diff --git a/.gitignore b/.gitignore index 366c6d8a5a..010dcf6657 100644 --- a/.gitignore +++ b/.gitignore @@ -6,5 +6,4 @@ _site/** .sass-cache/** CNAME Gemfile.lock -_samples/library/** _kbase/** diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 89d5f282ea..e3bda7862a 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -30,7 +30,7 @@ you give it a try! ### Overall doc improvements -Most commits will be made against the `master` branch. This include: +Most commits will be made against the `master` branch. This includes: - Conceptual and task-based information not specific to new features - Restructuring / rewriting diff --git a/Dockerfile b/Dockerfile index f91e3545d8..07e4dec0e3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -64,15 +64,6 @@ COPY --from=docs/docker.github.io:v17.12 ${TARGET} ${TARGET} COPY --from=docs/docker.github.io:v18.03 ${TARGET} ${TARGET} COPY --from=docs/docker.github.io:v18.09 ${TARGET} ${TARGET} -# Fetch library samples (documentation from official images on Docker Hub) -# Only add the files that are needed to build these reference docs, so that -# these docs are only rebuilt if changes were made to the configuration. -# @todo find a way to build HTML in this stage, and still have them included in the navigation tree -FROM builderbase AS library-samples -COPY ./_scripts/fetch-library-samples.sh ./_scripts/ -COPY ./_samples/boilerplate.txt ./_samples/ -RUN bash ./_scripts/fetch-library-samples.sh - # Fetch upstream resources (reference documentation) # Only add the files that are needed to build these reference docs, so that # these docs are only rebuilt if changes were made to the configuration. @@ -86,7 +77,6 @@ RUN bash ./_scripts/fetch-upstream-resources.sh . # Build the current docs from the checked out branch FROM builderbase AS current COPY . . -COPY --from=library-samples /usr/src/app/md_source/. ./ COPY --from=upstream-resources /usr/src/app/md_source/. ./ # Build the static HTML, now that everything is in place diff --git a/Jenkinsfile b/Jenkinsfile index 0f6897f2f0..a3e6e51836 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -110,7 +110,7 @@ pipeline { post { unsuccessful { sh """ - curl -X POST -H 'Content-type: application/json' --data '{"text":"Error in docker.github.io:published build. Please contact the Customer Success Engineering team for help."}' $SLACK + curl -X POST -H 'Content-type: application/json' --data '{"text":"Error in Jenkins build. Please contact the Customer Success Engineering team for help."}' $SLACK """ } } diff --git a/_config.yml b/_config.yml index 77b4854621..3d6a28ef9f 100644 --- a/_config.yml +++ b/_config.yml @@ -111,7 +111,7 @@ defaults: - scope: path: "install" values: - win_latest_build: "docker-19.03.2" + win_latest_build: "docker-19.03.3" - scope: path: "datacenter" values: @@ -125,7 +125,7 @@ defaults: dtr_org: "docker" dtr_repo: "dtr" ucp_version: "3.2.1" - dtr_version: "2.7.2" + dtr_version: "2.7.3" # Previous DTR Releases - scope: path: "datacenter/dtr/2.6" @@ -133,7 +133,7 @@ defaults: hide_from_sitemap: true dtr_org: "docker" dtr_repo: "dtr" - dtr_version: "2.6.9" + dtr_version: "2.6.10" - scope: path: "datacenter/dtr/2.5" values: @@ -178,21 +178,21 @@ defaults: hide_from_sitemap: true ucp_org: "docker" ucp_repo: "ucp" - ucp_version: "3.1.10" + ucp_version: "3.1.11" - scope: path: "datacenter/ucp/3.0" values: hide_from_sitemap: true ucp_org: "docker" ucp_repo: "ucp" - ucp_version: "3.0.14" + ucp_version: "3.0.15" - scope: path: "datacenter/ucp/2.2" values: hide_from_sitemap: true ucp_org: "docker" ucp_repo: "ucp" - ucp_version: "2.2.21" + ucp_version: "2.2.22" - scope: path: "datacenter/ucp/2.1" values: diff --git a/_data/ddc_offline_files_2.yaml b/_data/ddc_offline_files_2.yaml index a025a83786..8e05f7748d 100644 --- a/_data/ddc_offline_files_2.yaml +++ b/_data/ddc_offline_files_2.yaml @@ -21,6 +21,14 @@ - product: "ucp" version: "3.1" tar-files: + - description: "3.1.11 Linux" + url: https://packages.docker.com/caas/ucp_images_3.1.11.tar.gz + - description: "3.1.11 Windows Server 2016 LTSC" + url: https://packages.docker.com/caas/ucp_images_win_2016_3.1.11.tar.gz + - description: "3.1.11 Windows Server 1803" + url: https://packages.docker.com/caas/ucp_images_win_1803_3.1.11.tar.gz + - description: "3.1.11 Windows Server 2019 LTSC" + url: https://packages.docker.com/caas/ucp_images_win_2019_3.1.11.tar.gz - description: "3.1.10 Linux" url: https://packages.docker.com/caas/ucp_images_3.1.10.tar.gz - description: "3.1.10 Windows Server 2016 LTSC" @@ -122,6 +130,14 @@ - product: "ucp" version: "3.0" tar-files: + - description: "3.0.15 Linux" + url: https://packages.docker.com/caas/ucp_images_3.0.15.tar.gz + - description: "3.0.15 IBM Z" + url: https://packages.docker.com/caas/ucp_images_s390x_3.0.15.tar.gz + - description: "3.0.15 Windows Server 2016 LTSC" + url: https://packages.docker.com/caas/ucp_images_win_2016_3.0.15.tar.gz + - description: "3.0.15 Windows Server 1803" + url: https://packages.docker.com/caas/ucp_images_win_1803_3.0.15.tar.gz - description: "3.0.14 Linux" url: https://packages.docker.com/caas/ucp_images_3.0.14.tar.gz - description: "3.0.14 IBM Z" @@ -249,6 +265,12 @@ - product: "ucp" version: "2.2" tar-files: + - description: "2.2.22 Linux" + url: https://packages.docker.com/caas/ucp_images_2.2.22.tar.gz + - description: "2.2.22 IBM Z" + url: https://packages.docker.com/caas/ucp_images_s390x_2.2.22.tar.gz + - description: "2.2.22 Windows" + url: https://packages.docker.com/caas/ucp_images_win_2.2.22.tar.gz - description: "2.2.21 Linux" url: https://packages.docker.com/caas/ucp_images_2.2.21.tar.gz - description: "2.2.21 IBM Z" @@ -372,6 +394,8 @@ - product: "dtr" version: "2.7" tar-files: + - description: "DTR 2.7.3 Linux x86" + url: https://packages.docker.com/caas/dtr_images_2.7.3.tar.gz - description: "DTR 2.7.2 Linux x86" url: https://packages.docker.com/caas/dtr_images_2.7.2.tar.gz - description: "DTR 2.7.1 Linux x86" @@ -381,6 +405,8 @@ - product: "dtr" version: "2.6" tar-files: + - description: "DTR 2.6.10 Linux x86" + url: https://packages.docker.com/caas/dtr_images_2.6.10.tar.gz - description: "DTR 2.6.9 Linux x86" url: https://packages.docker.com/caas/dtr_images_2.6.9.tar.gz - description: "DTR 2.6.8 Linux x86" diff --git a/_data/glossary.yaml b/_data/glossary.yaml index 2ab21dae3a..404890beda 100644 --- a/_data/glossary.yaml +++ b/_data/glossary.yaml @@ -218,8 +218,8 @@ overlay storage driver: | It is supported by the Docker daemon as a storage driver. parent image: | An image's **parent image** is the image designated in the `FROM` directive - in the image's Dockerfile. All subsequent commands are applied to this parent - image. A Dockerfile with no `FROM` directive has no parent image, and is called + in the image's Dockerfile. All subsequent commands are based on this parent + image. A Dockerfile with the `FROM scratch` directive has no parent image, and is called a **base image**. persistent storage: | Persistent storage or volume storage provides a way for a user to add a persistent layer to the running container's file system. This persistent layer could live on the container host or an external device. The lifecycle of this persistent layer is not connected to the lifecycle of the container, allowing a user to retain state. diff --git a/_data/toc.yaml b/_data/toc.yaml index 5363352dbd..7654c98d0c 100644 --- a/_data/toc.yaml +++ b/_data/toc.yaml @@ -127,20 +127,18 @@ guides: title: FAQ - sectiontitle: Get started section: - - sectiontitle: Get started with Docker + - sectiontitle: Quickstart section: - - title: "Part 1: Orientation" + - title: "Part 1: Orientation and setup" path: /get-started/ - - title: "Part 2: Containers" + - title: "Part 2: Containerizing an Application" path: /get-started/part2/ - - title: "Part 3: Services" + - title: "Part 3: Deploying to Kubernetes" path: /get-started/part3/ - - title: "Part 4: Swarms" + - title: "Part 4: Deploying to Swarm" path: /get-started/part4/ - - title: "Part 5: Stacks" + - title: "Part 5: Sharing Images on Docker Hub" path: /get-started/part5/ - - title: "Part 6: Deploy your app" - path: /get-started/part6/ - path: /engine/docker-overview/ title: Docker overview - sectiontitle: Develop with Docker @@ -1257,9 +1255,6 @@ reference: samples: - path: /samples/#tutorial-labs title: Tutorial labs -- sectiontitle: Library references - section: - - generateTOC: library - sectiontitle: Sample applications section: - path: /samples/ @@ -1282,6 +1277,8 @@ samples: title: Riak - path: /engine/examples/running_ssh_service/ title: SSHd +- path: /samples/#library-references + title: Library references manuals: - sectiontitle: Docker Enterprise @@ -1445,9 +1442,9 @@ manuals: - path: /ee/ucp/authorization/pull-images/ title: Allow users to pull images - path: /ee/ucp/authorization/ee-standard/ - title: Docker Enterprise Standard use case + title: Access control design - path: /ee/ucp/authorization/ee-advanced/ - title: Docker Enterprise Advanced use case + title: Access control design using additional security requirements - sectiontitle: Access UCP section: - path: /ee/ucp/user-access/ @@ -1513,7 +1510,7 @@ manuals: - title: Specifying a routing mode path: /ee/ucp/interlock/usage/interlock-vip-mode/ - title: Using routing labels - path: /ee/ucp/interlock/usage/labels-reference.md/ + path: /ee/ucp/interlock/usage/labels-reference/ - title: Implementing redirects path: /ee/ucp/interlock/usage/redirects/ - title: Implementing a service cluster @@ -1560,7 +1557,7 @@ manuals: path: /ee/ucp/kubernetes/cluster-ingress/ - title: Install Ingress path: /ee/ucp/kubernetes/cluster-ingress/install/ - - title: Deploy Simple Application + - title: Deploy a Sample Application path: /ee/ucp/kubernetes/cluster-ingress/ingress/ - title: Deploy a Canary Deployment path: /ee/ucp/kubernetes/cluster-ingress/canary/ @@ -2601,9 +2598,9 @@ manuals: - path: /ee/dtr/admin/configure/use-your-own-tls-certificates/ title: Use your own TLS certificates - path: /ee/dtr/admin/configure/enable-single-sign-on/ - title: Disable persistent cookies - - path: /ee/dtr/admin/configure/disable-persistent-cookies/ title: Enable single sign-on + - path: /ee/dtr/admin/configure/disable-persistent-cookies/ + title: Disable persistent cookies - sectiontitle: External storage section: - path: /ee/dtr/admin/configure/external-storage/ @@ -3994,6 +3991,10 @@ manuals: section: - path: /docker-hub/ title: Quickstart + - sectiontitle: Security and Authentication + section: + - path: /docker-hub/access-tokens/ + title: Managing Access Tokens - path: /docker-hub/release-notes/ title: Release notes - path: /docker-hub/repos/ @@ -4038,6 +4039,8 @@ manuals: title: Trust Chain - path: /docker-hub/publish/byol/ title: Bring Your Own License (BYOL) + - path: /docker-hub/deactivate-account/ + title: Deactivate an account or an organization - sectiontitle: Open-source projects section: - sectiontitle: Docker Notary diff --git a/_includes/cli.md b/_includes/cli.md index 8f74ccc1e8..358442337c 100644 --- a/_includes/cli.md +++ b/_includes/cli.md @@ -45,15 +45,15 @@ your client and daemon API versions. {% if site.data[include.datafolder][include.datafile].experimentalcli %} -> This command is experimental. +> This command is experimental on the Docker client. +> +> **It should not be used in production environments.** > -> This command is experimental on the Docker client. It should not be used in -> production environments. > To enable experimental features in the Docker CLI, edit the > [config.json](/engine/reference/commandline/cli.md#configuration-files) -> and set `experimental` to `enabled`. -> -> {% include experimental.md %} +> and set `experimental` to `enabled`. You can go [here](https://docs.docker.com/engine/reference/commandline/cli/#experimental-features) +> for more information. +{: .important } {% endif %} diff --git a/_includes/generateTOC.html b/_includes/generateTOC.html deleted file mode 100644 index d4db0fe9eb..0000000000 --- a/_includes/generateTOC.html +++ /dev/null @@ -1,3 +0,0 @@ -{% if include.tocToGenerate=="library"%}{% for thisPage in site.samples %} -
  • {{ thisPage.title }}
    • -{% endfor %}{% endif %} diff --git a/_includes/global-header.html b/_includes/global-header.html index b6aaf94384..5907915958 100644 --- a/_includes/global-header.html +++ b/_includes/global-header.html @@ -9,29 +9,27 @@
    '); - } else if (tree[j].generateTOC) { - // auto-generate a TOC from a collection - walkTree(collectionsTOC[tree[j].generateTOC]) } else { // just a regular old topic; this is a leaf, not a branch; render a link! outputLetNav.push('
  • backup.tar ``` @@ -40,13 +43,47 @@ Note: docker run --mount type=bind,src=/home/user/backup:/backup docker/ucp --file /backup/backup.tar ``` +### SELinux + +If you are installing UCP on a manager node with SELinunx enabled at the daemon +and operating system level, you will need to pass `--security-opt +label=disable` in to your install command. This flag will disable SELinux +policies on the installation container. The UCP installation container mounts +and configures the Docker Socket as part of the UCP installation container, +therefore the UCP installation will fail with a permission denied error if you +fail to pass in this flag. + +``` +FATA[0000] unable to get valid Docker client: unable to ping Docker daemon: Got +permission denied while trying to connect to the Docker daemon socket at +unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/_ping: dial +unix /var/run/docker.sock: connect: permission denied - If SELinux is enabled +on the Docker daemon, make sure you run UCP with "docker run --security-opt +label=disable -v /var/run/docker.sock:/var/run/docker.sock ..." +``` + +An installation command for a system with SELinux enabled at the daemon level +would be: + +```bash +docker container run \ + --rm \ + --interactive \ + --name ucp \ + --security-opt label=disable \ + --volume /var/run/docker.sock:/var/run/docker.sock \ + docker/ucp \ + backup [command options] > backup.tar +``` + ## Options -| Option | Description | -|:-----------------------|:------------------------------------------------------------------------------| -| `--debug, -D` | Enable debug mode | -| `--file *value*` | Name of the file to write the backup contents to. Ignored in interactive mode | -| `--jsonlog` | Produce json formatted output for easier parsing | -| `--interactive, -i` | Run in interactive mode and prompt for configuration values | -| `--no-passphrase` | Opt out to encrypt the tar file with a passphrase (not recommended) | -| `--passphrase` *value* | Encrypt the tar file with a passphrase | +| Option | Description | +|:-----------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `--debug, -D` | Enable debug mode | +| `--file *value*` | Name of the file to write the backup contents to. Ignored in interactive mode | +| `--jsonlog` | Produce json formatted output for easier parsing | +| `--include-logs` | Only relevant if `--file` is also included. If true, an encrypted `backup.log` file will be stored alongside the `backup.tar` in the mounted directory. Default is `true`. | +| `--interactive, -i` | Run in interactive mode and prompt for configuration values | +| `--no-passphrase` | Opt out to encrypt the tar file with a passphrase (not recommended) | +| `--passphrase` *value* | Encrypt the tar file with a passphrase | diff --git a/reference/ucp/3.2/cli/install.md b/reference/ucp/3.2/cli/install.md index ffca866e58..1cb22955b6 100644 --- a/reference/ucp/3.2/cli/install.md +++ b/reference/ucp/3.2/cli/install.md @@ -76,9 +76,9 @@ docker container run \ If you are installing on a public cloud platform there is cloud specific UCP installation documentation: -- For [Microsoft Azure](./cloudproviders/install-on-azure/) this is +- For [Microsoft Azure](/ee/ucp/admin/install/cloudproviders/install-on-azure/) this is **mandatory** -- For [AWS](./cloudproviders/install-on-aws/) this is optional. +- For [AWS](/ee/ucp/admin/install/cloudproviders/install-on-aws/) this is optional. ## Options diff --git a/reference/ucp/3.2/cli/restore.md b/reference/ucp/3.2/cli/restore.md index 6d4f440fe7..731506c0fa 100644 --- a/reference/ucp/3.2/cli/restore.md +++ b/reference/ucp/3.2/cli/restore.md @@ -68,5 +68,5 @@ Notes: | `--host-address` *value* | The network address to advertise to other nodes. Format: IP address or network interface name | | `--passphrase` *value* | Decrypt the backup tar file with the provided passphrase | | `--san` *value* | Add subject alternative names to certificates (e.g. --san www1.acme.com --san www2.acme.com) | -| `--swarm-grpc-port *value* | Port for communication between nodes (default: 2377) | +| `--swarm-grpc-port` *value* | Port for communication between nodes (default: 2377) | | `--unlock-key` *value* | The unlock key for this swarm-mode cluster, if one exists. | diff --git a/reference/ucp/3.2/cli/upgrade.md b/reference/ucp/3.2/cli/upgrade.md index 115eee6ed1..4fcacb0a32 100644 --- a/reference/ucp/3.2/cli/upgrade.md +++ b/reference/ucp/3.2/cli/upgrade.md @@ -39,7 +39,7 @@ healthy and that all nodes have been upgraded successfully. | `--force-minimums` | Force the install/upgrade even if the system does not meet the minimum requirements | | `--host-address` *value* | Override the previously configured host address with this IP or network interface | | `--id` | The ID of the UCP instance to upgrade | -| --manual-worker-upgrade | Whether to manually upgrade worker nodes. Defaults to false | +| `--manual-worker-upgrade` | Whether to manually upgrade worker nodes. Defaults to false | | `--pull` | Pull UCP images: `always`, when `missing`, or `never` | | `--registry-password` *value* | Password to use when pulling images | | `--registry-username` *value* | Username to use when pulling images | diff --git a/samples/index.md b/samples/index.md index 37f9044ad7..5749c4602d 100644 --- a/samples/index.md +++ b/samples/index.md @@ -23,27 +23,27 @@ repository]({{ labsbase }}). | [Docker Security]({{ labsbase }}/security/README.md){: target="_blank"} | How to take advantage of Docker security features. | | [Building a 12-factor application with Docker]({{ labsbase}}/12factor){: target="_blank"} | Use Docker to create an app that conforms to Heroku's "12 factors for cloud-native applications." | -## Library references - -The following table provides a list of popular official Docker images. For detailed documentation, select the specific image name. - -| Image name | Description | -| ---------- | ----------- | -{% for page in site.samples %}| [{{ page.title }}](https://hub.docker.com/_/{{ page.title }}) | {{ page.description | strip }} | -{% endfor %} - ## Sample applications Run popular software using Docker. | Sample | Description | | ------ | ----------- | -| [apt-cacher-ng](/engine/examples/apt-cacher-ng) | Run a Dockerized apt-cacher-ng instance. | -| [.Net Core application](/engine/examples/dotnetcore) | Run a Dockerized ASP.NET Core application. | -| [ASP.NET Core + SQL Server on Linux](/compose/aspnet-mssql-compose) | Run a Dockerized ASP.NET Core + SQL Server environment. | -| [CouchDB](/engine/examples/couchdb_data_volumes) | Run a Dockerized CouchDB instance. | +| [apt-cacher-ng](/engine/examples/apt-cacher-ng/) | Run a Dockerized apt-cacher-ng instance. | +| [.Net Core application](/engine/examples/dotnetcore/) | Run a Dockerized ASP.NET Core application. | +| [ASP.NET Core + SQL Server on Linux](/compose/aspnet-mssql-compose/) | Run a Dockerized ASP.NET Core + SQL Server environment. | +| [CouchDB](/engine/examples/couchdb_data_volumes/) | Run a Dockerized CouchDB instance. | | [Django + PostgreSQL](/compose/django/) | Run a Dockerized Django + PostgreSQL environment. | -| [PostgreSQL](/engine/examples/postgresql_service) | Run a Dockerized PostgreSQL instance. | +| [PostgreSQL](/engine/examples/postgresql_service/) | Run a Dockerized PostgreSQL instance. | | [Rails + PostgreSQL](/compose/rails/) | Run a Dockerized Rails + PostgreSQL environment. | -| [Riak](/engine/examples/running_riak_service) | Run a Dockerized Riak instance. | -| [SSHd](/engine/examples/running_ssh_service) | Run a Dockerized SSHd instance. | +| [Riak](/engine/examples/running_riak_service/) | Run a Dockerized Riak instance. | +| [SSHd](/engine/examples/running_ssh_service/) | Run a Dockerized SSHd instance. | + +## Library references + +The following table provides a list of popular official Docker images. For detailed documentation, select the specific image name. + +| Image name | Description | +| ---------- | ----------- | +{% for page in site.samples %}| [{{ page.title }}](https://hub.docker.com/_/{{ page.title }}){: target="_blank"} | {{ page.description | strip }} | +{% endfor %} diff --git a/storage/storagedriver/device-mapper-driver.md b/storage/storagedriver/device-mapper-driver.md index 2edf5c832b..c69c78861c 100644 --- a/storage/storagedriver/device-mapper-driver.md +++ b/storage/storagedriver/device-mapper-driver.md @@ -687,7 +687,7 @@ the Devicemapper configuration itself and about each image and container layer that exist. The `devicemapper` storage driver uses snapshots, and this metadata include information about those snapshots. These files are in JSON format. -The `/var/lib/devicemapper/mnt/` directory contains a mount point for each image +The `/var/lib/docker/devicemapper/mnt/` directory contains a mount point for each image and container layer that exists. Image layer mount points are empty, but a container's mount point shows the container's filesystem as it appears from within the container. diff --git a/storage/tmpfs.md b/storage/tmpfs.md index a7ffe16b90..d104f9ef6b 100644 --- a/storage/tmpfs.md +++ b/storage/tmpfs.md @@ -50,7 +50,7 @@ the `--mount` flag was used for swarm services. However, starting with Docker is mounted in the container. May be specified as `destination`, `dst`, or `target`. - The `tmpfs-type` and `tmpfs-mode` options. See - [tmpfs options](#tmpfs-options). + [tmpfs options](#specify-tmpfs-options). The examples below show both the `--mount` and `--tmpfs` syntax where possible, and `--mount` is presented first.