Added .md files for SLES and RHEL engine installation. Added indexing to _data/toc.yaml and engine/install/index.md. Modified engine/install/index.md, includes/install-script.md, engine/security/rootless.md, storage/storagedriver/device-mapper-driver.md, and storage/storagedriver/select-storage-driver.md to add info for added RHEL and SLES support. Modified engine/install/ubuntu.md to add s390x repos and other info. Added tab target for RHEL and SLES to engine/security/rootless.md along with other info.
Signed-off-by: Nirman Narang <narang@us.ibm.com>
NFS mounts are not currently supported for rootless data-root so there should probably be a note about it so no one gets confused when it doesn't work.
Errors for running rootless containers when your data-root is an NFS mount look like:
```
docker: failed to register layer: ApplyLayer exit status 1 stdout: stderr: open /root/.bash_logout: permission denied.
```
- lowercase "arm" architectures
- swap arm / arm64 columns (as arm 32-bit is only for a single distro)
- remove raspbian arm64 Raspbian is 32 bit, and we don't ship packages
for raspbian arm64
- add (32-bit) mention to arm column
- add "Apple Silicon" to the Docker Desktop table for completeness
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* Workaround for outdated slirp4netns on debian
I had issue on debian 11 where the package on the
main apt repositories was too old. This provides workaround, by
adding the testing repos to sources list then upgrading slirp4netns
* pr review
- add console tag
- add newline before console code block
- remove the installation instructions to `slirp4netns` and link to the releases page, which will have it anyway.
* pr review
- add in suggested comment about vpnkit
The correct name is `com.docker.network.container_iface_prefix`, but
the changelog accidentally used `interface` instead of `iface`, because
the libnetwork pull request used that as a title.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* Added instructions on how to deal with MacOS security measures
Mac OS prevents downloaded files to be executed.
Added the description how to allow it again.
* Minor style updates
Co-authored-by: Usha Mandya <47779042+usha-mandya@users.noreply.github.com>
This moves some of the stubs that were still in place for docker enterprise,
and moves the redirects they contained to more sensible locations where possible,
also making these redirect slightly more "visible" for when we're editing.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* Change the repository link to open an issue on docker scan plugin
Signed-off-by: Guillaume Lours <guillaume.lours@docker.com>
* Remove the statement on trials
Co-authored-by: Usha Mandya <47779042+usha-mandya@users.noreply.github.com>
BuildKit allows using alternative Dockerfile syntaxes to introduce new features
without having to update Docker itself. The general recommendation is to always
specify a "syntax" directive in a Dockerfile, so that (if needed) older versions
of Docker can download the correct syntax to build the Dockerfile.
This updates our examples to include a syntax directive, to make users more familiar
with these directives, and to illustrate best-pracitces in our documentation.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- btrfs is now supported (moby/moby PR 42253)
- CLI context "rootless" is now created by default (moby/moby PR 42109)
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
these commands are hidden in the cli, but functional, and mentioned
in the "working with buildx" introduction.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* Added important disambiguation to swarm mode
This really needs to be added, I had no idea people gave up on docker/swarm because of a misunderstanding, but it's common enough we need to clarify it.
From Docker's public #swarm slack channel:
```
andrew grosser 4:45 PM
Hey @channel I am about to give a talk in San Francisco to a bunch of devops experts about swarm using my ingress and reverse proxy controller https://github.com/sfproductlabs/roo and one of the organizers said swarm was deprecated, is that so? It's so much easier than kubernetes, I can't imagine losing it.
sfproductlabs/roo
A zero config distributed edge-router & reverse-proxy (supporting multiple letsencrypt/https hosts). No dependencies.
Stars
40
Language
Go
<https://github.com/sfproductlabs/roo|sfproductlabs/roo>sfproductlabs/roo | Apr 9th | Added by GitHub
4:46
Is there something we don't know?
james_wells 4:48 PM
As of the most recent official Docker release, no Swarm is still officially part of Docker... They merely added native support for Kubernetes
andrew grosser 4:49 PM
🙏 Phew, is there an EOL?
4:49
Thanks @james_wells
4:50
I think they going to get the grenade launchers out if I can't answer these questions
james_wells 4:51 PM
Now that is a good question and my guess is that no, there is no plan to remove it, at least before Docker 3.
andrew grosser 4:52 PM
Amazing thx, I have a system that is a startups dream and is personally saving me more than 10x using swarm, so praying it stays
bmitch:docker: 4:53 PM
Classic container deployed swarm is deprecated (I believe). Swarm mode that's integrated into the engine is still being developed by Mirantis with no EOL set.
4:53
So if someone says swarm is deprecated, make sure to ask "which swarm" they are referring to.
andrew grosser 4:54 PM
Ok thanks @bmitch
4:54
Think that's a brand thing we'll need to help change
james_wells 4:56 PM
@bmitch I am not sure I understand what you are sayin there. Could you please explain the differences
bmitch:docker: 4:56 PM
See the disambiguation section: https://hub.docker.com/r/dockerswarm/swarm
james_wells 4:57 PM
Excellent. Thank you sir
andrew grosser 5:02 PM
Thanks
bmitch:docker: 5:02 PM
See also this link where they are getting ready to archive the standalone swarm, aka classic swarm. https://github.com/docker/classicswarm/issues/2985#issuecomment-640486361
justincormackjustincormack
Comment on #2985 Why have all issues been closed?
The vast majority of issues were from 5 years ago when it was being actively developed, and the recent ones were all mistakes for swarmkit, other than some issues I resolved. Many were issues in components or Moby or other software and may be resolved. It is GitHubs (reasonable) recommendation that you close issues and PRs before archiving a repository so that people know they are not being worked on, and I was also looking to see if anyone came forward to say that they were still working on things or, indeed, actively using Swarm Classic.
<https://github.com/docker/classicswarm|docker/classicswarm>docker/classicswarm | Jun 8th | Added by GitHub
james_wells 5:08 PM
That is really unfortunate... Kubernetes is simply too expensive IMNSHO, Swarm is nice and lightweight.
andrew grosser 5:08 PM
Both the different swarms point to the same point in the documentation in the disambiguation @bmitch
bmitch:docker: 5:09 PM
Swarm mode, aka swarmkit is alive and well.
andrew grosser 5:10 PM
Whoa I can see why they were confused
bmitch:docker: 5:10 PM
If you type docker swarm init you are not running classic swarm
andrew grosser 5:11 PM
Can someone inside docker add this to the swarm docs page? I think it's important
5:12
I think something talking about 2014 was EOLd but this is still current and alive would help.
bmitch:docker: 5:12 PM
Docker themselves isn't maintaining it, that team went to Mirantis, so someone over there would need to submit the PR
andrew grosser 5:12 PM
OK, could I?
bmitch:docker: 5:13 PM
Docs are in GitHub
andrew grosser 5:13 PM
Thanks
```
* Minor edit to the wording to clarify the diff
* Minor update
Co-authored-by: Usha Mandya <47779042+usha-mandya@users.noreply.github.com>
Certain installations may not have this. Without this, the step
where `/etc/apt/sources.list.d/docker.list` will fail and write
garbled data to the file, potentially breaking apt.
Co-Authored-By: Andrew Kester <akester@cox.net>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This tones down the prompt and command output, so that the commands
to run stand out more clearly.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Looks like the Debian version was updated during review, but the Ubuntu variant
was forgotten in 760bb64ea3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* Offering an alternative to apt-key (deprecated)
[Use trusted.gpg.d instead of apt-key · Issue #11625 · docker/docker.github.io](https://github.com/docker/docker.github.io/issues/11625)
As of Debian 10 / Ubuntu 20.10, apt-key is deprecated and will not be available after Debian 11 / Ubuntu 22.04
Although adding keys directly to `/etc/apt/trusted.gpg.d`/ is suggested by apt-key deprecation message, as per [Debian Wiki](https://wiki.debian.org/DebianRepository/UseThirdParty) GPG keys for third party repositories should be added to `/usr/share/keyrings` and referenced with the `signed-by` option in the source.list.d entry.
Providing a binary .gpg key instead of an ASCII Armored one might help shorten the lengthy command by removing the ` | gpg --dearmor ` bit.
This removes the software-properties-common provides add-apt-repository which we don't use anymore
= _includes/install-script.md, engine/install/linux-postinstall.md =
- Remove "Rootless mode is currently available as an experimental feature."
Close issue 12050
= engine/security/rootless.md =
== "Prerequiresites" section ==
- Remove information about old distros (Debian 9, CentOS 7.5-7.6)
== "Distribution-specific hint" section ==
- Tabified (`<div class="tab-content" />`)
== "Known limitations" section ==
- Kernel 5.11 supports rootless overlayfs, without the Ubuntu/Debian patch.
== "Install" section ==
- Promote RPM/DEB installation over TGZ installation.
See docker/roadmap issue 188
== "Uninstall" section ==
- Add "Uninstall" section.
Close issue 12053
== "Usage" section ==
- Added more information about systemd
- Move `nsenter` tips to "Tips for debugging" subsection under "Troubleshooting" section
== "Best practice" section ==
- Remove guide for `lxc-user-nic` network driver due to immaturity.
Will be brought back in future.
See rootless-containers/rootlesskit issue 138 .
== "Troubleshooting" section ==
- Add a guide for "can't open lock file /run/xtables.lock: Permission denied" (SELinux).
See moby/moby issue 41230
- Add a guide for "failed to register layer: ApplyLayer exit status 1 ..." (NFS).
Close docker/for-linux issue 1172
- Improve guides for slirp4netns.
- Remove v19.03 information (e.g., "cgroup v2 is unsupported, use cgroup v1")
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Previously, the `ssh://` helper was only mentioned in `engine/security/index.md`.
The `ssh://` helper is now documented in "Protect the Docker daemon socket"
(`engine/security/protect-access.md`, nee `engine/security/https.md`).
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
The documentation curently doesn't contain reference docs for the
unified (version-less) compose-file syntax, so for now replacing
all links to point to the v3 compose-file reference, which is still
present.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* Update dotnetcore.md
Adding an example for .Net Core docker files as consumed by build agents and recommended by Microsoft best practices.
* Update engine/examples/dotnetcore.md
Co-authored-by: Guillaume Tardif <guillaume.tardif@gmail.com>
* Format updates
* Update dotnetcore.md
Co-authored-by: Guillaume Tardif <guillaume.tardif@gmail.com>
Co-authored-by: Usha Mandya <47779042+usha-mandya@users.noreply.github.com>
* Some more details and links
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
* Minor edits
Co-authored-by: Usha Mandya <47779042+usha-mandya@users.noreply.github.com>
* Docker now supports cgroup v2 (both rootful and rootless)
* Rootless mode graduated from experimental
* New storage driver: fuse-overlayfs
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
The current instructions lead the user through creating a context and running a sample nginx container, but it never shows the user how to go about viewing it. I have added that.
The ssh example was really bad; it even leaks the root password as a plain text in the image :(
This commit removes the sshd example and discourage people to dockerize sshd.
The `running_ssh_service.md` page itself is not removed because there
are hyperlinks on the Internet to that page.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This allows deep-linking to specific sections. Also fixed the checks
in the support table to be left-aligned as they were supposed to be.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- The index pages were not in the redirect (they were not in the TOC,
but were published before, so could be indexed).
- Added "redirect_from" pages that were in the pages that were removed.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
See https://web.dev/external-anchors-use-rel-noopener/
Using noopener, as that addresses the security issue. "noreferer" blocks
the REFERER header, which may still be useful for some target URLs.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* Update ubuntu.md
After doing the 'apt-get rmove', I had to search to determine whether it was safe to remove /var/lib/docker, then found at the bottom of the page that it's OK to do so (if you don't have anything there you need).
Co-authored-by: Sebastiaan van Stijn <github@gone.nl>
Co-authored-by: Usha Mandya <47779042+usha-mandya@users.noreply.github.com>
Generated yaml files were temporarily updated manually (pending
pull request to be merged in the upstream docker/cli repository)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `ENV key value` form can be ambiguous, for example, the following defines
a single env-variable (`ONE`) with value `"TWO= THREE=world"`:
ENV ONE TWO= THREE=world
While we cannot deprecate/remove that syntax (as it would break existing
Dockerfiles), we should reduce exposure of the format in our examples.
Also updating some code-blocks that were missing language-hints
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
`docker secret` creates secrets in AWS Secrets Manager Service - not in AWS Systems Manager Parameter Store Service. Note the `arn:aws:secretsmanager:...` reference in the existing example.
* Configure existing security-groups by `external.name`
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
* Minor style updates
Co-authored-by: Usha Mandya <47779042+usha-mandya@users.noreply.github.com>
* Document ECS local simulation mode
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
* List "jocker" as SDK java implementation
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
* Style updates
Co-authored-by: Usha Mandya <47779042+usha-mandya@users.noreply.github.com>
* update ECS docs for beta.5
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
* ECS integration isn't a CLI plugin anymore
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
* Proofread updates
Made some minor style/edit updates and wrapped content
Co-authored-by: Usha Mandya <47779042+usha-mandya@users.noreply.github.com>
line 28 : modified the regexp to also match if the optional '#' caracter is present to comment the line, like it was by default on my Debian:9 official based image.
line 28 : modified the regexp by adding the 'g' end caracter, just for better readability for beginners like me.
line 31 : modified the order between option '-i' and the regexp argument, just for better readability for beginners like me.
When using the backward slash I think it will only use on Windows?
In my case I was on MacOS and the folders weren't ignored until I changed the slashes to be forward slash.
* Remove pinned version 0.1.4 from ACI integration install docs
* Style updates
Added `target=_blank` to ensure the GH page opens in a new tab
Co-authored-by: Usha Mandya <47779042+usha-mandya@users.noreply.github.com>
* Add a note to create a context in different subscription
* Minor style updates
Made a minor tweak to the style and wrapped the new note to 80 chars
Co-authored-by: Usha Mandya <47779042+usha-mandya@users.noreply.github.com>
Original: on line 18 we have `images, err := cli.ImageList(context.Background(), types.ImageListOptions{})` which gives us an error of:
```
# command-line-arguments
./main.go:12:2: ctx declared but not used
```
*Fix:* on line 18 we need to have `images, err := cli.ImageList(ctx, types.ImageListOptions{})`
* Add Ubuntu 20.04
* Remove Fedora 30 (EOL)
* `docker run --net=host` does not work in the most expected way
* Allow installation as the root
* Nightly channel
* `docker context create rootless`
* `DOCKER_HOST=ssh://...`
* Alternatives to cgroup flags (`docker run --cpus --memory --pids-limit`)
* A bunch of troubleshooting tips
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Fixed go example:
1) so that it actually compiles, and
2) so that you get to see the output `hello world` in visual studio code's console (`Tty: true,`).
The existing description leads the reader to believe that dropping CAP_SYS_PTRACE already blocks all ptraces. That is not true, it only blocks ptracing arbitrary processes. Ptracing child processes is still allowed.
This removes the placeholder in favor of a redirect to the first
product manual in the section, so that `/manuals/` redirects users
to a sensible location.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* Removed is from line 80
Removed is from line 80 as this is not required
* changed text to link at line 129
changed text to link at line 129 to make it easy for user to navigate
* changed the URL to link
changed the URL to link for easy navigation
* added these before flags in line 186
added these before flags in line 186
Co-Authored-By: Sebastiaan van Stijn <thaJeztah@users.noreply.github.com>
The docs refer to the `CURRENT STATE` column, which may not
be visible without scrolling, so tweaking the column-widths
a bit so that it better fits.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This is a follow-up to d4ead1b120,
which removed the datafile for `docker deploy`, but didn't remove
the stub or removed it from the TOC.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Move getting started overview to /get-started/overview/
- Move engine installation files under /engine/
- Redirect the top-level /install/ to /get-docker/
- Updated titles in left-hand navigation
- Added back some pages to the navigation that were
currently not included.
- Reduce some steps in the installation pages
- Move devicemapper prerequisites to the devicemapper
storage driver page.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* Fix incorrect links in compose section
there's a bug causing wrapped links to not work, and replacing
some links to point to the .md file, so that IDE's can check
if the anchors are valid. Also replaced some links to point
to their new location.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* engine/swarm: update links
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* Fix various broken links
There's a bug in the "jekyll-relative-links" plugin that causes wrapped links to not work.
Also replacing some links to point to the .md file, so that IDE's can check if the anchors
are valid. Finally, replaced some links to point to their new locations, so that users don't
get redirected..
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Edge releases were community only, and 18.06, 17.12, and 17.09
were not released as enterprise edition.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Now that the files are named `<api-version>.md`, we no longer need
to set a custom `api_version` property; instead we can use the filename
to detect what API version we're rendering.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The upstream (moby/moby) repository is unifying all API swagger files
to be in the release branch. With that change, it is no longer needed
to fetch each version of the API separately, and instead all versions
can be fetched at once.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Deploying stacks using the "Docker Application Bundle" (`.dab`) file
format was introduced as an experimental feature in Docker 1.13 /
17.03, but superseded by support for Docker Compose files in the CLI.
With no development being done on this feature, and no active use of the file
format, support for the DAB file format and the top-level `docker deploy` command
(hidden by default in 19.03), will be removed from the CLI, in favour of
`docker stack deploy` using compose files.
This patch removes documentation for the `docker-compose bundle` subcommand,
which was used to convert compose files into DAB files (and given the above,
will no longer be needed).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sebastiaan van Stijn
Sebastiaan van Stijn
Foster Snowhill
Nirman Narang
Usha Mandya
Thomas de Grenier de Latour
Akihiro Suda
Eli Uriegas
Jem Bishop
Usha Mandya
cc-wr
Andreas Scheucher
unknown
Metal
Matthias Scholz
Guillaume Lours
Visarut Phusua
Anca Iordache
Adrián Tóth
Tibor Vass
Tibor Vass
Jimmy
avivmu
Aaron Stults
Andrew Grosser
Andrew Kester
Nicolas De Loof
denis-roy
Akash Borad
Guillaume Tardif
Christian Clauss
fahed dorgaa
Bahadır YARDIM
Batuhan Apaydın
Paco Xu
avichalchum
Ben De St Paer-Gotch
zori
Chris Crone
Guillaume Tardif
Takuya Noguchi
Charlie Arehart
Fabian M
Rafał Wyszomirski
Rahul De
Florencio Cano
Tatsuya Sato
John Visosky
Silvin Lubecki
Maximillian Fan Xavier
Camilo Santana
Terry Smith
Sunny
Silvin Lubecki
Ryo Ota
Thomas Shaw
Karl-Johan Grahn
Aðalsteinn Rúnarsson
Joshua Powers
Frederic Hemberger
Takekazu Omi
Ali Akrour
Emad Alashi
Laurens Vanderhoven
Martin Joly
Sujay Pillai
Andre Almar
Paul
José Fernando Cordova
JD Cargile
Amal
Orlando Fernandes
Roberto O. Fernández Crisial
Dinakar Kulkarni
Chris Arthurs
Jan Kanis
Flavien Berwick
Sourabh Shirhatti
ajay143444
Ivan Cheban
Nihed Majdoub
Krzysztof Madej
m-aXimilian
Cristian Souza
Paweł Szczekutowicz
Matt B
scott-vsi
pcworld
LORIS INTERGALACTIQUE
ac27182
Marc Nimmerrichter
DocKor
ollypom
KoryKessel-Docker