this change improves the instructions for
swarm join-token and swarm init;
- only print the join-token command for workers
instead of for both managers and workers, to
prevent users from copying the wrong command.
An extra line is added to explain how to obtain
the manager token.
- print a message that a token was rotated
sucesfully if '--rotate' is used.
- add some extra white-space before / after
the join commands, to make copy/pasting
easier.
this change also does some refactoring of join-token;
- move flagname-constants together with other constants
- use variables for selected role ("worker" / "manager")
to prevent checking for them multiple times, and to
keep the "worker" / "manager" sting centralized
- add an extra blank line after "join-token" instructions
this makes it easier to copy, and cleans up the
code a tiny bit
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: ebebd4176940bc907ba4e8f5fbe62f6a050f8ed4
Component: engine
In `docker service create/update`, flag `--user` actually supports
`uid:gid` (same as `docker run`). However, this is not reflected
in the help and documentation yet.
This fix updates docs in `docker service create/update` to change
the description to `Username or UID (format: <name|uid>[:<group|gid>])`.
The help message output has also been updated.
This fix is related to 25304.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 80a3755a8f9eac577b65c3403bcbb23a120e6585
Component: engine
Specify that kernel memory updating limitation only applies
on kernel version older than 4.6.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Upstream-commit: 59069ba29a9a16c7679bed4cbf2e9d477363aa79
Component: engine
Rather than conflict with the unexposed task model, change the names of
the object-oriented task display to `docker <object> ps`. The command
works identically to `docker service tasks`. This change is superficial.
This provides a more sensical docker experience while not trampling on
the task model that may be introduced as a top-level command at a later
date.
The following is an example of the display using `docker service ps`
with a service named `condescending_cori`:
```
$ docker service ps condescending_cori
ID NAME SERVICE IMAGE LAST STATE DESIRED STATE NODE
e2cd9vqb62qjk38lw65uoffd2 condescending_cori.1 condescending_cori alpine Running 13 minutes ago Running 6c6d232a5d0e
```
The following shows the output for the node on which the command is
running:
```console
$ docker node ps self
ID NAME SERVICE IMAGE LAST STATE DESIRED STATE NODE
b1tpbi43k1ibevg2e94bmqo0s mad_kalam.1 mad_kalam apline Accepted 2 seconds ago Accepted 6c6d232a5d0e
e2cd9vqb62qjk38lw65uoffd2 condescending_cori.1 condescending_cori alpine Running 12 minutes ago Running 6c6d232a5d0e
4x609m5o0qyn0kgpzvf0ad8x5 furious_davinci.1 furious_davinci redis Running 32 minutes ago Running 6c6d232a5d0e
```
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Upstream-commit: 0aa4e1e68973ede0c73f8a4356e2a17fc903f549
Component: engine
Swarm mode makes it possible through the API to set labels to containers
but not through command line. This tries to fix it.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 4031d70d1be2f02e1c9d6f7738f2a816be7eeef2
Component: engine
Instead reserve exit code 2 to be future proof, document that it should
not be used. Implementation-wise, it is considered as unhealthy, but
users should not rely on this as it may change in the future.
Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: 91e9f3831330c63f8351b9fc3f7c31b3229505be
Component: engine
This changes the default behavior so that rolling updates will not
proceed once an updated task fails to start, or stops running during the
update. Users can use docker service inspect --pretty servicename to see
the update status, and if it pauses due to a failure, it will explain
that the update is paused, and show the task ID that caused it to pause.
It also shows the time since the update started.
A new --update-on-failure=(pause|continue) flag selects the
behavior. Pause means the update stops once a task fails, continue means
the old behavior of continuing the update anyway.
In the future this will be extended with additional behaviors like
automatic rollback, and flags controlling parameters like how many tasks
need to fail for the update to stop proceeding. This is a minimal
solution for 1.12.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 57ae29aa74e77ade3c91b1c77ba766512dae9ab4
Component: engine
Commit cc493a52a46271df82dbebea26038502b85788b9 added
a constraint to network connect/disconnect operations
on "Swarm scoped" networks.
This adds those errors to the API documentation. Also
changes the error to lowercase for consistency.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: b0089e48272f18d856ba147b393371c18d5683fb
Component: engine
Hostnames are not supported for now because libnetwork can't use them
for overlay networking yet.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: fca0b18dcba99a7fbb8b430a55dc7bf60d5c1356
Component: engine
There are currently problems with "swarm init" and "swarm join" when an
explicit --listen-addr flag is not provided. swarmkit defaults to
finding the IP address associated with the default route, and in cloud
setups this is often the wrong choice.
Introduce a notion of "advertised address", with the client flag
--advertise-addr, and the daemon flag --swarm-default-advertise-addr to
provide a default. The default listening address is now 0.0.0.0, but a
valid advertised address must be detected or specified.
If no explicit advertised address is specified, error out if there is
more than one usable candidate IP address on the system. This requires a
user to explicitly choose instead of letting swarmkit make the wrong
choice. For the purposes of this autodetection, we ignore certain
interfaces that are unlikely to be relevant (currently docker*).
The user is also required to choose a listen address on swarm init if
they specify an explicit advertise address that is a hostname or an IP
address that's not local to the system. This is a requirement for
overlay networking.
Also support specifying interface names to --listen-addr,
--advertise-addr, and the daemon flag --swarm-default-advertise-addr.
This will fail if the interface has multiple IP addresses (unless it has
a single IPv4 address and a single IPv6 address - then we resolve the
tie in favor of IPv4).
This change also exposes the node's externally-reachable address in
docker info, as requested by #24017.
Make corresponding API and CLI docs changes.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: a0ccd0d42fdb0dd2005f67604cb81a5a6b26787e
Component: engine
Update documentation to account for the changes in #24952.
docs/swarm/swarm-tutorial/rolling-update.md doesn't need any changes,
but the CLI reference pages should show the current help text.
drain-node.md no longer needs to specify --update-parallelism 1 in its
example.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 933ba8d7f7f95ad0bac97c39ffb3cdf1a5634cc6
Component: engine
f5e1f6f6880391a5a3399023cf93a3c48502e57d replaced "secrets"
with "join tokens", which also removed the "auto-accept"
policy.
This removes some remaining references to those features.
Note that there are other references, but those
are already addressed in another pull request.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 987511712f0cee391c8296b7f789c71e91561773
Component: engine
This renames the `rotate_xxx` flags to camelBack, for
consistency with other API query-params, such as
`detachKeys`, `noOverwriteDirNonDir`, and `fromImage`.
Also makes this flag accept a wider range of boolean
values ("0", "1", "true", "false"), and throw an error
if an invalid value is passed.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: bd81df12780b0765e55582574eaa2a125adf65fa
Component: engine
`--with-registry-auth` is more explicit.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 8426f72107f351b769babadeabbf13f205126514
Component: engine
Implement the proposal from
https://github.com/docker/docker/issues/24430#issuecomment-233100121
Removes acceptance policy and secret in favor of an automatically
generated join token that combines the secret, CA hash, and
manager/worker role into a single opaque string.
Adds a docker swarm join-token subcommand to inspect and rotate the
tokens.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 2cc5bd33eef038bf5721582e2410ba459bb656e9
Component: engine
this improves the formatting, and code-highlighting
of the `docker ps` reference page, and wraps sentences
to 80 chars
also adds single quotes around the formatting
example for labels.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 07ef0a37f85fbb3ba0be4a09bb301108bf461d96
Component: engine
these values were changed to lowercase in
690cb2d08c,
but not changed accordingly in docker/docker.
this changes the mounttypes to lowercase
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 8f93128cd619e1d11be1bc0ae21f1362b1e3f9ad
Component: engine
