b5ecc6 100644 Binary files a/docker-for-windows/images/settings-reset.png and b/docker-for-windows/images/settings-reset.png differ diff --git a/docker-for-windows/images/settings-shared-drives.png b/docker-for-windows/images/settings-shared-drives.png index 324bfbab33..4550899d2c 100644 Binary files a/docker-for-windows/images/settings-shared-drives.png and b/docker-for-windows/images/settings-shared-drives.png differ diff --git a/docker-for-windows/index.md b/docker-for-windows/index.md index 8cefa0bb52..029c2f01fd 100644 --- a/docker-for-windows/index.md +++ b/docker-for-windows/index.md @@ -240,8 +240,7 @@ credentials so that you don't need to enter them every time. There are a number of issues with using host-mounted volumes and network paths for database files. See [Volume mounts from host paths use a nobrl option to override database locking](troubleshoot.md#volume-mounts-from-host-paths-use-a-nobrl-option-to-override-database-locking). > - * Docker for Windows sets permissions to read/write/execute for users and - read/execute for groups and others [0755 or u+rwx,go+rx](http://permissions-calculator.org/decode/0755/). + * Docker for Windows sets permissions to read/write/execute for users, groups and others [0777 or a+rwx](http://permissions-calculator.org/decode/0777/). This is not configurable. See [Permissions errors on data directories for shared volumes](troubleshoot.md#permissions-errors-on-data-directories-for-shared-volumes). > * Ensure the domain user has access to shared drives, as described in [Verify domain user has permissions for shared drives](troubleshoot.md#verify-domain-user-has-permissions-for-shared-drives-volumes). @@ -297,7 +296,7 @@ You can configure Docker for Windows networking to work on a virtual private net ![Network settings](images/settings-network.png){:width="600px"} -* **Internal Virtual Switch** - You can specify a network address translation (NAT) prefix and subnet mask to enable internet connectivity. +* **Internal Virtual Switch** - You can specify a network address translation (NAT) prefix and subnet mask to enable Internet connectivity. * **DNS Server** - You can configure the DNS server to use dynamic or static IP addressing. @@ -427,12 +426,11 @@ For a full list of options on the Docker daemon, see [daemon](/engine/reference/ [Kubernetes on Docker for Windows](/docker-for-windows/kubernetes/){: target="_blank" class="_"} is available in -[18.02 Edge (win50)](/docker-for-windows/edge-release-notes/#docker-community-edition-18020-ce-rc1-win50-2018-01-26){: target="_blank" class="_"} and higher edge channels only. +[18.02 Edge (win50)](/docker-for-windows/edge-release-notes/#docker-community-edition-18020-ce-rc1-win50-2018-01-26){: target="_blank" class="_"} and higher, and in [18.06 Stable (win70)](/docker-for-windows/edge-release-notes/#docker-community-edition-18060-ce-win70-2018-07-25) and higher. ![Enable Kubernetes](images/settings-kubernetes.png){:width="600px"} -Docker for Windows 18.02 CE Edge and higher include a standalone Kubernetes -server that runs on your Windows host, so that you can test deploying your +From Docker for Windows 18.02 CE Edge and 18.06 CE Stable a standalone Kubernetes server is included that runs on your Windows host, so that you can test deploying your Docker workloads on Kubernetes. The Kubernetes client command, `kubectl`, is included and configured to connect @@ -445,6 +443,10 @@ to change context so that `kubectl` is pointing to `docker-for-desktop`: > kubectl config use-context docker-for-desktop ``` +You can also change it through the Docker for Windows menu: + +![Change Kubernetes Context](images/docker-menu-context-switch.png){:width="600px"} + If you installed `kubectl` by another method, and experience conflicts, remove it. @@ -452,7 +454,7 @@ experience conflicts, remove it. running as a Docker container, select **Enable Kubernetes** and click the **Apply and restart** button. - An internet connection is required. Images required to run the Kubernetes + An Internet connection is required. Images required to run the Kubernetes server are downloaded and instantiated as containers, and the > Program Files\Docker\Docker\Resources\bin\kubectl.exe` command is installed. @@ -468,18 +470,6 @@ experience conflicts, remove it. For more about using the Kubernetes integration with Docker for Windows, see [Deploy on Kubernetes](kubernetes.md). -### Diagnose & feedback - -Use this tab to troubleshoot problems and get help from Docker. - -![Reset](images/settings-diagnose.png){:width="600px"} - -Log on to our [Docker for Windows forum](https://forums.docker.com/c/docker-for-windows) to get help from the community, review current user topics, or join a discussion. - -Log on to [Docker for Windows issues on GitHub](https://github.com/docker/for-win/issues) to report bugs or problems and review community reported issues. See [Logs and Troubleshooting](troubleshoot.md) for more details. - -To give feedback on the documentation or update it yourself, use the Feedback options at the bottom of each docs page. - ### Reset On the Reset tab, you can restart Docker or reset its configuration. @@ -491,6 +481,16 @@ On the Reset tab, you can restart Docker or reset its configuration. * **Reset to factory defaults** - Resets Docker to factory defaults. This is useful in cases where Docker stops working or becomes unresponsive. +### Diagnose & feedback + +Visit our [Logs and Troubleshooting](troubleshoot.md) guide for more details. + +Log on to our [Docker for Windows forum](https://forums.docker.com/c/docker-for-windows) to get help from the community, review current user topics, or join a discussion. + +Log on to [Docker for Windows issues on GitHub](https://github.com/docker/for-win/issues) to report bugs or problems and review community reported issues. + +To give feedback on the documentation or update it yourself, use the Feedback options at the bottom of each docs page. + ## Switch between Windows and Linux containers From the Docker for Windows menu, you can toggle which daemon (Linux or Windows) diff --git a/docker-for-windows/install.md b/docker-for-windows/install.md index 57d70b5a7c..8b6a92df48 100644 --- a/docker-for-windows/install.md +++ b/docker-for-windows/install.md @@ -4,59 +4,83 @@ keywords: windows, beta, edge, alpha, install, download title: Install Docker for Windows --- +Docker for Windows is the [Community Edition +(CE)](https://www.docker.com/community-edition) of Docker for Microsoft Windows. To download Docker for Windows, head to Docker Hub. -[Download Docker for Windows](https://hub.docker.com/editions/community/docker-ce-desktop-windows){: .button .outline-btn} +[Download from Docker +Hub](https://hub.docker.com/editions/community/docker-ce-desktop-windows){: +.button .outline-btn} ## What to know before you install -If your system does not meet the requirements to run Docker for Windows, you can install -[Docker Toolbox](/toolbox/overview.md), which uses Oracle Virtual Box instead of -Hyper-V. +* **README FIRST for Docker Toolbox and Docker Machine users**: Docker for + Windows requires Microsoft Hyper-V to run. The Docker for Windows installer + enables Hyper-V for you, if needed, and restart your machine. After Hyper-V is + enabled, VirtualBox no longer works, but any VirtualBox VM images remain. + VirtualBox VMs created with `docker-machine` (including the `default` one + typically created during Toolbox install) no longer start. These VMs cannot be + used side-by-side with Docker for Windows. However, you can still use + `docker-machine` to manage remote VMs. -* **README FIRST for Docker Toolbox and Docker Machine users**: Docker for Windows requires Microsoft Hyper-V to run. The Docker for Windows installer enables Hyper-V for you, if needed, and restart your machine. After Hyper-V is -enabled, VirtualBox no longer works, but any VirtualBox VM images -remain. VirtualBox VMs created with `docker-machine` (including the `default` -one typically created during Toolbox install) no longer start. These VMs -cannot be used side-by-side with Docker for Windows. However, you can still use -`docker-machine` to manage remote VMs. -* Virtualization must be enabled in BIOS and CPU SLAT-capable. Typically, virtualization is enabled by default. This is different from having Hyper-V enabled. For more -detail see [Virtualization must be -enabled](troubleshoot.md#virtualization-must-be-enabled) in Troubleshooting. -* The current version of Docker for Windows runs on 64bit Windows 10 Pro, Enterprise and Education (1607 Anniversary Update, Build 14393 or later). -* Containers and images created with Docker for Windows are shared between all user accounts on machines where it is installed. This is because all -Windows accounts use the same VM to build and run containers. -* Nested virtualization scenarios, such as running Docker for Windows -on a VMWare or Parallels instance, might work, but come with no -guarantees. For more information, see -[Running Docker for Windows in nested virtualization scenarios](troubleshoot.md#running-docker-for-windows-in-nested-virtualization-scenarios) -* **What the Docker for Windows install includes**: The installation provides [Docker Engine](/engine/userguide/), Docker CLI client, [Docker Compose](/compose/overview.md), [Docker Machine](/machine/overview.md), and [Kitematic](/kitematic/userguide.md). +* **System Requirements**: + - Windows 10 64bit: Pro, Enterprise or Education (1607 Anniversary Update, + Build 14393 or later). + - Virtualization is enabled in BIOS. Typically, virtualization is enabled by + default. This is different from having Hyper-V enabled. For more detail see + [Virtualization must be + enabled](troubleshoot.md#virtualization-must-be-enabled) in Troubleshooting. + - CPU SLAT-capable feature. + - At least 4GB of RAM. + +> **Note**: If your system does not meet the requirements to run Docker for +> Windows, you can install [Docker Toolbox](/toolbox/overview.md), which uses +> Oracle Virtual Box instead of Hyper-V. + +* **What the Docker for Windows install includes**: The installation provides + [Docker Engine](/engine/userguide/), Docker CLI client, [Docker + Compose](/compose/overview.md), [Docker Machine](/machine/overview.md), and + [Kitematic](/kitematic/userguide.md). +* Containers and images created with Docker for Windows are shared between all + user accounts on machines where it is installed. This is because all Windows + accounts use the same VM to build and run containers. +* Nested virtualization scenarios, such as running Docker for Windows on a + VMWare or Parallels instance, might work, but come with no guarantees. For + more information, see [Running Docker for Windows in nested virtualization + scenarios](troubleshoot.md#running-docker-for-windows-in-nested-virtualization-scenarios) ### About Windows containers Looking for information on using Windows containers? -* [Switch between Windows and Linux containers](index.md#switch-between-windows-and-linux-containers) describes the Linux / Windows containers toggle in Docker for Windows and points you to the tutorial mentioned above. -* [Getting Started with Windows Containers (Lab)](https://github.com/docker/labs/blob/master/windows/windows-containers/README.md) -provides a tutorial on how to set up and run Windows containers on Windows 10 or -with Windows Server 2016. It shows you how to use a MusicStore application with -Windows containers. -* Docker Container Platform for Windows Server 2016 [articles and blog posts](https://www.docker.com/microsoft/) on the Docker website +* [Switch between Windows and Linux + containers](https://docs.docker.com/docker-for-windows/#switch-between-windows-and-linux-containers) + describes the Linux / Windows containers toggle in Docker for Windows and + points you to the tutorial mentioned above. +* [Getting Started with Windows Containers + (Lab)](https://github.com/docker/labs/blob/master/windows/windows-containers/README.md) + provides a tutorial on how to set up and run Windows containers on Windows 10 + or with Windows Server 2016. It shows you how to use a MusicStore application + with Windows containers. +* Docker Container Platform for Windows Server 2016 [articles and blog + posts](https://www.docker.com/microsoft/) on the Docker website ## Install Docker for Windows desktop app 1. Double-click **Docker for Windows Installer.exe** to run the installer. - If you haven't already downloaded the installer (`Docker for Windows Installer.exe`), you can get it from + If you haven't already downloaded the installer (`Docker for Windows + Installer.exe`), you can get it from [**download.docker.com**](https://download.docker.com/win/stable/Docker%20for%20Windows%20Installer.exe). - It typically downloads to your `Downloads folder`, or you can run it from the recent downloads bar at the - bottom of your web browser. + It typically downloads to your `Downloads folder`, or you can run it from + the recent downloads bar at the bottom of your web browser. -2. Follow the install wizard to accept the license, authorize the installer, and proceed with the install. +2. Follow the install wizard to accept the license, authorize the installer, and + proceed with the install. - You are asked to authorize `Docker.app` with your system password during the install process. - Privileged access is needed to install networking components, links to the Docker apps, and manage the - Hyper-V VMs. + You are asked to authorize `Docker.app` with your system password during the + install process. Privileged access is needed to install networking + components, links to the Docker apps, and manage the Hyper-V VMs. 3. Click **Finish** on the setup complete dialog to launch Docker. @@ -74,7 +98,8 @@ accessible from any terminal window. ![whale on taskbar](images/whale-icon-systray.png) If the whale is hidden in the Notifications area, click the up arrow on the -taskbar to show it. To learn more, see [Docker Settings](index.md#docker-settings). +taskbar to show it. To learn more, see [Docker +Settings](index.md#docker-settings-dialog). If you just installed the app, you also get a popup success message with suggested next steps, and a link to this documentation. @@ -89,7 +114,10 @@ Congratulations! You are up and running with Docker for Windows. ## Where to go next * [Getting started](index.md) introduces Docker for Windows. -* [Get started with Docker](/get-started/) is a tutorial that teaches you how to deploy a multi-service stack. -* [Troubleshooting](troubleshoot.md) describes common problems, workarounds, and how to get support. +* [Get started with Docker](/get-started/) is a tutorial that teaches you how to + deploy a multi-service stack. +* [Troubleshooting](troubleshoot.md) describes common problems, workarounds, and + how to get support. * [FAQs](faqs.md) provides answers to frequently asked questions. -* [Stable Release Notes](release-notes.md) or [Edge Release Notes](edge-release-notes.md). +* [Stable Release Notes](release-notes.md) or [Edge Release + Notes](edge-release-notes.md). diff --git a/docker-for-windows/networking.md b/docker-for-windows/networking.md index 37fbe642d4..a97cf53bf4 100644 --- a/docker-for-windows/networking.md +++ b/docker-for-windows/networking.md @@ -76,7 +76,7 @@ This is for development purpose and will not work in a production environment ou The gateway is also reachable as `gateway.docker.internal`. -#### I want to connect to a container from the Windows +#### I want to connect to a container from Windows Port forwarding works for `localhost`; `--publish`, `-p`, or `-P` all work. Ports exposed from Linux are forwarded to the host. diff --git a/docker-for-windows/opensource.md b/docker-for-windows/opensource.md index 333d4f3967..2a7bb4096e 100644 --- a/docker-for-windows/opensource.md +++ b/docker-for-windows/opensource.md @@ -7,7 +7,7 @@ notoc: true Docker Desktop Editions are built using open source software. For details on the licensing, choose ![whale menu](/docker-for-mac/images/whale-x.png){: .inline} ---> **About** from within the application, then click **Acknowledgements**. +→  **About** from within the application, then click **Acknowledgements**. Docker Desktop Editions distribute some components that are licensed under the GNU General Public License. You can download the source for these components diff --git a/docker-for-windows/troubleshoot.md b/docker-for-windows/troubleshoot.md index 1658ec485a..a767b67b4f 100644 --- a/docker-for-windows/troubleshoot.md +++ b/docker-for-windows/troubleshoot.md @@ -7,18 +7,68 @@ redirect_from: title: Logs and troubleshooting --- -This page explains how to diagnose and troubleshoot problems you may be having with Docker for Windows. +Here is information about how to diagnose and troubleshoot problems, send logs +and communicate with the Docker for Windows team, use our forums and Knowledge +Hub, browse and log issues on GitHub, and find workarounds for known problems. -## Getting help +## Docker Knowledge Hub -There are several ways to get the support you need with Docker for Windows. If you encounter problems not addressed here in the documentation: +**Looking for help with Docker for Windows?** Check out the [Docker Knowledge +Hub](http://success.docker.com/q) for knowledge base articles, FAQs, and +technical support for various subscription levels. -- Refer to the knowledge base articles at the [Docker Success Center](https://success.docker.com/q/). -- Browse the logs (in `User\AppData\Local\Docker`) by clicking **log file** in the Diagnose & Feedback window. -- Ask questions on the [Docker for Windows forum](https://forums.docker.com/c/docker-for-windows). -- Upload diagnostics in the Diagnose & Feedback window. You'll get a unique ID in return. You can then use this ID to submit issues at the [Docker for Windows GitHub repo](https://github.com/docker/for-win/issues). +## Diagnose problems, send feedack, and create GitHub issues -![Diagnose & Feedback with ID](images/diagnostic-id.png){:width="500px"} +### In-app diagnostics + +If you encounter problems for which you do not find solutions in this +documentation, on [Docker for Windows issues on +GitHub](https://github.com/docker/for-win/issues), or the [Docker for Win +forum](https://forums.docker.com/c/docker-for-windows), we can help you +troubleshoot the log data. + +Choose ![whale menu](images/whale-x.png){: .inline} → **Diagnose & Feedback** +from the menu bar. + +![Diagnose & Feedback](images/diagnose-feedback.png){:width="600px"} + +Once the **Diagnose & Feedback** window is opened, it will start to collect the +dignostics. When the diagnostics are available, you can upload them and obtain a +**Diagnostic ID**, which must be provided when communicating with the Docker +team. For more information on our policy regarding personal data you can read +[how is personal data handled in Docker +Desktop](https://docs.docker.com/docker-for-mac/faqs/#how-is-personal-data-handled-in-docker-desktop). + +![Diagnose & Feedback with ID](images/diagnostic-id.png){:width="600px"} + +If you click on **Report an issue**, this opens [Docker for Windows issues on +GitHub](https://github.com/docker/for-win/issues/) in your web browser in a +"create new issue" template, to be completed before submision. Do not forget to +copy/paste your diagnistic ID. + +![issue-template](images/issue-template.png){:width="600px"} + +### Diagnosing from the terminal + +On occasions it is useful to run the diagnostics yourself, for instance if +Docker for Windows cannot start. + +First locate the `com.docker.diagnose`, that should be in `C:\Program +Files\Docker\Docker\resources\com.docker.diagnose.exe`. + +To create *and upload* diagnostics in Powershell, run: + +```powershell + PS C:\> & "C:\Program Files\Docker\Docker\resources\com.docker.diagnose.exe" gather -upload +``` + +After the diagnostics have finished, you should have the following output, +containing your diagnostic ID: + +```sh +Diagnostics Bundle: C:\Users\User\AppData\Local\Temp\CD6CF862-9CBD-4007-9C2F-5FBE0572BBC2\20180720152545.zip +Diagnostics ID: CD6CF862-9CBD-4007-9C2F-5FBE0572BBC2/20180720152545 (uploaded) +``` ## Troubleshooting topics @@ -41,25 +91,17 @@ As well as on the registry. For example: ``` For more about using client and server side certificates, see [How do I add -custom CA certificates?](index.md#how-do-i-add-custom-ca -certificates) and [How do I add client -certificates?](index.md#how-do-i-add-client-certificates) in -the Getting Started topic. +custom CA certificates?](index.md#how-do-i-add-custom-ca certificates) and [How +do I add client certificates?](index.md#how-do-i-add-client-certificates) in the +Getting Started topic. ### Volumes #### Permissions errors on data directories for shared volumes -Docker for Windows sets permissions on [shared -volumes](index.md#shared-drives) to a default value of -[0755](http://permissions-calculator.org/decode/0755/) (`read`, `write`, -`execute` permissions for `user`, `read` and `execute` for `group`). If you are -working with applications that require permissions different than this default, -you may get errors similar to the following. - -```none -Data directory (/var/www/html/data) is readable by other users. Please change the permissions to 0755 so that the directory cannot be listed by other users. -``` +Docker for Windows sets permissions on [shared volumes](index.md#shared-drives) +to a default value of [0777](http://permissions-calculator.org/decode/0777/) +(`read`, `write`, `execute` permissions for `user` and for `group`). The default permissions on shared volumes are not configurable. If you are working with applications that require permissions different from the shared @@ -67,9 +109,17 @@ volume defaults at container runtime, you need to either use non-host-mounted volumes or find a way to make the applications work with the default file permissions. -Docker for Windows currrently implements host-mounted volumes based on the [Microsoft SMB protocol](https://msdn.microsoft.com/en-us/library/windows/desktop/aa365233(v=vs.85).aspx), which does not support fine-grained, `chmod` control over these permissions. +Docker for Windows currrently implements host-mounted volumes based on the +[Microsoft SMB +protocol](https://msdn.microsoft.com/en-us/library/windows/desktop/aa365233(v=vs.85).aspx), +which does not support fine-grained, `chmod` control over these permissions. -See also, [Can I change permissions on shared volumes for container-specific deployment requirements?](faqs.md#can-i-change-permissions-on-shared-volumes-for-container-specific-deployment-requirements) in the FAQs, and for more of an explanation, the GitHub issue, [Controlling Unix-style perms on directories passed through from shared Windows drives](https://github.com/docker/docker.github.io/issues/3298). +See also, [Can I change permissions on shared volumes for container-specific +deployment +requirements?](faqs.md#can-i-change-permissions-on-shared-volumes-for-container-specific-deployment-requirements) +in the FAQs, and for more of an explanation, the GitHub issue, [Controlling +Unix-style perms on directories passed through from shared Windows +drives](https://github.com/docker/docker.github.io/issues/3298). #### inotify on shared drives does not work @@ -78,39 +128,48 @@ for example, when an application needs to read/write to a container across a mounted drive. Instead of relying on filesystem inotify, we recommend using polling features for your framework or programming language. -* **Workaround for nodemon and Node.js** - If you are using [nodemon](https://github.com/remy/nodemon) with `Node.js`, try the fallback polling mode described here: [nodemon isn't restarting node applications](https://github.com/remy/nodemon#application-isnt-restarting) +* **Workaround for nodemon and Node.js** - If you are using + [nodemon](https://github.com/remy/nodemon) with `Node.js`, try the fallback + polling mode described here: [nodemon isn't restarting node + applications](https://github.com/remy/nodemon#application-isnt-restarting) -* **Docker for Windows issue on GitHub** - See the issue [Inotify on shared drives does not work](https://github.com/docker/for-win/issues/56#issuecomment-242135705) +* **Docker for Windows issue on GitHub** - See the issue [Inotify on shared + drives does not + work](https://github.com/docker/for-win/issues/56#issuecomment-242135705) #### Volume mounting requires shared drives for Linux containers -If you are using mounted volumes and get runtime errors indicating an application file is not found, access is denied to a volume mount, or a service cannot start, such as when using [Docker Compose](/compose/gettingstarted.md), you might need to enable [shared drives](index.md#shared-drives). +If you are using mounted volumes and get runtime errors indicating an +application file is not found, access is denied to a volume mount, or a service +cannot start, such as when using [Docker Compose](/compose/gettingstarted.md), +you might need to enable [shared drives](index.md#shared-drives). Volume mounting requires shared drives for Linux containers (not for Windows containers). Go to ![whale menu](/docker-for-mac/images/whale-x.png){: .inline} ---> **Settings** --> **Shared Drives** and share the drive that contains the +→ **Settings** → **Shared Drives** and share the drive that contains the Dockerfile and volume. #### Verify domain user has permissions for shared drives (volumes) > **Tip**: Shared drives are only required for volume mounting [Linux -> containers](index.md#switch-between-windows-and-linux-containers), -> not Windows containers. +> containers](index.md#switch-between-windows-and-linux-containers), not Windows +> containers. Permissions to access shared drives are tied to the username and password you -use to set up [shared drives](index.md#shared-drives). If -you run `docker` commands and tasks under a different username than the one used -to set up shared drives, your containers don't have permissions to access the -mounted volumes. The volumes show as empty. +use to set up [shared drives](index.md#shared-drives). If you run `docker` +commands and tasks under a different username than the one used to set up shared +drives, your containers don't have permissions to access the mounted volumes. +The volumes show as empty. The solution to this is to switch to the domain user account and reset credentials on shared drives. -Here is an example of how to de-bug this problem, given a scenario where you +Here is an example of how to debug this problem, given a scenario where you shared the `C` drive as a local user instead of as the domain user. Assume the local user is `samstevens` and the domain user is `merlin`. -1. Make sure you are logged in as the Windows domain user (for our example, `merlin`). +1. Make sure you are logged in as the Windows domain user (for our example, + `merlin`). 2. Run `net share c` to view user permissions for `\, FULL`. @@ -132,9 +191,8 @@ local user is `samstevens` and the domain user is `merlin`. > net share c /delete ``` -4. Re-share the drive via the [Shared Drives - dialog](index.md#shared-drives), and provide the Windows - domain user account credentials. +4. Re-share the drive via the [Shared Drives dialog](index.md#shared-drives), + and provide the Windows domain user account credentials. 5. Re-run `net share c`. @@ -199,7 +257,8 @@ error(5): I/O error Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) mount: mounting //10.0.75.1/C on /c failed: Invalid argument ``` -See also, Docker for Windows issue #98. +See also, Docker for +Windows issue #98. #### Understand symlinks limitations @@ -229,7 +288,8 @@ script](https://github.com/moby/moby/issues/24388). In order for Docker for Windows to function properly your machine needs: -1. [Hyper-V](https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/hyper-v-technology-overview) installed and working +1. [Hyper-V](https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/hyper-v-technology-overview) + installed and working 2. Virtualization enabled @@ -241,10 +301,17 @@ Docker for Windows requires a Hyper-V as well as the Hyper-V Module for Windows Powershell to be installed and enabled. The Docker for Windows installer enables it for you. -See [these instructions](https://msdn.microsoft.com/en-us/virtualization/hyperv_on_windows/quick_start/walkthrough_install) to install Hyper-V manually. A reboot is *required*. If you install Hyper-V without the reboot, Docker for Windows does not work correctly. On some systems, Virtualization needs to be enabled in the BIOS. The steps to do so are Vendor specific, but typically the BIOS option is called `Virtualization Technology (VTx)` or similar. +See [these +instructions](https://msdn.microsoft.com/en-us/virtualization/hyperv_on_windows/quick_start/walkthrough_install) +to install Hyper-V manually. A reboot is *required*. If you install Hyper-V +without the reboot, Docker for Windows does not work correctly. On some systems, +Virtualization needs to be enabled in the BIOS. The steps to do so are Vendor +specific, but typically the BIOS option is called `Virtualization Technology +(VTx)` or similar. -From the start menu, type in "Turn Windows features on or off" and hit enter. In the subequent screen, verify Hyper-V is enabled and has a checkmark: +From the start menu, type in "Turn Windows features on or off" and hit enter. +In the subequent screen, verify Hyper-V is enabled and has a checkmark: ![Hyper-V on Windows features](images/hyperv-enabled.png){:width="600px"} @@ -264,13 +331,14 @@ Machine driver example](/machine/drivers/hyper-v.md#example). #### Virtualization must be enabled -In addition to [Hyper-V](#hyper-v), virtualization must be enabled. Check the Performance tab on the -Task Manager: +In addition to [Hyper-V](#hyper-v), virtualization must be enabled. Check the +Performance tab on the Task Manager: ![Task Manager](images/virtualization-enabled.png){:width="700px"} If, at some point, if you manually uninstall Hyper-V or disable virtualization, -Docker for Windows cannot start. See: [Unable to run Docker for Windows on Windows 10 Enterprise](https://github.com/docker/for-win/issues/74). +Docker for Windows cannot start. See: [Unable to run Docker for Windows on +Windows 10 Enterprise](https://github.com/docker/for-win/issues/74). ### Networking and WiFi problems upon Docker for Windows install @@ -278,42 +346,50 @@ Some users have encountered networking issues during install and startup of Docker for Windows. For example, upon install or auto-reboot, network adapters and/or WiFi gets disabled. In some scenarios, problems are due to having VirtualBox or its network adapters still installed, but in other scenarios this -is not the case. (See also, Docker for Windows issue on GitHub: -[Enabling Hyper-V feature turns my wi-fi off -](https://github.com/docker/for-win/issues/139).) +is not the case. (See also, Docker for Windows issue on GitHub: [Enabling +Hyper-V feature turns my wi-fi +off](https://github.com/docker/for-win/issues/139).) Here are some steps to take if you encounter similar problems: -1. Ensure **virtualization** is enabled, as described above in [Virtualization must be enabled](#virtualization-must-be-enabled). +1. Ensure **virtualization** is enabled, as described above in [Virtualization + must be enabled](#virtualization-must-be-enabled). -2. Ensure **Hyper-V** is installed and enabled, as described above in [Hyper-V must be enabled](#hyper-v-must-be-enabled). +2. Ensure **Hyper-V** is installed and enabled, as described above in [Hyper-V + must be enabled](#hyper-v-must-be-enabled). -3. Ensure **DockerNAT** is enabled by checking the **Virtual Switch Manager** on the Actions tab on the right side of the **Hyper-V Manager**. +3. Ensure **DockerNAT** is enabled by checking the **Virtual Switch Manager** + on the Actions tab on the right side of the **Hyper-V Manager**. ![Hyper-V manager](images/hyperv-manager.png) -4. Set up an external network switch. If you plan at any point to use - [Docker Machine](/machine/overview.md) to set up multiple local VMs, you - need this anyway, as described in the topic on the - [Hyper-V driver for Docker Machine](/machine/drivers/hyper-v.md#example). - You can replace `DockerNAT` with this switch. +4. Set up an external network switch. If you plan at any point to use [Docker + Machine](/machine/overview.md) to set up multiple local VMs, you need this + anyway, as described in the topic on the [Hyper-V driver for Docker + Machine](/machine/drivers/hyper-v.md#example). You can replace `DockerNAT` + with this switch. -5. If previous steps fail to solve the problems, follow steps on the - [Cleanup README](https://github.com/Microsoft/Virtualization-Documentation/blob/master/windows-server-container-tools/CleanupContainerHostNetworking/README.md). +5. If previous steps fail to solve the problems, follow steps on the [Cleanup + README](https://github.com/Microsoft/Virtualization-Documentation/blob/master/windows-server-container-tools/CleanupContainerHostNetworking/README.md). > Read full description before you run Windows cleanup script > - > The cleanup command has two flags, `-Cleanup` and `-ForceDeleteAllSwitches`. - > Read the whole page before running any scripts, especially warnings about `-ForceDeleteAllSwitches`. - > {: .warning} + >The cleanup command has two flags, `-Cleanup` and + >`-ForceDeleteAllSwitches`. Read the whole page before running any scripts, + >especially warnings about `-ForceDeleteAllSwitches`. {: .warning} ### Windows containers and Windows Server 2016 -If you have questions about how to set up and run Windows containers on Windows -Server 2016 or Windows 10, see [About Windows containers and Windows Server 2016](index.md#about-windows-containers-and-windows-server-2016). +Docker Desktop is not supported on Windows Server 2016, instead you can use +[Docker Enterprise Basic Edition](/ee/index) at no aditional cost. + +If you have questions about how to run Windows containers on Windows 10, see +[Switch between Windows and Linux +containers](index.md#switch-between-windows-and-linux-containers). A full tutorial is available in [docker/labs](https://github.com/docker/labs) at -[Getting Started with Windows Containers](https://github.com/docker/labs/blob/master/windows/windows-containers/README.md). +[Getting Started with Windows +Containers](https://github.com/docker/labs/blob/master/windows/windows-containers/README.md). You can install a native Windows binary which allows you to develop and run Windows containers without Docker for Windows. However, if you install Docker @@ -349,10 +425,14 @@ Using `curl http://localhost`, or pointing your web browser at `http://localhost` does not display the `nginx` web page (as it would do with Linux containers). -To reach a Windows container from the local host, you need to specify -the IP address and port for the container that is running the service. +To reach a Windows container from the local host, you need to specify the IP +address and port for the container that is running the service. -You can get the container IP address by using [`docker inspect`](/engine/reference/commandline/inspect.md) with some `--format` options and the ID or name of the container. For the example above, the command would look like this, using the name we gave to the container (`webserver`) instead of the container ID: +You can get the container IP address by using [`docker +inspect`](/engine/reference/commandline/inspect.md) with some `--format` options +and the ID or name of the container. For the example above, the command would +look like this, using the name we gave to the container (`webserver`) instead of +the container ID: {% raw %} ```bash @@ -391,7 +471,12 @@ For more information, see: ### Running Docker for Windows in nested virtualization scenarios -Docker for Windows can run inside a Windows 10 virtual machine (VM) running on apps like Parallels or VMware Fusion on a Mac provided that the VM is properly configured. However, problems and intermittent failures may still occur due to the way these apps virtualize the hardware. For these reasons, _**Docker for Windows is not supported for nested virtualization scenarios**_. It might work in some cases, and not in others. +Docker for Windows can run inside a Windows 10 virtual machine (VM) running on +apps like Parallels or VMware Fusion on a Mac provided that the VM is properly +configured. However, problems and intermittent failures may still occur due to +the way these apps virtualize the hardware. For these reasons, _**Docker for +Windows is not supported for nested virtualization scenarios**_. It might work +in some cases, and not in others. The better solution is to run Docker for Windows natively on a Windows system (to work with Windows or Linux containers), or Docker for Mac on Mac to work @@ -400,8 +485,8 @@ with Linux containers. #### If you still want to use nested virtualization * Make sure nested virtualization support is enabled in VMWare or Parallels. -Check the settings in **Hardware -> CPU & Memory -> Advanced Options -> Enable -nested virtualization** (the exact menu sequence might vary slightly). + Check the settings in **Hardware → CPU & Memory → Advanced Options → Enable + nested virtualization** (the exact menu sequence might vary slightly). * Configure your VM with at least 2 CPUs and sufficient memory to run your workloads. @@ -421,10 +506,10 @@ nested virtualization** (the exact menu sequence might vary slightly). prefixed with `Moby`. On real hardware, it takes 5-10 seconds to boot the Linux VM; roughly the time between the `Connected` log entry and the `* Starting Docker ... [ ok ]` log entry. If you boot the Linux VM inside a - Windows VM, this may take considerably longer. We have a timeout of 60s or - so. If the VM hasn't started by that time, we retry. If the retry fails we - print an error. You can sometimes work around this by providing more resources - to the Windows VM. + Windows VM, this may take considerably longer. We have a timeout of 60s or so. + If the VM hasn't started by that time, we retry. If the retry fails we print + an error. You can sometimes work around this by providing more resources to + the Windows VM. * Sometimes the VM fails to boot when Linux tries to calibrate the time stamp counter (TSC). This process is quite timing sensitive and may fail when @@ -433,11 +518,13 @@ nested virtualization** (the exact menu sequence might vary slightly). #### Related issues -Discussion thread on GitHub at [Docker for Windows issue 267](https://github.com/docker/for-win/issues/267) +Discussion thread on GitHub at [Docker for Windows issue +267](https://github.com/docker/for-win/issues/267) ### Networking issues -Some users have reported problems connecting to Docker Hub on the Docker for Windows stable version. (See GitHub issue +Some users have reported problems connecting to Docker Hub on the Docker for +Windows stable version. (See GitHub issue [22567](https://github.com/moby/moby/issues/22567).) Here is an example command and error message: @@ -453,9 +540,9 @@ See 'C:\Program Files\Docker\Docker\Resources\bin\docker.exe run --help'. As an immediate workaround to this problem, reset the DNS server to use the Google DNS fixed address: `8.8.8.8`. You can configure this via the **Settings** --> **Network** dialog, as described in the topic -[Network](index.md#network). Docker automatically restarts -when you apply this setting, which could take some time. +→ **Network** dialog, as described in the topic [Network](index.md#network). +Docker automatically restarts when you apply this setting, which could take some +time. We are currently investigating this issue. @@ -471,10 +558,10 @@ under [Settings](index.md#docker-settings). ### `inotify` currently does not work on Docker for Windows If you are using `Node.js` with `nodemon`, a temporary workaround is to try the -fallback polling mode described here: -[nodemon isn't restarting node applications](https://github.com/remy/nodemon#application-isnt-restarting). See -also this issue on GitHub -[Inotify on shared drives does not work](https://github.com/docker/for-win/issues/56#issuecomment-242135705). +fallback polling mode described here: [nodemon isn't restarting node +applications](https://github.com/remy/nodemon#application-isnt-restarting). See +also this issue on GitHub [Inotify on shared drives does not +work](https://github.com/docker/for-win/issues/56#issuecomment-242135705). ### Reboot @@ -503,7 +590,7 @@ or `listen tcp:0.0.0.0:8080: bind: address is already in use` ... These errors are often caused by some other software on Windows using those ports. To discover the identity of this software, either use the `resmon.exe` -GUI and click "Network" and then "Listening Ports" or in a powershell use +GUI and click "Network" and then "Listening Ports" or in a Powershell use `netstat -aon | find /i "listening "` to discover the PID of the process currently using the port (the PID is the number in the rightmost column). Decide whether to shut the other process down, or to use a different port in your @@ -519,13 +606,13 @@ start failure**. The Comodo Firewall was one example of this problem, but users report that software has since been updated to work with these Windows 10 builds. -See the Comodo forums topics -[Comodo Firewall conflict with Hyper-V](https://forums.comodo.com/bug-reports-cis/comodo-firewall-began-conflict-with-hyperv-t116351.0.html) -and -[Windows 10 Anniversary build doesn't allow Comodo drivers to be installed](https://forums.comodo.com/install-setup-configuration-help-cis/windows-10-aniversary-build-doesnt-allow-comodo-drivers-to-be-installed-t116322.0.html). +See the Comodo forums topics [Comodo Firewall conflict with +Hyper-V](https://forums.comodo.com/bug-reports-cis/comodo-firewall-began-conflict-with-hyperv-t116351.0.html) +and [Windows 10 Anniversary build doesn't allow Comodo drivers to be +installed](https://forums.comodo.com/install-setup-configuration-help-cis/windows-10-aniversary-build-doesnt-allow-comodo-drivers-to-be-installed-t116322.0.html). A Docker for Windows user-created issue describes the problem specifically as it -relates to Docker: -[Docker fails to start on Windows 10](https://github.com/docker/for-win/issues/27). +relates to Docker: [Docker fails to start on Windows +10](https://github.com/docker/for-win/issues/27). For a temporary workaround, uninstall the firewall or anti-virus software, or explore other workarounds suggested on the forum. diff --git a/docker-hub/builds/automated-build.md b/docker-hub/builds/automated-build.md index 90362aaac5..abbd7f16e0 100644 --- a/docker-hub/builds/automated-build.md +++ b/docker-hub/builds/automated-build.md @@ -178,7 +178,7 @@ to an Organization, the Cancel and Retry buttons only appear if you have `Read & Automated builds are enabled per branch or tag, and can be disabled and re-enabled easily. You might do this when you want to only build manually for -awhile, for example when you are doing major refactoring in your code. Disabling +a while, for example when you are doing major refactoring in your code. Disabling autobuilds does not disable [autotests](automated-testing.md). To disable an automated build: diff --git a/docker-hub/builds/github.md b/docker-hub/builds/github.md index 7f9c3674fc..26c2f2ebd8 100644 --- a/docker-hub/builds/github.md +++ b/docker-hub/builds/github.md @@ -9,87 +9,63 @@ skip to [Creating an Automated Build](github.md#creating-an-automated-build). ## Linking Docker Hub to a GitHub account -> *Note:* +> Automated Build Permissions + > Automated Builds currently require *read* and *write* access since -> [Docker Hub](https://hub.docker.com) needs to set up a GitHub service -> hook. We have no choice here, this is how GitHub manages permissions. +> [Docker Hub](https://hub.docker.com) needs to set up a GitHub webhook. +> We have no choice here – this is how GitHub manages permissions. > We do guarantee nothing else is touched in your account. To set up an Automated Build of a repository on GitHub, you need to link [Docker Hub](https://hub.docker.com/account/authorized-services/) to your GitHub account. This allows the registry to see your GitHub repositories. -To add, remove or view your linked account, go to the "Linked Accounts & -Services" section of your Hub profile "Settings". +To add, remove or view your linked account, log in to your Docker Hub account. Select **Settings > Linked Accounts & Services**. -![authorized-services](images/authorized-services.png) - -When linking to GitHub, select either "Public and Private", -or "Limited Access" linking. - -![add-authorized-github-service.png](images/add-authorized-github-service.png) - -The "Public and Private" option is the easiest to use, as it grants the Docker -Hub full access to all of your repositories. GitHub also allows you to grant -access to repositories belonging to your GitHub organizations. - -If you choose "Limited Access", Docker Hub only gets permission to access your -public data and public repositories. - -Follow the onscreen instructions to authorize and link your GitHub account to -Docker Hub. Once it is linked, you can choose a source repository from -which to create the Automatic Build. +Linking to Github grants Docker Hub access to all of your repositories. Follow the +onscreen instructions to authorize and link your GitHub account to Docker Hub. +Once it is linked, you can choose a source repository from which to create the Automatic Build. You can review and revoke Docker Hub's access by visiting the [GitHub User's Applications settings](https://github.com/settings/applications). -> **Note**: If you delete the GitHub account linkage that is used for one of your -> automated build repositories, the previously built images are still available. +> **Note**: If you delete the connection to the GitHub account that is used for one of your +> automated build repositories, previously built images are still available. > If you re-link to that GitHub account later, the automated build can be started -> using the "Start Build" button on the Hub, or if the webhook on the GitHub repository +> using the **Start Build** button on the Hub, or if the webhook on the GitHub repository > still exists, it is triggered by any subsequent commits. -## Auto builds and limited linked GitHub accounts. - -If you selected to link your GitHub account with only a "Limited Access" link, -then after creating your automated build, you need to either manually -trigger a Docker Hub build using the "Start a Build" button, or add the GitHub -webhook manually, as described in [GitHub Service -Hooks](github.md#github-service-hooks). This only works for repositories -under the user account, and adding an automated build to a public GitHub -organization using a "Limited Access" link is not possible. - ## Changing the GitHub user link If you want to remove, or change the level of linking between your GitHub -account and the Docker Hub, you need to do this in two places. +account and Docker Hub, you need to make the change in two places. -First, remove the "Linked Account" from your Docker Hub "Settings". Then go to -your GitHub account's Personal settings, and in the "Applications" section, -"Revoke access". +First, remove the **Linked Account** from your Docker Hub **Settings**. Then go to +your GitHub account's Personal settings, and in the **Applications** section, +***Revoke access***. You can now re-link your account at any time. ## GitHub organizations GitHub organizations and private repositories forked from organizations are -made available to auto build using the "Docker Hub Registry" application, which -needs to be added to the organization - and then applies to all users. +made available for autobuilds using the "Docker Hub Registry" application, which +needs to be added to the organization - and then applied to all users. -To check, or request access, go to your GitHub user's "Setting" page, select the -"Applications" section from the left side bar, then click the "View" button for +To verify or request access, go to your GitHub **Settings** page. Select the +**Applications** section from the left side bar, then click the **View** button for "Docker Hub Registry". ![Check User access to GitHub](images/gh-check-user-org-dh-app-access.png) -The organization's administrators may need to go to the Organization's "Third -party access" screen in "Settings" to grant or deny access to the Docker Hub +The organization's administrators may need to go to the Organization's **Third +party access** screen in **Settings** to grant or deny access to Docker Hub Registry application. This change applies to all organization members. ![Check Docker Hub application access to Organization](images/gh-check-admin-org-dh-app-access.png) More detailed access controls to specific users and GitHub repositories can be -managed using the GitHub "People and Teams" interfaces. +managed using the GitHub **People and Teams** interfaces. ## Creating an Automated Build @@ -102,8 +78,8 @@ Once you've selected the source repository, you can then configure: - The Hub user/org namespace the repository is built to - either your Docker ID name, or the name of any Hub organizations your account is in - The Docker repository name the image is built to - The description of the repository -- If the visibility of the Docker repository: "Public" or "Private" - You can change the accessibility options after the repository has been created. +- If the visibility of the Docker repository is "Public" or "Private", + you can change the accessibility options after the repository has been created. If you add a Private repository to a Hub user namespace, then you can only add other users as collaborators, and those users can view and pull all images in that repository. To configure more granular access permissions, such as using teams of @@ -111,23 +87,23 @@ Once you've selected the source repository, you can then configure: to add the Private repository to a Hub organization for which your user has Administrator privileges. - Enable or disable rebuilding the Docker image when a commit is pushed to the - GitHub repository. + GitHub repository You can also select one or more: -- The git branch/tag, -- A repository sub-directory to use as the context, +- The git branch/tag +- A repository sub-directory to use as the context - The Docker image tag name You can modify the description for the repository by clicking the "Description" section of the repository view. -The "Full Description" is over-written by the README.md file when the +The "Full Description" is overwritten by the **README.md** file when the next build is triggered. ## GitHub private submodules If your GitHub repository contains links to private submodules, your build fails. -Normally, the Docker Hub sets up a deploy key in your GitHub repository. +Normally, Docker Hub sets up a deploy key in your GitHub repository. Unfortunately, GitHub only allows a repository deploy key to access a single repository. @@ -178,26 +154,32 @@ build. -## GitHub service hooks +## GitHub webhook -A GitHub Service hook allows GitHub to notify the Docker Hub when something has -been committed to a given git repository. +A GitHub webhook allows GitHub to notify Docker Hub when something has +been committed to a given Git repository. -When you create an Automated Build from a GitHub user that has full "Public and -Private" linking, a Service Hook should get automatically added to your GitHub +When you create an Automated Build, a webhook should get automatically added to your GitHub repository. -If your GitHub account link to the Docker Hub is "Limited Access", then you -need to add the Service Hook manually. +To add, confirm, or modify the webhook, log in to GitHub, then navigate to +the repository. Within the repository, select **Settings > Webhooks**. +You must have admin privileges on the repository to view or modify +this setting. Click **Add webhook**, and use the following settings: -To add, confirm, or modify the service hook, log in to GitHub, then navigate to -the repository, click "Settings" (the gear), then select "Webhooks & Services". -You must have Administrator privileges on the repository to view or modify -this setting. -The image below shows the "Docker" Service Hook. +| Field | Value | +| ------|------ | +| Payload URL | https://registry.hub.docker.com/hooks/github | +| Content type | application/json | +| Which events would you like to trigger this webhook? | Just the push event | +| Active | checked | + +The image below shows the **Webhooks/Add webhook** form with the above settings reflected: + +![github-webhook-add](images/github-webhook-add.png) + +If configured correctly, you'll see this in the **Webhooks** view +![github-webhook](images/github-webhook.png) -![bitbucket-hooks](images/github-side-hook.png) -If you add the "Docker" service manually, make sure the "Active" checkbox is -selected and click the "Update service" button to save your changes. diff --git a/docker-hub/images/github-webhook-add.png b/docker-hub/images/github-webhook-add.png new file mode 100644 index 0000000000..fbefd67f6f Binary files /dev/null and b/docker-hub/images/github-webhook-add.png differ diff --git a/docker-hub/images/github-webhook.png b/docker-hub/images/github-webhook.png new file mode 100644 index 0000000000..519eed1171 Binary files /dev/null and b/docker-hub/images/github-webhook.png differ diff --git a/docker-hub/publish/certify-plugins-logging.md b/docker-hub/publish/certify-plugins-logging.md index 471c210ef1..e04e2716b1 100644 --- a/docker-hub/publish/certify-plugins-logging.md +++ b/docker-hub/publish/certify-plugins-logging.md @@ -552,7 +552,7 @@ if [[ $? -ne 0 ]]; then fi ####################################################################################################################################### -# Run a alpine container with the plugin and send data to it +# Run an alpine container with the plugin and send data to it ####################################################################################################################################### docker container run \ --rm \ diff --git a/docker-hub/publish/publisher_faq.md b/docker-hub/publish/publisher_faq.md index 6392759e94..991c8309af 100644 --- a/docker-hub/publish/publisher_faq.md +++ b/docker-hub/publish/publisher_faq.md @@ -1,6 +1,6 @@ --- description: Docker Hub frequently asked questions -keywords: Docker, docker, store, purchase images +keywords: Docker, docker, hub, purchase images title: Docker Hub Publisher FAQs --- @@ -25,7 +25,7 @@ Infrastructure, Images, and Plugins in more detail. Start by applying to be a Docker Technology Partner at https://goto.docker.com/partner and click on "Publisher". * Requires acceptance of partnership agreement for completion -* Identify content that can be listed on Store and includes a support offering +* Identify content that can be listed on Hub and includes a support offering * Test your image against Docker Certified Infrastructure version 17.03 and above (Plugins must run on 17.03 and above). * Submit your image for Certification through the publisher portal. Docker @@ -39,7 +39,7 @@ Publisher’s product page is updated to reflect Certified status. 1-2 weeks. -### Can we have a group of people work on the same product and publish to Store? (This replicates our internal workflow where more than one person is working on Dockerizing our product.) +### Can we have a group of people work on the same product and publish to Docker Hub? (This replicates our internal workflow where more than one person is working on Dockerizing our product.) Yes. You can submit your content as a team. @@ -94,7 +94,7 @@ We aim to have product listings published with the concept of versions, allowing *Documentation* maps to *Documentation Link* in the publish process. *Feedback* is provided via customer reviews. https://hub.docker.com/images/node?tab=reviews is an example. *Tier Description* is what you see once users get entitled to a plan. For instance, in https://hub.docker.com/images/openmaptiles-openstreetmap-maps/plans/f1fc533a-76f0-493a-80a1-4e0a2b38a563?tab=instructions `A detailed street map of any place on a planet. Evaluation and non-production use. Production use license available separately` is what this publisher entered in the Tier description -*Installation instructions* is documentation on installing your software. In this case the documentation is just `Just launch the container and the map is going to be available on port 80 - ready-to-use - with instructions and list of available styles.` (We recommend more details for any content thats a certification candidate). +*Installation instructions* is documentation on installing your software. In this case the documentation is just `Just launch the container and the map is going to be available on port 80 - ready-to-use - with instructions and list of available styles.` (We recommend more details for any content that's a certification candidate). ### How can I remove a submission? I don’t want to currently have this image published as it is missing several information. @@ -112,7 +112,7 @@ in the readme). ### Regarding source repo tags: it says not to use “latest”. However, if we want users to be able to download the images without specifying a tag, then presumably an image tagged “latest” is required. So how do we go about that? -You can not submit "latest" tags via the certification/store publish workflow. +You can not submit "latest" tags via the certification/hub publish workflow. The reason we do this is so that users are aware of the exact version they download. To make the user experience easy we have a copy widget that users can use to copy the pull command and paste in their command line. Here is a @@ -138,24 +138,24 @@ Here is a [screenshot](https://user-images.githubusercontent.com/2453622/3206729 ### If something is published as a free tier, for subscribed users only, does a user need to explicitly click Accept on the license terms for which we provide the link before they can download the image? Yes -### Do you have a license enforcement system for docker images sold on store? How are they protected, once they have been downloaded? What happens if a customer stop paying for the image I am selling after, let's say, 2 months? +### Do you have a license enforcement system for docker images sold on Docker Hub? How are they protected, once they have been downloaded? What happens if a customer stop paying for the image I am selling after, let's say, 2 months? We provide the following licensing option to customers: * Bring your own License or BYOL. The expectation is that the publisher would take care of License Keys within the container. The License Key itself can be presented to the customer via Docker -Store. We expect the Publisher to build short circuits into the container, so +Hub. We expect the Publisher to build short circuits into the container, so the container stops running once the License Key expires. Once a customer cancels, or if the customer subscription expires - the customer cannot -download updates from the Store. +download updates from Docker Hub. If a user cancels their subscription, they cannot download updates -from the Store. The container may continue running. If you have a licensing +from Docker Hub. The container may continue running. If you have a licensing scheme built into the container, the licensing scheme can be a forcing function and stop the container. (_We do not build anything into the container, it is up to the publisher_). -### How does a customer transition from a Trial to a Paid subscription? Question assumes these are two separate pulls from Store, or can they just drop in a license via Store? +### How does a customer transition from a Trial to a Paid subscription? Question assumes these are two separate pulls from Docker Hub, or can they just drop in a license via Docker Hub? Publisher can provide two different tokens or let customers use the same token and internally map the customer to a paid plan vs a free trial. diff --git a/docker-hub/repos.md b/docker-hub/repos.md index 1dcb4f91bf..01818ac40c 100644 --- a/docker-hub/repos.md +++ b/docker-hub/repos.md @@ -100,7 +100,7 @@ Now you can push this repository to the registry designated by its name or tag. $ docker push /: -The image is then uploaded and available for use by your team-mates and/or +The image is then uploaded and available for use by your teammates and/or the community. ## Stars diff --git a/ee/dtr/admin/monitor-and-troubleshoot/troubleshoot-batch-jobs.md b/ee/dtr/admin/monitor-and-troubleshoot/troubleshoot-batch-jobs.md index 10b8099516..5b522b3c87 100644 --- a/ee/dtr/admin/monitor-and-troubleshoot/troubleshoot-batch-jobs.md +++ b/ee/dtr/admin/monitor-and-troubleshoot/troubleshoot-batch-jobs.md @@ -76,7 +76,7 @@ Jobs can be in one of the following status: ## Job capacity -Each job runner has a limited capacity and won't claim jobs that require an +Each job runner has a limited capacity and won't claim jobs that require a higher capacity. You can see the capacity of a job runner using the `GET /api/v0/workers` endpoint: diff --git a/ee/dtr/release-notes.md b/ee/dtr/release-notes.md index b5e0ebfdc9..a99200787a 100644 --- a/ee/dtr/release-notes.md +++ b/ee/dtr/release-notes.md @@ -20,6 +20,17 @@ to upgrade your installation to the latest release. # Version 2.5 +## 2.5.6 (2018-10-25) + +### Bug Fixes +* Fixed a bug where Windows images could not be promoted. (docker/dhe-deploy#9215) +* Removed Python3 from base image. (docker/dhe-deploy#9219) +* Added CSP (docker/dhe-deploy#9366) +* Included foreign layers in scanned images. (docker/dhe-deploy#9488) +* Added dotnet.marsu to nautilus base image. (docker/dhe-deploy#9503) +* Backported ManifestList fixes. (docker/dhe-deploy#9547) +* Removed support sidebar link and associated content. (docker/dhe-deploy#9411) + ## 2.5.5 (2018-8-30) ### Bug Fixes @@ -161,6 +172,18 @@ specify `--log-protocol`. # Version 2.4 +## Version 2.4.7 + +(25 October 2018) + +### Bug Fixes +* Added CSP (Content Security Policy). (docker/dhe-deploy#9367 and docker/dhe-deploy#9584) +* Fixed critical vulnerability in RethinkDB. (docker/dhe-deploy#9574) + +### Changelog +* Patched security vulnerabilities in the load balancer. +* Patch packages and base OS to eliminate and address some critical vulnerabilities in DTR dependencies. + ## Version 2.4.6 (26 July 2018) diff --git a/ee/dtr/user/manage-images/override-a-vulnerability.md b/ee/dtr/user/manage-images/override-a-vulnerability.md index 00e6fe0aca..917a420fb6 100644 --- a/ee/dtr/user/manage-images/override-a-vulnerability.md +++ b/ee/dtr/user/manage-images/override-a-vulnerability.md @@ -14,7 +14,7 @@ In the **DTR web UI**, navigate to the repository that has been scanned. ![Tag list](../../images/override-vulnerability-1.png){: .with-border} Click **View details** for the image you want to see the scan results, and -and choose **Components** to see the vulnerabilities for each component packaged +choose **Components** to see the vulnerabilities for each component packaged in the image. Select the component with the vulnerability you want to ignore, navigate to the @@ -22,12 +22,13 @@ vulnerability, and click **hide**. ![Vulnerability list](../../images/override-vulnerability-2.png){: .with-border} -The vulnerability is hidden for the particular image and component. If this -vulnerability shows up in other images, it is still reported. +The vulnerability is hidden system-wide and will no longer be reported as a vulnerability +on other affected images with the same layer IDs or digests. -After dismissing a vulnerability, DTR won't re-evaluate the promotion policies +After dismissing a vulnerability, DTR will not reevaluate the promotion policies you have set up for the repository. -If you want the promotion policy to be re-evaluated for the image after hiding + +If you want the promotion policy to be reevaluated for the image after hiding a particular vulnerability, click **Promote**. ## Where to go next diff --git a/ee/dtr/user/promotion-policies/pull-mirror.md b/ee/dtr/user/promotion-policies/pull-mirror.md index 08576902ed..97e85a5ea0 100644 --- a/ee/dtr/user/promotion-policies/pull-mirror.md +++ b/ee/dtr/user/promotion-policies/pull-mirror.md @@ -43,7 +43,7 @@ the public key certificate for that certificate authority. You can get it by accessing `https:///ca`. Click **execute** and make sure you got an HTTP 201 response, signaling that the -the repository is polling the source repository every couple of minutes +repository is polling the source repository every couple of minutes ## Where to go next diff --git a/ee/dtr/user/promotion-policies/push-mirror.md b/ee/dtr/user/promotion-policies/push-mirror.md index 7f13848027..1f0163a015 100644 --- a/ee/dtr/user/promotion-policies/push-mirror.md +++ b/ee/dtr/user/promotion-policies/push-mirror.md @@ -91,7 +91,7 @@ with the policy, it automatically gets promoted. When an image is pushed to another registry using a mirroring policy, scanning and signing data is not persisted in the destination repository. -If you have scanning enable for the destination repository, DTR is going to scan +If you have scanning enabled for the destination repository, DTR is going to scan the image pushed. If you want the image to be signed, you need to do it manually. ## Where to go next diff --git a/ee/engine/release-notes.md b/ee/engine/release-notes.md index 29e720b771..9b50117cf1 100644 --- a/ee/engine/release-notes.md +++ b/ee/engine/release-notes.md @@ -19,6 +19,34 @@ it references. However, Docker EE also includes back-ported fixes defect fixes that you can use in environments where new features cannot be adopted as quickly for consistency and compatibility reasons. +## 18.03.1-ee-4 (2018-10-25) + +> Important notes about this release +> +> If you're deploying UCP or DTR, use Docker EE Engine 17.06. +{: .important} + +### Client + +- Fixed help message flags on `docker stack` commands and child commands. [docker/cli#1251](https://github.com/docker/cli/pull/1251) +- Fixed typo breaking zsh `docker update` autocomplete. [docker/cli#1232](https://github.com/docker/cli/pull/1232) + +### Networking + +- Added optimizations to reduce the messages in the NetworkDB queue. [docker/libnetwork#2225](https://github.com/docker/libnetwork/pull/2225) +- Fixed a very rare condition where managers are not correctly triggering the reconnection logic. [docker/libnetwork#2226](https://github.com/docker/libnetwork/pull/2226) +- Changed loglevel from ***error*** to ***warning*** for missing `disable_ipv6` file. [docker/libnetwork#2224](https://github.com/docker/libnetwork/pull/2224) + +### Runtime + +- Fixed denial of service with large numbers in `cpuset-cpus` and `cpuset-mems`. [moby/moby#37967](https://github.com/moby/moby/pull/37967) +- Added stability improvements for `devicemapper` shutdown. [moby/moby#36307](https://github.com/moby/moby/pull/36307) [moby/moby#36438](https://github.com/moby/moby/pull/36438) + +### Swarm Mode + +- Fixed the logic used for skipping over running tasks. [docker/swarmkit#2724](https://github.com/docker/swarmkit/pull/2724) +- Addressed unassigned task leak when a service is removed. [docker/swarmkit#2709](https://github.com/docker/swarmkit/pull/2709) + ## 18.03.1-ee-3 (2018-08-30) > Important notes about this release @@ -85,6 +113,25 @@ adopted as quickly for consistency and compatibility reasons. + Support for `--chown` with `COPY` and `ADD` in `Dockerfile`. + Add support for multiple logging drivers for `docker logs`. +## 17.06.2-ee-17 (2018-10-25) + +### Networking + +- Changed loglevel from ***error*** to ***warning*** for missing `disable_ipv6` file. [docker/libnetwork#2223](https://github.com/docker/libnetwork/pull/2223) +- Fixed subnet allocation to avoid reallocating recently freed subnets. [docker/libnetwork#2255](https://github.com/docker/libnetwork/pull/2255) +- Fixed libnetwork issue which caused errors to be returned when `iptables` or `firewalld` issues transient warnings. [docker/libnetwork#2218](https://github.com/docker/libnetwork/pull/2218) + +### Plugins + +- Fixed too many "Plugin not found" error messages. [moby/moby#36119](https://github.com/moby/moby/pull/36119) + +### Swarm mode + +- Added failed allocations retry immediately upon a deallocation to overcome IP exhaustion. [docker/swarmkit#2711](https://github.com/docker/swarmkit/pull/2711) +- Fixed leaking task resources. [docker/swarmkit#2755](https://github.com/docker/swarmkit/pull/2755) +- Fixed deadlock in dispatcher that could cause node to crash. [docker/swarmkit#2753](https://github.com/docker/swarmkit/pull/2753) + + ## 17.06.2-ee-16 (2018-07-26) ### Client diff --git a/ee/get-support.md b/ee/get-support.md index b64486e6eb..00db9c5bff 100644 --- a/ee/get-support.md +++ b/ee/get-support.md @@ -18,8 +18,11 @@ If you're unable to submit a new case using the support page, fill in the company email address. Docker Support engineers may ask you to provide a UCP support dump, which is an -archive that contains UCP system logs and diagnostic information. To obtain a -support dump: +archive that contains UCP system logs and diagnostic information. If a node is not joined to the cluster and healthy, the support dump from the web UI will not contain logs from the unhealthy node. For unhealthy nodes use the CLI to get a support dump. + +## Use the Web UI to get a support dump + +To get the support dump from the Web UI: 1. Log into the UCP web UI with an administrator account. 2. In the top-left menu, click your username and choose diff --git a/ee/ucp/admin/configure/external-auth/index.md b/ee/ucp/admin/configure/external-auth/index.md index 05d005d30f..562ff48b5b 100644 --- a/ee/ucp/admin/configure/external-auth/index.md +++ b/ee/ucp/admin/configure/external-auth/index.md @@ -141,6 +141,8 @@ Click **Yes** to enable integrating UCP users and teams with LDAP servers. | No simple pagination | If your LDAP server doesn't support pagination. | | Just-In-Time User Provisioning | Whether to create user accounts only when users log in for the first time. The default value of `true` is recommended. If you upgraded from UCP 2.0.x, the default is `false`. | +> **Note:** LDAP connections using certificates created with TLS v1.2 do not currently advertise support for sha512WithRSAEncryption in the TLS handshake which leads to issues establishing connections with some clients. Support for advertising sha512WithRSAEncryption will be added in UCP 3.1.0. + ![](../../../images/ldap-integration-1.png){: .with-border} Click **Confirm** to add your LDAP domain. diff --git a/ee/ucp/admin/configure/integrate-with-multiple-registries.md b/ee/ucp/admin/configure/integrate-with-multiple-registries.md index bc6c7e9e49..fdf19a4281 100644 --- a/ee/ucp/admin/configure/integrate-with-multiple-registries.md +++ b/ee/ucp/admin/configure/integrate-with-multiple-registries.md @@ -54,7 +54,7 @@ dtr_ca_url=${dtr_full_url}/ca dtr_host_address=${dtr_full_url#"https://"} dtr_host_address=${dtr_host_address%":443"} -# Create the registry configuration and save it it +# Create the registry configuration and save it cat < trust-dtr.toml [[registries]] diff --git a/ee/ucp/admin/configure/manage-and-deploy-private-images.md b/ee/ucp/admin/configure/manage-and-deploy-private-images.md index c16e4fac47..aae718da77 100644 --- a/ee/ucp/admin/configure/manage-and-deploy-private-images.md +++ b/ee/ucp/admin/configure/manage-and-deploy-private-images.md @@ -39,7 +39,7 @@ To push images to DTR, you need CLI access to a licensed installation of Docker EE. - [License your installation](license-your-installation.md). -- [Set up your Docker CLI](../../user-acccess/cli.md). +- [Set up your Docker CLI](../../user-access/cli.md). When you're set up for CLI-based access to a licensed Docker EE instance, you can push images to DTR. diff --git a/ee/ucp/admin/configure/ucp-configuration-file.md b/ee/ucp/admin/configure/ucp-configuration-file.md index 12c07ef8ff..158fe672f2 100644 --- a/ee/ucp/admin/configure/ucp-configuration-file.md +++ b/ee/ucp/admin/configure/ucp-configuration-file.md @@ -138,7 +138,7 @@ Settings for syncing users. ### auth.ldap.admin_sync_opts (optional) -Settings for syncing system admininistrator users. +Settings for syncing system administrator users. | Parameter | Required | Description | |:-----------------------|:---------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| diff --git a/ee/ucp/admin/install/install-on-azure.md b/ee/ucp/admin/install/install-on-azure.md index a49867950f..568eda70e8 100644 --- a/ee/ucp/admin/install/install-on-azure.md +++ b/ee/ucp/admin/install/install-on-azure.md @@ -126,7 +126,7 @@ Follow the steps below to configure multiple IP addresses per VM NIC. --secret=azure_ucp_admin.toml \ --log-driver json-file \ --log-opt max-size=1m \ - --env IPCOUNT=128 \ + --env IP_COUNT=128 \ --name ipallocator \ --constraint "node.platform.os == linux" \ docker4x/az-nic-ips diff --git a/ee/ucp/admin/install/system-requirements.md b/ee/ucp/admin/install/system-requirements.md index a52686a251..fad8028344 100644 --- a/ee/ucp/admin/install/system-requirements.md +++ b/ee/ucp/admin/install/system-requirements.md @@ -66,7 +66,7 @@ host types: | managers | TCP 2376 (configurable) | Internal | Port for the Docker Swarm manager. Used for backwards compatibility | | managers | TCP 2377 (configurable) | Internal, | Port for control communication between swarm nodes | | managers, workers | UDP 4789 | Internal, | Port for overlay networking | -| managers | TCP 6443 (configurable) | External, Internal | Port for Kubernetes API server | +| managers | TCP 6443 (configurable) | External, Internal | Port for Kubernetes API server endpoint | | managers, workers | TCP 6444 | Self | Port for Kubernetes API reverse proxy | | managers, workers | TCP, UDP 7946 | Internal | Port for gossip-based clustering | | managers, workers | TCP 10250 | Internal | Port for Kubelet | @@ -80,7 +80,7 @@ host types: | managers | TCP 12384 | Internal | Port for the authentication storage backend for replication across managers | | managers | TCP 12385 | Internal | Port for the authentication service API | | managers | TCP 12386 | Internal | Port for the authentication worker | -| managers | TCP 12387 | Internal | Port for the metrics service | +| managers | TCP 12388 | Internal | Internal Port for the Kubernetes API Server | ## Enable ESP traffic diff --git a/ee/ucp/images/interlock-install-3.png b/ee/ucp/images/interlock-install-3.png index 9ecc24f6fc..c7ea730e55 100644 Binary files a/ee/ucp/images/interlock-install-3.png and b/ee/ucp/images/interlock-install-3.png differ diff --git a/ee/ucp/interlock/architecture.md b/ee/ucp/interlock/architecture.md index 3b29d88561..e870987b39 100644 --- a/ee/ucp/interlock/architecture.md +++ b/ee/ucp/interlock/architecture.md @@ -22,9 +22,9 @@ routing in UCP: ![](../images/interlock-architecture-1.svg) -An Interlock service starts running on a manager node, an Interlock-extension -service starts running on a worker node, and two replicas of the -Interlock-proxy service run on worker nodes. +The Interlock service starts a single replica on a manager node. The +Interlock-extension service runs a single replica on any available node, and +the Interlock-proxy service starts two replicas on any available node. If you don't have any worker nodes in your cluster, then all Interlock components run on manager nodes. diff --git a/ee/ucp/interlock/deploy/index.md b/ee/ucp/interlock/deploy/index.md index 6cda7383c7..73d109d08d 100644 --- a/ee/ucp/interlock/deploy/index.md +++ b/ee/ucp/interlock/deploy/index.md @@ -7,7 +7,7 @@ keywords: routing, proxy To enable support for layer 7 routing, also known as HTTP routing mesh, log in to the UCP web UI as an administrator, navigate to the **Admin Settings** -page, and click the **Routing Mesh** option. Check the **Enable routing mesh** option. +page, and click the **Layer 7 Routing** option. Check the **Enable Layer 7 Routing** option. ![http routing mesh](../../images/interlock-install-3.png){: .with-border} diff --git a/ee/ucp/kubernetes/deploy-with-compose.md b/ee/ucp/kubernetes/deploy-with-compose.md index 64172cc844..406ec19207 100644 --- a/ee/ucp/kubernetes/deploy-with-compose.md +++ b/ee/ucp/kubernetes/deploy-with-compose.md @@ -7,7 +7,7 @@ redirect_from: --- Docker Enterprise Edition enables deploying [Docker Compose](/compose/overview.md/) -files to Kubernetes clusters. Starting in Compile file version 3.3, you use the +files to Kubernetes clusters. Starting in Compose file version 3.3, you use the same `docker-compose.yml` file that you use for Swarm deployments, but you specify **Kubernetes workloads** when you deploy the stack. The result is a true Kubernetes app. diff --git a/ee/ucp/kubernetes/layer-7-routing.md b/ee/ucp/kubernetes/layer-7-routing.md index c1d343e0b2..7baccfa6a9 100644 --- a/ee/ucp/kubernetes/layer-7-routing.md +++ b/ee/ucp/kubernetes/layer-7-routing.md @@ -105,7 +105,7 @@ spec: terminationGracePeriodSeconds: 60 containers: - name: default-http-backend - # Any image is permissable as long as: + # Any image is permissible as long as: # 1. It serves a 404 page at / # 2. It serves 200 on a /healthz endpoint image: gcr.io/google_containers/defaultbackend:1.4 diff --git a/ee/ucp/release-notes.md b/ee/ucp/release-notes.md index 325c33b321..b06b1e5902 100644 --- a/ee/ucp/release-notes.md +++ b/ee/ucp/release-notes.md @@ -20,6 +20,29 @@ upgrade your installation to the latest release. # Version 3.0 +## 3.0.6 (2018-10-25) + +**Bug fixes** + +* Core + + * Bumped Kubernetes version to 1.8.15. + * Fixed an issue where LDAP sync jobs would crash when handling an org admin search result which does not correspond to an existing user. (docker/escalation#784 #docker/escalation#888) + * Fixed an issue that caused RethinkDB client lock contention. (docker/escalation#902 and docker/escalation#906) + * Fixed an issue that prevented Azure IPAM from releasing addresses. (docker/escalation#815) + * Fixed an issue that caused installation of UCP on Azure to be unsuccessful. (docker/escalation#863) + * Fixed an issue that caused Interlock proxy service to keep restarting. (docker/escalation#814) + * Fixed an issue that prevented Kubernetes DNS from working. (docker/orca#14064 and docker/orca#11981) + * Fixed an issue that caused "Missing swarm placement constraints" warning banner to appear unnecessarily. (docker/orca#14539) + +* Security + + * Fixed `libcurl` vulnerability in RethinkDB image. (docker/orca#15169) + +* UI + + * Fixed an issue that prevented "Per User Limit" on Admin Settings from working. (docker/escalation#639) + ## 3.0.5 (2018-08-30) **Bug fixes** @@ -291,6 +314,17 @@ deprecated. Deploy your applications as Swarm services or Kubernetes workloads. # Version 2.2 +## Version 2.2.14 (2018-10-25) + +**Bug fixes** + +* Core + * Resolved an issue where LDAP sync jobs would crash when handling an org admin search result which does not correspond to an existing user. (docker/escalation#784 #docker/escalation#888) + * Fixed an issue that caused RethinkDB client lock contention. (docker/escalation#902 and docker/escalation#906) + +* UI + * Fixed an issue that prevented "Per User Limit" on Admin Settings from working. (docker/escalation#639) + ## Version 2.2.13 (2018-08-30) **Bug fixes** @@ -325,7 +359,7 @@ deprecated. Deploy your applications as Swarm services or Kubernetes workloads. * Fixee an issue where removing a worker node from the cluster would cause an etcd member to be removed on a manager node. * Upgraded `etcd` version to 2.3.8. * Fixed an issue that causes classic Swarm to provide outdated data. - * Fixed an issue that raises `ucp-kv` collection error with un-named volumes. + * Fixed an issue that raises `ucp-kv` collection error with unnamed volumes. * UI * Fixed an issue that causes UI to not parse volume options correctly. diff --git a/ee/ucp/ucp-architecture.md b/ee/ucp/ucp-architecture.md index c2f1d32e42..73e1aa635d 100644 --- a/ee/ucp/ucp-architecture.md +++ b/ee/ucp/ucp-architecture.md @@ -68,7 +68,7 @@ on a node depend on whether the node is a manager or a worker. Internally, UCP uses the following components: -* Calico 3.0.1 +* Calico 3.0.8 * Kubernetes 1.8.11 ### UCP components in manager nodes diff --git a/ee/ucp/user-access/cli.md b/ee/ucp/user-access/cli.md index 8ca3ea08a6..4d52ade24d 100644 --- a/ee/ucp/user-access/cli.md +++ b/ee/ucp/user-access/cli.md @@ -80,7 +80,7 @@ cd client-bundle; Import-Module .\env.ps1 -The client bundle utility scripts update the the environment variables +The client bundle utility scripts update the environment variables `DOCKER_HOST` to make your client tools communicate with your UCP deployment, and the `DOCKER_CERT_PATH` environment variable to use the client certificates that are included in the client bundle you downloaded. The utility scripts also diff --git a/engine/examples/dotnetcore.md b/engine/examples/dotnetcore.md index 4a05860d53..14a656d4f8 100644 --- a/engine/examples/dotnetcore.md +++ b/engine/examples/dotnetcore.md @@ -11,15 +11,15 @@ This example demonstrates how to dockerize an ASP.NET Core application. ## Why build ASP.NET Core? - [Open-source](https://github.com/aspnet/home) -- Develop and run your ASP.NET Core apps cross-platform on Windows, MacOS and +- Develop and run your ASP.NET Core apps cross-platform on Windows, MacOS, and Linux -- Great for modern cloud-based apps, such as web apps, IoT apps and mobile +- Great for modern cloud-based apps, such as web apps, IoT apps, and mobile backends - ASP.NET Core apps can run on [.NET Core](https://www.microsoft.com/net/core/platform) or on the full [.NET Framework](https://www.microsoft.com/net/framework) - Designed to provide an optimized development framework for apps that are - deployed to the cloud or run on-premise + deployed to the cloud or run on-premises - Modular components with minimal overhead retain flexibility while constructing your solutions @@ -90,7 +90,7 @@ $ docker run -d -p 8080:80 --name myapp aspnetapp directly. You can get the IP address of your container with the following steps: 1. Run `docker inspect -f "{% raw %}{{ .NetworkSettings.Networks.nat.IPAddress }}{% endraw %}" myapp` - 2. Copy the container ip address and paste into your browser. + 2. Copy the container IP address and paste into your browser. (For example, `172.16.240.197`) ## Further reading diff --git a/engine/examples/postgresql_service.md b/engine/examples/postgresql_service.md index b16ea7f9bd..6d3265bc7c 100644 --- a/engine/examples/postgresql_service.md +++ b/engine/examples/postgresql_service.md @@ -1,10 +1,10 @@ --- description: Running and installing a PostgreSQL service -keywords: docker, example, package installation, postgresql +keywords: docker, example, package installation, postgresql title: Dockerize PostgreSQL --- -## Installing PostgreSQL on Docker +## Install PostgreSQL on Docker Assuming there is no Docker image that suits your needs on the [Docker Hub](http://hub.docker.com), you can create one yourself. @@ -67,7 +67,7 @@ VOLUME ["/etc/postgresql", "/var/log/postgresql", "/var/lib/postgresql"] CMD ["/usr/lib/postgresql/9.3/bin/postgres", "-D", "/var/lib/postgresql/9.3/main", "-c", "config_file=/etc/postgresql/9.3/main/postgresql.conf"] ``` -Build an image from the Dockerfile assign it a name. +Build an image from the Dockerfile and assign it a name. ```bash $ docker build -t eg_postgresql . @@ -79,14 +79,14 @@ Run the PostgreSQL server container (in the foreground): $ docker run --rm -P --name pg_test eg_postgresql ``` -There are 2 ways to connect to the PostgreSQL server. We can use [*Link +There are two ways to connect to the PostgreSQL server. We can use [*Link Containers*](../userguide/networking/default_network/dockerlinks.md), or we can access it from our host (or the network). > **Note**: The `--rm` removes the container and its image when the container exits successfully. -### Using container linking +### Use container linking Containers can be linked to another container's ports directly using `-link remote_name:local_alias` in the client's @@ -99,7 +99,7 @@ $ docker run --rm -t -i --link pg_test:pg eg_postgresql bash postgres@7ef98b1b7243:/$ psql -h $PG_PORT_5432_TCP_ADDR -p $PG_PORT_5432_TCP_PORT -d docker -U docker --password ``` -### Connecting from your host system +### Connect from your host system Assuming you have the postgresql-client installed, you can use the host-mapped port to test as well. You need to use `docker ps` @@ -115,7 +115,7 @@ CONTAINER ID IMAGE COMMAND CREATED $ psql -h localhost -p 49153 -d docker -U docker --password ``` -### Testing the database +### Test the database Once you have authenticated and have a `docker =#` prompt, you can create a table and populate it. @@ -138,7 +138,7 @@ $ docker=# select * from cities; (1 row) ``` -### Using the container volumes +### Use the container volumes You can use the defined volumes to inspect the PostgreSQL log files and to backup your configuration and data: diff --git a/engine/examples/running_riak_service.md b/engine/examples/running_riak_service.md index b0c21d16a0..5cfa72687b 100644 --- a/engine/examples/running_riak_service.md +++ b/engine/examples/running_riak_service.md @@ -7,7 +7,7 @@ title: Dockerize a Riak service The goal of this example is to show you how to build a Docker image with Riak pre-installed. -## Creating a Dockerfile +## Create a Dockerfile Create an empty file called `Dockerfile`: diff --git a/engine/security/userns-remap.md b/engine/security/userns-remap.md index 23be0c9cdd..333e897156 100644 --- a/engine/security/userns-remap.md +++ b/engine/security/userns-remap.md @@ -245,6 +245,10 @@ for some of these limitations. To disable user namespaces for a specific container, add the `--userns=host` flag to the `docker container create`, `docker container run`, or `docker container exec` command. +There is a side effect when using this flag: user remapping will not be enabled for that container but, because the read-only (image) layers are shared between containers, ownership of the the containers filesystem will still be remapped. + +What this means is that the whole container filesystem will belong to the user specified in the `--userns-remap` daemon config (`231072` in the example above). This can lead to unexpected behavior of programs inside the container. For instance `sudo` (which checks that its binaries belong to user `0`) or binaries with a `setuid` flag. + ## User namespace known limitations The following standard Docker features are incompatible with running a Docker diff --git a/engine/swarm/how-swarm-mode-works/pki.md b/engine/swarm/how-swarm-mode-works/pki.md index 36ef4a1724..ed7b441c36 100644 --- a/engine/swarm/how-swarm-mode-works/pki.md +++ b/engine/swarm/how-swarm-mode-works/pki.md @@ -66,7 +66,7 @@ signed by the old root CA anymore. Run `docker swarm ca --rotate` to generate a new CA certificate and key. If you prefer, you can pass the `--ca-cert` and `--external-ca` flags to specify the -root certificate and and to use a root CA external to the swarm. Alternately, +root certificate and to use a root CA external to the swarm. Alternately, you can pass the `--ca-cert` and `--ca-key` flags to specify the exact certificate and key you would like the swarm to use. diff --git a/engine/swarm/services.md b/engine/swarm/services.md index 09190fe21e..44c2722a48 100644 --- a/engine/swarm/services.md +++ b/engine/swarm/services.md @@ -621,20 +621,20 @@ labels to ensure that your service is deployed to the appropriate swarm nodes. Use placement constraints to control the nodes a service can be assigned to. In the following example, the service only runs on nodes with the -[label](engine/swarm/manage-nodes.md#add-or-remove-label-metadata) -`region` set to `east`. If no appropriately-labelled nodes are available, -deployment fails. The `--constraint` flag uses an equality operator -(`==` or `!=`). For replicated services, it is possible that all services -run on the same node, or each node only runs one replica, or that some nodes -don't run any replicas. For global services, the service runs on every node -that meets the placement constraint and any -[resource requirements](#reserve-cpu-or-memory-for-a-service). +[label](manage-nodes.md#add-or-remove-label-metadata) `region` set +to `east`. If no appropriately-labelled nodes are available, tasks will wait in +`Pending` until they become available. The `--constraint` flag uses an equality +operator (`==` or `!=`). For replicated services, it is possible that all +services run on the same node, or each node only runs one replica, or that some +nodes don't run any replicas. For global services, the service runs on every +node that meets the placement constraint and any [resource +requirements](#reserve-cpu-or-memory-for-a-service). ```bash $ docker service create \ --name my-nginx \ --replicas 5 \ - --constraint region==east \ + --constraint node.labels.region==east \ nginx ``` @@ -648,9 +648,9 @@ all nodes where `region` is set to `east` and `type` is not set to `devel`: ```bash $ docker service create \ --name my-nginx \ - --global \ - --constraint region==east \ - --constraint type!=devel \ + --mode global \ + --constraint node.labels.region==east \ + --constraint node.labels.type!=devel \ nginx ``` @@ -696,7 +696,7 @@ $ docker service create \ > proportion to any of the other groups identified by a specific label > value. In a sense, a missing label is the same as having the label with > a null value attached to it. If the service should **only** run on -> nodes with the label being used for the the spread preference, the +> nodes with the label being used for the spread preference, the > preference should be combined with a constraint. You can specify multiple placement preferences, and they are processed in the diff --git a/get-started/part5.md b/get-started/part5.md index 63e64f22a4..2c7092d91b 100644 --- a/get-started/part5.md +++ b/get-started/part5.md @@ -244,7 +244,7 @@ Redis service. Be sure to replace `username/repo:tag` with your image details. 3. Make sure your shell is configured to talk to `myvm1` (full examples are [here](part4.md#configure-a-docker-machine-shell-to-the-swarm-manager)). - * Run `docker-machine ls` to list machines and make sure you are connected to `myvm1`, as indicated by an asterisk next it. + * Run `docker-machine ls` to list machines and make sure you are connected to `myvm1`, as indicated by an asterisk next to it. * If needed, re-run `docker-machine env myvm1`, then run the given command to configure the shell. diff --git a/install/linux/docker-ce/binaries.md b/install/linux/docker-ce/binaries.md index 051d0569c2..7f3fe62ca1 100644 --- a/install/linux/docker-ce/binaries.md +++ b/install/linux/docker-ce/binaries.md @@ -28,7 +28,7 @@ meets the prerequisites: - A 64-bit installation - Version 3.10 or higher of the Linux kernel. The latest version of the kernel - available for you platform is recommended. + available for your platform is recommended. - `iptables` version 1.4 or higher - `git` version 1.7 or higher - A `ps` executable, usually provided by `procps` or a similar package. diff --git a/install/linux/docker-ce/centos.md b/install/linux/docker-ce/centos.md index 77e410bbfe..aacf1d203f 100644 --- a/install/linux/docker-ce/centos.md +++ b/install/linux/docker-ce/centos.md @@ -201,7 +201,7 @@ steps. #### Upgrade Docker CE To upgrade Docker CE, follow the -[installation instructions](#install-docker), choosing the new version you want +[installation instructions](#install-docker-ce), choosing the new version you want to install. ### Install from a package diff --git a/install/linux/docker-ce/debian.md b/install/linux/docker-ce/debian.md index 3ca3eb80dd..9d670e98e5 100644 --- a/install/linux/docker-ce/debian.md +++ b/install/linux/docker-ce/debian.md @@ -243,7 +243,7 @@ from the repository. b. Install a specific version by its fully qualified package name, which is the package name (`docker-ce`) plus the version string (2nd column) up to - the first hyphen, separated by a an equals sign (`=`), for example, + the first hyphen, separated by an equals sign (`=`), for example, `docker-ce=18.03.0.ce`. ```bash @@ -280,7 +280,7 @@ steps. For Raspbian, you can optionally #### Upgrade Docker CE To upgrade Docker CE, first run `sudo apt-get update`, then follow the -[installation instructions](#install-docker), choosing the new version you want +[installation instructions](#install-docker-ce), choosing the new version you want to install. ### Install from a package diff --git a/install/linux/docker-ce/fedora.md b/install/linux/docker-ce/fedora.md index fcba95a6e9..00642ac815 100644 --- a/install/linux/docker-ce/fedora.md +++ b/install/linux/docker-ce/fedora.md @@ -11,7 +11,7 @@ toc_max: 4 To get started with Docker CE on Fedora, make sure you [meet the prerequisites](#prerequisites), then -[install Docker](#install-docker). +[install Docker](#install-docker-ce). ## Prerequisites @@ -192,7 +192,7 @@ steps. #### Upgrade Docker CE To upgrade Docker CE, follow the -[installation instructions](#install-docker), choosing the new version you want +[installation instructions](#install-docker-ce), choosing the new version you want to install. ### Install from a package diff --git a/install/linux/docker-ce/ubuntu.md b/install/linux/docker-ce/ubuntu.md index 1d6220d29e..522bff5161 100644 --- a/install/linux/docker-ce/ubuntu.md +++ b/install/linux/docker-ce/ubuntu.md @@ -33,7 +33,6 @@ To install Docker CE, you need the 64-bit version of one of these Ubuntu versions: - Bionic 18.04 (LTS) -- Artful 17.10 - Xenial 16.04 (LTS) - Trusty 14.04 (LTS) @@ -289,7 +288,7 @@ steps. #### Upgrade Docker CE To upgrade Docker CE, first run `sudo apt-get update`, then follow the -[installation instructions](#install-docker), choosing the new version you want +[installation instructions](#install-docker-ce), choosing the new version you want to install. ### Install from a package diff --git a/install/linux/docker-ee/oracle.md b/install/linux/docker-ee/oracle.md index 1f04060ce1..b4866b5593 100644 --- a/install/linux/docker-ee/oracle.md +++ b/install/linux/docker-ee/oracle.md @@ -53,14 +53,6 @@ $ sudo yum remove docker \ {% include ee-linux-install-reuse.md section="using-yum-repo" %} -{% capture selinux-warning %} -> Docker EE cannot install on {{ linux-dist-long }} with SELinux enabled -> -> If you have `selinux` enabled and you attempt to install Docker EE 17.06.1 or newer, you get an error that the `container-selinux` package cannot be found.. -{:.warning} -{% endcapture %} -{{ selinux-warning }} - ### Set up the repository {% include ee-linux-install-reuse.md section="set-up-yum-repo" %} diff --git a/install/linux/docker-ee/rhel.md b/install/linux/docker-ee/rhel.md index c5339cac05..900fec4921 100644 --- a/install/linux/docker-ee/rhel.md +++ b/install/linux/docker-ee/rhel.md @@ -32,7 +32,7 @@ This section lists what you need to consider before installing Docker EE. Items ### Architectures and storage drivers -Docker EE supports {{ linux-dist-long }} 64-bit, versions 7.1 and higher (7.1, 7.2, 7.3, 7.4), running on one of the following architectures: `x86_64`, `s390x` (IBM Z), or `ppc64le` (IBM Power, little endian format). To ensure you have `ppc64le` (and not `ppc64`), run the command, `uname -m`. +Docker EE supports {{ linux-dist-long }} 64-bit, versions 7.1 and higher (7.1, 7.2, 7.3, 7.4, 7.5), running on one of the following architectures: `x86_64`, `s390x` (IBM Z), or `ppc64le` (IBM Power, little endian format). To ensure you have `ppc64le` (and not `ppc64`), run the command, `uname -m`. > Little endian format only > diff --git a/install/linux/docker-ee/suse.md b/install/linux/docker-ee/suse.md index 346b311978..57d138a261 100644 --- a/install/linux/docker-ee/suse.md +++ b/install/linux/docker-ee/suse.md @@ -313,7 +313,7 @@ To upgrade Docker EE: 2. Run `sudo zypper refresh`. 3. Follow the - [installation instructions](#install-docker), choosing the new version you want + [installation instructions](#install-docker-ee), choosing the new version you want to install. ### Install from a package diff --git a/install/linux/docker-ee/ubuntu.md b/install/linux/docker-ee/ubuntu.md index ad66719488..731716960a 100644 --- a/install/linux/docker-ee/ubuntu.md +++ b/install/linux/docker-ee/ubuntu.md @@ -185,7 +185,7 @@ from the repository. $ sudo add-apt-repository \ "deb [arch=amd64] $DOCKER_EE_URL/ubuntu \ $(lsb_release -cs) \ - $DOCKER_EE_VERSION" + stable-17.06" ``` @@ -195,7 +195,7 @@ from the repository. $ sudo add-apt-repository \ "deb [arch=s390x] $DOCKER_EE_URL/ubuntu \ $(lsb_release -cs) \ - $DOCKER_EE_VERSION" + stable-17.06" ``` @@ -205,7 +205,7 @@ from the repository. $ sudo add-apt-repository \ "deb [arch=ppc64el] $DOCKER_EE_URL/ubuntu \ $(lsb_release -cs) \ - $DOCKER_EE_VERSION" + stable-17.06" ``` @@ -285,7 +285,7 @@ To upgrade Docker EE: 2. Run `sudo apt-get update`. 3. Follow the - [installation instructions](#install-docker), choosing the new version you want + [installation instructions](#install-docker-ee), choosing the new version you want to install. ### Install from a package diff --git a/install/linux/linux-postinstall.md b/install/linux/linux-postinstall.md index 2cb4de940f..3f1bf92d11 100644 --- a/install/linux/linux-postinstall.md +++ b/install/linux/linux-postinstall.md @@ -73,7 +73,7 @@ To create the `docker` group and add your user: ```bash $ sudo chown "$USER":"$USER" /home/"$USER"/.docker -R - $ sudo chmod g+rwx "/home/$USER/.docker" -R + $ sudo chmod g+rwx "$HOME/.docker" -R ``` ## Configure Docker to start on boot diff --git a/install/windows/docker-ee.md b/install/windows/docker-ee.md index ded7eaae94..ea09e55b33 100644 --- a/install/windows/docker-ee.md +++ b/install/windows/docker-ee.md @@ -158,8 +158,10 @@ Then open a new Powershell session for the update to take effect. To update Docker EE Engine to the most recent release, specify the `-RequiredVersion` and `-Update` flags: ```PowerShell -Install-Package -Name docker -ProviderName DockerMsftProvider -RequiredVersion 18.03 -Update -Force +Install-Package -Name docker -ProviderName DockerMsftProvider -RequiredVersion 18.03.1-ee-2 -Update -Force ``` +The required version must match any of the versions available in this json file: https://dockermsft.blob.core.windows.net/dockercontainer/DockerMsftIndex.json + ## Preparing a Docker EE Engine for use with UCP diff --git a/js/app.js b/js/app.js index 549de8b8b6..43bfcb6f7a 100644 --- a/js/app.js +++ b/js/app.js @@ -92,7 +92,7 @@ $(document).on('click', 'a[href*="#"]:not(.noanchor , .find_a_partner_section .c // find the target of the clicked anchor tag var targetBSR = $(this).find('a')[0].hash; var parentBSR = $(this); - // hide detail containers, not the the current target + // hide detail containers, not the current target $('.bsr-item-detail').not(targetBSR).hide(); // toggle current target detail container $(targetBSR).slideToggle(); diff --git a/machine/drivers/virtualbox.md b/machine/drivers/virtualbox.md index 63186007ff..49d24c2102 100644 --- a/machine/drivers/virtualbox.md +++ b/machine/drivers/virtualbox.md @@ -35,7 +35,7 @@ The size of the VM's disk can be configured this way: - `--virtualbox-hostonly-no-dhcp`: Disable the Host Only DHCP Server - `--virtualbox-import-boot2docker-vm`: The name of a Boot2Docker VM to import. - `--virtualbox-memory`: Size of memory for the host in MB. -- `--virtualbox-nat-nictype`: Specify the NAT Network Adapter Type. Possible values are are '82540EM' (Intel PRO/1000), 'Am79C973' (PCnet-FAST III) and 'virtio' Paravirtualized network adapter. +- `--virtualbox-nat-nictype`: Specify the NAT Network Adapter Type. Possible values are '82540EM' (Intel PRO/1000), 'Am79C973' (PCnet-FAST III) and 'virtio' Paravirtualized network adapter. - `--virtualbox-no-dns-proxy`: Disable proxying all DNS requests to the host (Boolean value, default to false) - `--virtualbox-no-share`: Disable the mount of your home directory - `--virtualbox-no-vtx-check`: Disable checking for the availability of hardware virtualization before the vm is started diff --git a/machine/examples/index.md b/machine/examples/index.md index 7d54bebcc0..c11cf5dc27 100644 --- a/machine/examples/index.md +++ b/machine/examples/index.md @@ -3,6 +3,5 @@ description: Examples of cloud installs keywords: docker, machine, amazonec2, azure, digitalocean, google, openstack, rackspace, softlayer, virtualbox, vmwarefusion, vmwarevcloudair, vmwarevsphere, exoscale title: Learn by example --- - - [Digital Ocean Example](ocean.md) - [AWS Example](aws.md) diff --git a/machine/examples/ocean.md b/machine/examples/ocean.md index 1fd0f0663c..300a8f1257 100644 --- a/machine/examples/ocean.md +++ b/machine/examples/ocean.md @@ -4,6 +4,25 @@ keywords: docker, machine, cloud, digital ocean title: Digital Ocean example --- +<<<<<<< HEAD +======= +> Try out Docker Cloud! +> +> We suggest using [Docker Cloud](https://cloud.docker.com/) as the +most up-to-date way to run Docker on your cloud providers. To get started, see +[Docker Cloud docs home page](/docker-cloud/index.md), [Docker Cloud Settings +and Docker ID](/docker-cloud/dockerid.md), and [Link a DigitalOcean account to +Docker Cloud](/docker-cloud/infrastructure/link-do.md). If you are running Edge +channel Docker for Mac or Windows, you can access your Docker Cloud account from +those Docker desktop applications. See Docker Cloud (Edge feature) on +[Mac](/docker-for-mac/index.md#docker-cloud-edge-feature) or +[Windows](/docker-for-windows/index.md#docker-cloud-edge-feature). +> +> Docker Machine still works as described below, but Docker Cloud +supersedes Machine for this purpose. +{: .important} + +>>>>>>> master Follow along with this example to create a Dockerized [Digital Ocean](https://digitalocean.com) Droplet (cloud host). ### Step 1. Create a Digital Ocean account diff --git a/machine/get-started-cloud.md b/machine/get-started-cloud.md index cd6e185e87..dc9d3e8b05 100644 --- a/machine/get-started-cloud.md +++ b/machine/get-started-cloud.md @@ -100,11 +100,11 @@ You can register an already existing docker host by passing the daemon url. With ## Use Machine to provision Docker Swarm clusters -> Swarm mode supercedes Docker Machine provisioning of swarm clusters +> Swarm mode supersedes Docker Machine provisioning of swarm clusters > > In previous releases, Docker Machine was used to provision swarm clusters, but this is legacy. [Swarm mode](/engine/swarm/index.md), built -into Docker Engine, supercedes Machine provisioning of swarm clusters. The +into Docker Engine, supersedes Machine provisioning of swarm clusters. The topics below show you how to get started with the new swarm mode. {: .important} diff --git a/network/network-tutorial-overlay.md b/network/network-tutorial-overlay.md index 613f519bb0..164476f6c8 100644 --- a/network/network-tutorial-overlay.md +++ b/network/network-tutorial-overlay.md @@ -73,7 +73,7 @@ such as EC2 security groups), and then to follow the At the end of this procedure, all three Docker hosts will be joined to the swarm and will be connected together using an overlay network called `ingress`. -1. On `master`. initialize the swarm. If the host only has one network +1. On `manager`. initialize the swarm. If the host only has one network interface, the `--advertise-addr` flag is optional. ```bash @@ -192,7 +192,7 @@ connect a service to each of them. 3. Run `docker service ls` to monitor the progress of service bring-up, which may take a few seconds. -4. Inspect the `nginx-net` network on `master`, `worker-1`, and `worker-2`. +4. Inspect the `nginx-net` network on `manager`, `worker-1`, and `worker-2`. Remember that you did not need to create it manually on `worker-1` and `worker-2` because Docker created it for you. The output will be long, but notice the `Containers` and `Peers` sections. `Containers` lists all @@ -295,7 +295,7 @@ open between the two Docker hosts: - TCP and UDP port 7946 - UDP port 4789 -One easy way to set this is up is to have two VMs (either local or on a cloud +One easy way to set this up is to have two VMs (either local or on a cloud provider like AWS), each with Docker installed and running. If you're using AWS or a similar cloud computing platform, the easiest configuration is to use a security group that opens all incoming ports between the two hosts and the SSH diff --git a/network/overlay.md b/network/overlay.md index 75af520eef..8b476c2d3d 100644 --- a/network/overlay.md +++ b/network/overlay.md @@ -241,9 +241,9 @@ When you connect to a published port on any swarm node (whether it is running a given service or not), you are redirected to a worker which is running that service, transparently. Effectively, Docker acts as a load balancer for your swarm services. Services using the routing mesh are running in _virtual IP (VIP) -mode_. Even a service running on each node (by means of the `--global` flag) -uses the routing mesh. When using the routing mesh, there is no guarantee about -which Docker node services client requests. +mode_. Even a service running on each node (by means of the `--mode global` +flag) uses the routing mesh. When using the routing mesh, there is no guarantee +about which Docker node services client requests. To bypass the routing mesh, you can start a service using _DNS Round Robin (DNSRR) mode_, by setting the `--endpoint-mode` flag to `dnsrr`. You must run diff --git a/notary/reference/client-config.md b/notary/reference/client-config.md index 439d9a3f8c..7fc29fadd9 100644 --- a/notary/reference/client-config.md +++ b/notary/reference/client-config.md @@ -125,7 +125,7 @@ but the pinned certificates take highest priority for validation, followed by the pinned CA, followed by TOFUS (TOFU over HTTPS). The diagram below describes this validation flow: -![validation flow](https://cdn.rawgit.com/docker/notary/27469f01fe244bdf70f34219616657b336724bc3/docs/images/trust-pinning-flow.png") +![validation flow](https://cdn.rawgit.com/docker/notary/27469f01fe244bdf70f34219616657b336724bc3/docs/images/trust-pinning-flow.png) Only one trust pinning option is used to validate a GUN even if multiple sections are specified, and any validation failure results in a failed @@ -176,6 +176,7 @@ passphrase. |`NOTARY_TARGETS_PASSPHRASE` | The targets (an online) key passphrase | |`NOTARY_SNAPSHOT_PASSPHRASE` | The snapshot (an online) key passphrase | |`NOTARY_DELEGATION_PASSPHRASE` | The delegation (an online) key passphrase | +|`NOTARY_AUTH` | The notary server credentials: `:` encoded in base64 | If provided, the passphrase in `NOTARY_DELEGATION_PASSPHRASE` diff --git a/notary/reference/signer-config.md b/notary/reference/signer-config.md index 4d9afc0889..d27b4dd122 100644 --- a/notary/reference/signer-config.md +++ b/notary/reference/signer-config.md @@ -157,7 +157,7 @@ Example: yes if not memory The the Data Source Name used to access the DB. - (include parseTime=true as part of the the DSN) + (include parseTime=true as part of the DSN) default_alias diff --git a/notary/running_a_service.md b/notary/running_a_service.md index db8a377f06..d4ab19ee3d 100644 --- a/notary/running_a_service.md +++ b/notary/running_a_service.md @@ -205,7 +205,7 @@ and using them in a production deployment is highly insecure. Notary is a user/client-based system, and it searches for certificates in the user's home directory, at `~/.docker/trust`. To streamline using Notary from the command line, create an alias that maps the user's `trust` directory to -the the system's `ca-certificates` directory. +the system's `ca-certificates` directory. ```bash $ alias notary="notary -s https:// -d ~/.docker/trust --tlscacert /usr/local/share/ca-certificates/.crt" diff --git a/reference/dtr/2.5/cli/install.md b/reference/dtr/2.5/cli/install.md index fd83c45f11..ad31b76f8c 100644 --- a/reference/dtr/2.5/cli/install.md +++ b/reference/dtr/2.5/cli/install.md @@ -48,7 +48,7 @@ Note: Use --ucp-ca "$(cat ca.pem)" instead of --ucp-insecure-tls for a productio | `--log-level` | $LOG_LEVEL | Log level for all container logs when logging to syslog. Default: INFO.The supported log levels are debug, info, warn, error, or fatal.. | | `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal.By default, DTR internal components log information using the logger specified in the Docker daemon in the node where the DTR replica is deployed. Use this option to send DTR logs to an external syslog system. The supported values are tcp, udp, and internal. Internal is the default option, stopping DTR from sending logs to an external system. Use this flag with --log-host. | | `--nfs-storage-url` | $NFS_STORAGE_URL | NFS to store Docker images. Format nfs:///.By default DTR creates a volume to store the Docker images in the local filesystem of the node where DTR is running, without high-availability. Use this flag to specify an NFS mount for DTR to store images, using the format nfs:///. To use this flag, you need to install an NFS client library like nfs-common in the node where you're deploying DTR. You can test this by running showmount -e . When you join new replicas, they will start using NFS so you don't need to use this flag. To reconfigure DTR to stop using NFS, leave this option empty. | -| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route throught the proxy. Format acme.com[, acme.org]. | +| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route through the proxy. Format acme.com[, acme.org]. | | `--overlay-subnet` | $DTR_OVERLAY_SUBNET | The subnet used by the dtr-ol overlay network. Example: 10.0.0.0/24.For high-availalibity, DTR creates an overlay network between UCP nodes. This flag allows you to choose the subnet for that network. Make sure the subnet you choose is not used on any machine where DTR replicas are deployed. | | `--replica-http-port` | $REPLICA_HTTP_PORT | The public HTTP port for the DTR replica. Default is 80.This allows you to customize the HTTP port where users can reach DTR. Once users access the HTTP port, they are redirected to use an HTTPS connection, using the port specified with --replica-https-port. This port can also be used for unencrypted health checks. | | `--replica-https-port` | $REPLICA_HTTPS_PORT | The public HTTPS port for the DTR replica. Default is 443.This allows you to customize the HTTPS port where users can reach DTR. Each replica can use a different port. | diff --git a/reference/dtr/2.5/cli/reconfigure.md b/reference/dtr/2.5/cli/reconfigure.md index 198f690b98..e017a5a82f 100644 --- a/reference/dtr/2.5/cli/reconfigure.md +++ b/reference/dtr/2.5/cli/reconfigure.md @@ -41,7 +41,7 @@ time, configure your DTR for high-availability. | `--log-level` | $LOG_LEVEL | Log level for all container logs when logging to syslog. Default: INFO.The supported log levels are debug, info, warn, error, or fatal.. | | `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal.By default, DTR internal components log information using the logger specified in the Docker daemon in the node where the DTR replica is deployed. Use this option to send DTR logs to an external syslog system. The supported values are tcp, udp, and internal. Internal is the default option, stopping DTR from sending logs to an external system. Use this flag with --log-host. | | `--nfs-storage-url` | $NFS_STORAGE_URL | NFS to store Docker images. Format nfs:///.By default DTR creates a volume to store the Docker images in the local filesystem of the node where DTR is running, without high-availability. Use this flag to specify an NFS mount for DTR to store images, using the format nfs:///. To use this flag, you need to install an NFS client library like nfs-common in the node where you're deploying DTR. You can test this by running showmount -e . When you join new replicas, they will start using NFS so you don't need to use this flag. To reconfigure DTR to stop using NFS, leave this option empty. | -| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route throught the proxy. Format acme.com[, acme.org]. | +| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route through the proxy. Format acme.com[, acme.org]. | | `--replica-http-port` | $REPLICA_HTTP_PORT | The public HTTP port for the DTR replica. Default is 80.This allows you to customize the HTTP port where users can reach DTR. Once users access the HTTP port, they are redirected to use an HTTPS connection, using the port specified with --replica-https-port. This port can also be used for unencrypted health checks. | | `--replica-https-port` | $REPLICA_HTTPS_PORT | The public HTTPS port for the DTR replica. Default is 443.This allows you to customize the HTTPS port where users can reach DTR. Each replica can use a different port. | | `--replica-rethinkdb-cache-mb` | $RETHINKDB_CACHE_MB | The maximum amount of space for rethinkdb in-memory cache use for the given replica in MB. diff --git a/reference/dtr/2.5/cli/restore.md b/reference/dtr/2.5/cli/restore.md index 4b7c11e87e..cdf8627ea1 100644 --- a/reference/dtr/2.5/cli/restore.md +++ b/reference/dtr/2.5/cli/restore.md @@ -55,7 +55,7 @@ DTR replicas for high availability. | `--log-level` | $LOG_LEVEL | Log level for all container logs when logging to syslog. Default: INFO.The supported log levels are debug, info, warn, error, or fatal.. | | `--log-protocol` | $LOG_PROTOCOL | The protocol for sending logs. Default is internal.By default, DTR internal components log information using the logger specified in the Docker daemon in the node where the DTR replica is deployed. Use this option to send DTR logs to an external syslog system. The supported values are tcp, udp, and internal. Internal is the default option, stopping DTR from sending logs to an external system. Use this flag with --log-host. | | `--nfs-storage-url` | $NFS_STORAGE_URL | NFS to store Docker images. Format nfs:///.By default DTR creates a volume to store the Docker images in the local filesystem of the node where DTR is running, without high-availability. Use this flag to specify an NFS mount for DTR to store images, using the format nfs:///. To use this flag, you need to install an NFS client library like nfs-common in the node where you're deploying DTR. You can test this by running showmount -e . When you join new replicas, they will start using NFS so you don't need to use this flag. To reconfigure DTR to stop using NFS, leave this option empty. | -| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route throught the proxy. Format acme.com[, acme.org]. | +| `--no-proxy` | $DTR_NO_PROXY | List of domains the proxy should not be used for.When using --http-proxy you can use this flag to specify a list of domains that you don't want to route through the proxy. Format acme.com[, acme.org]. | | `--replica-http-port` | $REPLICA_HTTP_PORT | The public HTTP port for the DTR replica. Default is 80.This allows you to customize the HTTP port where users can reach DTR. Once users access the HTTP port, they are redirected to use an HTTPS connection, using the port specified with --replica-https-port. This port can also be used for unencrypted health checks. | | `--replica-https-port` | $REPLICA_HTTPS_PORT | The public HTTPS port for the DTR replica. Default is 443.This allows you to customize the HTTPS port where users can reach DTR. Each replica can use a different port. | | `--replica-id` | $DTR_INSTALL_REPLICA_ID | Assign a 12-character hexadecimal ID to the DTR replica. Random by default. | diff --git a/reference/ucp/3.0/api/swagger-ui.js b/reference/ucp/3.0/api/swagger-ui.js index 207714d300..c9abd09ff8 100644 --- a/reference/ucp/3.0/api/swagger-ui.js +++ b/reference/ucp/3.0/api/swagger-ui.js @@ -2121,7 +2121,7 @@ SuperagentHttpClient.prototype.execute = function (obj) { } else if (res && obj.on && obj.on.response) { var possibleObj; - // Already parsed by by superagent? + // Already parsed by superagent? if(res.body && Object.keys(res.body).length > 0) { possibleObj = res.body; } else { @@ -12442,7 +12442,7 @@ var iframe, elemdisplay = {}; /** - * Retrieve the actual display of a element + * Retrieve the actual display of an element * @param {String} name nodeName of the element * @param {Object} doc Document object */ @@ -13862,7 +13862,7 @@ jQuery.fx.speeds = { }; -// Based off of the plugin by Clint Helfers, with permission. +// Based on the plugin by Clint Helfers, with permission. // http://blindsignals.com/index.php/2009/07/jquery-delay/ jQuery.fn.delay = function( time, type ) { time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time; @@ -26068,7 +26068,7 @@ var baseCreate = require('./baseCreate'), * @private * @param {*} value The value to wrap. * @param {boolean} [chainAll] Enable chaining for all wrapper methods. - * @param {Array} [actions=[]] Actions to peform to resolve the unwrapped value. + * @param {Array} [actions=[]] Actions to perform to resolve the unwrapped value. */ function LodashWrapper(value, chainAll, actions) { this.__wrapped__ = value; diff --git a/reference/ucp/3.0/api/swagger-ui.js.original b/reference/ucp/3.0/api/swagger-ui.js.original index 207714d300..c9abd09ff8 100644 --- a/reference/ucp/3.0/api/swagger-ui.js.original +++ b/reference/ucp/3.0/api/swagger-ui.js.original @@ -2121,7 +2121,7 @@ SuperagentHttpClient.prototype.execute = function (obj) { } else if (res && obj.on && obj.on.response) { var possibleObj; - // Already parsed by by superagent? + // Already parsed by superagent? if(res.body && Object.keys(res.body).length > 0) { possibleObj = res.body; } else { @@ -12442,7 +12442,7 @@ var iframe, elemdisplay = {}; /** - * Retrieve the actual display of a element + * Retrieve the actual display of an element * @param {String} name nodeName of the element * @param {Object} doc Document object */ @@ -13862,7 +13862,7 @@ jQuery.fx.speeds = { }; -// Based off of the plugin by Clint Helfers, with permission. +// Based on the plugin by Clint Helfers, with permission. // http://blindsignals.com/index.php/2009/07/jquery-delay/ jQuery.fn.delay = function( time, type ) { time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time; @@ -26068,7 +26068,7 @@ var baseCreate = require('./baseCreate'), * @private * @param {*} value The value to wrap. * @param {boolean} [chainAll] Enable chaining for all wrapper methods. - * @param {Array} [actions=[]] Actions to peform to resolve the unwrapped value. + * @param {Array} [actions=[]] Actions to perform to resolve the unwrapped value. */ function LodashWrapper(value, chainAll, actions) { this.__wrapped__ = value; diff --git a/registry/storage-drivers/index.md b/registry/storage-drivers/index.md index e8f612982e..9025bced11 100644 --- a/registry/storage-drivers/index.md +++ b/registry/storage-drivers/index.md @@ -31,7 +31,7 @@ validation of the `storagedriver.StorageDriver` interface. ## Driver selection and configuration -The preferred method of selecting a storage driver is using the `StorageDriverFactory` interface in the `storagedriver/factory` package. These factories provide a common interface for constructing storage drivers with a parameters map. The factory model is based off of the [Register](http://golang.org/pkg/database/sql/#Register) and [Open](http://golang.org/pkg/database/sql/#Open) methods in the builtin [database/sql](http://golang.org/pkg/database/sql) package. +The preferred method of selecting a storage driver is using the `StorageDriverFactory` interface in the `storagedriver/factory` package. These factories provide a common interface for constructing storage drivers with a parameters map. The factory model is based on the [Register](http://golang.org/pkg/database/sql/#Register) and [Open](http://golang.org/pkg/database/sql/#Open) methods in the builtin [database/sql](http://golang.org/pkg/database/sql) package. Storage driver factories may be registered by name using the `factory.Register` method, and then later invoked by calling `factory.Create` diff --git a/release-notes/docker-ce.md b/release-notes/docker-ce.md index 493c80f0e6..998516d2fc 100644 --- a/release-notes/docker-ce.md +++ b/release-notes/docker-ce.md @@ -20,6 +20,206 @@ Release notes for stable versions are listed first. You can # Stable releases +## 18.06.1-ce (2018-08-21) + +### Builder + +- Fix no error if build args are missing during docker build. [docker/engine#25](https://github.com/docker/engine/pull/25) ++ Set BuildKit's ExportedProduct variable to show useful errors. [docker/engine#21](https://github.com/docker/engine/pull/21) + +### Client + ++ Various shell completion script updates: [docker/cli#1229](https://github.com/docker/cli/pull/1229), + [docker/cli#1268](https://github.com/docker/cli/pull/1268), and [docker/cli#1272](https://github.com/docker/cli/pull/1272) +- Fix `DOCKER_CONFIG` warning message and fallback search. [docker/cli#1241](https://github.com/docker/cli/pull/1241) +- Fix help message flags on `docker stack` commands and sub-commands. [docker/cli#1267](https://github.com/docker/cli/pull/1267) + +### Runtime + +* Disable CRI plugin listening on port 10010 by default. [docker/engine#29](https://github.com/docker/engine/pull/29) +* Update containerd to v1.1.2. [docker/engine#33](https://github.com/docker/engine/pull/33) +- Windows: Do not invoke HCS shutdown if terminate called. [docker/engine#31](https://github.com/docker/engine/pull/31) +* Windows: Select polling-based watcher for Windows log watcher. [docker/engine#34](https://github.com/docker/engine/pull/34) + +### Swarm Mode + +- Fix the condition used for skipping over running tasks. [docker/swarmkit#2677](https://github.com/docker/swarmkit/pull/2677) +- Fix task sorting. [docker/swarmkit#2712](https://github.com/docker/swarmkit/pull/2712) + +## 18.06.0-ce (2018-07-18) + +### Important notes about this release + +- Docker 18.06 CE will be the last release with a 4-month maintenance lifecycle. The planned Docker 18.09 CE release will be supported for 7 months with Docker 19.03 CE being the next release in line. More details about the release process can be found [here](https://docs.docker.com/install/). + +### Builder + +* Builder: fix layer leak on multi-stage wildcard copy. [moby/moby#37178](https://github.com/moby/moby/pull/37178) +* Fix parsing of invalid environment variable substitution . [moby/moby#37134](https://github.com/moby/moby/pull/37134) +* Builder: use the arch info from base image. [moby/moby#36816](https://github.com/moby/moby/pull/36816) [moby/moby#37197](https://github.com/moby/moby/pull/37197) ++ New experimental builder backend based on [BuildKit](https://github.com/moby/buildkit). To enable, run daemon in experimental mode and set `DOCKER_BUILDKIT=1` environment variable on the docker CLI. [moby/moby#37151](https://github.com/moby/moby/pull/37151) [docker/cli#1111](https://github.com/docker/cli/pull/1111) +- Fix handling uppercase targets names in multi-stage builds. [moby/moby#36960](https://github.com/moby/moby/pull/36960) + +### Client + +* Bump spf13/cobra to v0.0.3, pflag to v1.0.1. [moby/moby#37106](https://github.com/moby/moby/pull/37106) +* Add support for the new Stack API for Kubernetes v1beta2. [docker/cli#899](https://github.com/docker/cli/pull/899) +* K8s: more robust stack error detection on deploy. [docker/cli#948](https://github.com/docker/cli/pull/948) +* Support for rollback config in compose 3.7. [docker/cli#409](https://github.com/docker/cli/pull/409) +* Update Cobra and pflag, and use built-in --version feature. [docker/cli#1069](https://github.com/docker/cli/pull/1069) +* Fix `docker stack deploy --prune` with empty name removing all services. [docker/cli#1088](https://github.com/docker/cli/pull/1088) +* [Kubernetes] stack services filters. [docker/cli#1023](https://github.com/docker/cli/pull/1023) ++ Only show orchestrator flag in root, stack and version commands in help. [docker/cli#1106](https://github.com/docker/cli/pull/1106) ++ Add an `Extras` field on the compose config types. [docker/cli#1126](https://github.com/docker/cli/pull/1126) ++ Add options to the compose loader. [docker/cli#1128](https://github.com/docker/cli/pull/1128) +- Fix always listing nodes in docker stack ps command on Kubernetes. [docker/cli#1093](https://github.com/docker/cli/pull/1093) +- Fix output being shown twice on stack rm error message. [docker/cli#1093](https://github.com/docker/cli/pull/1093) +* Extend client API with custom HTTP requests. [moby/moby#37071](https://github.com/moby/moby/pull/37071) +* Changed error message for unreadable files to clarify possibility of a .Dockerignore entry. [docker/cli#1053](https://github.com/docker/cli/pull/1053) +* Restrict kubernetes.allNamespaces value to 'enabled' or 'disabled' in configuration file. [docker/cli#1087](https://github.com/docker/cli/pull/1087) +* Check errors when initializing the docker client in the help command. [docker/cli#1119](https://github.com/docker/cli/pull/1119) +* Better namespace experience with Kubernetes. Fix using namespace defined in ~/.kube/config for stack commands. Add a NAMESPACE column for docker stack ls command. Add a --all-namespaces flag for docker stack ls command. [docker/cli#991](https://github.com/docker/cli/pull/991) +* Export Push and Save. [docker/cli#1123](https://github.com/docker/cli/pull/1123) +* Export pull as a public function. [docker/cli#1026](https://github.com/docker/cli/pull/1026) +* Remove Kubernetes commands from experimental. [docker/cli#1068](https://github.com/docker/cli/pull/1068) +* Adding configs/secrets to service inspect pretty. [docker/cli#1006](https://github.com/docker/cli/pull/1006) +- Fix service filtering by name on Kubernetes. [docker/cli#1101](https://github.com/docker/cli/pull/1101) +- Fix component information alignment in `docker version`. [docker/cli#1065](https://github.com/docker/cli/pull/1065) +- Fix cpu/memory limits and reservations being reset on service update. [docker/cli#1079](https://github.com/docker/cli/pull/1079) +* Manifest list: request specific permissions. [docker/cli#1024](https://github.com/docker/cli/pull/1024) +* Setting --orchestrator=all also sets --all-namespaces unless specific --namespace are set. [docker/cli#1059](https://github.com/docker/cli/pull/1059) +- Fix panics when --compress and --stream are used together. [docker/cli#1105](https://github.com/docker/cli/pull/1105) +* Switch from x/net/context to context. [docker/cli#1038](https://github.com/docker/cli/pull/1038) ++ Add --init option to `docker service create`. [docker/cli#479](https://github.com/docker/cli/pull/479) ++ Fixed bug displaying garbage output for build command when --stream and --quiet flags combined. [docker/cli#1090](https://github.com/docker/cli/pull/1090) ++ Add `init` support in 3.7 schema. [docker/cli#1129](https://github.com/docker/cli/pull/1129) +- Fix docker trust signer removal. [docker/cli#1112](https://github.com/docker/cli/pull/1112) +- Fix error message from docker inspect. [docker/cli#1071](https://github.com/docker/cli/pull/1071) +* Allow `x-*` extension on 3rd level objects. [docker/cli#1097](https://github.com/docker/cli/pull/1097) +* An invalid orchestrator now generates an error instead of being silently ignored. [docker/cli#1055](https://github.com/docker/cli/pull/1055) +* Added ORCHESTRATOR column to docker stack ls command. [docker/cli#973](https://github.com/docker/cli/pull/973) +* Warn when using host-ip for published ports for services. [docker/cli#1017](https://github.com/docker/cli/pull/1017) ++ Added the option to enable experimental cli features through the `DOCKER_CLI_EXPERIMENTAL` environment variable. [docker/cli#1138](https://github.com/docker/cli/pull/1138) ++ Add exec_die to the list of known container events. [docker/cli#1028](https://github.com/docker/cli/pull/1028) +* [K8s] Do env-variable expansion on the uninterpreted Config files. [docker/cli#974](https://github.com/docker/cli/pull/974) ++ Print warnings on stderr for each unsupported features while parsing a compose file for deployment on Kubernetes. [docker/cli#903](https://github.com/docker/cli/pull/903) ++ Added description about pids count. [docker/cli#1045](https://github.com/docker/cli/pull/1045) +- Warn user of filter when pruning. [docker/cli#1043](https://github.com/docker/cli/pull/1043) +- Fix `--rollback-*` options overwriting `--update-*` options. [docker/cli#1052](https://github.com/docker/cli/pull/1052) +* Update Attach, Build, Commit, Cp, Create subcommand fish completions. [docker/cli#1005](https://github.com/docker/cli/pull/1005) ++ Add bash completion for `dockerd --default-address-pool`. [docker/cli#1173](https://github.com/docker/cli/pull/1173) ++ Add bash completion for `exec_die` event. [docker/cli#1173](https://github.com/docker/cli/pull/1173) +* Update docker-credential-helper so `pass` is not called on every docker command. [docker/cli#1184](https://github.com/docker/cli/pull/1184) +* Fix for rotating swarm external CA. [docker/cli#1199](https://github.com/docker/cli/pull/1199) +* Improve version output alignment. [docker/cli#1207](https://github.com/docker/cli/pull/1207) ++ Add bash completion for `service create|update --init`. [docker/cli#1210](https://github.com/docker/cli/pull/1210) + +### Deprecation + +* Document reserved namespaces deprecation. [docker/cli#1040](https://github.com/docker/cli/pull/1040) + +### Logging + +* Allow awslogs to use non-blocking mode. [moby/moby#36522](https://github.com/moby/moby/pull/36522) +* Improve logging of long log lines on fluentd log driver.. [moby/moby#36159](https://github.com/moby/moby/pull/36159) +* Re-order CHANGELOG.md to pass `make validate` test. [moby/moby#37047](https://github.com/moby/moby/pull/37047) +* Update Events, Exec, Export, History, Images, Import, Inspect, Load, and Login subcommand fish completions. [docker/cli#1061](https://github.com/docker/cli/pull/1061) +* Update documentation for RingLogger's ring buffer. [moby/moby#37084](https://github.com/moby/moby/pull/37084) ++ Add metrics for log failures/partials. [moby/moby#37034](https://github.com/moby/moby/pull/37034) +- Fix logging plugin crash unrecoverable. [moby/moby#37028](https://github.com/moby/moby/pull/37028) +- Fix logging test type. [moby/moby#37070](https://github.com/moby/moby/pull/37070) +- Fix race conditions in logs API. [moby/moby#37062](https://github.com/moby/moby/pull/37062) +- Fix some issues in logfile reader and rotation. [moby/moby#37063](https://github.com/moby/moby/pull/37063) + +### Networking + +* Allow user to specify default address pools for docker networks. [moby/moby#36396](https://github.com/moby/moby/pull/36396) [docker/cli#818](https://github.com/docker/cli/pull/818) +* Adding logs for ipam state [doccker/libnetwork#2417](https://github.com/docker/libnetwork/pull/2147) +* Fix race conditions in the overlay network driver [doccker/libnetwork#2143](https://github.com/docker/libnetwork/pull/2143) +* Add wait time into xtables lock warning [doccker/libnetwork#2142](https://github.com/docker/libnetwork/pull/2142) +* filter xtables lock warnings when firewalld is active [doccker/libnetwork#2135](https://github.com/docker/libnetwork/pull/2135) +* Switch from x/net/context to context [doccker/libnetwork#2140](https://github.com/docker/libnetwork/pull/2140) +* Adding a recovery mechanism for a split gossip cluster [doccker/libnetwork#2134](https://github.com/docker/libnetwork/pull/2134) +* Running docker inspect on network attachment tasks now returns a full task object. [moby/moby#35246](https://github.com/moby/moby/pull/35246) +* Some container/network cleanups. [moby/moby#37033](https://github.com/moby/moby/pull/37033) +- Fix network inspect for overlay network. [moby/moby#37045](https://github.com/moby/moby/pull/37045) +* Improve Scalability of the Linux load balancing. [docker/engine#16](https://github.com/docker/engine/pull/16) +* Change log level from error to warning. [docker/engine#19](https://github.com/docker/engine/pull/19) + +### Runtime + +* Aufs: log why aufs is not supported. [moby/moby#36995](https://github.com/moby/moby/pull/36995) +* Hide experimental checkpoint features on Windows. [docker/cli#1094](https://github.com/docker/cli/pull/1094) +* Lcow: Allow the client to customize capabilities and device cgroup rules for LCOW containers. [moby/moby#37294](https://github.com/moby/moby/pull/37294) +* Changed path given for executable output in windows to actual location of executable output. [moby/moby#37295](https://github.com/moby/moby/pull/37295) ++ Add windows recycle bin test and update hcsshim to v0.6.11. [moby/moby#36994](https://github.com/moby/moby/pull/36994) +* Allow to add any args when doing a make run. [moby/moby#37190](https://github.com/moby/moby/pull/37190) +* Optimize ContainerTop() aka docker top. [moby/moby#37131](https://github.com/moby/moby/pull/37131) +- Fix compilation on 32bit machines. [moby/moby#37292](https://github.com/moby/moby/pull/37292) +* Update API version to v1 38. [moby/moby#37141](https://github.com/moby/moby/pull/37141) +- Fix `docker service update --host-add` does not update existing host entry. [docker/cli#1054](https://github.com/docker/cli/pull/1054) +- Fix swagger file type for ExecIds. [moby/moby#36962](https://github.com/moby/moby/pull/36962) +- Fix swagger volume type generation. [moby/moby#37060](https://github.com/moby/moby/pull/37060) +- Fix wrong assertion in volume/service package. [moby/moby#37211](https://github.com/moby/moby/pull/37211) +- Fix daemon panic on restart when a plugin is running. [moby/moby#37234](https://github.com/moby/moby/pull/37234) +* Construct and add 'LABEL' command from 'label' option to last stage. [moby/moby#37011](https://github.com/moby/moby/pull/37011) +- Fix race condition between exec start and resize.. [moby/moby#37172](https://github.com/moby/moby/pull/37172) +* Alternative failure mitigation of `TestExecInteractiveStdinClose`. [moby/moby#37143](https://github.com/moby/moby/pull/37143) +* RawAccess allows a set of paths to be not set as masked or readonly. [moby/moby#36644](https://github.com/moby/moby/pull/36644) +* Be explicit about github.com prefix being a legacy feature. [moby/moby#37174](https://github.com/moby/moby/pull/37174) +* Bump Golang to 1.10.3. [docker/cli#1122](https://github.com/docker/cli/pull/1122) +* Close ReadClosers to prevent xz zombies. [moby/moby#34218](https://github.com/moby/moby/pull/34218) +* Daemon.ContainerStop(): fix for a negative timeout. [moby/moby#36874](https://github.com/moby/moby/pull/36874) +* Daemon.setMounts(): copy slice in place. [moby/moby#36991](https://github.com/moby/moby/pull/36991) +* Describe IP field of swagger Port definition. [moby/moby#36971](https://github.com/moby/moby/pull/36971) +* Extract volume interaction to a volumes service. [moby/moby#36688](https://github.com/moby/moby/pull/36688) +* Fixed markdown formatting in docker image v1, v1.1, and v1.2 spec. [moby/moby#37051](https://github.com/moby/moby/pull/37051) +* Improve GetTimestamp parsing. [moby/moby#35402](https://github.com/moby/moby/pull/35402) +* Jsonmessage: pass message to aux callback. [moby/moby#37064](https://github.com/moby/moby/pull/37064) +* Overlay2: remove unused cdMountFrom() helper function. [moby/moby#37041](https://github.com/moby/moby/pull/37041) +- Overlay: Fix overlay storage-driver silently ignoring unknown storage-driver options. [moby/moby#37040](https://github.com/moby/moby/pull/37040) +* Remove some unused contrib items. [moby/moby#36977](https://github.com/moby/moby/pull/36977) +* Restartmanager: do not apply restart policy on created containers. [moby/moby#36924](https://github.com/moby/moby/pull/36924) +* Set item-type for ExecIDs. [moby/moby#37121](https://github.com/moby/moby/pull/37121) +* Use go-systemd const instead of magic string in Linux version of dockerd. [moby/moby#37136](https://github.com/moby/moby/pull/37136) +* Use stdlib TLS dialer. [moby/moby#36687](https://github.com/moby/moby/pull/36687) +* Warn when an engine label using a reserved namespace (com.docker.\*, io.docker.\*, or org.dockerproject.\*) is configured, as per https://docs.docker.com/config/labels-custom-metadata/. [moby/moby#36921](https://github.com/moby/moby/pull/36921) +- Fix missing plugin name in message. [moby/moby#37052](https://github.com/moby/moby/pull/37052) +- Fix link anchors in CONTRIBUTING.md. [moby/moby#37276](https://github.com/moby/moby/pull/37276) +- Fix link to Docker Toolbox. [moby/moby#37240](https://github.com/moby/moby/pull/37240) +- Fix mis-used skip condition. [moby/moby#37179](https://github.com/moby/moby/pull/37179) +- Fix bind mounts not working in some cases. [moby/moby#37031](https://github.com/moby/moby/pull/37031) +- Fix fd leak on attach. [moby/moby#37184](https://github.com/moby/moby/pull/37184) +- Fix fluentd partial detection. [moby/moby#37029](https://github.com/moby/moby/pull/37029) +- Fix incorrect link in version-history.md. [moby/moby#37049](https://github.com/moby/moby/pull/37049) +* Allow vim to be case insensitive for D in dockerfile. [moby/moby#37235](https://github.com/moby/moby/pull/37235) ++ Add `t.Name()` to tests so that service names are unique. [moby/moby#37166](https://github.com/moby/moby/pull/37166) ++ Add additional message when backendfs is extfs without d_type support. [moby/moby#37022](https://github.com/moby/moby/pull/37022) ++ Add api version checking for tests from new feature. [moby/moby#37169](https://github.com/moby/moby/pull/37169) ++ Add image metrics for push and pull. [moby/moby#37233](https://github.com/moby/moby/pull/37233) ++ Add support for `init` on services. [moby/moby#37183](https://github.com/moby/moby/pull/37183) ++ Add verification of escapeKeys array length in pkg/term/proxy.go. [moby/moby#36918](https://github.com/moby/moby/pull/36918) +* When link id is empty for overlay2, do not remove this link.. [moby/moby#36161](https://github.com/moby/moby/pull/36161) +- Fix build on OpenBSD by defining Self(). [moby/moby#37301](https://github.com/moby/moby/pull/37301) +- Windows: Fix named pipe support for hyper-v isolated containers. [docker/engine#2](https://github.com/docker/engine/pull/2) [docker/cli#1165](https://github.com/docker/cli/pull/1165) +- Fix manifest lists to always use correct size. [docker/cli#1183](https://github.com/docker/cli/pull/1183) +* Register OCI media types. [docker/engine#4](https://github.com/docker/engine/pull/4) +* Update containerd to v1.1.1 [docker/engine#17](https://github.com/docker/engine/pull/17) +* LCOW: Prefer Windows over Linux in a manifest list. [docker/engine#3](https://github.com/docker/engine/pull/3) +* Add updated `MaskPaths` that are used in code paths directly using containerd to address [CVE-2018-10892](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10892). [docker/engine#15](https://github.com/docker/engine/pull/15) +* Add `/proc/acpi` to masked paths to address [CVE-2018-10892](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10892). [docker/engine#14](https://github.com/docker/engine/pull/14) +- Fix bindmount autocreate race. [docker/engine#11](https://github.com/docker/engine/pull/11) + +### Swarm Mode + +* List stacks for both Swarm and Kubernetes with --orchestrator=all in docker stack ls. Allow several occurrences of --namespace for Kubernetes with docker stack ls. [docker/cli#1031](https://github.com/docker/cli/pull/1031) +* Bump SwarmKit to remove deprecated grpc metadata wrappers. [moby/moby#36905](https://github.com/moby/moby/pull/36905) +* Issue an error for --orchestrator=all when working on mismatched Swarm and Kubernetes hosts. [docker/cli#1035](https://github.com/docker/cli/pull/1035) +- Fix broken swarm commands with Kubernetes defined as orchestrator. "--orchestrator" flag is no longer global but local to stack commands and subcommands [docker/cli#1137](https://github.com/docker/cli/pull/1137) [docker/cli#1139](https://github.com/docker/cli/pull/1139) +* Bump swarmkit to include task reaper fixes and more metrics. [docker/engine#13](https://github.com/docker/engine/pull/13) +- Avoid a leak when a service with unassigned tasks is deleted. [docker/engine#27](https://github.com/docker/engine/pull/27) +- Fix racy batching on the dispatcher. [docker/engine#27](https://github.com/docker/engine/pull/27) + ## 18.03.1-ce (2018-04-26) ### Client @@ -204,7 +404,7 @@ Release notes for stable versions are listed first. You can - Update runc to fix hang during start and exec [moby/moby#36097](https://github.com/moby/moby/pull/36097) - Windows: Vendor of Microsoft/hcsshim @v.0.6.8 partial fix for import layer failing [moby/moby#35924](https://github.com/moby/moby/pull/35924) * Do not make graphdriver homes private mounts [moby/moby#36047](https://github.com/moby/moby/pull/36047) -* Use rslave propogation for mounts from daemon root [moby/moby#36055](https://github.com/moby/moby/pull/36055) +* Use rslave propagation for mounts from daemon root [moby/moby#36055](https://github.com/moby/moby/pull/36055) * Set daemon root to use shared mount propagation [moby/moby#36096](https://github.com/moby/moby/pull/36096) * Validate that mounted paths exist when container is started, not just during creation [moby/moby#35833](https://github.com/moby/moby/pull/35833) * Add `REMOVE` and `ORPHANED` to TaskState [moby/moby#36146](https://github.com/moby/moby/pull/36146) @@ -277,7 +477,7 @@ Release notes for stable versions are listed first. You can * `/dev` should not be readonly with `--readonly` flag [moby/moby#35344](https://github.com/moby/moby/pull/35344) + Add custom build-time Graphdrivers priority list [moby/moby#35522](https://github.com/moby/moby/pull/35522) * LCOW: CLI changes to add platform flag - pull, run, create and build [docker/cli#474](https://github.com/docker/cli/pull/474) -* Fix width/height on Windoes for `docker exec` [moby/moby#35631](https://github.com/moby/moby/pull/35631) +* Fix width/height on Windows for `docker exec` [moby/moby#35631](https://github.com/moby/moby/pull/35631) * Detect overlay2 support on pre-4.0 kernels [moby/moby#35527](https://github.com/moby/moby/pull/35527) * Devicemapper: remove container rootfs mountPath after umount [moby/moby#34573](https://github.com/moby/moby/pull/34573) * Disallow overlay/overlay2 on top of NFS [moby/moby#35483](https://github.com/moby/moby/pull/35483) @@ -545,7 +745,7 @@ Release notes for stable versions are listed first. You can + Add Support swarm-mode services with node-local networks such as macvlan, ipvlan, bridge, host [#32981](https://github.com/moby/moby/pull/32981) + Pass driver-options to network drivers on service creation [#32981](https://github.com/moby/moby/pull/33130) + Isolate Swarm Control-plane traffic from Application data traffic using --data-path-addr [#32717](https://github.com/moby/moby/pull/32717) -* Several improvments to Service Discovery [#docker/libnetwork/1796](https://github.com/docker/libnetwork/pull/1796) +* Several improvements to Service Discovery [#docker/libnetwork/1796](https://github.com/docker/libnetwork/pull/1796) ### Packaging diff --git a/release-notes/docker-compose.md b/release-notes/docker-compose.md index 707d3f2a88..d4a72da42b 100644 --- a/release-notes/docker-compose.md +++ b/release-notes/docker-compose.md @@ -5,6 +5,90 @@ keywords: release notes, compose toc_max: 2 --- +## 1.23.1 (2018-11-01) + +### Bug Fixes + +- Fixed a bug where working with containers created with a version of Compose earlier than `1.23.0` + would cause unexpected crashes. + +- Fixed an issue where the behavior of the `--project-directory` flag would + vary depending on which subcommand was used. + +## 1.23.0 (2018-10-30) + +### Important note + +The default naming scheme for containers created by Compose in this version +has changed from `__` to +`___`, where `` is a randomly-generated +hexadecimal string. Please make sure to update scripts relying on the old +naming scheme accordingly before upgrading. + +### Features + +- Logs for containers restarting after a crash will now appear in the output + of the `up` and `logs` commands. + +- Added `--hash` option to the `docker-compose config` command, allowing users + to print a hash string for each service's configuration to facilitate rolling + updates. + +- Added `--parallel` flag to the `docker-compose build` command, allowing + Compose to build up to 5 images simultaneously. + +- Output for the `pull` command now reports status / progress even when pulling + multiple images in parallel. + +- For images with multiple names, Compose will now attempt to match the one + present in the service configuration in the output of the `images` command. + +### Bug Fixes + +- Fixed an issue where parallel `run` commands for the same service would fail due to name + collisions. + +- Fixed an issue where paths longer than 260 characters on Windows clients would + cause `docker-compose build` to fail. + +- Fixed a bug where attempting to mount `/var/run/docker.sock` with + Docker Desktop for Windows would result in failure. + +- The `--project-directory` option is now used by Compose to determine where to + look for the `.env` file. + +- `docker-compose build` no longer fails when attempting to pull an image with + credentials provided by the ***gcloud credential helper***. + +- Fixed the `--exit-code-from` option in `docker-compose up` to always report + the actual exit code even when the watched container is not the cause of the + exit. + +- Fixed an issue that would prevent recreating a service in some cases where + a volume would be mapped to the same mountpoint as a volume declared within the Dockerfile for that image. + +- Fixed a bug that caused hash configuration with multiple networks to be + inconsistent, causing some services to be unnecessarily restarted. + +- Fixed a bug that would cause failures with variable substitution for services + with a name containing one or more dot characters. + +- Fixed a pipe handling issue when using the containerized version of Compose. + +- Fixed a bug causing `external: false` entries in the Compose file to be + printed as `external: true` in the output of `docker-compose config`. + +- Fixed a bug where issuing a `docker-compose pull` command on services + without a defined image key would cause Compose to crash. + +- Volumes and binds are now mounted in the order they are declared in the + service definition. + +### Miscellaneous + +- The `zsh` completion script has been updated with new options, and no + longer suggests container names where service names are expected. + ## 1.22.0 (2018-07-17) ### New features @@ -26,7 +110,7 @@ toc_max: 2 - Added support for extension fields in service, network, and volume configurations -### Bugfixes +### Bug Fixes - Fixed a bug that prevented deployment with some Compose files when `DOCKER_DEFAULT_PLATFORM` was set @@ -60,14 +144,14 @@ toc_max: 2 ## 1.21.2 (2018-05-03) -### Bugfixes +### Bug Fixes -- Fixed a bug where the ip_range attirbute in IPAM configs was prevented +- Fixed a bug where the ip_range attribute in IPAM configs was prevented from passing validation ## 1.21.1 (2018-04-27) -### Bugfixes +### Bug Fixes - In 1.21.0, we introduced a change to how project names are sanitized for internal use in resource names. This caused issues when manipulating an @@ -132,7 +216,7 @@ toc_max: 2 - `docker-compose build` now supports the use of Dockerfile from outside the build context. -### Bugfixes +### Bug Fixes - Compose now checks that the volume's configuration matches the remote volume, and errors out if a mismatch is detected. @@ -203,7 +287,7 @@ toc_max: 2 - Added the long-form `--detach` option to the `exec`, `run` and `up` commands -### Bugfixes +### Bug Fixes - Fixed `.dockerignore` handling, notably with regard to absolute paths and last-line precedence rules @@ -275,7 +359,7 @@ toc_max: 2 preventing Compose from recovering volume data from previous containers for anonymous volumes -- Added limit for number of simulatenous parallel operations, which should +- Added limit for number of simultaneous parallel operations, which should prevent accidental resource exhaustion of the server. Default is 64 and can be configured using the `COMPOSE_PARALLEL_LIMIT` environment variable @@ -292,7 +376,7 @@ toc_max: 2 - Bash completion should now be able to better differentiate between running, stopped and paused services -### Bugfixes +### Bug Fixes - Fixed a bug that would cause the `build` command to report a connection error when the build context contained unreadable files or FIFO objects. @@ -375,7 +459,7 @@ toc_max: 2 - Setting `stop_grace_period` in service definitions now also sets the container's `stop_timeout` -### Bugfixes +### Bug Fixes - Fixed an issue where Compose was still handling service hostname according to legacy engine behavior, causing hostnames containing dots to be cut up @@ -444,7 +528,7 @@ toc_max: 2 resources (networks, volumes, containers) without starting services. The `create` command is deprecated in favor of this new option -### Bugfixes +### Bug Fixes - Fixed a bug where `extra_hosts` values would be overridden by extension files instead of merging together @@ -496,7 +580,7 @@ toc_max: 2 - Added new CLI flag `--no-ansi` to suppress ANSI control characters in output -### Bugfixes +### Bug Fixes - Fixed a bug where nested `extends` instructions weren't resolved properly, causing "file not found" errors @@ -551,10 +635,10 @@ toc_max: 2 - Some improvements to CLI output -### Bugfixes +### Bug Fixes - Volumes specified through the `--volume` flag of `docker-compose run` now - complement volumes declared in the service's defintion instead of replacing + complement volumes declared in the service's definition instead of replacing them - Fixed a bug where using multiple Compose files would unset the scale value @@ -603,7 +687,7 @@ toc_max: 2 - Differences in labels between the Compose file and remote network will now print a warning instead of preventing redeployment. -### Bugfixes +### Bug Fixes - Fixed a bug where service's dependencies were being rescaled to their default scale when running a `docker-compose run` command @@ -654,7 +738,7 @@ toc_max: 2 - Added support for `options` in the `ipam` section of network definitions -### Bugfixes +### Bug Fixes - Fixed a bug where paths provided to compose via the `-f` option were not being resolved properly @@ -748,7 +832,7 @@ toc_max: 2 - Added support for port range to single port in port mappings, such as `8000-8010:80`. -### Bugfixes +### Bug Fixes - `docker-compose run --rm` now removes anonymous volumes after execution, matching the behavior of `docker run --rm`. @@ -782,7 +866,7 @@ toc_max: 2 ## 1.11.2 (2017-02-17) -### Bugfixes +### Bug Fixes - Fixed a bug that was preventing secrets configuration from being loaded properly @@ -802,7 +886,7 @@ toc_max: 2 ## 1.11.1 (2017-02-09) -### Bugfixes +### Bug Fixes - Fixed a bug where the 3.1 file format was not being recognized as valid by the Compose parser @@ -822,7 +906,7 @@ toc_max: 2 - Introduced the `docker-compose top` command that displays processes running for the different services managed by Compose. -### Bugfixes +### Bug Fixes - Fixed a bug where extending a service defining a healthcheck dictionary would cause `docker-compose` to error out. @@ -832,7 +916,7 @@ toc_max: 2 ## 1.10.1 (2017-02-01) -### Bugfixes +### Bug Fixes - Fixed an issue where presence of older versions of the docker-py package would cause unexpected crashes while running Compose @@ -882,7 +966,7 @@ toc_max: 2 - Added support for the `stop_grace_period` option in service definitions. -### Bugfixes +### Bug Fixes - Colored output now works properly on Windows. @@ -909,7 +993,7 @@ toc_max: 2 environment variable `COMPOSE_CONVERT_WINDOWS_PATHS=1`. Users of Docker for Windows are not affected and do not need to set the variable. -New Features +### New Features - Interactive mode for `docker-compose run` and `docker-compose exec` is now supported on Windows platforms. The `docker` binary @@ -936,7 +1020,7 @@ New Features - Overriding a `logging` configuration will now properly merge the `options` mappings if the `driver` values do not conflict. -Bug Fixes +### Bug Fixes - Fixed several bugs related to `npipe` protocol support on Windows. diff --git a/release-notes/docker-engine.md b/release-notes/docker-engine.md index 5bdf4ebc16..aee826f57a 100644 --- a/release-notes/docker-engine.md +++ b/release-notes/docker-engine.md @@ -842,7 +842,7 @@ installing docker, make sure to update them accordingly. + Add security options to `docker info` output [#21172](https://github.com/docker/docker/pull/21172) [#23520](https://github.com/docker/docker/pull/23520) + Add insecure registries to `docker info` output [#20410](https://github.com/docker/docker/pull/20410) + Extend Docker authorization with TLS user information [#21556](https://github.com/docker/docker/pull/21556) -+ devicemapper: expose Mininum Thin Pool Free Space through `docker info` [#21945](https://github.com/docker/docker/pull/21945) ++ devicemapper: expose Minimum Thin Pool Free Space through `docker info` [#21945](https://github.com/docker/docker/pull/21945) * API now returns a JSON object when an error occurs making it more consistent [#22880](https://github.com/docker/docker/pull/22880) - Prevent `docker run -i --restart` from hanging on exit [#22777](https://github.com/docker/docker/pull/22777) - Fix API/CLI discrepancy on hostname validation [#21641](https://github.com/docker/docker/pull/21641) diff --git a/storage/bind-mounts.md b/storage/bind-mounts.md index ebd31e6993..db7c2708b0 100644 --- a/storage/bind-mounts.md +++ b/storage/bind-mounts.md @@ -90,7 +90,7 @@ you, but generates an error. ## Start a container with a bind mount Consider a case where you have a directory `source` and that when you build the -source code, the artifacts are saved into another directory `source/target/`. +source code, the artifacts are saved into another directory, `source/target/`. You want the artifacts to be available to the container at `/app/`, and you want the container to get access to a new build each time you build the source on your development host. Use the following command to bind-mount the `target/` diff --git a/storage/storagedriver/aufs-driver.md b/storage/storagedriver/aufs-driver.md index 87d7df726a..a184f4989b 100644 --- a/storage/storagedriver/aufs-driver.md +++ b/storage/storagedriver/aufs-driver.md @@ -32,7 +32,6 @@ potential performance advantages over the `aufs` storage driver. `ecryptfs`. This means that the filesystem which contains `/var/lib/docker/aufs` cannot be one of these filesystem types. - ## Configure Docker with the `aufs` storage driver If the AUFS driver is loaded into the kernel when you start Docker, and no other @@ -66,13 +65,13 @@ storage driver is configured, Docker uses it by default. `/etc/docker/daemon.json` or the output of `ps auxw | grep dockerd` to see if Docker has been started with the `--storage-driver` flag. - ## How the `aufs` storage driver works AUFS is a *union filesystem*, which means that it layers multiple directories on a single Linux host and presents them as a single directory. These directories are called _branches_ in AUFS terminology, and _layers_ in Docker terminology. -The unification process is referred to a a _union mount_. + +The unification process is referred to as a _union mount_. The diagram below shows a Docker container based on the `ubuntu:latest` image. @@ -228,7 +227,6 @@ The following generic performance best practices also apply to AUFS. ## Related information -* [Volumes](/storage/volumes.md) -* [Understand images, containers, and storage drivers](imagesandcontainers.md) -* [Select a storage driver](selectadriver.md) - +- [Volumes](/storage/volumes.md) +- [Understand images, containers, and storage drivers](imagesandcontainers.md) +- [Select a storage driver](selectadriver.md) diff --git a/storage/storagedriver/index.md b/storage/storagedriver/index.md index 28aa20d9cf..ec7ea38565 100644 --- a/storage/storagedriver/index.md +++ b/storage/storagedriver/index.md @@ -15,10 +15,10 @@ information to make informed choices about the best way to persist data from your applications and avoid performance problems along the way. Storage drivers allow you to create data in the writable layer of your container. -The files won't be persisted after the container stops, and both read and +The files won't be persisted after the container is deleted, and both read and write speeds are low. -[Learn how to use volumes](../index.md) to persist data and improve performance. +[Learn how to use volumes](../volumes.md) to persist data and improve performance. ## Images and layers @@ -33,7 +33,7 @@ RUN make /app CMD python /app/app.py ``` -This Dockerfile contains four commands, each of which creates a layer. The +This Dockerfile contains four commands, each of which creates a layer. The `FROM` statement starts out by creating a layer from the `ubuntu:15.04` image. The `COPY` command adds some files from your Docker client's current directory. The `RUN` command builds your application using the `make` command. Finally, @@ -82,7 +82,7 @@ To view the approximate size of a running container, you can use the `docker ps command. Two different columns relate to size. - `size`: the amount of data (on disk) that is used for the writable layer of - each container + each container. - `virtual size`: the amount of data used for the read-only image data used by the container plus the container's writable layer `size`. @@ -143,8 +143,8 @@ Status: Downloaded newer image for ubuntu:15.04 Each of these layers is stored in its own directory inside the Docker host's local storage area. To examine the layers on the filesystem, list the contents -of `/var/lib/docker//layers/`. This example uses `aufs`, which -is the default storage driver: +of `/var/lib/docker//layers/`. This example uses the `aufs` +storage driver: ```bash $ ls /var/lib/docker/aufs/layers @@ -292,8 +292,8 @@ layer. This means that the writable layer is as small as possible. When an existing file in a container is modified, the storage driver performs a copy-on-write operation. The specifics steps involved depend on the specific -storage driver. For the default `aufs` driver and the `overlay` and `overlay2` -drivers, the copy-on-write operation follows this rough sequence: +storage driver. For the `aufs`, `overlay`, and `overlay2` drivers, the +copy-on-write operation follows this rough sequence: * Search through the image layers for the file to update. The process starts at the newest layer and works down to the base layer one layer at a time. diff --git a/storage/storagedriver/overlayfs-driver.md b/storage/storagedriver/overlayfs-driver.md index 95ae3d4b7d..3c8092dd18 100644 --- a/storage/storagedriver/overlayfs-driver.md +++ b/storage/storagedriver/overlayfs-driver.md @@ -269,7 +269,7 @@ for `overlay2`. OverlayFS layers two directories on a single Linux host and presents them as a single directory. These directories are called _layers_ and the unification -process is referred to a a _union mount_. OverlayFS refers to the lower directory +process is referred to as a _union mount_. OverlayFS refers to the lower directory as `lowerdir` and the upper directory a `upperdir`. The unified view is exposed through its own directory called `merged`. diff --git a/storage/storagedriver/zfs-driver.md b/storage/storagedriver/zfs-driver.md index 7f633d1a71..a439d897d1 100644 --- a/storage/storagedriver/zfs-driver.md +++ b/storage/storagedriver/zfs-driver.md @@ -27,7 +27,7 @@ use unless you have substantial experience with ZFS on Linux. ## Prerequisites -- ZFS requires one or more dedicated block devices, preferrably solid-state +- ZFS requires one or more dedicated block devices, preferably solid-state drives (SSDs). - ZFS is only supported on Docker CE with Ubuntu 14.04 or higher, with the `zfs` package (16.04 and higher) or `zfs-native` and `ubuntu-zfs` packages (14.04) @@ -42,7 +42,7 @@ use unless you have substantial experience with ZFS on Linux. - Changing the storage driver makes any containers you have already created inaccessible on the local system. Use `docker save` to save containers, and push existing images to Docker Hub or a private repository, so that you - not need to re-create them later. + do not need to re-create them later. ## Configure Docker with the `zfs` storage driver diff --git a/storage/tmpfs.md b/storage/tmpfs.md index f1818e776d..faf1326012 100644 --- a/storage/tmpfs.md +++ b/storage/tmpfs.md @@ -38,7 +38,7 @@ the `--mount` flag was used for swarm services. However, starting with Docker `--tmpfs` flag does not support any configurable options. - **`--tmpfs`**: Mounts a `tmpfs` mount without allowing you to specify any - configurable options, and can only be used with standalone containers. + configurable options, and can only be used with standalone containers. - **`--mount`**: Consists of multiple key-value pairs, separated by commas and each consisting of a `=` tuple. The `--mount` syntax is more verbose diff --git a/swarm/configure-tls.md b/swarm/configure-tls.md index f63a93f1cb..eb18596ade 100644 --- a/swarm/configure-tls.md +++ b/swarm/configure-tls.md @@ -262,8 +262,8 @@ In this step, you install the keys on the relevant servers in the infrastructure. Each server needs three files: - A copy of the Certificate Authority's public key (`ca.pem`) -- It's own private key -- It's own public key (cert) +- Its own private key +- Its own public key (cert) The procedure below shows you how to copy these files from the CA server to each server using `scp`. As part of the copy procedure, rename each file as diff --git a/swarm/swarm_at_scale/deploy-infra.md b/swarm/swarm_at_scale/deploy-infra.md index 80215010fe..e2bd33b890 100644 --- a/swarm/swarm_at_scale/deploy-infra.md +++ b/swarm/swarm_at_scale/deploy-infra.md @@ -242,7 +242,7 @@ in Step 4. -D run -c /etc/config.toml ``` - This command relies on the `config.toml` file being in the current directory. After running the command, confirm the image is runing: + This command relies on the `config.toml` file being in the current directory. After running the command, confirm the image is running: ```bash $ docker ps @@ -250,7 +250,7 @@ in Step 4. d846b801a978 ehazlett/interlock:1.0.1 "/bin/interlock -D ru" 2 minutes ago Up 2 minutes 0.0.0.0:32770->8080/tcp interlock ``` - If you don't see the image runing, use `docker ps -a` to list all images to make sure the system attempted to start the image. Then, get the logs to see why the container failed to start. + If you don't see the image running, use `docker ps -a` to list all images to make sure the system attempted to start the image. Then, get the logs to see why the container failed to start. ```bash $ docker logs interlock diff --git a/test.md b/test.md index 7953af37a9..846b4c4b69 100644 --- a/test.md +++ b/test.md @@ -126,7 +126,7 @@ https://github.com/docker/docker.github.io/tree/master/docker-cloud/images #### Using a custom target ID This topic has a custom target ID above its heading that can be used to link to -it, in addtion to, or instead of, the default concatenated heading style. The +it, in addition to, or instead of, the default concatenated heading style. The format of this ID is `{: id="custom-target-id"}`. You can use custom targets to link to headings or even paragraphs. You link to @@ -667,7 +667,7 @@ we use often. ### Raw, no highlighting -The raw markup is needed to keep Liquid from interperting the things with double +The raw markup is needed to keep Liquid from interpreting the things with double braces as templating language. {% raw %} diff --git a/tests/src/validator/frontmatter_test.go b/tests/src/validator/frontmatter_test.go index 4360c5446e..5f9ea93d7e 100644 --- a/tests/src/validator/frontmatter_test.go +++ b/tests/src/validator/frontmatter_test.go @@ -65,7 +65,7 @@ func TestFrontMatterKeywords(t *testing.T) { }) } -// testFrontMatterKeywords tests if if keywords are present and correctly +// testFrontMatterKeywords tests if keywords are present and correctly // formatted in given markdown file bytes func testFrontMatterKeywords(mdBytes []byte) error { fm, _, err := frontparser.ParseFrontmatterAndContent(mdBytes)