diff --git a/.gitignore b/.gitignore index 0087b47302..4f8f09c775 100644 --- a/.gitignore +++ b/.gitignore @@ -23,3 +23,6 @@ bundles/ vendor/pkg/ pyenv Vagrantfile +docs/AWS_S3_BUCKET +docs/GIT_BRANCH +docs/VERSION diff --git a/.travis.yml b/.travis.yml index b8e4d43fcc..ae03d6cde5 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,21 +10,9 @@ install: true before_script: - env | sort - - sudo apt-get update -qq - - sudo apt-get install -qq python-yaml - - git remote add upstream git://github.com/dotcloud/docker.git - - upstream=master; - if [ "$TRAVIS_PULL_REQUEST" != false ]; then - upstream=$TRAVIS_BRANCH; - fi; - git fetch --append --no-tags upstream refs/heads/$upstream:refs/remotes/upstream/$upstream -# sometimes we have upstream master already as origin/master (PRs), but other times we don't, so let's just make sure we have a completely unambiguous way to specify "upstream master" from here out -# but if it's a PR against non-master, we need that upstream branch instead :) - - sudo pip install -r docs/requirements.txt script: - - hack/travis/dco.py - - hack/travis/gofmt.py - - make -sC docs SPHINXOPTS=-qW docs man + - hack/make.sh validate-dco + - hack/make.sh validate-gofmt # vim:set sw=2 ts=2: diff --git a/AUTHORS b/AUTHORS index 6e34065266..adfcfaa851 100644 --- a/AUTHORS +++ b/AUTHORS @@ -20,6 +20,7 @@ Andrew Munsell Andrews Medina Andy Chambers andy diller +Andy Goldstein Andy Rothfusz Andy Smith Anthony Bishopric @@ -44,6 +45,7 @@ Brian Olsen Brian Shumate Briehan Lombaard Bruno Bigras +Bryan Matsuo Caleb Spare Calen Pennington Carl X. Su diff --git a/CHANGELOG.md b/CHANGELOG.md index 8743d3a7db..bd6dc6026e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,17 @@ # Changelog +## 0.11.0 (2014-05-07) + +#### Notable features since 0.10.0 + +* SELinux support for mount and process labels +* Linked containers can be accessed by hostname +* Use the net `--net` flag to allow advanced network configuration such as host networking so that containers can use the host's network interfaces +* Add a ping endpoint to the Remote API to do healthchecks of your docker daemon +* Logs can now be returned with an optional timestamp +* Docker now works with registries that support SHA-512 +* Multiple registry endpoints are supported to allow registry mirrors + ## 0.10.0 (2014-04-08) #### Builder diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 0e8b98122f..d77afbc443 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -82,7 +82,7 @@ editors have plugins that do this automatically, and there's also a git pre-commit hook: ``` -curl -o .git/hooks/pre-commit https://raw.github.com/edsrzf/gofmt-git-hook/master/fmt-check && chmod +x .git/hooks/pre-commit +curl -o .git/hooks/pre-commit https://raw.githubusercontent.com/edsrzf/gofmt-git-hook/master/fmt-check && chmod +x .git/hooks/pre-commit ``` Pull requests descriptions should be as clear as possible and include a @@ -90,6 +90,10 @@ reference to all the issues that they address. Pull requests must not contain commits from other users or branches. +Commit messages must start with a capitalized and short summary (max. 50 +chars) written in the imperative, followed by an optional, more detailed +explanatory text which is separated from the summary by an empty line. + Code review comments may be added to your pull request. Discuss, then make the suggested modifications and push additional commits to your feature branch. Be sure to post a comment after pushing. The new commits will show up in the pull diff --git a/Dockerfile b/Dockerfile index ec95bad293..be2233ff87 100644 --- a/Dockerfile +++ b/Dockerfile @@ -42,6 +42,7 @@ RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq \ libcap-dev \ libsqlite3-dev \ mercurial \ + pandoc \ reprepro \ ruby1.9.1 \ ruby1.9.1-dev \ @@ -82,6 +83,9 @@ RUN go get code.google.com/p/go.tools/cmd/cover # TODO replace FPM with some very minimal debhelper stuff RUN gem install --no-rdoc --no-ri fpm --version 1.0.2 +# Get the "busybox" image source so we can build locally instead of pulling +RUN git clone https://github.com/jpetazzo/docker-busybox.git /docker-busybox + # Setup s3cmd config RUN /bin/echo -e '[default]\naccess_key=$AWS_ACCESS_KEY\nsecret_key=$AWS_SECRET_KEY' > /.s3cfg diff --git a/MAINTAINERS b/MAINTAINERS index d1f4d15491..581953cf8d 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -1,4 +1,4 @@ -Solomon Hykes (@shykes) +Solomon Hykes (@shykes) Guillaume J. Charmes (@creack) Victor Vieux (@vieux) Michael Crosby (@crosbymichael) diff --git a/Makefile b/Makefile index d49aa3b667..a4c8658e08 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -.PHONY: all binary build cross default docs docs-build docs-shell shell test test-integration test-integration-cli +.PHONY: all binary build cross default docs docs-build docs-shell shell test test-unit test-integration test-integration-cli validate # to allow `make BINDDIR=. shell` or `make BINDDIR= test` BINDDIR := bundles @@ -10,8 +10,9 @@ DOCKER_IMAGE := docker$(if $(GIT_BRANCH),:$(GIT_BRANCH)) DOCKER_DOCS_IMAGE := docker-docs$(if $(GIT_BRANCH),:$(GIT_BRANCH)) DOCKER_MOUNT := $(if $(BINDDIR),-v "$(CURDIR)/$(BINDDIR):/go/src/github.com/dotcloud/docker/$(BINDDIR)") -DOCKER_RUN_DOCKER := docker run --rm -it --privileged -e TESTFLAGS -e DOCKER_GRAPHDRIVER -e DOCKER_EXECDRIVER $(DOCKER_MOUNT) "$(DOCKER_IMAGE)" -DOCKER_RUN_DOCS := docker run --rm -it -p $(if $(DOCSPORT),$(DOCSPORT):)8000 "$(DOCKER_DOCS_IMAGE)" +DOCKER_RUN_DOCKER := docker run --rm -it --privileged -e TESTFLAGS -e TESTDIRS -e DOCKER_GRAPHDRIVER -e DOCKER_EXECDRIVER $(DOCKER_MOUNT) "$(DOCKER_IMAGE)" +# to allow `make DOCSDIR=docs docs-shell` +DOCKER_RUN_DOCS := docker run --rm -it $(if $(DOCSDIR),-v $(CURDIR)/$(DOCSDIR):/$(DOCSDIR)) -e AWS_S3_BUCKET default: binary @@ -25,13 +26,19 @@ cross: build $(DOCKER_RUN_DOCKER) hack/make.sh binary cross docs: docs-build - $(DOCKER_RUN_DOCS) + $(DOCKER_RUN_DOCS) -p $(if $(DOCSPORT),$(DOCSPORT):)8000 "$(DOCKER_DOCS_IMAGE)" mkdocs serve docs-shell: docs-build - $(DOCKER_RUN_DOCS) bash + $(DOCKER_RUN_DOCS) -p $(if $(DOCSPORT),$(DOCSPORT):)8000 "$(DOCKER_DOCS_IMAGE)" bash + +docs-release: docs-build + $(DOCKER_RUN_DOCS) "$(DOCKER_DOCS_IMAGE)" ./release.sh test: build - $(DOCKER_RUN_DOCKER) hack/make.sh binary test test-integration test-integration-cli + $(DOCKER_RUN_DOCKER) hack/make.sh binary test-unit test-integration test-integration-cli + +test-unit: build + $(DOCKER_RUN_DOCKER) hack/make.sh test-unit test-integration: build $(DOCKER_RUN_DOCKER) hack/make.sh test-integration @@ -39,6 +46,9 @@ test-integration: build test-integration-cli: build $(DOCKER_RUN_DOCKER) hack/make.sh binary test-integration-cli +validate: build + $(DOCKER_RUN_DOCKER) hack/make.sh validate-gofmt validate-dco + shell: build $(DOCKER_RUN_DOCKER) bash @@ -46,6 +56,9 @@ build: bundles docker build -t "$(DOCKER_IMAGE)" . docs-build: + cp ./VERSION docs/VERSION + echo "$(GIT_BRANCH)" > docs/GIT_BRANCH + echo "$(AWS_S3_BUCKET)" > docs/AWS_S3_BUCKET docker build -t "$(DOCKER_DOCS_IMAGE)" docs bundles: diff --git a/README.md b/README.md index 1922be5d8a..fae1bb916b 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ It benefits directly from the experience accumulated over several years of large-scale operation and support of hundreds of thousands of applications and databases. -![Docker L](docs/theme/docker/static/img/dockerlogo-h.png "Docker") +![Docker L](docs/theme/mkdocs/img/logo_compressed.png "Docker") ## Better than VMs diff --git a/VERSION b/VERSION index 78bc1abd14..d9df1bbc0c 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.10.0 +0.11.0 diff --git a/api/client/cli.go b/api/client/cli.go index b58d3c3c75..49fb3c978f 100644 --- a/api/client/cli.go +++ b/api/client/cli.go @@ -65,8 +65,13 @@ func NewDockerCli(in io.ReadCloser, out, err io.Writer, proto, addr string, tlsC var ( isTerminal = false terminalFd uintptr + scheme = "http" ) + if tlsConfig != nil { + scheme = "https" + } + if in != nil { if file, ok := in.(*os.File); ok { terminalFd = file.Fd() @@ -86,6 +91,7 @@ func NewDockerCli(in io.ReadCloser, out, err io.Writer, proto, addr string, tlsC isTerminal: isTerminal, terminalFd: terminalFd, tlsConfig: tlsConfig, + scheme: scheme, } } @@ -99,4 +105,5 @@ type DockerCli struct { isTerminal bool terminalFd uintptr tlsConfig *tls.Config + scheme string } diff --git a/api/client/commands.go b/api/client/commands.go index 443917d3fb..89f9b0a4c4 100644 --- a/api/client/commands.go +++ b/api/client/commands.go @@ -1491,7 +1491,8 @@ func (cli *DockerCli) CmdCommit(args ...string) error { func (cli *DockerCli) CmdEvents(args ...string) error { cmd := cli.Subcmd("events", "[OPTIONS]", "Get real time events from the server") - since := cmd.String([]string{"#since", "-since"}, "", "Show previously created events and then stream.") + since := cmd.String([]string{"#since", "-since"}, "", "Show all events created since timestamp") + until := cmd.String([]string{"-until"}, "", "Stream events until this timestamp") if err := cmd.Parse(args); err != nil { return nil } @@ -1500,22 +1501,27 @@ func (cli *DockerCli) CmdEvents(args ...string) error { cmd.Usage() return nil } - - v := url.Values{} - if *since != "" { - loc := time.FixedZone(time.Now().Zone()) + var ( + v = url.Values{} + loc = time.FixedZone(time.Now().Zone()) + ) + var setTime = func(key, value string) { format := "2006-01-02 15:04:05 -0700 MST" - if len(*since) < len(format) { - format = format[:len(*since)] + if len(value) < len(format) { + format = format[:len(value)] } - - if t, err := time.ParseInLocation(format, *since, loc); err == nil { - v.Set("since", strconv.FormatInt(t.Unix(), 10)) + if t, err := time.ParseInLocation(format, value, loc); err == nil { + v.Set(key, strconv.FormatInt(t.Unix(), 10)) } else { - v.Set("since", *since) + v.Set(key, value) } } - + if *since != "" { + setTime("since", *since) + } + if *until != "" { + setTime("until", *until) + } if err := cli.stream("GET", "/events?"+v.Encode(), nil, cli.out, nil); err != nil { return err } @@ -1577,6 +1583,7 @@ func (cli *DockerCli) CmdDiff(args ...string) error { func (cli *DockerCli) CmdLogs(args ...string) error { cmd := cli.Subcmd("logs", "CONTAINER", "Fetch the logs of a container") follow := cmd.Bool([]string{"f", "-follow"}, false, "Follow log output") + times := cmd.Bool([]string{"t", "-timestamps"}, false, "Show timestamps") if err := cmd.Parse(args); err != nil { return nil } @@ -1597,14 +1604,16 @@ func (cli *DockerCli) CmdLogs(args ...string) error { } v := url.Values{} - v.Set("logs", "1") v.Set("stdout", "1") v.Set("stderr", "1") + if *times { + v.Set("timestamps", "1") + } if *follow && container.State.Running { - v.Set("stream", "1") + v.Set("follow", "1") } - if err := cli.hijack("POST", "/containers/"+name+"/attach?"+v.Encode(), container.Config.Tty, nil, cli.out, cli.err, nil); err != nil { + if err := cli.streamHelper("GET", "/containers/"+name+"/logs?"+v.Encode(), container.Config.Tty, nil, cli.out, cli.err, nil); err != nil { return err } return nil diff --git a/api/client/hijack.go b/api/client/hijack.go new file mode 100644 index 0000000000..0a9d5d8ef2 --- /dev/null +++ b/api/client/hijack.go @@ -0,0 +1,133 @@ +package client + +import ( + "crypto/tls" + "fmt" + "io" + "net" + "net/http" + "net/http/httputil" + "os" + "runtime" + "strings" + + "github.com/dotcloud/docker/api" + "github.com/dotcloud/docker/dockerversion" + "github.com/dotcloud/docker/pkg/term" + "github.com/dotcloud/docker/utils" +) + +func (cli *DockerCli) dial() (net.Conn, error) { + if cli.tlsConfig != nil && cli.proto != "unix" { + return tls.Dial(cli.proto, cli.addr, cli.tlsConfig) + } + return net.Dial(cli.proto, cli.addr) +} + +func (cli *DockerCli) hijack(method, path string, setRawTerminal bool, in io.ReadCloser, stdout, stderr io.Writer, started chan io.Closer) error { + defer func() { + if started != nil { + close(started) + } + }() + + req, err := http.NewRequest(method, fmt.Sprintf("/v%s%s", api.APIVERSION, path), nil) + if err != nil { + return err + } + req.Header.Set("User-Agent", "Docker-Client/"+dockerversion.VERSION) + req.Header.Set("Content-Type", "plain/text") + req.Host = cli.addr + + dial, err := cli.dial() + if err != nil { + if strings.Contains(err.Error(), "connection refused") { + return fmt.Errorf("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?") + } + return err + } + clientconn := httputil.NewClientConn(dial, nil) + defer clientconn.Close() + + // Server hijacks the connection, error 'connection closed' expected + clientconn.Do(req) + + rwc, br := clientconn.Hijack() + defer rwc.Close() + + if started != nil { + started <- rwc + } + + var receiveStdout chan error + + var oldState *term.State + + if in != nil && setRawTerminal && cli.isTerminal && os.Getenv("NORAW") == "" { + oldState, err = term.SetRawTerminal(cli.terminalFd) + if err != nil { + return err + } + defer term.RestoreTerminal(cli.terminalFd, oldState) + } + + if stdout != nil || stderr != nil { + receiveStdout = utils.Go(func() (err error) { + defer func() { + if in != nil { + if setRawTerminal && cli.isTerminal { + term.RestoreTerminal(cli.terminalFd, oldState) + } + // For some reason this Close call blocks on darwin.. + // As the client exists right after, simply discard the close + // until we find a better solution. + if runtime.GOOS != "darwin" { + in.Close() + } + } + }() + + // When TTY is ON, use regular copy + if setRawTerminal { + _, err = io.Copy(stdout, br) + } else { + _, err = utils.StdCopy(stdout, stderr, br) + } + utils.Debugf("[hijack] End of stdout") + return err + }) + } + + sendStdin := utils.Go(func() error { + if in != nil { + io.Copy(rwc, in) + utils.Debugf("[hijack] End of stdin") + } + if tcpc, ok := rwc.(*net.TCPConn); ok { + if err := tcpc.CloseWrite(); err != nil { + utils.Debugf("Couldn't send EOF: %s\n", err) + } + } else if unixc, ok := rwc.(*net.UnixConn); ok { + if err := unixc.CloseWrite(); err != nil { + utils.Debugf("Couldn't send EOF: %s\n", err) + } + } + // Discard errors due to pipe interruption + return nil + }) + + if stdout != nil || stderr != nil { + if err := <-receiveStdout; err != nil { + utils.Debugf("Error receiveStdout: %s", err) + return err + } + } + + if !cli.isTerminal { + if err := <-sendStdin; err != nil { + utils.Debugf("Error sendStdin: %s", err) + return err + } + } + return nil +} diff --git a/api/client/utils.go b/api/client/utils.go index 4ef09ba783..8f303dcd98 100644 --- a/api/client/utils.go +++ b/api/client/utils.go @@ -2,7 +2,6 @@ package client import ( "bytes" - "crypto/tls" "encoding/base64" "encoding/json" "errors" @@ -11,12 +10,9 @@ import ( "io/ioutil" "net" "net/http" - "net/http/httputil" "net/url" "os" gosignal "os/signal" - "regexp" - goruntime "runtime" "strconv" "strings" "syscall" @@ -33,11 +29,14 @@ var ( ErrConnectionRefused = errors.New("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?") ) -func (cli *DockerCli) dial() (net.Conn, error) { - if cli.tlsConfig != nil && cli.proto != "unix" { - return tls.Dial(cli.proto, cli.addr, cli.tlsConfig) +func (cli *DockerCli) HTTPClient() *http.Client { + tr := &http.Transport{ + TLSClientConfig: cli.tlsConfig, + Dial: func(network, addr string) (net.Conn, error) { + return net.Dial(cli.proto, cli.addr) + }, } - return net.Dial(cli.proto, cli.addr) + return &http.Client{Transport: tr} } func (cli *DockerCli) call(method, path string, data interface{}, passAuthInfo bool) (io.ReadCloser, int, error) { @@ -57,9 +56,6 @@ func (cli *DockerCli) call(method, path string, data interface{}, passAuthInfo b } } } - // fixme: refactor client to support redirect - re := regexp.MustCompile("/+") - path = re.ReplaceAllString(path, "/") req, err := http.NewRequest(method, fmt.Sprintf("/v%s%s", api.APIVERSION, path), params) if err != nil { @@ -86,28 +82,20 @@ func (cli *DockerCli) call(method, path string, data interface{}, passAuthInfo b } } req.Header.Set("User-Agent", "Docker-Client/"+dockerversion.VERSION) - req.Host = cli.addr + req.URL.Host = cli.addr + req.URL.Scheme = cli.scheme if data != nil { req.Header.Set("Content-Type", "application/json") } else if method == "POST" { req.Header.Set("Content-Type", "plain/text") } - dial, err := cli.dial() + resp, err := cli.HTTPClient().Do(req) if err != nil { if strings.Contains(err.Error(), "connection refused") { return nil, -1, ErrConnectionRefused } return nil, -1, err } - clientconn := httputil.NewClientConn(dial, nil) - resp, err := clientconn.Do(req) - if err != nil { - clientconn.Close() - if strings.Contains(err.Error(), "connection refused") { - return nil, -1, ErrConnectionRefused - } - return nil, -1, err - } if resp.StatusCode < 200 || resp.StatusCode >= 400 { body, err := ioutil.ReadAll(resp.Body) @@ -119,31 +107,25 @@ func (cli *DockerCli) call(method, path string, data interface{}, passAuthInfo b } return nil, resp.StatusCode, fmt.Errorf("Error: %s", bytes.TrimSpace(body)) } - - wrapper := utils.NewReadCloserWrapper(resp.Body, func() error { - if resp != nil && resp.Body != nil { - resp.Body.Close() - } - return clientconn.Close() - }) - return wrapper, resp.StatusCode, nil + return resp.Body, resp.StatusCode, nil } func (cli *DockerCli) stream(method, path string, in io.Reader, out io.Writer, headers map[string][]string) error { + return cli.streamHelper(method, path, true, in, out, nil, headers) +} + +func (cli *DockerCli) streamHelper(method, path string, setRawTerminal bool, in io.Reader, stdout, stderr io.Writer, headers map[string][]string) error { if (method == "POST" || method == "PUT") && in == nil { in = bytes.NewReader([]byte{}) } - // fixme: refactor client to support redirect - re := regexp.MustCompile("/+") - path = re.ReplaceAllString(path, "/") - - req, err := http.NewRequest(method, fmt.Sprintf("/v%s%s", api.APIVERSION, path), in) + req, err := http.NewRequest(method, fmt.Sprintf("http://v%s%s", api.APIVERSION, path), in) if err != nil { return err } req.Header.Set("User-Agent", "Docker-Client/"+dockerversion.VERSION) - req.Host = cli.addr + req.URL.Host = cli.addr + req.URL.Scheme = cli.scheme if method == "POST" { req.Header.Set("Content-Type", "plain/text") } @@ -153,17 +135,7 @@ func (cli *DockerCli) stream(method, path string, in io.Reader, out io.Writer, h req.Header[k] = v } } - - dial, err := cli.dial() - if err != nil { - if strings.Contains(err.Error(), "connection refused") { - return fmt.Errorf("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?") - } - return err - } - clientconn := httputil.NewClientConn(dial, nil) - resp, err := clientconn.Do(req) - defer clientconn.Close() + resp, err := cli.HTTPClient().Do(req) if err != nil { if strings.Contains(err.Error(), "connection refused") { return fmt.Errorf("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?") @@ -184,126 +156,21 @@ func (cli *DockerCli) stream(method, path string, in io.Reader, out io.Writer, h } if api.MatchesContentType(resp.Header.Get("Content-Type"), "application/json") { - return utils.DisplayJSONMessagesStream(resp.Body, out, cli.terminalFd, cli.isTerminal) + return utils.DisplayJSONMessagesStream(resp.Body, stdout, cli.terminalFd, cli.isTerminal) } - if _, err := io.Copy(out, resp.Body); err != nil { + if stdout != nil || stderr != nil { + // When TTY is ON, use regular copy + if setRawTerminal { + _, err = io.Copy(stdout, resp.Body) + } else { + _, err = utils.StdCopy(stdout, stderr, resp.Body) + } + utils.Debugf("[stream] End of stdout") return err } return nil } -func (cli *DockerCli) hijack(method, path string, setRawTerminal bool, in io.ReadCloser, stdout, stderr io.Writer, started chan io.Closer) error { - defer func() { - if started != nil { - close(started) - } - }() - // fixme: refactor client to support redirect - re := regexp.MustCompile("/+") - path = re.ReplaceAllString(path, "/") - - req, err := http.NewRequest(method, fmt.Sprintf("/v%s%s", api.APIVERSION, path), nil) - if err != nil { - return err - } - req.Header.Set("User-Agent", "Docker-Client/"+dockerversion.VERSION) - req.Header.Set("Content-Type", "plain/text") - req.Host = cli.addr - - dial, err := cli.dial() - if err != nil { - if strings.Contains(err.Error(), "connection refused") { - return fmt.Errorf("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?") - } - return err - } - clientconn := httputil.NewClientConn(dial, nil) - defer clientconn.Close() - - // Server hijacks the connection, error 'connection closed' expected - clientconn.Do(req) - - rwc, br := clientconn.Hijack() - defer rwc.Close() - - if started != nil { - started <- rwc - } - - var receiveStdout chan error - - var oldState *term.State - - if in != nil && setRawTerminal && cli.isTerminal && os.Getenv("NORAW") == "" { - oldState, err = term.SetRawTerminal(cli.terminalFd) - if err != nil { - return err - } - defer term.RestoreTerminal(cli.terminalFd, oldState) - } - - if stdout != nil || stderr != nil { - receiveStdout = utils.Go(func() (err error) { - defer func() { - if in != nil { - if setRawTerminal && cli.isTerminal { - term.RestoreTerminal(cli.terminalFd, oldState) - } - // For some reason this Close call blocks on darwin.. - // As the client exists right after, simply discard the close - // until we find a better solution. - if goruntime.GOOS != "darwin" { - in.Close() - } - } - }() - - // When TTY is ON, use regular copy - if setRawTerminal { - _, err = io.Copy(stdout, br) - } else { - _, err = utils.StdCopy(stdout, stderr, br) - } - utils.Debugf("[hijack] End of stdout") - return err - }) - } - - sendStdin := utils.Go(func() error { - if in != nil { - io.Copy(rwc, in) - utils.Debugf("[hijack] End of stdin") - } - if tcpc, ok := rwc.(*net.TCPConn); ok { - if err := tcpc.CloseWrite(); err != nil { - utils.Debugf("Couldn't send EOF: %s\n", err) - } - } else if unixc, ok := rwc.(*net.UnixConn); ok { - if err := unixc.CloseWrite(); err != nil { - utils.Debugf("Couldn't send EOF: %s\n", err) - } - } - // Discard errors due to pipe interruption - return nil - }) - - if stdout != nil || stderr != nil { - if err := <-receiveStdout; err != nil { - utils.Debugf("Error receiveStdout: %s", err) - return err - } - } - - if !cli.isTerminal { - if err := <-sendStdin; err != nil { - utils.Debugf("Error sendStdin: %s", err) - return err - } - } - return nil - -} - func (cli *DockerCli) resizeTty(id string) { height, width := cli.getTtySize() if height == 0 && width == 0 { diff --git a/api/common.go b/api/common.go index 44bd901379..af4ced4f6e 100644 --- a/api/common.go +++ b/api/common.go @@ -10,7 +10,7 @@ import ( ) const ( - APIVERSION version.Version = "1.10" + APIVERSION version.Version = "1.11" DEFAULTHTTPHOST = "127.0.0.1" DEFAULTUNIXSOCKET = "/var/run/docker.sock" ) diff --git a/api/server/server.go b/api/server/server.go index c6eafaf265..05d5e60690 100644 --- a/api/server/server.go +++ b/api/server/server.go @@ -3,7 +3,6 @@ package server import ( "bufio" "bytes" - "code.google.com/p/go.net/websocket" "crypto/tls" "crypto/x509" "encoding/base64" @@ -21,6 +20,8 @@ import ( "strings" "syscall" + "code.google.com/p/go.net/websocket" + "github.com/dotcloud/docker/api" "github.com/dotcloud/docker/engine" "github.com/dotcloud/docker/pkg/listenbuffer" @@ -246,6 +247,7 @@ func getEvents(eng *engine.Engine, version version.Version, w http.ResponseWrite var job = eng.Job("events", r.RemoteAddr) streamJSON(job, w, true) job.Setenv("since", r.Form.Get("since")) + job.Setenv("until", r.Form.Get("until")) return job.Run() } @@ -327,6 +329,48 @@ func getContainersJSON(eng *engine.Engine, version version.Version, w http.Respo return nil } +func getContainersLogs(eng *engine.Engine, version version.Version, w http.ResponseWriter, r *http.Request, vars map[string]string) error { + if err := parseForm(r); err != nil { + return err + } + if vars == nil { + return fmt.Errorf("Missing parameter") + } + + var ( + job = eng.Job("inspect", vars["name"], "container") + c, err = job.Stdout.AddEnv() + ) + if err != nil { + return err + } + if err = job.Run(); err != nil { + return err + } + + var outStream, errStream io.Writer + outStream = utils.NewWriteFlusher(w) + + if c.GetSubEnv("Config") != nil && !c.GetSubEnv("Config").GetBool("Tty") && version.GreaterThanOrEqualTo("1.6") { + errStream = utils.NewStdWriter(outStream, utils.Stderr) + outStream = utils.NewStdWriter(outStream, utils.Stdout) + } else { + errStream = outStream + } + + job = eng.Job("logs", vars["name"]) + job.Setenv("follow", r.Form.Get("follow")) + job.Setenv("stdout", r.Form.Get("stdout")) + job.Setenv("stderr", r.Form.Get("stderr")) + job.Setenv("timestamps", r.Form.Get("timestamps")) + job.Stdout.Add(outStream) + job.Stderr.Set(errStream) + if err := job.Run(); err != nil { + fmt.Fprintf(outStream, "Error: %s\n", err) + } + return nil +} + func postImagesTag(eng *engine.Engine, version version.Version, w http.ResponseWriter, r *http.Request, vars map[string]string) error { if err := parseForm(r); err != nil { return err @@ -828,8 +872,6 @@ func postBuild(eng *engine.Engine, version version.Version, w http.ResponseWrite return fmt.Errorf("Multipart upload for build is no longer supported. Please upgrade your docker client.") } var ( - authEncoded = r.Header.Get("X-Registry-Auth") - authConfig = ®istry.AuthConfig{} configFileEncoded = r.Header.Get("X-Registry-Config") configFile = ®istry.ConfigFile{} job = eng.Job("build") @@ -839,12 +881,18 @@ func postBuild(eng *engine.Engine, version version.Version, w http.ResponseWrite // Both headers will be parsed and sent along to the daemon, but if a non-empty // ConfigFile is present, any value provided as an AuthConfig directly will // be overridden. See BuildFile::CmdFrom for details. + var ( + authEncoded = r.Header.Get("X-Registry-Auth") + authConfig = ®istry.AuthConfig{} + ) if version.LessThan("1.9") && authEncoded != "" { authJson := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded)) if err := json.NewDecoder(authJson).Decode(authConfig); err != nil { // for a pull it is not an error if no auth was given // to increase compatibility with the existing api it is defaulting to be empty authConfig = ®istry.AuthConfig{} + } else { + configFile.Configs[authConfig.ServerAddress] = *authConfig } } @@ -869,8 +917,7 @@ func postBuild(eng *engine.Engine, version version.Version, w http.ResponseWrite job.Setenv("q", r.FormValue("q")) job.Setenv("nocache", r.FormValue("nocache")) job.Setenv("rm", r.FormValue("rm")) - job.SetenvJson("authConfig", authConfig) - job.SetenvJson("configFile", configFile) + job.SetenvJson("auth", configFile) if err := job.Run(); err != nil { if !job.Stdout.Used() { @@ -930,6 +977,11 @@ func writeCorsHeaders(w http.ResponseWriter, r *http.Request) { w.Header().Add("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS") } +func ping(eng *engine.Engine, version version.Version, w http.ResponseWriter, r *http.Request, vars map[string]string) error { + _, err := w.Write([]byte{'O', 'K'}) + return err +} + func makeHttpHandler(eng *engine.Engine, logging bool, localMethod string, localRoute string, handlerFunc HttpApiFunc, enableCors bool, dockerVersion version.Version) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { // log the request @@ -998,6 +1050,7 @@ func createRouter(eng *engine.Engine, logging, enableCors bool, dockerVersion st } m := map[string]map[string]HttpApiFunc{ "GET": { + "/_ping": ping, "/events": getEvents, "/info": getInfo, "/version": getVersion, @@ -1013,6 +1066,7 @@ func createRouter(eng *engine.Engine, logging, enableCors bool, dockerVersion st "/containers/{name:.*}/changes": getContainersChanges, "/containers/{name:.*}/json": getContainersByName, "/containers/{name:.*}/top": getContainersTop, + "/containers/{name:.*}/logs": getContainersLogs, "/containers/{name:.*}/attach/ws": wsContainersAttach, }, "POST": { @@ -1220,6 +1274,9 @@ func ListenAndServe(proto, addr string, job *engine.Job) error { // ServeApi loops through all of the protocols sent in to docker and spawns // off a go routine to setup a serving http.Server for each. func ServeApi(job *engine.Job) engine.Status { + if len(job.Args) == 0 { + return job.Errorf("usage: %s PROTO://ADDR [PROTO://ADDR ...]", job.Name) + } var ( protoAddrs = job.Args chErrors = make(chan error, len(protoAddrs)) @@ -1232,6 +1289,9 @@ func ServeApi(job *engine.Job) engine.Status { for _, protoAddr := range protoAddrs { protoAddrParts := strings.SplitN(protoAddr, "://", 2) + if len(protoAddrParts) != 2 { + return job.Errorf("usage: %s PROTO://ADDR [PROTO://ADDR ...]", job.Name) + } go func() { log.Printf("Listening for HTTP on %s (%s)\n", protoAddrParts[0], protoAddrParts[1]) chErrors <- ListenAndServe(protoAddrParts[0], protoAddrParts[1], job) diff --git a/api/server/server_unit_test.go b/api/server/server_unit_test.go index 3dbba640ff..8ab34127ac 100644 --- a/api/server/server_unit_test.go +++ b/api/server/server_unit_test.go @@ -1,14 +1,14 @@ package server import ( + "bytes" + "encoding/json" "fmt" "github.com/dotcloud/docker/api" "github.com/dotcloud/docker/engine" - "github.com/dotcloud/docker/utils" "io" "net/http" "net/http/httptest" - "os" "testing" ) @@ -57,15 +57,7 @@ func TesthttpError(t *testing.T) { } func TestGetVersion(t *testing.T) { - tmp, err := utils.TestDirectory("") - if err != nil { - t.Fatal(err) - } - defer os.RemoveAll(tmp) - eng, err := engine.New(tmp) - if err != nil { - t.Fatal(err) - } + eng := engine.New() var called bool eng.Register("version", func(job *engine.Job) engine.Status { called = true @@ -80,49 +72,21 @@ func TestGetVersion(t *testing.T) { } return engine.StatusOK }) - - r := httptest.NewRecorder() - req, err := http.NewRequest("GET", "/version", nil) - if err != nil { - t.Fatal(err) - } - // FIXME getting the version should require an actual running Server - if err := ServeRequest(eng, api.APIVERSION, r, req); err != nil { - t.Fatal(err) - } + r := serveRequest("GET", "/version", nil, eng, t) if !called { t.Fatalf("handler was not called") } - out := engine.NewOutput() - v, err := out.AddEnv() - if err != nil { - t.Fatal(err) + v := readEnv(r.Body, t) + if v.Get("Version") != "42.1" { + t.Fatalf("%#v\n", v) } - if _, err := io.Copy(out, r.Body); err != nil { - t.Fatal(err) - } - out.Close() - expected := "42.1" - if result := v.Get("Version"); result != expected { - t.Errorf("Expected version %s, %s found", expected, result) - } - expected = "application/json" - if result := r.HeaderMap.Get("Content-Type"); result != expected { - t.Errorf("Expected Content-Type %s, %s found", expected, result) + if r.HeaderMap.Get("Content-Type") != "application/json" { + t.Fatalf("%#v\n", r) } } func TestGetInfo(t *testing.T) { - tmp, err := utils.TestDirectory("") - if err != nil { - t.Fatal(err) - } - defer os.RemoveAll(tmp) - eng, err := engine.New(tmp) - if err != nil { - t.Fatal(err) - } - + eng := engine.New() var called bool eng.Register("info", func(job *engine.Job) engine.Status { called = true @@ -134,47 +98,51 @@ func TestGetInfo(t *testing.T) { } return engine.StatusOK }) - - r := httptest.NewRecorder() - req, err := http.NewRequest("GET", "/info", nil) - if err != nil { - t.Fatal(err) - } - // FIXME getting the version should require an actual running Server - if err := ServeRequest(eng, api.APIVERSION, r, req); err != nil { - t.Fatal(err) - } + r := serveRequest("GET", "/info", nil, eng, t) if !called { t.Fatalf("handler was not called") } + v := readEnv(r.Body, t) + if v.GetInt("Images") != 42000 { + t.Fatalf("%#v\n", v) + } + if v.GetInt("Containers") != 1 { + t.Fatalf("%#v\n", v) + } + if r.HeaderMap.Get("Content-Type") != "application/json" { + t.Fatalf("%#v\n", r) + } +} - out := engine.NewOutput() - i, err := out.AddEnv() +func serveRequest(method, target string, body io.Reader, eng *engine.Engine, t *testing.T) *httptest.ResponseRecorder { + r := httptest.NewRecorder() + req, err := http.NewRequest(method, target, body) if err != nil { t.Fatal(err) } - if _, err := io.Copy(out, r.Body); err != nil { + if err := ServeRequest(eng, api.APIVERSION, r, req); err != nil { + t.Fatal(err) + } + return r +} + +func readEnv(src io.Reader, t *testing.T) *engine.Env { + out := engine.NewOutput() + v, err := out.AddEnv() + if err != nil { + t.Fatal(err) + } + if _, err := io.Copy(out, src); err != nil { t.Fatal(err) } out.Close() - { - expected := 42000 - result := i.GetInt("Images") - if expected != result { - t.Fatalf("%#v\n", result) - } - } - { - expected := 1 - result := i.GetInt("Containers") - if expected != result { - t.Fatalf("%#v\n", result) - } - } - { - expected := "application/json" - if result := r.HeaderMap.Get("Content-Type"); result != expected { - t.Fatalf("%#v\n", result) - } - } + return v +} + +func toJson(data interface{}, t *testing.T) io.Reader { + var buf bytes.Buffer + if err := json.NewEncoder(&buf).Encode(data); err != nil { + t.Fatal(err) + } + return &buf } diff --git a/archive/diff.go b/archive/diff.go index e20e4b1f02..87e8ac7dc4 100644 --- a/archive/diff.go +++ b/archive/diff.go @@ -68,7 +68,7 @@ func ApplyLayer(dest string, layer ArchiveReader) error { parent := filepath.Dir(hdr.Name) parentPath := filepath.Join(dest, parent) if _, err := os.Lstat(parentPath); err != nil && os.IsNotExist(err) { - err = os.MkdirAll(parentPath, 600) + err = os.MkdirAll(parentPath, 0600) if err != nil { return err } diff --git a/builtins/builtins.go b/builtins/builtins.go index 109bc5b913..40d421f154 100644 --- a/builtins/builtins.go +++ b/builtins/builtins.go @@ -2,19 +2,25 @@ package builtins import ( api "github.com/dotcloud/docker/api/server" + "github.com/dotcloud/docker/daemon/networkdriver/bridge" "github.com/dotcloud/docker/engine" - "github.com/dotcloud/docker/runtime/networkdriver/bridge" + "github.com/dotcloud/docker/registry" "github.com/dotcloud/docker/server" ) -func Register(eng *engine.Engine) { - daemon(eng) - remote(eng) +func Register(eng *engine.Engine) error { + if err := daemon(eng); err != nil { + return err + } + if err := remote(eng); err != nil { + return err + } + return registry.NewService().Install(eng) } // remote: a RESTful api for cross-docker communication -func remote(eng *engine.Engine) { - eng.Register("serveapi", api.ServeApi) +func remote(eng *engine.Engine) error { + return eng.Register("serveapi", api.ServeApi) } // daemon: a default execution and storage backend for Docker on Linux, @@ -32,7 +38,9 @@ func remote(eng *engine.Engine) { // // These components should be broken off into plugins of their own. // -func daemon(eng *engine.Engine) { - eng.Register("initserver", server.InitServer) - eng.Register("init_networkdriver", bridge.InitDriver) +func daemon(eng *engine.Engine) error { + if err := eng.Register("initserver", server.InitServer); err != nil { + return err + } + return eng.Register("init_networkdriver", bridge.InitDriver) } diff --git a/contrib/check-config.sh b/contrib/check-config.sh index 53bf708404..498ede8af3 100755 --- a/contrib/check-config.sh +++ b/contrib/check-config.sh @@ -4,7 +4,13 @@ set -e # bits of this were adapted from lxc-checkconfig # see also https://github.com/lxc/lxc/blob/lxc-1.0.2/src/lxc/lxc-checkconfig.in -: ${CONFIG:=/proc/config.gz} +possibleConfigs=( + '/proc/config.gz' + "/boot/config-$(uname -r)" + "/usr/src/linux-$(uname -r)/.config" + '/usr/src/linux/.config' +) +: ${CONFIG:="${possibleConfigs[0]}"} if ! command -v zgrep &> /dev/null; then zgrep() { @@ -74,11 +80,7 @@ check_flags() { if [ ! -e "$CONFIG" ]; then wrap_warning "warning: $CONFIG does not exist, searching other paths for kernel config..." - for tryConfig in \ - '/proc/config.gz' \ - "/boot/config-$(uname -r)" \ - '/usr/src/linux/.config' \ - ; do + for tryConfig in "${possibleConfigs[@]}"; do if [ -e "$tryConfig" ]; then CONFIG="$tryConfig" break @@ -98,12 +100,16 @@ echo echo 'Generally Necessary:' echo -n '- ' -cgroupCpuDir="$(awk '/[, ]cpu([, ]|$)/ && $8 == "cgroup" { print $5 }' /proc/$$/mountinfo | head -n1)" -cgroupDir="$(dirname "$cgroupCpuDir")" -if [ -d "$cgroupDir/cpu" ]; then +cgroupSubsystemDir="$(awk '/[, ](cpu|cpuacct|cpuset|devices|freezer|memory)([, ]|$)/ && $8 == "cgroup" { print $5 }' /proc/$$/mountinfo | head -n1)" +cgroupDir="$(dirname "$cgroupSubsystemDir")" +if [ -d "$cgroupDir/cpu" -o -d "$cgroupDir/cpuacct" -o -d "$cgroupDir/cpuset" -o -d "$cgroupDir/devices" -o -d "$cgroupDir/freezer" -o -d "$cgroupDir/memory" ]; then echo "$(wrap_good 'cgroup hierarchy' 'properly mounted') [$cgroupDir]" else - echo "$(wrap_bad 'cgroup hierarchy' 'single mountpoint!') [$cgroupCpuDir]" + if [ "$cgroupSubsystemDir" ]; then + echo "$(wrap_bad 'cgroup hierarchy' 'single mountpoint!') [$cgroupSubsystemDir]" + else + echo "$(wrap_bad 'cgroup hierarchy' 'nonexistent??')" + fi echo " $(wrap_color '(see https://github.com/tianon/cgroupfs-mount)' yellow)" fi @@ -112,7 +118,8 @@ flags=( DEVPTS_MULTIPLE_INSTANCES CGROUPS CGROUP_DEVICE MACVLAN VETH BRIDGE - IP_NF_TARGET_MASQUERADE NETFILTER_XT_MATCH_{ADDRTYPE,CONNTRACK} + NF_NAT_IPV4 IP_NF_TARGET_MASQUERADE + NETFILTER_XT_MATCH_{ADDRTYPE,CONNTRACK} NF_NAT NF_NAT_NEEDED ) check_flags "${flags[@]}" diff --git a/contrib/docker-device-tool/device_tool.go b/contrib/docker-device-tool/device_tool.go index 12c762a7f3..a9327f9de1 100644 --- a/contrib/docker-device-tool/device_tool.go +++ b/contrib/docker-device-tool/device_tool.go @@ -3,7 +3,7 @@ package main import ( "flag" "fmt" - "github.com/dotcloud/docker/runtime/graphdriver/devmapper" + "github.com/dotcloud/docker/daemon/graphdriver/devmapper" "os" "path" "sort" diff --git a/contrib/man/.gitignore b/contrib/man/.gitignore new file mode 100644 index 0000000000..c2c63b5d2e --- /dev/null +++ b/contrib/man/.gitignore @@ -0,0 +1,2 @@ +# these are generated by the md/md2man-all.sh script +man* diff --git a/contrib/man/md/Dockerfile b/contrib/man/md/Dockerfile new file mode 100644 index 0000000000..438227df89 --- /dev/null +++ b/contrib/man/md/Dockerfile @@ -0,0 +1,5 @@ +FROM fedora:20 +MAINTAINER ipbabble +# Update and install pandoc +RUN yum -y update; yum clean all; +RUN yum -y install pandoc; diff --git a/contrib/man/md/README.md b/contrib/man/md/README.md new file mode 100644 index 0000000000..d49b39b7a2 --- /dev/null +++ b/contrib/man/md/README.md @@ -0,0 +1,71 @@ +Docker Documentation +==================== + +This directory contains the Docker user manual in the Markdown format. +Do *not* edit the man pages in the man1 directory. Instead, amend the +Markdown (*.md) files. + +# File List + + docker.md + docker-attach.md + docker-build.md + docker-commit.md + docker-cp.md + docker-diff.md + docker-events.md + docker-export.md + docker-history.md + docker-images.md + docker-import.md + docker-info.md + docker-inspect.md + docker-kill.md + docker-load.md + docker-login.md + docker-logs.md + docker-port.md + docker-ps.md + docker-pull.md + docker-push.md + docker-restart.md + docker-rmi.md + docker-rm.md + docker-run.md + docker-save.md + docker-search.md + docker-start.md + docker-stop.md + docker-tag.md + docker-top.md + docker-wait.md + Dockerfile + md2man-all.sh + +# Generating man pages from the Markdown files + +The recommended approach for generating the man pages is via a Docker +container. Using the supplied Dockerfile, Docker will create a Fedora based +container and isolate the Pandoc installation. This is a seamless process, +saving you from dealing with Pandoc and dependencies on your own computer. + +## Building the Fedora / Pandoc image + +There is a Dockerfile provided in the `docker/contrib/man/md` directory. + +Using this Dockerfile, create a Docker image tagged `fedora/pandoc`: + + docker build -t fedora/pandoc . + +## Utilizing the Fedora / Pandoc image + +Once the image is built, run a container using the image with *volumes*: + + docker run -v //docker/contrib/man:/pandoc:rw \ + -w /pandoc -i fedora/pandoc /pandoc/md/md2man-all.sh + +The Pandoc Docker container will process the Markdown files and generate +the man pages inside the `docker/contrib/man/man1` directory using +Docker volumes. For more information on Docker volumes see the man page for +`docker run` and also look at the article [Sharing Directories via Volumes] +(http://docs.docker.io/use/working_with_volumes/). diff --git a/contrib/man/md/docker-attach.1.md b/contrib/man/md/docker-attach.1.md new file mode 100644 index 0000000000..2755fd27f5 --- /dev/null +++ b/contrib/man/md/docker-attach.1.md @@ -0,0 +1,57 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-attach - Attach to a running container + +# SYNOPSIS +**docker attach** **--no-stdin**[=*false*] **--sig-proxy**[=*true*] CONTAINER + +# DESCRIPTION +If you **docker run** a container in detached mode (**-d**), you can reattach to + the detached container with **docker attach** using the container's ID or name. + +You can detach from the container again (and leave it running) with `CTRL-c` (for +a quiet exit) or `CTRL-\` to get a stacktrace of the Docker client when it quits. +When you detach from a container the exit code will be returned to +the client. + +# OPTIONS +**--no-stdin**=*true*|*false* +When set to true, do not attach to stdin. The default is *false*. + +**--sig-proxy**=*true*|*false*: +When set to true, proxify all received signal to the process (even in non-tty +mode). The default is *true*. + +# EXAMPLES + +## Attaching to a container + +In this example the top command is run inside a container, from an image called +fedora, in detached mode. The ID from the container is passed into the **docker +attach** command: + + # ID=$(sudo docker run -d fedora /usr/bin/top -b) + # sudo docker attach $ID + top - 02:05:52 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 + Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie + Cpu(s): 0.1%us, 0.2%sy, 0.0%ni, 99.7%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st + Mem: 373572k total, 355560k used, 18012k free, 27872k buffers + Swap: 786428k total, 0k used, 786428k free, 221740k cached + + PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND + 1 root 20 0 17200 1116 912 R 0 0.3 0:00.03 top + + top - 02:05:55 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 + Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie + Cpu(s): 0.0%us, 0.2%sy, 0.0%ni, 99.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st + Mem: 373572k total, 355244k used, 18328k free, 27872k buffers + Swap: 786428k total, 0k used, 786428k free, 221776k cached + + PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND + 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. diff --git a/contrib/man/md/docker-build.1.md b/contrib/man/md/docker-build.1.md new file mode 100644 index 0000000000..b3e9a2842e --- /dev/null +++ b/contrib/man/md/docker-build.1.md @@ -0,0 +1,82 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-build - Build a container image from a Dockerfile source at PATH + +# SYNOPSIS +**docker build** [**--no-cache**[=*false*]] [**-q**|**--quiet**[=*false*]] + [**--rm**] [**-t**|**--tag**=TAG] PATH | URL | - + +# DESCRIPTION +This will read the Dockerfile from the directory specified in **PATH**. +It also sends any other files and directories found in the current +directory to the Docker daemon. The contents of this directory would +be used by **ADD** commands found within the Dockerfile. + +Warning, this will send a lot of data to the Docker daemon depending +on the contents of the current directory. The build is run by the Docker +daemon, not by the CLI, so the whole context must be transferred to the daemon. +The Docker CLI reports "Uploading context" when the context is sent to +the daemon. + +When a single Dockerfile is given as the URL, then no context is set. +When a Git repository is set as the **URL**, the repository is used +as context. + +# OPTIONS + +**-q**, **--quiet**=*true*|*false* + When set to true, suppress verbose build output. Default is *false*. + +**--rm**=*true*|*false* + When true, remove intermediate containers that are created during the +build process. The default is true. + +**-t**, **--tag**=*tag* + Tag to be applied to the resulting image on successful completion of +the build. + +**--no-cache**=*true*|*false* + When set to true, do not use a cache when building the image. The +default is *false*. + +# EXAMPLES + +## Building an image using a Dockefile located inside the current directory + +Docker images can be built using the build command and a Dockerfile: + + docker build . + +During the build process Docker creates intermediate images. In order to +keep them, you must explicitly set `--rm=false`. + + docker build --rm=false . + +A good practice is to make a sub-directory with a related name and create +the Dockerfile in that directory. For example, a directory called mongo may +contain a Dockerfile to create a Docker MongoDB image. Likewise, another +directory called httpd may be used to store Dockerfiles for Apache web +server images. + +It is also a good practice to add the files required for the image to the +sub-directory. These files will then be specified with the `ADD` instruction +in the Dockerfile. Note: If you include a tar file (a good practice!), then +Docker will automatically extract the contents of the tar file +specified within the `ADD` instruction into the specified target. + +## Building an image using a URL + +This will clone the specified Github repository from the URL and use it +as context. The Dockerfile at the root of the repository is used as +Dockerfile. This only works if the Github repository is a dedicated +repository. + + docker build github.com/scollier/Fedora-Dockerfiles/tree/master/apache + +Note: You can set an arbitrary Git repository via the `git://` schema. + +# HISTORY +March 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. diff --git a/contrib/man/md/docker-commit.1.md b/contrib/man/md/docker-commit.1.md new file mode 100644 index 0000000000..84cdca6137 --- /dev/null +++ b/contrib/man/md/docker-commit.1.md @@ -0,0 +1,34 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-commit - Create a new image from the changes to an existing +container + +# SYNOPSIS +**docker commit** **-a**|**--author**[=""] **-m**|**--message**[=""] +CONTAINER [REPOSITORY[:TAG]] + +# DESCRIPTION +Using an existing container's name or ID you can create a new image. + +# OPTIONS +**-a, --author**="" + Author name. (eg. "John Hannibal Smith " + +**-m, --message**="" + Commit message + +# EXAMPLES + +## Creating a new image from an existing container +An existing Fedora based container has had Apache installed while running +in interactive mode with the bash shell. Apache is also running. To +create a new image run docker ps to find the container's ID and then run: + + # docker commit -me= "Added Apache to Fedora base image" \ + --a="A D Ministrator" 98bd7fc99854 fedora/fedora_httpd:20 + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and in \ No newline at end of file diff --git a/contrib/man/md/docker-cp.1.md b/contrib/man/md/docker-cp.1.md new file mode 100644 index 0000000000..f787198669 --- /dev/null +++ b/contrib/man/md/docker-cp.1.md @@ -0,0 +1,24 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-cp - Copy files/folders from the PATH to the HOSTPATH + +# SYNOPSIS +**docker cp** CONTAINER:PATH HOSTPATH + +# DESCRIPTION +Copy files/folders from the containers filesystem to the host +path. Paths are relative to the root of the filesystem. Files +can be copied from a running or stopped container. + +# EXAMPLE +An important shell script file, created in a bash shell, is copied from +the exited container to the current dir on the host: + + # docker cp c071f3c3ee81:setup.sh . + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. + diff --git a/contrib/man/md/docker-diff.1.md b/contrib/man/md/docker-diff.1.md new file mode 100644 index 0000000000..2053f2c3d2 --- /dev/null +++ b/contrib/man/md/docker-diff.1.md @@ -0,0 +1,44 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-diff - Inspect changes on a container's filesystem + +# SYNOPSIS +**docker diff** CONTAINER + +# DESCRIPTION +Inspect changes on a container's filesystem. You can use the full or +shortened container ID or the container name set using +**docker run --name** option. + +# EXAMPLE +Inspect the changes to on a nginx container: + + # docker diff 1fdfd1f54c1b + C /dev + C /dev/console + C /dev/core + C /dev/stdout + C /dev/fd + C /dev/ptmx + C /dev/stderr + C /dev/stdin + C /run + A /run/nginx.pid + C /var/lib/nginx/tmp + A /var/lib/nginx/tmp/client_body + A /var/lib/nginx/tmp/fastcgi + A /var/lib/nginx/tmp/proxy + A /var/lib/nginx/tmp/scgi + A /var/lib/nginx/tmp/uwsgi + C /var/log/nginx + A /var/log/nginx/access.log + A /var/log/nginx/error.log + + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. + + diff --git a/contrib/man/md/docker-events.1.md b/contrib/man/md/docker-events.1.md new file mode 100644 index 0000000000..c9bfdec9e8 --- /dev/null +++ b/contrib/man/md/docker-events.1.md @@ -0,0 +1,46 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-events - Get real time events from the server + +**docker events** **--since**=""|*epoch-time* + +# DESCRIPTION +Get event information from the Docker daemon. Information can include historical +information and real-time information. + +# OPTIONS +**--since**="" +Show previously created events and then stream. This can be in either +seconds since epoch, or date string. + +# EXAMPLES + +## Listening for Docker events + +After running docker events a container 786d698004576 is started and stopped +(The container name has been shortened in the ouput below): + + # docker events + [2014-04-12 18:23:04 -0400 EDT] 786d69800457: (from whenry/testimage:latest) start + [2014-04-12 18:23:13 -0400 EDT] 786d69800457: (from whenry/testimage:latest) die + [2014-04-12 18:23:13 -0400 EDT] 786d69800457: (from whenry/testimage:latest) stop + +## Listening for events since a given date +Again the output container IDs have been shortened for the purposes of this document: + + # docker events --since '2014-04-12' + [2014-04-12 18:11:28 -0400 EDT] c655dbf640dc: (from whenry/testimage:latest) create + [2014-04-12 18:11:28 -0400 EDT] c655dbf640dc: (from whenry/testimage:latest) start + [2014-04-12 18:14:13 -0400 EDT] 786d69800457: (from whenry/testimage:latest) create + [2014-04-12 18:14:13 -0400 EDT] 786d69800457: (from whenry/testimage:latest) start + [2014-04-12 18:22:44 -0400 EDT] 786d69800457: (from whenry/testimage:latest) die + [2014-04-12 18:22:44 -0400 EDT] 786d69800457: (from whenry/testimage:latest) stop + [2014-04-12 18:23:04 -0400 EDT] 786d69800457: (from whenry/testimage:latest) start + [2014-04-12 18:23:13 -0400 EDT] 786d69800457: (from whenry/testimage:latest) die + [2014-04-12 18:23:13 -0400 EDT] 786d69800457: (from whenry/testimage:latest) stop + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. \ No newline at end of file diff --git a/contrib/man/md/docker-export.1.md b/contrib/man/md/docker-export.1.md new file mode 100644 index 0000000000..ab11aa1266 --- /dev/null +++ b/contrib/man/md/docker-export.1.md @@ -0,0 +1,26 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-export - Export the contents of a filesystem as a tar archive to +STDOUT. + +# SYNOPSIS +**docker export** CONTAINER + +# DESCRIPTION +Export the contents of a container's filesystem using the full or shortened +container ID or container name. The output is exported to STDOUT and can be +redirected to a tar file. + +# EXAMPLE +Export the contents of the container called angry_bell to a tar file +called test.tar: + + # docker export angry_bell > test.tar + # ls *.tar + test.tar + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. diff --git a/contrib/man/md/docker-history.1.md b/contrib/man/md/docker-history.1.md new file mode 100644 index 0000000000..1b3a9858b5 --- /dev/null +++ b/contrib/man/md/docker-history.1.md @@ -0,0 +1,32 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-history - Show the history of an image + +# SYNOPSIS +**docker history** **--no-trunc**[=*false*] [**-q**|**--quiet**[=*false*]] + IMAGE + +# DESCRIPTION + +Show the history of when and how an image was created. + +# OPTIONS + +**--no-trunc**=*true*|*false* + When true don't truncate output. Default is false + +**-q**, **--quiet=*true*|*false* + When true only show numeric IDs. Default is false. + +# EXAMPLE + $ sudo docker history fedora + IMAGE CREATED CREATED BY SIZE + 105182bb5e8b 5 days ago /bin/sh -c #(nop) ADD file:71356d2ad59aa3119d 372.7 MB + 73bd853d2ea5 13 days ago /bin/sh -c #(nop) MAINTAINER Lokesh Mandvekar 0 B + 511136ea3c5a 10 months ago 0 B + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. diff --git a/contrib/man/md/docker-images.1.md b/contrib/man/md/docker-images.1.md new file mode 100644 index 0000000000..a466798096 --- /dev/null +++ b/contrib/man/md/docker-images.1.md @@ -0,0 +1,99 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-images - List the images in the local repository + +# SYNOPSIS +**docker images** +[**-a**|**--all**=*false*] +[**--no-trunc**[=*false*] +[**-q**|**--quiet**[=*false*] +[**-t**|**--tree**=*false*] +[**-v**|**--viz**=*false*] +[NAME] + +# DESCRIPTION +This command lists the images stored in the local Docker repository. + +By default, intermediate images, used during builds, are not listed. Some of the +output, e.g. image ID, is truncated, for space reasons. However the truncated +image ID, and often the first few characters, are enough to be used in other +Docker commands that use the image ID. The output includes repository, tag, image +ID, date created and the virtual size. + +The title REPOSITORY for the first title may seem confusing. It is essentially +the image name. However, because you can tag a specific image, and multiple tags +(image instances) can be associated with a single name, the name is really a +repository for all tagged images of the same name. For example consider an image +called fedora. It may be tagged with 18, 19, or 20, etc. to manage different +versions. + +# OPTIONS + +**-a**, **--all**=*true*|*false* + When set to true, also include all intermediate images in the list. The +default is false. + +**--no-trunc**=*true*|*false* + When set to true, list the full image ID and not the truncated ID. The +default is false. + +**-q**, **--quiet**=*true*|*false* + When set to true, list the complete image ID as part of the output. The +default is false. + +**-t**, **--tree**=*true*|*false* + When set to true, list the images in a tree dependency tree (hierarchy) +format. The default is false. + +**-v**, **--viz**=*true*|*false* + When set to true, list the graph in graphviz format. The default is +*false*. + +# EXAMPLES + +## Listing the images + +To list the images in a local repository (not the registry) run: + + docker images + +The list will contain the image repository name, a tag for the image, and an +image ID, when it was created and its virtual size. Columns: REPOSITORY, TAG, +IMAGE ID, CREATED, and VIRTUAL SIZE. + +To get a verbose list of images which contains all the intermediate images +used in builds use **-a**: + + docker images -a + +## List images dependency tree hierarchy + +To list the images in the local repository (not the registry) in a dependency +tree format, use the **-t** option. + + docker images -t + +This displays a staggered hierarchy tree where the less indented image is +the oldest with dependent image layers branching inward (to the right) on +subsequent lines. The newest or top level image layer is listed last in +any tree branch. + +## List images in GraphViz format + +To display the list in a format consumable by a GraphViz tools run with +**-v**. For example to produce a .png graph file of the hierarchy use: + + docker images --viz | dot -Tpng -o docker.png + +## Listing only the shortened image IDs + +Listing just the shortened image IDs. This can be useful for some automated +tools. + + docker images -q + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. diff --git a/contrib/man/md/docker-import.1.md b/contrib/man/md/docker-import.1.md new file mode 100644 index 0000000000..a0db89eef4 --- /dev/null +++ b/contrib/man/md/docker-import.1.md @@ -0,0 +1,39 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-import - Create an empty filesystem image and import the contents +of the tarball into it. + +# SYNOPSIS +**docker import** URL|- [REPOSITORY[:TAG]] + +# DESCRIPTION +Create a new filesystem image from the contents of a tarball (.tar, +.tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then optionally tag it. + +# EXAMPLES + +## Import from a remote location + + # docker import http://example.com/exampleimage.tgz example/imagerepo + +## Import from a local file + +Import to docker via pipe and stdin: + + # cat exampleimage.tgz | docker import - example/imagelocal + +## Import from a local file and tag + +Import to docker via pipe and stdin: + + # cat exampleimageV2.tgz | docker import - example/imagelocal:V-2.0 + +## Import from a local directory + + # tar -c . | docker import - exampleimagedir + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. diff --git a/contrib/man/md/docker-info.1.md b/contrib/man/md/docker-info.1.md new file mode 100644 index 0000000000..8c03945dbe --- /dev/null +++ b/contrib/man/md/docker-info.1.md @@ -0,0 +1,46 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-info - Display system wide information + +# SYNOPSIS +**docker info** + +# DESCRIPTION +This command displays system wide information regarding the Docker installation. +Information displayed includes the number of containers and images, pool name, +data file, metadata file, data space used, total data space, metadata space used +, total metadata space, execution driver, and the kernel version. + +The data file is where the images are stored and the metadata file is where the +meta data regarding those images are stored. When run for the first time Docker +allocates a certain amount of data space and meta data space from the space +available on the volume where `/var/lib/docker` is mounted. + +# OPTIONS +There are no available options. + +# EXAMPLES + +## Display Docker system information + +Here is a sample output: + + # docker info + Containers: 18 + Images: 95 + Storage Driver: devicemapper + Pool Name: docker-8:1-170408448-pool + Data file: /var/lib/docker/devicemapper/devicemapper/data + Metadata file: /var/lib/docker/devicemapper/devicemapper/metadata + Data Space Used: 9946.3 Mb + Data Space Total: 102400.0 Mb + Metadata Space Used: 9.9 Mb + Metadata Space Total: 2048.0 Mb + Execution Driver: native-0.1 + Kernel Version: 3.10.0-116.el7.x86_64 + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. diff --git a/contrib/man/md/docker-inspect.1.md b/contrib/man/md/docker-inspect.1.md new file mode 100644 index 0000000000..a49e42138f --- /dev/null +++ b/contrib/man/md/docker-inspect.1.md @@ -0,0 +1,229 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-inspect - Return low-level information on a container/image + +# SYNOPSIS +**docker inspect** [**-f**|**--format**="" CONTAINER|IMAGE +[CONTAINER|IMAGE...] + +# DESCRIPTION + +This displays all the information available in Docker for a given +container or image. By default, this will render all results in a JSON +array. If a format is specified, the given template will be executed for +each result. + +# OPTIONS +**-f**, **--format**="" + The text/template package of Go describes all the details of the +format. See examples section + +# EXAMPLES + +## Getting information on a container + +To get information on a container use it's ID or instance name: + + #docker inspect 1eb5fabf5a03 + [{ + "ID": "1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b", + "Created": "2014-04-04T21:33:52.02361335Z", + "Path": "/usr/sbin/nginx", + "Args": [], + "Config": { + "Hostname": "1eb5fabf5a03", + "Domainname": "", + "User": "", + "Memory": 0, + "MemorySwap": 0, + "CpuShares": 0, + "AttachStdin": false, + "AttachStdout": false, + "AttachStderr": false, + "PortSpecs": null, + "ExposedPorts": { + "80/tcp": {} + }, + "Tty": true, + "OpenStdin": false, + "StdinOnce": false, + "Env": [ + "HOME=/", + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ], + "Cmd": [ + "/usr/sbin/nginx" + ], + "Dns": null, + "DnsSearch": null, + "Image": "summit/nginx", + "Volumes": null, + "VolumesFrom": "", + "WorkingDir": "", + "Entrypoint": null, + "NetworkDisabled": false, + "OnBuild": null, + "Context": { + "mount_label": "system_u:object_r:svirt_sandbox_file_t:s0:c0,c650", + "process_label": "system_u:system_r:svirt_lxc_net_t:s0:c0,c650" + } + }, + "State": { + "Running": true, + "Pid": 858, + "ExitCode": 0, + "StartedAt": "2014-04-04T21:33:54.16259207Z", + "FinishedAt": "0001-01-01T00:00:00Z", + "Ghost": false + }, + "Image": "df53773a4390e25936f9fd3739e0c0e60a62d024ea7b669282b27e65ae8458e6", + "NetworkSettings": { + "IPAddress": "172.17.0.2", + "IPPrefixLen": 16, + "Gateway": "172.17.42.1", + "Bridge": "docker0", + "PortMapping": null, + "Ports": { + "80/tcp": [ + { + "HostIp": "0.0.0.0", + "HostPort": "80" + } + ] + } + }, + "ResolvConfPath": "/etc/resolv.conf", + "HostnamePath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/hostname", + "HostsPath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/hosts", + "Name": "/ecstatic_ptolemy", + "Driver": "devicemapper", + "ExecDriver": "native-0.1", + "Volumes": {}, + "VolumesRW": {}, + "HostConfig": { + "Binds": null, + "ContainerIDFile": "", + "LxcConf": [], + "Privileged": false, + "PortBindings": { + "80/tcp": [ + { + "HostIp": "0.0.0.0", + "HostPort": "80" + } + ] + }, + "Links": null, + "PublishAllPorts": false, + "DriverOptions": { + "lxc": null + }, + "CliAddress": "" + } + +## Getting the IP address of a container instance + +To get the IP address of a container use: + + # docker inspect --format='{{.NetworkSettings.IPAddress}}' 1eb5fabf5a03 + 172.17.0.2 + +## Listing all port bindings + +One can loop over arrays and maps in the results to produce simple text +output: + + # docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} \ + {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' 1eb5fabf5a03 + + 80/tcp -> 80 + +## Getting information on an image + +Use an image's ID or name (e.g. repository/name[:tag]) to get information + on it. + + # docker inspect 58394af37342 + [{ + "id": "58394af373423902a1b97f209a31e3777932d9321ef10e64feaaa7b4df609cf9", + "parent": "8abc22bad04266308ff408ca61cb8f6f4244a59308f7efc64e54b08b496c58db", + "created": "2014-02-03T16:10:40.500814677Z", + "container": "f718f19a28a5147da49313c54620306243734bafa63c76942ef6f8c4b4113bc5", + "container_config": { + "Hostname": "88807319f25e", + "Domainname": "", + "User": "", + "Memory": 0, + "MemorySwap": 0, + "CpuShares": 0, + "AttachStdin": false, + "AttachStdout": false, + "AttachStderr": false, + "PortSpecs": null, + "ExposedPorts": null, + "Tty": false, + "OpenStdin": false, + "StdinOnce": false, + "Env": [ + "HOME=/", + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ], + "Cmd": [ + "/bin/sh", + "-c", + "#(nop) ADD fedora-20-dummy.tar.xz in /" + ], + "Dns": null, + "DnsSearch": null, + "Image": "8abc22bad04266308ff408ca61cb8f6f4244a59308f7efc64e54b08b496c58db", + "Volumes": null, + "VolumesFrom": "", + "WorkingDir": "", + "Entrypoint": null, + "NetworkDisabled": false, + "OnBuild": null, + "Context": null + }, + "docker_version": "0.6.3", + "author": "I P Babble \u003clsm5@ipbabble.com\u003e - ./buildcontainers.sh", + "config": { + "Hostname": "88807319f25e", + "Domainname": "", + "User": "", + "Memory": 0, + "MemorySwap": 0, + "CpuShares": 0, + "AttachStdin": false, + "AttachStdout": false, + "AttachStderr": false, + "PortSpecs": null, + "ExposedPorts": null, + "Tty": false, + "OpenStdin": false, + "StdinOnce": false, + "Env": [ + "HOME=/", + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ], + "Cmd": null, + "Dns": null, + "DnsSearch": null, + "Image": "8abc22bad04266308ff408ca61cb8f6f4244a59308f7efc64e54b08b496c58db", + "Volumes": null, + "VolumesFrom": "", + "WorkingDir": "", + "Entrypoint": null, + "NetworkDisabled": false, + "OnBuild": null, + "Context": null + }, + "architecture": "x86_64", + "Size": 385520098 + }] + +# HISTORY + +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. diff --git a/contrib/man/md/docker-kill.1.md b/contrib/man/md/docker-kill.1.md new file mode 100644 index 0000000000..8175002d33 --- /dev/null +++ b/contrib/man/md/docker-kill.1.md @@ -0,0 +1,21 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-kill - Kill a running container (send SIGKILL, or specified signal) + +# SYNOPSIS +**docker kill** **--signal**[=*"KILL"*] CONTAINER [CONTAINER...] + +# DESCRIPTION + +The main process inside each container specified will be sent SIGKILL, + or any signal specified with option --signal. + +# OPTIONS +**-s**, **--signal**=*"KILL"* + Signal to send to the container + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) + based on docker.io source material and internal work. diff --git a/contrib/man/md/docker-load.1.md b/contrib/man/md/docker-load.1.md new file mode 100644 index 0000000000..535b701cca --- /dev/null +++ b/contrib/man/md/docker-load.1.md @@ -0,0 +1,36 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-load - Load an image from a tar archive on STDIN + +# SYNOPSIS +**docker load** **--input**="" + +# DESCRIPTION + +Loads a tarred repository from a file or the standard input stream. +Restores both images and tags. + +# OPTIONS + +**-i**, **--input**="" + Read from a tar archive file, instead of STDIN + +# EXAMPLE + + $ sudo docker images + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + busybox latest 769b9341d937 7 weeks ago 2.489 MB + $ sudo docker load --input fedora.tar + $ sudo docker images + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + busybox latest 769b9341d937 7 weeks ago 2.489 MB + fedora rawhide 0d20aec6529d 7 weeks ago 387 MB + fedora 20 58394af37342 7 weeks ago 385.5 MB + fedora heisenbug 58394af37342 7 weeks ago 385.5 MB + fedora latest 58394af37342 7 weeks ago 385.5 MB + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. diff --git a/contrib/man/md/docker-login.1.md b/contrib/man/md/docker-login.1.md new file mode 100644 index 0000000000..0a9cb283dd --- /dev/null +++ b/contrib/man/md/docker-login.1.md @@ -0,0 +1,35 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-login - Register or Login to a docker registry server. + +# SYNOPSIS +**docker login** [**-e**|**-email**=""] [**-p**|**--password**=""] + [**-u**|**--username**=""] [SERVER] + +# DESCRIPTION +Register or Login to a docker registry server, if no server is +specified "https://index.docker.io/v1/" is the default. If you want to +login to a private registry you can specify this by adding the server name. + +# OPTIONS +**-e**, **--email**="" + Email address + +**-p**, **--password**="" + Password + +**-u**, **--username**="" + Username + +# EXAMPLE + +## Login to a local registry + + # docker login localhost:8080 + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. + diff --git a/contrib/man/md/docker-logs.1.md b/contrib/man/md/docker-logs.1.md new file mode 100644 index 0000000000..0b9ce867e9 --- /dev/null +++ b/contrib/man/md/docker-logs.1.md @@ -0,0 +1,26 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-logs - Fetch the logs of a container + +# SYNOPSIS +**docker logs** **--follow**[=*false*] CONTAINER + +# DESCRIPTION +The **docker logs** command batch-retrieves whatever logs are present for +a container at the time of execution. This does not guarantee execution +order when combined with a docker run (i.e. your run may not have generated +any logs at the time you execute docker logs). + +The **docker logs --follow** command combines commands **docker logs** and +**docker attach**. It will first return all logs from the beginning and +then continue streaming new output from the container’s stdout and stderr. + +# OPTIONS +**-f, --follow**=*true*|*false* + When *true*, follow log output. The default is false. + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. diff --git a/contrib/man/md/docker-port.1.md b/contrib/man/md/docker-port.1.md new file mode 100644 index 0000000000..9773e4d80c --- /dev/null +++ b/contrib/man/md/docker-port.1.md @@ -0,0 +1,15 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-port - Lookup the public-facing port which is NAT-ed to PRIVATE_PORT + +# SYNOPSIS +**docker port** CONTAINER PRIVATE_PORT + +# DESCRIPTION +Lookup the public-facing port which is NAT-ed to PRIVATE_PORT + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. diff --git a/contrib/man/md/docker-ps.1.md b/contrib/man/md/docker-ps.1.md new file mode 100644 index 0000000000..60fce0213a --- /dev/null +++ b/contrib/man/md/docker-ps.1.md @@ -0,0 +1,68 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-ps - List containers + +# SYNOPSIS +**docker ps** [**-a**|**--all**=*false*] [**--before**=""] +[**-l**|**--latest**=*false*] [**-n**=*-1*] [**--no-trunc**=*false*] +[**-q**|**--quiet**=*false*] [**-s**|**--size**=*false*] +[**--since**=""] + +# DESCRIPTION + +List the containers in the local repository. By default this show only +the running containers. + +# OPTIONS + +**-a**, **--all**=*true*|*false* + When true show all containers. Only running containers are shown by +default. Default is false. + +**--before**="" + Show only container created before Id or Name, include non-running +ones. + +**-l**, **--latest**=*true*|*false* + When true show only the latest created container, include non-running +ones. The default is false. + +**-n**=NUM + Show NUM (integer) last created containers, include non-running ones. +The default is -1 (none) + +**--no-trunc**=*true*|*false* + When true truncate output. Default is false. + +**-q**, **--quiet**=*true*|*false* + When false only display numeric IDs. Default is false. + +**-s**, **--size**=*true*|*false* + When true display container sizes. Default is false. + +**--since**="" + Show only containers created since Id or Name, include non-running ones. + +# EXAMPLE +# Display all containers, including non-running + + # docker ps -a + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + a87ecb4f327c fedora:20 /bin/sh -c #(nop) MA 20 minutes ago Exit 0 desperate_brattain + 01946d9d34d8 vpavlin/rhel7:latest /bin/sh -c #(nop) MA 33 minutes ago Exit 0 thirsty_bell + c1d3b0166030 acffc0358b9e /bin/sh -c yum -y up 2 weeks ago Exit 1 determined_torvalds + 41d50ecd2f57 fedora:20 /bin/sh -c #(nop) MA 2 weeks ago Exit 0 drunk_pike + +# Display only IDs of all containers, including non-running + + # docker ps -a -q + a87ecb4f327c + 01946d9d34d8 + c1d3b0166030 + 41d50ecd2f57 + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. diff --git a/contrib/man/md/docker-pull.1.md b/contrib/man/md/docker-pull.1.md new file mode 100644 index 0000000000..1f64d3f648 --- /dev/null +++ b/contrib/man/md/docker-pull.1.md @@ -0,0 +1,37 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-pull - Pull an image or a repository from the registry + +# SYNOPSIS +**docker pull** NAME[:TAG] + +# DESCRIPTION + +This command pulls down an image or a repository from the registry. If +there is more than one image for a repository (e.g. fedora) then all +images for that repository name are pulled down including any tags. + +# EXAMPLE + +# Pull a reposiotry with multiple images + + $ sudo docker pull fedora + Pulling repository fedora + ad57ef8d78d7: Download complete + 105182bb5e8b: Download complete + 511136ea3c5a: Download complete + 73bd853d2ea5: Download complete + + $ sudo docker images + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + fedora rawhide ad57ef8d78d7 5 days ago 359.3 MB + fedora 20 105182bb5e8b 5 days ago 372.7 MB + fedora heisenbug 105182bb5e8b 5 days ago 372.7 MB + fedora latest 105182bb5e8b 5 days ago 372.7 MB + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. + diff --git a/contrib/man/md/docker-push.1.md b/contrib/man/md/docker-push.1.md new file mode 100644 index 0000000000..dbb6e7d1b1 --- /dev/null +++ b/contrib/man/md/docker-push.1.md @@ -0,0 +1,44 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-push - Push an image or a repository to the registry + +# SYNOPSIS +**docker push** NAME[:TAG] + +# DESCRIPTION +Push an image or a repository to a registry. The default registry is the Docker +Index located at [index.docker.io](https://index.docker.io/v1/). However the +image can be pushed to another, perhaps private, registry as demonstrated in +the example below. + +# EXAMPLE + +# Pushing a new image to a registry + +First save the new image by finding the container ID (using **docker ps**) +and then committing it to a new image name: + + # docker commit c16378f943fe rhel-httpd + +Now push the image to the registry using the image ID. In this example +the registry is on host named registry-host and listening on port 5000. +Default Docker commands will push to the default `index.docker.io` +registry. Instead, push to the local registry, which is on a host called +registry-host*. To do this, tag the image with the host name or IP +address, and the port of the registry: + + # docker tag rhel-httpd registry-host:5000/myadmin/rhel-httpd + # docker push registry-host:5000/myadmin/rhel-httpd + +Check that this worked by running: + + # docker images + +You should see both `rhel-httpd` and `registry-host:5000/myadmin/rhel-httpd` +listed. + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. diff --git a/contrib/man/md/docker-restart.1.md b/contrib/man/md/docker-restart.1.md new file mode 100644 index 0000000000..44634f6613 --- /dev/null +++ b/contrib/man/md/docker-restart.1.md @@ -0,0 +1,21 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-restart - Restart a running container + +# SYNOPSIS +**docker restart** [**-t**|**--time**[=*10*]] CONTAINER [CONTAINER...] + +# DESCRIPTION +Restart each container listed. + +# OPTIONS +**-t**, **--time**=NUM + Number of seconds to try to stop for before killing the container. Once +killed it will then be restarted. Default=10 + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. + diff --git a/contrib/man/md/docker-rm.1.md b/contrib/man/md/docker-rm.1.md new file mode 100644 index 0000000000..ae85af5277 --- /dev/null +++ b/contrib/man/md/docker-rm.1.md @@ -0,0 +1,56 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 + +# NAME + +docker-rm - Remove one or more containers. + +# SYNOPSIS + +**docker rm** [**-f**|**--force**[=*false*] [**-l**|**--link**[=*false*] [**-v**| +**--volumes**[=*false*] +CONTAINER [CONTAINER...] + +# DESCRIPTION + +**docker rm** will remove one or more containers from the host node. The +container name or ID can be used. This does not remove images. You cannot +remove a running container unless you use the \fB-f\fR option. To see all +containers on a host use the **docker ps -a** command. + +# OPTIONS + +**-f**, **--force**=*true*|*false* + When set to true, force the removal of the container. The default is +*false*. + +**-l**, **--link**=*true*|*false* + When set to true, remove the specified link and not the underlying +container. The default is *false*. + +**-v**, **--volumes**=*true*|*false* + When set to true, remove the volumes associated to the container. The +default is *false*. + +# EXAMPLES + +##Removing a container using its ID## + +To remove a container using its ID, find either from a **docker ps -a** +command, or use the ID returned from the **docker run** command, or retrieve +it from a file used to store it using the **docker run --cidfile**: + + docker rm abebf7571666 + +##Removing a container using the container name## + +The name of the container can be found using the **docker ps -a** +command. The use that name as follows: + + docker rm hopeful_morse + +# HISTORY + +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. diff --git a/contrib/man/md/docker-rmi.1.md b/contrib/man/md/docker-rmi.1.md new file mode 100644 index 0000000000..b728dc16a9 --- /dev/null +++ b/contrib/man/md/docker-rmi.1.md @@ -0,0 +1,35 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-rmi \- Remove one or more images. + +# SYNOPSIS + +**docker rmi** [**-f**|**--force**[=*false*] IMAGE [IMAGE...] + +# DESCRIPTION + +This will remove one or more images from the host node. This does not +remove images from a registry. You cannot remove an image of a running +container unless you use the **-f** option. To see all images on a host +use the **docker images** command. + +# OPTIONS + +**-f**, **--force**=*true*|*false* + When set to true, force the removal of the image. The default is +*false*. + +# EXAMPLES + +## Removing an image + +Here is an example of removing and image: + + docker rmi fedora/httpd + +# HISTORY + +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. diff --git a/contrib/man/md/docker-run.1.md b/contrib/man/md/docker-run.1.md new file mode 100644 index 0000000000..56364f9d5f --- /dev/null +++ b/contrib/man/md/docker-run.1.md @@ -0,0 +1,343 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-run - Run a process in an isolated container + +# SYNOPSIS +**docker run** +[**-a**|**--attach**[=]] [**-c**|**--cpu-shares**[=0] +[**-m**|**--memory**=*memory-limit*] +[**--cidfile**=*file*] [**-d**|**--detach**[=*false*]] [**--dns**=*IP-address*] +[**--name**=*name*] [**-u**|**--user**=*username*|*uid*] +[**--link**=*name*:*alias*] +[**-e**|**--env**=*environment*] [**--entrypoint**=*command*] +[**--expose**=*port*] [**-P**|**--publish-all**[=*false*]] +[**-p**|**--publish**=*port-mappping*] [**-h**|**--hostname**=*hostname*] +[**--rm**[=*false*]] [**--priviledged**[=*false*] +[**-i**|**--interactive**[=*false*] +[**-t**|**--tty**[=*false*]] [**--lxc-conf**=*options*] +[**-n**|**--networking**[=*true*]] +[**-v**|**--volume**=*volume*] [**--volumes-from**=*container-id*] +[**-w**|**--workdir**=*directory*] [**--sig-proxy**[=*true*]] +IMAGE [COMMAND] [ARG...] + +# DESCRIPTION + +Run a process in a new container. **docker run** starts a process with its own +file system, its own networking, and its own isolated process tree. The IMAGE +which starts the process may define defaults related to the process that will be +run in the container, the networking to expose, and more, but **docker run** +gives final control to the operator or administrator who starts the container +from the image. For that reason **docker run** has more options than any other +Docker command. + +If the IMAGE is not already loaded then **docker run** will pull the IMAGE, and +all image dependencies, from the repository in the same way running **docker +pull** IMAGE, before it starts the container from that image. + +# OPTIONS + +**-a**, **--attach**=*stdin*|*stdout*|*stderr* + Attach to stdin, stdout or stderr. In foreground mode (the default when +**-d** is not specified), **docker run** can start the process in the container +and attach the console to the process’s standard input, output, and standard +error. It can even pretend to be a TTY (this is what most commandline +executables expect) and pass along signals. The **-a** option can be set for +each of stdin, stdout, and stderr. + +**-c**, **--cpu-shares**=0 + CPU shares in relative weight. You can increase the priority of a container +with the -c option. By default, all containers run at the same priority and get +the same proportion of CPU cycles, but you can tell the kernel to give more +shares of CPU time to one or more containers when you start them via **docker +run**. + +**--cidfile**=*file* + Write the container ID to the file specified. + + +**-d**, **-detach**=*true*|*false* + Detached mode. This runs the container in the background. It outputs the new +container's ID and any error messages. At any time you can run **docker ps** in +the other shell to view a list of the running containers. You can reattach to a +detached container with **docker attach**. If you choose to run a container in +the detached mode, then you cannot use the **-rm** option. + + +**--dns**=*IP-address* + Set custom DNS servers. This option can be used to override the DNS +configuration passed to the container. Typically this is necessary when the +host DNS configuration is invalid for the container (eg. 127.0.0.1). When this +is the case the **-dns** flags is necessary for every run. + + +**-e**, **-env**=*environment* + Set environment variables. This option allows you to specify arbitrary +environment variables that are available for the process that will be launched +inside of the container. + + +**--entrypoint**=*command* + This option allows you to overwrite the default entrypoint of the image that +is set in the Dockerfile. The ENTRYPOINT of an image is similar to a COMMAND +because it specifies what executable to run when the container starts, but it is +(purposely) more difficult to override. The ENTRYPOINT gives a container its +default nature or behavior, so that when you set an ENTRYPOINT you can run the +container as if it were that binary, complete with default options, and you can +pass in more options via the COMMAND. But, sometimes an operator may want to run +something else inside the container, so you can override the default ENTRYPOINT +at runtime by using a **--entrypoint** and a string to specify the new +ENTRYPOINT. + +**--expose**=*port* + Expose a port from the container without publishing it to your host. A +containers port can be exposed to other containers in three ways: 1) The +developer can expose the port using the EXPOSE parameter of the Dockerfile, 2) +the operator can use the **--expose** option with **docker run**, or 3) the +container can be started with the **--link**. + +**-m**, **-memory**=*memory-limit* + Allows you to constrain the memory available to a container. If the host +supports swap memory, then the -m memory setting can be larger than physical +RAM. The memory limit format: , where unit = b, k, m or +g. + +**-P**, **-publish-all**=*true*|*false* + When set to true publish all exposed ports to the host interfaces. The +default is false. If the operator uses -P (or -p) then Docker will make the +exposed port accessible on the host and the ports will be available to any +client that can reach the host. To find the map between the host ports and the +exposed ports, use **docker port**. + + +**-p**, **-publish**=[] + Publish a container's port to the host (format: ip:hostPort:containerPort | +ip::containerPort | hostPort:containerPort) (use **docker port** to see the +actual mapping) + + +**-h**, **-hostname**=*hostname* + Sets the container host name that is available inside the container. + + +**-i**, **-interactive**=*true*|*false* + When set to true, keep stdin open even if not attached. The default is false. + + +**--link**=*name*:*alias* + Add link to another container. The format is name:alias. If the operator +uses **--link** when starting the new client container, then the client +container can access the exposed port via a private networking interface. Docker +will set some environment variables in the client container to help indicate +which interface and port to use. + + +**-n**, **-networking**=*true*|*false* + By default, all containers have networking enabled (true) and can make +outgoing connections. The operator can disable networking with **--networking** +to false. This disables all incoming and outgoing networking. In cases like this +, I/O can only be performed through files or by using STDIN/STDOUT. + +Also by default, the container will use the same DNS servers as the host. The +operator may override this with **-dns**. + + +**--name**=*name* + Assign a name to the container. The operator can identify a container in +three ways: + + UUID long identifier (“f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778”) + UUID short identifier (“f78375b1c487”) + Name (“jonah”) + +The UUID identifiers come from the Docker daemon, and if a name is not assigned +to the container with **--name** then the daemon will also generate a random +string name. The name is useful when defining links (see **--link**) (or any +other place you need to identify a container). This works for both background +and foreground Docker containers. + + +**--privileged**=*true*|*false* + Give extended privileges to this container. By default, Docker containers are +“unprivileged” (=false) and cannot, for example, run a Docker daemon inside the +Docker container. This is because by default a container is not allowed to +access any devices. A “privileged” container is given access to all devices. + +When the operator executes **docker run -privileged**, Docker will enable access +to all devices on the host as well as set some configuration in AppArmor to +allow the container nearly all the same access to the host as processes running +outside of a container on the host. + + +**--rm**=*true*|*false* + If set to *true* the container is automatically removed when it exits. The +default is *false*. This option is incompatible with **-d**. + + +**--sig-proxy**=*true*|*false* + When set to true, proxify all received signals to the process (even in +non-tty mode). The default is true. + + +**-t**, **-tty**=*true*|*false* + When set to true Docker can allocate a pseudo-tty and attach to the standard +input of any container. This can be used, for example, to run a throwaway +interactive shell. The default is value is false. + + +**-u**, **-user**=*username*,*uid* + Set a username or UID for the container. + + +**-v**, **-volume**=*volume* + Bind mount a volume to the container. The **-v** option can be used one or +more times to add one or more mounts to a container. These mounts can then be +used in other containers using the **--volumes-from** option. See examples. + + +**--volumes-from**=*container-id* + Will mount volumes from the specified container identified by container-id. +Once a volume is mounted in a one container it can be shared with other +containers using the **--volumes-from** option when running those other +containers. The volumes can be shared even if the original container with the +mount is not running. + + +**-w**, **-workdir**=*directory* + Working directory inside the container. The default working directory for +running binaries within a container is the root directory (/). The developer can +set a different default with the Dockerfile WORKDIR instruction. The operator +can override the working directory by using the **-w** option. + + +**IMAGE** + The image name or ID. + + +**COMMAND** + The command or program to run inside the image. + + +**ARG** + The arguments for the command to be run in the container. + +# EXAMPLES + +## Exposing log messages from the container to the host's log + +If you want messages that are logged in your container to show up in the host's +syslog/journal then you should bind mount the /var/log directory as follows. + + # docker run -v /dev/log:/dev/log -i -t fedora /bin/bash + +From inside the container you can test this by sending a message to the log. + + (bash)# logger "Hello from my container" + +Then exit and check the journal. + + # exit + + # journalctl -b | grep Hello + +This should list the message sent to logger. + +## Attaching to one or more from STDIN, STDOUT, STDERR + +If you do not specify -a then Docker will attach everything (stdin,stdout,stderr) +. You can specify to which of the three standard streams (stdin, stdout, stderr) +you’d like to connect instead, as in: + + # docker run -a stdin -a stdout -i -t fedora /bin/bash + +## Linking Containers + +The link feature allows multiple containers to communicate with each other. For +example, a container whose Dockerfile has exposed port 80 can be run and named +as follows: + + # docker run --name=link-test -d -i -t fedora/httpd + +A second container, in this case called linker, can communicate with the httpd +container, named link-test, by running with the **--link=:** + + # docker run -t -i --link=link-test:lt --name=linker fedora /bin/bash + +Now the container linker is linked to container link-test with the alias lt. +Running the **env** command in the linker container shows environment variables + with the LT (alias) context (**LT_**) + + # env + HOSTNAME=668231cb0978 + TERM=xterm + LT_PORT_80_TCP=tcp://172.17.0.3:80 + LT_PORT_80_TCP_PORT=80 + LT_PORT_80_TCP_PROTO=tcp + LT_PORT=tcp://172.17.0.3:80 + PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + PWD=/ + LT_NAME=/linker/lt + SHLVL=1 + HOME=/ + LT_PORT_80_TCP_ADDR=172.17.0.3 + _=/usr/bin/env + +When linking two containers Docker will use the exposed ports of the container +to create a secure tunnel for the parent to access. + + +## Mapping Ports for External Usage + +The exposed port of an application can be mapped to a host port using the **-p** +flag. For example a httpd port 80 can be mapped to the host port 8080 using the +following: + + # docker run -p 8080:80 -d -i -t fedora/httpd + +## Creating and Mounting a Data Volume Container + +Many applications require the sharing of persistent data across several +containers. Docker allows you to create a Data Volume Container that other +containers can mount from. For example, create a named container that contains +directories /var/volume1 and /tmp/volume2. The image will need to contain these +directories so a couple of RUN mkdir instructions might be required for you +fedora-data image: + + # docker run --name=data -v /var/volume1 -v /tmp/volume2 -i -t fedora-data true + # docker run --volumes-from=data --name=fedora-container1 -i -t fedora bash + +Multiple -volumes-from parameters will bring together multiple data volumes from +multiple containers. And it's possible to mount the volumes that came from the +DATA container in yet another container via the fedora-container1 intermidiery +container, allowing to abstract the actual data source from users of that data: + + # docker run --volumes-from=fedora-container1 --name=fedora-container2 -i -t fedora bash + +## Mounting External Volumes + +To mount a host directory as a container volume, specify the absolute path to +the directory and the absolute path for the container directory separated by a +colon: + + # docker run -v /var/db:/data1 -i -t fedora bash + +When using SELinux, be aware that the host has no knowledge of container SELinux +policy. Therefore, in the above example, if SELinux policy is enforced, the +`/var/db` directory is not writable to the container. A "Permission Denied" +message will occur and an avc: message in the host's syslog. + + +To work around this, at time of writing this man page, the following command +needs to be run in order for the proper SELinux policy type label to be attached +to the host directory: + + # chcon -Rt svirt_sandbox_file_t /var/db + + +Now, writing to the /data1 volume in the container will be allowed and the +changes will also be reflected on the host in /var/db. + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. diff --git a/contrib/man/md/docker-save.1.md b/contrib/man/md/docker-save.1.md new file mode 100644 index 0000000000..126af6b154 --- /dev/null +++ b/contrib/man/md/docker-save.1.md @@ -0,0 +1,35 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-save - Save an image to a tar archive (streamed to STDOUT by default) + +# SYNOPSIS +**docker save** [**-o**|**--output**=""] IMAGE + +# DESCRIPTION +Produces a tarred repository to the standard output stream. Contains all +parent layers, and all tags + versions, or specified repo:tag. + +Stream to a file instead of STDOUT by using **-o**. + +# OPTIONS +**-o**, **--output**="" + Write to an file, instead of STDOUT + +# EXAMPLE + +Save all fedora repository images to a fedora-all.tar and save the latest +fedora image to a fedora-latest.tar: + + $ sudo docker save fedora > fedora-all.tar + $ sudo docker save --output=fedora-latest.tar fedora:latest + $ ls -sh fedora-all.tar + 721M fedora-all.tar + $ ls -sh fedora-latest.tar + 367M fedora-latest.tar + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. + diff --git a/contrib/man/md/docker-search.1.md b/contrib/man/md/docker-search.1.md new file mode 100644 index 0000000000..fb2c921f8a --- /dev/null +++ b/contrib/man/md/docker-search.1.md @@ -0,0 +1,55 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-search - Search the docker index for images + +# SYNOPSIS +**docker search** **--no-trunc**[=*false*] **-t**|**--trusted**[=*false*] + **-s**|**--stars**[=*0*] TERM + +# DESCRIPTION + +Search an index for an image with that matches the term TERM. The table +of images returned displays the name, description (truncated by default), +number of stars awarded, whether the image is official, and whether it +is trusted. + +# OPTIONS +**--no-trunc**=*true*|*false* + When true display the complete description. The default is false. + +**-s**, **--stars**=NUM + Only displays with at least NUM (integer) stars. I.e. only those images +ranked >=NUM. + +**-t**, **--trusted**=*true*|*false* + When true only show trusted builds. The default is false. + +# EXAMPLE + +## Search the registry for ranked images + +Search the registry for the term 'fedora' and only display those images +ranked 3 or higher: + + $ sudo docker search -s 3 fedora + NAME DESCRIPTION STARS OFFICIAL TRUSTED + mattdm/fedora A basic Fedora image corresponding roughly... 50 + fedora (Semi) Official Fedora base image. 38 + mattdm/fedora-small A small Fedora image on which to build. Co... 8 + goldmann/wildfly A WildFly application server running on a ... 3 [OK] + +## Search the registry for trusted images + +Search the registry for the term 'fedora' and only display trusted images +ranked 1 or higher: + + $ sudo docker search -s 1 -t fedora + NAME DESCRIPTION STARS OFFICIAL TRUSTED + goldmann/wildfly A WildFly application server running on a ... 3 [OK] + tutum/fedora-20 Fedora 20 image with SSH access. For the r... 1 [OK] + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. diff --git a/contrib/man/md/docker-start.1.md b/contrib/man/md/docker-start.1.md new file mode 100644 index 0000000000..9e639bbb5e --- /dev/null +++ b/contrib/man/md/docker-start.1.md @@ -0,0 +1,25 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-start - Restart a stopped container + +# SYNOPSIS +**docker start** [**a**|**--attach**[=*false*]] [**-i**|**--interactive** +[=*true*] CONTAINER [CONTAINER...] + +# DESCRIPTION + +Start a stopped container. + +# OPTION +**-a**, **--attach**=*true*|*false* + When true attach to container's stdout/stderr and forward all signals to +the process + +**-i**, **--interactive**=*true*|*false* + When true attach to container's stdin + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. diff --git a/contrib/man/md/docker-stop.1.md b/contrib/man/md/docker-stop.1.md new file mode 100644 index 0000000000..6ec81cd472 --- /dev/null +++ b/contrib/man/md/docker-stop.1.md @@ -0,0 +1,22 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-stop - Stop a running container + grace period) + +# SYNOPSIS +**docker stop** [**-t**|**--time**[=*10*]] CONTAINER [CONTAINER...] + +# DESCRIPTION +Stop a running container (Send SIGTERM, and then SIGKILL after + grace period) + +# OPTIONS +**-t**, **--time**=NUM + Wait NUM number of seconds for the container to stop before killing it. +The default is 10 seconds. + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. diff --git a/contrib/man/md/docker-tag.1.md b/contrib/man/md/docker-tag.1.md new file mode 100644 index 0000000000..49f5a6c4d1 --- /dev/null +++ b/contrib/man/md/docker-tag.1.md @@ -0,0 +1,48 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-tag - Tag an image in the repository + +# SYNOPSIS +**docker tag** [**-f**|**--force**[=*false*] +IMAGE [REGISTRYHOST/][USERNAME/]NAME[:TAG] + +# DESCRIPTION +This will tag an image in the repository. + +# "OPTIONS" +**-f**, **--force**=*true*|*false* + When set to true, force the tag name. The default is *false*. + +**REGISTRYHOST** + The hostname of the registry if required. This may also include the port +separated by a ':' + +**USERNAME** + The username or other qualifying identifier for the image. + +**NAME** + The image name. + +**TAG** + The tag you are assigning to the image. + +# EXAMPLES + +## Tagging an image + +Here is an example of tagging an image with the tag version1.0 : + + docker tag 0e5574283393 fedora/httpd:version1.0 + +## Tagging an image for a private repository + +To push an image to an private registry and not the central Docker +registry you must tag it with the registry hostname and port (if needed). + + docker tag 0e5574283393 myregistryhost:5000/fedora/httpd:version1.0 + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. diff --git a/contrib/man/md/docker-top.1.md b/contrib/man/md/docker-top.1.md new file mode 100644 index 0000000000..2c00c527a5 --- /dev/null +++ b/contrib/man/md/docker-top.1.md @@ -0,0 +1,27 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-top - Lookup the running processes of a container + +# SYNOPSIS +**docker top** CONTAINER [ps-OPTION] + +# DESCRIPTION + +Look up the running process of the container. ps-OPTION can be any of the + options you would pass to a Linux ps command. + +# EXAMPLE + +Run **docker top** with the ps option of -x: + + $ sudo docker top 8601afda2b -x + PID TTY STAT TIME COMMAND + 16623 ? Ss 0:00 sleep 99999 + + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. + diff --git a/contrib/man/md/docker-wait.1.md b/contrib/man/md/docker-wait.1.md new file mode 100644 index 0000000000..6754151f09 --- /dev/null +++ b/contrib/man/md/docker-wait.1.md @@ -0,0 +1,23 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker-wait - Block until a container stops, then print its exit code. + +# SYNOPSIS +**docker wait** CONTAINER [CONTAINER...] + +# DESCRIPTION +Block until a container stops, then print its exit code. + +#EXAMPLE + + $ sudo docker run -d fedora sleep 99 + 079b83f558a2bc52ecad6b2a5de13622d584e6bb1aea058c11b36511e85e7622 + $ sudo docker wait 079b83f558a2bc + 0 + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.io source material and internal work. + diff --git a/contrib/man/md/docker.1.md b/contrib/man/md/docker.1.md new file mode 100644 index 0000000000..d1ddf192b5 --- /dev/null +++ b/contrib/man/md/docker.1.md @@ -0,0 +1,187 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker \- Docker image and container command line interface + +# SYNOPSIS +**docker** [OPTIONS] COMMAND [arg...] + +# DESCRIPTION +**docker** has two distinct functions. It is used for starting the Docker +daemon and to run the CLI (i.e., to command the daemon to manage images, +containers etc.) So **docker** is both a server, as a deamon, and a client +to the daemon, through the CLI. + +To run the Docker deamon you do not specify any of the commands listed below but +must specify the **-d** option. The other options listed below are for the +daemon only. + +The Docker CLI has over 30 commands. The commands are listed below and each has +its own man page which explain usage and arguements. + +To see the man page for a command run **man docker **. + +# OPTIONS +**-D**=*true*|*false* + Enable debug mode. Default is false. + +**-H**, **--host**=[unix:///var/run/docker.sock]: tcp://[host[:port]] to bind or +unix://[/path/to/socket] to use. + Enable both the socket support and TCP on localhost. When host=[0.0.0.0], +port=[4243] or path =[/var/run/docker.sock] is omitted, default values are used. + +**--api-enable-cors**=*true*|*false* + Enable CORS headers in the remote API. Default is false. + +**-b**="" + Attach containers to a pre\-existing network bridge; use 'none' to disable container networking + +**--bip**="" + Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of \-b + +**-d**=*true*|*false* + Enable daemon mode. Default is false. + +**--dns**="" + Force Docker to use specific DNS servers + +**-g**="" + Path to use as the root of the Docker runtime. Default is `/var/lib/docker`. + +**--icc**=*true*|*false* + Enable inter\-container communication. Default is true. + +**--ip**="" + Default IP address to use when binding container ports. Default is `0.0.0.0`. + +**--iptables**=*true*|*false* + Disable Docker's addition of iptables rules. Default is true. + +**--mtu**=VALUE + Set the containers network mtu. Default is `1500`. + +**-p**="" + Path to use for daemon PID file. Default is `/var/run/docker.pid` + +**-r**=*true*|*false* + Restart previously running containers. Default is true. + +**-s**="" + Force the Docker runtime to use a specific storage driver. + +**-v**=*true*|*false* + Print version information and quit. Default is false. + +**--selinux-enabled=*true*|*false* + Enable selinux support. Default is false. + +# COMMANDS +**docker-attach(1)** + Attach to a running container + +**docker-build(1)** + Build a container from a Dockerfile + +**docker-commit(1)** + Create a new image from a container's changes + +**docker-cp(1)** + Copy files/folders from the containers filesystem to the host at path + +**docker-diff(1)** + Inspect changes on a container's filesystem + + +**docker-events(1)** + Get real time events from the server + +**docker-export(1)** + Stream the contents of a container as a tar archive + +**docker-history(1)** + Show the history of an image + +**docker-images(1)** + List images + +**docker-import(1)** + Create a new filesystem image from the contents of a tarball + +**docker-info(1)** + Display system-wide information + +**docker-inspect(1)** + Return low-level information on a container + +**docker-kill(1)** + Kill a running container (which includes the wrapper process and everything +inside it) + +**docker-load(1)** + Load an image from a tar archive + +**docker-login(1)** + Register or Login to a Docker registry server + +**docker-logs(1)** + Fetch the logs of a container + +**docker-port(1)** + Lookup the public-facing port which is NAT-ed to PRIVATE_PORT + +**docker-ps(1)** + List containers + +**docker-pull(1)** + Pull an image or a repository from a Docker registry server + +**docker-push(1)** + Push an image or a repository to a Docker registry server + +**docker-restart(1)** + Restart a running container + +**docker-rm(1)** + Remove one or more containers + +**docker-rmi(1)** + Remove one or more images + +**docker-run(1)** + Run a command in a new container + +**docker-save(1)** + Save an image to a tar archive + +**docker-search(1)** + Search for an image in the Docker index + +**docker-start(1)** + Start a stopped container + +**docker-stop(1)** + Stop a running container + +**docker-tag(1)** + Tag an image into a repository + +**docker-top(1)** + Lookup the running processes of a container + +**version** + Show the Docker version information + +**docker-wait(1)** + Block until a container stops, then print its exit code + +# EXAMPLES + +For specific examples please see the man page for the specific Docker command. +For example: + + man docker run + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) based + on docker.io source material and internal work. diff --git a/contrib/man/md/md2man-all.sh b/contrib/man/md/md2man-all.sh new file mode 100755 index 0000000000..f33557934c --- /dev/null +++ b/contrib/man/md/md2man-all.sh @@ -0,0 +1,22 @@ +#!/bin/bash +set -e + +# get into this script's directory +cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" + +[ "$1" = '-q' ] || { + set -x + pwd +} + +for FILE in *.md; do + base="$(basename "$FILE")" + name="${base%.md}" + num="${name##*.}" + if [ -z "$num" -o "$base" = "$num" ]; then + # skip files that aren't of the format xxxx.N.md (like README.md) + continue + fi + mkdir -p "../man${num}" + pandoc -s -t man "$FILE" -o "../man${num}/${name}" +done diff --git a/contrib/man/man1/docker-attach.1 b/contrib/man/old-man/docker-attach.1 similarity index 100% rename from contrib/man/man1/docker-attach.1 rename to contrib/man/old-man/docker-attach.1 diff --git a/contrib/man/man1/docker-build.1 b/contrib/man/old-man/docker-build.1 similarity index 100% rename from contrib/man/man1/docker-build.1 rename to contrib/man/old-man/docker-build.1 diff --git a/contrib/man/man1/docker-images.1 b/contrib/man/old-man/docker-images.1 similarity index 100% rename from contrib/man/man1/docker-images.1 rename to contrib/man/old-man/docker-images.1 diff --git a/contrib/man/man1/docker-info.1 b/contrib/man/old-man/docker-info.1 similarity index 100% rename from contrib/man/man1/docker-info.1 rename to contrib/man/old-man/docker-info.1 diff --git a/contrib/man/man1/docker-inspect.1 b/contrib/man/old-man/docker-inspect.1 similarity index 100% rename from contrib/man/man1/docker-inspect.1 rename to contrib/man/old-man/docker-inspect.1 diff --git a/contrib/man/man1/docker-rm.1 b/contrib/man/old-man/docker-rm.1 similarity index 100% rename from contrib/man/man1/docker-rm.1 rename to contrib/man/old-man/docker-rm.1 diff --git a/contrib/man/old-man/docker-rm.md b/contrib/man/old-man/docker-rm.md new file mode 100644 index 0000000000..a53aa77c98 --- /dev/null +++ b/contrib/man/old-man/docker-rm.md @@ -0,0 +1,50 @@ +DOCKER "1" "APRIL 2014" "0.1" "Docker" +======================================= + +NAME +---- + +docker-rm - Remove one or more containers. + +SYNOPSIS +-------- + +`docker rm` [`-f`|`--force`[=*false*] [`-l`|`--link`[=*false*] [`-v`|`--volumes`[=*false*] +CONTAINER [CONTAINER...] + +DESCRIPTION +----------- + +`docker rm` will remove one or more containers from the host node. The container name or ID can be used. This does not remove images. You cannot remove a running container unless you use the \fB-f\fR option. To see all containers on a host use the `docker ps -a` command. + +OPTIONS +------- + +`-f`, `--force`=*true*|*false*: + When set to true, force the removal of the container. The default is *false*. + +`-l`, `--link`=*true*|*false*: + When set to true, remove the specified link and not the underlying container. The default is *false*. + +`-v`, `--volumes`=*true*|*false*: + When set to true, remove the volumes associated to the container. The default is *false*. + +EXAMPLES +-------- + +##Removing a container using its ID## + +To remove a container using its ID, find either from a `docker ps -a` command, or use the ID returned from the `docker run` command, or retrieve it from a file used to store it using the `docker run --cidfile`: + + docker rm abebf7571666 + +##Removing a container using the container name## + +The name of the container can be found using the \fBdocker ps -a\fR command. The use that name as follows: + + docker rm hopeful_morse + +HISTORY +------- + +April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on dockier.io source material and internal work. diff --git a/contrib/man/man1/docker-rmi.1 b/contrib/man/old-man/docker-rmi.1 similarity index 100% rename from contrib/man/man1/docker-rmi.1 rename to contrib/man/old-man/docker-rmi.1 diff --git a/contrib/man/man1/docker-run.1 b/contrib/man/old-man/docker-run.1 similarity index 100% rename from contrib/man/man1/docker-run.1 rename to contrib/man/old-man/docker-run.1 diff --git a/contrib/man/man1/docker-tag.1 b/contrib/man/old-man/docker-tag.1 similarity index 100% rename from contrib/man/man1/docker-tag.1 rename to contrib/man/old-man/docker-tag.1 diff --git a/contrib/man/man1/docker.1 b/contrib/man/old-man/docker.1 similarity index 100% rename from contrib/man/man1/docker.1 rename to contrib/man/old-man/docker.1 diff --git a/contrib/mkimage-alpine.sh b/contrib/mkimage-alpine.sh new file mode 100755 index 0000000000..7444ffafb9 --- /dev/null +++ b/contrib/mkimage-alpine.sh @@ -0,0 +1,82 @@ +#!/bin/sh + +set -e + +[ $(id -u) -eq 0 ] || { + printf >&2 '%s requires root\n' "$0" + exit 1 +} + +usage() { + printf >&2 '%s: [-r release] [-m mirror] [-s]\n' "$0" + exit 1 +} + +tmp() { + TMP=$(mktemp -d /tmp/alpine-docker-XXXXXXXXXX) + ROOTFS=$(mktemp -d /tmp/alpine-docker-rootfs-XXXXXXXXXX) + trap "rm -rf $TMP $ROOTFS" EXIT TERM INT +} + +apkv() { + curl -s $REPO/$ARCH/APKINDEX.tar.gz | tar -Oxz | + grep '^P:apk-tools-static$' -A1 | tail -n1 | cut -d: -f2 +} + +getapk() { + curl -s $REPO/$ARCH/apk-tools-static-$(apkv).apk | + tar -xz -C $TMP sbin/apk.static +} + +mkbase() { + $TMP/sbin/apk.static --repository $REPO --update-cache --allow-untrusted \ + --root $ROOTFS --initdb add alpine-base +} + +conf() { + printf '%s\n' $REPO > $ROOTFS/etc/apk/repositories +} + +pack() { + local id + id=$(tar --numeric-owner -C $ROOTFS -c . | docker import - alpine:$REL) + + docker tag $id alpine:latest + docker run -i -t alpine printf 'alpine:%s with id=%s created!\n' $REL $id +} + +save() { + [ $SAVE -eq 1 ] || return + + tar --numeric-owner -C $ROOTFS -c . | xz > rootfs.tar.xz +} + +while getopts "hr:m:s" opt; do + case $opt in + r) + REL=$OPTARG + ;; + m) + MIRROR=$OPTARG + ;; + s) + SAVE=1 + ;; + *) + usage + ;; + esac +done + +REL=${REL:-edge} +MIRROR=${MIRROR:-http://nl.alpinelinux.org/alpine} +SAVE=${SAVE:-0} +REPO=$MIRROR/$REL/main +ARCH=$(uname -m) + +tmp +getapk +mkbase +conf +pack +save diff --git a/contrib/mkimage-arch.sh b/contrib/mkimage-arch.sh index 73a4173b11..dc21067473 100755 --- a/contrib/mkimage-arch.sh +++ b/contrib/mkimage-arch.sh @@ -57,6 +57,7 @@ mknod -m 666 $DEV/tty0 c 4 0 mknod -m 666 $DEV/full c 1 7 mknod -m 600 $DEV/initctl p mknod -m 666 $DEV/ptmx c 5 2 +ln -sf /proc/self/fd $DEV/fd tar --numeric-owner -C $ROOTFS -c . | docker import - archlinux docker run -i -t archlinux echo Success. diff --git a/contrib/zfs/MAINTAINERS b/contrib/zfs/MAINTAINERS deleted file mode 100644 index 90bc6e3d60..0000000000 --- a/contrib/zfs/MAINTAINERS +++ /dev/null @@ -1 +0,0 @@ -Gurjeet Singh (gurjeet.singh.im) diff --git a/contrib/zfs/README.md b/contrib/zfs/README.md deleted file mode 100644 index 84f6296e10..0000000000 --- a/contrib/zfs/README.md +++ /dev/null @@ -1,23 +0,0 @@ -# ZFS Storage Driver - -This is a placeholder to declare the presence and status of ZFS storage driver -for containers. - -The current development is done in Gurjeet Singh's fork of Docker, under the -branch named [zfs_driver]. - -[zfs_driver]: https://github.com/gurjeet/docker/tree/zfs_driver - - -# Status - -Alpha: The code is now capable of creating, running and destroying containers -and images. - -The code is under development. Contributions in the form of suggestions, -code-reviews, and patches are welcome. - -Please send the communication to gurjeet@singh.im and CC at least one Docker -mailing list. - - diff --git a/daemon/attach.go b/daemon/attach.go new file mode 100644 index 0000000000..0e3b8b8a9d --- /dev/null +++ b/daemon/attach.go @@ -0,0 +1,153 @@ +package daemon + +import ( + "io" + + "github.com/dotcloud/docker/utils" +) + +func (daemon *Daemon) Attach(container *Container, stdin io.ReadCloser, stdinCloser io.Closer, stdout io.Writer, stderr io.Writer) chan error { + var ( + cStdout, cStderr io.ReadCloser + nJobs int + errors = make(chan error, 3) + ) + + if stdin != nil && container.Config.OpenStdin { + nJobs += 1 + if cStdin, err := container.StdinPipe(); err != nil { + errors <- err + } else { + go func() { + utils.Debugf("attach: stdin: begin") + defer utils.Debugf("attach: stdin: end") + // No matter what, when stdin is closed (io.Copy unblock), close stdout and stderr + if container.Config.StdinOnce && !container.Config.Tty { + defer cStdin.Close() + } else { + defer func() { + if cStdout != nil { + cStdout.Close() + } + if cStderr != nil { + cStderr.Close() + } + }() + } + if container.Config.Tty { + _, err = utils.CopyEscapable(cStdin, stdin) + } else { + _, err = io.Copy(cStdin, stdin) + } + if err == io.ErrClosedPipe { + err = nil + } + if err != nil { + utils.Errorf("attach: stdin: %s", err) + } + errors <- err + }() + } + } + if stdout != nil { + nJobs += 1 + if p, err := container.StdoutPipe(); err != nil { + errors <- err + } else { + cStdout = p + go func() { + utils.Debugf("attach: stdout: begin") + defer utils.Debugf("attach: stdout: end") + // If we are in StdinOnce mode, then close stdin + if container.Config.StdinOnce && stdin != nil { + defer stdin.Close() + } + if stdinCloser != nil { + defer stdinCloser.Close() + } + _, err := io.Copy(stdout, cStdout) + if err == io.ErrClosedPipe { + err = nil + } + if err != nil { + utils.Errorf("attach: stdout: %s", err) + } + errors <- err + }() + } + } else { + go func() { + if stdinCloser != nil { + defer stdinCloser.Close() + } + if cStdout, err := container.StdoutPipe(); err != nil { + utils.Errorf("attach: stdout pipe: %s", err) + } else { + io.Copy(&utils.NopWriter{}, cStdout) + } + }() + } + if stderr != nil { + nJobs += 1 + if p, err := container.StderrPipe(); err != nil { + errors <- err + } else { + cStderr = p + go func() { + utils.Debugf("attach: stderr: begin") + defer utils.Debugf("attach: stderr: end") + // If we are in StdinOnce mode, then close stdin + if container.Config.StdinOnce && stdin != nil { + defer stdin.Close() + } + if stdinCloser != nil { + defer stdinCloser.Close() + } + _, err := io.Copy(stderr, cStderr) + if err == io.ErrClosedPipe { + err = nil + } + if err != nil { + utils.Errorf("attach: stderr: %s", err) + } + errors <- err + }() + } + } else { + go func() { + if stdinCloser != nil { + defer stdinCloser.Close() + } + + if cStderr, err := container.StderrPipe(); err != nil { + utils.Errorf("attach: stdout pipe: %s", err) + } else { + io.Copy(&utils.NopWriter{}, cStderr) + } + }() + } + + return utils.Go(func() error { + defer func() { + if cStdout != nil { + cStdout.Close() + } + if cStderr != nil { + cStderr.Close() + } + }() + + // FIXME: how to clean up the stdin goroutine without the unwanted side effect + // of closing the passed stdin? Add an intermediary io.Pipe? + for i := 0; i < nJobs; i += 1 { + utils.Debugf("attach: waiting for job %d/%d", i+1, nJobs) + if err := <-errors; err != nil { + utils.Errorf("attach: job %d returned error %s, aborting all jobs", i+1, err) + return err + } + utils.Debugf("attach: job %d completed successfully", i+1) + } + utils.Debugf("attach: all jobs completed successfully") + return nil + }) +} diff --git a/runtime/container.go b/daemon/container.go similarity index 64% rename from runtime/container.go rename to daemon/container.go index c8053b146c..7b6b65494e 100644 --- a/runtime/container.go +++ b/daemon/container.go @@ -1,18 +1,9 @@ -package runtime +package daemon import ( "encoding/json" "errors" "fmt" - "github.com/dotcloud/docker/archive" - "github.com/dotcloud/docker/engine" - "github.com/dotcloud/docker/image" - "github.com/dotcloud/docker/links" - "github.com/dotcloud/docker/nat" - "github.com/dotcloud/docker/runconfig" - "github.com/dotcloud/docker/runtime/execdriver" - "github.com/dotcloud/docker/runtime/graphdriver" - "github.com/dotcloud/docker/utils" "io" "io/ioutil" "log" @@ -22,6 +13,19 @@ import ( "sync" "syscall" "time" + + "github.com/dotcloud/docker/archive" + "github.com/dotcloud/docker/daemon/execdriver" + "github.com/dotcloud/docker/daemon/graphdriver" + "github.com/dotcloud/docker/engine" + "github.com/dotcloud/docker/image" + "github.com/dotcloud/docker/links" + "github.com/dotcloud/docker/nat" + "github.com/dotcloud/docker/pkg/label" + "github.com/dotcloud/docker/pkg/networkfs/etchosts" + "github.com/dotcloud/docker/pkg/networkfs/resolvconf" + "github.com/dotcloud/docker/runconfig" + "github.com/dotcloud/docker/utils" ) const DefaultPathEnv = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" @@ -64,7 +68,8 @@ type Container struct { stdin io.ReadCloser stdinPipe io.WriteCloser - runtime *Runtime + daemon *Daemon + MountLabel, ProcessLabel string waitLock chan struct{} Volumes map[string]string @@ -76,42 +81,6 @@ type Container struct { activeLinks map[string]*links.Link } -// FIXME: move deprecated port stuff to nat to clean up the core. -type PortMapping map[string]string // Deprecated - -type NetworkSettings struct { - IPAddress string - IPPrefixLen int - Gateway string - Bridge string - PortMapping map[string]PortMapping // Deprecated - Ports nat.PortMap -} - -func (settings *NetworkSettings) PortMappingAPI() *engine.Table { - var outs = engine.NewTable("", 0) - for port, bindings := range settings.Ports { - p, _ := nat.ParsePort(port.Port()) - if len(bindings) == 0 { - out := &engine.Env{} - out.SetInt("PublicPort", p) - out.Set("Type", port.Proto()) - outs.Add(out) - continue - } - for _, binding := range bindings { - out := &engine.Env{} - h, _ := nat.ParsePort(binding.HostPort) - out.SetInt("PrivatePort", p) - out.SetInt("PublicPort", h) - out.Set("Type", port.Proto()) - out.Set("IP", binding.HostIp) - outs.Add(out) - } - } - return outs -} - // Inject the io.Reader at the given path. Note: do not close the reader func (container *Container) Inject(file io.Reader, pth string) error { if err := container.Mount(); err != nil { @@ -148,10 +117,6 @@ func (container *Container) Inject(file io.Reader, pth string) error { return nil } -func (container *Container) When() time.Time { - return container.Created -} - func (container *Container) FromDisk() error { data, err := ioutil.ReadFile(container.jsonPath()) if err != nil { @@ -162,6 +127,10 @@ func (container *Container) FromDisk() error { if err := json.Unmarshal(data, container); err != nil && !strings.Contains(err.Error(), "docker.PortMapping") { return err } + + if err := label.ReserveLabel(container.ProcessLabel); err != nil { + return err + } return container.readHostConfig() } @@ -201,186 +170,46 @@ func (container *Container) WriteHostConfig() (err error) { return ioutil.WriteFile(container.hostConfigPath(), data, 0666) } -func (container *Container) generateEnvConfig(env []string) error { - data, err := json.Marshal(env) - if err != nil { - return err - } - p, err := container.EnvConfigPath() - if err != nil { - return err - } - ioutil.WriteFile(p, data, 0600) - return nil -} - -func (container *Container) Attach(stdin io.ReadCloser, stdinCloser io.Closer, stdout io.Writer, stderr io.Writer) chan error { - var cStdout, cStderr io.ReadCloser - - var nJobs int - errors := make(chan error, 3) - if stdin != nil && container.Config.OpenStdin { - nJobs += 1 - if cStdin, err := container.StdinPipe(); err != nil { - errors <- err - } else { - go func() { - utils.Debugf("attach: stdin: begin") - defer utils.Debugf("attach: stdin: end") - // No matter what, when stdin is closed (io.Copy unblock), close stdout and stderr - if container.Config.StdinOnce && !container.Config.Tty { - defer cStdin.Close() - } else { - defer func() { - if cStdout != nil { - cStdout.Close() - } - if cStderr != nil { - cStderr.Close() - } - }() - } - if container.Config.Tty { - _, err = utils.CopyEscapable(cStdin, stdin) - } else { - _, err = io.Copy(cStdin, stdin) - } - if err == io.ErrClosedPipe { - err = nil - } - if err != nil { - utils.Errorf("attach: stdin: %s", err) - } - errors <- err - }() - } - } - if stdout != nil { - nJobs += 1 - if p, err := container.StdoutPipe(); err != nil { - errors <- err - } else { - cStdout = p - go func() { - utils.Debugf("attach: stdout: begin") - defer utils.Debugf("attach: stdout: end") - // If we are in StdinOnce mode, then close stdin - if container.Config.StdinOnce && stdin != nil { - defer stdin.Close() - } - if stdinCloser != nil { - defer stdinCloser.Close() - } - _, err := io.Copy(stdout, cStdout) - if err == io.ErrClosedPipe { - err = nil - } - if err != nil { - utils.Errorf("attach: stdout: %s", err) - } - errors <- err - }() - } - } else { - go func() { - if stdinCloser != nil { - defer stdinCloser.Close() - } - if cStdout, err := container.StdoutPipe(); err != nil { - utils.Errorf("attach: stdout pipe: %s", err) - } else { - io.Copy(&utils.NopWriter{}, cStdout) - } - }() - } - if stderr != nil { - nJobs += 1 - if p, err := container.StderrPipe(); err != nil { - errors <- err - } else { - cStderr = p - go func() { - utils.Debugf("attach: stderr: begin") - defer utils.Debugf("attach: stderr: end") - // If we are in StdinOnce mode, then close stdin - if container.Config.StdinOnce && stdin != nil { - defer stdin.Close() - } - if stdinCloser != nil { - defer stdinCloser.Close() - } - _, err := io.Copy(stderr, cStderr) - if err == io.ErrClosedPipe { - err = nil - } - if err != nil { - utils.Errorf("attach: stderr: %s", err) - } - errors <- err - }() - } - } else { - go func() { - if stdinCloser != nil { - defer stdinCloser.Close() - } - - if cStderr, err := container.StderrPipe(); err != nil { - utils.Errorf("attach: stdout pipe: %s", err) - } else { - io.Copy(&utils.NopWriter{}, cStderr) - } - }() - } - - return utils.Go(func() error { - defer func() { - if cStdout != nil { - cStdout.Close() - } - if cStderr != nil { - cStderr.Close() - } - }() - - // FIXME: how to clean up the stdin goroutine without the unwanted side effect - // of closing the passed stdin? Add an intermediary io.Pipe? - for i := 0; i < nJobs; i += 1 { - utils.Debugf("attach: waiting for job %d/%d", i+1, nJobs) - if err := <-errors; err != nil { - utils.Errorf("attach: job %d returned error %s, aborting all jobs", i+1, err) - return err - } - utils.Debugf("attach: job %d completed successfully", i+1) - } - utils.Debugf("attach: all jobs completed successfully") - return nil - }) -} - -func populateCommand(c *Container) { +func populateCommand(c *Container, env []string) error { var ( - en *execdriver.Network - driverConfig = make(map[string][]string) + en *execdriver.Network + context = make(map[string][]string) ) + context["process_label"] = []string{c.GetProcessLabel()} + context["mount_label"] = []string{c.GetMountLabel()} en = &execdriver.Network{ - Mtu: c.runtime.config.Mtu, + Mtu: c.daemon.config.Mtu, Interface: nil, } - if !c.Config.NetworkDisabled { - network := c.NetworkSettings - en.Interface = &execdriver.NetworkInterface{ - Gateway: network.Gateway, - Bridge: network.Bridge, - IPAddress: network.IPAddress, - IPPrefixLen: network.IPPrefixLen, + parts := strings.SplitN(string(c.hostConfig.NetworkMode), ":", 2) + switch parts[0] { + case "none": + case "host": + en.HostNetworking = true + case "bridge", "": // empty string to support existing containers + if !c.Config.NetworkDisabled { + network := c.NetworkSettings + en.Interface = &execdriver.NetworkInterface{ + Gateway: network.Gateway, + Bridge: network.Bridge, + IPAddress: network.IPAddress, + IPPrefixLen: network.IPPrefixLen, + } } + case "container": + nc, err := c.getNetworkedContainer() + if err != nil { + return err + } + en.ContainerID = nc.ID + default: + return fmt.Errorf("invalid network mode: %s", c.hostConfig.NetworkMode) } // TODO: this can be removed after lxc-conf is fully deprecated - mergeLxcConfIntoOptions(c.hostConfig, driverConfig) + mergeLxcConfIntoOptions(c.hostConfig, context) resources := &execdriver.Resources{ Memory: c.Config.Memory, @@ -398,22 +227,12 @@ func populateCommand(c *Container) { Network: en, Tty: c.Config.Tty, User: c.Config.User, - Config: driverConfig, + Config: context, Resources: resources, } c.command.SysProcAttr = &syscall.SysProcAttr{Setsid: true} -} - -func (container *Container) ArgsAsString() string { - var args []string - for _, arg := range container.Args { - if strings.Contains(arg, " ") { - args = append(args, fmt.Sprintf("'%s'", arg)) - } else { - args = append(args, arg) - } - } - return strings.Join(args, " ") + c.command.Env = env + return nil } func (container *Container) Start() (err error) { @@ -423,186 +242,47 @@ func (container *Container) Start() (err error) { if container.State.IsRunning() { return nil } - + // if we encounter and error during start we need to ensure that any other + // setup has been cleaned up properly defer func() { if err != nil { container.cleanup() } }() - if container.ResolvConfPath == "" { - if err := container.setupContainerDns(); err != nil { - return err - } + if err := container.setupContainerDns(); err != nil { + return err } - if err := container.Mount(); err != nil { return err } - - if container.runtime.config.DisableNetwork { - container.Config.NetworkDisabled = true - container.buildHostnameAndHostsFiles("127.0.1.1") - } else { - if err := container.allocateNetwork(); err != nil { - return err - } - container.buildHostnameAndHostsFiles(container.NetworkSettings.IPAddress) + if err := container.initializeNetworking(); err != nil { + return err } - - // Make sure the config is compatible with the current kernel - if container.Config.Memory > 0 && !container.runtime.sysInfo.MemoryLimit { - log.Printf("WARNING: Your kernel does not support memory limit capabilities. Limitation discarded.\n") - container.Config.Memory = 0 - } - if container.Config.Memory > 0 && !container.runtime.sysInfo.SwapLimit { - log.Printf("WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.\n") - container.Config.MemorySwap = -1 - } - - if container.runtime.sysInfo.IPv4ForwardingDisabled { - log.Printf("WARNING: IPv4 forwarding is disabled. Networking will not work") - } - + container.verifyDaemonSettings() if err := prepareVolumesForContainer(container); err != nil { return err } - - // Setup environment - env := []string{ - "HOME=/", - "PATH=" + DefaultPathEnv, - "HOSTNAME=" + container.Config.Hostname, - } - - if container.Config.Tty { - env = append(env, "TERM=xterm") - } - - // Init any links between the parent and children - runtime := container.runtime - - children, err := runtime.Children(container.Name) + linkedEnv, err := container.setupLinkedContainers() if err != nil { return err } - - if len(children) > 0 { - container.activeLinks = make(map[string]*links.Link, len(children)) - - // If we encounter an error make sure that we rollback any network - // config and ip table changes - rollback := func() { - for _, link := range container.activeLinks { - link.Disable() - } - container.activeLinks = nil - } - - for linkAlias, child := range children { - if !child.State.IsRunning() { - return fmt.Errorf("Cannot link to a non running container: %s AS %s", child.Name, linkAlias) - } - - link, err := links.NewLink( - container.NetworkSettings.IPAddress, - child.NetworkSettings.IPAddress, - linkAlias, - child.Config.Env, - child.Config.ExposedPorts, - runtime.eng) - - if err != nil { - rollback() - return err - } - - container.activeLinks[link.Alias()] = link - if err := link.Enable(); err != nil { - rollback() - return err - } - - for _, envVar := range link.ToEnv() { - env = append(env, envVar) - } - } - } - - // because the env on the container can override certain default values - // we need to replace the 'env' keys where they match and append anything - // else. - env = utils.ReplaceOrAppendEnvValues(env, container.Config.Env) - if err := container.generateEnvConfig(env); err != nil { + if err := container.setupWorkingDirectory(); err != nil { return err } - - if container.Config.WorkingDir != "" { - container.Config.WorkingDir = path.Clean(container.Config.WorkingDir) - - pthInfo, err := os.Stat(path.Join(container.basefs, container.Config.WorkingDir)) - if err != nil { - if !os.IsNotExist(err) { - return err - } - if err := os.MkdirAll(path.Join(container.basefs, container.Config.WorkingDir), 0755); err != nil { - return err - } - } - if pthInfo != nil && !pthInfo.IsDir() { - return fmt.Errorf("Cannot mkdir: %s is not a directory", container.Config.WorkingDir) - } - } - - envPath, err := container.EnvConfigPath() - if err != nil { + env := container.createDaemonEnvironment(linkedEnv) + if err := populateCommand(container, env); err != nil { return err } - - populateCommand(container) - container.command.Env = env - - if err := setupMountsForContainer(container, envPath); err != nil { + if err := setupMountsForContainer(container); err != nil { return err } - - // Setup logging of stdout and stderr to disk - if err := container.runtime.LogToDisk(container.stdout, container.logPath("json"), "stdout"); err != nil { - return err - } - if err := container.runtime.LogToDisk(container.stderr, container.logPath("json"), "stderr"); err != nil { + if err := container.startLoggingToDisk(); err != nil { return err } container.waitLock = make(chan struct{}) - callbackLock := make(chan struct{}) - callback := func(command *execdriver.Command) { - container.State.SetRunning(command.Pid()) - if command.Tty { - // The callback is called after the process Start() - // so we are in the parent process. In TTY mode, stdin/out/err is the PtySlace - // which we close here. - if c, ok := command.Stdout.(io.Closer); ok { - c.Close() - } - } - if err := container.ToDisk(); err != nil { - utils.Debugf("%s", err) - } - close(callbackLock) - } - - // We use a callback here instead of a goroutine and an chan for - // syncronization purposes - cErr := utils.Go(func() error { return container.monitor(callback) }) - - // Start should not return until the process is actually running - select { - case <-callbackLock: - case err := <-cErr: - return err - } - return nil + return container.waitForStart() } func (container *Container) Run() error { @@ -651,74 +331,69 @@ func (container *Container) StderrPipe() (io.ReadCloser, error) { return utils.NewBufReader(reader), nil } -func (container *Container) buildHostnameAndHostsFiles(IP string) { - container.HostnamePath = path.Join(container.root, "hostname") - ioutil.WriteFile(container.HostnamePath, []byte(container.Config.Hostname+"\n"), 0644) +func (container *Container) StdoutLogPipe() io.ReadCloser { + reader, writer := io.Pipe() + container.stdout.AddWriter(writer, "stdout") + return utils.NewBufReader(reader) +} - hostsContent := []byte(` -127.0.0.1 localhost -::1 localhost ip6-localhost ip6-loopback -fe00::0 ip6-localnet -ff00::0 ip6-mcastprefix -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters -`) +func (container *Container) StderrLogPipe() io.ReadCloser { + reader, writer := io.Pipe() + container.stderr.AddWriter(writer, "stderr") + return utils.NewBufReader(reader) +} + +func (container *Container) buildHostnameFile() error { + container.HostnamePath = path.Join(container.root, "hostname") + if container.Config.Domainname != "" { + return ioutil.WriteFile(container.HostnamePath, []byte(fmt.Sprintf("%s.%s\n", container.Config.Hostname, container.Config.Domainname)), 0644) + } + return ioutil.WriteFile(container.HostnamePath, []byte(container.Config.Hostname+"\n"), 0644) +} + +func (container *Container) buildHostnameAndHostsFiles(IP string) error { + if err := container.buildHostnameFile(); err != nil { + return err + } container.HostsPath = path.Join(container.root, "hosts") - if container.Config.Domainname != "" { - hostsContent = append([]byte(fmt.Sprintf("%s\t%s.%s %s\n", IP, container.Config.Hostname, container.Config.Domainname, container.Config.Hostname)), hostsContent...) - } else if !container.Config.NetworkDisabled { - hostsContent = append([]byte(fmt.Sprintf("%s\t%s\n", IP, container.Config.Hostname)), hostsContent...) + extraContent := make(map[string]string) + + children, err := container.daemon.Children(container.Name) + if err != nil { + return err } - ioutil.WriteFile(container.HostsPath, hostsContent, 0644) + for linkAlias, child := range children { + _, alias := path.Split(linkAlias) + extraContent[alias] = child.NetworkSettings.IPAddress + } + + return etchosts.Build(container.HostsPath, IP, container.Config.Hostname, container.Config.Domainname, &extraContent) } func (container *Container) allocateNetwork() error { - if container.Config.NetworkDisabled { + mode := container.hostConfig.NetworkMode + if container.Config.NetworkDisabled || mode.IsContainer() || mode.IsHost() { return nil } var ( env *engine.Env err error - eng = container.runtime.eng + eng = container.daemon.eng ) - if container.State.IsGhost() { - if container.runtime.config.DisableNetwork { - env = &engine.Env{} - } else { - currentIP := container.NetworkSettings.IPAddress - - job := eng.Job("allocate_interface", container.ID) - if currentIP != "" { - job.Setenv("RequestIP", currentIP) - } - - env, err = job.Stdout.AddEnv() - if err != nil { - return err - } - - if err := job.Run(); err != nil { - return err - } - } - } else { - job := eng.Job("allocate_interface", container.ID) - env, err = job.Stdout.AddEnv() - if err != nil { - return err - } - if err := job.Run(); err != nil { - return err - } + job := eng.Job("allocate_interface", container.ID) + if env, err = job.Stdout.AddEnv(); err != nil { + return err + } + if err := job.Run(); err != nil { + return err } if container.Config.PortSpecs != nil { - utils.Debugf("Migrating port mappings for container: %s", strings.Join(container.Config.PortSpecs, ", ")) if err := migratePortMappings(container.Config, container.hostConfig); err != nil { return err } @@ -733,58 +408,23 @@ func (container *Container) allocateNetwork() error { bindings = make(nat.PortMap) ) - if !container.State.IsGhost() { - if container.Config.ExposedPorts != nil { - portSpecs = container.Config.ExposedPorts - } - if container.hostConfig.PortBindings != nil { - bindings = container.hostConfig.PortBindings - } - } else { - if container.NetworkSettings.Ports != nil { - for port, binding := range container.NetworkSettings.Ports { - portSpecs[port] = struct{}{} - bindings[port] = binding - } - } + if container.Config.ExposedPorts != nil { + portSpecs = container.Config.ExposedPorts + } + if container.hostConfig.PortBindings != nil { + bindings = container.hostConfig.PortBindings } container.NetworkSettings.PortMapping = nil for port := range portSpecs { - binding := bindings[port] - if container.hostConfig.PublishAllPorts && len(binding) == 0 { - binding = append(binding, nat.PortBinding{}) + if err := container.allocatePort(eng, port, bindings); err != nil { + return err } - - for i := 0; i < len(binding); i++ { - b := binding[i] - - portJob := eng.Job("allocate_port", container.ID) - portJob.Setenv("HostIP", b.HostIp) - portJob.Setenv("HostPort", b.HostPort) - portJob.Setenv("Proto", port.Proto()) - portJob.Setenv("ContainerPort", port.Port()) - - portEnv, err := portJob.Stdout.AddEnv() - if err != nil { - return err - } - if err := portJob.Run(); err != nil { - eng.Job("release_interface", container.ID).Run() - return err - } - b.HostIp = portEnv.Get("HostIP") - b.HostPort = portEnv.Get("HostPort") - - binding[i] = b - } - bindings[port] = binding } container.WriteHostConfig() container.NetworkSettings.Ports = bindings - container.NetworkSettings.Bridge = env.Get("Bridge") container.NetworkSettings.IPAddress = env.Get("IP") container.NetworkSettings.IPPrefixLen = env.GetInt("IPPrefixLen") @@ -797,7 +437,7 @@ func (container *Container) releaseNetwork() { if container.Config.NetworkDisabled { return } - eng := container.runtime.eng + eng := container.daemon.eng eng.Job("release_interface", container.ID).Run() container.NetworkSettings = &NetworkSettings{} @@ -810,12 +450,12 @@ func (container *Container) monitor(callback execdriver.StartCallback) error { ) pipes := execdriver.NewPipes(container.stdin, container.stdout, container.stderr, container.Config.OpenStdin) - exitCode, err = container.runtime.Run(container, pipes, callback) + exitCode, err = container.daemon.Run(container, pipes, callback) if err != nil { utils.Errorf("Error running container: %s", err) } - if container.runtime != nil && container.runtime.srv != nil && container.runtime.srv.IsRunning() { + if container.daemon != nil && container.daemon.srv != nil && container.daemon.srv.IsRunning() { container.State.SetStopped(exitCode) // FIXME: there is a race condition here which causes this to fail during the unit tests. @@ -838,8 +478,8 @@ func (container *Container) monitor(callback execdriver.StartCallback) error { container.stdin, container.stdinPipe = io.Pipe() } - if container.runtime != nil && container.runtime.srv != nil { - container.runtime.srv.LogEvent("die", container.ID, container.runtime.repositories.ImageName(container.Image)) + if container.daemon != nil && container.daemon.srv != nil { + container.daemon.srv.LogEvent("die", container.ID, container.daemon.repositories.ImageName(container.Image)) } close(container.waitLock) @@ -885,7 +525,7 @@ func (container *Container) KillSig(sig int) error { if !container.State.IsRunning() { return nil } - return container.runtime.Kill(container, sig) + return container.daemon.Kill(container, sig) } func (container *Container) Kill() error { @@ -900,9 +540,12 @@ func (container *Container) Kill() error { // 2. Wait for the process to die, in last resort, try to kill the process directly if err := container.WaitTimeout(10 * time.Second); err != nil { - log.Printf("Container %s failed to exit within 10 seconds of kill - trying direct SIGKILL", utils.TruncateID(container.ID)) - if err := syscall.Kill(container.State.Pid, 9); err != nil { - return err + // Ensure that we don't kill ourselves + if pid := container.State.Pid; pid != 0 { + log.Printf("Container %s failed to exit within 10 seconds of kill - trying direct SIGKILL", utils.TruncateID(container.ID)) + if err := syscall.Kill(pid, 9); err != nil { + return err + } } } @@ -962,10 +605,10 @@ func (container *Container) ExportRw() (archive.Archive, error) { if err := container.Mount(); err != nil { return nil, err } - if container.runtime == nil { + if container.daemon == nil { return nil, fmt.Errorf("Can't load storage driver for unregistered container %s", container.ID) } - archive, err := container.runtime.Diff(container) + archive, err := container.daemon.Diff(container) if err != nil { container.Unmount() return nil, err @@ -1012,22 +655,22 @@ func (container *Container) WaitTimeout(timeout time.Duration) error { } func (container *Container) Mount() error { - return container.runtime.Mount(container) + return container.daemon.Mount(container) } func (container *Container) Changes() ([]archive.Change, error) { - return container.runtime.Changes(container) + return container.daemon.Changes(container) } func (container *Container) GetImage() (*image.Image, error) { - if container.runtime == nil { + if container.daemon == nil { return nil, fmt.Errorf("Can't get image of unregistered container") } - return container.runtime.graph.Get(container.Image) + return container.daemon.graph.Get(container.Image) } func (container *Container) Unmount() error { - return container.runtime.Unmount(container) + return container.daemon.Unmount(container) } func (container *Container) logPath(name string) string { @@ -1046,22 +689,6 @@ func (container *Container) jsonPath() string { return path.Join(container.root, "config.json") } -func (container *Container) EnvConfigPath() (string, error) { - p := path.Join(container.root, "config.env") - if _, err := os.Stat(p); err != nil { - if os.IsNotExist(err) { - f, err := os.Create(p) - if err != nil { - return "", err - } - f.Close() - } else { - return "", err - } - } - return p, nil -} - // This method must be exported to be used from the lxc template // This directory is only usable when the container is running func (container *Container) RootfsPath() string { @@ -1080,7 +707,7 @@ func (container *Container) GetSize() (int64, int64) { var ( sizeRw, sizeRootfs int64 err error - driver = container.runtime.driver + driver = container.daemon.driver ) if err := container.Mount(); err != nil { @@ -1089,7 +716,7 @@ func (container *Container) GetSize() (int64, int64) { } defer container.Unmount() - if differ, ok := container.runtime.driver.(graphdriver.Differ); ok { + if differ, ok := container.daemon.driver.(graphdriver.Differ); ok { sizeRw, err = differ.DiffSize(container.ID) if err != nil { utils.Errorf("Warning: driver %s couldn't return diff size of container %s: %s", driver, container.ID, err) @@ -1182,48 +809,298 @@ func (container *Container) DisableLink(name string) { } func (container *Container) setupContainerDns() error { + if container.ResolvConfPath != "" { + return nil + } + var ( - config = container.hostConfig - runtime = container.runtime + config = container.hostConfig + daemon = container.daemon ) - resolvConf, err := utils.GetResolvConf() + + if config.NetworkMode == "host" { + container.ResolvConfPath = "/etc/resolv.conf" + return nil + } + + resolvConf, err := resolvconf.Get() if err != nil { return err } + // If custom dns exists, then create a resolv.conf for the container - if len(config.Dns) > 0 || len(runtime.config.Dns) > 0 || len(config.DnsSearch) > 0 || len(runtime.config.DnsSearch) > 0 { + if len(config.Dns) > 0 || len(daemon.config.Dns) > 0 || len(config.DnsSearch) > 0 || len(daemon.config.DnsSearch) > 0 { var ( - dns = utils.GetNameservers(resolvConf) - dnsSearch = utils.GetSearchDomains(resolvConf) + dns = resolvconf.GetNameservers(resolvConf) + dnsSearch = resolvconf.GetSearchDomains(resolvConf) ) if len(config.Dns) > 0 { dns = config.Dns - } else if len(runtime.config.Dns) > 0 { - dns = runtime.config.Dns + } else if len(daemon.config.Dns) > 0 { + dns = daemon.config.Dns } if len(config.DnsSearch) > 0 { dnsSearch = config.DnsSearch - } else if len(runtime.config.DnsSearch) > 0 { - dnsSearch = runtime.config.DnsSearch + } else if len(daemon.config.DnsSearch) > 0 { + dnsSearch = daemon.config.DnsSearch } container.ResolvConfPath = path.Join(container.root, "resolv.conf") - f, err := os.Create(container.ResolvConfPath) - if err != nil { - return err - } - defer f.Close() - for _, dns := range dns { - if _, err := f.Write([]byte("nameserver " + dns + "\n")); err != nil { - return err - } - } - if len(dnsSearch) > 0 { - if _, err := f.Write([]byte("search " + strings.Join(dnsSearch, " ") + "\n")); err != nil { - return err - } - } + return resolvconf.Build(container.ResolvConfPath, dns, dnsSearch) } else { container.ResolvConfPath = "/etc/resolv.conf" } return nil } + +func (container *Container) initializeNetworking() error { + var err error + if container.hostConfig.NetworkMode.IsHost() { + container.Config.Hostname, err = os.Hostname() + if err != nil { + return err + } + + parts := strings.SplitN(container.Config.Hostname, ".", 2) + if len(parts) > 1 { + container.Config.Hostname = parts[0] + container.Config.Domainname = parts[1] + } + container.HostsPath = "/etc/hosts" + + return container.buildHostnameFile() + } else if container.hostConfig.NetworkMode.IsContainer() { + // we need to get the hosts files from the container to join + nc, err := container.getNetworkedContainer() + if err != nil { + return err + } + container.HostsPath = nc.HostsPath + container.ResolvConfPath = nc.ResolvConfPath + container.Config.Hostname = nc.Config.Hostname + container.Config.Domainname = nc.Config.Domainname + } else if container.daemon.config.DisableNetwork { + container.Config.NetworkDisabled = true + return container.buildHostnameAndHostsFiles("127.0.1.1") + } else { + if err := container.allocateNetwork(); err != nil { + return err + } + return container.buildHostnameAndHostsFiles(container.NetworkSettings.IPAddress) + } + return nil +} + +// Make sure the config is compatible with the current kernel +func (container *Container) verifyDaemonSettings() { + if container.Config.Memory > 0 && !container.daemon.sysInfo.MemoryLimit { + log.Printf("WARNING: Your kernel does not support memory limit capabilities. Limitation discarded.\n") + container.Config.Memory = 0 + } + if container.Config.Memory > 0 && !container.daemon.sysInfo.SwapLimit { + log.Printf("WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.\n") + container.Config.MemorySwap = -1 + } + if container.daemon.sysInfo.IPv4ForwardingDisabled { + log.Printf("WARNING: IPv4 forwarding is disabled. Networking will not work") + } +} + +func (container *Container) setupLinkedContainers() ([]string, error) { + var ( + env []string + daemon = container.daemon + ) + children, err := daemon.Children(container.Name) + if err != nil { + return nil, err + } + + if len(children) > 0 { + container.activeLinks = make(map[string]*links.Link, len(children)) + + // If we encounter an error make sure that we rollback any network + // config and ip table changes + rollback := func() { + for _, link := range container.activeLinks { + link.Disable() + } + container.activeLinks = nil + } + + for linkAlias, child := range children { + if !child.State.IsRunning() { + return nil, fmt.Errorf("Cannot link to a non running container: %s AS %s", child.Name, linkAlias) + } + + link, err := links.NewLink( + container.NetworkSettings.IPAddress, + child.NetworkSettings.IPAddress, + linkAlias, + child.Config.Env, + child.Config.ExposedPorts, + daemon.eng) + + if err != nil { + rollback() + return nil, err + } + + container.activeLinks[link.Alias()] = link + if err := link.Enable(); err != nil { + rollback() + return nil, err + } + + for _, envVar := range link.ToEnv() { + env = append(env, envVar) + } + } + } + return env, nil +} + +func (container *Container) createDaemonEnvironment(linkedEnv []string) []string { + // Setup environment + env := []string{ + "HOME=/", + "PATH=" + DefaultPathEnv, + "HOSTNAME=" + container.Config.Hostname, + } + if container.Config.Tty { + env = append(env, "TERM=xterm") + } + env = append(env, linkedEnv...) + // because the env on the container can override certain default values + // we need to replace the 'env' keys where they match and append anything + // else. + env = utils.ReplaceOrAppendEnvValues(env, container.Config.Env) + + return env +} + +func (container *Container) setupWorkingDirectory() error { + if container.Config.WorkingDir != "" { + container.Config.WorkingDir = path.Clean(container.Config.WorkingDir) + + pthInfo, err := os.Stat(path.Join(container.basefs, container.Config.WorkingDir)) + if err != nil { + if !os.IsNotExist(err) { + return err + } + if err := os.MkdirAll(path.Join(container.basefs, container.Config.WorkingDir), 0755); err != nil { + return err + } + } + if pthInfo != nil && !pthInfo.IsDir() { + return fmt.Errorf("Cannot mkdir: %s is not a directory", container.Config.WorkingDir) + } + } + return nil +} + +func (container *Container) startLoggingToDisk() error { + // Setup logging of stdout and stderr to disk + if err := container.daemon.LogToDisk(container.stdout, container.logPath("json"), "stdout"); err != nil { + return err + } + if err := container.daemon.LogToDisk(container.stderr, container.logPath("json"), "stderr"); err != nil { + return err + } + return nil +} + +func (container *Container) waitForStart() error { + callbackLock := make(chan struct{}) + callback := func(command *execdriver.Command) { + container.State.SetRunning(command.Pid()) + if command.Tty { + // The callback is called after the process Start() + // so we are in the parent process. In TTY mode, stdin/out/err is the PtySlace + // which we close here. + if c, ok := command.Stdout.(io.Closer); ok { + c.Close() + } + } + if err := container.ToDisk(); err != nil { + utils.Debugf("%s", err) + } + close(callbackLock) + } + + // We use a callback here instead of a goroutine and an chan for + // syncronization purposes + cErr := utils.Go(func() error { return container.monitor(callback) }) + + // Start should not return until the process is actually running + select { + case <-callbackLock: + case err := <-cErr: + return err + } + return nil +} + +func (container *Container) allocatePort(eng *engine.Engine, port nat.Port, bindings nat.PortMap) error { + binding := bindings[port] + if container.hostConfig.PublishAllPorts && len(binding) == 0 { + binding = append(binding, nat.PortBinding{}) + } + + for i := 0; i < len(binding); i++ { + b := binding[i] + + job := eng.Job("allocate_port", container.ID) + job.Setenv("HostIP", b.HostIp) + job.Setenv("HostPort", b.HostPort) + job.Setenv("Proto", port.Proto()) + job.Setenv("ContainerPort", port.Port()) + + portEnv, err := job.Stdout.AddEnv() + if err != nil { + return err + } + if err := job.Run(); err != nil { + eng.Job("release_interface", container.ID).Run() + return err + } + b.HostIp = portEnv.Get("HostIP") + b.HostPort = portEnv.Get("HostPort") + + binding[i] = b + } + bindings[port] = binding + return nil +} + +func (container *Container) GetProcessLabel() string { + // even if we have a process label return "" if we are running + // in privileged mode + if container.hostConfig.Privileged { + return "" + } + return container.ProcessLabel +} + +func (container *Container) GetMountLabel() string { + if container.hostConfig.Privileged { + return "" + } + return container.MountLabel +} + +func (container *Container) getNetworkedContainer() (*Container, error) { + parts := strings.SplitN(string(container.hostConfig.NetworkMode), ":", 2) + switch parts[0] { + case "container": + nc := container.daemon.Get(parts[1]) + if nc == nil { + return nil, fmt.Errorf("no such container to join network: %s", parts[1]) + } + if !nc.State.IsRunning() { + return nil, fmt.Errorf("cannot join network of a non running container: %s", parts[1]) + } + return nc, nil + default: + return nil, fmt.Errorf("network mode not set to container") + } +} diff --git a/runtime/container_unit_test.go b/daemon/container_unit_test.go similarity index 99% rename from runtime/container_unit_test.go rename to daemon/container_unit_test.go index fba036ca50..0a8e69ab00 100644 --- a/runtime/container_unit_test.go +++ b/daemon/container_unit_test.go @@ -1,4 +1,4 @@ -package runtime +package daemon import ( "github.com/dotcloud/docker/nat" diff --git a/runtime/runtime.go b/daemon/daemon.go similarity index 63% rename from runtime/runtime.go rename to daemon/daemon.go index 98903cfa08..00b6d9eee2 100644 --- a/runtime/runtime.go +++ b/daemon/daemon.go @@ -1,27 +1,8 @@ -package runtime +package daemon import ( "container/list" "fmt" - "github.com/dotcloud/docker/archive" - "github.com/dotcloud/docker/daemonconfig" - "github.com/dotcloud/docker/dockerversion" - "github.com/dotcloud/docker/engine" - "github.com/dotcloud/docker/graph" - "github.com/dotcloud/docker/image" - "github.com/dotcloud/docker/pkg/graphdb" - "github.com/dotcloud/docker/pkg/mount" - "github.com/dotcloud/docker/pkg/selinux" - "github.com/dotcloud/docker/pkg/sysinfo" - "github.com/dotcloud/docker/runconfig" - "github.com/dotcloud/docker/runtime/execdriver" - "github.com/dotcloud/docker/runtime/execdriver/execdrivers" - "github.com/dotcloud/docker/runtime/execdriver/lxc" - "github.com/dotcloud/docker/runtime/graphdriver" - _ "github.com/dotcloud/docker/runtime/graphdriver/vfs" - _ "github.com/dotcloud/docker/runtime/networkdriver/bridge" - "github.com/dotcloud/docker/runtime/networkdriver/portallocator" - "github.com/dotcloud/docker/utils" "io" "io/ioutil" "log" @@ -31,6 +12,28 @@ import ( "strings" "sync" "time" + + "github.com/dotcloud/docker/archive" + "github.com/dotcloud/docker/daemon/execdriver" + "github.com/dotcloud/docker/daemon/execdriver/execdrivers" + "github.com/dotcloud/docker/daemon/execdriver/lxc" + "github.com/dotcloud/docker/daemon/graphdriver" + _ "github.com/dotcloud/docker/daemon/graphdriver/vfs" + _ "github.com/dotcloud/docker/daemon/networkdriver/bridge" + "github.com/dotcloud/docker/daemon/networkdriver/portallocator" + "github.com/dotcloud/docker/daemonconfig" + "github.com/dotcloud/docker/dockerversion" + "github.com/dotcloud/docker/engine" + "github.com/dotcloud/docker/graph" + "github.com/dotcloud/docker/image" + "github.com/dotcloud/docker/pkg/graphdb" + "github.com/dotcloud/docker/pkg/label" + "github.com/dotcloud/docker/pkg/mount" + "github.com/dotcloud/docker/pkg/networkfs/resolvconf" + "github.com/dotcloud/docker/pkg/selinux" + "github.com/dotcloud/docker/pkg/sysinfo" + "github.com/dotcloud/docker/runconfig" + "github.com/dotcloud/docker/utils" ) // Set the max depth to the aufs default that most @@ -44,7 +47,7 @@ var ( validContainerNamePattern = regexp.MustCompile(`^/?` + validContainerNameChars + `+$`) ) -type Runtime struct { +type Daemon struct { repository string sysInitPath string containers *list.List @@ -76,17 +79,17 @@ func remountPrivate(mountPoint string) error { return mount.ForceMount("", mountPoint, "none", "private") } -// List returns an array of all containers registered in the runtime. -func (runtime *Runtime) List() []*Container { +// List returns an array of all containers registered in the daemon. +func (daemon *Daemon) List() []*Container { containers := new(History) - for e := runtime.containers.Front(); e != nil; e = e.Next() { + for e := daemon.containers.Front(); e != nil; e = e.Next() { containers.Add(e.Value.(*Container)) } return *containers } -func (runtime *Runtime) getContainerElement(id string) *list.Element { - for e := runtime.containers.Front(); e != nil; e = e.Next() { +func (daemon *Daemon) getContainerElement(id string) *list.Element { + for e := daemon.containers.Front(); e != nil; e = e.Next() { container := e.Value.(*Container) if container.ID == id { return e @@ -97,17 +100,17 @@ func (runtime *Runtime) getContainerElement(id string) *list.Element { // Get looks for a container by the specified ID or name, and returns it. // If the container is not found, or if an error occurs, nil is returned. -func (runtime *Runtime) Get(name string) *Container { - if c, _ := runtime.GetByName(name); c != nil { +func (daemon *Daemon) Get(name string) *Container { + if c, _ := daemon.GetByName(name); c != nil { return c } - id, err := runtime.idIndex.Get(name) + id, err := daemon.idIndex.Get(name) if err != nil { return nil } - e := runtime.getContainerElement(id) + e := daemon.getContainerElement(id) if e == nil { return nil } @@ -116,43 +119,40 @@ func (runtime *Runtime) Get(name string) *Container { // Exists returns a true if a container of the specified ID or name exists, // false otherwise. -func (runtime *Runtime) Exists(id string) bool { - return runtime.Get(id) != nil +func (daemon *Daemon) Exists(id string) bool { + return daemon.Get(id) != nil } -func (runtime *Runtime) containerRoot(id string) string { - return path.Join(runtime.repository, id) +func (daemon *Daemon) containerRoot(id string) string { + return path.Join(daemon.repository, id) } // Load reads the contents of a container from disk // This is typically done at startup. -func (runtime *Runtime) load(id string) (*Container, error) { - container := &Container{root: runtime.containerRoot(id)} +func (daemon *Daemon) load(id string) (*Container, error) { + container := &Container{root: daemon.containerRoot(id)} if err := container.FromDisk(); err != nil { return nil, err } if container.ID != id { return container, fmt.Errorf("Container %s is stored at %s", container.ID, id) } - if container.State.IsRunning() { - container.State.SetGhost(true) - } return container, nil } -// Register makes a container object usable by the runtime as -func (runtime *Runtime) Register(container *Container) error { - if container.runtime != nil || runtime.Exists(container.ID) { +// Register makes a container object usable by the daemon as +func (daemon *Daemon) Register(container *Container) error { + if container.daemon != nil || daemon.Exists(container.ID) { return fmt.Errorf("Container is already loaded") } if err := validateID(container.ID); err != nil { return err } - if err := runtime.ensureName(container); err != nil { + if err := daemon.ensureName(container); err != nil { return err } - container.runtime = runtime + container.daemon = daemon // Attach to stdout and stderr container.stderr = utils.NewWriteBroadcaster() @@ -164,55 +164,50 @@ func (runtime *Runtime) Register(container *Container) error { container.stdinPipe = utils.NopWriteCloser(ioutil.Discard) // Silently drop stdin } // done - runtime.containers.PushBack(container) - runtime.idIndex.Add(container.ID) + daemon.containers.PushBack(container) + daemon.idIndex.Add(container.ID) // FIXME: if the container is supposed to be running but is not, auto restart it? // if so, then we need to restart monitor and init a new lock // If the container is supposed to be running, make sure of it if container.State.IsRunning() { - if container.State.IsGhost() { - utils.Debugf("killing ghost %s", container.ID) + utils.Debugf("killing old running container %s", container.ID) - existingPid := container.State.Pid - container.State.SetGhost(false) - container.State.SetStopped(0) + existingPid := container.State.Pid + container.State.SetStopped(0) - // We only have to handle this for lxc because the other drivers will ensure that - // no ghost processes are left when docker dies - if container.ExecDriver == "" || strings.Contains(container.ExecDriver, "lxc") { - lxc.KillLxc(container.ID, 9) - } else { - // use the current driver and ensure that the container is dead x.x - cmd := &execdriver.Command{ - ID: container.ID, - } - var err error - cmd.Process, err = os.FindProcess(existingPid) - if err != nil { - utils.Debugf("cannot find existing process for %d", existingPid) - } - runtime.execDriver.Terminate(cmd) + // We only have to handle this for lxc because the other drivers will ensure that + // no processes are left when docker dies + if container.ExecDriver == "" || strings.Contains(container.ExecDriver, "lxc") { + lxc.KillLxc(container.ID, 9) + } else { + // use the current driver and ensure that the container is dead x.x + cmd := &execdriver.Command{ + ID: container.ID, } - if err := container.Unmount(); err != nil { - utils.Debugf("ghost unmount error %s", err) - } - if err := container.ToDisk(); err != nil { - utils.Debugf("saving ghost state to disk %s", err) + var err error + cmd.Process, err = os.FindProcess(existingPid) + if err != nil { + utils.Debugf("cannot find existing process for %d", existingPid) } + daemon.execDriver.Terminate(cmd) + } + if err := container.Unmount(); err != nil { + utils.Debugf("unmount error %s", err) + } + if err := container.ToDisk(); err != nil { + utils.Debugf("saving stopped state to disk %s", err) } - info := runtime.execDriver.Info(container.ID) + info := daemon.execDriver.Info(container.ID) if !info.IsRunning() { utils.Debugf("Container %s was supposed to be running but is not.", container.ID) - if runtime.config.AutoRestart { + if daemon.config.AutoRestart { utils.Debugf("Restarting") if err := container.Unmount(); err != nil { utils.Debugf("restart unmount error %s", err) } - container.State.SetGhost(false) - container.State.SetStopped(0) if err := container.Start(); err != nil { return err } @@ -234,9 +229,9 @@ func (runtime *Runtime) Register(container *Container) error { return nil } -func (runtime *Runtime) ensureName(container *Container) error { +func (daemon *Daemon) ensureName(container *Container) error { if container.Name == "" { - name, err := generateRandomName(runtime) + name, err := generateRandomName(daemon) if err != nil { name = utils.TruncateID(container.ID) } @@ -245,8 +240,8 @@ func (runtime *Runtime) ensureName(container *Container) error { if err := container.ToDisk(); err != nil { utils.Debugf("Error saving container name %s", err) } - if !runtime.containerGraph.Exists(name) { - if _, err := runtime.containerGraph.Set(name, container.ID); err != nil { + if !daemon.containerGraph.Exists(name) { + if _, err := daemon.containerGraph.Set(name, container.ID); err != nil { utils.Debugf("Setting default id - %s", err) } } @@ -254,7 +249,7 @@ func (runtime *Runtime) ensureName(container *Container) error { return nil } -func (runtime *Runtime) LogToDisk(src *utils.WriteBroadcaster, dst, stream string) error { +func (daemon *Daemon) LogToDisk(src *utils.WriteBroadcaster, dst, stream string) error { log, err := os.OpenFile(dst, os.O_RDWR|os.O_APPEND|os.O_CREATE, 0600) if err != nil { return err @@ -263,13 +258,13 @@ func (runtime *Runtime) LogToDisk(src *utils.WriteBroadcaster, dst, stream strin return nil } -// Destroy unregisters a container from the runtime and cleanly removes its contents from the filesystem. -func (runtime *Runtime) Destroy(container *Container) error { +// Destroy unregisters a container from the daemon and cleanly removes its contents from the filesystem. +func (daemon *Daemon) Destroy(container *Container) error { if container == nil { return fmt.Errorf("The given container is ") } - element := runtime.getContainerElement(container.ID) + element := daemon.getContainerElement(container.ID) if element == nil { return fmt.Errorf("Container %v not found - maybe it was already destroyed?", container.ID) } @@ -278,42 +273,45 @@ func (runtime *Runtime) Destroy(container *Container) error { return err } - if err := runtime.driver.Remove(container.ID); err != nil { - return fmt.Errorf("Driver %s failed to remove root filesystem %s: %s", runtime.driver, container.ID, err) + // Deregister the container before removing its directory, to avoid race conditions + daemon.idIndex.Delete(container.ID) + daemon.containers.Remove(element) + + if err := daemon.driver.Remove(container.ID); err != nil { + return fmt.Errorf("Driver %s failed to remove root filesystem %s: %s", daemon.driver, container.ID, err) } initID := fmt.Sprintf("%s-init", container.ID) - if err := runtime.driver.Remove(initID); err != nil { - return fmt.Errorf("Driver %s failed to remove init filesystem %s: %s", runtime.driver, initID, err) + if err := daemon.driver.Remove(initID); err != nil { + return fmt.Errorf("Driver %s failed to remove init filesystem %s: %s", daemon.driver, initID, err) } - if _, err := runtime.containerGraph.Purge(container.ID); err != nil { + if _, err := daemon.containerGraph.Purge(container.ID); err != nil { utils.Debugf("Unable to remove container from link graph: %s", err) } - // Deregister the container before removing its directory, to avoid race conditions - runtime.idIndex.Delete(container.ID) - runtime.containers.Remove(element) if err := os.RemoveAll(container.root); err != nil { return fmt.Errorf("Unable to remove filesystem for %v: %v", container.ID, err) } + selinux.FreeLxcContexts(container.ProcessLabel) + return nil } -func (runtime *Runtime) restore() error { +func (daemon *Daemon) restore() error { if os.Getenv("DEBUG") == "" && os.Getenv("TEST") == "" { fmt.Printf("Loading containers: ") } - dir, err := ioutil.ReadDir(runtime.repository) + dir, err := ioutil.ReadDir(daemon.repository) if err != nil { return err } containers := make(map[string]*Container) - currentDriver := runtime.driver.String() + currentDriver := daemon.driver.String() for _, v := range dir { id := v.Name() - container, err := runtime.load(id) + container, err := daemon.load(id) if os.Getenv("DEBUG") == "" && os.Getenv("TEST") == "" { fmt.Print(".") } @@ -332,12 +330,12 @@ func (runtime *Runtime) restore() error { } register := func(container *Container) { - if err := runtime.Register(container); err != nil { + if err := daemon.Register(container); err != nil { utils.Debugf("Failed to register container %s: %s", container.ID, err) } } - if entities := runtime.containerGraph.List("/", -1); entities != nil { + if entities := daemon.containerGraph.List("/", -1); entities != nil { for _, p := range entities.Paths() { if os.Getenv("DEBUG") == "" && os.Getenv("TEST") == "" { fmt.Print(".") @@ -353,12 +351,12 @@ func (runtime *Runtime) restore() error { // Any containers that are left over do not exist in the graph for _, container := range containers { // Try to set the default name for a container if it exists prior to links - container.Name, err = generateRandomName(runtime) + container.Name, err = generateRandomName(daemon) if err != nil { container.Name = utils.TruncateID(container.ID) } - if _, err := runtime.containerGraph.Set(container.Name, container.ID); err != nil { + if _, err := daemon.containerGraph.Set(container.Name, container.ID); err != nil { utils.Debugf("Setting default id - %s", err) } register(container) @@ -372,38 +370,38 @@ func (runtime *Runtime) restore() error { } // Create creates a new container from the given configuration with a given name. -func (runtime *Runtime) Create(config *runconfig.Config, name string) (*Container, []string, error) { +func (daemon *Daemon) Create(config *runconfig.Config, name string) (*Container, []string, error) { var ( container *Container warnings []string ) - img, err := runtime.repositories.LookupImage(config.Image) + img, err := daemon.repositories.LookupImage(config.Image) if err != nil { return nil, nil, err } - if err := runtime.checkImageDepth(img); err != nil { + if err := daemon.checkImageDepth(img); err != nil { return nil, nil, err } - if warnings, err = runtime.mergeAndVerifyConfig(config, img); err != nil { + if warnings, err = daemon.mergeAndVerifyConfig(config, img); err != nil { return nil, nil, err } - if container, err = runtime.newContainer(name, config, img); err != nil { + if container, err = daemon.newContainer(name, config, img); err != nil { return nil, nil, err } - if err := runtime.createRootfs(container, img); err != nil { + if err := daemon.createRootfs(container, img); err != nil { return nil, nil, err } if err := container.ToDisk(); err != nil { return nil, nil, err } - if err := runtime.Register(container); err != nil { + if err := daemon.Register(container); err != nil { return nil, nil, err } return container, warnings, nil } -func (runtime *Runtime) checkImageDepth(img *image.Image) error { +func (daemon *Daemon) checkImageDepth(img *image.Image) error { // We add 2 layers to the depth because the container's rw and // init layer add to the restriction depth, err := img.Depth() @@ -416,7 +414,7 @@ func (runtime *Runtime) checkImageDepth(img *image.Image) error { return nil } -func (runtime *Runtime) checkDeprecatedExpose(config *runconfig.Config) bool { +func (daemon *Daemon) checkDeprecatedExpose(config *runconfig.Config) bool { if config != nil { if config.PortSpecs != nil { for _, p := range config.PortSpecs { @@ -429,9 +427,9 @@ func (runtime *Runtime) checkDeprecatedExpose(config *runconfig.Config) bool { return false } -func (runtime *Runtime) mergeAndVerifyConfig(config *runconfig.Config, img *image.Image) ([]string, error) { +func (daemon *Daemon) mergeAndVerifyConfig(config *runconfig.Config, img *image.Image) ([]string, error) { warnings := []string{} - if runtime.checkDeprecatedExpose(img.Config) || runtime.checkDeprecatedExpose(config) { + if daemon.checkDeprecatedExpose(img.Config) || daemon.checkDeprecatedExpose(config) { warnings = append(warnings, "The mapping to public ports on your host via Dockerfile EXPOSE (host:port:port) has been deprecated. Use -p to publish the ports.") } if img.Config != nil { @@ -445,14 +443,14 @@ func (runtime *Runtime) mergeAndVerifyConfig(config *runconfig.Config, img *imag return warnings, nil } -func (runtime *Runtime) generateIdAndName(name string) (string, string, error) { +func (daemon *Daemon) generateIdAndName(name string) (string, string, error) { var ( err error id = utils.GenerateRandomID() ) if name == "" { - name, err = generateRandomName(runtime) + name, err = generateRandomName(daemon) if err != nil { name = utils.TruncateID(id) } @@ -465,19 +463,19 @@ func (runtime *Runtime) generateIdAndName(name string) (string, string, error) { name = "/" + name } // Set the enitity in the graph using the default name specified - if _, err := runtime.containerGraph.Set(name, id); err != nil { + if _, err := daemon.containerGraph.Set(name, id); err != nil { if !graphdb.IsNonUniqueNameError(err) { return "", "", err } - conflictingContainer, err := runtime.GetByName(name) + conflictingContainer, err := daemon.GetByName(name) if err != nil { if strings.Contains(err.Error(), "Could not find entity") { return "", "", err } // Remove name and continue starting the container - if err := runtime.containerGraph.Delete(name); err != nil { + if err := daemon.containerGraph.Delete(name); err != nil { return "", "", err } } else { @@ -490,7 +488,7 @@ func (runtime *Runtime) generateIdAndName(name string) (string, string, error) { return id, name, nil } -func (runtime *Runtime) generateHostname(id string, config *runconfig.Config) { +func (daemon *Daemon) generateHostname(id string, config *runconfig.Config) { // Generate default hostname // FIXME: the lxc template no longer needs to set a default hostname if config.Hostname == "" { @@ -498,7 +496,7 @@ func (runtime *Runtime) generateHostname(id string, config *runconfig.Config) { } } -func (runtime *Runtime) getEntrypointAndArgs(config *runconfig.Config) (string, []string) { +func (daemon *Daemon) getEntrypointAndArgs(config *runconfig.Config) (string, []string) { var ( entrypoint string args []string @@ -513,18 +511,18 @@ func (runtime *Runtime) getEntrypointAndArgs(config *runconfig.Config) (string, return entrypoint, args } -func (runtime *Runtime) newContainer(name string, config *runconfig.Config, img *image.Image) (*Container, error) { +func (daemon *Daemon) newContainer(name string, config *runconfig.Config, img *image.Image) (*Container, error) { var ( id string err error ) - id, name, err = runtime.generateIdAndName(name) + id, name, err = daemon.generateIdAndName(name) if err != nil { return nil, err } - runtime.generateHostname(id, config) - entrypoint, args := runtime.getEntrypointAndArgs(config) + daemon.generateHostname(id, config) + entrypoint, args := daemon.getEntrypointAndArgs(config) container := &Container{ // FIXME: we should generate the ID here instead of receiving it as an argument @@ -537,34 +535,38 @@ func (runtime *Runtime) newContainer(name string, config *runconfig.Config, img Image: img.ID, // Always use the resolved image id NetworkSettings: &NetworkSettings{}, Name: name, - Driver: runtime.driver.String(), - ExecDriver: runtime.execDriver.Name(), + Driver: daemon.driver.String(), + ExecDriver: daemon.execDriver.Name(), + } + container.root = daemon.containerRoot(container.ID) + + if container.ProcessLabel, container.MountLabel, err = label.GenLabels(""); err != nil { + return nil, err } - container.root = runtime.containerRoot(container.ID) return container, nil } -func (runtime *Runtime) createRootfs(container *Container, img *image.Image) error { +func (daemon *Daemon) createRootfs(container *Container, img *image.Image) error { // Step 1: create the container directory. // This doubles as a barrier to avoid race conditions. if err := os.Mkdir(container.root, 0700); err != nil { return err } initID := fmt.Sprintf("%s-init", container.ID) - if err := runtime.driver.Create(initID, img.ID, ""); err != nil { + if err := daemon.driver.Create(initID, img.ID); err != nil { return err } - initPath, err := runtime.driver.Get(initID) + initPath, err := daemon.driver.Get(initID, "") if err != nil { return err } - defer runtime.driver.Put(initID) + defer daemon.driver.Put(initID) if err := graph.SetupInitLayer(initPath); err != nil { return err } - if err := runtime.driver.Create(container.ID, initID, ""); err != nil { + if err := daemon.driver.Create(container.ID, initID); err != nil { return err } return nil @@ -572,7 +574,7 @@ func (runtime *Runtime) createRootfs(container *Container, img *image.Image) err // Commit creates a new filesystem image from the current state of a container. // The image can optionally be tagged into a repository -func (runtime *Runtime) Commit(container *Container, repository, tag, comment, author string, config *runconfig.Config) (*image.Image, error) { +func (daemon *Daemon) Commit(container *Container, repository, tag, comment, author string, config *runconfig.Config) (*image.Image, error) { // FIXME: freeze the container before copying it to avoid data corruption? if err := container.Mount(); err != nil { return nil, err @@ -595,13 +597,13 @@ func (runtime *Runtime) Commit(container *Container, repository, tag, comment, a containerImage = container.Image containerConfig = container.Config } - img, err := runtime.graph.Create(rwTar, containerID, containerImage, comment, author, containerConfig, config) + img, err := daemon.graph.Create(rwTar, containerID, containerImage, comment, author, containerConfig, config) if err != nil { return nil, err } // Register the image if needed if repository != "" { - if err := runtime.repositories.Set(repository, tag, img.ID, true); err != nil { + if err := daemon.repositories.Set(repository, tag, img.ID, true); err != nil { return img, err } } @@ -618,31 +620,31 @@ func GetFullContainerName(name string) (string, error) { return name, nil } -func (runtime *Runtime) GetByName(name string) (*Container, error) { +func (daemon *Daemon) GetByName(name string) (*Container, error) { fullName, err := GetFullContainerName(name) if err != nil { return nil, err } - entity := runtime.containerGraph.Get(fullName) + entity := daemon.containerGraph.Get(fullName) if entity == nil { return nil, fmt.Errorf("Could not find entity for %s", name) } - e := runtime.getContainerElement(entity.ID()) + e := daemon.getContainerElement(entity.ID()) if e == nil { return nil, fmt.Errorf("Could not find container for entity id %s", entity.ID()) } return e.Value.(*Container), nil } -func (runtime *Runtime) Children(name string) (map[string]*Container, error) { +func (daemon *Daemon) Children(name string) (map[string]*Container, error) { name, err := GetFullContainerName(name) if err != nil { return nil, err } children := make(map[string]*Container) - err = runtime.containerGraph.Walk(name, func(p string, e *graphdb.Entity) error { - c := runtime.Get(e.ID()) + err = daemon.containerGraph.Walk(name, func(p string, e *graphdb.Entity) error { + c := daemon.Get(e.ID()) if c == nil { return fmt.Errorf("Could not get container for name %s and id %s", e.ID(), p) } @@ -656,29 +658,28 @@ func (runtime *Runtime) Children(name string) (map[string]*Container, error) { return children, nil } -func (runtime *Runtime) RegisterLink(parent, child *Container, alias string) error { +func (daemon *Daemon) RegisterLink(parent, child *Container, alias string) error { fullName := path.Join(parent.Name, alias) - if !runtime.containerGraph.Exists(fullName) { - _, err := runtime.containerGraph.Set(fullName, child.ID) + if !daemon.containerGraph.Exists(fullName) { + _, err := daemon.containerGraph.Set(fullName, child.ID) return err } return nil } // FIXME: harmonize with NewGraph() -func NewRuntime(config *daemonconfig.Config, eng *engine.Engine) (*Runtime, error) { - runtime, err := NewRuntimeFromDirectory(config, eng) +func NewDaemon(config *daemonconfig.Config, eng *engine.Engine) (*Daemon, error) { + daemon, err := NewDaemonFromDirectory(config, eng) if err != nil { return nil, err } - return runtime, nil + return daemon, nil } -func NewRuntimeFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*Runtime, error) { +func NewDaemonFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*Daemon, error) { if !config.EnableSelinuxSupport { selinux.SetDisabled() } - // Set the default driver graphdriver.DefaultDriver = config.GraphDriver @@ -693,9 +694,9 @@ func NewRuntimeFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (* return nil, err } - runtimeRepo := path.Join(config.Root, "containers") + daemonRepo := path.Join(config.Root, "containers") - if err := os.MkdirAll(runtimeRepo, 0700); err != nil && !os.IsExist(err) { + if err := os.MkdirAll(daemonRepo, 0700); err != nil && !os.IsExist(err) { return nil, err } @@ -774,12 +775,12 @@ func NewRuntimeFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (* return nil, err } - runtime := &Runtime{ - repository: runtimeRepo, + daemon := &Daemon{ + repository: daemonRepo, containers: list.New(), graph: g, repositories: repositories, - idIndex: utils.NewTruncIndex(), + idIndex: utils.NewTruncIndex([]string{}), sysInfo: sysInfo, volumes: volumes, config: config, @@ -790,19 +791,19 @@ func NewRuntimeFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (* eng: eng, } - if err := runtime.checkLocaldns(); err != nil { + if err := daemon.checkLocaldns(); err != nil { return nil, err } - if err := runtime.restore(); err != nil { + if err := daemon.restore(); err != nil { return nil, err } - return runtime, nil + return daemon, nil } -func (runtime *Runtime) shutdown() error { +func (daemon *Daemon) shutdown() error { group := sync.WaitGroup{} utils.Debugf("starting clean shutdown of all containers...") - for _, container := range runtime.List() { + for _, container := range daemon.List() { c := container if c.State.IsRunning() { utils.Debugf("stopping %s", c.ID) @@ -823,22 +824,22 @@ func (runtime *Runtime) shutdown() error { return nil } -func (runtime *Runtime) Close() error { +func (daemon *Daemon) Close() error { errorsStrings := []string{} - if err := runtime.shutdown(); err != nil { - utils.Errorf("runtime.shutdown(): %s", err) + if err := daemon.shutdown(); err != nil { + utils.Errorf("daemon.shutdown(): %s", err) errorsStrings = append(errorsStrings, err.Error()) } if err := portallocator.ReleaseAll(); err != nil { utils.Errorf("portallocator.ReleaseAll(): %s", err) errorsStrings = append(errorsStrings, err.Error()) } - if err := runtime.driver.Cleanup(); err != nil { - utils.Errorf("runtime.driver.Cleanup(): %s", err.Error()) + if err := daemon.driver.Cleanup(); err != nil { + utils.Errorf("daemon.driver.Cleanup(): %s", err.Error()) errorsStrings = append(errorsStrings, err.Error()) } - if err := runtime.containerGraph.Close(); err != nil { - utils.Errorf("runtime.containerGraph.Close(): %s", err.Error()) + if err := daemon.containerGraph.Close(); err != nil { + utils.Errorf("daemon.containerGraph.Close(): %s", err.Error()) errorsStrings = append(errorsStrings, err.Error()) } if len(errorsStrings) > 0 { @@ -847,55 +848,55 @@ func (runtime *Runtime) Close() error { return nil } -func (runtime *Runtime) Mount(container *Container) error { - dir, err := runtime.driver.Get(container.ID) +func (daemon *Daemon) Mount(container *Container) error { + dir, err := daemon.driver.Get(container.ID, container.GetMountLabel()) if err != nil { - return fmt.Errorf("Error getting container %s from driver %s: %s", container.ID, runtime.driver, err) + return fmt.Errorf("Error getting container %s from driver %s: %s", container.ID, daemon.driver, err) } if container.basefs == "" { container.basefs = dir } else if container.basefs != dir { return fmt.Errorf("Error: driver %s is returning inconsistent paths for container %s ('%s' then '%s')", - runtime.driver, container.ID, container.basefs, dir) + daemon.driver, container.ID, container.basefs, dir) } return nil } -func (runtime *Runtime) Unmount(container *Container) error { - runtime.driver.Put(container.ID) +func (daemon *Daemon) Unmount(container *Container) error { + daemon.driver.Put(container.ID) return nil } -func (runtime *Runtime) Changes(container *Container) ([]archive.Change, error) { - if differ, ok := runtime.driver.(graphdriver.Differ); ok { +func (daemon *Daemon) Changes(container *Container) ([]archive.Change, error) { + if differ, ok := daemon.driver.(graphdriver.Differ); ok { return differ.Changes(container.ID) } - cDir, err := runtime.driver.Get(container.ID) + cDir, err := daemon.driver.Get(container.ID, "") if err != nil { - return nil, fmt.Errorf("Error getting container rootfs %s from driver %s: %s", container.ID, container.runtime.driver, err) + return nil, fmt.Errorf("Error getting container rootfs %s from driver %s: %s", container.ID, container.daemon.driver, err) } - defer runtime.driver.Put(container.ID) - initDir, err := runtime.driver.Get(container.ID + "-init") + defer daemon.driver.Put(container.ID) + initDir, err := daemon.driver.Get(container.ID+"-init", "") if err != nil { - return nil, fmt.Errorf("Error getting container init rootfs %s from driver %s: %s", container.ID, container.runtime.driver, err) + return nil, fmt.Errorf("Error getting container init rootfs %s from driver %s: %s", container.ID, container.daemon.driver, err) } - defer runtime.driver.Put(container.ID + "-init") + defer daemon.driver.Put(container.ID + "-init") return archive.ChangesDirs(cDir, initDir) } -func (runtime *Runtime) Diff(container *Container) (archive.Archive, error) { - if differ, ok := runtime.driver.(graphdriver.Differ); ok { +func (daemon *Daemon) Diff(container *Container) (archive.Archive, error) { + if differ, ok := daemon.driver.(graphdriver.Differ); ok { return differ.Diff(container.ID) } - changes, err := runtime.Changes(container) + changes, err := daemon.Changes(container) if err != nil { return nil, err } - cDir, err := runtime.driver.Get(container.ID) + cDir, err := daemon.driver.Get(container.ID, "") if err != nil { - return nil, fmt.Errorf("Error getting container rootfs %s from driver %s: %s", container.ID, container.runtime.driver, err) + return nil, fmt.Errorf("Error getting container rootfs %s from driver %s: %s", container.ID, container.daemon.driver, err) } archive, err := archive.ExportChanges(cDir, changes) @@ -904,26 +905,26 @@ func (runtime *Runtime) Diff(container *Container) (archive.Archive, error) { } return utils.NewReadCloserWrapper(archive, func() error { err := archive.Close() - runtime.driver.Put(container.ID) + daemon.driver.Put(container.ID) return err }), nil } -func (runtime *Runtime) Run(c *Container, pipes *execdriver.Pipes, startCallback execdriver.StartCallback) (int, error) { - return runtime.execDriver.Run(c.command, pipes, startCallback) +func (daemon *Daemon) Run(c *Container, pipes *execdriver.Pipes, startCallback execdriver.StartCallback) (int, error) { + return daemon.execDriver.Run(c.command, pipes, startCallback) } -func (runtime *Runtime) Kill(c *Container, sig int) error { - return runtime.execDriver.Kill(c.command, sig) +func (daemon *Daemon) Kill(c *Container, sig int) error { + return daemon.execDriver.Kill(c.command, sig) } // Nuke kills all containers then removes all content // from the content root, including images, volumes and // container filesystems. -// Again: this will remove your entire docker runtime! -func (runtime *Runtime) Nuke() error { +// Again: this will remove your entire docker daemon! +func (daemon *Daemon) Nuke() error { var wg sync.WaitGroup - for _, container := range runtime.List() { + for _, container := range daemon.List() { wg.Add(1) go func(c *Container) { c.Kill() @@ -931,63 +932,63 @@ func (runtime *Runtime) Nuke() error { }(container) } wg.Wait() - runtime.Close() + daemon.Close() - return os.RemoveAll(runtime.config.Root) + return os.RemoveAll(daemon.config.Root) } // FIXME: this is a convenience function for integration tests -// which need direct access to runtime.graph. +// which need direct access to daemon.graph. // Once the tests switch to using engine and jobs, this method // can go away. -func (runtime *Runtime) Graph() *graph.Graph { - return runtime.graph +func (daemon *Daemon) Graph() *graph.Graph { + return daemon.graph } -func (runtime *Runtime) Repositories() *graph.TagStore { - return runtime.repositories +func (daemon *Daemon) Repositories() *graph.TagStore { + return daemon.repositories } -func (runtime *Runtime) Config() *daemonconfig.Config { - return runtime.config +func (daemon *Daemon) Config() *daemonconfig.Config { + return daemon.config } -func (runtime *Runtime) SystemConfig() *sysinfo.SysInfo { - return runtime.sysInfo +func (daemon *Daemon) SystemConfig() *sysinfo.SysInfo { + return daemon.sysInfo } -func (runtime *Runtime) SystemInitPath() string { - return runtime.sysInitPath +func (daemon *Daemon) SystemInitPath() string { + return daemon.sysInitPath } -func (runtime *Runtime) GraphDriver() graphdriver.Driver { - return runtime.driver +func (daemon *Daemon) GraphDriver() graphdriver.Driver { + return daemon.driver } -func (runtime *Runtime) ExecutionDriver() execdriver.Driver { - return runtime.execDriver +func (daemon *Daemon) ExecutionDriver() execdriver.Driver { + return daemon.execDriver } -func (runtime *Runtime) Volumes() *graph.Graph { - return runtime.volumes +func (daemon *Daemon) Volumes() *graph.Graph { + return daemon.volumes } -func (runtime *Runtime) ContainerGraph() *graphdb.Database { - return runtime.containerGraph +func (daemon *Daemon) ContainerGraph() *graphdb.Database { + return daemon.containerGraph } -func (runtime *Runtime) SetServer(server Server) { - runtime.srv = server +func (daemon *Daemon) SetServer(server Server) { + daemon.srv = server } -func (runtime *Runtime) checkLocaldns() error { - resolvConf, err := utils.GetResolvConf() +func (daemon *Daemon) checkLocaldns() error { + resolvConf, err := resolvconf.Get() if err != nil { return err } - if len(runtime.config.Dns) == 0 && utils.CheckLocalDns(resolvConf) { + if len(daemon.config.Dns) == 0 && utils.CheckLocalDns(resolvConf) { log.Printf("Local (127.0.0.1) DNS resolver found in resolv.conf and containers can't use it. Using default external servers : %v\n", DefaultDns) - runtime.config.Dns = DefaultDns + daemon.config.Dns = DefaultDns } return nil } diff --git a/runtime/runtime_aufs.go b/daemon/daemon_aufs.go similarity index 80% rename from runtime/runtime_aufs.go rename to daemon/daemon_aufs.go index 5a32615df5..ee3e1d1a58 100644 --- a/runtime/runtime_aufs.go +++ b/daemon/daemon_aufs.go @@ -1,11 +1,11 @@ // +build !exclude_graphdriver_aufs -package runtime +package daemon import ( + "github.com/dotcloud/docker/daemon/graphdriver" + "github.com/dotcloud/docker/daemon/graphdriver/aufs" "github.com/dotcloud/docker/graph" - "github.com/dotcloud/docker/runtime/graphdriver" - "github.com/dotcloud/docker/runtime/graphdriver/aufs" "github.com/dotcloud/docker/utils" ) diff --git a/daemon/daemon_btrfs.go b/daemon/daemon_btrfs.go new file mode 100644 index 0000000000..f343d699c4 --- /dev/null +++ b/daemon/daemon_btrfs.go @@ -0,0 +1,7 @@ +// +build !exclude_graphdriver_btrfs + +package daemon + +import ( + _ "github.com/dotcloud/docker/daemon/graphdriver/btrfs" +) diff --git a/daemon/daemon_devicemapper.go b/daemon/daemon_devicemapper.go new file mode 100644 index 0000000000..ddf8107414 --- /dev/null +++ b/daemon/daemon_devicemapper.go @@ -0,0 +1,7 @@ +// +build !exclude_graphdriver_devicemapper + +package daemon + +import ( + _ "github.com/dotcloud/docker/daemon/graphdriver/devmapper" +) diff --git a/runtime/runtime_no_aufs.go b/daemon/daemon_no_aufs.go similarity index 66% rename from runtime/runtime_no_aufs.go rename to daemon/daemon_no_aufs.go index 05a01fe151..2d9fed29b9 100644 --- a/runtime/runtime_no_aufs.go +++ b/daemon/daemon_no_aufs.go @@ -1,9 +1,9 @@ // +build exclude_graphdriver_aufs -package runtime +package daemon import ( - "github.com/dotcloud/docker/runtime/graphdriver" + "github.com/dotcloud/docker/daemon/graphdriver" ) func migrateIfAufs(driver graphdriver.Driver, root string) error { diff --git a/runtime/execdriver/MAINTAINERS b/daemon/execdriver/MAINTAINERS similarity index 100% rename from runtime/execdriver/MAINTAINERS rename to daemon/execdriver/MAINTAINERS diff --git a/runtime/execdriver/driver.go b/daemon/execdriver/driver.go similarity index 93% rename from runtime/execdriver/driver.go rename to daemon/execdriver/driver.go index 27a575cb3a..4837a398ea 100644 --- a/runtime/execdriver/driver.go +++ b/daemon/execdriver/driver.go @@ -89,8 +89,10 @@ type Driver interface { // Network settings of the container type Network struct { - Interface *NetworkInterface `json:"interface"` // if interface is nil then networking is disabled - Mtu int `json:"mtu"` + Interface *NetworkInterface `json:"interface"` // if interface is nil then networking is disabled + Mtu int `json:"mtu"` + ContainerID string `json:"container_id"` // id of the container to join network. + HostNetworking bool `json:"host_networking"` } type NetworkInterface struct { diff --git a/runtime/execdriver/execdrivers/execdrivers.go b/daemon/execdriver/execdrivers/execdrivers.go similarity index 79% rename from runtime/execdriver/execdrivers/execdrivers.go rename to daemon/execdriver/execdrivers/execdrivers.go index 9e277c86df..18db1f8026 100644 --- a/runtime/execdriver/execdrivers/execdrivers.go +++ b/daemon/execdriver/execdrivers/execdrivers.go @@ -2,10 +2,10 @@ package execdrivers import ( "fmt" + "github.com/dotcloud/docker/daemon/execdriver" + "github.com/dotcloud/docker/daemon/execdriver/lxc" + "github.com/dotcloud/docker/daemon/execdriver/native" "github.com/dotcloud/docker/pkg/sysinfo" - "github.com/dotcloud/docker/runtime/execdriver" - "github.com/dotcloud/docker/runtime/execdriver/lxc" - "github.com/dotcloud/docker/runtime/execdriver/native" "path" ) diff --git a/runtime/execdriver/lxc/driver.go b/daemon/execdriver/lxc/driver.go similarity index 94% rename from runtime/execdriver/lxc/driver.go rename to daemon/execdriver/lxc/driver.go index ef16dcc380..d787d8d873 100644 --- a/runtime/execdriver/lxc/driver.go +++ b/daemon/execdriver/lxc/driver.go @@ -1,11 +1,8 @@ package lxc import ( + "encoding/json" "fmt" - "github.com/dotcloud/docker/pkg/cgroups" - "github.com/dotcloud/docker/pkg/label" - "github.com/dotcloud/docker/runtime/execdriver" - "github.com/dotcloud/docker/utils" "io/ioutil" "log" "os" @@ -16,6 +13,12 @@ import ( "strings" "syscall" "time" + + "github.com/dotcloud/docker/daemon/execdriver" + "github.com/dotcloud/docker/pkg/cgroups" + "github.com/dotcloud/docker/pkg/label" + "github.com/dotcloud/docker/pkg/system" + "github.com/dotcloud/docker/utils" ) const DriverName = "lxc" @@ -25,23 +28,21 @@ func init() { if err := setupEnv(args); err != nil { return err } - if err := setupHostname(args); err != nil { return err } - if err := setupNetworking(args); err != nil { return err } - if err := setupCapabilities(args); err != nil { return err } - if err := setupWorkingDirectory(args); err != nil { return err } - + if err := system.CloseFdsFrom(3); err != nil { + return err + } if err := changeUser(args); err != nil { return err } @@ -85,6 +86,9 @@ func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallba if err := execdriver.SetTerminal(c, pipes); err != nil { return -1, err } + if err := d.generateEnvConfig(c); err != nil { + return -1, err + } configPath, err := d.generateLXCConfig(c) if err != nil { return -1, err @@ -416,3 +420,14 @@ func (d *driver) generateLXCConfig(c *execdriver.Command) (string, error) { } return root, nil } + +func (d *driver) generateEnvConfig(c *execdriver.Command) error { + data, err := json.Marshal(c.Env) + if err != nil { + return err + } + p := path.Join(d.root, "containers", c.ID, "config.env") + c.Mounts = append(c.Mounts, execdriver.Mount{p, "/.dockerenv", false, true}) + + return ioutil.WriteFile(p, data, 0600) +} diff --git a/runtime/execdriver/lxc/info.go b/daemon/execdriver/lxc/info.go similarity index 100% rename from runtime/execdriver/lxc/info.go rename to daemon/execdriver/lxc/info.go diff --git a/runtime/execdriver/lxc/info_test.go b/daemon/execdriver/lxc/info_test.go similarity index 100% rename from runtime/execdriver/lxc/info_test.go rename to daemon/execdriver/lxc/info_test.go diff --git a/runtime/execdriver/lxc/init.go b/daemon/execdriver/lxc/init.go similarity index 98% rename from runtime/execdriver/lxc/init.go rename to daemon/execdriver/lxc/init.go index c1933a5e43..e21e717645 100644 --- a/runtime/execdriver/lxc/init.go +++ b/daemon/execdriver/lxc/init.go @@ -3,15 +3,16 @@ package lxc import ( "encoding/json" "fmt" - "github.com/dotcloud/docker/pkg/netlink" - "github.com/dotcloud/docker/pkg/user" - "github.com/dotcloud/docker/runtime/execdriver" - "github.com/syndtr/gocapability/capability" "io/ioutil" "net" "os" "strings" "syscall" + + "github.com/dotcloud/docker/daemon/execdriver" + "github.com/dotcloud/docker/pkg/netlink" + "github.com/dotcloud/docker/pkg/user" + "github.com/syndtr/gocapability/capability" ) // Clear environment pollution introduced by lxc-start @@ -149,6 +150,7 @@ func setupCapabilities(args *execdriver.InitArgs) error { capability.CAP_MAC_OVERRIDE, capability.CAP_MAC_ADMIN, capability.CAP_NET_ADMIN, + capability.CAP_SYSLOG, } c, err := capability.NewPid(os.Getpid()) diff --git a/runtime/execdriver/lxc/lxc_init_linux.go b/daemon/execdriver/lxc/lxc_init_linux.go similarity index 100% rename from runtime/execdriver/lxc/lxc_init_linux.go rename to daemon/execdriver/lxc/lxc_init_linux.go diff --git a/runtime/execdriver/lxc/lxc_init_unsupported.go b/daemon/execdriver/lxc/lxc_init_unsupported.go similarity index 100% rename from runtime/execdriver/lxc/lxc_init_unsupported.go rename to daemon/execdriver/lxc/lxc_init_unsupported.go diff --git a/runtime/execdriver/lxc/lxc_template.go b/daemon/execdriver/lxc/lxc_template.go similarity index 88% rename from runtime/execdriver/lxc/lxc_template.go rename to daemon/execdriver/lxc/lxc_template.go index c49753c6aa..7fdc5ce92b 100644 --- a/runtime/execdriver/lxc/lxc_template.go +++ b/daemon/execdriver/lxc/lxc_template.go @@ -1,10 +1,11 @@ package lxc import ( - "github.com/dotcloud/docker/pkg/label" - "github.com/dotcloud/docker/runtime/execdriver" "strings" "text/template" + + "github.com/dotcloud/docker/daemon/execdriver" + "github.com/dotcloud/docker/pkg/label" ) const LxcTemplate = ` @@ -13,12 +14,13 @@ const LxcTemplate = ` lxc.network.type = veth lxc.network.link = {{.Network.Interface.Bridge}} lxc.network.name = eth0 -{{else}} +lxc.network.mtu = {{.Network.Mtu}} +{{else if not .Network.HostNetworking}} # network is disabled (-n=false) lxc.network.type = empty lxc.network.flags = up -{{end}} lxc.network.mtu = {{.Network.Mtu}} +{{end}} # root filesystem {{$ROOTFS := .Rootfs}} @@ -82,12 +84,11 @@ lxc.pivotdir = lxc_putold # NOTICE: These mounts must be applied within the namespace -# WARNING: procfs is a known attack vector and should probably be disabled -# if your userspace allows it. eg. see http://blog.zx2c4.com/749 +# WARNING: mounting procfs and/or sysfs read-write is a known attack vector. +# See e.g. http://blog.zx2c4.com/749 and http://bit.ly/T9CkqJ +# We mount them read-write here, but later, dockerinit will call the Restrict() function to remount them read-only. +# We cannot mount them directly read-only, because that would prevent loading AppArmor profiles. lxc.mount.entry = proc {{escapeFstabSpaces $ROOTFS}}/proc proc nosuid,nodev,noexec 0 0 - -# WARNING: sysfs is a known attack vector and should probably be disabled -# if your userspace allows it. eg. see http://bit.ly/T9CkqJ lxc.mount.entry = sysfs {{escapeFstabSpaces $ROOTFS}}/sys sysfs nosuid,nodev,noexec 0 0 {{if .Tty}} @@ -109,7 +110,7 @@ lxc.mount.entry = {{$value.Source}} {{escapeFstabSpaces $ROOTFS}}/{{escapeFstabS {{if .AppArmor}} lxc.aa_profile = unconfined {{else}} -#lxc.aa_profile = unconfined +# Let AppArmor normal confinement take place (i.e., not unconfined) {{end}} {{end}} diff --git a/runtime/execdriver/lxc/lxc_template_unit_test.go b/daemon/execdriver/lxc/lxc_template_unit_test.go similarity index 98% rename from runtime/execdriver/lxc/lxc_template_unit_test.go rename to daemon/execdriver/lxc/lxc_template_unit_test.go index 7f473a0502..96d11b204b 100644 --- a/runtime/execdriver/lxc/lxc_template_unit_test.go +++ b/daemon/execdriver/lxc/lxc_template_unit_test.go @@ -3,7 +3,7 @@ package lxc import ( "bufio" "fmt" - "github.com/dotcloud/docker/runtime/execdriver" + "github.com/dotcloud/docker/daemon/execdriver" "io/ioutil" "math/rand" "os" diff --git a/runtime/execdriver/native/configuration/parse.go b/daemon/execdriver/native/configuration/parse.go similarity index 78% rename from runtime/execdriver/native/configuration/parse.go rename to daemon/execdriver/native/configuration/parse.go index 6d6c643919..22fe4b0e66 100644 --- a/runtime/execdriver/native/configuration/parse.go +++ b/daemon/execdriver/native/configuration/parse.go @@ -2,12 +2,13 @@ package configuration import ( "fmt" - "github.com/dotcloud/docker/pkg/libcontainer" - "github.com/dotcloud/docker/utils" "os/exec" "path/filepath" "strconv" "strings" + + "github.com/dotcloud/docker/pkg/libcontainer" + "github.com/dotcloud/docker/utils" ) type Action func(*libcontainer.Container, interface{}, string) error @@ -21,10 +22,13 @@ var actions = map[string]Action{ "net.join": joinNetNamespace, // join another containers net namespace - "cgroups.cpu_shares": cpuShares, // set the cpu shares - "cgroups.memory": memory, // set the memory limit - "cgroups.memory_swap": memorySwap, // set the memory swap limit - "cgroups.cpuset.cpus": cpusetCpus, // set the cpus used + "cgroups.cpu_shares": cpuShares, // set the cpu shares + "cgroups.memory": memory, // set the memory limit + "cgroups.memory_reservation": memoryReservation, // set the memory reservation + "cgroups.memory_swap": memorySwap, // set the memory swap limit + "cgroups.cpuset.cpus": cpusetCpus, // set the cpus used + + "systemd.slice": systemdSlice, // set parent Slice used for systemd unit "apparmor_profile": apparmorProfile, // set the apparmor profile to apply @@ -40,6 +44,15 @@ func cpusetCpus(container *libcontainer.Container, context interface{}, value st return nil } +func systemdSlice(container *libcontainer.Container, context interface{}, value string) error { + if container.Cgroups == nil { + return fmt.Errorf("cannot set slice when cgroups are disabled") + } + container.Cgroups.Slice = value + + return nil +} + func apparmorProfile(container *libcontainer.Container, context interface{}, value string) error { container.Context["apparmor_profile"] = value return nil @@ -70,6 +83,19 @@ func memory(container *libcontainer.Container, context interface{}, value string return nil } +func memoryReservation(container *libcontainer.Container, context interface{}, value string) error { + if container.Cgroups == nil { + return fmt.Errorf("cannot set cgroups when they are disabled") + } + + v, err := utils.RAMInBytes(value) + if err != nil { + return err + } + container.Cgroups.MemoryReservation = v + return nil +} + func memorySwap(container *libcontainer.Container, context interface{}, value string) error { if container.Cgroups == nil { return fmt.Errorf("cannot set cgroups when they are disabled") @@ -83,38 +109,22 @@ func memorySwap(container *libcontainer.Container, context interface{}, value st } func addCap(container *libcontainer.Container, context interface{}, value string) error { - c := container.CapabilitiesMask.Get(value) - if c == nil { - return fmt.Errorf("%s is not a valid capability", value) - } - c.Enabled = true + container.CapabilitiesMask[value] = true return nil } func dropCap(container *libcontainer.Container, context interface{}, value string) error { - c := container.CapabilitiesMask.Get(value) - if c == nil { - return fmt.Errorf("%s is not a valid capability", value) - } - c.Enabled = false + container.CapabilitiesMask[value] = false return nil } func addNamespace(container *libcontainer.Container, context interface{}, value string) error { - ns := container.Namespaces.Get(value) - if ns == nil { - return fmt.Errorf("%s is not a valid namespace", value[1:]) - } - ns.Enabled = true + container.Namespaces[value] = true return nil } func dropNamespace(container *libcontainer.Container, context interface{}, value string) error { - ns := container.Namespaces.Get(value) - if ns == nil { - return fmt.Errorf("%s is not a valid namespace", value[1:]) - } - ns.Enabled = false + container.Namespaces[value] = false return nil } diff --git a/runtime/execdriver/native/configuration/parse_test.go b/daemon/execdriver/native/configuration/parse_test.go similarity index 78% rename from runtime/execdriver/native/configuration/parse_test.go rename to daemon/execdriver/native/configuration/parse_test.go index 8001358766..1b0316b688 100644 --- a/runtime/execdriver/native/configuration/parse_test.go +++ b/daemon/execdriver/native/configuration/parse_test.go @@ -1,8 +1,9 @@ package configuration import ( - "github.com/dotcloud/docker/runtime/execdriver/native/template" "testing" + + "github.com/dotcloud/docker/daemon/execdriver/native/template" ) func TestSetReadonlyRootFs(t *testing.T) { @@ -38,10 +39,10 @@ func TestConfigurationsDoNotConflict(t *testing.T) { t.Fatal(err) } - if !container1.CapabilitiesMask.Get("NET_ADMIN").Enabled { + if !container1.CapabilitiesMask["NET_ADMIN"] { t.Fatal("container one should have NET_ADMIN enabled") } - if container2.CapabilitiesMask.Get("NET_ADMIN").Enabled { + if container2.CapabilitiesMask["NET_ADMIN"] { t.Fatal("container two should not have NET_ADMIN enabled") } } @@ -93,7 +94,7 @@ func TestCpuShares(t *testing.T) { } } -func TestCgroupMemory(t *testing.T) { +func TestMemory(t *testing.T) { var ( container = template.New() opts = []string{ @@ -109,6 +110,22 @@ func TestCgroupMemory(t *testing.T) { } } +func TestMemoryReservation(t *testing.T) { + var ( + container = template.New() + opts = []string{ + "cgroups.memory_reservation=500m", + } + ) + if err := ParseConfiguration(container, nil, opts); err != nil { + t.Fatal(err) + } + + if expected := int64(500 * 1024 * 1024); container.Cgroups.MemoryReservation != expected { + t.Fatalf("expected memory reservation %d got %d", expected, container.Cgroups.MemoryReservation) + } +} + func TestAddCap(t *testing.T) { var ( container = template.New() @@ -121,10 +138,10 @@ func TestAddCap(t *testing.T) { t.Fatal(err) } - if !container.CapabilitiesMask.Get("MKNOD").Enabled { + if !container.CapabilitiesMask["MKNOD"] { t.Fatal("container should have MKNOD enabled") } - if !container.CapabilitiesMask.Get("SYS_ADMIN").Enabled { + if !container.CapabilitiesMask["SYS_ADMIN"] { t.Fatal("container should have SYS_ADMIN enabled") } } @@ -137,14 +154,14 @@ func TestDropCap(t *testing.T) { } ) // enabled all caps like in privileged mode - for _, c := range container.CapabilitiesMask { - c.Enabled = true + for key := range container.CapabilitiesMask { + container.CapabilitiesMask[key] = true } if err := ParseConfiguration(container, nil, opts); err != nil { t.Fatal(err) } - if container.CapabilitiesMask.Get("MKNOD").Enabled { + if container.CapabilitiesMask["MKNOD"] { t.Fatal("container should not have MKNOD enabled") } } @@ -160,7 +177,7 @@ func TestDropNamespace(t *testing.T) { t.Fatal(err) } - if container.Namespaces.Get("NEWNET").Enabled { + if container.Namespaces["NEWNET"] { t.Fatal("container should not have NEWNET enabled") } } diff --git a/runtime/execdriver/native/create.go b/daemon/execdriver/native/create.go similarity index 64% rename from runtime/execdriver/native/create.go rename to daemon/execdriver/native/create.go index 71fab3e064..a7b3d9a107 100644 --- a/runtime/execdriver/native/create.go +++ b/daemon/execdriver/native/create.go @@ -3,12 +3,13 @@ package native import ( "fmt" "os" + "path/filepath" - "github.com/dotcloud/docker/pkg/label" + "github.com/dotcloud/docker/daemon/execdriver" + "github.com/dotcloud/docker/daemon/execdriver/native/configuration" + "github.com/dotcloud/docker/daemon/execdriver/native/template" + "github.com/dotcloud/docker/pkg/apparmor" "github.com/dotcloud/docker/pkg/libcontainer" - "github.com/dotcloud/docker/runtime/execdriver" - "github.com/dotcloud/docker/runtime/execdriver/native/configuration" - "github.com/dotcloud/docker/runtime/execdriver/native/template" ) // createContainer populates and configures the container type with the @@ -24,6 +25,7 @@ func (d *driver) createContainer(c *execdriver.Command) (*libcontainer.Container container.Cgroups.Name = c.ID // check to see if we are running in ramdisk to disable pivot root container.NoPivotRoot = os.Getenv("DOCKER_RAMDISK") != "" + container.Context["restrictions"] = "true" if err := d.createNetwork(container, c); err != nil { return nil, err @@ -32,6 +34,8 @@ func (d *driver) createContainer(c *execdriver.Command) (*libcontainer.Container if err := d.setPrivileged(container); err != nil { return nil, err } + } else { + container.Mounts = append(container.Mounts, libcontainer.Mount{Type: "devtmpfs"}) } if err := d.setupCgroups(container, c); err != nil { return nil, err @@ -49,6 +53,10 @@ func (d *driver) createContainer(c *execdriver.Command) (*libcontainer.Container } func (d *driver) createNetwork(container *libcontainer.Container, c *execdriver.Command) error { + if c.Network.HostNetworking { + container.Namespaces["NEWNET"] = false + return nil + } container.Networks = []*libcontainer.Network{ { Mtu: c.Network.Mtu, @@ -72,15 +80,34 @@ func (d *driver) createNetwork(container *libcontainer.Container, c *execdriver. } container.Networks = append(container.Networks, &vethNetwork) } + + if c.Network.ContainerID != "" { + cmd := d.activeContainers[c.Network.ContainerID] + if cmd == nil || cmd.Process == nil { + return fmt.Errorf("%s is not a valid running container to join", c.Network.ContainerID) + } + nspath := filepath.Join("/proc", fmt.Sprint(cmd.Process.Pid), "ns", "net") + container.Networks = append(container.Networks, &libcontainer.Network{ + Type: "netns", + Context: libcontainer.Context{ + "nspath": nspath, + }, + }) + } return nil } func (d *driver) setPrivileged(container *libcontainer.Container) error { - for _, c := range container.CapabilitiesMask { - c.Enabled = true + for key := range container.CapabilitiesMask { + container.CapabilitiesMask[key] = true } container.Cgroups.DeviceAccess = true - container.Context["apparmor_profile"] = "unconfined" + + delete(container.Context, "restrictions") + + if apparmor.IsEnabled() { + container.Context["apparmor_profile"] = "unconfined" + } return nil } @@ -88,6 +115,7 @@ func (d *driver) setupCgroups(container *libcontainer.Container, c *execdriver.C if c.Resources != nil { container.Cgroups.CpuShares = c.Resources.CpuShares container.Cgroups.Memory = c.Resources.Memory + container.Cgroups.MemoryReservation = c.Resources.Memory container.Cgroups.MemorySwap = c.Resources.MemorySwap } return nil @@ -95,20 +123,19 @@ func (d *driver) setupCgroups(container *libcontainer.Container, c *execdriver.C func (d *driver) setupMounts(container *libcontainer.Container, c *execdriver.Command) error { for _, m := range c.Mounts { - container.Mounts = append(container.Mounts, libcontainer.Mount{m.Source, m.Destination, m.Writable, m.Private}) + container.Mounts = append(container.Mounts, libcontainer.Mount{ + Type: "bind", + Source: m.Source, + Destination: m.Destination, + Writable: m.Writable, + Private: m.Private, + }) } return nil } func (d *driver) setupLabels(container *libcontainer.Container, c *execdriver.Command) error { - labels := c.Config["label"] - if len(labels) > 0 { - process, mount, err := label.GenLabels(labels[0]) - if err != nil { - return err - } - container.Context["mount_label"] = mount - container.Context["process_label"] = process - } + container.Context["process_label"] = c.Config["process_label"][0] + container.Context["mount_label"] = c.Config["mount_label"][0] return nil } diff --git a/runtime/execdriver/native/driver.go b/daemon/execdriver/native/driver.go similarity index 65% rename from runtime/execdriver/native/driver.go rename to daemon/execdriver/native/driver.go index d18865e508..2e57729d4b 100644 --- a/runtime/execdriver/native/driver.go +++ b/daemon/execdriver/native/driver.go @@ -3,35 +3,31 @@ package native import ( "encoding/json" "fmt" - "github.com/dotcloud/docker/pkg/cgroups" - "github.com/dotcloud/docker/pkg/libcontainer" - "github.com/dotcloud/docker/pkg/libcontainer/apparmor" - "github.com/dotcloud/docker/pkg/libcontainer/nsinit" - "github.com/dotcloud/docker/pkg/system" - "github.com/dotcloud/docker/runtime/execdriver" - "io" "io/ioutil" - "log" "os" "os/exec" "path/filepath" "strconv" "strings" "syscall" + + "github.com/dotcloud/docker/daemon/execdriver" + "github.com/dotcloud/docker/pkg/apparmor" + "github.com/dotcloud/docker/pkg/cgroups" + "github.com/dotcloud/docker/pkg/libcontainer" + "github.com/dotcloud/docker/pkg/libcontainer/nsinit" + "github.com/dotcloud/docker/pkg/system" ) const ( DriverName = "native" - Version = "0.1" + Version = "0.2" BackupApparmorProfilePath = "apparmor/docker.back" // relative to docker root ) func init() { execdriver.RegisterInitFunc(DriverName, func(args *execdriver.InitArgs) error { - var ( - container *libcontainer.Container - ns = nsinit.NewNsInit(&nsinit.DefaultCommandFactory{}, &nsinit.DefaultStateWriter{args.Root}, createLogger("")) - ) + var container *libcontainer.Container f, err := os.Open(filepath.Join(args.Root, "container.json")) if err != nil { return err @@ -42,7 +38,7 @@ func init() { } f.Close() - cwd, err := os.Getwd() + rootfs, err := os.Getwd() if err != nil { return err } @@ -50,7 +46,7 @@ func init() { if err != nil { return err } - if err := ns.Init(container, cwd, args.Console, syncPipe, args.Args); err != nil { + if err := nsinit.Init(container, rootfs, args.Console, syncPipe, args.Args); err != nil { return err } return nil @@ -87,35 +83,49 @@ func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallba d.activeContainers[c.ID] = &c.Cmd var ( - term nsinit.Terminal - factory = &dockerCommandFactory{c: c, driver: d} - stateWriter = &dockerStateWriter{ - callback: startCallback, - c: c, - dsw: &nsinit.DefaultStateWriter{filepath.Join(d.root, c.ID)}, - } - ns = nsinit.NewNsInit(factory, stateWriter, createLogger(os.Getenv("DEBUG"))) - args = append([]string{c.Entrypoint}, c.Arguments...) + dataPath = filepath.Join(d.root, c.ID) + args = append([]string{c.Entrypoint}, c.Arguments...) ) if err := d.createContainerRoot(c.ID); err != nil { return -1, err } defer d.removeContainerRoot(c.ID) - if c.Tty { - term = &dockerTtyTerm{ - pipes: pipes, - } - } else { - term = &dockerStdTerm{ - pipes: pipes, - } - } - c.Terminal = term if err := d.writeContainerFile(container, c.ID); err != nil { return -1, err } - return ns.Exec(container, term, args) + + term := getTerminal(c, pipes) + + return nsinit.Exec(container, term, c.Rootfs, dataPath, args, func(container *libcontainer.Container, console, rootfs, dataPath, init string, child *os.File, args []string) *exec.Cmd { + // we need to join the rootfs because nsinit will setup the rootfs and chroot + initPath := filepath.Join(c.Rootfs, c.InitPath) + + c.Path = d.initPath + c.Args = append([]string{ + initPath, + "-driver", DriverName, + "-console", console, + "-pipe", "3", + "-root", filepath.Join(d.root, c.ID), + "--", + }, args...) + + // set this to nil so that when we set the clone flags anything else is reset + c.SysProcAttr = nil + system.SetCloneFlags(&c.Cmd, uintptr(nsinit.GetNamespaceFlags(container.Namespaces))) + c.ExtraFiles = []*os.File{child} + + c.Env = container.Env + c.Dir = c.Rootfs + + return &c.Cmd + }, func() { + if startCallback != nil { + c.ContainerPid = c.Process.Pid + startCallback(c) + } + }) } func (d *driver) Kill(p *execdriver.Command, sig int) error { @@ -228,65 +238,17 @@ func getEnv(key string, env []string) string { return "" } -type dockerCommandFactory struct { - c *execdriver.Command - driver *driver -} - -// createCommand will return an exec.Cmd with the Cloneflags set to the proper namespaces -// defined on the container's configuration and use the current binary as the init with the -// args provided -func (d *dockerCommandFactory) Create(container *libcontainer.Container, console string, syncFile *os.File, args []string) *exec.Cmd { - // we need to join the rootfs because nsinit will setup the rootfs and chroot - initPath := filepath.Join(d.c.Rootfs, d.c.InitPath) - - d.c.Path = d.driver.initPath - d.c.Args = append([]string{ - initPath, - "-driver", DriverName, - "-console", console, - "-pipe", "3", - "-root", filepath.Join(d.driver.root, d.c.ID), - "--", - }, args...) - - // set this to nil so that when we set the clone flags anything else is reset - d.c.SysProcAttr = nil - system.SetCloneFlags(&d.c.Cmd, uintptr(nsinit.GetNamespaceFlags(container.Namespaces))) - d.c.ExtraFiles = []*os.File{syncFile} - - d.c.Env = container.Env - d.c.Dir = d.c.Rootfs - - return &d.c.Cmd -} - -type dockerStateWriter struct { - dsw nsinit.StateWriter - c *execdriver.Command - callback execdriver.StartCallback -} - -func (d *dockerStateWriter) WritePid(pid int, started string) error { - d.c.ContainerPid = pid - err := d.dsw.WritePid(pid, started) - if d.callback != nil { - d.callback(d.c) - } - return err -} - -func (d *dockerStateWriter) DeletePid() error { - return d.dsw.DeletePid() -} - -func createLogger(debug string) *log.Logger { - var w io.Writer - // if we are in debug mode set the logger to stderr - if debug != "" { - w = os.Stderr +func getTerminal(c *execdriver.Command, pipes *execdriver.Pipes) nsinit.Terminal { + var term nsinit.Terminal + if c.Tty { + term = &dockerTtyTerm{ + pipes: pipes, + } } else { - w = ioutil.Discard + term = &dockerStdTerm{ + pipes: pipes, + } } - return log.New(w, "[libcontainer] ", log.LstdFlags) + c.Terminal = term + return term } diff --git a/runtime/execdriver/native/info.go b/daemon/execdriver/native/info.go similarity index 100% rename from runtime/execdriver/native/info.go rename to daemon/execdriver/native/info.go diff --git a/daemon/execdriver/native/template/default_template.go b/daemon/execdriver/native/template/default_template.go new file mode 100644 index 0000000000..249c5d5fe8 --- /dev/null +++ b/daemon/execdriver/native/template/default_template.go @@ -0,0 +1,47 @@ +package template + +import ( + "github.com/dotcloud/docker/pkg/apparmor" + "github.com/dotcloud/docker/pkg/cgroups" + "github.com/dotcloud/docker/pkg/libcontainer" +) + +// New returns the docker default configuration for libcontainer +func New() *libcontainer.Container { + container := &libcontainer.Container{ + CapabilitiesMask: map[string]bool{ + "SETPCAP": false, + "SYS_MODULE": false, + "SYS_RAWIO": false, + "SYS_PACCT": false, + "SYS_ADMIN": false, + "SYS_NICE": false, + "SYS_RESOURCE": false, + "SYS_TIME": false, + "SYS_TTY_CONFIG": false, + "AUDIT_WRITE": false, + "AUDIT_CONTROL": false, + "MAC_OVERRIDE": false, + "MAC_ADMIN": false, + "NET_ADMIN": false, + "MKNOD": true, + "SYSLOG": false, + }, + Namespaces: map[string]bool{ + "NEWNS": true, + "NEWUTS": true, + "NEWIPC": true, + "NEWPID": true, + "NEWNET": true, + }, + Cgroups: &cgroups.Cgroup{ + Parent: "docker", + DeviceAccess: false, + }, + Context: libcontainer.Context{}, + } + if apparmor.IsEnabled() { + container.Context["apparmor_profile"] = "docker-default" + } + return container +} diff --git a/runtime/execdriver/native/term.go b/daemon/execdriver/native/term.go similarity index 94% rename from runtime/execdriver/native/term.go rename to daemon/execdriver/native/term.go index 0d5298d388..f60351c609 100644 --- a/runtime/execdriver/native/term.go +++ b/daemon/execdriver/native/term.go @@ -5,7 +5,7 @@ package native import ( - "github.com/dotcloud/docker/runtime/execdriver" + "github.com/dotcloud/docker/daemon/execdriver" "io" "os" "os/exec" diff --git a/runtime/execdriver/pipes.go b/daemon/execdriver/pipes.go similarity index 100% rename from runtime/execdriver/pipes.go rename to daemon/execdriver/pipes.go diff --git a/runtime/execdriver/termconsole.go b/daemon/execdriver/termconsole.go similarity index 100% rename from runtime/execdriver/termconsole.go rename to daemon/execdriver/termconsole.go diff --git a/runtime/graphdriver/aufs/aufs.go b/daemon/graphdriver/aufs/aufs.go similarity index 87% rename from runtime/graphdriver/aufs/aufs.go rename to daemon/graphdriver/aufs/aufs.go index 401bbd8c86..12b7a77fb3 100644 --- a/runtime/graphdriver/aufs/aufs.go +++ b/daemon/graphdriver/aufs/aufs.go @@ -24,8 +24,9 @@ import ( "bufio" "fmt" "github.com/dotcloud/docker/archive" + "github.com/dotcloud/docker/daemon/graphdriver" + "github.com/dotcloud/docker/pkg/label" mountpk "github.com/dotcloud/docker/pkg/mount" - "github.com/dotcloud/docker/runtime/graphdriver" "github.com/dotcloud/docker/utils" "os" "os/exec" @@ -134,7 +135,7 @@ func (a Driver) Exists(id string) bool { // Three folders are created for each id // mnt, layers, and diff -func (a *Driver) Create(id, parent string, mountLabel string) error { +func (a *Driver) Create(id, parent string) error { if err := a.createDirsFor(id); err != nil { return err } @@ -218,7 +219,7 @@ func (a *Driver) Remove(id string) error { // Return the rootfs path for the id // This will mount the dir at it's given path -func (a *Driver) Get(id string) (string, error) { +func (a *Driver) Get(id, mountLabel string) (string, error) { ids, err := getParentIds(a.rootPath(), id) if err != nil { if !os.IsNotExist(err) { @@ -240,7 +241,7 @@ func (a *Driver) Get(id string) (string, error) { out = path.Join(a.rootPath(), "mnt", id) if count == 0 { - if err := a.mount(id); err != nil { + if err := a.mount(id, mountLabel); err != nil { return "", err } } @@ -309,7 +310,7 @@ func (a *Driver) getParentLayerPaths(id string) ([]string, error) { return layers, nil } -func (a *Driver) mount(id string) error { +func (a *Driver) mount(id, mountLabel string) error { // If the id is mounted or we get an error return if mounted, err := a.mounted(id); err != nil || mounted { return err @@ -325,7 +326,7 @@ func (a *Driver) mount(id string) error { return err } - if err := a.aufsMount(layers, rw, target); err != nil { + if err := a.aufsMount(layers, rw, target, mountLabel); err != nil { return err } return nil @@ -358,21 +359,21 @@ func (a *Driver) Cleanup() error { return nil } -func (a *Driver) aufsMount(ro []string, rw, target string) (err error) { +func (a *Driver) aufsMount(ro []string, rw, target, mountLabel string) (err error) { defer func() { if err != nil { Unmount(target) } }() - if err = a.tryMount(ro, rw, target); err != nil { - if err = a.mountRw(rw, target); err != nil { + if err = a.tryMount(ro, rw, target, mountLabel); err != nil { + if err = a.mountRw(rw, target, mountLabel); err != nil { return } for _, layer := range ro { - branch := fmt.Sprintf("append:%s=ro+wh", layer) - if err = mount("none", target, "aufs", MsRemount, branch); err != nil { + data := label.FormatMountLabel(fmt.Sprintf("append:%s=ro+wh", layer), mountLabel) + if err = mount("none", target, "aufs", MsRemount, data); err != nil { return } } @@ -382,16 +383,18 @@ func (a *Driver) aufsMount(ro []string, rw, target string) (err error) { // Try to mount using the aufs fast path, if this fails then // append ro layers. -func (a *Driver) tryMount(ro []string, rw, target string) (err error) { +func (a *Driver) tryMount(ro []string, rw, target, mountLabel string) (err error) { var ( rwBranch = fmt.Sprintf("%s=rw", rw) roBranches = fmt.Sprintf("%s=ro+wh:", strings.Join(ro, "=ro+wh:")) + data = label.FormatMountLabel(fmt.Sprintf("br:%v:%v,xino=/dev/shm/aufs.xino", rwBranch, roBranches), mountLabel) ) - return mount("none", target, "aufs", 0, fmt.Sprintf("br:%v:%v,xino=/dev/shm/aufs.xino", rwBranch, roBranches)) + return mount("none", target, "aufs", 0, data) } -func (a *Driver) mountRw(rw, target string) error { - return mount("none", target, "aufs", 0, fmt.Sprintf("br:%s,xino=/dev/shm/aufs.xino", rw)) +func (a *Driver) mountRw(rw, target, mountLabel string) error { + data := label.FormatMountLabel(fmt.Sprintf("br:%s,xino=/dev/shm/aufs.xino", rw), mountLabel) + return mount("none", target, "aufs", 0, data) } func rollbackMount(target string, err error) { diff --git a/runtime/graphdriver/aufs/aufs_test.go b/daemon/graphdriver/aufs/aufs_test.go similarity index 86% rename from runtime/graphdriver/aufs/aufs_test.go rename to daemon/graphdriver/aufs/aufs_test.go index 9cfdebd160..1ffa264aa1 100644 --- a/runtime/graphdriver/aufs/aufs_test.go +++ b/daemon/graphdriver/aufs/aufs_test.go @@ -5,7 +5,7 @@ import ( "encoding/hex" "fmt" "github.com/dotcloud/docker/archive" - "github.com/dotcloud/docker/runtime/graphdriver" + "github.com/dotcloud/docker/daemon/graphdriver" "io/ioutil" "os" "path" @@ -90,7 +90,7 @@ func TestCreateNewDir(t *testing.T) { d := newDriver(t) defer os.RemoveAll(tmp) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } } @@ -99,7 +99,7 @@ func TestCreateNewDirStructure(t *testing.T) { d := newDriver(t) defer os.RemoveAll(tmp) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } @@ -120,7 +120,7 @@ func TestRemoveImage(t *testing.T) { d := newDriver(t) defer os.RemoveAll(tmp) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } @@ -145,11 +145,11 @@ func TestGetWithoutParent(t *testing.T) { d := newDriver(t) defer os.RemoveAll(tmp) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } - diffPath, err := d.Get("1") + diffPath, err := d.Get("1", "") if err != nil { t.Fatal(err) } @@ -172,7 +172,7 @@ func TestCleanupWithDir(t *testing.T) { d := newDriver(t) defer os.RemoveAll(tmp) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } @@ -185,7 +185,7 @@ func TestMountedFalseResponse(t *testing.T) { d := newDriver(t) defer os.RemoveAll(tmp) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } @@ -204,14 +204,14 @@ func TestMountedTrueReponse(t *testing.T) { defer os.RemoveAll(tmp) defer d.Cleanup() - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } - if err := d.Create("2", "1", ""); err != nil { + if err := d.Create("2", "1"); err != nil { t.Fatal(err) } - _, err := d.Get("2") + _, err := d.Get("2", "") if err != nil { t.Fatal(err) } @@ -230,10 +230,10 @@ func TestMountWithParent(t *testing.T) { d := newDriver(t) defer os.RemoveAll(tmp) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } - if err := d.Create("2", "1", ""); err != nil { + if err := d.Create("2", "1"); err != nil { t.Fatal(err) } @@ -243,7 +243,7 @@ func TestMountWithParent(t *testing.T) { } }() - mntPath, err := d.Get("2") + mntPath, err := d.Get("2", "") if err != nil { t.Fatal(err) } @@ -261,10 +261,10 @@ func TestRemoveMountedDir(t *testing.T) { d := newDriver(t) defer os.RemoveAll(tmp) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } - if err := d.Create("2", "1", ""); err != nil { + if err := d.Create("2", "1"); err != nil { t.Fatal(err) } @@ -274,7 +274,7 @@ func TestRemoveMountedDir(t *testing.T) { } }() - mntPath, err := d.Get("2") + mntPath, err := d.Get("2", "") if err != nil { t.Fatal(err) } @@ -300,7 +300,7 @@ func TestCreateWithInvalidParent(t *testing.T) { d := newDriver(t) defer os.RemoveAll(tmp) - if err := d.Create("1", "docker", ""); err == nil { + if err := d.Create("1", "docker"); err == nil { t.Fatalf("Error should not be nil with parent does not exist") } } @@ -309,11 +309,11 @@ func TestGetDiff(t *testing.T) { d := newDriver(t) defer os.RemoveAll(tmp) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } - diffPath, err := d.Get("1") + diffPath, err := d.Get("1", "") if err != nil { t.Fatal(err) } @@ -343,10 +343,10 @@ func TestChanges(t *testing.T) { d := newDriver(t) defer os.RemoveAll(tmp) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } - if err := d.Create("2", "1", ""); err != nil { + if err := d.Create("2", "1"); err != nil { t.Fatal(err) } @@ -356,7 +356,7 @@ func TestChanges(t *testing.T) { } }() - mntPoint, err := d.Get("2") + mntPoint, err := d.Get("2", "") if err != nil { t.Fatal(err) } @@ -392,10 +392,10 @@ func TestChanges(t *testing.T) { t.Fatalf("Change kind should be ChangeAdd got %s", change.Kind) } - if err := d.Create("3", "2", ""); err != nil { + if err := d.Create("3", "2"); err != nil { t.Fatal(err) } - mntPoint, err = d.Get("3") + mntPoint, err = d.Get("3", "") if err != nil { t.Fatal(err) } @@ -437,11 +437,11 @@ func TestDiffSize(t *testing.T) { d := newDriver(t) defer os.RemoveAll(tmp) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } - diffPath, err := d.Get("1") + diffPath, err := d.Get("1", "") if err != nil { t.Fatal(err) } @@ -479,11 +479,11 @@ func TestChildDiffSize(t *testing.T) { defer os.RemoveAll(tmp) defer d.Cleanup() - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } - diffPath, err := d.Get("1") + diffPath, err := d.Get("1", "") if err != nil { t.Fatal(err) } @@ -515,7 +515,7 @@ func TestChildDiffSize(t *testing.T) { t.Fatalf("Expected size to be %d got %d", size, diffSize) } - if err := d.Create("2", "1", ""); err != nil { + if err := d.Create("2", "1"); err != nil { t.Fatal(err) } @@ -534,7 +534,7 @@ func TestExists(t *testing.T) { defer os.RemoveAll(tmp) defer d.Cleanup() - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } @@ -552,7 +552,7 @@ func TestStatus(t *testing.T) { defer os.RemoveAll(tmp) defer d.Cleanup() - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } @@ -581,11 +581,11 @@ func TestApplyDiff(t *testing.T) { defer os.RemoveAll(tmp) defer d.Cleanup() - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } - diffPath, err := d.Get("1") + diffPath, err := d.Get("1", "") if err != nil { t.Fatal(err) } @@ -607,10 +607,10 @@ func TestApplyDiff(t *testing.T) { t.Fatal(err) } - if err := d.Create("2", "", ""); err != nil { + if err := d.Create("2", ""); err != nil { t.Fatal(err) } - if err := d.Create("3", "2", ""); err != nil { + if err := d.Create("3", "2"); err != nil { t.Fatal(err) } @@ -620,7 +620,7 @@ func TestApplyDiff(t *testing.T) { // Ensure that the file is in the mount point for id 3 - mountPoint, err := d.Get("3") + mountPoint, err := d.Get("3", "") if err != nil { t.Fatal(err) } @@ -656,11 +656,11 @@ func TestMountMoreThan42Layers(t *testing.T) { } current = hash(current) - if err := d.Create(current, parent, ""); err != nil { + if err := d.Create(current, parent); err != nil { t.Logf("Current layer %d", i) t.Fatal(err) } - point, err := d.Get(current) + point, err := d.Get(current, "") if err != nil { t.Logf("Current layer %d", i) t.Fatal(err) @@ -683,7 +683,7 @@ func TestMountMoreThan42Layers(t *testing.T) { } // Perform the actual mount for the top most image - point, err := d.Get(last) + point, err := d.Get(last, "") if err != nil { t.Fatal(err) } diff --git a/runtime/graphdriver/aufs/dirs.go b/daemon/graphdriver/aufs/dirs.go similarity index 100% rename from runtime/graphdriver/aufs/dirs.go rename to daemon/graphdriver/aufs/dirs.go diff --git a/runtime/graphdriver/aufs/migrate.go b/daemon/graphdriver/aufs/migrate.go similarity index 95% rename from runtime/graphdriver/aufs/migrate.go rename to daemon/graphdriver/aufs/migrate.go index 400e260797..dda7cb7390 100644 --- a/runtime/graphdriver/aufs/migrate.go +++ b/daemon/graphdriver/aufs/migrate.go @@ -77,11 +77,11 @@ func (a *Driver) migrateContainers(pth string, setupInit func(p string) error) e } initID := fmt.Sprintf("%s-init", id) - if err := a.Create(initID, metadata.Image, ""); err != nil { + if err := a.Create(initID, metadata.Image); err != nil { return err } - initPath, err := a.Get(initID) + initPath, err := a.Get(initID, "") if err != nil { return err } @@ -90,7 +90,7 @@ func (a *Driver) migrateContainers(pth string, setupInit func(p string) error) e return err } - if err := a.Create(id, initID, ""); err != nil { + if err := a.Create(id, initID); err != nil { return err } } @@ -144,7 +144,7 @@ func (a *Driver) migrateImage(m *metadata, pth string, migrated map[string]bool) return err } if !a.Exists(m.ID) { - if err := a.Create(m.ID, m.ParentID, ""); err != nil { + if err := a.Create(m.ID, m.ParentID); err != nil { return err } } diff --git a/runtime/graphdriver/aufs/mount.go b/daemon/graphdriver/aufs/mount.go similarity index 100% rename from runtime/graphdriver/aufs/mount.go rename to daemon/graphdriver/aufs/mount.go diff --git a/runtime/graphdriver/aufs/mount_linux.go b/daemon/graphdriver/aufs/mount_linux.go similarity index 100% rename from runtime/graphdriver/aufs/mount_linux.go rename to daemon/graphdriver/aufs/mount_linux.go diff --git a/runtime/graphdriver/aufs/mount_unsupported.go b/daemon/graphdriver/aufs/mount_unsupported.go similarity index 100% rename from runtime/graphdriver/aufs/mount_unsupported.go rename to daemon/graphdriver/aufs/mount_unsupported.go diff --git a/daemon/graphdriver/btrfs/MAINTAINERS b/daemon/graphdriver/btrfs/MAINTAINERS new file mode 100644 index 0000000000..9e629d5fcc --- /dev/null +++ b/daemon/graphdriver/btrfs/MAINTAINERS @@ -0,0 +1 @@ +Alexander Larsson (@alexlarsson) diff --git a/runtime/graphdriver/btrfs/btrfs.go b/daemon/graphdriver/btrfs/btrfs.go similarity index 91% rename from runtime/graphdriver/btrfs/btrfs.go rename to daemon/graphdriver/btrfs/btrfs.go index 2a94a4089f..4d195537eb 100644 --- a/runtime/graphdriver/btrfs/btrfs.go +++ b/daemon/graphdriver/btrfs/btrfs.go @@ -11,7 +11,7 @@ import "C" import ( "fmt" - "github.com/dotcloud/docker/runtime/graphdriver" + "github.com/dotcloud/docker/daemon/graphdriver" "os" "path" "syscall" @@ -80,7 +80,7 @@ func getDirFd(dir *C.DIR) uintptr { return uintptr(C.dirfd(dir)) } -func subvolCreate(path, name string, mountLabel string) error { +func subvolCreate(path, name string) error { dir, err := openDir(path) if err != nil { return err @@ -155,17 +155,17 @@ func (d *Driver) subvolumesDirId(id string) string { return path.Join(d.subvolumesDir(), id) } -func (d *Driver) Create(id string, parent string, mountLabel string) error { +func (d *Driver) Create(id string, parent string) error { subvolumes := path.Join(d.home, "subvolumes") if err := os.MkdirAll(subvolumes, 0700); err != nil { return err } if parent == "" { - if err := subvolCreate(subvolumes, id, mountLabel); err != nil { + if err := subvolCreate(subvolumes, id); err != nil { return err } } else { - parentDir, err := d.Get(parent) + parentDir, err := d.Get(parent, "") if err != nil { return err } @@ -187,7 +187,7 @@ func (d *Driver) Remove(id string) error { return os.RemoveAll(dir) } -func (d *Driver) Get(id string) (string, error) { +func (d *Driver) Get(id, mountLabel string) (string, error) { dir := d.subvolumesDirId(id) st, err := os.Stat(dir) if err != nil { diff --git a/runtime/graphdriver/btrfs/dummy_unsupported.go b/daemon/graphdriver/btrfs/dummy_unsupported.go similarity index 100% rename from runtime/graphdriver/btrfs/dummy_unsupported.go rename to daemon/graphdriver/btrfs/dummy_unsupported.go diff --git a/daemon/graphdriver/devmapper/MAINTAINERS b/daemon/graphdriver/devmapper/MAINTAINERS new file mode 100644 index 0000000000..9e629d5fcc --- /dev/null +++ b/daemon/graphdriver/devmapper/MAINTAINERS @@ -0,0 +1 @@ +Alexander Larsson (@alexlarsson) diff --git a/runtime/graphdriver/devmapper/attach_loopback.go b/daemon/graphdriver/devmapper/attach_loopback.go similarity index 100% rename from runtime/graphdriver/devmapper/attach_loopback.go rename to daemon/graphdriver/devmapper/attach_loopback.go diff --git a/runtime/graphdriver/devmapper/deviceset.go b/daemon/graphdriver/devmapper/deviceset.go similarity index 96% rename from runtime/graphdriver/devmapper/deviceset.go rename to daemon/graphdriver/devmapper/deviceset.go index 97d670a3d9..a96331d812 100644 --- a/runtime/graphdriver/devmapper/deviceset.go +++ b/daemon/graphdriver/devmapper/deviceset.go @@ -6,8 +6,6 @@ import ( "encoding/json" "errors" "fmt" - "github.com/dotcloud/docker/pkg/label" - "github.com/dotcloud/docker/utils" "io" "io/ioutil" "path" @@ -17,6 +15,9 @@ import ( "sync" "syscall" "time" + + "github.com/dotcloud/docker/pkg/label" + "github.com/dotcloud/docker/utils" ) var ( @@ -35,12 +36,6 @@ type DevInfo struct { mountCount int `json:"-"` mountPath string `json:"-"` - // A floating mount means one reference is not owned and - // will be stolen by the next mount. This allows us to - // avoid unmounting directly after creation before the - // first get (since we need to mount to set up the device - // a bit first). - floating bool `json:"-"` // The global DeviceSet lock guarantees that we serialize all // the calls to libdevmapper (which is not threadsafe), but we @@ -94,14 +89,6 @@ type DevStatus struct { HighestMappedSector uint64 } -type UnmountMode int - -const ( - UnmountRegular UnmountMode = iota - UnmountFloat - UnmountSink -) - func getDevName(name string) string { return "/dev/mapper/" + name } @@ -859,7 +846,7 @@ func (devices *DeviceSet) Shutdown() error { return nil } -func (devices *DeviceSet) MountDevice(hash, path string, mountLabel string) error { +func (devices *DeviceSet) MountDevice(hash, path, mountLabel string) error { info, err := devices.lookupDevice(hash) if err != nil { return err @@ -876,12 +863,7 @@ func (devices *DeviceSet) MountDevice(hash, path string, mountLabel string) erro return fmt.Errorf("Trying to mount devmapper device in multple places (%s, %s)", info.mountPath, path) } - if info.floating { - // Steal floating ref - info.floating = false - } else { - info.mountCount++ - } + info.mountCount++ return nil } @@ -894,7 +876,7 @@ func (devices *DeviceSet) MountDevice(hash, path string, mountLabel string) erro mountOptions := label.FormatMountLabel("discard", mountLabel) err = sysMount(info.DevName(), path, "ext4", flags, mountOptions) if err != nil && err == sysEInval { - mountOptions = label.FormatMountLabel(mountLabel, "") + mountOptions = label.FormatMountLabel("", mountLabel) err = sysMount(info.DevName(), path, "ext4", flags, mountOptions) } if err != nil { @@ -903,13 +885,12 @@ func (devices *DeviceSet) MountDevice(hash, path string, mountLabel string) erro info.mountCount = 1 info.mountPath = path - info.floating = false return devices.setInitialized(info) } -func (devices *DeviceSet) UnmountDevice(hash string, mode UnmountMode) error { - utils.Debugf("[devmapper] UnmountDevice(hash=%s, mode=%d)", hash, mode) +func (devices *DeviceSet) UnmountDevice(hash string) error { + utils.Debugf("[devmapper] UnmountDevice(hash=%s)", hash) defer utils.Debugf("[devmapper] UnmountDevice END") info, err := devices.lookupDevice(hash) @@ -923,24 +904,6 @@ func (devices *DeviceSet) UnmountDevice(hash string, mode UnmountMode) error { devices.Lock() defer devices.Unlock() - if mode == UnmountFloat { - if info.floating { - return fmt.Errorf("UnmountDevice: can't float floating reference %s\n", hash) - } - - // Leave this reference floating - info.floating = true - return nil - } - - if mode == UnmountSink { - if !info.floating { - // Someone already sunk this - return nil - } - // Otherwise, treat this as a regular unmount - } - if info.mountCount == 0 { return fmt.Errorf("UnmountDevice: device not-mounted id %s\n", hash) } diff --git a/runtime/graphdriver/devmapper/devmapper.go b/daemon/graphdriver/devmapper/devmapper.go similarity index 100% rename from runtime/graphdriver/devmapper/devmapper.go rename to daemon/graphdriver/devmapper/devmapper.go diff --git a/runtime/graphdriver/devmapper/devmapper_doc.go b/daemon/graphdriver/devmapper/devmapper_doc.go similarity index 100% rename from runtime/graphdriver/devmapper/devmapper_doc.go rename to daemon/graphdriver/devmapper/devmapper_doc.go diff --git a/runtime/graphdriver/devmapper/devmapper_log.go b/daemon/graphdriver/devmapper/devmapper_log.go similarity index 100% rename from runtime/graphdriver/devmapper/devmapper_log.go rename to daemon/graphdriver/devmapper/devmapper_log.go diff --git a/runtime/graphdriver/devmapper/devmapper_test.go b/daemon/graphdriver/devmapper/devmapper_test.go similarity index 100% rename from runtime/graphdriver/devmapper/devmapper_test.go rename to daemon/graphdriver/devmapper/devmapper_test.go diff --git a/runtime/graphdriver/devmapper/devmapper_wrapper.go b/daemon/graphdriver/devmapper/devmapper_wrapper.go similarity index 100% rename from runtime/graphdriver/devmapper/devmapper_wrapper.go rename to daemon/graphdriver/devmapper/devmapper_wrapper.go diff --git a/runtime/graphdriver/devmapper/driver.go b/daemon/graphdriver/devmapper/driver.go similarity index 63% rename from runtime/graphdriver/devmapper/driver.go rename to daemon/graphdriver/devmapper/driver.go index 35fe883f26..9f240d96e0 100644 --- a/runtime/graphdriver/devmapper/driver.go +++ b/daemon/graphdriver/devmapper/driver.go @@ -4,11 +4,12 @@ package devmapper import ( "fmt" - "github.com/dotcloud/docker/runtime/graphdriver" - "github.com/dotcloud/docker/utils" "io/ioutil" "os" "path" + + "github.com/dotcloud/docker/daemon/graphdriver" + "github.com/dotcloud/docker/utils" ) func init() { @@ -60,30 +61,10 @@ func (d *Driver) Cleanup() error { return d.DeviceSet.Shutdown() } -func (d *Driver) Create(id, parent string, mountLabel string) error { +func (d *Driver) Create(id, parent string) error { if err := d.DeviceSet.AddDevice(id, parent); err != nil { return err } - mp := path.Join(d.home, "mnt", id) - if err := d.mount(id, mp); err != nil { - return err - } - - if err := osMkdirAll(path.Join(mp, "rootfs"), 0755); err != nil && !osIsExist(err) { - return err - } - - // Create an "id" file with the container/image id in it to help reconscruct this in case - // of later problems - if err := ioutil.WriteFile(path.Join(mp, "id"), []byte(id), 0600); err != nil { - return err - } - - // We float this reference so that the next Get call can - // steal it, so we don't have to unmount - if err := d.DeviceSet.UnmountDevice(id, UnmountFloat); err != nil { - return err - } return nil } @@ -96,10 +77,6 @@ func (d *Driver) Remove(id string) error { return nil } - // Sink the float from create in case no Get() call was made - if err := d.DeviceSet.UnmountDevice(id, UnmountSink); err != nil { - return err - } // This assumes the device has been properly Get/Put:ed and thus is unmounted if err := d.DeviceSet.DeleteDevice(id); err != nil { return err @@ -113,30 +90,44 @@ func (d *Driver) Remove(id string) error { return nil } -func (d *Driver) Get(id string) (string, error) { +func (d *Driver) Get(id, mountLabel string) (string, error) { mp := path.Join(d.home, "mnt", id) - if err := d.mount(id, mp); err != nil { + + // Create the target directories if they don't exist + if err := osMkdirAll(mp, 0755); err != nil && !osIsExist(err) { return "", err } - return path.Join(mp, "rootfs"), nil + // Mount the device + if err := d.DeviceSet.MountDevice(id, mp, mountLabel); err != nil { + return "", err + } + + rootFs := path.Join(mp, "rootfs") + if err := osMkdirAll(rootFs, 0755); err != nil && !osIsExist(err) { + d.DeviceSet.UnmountDevice(id) + return "", err + } + + idFile := path.Join(mp, "id") + if _, err := osStat(idFile); err != nil && osIsNotExist(err) { + // Create an "id" file with the container/image id in it to help reconscruct this in case + // of later problems + if err := ioutil.WriteFile(idFile, []byte(id), 0600); err != nil { + d.DeviceSet.UnmountDevice(id) + return "", err + } + } + + return rootFs, nil } func (d *Driver) Put(id string) { - if err := d.DeviceSet.UnmountDevice(id, UnmountRegular); err != nil { + if err := d.DeviceSet.UnmountDevice(id); err != nil { utils.Errorf("Warning: error unmounting device %s: %s\n", id, err) } } -func (d *Driver) mount(id, mountPoint string) error { - // Create the target directories if they don't exist - if err := osMkdirAll(mountPoint, 0755); err != nil && !osIsExist(err) { - return err - } - // Mount the device - return d.DeviceSet.MountDevice(id, mountPoint, "") -} - func (d *Driver) Exists(id string) bool { - return d.Devices[id] != nil + return d.DeviceSet.HasDevice(id) } diff --git a/runtime/graphdriver/devmapper/driver_test.go b/daemon/graphdriver/devmapper/driver_test.go similarity index 95% rename from runtime/graphdriver/devmapper/driver_test.go rename to daemon/graphdriver/devmapper/driver_test.go index 4ca72db0ca..913add7c8b 100644 --- a/runtime/graphdriver/devmapper/driver_test.go +++ b/daemon/graphdriver/devmapper/driver_test.go @@ -4,7 +4,7 @@ package devmapper import ( "fmt" - "github.com/dotcloud/docker/runtime/graphdriver" + "github.com/dotcloud/docker/daemon/graphdriver" "io/ioutil" "path" "runtime" @@ -436,6 +436,12 @@ func TestDriverCreate(t *testing.T) { return nil } + sysUnmount = func(target string, flag int) error { + //calls["sysUnmount"] = true + + return nil + } + Mounted = func(mnt string) (bool, error) { calls["Mounted"] = true if !strings.HasPrefix(mnt, "/tmp/docker-test-devmapper-") || !strings.HasSuffix(mnt, "/mnt/1") { @@ -494,21 +500,16 @@ func TestDriverCreate(t *testing.T) { "?ioctl.loopctlgetfree", ) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } calls.Assert(t, "DmTaskCreate", "DmTaskGetInfo", - "sysMount", "DmTaskRun", - "DmTaskSetTarget", "DmTaskSetSector", - "DmTaskSetCookie", - "DmUdevWait", "DmTaskSetName", "DmTaskSetMessage", - "DmTaskSetAddNode", ) }() @@ -547,7 +548,6 @@ func TestDriverRemove(t *testing.T) { return nil } sysUnmount = func(target string, flags int) (err error) { - calls["sysUnmount"] = true // FIXME: compare the exact source and target strings (inodes + devname) if expectedTarget := "/tmp/docker-test-devmapper-"; !strings.HasPrefix(target, expectedTarget) { t.Fatalf("Wrong syscall call\nExpected: Mount(%v)\nReceived: Mount(%v)\n", expectedTarget, target) @@ -612,22 +612,17 @@ func TestDriverRemove(t *testing.T) { "?ioctl.loopctlgetfree", ) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } calls.Assert(t, "DmTaskCreate", "DmTaskGetInfo", - "sysMount", "DmTaskRun", - "DmTaskSetTarget", "DmTaskSetSector", - "DmTaskSetCookie", - "DmUdevWait", "DmTaskSetName", "DmTaskSetMessage", - "DmTaskSetAddNode", ) Mounted = func(mnt string) (bool, error) { @@ -650,7 +645,6 @@ func TestDriverRemove(t *testing.T) { "DmTaskSetTarget", "DmTaskSetAddNode", "DmUdevWait", - "sysUnmount", ) }() runtime.GC() @@ -668,21 +662,21 @@ func TestCleanup(t *testing.T) { mountPoints := make([]string, 2) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } // Mount the id - p, err := d.Get("1") + p, err := d.Get("1", "") if err != nil { t.Fatal(err) } mountPoints[0] = p - if err := d.Create("2", "1", ""); err != nil { + if err := d.Create("2", "1"); err != nil { t.Fatal(err) } - p, err = d.Get("2") + p, err = d.Get("2", "") if err != nil { t.Fatal(err) } @@ -731,7 +725,7 @@ func TestNotMounted(t *testing.T) { d := newDriver(t) defer cleanup(d) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } @@ -749,10 +743,10 @@ func TestMounted(t *testing.T) { d := newDriver(t) defer cleanup(d) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } - if _, err := d.Get("1"); err != nil { + if _, err := d.Get("1", ""); err != nil { t.Fatal(err) } @@ -769,10 +763,10 @@ func TestInitCleanedDriver(t *testing.T) { t.Skip("FIXME: not a unit test") d := newDriver(t) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } - if _, err := d.Get("1"); err != nil { + if _, err := d.Get("1", ""); err != nil { t.Fatal(err) } @@ -787,7 +781,7 @@ func TestInitCleanedDriver(t *testing.T) { d = driver.(*Driver) defer cleanup(d) - if _, err := d.Get("1"); err != nil { + if _, err := d.Get("1", ""); err != nil { t.Fatal(err) } } @@ -797,16 +791,16 @@ func TestMountMountedDriver(t *testing.T) { d := newDriver(t) defer cleanup(d) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } // Perform get on same id to ensure that it will // not be mounted twice - if _, err := d.Get("1"); err != nil { + if _, err := d.Get("1", ""); err != nil { t.Fatal(err) } - if _, err := d.Get("1"); err != nil { + if _, err := d.Get("1", ""); err != nil { t.Fatal(err) } } @@ -816,7 +810,7 @@ func TestGetReturnsValidDevice(t *testing.T) { d := newDriver(t) defer cleanup(d) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } @@ -824,7 +818,7 @@ func TestGetReturnsValidDevice(t *testing.T) { t.Fatalf("Expected id 1 to be in device set") } - if _, err := d.Get("1"); err != nil { + if _, err := d.Get("1", ""); err != nil { t.Fatal(err) } @@ -844,11 +838,11 @@ func TestDriverGetSize(t *testing.T) { d := newDriver(t) defer cleanup(d) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } - mountPoint, err := d.Get("1") + mountPoint, err := d.Get("1", "") if err != nil { t.Fatal(err) } diff --git a/runtime/graphdriver/devmapper/ioctl.go b/daemon/graphdriver/devmapper/ioctl.go similarity index 100% rename from runtime/graphdriver/devmapper/ioctl.go rename to daemon/graphdriver/devmapper/ioctl.go diff --git a/runtime/graphdriver/devmapper/mount.go b/daemon/graphdriver/devmapper/mount.go similarity index 100% rename from runtime/graphdriver/devmapper/mount.go rename to daemon/graphdriver/devmapper/mount.go diff --git a/runtime/graphdriver/devmapper/sys.go b/daemon/graphdriver/devmapper/sys.go similarity index 100% rename from runtime/graphdriver/devmapper/sys.go rename to daemon/graphdriver/devmapper/sys.go diff --git a/runtime/graphdriver/driver.go b/daemon/graphdriver/driver.go similarity index 95% rename from runtime/graphdriver/driver.go rename to daemon/graphdriver/driver.go index bd4c2faaca..80bf8a0143 100644 --- a/runtime/graphdriver/driver.go +++ b/daemon/graphdriver/driver.go @@ -13,10 +13,10 @@ type InitFunc func(root string) (Driver, error) type Driver interface { String() string - Create(id, parent string, mountLabel string) error + Create(id, parent string) error Remove(id string) error - Get(id string) (dir string, err error) + Get(id, mountLabel string) (dir string, err error) Put(id string) Exists(id string) bool diff --git a/runtime/graphdriver/vfs/driver.go b/daemon/graphdriver/vfs/driver.go similarity index 88% rename from runtime/graphdriver/vfs/driver.go rename to daemon/graphdriver/vfs/driver.go index fe09560f24..765b21cded 100644 --- a/runtime/graphdriver/vfs/driver.go +++ b/daemon/graphdriver/vfs/driver.go @@ -2,7 +2,7 @@ package vfs import ( "fmt" - "github.com/dotcloud/docker/runtime/graphdriver" + "github.com/dotcloud/docker/daemon/graphdriver" "os" "os/exec" "path" @@ -42,7 +42,7 @@ func copyDir(src, dst string) error { return nil } -func (d *Driver) Create(id string, parent string, mountLabel string) error { +func (d *Driver) Create(id, parent string) error { dir := d.dir(id) if err := os.MkdirAll(path.Dir(dir), 0700); err != nil { return err @@ -53,7 +53,7 @@ func (d *Driver) Create(id string, parent string, mountLabel string) error { if parent == "" { return nil } - parentDir, err := d.Get(parent) + parentDir, err := d.Get(parent, "") if err != nil { return fmt.Errorf("%s: %s", parent, err) } @@ -74,7 +74,7 @@ func (d *Driver) Remove(id string) error { return os.RemoveAll(d.dir(id)) } -func (d *Driver) Get(id string) (string, error) { +func (d *Driver) Get(id, mountLabel string) (string, error) { dir := d.dir(id) if st, err := os.Stat(dir); err != nil { return "", err diff --git a/runtime/history.go b/daemon/history.go similarity index 87% rename from runtime/history.go rename to daemon/history.go index 835ac9c11e..57a00a2090 100644 --- a/runtime/history.go +++ b/daemon/history.go @@ -1,4 +1,4 @@ -package runtime +package daemon import ( "sort" @@ -14,7 +14,7 @@ func (history *History) Len() int { func (history *History) Less(i, j int) bool { containers := *history - return containers[j].When().Before(containers[i].When()) + return containers[j].Created.Before(containers[i].Created) } func (history *History) Swap(i, j int) { diff --git a/daemon/network_settings.go b/daemon/network_settings.go new file mode 100644 index 0000000000..762270362b --- /dev/null +++ b/daemon/network_settings.go @@ -0,0 +1,42 @@ +package daemon + +import ( + "github.com/dotcloud/docker/engine" + "github.com/dotcloud/docker/nat" +) + +// FIXME: move deprecated port stuff to nat to clean up the core. +type PortMapping map[string]string // Deprecated + +type NetworkSettings struct { + IPAddress string + IPPrefixLen int + Gateway string + Bridge string + PortMapping map[string]PortMapping // Deprecated + Ports nat.PortMap +} + +func (settings *NetworkSettings) PortMappingAPI() *engine.Table { + var outs = engine.NewTable("", 0) + for port, bindings := range settings.Ports { + p, _ := nat.ParsePort(port.Port()) + if len(bindings) == 0 { + out := &engine.Env{} + out.SetInt("PublicPort", p) + out.Set("Type", port.Proto()) + outs.Add(out) + continue + } + for _, binding := range bindings { + out := &engine.Env{} + h, _ := nat.ParsePort(binding.HostPort) + out.SetInt("PrivatePort", p) + out.SetInt("PublicPort", h) + out.Set("Type", port.Proto()) + out.Set("IP", binding.HostIp) + outs.Add(out) + } + } + return outs +} diff --git a/runtime/networkdriver/bridge/driver.go b/daemon/networkdriver/bridge/driver.go similarity index 90% rename from runtime/networkdriver/bridge/driver.go rename to daemon/networkdriver/bridge/driver.go index f7c3bc6b01..c64aa423d1 100644 --- a/runtime/networkdriver/bridge/driver.go +++ b/daemon/networkdriver/bridge/driver.go @@ -2,18 +2,20 @@ package bridge import ( "fmt" - "github.com/dotcloud/docker/engine" - "github.com/dotcloud/docker/pkg/iptables" - "github.com/dotcloud/docker/pkg/netlink" - "github.com/dotcloud/docker/runtime/networkdriver" - "github.com/dotcloud/docker/runtime/networkdriver/ipallocator" - "github.com/dotcloud/docker/runtime/networkdriver/portallocator" - "github.com/dotcloud/docker/runtime/networkdriver/portmapper" - "github.com/dotcloud/docker/utils" "io/ioutil" "log" "net" "strings" + + "github.com/dotcloud/docker/daemon/networkdriver" + "github.com/dotcloud/docker/daemon/networkdriver/ipallocator" + "github.com/dotcloud/docker/daemon/networkdriver/portallocator" + "github.com/dotcloud/docker/daemon/networkdriver/portmapper" + "github.com/dotcloud/docker/engine" + "github.com/dotcloud/docker/pkg/iptables" + "github.com/dotcloud/docker/pkg/netlink" + "github.com/dotcloud/docker/pkg/networkfs/resolvconf" + "github.com/dotcloud/docker/utils" ) const ( @@ -32,7 +34,7 @@ var ( // This is to use the same gateway IPs as the /24 ranges, which predate the /16 ranges. // In theory this shouldn't matter - in practice there's bound to be a few scripts relying // on the internal addressing or other stupid things like that. - // The shouldn't, but hey, let's not break them unless we really have to. + // They shouldn't, but hey, let's not break them unless we really have to. "172.17.42.1/16", // Don't use 172.16.0.0/16, it conflicts with EC2 DNS 172.16.0.23 "10.0.42.1/16", // Don't even try using the entire /8, that's too intrusive "10.1.42.1/16", @@ -68,32 +70,41 @@ func InitDriver(job *engine.Job) engine.Status { } bridgeIface = job.Getenv("BridgeIface") + usingDefaultBridge := false if bridgeIface == "" { + usingDefaultBridge = true bridgeIface = DefaultNetworkBridge } addr, err := networkdriver.GetIfaceAddr(bridgeIface) if err != nil { + // If we're not using the default bridge, fail without trying to create it + if !usingDefaultBridge { + job.Logf("bridge not found: %s", bridgeIface) + return job.Error(err) + } // If the iface is not found, try to create it job.Logf("creating new bridge for %s", bridgeIface) if err := createBridge(bridgeIP); err != nil { - job.Error(err) - return engine.StatusErr + return job.Error(err) } job.Logf("getting iface addr") addr, err = networkdriver.GetIfaceAddr(bridgeIface) if err != nil { - job.Error(err) - return engine.StatusErr + return job.Error(err) } network = addr.(*net.IPNet) } else { network = addr.(*net.IPNet) // validate that the bridge ip matches the ip specified by BridgeIP if bridgeIP != "" { - if !network.IP.Equal(net.ParseIP(bridgeIP)) { - return job.Errorf("bridge ip (%s) does not match existing bridge configuration %s", network.IP, bridgeIP) + bip, _, err := net.ParseCIDR(bridgeIP) + if err != nil { + return job.Error(err) + } + if !network.IP.Equal(bip) { + return job.Errorf("bridge ip (%s) does not match existing bridge configuration %s", network.IP, bip) } } } @@ -101,8 +112,7 @@ func InitDriver(job *engine.Job) engine.Status { // Configure iptables for link support if enableIPTables { if err := setupIPTables(addr, icc); err != nil { - job.Error(err) - return engine.StatusErr + return job.Error(err) } } @@ -115,15 +125,13 @@ func InitDriver(job *engine.Job) engine.Status { // We can always try removing the iptables if err := iptables.RemoveExistingChain("DOCKER"); err != nil { - job.Error(err) - return engine.StatusErr + return job.Error(err) } if enableIPTables { chain, err := iptables.NewChain("DOCKER", bridgeIface) if err != nil { - job.Error(err) - return engine.StatusErr + return job.Error(err) } portmapper.SetIptablesChain(chain) } @@ -140,8 +148,7 @@ func InitDriver(job *engine.Job) engine.Status { "link": LinkContainers, } { if err := job.Eng.Register(name, f); err != nil { - job.Error(err) - return engine.StatusErr + return job.Error(err) } } return engine.StatusOK @@ -217,13 +224,13 @@ func setupIPTables(addr net.Addr, icc bool) error { // If it can't find an address which doesn't conflict, it will return an error. func createBridge(bridgeIP string) error { nameservers := []string{} - resolvConf, _ := utils.GetResolvConf() + resolvConf, _ := resolvconf.Get() // we don't check for an error here, because we don't really care // if we can't read /etc/resolv.conf. So instead we skip the append // if resolvConf is nil. It either doesn't exist, or we can't read it // for some reason. if resolvConf != nil { - nameservers = append(nameservers, utils.GetNameserversAsCIDR(resolvConf)...) + nameservers = append(nameservers, resolvconf.GetNameserversAsCIDR(resolvConf)...) } var ifaceAddr string @@ -302,8 +309,7 @@ func Allocate(job *engine.Job) engine.Status { ip, err = ipallocator.RequestIP(bridgeNetwork, nil) } if err != nil { - job.Error(err) - return engine.StatusErr + return job.Error(err) } out := engine.Env{} @@ -387,8 +393,7 @@ func AllocatePort(job *engine.Job) engine.Status { // host ip, proto, and host port hostPort, err = portallocator.RequestPort(ip, proto, hostPort) if err != nil { - job.Error(err) - return engine.StatusErr + return job.Error(err) } var ( @@ -406,9 +411,7 @@ func AllocatePort(job *engine.Job) engine.Status { if err := portmapper.Map(container, ip, hostPort); err != nil { portallocator.ReleasePort(ip, proto, hostPort) - - job.Error(err) - return engine.StatusErr + return job.Error(err) } network.PortMappings = append(network.PortMappings, host) @@ -417,8 +420,7 @@ func AllocatePort(job *engine.Job) engine.Status { out.SetInt("HostPort", hostPort) if _, err := out.WriteTo(job.Stdout); err != nil { - job.Error(err) - return engine.StatusErr + return job.Error(err) } return engine.StatusOK } @@ -445,11 +447,9 @@ func LinkContainers(job *engine.Job) engine.Status { "--dport", port, "-d", childIP, "-j", "ACCEPT"); !ignoreErrors && err != nil { - job.Error(err) - return engine.StatusErr + return job.Error(err) } else if len(output) != 0 { - job.Errorf("Error toggle iptables forward: %s", output) - return engine.StatusErr + return job.Errorf("Error toggle iptables forward: %s", output) } if output, err := iptables.Raw(action, "FORWARD", @@ -459,11 +459,9 @@ func LinkContainers(job *engine.Job) engine.Status { "--sport", port, "-d", parentIP, "-j", "ACCEPT"); !ignoreErrors && err != nil { - job.Error(err) - return engine.StatusErr + return job.Error(err) } else if len(output) != 0 { - job.Errorf("Error toggle iptables forward: %s", output) - return engine.StatusErr + return job.Errorf("Error toggle iptables forward: %s", output) } } return engine.StatusOK diff --git a/runtime/networkdriver/ipallocator/allocator.go b/daemon/networkdriver/ipallocator/allocator.go similarity index 98% rename from runtime/networkdriver/ipallocator/allocator.go rename to daemon/networkdriver/ipallocator/allocator.go index 70a7028bbe..914df34942 100644 --- a/runtime/networkdriver/ipallocator/allocator.go +++ b/daemon/networkdriver/ipallocator/allocator.go @@ -3,8 +3,8 @@ package ipallocator import ( "encoding/binary" "errors" + "github.com/dotcloud/docker/daemon/networkdriver" "github.com/dotcloud/docker/pkg/collections" - "github.com/dotcloud/docker/runtime/networkdriver" "net" "sync" ) diff --git a/runtime/networkdriver/ipallocator/allocator_test.go b/daemon/networkdriver/ipallocator/allocator_test.go similarity index 100% rename from runtime/networkdriver/ipallocator/allocator_test.go rename to daemon/networkdriver/ipallocator/allocator_test.go diff --git a/runtime/networkdriver/network.go b/daemon/networkdriver/network.go similarity index 100% rename from runtime/networkdriver/network.go rename to daemon/networkdriver/network.go diff --git a/runtime/networkdriver/network_test.go b/daemon/networkdriver/network_test.go similarity index 100% rename from runtime/networkdriver/network_test.go rename to daemon/networkdriver/network_test.go diff --git a/runtime/networkdriver/portallocator/portallocator.go b/daemon/networkdriver/portallocator/portallocator.go similarity index 100% rename from runtime/networkdriver/portallocator/portallocator.go rename to daemon/networkdriver/portallocator/portallocator.go diff --git a/runtime/networkdriver/portallocator/portallocator_test.go b/daemon/networkdriver/portallocator/portallocator_test.go similarity index 100% rename from runtime/networkdriver/portallocator/portallocator_test.go rename to daemon/networkdriver/portallocator/portallocator_test.go diff --git a/runtime/networkdriver/portmapper/mapper.go b/daemon/networkdriver/portmapper/mapper.go similarity index 100% rename from runtime/networkdriver/portmapper/mapper.go rename to daemon/networkdriver/portmapper/mapper.go diff --git a/runtime/networkdriver/portmapper/mapper_test.go b/daemon/networkdriver/portmapper/mapper_test.go similarity index 100% rename from runtime/networkdriver/portmapper/mapper_test.go rename to daemon/networkdriver/portmapper/mapper_test.go diff --git a/runtime/networkdriver/utils.go b/daemon/networkdriver/utils.go similarity index 100% rename from runtime/networkdriver/utils.go rename to daemon/networkdriver/utils.go diff --git a/runtime/server.go b/daemon/server.go similarity index 92% rename from runtime/server.go rename to daemon/server.go index a74c4d1200..dbe6a8ebe8 100644 --- a/runtime/server.go +++ b/daemon/server.go @@ -1,4 +1,4 @@ -package runtime +package daemon import ( "github.com/dotcloud/docker/utils" diff --git a/runtime/state.go b/daemon/state.go similarity index 80% rename from runtime/state.go rename to daemon/state.go index 316b8a40f1..562929c87a 100644 --- a/runtime/state.go +++ b/daemon/state.go @@ -1,4 +1,4 @@ -package runtime +package daemon import ( "fmt" @@ -14,7 +14,6 @@ type State struct { ExitCode int StartedAt time.Time FinishedAt time.Time - Ghost bool } // String returns a human-readable description of the state @@ -23,9 +22,6 @@ func (s *State) String() string { defer s.RUnlock() if s.Running { - if s.Ghost { - return fmt.Sprintf("Ghost") - } return fmt.Sprintf("Up %s", utils.HumanDuration(time.Now().UTC().Sub(s.StartedAt))) } if s.FinishedAt.IsZero() { @@ -41,13 +37,6 @@ func (s *State) IsRunning() bool { return s.Running } -func (s *State) IsGhost() bool { - s.RLock() - defer s.RUnlock() - - return s.Ghost -} - func (s *State) GetExitCode() int { s.RLock() defer s.RUnlock() @@ -55,19 +44,11 @@ func (s *State) GetExitCode() int { return s.ExitCode } -func (s *State) SetGhost(val bool) { - s.Lock() - defer s.Unlock() - - s.Ghost = val -} - func (s *State) SetRunning(pid int) { s.Lock() defer s.Unlock() s.Running = true - s.Ghost = false s.ExitCode = 0 s.Pid = pid s.StartedAt = time.Now().UTC() diff --git a/runtime/utils.go b/daemon/utils.go similarity index 87% rename from runtime/utils.go rename to daemon/utils.go index b983e67d41..15b62e2a06 100644 --- a/runtime/utils.go +++ b/daemon/utils.go @@ -1,4 +1,4 @@ -package runtime +package daemon import ( "fmt" @@ -51,14 +51,14 @@ func mergeLxcConfIntoOptions(hostConfig *runconfig.HostConfig, driverConfig map[ } type checker struct { - runtime *Runtime + daemon *Daemon } func (c *checker) Exists(name string) bool { - return c.runtime.containerGraph.Exists("/" + name) + return c.daemon.containerGraph.Exists("/" + name) } // Generate a random and unique name -func generateRandomName(runtime *Runtime) (string, error) { - return namesgenerator.GenerateRandomName(&checker{runtime}) +func generateRandomName(daemon *Daemon) (string, error) { + return namesgenerator.GenerateRandomName(&checker{daemon}) } diff --git a/runtime/utils_test.go b/daemon/utils_test.go similarity index 97% rename from runtime/utils_test.go rename to daemon/utils_test.go index bdf3543a49..22b52d1699 100644 --- a/runtime/utils_test.go +++ b/daemon/utils_test.go @@ -1,4 +1,4 @@ -package runtime +package daemon import ( "testing" diff --git a/runtime/volumes.go b/daemon/volumes.go similarity index 82% rename from runtime/volumes.go rename to daemon/volumes.go index 004f1bb024..a15e3084b2 100644 --- a/runtime/volumes.go +++ b/daemon/volumes.go @@ -1,15 +1,16 @@ -package runtime +package daemon import ( "fmt" - "github.com/dotcloud/docker/archive" - "github.com/dotcloud/docker/runtime/execdriver" - "github.com/dotcloud/docker/utils" "io/ioutil" "os" "path/filepath" "strings" "syscall" + + "github.com/dotcloud/docker/archive" + "github.com/dotcloud/docker/daemon/execdriver" + "github.com/dotcloud/docker/utils" ) type BindMap struct { @@ -33,10 +34,9 @@ func prepareVolumesForContainer(container *Container) error { return nil } -func setupMountsForContainer(container *Container, envPath string) error { +func setupMountsForContainer(container *Container) error { mounts := []execdriver.Mount{ - {container.runtime.sysInitPath, "/.dockerinit", false, true}, - {envPath, "/.dockerenv", false, true}, + {container.daemon.sysInitPath, "/.dockerinit", false, true}, {container.ResolvConfPath, "/etc/resolv.conf", false, true}, } @@ -80,7 +80,7 @@ func applyVolumesFrom(container *Container) error { } } - c := container.runtime.Get(specParts[0]) + c := container.daemon.Get(specParts[0]) if c == nil { return fmt.Errorf("Container %s not found. Impossible to mount its volumes", specParts[0]) } @@ -162,7 +162,7 @@ func createVolumes(container *Container) error { return err } - volumesDriver := container.runtime.volumes.Driver() + volumesDriver := container.daemon.volumes.Driver() // Create the requested volumes if they don't exist for volPath := range container.Config.Volumes { volPath = filepath.Clean(volPath) @@ -195,11 +195,11 @@ func createVolumes(container *Container) error { // Do not pass a container as the parameter for the volume creation. // The graph driver using the container's information ( Image ) to // create the parent. - c, err := container.runtime.volumes.Create(nil, "", "", "", "", nil, nil) + c, err := container.daemon.volumes.Create(nil, "", "", "", "", nil, nil) if err != nil { return err } - srcPath, err = volumesDriver.Get(c.ID) + srcPath, err = volumesDriver.Get(c.ID, "") if err != nil { return fmt.Errorf("Driver %s failed to get volume rootfs %s: %s", volumesDriver, c.ID, err) } @@ -212,15 +212,26 @@ func createVolumes(container *Container) error { srcPath = p } - container.Volumes[volPath] = srcPath - container.VolumesRW[volPath] = srcRW - // Create the mountpoint - volPath = filepath.Join(container.basefs, volPath) - rootVolPath, err := utils.FollowSymlinkInScope(volPath, container.basefs) + rootVolPath, err := utils.FollowSymlinkInScope(filepath.Join(container.basefs, volPath), container.basefs) if err != nil { return err } + + newVolPath, err := filepath.Rel(container.basefs, rootVolPath) + if err != nil { + return err + } + newVolPath = "/" + newVolPath + + if volPath != newVolPath { + delete(container.Volumes, volPath) + delete(container.VolumesRW, volPath) + } + + container.Volumes[newVolPath] = srcPath + container.VolumesRW[newVolPath] = srcRW + if err := createIfNotExists(rootVolPath, volIsDir); err != nil { return err } @@ -241,22 +252,22 @@ func createVolumes(container *Container) error { if err := archive.CopyWithTar(rootVolPath, srcPath); err != nil { return err } + } + } - var stat syscall.Stat_t - if err := syscall.Stat(rootVolPath, &stat); err != nil { - return err - } - var srcStat syscall.Stat_t - if err := syscall.Stat(srcPath, &srcStat); err != nil { - return err - } - // Change the source volume's ownership if it differs from the root - // files that were just copied - if stat.Uid != srcStat.Uid || stat.Gid != srcStat.Gid { - if err := os.Chown(srcPath, int(stat.Uid), int(stat.Gid)); err != nil { - return err - } - } + var stat syscall.Stat_t + if err := syscall.Stat(rootVolPath, &stat); err != nil { + return err + } + var srcStat syscall.Stat_t + if err := syscall.Stat(srcPath, &srcStat); err != nil { + return err + } + // Change the source volume's ownership if it differs from the root + // files that were just copied + if stat.Uid != srcStat.Uid || stat.Gid != srcStat.Gid { + if err := os.Chown(srcPath, int(stat.Uid), int(stat.Gid)); err != nil { + return err } } } diff --git a/daemonconfig/config.go b/daemonconfig/config.go index 146916d79a..619bfe582f 100644 --- a/daemonconfig/config.go +++ b/daemonconfig/config.go @@ -1,8 +1,8 @@ package daemonconfig import ( + "github.com/dotcloud/docker/daemon/networkdriver" "github.com/dotcloud/docker/engine" - "github.com/dotcloud/docker/runtime/networkdriver" "net" ) @@ -29,6 +29,7 @@ type Config struct { Mtu int DisableNetwork bool EnableSelinuxSupport bool + Context map[string][]string } // ConfigFromJob creates and returns a new DaemonConfig object @@ -46,7 +47,7 @@ func ConfigFromJob(job *engine.Job) *Config { InterContainerCommunication: job.GetenvBool("InterContainerCommunication"), GraphDriver: job.Getenv("GraphDriver"), ExecDriver: job.Getenv("ExecDriver"), - EnableSelinuxSupport: false, // FIXME: hardcoded default to disable selinux for .10 release + EnableSelinuxSupport: job.GetenvBool("EnableSelinuxSupport"), } if dns := job.GetenvList("Dns"); dns != nil { config.Dns = dns diff --git a/docker/docker.go b/docker/docker.go index e96c173d30..26ccd24bb4 100644 --- a/docker/docker.go +++ b/docker/docker.go @@ -7,6 +7,7 @@ import ( "io/ioutil" "log" "os" + "runtime" "strings" "github.com/dotcloud/docker/api" @@ -63,10 +64,11 @@ func main() { flCa = flag.String([]string{"-tlscacert"}, dockerConfDir+defaultCaFile, "Trust only remotes providing a certificate signed by the CA given here") flCert = flag.String([]string{"-tlscert"}, dockerConfDir+defaultCertFile, "Path to TLS certificate file") flKey = flag.String([]string{"-tlskey"}, dockerConfDir+defaultKeyFile, "Path to TLS key file") + flSelinuxEnabled = flag.Bool([]string{"-selinux-enabled"}, false, "Enable selinux support") ) flag.Var(&flDns, []string{"#dns", "-dns"}, "Force docker to use specific DNS servers") flag.Var(&flDnsSearch, []string{"-dns-search"}, "Force Docker to use specific DNS search domains") - flag.Var(&flHosts, []string{"H", "-host"}, "tcp://host:port, unix://path/to/socket, fd://* or fd://socketfd to use in daemon mode. Multiple sockets can be specified") + flag.Var(&flHosts, []string{"H", "-host"}, "The socket(s) to bind to in daemon mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd.") flag.Parse() @@ -96,6 +98,10 @@ func main() { } if *flDaemon { + if os.Geteuid() != 0 { + log.Fatalf("The Docker daemon needs to be run as root") + } + if flag.NArg() != 0 { flag.Usage() return @@ -120,13 +126,15 @@ func main() { log.Fatalf("Unable to get the full path to root (%s): %s", root, err) } } - - eng, err := engine.New(realRoot) - if err != nil { + if err := checkKernelAndArch(); err != nil { log.Fatal(err) } + + eng := engine.New() // Load builtins - builtins.Register(eng) + if err := builtins.Register(eng); err != nil { + log.Fatal(err) + } // load the daemon in the background so we can immediately start // the http api so that connections don't fail while the daemon // is booting @@ -147,6 +155,7 @@ func main() { job.Setenv("GraphDriver", *flGraphDriver) job.Setenv("ExecDriver", *flExecDriver) job.SetenvInt("Mtu", *flMtu) + job.SetenvBool("EnableSelinuxSupport", *flSelinuxEnabled) if err := job.Run(); err != nil { log.Fatal(err) } @@ -157,6 +166,13 @@ func main() { } }() + // TODO actually have a resolved graphdriver to show? + log.Printf("docker daemon: %s %s; execdriver: %s; graphdriver: %s", + dockerversion.VERSION, + dockerversion.GITCOMMIT, + *flExecDriver, + *flGraphDriver) + // Serve api job := eng.Job("serveapi", flHosts.GetAll()...) job.SetenvBool("Logging", true) @@ -232,3 +248,27 @@ func main() { func showVersion() { fmt.Printf("Docker version %s, build %s\n", dockerversion.VERSION, dockerversion.GITCOMMIT) } + +func checkKernelAndArch() error { + // Check for unsupported architectures + if runtime.GOARCH != "amd64" { + return fmt.Errorf("The docker runtime currently only supports amd64 (not %s). This will change in the future. Aborting.", runtime.GOARCH) + } + // Check for unsupported kernel versions + // FIXME: it would be cleaner to not test for specific versions, but rather + // test for specific functionalities. + // Unfortunately we can't test for the feature "does not cause a kernel panic" + // without actually causing a kernel panic, so we need this workaround until + // the circumstances of pre-3.8 crashes are clearer. + // For details see http://github.com/dotcloud/docker/issues/407 + if k, err := utils.GetKernelVersion(); err != nil { + log.Printf("WARNING: %s\n", err) + } else { + if utils.CompareKernelVersion(k, &utils.KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0}) < 0 { + if os.Getenv("DOCKER_NOWARN_KERNEL_VERSION") == "" { + log.Printf("WARNING: You are running linux kernel version %s, which might be unstable running docker. Please upgrade your kernel to 3.8.0.", k.String()) + } + } + } + return nil +} diff --git a/docs/Dockerfile b/docs/Dockerfile index 69aa5cb409..a907072ddf 100644 --- a/docs/Dockerfile +++ b/docs/Dockerfile @@ -1,19 +1,39 @@ -FROM ubuntu:12.04 -MAINTAINER Nick Stinemates # -# docker build -t docker:docs . && docker run -p 8000:8000 docker:docs +# See the top level Makefile in https://github.com/dotcloud/docker for usage. # +FROM debian:jessie +MAINTAINER Sven Dowideit (@SvenDowideit) -# TODO switch to http://packages.ubuntu.com/trusty/python-sphinxcontrib-httpdomain once trusty is released +RUN apt-get update && apt-get install -yq make python-pip python-setuptools vim-tiny git pandoc -RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq make python-pip python-setuptools -# pip installs from docs/requirements.txt, but here to increase cacheability -RUN pip install Sphinx==1.2.1 -RUN pip install sphinxcontrib-httpdomain==1.2.0 -ADD . /docs -RUN make -C /docs clean docs +RUN pip install mkdocs + +# add MarkdownTools to get transclusion +# (future development) +#RUN easy_install -U setuptools +#RUN pip install MarkdownTools2 + +# this week I seem to need the latest dev release of awscli too +# awscli 1.3.6 does --error-document correctly +# https://github.com/aws/aws-cli/commit/edc2290e173dfaedc70b48cfa3624d58c533c6c3 +RUN pip install awscli + +# get my sitemap.xml branch of mkdocs and use that for now +RUN git clone https://github.com/SvenDowideit/mkdocs &&\ + cd mkdocs/ &&\ + git checkout docker-markdown-merge &&\ + ./setup.py install + +ADD . /docs +ADD MAINTAINERS /docs/sources/humans.txt +WORKDIR /docs + +RUN VERSION=$(cat /docs/VERSION) &&\ + GIT_BRANCH=$(cat /docs/GIT_BRANCH) &&\ + AWS_S3_BUCKET=$(cat /docs/AWS_S3_BUCKET) &&\ + echo "{% set docker_version = \"${VERSION}\" %}{% set docker_branch = \"${GIT_BRANCH}\" %}{% set aws_bucket = \"${AWS_S3_BUCKET}\" %}{% include \"beta_warning.html\" %}" > /docs/theme/mkdocs/version.html -WORKDIR /docs/_build/html -CMD ["python", "-m", "SimpleHTTPServer"] # note, EXPOSE is only last because of https://github.com/dotcloud/docker/issues/3525 -EXPOSE 8000 +EXPOSE 8000 + +CMD ["mkdocs", "serve"] diff --git a/docs/MAINTAINERS b/docs/MAINTAINERS index 52505fab00..afbbde4099 100644 --- a/docs/MAINTAINERS +++ b/docs/MAINTAINERS @@ -1,2 +1,3 @@ James Turnbull (@jamtur01) Sven Dowideit (@SvenDowideit) +O.S. Tezer (@OSTezer) diff --git a/docs/Makefile b/docs/Makefile deleted file mode 100644 index a4efbf2102..0000000000 --- a/docs/Makefile +++ /dev/null @@ -1,185 +0,0 @@ -# Makefile for Sphinx documentation -# - -# You can set these variables from the command line. -SPHINXOPTS = -SPHINXBUILD = sphinx-build -PAPER = -BUILDDIR = _build -PYTHON = python - -# Internal variables. -PAPEROPT_a4 = -D latex_paper_size=a4 -PAPEROPT_letter = -D latex_paper_size=letter -ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) sources -# the i18n builder cannot share the environment and doctrees with the others -I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . - -.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext - -help: - @echo "Please use \`make ' where is one of" -# @echo " html to make standalone HTML files" -# @echo " dirhtml to make HTML files named index.html in directories" -# @echo " singlehtml to make a single large HTML file" -# @echo " pickle to make pickle files" -# @echo " json to make JSON files" -# @echo " htmlhelp to make HTML files and a HTML help project" -# @echo " qthelp to make HTML files and a qthelp project" -# @echo " devhelp to make HTML files and a Devhelp project" -# @echo " epub to make an epub" -# @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" -# @echo " latexpdf to make LaTeX files and run them through pdflatex" -# @echo " text to make text files" - @echo " man to make a manual page" -# @echo " texinfo to make Texinfo files" -# @echo " info to make Texinfo files and run them through makeinfo" -# @echo " gettext to make PO message catalogs" -# @echo " changes to make an overview of all changed/added/deprecated items" -# @echo " linkcheck to check all external links for integrity" -# @echo " doctest to run all doctests embedded in the documentation (if enabled)" - @echo " docs to build the docs and copy the static files to the outputdir" - @echo " server to serve the docs in your browser under \`http://localhost:8000\`" - @echo " publish to publish the app to dotcloud" - -clean: - -rm -rf $(BUILDDIR)/* - -docs: - $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/html - @echo - @echo "Build finished. The documentation pages are now in $(BUILDDIR)/html." - -server: docs - @cd $(BUILDDIR)/html; $(PYTHON) -m SimpleHTTPServer 8000 - -site: - cp -r website $(BUILDDIR)/ - cp -r theme/docker/static/ $(BUILDDIR)/website/ - @echo - @echo "The Website pages are in $(BUILDDIR)/site." - -connect: - @echo connecting dotcloud to www.docker.io website, make sure to use user 1 - @echo or create your own "dockerwebsite" app - @cd $(BUILDDIR)/website/ ; \ - dotcloud connect dockerwebsite ; \ - dotcloud list - -push: - @cd $(BUILDDIR)/website/ ; \ - dotcloud push - -$(VERSIONS): - @echo "Hello world" - -html: - $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html - @echo - @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." - -dirhtml: - $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml - @echo - @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." - -singlehtml: - $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml - @echo - @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." - -pickle: - $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle - @echo - @echo "Build finished; now you can process the pickle files." - -json: - $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json - @echo - @echo "Build finished; now you can process the JSON files." - -htmlhelp: - $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp - @echo - @echo "Build finished; now you can run HTML Help Workshop with the" \ - ".hhp project file in $(BUILDDIR)/htmlhelp." - -qthelp: - $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp - @echo - @echo "Build finished; now you can run "qcollectiongenerator" with the" \ - ".qhcp project file in $(BUILDDIR)/qthelp, like this:" - @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/Docker.qhcp" - @echo "To view the help file:" - @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/Docker.qhc" - -devhelp: - $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp - @echo - @echo "Build finished." - @echo "To view the help file:" - @echo "# mkdir -p $$HOME/.local/share/devhelp/Docker" - @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/Docker" - @echo "# devhelp" - -epub: - $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub - @echo - @echo "Build finished. The epub file is in $(BUILDDIR)/epub." - -latex: - $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex - @echo - @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." - @echo "Run \`make' in that directory to run these through (pdf)latex" \ - "(use \`make latexpdf' here to do that automatically)." - -latexpdf: - $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex - @echo "Running LaTeX files through pdflatex..." - $(MAKE) -C $(BUILDDIR)/latex all-pdf - @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." - -text: - $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text - @echo - @echo "Build finished. The text files are in $(BUILDDIR)/text." - -man: - $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man - @echo - @echo "Build finished. The manual pages are in $(BUILDDIR)/man." - -texinfo: - $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo - @echo - @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." - @echo "Run \`make' in that directory to run these through makeinfo" \ - "(use \`make info' here to do that automatically)." - -info: - $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo - @echo "Running Texinfo files through makeinfo..." - make -C $(BUILDDIR)/texinfo info - @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." - -gettext: - $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale - @echo - @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." - -changes: - $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes - @echo - @echo "The overview file is in $(BUILDDIR)/changes." - -linkcheck: - $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck - @echo - @echo "Link check complete; look for any errors in the above output " \ - "or in $(BUILDDIR)/linkcheck/output.txt." - -doctest: - $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest - @echo "Testing of doctests in the sources finished, look at the " \ - "results in $(BUILDDIR)/doctest/output.txt." diff --git a/docs/README.md b/docs/README.md old mode 100644 new mode 100755 index 9379d86870..47b390bda4 --- a/docs/README.md +++ b/docs/README.md @@ -1,183 +1,99 @@ -Docker Documentation -==================== +# Docker Documentation -Overview --------- +The source for Docker documentation is here under `sources/` and uses +extended Markdown, as implemented by [mkdocs](http://mkdocs.org). -The source for Docker documentation is here under ``sources/`` in the -form of .rst files. These files use -[reStructuredText](http://docutils.sourceforge.net/rst.html) -formatting with [Sphinx](http://sphinx-doc.org/) extensions for -structure, cross-linking and indexing. - -The HTML files are built and hosted on -[readthedocs.org](https://readthedocs.org/projects/docker/), appearing -via proxy on https://docs.docker.io. The HTML files update -automatically after each change to the master or release branch of the -[docker files on GitHub](https://github.com/dotcloud/docker) thanks to -post-commit hooks. The "release" branch maps to the "latest" -documentation and the "master" branch maps to the "master" -documentation. +The HTML files are built and hosted on `https://docs.docker.io`, and +update automatically after each change to the master or release branch +of [Docker on GitHub](https://github.com/dotcloud/docker) +thanks to post-commit hooks. The "docs" branch maps to the "latest" +documentation and the "master" (unreleased development) branch maps to +the "master" documentation. ## Branches -**There are two branches related to editing docs**: ``master`` and a -``doc*`` branch (currently ``doc0.8.1``). You should normally edit -docs on the ``master`` branch. That way your fixes will automatically -get included in later releases, and docs maintainers can easily -cherry-pick your changes to bring over to the current docs branch. In -the rare case where your change is not forward-compatible, then you -could base your change on the appropriate ``doc*`` branch. +**There are two branches related to editing docs**: `master` and a +`docs` branch. You should always edit documentation on a local branch +of the `master` branch, and send a PR against `master`. -Now that we have a ``doc*`` branch, we can keep the ``latest`` docs -up to date with any bugs found between ``docker`` code releases. +That way your fixes will automatically get included in later releases, +and docs maintainers can easily cherry-pick your changes into the +`docs` release branch. In the rare case where your change is not +forward-compatible, you may need to base your changes on the `docs` +branch. -**Warning**: When *reading* the docs, the ``master`` documentation may -include features not yet part of any official docker -release. ``Master`` docs should be used only for understanding -bleeding-edge development and ``latest`` (which points to the ``doc*`` -branch``) should be used for the latest official release. +Also, now that we have a `docs` branch, we can keep the +[http://docs.docker.io](http://docs.docker.io) docs up to date with any +bugs found between `docker` code releases. -If you need to manually trigger a build of an existing branch, then -you can do that through the [readthedocs -interface](https://readthedocs.org/builds/docker/). If you would like -to add new build targets, including new branches or tags, then you -must contact one of the existing maintainers and get your -readthedocs.org account added to the maintainers list, or just file an -issue on GitHub describing the branch/tag and why it needs to be added -to the docs, and one of the maintainers will add it for you. +**Warning**: When *reading* the docs, the +[http://beta-docs.docker.io](http://beta-docs.docker.io) documentation +may include features not yet part of any official docker release. The +`beta-docs` site should be used only for understanding bleeding-edge +development and `docs.docker.io` (which points to the `docs` +branch`) should be used for the latest official release. -Getting Started ---------------- +## Contributing -To edit and test the docs, you'll need to install the Sphinx tool and -its dependencies. There are two main ways to install this tool: +- Follow the contribution guidelines ([see + `../CONTRIBUTING.md`](../CONTRIBUTING.md)). +- [Remember to sign your work!](../CONTRIBUTING.md#sign-your-work) -### Native Installation +## Getting Started -Install dependencies from `requirements.txt` file in your `docker/docs` -directory: +Docker documentation builds are done in a Docker container, which +installs all the required tools, adds the local `docs/` directory and +builds the HTML docs. It then starts a HTTP server on port 8000 so that +you can connect and see your changes. -* Linux: `pip install -r docs/requirements.txt` +In the root of the `docker` source directory: -* Mac OS X: `[sudo] pip-2.7 install -r docs/requirements.txt` + make docs -### Alternative Installation: Docker Container +If you have any issues you need to debug, you can use `make docs-shell` and +then run `mkdocs serve` -If you're running ``docker`` on your development machine then you may -find it easier and cleaner to use the docs Dockerfile. This installs Sphinx -in a container, adds the local ``docs/`` directory and builds the HTML -docs inside the container, even starting a simple HTTP server on port -8000 so that you can connect and see your changes. +### Examples -In the ``docker`` source directory, run: - ```make docs``` +When writing examples give the user hints by making them resemble what +they see in their shell: -This is the equivalent to ``make clean server`` since each container -starts clean. +- Indent shell examples by 4 spaces so they get rendered as code. +- Start typed commands with `$ ` (dollar space), so that they are easily +differentiated from program output. +- Program output has no prefix. +- Comments begin with `# ` (hash space). +- In-container shell commands begin with `$$ ` (dollar dollar space). -# Contributing +### Images -## Normal Case: +When you need to add images, try to make them as small as possible +(e.g. as gifs). Usually images should go in the same directory as the +`.md` file which references them, or in a subdirectory if one already +exists. -* Follow the contribution guidelines ([see - ``../CONTRIBUTING.md``](../CONTRIBUTING.md)). -* [Remember to sign your work!](../CONTRIBUTING.md#sign-your-work) -* Work in your own fork of the code, we accept pull requests. -* Change the ``.rst`` files with your favorite editor -- try to keep the - lines short and respect RST and Sphinx conventions. -* Run ``make clean docs`` to clean up old files and generate new ones, - or just ``make docs`` to update after small changes. -* Your static website can now be found in the ``_build`` directory. -* To preview what you have generated run ``make server`` and open - http://localhost:8000/ in your favorite browser. - -``make clean docs`` must complete without any warnings or errors. - -## Special Case for RST Newbies: - -If you want to write a new doc or make substantial changes to an -existing doc, but **you don't know RST syntax**, we will accept pull -requests in Markdown and plain text formats. We really want to -encourage people to share their knowledge and don't want the markup -syntax to be the obstacle. So when you make the Pull Request, please -note in your comment that you need RST markup assistance, and we'll -make the changes for you, and then we will make a pull request to your -pull request so that you can get all the changes and learn about the -markup. You still need to follow the -[``CONTRIBUTING``](../CONTRIBUTING) guidelines, so please sign your -commits. - -Working using GitHub's file editor ----------------------------------- +## Working using GitHub's file editor Alternatively, for small changes and typos you might want to use GitHub's built in file editor. It allows you to preview your changes -right online (though there can be some differences between GitHub -markdown and Sphinx RST). Just be careful not to create many commits. -And you must still [sign your work!](../CONTRIBUTING.md#sign-your-work) +right on-line (though there can be some differences between GitHub +Markdown and [MkDocs Markdown](http://www.mkdocs.org/user-guide/writing-your-docs/)). +Just be careful not to create many commits. And you must still +[sign your work!](../CONTRIBUTING.md#sign-your-work) -Images ------- +## Publishing Documentation -When you need to add images, try to make them as small as possible -(e.g. as gif). Usually images should go in the same directory as the -.rst file which references them, or in a subdirectory if one already -exists. +To publish a copy of the documentation you need a `docs/awsconfig` +file containing AWS settings to deploy to. The release script will +create an s3 if needed, and will then push the files to it. -Notes ------ + [profile dowideit-docs] + aws_access_key_id = IHOIUAHSIDH234rwf.... + aws_secret_access_key = OIUYSADJHLKUHQWIUHE...... + region = ap-southeast-2 -* For the template the css is compiled from less. When changes are - needed they can be compiled using +The `profile` name must be the same as the name of the bucket you are +deploying to - which you call from the `docker` directory: - lessc ``lessc main.less`` or watched using watch-lessc ``watch-lessc -i main.less -o main.css`` - -Guides on using sphinx ----------------------- -* To make links to certain sections create a link target like so: - - ``` - .. _hello_world: - - Hello world - =========== - - This is a reference to :ref:`hello_world` and will work even if we - move the target to another file or change the title of the section. - ``` - - The ``_hello_world:`` will make it possible to link to this position - (page and section heading) from all other pages. See the [Sphinx - docs](http://sphinx-doc.org/markup/inline.html#role-ref) for more - information and examples. - -* Notes, warnings and alarms - - ``` - # a note (use when something is important) - .. note:: - - # a warning (orange) - .. warning:: - - # danger (red, use sparsely) - .. danger:: - -* Code examples - - * Start typed commands with ``$ `` (dollar space) so that they - are easily differentiated from program output. - * Use "sudo" with docker to ensure that your command is runnable - even if they haven't [used the *docker* - group](http://docs.docker.io/en/latest/use/basics/#why-sudo). - -Manpages --------- - -* To make the manpages, run ``make man``. Please note there is a bug - in Sphinx 1.1.3 which makes this fail. Upgrade to the latest version - of Sphinx. -* Then preview the manpage by running ``man _build/man/docker.1``, - where ``_build/man/docker.1`` is the path to the generated manfile + make AWS_S3_BUCKET=dowideit-docs docs-release diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml new file mode 100755 index 0000000000..c16436e892 --- /dev/null +++ b/docs/mkdocs.yml @@ -0,0 +1,142 @@ +site_name: Docker Documentation +#site_url: http://docs.docker.io/ +site_url: / +site_description: Documentation for fast and lightweight Docker container based virtualization framework. +site_favicon: img/favicon.png + +dev_addr: '0.0.0.0:8000' + +repo_url: https://github.com/dotcloud/docker/ + +docs_dir: sources + +include_search: true + +use_absolute_urls: true + +# theme: docker +theme_dir: ./theme/mkdocs/ +theme_center_lead: false +include_search: true + +copyright: Copyright © 2014, Docker, Inc. +google_analytics: ['UA-6096819-11', 'docker.io'] + +pages: + +# Introduction: +- ['index.md', 'About', 'Docker'] +- ['introduction/index.md', '**HIDDEN**'] +- ['introduction/understanding-docker.md', 'About', 'Understanding Docker'] +- ['introduction/technology.md', 'About', 'The Technology'] +- ['introduction/working-with-docker.md', 'About', 'Working with Docker'] +- ['introduction/get-docker.md', 'About', 'Get Docker'] + +# Installation: +- ['installation/index.md', '**HIDDEN**'] +- ['installation/mac.md', 'Installation', 'Mac OS X'] +- ['installation/ubuntulinux.md', 'Installation', 'Ubuntu'] +- ['installation/rhel.md', 'Installation', 'Red Hat Enterprise Linux'] +- ['installation/gentoolinux.md', 'Installation', 'Gentoo'] +- ['installation/google.md', 'Installation', 'Google Cloud Platform'] +- ['installation/rackspace.md', 'Installation', 'Rackspace Cloud'] +- ['installation/amazon.md', 'Installation', 'Amazon EC2'] +- ['installation/softlayer.md', 'Installation', 'IBM Softlayer'] +- ['installation/archlinux.md', 'Installation', 'Arch Linux'] +- ['installation/frugalware.md', 'Installation', 'FrugalWare'] +- ['installation/fedora.md', 'Installation', 'Fedora'] +- ['installation/openSUSE.md', 'Installation', 'openSUSE'] +- ['installation/cruxlinux.md', 'Installation', 'CRUX Linux'] +- ['installation/windows.md', 'Installation', 'Microsoft Windows'] +- ['installation/binaries.md', 'Installation', 'Binaries'] + +# Examples: +- ['use/index.md', '**HIDDEN**'] +- ['use/basics.md', 'Examples', 'First steps with Docker'] +- ['examples/index.md', '**HIDDEN**'] +- ['examples/hello_world.md', 'Examples', 'Hello World'] +- ['examples/nodejs_web_app.md', 'Examples', 'Node.js web application'] +- ['examples/python_web_app.md', 'Examples', 'Python web application'] +- ['examples/mongodb.md', 'Examples', 'MongoDB service'] +- ['examples/running_redis_service.md', 'Examples', 'Redis service'] +- ['examples/postgresql_service.md', 'Examples', 'PostgreSQL service'] +- ['examples/running_riak_service.md', 'Examples', 'Running a Riak service'] +- ['examples/running_ssh_service.md', 'Examples', 'Running an SSH service'] +- ['examples/couchdb_data_volumes.md', 'Examples', 'CouchDB service'] +- ['examples/apt-cacher-ng.md', 'Examples', 'Apt-Cacher-ng service'] +- ['examples/https.md', 'Examples', 'Running Docker with HTTPS'] +- ['examples/using_supervisord.md', 'Examples', 'Using Supervisor'] +- ['examples/cfengine_process_management.md', 'Examples', 'Process management with CFEngine'] +- ['use/working_with_links_names.md', 'Examples', 'Linking containers together'] +- ['use/working_with_volumes.md', 'Examples', 'Sharing Directories using volumes'] +- ['use/puppet.md', 'Examples', 'Using Puppet'] +- ['use/chef.md', 'Examples', 'Using Chef'] +- ['use/workingwithrepository.md', 'Examples', 'Working with a Docker Repository'] +- ['use/port_redirection.md', 'Examples', 'Redirect ports'] +- ['use/ambassador_pattern_linking.md', 'Examples', 'Cross-Host linking using Ambassador Containers'] +- ['use/host_integration.md', 'Examples', 'Automatically starting Containers'] + +#- ['user-guide/index.md', '**HIDDEN**'] +# - ['user-guide/writing-your-docs.md', 'User Guide', 'Writing your docs'] +# - ['user-guide/styling-your-docs.md', 'User Guide', 'Styling your docs'] +# - ['user-guide/configuration.md', 'User Guide', 'Configuration'] +# ./faq.md + +# Docker.io docs: +- ['docker-io/index.md', '**HIDDEN**'] +# - ['index/home.md', 'Docker Index', 'Help'] +- ['docker-io/accounts.md', 'Docker.io', 'Accounts'] +- ['docker-io/repos.md', 'Docker.io', 'Repositories'] +- ['docker-io/builds.md', 'Docker.io', 'Trusted Builds'] + +# Reference +- ['reference/index.md', '**HIDDEN**'] +- ['reference/commandline/index.md', '**HIDDEN**'] +- ['reference/commandline/cli.md', 'Reference', 'Command line'] +- ['reference/builder.md', 'Reference', 'Dockerfile'] +- ['reference/run.md', 'Reference', 'Run Reference'] +- ['articles/index.md', '**HIDDEN**'] +- ['articles/runmetrics.md', 'Reference', 'Runtime metrics'] +- ['articles/security.md', 'Reference', 'Security'] +- ['articles/baseimages.md', 'Reference', 'Creating a Base Image'] +- ['use/networking.md', 'Reference', 'Advanced networking'] +- ['reference/api/index.md', '**HIDDEN**'] +- ['reference/api/docker-io_api.md', 'Reference', 'Docker.io API'] +- ['reference/api/registry_api.md', 'Reference', 'Docker Registry API'] +- ['reference/api/registry_index_spec.md', 'Reference', 'Registry & Index Spec'] +- ['reference/api/docker_remote_api.md', 'Reference', 'Docker Remote API'] +- ['reference/api/docker_remote_api_v1.11.md', 'Reference', 'Docker Remote API v1.11'] +- ['reference/api/docker_remote_api_v1.10.md', 'Reference', 'Docker Remote API v1.10'] +- ['reference/api/docker_remote_api_v1.9.md', '**HIDDEN**'] +- ['reference/api/docker_remote_api_v1.8.md', '**HIDDEN**'] +- ['reference/api/docker_remote_api_v1.7.md', '**HIDDEN**'] +- ['reference/api/docker_remote_api_v1.6.md', '**HIDDEN**'] +- ['reference/api/docker_remote_api_v1.5.md', '**HIDDEN**'] +- ['reference/api/docker_remote_api_v1.4.md', '**HIDDEN**'] +- ['reference/api/docker_remote_api_v1.3.md', '**HIDDEN**'] +- ['reference/api/docker_remote_api_v1.2.md', '**HIDDEN**'] +- ['reference/api/docker_remote_api_v1.1.md', '**HIDDEN**'] +- ['reference/api/docker_remote_api_v1.0.md', '**HIDDEN**'] +- ['reference/api/remote_api_client_libraries.md', 'Reference', 'Docker Remote API Client Libraries'] +- ['reference/api/docker_io_oauth_api.md', 'Reference', 'Docker IO OAuth API'] +- ['reference/api/docker_io_accounts_api.md', 'Reference', 'Docker IO Accounts API'] + +- ['jsearch.md', '**HIDDEN**'] + +# - ['static_files/README.md', 'static_files', 'README'] +- ['terms/index.md', '**HIDDEN**'] +- ['terms/layer.md', '**HIDDEN**'] +- ['terms/index.md', '**HIDDEN**'] +- ['terms/registry.md', '**HIDDEN**'] +- ['terms/container.md', '**HIDDEN**'] +- ['terms/repository.md', '**HIDDEN**'] +- ['terms/filesystem.md', '**HIDDEN**'] +- ['terms/image.md', '**HIDDEN**'] + +# TODO: our theme adds a dropdown even for sections that have no subsections. + #- ['faq.md', 'FAQ'] + +# Contribute: +- ['contributing/index.md', '**HIDDEN**'] +- ['contributing/contributing.md', 'Contribute', 'Contributing'] +- ['contributing/devenvironment.md', 'Contribute', 'Development environment'] diff --git a/docs/release.sh b/docs/release.sh new file mode 100755 index 0000000000..323887f594 --- /dev/null +++ b/docs/release.sh @@ -0,0 +1,63 @@ +#!/usr/bin/env bash +set -e + +set -o pipefail + +usage() { + cat >&2 <<'EOF' +To publish the Docker documentation you need to set your access_key and secret_key in the docs/awsconfig file +(with the keys in a [profile $AWS_S3_BUCKET] section - so you can have more than one set of keys in your file) +and set the AWS_S3_BUCKET env var to the name of your bucket. + +make AWS_S3_BUCKET=beta-docs.docker.io docs-release + +will then push the documentation site to your s3 bucket. +EOF + exit 1 +} + +[ "$AWS_S3_BUCKET" ] || usage + +#VERSION=$(cat VERSION) +BUCKET=$AWS_S3_BUCKET + +export AWS_CONFIG_FILE=$(pwd)/awsconfig +[ -e "$AWS_CONFIG_FILE" ] || usage +export AWS_DEFAULT_PROFILE=$BUCKET + +echo "cfg file: $AWS_CONFIG_FILE ; profile: $AWS_DEFAULT_PROFILE" + +setup_s3() { + echo "Create $BUCKET" + # Try creating the bucket. Ignore errors (it might already exist). + aws s3 mb s3://$BUCKET 2>/dev/null || true + # Check access to the bucket. + echo "test $BUCKET exists" + aws s3 ls s3://$BUCKET + # Make the bucket accessible through website endpoints. + echo "make $BUCKET accessible as a website" + #aws s3 website s3://$BUCKET --index-document index.html --error-document jsearch/index.html + s3conf=$(cat s3_website.json) + aws s3api put-bucket-website --bucket $BUCKET --website-configuration "$s3conf" +} + +build_current_documentation() { + mkdocs build +} + +upload_current_documentation() { + src=site/ + dst=s3://$BUCKET + + echo + echo "Uploading $src" + echo " to $dst" + echo + #s3cmd --recursive --follow-symlinks --preserve --acl-public sync "$src" "$dst" + aws s3 sync --acl public-read --exclude "*.rej" --exclude "*.rst" --exclude "*.orig" --exclude "*.py" "$src" "$dst" +} + +setup_s3 +build_current_documentation +upload_current_documentation + diff --git a/docs/requirements.txt b/docs/requirements.txt deleted file mode 100644 index 6f41142a84..0000000000 --- a/docs/requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -Sphinx==1.2.1 -sphinxcontrib-httpdomain==1.2.0 diff --git a/docs/s3_website.json b/docs/s3_website.json new file mode 100644 index 0000000000..fb14628ce6 --- /dev/null +++ b/docs/s3_website.json @@ -0,0 +1,17 @@ +{ + "ErrorDocument": { + "Key": "jsearch/index.html" + }, + "IndexDocument": { + "Suffix": "index.html" + }, + "RoutingRules": [ + { "Condition": { "KeyPrefixEquals": "en/latest/" }, "Redirect": { "ReplaceKeyPrefixWith": "" } }, + { "Condition": { "KeyPrefixEquals": "en/master/" }, "Redirect": { "ReplaceKeyPrefixWith": "" } }, + { "Condition": { "KeyPrefixEquals": "en/v0.6.3/" }, "Redirect": { "ReplaceKeyPrefixWith": "" } }, + { "Condition": { "KeyPrefixEquals": "jsearch/index.html" }, "Redirect": { "ReplaceKeyPrefixWith": "jsearch/" } }, + { "Condition": { "KeyPrefixEquals": "index/" }, "Redirect": { "ReplaceKeyPrefixWith": "docker-io/" } }, + { "Condition": { "KeyPrefixEquals": "reference/api/index_api/" }, "Redirect": { "ReplaceKeyPrefixWith": "reference/api/docker-io_api/" } } + ] +} + diff --git a/docs/sources/article-img/architecture.svg b/docs/sources/article-img/architecture.svg new file mode 100644 index 0000000000..607cc3c18f --- /dev/null +++ b/docs/sources/article-img/architecture.svg @@ -0,0 +1,3 @@ + + +2014-04-15 00:37ZCanvas 1Layer 1HostContainer 1Container 2Container 3Container ...Docker Clientdocker pulldocker rundocker ...Docker IndexDocker Daemon diff --git a/docs/sources/articles.md b/docs/sources/articles.md new file mode 100644 index 0000000000..54c067d0cc --- /dev/null +++ b/docs/sources/articles.md @@ -0,0 +1,8 @@ +# Articles + +## Contents: + + - [Docker Security](security/) + - [Create a Base Image](baseimages/) + - [Runtime Metrics](runmetrics/) + diff --git a/docs/sources/articles/baseimages.md b/docs/sources/articles/baseimages.md new file mode 100644 index 0000000000..c795b7a0a7 --- /dev/null +++ b/docs/sources/articles/baseimages.md @@ -0,0 +1,59 @@ +page_title: Create a Base Image +page_description: How to create base images +page_keywords: Examples, Usage, base image, docker, documentation, examples + +# Create a Base Image + +So you want to create your own [*Base Image*]( +/terms/image/#base-image-def)? Great! + +The specific process will depend heavily on the Linux distribution you +want to package. We have some examples below, and you are encouraged to +submit pull requests to contribute new ones. + +## Create a full image using tar + +In general, you'll want to start with a working machine that is running +the distribution you'd like to package as a base image, though that is +not required for some tools like Debian's +[Debootstrap](https://wiki.debian.org/Debootstrap), which you can also +use to build Ubuntu images. + +It can be as simple as this to create an Ubuntu base image: + + $ sudo debootstrap raring raring > /dev/null + $ sudo tar -C raring -c . | sudo docker import - raring + a29c15f1bf7a + $ sudo docker run raring cat /etc/lsb-release + DISTRIB_ID=Ubuntu + DISTRIB_RELEASE=13.04 + DISTRIB_CODENAME=raring + DISTRIB_DESCRIPTION="Ubuntu 13.04" + +There are more example scripts for creating base images in the Docker +GitHub Repo: + + - [BusyBox](https://github.com/dotcloud/docker/blob/master/contrib/mkimage-busybox.sh) + - CentOS / Scientific Linux CERN (SLC) [on Debian/Ubuntu]( + https://github.com/dotcloud/docker/blob/master/contrib/mkimage-rinse.sh) or + [on CentOS/RHEL/SLC/etc.]( + https://github.com/dotcloud/docker/blob/master/contrib/mkimage-yum.sh) + - [Debian / Ubuntu]( + https://github.com/dotcloud/docker/blob/master/contrib/mkimage-debootstrap.sh) + +## Creating a simple base image using `scratch` + +There is a special repository in the Docker registry called `scratch`, which +was created using an empty tar file: + + $ tar cv --files-from /dev/null | docker import - scratch + +which you can `docker pull`. You can then use that +image to base your new minimal containers `FROM`: + + FROM scratch + ADD true-asm /true + CMD ["/true"] + +The Dockerfile above is from extremely minimal image - [tianon/true]( +https://github.com/tianon/dockerfiles/tree/master/true). diff --git a/docs/sources/articles/baseimages.rst b/docs/sources/articles/baseimages.rst deleted file mode 100644 index 61c8f7d9c5..0000000000 --- a/docs/sources/articles/baseimages.rst +++ /dev/null @@ -1,65 +0,0 @@ -:title: Create a Base Image -:description: How to create base images -:keywords: Examples, Usage, base image, docker, documentation, examples - -.. _base_image_creation: - -Create a Base Image -=================== - -So you want to create your own :ref:`base_image_def`? Great! - -The specific process will depend heavily on the Linux distribution you -want to package. We have some examples below, and you are encouraged -to submit pull requests to contribute new ones. - -Create a full image using tar -............................. - -In general, you'll want to start with a working machine that is -running the distribution you'd like to package as a base image, though -that is not required for some tools like Debian's `Debootstrap -`_, which you can also use to -build Ubuntu images. - -It can be as simple as this to create an Ubuntu base image:: - - $ sudo debootstrap raring raring > /dev/null - $ sudo tar -C raring -c . | sudo docker import - raring - a29c15f1bf7a - $ sudo docker run raring cat /etc/lsb-release - DISTRIB_ID=Ubuntu - DISTRIB_RELEASE=13.04 - DISTRIB_CODENAME=raring - DISTRIB_DESCRIPTION="Ubuntu 13.04" - -There are more example scripts for creating base images in the -Docker GitHub Repo: - -* `BusyBox `_ -* CentOS / Scientific Linux CERN (SLC) `on Debian/Ubuntu - `_ - or - `on CentOS/RHEL/SLC/etc. - `_ -* `Debian / Ubuntu - `_ - - -Creating a simple base image using ``scratch`` -.............................................. - -There is a special repository in the Docker registry called ``scratch``, which -was created using an empty tar file:: - - $ tar cv --files-from /dev/null | docker import - scratch - -which you can ``docker pull``. You can then use that image to base your new -minimal containers ``FROM``:: - - FROM scratch - ADD true-asm /true - CMD ["/true"] - -The Dockerfile above is from extremely minimal image - -`tianon/true `_. diff --git a/docs/sources/articles/index.rst b/docs/sources/articles/index.rst deleted file mode 100644 index 75c0cd3fa9..0000000000 --- a/docs/sources/articles/index.rst +++ /dev/null @@ -1,15 +0,0 @@ -:title: Docker articles -:description: various articles related to Docker -:keywords: docker, articles - -.. _articles_list: - -Articles -======== - -.. toctree:: - :maxdepth: 1 - - security - baseimages - runmetrics diff --git a/docs/sources/articles/runmetrics.md b/docs/sources/articles/runmetrics.md new file mode 100644 index 0000000000..50d46047c0 --- /dev/null +++ b/docs/sources/articles/runmetrics.md @@ -0,0 +1,438 @@ +page_title: Runtime Metrics +page_description: Measure the behavior of running containers +page_keywords: docker, metrics, CPU, memory, disk, IO, run, runtime + +# Runtime Metrics + +Linux Containers rely on [control groups]( +https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt) +which not only track groups of processes, but also expose metrics about +CPU, memory, and block I/O usage. You can access those metrics and +obtain network usage metrics as well. This is relevant for "pure" LXC +containers, as well as for Docker containers. + +## Control Groups + +Control groups are exposed through a pseudo-filesystem. In recent +distros, you should find this filesystem under `/sys/fs/cgroup`. Under +that directory, you will see multiple sub-directories, called devices, +freezer, blkio, etc.; each sub-directory actually corresponds to a different +cgroup hierarchy. + +On older systems, the control groups might be mounted on `/cgroup`, without +distinct hierarchies. In that case, instead of seeing the sub-directories, +you will see a bunch of files in that directory, and possibly some directories +corresponding to existing containers. + +To figure out where your control groups are mounted, you can run: + + $ grep cgroup /proc/mounts + +## Enumerating Cgroups + +You can look into `/proc/cgroups` to see the different control group subsystems +known to the system, the hierarchy they belong to, and how many groups they contain. + +You can also look at `/proc//cgroup` to see which control groups a process +belongs to. The control group will be shown as a path relative to the root of +the hierarchy mountpoint; e.g. `/` means “this process has not been assigned into +a particular group”, while `/lxc/pumpkin` means that the process is likely to be +a member of a container named `pumpkin`. + +## Finding the Cgroup for a Given Container + +For each container, one cgroup will be created in each hierarchy. On +older systems with older versions of the LXC userland tools, the name of +the cgroup will be the name of the container. With more recent versions +of the LXC tools, the cgroup will be `lxc/.` + +For Docker containers using cgroups, the container name will be the full +ID or long ID of the container. If a container shows up as ae836c95b4c3 +in `docker ps`, its long ID might be something like +`ae836c95b4c3c9e9179e0e91015512da89fdec91612f63cebae57df9a5444c79`. You can +look it up with `docker inspect` or `docker ps -notrunc`. + +Putting everything together to look at the memory metrics for a Docker +container, take a look at `/sys/fs/cgroup/memory/lxc//`. + +## Metrics from Cgroups: Memory, CPU, Block IO + +For each subsystem (memory, CPU, and block I/O), you will find one or +more pseudo-files containing statistics. + +### Memory Metrics: `memory.stat` + +Memory metrics are found in the "memory" cgroup. Note that the memory +control group adds a little overhead, because it does very fine-grained +accounting of the memory usage on your host. Therefore, many distros +chose to not enable it by default. Generally, to enable it, all you have +to do is to add some kernel command-line parameters: +`cgroup_enable=memory swapaccount=1`. + +The metrics are in the pseudo-file `memory.stat`. +Here is what it will look like: + + cache 11492564992 + rss 1930993664 + mapped_file 306728960 + pgpgin 406632648 + pgpgout 403355412 + swap 0 + pgfault 728281223 + pgmajfault 1724 + inactive_anon 46608384 + active_anon 1884520448 + inactive_file 7003344896 + active_file 4489052160 + unevictable 32768 + hierarchical_memory_limit 9223372036854775807 + hierarchical_memsw_limit 9223372036854775807 + total_cache 11492564992 + total_rss 1930993664 + total_mapped_file 306728960 + total_pgpgin 406632648 + total_pgpgout 403355412 + total_swap 0 + total_pgfault 728281223 + total_pgmajfault 1724 + total_inactive_anon 46608384 + total_active_anon 1884520448 + total_inactive_file 7003344896 + total_active_file 4489052160 + total_unevictable 32768 + +The first half (without the `total_` prefix) contains statistics relevant +to the processes within the cgroup, excluding sub-cgroups. The second half +(with the `total_` prefix) includes sub-cgroups as well. + +Some metrics are "gauges", i.e. values that can increase or decrease +(e.g. swap, the amount of swap space used by the members of the cgroup). +Some others are "counters", i.e. values that can only go up, because +they represent occurrences of a specific event (e.g. pgfault, which +indicates the number of page faults which happened since the creation of +the cgroup; this number can never decrease). + + + - **cache:** + the amount of memory used by the processes of this control group + that can be associated precisely with a block on a block device. + When you read from and write to files on disk, this amount will + increase. This will be the case if you use "conventional" I/O + (`open`, `read`, + `write` syscalls) as well as mapped files (with + `mmap`). It also accounts for the memory used by + `tmpfs` mounts, though the reasons are unclear. + + - **rss:** + the amount of memory that *doesn't* correspond to anything on disk: + stacks, heaps, and anonymous memory maps. + + - **mapped_file:** + indicates the amount of memory mapped by the processes in the + control group. It doesn't give you information about *how much* + memory is used; it rather tells you *how* it is used. + + - **pgfault and pgmajfault:** + indicate the number of times that a process of the cgroup triggered + a "page fault" and a "major fault", respectively. A page fault + happens when a process accesses a part of its virtual memory space + which is nonexistent or protected. The former can happen if the + process is buggy and tries to access an invalid address (it will + then be sent a `SIGSEGV` signal, typically + killing it with the famous `Segmentation fault` + message). The latter can happen when the process reads from a memory + zone which has been swapped out, or which corresponds to a mapped + file: in that case, the kernel will load the page from disk, and let + the CPU complete the memory access. It can also happen when the + process writes to a copy-on-write memory zone: likewise, the kernel + will preempt the process, duplicate the memory page, and resume the + write operation on the process` own copy of the page. "Major" faults + happen when the kernel actually has to read the data from disk. When + it just has to duplicate an existing page, or allocate an empty + page, it's a regular (or "minor") fault. + + - **swap:** + the amount of swap currently used by the processes in this cgroup. + + - **active_anon and inactive_anon:** + the amount of *anonymous* memory that has been identified has + respectively *active* and *inactive* by the kernel. "Anonymous" + memory is the memory that is *not* linked to disk pages. In other + words, that's the equivalent of the rss counter described above. In + fact, the very definition of the rss counter is **active_anon** + + **inactive_anon** - **tmpfs** (where tmpfs is the amount of memory + used up by `tmpfs` filesystems mounted by this + control group). Now, what's the difference between "active" and + "inactive"? Pages are initially "active"; and at regular intervals, + the kernel sweeps over the memory, and tags some pages as + "inactive". Whenever they are accessed again, they are immediately + retagged "active". When the kernel is almost out of memory, and time + comes to swap out to disk, the kernel will swap "inactive" pages. + + - **active_file and inactive_file:** + cache memory, with *active* and *inactive* similar to the *anon* + memory above. The exact formula is cache = **active_file** + + **inactive_file** + **tmpfs**. The exact rules used by the kernel + to move memory pages between active and inactive sets are different + from the ones used for anonymous memory, but the general principle + is the same. Note that when the kernel needs to reclaim memory, it + is cheaper to reclaim a clean (=non modified) page from this pool, + since it can be reclaimed immediately (while anonymous pages and + dirty/modified pages have to be written to disk first). + + - **unevictable:** + the amount of memory that cannot be reclaimed; generally, it will + account for memory that has been "locked" with `mlock`. + It is often used by crypto frameworks to make sure that + secret keys and other sensitive material never gets swapped out to + disk. + + - **memory and memsw limits:** + These are not really metrics, but a reminder of the limits applied + to this cgroup. The first one indicates the maximum amount of + physical memory that can be used by the processes of this control + group; the second one indicates the maximum amount of RAM+swap. + +Accounting for memory in the page cache is very complex. If two +processes in different control groups both read the same file +(ultimately relying on the same blocks on disk), the corresponding +memory charge will be split between the control groups. It's nice, but +it also means that when a cgroup is terminated, it could increase the +memory usage of another cgroup, because they are not splitting the cost +anymore for those memory pages. + +### CPU metrics: `cpuacct.stat` + +Now that we've covered memory metrics, everything else will look very +simple in comparison. CPU metrics will be found in the +`cpuacct` controller. + +For each container, you will find a pseudo-file `cpuacct.stat`, +containing the CPU usage accumulated by the processes of the container, +broken down between `user` and `system` time. If you're not familiar +with the distinction, `user` is the time during which the processes were +in direct control of the CPU (i.e. executing process code), and `system` +is the time during which the CPU was executing system calls on behalf of +those processes. + +Those times are expressed in ticks of 1/100th of a second. Actually, +they are expressed in "user jiffies". There are `USER_HZ` +*"jiffies"* per second, and on x86 systems, +`USER_HZ` is 100. This used to map exactly to the +number of scheduler "ticks" per second; but with the advent of higher +frequency scheduling, as well as [tickless kernels]( +http://lwn.net/Articles/549580/), the number of kernel ticks +wasn't relevant anymore. It stuck around anyway, mainly for legacy and +compatibility reasons. + +### Block I/O metrics + +Block I/O is accounted in the `blkio` controller. +Different metrics are scattered across different files. While you can +find in-depth details in the [blkio-controller]( +https://www.kernel.org/doc/Documentation/cgroups/blkio-controller.txt) +file in the kernel documentation, here is a short list of the most +relevant ones: + + + - **blkio.sectors:** + contain the number of 512-bytes sectors read and written by the + processes member of the cgroup, device by device. Reads and writes + are merged in a single counter. + + - **blkio.io_service_bytes:** + indicates the number of bytes read and written by the cgroup. It has + 4 counters per device, because for each device, it differentiates + between synchronous vs. asynchronous I/O, and reads vs. writes. + + - **blkio.io_serviced:** + the number of I/O operations performed, regardless of their size. It + also has 4 counters per device. + + - **blkio.io_queued:** + indicates the number of I/O operations currently queued for this + cgroup. In other words, if the cgroup isn't doing any I/O, this will + be zero. Note that the opposite is not true. In other words, if + there is no I/O queued, it does not mean that the cgroup is idle + (I/O-wise). It could be doing purely synchronous reads on an + otherwise quiescent device, which is therefore able to handle them + immediately, without queuing. Also, while it is helpful to figure + out which cgroup is putting stress on the I/O subsystem, keep in + mind that is is a relative quantity. Even if a process group does + not perform more I/O, its queue size can increase just because the + device load increases because of other devices. + +## Network Metrics + +Network metrics are not exposed directly by control groups. There is a +good explanation for that: network interfaces exist within the context +of *network namespaces*. The kernel could probably accumulate metrics +about packets and bytes sent and received by a group of processes, but +those metrics wouldn't be very useful. You want per-interface metrics +(because traffic happening on the local `lo` +interface doesn't really count). But since processes in a single cgroup +can belong to multiple network namespaces, those metrics would be harder +to interpret: multiple network namespaces means multiple `lo` +interfaces, potentially multiple `eth0` +interfaces, etc.; so this is why there is no easy way to gather network +metrics with control groups. + +Instead we can gather network metrics from other sources: + +### IPtables + +IPtables (or rather, the netfilter framework for which iptables is just +an interface) can do some serious accounting. + +For instance, you can setup a rule to account for the outbound HTTP +traffic on a web server: + + $ iptables -I OUTPUT -p tcp --sport 80 + +There is no `-j` or `-g` flag, +so the rule will just count matched packets and go to the following +rule. + +Later, you can check the values of the counters, with: + + $ iptables -nxvL OUTPUT + +Technically, `-n` is not required, but it will +prevent iptables from doing DNS reverse lookups, which are probably +useless in this scenario. + +Counters include packets and bytes. If you want to setup metrics for +container traffic like this, you could execute a `for` +loop to add two `iptables` rules per +container IP address (one in each direction), in the `FORWARD` +chain. This will only meter traffic going through the NAT +layer; you will also have to add traffic going through the userland +proxy. + +Then, you will need to check those counters on a regular basis. If you +happen to use `collectd`, there is a nice plugin to +automate iptables counters collection. + +### Interface-level counters + +Since each container has a virtual Ethernet interface, you might want to +check directly the TX and RX counters of this interface. You will notice +that each container is associated to a virtual Ethernet interface in +your host, with a name like `vethKk8Zqi`. Figuring +out which interface corresponds to which container is, unfortunately, +difficult. + +But for now, the best way is to check the metrics *from within the +containers*. To accomplish this, you can run an executable from the host +environment within the network namespace of a container using **ip-netns +magic**. + +The `ip-netns exec` command will let you execute any +program (present in the host system) within any network namespace +visible to the current process. This means that your host will be able +to enter the network namespace of your containers, but your containers +won't be able to access the host, nor their sibling containers. +Containers will be able to “see” and affect their sub-containers, +though. + +The exact format of the command is: + + $ ip netns exec + +For example: + + $ ip netns exec mycontainer netstat -i + +`ip netns` finds the "mycontainer" container by +using namespaces pseudo-files. Each process belongs to one network +namespace, one PID namespace, one `mnt` namespace, +etc., and those namespaces are materialized under +`/proc//ns/`. For example, the network +namespace of PID 42 is materialized by the pseudo-file +`/proc/42/ns/net`. + +When you run `ip netns exec mycontainer ...`, it +expects `/var/run/netns/mycontainer` to be one of +those pseudo-files. (Symlinks are accepted.) + +In other words, to execute a command within the network namespace of a +container, we need to: + +- Find out the PID of any process within the container that we want to investigate; +- Create a symlink from `/var/run/netns/` to `/proc//ns/net` +- Execute `ip netns exec ....` + +Please review [*Enumerating Cgroups*](#enumerating-cgroups) to learn how to find +the cgroup of a pprocess running in the container of which you want to +measure network usage. From there, you can examine the pseudo-file named +`tasks`, which containes the PIDs that are in the +control group (i.e. in the container). Pick any one of them. + +Putting everything together, if the "short ID" of a container is held in +the environment variable `$CID`, then you can do this: + + $ TASKS=/sys/fs/cgroup/devices/$CID*/tasks + $ PID=$(head -n 1 $TASKS) + $ mkdir -p /var/run/netns + $ ln -sf /proc/$PID/ns/net /var/run/netns/$CID + $ ip netns exec $CID netstat -i + +## Tips for high-performance metric collection + +Note that running a new process each time you want to update metrics is +(relatively) expensive. If you want to collect metrics at high +resolutions, and/or over a large number of containers (think 1000 +containers on a single host), you do not want to fork a new process each +time. + +Here is how to collect metrics from a single process. You will have to +write your metric collector in C (or any language that lets you do +low-level system calls). You need to use a special system call, +`setns()`, which lets the current process enter any +arbitrary namespace. It requires, however, an open file descriptor to +the namespace pseudo-file (remember: that's the pseudo-file in +`/proc//ns/net`). + +However, there is a catch: you must not keep this file descriptor open. +If you do, when the last process of the control group exits, the +namespace will not be destroyed, and its network resources (like the +virtual interface of the container) will stay around for ever (or until +you close that file descriptor). + +The right approach would be to keep track of the first PID of each +container, and re-open the namespace pseudo-file each time. + +## Collecting metrics when a container exits + +Sometimes, you do not care about real time metric collection, but when a +container exits, you want to know how much CPU, memory, etc. it has +used. + +Docker makes this difficult because it relies on `lxc-start`, which +carefully cleans up after itself, but it is still possible. It is +usually easier to collect metrics at regular intervals (e.g. every +minute, with the collectd LXC plugin) and rely on that instead. + +But, if you'd still like to gather the stats when a container stops, +here is how: + +For each container, start a collection process, and move it to the +control groups that you want to monitor by writing its PID to the tasks +file of the cgroup. The collection process should periodically re-read +the tasks file to check if it's the last process of the control group. +(If you also want to collect network statistics as explained in the +previous section, you should also move the process to the appropriate +network namespace.) + +When the container exits, `lxc-start` will try to +delete the control groups. It will fail, since the control group is +still in use; but that's fine. You process should now detect that it is +the only one remaining in the group. Now is the right time to collect +all the metrics you need! + +Finally, your process should move itself back to the root control group, +and remove the container control group. To remove a control group, just +`rmdir` its directory. It's counter-intuitive to +`rmdir` a directory as it still contains files; but +remember that this is a pseudo-filesystem, so usual rules don't apply. +After the cleanup is done, the collection process can exit safely. diff --git a/docs/sources/articles/runmetrics.rst b/docs/sources/articles/runmetrics.rst deleted file mode 100644 index 6b705fb737..0000000000 --- a/docs/sources/articles/runmetrics.rst +++ /dev/null @@ -1,463 +0,0 @@ -:title: Runtime Metrics -:description: Measure the behavior of running containers -:keywords: docker, metrics, CPU, memory, disk, IO, run, runtime - -.. _run_metrics: - - -Runtime Metrics -=============== - -Linux Containers rely on `control groups -`_ which -not only track groups of processes, but also expose metrics about CPU, -memory, and block I/O usage. You can access those metrics and obtain -network usage metrics as well. This is relevant for "pure" LXC -containers, as well as for Docker containers. - -Control Groups --------------- - -Control groups are exposed through a pseudo-filesystem. In recent -distros, you should find this filesystem under -``/sys/fs/cgroup``. Under that directory, you will see multiple -sub-directories, called devices, freezer, blkio, etc.; each -sub-directory actually corresponds to a different cgroup hierarchy. - -On older systems, the control groups might be mounted on ``/cgroup``, -without distinct hierarchies. In that case, instead of seeing the -sub-directories, you will see a bunch of files in that directory, and -possibly some directories corresponding to existing containers. - -To figure out where your control groups are mounted, you can run: - -:: - - grep cgroup /proc/mounts - -.. _run_findpid: - -Enumerating Cgroups -------------------- - -You can look into ``/proc/cgroups`` to see the different control group -subsystems known to the system, the hierarchy they belong to, and how -many groups they contain. - -You can also look at ``/proc//cgroup`` to see which control -groups a process belongs to. The control group will be shown as a path -relative to the root of the hierarchy mountpoint; e.g. ``/`` means -“this process has not been assigned into a particular group”, while -``/lxc/pumpkin`` means that the process is likely to be a member of a -container named ``pumpkin``. - -Finding the Cgroup for a Given Container ----------------------------------------- - -For each container, one cgroup will be created in each hierarchy. On -older systems with older versions of the LXC userland tools, the name -of the cgroup will be the name of the container. With more recent -versions of the LXC tools, the cgroup will be ``lxc/.`` - -For Docker containers using cgroups, the container name will be the -full ID or long ID of the container. If a container shows up as -ae836c95b4c3 in ``docker ps``, its long ID might be something like -``ae836c95b4c3c9e9179e0e91015512da89fdec91612f63cebae57df9a5444c79``. You -can look it up with ``docker inspect`` or ``docker ps --no-trunc``. - -Putting everything together to look at the memory metrics for a Docker -container, take a look at ``/sys/fs/cgroup/memory/lxc//``. - -Metrics from Cgroups: Memory, CPU, Block IO -------------------------------------------- - -For each subsystem (memory, CPU, and block I/O), you will find one or -more pseudo-files containing statistics. - -Memory Metrics: ``memory.stat`` -............................... - -Memory metrics are found in the "memory" cgroup. Note that the memory -control group adds a little overhead, because it does very -fine-grained accounting of the memory usage on your host. Therefore, -many distros chose to not enable it by default. Generally, to enable -it, all you have to do is to add some kernel command-line parameters: -``cgroup_enable=memory swapaccount=1``. - -The metrics are in the pseudo-file ``memory.stat``. Here is what it -will look like: - -:: - - cache 11492564992 - rss 1930993664 - mapped_file 306728960 - pgpgin 406632648 - pgpgout 403355412 - swap 0 - pgfault 728281223 - pgmajfault 1724 - inactive_anon 46608384 - active_anon 1884520448 - inactive_file 7003344896 - active_file 4489052160 - unevictable 32768 - hierarchical_memory_limit 9223372036854775807 - hierarchical_memsw_limit 9223372036854775807 - total_cache 11492564992 - total_rss 1930993664 - total_mapped_file 306728960 - total_pgpgin 406632648 - total_pgpgout 403355412 - total_swap 0 - total_pgfault 728281223 - total_pgmajfault 1724 - total_inactive_anon 46608384 - total_active_anon 1884520448 - total_inactive_file 7003344896 - total_active_file 4489052160 - total_unevictable 32768 - -The first half (without the ``total_`` prefix) contains statistics -relevant to the processes within the cgroup, excluding -sub-cgroups. The second half (with the ``total_`` prefix) includes -sub-cgroups as well. - -Some metrics are "gauges", i.e. values that can increase or decrease -(e.g. swap, the amount of swap space used by the members of the -cgroup). Some others are "counters", i.e. values that can only go up, -because they represent occurrences of a specific event (e.g. pgfault, -which indicates the number of page faults which happened since the -creation of the cgroup; this number can never decrease). - -cache - the amount of memory used by the processes of this control group - that can be associated precisely with a block on a block - device. When you read from and write to files on disk, this amount - will increase. This will be the case if you use "conventional" I/O - (``open``, ``read``, ``write`` syscalls) as well as mapped files - (with ``mmap``). It also accounts for the memory used by ``tmpfs`` - mounts, though the reasons are unclear. - -rss - the amount of memory that *doesn't* correspond to anything on - disk: stacks, heaps, and anonymous memory maps. - -mapped_file - indicates the amount of memory mapped by the processes in the - control group. It doesn't give you information about *how much* - memory is used; it rather tells you *how* it is used. - -pgfault and pgmajfault - indicate the number of times that a process of the cgroup triggered - a "page fault" and a "major fault", respectively. A page fault - happens when a process accesses a part of its virtual memory space - which is nonexistent or protected. The former can happen if the - process is buggy and tries to access an invalid address (it will - then be sent a ``SIGSEGV`` signal, typically killing it with the - famous ``Segmentation fault`` message). The latter can happen when - the process reads from a memory zone which has been swapped out, or - which corresponds to a mapped file: in that case, the kernel will - load the page from disk, and let the CPU complete the memory - access. It can also happen when the process writes to a - copy-on-write memory zone: likewise, the kernel will preempt the - process, duplicate the memory page, and resume the write operation - on the process' own copy of the page. "Major" faults happen when the - kernel actually has to read the data from disk. When it just has to - duplicate an existing page, or allocate an empty page, it's a - regular (or "minor") fault. - -swap - the amount of swap currently used by the processes in this cgroup. - -active_anon and inactive_anon - the amount of *anonymous* memory that has been identified has - respectively *active* and *inactive* by the kernel. "Anonymous" - memory is the memory that is *not* linked to disk pages. In other - words, that's the equivalent of the rss counter described above. In - fact, the very definition of the rss counter is **active_anon** + - **inactive_anon** - **tmpfs** (where tmpfs is the amount of memory - used up by ``tmpfs`` filesystems mounted by this control - group). Now, what's the difference between "active" and "inactive"? - Pages are initially "active"; and at regular intervals, the kernel - sweeps over the memory, and tags some pages as "inactive". Whenever - they are accessed again, they are immediately retagged - "active". When the kernel is almost out of memory, and time comes to - swap out to disk, the kernel will swap "inactive" pages. - -active_file and inactive_file - cache memory, with *active* and *inactive* similar to the *anon* - memory above. The exact formula is cache = **active_file** + - **inactive_file** + **tmpfs**. The exact rules used by the kernel to - move memory pages between active and inactive sets are different - from the ones used for anonymous memory, but the general principle - is the same. Note that when the kernel needs to reclaim memory, it - is cheaper to reclaim a clean (=non modified) page from this pool, - since it can be reclaimed immediately (while anonymous pages and - dirty/modified pages have to be written to disk first). - -unevictable - the amount of memory that cannot be reclaimed; generally, it will - account for memory that has been "locked" with ``mlock``. It is - often used by crypto frameworks to make sure that secret keys and - other sensitive material never gets swapped out to disk. - -memory and memsw limits - These are not really metrics, but a reminder of the limits applied - to this cgroup. The first one indicates the maximum amount of - physical memory that can be used by the processes of this control - group; the second one indicates the maximum amount of RAM+swap. - -Accounting for memory in the page cache is very complex. If two -processes in different control groups both read the same file -(ultimately relying on the same blocks on disk), the corresponding -memory charge will be split between the control groups. It's nice, but -it also means that when a cgroup is terminated, it could increase the -memory usage of another cgroup, because they are not splitting the -cost anymore for those memory pages. - -CPU metrics: ``cpuacct.stat`` -............................. - -Now that we've covered memory metrics, everything else will look very -simple in comparison. CPU metrics will be found in the ``cpuacct`` -controller. - -For each container, you will find a pseudo-file ``cpuacct.stat``, -containing the CPU usage accumulated by the processes of the -container, broken down between ``user`` and ``system`` time. If you're -not familiar with the distinction, ``user`` is the time during which -the processes were in direct control of the CPU (i.e. executing -process code), and ``system`` is the time during which the CPU was -executing system calls on behalf of those processes. - -Those times are expressed in ticks of 1/100th of a second. Actually, -they are expressed in "user jiffies". There are ``USER_HZ`` -*"jiffies"* per second, and on x86 systems, ``USER_HZ`` is 100. This -used to map exactly to the number of scheduler "ticks" per second; but -with the advent of higher frequency scheduling, as well as `tickless -kernels `_, the number of kernel -ticks wasn't relevant anymore. It stuck around anyway, mainly for -legacy and compatibility reasons. - -Block I/O metrics -................. - -Block I/O is accounted in the ``blkio`` controller. Different metrics -are scattered across different files. While you can find in-depth -details in the `blkio-controller -`_ -file in the kernel documentation, here is a short list of the most -relevant ones: - -blkio.sectors - contain the number of 512-bytes sectors read and written by the - processes member of the cgroup, device by device. Reads and writes - are merged in a single counter. - -blkio.io_service_bytes - indicates the number of bytes read and written by the cgroup. It has - 4 counters per device, because for each device, it differentiates - between synchronous vs. asynchronous I/O, and reads vs. writes. - -blkio.io_serviced - the number of I/O operations performed, regardless of their size. It - also has 4 counters per device. - -blkio.io_queued - indicates the number of I/O operations currently queued for this - cgroup. In other words, if the cgroup isn't doing any I/O, this will - be zero. Note that the opposite is not true. In other words, if - there is no I/O queued, it does not mean that the cgroup is idle - (I/O-wise). It could be doing purely synchronous reads on an - otherwise quiescent device, which is therefore able to handle them - immediately, without queuing. Also, while it is helpful to figure - out which cgroup is putting stress on the I/O subsystem, keep in - mind that is is a relative quantity. Even if a process group does - not perform more I/O, its queue size can increase just because the - device load increases because of other devices. - -Network Metrics ---------------- - -Network metrics are not exposed directly by control groups. There is a -good explanation for that: network interfaces exist within the context -of *network namespaces*. The kernel could probably accumulate metrics -about packets and bytes sent and received by a group of processes, but -those metrics wouldn't be very useful. You want per-interface metrics -(because traffic happening on the local ``lo`` interface doesn't -really count). But since processes in a single cgroup can belong to -multiple network namespaces, those metrics would be harder to -interpret: multiple network namespaces means multiple ``lo`` -interfaces, potentially multiple ``eth0`` interfaces, etc.; so this is -why there is no easy way to gather network metrics with control -groups. - -Instead we can gather network metrics from other sources: - -IPtables -........ - -IPtables (or rather, the netfilter framework for which iptables is -just an interface) can do some serious accounting. - -For instance, you can setup a rule to account for the outbound HTTP -traffic on a web server: - -:: - - iptables -I OUTPUT -p tcp --sport 80 - - -There is no ``-j`` or ``-g`` flag, so the rule will just count matched -packets and go to the following rule. - -Later, you can check the values of the counters, with: - -:: - - iptables -nxvL OUTPUT - -Technically, ``-n`` is not required, but it will prevent iptables from -doing DNS reverse lookups, which are probably useless in this -scenario. - -Counters include packets and bytes. If you want to setup metrics for -container traffic like this, you could execute a ``for`` loop to add -two ``iptables`` rules per container IP address (one in each -direction), in the ``FORWARD`` chain. This will only meter traffic -going through the NAT layer; you will also have to add traffic going -through the userland proxy. - -Then, you will need to check those counters on a regular basis. If you -happen to use ``collectd``, there is a nice plugin to automate -iptables counters collection. - -Interface-level counters -........................ - -Since each container has a virtual Ethernet interface, you might want -to check directly the TX and RX counters of this interface. You will -notice that each container is associated to a virtual Ethernet -interface in your host, with a name like ``vethKk8Zqi``. Figuring out -which interface corresponds to which container is, unfortunately, -difficult. - -But for now, the best way is to check the metrics *from within the -containers*. To accomplish this, you can run an executable from the -host environment within the network namespace of a container using -**ip-netns magic**. - -The ``ip-netns exec`` command will let you execute any program -(present in the host system) within any network namespace visible to -the current process. This means that your host will be able to enter -the network namespace of your containers, but your containers won't be -able to access the host, nor their sibling containers. Containers will -be able to “see” and affect their sub-containers, though. - -The exact format of the command is:: - - ip netns exec - -For example:: - - ip netns exec mycontainer netstat -i - -``ip netns`` finds the "mycontainer" container by using namespaces -pseudo-files. Each process belongs to one network namespace, one PID -namespace, one ``mnt`` namespace, etc., and those namespaces are -materialized under ``/proc//ns/``. For example, the network -namespace of PID 42 is materialized by the pseudo-file -``/proc/42/ns/net``. - -When you run ``ip netns exec mycontainer ...``, it expects -``/var/run/netns/mycontainer`` to be one of those -pseudo-files. (Symlinks are accepted.) - -In other words, to execute a command within the network namespace of a -container, we need to: - -* Find out the PID of any process within the container that we want to - investigate; -* Create a symlink from ``/var/run/netns/`` to - ``/proc//ns/net`` -* Execute ``ip netns exec ....`` - -Please review :ref:`run_findpid` to learn how to find the cgroup of a -pprocess running in the container of which you want to measure network -usage. From there, you can examine the pseudo-file named ``tasks``, -which containes the PIDs that are in the control group (i.e. in the -container). Pick any one of them. - -Putting everything together, if the "short ID" of a container is held -in the environment variable ``$CID``, then you can do this:: - - TASKS=/sys/fs/cgroup/devices/$CID*/tasks - PID=$(head -n 1 $TASKS) - mkdir -p /var/run/netns - ln -sf /proc/$PID/ns/net /var/run/netns/$CID - ip netns exec $CID netstat -i - - -Tips for high-performance metric collection -------------------------------------------- - -Note that running a new process each time you want to update metrics -is (relatively) expensive. If you want to collect metrics at high -resolutions, and/or over a large number of containers (think 1000 -containers on a single host), you do not want to fork a new process -each time. - -Here is how to collect metrics from a single process. You will have to -write your metric collector in C (or any language that lets you do -low-level system calls). You need to use a special system call, -``setns()``, which lets the current process enter any arbitrary -namespace. It requires, however, an open file descriptor to the -namespace pseudo-file (remember: that’s the pseudo-file in -``/proc//ns/net``). - -However, there is a catch: you must not keep this file descriptor -open. If you do, when the last process of the control group exits, the -namespace will not be destroyed, and its network resources (like the -virtual interface of the container) will stay around for ever (or -until you close that file descriptor). - -The right approach would be to keep track of the first PID of each -container, and re-open the namespace pseudo-file each time. - -Collecting metrics when a container exits ------------------------------------------ - -Sometimes, you do not care about real time metric collection, but when -a container exits, you want to know how much CPU, memory, etc. it has -used. - -Docker makes this difficult because it relies on ``lxc-start``, which -carefully cleans up after itself, but it is still possible. It is -usually easier to collect metrics at regular intervals (e.g. every -minute, with the collectd LXC plugin) and rely on that instead. - -But, if you'd still like to gather the stats when a container stops, -here is how: - -For each container, start a collection process, and move it to the -control groups that you want to monitor by writing its PID to the -tasks file of the cgroup. The collection process should periodically -re-read the tasks file to check if it's the last process of the -control group. (If you also want to collect network statistics as -explained in the previous section, you should also move the process to -the appropriate network namespace.) - -When the container exits, ``lxc-start`` will try to delete the control -groups. It will fail, since the control group is still in use; but -that’s fine. You process should now detect that it is the only one -remaining in the group. Now is the right time to collect all the -metrics you need! - -Finally, your process should move itself back to the root control -group, and remove the container control group. To remove a control -group, just ``rmdir`` its directory. It's counter-intuitive to -``rmdir`` a directory as it still contains files; but remember that -this is a pseudo-filesystem, so usual rules don't apply. After the -cleanup is done, the collection process can exit safely. - diff --git a/docs/sources/articles/security.md b/docs/sources/articles/security.md new file mode 100644 index 0000000000..69284db836 --- /dev/null +++ b/docs/sources/articles/security.md @@ -0,0 +1,257 @@ +page_title: Docker Security +page_description: Review of the Docker Daemon attack surface +page_keywords: Docker, Docker documentation, security + +# Docker Security + +> *Adapted from* [Containers & Docker: How Secure are +> They?](http://blog.docker.io/2013/08/containers-docker-how-secure-are-they/) + +There are three major areas to consider when reviewing Docker security: + + - the intrinsic security of containers, as implemented by kernel + namespaces and cgroups; + - the attack surface of the Docker daemon itself; + - the "hardening" security features of the kernel and how they + interact with containers. + +## Kernel Namespaces + +Docker containers are essentially LXC containers, and they come with the +same security features. When you start a container with +`docker run`, behind the scenes Docker uses +`lxc-start` to execute the Docker container. This +creates a set of namespaces and control groups for the container. Those +namespaces and control groups are not created by Docker itself, but by +`lxc-start`. This means that as the LXC userland +tools evolve (and provide additional namespaces and isolation features), +Docker will automatically make use of them. + +**Namespaces provide the first and most straightforward form of +isolation**: processes running within a container cannot see, and even +less affect, processes running in another container, or in the host +system. + +**Each container also gets its own network stack**, meaning that a +container doesn't get a privileged access to the sockets or interfaces +of another container. Of course, if the host system is setup +accordingly, containers can interact with each other through their +respective network interfaces — just like they can interact with +external hosts. When you specify public ports for your containers or use +[*links*](/use/working_with_links_names/#working-with-links-names) +then IP traffic is allowed between containers. They can ping each other, +send/receive UDP packets, and establish TCP connections, but that can be +restricted if necessary. From a network architecture point of view, all +containers on a given Docker host are sitting on bridge interfaces. This +means that they are just like physical machines connected through a +common Ethernet switch; no more, no less. + +How mature is the code providing kernel namespaces and private +networking? Kernel namespaces were introduced [between kernel version +2.6.15 and +2.6.26](http://lxc.sourceforge.net/index.php/about/kernel-namespaces/). +This means that since July 2008 (date of the 2.6.26 release, now 5 years +ago), namespace code has been exercised and scrutinized on a large +number of production systems. And there is more: the design and +inspiration for the namespaces code are even older. Namespaces are +actually an effort to reimplement the features of [OpenVZ]( +http://en.wikipedia.org/wiki/OpenVZ) in such a way that they +could be merged within the mainstream kernel. And OpenVZ was initially +released in 2005, so both the design and the implementation are pretty +mature. + +## Control Groups + +Control Groups are the other key component of Linux Containers. They +implement resource accounting and limiting. They provide a lot of very +useful metrics, but they also help to ensure that each container gets +its fair share of memory, CPU, disk I/O; and, more importantly, that a +single container cannot bring the system down by exhausting one of those +resources. + +So while they do not play a role in preventing one container from +accessing or affecting the data and processes of another container, they +are essential to fend off some denial-of-service attacks. They are +particularly important on multi-tenant platforms, like public and +private PaaS, to guarantee a consistent uptime (and performance) even +when some applications start to misbehave. + +Control Groups have been around for a while as well: the code was +started in 2006, and initially merged in kernel 2.6.24. + +## Docker Daemon Attack Surface + +Running containers (and applications) with Docker implies running the +Docker daemon. This daemon currently requires root privileges, and you +should therefore be aware of some important details. + +First of all, **only trusted users should be allowed to control your +Docker daemon**. This is a direct consequence of some powerful Docker +features. Specifically, Docker allows you to share a directory between +the Docker host and a guest container; and it allows you to do so +without limiting the access rights of the container. This means that you +can start a container where the `/host` directory will be the `/` directory +on your host; and the container will be able to alter your host filesystem +without any restriction. This sounds crazy? Well, you have to know that +**all virtualization systems allowing filesystem resource sharing behave the +same way**. Nothing prevents you from sharing your root filesystem (or +even your root block device) with a virtual machine. + +This has a strong security implication: if you instrument Docker from +e.g. a web server to provision containers through an API, you should be +even more careful than usual with parameter checking, to make sure that +a malicious user cannot pass crafted parameters causing Docker to create +arbitrary containers. + +For this reason, the REST API endpoint (used by the Docker CLI to +communicate with the Docker daemon) changed in Docker 0.5.2, and now +uses a UNIX socket instead of a TCP socket bound on 127.0.0.1 (the +latter being prone to cross-site-scripting attacks if you happen to run +Docker directly on your local machine, outside of a VM). You can then +use traditional UNIX permission checks to limit access to the control +socket. + +You can also expose the REST API over HTTP if you explicitly decide so. +However, if you do that, being aware of the abovementioned security +implication, you should ensure that it will be reachable only from a +trusted network or VPN; or protected with e.g. `stunnel` +and client SSL certificates. + +Recent improvements in Linux namespaces will soon allow to run +full-featured containers without root privileges, thanks to the new user +namespace. This is covered in detail [here]( +http://s3hh.wordpress.com/2013/07/19/creating-and-using-containers-without-privilege/). +Moreover, this will solve the problem caused by sharing filesystems +between host and guest, since the user namespace allows users within +containers (including the root user) to be mapped to other users in the +host system. + +The end goal for Docker is therefore to implement two additional +security improvements: + + - map the root user of a container to a non-root user of the Docker + host, to mitigate the effects of a container-to-host privilege + escalation; + - allow the Docker daemon to run without root privileges, and delegate + operations requiring those privileges to well-audited sub-processes, + each with its own (very limited) scope: virtual network setup, + filesystem management, etc. + +Finally, if you run Docker on a server, it is recommended to run +exclusively Docker in the server, and move all other services within +containers controlled by Docker. Of course, it is fine to keep your +favorite admin tools (probably at least an SSH server), as well as +existing monitoring/supervision processes (e.g. NRPE, collectd, etc). + +## Linux Kernel Capabilities + +By default, Docker starts containers with a very restricted set of +capabilities. What does that mean? + +Capabilities turn the binary "root/non-root" dichotomy into a +fine-grained access control system. Processes (like web servers) that +just need to bind on a port below 1024 do not have to run as root: they +can just be granted the `net_bind_service` capability instead. And there +are many other capabilities, for almost all the specific areas where root +privileges are usually needed. + +This means a lot for container security; let's see why! + +Your average server (bare metal or virtual machine) needs to run a bunch +of processes as root. Those typically include SSH, cron, syslogd; +hardware management tools (to e.g. load modules), network configuration +tools (to handle e.g. DHCP, WPA, or VPNs), and much more. A container is +very different, because almost all of those tasks are handled by the +infrastructure around the container: + + - SSH access will typically be managed by a single server running in + the Docker host; + - `cron`, when necessary, should run as a user + process, dedicated and tailored for the app that needs its + scheduling service, rather than as a platform-wide facility; + - log management will also typically be handed to Docker, or by + third-party services like Loggly or Splunk; + - hardware management is irrelevant, meaning that you never need to + run `udevd` or equivalent daemons within + containers; + - network management happens outside of the containers, enforcing + separation of concerns as much as possible, meaning that a container + should never need to perform `ifconfig`, + `route`, or ip commands (except when a container + is specifically engineered to behave like a router or firewall, of + course). + +This means that in most cases, containers will not need "real" root +privileges *at all*. And therefore, containers can run with a reduced +capability set; meaning that "root" within a container has much less +privileges than the real "root". For instance, it is possible to: + + - deny all "mount" operations; + - deny access to raw sockets (to prevent packet spoofing); + - deny access to some filesystem operations, like creating new device + nodes, changing the owner of files, or altering attributes (including + the immutable flag); + - deny module loading; + - and many others. + +This means that even if an intruder manages to escalate to root within a +container, it will be much harder to do serious damage, or to escalate +to the host. + +This won't affect regular web apps; but malicious users will find that +the arsenal at their disposal has shrunk considerably! You can see [the +list of dropped capabilities in the Docker +code](https://github.com/dotcloud/docker/blob/v0.5.0/lxc_template.go#L97), +and a full list of available capabilities in [Linux +manpages](http://man7.org/linux/man-pages/man7/capabilities.7.html). + +Of course, you can always enable extra capabilities if you really need +them (for instance, if you want to use a FUSE-based filesystem), but by +default, Docker containers will be locked down to ensure maximum safety. + +## Other Kernel Security Features + +Capabilities are just one of the many security features provided by +modern Linux kernels. It is also possible to leverage existing, +well-known systems like TOMOYO, AppArmor, SELinux, GRSEC, etc. with +Docker. + +While Docker currently only enables capabilities, it doesn't interfere +with the other systems. This means that there are many different ways to +harden a Docker host. Here are a few examples. + + - You can run a kernel with GRSEC and PAX. This will add many safety + checks, both at compile-time and run-time; it will also defeat many + exploits, thanks to techniques like address randomization. It + doesn't require Docker-specific configuration, since those security + features apply system-wide, independently of containers. + - If your distribution comes with security model templates for LXC + containers, you can use them out of the box. For instance, Ubuntu + comes with AppArmor templates for LXC, and those templates provide + an extra safety net (even though it overlaps greatly with + capabilities). + - You can define your own policies using your favorite access control + mechanism. Since Docker containers are standard LXC containers, + there is nothing “magic” or specific to Docker. + +Just like there are many third-party tools to augment Docker containers +with e.g. special network topologies or shared filesystems, you can +expect to see tools to harden existing Docker containers without +affecting Docker's core. + +## Conclusions + +Docker containers are, by default, quite secure; especially if you take +care of running your processes inside the containers as non-privileged +users (i.e. non root). + +You can add an extra layer of safety by enabling Apparmor, SELinux, +GRSEC, or your favorite hardening solution. + +Last but not least, if you see interesting security features in other +containerization systems, you will be able to implement them as well +with Docker, since everything is provided by the kernel anyway. + +For more context and especially for comparisons with VMs and other +container systems, please also see the [original blog post]( +http://blog.docker.io/2013/08/containers-docker-how-secure-are-they/). diff --git a/docs/sources/articles/security.rst b/docs/sources/articles/security.rst deleted file mode 100644 index ec2ab9bffd..0000000000 --- a/docs/sources/articles/security.rst +++ /dev/null @@ -1,269 +0,0 @@ -:title: Docker Security -:description: Review of the Docker Daemon attack surface -:keywords: Docker, Docker documentation, security - -.. _dockersecurity: - -Docker Security -=============== - - *Adapted from* `Containers & Docker: How Secure are They? `_ - -There are three major areas to consider when reviewing Docker security: - -* the intrinsic security of containers, as implemented by kernel - namespaces and cgroups; -* the attack surface of the Docker daemon itself; -* the "hardening" security features of the kernel and how they - interact with containers. - -Kernel Namespaces ------------------ - -Docker containers are essentially LXC containers, and they come with -the same security features. When you start a container with ``docker -run``, behind the scenes Docker uses ``lxc-start`` to execute the -Docker container. This creates a set of namespaces and control groups -for the container. Those namespaces and control groups are not created -by Docker itself, but by ``lxc-start``. This means that as the LXC -userland tools evolve (and provide additional namespaces and isolation -features), Docker will automatically make use of them. - -**Namespaces provide the first and most straightforward form of -isolation**: processes running within a container cannot see, and even -less affect, processes running in another container, or in the host -system. - -**Each container also gets its own network stack**, meaning that a -container doesn’t get a privileged access to the sockets or interfaces -of another container. Of course, if the host system is setup -accordingly, containers can interact with each other through their -respective network interfaces — just like they can interact with -external hosts. When you specify public ports for your containers or -use :ref:`links ` then IP traffic is allowed -between containers. They can ping each other, send/receive UDP -packets, and establish TCP connections, but that can be restricted if -necessary. From a network architecture point of view, all containers -on a given Docker host are sitting on bridge interfaces. This means -that they are just like physical machines connected through a common -Ethernet switch; no more, no less. - -How mature is the code providing kernel namespaces and private -networking? Kernel namespaces were introduced `between kernel version -2.6.15 and 2.6.26 -`_. This -means that since July 2008 (date of the 2.6.26 release, now 5 years -ago), namespace code has been exercised and scrutinized on a large -number of production systems. And there is more: the design and -inspiration for the namespaces code are even older. Namespaces are -actually an effort to reimplement the features of `OpenVZ -`_ in such a way that they could -be merged within the mainstream kernel. And OpenVZ was initially -released in 2005, so both the design and the implementation are -pretty mature. - -Control Groups --------------- - -Control Groups are the other key component of Linux Containers. They -implement resource accounting and limiting. They provide a lot of very -useful metrics, but they also help to ensure that each container gets -its fair share of memory, CPU, disk I/O; and, more importantly, that a -single container cannot bring the system down by exhausting one of -those resources. - -So while they do not play a role in preventing one container from -accessing or affecting the data and processes of another container, -they are essential to fend off some denial-of-service attacks. They -are particularly important on multi-tenant platforms, like public and -private PaaS, to guarantee a consistent uptime (and performance) even -when some applications start to misbehave. - -Control Groups have been around for a while as well: the code was -started in 2006, and initially merged in kernel 2.6.24. - -.. _dockersecurity_daemon: - -Docker Daemon Attack Surface ----------------------------- - -Running containers (and applications) with Docker implies running the -Docker daemon. This daemon currently requires root privileges, and you -should therefore be aware of some important details. - -First of all, **only trusted users should be allowed to control your -Docker daemon**. This is a direct consequence of some powerful Docker -features. Specifically, Docker allows you to share a directory between -the Docker host and a guest container; and it allows you to do so -without limiting the access rights of the container. This means that -you can start a container where the ``/host`` directory will be the -``/`` directory on your host; and the container will be able to alter -your host filesystem without any restriction. This sounds crazy? Well, -you have to know that **all virtualization systems allowing filesystem -resource sharing behave the same way**. Nothing prevents you from -sharing your root filesystem (or even your root block device) with a -virtual machine. - -This has a strong security implication: if you instrument Docker from -e.g. a web server to provision containers through an API, you should -be even more careful than usual with parameter checking, to make sure -that a malicious user cannot pass crafted parameters causing Docker to -create arbitrary containers. - -For this reason, the REST API endpoint (used by the Docker CLI to -communicate with the Docker daemon) changed in Docker 0.5.2, and now -uses a UNIX socket instead of a TCP socket bound on 127.0.0.1 (the -latter being prone to cross-site-scripting attacks if you happen to -run Docker directly on your local machine, outside of a VM). You can -then use traditional UNIX permission checks to limit access to the -control socket. - -You can also expose the REST API over HTTP if you explicitly decide -so. However, if you do that, being aware of the abovementioned -security implication, you should ensure that it will be reachable -only from a trusted network or VPN; or protected with e.g. ``stunnel`` -and client SSL certificates. - -Recent improvements in Linux namespaces will soon allow to run -full-featured containers without root privileges, thanks to the new -user namespace. This is covered in detail `here -`_. Moreover, -this will solve the problem caused by sharing filesystems between host -and guest, since the user namespace allows users within containers -(including the root user) to be mapped to other users in the host -system. - -The end goal for Docker is therefore to implement two additional -security improvements: - -* map the root user of a container to a non-root user of the Docker - host, to mitigate the effects of a container-to-host privilege - escalation; -* allow the Docker daemon to run without root privileges, and delegate - operations requiring those privileges to well-audited sub-processes, - each with its own (very limited) scope: virtual network setup, - filesystem management, etc. - -Finally, if you run Docker on a server, it is recommended to run -exclusively Docker in the server, and move all other services within -containers controlled by Docker. Of course, it is fine to keep your -favorite admin tools (probably at least an SSH server), as well as -existing monitoring/supervision processes (e.g. NRPE, collectd, etc). - -Linux Kernel Capabilities -------------------------- - -By default, Docker starts containers with a very restricted set of -capabilities. What does that mean? - -Capabilities turn the binary "root/non-root" dichotomy into a -fine-grained access control system. Processes (like web servers) that -just need to bind on a port below 1024 do not have to run as root: -they can just be granted the ``net_bind_service`` capability -instead. And there are many other capabilities, for almost all the -specific areas where root privileges are usually needed. - -This means a lot for container security; let’s see why! - -Your average server (bare metal or virtual machine) needs to run a -bunch of processes as root. Those typically include SSH, cron, -syslogd; hardware management tools (to e.g. load modules), network -configuration tools (to handle e.g. DHCP, WPA, or VPNs), and much -more. A container is very different, because almost all of those tasks -are handled by the infrastructure around the container: - -* SSH access will typically be managed by a single server running in - the Docker host; -* ``cron``, when necessary, should run as a user process, dedicated - and tailored for the app that needs its scheduling service, rather - than as a platform-wide facility; -* log management will also typically be handed to Docker, or by - third-party services like Loggly or Splunk; -* hardware management is irrelevant, meaning that you never need to - run ``udevd`` or equivalent daemons within containers; -* network management happens outside of the containers, enforcing - separation of concerns as much as possible, meaning that a container - should never need to perform ``ifconfig``, ``route``, or ip commands - (except when a container is specifically engineered to behave like a - router or firewall, of course). - -This means that in most cases, containers will not need "real" root -privileges *at all*. And therefore, containers can run with a reduced -capability set; meaning that "root" within a container has much less -privileges than the real "root". For instance, it is possible to: - -* deny all "mount" operations; -* deny access to raw sockets (to prevent packet spoofing); -* deny access to some filesystem operations, like creating new device - nodes, changing the owner of files, or altering attributes - (including the immutable flag); -* deny module loading; -* and many others. - -This means that even if an intruder manages to escalate to root within -a container, it will be much harder to do serious damage, or to -escalate to the host. - -This won't affect regular web apps; but malicious users will find that -the arsenal at their disposal has shrunk considerably! You can see -`the list of dropped capabilities in the Docker code -`_, -and a full list of available capabilities in `Linux manpages -`_. - -Of course, you can always enable extra capabilities if you really need -them (for instance, if you want to use a FUSE-based filesystem), but -by default, Docker containers will be locked down to ensure maximum -safety. - -Other Kernel Security Features ------------------------------- - -Capabilities are just one of the many security features provided by -modern Linux kernels. It is also possible to leverage existing, -well-known systems like TOMOYO, AppArmor, SELinux, GRSEC, etc. with -Docker. - -While Docker currently only enables capabilities, it doesn't interfere -with the other systems. This means that there are many different ways -to harden a Docker host. Here are a few examples. - -* You can run a kernel with GRSEC and PAX. This will add many safety - checks, both at compile-time and run-time; it will also defeat many - exploits, thanks to techniques like address randomization. It - doesn’t require Docker-specific configuration, since those security - features apply system-wide, independently of containers. -* If your distribution comes with security model templates for LXC - containers, you can use them out of the box. For instance, Ubuntu - comes with AppArmor templates for LXC, and those templates provide - an extra safety net (even though it overlaps greatly with - capabilities). -* You can define your own policies using your favorite access control - mechanism. Since Docker containers are standard LXC containers, - there is nothing “magic” or specific to Docker. - -Just like there are many third-party tools to augment Docker -containers with e.g. special network topologies or shared filesystems, -you can expect to see tools to harden existing Docker containers -without affecting Docker’s core. - -Conclusions ------------ - -Docker containers are, by default, quite secure; especially if you -take care of running your processes inside the containers as -non-privileged users (i.e. non root). - -You can add an extra layer of safety by enabling Apparmor, SELinux, -GRSEC, or your favorite hardening solution. - -Last but not least, if you see interesting security features in other -containerization systems, you will be able to implement them as well -with Docker, since everything is provided by the kernel anyway. - -For more context and especially for comparisons with VMs and other -container systems, please also see the `original blog post -`_. - -.. _blogsecurity: http://blog.docker.io/2013/08/containers-docker-how-secure-are-they/ - diff --git a/docs/sources/conf.py b/docs/sources/conf.py deleted file mode 100644 index 12f5b57841..0000000000 --- a/docs/sources/conf.py +++ /dev/null @@ -1,266 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Docker documentation build configuration file, created by -# sphinx-quickstart on Tue Mar 19 12:34:07 2013. -# -# This file is execfile()d with the current directory set to its containing dir. -# -# Note that not all possible configuration values are present in this -# autogenerated file. -# -# All configuration values have a default; values that are commented out -# serve to show the default. - -import sys, os - -# If extensions (or modules to document with autodoc) are in another directory, -# add these directories to sys.path here. If the directory is relative to the -# documentation root, use os.path.abspath to make it absolute, like shown here. -#sys.path.insert(0, os.path.abspath('.')) - -# -- General configuration ----------------------------------------------------- - - - -# Additional templates that should be rendered to pages, maps page names to -# template names. -# the 'redirect_home.html' page redirects using a http meta refresh which, according -# to official sources is more or less equivalent of a 301. - -html_additional_pages = { - 'concepts/containers': 'redirect_home.html', - 'concepts/introduction': 'redirect_home.html', - 'builder/basics': 'redirect_build.html', - } - - - -# If your documentation needs a minimal Sphinx version, state it here. -#needs_sphinx = '1.0' - -# Add any Sphinx extension module names here, as strings. They can be extensions -# coming with Sphinx (named 'sphinx.ext.*') or your custom ones. -extensions = ['sphinxcontrib.httpdomain', 'sphinx.ext.extlinks'] - -# Configure extlinks -extlinks = { 'issue': ('https://github.com/dotcloud/docker/issues/%s', - 'Issue ') } - -# Add any paths that contain templates here, relative to this directory. -templates_path = ['_templates'] - -# The suffix of source filenames. -source_suffix = '.rst' - -# The encoding of source files. -#source_encoding = 'utf-8-sig' - -html_add_permalinks = u'¶' - -# The master toctree document. -master_doc = 'toctree' - -# General information about the project. -project = u'Docker' -copyright = u'2014 Docker, Inc.' - -# The version info for the project you're documenting, acts as replacement for -# |version| and |release|, also used in various other places throughout the -# built documents. -# -# The short X.Y version. -version = '0.1' -# The full version, including alpha/beta/rc tags. -release = '0' - -# The language for content autogenerated by Sphinx. Refer to documentation -# for a list of supported languages. -#language = None - -# There are two options for replacing |today|: either, you set today to some -# non-false value, then it is used: -#today = '' -# Else, today_fmt is used as the format for a strftime call. -#today_fmt = '%B %d, %Y' - -# List of patterns, relative to source directory, that match files and -# directories to ignore when looking for source files. -exclude_patterns = ['_build'] - -# The reST default role (used for this markup: `text`) to use for all documents. -#default_role = None - -# If true, '()' will be appended to :func: etc. cross-reference text. -#add_function_parentheses = True - -# If true, the current module name will be prepended to all description -# unit titles (such as .. function::). -#add_module_names = True - -# If true, sectionauthor and moduleauthor directives will be shown in the -# output. They are ignored by default. -#show_authors = False - -# The name of the Pygments (syntax highlighting) style to use. -pygments_style = 'sphinx' - -# A list of ignored prefixes for module index sorting. -#modindex_common_prefix = [] - - -# -- Options for HTML output --------------------------------------------------- - -# The theme to use for HTML and HTML Help pages. See the documentation for -# a list of builtin themes. -html_theme = 'docker' - -# Theme options are theme-specific and customize the look and feel of a theme -# further. For a list of options available for each theme, see the -# documentation. -#html_theme_options = {} - -# Add any paths that contain custom themes here, relative to this directory. -#html_theme_path = [] -html_theme_path = ['../theme'] - -# The name for this set of Sphinx documents. If None, it defaults to -# " v documentation". -#html_title = None - -# A shorter title for the navigation bar. Default is the same as html_title. -#html_short_title = None - -# The name of an image file (relative to this directory) to place at the top -# of the sidebar. -#html_logo = None - -# The name of an image file (within the static path) to use as favicon of the -# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 -# pixels large. - -# We use a png favicon. This is not compatible with internet explorer, but looks -# much better on all other browsers. However, sphynx doesn't like it (it likes -# .ico better) so we have just put it in the template rather than used this setting -# html_favicon = 'favicon.png' - -# Add any paths that contain custom static files (such as style sheets) here, -# relative to this directory. They are copied after the builtin static files, -# so a file named "default.css" will overwrite the builtin "default.css". -html_static_path = ['static_files'] - -# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, -# using the given strftime format. -#html_last_updated_fmt = '%b %d, %Y' - -# If true, SmartyPants will be used to convert quotes and dashes to -# typographically correct entities. -#html_use_smartypants = True - -# Custom sidebar templates, maps document names to template names. -#html_sidebars = {} - -# If false, no module index is generated. -#html_domain_indices = True - -# If false, no index is generated. -#html_use_index = True - -# If true, the index is split into individual pages for each letter. -#html_split_index = False - -# If true, links to the reST sources are added to the pages. -html_show_sourcelink = False - -# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. -#html_show_sphinx = True - -# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. -html_show_copyright = True - -# If true, an OpenSearch description file will be output, and all pages will -# contain a tag referring to it. The value of this option must be the -# base URL from which the finished HTML is served. -#html_use_opensearch = '' - -# This is the file name suffix for HTML files (e.g. ".xhtml"). -#html_file_suffix = None - -# Output file base name for HTML help builder. -htmlhelp_basename = 'Dockerdoc' - - -# -- Options for LaTeX output -------------------------------------------------- - -latex_elements = { -# The paper size ('letterpaper' or 'a4paper'). -#'papersize': 'letterpaper', - -# The font size ('10pt', '11pt' or '12pt'). -#'pointsize': '10pt', - -# Additional stuff for the LaTeX preamble. -#'preamble': '', -} - -# Grouping the document tree into LaTeX files. List of tuples -# (source start file, target name, title, author, documentclass [howto/manual]). -latex_documents = [ - ('toctree', 'Docker.tex', u'Docker Documentation', - u'Team Docker', 'manual'), -] - -# The name of an image file (relative to this directory) to place at the top of -# the title page. -#latex_logo = None - -# For "manual" documents, if this is true, then toplevel headings are parts, -# not chapters. -#latex_use_parts = False - -# If true, show page references after internal links. -#latex_show_pagerefs = False - -# If true, show URL addresses after external links. -#latex_show_urls = False - -# Documents to append as an appendix to all manuals. -#latex_appendices = [] - -# If false, no module index is generated. -#latex_domain_indices = True - - -# -- Options for manual page output -------------------------------------------- - -# One entry per manual page. List of tuples -# (source start file, name, description, authors, manual section). -man_pages = [ - ('reference/commandline/cli', 'docker', u'Docker CLI Documentation', - [u'Team Docker'], 1), - ('reference/builder', 'Dockerfile', u'Dockerfile Documentation', - [u'Team Docker'], 5), -] - -# If true, show URL addresses after external links. -#man_show_urls = False - - -# -- Options for Texinfo output ------------------------------------------------ - -# Grouping the document tree into Texinfo files. List of tuples -# (source start file, target name, title, author, -# dir menu entry, description, category) -texinfo_documents = [ - ('toctree', 'Docker', u'Docker Documentation', - u'Team Docker', 'Docker', 'One line description of project.', - 'Miscellaneous'), -] - -# Documents to append as an appendix to all manuals. -#texinfo_appendices = [] - -# If false, no module index is generated. -#texinfo_domain_indices = True - -# How to display URL addresses: 'footnote', 'no', or 'inline'. -#texinfo_show_urls = 'footnote' diff --git a/docs/sources/contributing.md b/docs/sources/contributing.md new file mode 100644 index 0000000000..0a1e4fd282 --- /dev/null +++ b/docs/sources/contributing.md @@ -0,0 +1,7 @@ +# Contributing + +## Contents: + + - [Contributing to Docker](contributing/) + - [Setting Up a Dev Environment](devenvironment/) + diff --git a/docs/sources/contributing/contributing.md b/docs/sources/contributing/contributing.md new file mode 100644 index 0000000000..dd764eb855 --- /dev/null +++ b/docs/sources/contributing/contributing.md @@ -0,0 +1,24 @@ +page_title: Contribution Guidelines +page_description: Contribution guidelines: create issues, conventions, pull requests +page_keywords: contributing, docker, documentation, help, guideline + +# Contributing to Docker + +Want to hack on Docker? Awesome! + +The repository includes [all the instructions you need to get started]( +https://github.com/dotcloud/docker/blob/master/CONTRIBUTING.md). + +The [developer environment Dockerfile]( +https://github.com/dotcloud/docker/blob/master/Dockerfile) +specifies the tools and versions used to test and build Docker. + +If you're making changes to the documentation, see the [README.md]( +https://github.com/dotcloud/docker/blob/master/docs/README.md). + +The [documentation environment Dockerfile]( +https://github.com/dotcloud/docker/blob/master/docs/Dockerfile) +specifies the tools and versions used to build the Documentation. + +Further interesting details can be found in the [Packaging hints]( +https://github.com/dotcloud/docker/blob/master/hack/PACKAGERS.md). diff --git a/docs/sources/contributing/contributing.rst b/docs/sources/contributing/contributing.rst deleted file mode 100644 index 3b3b3f8f88..0000000000 --- a/docs/sources/contributing/contributing.rst +++ /dev/null @@ -1,25 +0,0 @@ -:title: Contribution Guidelines -:description: Contribution guidelines: create issues, conventions, pull requests -:keywords: contributing, docker, documentation, help, guideline - -Contributing to Docker -====================== - -Want to hack on Docker? Awesome! - -The repository includes `all the instructions you need to get -started `_. - -The `developer environment Dockerfile -`_ -specifies the tools and versions used to test and build Docker. - -If you're making changes to the documentation, see the -`README.md `_. - -The `documentation environment Dockerfile -`_ -specifies the tools and versions used to build the Documentation. - -Further interesting details can be found in the `Packaging hints -`_. diff --git a/docs/sources/contributing/devenvironment.md b/docs/sources/contributing/devenvironment.md new file mode 100644 index 0000000000..24e250dbb0 --- /dev/null +++ b/docs/sources/contributing/devenvironment.md @@ -0,0 +1,146 @@ +page_title: Setting Up a Dev Environment +page_description: Guides on how to contribute to docker +page_keywords: Docker, documentation, developers, contributing, dev environment + +# Setting Up a Dev Environment + +To make it easier to contribute to Docker, we provide a standard +development environment. It is important that the same environment be +used for all tests, builds and releases. The standard development +environment defines all build dependencies: system libraries and +binaries, go environment, go dependencies, etc. + +## Install Docker + +Docker's build environment itself is a Docker container, so the first +step is to install Docker on your system. + +You can follow the [install instructions most relevant to your +system](https://docs.docker.io/installation/). Make sure you +have a working, up-to-date docker installation, then continue to the +next step. + +## Install tools used for this tutorial + +Install `git`; honest, it's very good. You can use +other ways to get the Docker source, but they're not anywhere near as +easy. + +Install `make`. This tutorial uses our base Makefile +to kick off the docker containers in a repeatable and consistent way. +Again, you can do it in other ways but you need to do more work. + +## Check out the Source + + $ git clone https://git@github.com/dotcloud/docker + $ cd docker + +To checkout a different revision just use `git checkout` +with the name of branch or revision number. + +## Build the Environment + +This following command will build a development environment using the +Dockerfile in the current directory. Essentially, it will install all +the build and runtime dependencies necessary to build and test Docker. +This command will take some time to complete when you first execute it. + + $ sudo make build + +If the build is successful, congratulations! You have produced a clean +build of docker, neatly encapsulated in a standard build environment. + +## Build the Docker Binary + +To create the Docker binary, run this command: + + $ sudo make binary + +This will create the Docker binary in `./bundles/-dev/binary/` + +### Using your built Docker binary + +The binary is available outside the container in the directory +`./bundles/-dev/binary/`. You can swap your +host docker executable with this binary for live testing - for example, +on ubuntu: + + $ sudo service docker stop ; sudo cp $(which docker) $(which docker)_ ; sudo cp ./bundles/-dev/binary/docker--dev $(which docker);sudo service docker start + +> **Note**: +> Its safer to run the tests below before swapping your hosts docker binary. + +## Run the Tests + +To execute the test cases, run this command: + + $ sudo make test + +If the test are successful then the tail of the output should look +something like this + + --- PASS: TestWriteBroadcaster (0.00 seconds) + === RUN TestRaceWriteBroadcaster + --- PASS: TestRaceWriteBroadcaster (0.00 seconds) + === RUN TestTruncIndex + --- PASS: TestTruncIndex (0.00 seconds) + === RUN TestCompareKernelVersion + --- PASS: TestCompareKernelVersion (0.00 seconds) + === RUN TestHumanSize + --- PASS: TestHumanSize (0.00 seconds) + === RUN TestParseHost + --- PASS: TestParseHost (0.00 seconds) + === RUN TestParseRepositoryTag + --- PASS: TestParseRepositoryTag (0.00 seconds) + === RUN TestGetResolvConf + --- PASS: TestGetResolvConf (0.00 seconds) + === RUN TestCheckLocalDns + --- PASS: TestCheckLocalDns (0.00 seconds) + === RUN TestParseRelease + --- PASS: TestParseRelease (0.00 seconds) + === RUN TestDependencyGraphCircular + --- PASS: TestDependencyGraphCircular (0.00 seconds) + === RUN TestDependencyGraph + --- PASS: TestDependencyGraph (0.00 seconds) + PASS + ok github.com/dotcloud/docker/utils 0.017s + +If $TESTFLAGS is set in the environment, it is passed as extra arguments +to `go test`. You can use this to select certain tests to run, e.g. + + $ TESTFLAGS=`-run \^TestBuild\$` make test + +If the output indicates "FAIL" and you see errors like this: + + server.go:1302 Error: Insertion failed because database is full: database or disk is full + + utils_test.go:179: Error copy: exit status 1 (cp: writing '/tmp/docker-testd5c9-[...]': No space left on device + +Then you likely don't have enough memory available the test suite. 2GB +is recommended. + +## Use Docker + +You can run an interactive session in the newly built container: + + $ sudo make shell + + # type 'exit' or Ctrl-D to exit + +## Build And View The Documentation + +If you want to read the documentation from a local website, or are +making changes to it, you can build the documentation and then serve it +by: + + $ sudo make docs + + # when its done, you can point your browser to http://yourdockerhost:8000 + # type Ctrl-C to exit + +**Need More Help?** + +If you need more help then hop on to the [#docker-dev IRC +channel](irc://chat.freenode.net#docker-dev) or post a message on the +[Docker developer mailing +list](https://groups.google.com/d/forum/docker-dev). diff --git a/docs/sources/contributing/devenvironment.rst b/docs/sources/contributing/devenvironment.rst deleted file mode 100644 index 42e6f9be84..0000000000 --- a/docs/sources/contributing/devenvironment.rst +++ /dev/null @@ -1,158 +0,0 @@ -:title: Setting Up a Dev Environment -:description: Guides on how to contribute to docker -:keywords: Docker, documentation, developers, contributing, dev environment - -Setting Up a Dev Environment -^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -To make it easier to contribute to Docker, we provide a standard -development environment. It is important that the same environment be -used for all tests, builds and releases. The standard development -environment defines all build dependencies: system libraries and -binaries, go environment, go dependencies, etc. - - -Step 1: Install Docker ----------------------- - -Docker's build environment itself is a Docker container, so the first -step is to install Docker on your system. - -You can follow the `install instructions most relevant to your system -`_. Make sure you have -a working, up-to-date docker installation, then continue to the next -step. - - -Step 2: Install tools used for this tutorial --------------------------------------------- - -Install ``git``; honest, it's very good. You can use other ways to get the Docker -source, but they're not anywhere near as easy. - -Install ``make``. This tutorial uses our base Makefile to kick off the docker -containers in a repeatable and consistent way. Again, you can do it in other ways -but you need to do more work. - -Step 3: Check out the Source ----------------------------- - -.. code-block:: bash - - git clone http://git@github.com/dotcloud/docker - cd docker - -To checkout a different revision just use ``git checkout`` with the name of branch or revision number. - - -Step 4: Build the Environment ------------------------------ - -This following command will build a development environment using the Dockerfile in the current directory. Essentially, it will install all the build and runtime dependencies necessary to build and test Docker. This command will take some time to complete when you first execute it. - -.. code-block:: bash - - sudo make build - -If the build is successful, congratulations! You have produced a clean build of -docker, neatly encapsulated in a standard build environment. - - -Step 5: Build the Docker Binary -------------------------------- - -To create the Docker binary, run this command: - -.. code-block:: bash - - sudo make binary - -This will create the Docker binary in ``./bundles/-dev/binary/`` - -Using your built Docker binary -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The binary is available outside the container in the directory -``./bundles/-dev/binary/``. You can swap your host docker executable -with this binary for live testing - for example, on ubuntu: - -.. code-block:: bash - - sudo service docker stop ; sudo cp $(which docker) $(which docker)_ ; sudo cp ./bundles/-dev/binary/docker--dev $(which docker);sudo service docker start - -.. note:: Its safer to run the tests below before swapping your hosts docker binary. - - -Step 5: Run the Tests ---------------------- - -To execute the test cases, run this command: - -.. code-block:: bash - - sudo make test - -If the test are successful then the tail of the output should look something like this - -.. code-block:: bash - - --- PASS: TestWriteBroadcaster (0.00 seconds) - === RUN TestRaceWriteBroadcaster - --- PASS: TestRaceWriteBroadcaster (0.00 seconds) - === RUN TestTruncIndex - --- PASS: TestTruncIndex (0.00 seconds) - === RUN TestCompareKernelVersion - --- PASS: TestCompareKernelVersion (0.00 seconds) - === RUN TestHumanSize - --- PASS: TestHumanSize (0.00 seconds) - === RUN TestParseHost - --- PASS: TestParseHost (0.00 seconds) - === RUN TestParseRepositoryTag - --- PASS: TestParseRepositoryTag (0.00 seconds) - === RUN TestGetResolvConf - --- PASS: TestGetResolvConf (0.00 seconds) - === RUN TestCheckLocalDns - --- PASS: TestCheckLocalDns (0.00 seconds) - === RUN TestParseRelease - --- PASS: TestParseRelease (0.00 seconds) - === RUN TestDependencyGraphCircular - --- PASS: TestDependencyGraphCircular (0.00 seconds) - === RUN TestDependencyGraph - --- PASS: TestDependencyGraph (0.00 seconds) - PASS - ok github.com/dotcloud/docker/utils 0.017s - -If $TESTFLAGS is set in the environment, it is passed as extra arguments to 'go test'. -You can use this to select certain tests to run, eg. - - TESTFLAGS='-run ^TestBuild$' make test - - -Step 6: Use Docker -------------------- - -You can run an interactive session in the newly built container: - -.. code-block:: bash - - sudo make shell - - # type 'exit' or Ctrl-D to exit - - -Extra Step: Build and view the Documentation --------------------------------------------- - -If you want to read the documentation from a local website, or are making changes -to it, you can build the documentation and then serve it by: - -.. code-block:: bash - - sudo make docs - # when its done, you can point your browser to http://yourdockerhost:8000 - # type Ctrl-C to exit - - -**Need More Help?** - -If you need more help then hop on to the `#docker-dev IRC channel `_ or post a message on the `Docker developer mailing list `_. diff --git a/docs/sources/contributing/index.rst b/docs/sources/contributing/index.rst deleted file mode 100644 index 3669807a14..0000000000 --- a/docs/sources/contributing/index.rst +++ /dev/null @@ -1,14 +0,0 @@ -:title: Contributing to Docker -:description: Guides on how to contribute to docker -:keywords: Docker, documentation, developers, contributing, dev environment - - - -Contributing -============ - -.. toctree:: - :maxdepth: 1 - - contributing - devenvironment diff --git a/docs/sources/docker-io/accounts.md b/docs/sources/docker-io/accounts.md new file mode 100644 index 0000000000..cfbcd9512c --- /dev/null +++ b/docs/sources/docker-io/accounts.md @@ -0,0 +1,32 @@ +page_title: Accounts on Docker.io +page_description: Docker.io accounts +page_keywords: Docker, docker, registry, accounts, plans, Dockerfile, Docker.io, docs, documentation + +# Accounts on Docker.io + +## Docker.io Accounts + +You can `search` for Docker images and `pull` them from [Docker.io](https://index.docker.io) +without signing in or even having an account. However, in order to `push` images, +leave comments or to *star* a repository, you are going to need a [Docker.io]( +https://www.docker.io) account. + +### Registration for a Docker.io Account + +You can get a [Docker.io](https://index.docker.io) account by +[signing up for one here](https://www.docker.io/account/signup/). A valid +email address is required to register, which you will need to verify for +account activation. + +### Email activation process + +You need to have at least one verified email address to be able to use your +[Docker.io](https://index.docker.io) account. If you can't find the validation email, +you can request another by visiting the [Resend Email Confirmation]( +https://www.docker.io/account/resend-email-confirmation/) page. + +### Password reset process + +If you can't access your account for some reason, you can reset your password +from the [*Password Reset*](https://www.docker.io/account/forgot-password/) +page. \ No newline at end of file diff --git a/docs/sources/docker-io/builds.md b/docs/sources/docker-io/builds.md new file mode 100644 index 0000000000..0ca058663a --- /dev/null +++ b/docs/sources/docker-io/builds.md @@ -0,0 +1,121 @@ +page_title: Trusted Builds on Docker.io +page_description: Docker.io Trusted Builds +page_keywords: Docker, docker, registry, accounts, plans, Dockerfile, Docker.io, docs, documentation, trusted, builds, trusted builds + +# Trusted Builds on Docker.io + +## Trusted Builds + +*Trusted Builds* is a special feature allowing you to specify a source +repository with a *Dockerfile* to be built by the Docker build clusters. The +system will clone your repository and build the Dockerfile using the repository +as the context. The resulting image will then be uploaded to the registry and +marked as a `Trusted Build`. + +Trusted Builds have a number of advantages. For example, users of *your* Trusted +Build can be certain that the resulting image was built exactly how it claims +to be. + +Furthermore, the Dockerfile will be available to anyone browsing your repository +on the registry. Another advantage of the Trusted Builds feature is the automated +builds. This makes sure that your repository is always up to date. + +### Linking with a GitHub account + +In order to setup a Trusted Build, you need to first link your [Docker.io]( +https://index.docker.io) account with a GitHub one. This will allow the registry +to see your repositories. + +> *Note:* We currently request access for *read* and *write* since [Docker.io]( +> https://index.docker.io) needs to setup a GitHub service hook. Although nothing +> else is done with your account, this is how GitHub manages permissions, sorry! + +### Creating a Trusted Build + +You can [create a Trusted Build](https://index.docker.io/builds/github/select/) +from any of your public GitHub repositories with a Dockerfile. + +> **Note:** We currently only support public repositories. To have more than +> one Docker image from the same GitHub repository, you will need to set up one +> Trusted Build per Dockerfile, each using a different image name. This rule +> applies to building multiple branches on the same GitHub repository as well. + +### GitHub organizations + +GitHub organizations appear once your membership to that organization is +made public on GitHub. To verify, you can look at the members tab for your +organization on GitHub. + +### GitHub service hooks + +You can follow the below steps to configure the GitHub service hooks for your +Trusted Build: + + + + + + + + + + + + + + + + + + + + + + +
StepScreenshotDescription
1.Login to Github.com, and visit your Repository page. Click on the repository "Settings" link. You will need admin rights to the repository in order to do this. So if you don't have admin rights, you will need to ask someone who does.
2.Service HooksClick on the "Service Hooks" link
3.Find the service hook labeled DockerFind the service hook labeled "Docker" and click on it.
4.Activate Service HooksClick on the "Active" checkbox and then the "Update settings" button, to save changes.
+ +### The Dockerfile and Trusted Builds + +During the build process, we copy the contents of your Dockerfile. We also +add it to the [Docker.io](https://index.docker.io) for the Docker community +to see on the repository page. + +### README.md + +If you have a `README.md` file in your repository, we will use that as the +repository's full description. + +> **Warning:** +> If you change the full description after a build, it will be +> rewritten the next time the Trusted Build has been built. To make changes, +> modify the README.md from the Git repository. We will look for a README.md +> in the same directory as your Dockerfile. + +### Build triggers + +If you need another way to trigger your Trusted Builds outside of GitHub, you +can setup a build trigger. When you turn on the build trigger for a Trusted +Build, it will give you a URL to which you can send POST requests. This will +trigger the Trusted Build process, which is similar to GitHub webhooks. + +> **Note:** +> You can only trigger one build at a time and no more than one +> every five minutes. If you have a build already pending, or if you already +> recently submitted a build request, those requests *will be ignored*. +> You can find the logs of last 10 triggers on the settings page to verify +> if everything is working correctly. + +### Repository links + +Repository links are a way to associate one Trusted Build with another. If one +gets updated, linking system also triggers a build for the other Trusted Build. +This makes it easy to keep your Trusted Builds up to date. + +To add a link, go to the settings page of a Trusted Build and click on +*Repository Links*. Then enter the name of the repository that you want have +linked. + +> **Warning:** +> You can add more than one repository link, however, you should +> be very careful. Creating a two way relationship between Trusted Builds will +> cause a never ending build loop. diff --git a/docs/sources/docker-io/home.md b/docs/sources/docker-io/home.md new file mode 100644 index 0000000000..d29de76fbf --- /dev/null +++ b/docs/sources/docker-io/home.md @@ -0,0 +1,13 @@ +page_title: The Docker.io Registry Help +page_description: The Docker Registry help documentation home +page_keywords: Docker, docker, registry, accounts, plans, Dockerfile, Docker.io, docs, documentation + +# The Docker.io Registry Help + +## Introduction + +For your questions about the [Docker.io](https://index.docker.io) registry you +can use [this documentation](docs.md). + +If you can not find something you are looking for, please feel free to +[contact us](https://index.docker.io/help/support/). \ No newline at end of file diff --git a/docs/sources/docker-io/repos.md b/docs/sources/docker-io/repos.md new file mode 100644 index 0000000000..a9bdabd89b --- /dev/null +++ b/docs/sources/docker-io/repos.md @@ -0,0 +1,98 @@ +page_title: Repositories and Images on Docker.io +page_description: Repositories and Images on Docker.io +page_keywords: Docker, docker, registry, accounts, plans, Dockerfile, Docker.io, docs, documentation + +# Repositories and Images on Docker.io + +## Searching for repositories and images + +You can `search` for all the publicly available repositories and images using +Docker. If a repository is not public (i.e., private), it won't be listed on +the repository search results. To see repository statuses, you can look at your +[profile page](https://index.docker.io/account/) on [Docker.io]( +https://index.docker.io). + +## Repositories + +### Stars + +Stars are a way to show that you like a repository. They are also an easy way +of bookmark your favorites. + +### Comments + +You can interact with other members of the Docker community and maintainers by +leaving comments on repositories. If you find any comments that are not +appropriate, you can flag them for the admins' review. + +### Private Docker Repositories + +To work with a private repository on [Docker.io](https://index.docker.io), you +will need to add one via the [Add Repository](https://index.docker.io/account/repositories/add) +link. Once the private repository is created, you can `push` and `pull` images +to and from it using Docker. + +> *Note:* You need to be signed in and have access to work with a private +> repository. + +Private repositories are just like public ones. However, it isn't possible to +browse them or search their content on the public registry. They do not get cached +the same way as a public repository either. + +It is possible to give access to a private repository to those whom you +designate (i.e., collaborators) from its settings page. + +From there, you can also switch repository status (*public* to *private*, or +viceversa). You will need to have an available private repository slot open +before you can do such a switch. If you don't have any, you can always upgrade +your [Docker.io](https://index.docker.io/plans/) plan. + +### Collaborators and their role + +A collaborator is someone you want to give access to a private repository. Once +designated, they can `push` and `pull`. Although, they will not be allowed to +perform any administrative tasks such as deleting the repository or changing its +status from private to public. + +> **Note:** A collaborator can not add other collaborators. Only the owner of +> the repository has administrative access. + +### Webhooks + +You can configure webhooks on the repository settings page. A webhook is called +only after a successful `push` is made. The webhook calls are HTTP POST requests +with a JSON payload similar to the example shown below. + +> **Note:** For testing, you can try an HTTP request tool like +> [requestb.in](http://requestb.in/). + +*Example webhook JSON payload:* + + { + "push_data":{ + "pushed_at":1385141110, + "images":[ + "imagehash1", + "imagehash2", + "imagehash3" + ], + "pusher":"username" + }, + "repository":{ + "status":"Active", + "description":"my docker repo that does cool things", + "is_trusted":false, + "full_description":"This is my full description", + "repo_url":"https://index.docker.io/u/username/reponame/", + "owner":"username", + "is_official":false, + "is_private":false, + "name":"reponame", + "namespace":"username", + "star_count":1, + "comment_count":1, + "date_created":1370174400, + "dockerfile":"my full dockerfile is listed here", + "repo_name":"username/reponame" + } + } diff --git a/docs/sources/examples.md b/docs/sources/examples.md new file mode 100644 index 0000000000..f1d1567f52 --- /dev/null +++ b/docs/sources/examples.md @@ -0,0 +1,25 @@ + +# Examples + +## Introduction: + +Here are some examples of how to use Docker to create running processes, +starting from a very simple *Hello World* and progressing to more +substantial services like those which you might find in production. + +## Contents: + + - [Check your Docker install](hello_world/) + - [Hello World](hello_world/#hello-world) + - [Hello World Daemon](hello_world/#hello-world-daemon) + - [Node.js Web App](nodejs_web_app/) + - [Redis Service](running_redis_service/) + - [SSH Daemon Service](running_ssh_service/) + - [CouchDB Service](couchdb_data_volumes/) + - [PostgreSQL Service](postgresql_service/) + - [Building an Image with MongoDB](mongodb/) + - [Riak Service](running_riak_service/) + - [Using Supervisor with Docker](using_supervisord/) + - [Process Management with CFEngine](cfengine_process_management/) + - [Python Web App](python_web_app/) + diff --git a/docs/sources/examples/apt-cacher-ng.md b/docs/sources/examples/apt-cacher-ng.md new file mode 100644 index 0000000000..0293ac5d0b --- /dev/null +++ b/docs/sources/examples/apt-cacher-ng.md @@ -0,0 +1,111 @@ +page_title: Running an apt-cacher-ng service +page_description: Installing and running an apt-cacher-ng service +page_keywords: docker, example, package installation, networking, debian, ubuntu + +# Apt-Cacher-ng Service + +> **Note**: +> +> - This example assumes you have Docker running in daemon mode. For +> more information please see [*Check your Docker +> install*](../hello_world/#running-examples). +> - **If you don't like sudo** then see [*Giving non-root +> access*](/installation/binaries/#dockergroup). +> - **If you're using OS X or docker via TCP** then you shouldn't use +> sudo. + +When you have multiple Docker servers, or build unrelated Docker +containers which can't make use of the Docker build cache, it can be +useful to have a caching proxy for your packages. This container makes +the second download of any package almost instant. + +Use the following Dockerfile: + + # + # Build: docker build -t apt-cacher . + # Run: docker run -d -p 3142:3142 --name apt-cacher-run apt-cacher + # + # and then you can run containers with: + # docker run -t -i --rm -e http_proxy http://dockerhost:3142/ debian bash + # + FROM ubuntu + MAINTAINER SvenDowideit@docker.com + + VOLUME ["/var/cache/apt-cacher-ng"] + RUN apt-get update ; apt-get install -yq apt-cacher-ng + + EXPOSE 3142 + CMD chmod 777 /var/cache/apt-cacher-ng ; /etc/init.d/apt-cacher-ng start ; tail -f /var/log/apt-cacher-ng/* + +To build the image using: + + $ sudo docker build -t eg_apt_cacher_ng . + +Then run it, mapping the exposed port to one on the host + + $ sudo docker run -d -p 3142:3142 --name test_apt_cacher_ng eg_apt_cacher_ng + +To see the logfiles that are `tailed` in the default command, you can +use: + + $ sudo docker logs -f test_apt_cacher_ng + +To get your Debian-based containers to use the proxy, you can do one of +three things + +1. Add an apt Proxy setting + `echo 'Acquire::http { Proxy "http://dockerhost:3142"; };' >> /etc/apt/conf.d/01proxy` +2. Set an environment variable: + `http_proxy=http://dockerhost:3142/` +3. Change your `sources.list` entries to start with + `http://dockerhost:3142/` + +**Option 1** injects the settings safely into your apt configuration in +a local version of a common base: + + FROM ubuntu + RUN echo 'Acquire::http { Proxy "http://dockerhost:3142"; };' >> /etc/apt/apt.conf.d/01proxy + RUN apt-get update ; apt-get install vim git + + # docker build -t my_ubuntu . + +**Option 2** is good for testing, but will break other HTTP clients +which obey `http_proxy`, such as `curl`, `wget` and others: + + $ sudo docker run --rm -t -i -e http_proxy=http://dockerhost:3142/ debian bash + +**Option 3** is the least portable, but there will be times when you +might need to do it and you can do it from your `Dockerfile` +too. + +Apt-cacher-ng has some tools that allow you to manage the repository, +and they can be used by leveraging the `VOLUME` +instruction, and the image we built to run the service: + + $ sudo docker run --rm -t -i --volumes-from test_apt_cacher_ng eg_apt_cacher_ng bash + + $$ /usr/lib/apt-cacher-ng/distkill.pl + Scanning /var/cache/apt-cacher-ng, please wait... + Found distributions: + bla, taggedcount: 0 + 1. precise-security (36 index files) + 2. wheezy (25 index files) + 3. precise-updates (36 index files) + 4. precise (36 index files) + 5. wheezy-updates (18 index files) + + Found architectures: + 6. amd64 (36 index files) + 7. i386 (24 index files) + + WARNING: The removal action may wipe out whole directories containing + index files. Select d to see detailed list. + + (Number nn: tag distribution or architecture nn; 0: exit; d: show details; r: remove tagged; q: quit): q + +Finally, clean up after your test by stopping and removing the +container, and then removing the image. + + $ sudo docker stop test_apt_cacher_ng + $ sudo docker rm test_apt_cacher_ng + $ sudo docker rmi eg_apt_cacher_ng diff --git a/docs/sources/examples/apt-cacher-ng.rst b/docs/sources/examples/apt-cacher-ng.rst deleted file mode 100644 index dd844d4ef1..0000000000 --- a/docs/sources/examples/apt-cacher-ng.rst +++ /dev/null @@ -1,102 +0,0 @@ -:title: Running an apt-cacher-ng service -:description: Installing and running an apt-cacher-ng service -:keywords: docker, example, package installation, networking, debian, ubuntu - -.. _running_apt-cacher-ng_service: - -Apt-Cacher-ng Service -===================== - -.. include:: example_header.inc - - -When you have multiple Docker servers, or build unrelated Docker containers -which can't make use of the Docker build cache, it can be useful to have a -caching proxy for your packages. This container makes the second download of -any package almost instant. - -Use the following Dockerfile: - -.. literalinclude:: apt-cacher-ng.Dockerfile - -To build the image using: - -.. code-block:: bash - - $ sudo docker build -t eg_apt_cacher_ng . - -Then run it, mapping the exposed port to one on the host - -.. code-block:: bash - - $ sudo docker run -d -p 3142:3142 --name test_apt_cacher_ng eg_apt_cacher_ng - -To see the logfiles that are 'tailed' in the default command, you can use: - -.. code-block:: bash - - $ sudo docker logs -f test_apt_cacher_ng - -To get your Debian-based containers to use the proxy, you can do one of three things - -1. Add an apt Proxy setting ``echo 'Acquire::http { Proxy "http://dockerhost:3142"; };' >> /etc/apt/conf.d/01proxy`` -2. Set an environment variable: ``http_proxy=http://dockerhost:3142/`` -3. Change your ``sources.list`` entries to start with ``http://dockerhost:3142/`` - -**Option 1** injects the settings safely into your apt configuration in a local -version of a common base: - -.. code-block:: bash - - FROM ubuntu - RUN echo 'Acquire::http { Proxy "http://dockerhost:3142"; };' >> /etc/apt/apt.conf.d/01proxy - RUN apt-get update ; apt-get install vim git - - # docker build -t my_ubuntu . - -**Option 2** is good for testing, but will -break other HTTP clients which obey ``http_proxy``, such as ``curl``, ``wget`` and others: - -.. code-block:: bash - - $ sudo docker run --rm -t -i -e http_proxy=http://dockerhost:3142/ debian bash - -**Option 3** is the least portable, but there will be times when you might need to -do it and you can do it from your ``Dockerfile`` too. - -Apt-cacher-ng has some tools that allow you to manage the repository, and they -can be used by leveraging the ``VOLUME`` instruction, and the image we built to run the -service: - -.. code-block:: bash - - $ sudo docker run --rm -t -i --volumes-from test_apt_cacher_ng eg_apt_cacher_ng bash - - $$ /usr/lib/apt-cacher-ng/distkill.pl - Scanning /var/cache/apt-cacher-ng, please wait... - Found distributions: - bla, taggedcount: 0 - 1. precise-security (36 index files) - 2. wheezy (25 index files) - 3. precise-updates (36 index files) - 4. precise (36 index files) - 5. wheezy-updates (18 index files) - - Found architectures: - 6. amd64 (36 index files) - 7. i386 (24 index files) - - WARNING: The removal action may wipe out whole directories containing - index files. Select d to see detailed list. - - (Number nn: tag distribution or architecture nn; 0: exit; d: show details; r: remove tagged; q: quit): q - - -Finally, clean up after your test by stopping and removing the container, and -then removing the image. - -.. code-block:: bash - - $ sudo docker stop test_apt_cacher_ng - $ sudo docker rm test_apt_cacher_ng - $ sudo docker rmi eg_apt_cacher_ng diff --git a/docs/sources/examples/cfengine_process_management.md b/docs/sources/examples/cfengine_process_management.md new file mode 100644 index 0000000000..0c7b6a8a1f --- /dev/null +++ b/docs/sources/examples/cfengine_process_management.md @@ -0,0 +1,144 @@ +page_title: Process Management with CFEngine +page_description: Managing containerized processes with CFEngine +page_keywords: cfengine, process, management, usage, docker, documentation + +# Process Management with CFEngine + +Create Docker containers with managed processes. + +Docker monitors one process in each running container and the container +lives or dies with that process. By introducing CFEngine inside Docker +containers, we can alleviate a few of the issues that may arise: + + - It is possible to easily start multiple processes within a + container, all of which will be managed automatically, with the + normal `docker run` command. + - If a managed process dies or crashes, CFEngine will start it again + within 1 minute. + - The container itself will live as long as the CFEngine scheduling + daemon (cf-execd) lives. With CFEngine, we are able to decouple the + life of the container from the uptime of the service it provides. + +## How it works + +CFEngine, together with the cfe-docker integration policies, are +installed as part of the Dockerfile. This builds CFEngine into our +Docker image. + +The Dockerfile's `ENTRYPOINT` takes an arbitrary +amount of commands (with any desired arguments) as parameters. When we +run the Docker container these parameters get written to CFEngine +policies and CFEngine takes over to ensure that the desired processes +are running in the container. + +CFEngine scans the process table for the `basename` of the commands given +to the `ENTRYPOINT` and runs the command to start the process if the `basename` +is not found. For example, if we start the container with +`docker run "/path/to/my/application parameters"`, CFEngine will look for a +process named `application` and run the command. If an entry for `application` +is not found in the process table at any point in time, CFEngine will execute +`/path/to/my/application parameters` to start the application once again. The +check on the process table happens every minute. + +Note that it is therefore important that the command to start your +application leaves a process with the basename of the command. This can +be made more flexible by making some minor adjustments to the CFEngine +policies, if desired. + +## Usage + +This example assumes you have Docker installed and working. We will +install and manage `apache2` and `sshd` +in a single container. + +There are three steps: + +1. Install CFEngine into the container. +2. Copy the CFEngine Docker process management policy into the + containerized CFEngine installation. +3. Start your application processes as part of the `docker run` command. + +### Building the container image + +The first two steps can be done as part of a Dockerfile, as follows. + + FROM ubuntu + MAINTAINER Eystein Måløy Stenberg + + RUN apt-get -y install wget lsb-release unzip ca-certificates + + # install latest CFEngine + RUN wget -qO- http://cfengine.com/pub/gpg.key | apt-key add - + RUN echo "deb http://cfengine.com/pub/apt $(lsb_release -cs) main" > /etc/apt/sources.list.d/cfengine-community.list + RUN apt-get update + RUN apt-get install cfengine-community + + # install cfe-docker process management policy + RUN wget https://github.com/estenberg/cfe-docker/archive/master.zip -P /tmp/ && unzip /tmp/master.zip -d /tmp/ + RUN cp /tmp/cfe-docker-master/cfengine/bin/* /var/cfengine/bin/ + RUN cp /tmp/cfe-docker-master/cfengine/inputs/* /var/cfengine/inputs/ + RUN rm -rf /tmp/cfe-docker-master /tmp/master.zip + + # apache2 and openssh are just for testing purposes, install your own apps here + RUN apt-get -y install openssh-server apache2 + RUN mkdir -p /var/run/sshd + RUN echo "root:password" | chpasswd # need a password for ssh + + ENTRYPOINT ["/var/cfengine/bin/docker_processes_run.sh"] + +By saving this file as Dockerfile to a working directory, you can then build +your container with the docker build command, e.g. +`docker build -t managed_image`. + +### Testing the container + +Start the container with `apache2` and `sshd` running and managed, forwarding +a port to our SSH instance: + + $ docker run -p 127.0.0.1:222:22 -d managed_image "/usr/sbin/sshd" "/etc/init.d/apache2 start" + +We now clearly see one of the benefits of the cfe-docker integration: it +allows to start several processes as part of a normal `docker run` command. + +We can now log in to our new container and see that both `apache2` and `sshd` +are running. We have set the root password to "password" in the Dockerfile +above and can use that to log in with ssh: + + ssh -p222 root@127.0.0.1 + + ps -ef + UID PID PPID C STIME TTY TIME CMD + root 1 0 0 07:48 ? 00:00:00 /bin/bash /var/cfengine/bin/docker_processes_run.sh /usr/sbin/sshd /etc/init.d/apache2 start + root 18 1 0 07:48 ? 00:00:00 /var/cfengine/bin/cf-execd -F + root 20 1 0 07:48 ? 00:00:00 /usr/sbin/sshd + root 32 1 0 07:48 ? 00:00:00 /usr/sbin/apache2 -k start + www-data 34 32 0 07:48 ? 00:00:00 /usr/sbin/apache2 -k start + www-data 35 32 0 07:48 ? 00:00:00 /usr/sbin/apache2 -k start + www-data 36 32 0 07:48 ? 00:00:00 /usr/sbin/apache2 -k start + root 93 20 0 07:48 ? 00:00:00 sshd: root@pts/0 + root 105 93 0 07:48 pts/0 00:00:00 -bash + root 112 105 0 07:49 pts/0 00:00:00 ps -ef + +If we stop apache2, it will be started again within a minute by +CFEngine. + + service apache2 status + Apache2 is running (pid 32). + service apache2 stop + * Stopping web server apache2 ... waiting [ OK ] + service apache2 status + Apache2 is NOT running. + # ... wait up to 1 minute... + service apache2 status + Apache2 is running (pid 173). + +## Adapting to your applications + +To make sure your applications get managed in the same manner, there are +just two things you need to adjust from the above example: + + - In the Dockerfile used above, install your applications instead of + `apache2` and `sshd`. + - When you start the container with `docker run`, + specify the command line arguments to your applications rather than + `apache2` and `sshd`. diff --git a/docs/sources/examples/cfengine_process_management.rst b/docs/sources/examples/cfengine_process_management.rst deleted file mode 100644 index 7ca2c35498..0000000000 --- a/docs/sources/examples/cfengine_process_management.rst +++ /dev/null @@ -1,137 +0,0 @@ -:title: Process Management with CFEngine -:description: Managing containerized processes with CFEngine -:keywords: cfengine, process, management, usage, docker, documentation - -Process Management with CFEngine -================================ - -Create Docker containers with managed processes. - -Docker monitors one process in each running container and the container lives or dies with that process. -By introducing CFEngine inside Docker containers, we can alleviate a few of the issues that may arise: - -* It is possible to easily start multiple processes within a container, all of which will be managed automatically, with the normal ``docker run`` command. -* If a managed process dies or crashes, CFEngine will start it again within 1 minute. -* The container itself will live as long as the CFEngine scheduling daemon (cf-execd) lives. With CFEngine, we are able to decouple the life of the container from the uptime of the service it provides. - - -How it works ------------- - -CFEngine, together with the cfe-docker integration policies, are installed as part of the Dockerfile. This builds CFEngine into our Docker image. - -The Dockerfile's ``ENTRYPOINT`` takes an arbitrary amount of commands (with any desired arguments) as parameters. -When we run the Docker container these parameters get written to CFEngine policies and CFEngine takes over to ensure that the desired processes are running in the container. - -CFEngine scans the process table for the ``basename`` of the commands given to the ``ENTRYPOINT`` and runs the command to start the process if the ``basename`` is not found. -For example, if we start the container with ``docker run "/path/to/my/application parameters"``, CFEngine will look for a process named ``application`` and run the command. -If an entry for ``application`` is not found in the process table at any point in time, CFEngine will execute ``/path/to/my/application parameters`` to start the application once again. -The check on the process table happens every minute. - -Note that it is therefore important that the command to start your application leaves a process with the basename of the command. -This can be made more flexible by making some minor adjustments to the CFEngine policies, if desired. - - -Usage ------ - -This example assumes you have Docker installed and working. -We will install and manage ``apache2`` and ``sshd`` in a single container. - -There are three steps: - -1. Install CFEngine into the container. -2. Copy the CFEngine Docker process management policy into the containerized CFEngine installation. -3. Start your application processes as part of the ``docker run`` command. - - -Building the container image -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The first two steps can be done as part of a Dockerfile, as follows. - -.. code-block:: bash - - FROM ubuntu - MAINTAINER Eystein Måløy Stenberg - - RUN apt-get -y install wget lsb-release unzip ca-certificates - - # install latest CFEngine - RUN wget -qO- http://cfengine.com/pub/gpg.key | apt-key add - - RUN echo "deb http://cfengine.com/pub/apt $(lsb_release -cs) main" > /etc/apt/sources.list.d/cfengine-community.list - RUN apt-get update - RUN apt-get install cfengine-community - - # install cfe-docker process management policy - RUN wget https://github.com/estenberg/cfe-docker/archive/master.zip -P /tmp/ && unzip /tmp/master.zip -d /tmp/ - RUN cp /tmp/cfe-docker-master/cfengine/bin/* /var/cfengine/bin/ - RUN cp /tmp/cfe-docker-master/cfengine/inputs/* /var/cfengine/inputs/ - RUN rm -rf /tmp/cfe-docker-master /tmp/master.zip - - # apache2 and openssh are just for testing purposes, install your own apps here - RUN apt-get -y install openssh-server apache2 - RUN mkdir -p /var/run/sshd - RUN echo "root:password" | chpasswd # need a password for ssh - - ENTRYPOINT ["/var/cfengine/bin/docker_processes_run.sh"] - - -By saving this file as ``Dockerfile`` to a working directory, you can then build your container with the docker build command, -e.g. ``docker build -t managed_image``. - -Testing the container -~~~~~~~~~~~~~~~~~~~~~ - -Start the container with ``apache2`` and ``sshd`` running and managed, forwarding a port to our SSH instance: - -.. code-block:: bash - - docker run -p 127.0.0.1:222:22 -d managed_image "/usr/sbin/sshd" "/etc/init.d/apache2 start" - -We now clearly see one of the benefits of the cfe-docker integration: it allows to start several processes -as part of a normal ``docker run`` command. - -We can now log in to our new container and see that both ``apache2`` and ``sshd`` are running. We have set the root password to -"password" in the Dockerfile above and can use that to log in with ssh: - -.. code-block:: bash - - ssh -p222 root@127.0.0.1 - - ps -ef - UID PID PPID C STIME TTY TIME CMD - root 1 0 0 07:48 ? 00:00:00 /bin/bash /var/cfengine/bin/docker_processes_run.sh /usr/sbin/sshd /etc/init.d/apache2 start - root 18 1 0 07:48 ? 00:00:00 /var/cfengine/bin/cf-execd -F - root 20 1 0 07:48 ? 00:00:00 /usr/sbin/sshd - root 32 1 0 07:48 ? 00:00:00 /usr/sbin/apache2 -k start - www-data 34 32 0 07:48 ? 00:00:00 /usr/sbin/apache2 -k start - www-data 35 32 0 07:48 ? 00:00:00 /usr/sbin/apache2 -k start - www-data 36 32 0 07:48 ? 00:00:00 /usr/sbin/apache2 -k start - root 93 20 0 07:48 ? 00:00:00 sshd: root@pts/0 - root 105 93 0 07:48 pts/0 00:00:00 -bash - root 112 105 0 07:49 pts/0 00:00:00 ps -ef - - -If we stop apache2, it will be started again within a minute by CFEngine. - -.. code-block:: bash - - service apache2 status - Apache2 is running (pid 32). - service apache2 stop - * Stopping web server apache2 ... waiting [ OK ] - service apache2 status - Apache2 is NOT running. - # ... wait up to 1 minute... - service apache2 status - Apache2 is running (pid 173). - - -Adapting to your applications ------------------------------ - -To make sure your applications get managed in the same manner, there are just two things you need to adjust from the above example: - -* In the Dockerfile used above, install your applications instead of ``apache2`` and ``sshd``. -* When you start the container with ``docker run``, specify the command line arguments to your applications rather than ``apache2`` and ``sshd``. diff --git a/docs/sources/examples/couchdb_data_volumes.md b/docs/sources/examples/couchdb_data_volumes.md new file mode 100644 index 0000000000..17490487aa --- /dev/null +++ b/docs/sources/examples/couchdb_data_volumes.md @@ -0,0 +1,47 @@ +page_title: Sharing data between 2 couchdb databases +page_description: Sharing data between 2 couchdb databases +page_keywords: docker, example, package installation, networking, couchdb, data volumes + +# CouchDB Service + +> **Note**: +> +> - This example assumes you have Docker running in daemon mode. For +> more information please see [*Check your Docker +> install*](../hello_world/#running-examples). +> - **If you don't like sudo** then see [*Giving non-root +> access*](/installation/binaries/#dockergroup) + +Here's an example of using data volumes to share the same data between +two CouchDB containers. This could be used for hot upgrades, testing +different versions of CouchDB on the same data, etc. + +## Create first database + +Note that we're marking `/var/lib/couchdb` as a data volume. + + $ COUCH1=$(sudo docker run -d -p 5984 -v /var/lib/couchdb shykes/couchdb:2013-05-03) + +## Add data to the first database + +We're assuming your Docker host is reachable at `localhost`. If not, +replace `localhost` with the public IP of your Docker host. + + $ HOST=localhost + $ URL="http://$HOST:$(sudo docker port $COUCH1 5984 | grep -Po '\d+$')/_utils/" + $ echo "Navigate to $URL in your browser, and use the couch interface to add data" + +## Create second database + +This time, we're requesting shared access to `$COUCH1`'s volumes. + + $ COUCH2=$(sudo docker run -d -p 5984 --volumes-from $COUCH1 shykes/couchdb:2013-05-03) + +## Browse data on the second database + + $ HOST=localhost + $ URL="http://$HOST:$(sudo docker port $COUCH2 5984 | grep -Po '\d+$')/_utils/" + $ echo "Navigate to $URL in your browser. You should see the same data as in the first database"'!' + +Congratulations, you are now running two Couchdb containers, completely +isolated from each other *except* for their data. diff --git a/docs/sources/examples/couchdb_data_volumes.rst b/docs/sources/examples/couchdb_data_volumes.rst deleted file mode 100644 index 6cf3fab68c..0000000000 --- a/docs/sources/examples/couchdb_data_volumes.rst +++ /dev/null @@ -1,56 +0,0 @@ -:title: Sharing data between 2 couchdb databases -:description: Sharing data between 2 couchdb databases -:keywords: docker, example, package installation, networking, couchdb, data volumes - -.. _running_couchdb_service: - -CouchDB Service -=============== - -.. include:: example_header.inc - -Here's an example of using data volumes to share the same data between -two CouchDB containers. This could be used for hot upgrades, testing -different versions of CouchDB on the same data, etc. - -Create first database ---------------------- - -Note that we're marking ``/var/lib/couchdb`` as a data volume. - -.. code-block:: bash - - COUCH1=$(sudo docker run -d -p 5984 -v /var/lib/couchdb shykes/couchdb:2013-05-03) - -Add data to the first database ------------------------------- - -We're assuming your Docker host is reachable at ``localhost``. If not, -replace ``localhost`` with the public IP of your Docker host. - -.. code-block:: bash - - HOST=localhost - URL="http://$HOST:$(sudo docker port $COUCH1 5984 | grep -Po '\d+$')/_utils/" - echo "Navigate to $URL in your browser, and use the couch interface to add data" - -Create second database ----------------------- - -This time, we're requesting shared access to ``$COUCH1``'s volumes. - -.. code-block:: bash - - COUCH2=$(sudo docker run -d -p 5984 --volumes-from $COUCH1 shykes/couchdb:2013-05-03) - -Browse data on the second database ----------------------------------- - -.. code-block:: bash - - HOST=localhost - URL="http://$HOST:$(sudo docker port $COUCH2 5984 | grep -Po '\d+$')/_utils/" - echo "Navigate to $URL in your browser. You should see the same data as in the first database"'!' - -Congratulations, you are now running two Couchdb containers, completely -isolated from each other *except* for their data. diff --git a/docs/sources/examples/hello_world.md b/docs/sources/examples/hello_world.md new file mode 100644 index 0000000000..177857816c --- /dev/null +++ b/docs/sources/examples/hello_world.md @@ -0,0 +1,162 @@ +page_title: Hello world example +page_description: A simple hello world example with Docker +page_keywords: docker, example, hello world + +# Check your Docker installation + +This guide assumes you have a working installation of Docker. To check +your Docker install, run the following command: + + # Check that you have a working install + $ sudo docker info + +If you get `docker: command not found` or something +like `/var/lib/docker/repositories: permission denied` +you may have an incomplete Docker installation or insufficient +privileges to access docker on your machine. + +Please refer to [*Installation*](/installation/) +for installation instructions. + +## Hello World + +> **Note**: +> +> - This example assumes you have Docker running in daemon mode. For +> more information please see [*Check your Docker +> install*](#check-your-docker-installation). +> - **If you don't like sudo** then see [*Giving non-root +> access*](/installation/binaries/#dockergroup) + +This is the most basic example available for using Docker. + +Download the small base image named `busybox`: + + # Download a busybox image + $ sudo docker pull busybox + +The `busybox` image is a minimal Linux system. You can do the same with +any number of other images, such as `debian`, `ubuntu` or `centos`. The +images can be found and retrieved using the +[Docker.io](http://index.docker.io) registry. + + $ sudo docker run busybox /bin/echo hello world + +This command will run a simple `echo` command, that +will echo `hello world` back to the console over +standard out. + +**Explanation:** + +- **"sudo"** execute the following commands as user *root* +- **"docker run"** run a command in a new container +- **"busybox"** is the image we are running the command in. +- **"/bin/echo"** is the command we want to run in the container +- **"hello world"** is the input for the echo command + +**Video:** + +See the example in action + + + + + +## Hello World Daemon + +> **Note**: +> +> - This example assumes you have Docker running in daemon mode. For +> more information please see [*Check your Docker +> install*](#check-your-docker-installation). +> - **If you don't like sudo** then see [*Giving non-root +> access*](/installation/binaries/#dockergroup) + +And now for the most boring daemon ever written! + +We will use the Ubuntu image to run a simple hello world daemon that +will just print hello world to standard out every second. It will +continue to do this until we stop it. + +**Steps:** + + $ container_id=$(sudo docker run -d ubuntu /bin/sh -c "while true; do echo hello world; sleep 1; done") + +We are going to run a simple hello world daemon in a new container made +from the `ubuntu` image. + + - **"sudo docker run -d "** run a command in a new container. We pass + "-d" so it runs as a daemon. + - **"ubuntu"** is the image we want to run the command inside of. + - **"/bin/sh -c"** is the command we want to run in the container + - **"while true; do echo hello world; sleep 1; done"** is the mini + script we want to run, that will just print hello world once a + second until we stop it. + - **$container_id** the output of the run command will return a + container id, we can use in future commands to see what is going on + with this process. + + + + $ sudo docker logs $container_id + +Check the logs make sure it is working correctly. + + - **"docker logs**" This will return the logs for a container + - **$container_id** The Id of the container we want the logs for. + + + + $ sudo docker attach --sig-proxy=false $container_id + +Attach to the container to see the results in real-time. + + - **"docker attach**" This will allow us to attach to a background + process to see what is going on. + - **"–sig-proxy=false"** Do not forward signals to the container; + allows us to exit the attachment using Control-C without stopping + the container. + - **$container_id** The Id of the container we want to attach to. + +Exit from the container attachment by pressing Control-C. + + $ sudo docker ps + +Check the process list to make sure it is running. + + - **"docker ps"** this shows all running process managed by docker + + + + $ sudo docker stop $container_id + +Stop the container, since we don't need it anymore. + + - **"docker stop"** This stops a container + - **$container_id** The Id of the container we want to stop. + + + + $ sudo docker ps + +Make sure it is really stopped. + +**Video:** + +See the example in action + + + + + +The next example in the series is a [*Node.js Web App*]( +../nodejs_web_app/#nodejs-web-app) example, or you could skip to any of the +other examples: + + - [*Node.js Web App*](../nodejs_web_app/#nodejs-web-app) + - [*Redis Service*](../running_redis_service/#running-redis-service) + - [*SSH Daemon Service*](../running_ssh_service/#running-ssh-service) + - [*CouchDB Service*](../couchdb_data_volumes/#running-couchdb-service) + - [*PostgreSQL Service*](../postgresql_service/#postgresql-service) + - [*Building an Image with MongoDB*](../mongodb/#mongodb-image) + - [*Python Web App*](../python_web_app/#python-web-app) diff --git a/docs/sources/examples/hello_world.rst b/docs/sources/examples/hello_world.rst deleted file mode 100644 index 39d7abea2c..0000000000 --- a/docs/sources/examples/hello_world.rst +++ /dev/null @@ -1,181 +0,0 @@ -:title: Hello world example -:description: A simple hello world example with Docker -:keywords: docker, example, hello world - -.. _running_examples: - -Check your Docker install -------------------------- - -This guide assumes you have a working installation of Docker. To check -your Docker install, run the following command: - -.. code-block:: bash - - # Check that you have a working install - $ sudo docker info - -If you get ``docker: command not found`` or something like -``/var/lib/docker/repositories: permission denied`` you may have an incomplete -Docker installation or insufficient privileges to access docker on your machine. - -Please refer to :ref:`installation_list` for installation instructions. - - -.. _hello_world: - -Hello World ------------ - -.. include:: example_header.inc - -This is the most basic example available for using Docker. - -Download the small base image named ``busybox``: - -.. code-block:: bash - - # Download a busybox image - $ sudo docker pull busybox - -The ``busybox`` image is a minimal Linux system. You can do the same -with any number of other images, such as ``debian``, ``ubuntu`` or ``centos``. -The images can be found and retrieved using the `Docker index`_. - -.. _Docker index: http://index.docker.io - -.. code-block:: bash - - $ sudo docker run busybox /bin/echo hello world - -This command will run a simple ``echo`` command, that will echo ``hello world`` back to the console over standard out. - -**Explanation:** - -- **"sudo"** execute the following commands as user *root* -- **"docker run"** run a command in a new container -- **"busybox"** is the image we are running the command in. -- **"/bin/echo"** is the command we want to run in the container -- **"hello world"** is the input for the echo command - - - -**Video:** - -See the example in action - -.. raw:: html - - - ----- - -.. _hello_world_daemon: - -Hello World Daemon ------------------- - -.. include:: example_header.inc - -And now for the most boring daemon ever written! - -We will use the Ubuntu image to run a simple hello world daemon that will just print hello -world to standard out every second. It will continue to do this until -we stop it. - -**Steps:** - -.. code-block:: bash - - container_id=$(sudo docker run -d ubuntu /bin/sh -c "while true; do echo hello world; sleep 1; done") - -We are going to run a simple hello world daemon in a new container -made from the ``ubuntu`` image. - -- **"sudo docker run -d "** run a command in a new container. We pass "-d" - so it runs as a daemon. -- **"ubuntu"** is the image we want to run the command inside of. -- **"/bin/sh -c"** is the command we want to run in the container -- **"while true; do echo hello world; sleep 1; done"** is the mini - script we want to run, that will just print hello world once a - second until we stop it. -- **$container_id** the output of the run command will return a - container id, we can use in future commands to see what is going on - with this process. - -.. code-block:: bash - - sudo docker logs $container_id - -Check the logs make sure it is working correctly. - -- **"docker logs**" This will return the logs for a container -- **$container_id** The Id of the container we want the logs for. - -.. code-block:: bash - - sudo docker attach --sig-proxy=false $container_id - -Attach to the container to see the results in real-time. - -- **"docker attach**" This will allow us to attach to a background - process to see what is going on. -- **"--sig-proxy=false"** Do not forward signals to the container; allows - us to exit the attachment using Control-C without stopping the container. -- **$container_id** The Id of the container we want to attach to. - -Exit from the container attachment by pressing Control-C. - -.. code-block:: bash - - sudo docker ps - -Check the process list to make sure it is running. - -- **"docker ps"** this shows all running process managed by docker - -.. code-block:: bash - - sudo docker stop $container_id - -Stop the container, since we don't need it anymore. - -- **"docker stop"** This stops a container -- **$container_id** The Id of the container we want to stop. - -.. code-block:: bash - - sudo docker ps - -Make sure it is really stopped. - - -**Video:** - -See the example in action - -.. raw:: html - - - -The next example in the series is a :ref:`nodejs_web_app` example, or -you could skip to any of the other examples: - - -* :ref:`nodejs_web_app` -* :ref:`running_redis_service` -* :ref:`running_ssh_service` -* :ref:`running_couchdb_service` -* :ref:`postgresql_service` -* :ref:`mongodb_image` -* :ref:`python_web_app` diff --git a/docs/sources/examples/https.md b/docs/sources/examples/https.md new file mode 100644 index 0000000000..c46cf6b88c --- /dev/null +++ b/docs/sources/examples/https.md @@ -0,0 +1,107 @@ +page_title: Docker HTTPS Setup +page_description: How to setup docker with https +page_keywords: docker, example, https, daemon + +# Running Docker with https + +By default, Docker runs via a non-networked Unix socket. It can also +optionally communicate using a HTTP socket. + +If you need Docker reachable via the network in a safe manner, you can +enable TLS by specifying the tlsverify flag and pointing Docker's +tlscacert flag to a trusted CA certificate. + +In daemon mode, it will only allow connections from clients +authenticated by a certificate signed by that CA. In client mode, it +will only connect to servers with a certificate signed by that CA. + +> **Warning**: +> Using TLS and managing a CA is an advanced topic. Please make you self +> familiar with openssl, x509 and tls before using it in production. + +## Create a CA, server and client keys with OpenSSL + +First, initialize the CA serial file and generate CA private and public +keys: + + $ echo 01 > ca.srl + $ openssl genrsa -des3 -out ca-key.pem + $ openssl req -new -x509 -days 365 -key ca-key.pem -out ca.pem + +Now that we have a CA, you can create a server key and certificate +signing request. Make sure that "Common Name (e.g. server FQDN or YOUR +name)" matches the hostname you will use to connect to Docker or just +use `\*` for a certificate valid for any hostname: + + $ openssl genrsa -des3 -out server-key.pem + $ openssl req -new -key server-key.pem -out server.csr + +Next we're going to sign the key with our CA: + + $ openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem \ + -out server-cert.pem + +For client authentication, create a client key and certificate signing +request: + + $ openssl genrsa -des3 -out client-key.pem + $ openssl req -new -key client-key.pem -out client.csr + +To make the key suitable for client authentication, create a extensions +config file: + + $ echo extendedKeyUsage = clientAuth > extfile.cnf + +Now sign the key: + + $ openssl x509 -req -days 365 -in client.csr -CA ca.pem -CAkey ca-key.pem \ + -out client-cert.pem -extfile extfile.cnf + +Finally you need to remove the passphrase from the client and server +key: + + $ openssl rsa -in server-key.pem -out server-key.pem + $ openssl rsa -in client-key.pem -out client-key.pem + +Now you can make the Docker daemon only accept connections from clients +providing a certificate trusted by our CA: + + $ sudo docker -d --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem \ + -H=0.0.0.0:4243 + +To be able to connect to Docker and validate its certificate, you now +need to provide your client keys, certificates and trusted CA: + + $ docker --tlsverify --tlscacert=ca.pem --tlscert=client-cert.pem --tlskey=client-key.pem \ + -H=dns-name-of-docker-host:4243 + +> **Warning**: +> As shown in the example above, you don't have to run the +> `docker` client with `sudo` or +> the `docker` group when you use certificate +> authentication. That means anyone with the keys can give any +> instructions to your Docker daemon, giving them root access to the +> machine hosting the daemon. Guard these keys as you would a root +> password! + +## Other modes + +If you don't want to have complete two-way authentication, you can run +Docker in various other modes by mixing the flags. + +### Daemon modes + + - tlsverify, tlscacert, tlscert, tlskey set: Authenticate clients + - tls, tlscert, tlskey: Do not authenticate clients + +### Client modes + + - tls: Authenticate server based on public/default CA pool + - tlsverify, tlscacert: Authenticate server based on given CA + - tls, tlscert, tlskey: Authenticate with client certificate, do not + authenticate server based on given CA + - tlsverify, tlscacert, tlscert, tlskey: Authenticate with client + certificate, authenticate server based on given CA + +The client will send its client certificate if found, so you just need +to drop your keys into ~/.docker/.pem diff --git a/docs/sources/examples/https.rst b/docs/sources/examples/https.rst deleted file mode 100644 index 7a221ed951..0000000000 --- a/docs/sources/examples/https.rst +++ /dev/null @@ -1,126 +0,0 @@ -:title: Docker HTTPS Setup -:description: How to setup docker with https -:keywords: docker, example, https, daemon - -.. _running_docker_https: - -Running Docker with https -========================= - -By default, Docker runs via a non-networked Unix socket. It can also optionally -communicate using a HTTP socket. - -If you need Docker reachable via the network in a safe manner, you can enable -TLS by specifying the `tlsverify` flag and pointing Docker's `tlscacert` flag to a -trusted CA certificate. - -In daemon mode, it will only allow connections from clients authenticated by a -certificate signed by that CA. In client mode, it will only connect to servers -with a certificate signed by that CA. - -.. warning:: - - Using TLS and managing a CA is an advanced topic. Please make you self familiar - with openssl, x509 and tls before using it in production. - -Create a CA, server and client keys with OpenSSL ------------------------------------------------- - -First, initialize the CA serial file and generate CA private and public keys: - -.. code-block:: bash - - $ echo 01 > ca.srl - $ openssl genrsa -des3 -out ca-key.pem - $ openssl req -new -x509 -days 365 -key ca-key.pem -out ca.pem - -Now that we have a CA, you can create a server key and certificate signing request. -Make sure that `"Common Name (e.g. server FQDN or YOUR name)"` matches the hostname you will use -to connect to Docker or just use '*' for a certificate valid for any hostname: - -.. code-block:: bash - - $ openssl genrsa -des3 -out server-key.pem - $ openssl req -new -key server-key.pem -out server.csr - -Next we're going to sign the key with our CA: - -.. code-block:: bash - - $ openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem \ - -out server-cert.pem - -For client authentication, create a client key and certificate signing request: - -.. code-block:: bash - - $ openssl genrsa -des3 -out client-key.pem - $ openssl req -new -key client-key.pem -out client.csr - - -To make the key suitable for client authentication, create a extensions config file: - -.. code-block:: bash - - $ echo extendedKeyUsage = clientAuth > extfile.cnf - -Now sign the key: - -.. code-block:: bash - - $ openssl x509 -req -days 365 -in client.csr -CA ca.pem -CAkey ca-key.pem \ - -out client-cert.pem -extfile extfile.cnf - -Finally you need to remove the passphrase from the client and server key: - -.. code-block:: bash - - $ openssl rsa -in server-key.pem -out server-key.pem - $ openssl rsa -in client-key.pem -out client-key.pem - -Now you can make the Docker daemon only accept connections from clients providing -a certificate trusted by our CA: - -.. code-block:: bash - - $ sudo docker -d --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem \ - -H=0.0.0.0:4243 - -To be able to connect to Docker and validate its certificate, you now need to provide your client keys, -certificates and trusted CA: - -.. code-block:: bash - - $ docker --tlsverify --tlscacert=ca.pem --tlscert=client-cert.pem --tlskey=client-key.pem \ - -H=dns-name-of-docker-host:4243 - -.. warning:: - - As shown in the example above, you don't have to run the ``docker`` - client with ``sudo`` or the ``docker`` group when you use - certificate authentication. That means anyone with the keys can - give any instructions to your Docker daemon, giving them root - access to the machine hosting the daemon. Guard these keys as you - would a root password! - -Other modes ------------ -If you don't want to have complete two-way authentication, you can run Docker in -various other modes by mixing the flags. - -Daemon modes -~~~~~~~~~~~~ -- tlsverify, tlscacert, tlscert, tlskey set: Authenticate clients -- tls, tlscert, tlskey: Do not authenticate clients - -Client modes -~~~~~~~~~~~~ -- tls: Authenticate server based on public/default CA pool -- tlsverify, tlscacert: Authenticate server based on given CA -- tls, tlscert, tlskey: Authenticate with client certificate, do not authenticate - server based on given CA -- tlsverify, tlscacert, tlscert, tlskey: Authenticate with client certificate, - authenticate server based on given CA - -The client will send its client certificate if found, so you just need to drop -your keys into `~/.docker/.pem` diff --git a/docs/sources/examples/index.rst b/docs/sources/examples/index.rst deleted file mode 100644 index 94e2d917bb..0000000000 --- a/docs/sources/examples/index.rst +++ /dev/null @@ -1,30 +0,0 @@ -:title: Docker Examples -:description: Examples on how to use Docker -:keywords: docker, hello world, node, nodejs, python, couch, couchdb, redis, ssh, sshd, examples, postgresql, link - - -.. _example_list: - -Examples -======== - -Here are some examples of how to use Docker to create running -processes, starting from a very simple *Hello World* and progressing -to more substantial services like those which you might find in production. - -.. toctree:: - :maxdepth: 1 - - hello_world - nodejs_web_app - running_redis_service - running_ssh_service - couchdb_data_volumes - postgresql_service - mongodb - running_riak_service - using_supervisord - cfengine_process_management - python_web_app - apt-cacher-ng - https diff --git a/docs/sources/examples/mongodb.md b/docs/sources/examples/mongodb.md new file mode 100644 index 0000000000..4b5f95d023 --- /dev/null +++ b/docs/sources/examples/mongodb.md @@ -0,0 +1,89 @@ +page_title: Building a Docker Image with MongoDB +page_description: How to build a Docker image with MongoDB pre-installed +page_keywords: docker, example, package installation, networking, mongodb + +# Building an Image with MongoDB + +> **Note**: +> +> - This example assumes you have Docker running in daemon mode. For +> more information please see [*Check your Docker +> install*](../hello_world/#running-examples). +> - **If you don't like sudo** then see [*Giving non-root +> access*](/installation/binaries/#dockergroup) + +The goal of this example is to show how you can build your own Docker +images with MongoDB pre-installed. We will do that by constructing a +Dockerfile that downloads a base image, adds an +apt source and installs the database software on Ubuntu. + +## Creating a Dockerfile + +Create an empty file called Dockerfile: + + $ touch Dockerfile + +Next, define the parent image you want to use to build your own image on +top of. Here, we'll use [Ubuntu](https://index.docker.io/_/ubuntu/) +(tag: `latest`) available on the [docker +index](http://index.docker.io): + + FROM ubuntu:latest + +Since we want to be running the latest version of MongoDB we'll need to +add the 10gen repo to our apt sources list. + + # Add 10gen official apt source to the sources list + RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10 + RUN echo 'deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen' | tee /etc/apt/sources.list.d/10gen.list + +Then, we don't want Ubuntu to complain about init not being available so +we'll divert `/sbin/initctl` to +`/bin/true` so it thinks everything is working. + + # Hack for initctl not being available in Ubuntu + RUN dpkg-divert --local --rename --add /sbin/initctl + RUN ln -s /bin/true /sbin/initctl + +Afterwards we'll be able to update our apt repositories and install +MongoDB + + # Install MongoDB + RUN apt-get update + RUN apt-get install mongodb-10gen + +To run MongoDB we'll have to create the default data directory (because +we want it to run without needing to provide a special configuration +file) + + # Create the MongoDB data directory + RUN mkdir -p /data/db + +Finally, we'll expose the standard port that MongoDB runs on, 27107, as +well as define an `ENTRYPOINT` instruction for the +container. + + EXPOSE 27017 + ENTRYPOINT ["usr/bin/mongod"] + +Now, lets build the image which will go through the +Dockerfile we made and run all of the commands. + + $ sudo docker build -t /mongodb . + +Now you should be able to run `mongod` as a daemon +and be able to connect on the local port! + + # Regular style + $ MONGO_ID=$(sudo docker run -d /mongodb) + + # Lean and mean + $ MONGO_ID=$(sudo docker run -d /mongodb --noprealloc --smallfiles) + + # Check the logs out + $ sudo docker logs $MONGO_ID + + # Connect and play around + $ mongo --port + +Sweet! diff --git a/docs/sources/examples/mongodb.rst b/docs/sources/examples/mongodb.rst deleted file mode 100644 index 913dc2699a..0000000000 --- a/docs/sources/examples/mongodb.rst +++ /dev/null @@ -1,100 +0,0 @@ -:title: Building a Docker Image with MongoDB -:description: How to build a Docker image with MongoDB pre-installed -:keywords: docker, example, package installation, networking, mongodb - -.. _mongodb_image: - -Building an Image with MongoDB -============================== - -.. include:: example_header.inc - -The goal of this example is to show how you can build your own -Docker images with MongoDB pre-installed. We will do that by -constructing a ``Dockerfile`` that downloads a base image, adds an -apt source and installs the database software on Ubuntu. - -Creating a ``Dockerfile`` -+++++++++++++++++++++++++ - -Create an empty file called ``Dockerfile``: - -.. code-block:: bash - - touch Dockerfile - -Next, define the parent image you want to use to build your own image on top of. -Here, we’ll use `Ubuntu `_ (tag: ``latest``) -available on the `docker index `_: - -.. code-block:: bash - - FROM ubuntu:latest - -Since we want to be running the latest version of MongoDB we'll need to add the -10gen repo to our apt sources list. - -.. code-block:: bash - - # Add 10gen official apt source to the sources list - RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10 - RUN echo 'deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen' | tee /etc/apt/sources.list.d/10gen.list - -Then, we don't want Ubuntu to complain about init not being available so we'll -divert ``/sbin/initctl`` to ``/bin/true`` so it thinks everything is working. - -.. code-block:: bash - - # Hack for initctl not being available in Ubuntu - RUN dpkg-divert --local --rename --add /sbin/initctl - RUN ln -sf /bin/true /sbin/initctl - -Afterwards we'll be able to update our apt repositories and install MongoDB - -.. code-block:: bash - - # Install MongoDB - RUN apt-get update - RUN apt-get install mongodb-10gen - -To run MongoDB we'll have to create the default data directory (because we want it to -run without needing to provide a special configuration file) - -.. code-block:: bash - - # Create the MongoDB data directory - RUN mkdir -p /data/db - -Finally, we'll expose the standard port that MongoDB runs on, 27107, as well as -define an ``ENTRYPOINT`` instruction for the container. - -.. code-block:: bash - - EXPOSE 27017 - ENTRYPOINT ["usr/bin/mongod"] - -Now, lets build the image which will go through the ``Dockerfile`` we made and -run all of the commands. - -.. code-block:: bash - - sudo docker build -t /mongodb . - -Now you should be able to run ``mongod`` as a daemon and be able to connect on -the local port! - -.. code-block:: bash - - # Regular style - MONGO_ID=$(sudo docker run -P -d /mongodb) - - # Lean and mean - MONGO_ID=$(sudo docker run -P -d /mongodb --noprealloc --smallfiles) - - # Check the logs out - sudo docker logs $MONGO_ID - - # Connect and play around - mongo --port - -Sweet! diff --git a/docs/sources/examples/nodejs_web_app.md b/docs/sources/examples/nodejs_web_app.md new file mode 100644 index 0000000000..bc0e908d2d --- /dev/null +++ b/docs/sources/examples/nodejs_web_app.md @@ -0,0 +1,197 @@ +page_title: Running a Node.js app on CentOS +page_description: Installing and running a Node.js app on CentOS +page_keywords: docker, example, package installation, node, centos + +# Node.js Web App + +> **Note**: +> +> - This example assumes you have Docker running in daemon mode. For +> more information please see [*Check your Docker +> install*](../hello_world/#running-examples). +> - **If you don't like sudo** then see [*Giving non-root +> access*](/installation/binaries/#dockergroup) + +The goal of this example is to show you how you can build your own +Docker images from a parent image using a `Dockerfile` +. We will do that by making a simple Node.js hello world web +application running on CentOS. You can get the full source code at +[https://github.com/gasi/docker-node-hello](https://github.com/gasi/docker-node-hello). + +## Create Node.js app + +First, create a directory `src` where all the files +would live. Then create a `package.json` file that +describes your app and its dependencies: + + { + "name": "docker-centos-hello", + "private": true, + "version": "0.0.1", + "description": "Node.js Hello World app on CentOS using docker", + "author": "Daniel Gasienica ", + "dependencies": { + "express": "3.2.4" + } + } + +Then, create an `index.js` file that defines a web +app using the [Express.js](http://expressjs.com/) framework: + + var express = require('express'); + + // Constants + var PORT = 8080; + + // App + var app = express(); + app.get('/', function (req, res) { + res.send('Hello World\n'); + }); + + app.listen(PORT); + console.log('Running on http://localhost:' + PORT); + +In the next steps, we'll look at how you can run this app inside a +CentOS container using Docker. First, you'll need to build a Docker +image of your app. + +## Creating a Dockerfile + +Create an empty file called `Dockerfile`: + + touch Dockerfile + +Open the `Dockerfile` in your favorite text editor +and add the following line that defines the version of Docker the image +requires to build (this example uses Docker 0.3.4): + + # DOCKER-VERSION 0.3.4 + +Next, define the parent image you want to use to build your own image on +top of. Here, we'll use [CentOS](https://index.docker.io/_/centos/) +(tag: `6.4`) available on the [Docker +index](https://index.docker.io/): + + FROM centos:6.4 + +Since we're building a Node.js app, you'll have to install Node.js as +well as npm on your CentOS image. Node.js is required to run your app +and npm to install your app's dependencies defined in +`package.json`. To install the right package for +CentOS, we'll use the instructions from the [Node.js wiki]( +https://github.com/joyent/node/wiki/Installing-Node.js- +via-package-manager#rhelcentosscientific-linux-6): + + # Enable EPEL for Node.js + RUN rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm + # Install Node.js and npm + RUN yum install -y npm + +To bundle your app's source code inside the Docker image, use the `ADD` +instruction: + + # Bundle app source + ADD . /src + +Install your app dependencies using the `npm` binary: + + # Install app dependencies + RUN cd /src; npm install + +Your app binds to port `8080` so you'll use the` EXPOSE` instruction to have +it mapped by the `docker` daemon: + + EXPOSE 8080 + +Last but not least, define the command to run your app using `CMD` which +defines your runtime, i.e. `node`, and the path to our app, i.e. `src/index.js` +(see the step where we added the source to the container): + + CMD ["node", "/src/index.js"] + +Your `Dockerfile` should now look like this: + + # DOCKER-VERSION 0.3.4 + FROM centos:6.4 + + # Enable EPEL for Node.js + RUN rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm + # Install Node.js and npm + RUN yum install -y npm + + # Bundle app source + ADD . /src + # Install app dependencies + RUN cd /src; npm install + + EXPOSE 8080 + CMD ["node", "/src/index.js"] + +## Building your image + +Go to the directory that has your `Dockerfile` and run the following command +to build a Docker image. The `-t` flag let's you tag your image so it's easier +to find later using the `docker images` command: + + $ sudo docker build -t /centos-node-hello . + +Your image will now be listed by Docker: + + $ sudo docker images + + # Example + REPOSITORY TAG ID CREATED + centos 6.4 539c0211cd76 8 weeks ago + gasi/centos-node-hello latest d64d3505b0d2 2 hours ago + +## Run the image + +Running your image with `-d` runs the container in detached mode, leaving the +container running in the background. The `-p` flag redirects a public port to +a private port in the container. Run the image you previously built: + + $ sudo docker run -p 49160:8080 -d /centos-node-hello + +Print the output of your app: + + # Get container ID + $ sudo docker ps + + # Print app output + $ sudo docker logs + + # Example + Running on http://localhost:8080 + +## Test + +To test your app, get the the port of your app that Docker mapped: + + $ sudo docker ps + + # Example + ID IMAGE COMMAND ... PORTS + ecce33b30ebf gasi/centos-node-hello:latest node /src/index.js 49160->8080 + +In the example above, Docker mapped the `8080` port of the container to `49160`. + +Now you can call your app using `curl` (install if needed via: +`sudo apt-get install curl`): + + $ curl -i localhost:49160 + + HTTP/1.1 200 OK + X-Powered-By: Express + Content-Type: text/html; charset=utf-8 + Content-Length: 12 + Date: Sun, 02 Jun 2013 03:53:22 GMT + Connection: keep-alive + + Hello World + +We hope this tutorial helped you get up and running with Node.js and +CentOS on Docker. You can get the full source code at +[https://github.com/gasi/docker-node-hello](https://github.com/gasi/docker-node-hello). + +Continue to [*Redis Service*](../running_redis_service/#running-redis-service). diff --git a/docs/sources/examples/nodejs_web_app.rst b/docs/sources/examples/nodejs_web_app.rst deleted file mode 100644 index 55bd76db89..0000000000 --- a/docs/sources/examples/nodejs_web_app.rst +++ /dev/null @@ -1,239 +0,0 @@ -:title: Running a Node.js app on CentOS -:description: Installing and running a Node.js app on CentOS -:keywords: docker, example, package installation, node, centos - -.. _nodejs_web_app: - -Node.js Web App -=============== - -.. include:: example_header.inc - -The goal of this example is to show you how you can build your own -Docker images from a parent image using a ``Dockerfile`` . We will do -that by making a simple Node.js hello world web application running on -CentOS. You can get the full source code at -https://github.com/gasi/docker-node-hello. - -Create Node.js app -++++++++++++++++++ - -First, create a directory ``src`` where all the files would live. Then create a ``package.json`` file that describes your app and its -dependencies: - -.. code-block:: json - - { - "name": "docker-centos-hello", - "private": true, - "version": "0.0.1", - "description": "Node.js Hello World app on CentOS using docker", - "author": "Daniel Gasienica ", - "dependencies": { - "express": "3.2.4" - } - } - -Then, create an ``index.js`` file that defines a web app using the -`Express.js `_ framework: - -.. code-block:: javascript - - var express = require('express'); - - // Constants - var PORT = 8080; - - // App - var app = express(); - app.get('/', function (req, res) { - res.send('Hello World\n'); - }); - - app.listen(PORT); - console.log('Running on http://localhost:' + PORT); - - -In the next steps, we’ll look at how you can run this app inside a CentOS -container using Docker. First, you’ll need to build a Docker image of your app. - -Creating a ``Dockerfile`` -+++++++++++++++++++++++++ - -Create an empty file called ``Dockerfile``: - -.. code-block:: bash - - touch Dockerfile - -Open the ``Dockerfile`` in your favorite text editor and add the following line -that defines the version of Docker the image requires to build -(this example uses Docker 0.3.4): - -.. code-block:: bash - - # DOCKER-VERSION 0.3.4 - -Next, define the parent image you want to use to build your own image on top of. -Here, we’ll use `CentOS `_ (tag: ``6.4``) -available on the `Docker index`_: - -.. code-block:: bash - - FROM centos:6.4 - -Since we’re building a Node.js app, you’ll have to install Node.js as well as -npm on your CentOS image. Node.js is required to run your app and npm to install -your app’s dependencies defined in ``package.json``. -To install the right package for CentOS, we’ll use the instructions from the -`Node.js wiki`_: - -.. code-block:: bash - - # Enable EPEL for Node.js - RUN rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm - # Install Node.js and npm - RUN yum install -y npm - -To bundle your app’s source code inside the Docker image, use the ``ADD`` -instruction: - -.. code-block:: bash - - # Bundle app source - ADD . /src - -Install your app dependencies using the ``npm`` binary: - -.. code-block:: bash - - # Install app dependencies - RUN cd /src; npm install - -Your app binds to port ``8080`` so you’ll use the ``EXPOSE`` instruction -to have it mapped by the ``docker`` daemon: - -.. code-block:: bash - - EXPOSE 8080 - -Last but not least, define the command to run your app using ``CMD`` -which defines your runtime, i.e. ``node``, and the path to our app, -i.e. ``src/index.js`` (see the step where we added the source to the -container): - -.. code-block:: bash - - CMD ["node", "/src/index.js"] - -Your ``Dockerfile`` should now look like this: - -.. code-block:: bash - - - # DOCKER-VERSION 0.3.4 - FROM centos:6.4 - - # Enable EPEL for Node.js - RUN rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm - # Install Node.js and npm - RUN yum install -y npm - - # Bundle app source - ADD . /src - # Install app dependencies - RUN cd /src; npm install - - EXPOSE 8080 - CMD ["node", "/src/index.js"] - - -Building your image -+++++++++++++++++++ - -Go to the directory that has your ``Dockerfile`` and run the following -command to build a Docker image. The ``-t`` flag let’s you tag your -image so it’s easier to find later using the ``docker images`` -command: - -.. code-block:: bash - - sudo docker build -t /centos-node-hello . - -Your image will now be listed by Docker: - -.. code-block:: bash - - sudo docker images - - > # Example - > REPOSITORY TAG ID CREATED - > centos 6.4 539c0211cd76 8 weeks ago - > gasi/centos-node-hello latest d64d3505b0d2 2 hours ago - - -Run the image -+++++++++++++ - -Running your image with ``-d`` runs the container in detached mode, leaving the -container running in the background. The ``-p`` flag redirects a public port to a private port in the container. Run the image you previously built: - -.. code-block:: bash - - sudo docker run -p 49160:8080 -d /centos-node-hello - -Print the output of your app: - -.. code-block:: bash - - # Get container ID - sudo docker ps - - # Print app output - sudo docker logs - - > # Example - > Running on http://localhost:8080 - - -Test -++++ - -To test your app, get the the port of your app that Docker mapped: - -.. code-block:: bash - - sudo docker ps - - > # Example - > ID IMAGE COMMAND ... PORTS - > ecce33b30ebf gasi/centos-node-hello:latest node /src/index.js 49160->8080 - -In the example above, Docker mapped the ``8080`` port of the container to -``49160``. - -Now you can call your app using ``curl`` (install if needed via: -``sudo apt-get install curl``): - -.. code-block:: bash - - curl -i localhost:49160 - - > HTTP/1.1 200 OK - > X-Powered-By: Express - > Content-Type: text/html; charset=utf-8 - > Content-Length: 12 - > Date: Sun, 02 Jun 2013 03:53:22 GMT - > Connection: keep-alive - > - > Hello World - -We hope this tutorial helped you get up and running with Node.js and -CentOS on Docker. You can get the full source code at -https://github.com/gasi/docker-node-hello. - -Continue to :ref:`running_redis_service`. - - -.. _Node.js wiki: https://github.com/joyent/node/wiki/Installing-Node.js-via-package-manager#rhelcentosscientific-linux-6 -.. _docker index: https://index.docker.io/ diff --git a/docs/sources/examples/postgresql_service.md b/docs/sources/examples/postgresql_service.md new file mode 100644 index 0000000000..14d9e647a3 --- /dev/null +++ b/docs/sources/examples/postgresql_service.md @@ -0,0 +1,155 @@ +page_title: PostgreSQL service How-To +page_description: Running and installing a PostgreSQL service +page_keywords: docker, example, package installation, postgresql + +# PostgreSQL Service + +> **Note**: +> +> - This example assumes you have Docker running in daemon mode. For +> more information please see [*Check your Docker +> install*](../hello_world/#running-examples). +> - **If you don't like sudo** then see [*Giving non-root +> access*](/installation/binaries/#dockergroup) + +## Installing PostgreSQL on Docker + +Assuming there is no Docker image that suits your needs in [the index]( +http://index.docker.io), you can create one yourself. + +Start by creating a new Dockerfile: + +> **Note**: +> This PostgreSQL setup is for development only purposes. Refer to the +> PostgreSQL documentation to fine-tune these settings so that it is +> suitably secure. + + # + # example Dockerfile for http://docs.docker.io/examples/postgresql_service/ + # + + FROM ubuntu + MAINTAINER SvenDowideit@docker.com + + # Add the PostgreSQL PGP key to verify their Debian packages. + # It should be the same key as https://www.postgresql.org/media/keys/ACCC4CF8.asc + RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8 + + # Add PostgreSQL's repository. It contains the most recent stable release + # of PostgreSQL, ``9.3``. + RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ precise-pgdg main" > /etc/apt/sources.list.d/pgdg.list + + # Update the Ubuntu and PostgreSQL repository indexes + RUN apt-get update + + # Install ``python-software-properties``, ``software-properties-common`` and PostgreSQL 9.3 + # There are some warnings (in red) that show up during the build. You can hide + # them by prefixing each apt-get statement with DEBIAN_FRONTEND=noninteractive + RUN apt-get -y -q install python-software-properties software-properties-common + RUN apt-get -y -q install postgresql-9.3 postgresql-client-9.3 postgresql-contrib-9.3 + + # Note: The official Debian and Ubuntu images automatically ``apt-get clean`` + # after each ``apt-get`` + + # Run the rest of the commands as the ``postgres`` user created by the ``postgres-9.3`` package when it was ``apt-get installed`` + USER postgres + + # Create a PostgreSQL role named ``docker`` with ``docker`` as the password and + # then create a database `docker` owned by the ``docker`` role. + # Note: here we use ``&&\`` to run commands one after the other - the ``\`` + # allows the RUN command to span multiple lines. + RUN /etc/init.d/postgresql start &&\ + psql --command "CREATE USER docker WITH SUPERUSER PASSWORD 'docker';" &&\ + createdb -O docker docker + + # Adjust PostgreSQL configuration so that remote connections to the + # database are possible. + RUN echo "host all all 0.0.0.0/0 md5" >> /etc/postgresql/9.3/main/pg_hba.conf + + # And add ``listen_addresses`` to ``/etc/postgresql/9.3/main/postgresql.conf`` + RUN echo "listen_addresses='*'" >> /etc/postgresql/9.3/main/postgresql.conf + + # Expose the PostgreSQL port + EXPOSE 5432 + + # Add VOLUMEs to allow backup of config, logs and databases + VOLUME ["/etc/postgresql", "/var/log/postgresql", "/var/lib/postgresql"] + + # Set the default command to run when starting the container + CMD ["/usr/lib/postgresql/9.3/bin/postgres", "-D", "/var/lib/postgresql/9.3/main", "-c", "config_file=/etc/postgresql/9.3/main/postgresql.conf"] + +Build an image from the Dockerfile assign it a name. + + $ sudo docker build -t eg_postgresql . + +And run the PostgreSQL server container (in the foreground): + + $ sudo docker run -rm -P -name pg_test eg_postgresql + +There are 2 ways to connect to the PostgreSQL server. We can use [*Link +Containers*](/use/working_with_links_names/#working-with-links-names), +or we can access it from our host (or the network). + +> **Note**: +> The `-rm` removes the container and its image when +> the container exists successfully. + +### Using container linking + +Containers can be linked to another container's ports directly using +`-link remote_name:local_alias` in the client's +`docker run`. This will set a number of environment +variables that can then be used to connect: + + $ sudo docker run -rm -t -i -link pg_test:pg eg_postgresql bash + + postgres@7ef98b1b7243:/$ psql -h $PG_PORT_5432_TCP_ADDR -p $PG_PORT_5432_TCP_PORT -d docker -U docker --password + +### Connecting from your host system + +Assuming you have the postgresql-client installed, you can use the +host-mapped port to test as well. You need to use `docker ps` +to find out what local host port the container is mapped to +first: + + $ docker ps + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 5e24362f27f6 eg_postgresql:latest /usr/lib/postgresql/ About an hour ago Up About an hour 0.0.0.0:49153->5432/tcp pg_test + $ psql -h localhost -p 49153 -d docker -U docker --password + +### Testing the database + +Once you have authenticated and have a `docker =#` +prompt, you can create a table and populate it. + + psql (9.3.1) + Type "help" for help. + + $ docker=# CREATE TABLE cities ( + docker(# name varchar(80), + docker(# location point + docker(# ); + CREATE TABLE + $ docker=# INSERT INTO cities VALUES ('San Francisco', '(-194.0, 53.0)'); + INSERT 0 1 + $ docker=# select * from cities; + name | location + ---------------+----------- + San Francisco | (-194,53) + (1 row) + +### Using the container volumes + +You can use the defined volumes to inspect the PostgreSQL log files and +to backup your configuration and data: + + $ docker run -rm --volumes-from pg_test -t -i busybox sh + + / # ls + bin etc lib linuxrc mnt proc run sys usr + dev home lib64 media opt root sbin tmp var + / # ls /etc/postgresql/9.3/main/ + environment pg_hba.conf postgresql.conf + pg_ctl.conf pg_ident.conf start.conf + /tmp # ls /var/log + ldconfig postgresql diff --git a/docs/sources/examples/postgresql_service.rst b/docs/sources/examples/postgresql_service.rst deleted file mode 100644 index 488e1530b2..0000000000 --- a/docs/sources/examples/postgresql_service.rst +++ /dev/null @@ -1,117 +0,0 @@ -:title: PostgreSQL service How-To -:description: Running and installing a PostgreSQL service -:keywords: docker, example, package installation, postgresql - -.. _postgresql_service: - -PostgreSQL Service -================== - -.. include:: example_header.inc - -Installing PostgreSQL on Docker -------------------------------- - -Assuming there is no Docker image that suits your needs in `the index`_, you -can create one yourself. - -.. _the index: http://index.docker.io - -Start by creating a new Dockerfile: - -.. note:: - - This PostgreSQL setup is for development only purposes. Refer - to the PostgreSQL documentation to fine-tune these settings so that it - is suitably secure. - -.. literalinclude:: postgresql_service.Dockerfile - -Build an image from the Dockerfile assign it a name. - -.. code-block:: bash - - $ sudo docker build -t eg_postgresql . - -And run the PostgreSQL server container (in the foreground): - -.. code-block:: bash - - $ sudo docker run --rm -P --name pg_test eg_postgresql - -There are 2 ways to connect to the PostgreSQL server. We can use -:ref:`working_with_links_names`, or we can access it from our host (or the network). - -.. note:: The ``--rm`` removes the container and its image when the container - exists successfully. - -Using container linking -^^^^^^^^^^^^^^^^^^^^^^^ - -Containers can be linked to another container's ports directly using -``--link remote_name:local_alias`` in the client's ``docker run``. This will -set a number of environment variables that can then be used to connect: - -.. code-block:: bash - - $ sudo docker run --rm -t -i --link pg_test:pg eg_postgresql bash - - postgres@7ef98b1b7243:/$ psql -h $PG_PORT_5432_TCP_ADDR -p $PG_PORT_5432_TCP_PORT -d docker -U docker --password - -Connecting from your host system -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Assuming you have the postgresql-client installed, you can use the host-mapped port -to test as well. You need to use ``docker ps`` to find out what local host port the -container is mapped to first: - -.. code-block:: bash - - $ docker ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 5e24362f27f6 eg_postgresql:latest /usr/lib/postgresql/ About an hour ago Up About an hour 0.0.0.0:49153->5432/tcp pg_test - $ psql -h localhost -p 49153 -d docker -U docker --password - -Testing the database -^^^^^^^^^^^^^^^^^^^^ - -Once you have authenticated and have a ``docker =#`` prompt, you can -create a table and populate it. - -.. code-block:: bash - - psql (9.3.1) - Type "help" for help. - - docker=# CREATE TABLE cities ( - docker(# name varchar(80), - docker(# location point - docker(# ); - CREATE TABLE - docker=# INSERT INTO cities VALUES ('San Francisco', '(-194.0, 53.0)'); - INSERT 0 1 - docker=# select * from cities; - name | location - ---------------+----------- - San Francisco | (-194,53) - (1 row) - -Using the container volumes -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -You can use the defined volumes to inspect the PostgreSQL log files and to backup your -configuration and data: - -.. code-block:: bash - - docker run --rm --volumes-from pg_test -t -i busybox sh - - / # ls - bin etc lib linuxrc mnt proc run sys usr - dev home lib64 media opt root sbin tmp var - / # ls /etc/postgresql/9.3/main/ - environment pg_hba.conf postgresql.conf - pg_ctl.conf pg_ident.conf start.conf - /tmp # ls /var/log - ldconfig postgresql - diff --git a/docs/sources/examples/python_web_app.md b/docs/sources/examples/python_web_app.md new file mode 100644 index 0000000000..e761003a9e --- /dev/null +++ b/docs/sources/examples/python_web_app.md @@ -0,0 +1,127 @@ +page_title: Python Web app example +page_description: Building your own python web app using docker +page_keywords: docker, example, python, web app + +# Python Web App + +> **Note**: +> +> - This example assumes you have Docker running in daemon mode. For +> more information please see [*Check your Docker +> install*](../hello_world/#running-examples). +> - **If you don't like sudo** then see [*Giving non-root +> access*](/installation/binaries/#dockergroup) + +While using Dockerfiles is the preferred way to create maintainable and +repeatable images, its useful to know how you can try things out and +then commit your live changes to an image. + +The goal of this example is to show you how you can modify your own +Docker images by making changes to a running container, and then saving +the results as a new image. We will do that by making a simple `hello +world` Flask web application image. + +## Download the initial image + +Download the `shykes/pybuilder` Docker image from the `http://index.docker.io` +registry. + +This image contains a `buildapp` script to download +the web app and then `pip install` any required +modules, and a `runapp` script that finds the +`app.py` and runs it. + + $ sudo docker pull shykes/pybuilder + +> **Note**: +> This container was built with a very old version of docker (May 2013 - +> see [shykes/pybuilder](https://github.com/shykes/pybuilder) ), when the +> Dockerfile format was different, but the image can +> still be used now. + +## Interactively make some modifications + +We then start a new container running interactively using the image. +First, we set a `URL` variable that points to a +tarball of a simple helloflask web app, and then we run a command +contained in the image called `buildapp`, passing it +the `$URL` variable. The container is given a name +`pybuilder_run` which we will use in the next steps. + +While this example is simple, you could run any number of interactive +commands, try things out, and then exit when you're done. + + $ sudo docker run -i -t -name pybuilder_run shykes/pybuilder bash + + $$ URL=http://github.com/shykes/helloflask/archive/master.tar.gz + $$ /usr/local/bin/buildapp $URL + [...] + $$ exit + +## Commit the container to create a new image + +Save the changes we just made in the container to a new image called +`/builds/github.com/shykes/helloflask/master`. You +now have 3 different ways to refer to the container: name +`pybuilder_run`, short-id `c8b2e8228f11`, or long-id +`c8b2e8228f11b8b3e492cbf9a49923ae66496230056d61e07880dc74c5f495f9`. + + $ sudo docker commit pybuilder_run /builds/github.com/shykes/helloflask/master + c8b2e8228f11b8b3e492cbf9a49923ae66496230056d61e07880dc74c5f495f9 + +## Run the new image to start the web worker + +Use the new image to create a new container with network port 5000 +mapped to a local port + + $ sudo docker run -d -p 5000 --name web_worker /builds/github.com/shykes/helloflask/master /usr/local/bin/runapp + + - **"docker run -d "** run a command in a new container. We pass "-d" + so it runs as a daemon. + - **"-p 5000"** the web app is going to listen on this port, so it + must be mapped from the container to the host system. + - **/usr/local/bin/runapp** is the command which starts the web app. + +## View the container logs + +View the logs for the new `web_worker` container and +if everything worked as planned you should see the line +`Running on http://0.0.0.0:5000/` in the log output. + +To exit the view without stopping the container, hit Ctrl-C, or open +another terminal and continue with the example while watching the result +in the logs. + + $ sudo docker logs -f web_worker + * Running on http://0.0.0.0:5000/ + +## See the webapp output + +Look up the public-facing port which is NAT-ed. Find the private port +used by the container and store it inside of the `WEB_PORT` +variable. + +Access the web app using the `curl` binary. If +everything worked as planned you should see the line +`Hello world!` inside of your console. + + $ WEB_PORT=$(sudo docker port web_worker 5000 | awk -F: '{ print $2 }') + + # install curl if necessary, then ... + $ curl http://127.0.0.1:$WEB_PORT + Hello world! + +## Clean up example containers and images + + $ sudo docker ps --all + +List `--all` the Docker containers. If this +container had already finished running, it will still be listed here +with a status of `Exit 0`. + + $ sudo docker stop web_worker + $ sudo docker rm web_worker pybuilder_run + $ sudo docker rmi /builds/github.com/shykes/helloflask/master shykes/pybuilder:latest + +And now stop the running web worker, and delete the containers, so that +we can then delete the images that we used. diff --git a/docs/sources/examples/python_web_app.rst b/docs/sources/examples/python_web_app.rst deleted file mode 100644 index 33c038f9ab..0000000000 --- a/docs/sources/examples/python_web_app.rst +++ /dev/null @@ -1,145 +0,0 @@ -:title: Python Web app example -:description: Building your own python web app using docker -:keywords: docker, example, python, web app - -.. _python_web_app: - -Python Web App -============== - -.. include:: example_header.inc - -While using Dockerfiles is the preferred way to create maintainable -and repeatable images, its useful to know how you can try things out -and then commit your live changes to an image. - -The goal of this example is to show you how you can modify your own -Docker images by making changes to a running -container, and then saving the results as a new image. We will do -that by making a simple 'hello world' Flask web application image. - -Download the initial image --------------------------- - -Download the ``shykes/pybuilder`` Docker image from the ``http://index.docker.io`` -registry. - -This image contains a ``buildapp`` script to download the web app and then ``pip install`` -any required modules, and a ``runapp`` script that finds the ``app.py`` and runs it. - -.. _`shykes/pybuilder`: https://github.com/shykes/pybuilder - -.. code-block:: bash - - $ sudo docker pull shykes/pybuilder - -.. note:: This container was built with a very old version of docker - (May 2013 - see `shykes/pybuilder`_ ), when the ``Dockerfile`` format was different, - but the image can still be used now. - -Interactively make some modifications -------------------------------------- - -We then start a new container running interactively using the image. -First, we set a ``URL`` variable that points to a tarball of a simple -helloflask web app, and then we run a command contained in the image called -``buildapp``, passing it the ``$URL`` variable. The container is -given a name ``pybuilder_run`` which we will use in the next steps. - -While this example is simple, you could run any number of interactive commands, -try things out, and then exit when you're done. - -.. code-block:: bash - - $ sudo docker run -i -t --name pybuilder_run shykes/pybuilder bash - - $$ URL=http://github.com/shykes/helloflask/archive/master.tar.gz - $$ /usr/local/bin/buildapp $URL - [...] - $$ exit - -Commit the container to create a new image ------------------------------------------- - -Save the changes we just made in the container to a new image called -``/builds/github.com/shykes/helloflask/master``. You now have 3 different -ways to refer to the container: name ``pybuilder_run``, short-id ``c8b2e8228f11``, or -long-id ``c8b2e8228f11b8b3e492cbf9a49923ae66496230056d61e07880dc74c5f495f9``. - -.. code-block:: bash - - $ sudo docker commit pybuilder_run /builds/github.com/shykes/helloflask/master - c8b2e8228f11b8b3e492cbf9a49923ae66496230056d61e07880dc74c5f495f9 - - -Run the new image to start the web worker ------------------------------------------ - -Use the new image to create a new container with -network port 5000 mapped to a local port - -.. code-block:: bash - - $ sudo docker run -d -p 5000 --name web_worker /builds/github.com/shykes/helloflask/master /usr/local/bin/runapp - - -- **"docker run -d "** run a command in a new container. We pass "-d" - so it runs as a daemon. -- **"-p 5000"** the web app is going to listen on this port, so it - must be mapped from the container to the host system. -- **/usr/local/bin/runapp** is the command which starts the web app. - - -View the container logs ------------------------ - -View the logs for the new ``web_worker`` container and -if everything worked as planned you should see the line ``Running on -http://0.0.0.0:5000/`` in the log output. - -To exit the view without stopping the container, hit Ctrl-C, or open another -terminal and continue with the example while watching the result in the logs. - -.. code-block:: bash - - $ sudo docker logs -f web_worker - * Running on http://0.0.0.0:5000/ - - -See the webapp output ---------------------- - -Look up the public-facing port which is NAT-ed. Find the private port -used by the container and store it inside of the ``WEB_PORT`` variable. - -Access the web app using the ``curl`` binary. If everything worked as planned you -should see the line ``Hello world!`` inside of your console. - -.. code-block:: bash - - $ WEB_PORT=$(sudo docker port web_worker 5000 | awk -F: '{ print $2 }') - - # install curl if necessary, then ... - $ curl http://127.0.0.1:$WEB_PORT - Hello world! - - -Clean up example containers and images --------------------------------------- - -.. code-block:: bash - - $ sudo docker ps --all - -List ``--all`` the Docker containers. If this container had already finished -running, it will still be listed here with a status of 'Exit 0'. - -.. code-block:: bash - - $ sudo docker stop web_worker - $ sudo docker rm web_worker pybuilder_run - $ sudo docker rmi /builds/github.com/shykes/helloflask/master shykes/pybuilder:latest - -And now stop the running web worker, and delete the containers, so that we can -then delete the images that we used. - diff --git a/docs/sources/examples/running_redis_service.md b/docs/sources/examples/running_redis_service.md new file mode 100644 index 0000000000..ca67048625 --- /dev/null +++ b/docs/sources/examples/running_redis_service.md @@ -0,0 +1,92 @@ +page_title: Running a Redis service +page_description: Installing and running an redis service +page_keywords: docker, example, package installation, networking, redis + +# Redis Service + +> **Note**: +> +> - This example assumes you have Docker running in daemon mode. For +> more information please see [*Check your Docker +> install*](../hello_world/#running-examples). +> - **If you don't like sudo** then see [*Giving non-root +> access*](/installation/binaries/#dockergroup) + +Very simple, no frills, Redis service attached to a web application +using a link. + +## Create a docker container for Redis + +Firstly, we create a `Dockerfile` for our new Redis +image. + + FROM ubuntu:12.10 + RUN apt-get update + RUN apt-get -y install redis-server + EXPOSE 6379 + ENTRYPOINT ["/usr/bin/redis-server"] + +Next we build an image from our `Dockerfile`. +Replace `` with your own user name. + + $ sudo docker build -t /redis . + +## Run the service + +Use the image we've just created and name your container `redis`. + +Running the service with `-d` runs the container in detached mode, leaving +the container running in the background. + +Importantly, we're not exposing any ports on our container. Instead +we're going to use a container link to provide access to our Redis +database. + + $ sudo docker run --name redis -d /redis + +## Create your web application container + +Next we can create a container for our application. We're going to use +the `-link` flag to create a link to the `redis` container we've just +created with an alias of `db`. This will create a secure tunnel to the +`redis` container and expose the Redis instance running inside that +container to only this container. + + $ sudo docker run --link redis:db -i -t ubuntu:12.10 /bin/bash + +Once inside our freshly created container we need to install Redis to +get the `redis-cli` binary to test our connection. + + $ apt-get update + $ apt-get -y install redis-server + $ service redis-server stop + +As we've used the `--link redis:db` option, Docker +has created some environment variables in our web application container. + + $ env | grep DB_ + + # Should return something similar to this with your values + DB_NAME=/violet_wolf/db + DB_PORT_6379_TCP_PORT=6379 + DB_PORT=tcp://172.17.0.33:6379 + DB_PORT_6379_TCP=tcp://172.17.0.33:6379 + DB_PORT_6379_TCP_ADDR=172.17.0.33 + DB_PORT_6379_TCP_PROTO=tcp + +We can see that we've got a small list of environment variables prefixed +with `DB`. The `DB` comes from the link alias specified when we launched +the container. Let's use the `DB_PORT_6379_TCP_ADDR` variable to connect to +our Redis container. + + $ redis-cli -h $DB_PORT_6379_TCP_ADDR + $ redis 172.17.0.33:6379> + $ redis 172.17.0.33:6379> set docker awesome + OK + $ redis 172.17.0.33:6379> get docker + "awesome" + $ redis 172.17.0.33:6379> exit + +We could easily use this or other environment variables in our web +application to make a connection to our `redis` +container. diff --git a/docs/sources/examples/running_redis_service.rst b/docs/sources/examples/running_redis_service.rst deleted file mode 100644 index 5a5a1b003f..0000000000 --- a/docs/sources/examples/running_redis_service.rst +++ /dev/null @@ -1,101 +0,0 @@ -:title: Running a Redis service -:description: Installing and running an redis service -:keywords: docker, example, package installation, networking, redis - -.. _running_redis_service: - -Redis Service -============= - -.. include:: example_header.inc - -Very simple, no frills, Redis service attached to a web application using a link. - -Create a docker container for Redis ------------------------------------ - -Firstly, we create a ``Dockerfile`` for our new Redis image. - -.. code-block:: bash - - FROM debian:jessie - RUN apt-get update && apt-get install -y redis-server - EXPOSE 6379 - ENTRYPOINT ["/usr/bin/redis-server"] - CMD ["--bind", "0.0.0.0"] - -Next we build an image from our ``Dockerfile``. Replace ```` -with your own user name. - -.. code-block:: bash - - sudo docker build -t /redis . - -Run the service ---------------- - -Use the image we've just created and name your container ``redis``. - -Running the service with ``-d`` runs the container in detached mode, leaving the -container running in the background. - -Importantly, we're not exposing any ports on our container. Instead we're going to -use a container link to provide access to our Redis database. - -.. code-block:: bash - - sudo docker run --name redis -d /redis - -Create your web application container -------------------------------------- - -Next we can create a container for our application. We're going to use the ``--link`` -flag to create a link to the ``redis`` container we've just created with an alias of -``db``. This will create a secure tunnel to the ``redis`` container and expose the -Redis instance running inside that container to only this container. - -.. code-block:: bash - - sudo docker run --link redis:db -i -t ubuntu:12.10 /bin/bash - -Once inside our freshly created container we need to install Redis to get the -``redis-cli`` binary to test our connection. - -.. code-block:: bash - - apt-get update - apt-get -y install redis-server - service redis-server stop - -As we've used the ``--link redis:db`` option, Docker has created some environment -variables in our web application container. - -.. code-block:: bash - - env | grep DB_ - - # Should return something similar to this with your values - DB_NAME=/violet_wolf/db - DB_PORT_6379_TCP_PORT=6379 - DB_PORT=tcp://172.17.0.33:6379 - DB_PORT_6379_TCP=tcp://172.17.0.33:6379 - DB_PORT_6379_TCP_ADDR=172.17.0.33 - DB_PORT_6379_TCP_PROTO=tcp - -We can see that we've got a small list of environment variables prefixed with ``DB``. -The ``DB`` comes from the link alias specified when we launched the container. Let's use -the ``DB_PORT_6379_TCP_ADDR`` variable to connect to our Redis container. - -.. code-block:: bash - - redis-cli -h $DB_PORT_6379_TCP_ADDR - redis 172.17.0.33:6379> - redis 172.17.0.33:6379> set docker awesome - OK - redis 172.17.0.33:6379> get docker - "awesome" - redis 172.17.0.33:6379> exit - -We could easily use this or other environment variables in our web application to make a -connection to our ``redis`` container. - diff --git a/docs/sources/examples/running_riak_service.rst b/docs/sources/examples/running_riak_service.md similarity index 56% rename from docs/sources/examples/running_riak_service.rst rename to docs/sources/examples/running_riak_service.md index 55e5e405c9..852035f9a4 100644 --- a/docs/sources/examples/running_riak_service.rst +++ b/docs/sources/examples/running_riak_service.md @@ -1,29 +1,30 @@ -:title: Running a Riak service -:description: Build a Docker image with Riak pre-installed -:keywords: docker, example, package installation, networking, riak +page_title: Running a Riak service +page_description: Build a Docker image with Riak pre-installed +page_keywords: docker, example, package installation, networking, riak -Riak Service -============================== +# Riak Service -.. include:: example_header.inc +> **Note**: +> +> - This example assumes you have Docker running in daemon mode. For +> more information please see [*Check your Docker +> install*](../hello_world/#running-examples). +> - **If you don't like sudo** then see [*Giving non-root +> access*](/installation/binaries/#dockergroup) -The goal of this example is to show you how to build a Docker image with Riak -pre-installed. +The goal of this example is to show you how to build a Docker image with +Riak pre-installed. -Creating a ``Dockerfile`` -+++++++++++++++++++++++++ +## Creating a Dockerfile -Create an empty file called ``Dockerfile``: +Create an empty file called Dockerfile: -.. code-block:: bash + $ touch Dockerfile - touch Dockerfile - -Next, define the parent image you want to use to build your image on top of. -We’ll use `Ubuntu `_ (tag: ``latest``), -which is available on the `docker index `_: - -.. code-block:: bash +Next, define the parent image you want to use to build your image on top +of. We'll use [Ubuntu](https://index.docker.io/_/ubuntu/) (tag: +`latest`), which is available on the [docker +index](http://index.docker.io): # Riak # @@ -35,8 +36,6 @@ which is available on the `docker index `_: Next, we update the APT cache and apply any updates: -.. code-block:: bash - # Update the APT cache RUN sed -i.bak 's/main$/main universe/' /etc/apt/sources.list RUN apt-get update @@ -44,13 +43,16 @@ Next, we update the APT cache and apply any updates: After that, we install and setup a few dependencies: -- ``curl`` is used to download Basho's APT repository key -- ``lsb-release`` helps us derive the Ubuntu release codename -- ``openssh-server`` allows us to login to containers remotely and join Riak - nodes to form a cluster -- ``supervisor`` is used manage the OpenSSH and Riak processes + - `curl` is used to download Basho's APT + repository key + - `lsb-release` helps us derive the Ubuntu release + codename + - `openssh-server` allows us to login to + containers remotely and join Riak nodes to form a cluster + - `supervisor` is used manage the OpenSSH and Riak + processes -.. code-block:: bash + # Install and setup project dependencies RUN apt-get install -y curl lsb-release supervisor openssh-server @@ -66,57 +68,45 @@ After that, we install and setup a few dependencies: Next, we add Basho's APT repository: -.. code-block:: bash - RUN curl -s http://apt.basho.com/gpg/basho.apt.key | apt-key add -- RUN echo "deb http://apt.basho.com $(lsb_release -cs) main" > /etc/apt/sources.list.d/basho.list RUN apt-get update After that, we install Riak and alter a few defaults: -.. code-block:: bash - # Install Riak and prepare it to run RUN apt-get install -y riak RUN sed -i.bak 's/127.0.0.1/0.0.0.0/' /etc/riak/app.config RUN echo "ulimit -n 4096" >> /etc/default/riak -Almost there. Next, we add a hack to get us by the lack of ``initctl``: - -.. code-block:: bash +Almost there. Next, we add a hack to get us by the lack of +`initctl`: # Hack for initctl # See: https://github.com/dotcloud/docker/issues/1024 RUN dpkg-divert --local --rename --add /sbin/initctl - RUN ln -sf /bin/true /sbin/initctl + RUN ln -s /bin/true /sbin/initctl -Then, we expose the Riak Protocol Buffers and HTTP interfaces, along with SSH: - -.. code-block:: bash +Then, we expose the Riak Protocol Buffers and HTTP interfaces, along +with SSH: # Expose Riak Protocol Buffers and HTTP interfaces, along with SSH EXPOSE 8087 8098 22 -Finally, run ``supervisord`` so that Riak and OpenSSH are started: - -.. code-block:: bash +Finally, run `supervisord` so that Riak and OpenSSH +are started: CMD ["/usr/bin/supervisord"] -Create a ``supervisord`` configuration file -+++++++++++++++++++++++++++++++++++++++++++ +## Create a supervisord configuration file -Create an empty file called ``supervisord.conf``. Make sure it's at the same -directory level as your ``Dockerfile``: - -.. code-block:: bash +Create an empty file called `supervisord.conf`. Make +sure it's at the same directory level as your Dockerfile: touch supervisord.conf Populate it with the following program definitions: -.. code-block:: bash - [supervisord] nodaemon=true @@ -132,20 +122,16 @@ Populate it with the following program definitions: stdout_logfile=/var/log/supervisor/%(program_name)s.log stderr_logfile=/var/log/supervisor/%(program_name)s.log -Build the Docker image for Riak -+++++++++++++++++++++++++++++++ +## Build the Docker image for Riak Now you should be able to build a Docker image for Riak: -.. code-block:: bash + $ docker build -t "/riak" . - docker build -t "/riak" . +## Next steps -Next steps -++++++++++ - -Riak is a distributed database. Many production deployments consist of `at -least five nodes `_. See the `docker-riak `_ project details on how to deploy a Riak cluster using Docker and -Pipework. +Riak is a distributed database. Many production deployments consist of +[at least five nodes]( +http://basho.com/why-your-riak-cluster-should-have-at-least-five-nodes/). +See the [docker-riak](https://github.com/hectcastro/docker-riak) project +details on how to deploy a Riak cluster using Docker and Pipework. diff --git a/docs/sources/examples/running_ssh_service.md b/docs/sources/examples/running_ssh_service.md new file mode 100644 index 0000000000..864d10c726 --- /dev/null +++ b/docs/sources/examples/running_ssh_service.md @@ -0,0 +1,60 @@ +page_title: Running an SSH service +page_description: Installing and running an sshd service +page_keywords: docker, example, package installation, networking + +# SSH Daemon Service + +> **Note:** +> - This example assumes you have Docker running in daemon mode. For +> more information please see [*Check your Docker +> install*](../hello_world/#running-examples). +> - **If you don't like sudo** then see [*Giving non-root +> access*](/installation/binaries/#dockergroup) + +The following Dockerfile sets up an sshd service in a container that you +can use to connect to and inspect other container's volumes, or to get +quick access to a test container. + + # sshd + # + # VERSION 0.0.1 + + FROM ubuntu + MAINTAINER Thatcher R. Peskens "thatcher@dotcloud.com" + + # make sure the package repository is up to date + RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list + RUN apt-get update + + RUN apt-get install -y openssh-server + RUN mkdir /var/run/sshd + RUN echo 'root:screencast' |chpasswd + + EXPOSE 22 + CMD /usr/sbin/sshd -D + +Build the image using: + + $ sudo docker build -rm -t eg_sshd . + +Then run it. You can then use `docker port` to find +out what host port the container's port 22 is mapped to: + + $ sudo docker run -d -P -name test_sshd eg_sshd + $ sudo docker port test_sshd 22 + 0.0.0.0:49154 + +And now you can ssh to port `49154` on the Docker +daemon's host IP address (`ip address` or +`ifconfig` can tell you that): + + $ ssh root@192.168.1.2 -p 49154 + # The password is ``screencast``. + $$ + +Finally, clean up after your test by stopping and removing the +container, and then removing the image. + + $ sudo docker stop test_sshd + $ sudo docker rm test_sshd + $ sudo docker rmi eg_sshd diff --git a/docs/sources/examples/running_ssh_service.rst b/docs/sources/examples/running_ssh_service.rst deleted file mode 100644 index 4161275019..0000000000 --- a/docs/sources/examples/running_ssh_service.rst +++ /dev/null @@ -1,49 +0,0 @@ -:title: Running an SSH service -:description: Installing and running an sshd service -:keywords: docker, example, package installation, networking - -.. _running_ssh_service: - -SSH Daemon Service -================== - -.. include:: example_header.inc - -The following Dockerfile sets up an sshd service in a container that you can use -to connect to and inspect other container's volumes, or to get quick access to a -test container. - -.. literalinclude:: running_ssh_service.Dockerfile - -Build the image using: - -.. code-block:: bash - - $ sudo docker build -t eg_sshd . - -Then run it. You can then use ``docker port`` to find out what host port the container's -port 22 is mapped to: - -.. code-block:: bash - - $ sudo docker run -d -P --name test_sshd eg_sshd - $ sudo docker port test_sshd 22 - 0.0.0.0:49154 - -And now you can ssh to port ``49154`` on the Docker daemon's host IP address -(``ip address`` or ``ifconfig`` can tell you that): - -.. code-block:: bash - - $ ssh root@192.168.1.2 -p 49154 - # The password is ``screencast``. - $$ - -Finally, clean up after your test by stopping and removing the container, and -then removing the image. - -.. code-block:: bash - - $ sudo docker stop test_sshd - $ sudo docker rm test_sshd - $ sudo docker rmi eg_sshd diff --git a/docs/sources/examples/using_supervisord.md b/docs/sources/examples/using_supervisord.md new file mode 100644 index 0000000000..29d2fa4525 --- /dev/null +++ b/docs/sources/examples/using_supervisord.md @@ -0,0 +1,120 @@ +page_title: Using Supervisor with Docker +page_description: How to use Supervisor process management with Docker +page_keywords: docker, supervisor, process management + +# Using Supervisor with Docker + +> **Note**: +> +> - This example assumes you have Docker running in daemon mode. For +> more information please see [*Check your Docker +> install*](../hello_world/#running-examples). +> - **If you don't like sudo** then see [*Giving non-root +> access*](/installation/binaries/#dockergroup) + +Traditionally a Docker container runs a single process when it is +launched, for example an Apache daemon or a SSH server daemon. Often +though you want to run more than one process in a container. There are a +number of ways you can achieve this ranging from using a simple Bash +script as the value of your container's `CMD` +instruction to installing a process management tool. + +In this example we're going to make use of the process management tool, +[Supervisor](http://supervisord.org/), to manage multiple processes in +our container. Using Supervisor allows us to better control, manage, and +restart the processes we want to run. To demonstrate this we're going to +install and manage both an SSH daemon and an Apache daemon. + +## Creating a Dockerfile + +Let's start by creating a basic `Dockerfile` for our +new image. + + FROM ubuntu:latest + MAINTAINER examples@docker.io + RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list + RUN apt-get update + RUN apt-get upgrade -y + +## Installing Supervisor + +We can now install our SSH and Apache daemons as well as Supervisor in +our container. + + RUN apt-get install -y openssh-server apache2 supervisor + RUN mkdir -p /var/run/sshd + RUN mkdir -p /var/log/supervisor + +Here we're installing the `openssh-server`, +`apache2` and `supervisor` +(which provides the Supervisor daemon) packages. We're also creating two +new directories that are needed to run our SSH daemon and Supervisor. + +## Adding Supervisor's configuration file + +Now let's add a configuration file for Supervisor. The default file is +called `supervisord.conf` and is located in +`/etc/supervisor/conf.d/`. + + ADD supervisord.conf /etc/supervisor/conf.d/supervisord.conf + +Let's see what is inside our `supervisord.conf` +file. + + [supervisord] + nodaemon=true + + [program:sshd] + command=/usr/sbin/sshd -D + + [program:apache2] + command=/bin/bash -c "source /etc/apache2/envvars && exec /usr/sbin/apache2 -DFOREGROUND" + +The `supervisord.conf` configuration file contains +directives that configure Supervisor and the processes it manages. The +first block `[supervisord]` provides configuration +for Supervisor itself. We're using one directive, `nodaemon` +which tells Supervisor to run interactively rather than +daemonize. + +The next two blocks manage the services we wish to control. Each block +controls a separate process. The blocks contain a single directive, +`command`, which specifies what command to run to +start each process. + +## Exposing ports and running Supervisor + +Now let's finish our `Dockerfile` by exposing some +required ports and specifying the `CMD` instruction +to start Supervisor when our container launches. + + EXPOSE 22 80 + CMD ["/usr/bin/supervisord"] + +Here We've exposed ports 22 and 80 on the container and we're running +the `/usr/bin/supervisord` binary when the container +launches. + +## Building our container + +We can now build our new container. + + $ sudo docker build -t /supervisord . + +## Running our Supervisor container + +Once We've got a built image we can launch a container from it. + + $ sudo docker run -p 22 -p 80 -t -i /supervisord + 2013-11-25 18:53:22,312 CRIT Supervisor running as root (no user in config file) + 2013-11-25 18:53:22,312 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing + 2013-11-25 18:53:22,342 INFO supervisord started with pid 1 + 2013-11-25 18:53:23,346 INFO spawned: 'sshd' with pid 6 + 2013-11-25 18:53:23,349 INFO spawned: 'apache2' with pid 7 + . . . + +We've launched a new container interactively using the `docker run` command. +That container has run Supervisor and launched the SSH and Apache daemons with +it. We've specified the `-p` flag to expose ports 22 and 80. From here we can +now identify the exposed ports and connect to one or both of the SSH and Apache +daemons. diff --git a/docs/sources/examples/using_supervisord.rst b/docs/sources/examples/using_supervisord.rst deleted file mode 100644 index 750b6c2334..0000000000 --- a/docs/sources/examples/using_supervisord.rst +++ /dev/null @@ -1,128 +0,0 @@ -:title: Using Supervisor with Docker -:description: How to use Supervisor process management with Docker -:keywords: docker, supervisor, process management - -.. _using_supervisord: - -Using Supervisor with Docker -============================ - -.. include:: example_header.inc - -Traditionally a Docker container runs a single process when it is launched, for -example an Apache daemon or a SSH server daemon. Often though you want to run -more than one process in a container. There are a number of ways you can -achieve this ranging from using a simple Bash script as the value of your -container's ``CMD`` instruction to installing a process management tool. - -In this example we're going to make use of the process management tool, -`Supervisor `_, to manage multiple processes in our -container. Using Supervisor allows us to better control, manage, and restart the -processes we want to run. To demonstrate this we're going to install and manage both an -SSH daemon and an Apache daemon. - -Creating a Dockerfile ---------------------- - -Let's start by creating a basic ``Dockerfile`` for our new image. - -.. code-block:: bash - - FROM ubuntu:latest - MAINTAINER examples@docker.io - RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list - RUN apt-get update - RUN apt-get upgrade -y - -Installing Supervisor ---------------------- - -We can now install our SSH and Apache daemons as well as Supervisor in our container. - -.. code-block:: bash - - RUN apt-get install -y openssh-server apache2 supervisor - RUN mkdir -p /var/run/sshd - RUN mkdir -p /var/log/supervisor - -Here we're installing the ``openssh-server``, ``apache2`` and ``supervisor`` -(which provides the Supervisor daemon) packages. We're also creating two new -directories that are needed to run our SSH daemon and Supervisor. - -Adding Supervisor's configuration file --------------------------------------- - -Now let's add a configuration file for Supervisor. The default file is called -``supervisord.conf`` and is located in ``/etc/supervisor/conf.d/``. - -.. code-block:: bash - - ADD supervisord.conf /etc/supervisor/conf.d/supervisord.conf - -Let's see what is inside our ``supervisord.conf`` file. - -.. code-block:: bash - - [supervisord] - nodaemon=true - - [program:sshd] - command=/usr/sbin/sshd -D - - [program:apache2] - command=/bin/bash -c "source /etc/apache2/envvars && exec /usr/sbin/apache2 -DFOREGROUND" - -The ``supervisord.conf`` configuration file contains directives that configure -Supervisor and the processes it manages. The first block ``[supervisord]`` -provides configuration for Supervisor itself. We're using one directive, -``nodaemon`` which tells Supervisor to run interactively rather than daemonize. - -The next two blocks manage the services we wish to control. Each block controls -a separate process. The blocks contain a single directive, ``command``, which -specifies what command to run to start each process. - -Exposing ports and running Supervisor -------------------------------------- - -Now let's finish our ``Dockerfile`` by exposing some required ports and -specifying the ``CMD`` instruction to start Supervisor when our container -launches. - -.. code-block:: bash - - EXPOSE 22 80 - CMD ["/usr/bin/supervisord"] - -Here we've exposed ports 22 and 80 on the container and we're running the -``/usr/bin/supervisord`` binary when the container launches. - -Building our container ----------------------- - -We can now build our new container. - -.. code-block:: bash - - sudo docker build -t /supervisord . - -Running our Supervisor container --------------------------------- - -Once we've got a built image we can launch a container from it. - -.. code-block:: bash - - sudo docker run -p 22 -p 80 -t -i /supervisord - 2013-11-25 18:53:22,312 CRIT Supervisor running as root (no user in config file) - 2013-11-25 18:53:22,312 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing - 2013-11-25 18:53:22,342 INFO supervisord started with pid 1 - 2013-11-25 18:53:23,346 INFO spawned: 'sshd' with pid 6 - 2013-11-25 18:53:23,349 INFO spawned: 'apache2' with pid 7 - . . . - -We've launched a new container interactively using the ``docker run`` command. -That container has run Supervisor and launched the SSH and Apache daemons with -it. We've specified the ``-p`` flag to expose ports 22 and 80. From here we can -now identify the exposed ports and connect to one or both of the SSH and Apache -daemons. - diff --git a/docs/sources/faq.md b/docs/sources/faq.md new file mode 100644 index 0000000000..2494f33e9c --- /dev/null +++ b/docs/sources/faq.md @@ -0,0 +1,211 @@ +page_title: FAQ +page_description: Most frequently asked questions. +page_keywords: faq, questions, documentation, docker + +# FAQ + +## Most frequently asked questions + +### How much does Docker cost? + +Docker is 100% free, it is open source, so you can use it without +paying. + +### What open source license are you using? + +We are using the Apache License Version 2.0, see it here: +[https://github.com/dotcloud/docker/blob/master/LICENSE]( +https://github.com/dotcloud/docker/blob/master/LICENSE) + +### Does Docker run on Mac OS X or Windows? + +Not at this time, Docker currently only runs on Linux, but you can use +VirtualBox to run Docker in a virtual machine on your box, and get the +best of both worlds. Check out the [*Mac OS X*](../installation/mac/#macosx) +and [*Microsoft Windows*](../installation/windows/#windows) installation +guides. The small Linux distribution boot2docker can be run inside virtual +machines on these two operating systems. + +### How do containers compare to virtual machines? + +They are complementary. VMs are best used to allocate chunks of +hardware resources. Containers operate at the process level, which +makes them very lightweight and perfect as a unit of software +delivery. + +### What does Docker add to just plain LXC? + +Docker is not a replacement for LXC. "LXC" refers to capabilities of +the Linux kernel (specifically namespaces and control groups) which +allow sandboxing processes from one another, and controlling their +resource allocations. On top of this low-level foundation of kernel +features, Docker offers a high-level tool with several powerful +functionalities: + + - *Portable deployment across machines.* + Docker defines a format for bundling an application and all + its dependencies into a single object which can be transferred + to any Docker-enabled machine, and executed there with the + guarantee that the execution environment exposed to the + application will be the same. LXC implements process + sandboxing, which is an important pre-requisite for portable + deployment, but that alone is not enough for portable + deployment. If you sent me a copy of your application + installed in a custom LXC configuration, it would almost + certainly not run on my machine the way it does on yours, + because it is tied to your machine's specific configuration: + networking, storage, logging, distro, etc. Docker defines an + abstraction for these machine-specific settings, so that the + exact same Docker container can run - unchanged - on many + different machines, with many different configurations. + + - *Application-centric.* + Docker is optimized for the deployment of applications, as + opposed to machines. This is reflected in its API, user + interface, design philosophy and documentation. By contrast, + the `lxc` helper scripts focus on + containers as lightweight machines - basically servers that + boot faster and need less RAM. We think there's more to + containers than just that. + + - *Automatic build.* + Docker includes [*a tool for developers to automatically + assemble a container from their source + code*](../reference/builder/#dockerbuilder), with full control + over application dependencies, build tools, packaging etc. + They are free to use `make`, `maven`, `chef`, `puppet`, `salt,` + Debian packages, RPMs, source tarballs, or any combination of the + above, regardless of the configuration of the machines. + + - *Versioning.* + Docker includes git-like capabilities for tracking successive + versions of a container, inspecting the diff between versions, + committing new versions, rolling back etc. The history also + includes how a container was assembled and by whom, so you get + full traceability from the production server all the way back + to the upstream developer. Docker also implements incremental + uploads and downloads, similar to `git pull`, so new versions + of a container can be transferred by only sending diffs. + + - *Component re-use.* + Any container can be used as a [*"base image"*]( + ../terms/image/#base-image-def) to create more specialized components. + This can be done manually or as part of an automated build. For example + you can prepare the ideal Python environment, and use it as a base for + 10 different applications. Your ideal Postgresql setup can be re-used for + all your future projects. And so on. + + - *Sharing.* + Docker has access to a [public registry](http://index.docker.io) where + thousands of people have uploaded useful containers: anything from Redis, + CouchDB, Postgres to IRC bouncers to Rails app servers to Hadoop to + base images for various Linux distros. The + [*registry*](../reference/api/registry_index_spec/#registryindexspec) + also includes an official "standard library" of useful + containers maintained by the Docker team. The registry itself + is open-source, so anyone can deploy their own registry to + store and transfer private containers, for internal server + deployments for example. + + - *Tool ecosystem.* + Docker defines an API for automating and customizing the + creation and deployment of containers. There are a huge number + of tools integrating with Docker to extend its capabilities. + PaaS-like deployment (Dokku, Deis, Flynn), multi-node + orchestration (Maestro, Salt, Mesos, Openstack Nova), + management dashboards (docker-ui, Openstack Horizon, + Shipyard), configuration management (Chef, Puppet), continuous + integration (Jenkins, Strider, Travis), etc. Docker is rapidly + establishing itself as the standard for container-based + tooling. + +### What is different between a Docker container and a VM? + +There's a great StackOverflow answer [showing the differences]( +http://stackoverflow.com/questions/16047306/ +how-is-docker-io-different-from-a-normal-virtual-machine). + +### Do I lose my data when the container exits? + +Not at all! Any data that your application writes to disk gets preserved +in its container until you explicitly delete the container. The file +system for the container persists even after the container halts. + +### How far do Docker containers scale? + +Some of the largest server farms in the world today are based on +containers. Large web deployments like Google and Twitter, and platform +providers such as Heroku and dotCloud all run on container technology, +at a scale of hundreds of thousands or even millions of containers +running in parallel. + +### How do I connect Docker containers? + +Currently the recommended way to link containers is via the link +primitive. You can see details of how to [work with links here]( +http://docs.docker.io/use/working_with_links_names/). + +Also of useful when enabling more flexible service portability is the +[Ambassador linking pattern]( +http://docs.docker.io/use/ambassador_pattern_linking/). + +### How do I run more than one process in a Docker container? + +Any capable process supervisor such as [http://supervisord.org/]( +http://supervisord.org/), runit, s6, or daemontools can do the trick. +Docker will start up the process management daemon which will then fork +to run additional processes. As long as the processor manager daemon continues +to run, the container will continue to as well. You can see a more substantial +example [that uses supervisord here]( +http://docs.docker.io/examples/using_supervisord/). + +### What platforms does Docker run on? + +Linux: + + - Ubuntu 12.04, 13.04 et al + - Fedora 19/20+ + - RHEL 6.5+ + - Centos 6+ + - Gentoo + - ArchLinux + - openSUSE 12.3+ + - CRUX 3.0+ + +Cloud: + + - Amazon EC2 + - Google Compute Engine + - Rackspace + +### How do I report a security issue with Docker? + +You can learn about the project's security policy +[here](https://www.docker.io/security/) and report security issues to +this [mailbox](mailto:security@docker.com). + +### Why do I need to sign my commits to Docker with the DCO? + +Please read [our blog post]( +http://blog.docker.io/2014/01/ +docker-code-contributions-require-developer-certificate-of-origin/) +on the introduction of the DCO. + +### Can I help by adding some questions and answers? + +Definitely! You can fork [the repo](https://github.com/dotcloud/docker) and +edit the documentation sources. + +### Where can I find more answers? + +You can find more answers on: + +- [Docker user mailinglist](https://groups.google.com/d/forum/docker-user) +- [Docker developer mailinglist](https://groups.google.com/d/forum/docker-dev) +- [IRC, docker on freenode](irc://chat.freenode.net#docker) +- [GitHub](https://github.com/dotcloud/docker) +- [Ask questions on Stackoverflow](http://stackoverflow.com/search?q=docker) +- [Join the conversation on Twitter](http://twitter.com/docker) + +Looking for something else to read? Checkout the [*Hello World*]( +../examples/hello_world/#hello-world) example. diff --git a/docs/sources/faq.rst b/docs/sources/faq.rst deleted file mode 100644 index 07055941bd..0000000000 --- a/docs/sources/faq.rst +++ /dev/null @@ -1,224 +0,0 @@ -:title: FAQ -:description: Most frequently asked questions. -:keywords: faq, questions, documentation, docker - -FAQ -=== - - -Most frequently asked questions. --------------------------------- - -How much does Docker cost? -.......................... - - Docker is 100% free, it is open source, so you can use it without paying. - -What open source license are you using? -....................................... - - We are using the Apache License Version 2.0, see it here: - https://github.com/dotcloud/docker/blob/master/LICENSE - -Does Docker run on Mac OS X or Windows? -....................................... - - Not at this time, Docker currently only runs on Linux, but you can - use VirtualBox to run Docker in a virtual machine on your box, and - get the best of both worlds. Check out the :ref:`macosx` and - :ref:`windows` installation guides. The small Linux distribution boot2docker - can be run inside virtual machines on these two operating systems. - -How do containers compare to virtual machines? -.............................................. - - They are complementary. VMs are best used to allocate chunks of - hardware resources. Containers operate at the process level, which - makes them very lightweight and perfect as a unit of software - delivery. - -What does Docker add to just plain LXC? -....................................... - - Docker is not a replacement for LXC. "LXC" refers to capabilities - of the Linux kernel (specifically namespaces and control groups) - which allow sandboxing processes from one another, and controlling - their resource allocations. On top of this low-level foundation of - kernel features, Docker offers a high-level tool with several - powerful functionalities: - - * *Portable deployment across machines.* - Docker defines a format for bundling an application and all its - dependencies into a single object which can be transferred to - any Docker-enabled machine, and executed there with the - guarantee that the execution environment exposed to the - application will be the same. LXC implements process sandboxing, - which is an important pre-requisite for portable deployment, but - that alone is not enough for portable deployment. If you sent me - a copy of your application installed in a custom LXC - configuration, it would almost certainly not run on my machine - the way it does on yours, because it is tied to your machine's - specific configuration: networking, storage, logging, distro, - etc. Docker defines an abstraction for these machine-specific - settings, so that the exact same Docker container can run - - unchanged - on many different machines, with many different - configurations. - - * *Application-centric.* - Docker is optimized for the deployment of applications, as - opposed to machines. This is reflected in its API, user - interface, design philosophy and documentation. By contrast, the - ``lxc`` helper scripts focus on containers as lightweight - machines - basically servers that boot faster and need less - RAM. We think there's more to containers than just that. - - * *Automatic build.* - Docker includes :ref:`a tool for developers to automatically - assemble a container from their source code `, - with full control over application dependencies, build tools, - packaging etc. They are free to use ``make, maven, chef, puppet, - salt,`` Debian packages, RPMs, source tarballs, or any - combination of the above, regardless of the configuration of the - machines. - - * *Versioning.* - Docker includes git-like capabilities for tracking successive - versions of a container, inspecting the diff between versions, - committing new versions, rolling back etc. The history also - includes how a container was assembled and by whom, so you get - full traceability from the production server all the way back to - the upstream developer. Docker also implements incremental - uploads and downloads, similar to ``git pull``, so new versions - of a container can be transferred by only sending diffs. - - * *Component re-use.* - Any container can be used as a :ref:`"base image" - ` to create more specialized components. This - can be done manually or as part of an automated build. For - example you can prepare the ideal Python environment, and use it - as a base for 10 different applications. Your ideal Postgresql - setup can be re-used for all your future projects. And so on. - - * *Sharing.* - Docker has access to a `public registry - `_ where thousands of people have - uploaded useful containers: anything from Redis, CouchDB, - Postgres to IRC bouncers to Rails app servers to Hadoop to base - images for various Linux distros. The :ref:`registry - ` also includes an official "standard - library" of useful containers maintained by the Docker team. The - registry itself is open-source, so anyone can deploy their own - registry to store and transfer private containers, for internal - server deployments for example. - - * *Tool ecosystem.* - Docker defines an API for automating and customizing the - creation and deployment of containers. There are a huge number - of tools integrating with Docker to extend its - capabilities. PaaS-like deployment (Dokku, Deis, Flynn), - multi-node orchestration (Maestro, Salt, Mesos, Openstack Nova), - management dashboards (docker-ui, Openstack Horizon, Shipyard), - configuration management (Chef, Puppet), continuous integration - (Jenkins, Strider, Travis), etc. Docker is rapidly establishing - itself as the standard for container-based tooling. - -What is different between a Docker container and a VM? -...................................................... - -There's a great StackOverflow answer `showing the differences `_. - -Do I lose my data when the container exits? -........................................... - -Not at all! Any data that your application writes to disk gets preserved -in its container until you explicitly delete the container. The file -system for the container persists even after the container halts. - -How far do Docker containers scale? -................................... - -Some of the largest server farms in the world today are based on containers. -Large web deployments like Google and Twitter, and platform providers such as -Heroku and dotCloud all run on container technology, at a scale of hundreds of -thousands or even millions of containers running in parallel. - -How do I connect Docker containers? -................................... - -Currently the recommended way to link containers is via the `link` primitive. -You can see details of how to `work with links here -`_. - -Also of useful when enabling more flexible service portability is the -`Ambassador linking pattern -`_. - -How do I run more than one process in a Docker container? -......................................................... - -Any capable process supervisor such as http://supervisord.org/, runit, s6, or -daemontools can do the trick. Docker will start up the process management -daemon which will then fork to run additional processes. As long as the -processor manager daemon continues to run, the container will continue to as -well. You can see a more substantial example `that uses supervisord here -`_. - -What platforms does Docker run on? -.................................. - -Linux: - -- Ubuntu 12.04, 13.04 et al -- Fedora 19/20+ -- RHEL 6.5+ -- Centos 6+ -- Gentoo -- ArchLinux -- openSUSE 12.3+ -- CRUX 3.0+ - -Cloud: - -- Amazon EC2 -- Google Compute Engine -- Rackspace - -How do I report a security issue with Docker? -............................................. - -You can learn about the project's security policy `here `_ -and report security issues to this `mailbox `_. - -Why do I need to sign my commits to Docker with the DCO? -........................................................ - -Please read `our blog post `_ on the introduction of the DCO. - -Can I help by adding some questions and answers? -................................................ - -Definitely! You can fork `the repo`_ and edit the documentation sources. - - -Where can I find more answers? -.............................. - - You can find more answers on: - - * `Docker user mailinglist`_ - * `Docker developer mailinglist`_ - * `IRC, docker on freenode`_ - * `GitHub`_ - * `Ask questions on Stackoverflow`_ - * `Join the conversation on Twitter`_ - - - .. _Docker user mailinglist: https://groups.google.com/d/forum/docker-user - .. _Docker developer mailinglist: https://groups.google.com/d/forum/docker-dev - .. _the repo: http://www.github.com/dotcloud/docker - .. _IRC, docker on freenode: irc://chat.freenode.net#docker - .. _Github: http://www.github.com/dotcloud/docker - .. _Ask questions on Stackoverflow: http://stackoverflow.com/search?q=docker - .. _Join the conversation on Twitter: http://twitter.com/docker - -Looking for something else to read? Checkout the :ref:`hello_world` example. diff --git a/docs/sources/genindex.md b/docs/sources/genindex.md new file mode 100644 index 0000000000..8b013d6a6b --- /dev/null +++ b/docs/sources/genindex.md @@ -0,0 +1 @@ +# Index diff --git a/docs/sources/http-routingtable.md b/docs/sources/http-routingtable.md new file mode 100644 index 0000000000..9fd78d03b5 --- /dev/null +++ b/docs/sources/http-routingtable.md @@ -0,0 +1,104 @@ +# HTTP Routing Table + +[**/api**](#cap-/api) | [**/auth**](#cap-/auth) | +[**/build**](#cap-/build) | [**/commit**](#cap-/commit) | +[**/containers**](#cap-/containers) | [**/events**](#cap-/events) | +[**/events:**](#cap-/events:) | [**/images**](#cap-/images) | +[**/info**](#cap-/info) | [**/v1**](#cap-/v1) | +[**/version**](#cap-/version) + + -- -------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---- +   + **/api** + [`GET /api/v1.1/o/authorize/`](../reference/api/docker_io_oauth_api/#get--api-v1.1-o-authorize-) ** + [`POST /api/v1.1/o/token/`](../reference/api/docker_io_oauth_api/#post--api-v1.1-o-token-) ** + [`GET /api/v1.1/users/:username/`](../reference/api/docker_io_accounts_api/#get--api-v1.1-users--username-) ** + [`PATCH /api/v1.1/users/:username/`](../reference/api/docker_io_accounts_api/#patch--api-v1.1-users--username-) ** + [`GET /api/v1.1/users/:username/emails/`](../reference/api/docker_io_accounts_api/#get--api-v1.1-users--username-emails-) ** + [`PATCH /api/v1.1/users/:username/emails/`](../reference/api/docker_io_accounts_api/#patch--api-v1.1-users--username-emails-) ** + [`POST /api/v1.1/users/:username/emails/`](../reference/api/docker_io_accounts_api/#post--api-v1.1-users--username-emails-) ** + [`DELETE /api/v1.1/users/:username/emails/`](../reference/api/docker_io_accounts_api/#delete--api-v1.1-users--username-emails-) ** +   + **/auth** + [`GET /auth`](../reference/api/docker_remote_api/#get--auth) ** + [`POST /auth`](../reference/api/docker_remote_api_v1.9/#post--auth) ** +   + **/build** + [`POST /build`](../reference/api/docker_remote_api_v1.9/#post--build) ** +   + **/commit** + [`POST /commit`](../reference/api/docker_remote_api_v1.9/#post--commit) ** +   + **/containers** + [`DELETE /containers/(id)`](../reference/api/docker_remote_api_v1.9/#delete--containers-(id)) ** + [`POST /containers/(id)/attach`](../reference/api/docker_remote_api_v1.9/#post--containers-(id)-attach) ** + [`GET /containers/(id)/changes`](../reference/api/docker_remote_api_v1.9/#get--containers-(id)-changes) ** + [`POST /containers/(id)/copy`](../reference/api/docker_remote_api_v1.9/#post--containers-(id)-copy) ** + [`GET /containers/(id)/export`](../reference/api/docker_remote_api_v1.9/#get--containers-(id)-export) ** + [`GET /containers/(id)/json`](../reference/api/docker_remote_api_v1.9/#get--containers-(id)-json) ** + [`POST /containers/(id)/kill`](../reference/api/docker_remote_api_v1.9/#post--containers-(id)-kill) ** + [`POST /containers/(id)/restart`](../reference/api/docker_remote_api_v1.9/#post--containers-(id)-restart) ** + [`POST /containers/(id)/start`](../reference/api/docker_remote_api_v1.9/#post--containers-(id)-start) ** + [`POST /containers/(id)/stop`](../reference/api/docker_remote_api_v1.9/#post--containers-(id)-stop) ** + [`GET /containers/(id)/top`](../reference/api/docker_remote_api_v1.9/#get--containers-(id)-top) ** + [`POST /containers/(id)/wait`](../reference/api/docker_remote_api_v1.9/#post--containers-(id)-wait) ** + [`POST /containers/create`](../reference/api/docker_remote_api_v1.9/#post--containers-create) ** + [`GET /containers/json`](../reference/api/docker_remote_api_v1.9/#get--containers-json) ** +   + **/events** + [`GET /events`](../reference/api/docker_remote_api_v1.9/#get--events) ** +   + **/events:** + [`GET /events:`](../reference/api/docker_remote_api/#get--events-) ** +   + **/images** + [`GET /images/(format)`](../reference/api/archive/docker_remote_api_v1.6/#get--images-(format)) ** + [`DELETE /images/(name)`](../reference/api/docker_remote_api_v1.9/#delete--images-(name)) ** + [`GET /images/(name)/get`](../reference/api/docker_remote_api_v1.9/#get--images-(name)-get) ** + [`GET /images/(name)/history`](../reference/api/docker_remote_api_v1.9/#get--images-(name)-history) ** + [`POST /images/(name)/insert`](../reference/api/docker_remote_api_v1.9/#post--images-(name)-insert) ** + [`GET /images/(name)/json`](../reference/api/docker_remote_api_v1.9/#get--images-(name)-json) ** + [`POST /images/(name)/push`](../reference/api/docker_remote_api_v1.9/#post--images-(name)-push) ** + [`POST /images/(name)/tag`](../reference/api/docker_remote_api_v1.9/#post--images-(name)-tag) ** + [`POST /images//delete`](../reference/api/docker_remote_api/#post--images--name--delete) ** + [`POST /images/create`](../reference/api/docker_remote_api_v1.9/#post--images-create) ** + [`GET /images/json`](../reference/api/docker_remote_api_v1.9/#get--images-json) ** + [`POST /images/load`](../reference/api/docker_remote_api_v1.9/#post--images-load) ** + [`GET /images/search`](../reference/api/docker_remote_api_v1.9/#get--images-search) ** + [`GET /images/viz`](../reference/api/docker_remote_api/#get--images-viz) ** +   + **/info** + [`GET /info`](../reference/api/docker_remote_api_v1.9/#get--info) ** +   + **/v1** + [`GET /v1/_ping`](../reference/api/registry_api/#get--v1-_ping) ** + [`GET /v1/images/(image_id)/ancestry`](../reference/api/registry_api/#get--v1-images-(image_id)-ancestry) ** + [`GET /v1/images/(image_id)/json`](../reference/api/registry_api/#get--v1-images-(image_id)-json) ** + [`PUT /v1/images/(image_id)/json`](../reference/api/registry_api/#put--v1-images-(image_id)-json) ** + [`GET /v1/images/(image_id)/layer`](../reference/api/registry_api/#get--v1-images-(image_id)-layer) ** + [`PUT /v1/images/(image_id)/layer`](../reference/api/registry_api/#put--v1-images-(image_id)-layer) ** + [`PUT /v1/repositories/(namespace)/(repo_name)/`](../reference/api/index_api/#put--v1-repositories-(namespace)-(repo_name)-) ** + [`DELETE /v1/repositories/(namespace)/(repo_name)/`](../reference/api/index_api/#delete--v1-repositories-(namespace)-(repo_name)-) ** + [`PUT /v1/repositories/(namespace)/(repo_name)/auth`](../reference/api/index_api/#put--v1-repositories-(namespace)-(repo_name)-auth) ** + [`GET /v1/repositories/(namespace)/(repo_name)/images`](../reference/api/index_api/#get--v1-repositories-(namespace)-(repo_name)-images) ** + [`PUT /v1/repositories/(namespace)/(repo_name)/images`](../reference/api/index_api/#put--v1-repositories-(namespace)-(repo_name)-images) ** + [`DELETE /v1/repositories/(namespace)/(repository)/`](../reference/api/registry_api/#delete--v1-repositories-(namespace)-(repository)-) ** + [`GET /v1/repositories/(namespace)/(repository)/tags`](../reference/api/registry_api/#get--v1-repositories-(namespace)-(repository)-tags) ** + [`GET /v1/repositories/(namespace)/(repository)/tags/(tag)`](../reference/api/registry_api/#get--v1-repositories-(namespace)-(repository)-tags-(tag)) ** + [`PUT /v1/repositories/(namespace)/(repository)/tags/(tag)`](../reference/api/registry_api/#put--v1-repositories-(namespace)-(repository)-tags-(tag)) ** + [`DELETE /v1/repositories/(namespace)/(repository)/tags/(tag)`](../reference/api/registry_api/#delete--v1-repositories-(namespace)-(repository)-tags-(tag)) ** + [`PUT /v1/repositories/(repo_name)/`](../reference/api/index_api/#put--v1-repositories-(repo_name)-) ** + [`DELETE /v1/repositories/(repo_name)/`](../reference/api/index_api/#delete--v1-repositories-(repo_name)-) ** + [`PUT /v1/repositories/(repo_name)/auth`](../reference/api/index_api/#put--v1-repositories-(repo_name)-auth) ** + [`GET /v1/repositories/(repo_name)/images`](../reference/api/index_api/#get--v1-repositories-(repo_name)-images) ** + [`PUT /v1/repositories/(repo_name)/images`](../reference/api/index_api/#put--v1-repositories-(repo_name)-images) ** + [`GET /v1/search`](../reference/api/index_api/#get--v1-search) ** + [`GET /v1/users`](../reference/api/index_api/#get--v1-users) ** + [`POST /v1/users`](../reference/api/index_api/#post--v1-users) ** + [`PUT /v1/users/(username)/`](../reference/api/index_api/#put--v1-users-(username)-) ** +   + **/version** + [`GET /version`](../reference/api/docker_remote_api_v1.9/#get--version) ** + -- -------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---- + + diff --git a/docs/sources/index.md b/docs/sources/index.md new file mode 100644 index 0000000000..d582321563 --- /dev/null +++ b/docs/sources/index.md @@ -0,0 +1,82 @@ +page_title: About Docker +page_description: Docker introduction home page +page_keywords: docker, introduction, documentation, about, technology, understanding, Dockerfile + +# About Docker + +*Secure And Portable Containers Made Easy* + +## Introduction + +[**Docker**](https://www.docker.io) is a container based virtualization +framework. Unlike traditional virtualization Docker is fast, lightweight +and easy to use. Docker allows you to create containers holding +all the dependencies for an application. Each container is kept isolated +from any other, and nothing gets shared. + +## Docker highlights + + - **Containers provide sand-boxing:** + Applications run securely without outside access. + - **Docker allows simple portability:** + Containers are directories, they can be zipped and transported. + - **It all works fast:** + Starting a container is a very fast single process. + - **Docker is easy on the system resources (unlike VMs):** + No more than what each application needs. + - **Agnostic in its _essence_:** + Free of framework, language or platform dependencies. + +And most importantly: + + - **Docker reduces complexity:** + Docker accepts commands *in plain English*, e.g. `docker run [..]`. + +## About this guide + +In this introduction we will take you on a tour and show you what +makes Docker tick. + +On the [**first page**](introduction/understanding-docker.md), which is +**_informative_**: + + - You will find information on Docker; + - And discover Docker's features. + - We will also compare Docker to virtual machines; + - And see some common use cases. + +> [Click here to go to Understanding Docker](introduction/understanding-docker.md). + +The [**second page**](introduction/technology.md) has **_technical_** information on: + + - The architecture of Docker; + - The underlying technology, and; + - *How* Docker works. + +> [Click here to go to Understanding the Technology](introduction/technology.md). + +On the [**third page**](introduction/working-with-docker.md) we get **_practical_**. +There you can: + + - Learn about Docker's components (i.e. Containers, Images and the + Dockerfile); + - And get started working with them straight away. + +> [Click here to go to Working with Docker](introduction/working-with-docker.md). + +Finally, on the [**fourth**](introduction/get-docker.md) page, we go **_hands on_** +and see: + + - The installation instructions, and; + - How Docker makes some hard problems much, much easier. + +> [Click here to go to Get Docker](introduction/get-docker.md). + +> **Note**: +> We know how valuable your time is. Therefore, the documentation is prepared +> in a way to allow anyone to start from any section need. Although we strongly +> recommend that you visit [Understanding Docker]( +> introduction/understanding-docker.md) to see how Docker is different, if you +> already have some knowledge and want to quickly get started with Docker, +> don't hesitate to jump to [Working with Docker]( +> introduction/working-with-docker.md). diff --git a/docs/sources/index.rst b/docs/sources/index.rst deleted file mode 100644 index a89349b2bb..0000000000 --- a/docs/sources/index.rst +++ /dev/null @@ -1,29 +0,0 @@ -:title: Docker Documentation -:description: An overview of the Docker Documentation -:keywords: containers, lxc, concepts, explanation - -Introduction ------------- - -Docker is an open-source engine to easily create lightweight, portable, -self-sufficient containers from any application. The same container that a -developer builds and tests on a laptop can run at scale, in production, on -VMs, bare metal, OpenStack clusters, or any major infrastructure provider. - -Common use cases for Docker include: - -- Automating the packaging and deployment of web applications. -- Automated testing and continuous integration/deployment. -- Deploying and scaling databases and backend services in a service-oriented environment. -- Building custom PaaS environments, either from scratch or as an extension of off-the-shelf platforms like OpenShift or Cloud Foundry. - -Please note Docker is currently under heavy development. It should not be used in production (yet). - -For a high-level overview of Docker, please see the `Introduction -`_. When you're ready to start working with -Docker, we have a `quick start `_ -and a more in-depth guide to :ref:`ubuntu_linux` and other -:ref:`installation_list` paths including prebuilt binaries, -Rackspace and Amazon instances. - -Enough reading! :ref:`Try it out! ` diff --git a/docs/sources/installation.md b/docs/sources/installation.md new file mode 100644 index 0000000000..66b28b2b3c --- /dev/null +++ b/docs/sources/installation.md @@ -0,0 +1,25 @@ +# Installation + +## Introduction + +There are a number of ways to install Docker, depending on where you +want to run the daemon. The [*Ubuntu*](ubuntulinux/#ubuntu-linux) +installation is the officially-tested version. The community adds more +techniques for installing Docker all the time. + +## Contents: + + - [Ubuntu](ubuntulinux/) + - [Red Hat Enterprise Linux](rhel/) + - [Fedora](fedora/) + - [Arch Linux](archlinux/) + - [CRUX Linux](cruxlinux/) + - [Gentoo](gentoolinux/) + - [openSUSE](openSUSE/) + - [FrugalWare](frugalware/) + - [Mac OS X](mac/) + - [Windows](windows/) + - [Amazon EC2](amazon/) + - [Rackspace Cloud](rackspace/) + - [Google Cloud Platform](google/) + - [Binaries](binaries/) \ No newline at end of file diff --git a/docs/sources/installation/amazon.md b/docs/sources/installation/amazon.md new file mode 100644 index 0000000000..61a12d6b43 --- /dev/null +++ b/docs/sources/installation/amazon.md @@ -0,0 +1,103 @@ +page_title: Installation on Amazon EC2 +page_description: Please note this project is currently under heavy development. It should not be used in production. +page_keywords: amazon ec2, virtualization, cloud, docker, documentation, installation + +# Amazon EC2 + +> **Note**: +> Docker is still under heavy development! We don't recommend using it in +> production yet, but we're getting closer with each release. Please see +> our blog post, [Getting to Docker 1.0]( +> http://blog.docker.io/2013/08/getting-to-docker-1-0/) + +There are several ways to install Docker on AWS EC2: + + - [*Amazon QuickStart (Release Candidate - March 2014)*]( + #amazon-quickstart-release-candidate-march-2014) or + - [*Amazon QuickStart*](#amazon-quickstart) or + - [*Standard Ubuntu Installation*](#standard-ubuntu-installation) + +**You'll need an** [AWS account](http://aws.amazon.com/) **first, of +course.** + +## Amazon QuickStart + +1. **Choose an image:** + - Launch the [Create Instance + Wizard](https://console.aws.amazon.com/ec2/v2/home?#LaunchInstanceWizard:) + menu on your AWS Console. + - Click the `Select` button for a 64Bit Ubuntu + image. For example: Ubuntu Server 12.04.3 LTS + - For testing you can use the default (possibly free) + `t1.micro` instance (more info on + [pricing](http://aws.amazon.com/ec2/pricing/)). + - Click the `Next: Configure Instance Details` + button at the bottom right. + +2. **Tell CloudInit to install Docker:** + - When you're on the "Configure Instance Details" step, expand the + "Advanced Details" section. + - Under "User data", select "As text". + - Enter `#include https://get.docker.io` into + the instance *User Data*. + [CloudInit](https://help.ubuntu.com/community/CloudInit) is part + of the Ubuntu image you chose; it will bootstrap Docker by + running the shell script located at this URL. + +3. After a few more standard choices where defaults are probably ok, + your AWS Ubuntu instance with Docker should be running! + +**If this is your first AWS instance, you may need to set up your +Security Group to allow SSH.** By default all incoming ports to your new +instance will be blocked by the AWS Security Group, so you might just +get timeouts when you try to connect. + +Installing with `get.docker.io` (as above) will +create a service named `lxc-docker`. It will also +set up a [*docker group*](../binaries/#dockergroup) and you may want to +add the *ubuntu* user to it so that you don't have to use +`sudo` for every Docker command. + +Once you`ve got Docker installed, you're ready to try it out – head on +over to the [*First steps with Docker*](/use/basics/) or +[*Examples*](/examples/) section. + +## Amazon QuickStart (Release Candidate - March 2014) + +Amazon just published new Docker-ready AMIs (2014.03 Release Candidate). +Docker packages can now be installed from Amazon's provided Software +Repository. + +1. **Choose an image:** + - Launch the [Create Instance + Wizard](https://console.aws.amazon.com/ec2/v2/home?#LaunchInstanceWizard:) + menu on your AWS Console. + - Click the `Community AMI` menu option on the + left side + - Search for `2014.03` and select one of the Amazon provided AMI, + for example `amzn-ami-pv-2014.03.rc-0.x86_64-ebs` + - For testing you can use the default (possibly free) + `t1.micro` instance (more info on + [pricing](http://aws.amazon.com/ec2/pricing/)). + - Click the `Next: Configure Instance Details` + button at the bottom right. + +2. After a few more standard choices where defaults are probably ok, + your Amazon Linux instance should be running! +3. SSH to your instance to install Docker : + `ssh -i ec2-user@` + +4. Once connected to the instance, type + `sudo yum install -y docker ; sudo service docker start` + to install and start Docker + +## Standard Ubuntu Installation + +If you want a more hands-on installation, then you can follow the +[*Ubuntu*](../ubuntulinux/#ubuntu-linux) instructions installing Docker +on any EC2 instance running Ubuntu. Just follow Step 1 from [*Amazon +QuickStart*](#amazon-quickstart) to pick an image (or use one of your +own) and skip the step with the *User Data*. Then continue with the +[*Ubuntu*](../ubuntulinux/#ubuntu-linux) instructions. + +Continue with the [*Hello World*](/examples/hello_world/#hello-world) example. diff --git a/docs/sources/installation/amazon.rst b/docs/sources/installation/amazon.rst deleted file mode 100644 index b062a15e1e..0000000000 --- a/docs/sources/installation/amazon.rst +++ /dev/null @@ -1,107 +0,0 @@ -:title: Installation on Amazon EC2 -:description: Please note this project is currently under heavy development. It should not be used in production. -:keywords: amazon ec2, virtualization, cloud, docker, documentation, installation - -Amazon EC2 -========== - -.. include:: install_header.inc - -There are several ways to install Docker on AWS EC2: - -* :ref:`amazonquickstart_new` or -* :ref:`amazonquickstart` or -* :ref:`amazonstandard` - -**You'll need an** `AWS account `_ **first, of course.** - -.. _amazonquickstart: - -Amazon QuickStart ------------------ - -1. **Choose an image:** - - * Launch the `Create Instance Wizard - `_ menu - on your AWS Console. - - * Click the ``Select`` button for a 64Bit Ubuntu image. For example: Ubuntu Server 12.04.3 LTS - - * For testing you can use the default (possibly free) - ``t1.micro`` instance (more info on `pricing - `_). - - * Click the ``Next: Configure Instance Details`` button at the bottom right. - -2. **Tell CloudInit to install Docker:** - - * When you're on the "Configure Instance Details" step, expand the "Advanced - Details" section. - - * Under "User data", select "As text". - - * Enter ``#include https://get.docker.io`` into the instance *User Data*. - `CloudInit `_ is part of the - Ubuntu image you chose; it will bootstrap Docker by running the shell - script located at this URL. - -3. After a few more standard choices where defaults are probably ok, your AWS - Ubuntu instance with Docker should be running! - -**If this is your first AWS instance, you may need to set up your -Security Group to allow SSH.** By default all incoming ports to your -new instance will be blocked by the AWS Security Group, so you might -just get timeouts when you try to connect. - -Installing with ``get.docker.io`` (as above) will create a service named -``lxc-docker``. It will also set up a :ref:`docker group ` and you -may want to add the *ubuntu* user to it so that you don't have to use ``sudo`` -for every Docker command. - -Once you've got Docker installed, you're ready to try it out -- head -on over to the :doc:`../use/basics` or :doc:`../examples/index` section. - -.. _amazonquickstart_new: - -Amazon QuickStart (Release Candidate - March 2014) --------------------------------------------------- - -Amazon just published new Docker-ready AMIs (2014.03 Release Candidate). Docker packages -can now be installed from Amazon's provided Software Repository. - -1. **Choose an image:** - - * Launch the `Create Instance Wizard - `_ menu - on your AWS Console. - - * Click the ``Community AMI`` menu option on the left side - - * Search for '2014.03' and select one of the Amazon provided AMI, for example ``amzn-ami-pv-2014.03.rc-0.x86_64-ebs`` - - * For testing you can use the default (possibly free) - ``t1.micro`` instance (more info on `pricing - `_). - - * Click the ``Next: Configure Instance Details`` button at the bottom right. - -2. After a few more standard choices where defaults are probably ok, your Amazon - Linux instance should be running! - -3. SSH to your instance to install Docker : ``ssh -i ec2-user@`` - -4. Once connected to the instance, type ``sudo yum install -y docker ; sudo service docker start`` to install and start Docker - -.. _amazonstandard: - -Standard Ubuntu Installation ----------------------------- - -If you want a more hands-on installation, then you can follow the -:ref:`ubuntu_linux` instructions installing Docker on any EC2 instance -running Ubuntu. Just follow Step 1 from :ref:`amazonquickstart` to -pick an image (or use one of your own) and skip the step with the -*User Data*. Then continue with the :ref:`ubuntu_linux` instructions. - -Continue with the :ref:`hello_world` example. diff --git a/docs/sources/installation/archlinux.md b/docs/sources/installation/archlinux.md new file mode 100644 index 0000000000..c6d4f73fb8 --- /dev/null +++ b/docs/sources/installation/archlinux.md @@ -0,0 +1,67 @@ +page_title: Installation on Arch Linux +page_description: Please note this project is currently under heavy development. It should not be used in production. +page_keywords: arch linux, virtualization, docker, documentation, installation + +# Arch Linux + +> **Note**: +> Docker is still under heavy development! We don't recommend using it in +> production yet, but we're getting closer with each release. Please see +> our blog post, [Getting to Docker 1.0]( +> http://blog.docker.io/2013/08/getting-to-docker-1-0/) + +> **Note**: +> This is a community contributed installation path. The only `official` +> installation is using the [*Ubuntu*](../ubuntulinux/#ubuntu-linux) +> installation path. This version may be out of date because it depends on +> some binaries to be updated and published + +Installing on Arch Linux can be handled via the package in community: + + - [docker](https://www.archlinux.org/packages/community/x86_64/docker/) + +or the following AUR package: + + - [docker-git](https://aur.archlinux.org/packages/docker-git/) + +The docker package will install the latest tagged version of docker. The +docker-git package will build from the current master branch. + +## Dependencies + +Docker depends on several packages which are specified as dependencies +in the packages. The core dependencies are: + + - bridge-utils + - device-mapper + - iproute2 + - lxc + - sqlite + +## Installation + +For the normal package a simple + + pacman -S docker + +is all that is needed. + +For the AUR package execute: + + yaourt -S docker-git + +The instructions here assume **yaourt** is installed. See [Arch User +Repository](https://wiki.archlinux.org/index.php/Arch_User_Repository#Installing_packages) +for information on building and installing packages from the AUR if you +have not done so before. + +## Starting Docker + +There is a systemd service unit created for docker. To start the docker +service: + + $ sudo systemctl start docker + +To start on system boot: + + $ sudo systemctl enable docker diff --git a/docs/sources/installation/archlinux.rst b/docs/sources/installation/archlinux.rst deleted file mode 100644 index c9b4c1d2c5..0000000000 --- a/docs/sources/installation/archlinux.rst +++ /dev/null @@ -1,73 +0,0 @@ -:title: Installation on Arch Linux -:description: Please note this project is currently under heavy development. It should not be used in production. -:keywords: arch linux, virtualization, docker, documentation, installation - -.. _arch_linux: - -Arch Linux -========== - -.. include:: install_header.inc - -.. include:: install_unofficial.inc - -Installing on Arch Linux can be handled via the package in community: - -* `docker `_ - -or the following AUR package: - -* `docker-git `_ - -The docker package will install the latest tagged version of docker. -The docker-git package will build from the current master branch. - -Dependencies ------------- - -Docker depends on several packages which are specified as dependencies in -the packages. The core dependencies are: - -* bridge-utils -* device-mapper -* iproute2 -* lxc -* sqlite - - -Installation ------------- - -For the normal package a simple -:: - - pacman -S docker - -is all that is needed. - -For the AUR package execute: -:: - - yaourt -S docker-git - -The instructions here assume **yaourt** is installed. See -`Arch User Repository `_ -for information on building and installing packages from the AUR if you have not -done so before. - - -Starting Docker ---------------- - -There is a systemd service unit created for docker. To start the docker service: - -:: - - sudo systemctl start docker - - -To start on system boot: - -:: - - sudo systemctl enable docker diff --git a/docs/sources/installation/binaries.md b/docs/sources/installation/binaries.md new file mode 100644 index 0000000000..36aa0ae249 --- /dev/null +++ b/docs/sources/installation/binaries.md @@ -0,0 +1,102 @@ +page_title: Installation from Binaries +page_description: This instruction set is meant for hackers who want to try out Docker on a variety of environments. +page_keywords: binaries, installation, docker, documentation, linux + +# Binaries + +> **Note**: +> Docker is still under heavy development! We don't recommend using it in +> production yet, but we're getting closer with each release. Please see +> our blog post, [Getting to Docker 1.0]( +> http://blog.docker.io/2013/08/getting-to-docker-1-0/) + +**This instruction set is meant for hackers who want to try out Docker +on a variety of environments.** + +Before following these directions, you should really check if a packaged +version of Docker is already available for your distribution. We have +packages for many distributions, and more keep showing up all the time! + +## Check runtime dependencies + +To run properly, docker needs the following software to be installed at +runtime: + + - iptables version 1.4 or later + - Git version 1.7 or later + - procps (or similar provider of a "ps" executable) + - XZ Utils 4.9 or later + - a [properly mounted]( + https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount) + cgroupfs hierarchy (having a single, all-encompassing "cgroup" mount + point [is](https://github.com/dotcloud/docker/issues/2683) + [not](https://github.com/dotcloud/docker/issues/3485) + [sufficient](https://github.com/dotcloud/docker/issues/4568)) + +## Check kernel dependencies + +Docker in daemon mode has specific kernel requirements. For details, +check your distribution in [*Installation*](../#installation-list). + +In general, a 3.8 Linux kernel (or higher) is preferred, as some of the +prior versions have known issues that are triggered by Docker. + +Note that Docker also has a client mode, which can run on virtually any +Linux kernel (it even builds on OSX!). + +## Get the docker binary: + + $ wget https://get.docker.io/builds/Linux/x86_64/docker-latest -O docker + $ chmod +x docker + +> **Note**: +> If you have trouble downloading the binary, you can also get the smaller +> compressed release file: +> [https://get.docker.io/builds/Linux/x86_64/docker-latest.tgz]( +> https://get.docker.io/builds/Linux/x86_64/docker-latest.tgz) + +## Run the docker daemon + + # start the docker in daemon mode from the directory you unpacked + $ sudo ./docker -d & + +## Giving non-root access + +The `docker` daemon always runs as the root user, +and since Docker version 0.5.2, the `docker` daemon +binds to a Unix socket instead of a TCP port. By default that Unix +socket is owned by the user *root*, and so, by default, you can access +it with `sudo`. + +Starting in version 0.5.3, if you (or your Docker installer) create a +Unix group called *docker* and add users to it, then the +`docker` daemon will make the ownership of the Unix +socket read/writable by the *docker* group when the daemon starts. The +`docker` daemon must always run as the root user, +but if you run the `docker` client as a user in the +*docker* group then you don't need to add `sudo` to +all the client commands. + +> **Warning**: +> The *docker* group (or the group specified with `-G`) is root-equivalent; +> see [*Docker Daemon Attack Surface*]( +> /articles/security/#dockersecurity-daemon) details. + +## Upgrades + +To upgrade your manual installation of Docker, first kill the docker +daemon: + + $ killall docker + +Then follow the regular installation steps. + +## Run your first container! + + # check your docker version + $ sudo ./docker version + + # run a container and open an interactive shell in the container + $ sudo ./docker run -i -t ubuntu /bin/bash + +Continue with the [*Hello World*](/examples/hello_world/#hello-world) example. diff --git a/docs/sources/installation/binaries.rst b/docs/sources/installation/binaries.rst deleted file mode 100644 index c31e19acc4..0000000000 --- a/docs/sources/installation/binaries.rst +++ /dev/null @@ -1,122 +0,0 @@ -:title: Installation from Binaries -:description: This instruction set is meant for hackers who want to try out Docker on a variety of environments. -:keywords: binaries, installation, docker, documentation, linux - -.. _binaries: - -Binaries -======== - -.. include:: install_header.inc - -**This instruction set is meant for hackers who want to try out Docker -on a variety of environments.** - -Before following these directions, you should really check if a -packaged version of Docker is already available for your distribution. -We have packages for many distributions, and more keep showing up all -the time! - - -Check runtime dependencies --------------------------- - -.. DOC COMMENT: this should be kept in sync with - https://github.com/dotcloud/docker/blob/master/hack/PACKAGERS.md#runtime-dependencies - -To run properly, docker needs the following software to be installed at runtime: - -- iptables version 1.4 or later -- Git version 1.7 or later -- XZ Utils 4.9 or later -- a `properly mounted - `_ - cgroupfs hierarchy (having a single, all-encompassing "cgroup" mount point `is - `_ `not - `_ `sufficient - `_) - - -Check kernel dependencies -------------------------- - -Docker in daemon mode has specific kernel requirements. For details, -check your distribution in :ref:`installation_list`. - -In general, a 3.8 Linux kernel (or higher) is preferred, as some of the -prior versions have known issues that are triggered by Docker. - -Note that Docker also has a client mode, which can run on virtually -any Linux kernel (it even builds on OSX!). - - -Get the docker binary: ----------------------- - -.. code-block:: bash - - wget https://get.docker.io/builds/Linux/x86_64/docker-latest -O docker - chmod +x docker - -.. note:: - If you have trouble downloading the binary, you can also get the smaller - compressed release file: https://get.docker.io/builds/Linux/x86_64/docker-latest.tgz - -Run the docker daemon ---------------------- - -.. code-block:: bash - - # start the docker in daemon mode from the directory you unpacked - sudo ./docker -d & - - -.. _dockergroup: - -Giving non-root access ----------------------- - -The ``docker`` daemon always runs as the root user, and since Docker -version 0.5.2, the ``docker`` daemon binds to a Unix socket instead of -a TCP port. By default that Unix socket is owned by the user *root*, -and so, by default, you can access it with ``sudo``. - -Starting in version 0.5.3, if you (or your Docker installer) create a -Unix group called *docker* and add users to it, then the ``docker`` -daemon will make the ownership of the Unix socket read/writable by the -*docker* group when the daemon starts. The ``docker`` daemon must -always run as the root user, but if you run the ``docker`` client as a -user in the *docker* group then you don't need to add ``sudo`` to all -the client commands. - -.. warning:: The *docker* group (or the group specified with ``-G``) is - root-equivalent; see :ref:`dockersecurity_daemon` details. - - -Upgrades --------- - -To upgrade your manual installation of Docker, first kill the docker -daemon: - -.. code-block:: bash - - killall docker - -Then follow the regular installation steps. - - -Run your first container! -------------------------- - -.. code-block:: bash - - # check your docker version - sudo ./docker version - - # run a container and open an interactive shell in the container - sudo ./docker run -i -t ubuntu /bin/bash - - - -Continue with the :ref:`hello_world` example. diff --git a/docs/sources/installation/cruxlinux.md b/docs/sources/installation/cruxlinux.md new file mode 100644 index 0000000000..d1a4de7367 --- /dev/null +++ b/docs/sources/installation/cruxlinux.md @@ -0,0 +1,91 @@ +page_title: Installation on CRUX Linux +page_description: Docker installation on CRUX Linux. +page_keywords: crux linux, virtualization, Docker, documentation, installation + +# CRUX Linux + +> **Note**: +> Docker is still under heavy development! We don't recommend using it in +> production yet, but we're getting closer with each release. Please see +> our blog post, [Getting to Docker 1.0]( +> http://blog.docker.io/2013/08/getting-to-docker-1-0/) + +> **Note**: +> This is a community contributed installation path. The only `official` +> installation is using the [*Ubuntu*](../ubuntulinux/#ubuntu-linux) +> installation path. This version may be out of date because it depends on +> some binaries to be updated and published. + +Installing on CRUX Linux can be handled via the ports from [James +Mills](http://prologic.shortcircuit.net.au/): + +- [docker](https://bitbucket.org/prologic/ports/src/tip/docker/) +- [docker-bin](https://bitbucket.org/prologic/ports/src/tip/docker-bin/) +- [docker-git](https://bitbucket.org/prologic/ports/src/tip/docker-git/) + +The `docker` port will install the latest tagged +version of Docker. The `docker-bin` port will +install the latest tagged versin of Docker from upstream built binaries. +The `docker-git` package will build from the current +master branch. + +## Installation + +For the time being (*until the CRUX Docker port(s) get into the official +contrib repository*) you will need to install [James +Mills`](https://bitbucket.org/prologic/ports) ports repository. You can +do so via: + +Download the `httpup` file to +`/etc/ports/`: + + $ curl -q -o - http://crux.nu/portdb/?a=getup&q=prologic > /etc/ports/prologic.httpup + +Add `prtdir /usr/ports/prologic` to +`/etc/prt-get.conf`: + + $ vim /etc/prt-get.conf + + # or: + $ echo "prtdir /usr/ports/prologic" >> /etc/prt-get.conf + +Update ports and prt-get cache: + + $ ports -u + $ prt-get cache + +To install (*and its dependencies*): + + $ prt-get depinst docker + +Use `docker-bin` for the upstream binary or +`docker-git` to build and install from the master +branch from git. + +## Kernel Requirements + +To have a working **CRUX+Docker** Host you must ensure your Kernel has +the necessary modules enabled for LXC containers to function correctly +and Docker Daemon to work properly. + +Please read the `README.rst`: + + $ prt-get readme docker + +There is a `test_kernel_config.sh` script in the +above ports which you can use to test your Kernel configuration: + + $ cd /usr/ports/prologic/docker + $ ./test_kernel_config.sh /usr/src/linux/.config + +## Starting Docker + +There is a rc script created for Docker. To start the Docker service: + + $ sudo su - + $ /etc/rc.d/docker start + +To start on system boot: + + - Edit `/etc/rc.conf` + - Put `docker` into the `SERVICES=(...)` array after `net`. diff --git a/docs/sources/installation/cruxlinux.rst b/docs/sources/installation/cruxlinux.rst deleted file mode 100644 index d1970cd1bf..0000000000 --- a/docs/sources/installation/cruxlinux.rst +++ /dev/null @@ -1,98 +0,0 @@ -:title: Installation on CRUX Linux -:description: Docker installation on CRUX Linux. -:keywords: crux linux, virtualization, Docker, documentation, installation - -.. _crux_linux: - - -CRUX Linux -========== - -.. include:: install_header.inc - -.. include:: install_unofficial.inc - -Installing on CRUX Linux can be handled via the ports from `James Mills `_: - -* `docker `_ - -* `docker-bin `_ - -* `docker-git `_ - -The ``docker`` port will install the latest tagged version of Docker. -The ``docker-bin`` port will install the latest tagged versin of Docker from upstream built binaries. -The ``docker-git`` package will build from the current master branch. - - -Installation ------------- - -For the time being (*until the CRUX Docker port(s) get into the official contrib repository*) you will need to install -`James Mills' `_ ports repository. You can do so via: - -Download the ``httpup`` file to ``/etc/ports/``: -:: - - curl -q -o - http://crux.nu/portdb/?a=getup&q=prologic > /etc/ports/prologic.httpup - - -Add ``prtdir /usr/ports/prologic`` to ``/etc/prt-get.conf``: -:: - - vim /etc/prt-get.conf - - # or: - echo "prtdir /usr/ports/prologic" >> /etc/prt-get.conf - - -Update ports and prt-get cache: -:: - - ports -u - prt-get cache - - -To install (*and its dependencies*): -:: - - prt-get depinst docker - - -Use ``docker-bin`` for the upstream binary or ``docker-git`` to build and install from the master branch from git. - - -Kernel Requirements -------------------- - -To have a working **CRUX+Docker** Host you must ensure your Kernel -has the necessary modules enabled for LXC containers to function -correctly and Docker Daemon to work properly. - -Please read the ``README.rst``: -:: - - prt-get readme docker - -There is a ``test_kernel_config.sh`` script in the above ports which you can use to test your Kernel configuration: - -:: - - cd /usr/ports/prologic/docker - ./test_kernel_config.sh /usr/src/linux/.config - - -Starting Docker ---------------- - -There is a rc script created for Docker. To start the Docker service: - -:: - - sudo su - - /etc/rc.d/docker start - -To start on system boot: - -- Edit ``/etc/rc.conf`` -- Put ``docker`` into the ``SERVICES=(...)`` array after ``net``. diff --git a/docs/sources/installation/fedora.md b/docs/sources/installation/fedora.md new file mode 100644 index 0000000000..93b5b05b13 --- /dev/null +++ b/docs/sources/installation/fedora.md @@ -0,0 +1,64 @@ +page_title: Installation on Fedora +page_description: Please note this project is currently under heavy development. It should not be used in production. +page_keywords: Docker, Docker documentation, Fedora, requirements, virtualbox, vagrant, git, ssh, putty, cygwin, linux + +# Fedora + +> **Note**: +> Docker is still under heavy development! We don't recommend using it in +> production yet, but we're getting closer with each release. Please see +> our blog post, [Getting to Docker 1.0]( +> http://blog.docker.io/2013/08/getting-to-docker-1-0/) + +> **Note**: +> This is a community contributed installation path. The only `official` +> installation is using the [*Ubuntu*](../ubuntulinux/#ubuntu-linux) +> installation path. This version may be out of date because it depends on +> some binaries to be updated and published. + +Docker is available in **Fedora 19 and later**. Please note that due to +the current Docker limitations Docker is able to run only on the **64 +bit** architecture. + +## Installation + +The `docker-io` package provides Docker on Fedora. + +If you have the (unrelated) `docker` package installed already, it will +conflict with `docker-io`. There's a [bug +report](https://bugzilla.redhat.com/show_bug.cgi?id=1043676) filed for +it. To proceed with `docker-io` installation on Fedora 19, please remove +`docker` first. + + $ sudo yum -y remove docker + +For Fedora 20 and later, the `wmdocker` package will +provide the same functionality as `docker` and will +also not conflict with `docker-io`. + + $ sudo yum -y install wmdocker + $ sudo yum -y remove docker + +Install the `docker-io` package which will install +Docker on our host. + + $ sudo yum -y install docker-io + +To update the `docker-io` package: + + $ sudo yum -y update docker-io + +Now that it's installed, let's start the Docker daemon. + + $ sudo systemctl start docker + +If we want Docker to start at boot, we should also: + + $ sudo systemctl enable docker + +Now let's verify that Docker is working. + + $ sudo docker run -i -t fedora /bin/bash + +**Done!**, now continue with the [*Hello +World*](/examples/hello_world/#hello-world) example. diff --git a/docs/sources/installation/fedora.rst b/docs/sources/installation/fedora.rst deleted file mode 100644 index 3b95f04f7f..0000000000 --- a/docs/sources/installation/fedora.rst +++ /dev/null @@ -1,75 +0,0 @@ -:title: Installation on Fedora -:description: Please note this project is currently under heavy development. It should not be used in production. -:keywords: Docker, Docker documentation, Fedora, requirements, virtualbox, vagrant, git, ssh, putty, cygwin, linux - -.. _fedora: - -Fedora -====== - -.. include:: install_header.inc - -.. include:: install_unofficial.inc - -Docker is available in **Fedora 19 and later**. Please note that due to the -current Docker limitations Docker is able to run only on the **64 bit** -architecture. - -Installation ------------- - -The ``docker-io`` package provides Docker on Fedora. - - -If you have the (unrelated) ``docker`` package installed already, it will -conflict with ``docker-io``. There's a `bug report`_ filed for it. -To proceed with ``docker-io`` installation on Fedora 19 or Fedora 20, please -remove ``docker`` first. - -.. code-block:: bash - - sudo yum -y remove docker - -For Fedora 21 and later, the ``wmdocker`` package will provide the same -functionality as the old ``docker`` and will also not conflict with ``docker-io``. - -.. code-block:: bash - - sudo yum -y install wmdocker - sudo yum -y remove docker - -Install the ``docker-io`` package which will install Docker on our host. - -.. code-block:: bash - - sudo yum -y install docker-io - - -To update the ``docker-io`` package: - -.. code-block:: bash - - sudo yum -y update docker-io - -Now that it's installed, let's start the Docker daemon. - -.. code-block:: bash - - sudo systemctl start docker - -If we want Docker to start at boot, we should also: - -.. code-block:: bash - - sudo systemctl enable docker - -Now let's verify that Docker is working. - -.. code-block:: bash - - sudo docker run -i -t fedora /bin/bash - -**Done!**, now continue with the :ref:`hello_world` example. - -.. _bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1043676 - diff --git a/docs/sources/installation/frugalware.md b/docs/sources/installation/frugalware.md new file mode 100644 index 0000000000..eb409d8d39 --- /dev/null +++ b/docs/sources/installation/frugalware.md @@ -0,0 +1,56 @@ +page_title: Installation on FrugalWare +page_description: Please note this project is currently under heavy development. It should not be used in production. +page_keywords: frugalware linux, virtualization, docker, documentation, installation + +# FrugalWare + +> **Note**: +> Docker is still under heavy development! We don't recommend using it in +> production yet, but we're getting closer with each release. Please see +> our blog post, [Getting to Docker 1.0]( +> http://blog.docker.io/2013/08/getting-to-docker-1-0/) + +> **Note**: +> This is a community contributed installation path. The only `official` +> installation is using the [*Ubuntu*](../ubuntulinux/#ubuntu-linux) +> installation path. This version may be out of date because it depends on +> some binaries to be updated and published + +Installing on FrugalWare is handled via the official packages: + + - [lxc-docker i686](http://www.frugalware.org/packages/200141) + - [lxc-docker x86_64](http://www.frugalware.org/packages/200130) + +The lxc-docker package will install the latest tagged version of Docker. + +## Dependencies + +Docker depends on several packages which are specified as dependencies +in the packages. The core dependencies are: + + - systemd + - lvm2 + - sqlite3 + - libguestfs + - lxc + - iproute2 + - bridge-utils + +## Installation + +A simple + + pacman -S lxc-docker + +is all that is needed. + +## Starting Docker + +There is a systemd service unit created for Docker. To start Docker as +service: + + $ sudo systemctl start lxc-docker + +To start on system boot: + + $ sudo systemctl enable lxc-docker diff --git a/docs/sources/installation/frugalware.rst b/docs/sources/installation/frugalware.rst deleted file mode 100644 index ed9bb2bfaa..0000000000 --- a/docs/sources/installation/frugalware.rst +++ /dev/null @@ -1,62 +0,0 @@ -:title: Installation on FrugalWare -:description: Please note this project is currently under heavy development. It should not be used in production. -:keywords: frugalware linux, virtualization, docker, documentation, installation - -.. _frugalware: - -FrugalWare -========== - -.. include:: install_header.inc - -.. include:: install_unofficial.inc - -Installing on FrugalWare is handled via the official packages: - -* `lxc-docker i686 `_ - -* `lxc-docker x86_64 `_ - -The `lxc-docker` package will install the latest tagged version of Docker. - -Dependencies ------------- - -Docker depends on several packages which are specified as dependencies in -the packages. The core dependencies are: - -* systemd -* lvm2 -* sqlite3 -* libguestfs -* lxc -* iproute2 -* bridge-utils - - -Installation ------------- - -A simple -:: - - pacman -S lxc-docker - -is all that is needed. - - -Starting Docker ---------------- - -There is a systemd service unit created for Docker. To start Docker as service: - -:: - - sudo systemctl start lxc-docker - - -To start on system boot: - -:: - - sudo systemctl enable lxc-docker diff --git a/docs/sources/installation/gentoolinux.md b/docs/sources/installation/gentoolinux.md new file mode 100644 index 0000000000..92329dca90 --- /dev/null +++ b/docs/sources/installation/gentoolinux.md @@ -0,0 +1,78 @@ +page_title: Installation on Gentoo +page_description: Please note this project is currently under heavy development. It should not be used in production. +page_keywords: gentoo linux, virtualization, docker, documentation, installation + +# Gentoo + +> **Note**: +> Docker is still under heavy development! We don't recommend using it in +> production yet, but we're getting closer with each release. Please see +> our blog post, [Getting to Docker 1.0]( +> http://blog.docker.io/2013/08/getting-to-docker-1-0/) + +> **Note**: +> This is a community contributed installation path. The only `official` +> installation is using the [*Ubuntu*](../ubuntulinux/#ubuntu-linux) +> installation path. This version may be out of date because it depends on +> some binaries to be updated and published + +Installing Docker on Gentoo Linux can be accomplished using one of two +methods. The first and best way if you're looking for a stable +experience is to use the official app-emulation/docker package directly +in the portage tree. + +If you're looking for a `-bin` ebuild, a live +ebuild, or bleeding edge ebuild changes/fixes, the second installation +method is to use the overlay provided at +[https://github.com/tianon/docker-overlay](https://github.com/tianon/docker-overlay) +which can be added using `app-portage/layman`. The +most accurate and up-to-date documentation for properly installing and +using the overlay can be found in [the overlay +README](https://github.com/tianon/docker-overlay/blob/master/README.md#using-this-overlay). + +Note that sometimes there is a disparity between the latest version and +what's in the overlay, and between the latest version in the overlay and +what's in the portage tree. Please be patient, and the latest version +should propagate shortly. + +## Installation + +The package should properly pull in all the necessary dependencies and +prompt for all necessary kernel options. The ebuilds for 0.7+ include +use flags to pull in the proper dependencies of the major storage +drivers, with the "device-mapper" use flag being enabled by default, +since that is the simplest installation path. + + $ sudo emerge -av app-emulation/docker + +If any issues arise from this ebuild or the resulting binary, including +and especially missing kernel configuration flags and/or dependencies, +[open an issue on the docker-overlay repository]( +https://github.com/tianon/docker-overlay/issues) or ping +tianon directly in the #docker IRC channel on the freenode network. + +## Starting Docker + +Ensure that you are running a kernel that includes all the necessary +modules and/or configuration for LXC (and optionally for device-mapper +and/or AUFS, depending on the storage driver you`ve decided to use). + +### OpenRC + +To start the docker daemon: + + $ sudo /etc/init.d/docker start + +To start on system boot: + + $ sudo rc-update add docker default + +### systemd + +To start the docker daemon: + + $ sudo systemctl start docker.service + +To start on system boot: + + $ sudo systemctl enable docker.service diff --git a/docs/sources/installation/gentoolinux.rst b/docs/sources/installation/gentoolinux.rst deleted file mode 100644 index 5abfddeb91..0000000000 --- a/docs/sources/installation/gentoolinux.rst +++ /dev/null @@ -1,84 +0,0 @@ -:title: Installation on Gentoo -:description: Please note this project is currently under heavy development. It should not be used in production. -:keywords: gentoo linux, virtualization, docker, documentation, installation - -.. _gentoo_linux: - -Gentoo -====== - -.. include:: install_header.inc - -.. include:: install_unofficial.inc - -Installing Docker on Gentoo Linux can be accomplished using one of two methods. -The first and best way if you're looking for a stable experience is to use the -official `app-emulation/docker` package directly in the portage tree. - -If you're looking for a ``-bin`` ebuild, a live ebuild, or bleeding edge -ebuild changes/fixes, the second installation method is to use the overlay -provided at https://github.com/tianon/docker-overlay which can be added using -``app-portage/layman``. The most accurate and up-to-date documentation for -properly installing and using the overlay can be found in `the overlay README -`_. - -Note that sometimes there is a disparity between the latest version and what's -in the overlay, and between the latest version in the overlay and what's in the -portage tree. Please be patient, and the latest version should propagate -shortly. - -Installation -^^^^^^^^^^^^ - -The package should properly pull in all the necessary dependencies and prompt -for all necessary kernel options. The ebuilds for 0.7+ include use flags to -pull in the proper dependencies of the major storage drivers, with the -"device-mapper" use flag being enabled by default, since that is the simplest -installation path. - -.. code-block:: bash - - sudo emerge -av app-emulation/docker - -If any issues arise from this ebuild or the resulting binary, including and -especially missing kernel configuration flags and/or dependencies, `open an -issue on the docker-overlay repository -`_ or ping tianon directly in -the #docker IRC channel on the freenode network. - -Starting Docker -^^^^^^^^^^^^^^^ - -Ensure that you are running a kernel that includes all the necessary modules -and/or configuration for LXC (and optionally for device-mapper and/or AUFS, -depending on the storage driver you've decided to use). - -OpenRC ------- - -To start the docker daemon: - -.. code-block:: bash - - sudo /etc/init.d/docker start - -To start on system boot: - -.. code-block:: bash - - sudo rc-update add docker default - -systemd -------- - -To start the docker daemon: - -.. code-block:: bash - - sudo systemctl start docker.service - -To start on system boot: - -.. code-block:: bash - - sudo systemctl enable docker.service diff --git a/docs/sources/installation/google.md b/docs/sources/installation/google.md new file mode 100644 index 0000000000..4c22808dcb --- /dev/null +++ b/docs/sources/installation/google.md @@ -0,0 +1,63 @@ +page_title: Installation on Google Cloud Platform +page_description: Please note this project is currently under heavy development. It should not be used in production. +page_keywords: Docker, Docker documentation, installation, google, Google Compute Engine, Google Cloud Platform + +# Google Cloud Platform + +> **Note**: +> Docker is still under heavy development! We don't recommend using it in +> production yet, but we're getting closer with each release. Please see +> our blog post, [Getting to Docker 1.0]( +> http://blog.docker.io/2013/08/getting-to-docker-1-0/) + +## Compute Engine QuickStart for Debian + +1. Go to [Google Cloud Console](https://cloud.google.com/console) and + create a new Cloud Project with [Compute Engine + enabled](https://developers.google.com/compute/docs/signup). +2. Download and configure the [Google Cloud SDK]( + https://developers.google.com/cloud/sdk/) to use your project + with the following commands: + + + + $ curl https://dl.google.com/dl/cloudsdk/release/install_google_cloud_sdk.bash | bash + $ gcloud auth login + Enter a cloud project id (or leave blank to not set): + +3. Start a new instance, select a zone close to you and the desired + instance size: + + + + $ gcutil addinstance docker-playground --image=backports-debian-7 + 1: europe-west1-a + ... + 4: us-central1-b + >>> + 1: machineTypes/n1-standard-1 + ... + 12: machineTypes/g1-small + >>> + +4. Connect to the instance using SSH: + + + + $ gcutil ssh docker-playground + $ docker-playground:~$ + +5. Install the latest Docker release and configure it to start when the + instance boots: + + + + $ docker-playground:~$ curl get.docker.io | bash + $ docker-playground:~$ sudo update-rc.d docker defaults + +6. Start a new container: + + + + $ docker-playground:~$ sudo docker run busybox echo 'docker on GCE \o/' + $ docker on GCE \o/ diff --git a/docs/sources/installation/google.rst b/docs/sources/installation/google.rst deleted file mode 100644 index cc1df5da24..0000000000 --- a/docs/sources/installation/google.rst +++ /dev/null @@ -1,58 +0,0 @@ -:title: Installation on Google Cloud Platform -:description: Please note this project is currently under heavy development. It should not be used in production. -:keywords: Docker, Docker documentation, installation, google, Google Compute Engine, Google Cloud Platform - -`Google Cloud Platform `_ -==================================================== - -.. include:: install_header.inc - -.. _googlequickstart: - -`Compute Engine `_ QuickStart for `Debian `_ ------------------------------------------------------------------------------------------------------------ - -1. Go to `Google Cloud Console `_ and create a new Cloud Project with `Compute Engine enabled `_. - -2. Download and configure the `Google Cloud SDK `_ to use your project with the following commands: - -.. code-block:: bash - - $ curl https://dl.google.com/dl/cloudsdk/release/install_google_cloud_sdk.bash | bash - $ gcloud auth login - Enter a cloud project id (or leave blank to not set): - -3. Start a new instance, select a zone close to you and the desired instance size: - -.. code-block:: bash - - $ gcutil addinstance docker-playground --image=backports-debian-7 - 1: europe-west1-a - ... - 4: us-central1-b - >>> - 1: machineTypes/n1-standard-1 - ... - 12: machineTypes/g1-small - >>> - -4. Connect to the instance using SSH: - -.. code-block:: bash - - $ gcutil ssh docker-playground - docker-playground:~$ - -5. Install the latest Docker release and configure it to start when the instance boots: - -.. code-block:: bash - - docker-playground:~$ curl get.docker.io | bash - docker-playground:~$ sudo update-rc.d docker defaults - -6. Start a new container: - -.. code-block:: bash - - docker-playground:~$ sudo docker run busybox echo 'docker on GCE \o/' - docker on GCE \o/ diff --git a/docs/sources/installation/index.rst b/docs/sources/installation/index.rst deleted file mode 100644 index ae0e9196fa..0000000000 --- a/docs/sources/installation/index.rst +++ /dev/null @@ -1,34 +0,0 @@ -:title: Docker Installation -:description: many ways to install Docker -:keywords: docker, installation - -.. _installation_list: - -Installation -============ - -There are a number of ways to install Docker, depending on where you -want to run the daemon. The :ref:`ubuntu_linux` installation is the -officially-tested version. The community adds more techniques for -installing Docker all the time. - -Contents: - -.. toctree:: - :maxdepth: 1 - - ubuntulinux - rhel - fedora - archlinux - cruxlinux - gentoolinux - openSUSE - frugalware - mac - windows - amazon - rackspace - google - softlayer - binaries diff --git a/docs/sources/installation/mac.md b/docs/sources/installation/mac.md new file mode 100644 index 0000000000..c30e0b6440 --- /dev/null +++ b/docs/sources/installation/mac.md @@ -0,0 +1,186 @@ +page_title: Installation on Mac OS X +page_description: Instructions for installing Docker on OS X using boot2docker. +page_keywords: Docker, Docker documentation, requirements, boot2docker, VirtualBox, SSH, Linux, OSX, OS X, Mac + +# Installing Docker on Mac OS X + +> **Note**: +> Docker is still under heavy development! We don't recommend using it in +> production yet, but we're getting closer with each release. Please see +> our blog post, [Getting to Docker 1.0]( +> http://blog.docker.io/2013/08/getting-to-docker-1-0/) + +> **Note:** +> Docker is supported on Mac OS X 10.6 "Snow Leopard" or newer. + +Docker has two key components: the Docker daemon and the `docker` binary +which acts as a client. The client passes instructions to the daemon +which builds, runs and manages your Docker containers. As Docker uses +some Linux-specific kernel features you can't use it directly on OS X. +Instead we run the Docker daemon inside a lightweight virtual machine on your local +OS X host. We can then use a native client `docker` binary to communicate +with the Docker daemon inside our virtual machine. To make this process +easier we've designed a helper application called +[boot2docker](https://github.com/boot2docker/boot2docker) to install +that virtual machine and run our Docker daemon. + +[boot2docker](https://github.com/boot2docker/boot2docker) uses +VirtualBox to create the virtual machine so we'll need to install that +first. + +## Installing VirtualBox + +Docker on OS X needs VirtualBox to run. To begin with, head over to +[VirtualBox Download Page](https://www.virtualbox.org/wiki/Downloads) +and get the tool for `OS X hosts x86/amd64`. + +Once the download is complete, open the disk image, run `VirtualBox.pkg` +and install VirtualBox. + +> **Note**: +> Do not simply copy the package without running the +> installer. + +## Installing boot2docker + +### Installing manually + +[boot2docker](https://github.com/boot2docker/boot2docker) provides a +handy script to manage the VM running the Docker daemon. It also takes +care of the installation of that VM. + +Open up a new terminal window and run the following commands to get +boot2docker: + + # Enter the installation directory + $ mkdir -p ~/bin + $ cd ~/bin + + # Get the file + $ curl https://raw.githubusercontent.com/boot2docker/boot2docker/master/boot2docker > boot2docker + + # Mark it executable + $ chmod +x boot2docker + +### Installing the Docker OS X Client + +The Docker daemon is accessed using the `docker` binary. + +Run the following commands to get it downloaded and set up: + + # Get the docker binary + $ DIR=$(mktemp -d ${TMPDIR:-/tmp}/dockerdl.XXXXXXX) && \ + curl -f -o $DIR/ld.tgz https://get.docker.io/builds/Darwin/x86_64/docker-latest.tgz && \ + gunzip $DIR/ld.tgz && \ + tar xvf $DIR/ld.tar -C $DIR/ && \ + cp $DIR/usr/local/bin/docker ./docker + + # Copy the executable file + $ sudo mkdir -p /usr/local/bin + $ sudo cp docker /usr/local/bin/ + +### Configure the Docker OS X Client + +The Docker client, `docker`, uses an environment variable `DOCKER_HOST` +to specify the location of the Docker daemon to connect to. Specify your +local boot2docker virtual machine as the value of that variable. + + $ export DOCKER_HOST=tcp://127.0.0.1:4243 + +## Installing boot2docker with Homebrew + +If you are using Homebrew on your machine, simply run the following +command to install `boot2docker`: + + $ brew install boot2docker + +Run the following command to install the Docker client: + + $ brew install docker + +And that's it! Let's check out how to use it. + +# How To Use Docker On Mac OS X + +## Running the Docker daemon via boot2docker + +Firstly we need to initialize our boot2docker virtual machine. Run the +`boot2docker` command. + + $ boot2docker init + +This will setup our initial virtual machine. + +Next we need to start the Docker daemon. + + $ boot2docker up + +There are a variety of others commands available using the `boot2docker` +script. You can see these like so: + + $ boot2docker + Usage ./boot2docker {init|start|up|pause|stop|restart|status|info|delete|ssh|download} + +## The Docker client + +Once the virtual machine with the Docker daemon is up, you can use the `docker` +binary just like any other application. + + $ docker version + Client version: 0.10.0 + Client API version: 1.10 + Server version: 0.10.0 + Server API version: 1.10 + Last stable version: 0.10.0 + +## Using Docker port forwarding with boot2docker + +In order to forward network ports from Docker with boot2docker we need to +manually forward the port range Docker uses inside VirtualBox. To do +this we take the port range that Docker uses by default with the `-P` +option, ports 49000-49900, and run the following command. + +> **Note:** +> The boot2docker virtual machine must be powered off for this +> to work. + + for i in {49000..49900}; do + VBoxManage modifyvm "boot2docker-vm" --natpf1 "tcp-port$i,tcp,,$i,,$i"; + VBoxManage modifyvm "boot2docker-vm" --natpf1 "udp-port$i,udp,,$i,,$i"; + done + +## Connecting to the VM via SSH + +If you feel the need to connect to the VM, you can simply run: + + $ ./boot2docker ssh + + # User: docker + # Pwd: tcuser + +If SSH complains about keys then run: + + $ ssh-keygen -R '[localhost]:2022' + +## Upgrading to a newer release of boot2docker + +To upgrade an initialized boot2docker virtual machine, you can use the +following 3 commands. Your virtual machine's disk will not be changed, +so you won't lose your images and containers: + + $ boot2docker stop + $ boot2docker download + $ boot2docker start + +# Learn More + +## boot2docker + +See the GitHub page for +[boot2docker](https://github.com/boot2docker/boot2docker). + +# Next steps + +You can now continue with the [*Hello +World*](/examples/hello_world/#hello-world) example. + diff --git a/docs/sources/installation/mac.rst b/docs/sources/installation/mac.rst deleted file mode 100644 index 9ce3961f7e..0000000000 --- a/docs/sources/installation/mac.rst +++ /dev/null @@ -1,188 +0,0 @@ -:title: Installation on Mac OS X 10.6 Snow Leopard -:description: Please note this project is currently under heavy development. It should not be used in production. -:keywords: Docker, Docker documentation, requirements, virtualbox, ssh, linux, os x, osx, mac - -.. _macosx: - -======== -Mac OS X -======== - -.. note:: - - These instructions are available with the new release of Docker - (version 0.8). However, they are subject to change. - -.. include:: install_header.inc - -Docker is supported on Mac OS X 10.6 "Snow Leopard" or newer. - -How To Install Docker On Mac OS X -================================= - -VirtualBox ----------- - -Docker on OS X needs VirtualBox to run. To begin with, head over to -`VirtualBox Download Page`_ and get the tool for ``OS X hosts x86/amd64``. - -.. _VirtualBox Download Page: https://www.virtualbox.org/wiki/Downloads - -Once the download is complete, open the disk image, run the set up file -(i.e. ``VirtualBox.pkg``) and install VirtualBox. Do not simply copy the -package without running the installer. - -boot2docker ------------ - -`boot2docker`_ provides a handy script to easily manage the VM running the -``docker`` daemon. It also takes care of the installation for the OS image -that is used for the job. - -.. _GitHub page: https://github.com/boot2docker/boot2docker - -Open up a new terminal window, if you have not already. - -Run the following commands to get boot2docker: - -.. code-block:: bash - - # Enter the installation directory - cd ~/bin - - # Get the file - curl https://raw.github.com/boot2docker/boot2docker/master/boot2docker > boot2docker - - # Mark it executable - chmod +x boot2docker - -Docker OS X Client ------------------- - -The ``docker`` daemon is accessed using the ``docker`` client. - -Run the following commands to get it downloaded and set up: - -.. code-block:: bash - - # Get the docker client file - DIR=$(mktemp -d ${TMPDIR:-/tmp}/dockerdl.XXXXXXX) && \ - curl -f -o $DIR/ld.tgz https://get.docker.io/builds/Darwin/x86_64/docker-latest.tgz && \ - gunzip $DIR/ld.tgz && \ - tar xvf $DIR/ld.tar -C $DIR/ && \ - cp $DIR/usr/local/bin/docker ./docker - - # Set the environment variable for the docker daemon - export DOCKER_HOST=tcp://127.0.0.1:4243 - - # Copy the executable file - sudo cp docker /usr/local/bin/ - -And that’s it! Let’s check out how to use it. - -How To Use Docker On Mac OS X -============================= - -The ``docker`` daemon (via boot2docker) ---------------------------------------- - -Inside the ``~/bin`` directory, run the following commands: - -.. code-block:: bash - - # Initiate the VM - ./boot2docker init - - # Run the VM (the docker daemon) - ./boot2docker up - - # To see all available commands: - ./boot2docker - - # Usage ./boot2docker {init|start|up|pause|stop|restart|status|info|delete|ssh|download} - -The ``docker`` client ---------------------- - -Once the VM with the ``docker`` daemon is up, you can use the ``docker`` -client just like any other application. - -.. code-block:: bash - - docker version - # Client version: 0.7.6 - # Go version (client): go1.2 - # Git commit (client): bc3b2ec - # Server version: 0.7.5 - # Git commit (server): c348c04 - # Go version (server): go1.2 - -Forwarding VM Port Range to Host --------------------------------- - -If we take the port range that docker uses by default with the -P option -(49000-49900), and forward same range from host to vm, we'll be able to interact -with our containers as if they were running locally: - -.. code-block:: bash - - # vm must be powered off - for i in {49000..49900}; do - VBoxManage modifyvm "boot2docker-vm" --natpf1 "tcp-port$i,tcp,,$i,,$i"; - VBoxManage modifyvm "boot2docker-vm" --natpf1 "udp-port$i,udp,,$i,,$i"; - done - -SSH-ing The VM --------------- - -If you feel the need to connect to the VM, you can simply run: - -.. code-block:: bash - - ./boot2docker ssh - - # User: docker - # Pwd: tcuser - -You can now continue with the :ref:`hello_world` example. - -Learn More -========== - -boot2docker: ------------- - -See the GitHub page for `boot2docker`_. - -.. _boot2docker: https://github.com/boot2docker/boot2docker - -If SSH complains about keys: ----------------------------- - -.. code-block:: bash - - ssh-keygen -R '[localhost]:2022' - -Upgrading to a newer release of boot2docker -------------------------------------------- - -To upgrade an initialised VM, you can use the following 3 commands. Your persistence -disk will not be changed, so you won't lose your images and containers: - -.. code-block:: bash - - ./boot2docker stop - ./boot2docker download - ./boot2docker start - -About the way Docker works on Mac OS X: ---------------------------------------- - -Docker has two key components: the ``docker`` daemon and the ``docker`` -client. The tool works by client commanding the daemon. In order to -work and do its magic, the daemon makes use of some Linux Kernel -features (e.g. LXC, name spaces etc.), which are not supported by OS X. -Therefore, the solution of getting Docker to run on OS X consists of -running it inside a lightweight virtual machine. In order to simplify -things, Docker comes with a bash script to make this whole process as -easy as possible (i.e. boot2docker). diff --git a/docs/sources/installation/openSUSE.md b/docs/sources/installation/openSUSE.md new file mode 100644 index 0000000000..07f2ca43d2 --- /dev/null +++ b/docs/sources/installation/openSUSE.md @@ -0,0 +1,64 @@ +page_title: Installation on openSUSE +page_description: Please note this project is currently under heavy development. It should not be used in production. +page_keywords: openSUSE, virtualbox, docker, documentation, installation + +# openSUSE + +> **Note**: +> Docker is still under heavy development! We don't recommend using it in +> production yet, but we're getting closer with each release. Please see +> our blog post, [Getting to Docker 1.0]( +> http://blog.docker.io/2013/08/getting-to-docker-1-0/) + +> **Note**: +> This is a community contributed installation path. The only `official` +> installation is using the [*Ubuntu*](../ubuntulinux/#ubuntu-linux) +> installation path. This version may be out of date because it depends on +> some binaries to be updated and published + +Docker is available in **openSUSE 12.3 and later**. Please note that due +to the current Docker limitations Docker is able to run only on the **64 +bit** architecture. + +## Installation + +The `docker` package from the [Virtualization +project](https://build.opensuse.org/project/show/Virtualization) on +[OBS](https://build.opensuse.org/) provides Docker on openSUSE. + +To proceed with Docker installation please add the right Virtualization +repository. + + # openSUSE 12.3 + $ sudo zypper ar -f http://download.opensuse.org/repositories/Virtualization/openSUSE_12.3/ Virtualization + + # openSUSE 13.1 + $ sudo zypper ar -f http://download.opensuse.org/repositories/Virtualization/openSUSE_13.1/ Virtualization + +Install the Docker package. + + $ sudo zypper in docker + +It's also possible to install Docker using openSUSE's1-click install. +Just visit [this](http://software.opensuse.org/package/docker) page, +select your openSUSE version and click on the installation link. This +will add the right repository to your system and it will also install +the docker package. + +Now that it's installed, let's start the Docker daemon. + + $ sudo systemctl start docker + +If we want Docker to start at boot, we should also: + + $ sudo systemctl enable docker + +The docker package creates a new group named docker. Users, other than +root user, need to be part of this group in order to interact with the +Docker daemon. + + $ sudo usermod -G docker + +**Done!** +Now continue with the [*Hello World*]( +/examples/hello_world/#hello-world) example. diff --git a/docs/sources/installation/openSUSE.rst b/docs/sources/installation/openSUSE.rst deleted file mode 100644 index c791beacbf..0000000000 --- a/docs/sources/installation/openSUSE.rst +++ /dev/null @@ -1,73 +0,0 @@ -:title: Installation on openSUSE -:description: Please note this project is currently under heavy development. It should not be used in production. -:keywords: openSUSE, virtualbox, docker, documentation, installation - -.. _openSUSE: - -openSUSE -======== - -.. include:: install_header.inc - -.. include:: install_unofficial.inc - -Docker is available in **openSUSE 12.3 and later**. Please note that due to the -current Docker limitations Docker is able to run only on the **64 bit** -architecture. - -Installation ------------- - -The ``docker`` package from the `Virtualization project`_ on `OBS`_ provides -Docker on openSUSE. - - -To proceed with Docker installation please add the right Virtualization -repository. - -.. code-block:: bash - - # openSUSE 12.3 - sudo zypper ar -f http://download.opensuse.org/repositories/Virtualization/openSUSE_12.3/ Virtualization - - # openSUSE 13.1 - sudo zypper ar -f http://download.opensuse.org/repositories/Virtualization/openSUSE_13.1/ Virtualization - - -Install the Docker package. - -.. code-block:: bash - - sudo zypper in docker - -It's also possible to install Docker using openSUSE's 1-click install. Just -visit `this`_ page, select your openSUSE version and click on the installation -link. This will add the right repository to your system and it will -also install the `docker` package. - -Now that it's installed, let's start the Docker daemon. - -.. code-block:: bash - - sudo systemctl start docker - -If we want Docker to start at boot, we should also: - -.. code-block:: bash - - sudo systemctl enable docker - -The `docker` package creates a new group named `docker`. Users, other than -`root` user, need to be part of this group in order to interact with the -Docker daemon. - -.. code-block:: bash - - sudo usermod -G docker - - -**Done!**, now continue with the :ref:`hello_world` example. - -.. _Virtualization project: https://build.opensuse.org/project/show/Virtualization -.. _OBS: https://build.opensuse.org/ -.. _this: http://software.opensuse.org/package/docker diff --git a/docs/sources/installation/rackspace.md b/docs/sources/installation/rackspace.md new file mode 100644 index 0000000000..c93af388ed --- /dev/null +++ b/docs/sources/installation/rackspace.md @@ -0,0 +1,87 @@ +page_title: Installation on Rackspace Cloud +page_description: Please note this project is currently under heavy development. It should not be used in production. +page_keywords: Rackspace Cloud, installation, docker, linux, ubuntu + +# Rackspace Cloud + +> **Note**: +> This is a community contributed installation path. The only `official` +> installation is using the [*Ubuntu*](../ubuntulinux/#ubuntu-linux) +> installation path. This version may be out of date because it depends on +> some binaries to be updated and published + +Installing Docker on Ubuntu provided by Rackspace is pretty +straightforward, and you should mostly be able to follow the +[*Ubuntu*](../ubuntulinux/#ubuntu-linux) installation guide. + +**However, there is one caveat:** + +If you are using any Linux not already shipping with the 3.8 kernel you +will need to install it. And this is a little more difficult on +Rackspace. + +Rackspace boots their servers using grub's `menu.lst` +and does not like non `virtual` packages (e.g. Xen compatible) +kernels there, although they do work. This results in +`update-grub` not having the expected result, and +you will need to set the kernel manually. + +**Do not attempt this on a production machine!** + + # update apt + $ apt-get update + + # install the new kernel + $ apt-get install linux-generic-lts-raring + +Great, now you have the kernel installed in `/boot/`, next you need to +make it boot next time. + + # find the exact names + $ find /boot/ -name '*3.8*' + + # this should return some results + +Now you need to manually edit `/boot/grub/menu.lst`, +you will find a section at the bottom with the existing options. Copy +the top one and substitute the new kernel into that. Make sure the new +kernel is on top, and double check the kernel and initrd lines point to +the right files. + +Take special care to double check the kernel and initrd entries. + + # now edit /boot/grub/menu.lst + $ vi /boot/grub/menu.lst + +It will probably look something like this: + + ## ## End Default Options ## + + title Ubuntu 12.04.2 LTS, kernel 3.8.x generic + root (hd0) + kernel /boot/vmlinuz-3.8.0-19-generic root=/dev/xvda1 ro quiet splash console=hvc0 + initrd /boot/initrd.img-3.8.0-19-generic + + title Ubuntu 12.04.2 LTS, kernel 3.2.0-38-virtual + root (hd0) + kernel /boot/vmlinuz-3.2.0-38-virtual root=/dev/xvda1 ro quiet splash console=hvc0 + initrd /boot/initrd.img-3.2.0-38-virtual + + title Ubuntu 12.04.2 LTS, kernel 3.2.0-38-virtual (recovery mode) + root (hd0) + kernel /boot/vmlinuz-3.2.0-38-virtual root=/dev/xvda1 ro quiet splash single + initrd /boot/initrd.img-3.2.0-38-virtual + +Reboot the server (either via command line or console) + + # reboot + +Verify the kernel was updated + + $ uname -a + # Linux docker-12-04 3.8.0-19-generic #30~precise1-Ubuntu SMP Wed May 1 22:26:36 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux + + # nice! 3.8. + +Now you can finish with the [*Ubuntu*](../ubuntulinux/#ubuntu-linux) +instructions. diff --git a/docs/sources/installation/rackspace.rst b/docs/sources/installation/rackspace.rst deleted file mode 100644 index 687131a413..0000000000 --- a/docs/sources/installation/rackspace.rst +++ /dev/null @@ -1,97 +0,0 @@ -:title: Installation on Rackspace Cloud -:description: Please note this project is currently under heavy development. It should not be used in production. -:keywords: Rackspace Cloud, installation, docker, linux, ubuntu - -Rackspace Cloud -=============== - -.. include:: install_unofficial.inc - -Installing Docker on Ubuntu provided by Rackspace is pretty -straightforward, and you should mostly be able to follow the -:ref:`ubuntu_linux` installation guide. - -**However, there is one caveat:** - -If you are using any Linux not already shipping with the 3.8 kernel -you will need to install it. And this is a little more difficult on -Rackspace. - -Rackspace boots their servers using grub's ``menu.lst`` and does not -like non 'virtual' packages (e.g. Xen compatible) kernels there, -although they do work. This results in ``update-grub`` not having the -expected result, and you will need to set the kernel manually. - -**Do not attempt this on a production machine!** - -.. code-block:: bash - - # update apt - apt-get update - - # install the new kernel - apt-get install linux-generic-lts-raring - - -Great, now you have the kernel installed in ``/boot/``, next you need to make it -boot next time. - -.. code-block:: bash - - # find the exact names - find /boot/ -name '*3.8*' - - # this should return some results - - -Now you need to manually edit ``/boot/grub/menu.lst``, you will find a -section at the bottom with the existing options. Copy the top one and -substitute the new kernel into that. Make sure the new kernel is on -top, and double check the kernel and initrd lines point to the right files. - -Take special care to double check the kernel and initrd entries. - -.. code-block:: bash - - # now edit /boot/grub/menu.lst - vi /boot/grub/menu.lst - -It will probably look something like this: - -:: - - ## ## End Default Options ## - - title Ubuntu 12.04.2 LTS, kernel 3.8.x generic - root (hd0) - kernel /boot/vmlinuz-3.8.0-19-generic root=/dev/xvda1 ro quiet splash console=hvc0 - initrd /boot/initrd.img-3.8.0-19-generic - - title Ubuntu 12.04.2 LTS, kernel 3.2.0-38-virtual - root (hd0) - kernel /boot/vmlinuz-3.2.0-38-virtual root=/dev/xvda1 ro quiet splash console=hvc0 - initrd /boot/initrd.img-3.2.0-38-virtual - - title Ubuntu 12.04.2 LTS, kernel 3.2.0-38-virtual (recovery mode) - root (hd0) - kernel /boot/vmlinuz-3.2.0-38-virtual root=/dev/xvda1 ro quiet splash single - initrd /boot/initrd.img-3.2.0-38-virtual - - -Reboot the server (either via command line or console) - -.. code-block:: bash - - # reboot - -Verify the kernel was updated - -.. code-block:: bash - - uname -a - # Linux docker-12-04 3.8.0-19-generic #30~precise1-Ubuntu SMP Wed May 1 22:26:36 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux - - # nice! 3.8. - - -Now you can finish with the :ref:`ubuntu_linux` instructions. diff --git a/docs/sources/installation/rhel.md b/docs/sources/installation/rhel.md new file mode 100644 index 0000000000..632743a2b9 --- /dev/null +++ b/docs/sources/installation/rhel.md @@ -0,0 +1,77 @@ +page_title: Installation on Red Hat Enterprise Linux +page_description: Please note this project is currently under heavy development. It should not be used in production. +page_keywords: Docker, Docker documentation, requirements, linux, rhel, centos + +# Red Hat Enterprise Linux + +> **Note**: +> Docker is still under heavy development! We don't recommend using it in +> production yet, but we're getting closer with each release. Please see +> our blog post, [Getting to Docker 1.0]( +> http://blog.docker.io/2013/08/getting-to-docker-1-0/) + +> **Note**: +> This is a community contributed installation path. The only `official` +> installation is using the [*Ubuntu*](../ubuntulinux/#ubuntu-linux) +> installation path. This version may be out of date because it depends on +> some binaries to be updated and published + +Docker is available for **RHEL** on EPEL. These instructions should work +for both RHEL and CentOS. They will likely work for other binary +compatible EL6 distributions as well, but they haven't been tested. + +Please note that this package is part of [Extra Packages for Enterprise +Linux (EPEL)](https://fedoraproject.org/wiki/EPEL), a community effort +to create and maintain additional packages for the RHEL distribution. + +Also note that due to the current Docker limitations, Docker is able to +run only on the **64 bit** architecture. + +You will need [RHEL +6.5](https://access.redhat.com/site/articles/3078#RHEL6) or higher, with +a RHEL 6 kernel version 2.6.32-431 or higher as this has specific kernel +fixes to allow Docker to work. + +## Installation + +Firstly, you need to install the EPEL repository. Please follow the +[EPEL installation +instructions](https://fedoraproject.org/wiki/EPEL#How_can_I_use_these_extra_packages.3F). + +The `docker-io` package provides Docker on EPEL. + +If you already have the (unrelated) `docker` package +installed, it will conflict with `docker-io`. +There's a [bug report]( +https://bugzilla.redhat.com/show_bug.cgi?id=1043676) filed for it. +To proceed with `docker-io` installation, please remove `docker` first. + +Next, let's install the `docker-io` package which +will install Docker on our host. + + $ sudo yum -y install docker-io + +To update the `docker-io` package + + $ sudo yum -y update docker-io + +Now that it's installed, let's start the Docker daemon. + + $ sudo service docker start + +If we want Docker to start at boot, we should also: + + $ sudo chkconfig docker on + +Now let's verify that Docker is working. + + $ sudo docker run -i -t fedora /bin/bash + +**Done!** +Now continue with the [*Hello World*](/examples/hello_world/#hello-world) example. + +## Issues? + +If you have any issues - please report them directly in the +[Red Hat Bugzilla for docker-io component]( +https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=docker-io). diff --git a/docs/sources/installation/rhel.rst b/docs/sources/installation/rhel.rst deleted file mode 100644 index 151fba6f1f..0000000000 --- a/docs/sources/installation/rhel.rst +++ /dev/null @@ -1,85 +0,0 @@ -:title: Installation on Red Hat Enterprise Linux -:description: Please note this project is currently under heavy development. It should not be used in production. -:keywords: Docker, Docker documentation, requirements, linux, rhel, centos - -.. _rhel: - -Red Hat Enterprise Linux -======================== - -.. include:: install_header.inc - -.. include:: install_unofficial.inc - -Docker is available for **RHEL** on EPEL. These instructions should work for -both RHEL and CentOS. They will likely work for other binary compatible EL6 -distributions as well, but they haven't been tested. - -Please note that this package is part of `Extra Packages for Enterprise -Linux (EPEL)`_, a community effort to create and maintain additional packages -for the RHEL distribution. - -Also note that due to the current Docker limitations, Docker is able to run -only on the **64 bit** architecture. - -You will need `RHEL 6.5`_ or higher, with a RHEL 6 kernel version 2.6.32-431 or higher -as this has specific kernel fixes to allow Docker to work. - -Installation ------------- - -Firstly, you need to install the EPEL repository. Please follow the `EPEL installation instructions`_. - - -The ``docker-io`` package provides Docker on EPEL. - - -If you already have the (unrelated) ``docker`` package installed, it will -conflict with ``docker-io``. There's a `bug report`_ filed for it. -To proceed with ``docker-io`` installation, please remove -``docker`` first. - - -Next, let's install the ``docker-io`` package which will install Docker on our host. - -.. code-block:: bash - - sudo yum -y install docker-io - -To update the ``docker-io`` package - -.. code-block:: bash - - sudo yum -y update docker-io - -Now that it's installed, let's start the Docker daemon. - -.. code-block:: bash - - sudo service docker start - -If we want Docker to start at boot, we should also: - -.. code-block:: bash - - sudo chkconfig docker on - -Now let's verify that Docker is working. - -.. code-block:: bash - - sudo docker run -i -t fedora /bin/bash - -**Done!**, now continue with the :ref:`hello_world` example. - -Issues? -------- - -If you have any issues - please report them directly in the `Red Hat Bugzilla for docker-io component`_. - -.. _Extra Packages for Enterprise Linux (EPEL): https://fedoraproject.org/wiki/EPEL -.. _EPEL installation instructions: https://fedoraproject.org/wiki/EPEL#How_can_I_use_these_extra_packages.3F -.. _Red Hat Bugzilla for docker-io component : https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=docker-io -.. _bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1043676 -.. _RHEL 6.5: https://access.redhat.com/site/articles/3078#RHEL6 - diff --git a/docs/sources/installation/softlayer.md b/docs/sources/installation/softlayer.md new file mode 100644 index 0000000000..11a192c61a --- /dev/null +++ b/docs/sources/installation/softlayer.md @@ -0,0 +1,36 @@ +page_title: Installation on IBM SoftLayer +page_description: Please note this project is currently under heavy development. It should not be used in production. +page_keywords: IBM SoftLayer, virtualization, cloud, docker, documentation, installation + +# IBM SoftLayer + +> **Note**: +> Docker is still under heavy development! We don't recommend using it in +> production yet, but we're getting closer with each release. Please see +> our blog post, [Getting to Docker 1.0]( +> http://blog.docker.io/2013/08/getting-to-docker-1-0/) + +## IBM SoftLayer QuickStart + +1. Create an [IBM SoftLayer account]( + https://www.softlayer.com/cloud-servers/). +2. Log in to the [SoftLayer Console]( + https://control.softlayer.com/devices/). +3. Go to [Order Hourly Computing Instance Wizard]( + https://manage.softlayer.com/Sales/orderHourlyComputingInstance) + on your SoftLayer Console. +4. Create a new *CloudLayer Computing Instance* (CCI) using the default + values for all the fields and choose: + + - *First Available* as `Datacenter` and + - *Ubuntu Linux 12.04 LTS Precise Pangolin - Minimal Install (64 bit)* + as `Operating System`. + +5. Click the *Continue Your Order* button at the bottom right and + select *Go to checkout*. +6. Insert the required *User Metadata* and place the order. +7. Then continue with the [*Ubuntu*](../ubuntulinux/#ubuntu-linux) + instructions. + +Continue with the [*Hello World*]( +/examples/hello_world/#hello-world) example. diff --git a/docs/sources/installation/softlayer.rst b/docs/sources/installation/softlayer.rst deleted file mode 100644 index 0fe3d6df5a..0000000000 --- a/docs/sources/installation/softlayer.rst +++ /dev/null @@ -1,25 +0,0 @@ -:title: Installation on IBM SoftLayer -:description: Please note this project is currently under heavy development. It should not be used in production. -:keywords: IBM SoftLayer, virtualization, cloud, docker, documentation, installation - -IBM SoftLayer -============= - -.. include:: install_header.inc - -IBM SoftLayer QuickStart -------------------------- - -1. Create an `IBM SoftLayer account `_. -2. Log in to the `SoftLayer Console `_. -3. Go to `Order Hourly Computing Instance Wizard `_ on your SoftLayer Console. -4. Create a new *CloudLayer Computing Instance* (CCI) using the default values for all the fields and choose: - -- *First Available* as ``Datacenter`` and -- *Ubuntu Linux 12.04 LTS Precise Pangolin - Minimal Install (64 bit)* as ``Operating System``. - -5. Click the *Continue Your Order* button at the bottom right and select *Go to checkout*. -6. Insert the required *User Metadata* and place the order. -7. Then continue with the :ref:`ubuntu_linux` instructions. - -Continue with the :ref:`hello_world` example. \ No newline at end of file diff --git a/docs/sources/installation/ubuntulinux.md b/docs/sources/installation/ubuntulinux.md new file mode 100644 index 0000000000..d40e17b646 --- /dev/null +++ b/docs/sources/installation/ubuntulinux.md @@ -0,0 +1,342 @@ +page_title: Installation on Ubuntu +page_description: Please note this project is currently under heavy development. It should not be used in production. +page_keywords: Docker, Docker documentation, requirements, virtualbox, vagrant, git, ssh, putty, cygwin, linux + +# Ubuntu + +> **Note**: +> Docker is still under heavy development! We don't recommend using it in +> production yet, but we're getting closer with each release. Please see +> our blog post, [Getting to Docker 1.0]( +> http://blog.docker.io/2013/08/getting-to-docker-1-0/) + +Docker is supported on the following versions of Ubuntu: + + - [*Ubuntu Trusty 14.04 (LTS) (64-bit)*](#ubuntu-trusty-1404-lts-64-bit) + - [*Ubuntu Precise 12.04 (LTS) (64-bit)*](#ubuntu-precise-1204-lts-64-bit) + - [*Ubuntu Raring 13.04 and Saucy 13.10 (64 + bit)*](#ubuntu-raring-1304-and-saucy-1310-64-bit) + +Please read [*Docker and UFW*](#docker-and-ufw), if you plan to use [UFW +(Uncomplicated Firewall)](https://help.ubuntu.com/community/UFW) + +## Ubuntu Trusty 14.04 (LTS) (64-bit) + +Ubuntu Trusty comes with a 3.13.0 Linux kernel, and a `docker.io` package which +installs all its prerequisites from Ubuntu's repository. + +> **Note**: +> Ubuntu (and Debian) contain a much older KDE3/GNOME2 package called ``docker``, so the +> package and the executable are called ``docker.io``. + +### Installation + +To install the latest Ubuntu package (may not be the latest Docker release): + + $ sudo apt-get update + $ sudo apt-get install docker.io + $ sudo ln -sf /usr/bin/docker.io /usr/local/bin/docker + +To verify that everything has worked as expected: + + $ sudo docker run -i -t ubuntu /bin/bash + +Which should download the `ubuntu` image, and then start `bash` in a container. + + +## Ubuntu Precise 12.04 (LTS) (64-bit) + +This installation path should work at all times. + +### Dependencies + +**Linux kernel 3.8** + +Due to a bug in LXC, Docker works best on the 3.8 kernel. Precise comes +with a 3.2 kernel, so we need to upgrade it. The kernel you'll install +when following these steps comes with AUFS built in. We also include the +generic headers to enable packages that depend on them, like ZFS and the +VirtualBox guest additions. If you didn't install the headers for your +"precise" kernel, then you can skip these headers for the "raring" +kernel. But it is safer to include them if you're not sure. + + # install the backported kernel + $ sudo apt-get update + $ sudo apt-get install linux-image-generic-lts-raring linux-headers-generic-lts-raring + + # reboot + $ sudo reboot + +### Installation + +> **Warning**: +> These instructions have changed for 0.6. If you are upgrading from an +> earlier version, you will need to follow them again. + +Docker is available as a Debian package, which makes installation easy. +**See the** [*Mirrors*](#mirrors) **section below if you are not +in the United States.** Other sources of the Debian packages may be +faster for you to install. + +First, check that your APT system can deal with `https` +URLs: the file `/usr/lib/apt/methods/https` +should exist. If it doesn't, you need to install the package +`apt-transport-https`. + + [ -e /usr/lib/apt/methods/https ] || { + apt-get update + apt-get install apt-transport-https + } + +Then, add the Docker repository key to your local keychain. + + $ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9 + +Add the Docker repository to your apt sources list, update and install +the `lxc-docker` package. + +*You may receive a warning that the package isn't trusted. Answer yes to +continue installation.* + + $ sudo sh -c "echo deb https://get.docker.io/ubuntu docker main\ + > /etc/apt/sources.list.d/docker.list" + $ sudo apt-get update + $ sudo apt-get install lxc-docker + +> **Note**: +> +> There is also a simple `curl` script available to help with this process. +> +> $ curl -s https://get.docker.io/ubuntu/ | sudo sh + +Now verify that the installation has worked by downloading the +`ubuntu` image and launching a container. + + $ sudo docker run -i -t ubuntu /bin/bash + +Type `exit` to exit + +**Done!**, now continue with the [*Hello +World*](/examples/hello_world/#hello-world) example. + +## Ubuntu Raring 13.04 and Saucy 13.10 (64 bit) + +These instructions cover both Ubuntu Raring 13.04 and Saucy 13.10. + +### Dependencies + +**Optional AUFS filesystem support** + +Ubuntu Raring already comes with the 3.8 kernel, so we don't need to +install it. However, not all systems have AUFS filesystem support +enabled. AUFS support is optional as of version 0.7, but it's still +available as a driver and we recommend using it if you can. + +To make sure AUFS is installed, run the following commands: + + $ sudo apt-get update + $ sudo apt-get install linux-image-extra-`uname -r` + +### Installation + +Docker is available as a Debian package, which makes installation easy. + +> **Warning**: +> Please note that these instructions have changed for 0.6. If you are +> upgrading from an earlier version, you will need to follow them again. + +First add the Docker repository key to your local keychain. + + $ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9 + +Add the Docker repository to your apt sources list, update and install +the `lxc-docker` package. + + $ sudo sh -c "echo deb http://get.docker.io/ubuntu docker main\ + > /etc/apt/sources.list.d/docker.list" + $ sudo apt-get update + $ sudo apt-get install lxc-docker + +Now verify that the installation has worked by downloading the +`ubuntu` image and launching a container. + + $ sudo docker run -i -t ubuntu /bin/bash + +Type `exit` to exit + +**Done!**, now continue with the [*Hello +World*](/examples/hello_world/#hello-world) example. + +### Giving non-root access + +The `docker` daemon always runs as the root user, +and since Docker version 0.5.2, the `docker` daemon +binds to a Unix socket instead of a TCP port. By default that Unix +socket is owned by the user *root*, and so, by default, you can access +it with `sudo`. + +Starting in version 0.5.3, if you (or your Docker installer) create a +Unix group called *docker* and add users to it, then the +`docker` daemon will make the ownership of the Unix +socket read/writable by the *docker* group when the daemon starts. The +`docker` daemon must always run as the root user, +but if you run the `docker` client as a user in the +*docker* group then you don't need to add `sudo` to +all the client commands. As of 0.9.0, you can specify that a group other +than `docker` should own the Unix socket with the +`-G` option. + +> **Warning**: +> The *docker* group (or the group specified with `-G`) is +> root-equivalent; see [*Docker Daemon Attack Surface*]( +> /articles/security/#dockersecurity-daemon) details. + +**Example:** + + # Add the docker group if it doesn't already exist. + $ sudo groupadd docker + + # Add the connected user "${USER}" to the docker group. + # Change the user name to match your preferred user. + # You may have to logout and log back in again for + # this to take effect. + $ sudo gpasswd -a ${USER} docker + + # Restart the Docker daemon. + $ sudo service docker restart + +### Upgrade + +To install the latest version of docker, use the standard +`apt-get` method: + + # update your sources list + $ sudo apt-get update + + # install the latest + $ sudo apt-get install lxc-docker + +## Memory and Swap Accounting + +If you want to enable memory and swap accounting, you must add the +following command-line parameters to your kernel: + + $ cgroup_enable=memory swapaccount=1 + +On systems using GRUB (which is the default for Ubuntu), you can add +those parameters by editing `/etc/default/grub` and +extending `GRUB_CMDLINE_LINUX`. Look for the +following line: + + $ GRUB_CMDLINE_LINUX="" + +And replace it by the following one: + + $ GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1" + +Then run `sudo update-grub`, and reboot. + +These parameters will help you get rid of the following warnings: + + WARNING: Your kernel does not support cgroup swap limit. + WARNING: Your kernel does not support swap limit capabilities. Limitation discarded. + +## Troubleshooting + +On Linux Mint, the `cgroup-lite` package is not +installed by default. Before Docker will work correctly, you will need +to install this via: + + $ sudo apt-get update && sudo apt-get install cgroup-lite + +## Docker and UFW + +Docker uses a bridge to manage container networking. By default, UFW +drops all forwarding traffic. As a result you will need to enable UFW +forwarding: + + $ sudo nano /etc/default/ufw + + # Change: + # DEFAULT_FORWARD_POLICY="DROP" + # to + $ DEFAULT_FORWARD_POLICY="ACCEPT" + +Then reload UFW: + + $ sudo ufw reload + +UFW's default set of rules denies all incoming traffic. If you want to +be able to reach your containers from another host then you should allow +incoming connections on the Docker port (default 4243): + + $ sudo ufw allow 4243/tcp + +## Docker and local DNS server warnings + +Systems which are running Ubuntu or an Ubuntu derivative on the desktop +will use 127.0.0.1 as the default nameserver in /etc/resolv.conf. +NetworkManager sets up dnsmasq to use the real DNS servers of the +connection and sets up nameserver 127.0.0.1 in /etc/resolv.conf. + +When starting containers on these desktop machines, users will see a +warning: + + WARNING: Local (127.0.0.1) DNS resolver found in resolv.conf and containers can't use it. Using default external servers : [8.8.8.8 8.8.4.4] + +This warning is shown because the containers can't use the local DNS +nameserver and Docker will default to using an external nameserver. + +This can be worked around by specifying a DNS server to be used by the +Docker daemon for the containers: + + $ sudo nano /etc/default/docker + --- + # Add: + $ docker_OPTS="--dns 8.8.8.8" + # 8.8.8.8 could be replaced with a local DNS server, such as 192.168.1.1 + # multiple DNS servers can be specified: --dns 8.8.8.8 --dns 192.168.1.1 + +The Docker daemon has to be restarted: + + $ sudo restart docker + +> **Warning**: +> If you're doing this on a laptop which connects to various networks, +> make sure to choose a public DNS server. + +An alternative solution involves disabling dnsmasq in NetworkManager by +following these steps: + + $ sudo nano /etc/NetworkManager/NetworkManager.conf + ---- + # Change: + dns=dnsmasq + # to + #dns=dnsmasq + +NetworkManager and Docker need to be restarted afterwards: + + $ sudo restart network-manager + $ sudo restart docker + +> **Warning**: This might make DNS resolution slower on some networks. + +## Mirrors + +You should `ping get.docker.io` and compare the +latency to the following mirrors, and pick whichever one is best for +you. + +### Yandex + +[Yandex](http://yandex.ru/) in Russia is mirroring the Docker Debian +packages, updating every 6 hours. +Substitute `http://mirror.yandex.ru/mirrors/docker/` for +`http://get.docker.io/ubuntu` in the instructions above. +For example: + + $ sudo sh -c "echo deb http://mirror.yandex.ru/mirrors/docker/ docker main\ + > /etc/apt/sources.list.d/docker.list" + $ sudo apt-get update + $ sudo apt-get install lxc-docker diff --git a/docs/sources/installation/ubuntulinux.rst b/docs/sources/installation/ubuntulinux.rst deleted file mode 100644 index 51f303e88a..0000000000 --- a/docs/sources/installation/ubuntulinux.rst +++ /dev/null @@ -1,375 +0,0 @@ -:title: Installation on Ubuntu -:description: Please note this project is currently under heavy development. It should not be used in production. -:keywords: Docker, Docker documentation, requirements, virtualbox, vagrant, git, ssh, putty, cygwin, linux - -.. _ubuntu_linux: - -Ubuntu -====== - -.. warning:: - - These instructions have changed for 0.6. If you are upgrading from - an earlier version, you will need to follow them again. - -.. include:: install_header.inc - -Docker is supported on the following versions of Ubuntu: - -- :ref:`ubuntu_precise` -- :ref:`ubuntu_raring_saucy` - -Please read :ref:`ufw`, if you plan to use `UFW (Uncomplicated -Firewall) `_ - -.. _ubuntu_precise: - -Ubuntu Precise 12.04 (LTS) (64-bit) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -This installation path should work at all times. - - -Dependencies ------------- - -**Linux kernel 3.8** - -Due to a bug in LXC, Docker works best on the 3.8 kernel. Precise -comes with a 3.2 kernel, so we need to upgrade it. The kernel you'll -install when following these steps comes with AUFS built in. We also -include the generic headers to enable packages that depend on them, -like ZFS and the VirtualBox guest additions. If you didn't install the -headers for your "precise" kernel, then you can skip these headers for -the "raring" kernel. But it is safer to include them if you're not -sure. - - -.. code-block:: bash - - # install the backported kernel - sudo apt-get update - sudo apt-get install linux-image-generic-lts-raring linux-headers-generic-lts-raring - - # reboot - sudo reboot - - -Installation ------------- - -.. warning:: - - These instructions have changed for 0.6. If you are upgrading from - an earlier version, you will need to follow them again. - -Docker is available as a Debian package, which makes installation -easy. **See the** :ref:`installmirrors` **section below if you are not in -the United States.** Other sources of the Debian packages may be -faster for you to install. - -First, check that your APT system can deal with ``https`` URLs: -the file ``/usr/lib/apt/methods/https`` should exist. If it doesn't, -you need to install the package ``apt-transport-https``. - -.. code-block:: bash - - [ -e /usr/lib/apt/methods/https ] || { - apt-get update - apt-get install apt-transport-https - } - -Then, add the Docker repository key to your local keychain. - -.. code-block:: bash - - sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9 - -Add the Docker repository to your apt sources list, update and install the -``lxc-docker`` package. - -*You may receive a warning that the package isn't trusted. Answer yes to -continue installation.* - -.. code-block:: bash - - sudo sh -c "echo deb https://get.docker.io/ubuntu docker main\ - > /etc/apt/sources.list.d/docker.list" - sudo apt-get update - sudo apt-get install lxc-docker - -.. note:: - - There is also a simple ``curl`` script available to help with this process. - - .. code-block:: bash - - curl -s https://get.docker.io/ubuntu/ | sudo sh - -Now verify that the installation has worked by downloading the ``ubuntu`` image -and launching a container. - -.. code-block:: bash - - sudo docker run -i -t ubuntu /bin/bash - -Type ``exit`` to exit - -**Done!**, now continue with the :ref:`hello_world` example. - -.. _ubuntu_raring_saucy: - -Ubuntu Raring 13.04 and Saucy 13.10 (64 bit) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -These instructions cover both Ubuntu Raring 13.04 and Saucy 13.10. - -Dependencies ------------- - -**Optional AUFS filesystem support** - -Ubuntu Raring already comes with the 3.8 kernel, so we don't need to install it. However, not all systems -have AUFS filesystem support enabled. AUFS support is optional as of version 0.7, but it's still available as -a driver and we recommend using it if you can. - -To make sure AUFS is installed, run the following commands: - -.. code-block:: bash - - sudo apt-get update - sudo apt-get install linux-image-extra-`uname -r` - - -Installation ------------- - -Docker is available as a Debian package, which makes installation easy. - -.. warning:: - - Please note that these instructions have changed for 0.6. If you are upgrading from an earlier version, you will need - to follow them again. - -First add the Docker repository key to your local keychain. - -.. code-block:: bash - - sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9 - -Add the Docker repository to your apt sources list, update and install the -``lxc-docker`` package. - -.. code-block:: bash - - sudo sh -c "echo deb http://get.docker.io/ubuntu docker main\ - > /etc/apt/sources.list.d/docker.list" - sudo apt-get update - sudo apt-get install lxc-docker - -Now verify that the installation has worked by downloading the ``ubuntu`` image -and launching a container. - -.. code-block:: bash - - sudo docker run -i -t ubuntu /bin/bash - -Type ``exit`` to exit - -**Done!**, now continue with the :ref:`hello_world` example. - - -Giving non-root access ----------------------- - -The ``docker`` daemon always runs as the root user, and since Docker version -0.5.2, the ``docker`` daemon binds to a Unix socket instead of a TCP port. By -default that Unix socket is owned by the user *root*, and so, by default, you -can access it with ``sudo``. - -Starting in version 0.5.3, if you (or your Docker installer) create a -Unix group called *docker* and add users to it, then the ``docker`` -daemon will make the ownership of the Unix socket read/writable by the -*docker* group when the daemon starts. The ``docker`` daemon must -always run as the root user, but if you run the ``docker`` client as a user in -the *docker* group then you don't need to add ``sudo`` to all the -client commands. As of 0.9.0, you can specify that a group other than ``docker`` -should own the Unix socket with the ``-G`` option. - -.. warning:: The *docker* group (or the group specified with ``-G``) is - root-equivalent; see :ref:`dockersecurity_daemon` details. - - -**Example:** - -.. code-block:: bash - - # Add the docker group if it doesn't already exist. - sudo groupadd docker - - # Add the connected user "${USER}" to the docker group. - # Change the user name to match your preferred user. - # You may have to logout and log back in again for - # this to take effect. - sudo gpasswd -a ${USER} docker - - # Restart the Docker daemon. - sudo service docker restart - - -Upgrade --------- - -To install the latest version of docker, use the standard ``apt-get`` method: - - -.. code-block:: bash - - # update your sources list - sudo apt-get update - - # install the latest - sudo apt-get install lxc-docker - -Memory and Swap Accounting -^^^^^^^^^^^^^^^^^^^^^^^^^^ - -If want to enable memory and swap accounting, you must add the following -command-line parameters to your kernel:: - - cgroup_enable=memory swapaccount=1 - -On systems using GRUB (which is the default for Ubuntu), you can add those -parameters by editing ``/etc/default/grub`` and extending -``GRUB_CMDLINE_LINUX``. Look for the following line:: - - GRUB_CMDLINE_LINUX="" - -And replace it by the following one:: - - GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1" - -Then run ``update-grub``, and reboot. - -Troubleshooting -^^^^^^^^^^^^^^^ - -On Linux Mint, the ``cgroup-lite`` package is not installed by default. -Before Docker will work correctly, you will need to install this via: - -.. code-block:: bash - - sudo apt-get update && sudo apt-get install cgroup-lite - -.. _ufw: - -Docker and UFW -^^^^^^^^^^^^^^ - -Docker uses a bridge to manage container networking. By default, UFW drops all -`forwarding` traffic. As a result you will need to enable UFW forwarding: - -.. code-block:: bash - - sudo nano /etc/default/ufw - ---- - # Change: - # DEFAULT_FORWARD_POLICY="DROP" - # to - DEFAULT_FORWARD_POLICY="ACCEPT" - -Then reload UFW: - -.. code-block:: bash - - sudo ufw reload - - -UFW's default set of rules denies all `incoming` traffic. If you want to be -able to reach your containers from another host then you should allow -incoming connections on the Docker port (default 4243): - -.. code-block:: bash - - sudo ufw allow 4243/tcp - -Docker and local DNS server warnings -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Systems which are running Ubuntu or an Ubuntu derivative on the desktop will -use `127.0.0.1` as the default nameserver in `/etc/resolv.conf`. NetworkManager -sets up dnsmasq to use the real DNS servers of the connection and sets up -`nameserver 127.0.0.1` in `/etc/resolv.conf`. - -When starting containers on these desktop machines, users will see a warning: - -.. code-block:: bash - - WARNING: Local (127.0.0.1) DNS resolver found in resolv.conf and containers can't use it. Using default external servers : [8.8.8.8 8.8.4.4] - -This warning is shown because the containers can't use the local DNS nameserver -and Docker will default to using an external nameserver. - -This can be worked around by specifying a DNS server to be used by the Docker -daemon for the containers: - -.. code-block:: bash - - sudo nano /etc/default/docker - --- - # Add: - DOCKER_OPTS="--dns 8.8.8.8" - # 8.8.8.8 could be replaced with a local DNS server, such as 192.168.1.1 - # multiple DNS servers can be specified: --dns 8.8.8.8 --dns 192.168.1.1 - -The Docker daemon has to be restarted: - -.. code-block:: bash - - sudo restart docker - -.. warning:: If you're doing this on a laptop which connects to various networks, make sure to choose a public DNS server. - -An alternative solution involves disabling dnsmasq in NetworkManager by -following these steps: - -.. code-block:: bash - - sudo nano /etc/NetworkManager/NetworkManager.conf - ---- - # Change: - dns=dnsmasq - # to - #dns=dnsmasq - -NetworkManager and Docker need to be restarted afterwards: - -.. code-block:: bash - - sudo restart network-manager - sudo restart docker - -.. warning:: This might make DNS resolution slower on some networks. - -.. _installmirrors: - -Mirrors -^^^^^^^ - -You should ``ping get.docker.io`` and compare the latency to the -following mirrors, and pick whichever one is best for you. - -Yandex ------- - -`Yandex `_ in Russia is mirroring the Docker Debian -packages, updating every 6 hours. Substitute -``http://mirror.yandex.ru/mirrors/docker/`` for -``http://get.docker.io/ubuntu`` in the instructions above. For example: - -.. code-block:: bash - - sudo sh -c "echo deb http://mirror.yandex.ru/mirrors/docker/ docker main\ - > /etc/apt/sources.list.d/docker.list" - sudo apt-get update - sudo apt-get install lxc-docker diff --git a/docs/sources/installation/windows.md b/docs/sources/installation/windows.md new file mode 100644 index 0000000000..ec633508c4 --- /dev/null +++ b/docs/sources/installation/windows.md @@ -0,0 +1,68 @@ +page_title: Installation on Windows +page_description: Please note this project is currently under heavy development. It should not be used in production. +page_keywords: Docker, Docker documentation, Windows, requirements, virtualbox, boot2docker + +# Windows + +Docker can run on Windows using a virtualization platform like +VirtualBox. A Linux distribution is run inside a virtual machine and +that's where Docker will run. + +## Installation + +> **Note**: +> Docker is still under heavy development! We don't recommend using it in +> production yet, but we're getting closer with each release. Please see +> our blog post, [Getting to Docker 1.0]( +> http://blog.docker.io/2013/08/getting-to-docker-1-0/) + +1. Install virtualbox from [https://www.virtualbox.org]( + https://www.virtualbox.org) - or follow this [tutorial]( + http://www.slideshare.net/julienbarbier42/install-virtualbox-on-windows-7). +2. Download the latest boot2docker.iso from + [https://github.com/boot2docker/boot2docker/releases]( + https://github.com/boot2docker/boot2docker/releases). +3. Start VirtualBox. +4. Create a new Virtual machine with the following settings: + + - Name: boot2docker + - Type: Linux + - Version: Linux 2.6 (64 bit) + - Memory size: 1024 MB + - Hard drive: Do not add a virtual hard drive + +5. Open the settings of the virtual machine: + + 5.1. go to Storage + 5.2. click the empty slot below Controller: IDE + 5.3. click the disc icon on the right of IDE Secondary Master + 5.4. click Choose a virtual CD/DVD disk file + +6. Browse to the path where you`ve saved the boot2docker.iso, select + the boot2docker.iso and click open. + +7. Click OK on the Settings dialog to save the changes and close the + window. + +8. Start the virtual machine by clicking the green start button. + +9. The boot2docker virtual machine should boot now. + +## Running Docker + +boot2docker will log you in automatically so you can start using Docker +right away. + +Let's try the “hello world” example. Run + + $ docker run busybox echo hello world + +This will download the small busybox image and print hello world. + +## Observations + +### Persistent storage + +The virtual machine created above lacks any persistent data storage. All +images and containers will be lost when shutting down or rebooting the +VM. diff --git a/docs/sources/installation/windows.rst b/docs/sources/installation/windows.rst deleted file mode 100644 index d00b012e6c..0000000000 --- a/docs/sources/installation/windows.rst +++ /dev/null @@ -1,72 +0,0 @@ -:title: Installation on Windows -:description: Please note this project is currently under heavy development. It should not be used in production. -:keywords: Docker, Docker documentation, Windows, requirements, virtualbox, boot2docker - -.. _windows: - -Windows -======= - -Docker can run on Windows using a virtualization platform like VirtualBox. A Linux -distribution is run inside a virtual machine and that's where Docker will run. - -Installation ------------- - -.. include:: install_header.inc - -1. Install virtualbox from https://www.virtualbox.org - or follow this `tutorial `_. - -2. Download the latest boot2docker.iso from https://github.com/boot2docker/boot2docker/releases. - -3. Start VirtualBox. - -4. Create a new Virtual machine with the following settings: - - - `Name: boot2docker` - - `Type: Linux` - - `Version: Linux 2.6 (64 bit)` - - `Memory size: 1024 MB` - - `Hard drive: Do not add a virtual hard drive` - -5. Open the settings of the virtual machine: - - 5.1. go to Storage - - 5.2. click the empty slot below `Controller: IDE` - - 5.3. click the disc icon on the right of `IDE Secondary Master` - - 5.4. click `Choose a virtual CD/DVD disk file` - -6. Browse to the path where you've saved the `boot2docker.iso`, select the `boot2docker.iso` and click open. - -7. Click OK on the Settings dialog to save the changes and close the window. - -8. Start the virtual machine by clicking the green start button. - -9. The boot2docker virtual machine should boot now. - -Running Docker --------------- - -boot2docker will log you in automatically so you can start using Docker right -away. - -Let's try the “hello world” example. Run - -.. code-block:: bash - - docker run busybox echo hello world - -This will download the small busybox image and print hello world. - - -Observations ------------- - -Persistent storage -`````````````````` - -The virtual machine created above lacks any persistent data storage. All images -and containers will be lost when shutting down or rebooting the VM. diff --git a/docs/sources/introduction/get-docker.md b/docs/sources/introduction/get-docker.md new file mode 100644 index 0000000000..e0d6f16654 --- /dev/null +++ b/docs/sources/introduction/get-docker.md @@ -0,0 +1,77 @@ +page_title: Getting Docker +page_description: Getting Docker and installation tutorials +page_keywords: docker, introduction, documentation, about, technology, understanding, Dockerfile + +# Getting Docker + +*How to install Docker?* + +## Introductions + +Once you are comfortable with your level of knowledge of Docker, and +feel like actually trying the product, you can download and start using +it by following the links listed below. There, you will find +installation instructions, specifically tailored for your platform of choice. + +## Installation Instructions + +### Linux (Native) + + - **Arch Linux:** + [Installation on Arch Linux](../installation/archlinux.md) + - **Fedora:** + [Installation on Fedora](../installation/fedora.md) + - **FrugalWare:** + [Installation on FrugalWare](../installation/frugalware.md) + - **Gentoo:** + [Installation on Gentoo](../installation/gentoolinux.md) + - **Red Hat Enterprise Linux:** + [Installation on Red Hat Enterprise Linux](../installation/rhel.md) + - **Ubuntu:** + [Installation on Ubuntu](../installation/ubuntulinux.md) + - **openSUSE:** + [Installation on openSUSE](../installation/openSUSE.md) + +### Mac OS X (Using Boot2Docker) + +In order to work, Docker makes use of some Linux Kernel features which +are not supported by Mac OS X. To run Docker on OS X we install and run +a lightweight virtual machine and run Docker on that. + + - **Mac OS X :** + [Installation on Mac OS X](../installation/mac.md) + +### Windows (Using Boot2Docker) + +Docker can also run on Windows using a virtual machine. You then run +Linux and Docker inside that virtual machine. + + - **Windows:** + [Installation on Windows](../installation/windows.md) + +### Infrastructure-as-a-Service + + - **Amazon EC2:** + [Installation on Amazon EC2](../installation/amazon.md) + - **Google Cloud Platform:** + [Installation on Google Cloud Platform](../installation/google.md) + - **Rackspace Cloud:** + [Installation on Rackspace Cloud](../installation/rackspace.md) + +## Where to go from here + +### Understanding Docker + +Visit [Understanding Docker](understanding-docker.md) in our Getting Started manual. + +### Learn about parts of Docker and the underlying technology + +Visit [Understanding the Technology](technology.md) in our Getting Started manual. + +### Get practical and learn how to use Docker straight away + +Visit [Working with Docker](working-with-docker.md) in our Getting Started manual. + +### Get the whole story + +[https://www.docker.io/the_whole_story/](https://www.docker.io/the_whole_story/) diff --git a/docs/sources/introduction/technology.md b/docs/sources/introduction/technology.md new file mode 100644 index 0000000000..a724e4aae6 --- /dev/null +++ b/docs/sources/introduction/technology.md @@ -0,0 +1,268 @@ +page_title: Understanding the Technology +page_description: Technology of Docker explained in depth +page_keywords: docker, introduction, documentation, about, technology, understanding, Dockerfile + +# Understanding the Technology + +*What is the architecture of Docker? What is its underlying technology?* + +## Introduction + +When it comes to understanding Docker and its underlying technology +there is no *magic* involved. Everything is based on tried and tested +features of the *Linux kernel*. Docker either makes use of those +features directly or builds upon them to provide new functionality. + +Aside from the technology, one of the major factors that make Docker +great is the way it is built. The project's core is very lightweight and +as much of Docker as possible is designed to be pluggable. Docker is +also built with integration in mind and has a fully featured API that +allows you to access all of the power of Docker from inside your own +applications. + +## The Architecture of Docker + +Docker is designed for developers and sysadmins. It's built to help you +build applications and services and then deploy them quickly and +efficiently: from development to production. + +Let's take a look. + +-- Docker is a client-server application. +-- Both the Docker client and the daemon *can* run on the same system, or; +-- You can connect a Docker client with a remote Docker daemon. +-- They communicate via sockets or through a RESTful API. +-- Users interact with the client to command the daemon, e.g. to create, run, and stop containers. +-- The daemon, receiving those commands, does the job, e.g. run a container, stop a container. + +![Docker Architecture Diagram](/article-img/architecture.svg) + +## The components of Docker + +Docker's main components are: + + - Docker *daemon*; + - Docker *client*, and; + - [Docker.io](https://index.docker.io) registry. + +### The Docker daemon + +As shown on the diagram above, the Docker daemon runs on a host machine. +The user does not directly interact with the daemon, but instead through +an intermediary: the Docker client. + +### Docker client + +The Docker client is the primary user interface to Docker. It is tasked +with accepting commands from the user and communicating back and forth +with a Docker daemon to manage the container lifecycle on any host. + +### Docker.io registry + +[Docker.io](https://index.docker.io) is the global archive (and +directory) of user supplied Docker container images. It currently hosts +a large – in fact, rapidly growing – number of projects where you +can find almost any popular application or deployment stack readily +available to download and run with a single command. + +As a social community project, Docker tries to provide all necessary +tools for everyone to grow with other *Dockers*. By issuing a single +command through the Docker client you can start sharing your own +creations with the rest of the world. + +However, knowing that not everything can be shared the [Docker.io]( +https://index.docker.io) also offers private repositories. In order to see +the available plans, you can click [here](https://index.docker.io/plans). + +Using [*docker-registry*](https://github.com/dotcloud/docker-registry), it is +also possible to run your own private Docker image registry service on your own +servers. + +> **Note:** To learn more about the [*Docker.io*](http://index.docker.io) +> registry (for public *and* private repositories), check out the [Registry & +> Index Spec](http://docs.docker.io/api/registry_index_spec/). + +### Summary + + - **When you install Docker, you get all the components:** + The daemon, the client and access to the [Docker.io](http://index.docker.io) registry. + - **You can run these components together or distributed:** + Servers with the Docker daemon running, controlled by the Docker client. + - **You can benefit form the public registry:** + Download and build upon images created by the community. + - **You can start a private repository for proprietary use.** + Sign up for a [plan](https://index.docker.io/plans) or host your own [docker-registry]( +https://github.com/dotcloud/docker-registry). + +## Elements of Docker + +The basic elements of Docker are: + + - **Containers, which allow:** + The run portion of Docker. Your applications run inside of containers. + - **Images, which provide:** + The build portion of Docker. Your containers are built from images. + - **The Dockerfile, which automates:** + A file that contains simple instructions that build Docker images. + +To get practical and learn what they are, and **_how to work_** with +them, continue to [Working with Docker](working-with-docker.md). If you would like to +understand **_how they work_**, stay here and continue reading. + +## The underlying technology + +The power of Docker comes from the underlying technology it is built +from. A series of operating system features are carefully glued together +to provide Docker's features and provide an easy to use interface to +those features. In this section, we will see the main operating system +features that Docker uses to make easy containerization happen. + +### Namespaces + +Docker takes advantage of a technology called `namespaces` to provide +an isolated workspace we call a *container*. When you run a container, +Docker creates a set of *namespaces* for that container. + +This provides a layer of isolation: each process runs in its own +namespace and does not have access outside it. + +Some of the namespaces Docker uses are: + + - **The `pid` namespace:** + Used for process numbering (PID: Process ID) + - **The `net` namespace:** + Used for managing network interfaces (NET: Networking) + - **The `ipc` namespace:** + Used for managing access to IPC resources (IPC: InterProcess Communication) + - **The `mnt` namespace:** + Used for managing mount-points (MNT: Mount) + - **The `uts` namespace:** + Used for isolating kernel / version identifiers. (UTS: Unix Timesharing System) + +### Control groups + +Docker also makes use of another technology called `cgroups` or control +groups. A key need to run applications in isolation is to have them +contained, not just in terms of related filesystem and/or dependencies, +but also, resources. Control groups allow Docker to fairly +share available hardware resources to containers and if asked, set up to +limits and constraints, for example limiting the memory to a maximum of 128 +MBs. + +### UnionFS + +UnionFS or union filesystems are filesystems that operate by creating +layers, making them very lightweight and fast. Docker uses union +filesystems to provide the building blocks for containers. We'll see +more about this below. + +### Containers + +Docker combines these components to build a container format we call +`libcontainer`. Docker also supports traditional Linux containers like +[LXC](https://linuxcontainers.org/) which also make use of these +components. + +## How does everything work + +A lot happens when Docker creates a container. + +Let's see how it works! + +### How does a container work? + +A container consists of an operating system, user added files and +meta-data. Each container is built from an image. That image tells +Docker what the container holds, what process to run when the container +is launched and a variety of other configuration data. The Docker image +is read-only. When Docker runs a container from an image it adds a +read-write layer on top of the image (using the UnionFS technology we +saw earlier) to run inside the container. + +### What happens when you run a container? + +The Docker client (or the API!) tells the Docker daemon to run a +container. Let's take a look at a simple `Hello world` example. + + $ docker run -i -t ubuntu /bin/bash + +Let's break down this command. The Docker client is launched using the +`docker` binary. The bare minimum the Docker client needs to tell the +Docker daemon is: + +* What Docker image to build the container from; +* The command you want to run inside the container when it is launched. + +So what happens under the covers when we run this command? + +Docker begins with: + + - **Pulling the `ubuntu` image:** + Docker checks for the presence of the `ubuntu` image and if it doesn't + exist locally on the host, then Docker downloads it from [Docker.io](https://index.docker.io) + - **Creates a new container:** + Once Docker has the image it creates a container from it. + - **Allocates a filesystem and mounts a read-write _layer_:** + The container is created in the filesystem and a read-write layer is added to the image. + - **Allocates a network / bridge interface:** + Creates a network interface that allows the Docker container to talk to the local host. + - **Sets up an IP address:** + Intelligently finds and attaches an available IP address from a pool. + - **Executes _a_ process that you specify:** + Runs your application, and; + - **Captures and provides application output:** + Connects and logs standard input, outputs and errors for you to see how your application is running. + +### How does a Docker Image work? + +We've already seen that Docker images are read-only templates that +Docker containers are launched from. When you launch that container it +creates a read-write layer on top of that image that your application is +run in. + +Docker images are built using a simple descriptive set of steps we +call *instructions*. Instructions are stored in a file called a +`Dockerfile`. Each instruction writes a new layer to an image using the +UnionFS technology we saw earlier. + +Every image starts from a base image, for example `ubuntu` a base Ubuntu +image or `fedora` a base Fedora image. Docker builds and provides these +base images via [Docker.io](http://index.docker.io). + +### How does a Docker registry work? + +The Docker registry is a store for your Docker images. Once you build a +Docker image you can *push* it to a public or private repository on [Docker.io]( +http://index.docker.io) or to your own registry running behind your firewall. + +Using the Docker client, you can search for already published images and +then pull them down to your Docker host to build containers from them +(or even build on these images). + +[Docker.io](http://index.docker.io) provides both public and +private storage for images. Public storage is searchable and can be +downloaded by anyone. Private repositories are excluded from search +results and only you and your users can pull them down and use them to +build containers. You can [sign up for a plan here](https://index.docker.io/plans). + +To learn more, check out the [Working with Repositories]( +http://docs.docker.io/use/workingwithrepository) section from the +[Docker documentation](http://docs.docker.io). + +## Where to go from here + +### Understanding Docker + +Visit [Understanding Docker](understanding-docker.md) in our Getting Started manual. + +### Get practical and learn how to use Docker straight away + +Visit [Working with Docker](working-with-docker.md) in our Getting Started manual. + +### Get the product and go hands-on + +Visit [Get Docker](get-docker.md) in our Getting Started manual. + +### Get the whole story + +[https://www.docker.io/the_whole_story/](https://www.docker.io/the_whole_story/) diff --git a/docs/sources/introduction/understanding-docker.md b/docs/sources/introduction/understanding-docker.md new file mode 100644 index 0000000000..53f5e43179 --- /dev/null +++ b/docs/sources/introduction/understanding-docker.md @@ -0,0 +1,272 @@ +page_title: Understanding Docker +page_description: Docker explained in depth +page_keywords: docker, introduction, documentation, about, technology, understanding, Dockerfile + +# Understanding Docker + +*What is Docker? What makes it great?* + +Building development lifecycles, pipelines and deployment tooling is +hard. It's not easy to create portable applications and services. +There's often high friction getting code from your development +environment to production. It's also hard to ensure those applications +and services are consistent, up-to-date and managed. + +Docker is designed to solve these problem for both developers and +sysadmins. It is a lightweight framework (with a powerful API) that +provides a lifecycle for building and deploying applications into +containers. + +Docker provides a way to run almost any application securely isolated +into a container. The isolation and security allows you to run many +containers simultaneously on your host. The lightweight nature of +containers, which run without the extra overload of a hypervisor, means +you can get more out of your hardware. + +**Note:** Docker itself is *shipped* with the Apache 2.0 license and it +is completely open-source — *the pun? very much intended*. + +### What are the Docker basics I need to know? + +Docker has three major components: + +* Docker containers. +* Docker images. +* Docker registries. + +#### Docker containers + +Docker containers are like a directory. A Docker container holds +everything that is needed for an application to run. Each container is +created from a Docker image. Docker containers can be run, started, +stopped, moved and deleted. Each container is an isolated and secure +application platform. You can consider Docker containers the *run* +portion of the Docker framework. + +#### Docker images + +The Docker image is a template, for example an Ubuntu +operating system with Apache and your web application installed. Docker +containers are launched from images. Docker provides a simple way to +build new images or update existing images. You can consider Docker +images to be the *build* portion of the Docker framework. + +#### Docker Registries + +Docker registries hold images. These are public (or private!) stores +that you can upload or download images to and from. These images can be +images you create yourself or you can make use of images that others +have previously created. Docker registries allow you to build simple and +powerful development and deployment work flows. You can consider Docker +registries the *share* portion of the Docker framework. + +### How does Docker work? + +Docker is a client-server framework. The Docker *client* commands the Docker +*daemon*, which in turn creates, builds and manages containers. + +The Docker daemon takes advantage of some neat Linux kernel and +operating system features, like `namespaces` and `cgroups`, to build +isolated container. Docker provides a simple abstraction layer to these +technologies. + +> **Note:** If you would like to learn more about the underlying technology, +> why not jump to [Understanding the Technology](technology.md) where we talk about them? You can +> always come back here to continue learning about features of Docker and what +> makes it different. + +## Features of Docker + +In order to get a good grasp of the capabilities of Docker you should +read the [User's Manual](http://docs.docker.io). Let's look at a summary +of Docker's features to give you an idea of how Docker might be useful +to you. + +### User centric and simple to use + +*Docker is made for humans.* + +It's easy to get started and easy to build and deploy applications with +Docker: or as we say "*dockerize*" them! As much of Docker as possible +uses plain English for commands and tries to be as lightweight and +transparent as possible. We want to get out of the way so you can build +and deploy your applications. + +### Docker is Portable + +*Dockerize And Go!* + +Docker containers are highly portable. Docker provides a standard +container format to hold your applications: + +* You take care of your applications inside the container, and; +* Docker takes care of managing the container. + +Any machine, be it bare-metal or virtualized, can run any Docker +container. The sole requirement is to have Docker installed. + +**This translates to:** + + - Reliability; + - Freeing your applications out of the dependency-hell; + - A natural guarantee that things will work, anywhere. + +### Lightweight + +*No more resources waste.* + +Containers are lightweight, in fact, they are extremely lightweight. +Unlike traditional virtual machines, which have the overhead of a +hypervisor, Docker relies on operating system level features to provide +isolation and security. A Docker container does not need anything more +than what your application needs to run. + +This translates to: + + - Ability to deploy a large number of applications on a single system; + - Lightning fast start up times and reduced overhead. + +### Docker can run anything + +*An amazing host! (again, pun intended.)* + +Docker isn't prescriptive about what applications or services you can run +inside containers. We provide use cases and examples for running web +services, databases, applications - just about anything you can imagine +can run in a Docker container. + +**This translates to:** + + - Ability to run a wide range of applications; + - Ability to deploy reliably without repeating yourself. + +### Plays well with others + +*A wonderful guest.* + +Today, it is possible to install and use Docker almost anywhere. Even on +non-Linux systems such as Windows or Mac OS X thanks to a project called +[Boot2Docker](http://boot2docker.io). + +**This translates to running Docker (and Docker containers!) _anywhere_:** + + - **Linux:** + Ubuntu, CentOS / RHEL, Fedora, Gentoo, openSUSE and more. + - **Infrastructure-as-a-Service:** + Amazon AWS, Google GCE, Rackspace Cloud and probably, your favorite IaaS. + - **Microsoft Windows** + - **OS X** + +### Docker is Responsible + +*A tool that you can trust.* + +Docker does not just bring you a set of tools to isolate and run +applications. It also allows you to specify constraints and controls on +those resources. + +**This translates to:** + + - Fine tuning available resources for each application; + - Allocating memory or CPU intelligently to make most of your environment; + +Without dealing with complicated commands or third party applications. + +### Docker is Social + +*Docker knows that No One Is an Island.* + +Docker allows you to share the images you've built with the world. And +lots of people have already shared their own images. + +To facilitate this sharing Docker comes with a public registry called +[Docker.io](http://index.docker.io). If you don't want your images to be +public you can also use private images on [Docker.io](https://index.docker.io) +or even run your own registry behind your firewall. + +**This translates to:** + + - No more wasting time building everything from scratch; + - Easily and quickly save your application stack; + - Share and benefit from the depth of the Docker community. + +## Docker versus Virtual Machines + +> I suppose it is tempting, if the *only* tool you have is a hammer, to +> treat *everything* as if it were a nail. +> — **_Abraham Maslow_** + +**Docker containers are:** + + - Easy on the resources; + - Extremely light to deal with; + - Do not come with substantial overhead; + - Very easy to work with; + - Agnostic; + - Can work *on* virtual machines; + - Secure and isolated; + - *Artful*, *social*, *fun*, and; + - Powerful sand-boxes. + +**Docker containers are not:** + + - Hardware or OS emulators; + - Resource heavy; + - Platform, software or language dependent. + +## Docker Use Cases + +Docker is a framework. As a result it's flexible and powerful enough to +be used in a lot of different use cases. + +### For developers + + - **Developed with developers in mind:** + Build, test and ship applications with nothing but Docker and lean + containers. + - **Re-usable building blocks to create more:** + Docker images are easily updated building blocks. + - **Automatically build-able:** + It has never been this easy to build - *anything*. + - **Easy to integrate:** + A powerful, fully featured API allows you to integrate Docker into your tooling. + +### For sysadmins + + - **Efficient (and DevOps friendly!) lifecycle:** + Operations and developments are consistent, repeatable and reliable. + - **Balanced environments:** + Processes between development, testing and production are leveled. + - **Improvements on speed and integration:** + Containers are almost nothing more than isolated, secure processes. + - **Lowered costs of infrastructure:** + Containers are lightweight and heavy on resources compared to virtual machines. + - **Portable configurations:** + Issues and overheads with dealing with configurations and systems are eliminated. + +### For everyone + + - **Increased security without performance loss:** + Replacing VMs with containers provide security without additional + hardware (or software). + - **Portable:** + You can easily move applications and workloads from different operating + systems and platforms. + +## Where to go from here + +### Learn about Parts of Docker and the underlying technology + +Visit [Understanding the Technology](technology.md) in our Getting Started manual. + +### Get practical and learn how to use Docker straight away + +Visit [Working with Docker](working-with-docker.md) in our Getting Started manual. + +### Get the product and go hands-on + +Visit [Get Docker](get-docker.md) in our Getting Started manual. + +### Get the whole story + +[https://www.docker.io/the_whole_story/](https://www.docker.io/the_whole_story/) diff --git a/docs/sources/introduction/working-with-docker.md b/docs/sources/introduction/working-with-docker.md new file mode 100644 index 0000000000..8d946e6846 --- /dev/null +++ b/docs/sources/introduction/working-with-docker.md @@ -0,0 +1,408 @@ +page_title: Working with Docker and the Dockerfile +page_description: Working with Docker and The Dockerfile explained in depth +page_keywords: docker, introduction, documentation, about, technology, understanding, Dockerfile + +# Working with Docker and the Dockerfile + +*How to use and work with Docker?* + +> **Warning! Don't let this long page bore you.** +> If you prefer a summary and would like to see how a specific command +> works, check out the glossary of all available client +> commands on our [User's Manual: Commands Reference]( +> http://docs.docker.io/reference/commandline/cli). + +## Introduction + +On the last page, [Understanding the Technology](technology.md), we covered the +components that make up Docker and learnt about the +underlying technology and *how* everything works. + +Now, it is time to get practical and see *how to work with* the Docker client, +Docker containers and images and the `Dockerfile`. + +> **Note:** You are encouraged to take a good look at the container, +> image and `Dockerfile` explanations here to have a better understanding +> on what exactly they are and to get an overall idea on how to work with +> them. On the next page (i.e., [Get Docker](get-docker.md)), you will be +> able to find links for platform-centric installation instructions. + +## Elements of Docker + +As we mentioned on the, [Understanding the Technology](technology.md) page, the main +elements of Docker are: + + - Containers; + - Images, and; + - The `Dockerfile`. + +> **Note:** This page is more *practical* than *technical*. If you are +> interested in understanding how these tools work behind the scenes +> and do their job, you can always read more on +> [Understanding the Technology](technology.md). + +## Working with the Docker client + +In order to work with the Docker client, you need to have a host with +the Docker daemon installed and running. + +### How to use the client + +The client provides you a command-line interface to Docker. It is +accessed by running the `docker` binary. + +> **Tip:** The below instructions can be considered a summary of our +> *interactive tutorial*. If you prefer a more hands-on approach without +> installing anything, why not give that a shot and check out the +> [Docker Interactive Tutorial](https://www.docker.io/gettingstarted). + +The `docker` client usage consists of passing a chain of arguments: + + # Usage: [sudo] docker [option] [command] [arguments] .. + # Example: + $ docker run -i -t ubuntu /bin/bash + +### Our first Docker command + +Let's get started with our first Docker command by checking the +version of the currently installed Docker client using the `docker +version` command. + + # Usage: [sudo] docker version + # Example: + $ docker version + +This command will not only provide you the version of Docker client you +are using, but also the version of Go (the programming language powering +Docker). + + Client version: 0.8.0 + Go version (client): go1.2 + + Git commit (client): cc3a8c8 + Server version: 0.8.0 + + Git commit (server): cc3a8c8 + Go version (server): go1.2 + + Last stable version: 0.8.0 + +### Finding out all available commands + +The user-centric nature of Docker means providing you a constant stream +of helpful instructions. This begins with the client itself. + +In order to get a full list of available commands run the `docker` +binary: + + # Usage: [sudo] docker + # Example: + $ docker + +You will get an output with all currently available commands. + + Commands: + attach Attach to a running container + build Build a container from a Dockerfile + commit Create a new image from a container's changes + . . . + +### Command usage instructions + +The same way used to learn all available commands can be repeated to find +out usage instructions for a specific command. + +Try typing Docker followed with a `[command]` to see the instructions: + + # Usage: [sudo] docker [command] [--help] + # Example: + $ docker attach + Help outputs . . . + +Or you can pass the `--help` flag to the `docker` binary. + + $ docker images --help + +You will get an output with all available options: + + Usage: docker attach [OPTIONS] CONTAINER + + Attach to a running container + + --no-stdin=false: Do not attach stdin + --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) + +## Working with images + +### Docker Images + +As we've discovered a Docker image is a read-only template that we build +containers from. Every Docker container is launched from an image and +you can use both images provided by others, for example we've discovered +the base `ubuntu` image provided by Docker, as well as images built by +others. For example we can build an image that runs Apache and our own +web application as a starting point to launch containers. + +### Searching for images + +To search for Docker image we use the `docker search` command. The +`docker search` command returns a list of all images that match your +search criteria together with additional, useful information about that +image. This includes information such as social metrics like how many +other people like the image - we call these "likes" *stars*. We also +tell you if an image is *trusted*. A *trusted* image is built from a +known source and allows you to introspect in greater detail how the +image is constructed. + + # Usage: [sudo] docker search [image name] + # Example: + $ docker search nginx + + NAME DESCRIPTION STARS OFFICIAL TRUSTED + $ dockerfile/nginx Trusted Nginx (http://nginx.org/) Build 6 [OK] + paintedfox/nginx-php5 A docker image for running Nginx with PHP5. 3 [OK] + $ dockerfiles/django-uwsgi-nginx dockerfile and configuration files to buil... 2 [OK] + . . . + +> **Note:** To learn more about trusted builds, check out [this]( +http://blog.docker.io/2013/11/introducing-trusted-builds) blog post. + +### Downloading an image + +Downloading a Docker image is called *pulling*. To do this we hence use the +`docker pull` command. + + # Usage: [sudo] docker pull [image name] + # Example: + $ docker pull dockerfile/nginx + + Pulling repository dockerfile/nginx + 0ade68db1d05: Pulling dependent layers + 27cf78414709: Download complete + b750fe79269d: Download complete + . . . + +As you can see, Docker will download, one by one, all the layers forming +the final image. This demonstrates the *building block* philosophy of +Docker. + +### Listing available images + +In order to get a full list of available images, you can use the +`docker images` command. + + # Usage: [sudo] docker images + # Example: + $ docker images + + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + myUserName/nginx latest a0d6c70867d2 41 seconds ago 578.8 MB + nginx latest 173c2dd28ab2 3 minutes ago 578.8 MB + $ dockerfile/nginx latest 0ade68db1d05 3 weeks ago 578.8 MB + +## Working with containers + +### Docker Containers + +Docker containers are directories on your Docker host that are built +from Docker images. In order to create or start a container, you need an +image. This could be the base `ubuntu` image or an image built and +shared with you or an image you've built yourself. + +### Running a new container from an image + +The easiest way to create a new container is to *run* one from an image. + + # Usage: [sudo] docker run [arguments] .. + # Example: + $ docker run -d --name nginx_web nginx /usr/sbin/nginx + +This will create a new container from an image called `nginx` which will +launch the command `/usr/sbin/nginx` when the container is run. We've +also given our container a name, `nginx_web`. + +Containers can be run in two modes: + +* Interactive; +* Daemonized; + +An interactive container runs in the foreground and you can connect to +it and interact with it. A daemonized container runs in the background. + +A container will run as long as the process you have launched inside it +is running, for example if the `/usr/bin/nginx` process stops running +the container will also stop. + +### Listing containers + +We can see a list of all the containers on our host using the `docker +ps` command. By default the `docker ps` command only shows running +containers. But we can also add the `-a` flag to show *all* containers - +both running and stopped. + + # Usage: [sudo] docker ps [-a] + # Example: + $ docker ps + + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 842a50a13032 $ dockerfile/nginx:latest nginx 35 minutes ago Up 30 minutes 0.0.0.0:80->80/tcp nginx_web + +### Stopping a container + +You can use the `docker stop` command to stop an active container. This will gracefully +end the active process. + + # Usage: [sudo] docker stop [container ID] + # Example: + $ docker stop nginx_web + nginx_web + +If the `docker stop` command succeeds it will return the name of +the container it has stopped. + +### Starting a Container + +Stopped containers can be started again. + + # Usage: [sudo] docker start [container ID] + # Example: + $ docker start nginx_web + nginx_web + +If the `docker start` command succeeds it will return the name of the +freshly started container. + +## Working with the Dockerfile + +The `Dockerfile` holds the set of instructions Docker uses to build a Docker image. + +> **Tip:** Below is a short summary of our full Dockerfile tutorial. In +> order to get a better-grasp of how to work with these automation +> scripts, check out the [Dockerfile step-by-step +> tutorial](https://www.docker.io/learn/dockerfile). + +A `Dockerfile` contains instructions written in the following format: + + # Usage: Instruction [arguments / command] .. + # Example: + FROM ubuntu + +A `#` sign is used to provide a comment: + + # Comments .. + +> **Tip:** The `Dockerfile` is very flexible and provides a powerful set +> of instructions for building applications. To learn more about the +> `Dockerfile` and its instructions see the [Dockerfile +> Reference](http://docs.docker.io/reference/builder/). + +### First steps with the Dockerfile + +It's a good idea to add some comments to the start of your `Dockerfile` +to provide explanation and exposition to any future consumers, for +example: + + # + # Dockerfile to install Nginx + # VERSION 2 - EDITION 1 + +The first instruction in any `Dockerfile` must be the `FROM` instruction. The `FROM` instruction specifies the image name that this new image is built from, it is often a base image like `ubuntu`. + + # Base image used is Ubuntu: + FROM ubuntu + +Next, we recommend you use the `MAINTAINER` instruction to tell people who manages this image. + + # Maintainer: O.S. Tezer (@ostezer) + MAINTAINER O.S. Tezer, ostezer@gmail.com + +After this we can add additional instructions that represent the steps +to build our actual image. + +### Our Dockerfile so far + +So far our `Dockerfile` will look like. + + # Dockerfile to install Nginx + # VERSION 2 - EDITION 1 + FROM ubuntu + MAINTAINER O.S. Tezer, ostezer@gmail.com + +Let's install a package and configure an application inside our image. To do this we use a new +instruction: `RUN`. The `RUN` instruction executes commands inside our +image, for example. The instruction is just like running a command on +the command line inside a container. + + RUN echo "deb http://archive.ubuntu.com/ubuntu/ raring main universe" >> /etc/apt/sources.list + RUN apt-get update + RUN apt-get install -y nginx + RUN echo "\ndaemon off;" >> /etc/nginx/nginx.conf + +We can see here that we've *run* four instructions. Each time we run an +instruction a new layer is added to our image. Here's we've added an +Ubuntu package repository, updated the packages, installed the `nginx` +package and then echo'ed some configuration to the default +`/etc/nginx/nginx.conf` configuration file. + +Let's specify another instruction, `CMD`, that tells Docker what command +to run when a container is created from this image. + + CMD /usr/sbin/nginx + +We can now save this file and use it build an image. + +### Using a Dockerfile + +Docker uses the `Dockerfile` to build images. The build process is initiated by the `docker build` command. + + # Use the Dockerfile at the current location + # Usage: [sudo] docker build . + # Example: + $ docker build -t="my_nginx_image" . + + Uploading context 25.09 kB + Uploading context + Step 0 : FROM ubuntu + ---> 9cd978db300e + Step 1 : MAINTAINER O.S. Tezer, ostezer@gmail.com + ---> Using cache + ---> 467542d0cdd3 + Step 2 : RUN echo "deb http://archive.ubuntu.com/ubuntu/ raring main universe" >> /etc/apt/sources.list + ---> Using cache + ---> 0a688bd2a48c + Step 3 : RUN apt-get update + ---> Running in de2937e8915a + . . . + Step 10 : CMD /usr/sbin/nginx + ---> Running in b4908b9b9868 + ---> 626e92c5fab1 + Successfully built 626e92c5fab1 + +Here we can see that Docker has executed each instruction in turn and +each instruction has created a new layer in turn and each layer identified +by a new ID. The `-t` flag allows us to specify a name for our new +image, here `my_nginx_image`. + +We can see our new image using the `docker images` command. + + $ docker images + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + my_nginx_img latest 626e92c5fab1 57 seconds ago 337.6 MB + +## Where to go from here + +### Understanding Docker + +Visit [Understanding Docker](understanding-docker.md) in our Getting Started manual. + +### Learn about parts of Docker and the underlying technology + +Visit [Understanding the Technology](technology.md) in our Getting Started manual. + +### Get the product and go hands-on + +Visit [Get Docker](get-docker.md) in our Getting Started manual. + +### Get the whole story + +[https://www.docker.io/the_whole_story/](https://www.docker.io/the_whole_story/) diff --git a/docs/sources/jsearch.md b/docs/sources/jsearch.md new file mode 100644 index 0000000000..0e2def2f70 --- /dev/null +++ b/docs/sources/jsearch.md @@ -0,0 +1,9 @@ +# Search + +
+ + +
+ +
+
diff --git a/docs/sources/reference.md b/docs/sources/reference.md new file mode 100644 index 0000000000..6c1ab462d4 --- /dev/null +++ b/docs/sources/reference.md @@ -0,0 +1,9 @@ +# Reference Manual + +## Contents: + + - [Commands](commandline/) + - [Dockerfile Reference](builder/) + - [Docker Run Reference](run/) + - [APIs](api/) + diff --git a/docs/sources/reference/api.md b/docs/sources/reference/api.md new file mode 100644 index 0000000000..9f185a0e37 --- /dev/null +++ b/docs/sources/reference/api.md @@ -0,0 +1,86 @@ +# APIs + +Your programs and scripts can access Docker's functionality via these +interfaces: + + - [Registry & Index Spec](registry_index_spec/) + - [1. The 3 roles](registry_index_spec/#the-3-roles) + - [1.1 Index](registry_index_spec/#index) + - [1.2 Registry](registry_index_spec/#registry) + - [1.3 Docker](registry_index_spec/#docker) + + - [2. Workflow](registry_index_spec/#workflow) + - [2.1 Pull](registry_index_spec/#pull) + - [2.2 Push](registry_index_spec/#push) + - [2.3 Delete](registry_index_spec/#delete) + + - [3. How to use the Registry in standalone mode](registry_index_spec/#how-to-use-the-registry-in-standalone-mode) + - [3.1 Without an Index](registry_index_spec/#without-an-index) + - [3.2 With an Index](registry_index_spec/#with-an-index) + + - [4. The API](registry_index_spec/#the-api) + - [4.1 Images](registry_index_spec/#images) + - [4.2 Users](registry_index_spec/#users) + - [4.3 Tags (Registry)](registry_index_spec/#tags-registry) + - [4.4 Images (Index)](registry_index_spec/#images-index) + - [4.5 Repositories](registry_index_spec/#repositories) + + - [5. Chaining Registries](registry_index_spec/#chaining-registries) + - [6. Authentication & Authorization](registry_index_spec/#authentication-authorization) + - [6.1 On the Index](registry_index_spec/#on-the-index) + - [6.2 On the Registry](registry_index_spec/#on-the-registry) + + - [7 Document Version](registry_index_spec/#document-version) + + - [Docker Registry API](registry_api/) + - [1. Brief introduction](registry_api/#brief-introduction) + - [2. Endpoints](registry_api/#endpoints) + - [2.1 Images](registry_api/#images) + - [2.2 Tags](registry_api/#tags) + - [2.3 Repositories](registry_api/#repositories) + - [2.4 Status](registry_api/#status) + + - [3 Authorization](registry_api/#authorization) + + - [Docker.io API](index_api/) + - [1. Brief introduction](index_api/#brief-introduction) + - [2. Endpoints](index_api/#endpoints) + - [2.1 Repository](index_api/#repository) + - [2.2 Users](index_api/#users) + - [2.3 Search](index_api/#search) + + - [Docker Remote API](docker_remote_api/) + - [1. Brief introduction](docker_remote_api/#brief-introduction) + - [2. Versions](docker_remote_api/#versions) + - [v1.11](docker_remote_api/#v1-11) + - [v1.10](docker_remote_api/#v1-10) + - [v1.9](docker_remote_api/#v1-9) + - [v1.8](docker_remote_api/#v1-8) + - [v1.7](docker_remote_api/#v1-7) + - [v1.6](docker_remote_api/#v1-6) + - [v1.5](docker_remote_api/#v1-5) + - [v1.4](docker_remote_api/#v1-4) + - [v1.3](docker_remote_api/#v1-3) + - [v1.2](docker_remote_api/#v1-2) + - [v1.1](docker_remote_api/#v1-1) + - [v1.0](docker_remote_api/#v1-0) + + - [Docker Remote API Client Libraries](remote_api_client_libraries/) + - [docker.io OAuth API](docker_io_oauth_api/) + - [1. Brief introduction](docker_io_oauth_api/#brief-introduction) + - [2. Register Your Application](docker_io_oauth_api/#register-your-application) + - [3. Endpoints](docker_io_oauth_api/#endpoints) + - [3.1 Get an Authorization Code](docker_io_oauth_api/#get-an-authorization-code) + - [3.2 Get an Access Token](docker_io_oauth_api/#get-an-access-token) + - [3.3 Refresh a Token](docker_io_oauth_api/#refresh-a-token) + + - [4. Use an Access Token with the API](docker_io_oauth_api/#use-an-access-token-with-the-api) + + - [docker.io Accounts API](docker_io_accounts_api/) + - [1. Endpoints](docker_io_accounts_api/#endpoints) + - [1.1 Get a single user](docker_io_accounts_api/#get-a-single-user) + - [1.2 Update a single user](docker_io_accounts_api/#update-a-single-user) + - [1.3 List email addresses for a user](docker_io_accounts_api/#list-email-addresses-for-a-user) + - [1.4 Add email address for a user](docker_io_accounts_api/#add-email-address-for-a-user) + - [1.5 Update an email address for a user](docker_io_accounts_api/#update-an-email-address-for-a-user) + - [1.6 Delete email address for a user](docker_io_accounts_api/#delete-email-address-for-a-user) \ No newline at end of file diff --git a/docs/sources/reference/api/README.md b/docs/sources/reference/api/README.md index ec42b89733..a7b8ae1b44 100644 --- a/docs/sources/reference/api/README.md +++ b/docs/sources/reference/api/README.md @@ -1,6 +1,9 @@ This directory holds the authoritative specifications of APIs defined and implemented by Docker. Currently this includes: -* The remote API by which a docker node can be queried over HTTP -* The registry API by which a docker node can download and upload container images for storage and sharing -* The index search API by which a docker node can search the public index for images to download -* The docker.io OAuth and accounts API which 3rd party services can use to access account information + * The remote API by which a docker node can be queried over HTTP + * The registry API by which a docker node can download and upload + container images for storage and sharing + * The index search API by which a docker node can search the public + index for images to download + * The docker.io OAuth and accounts API which 3rd party services can + use to access account information diff --git a/docs/sources/reference/api/index_api.rst b/docs/sources/reference/api/docker-io_api.md similarity index 50% rename from docs/sources/reference/api/index_api.rst rename to docs/sources/reference/api/docker-io_api.md index 5191fc8992..66cf311b41 100644 --- a/docs/sources/reference/api/index_api.rst +++ b/docs/sources/reference/api/docker-io_api.md @@ -1,38 +1,27 @@ -:title: Index API -:description: API Documentation for Docker Index -:keywords: API, Docker, index, REST, documentation +page_title: Docker.io API +page_description: API Documentation for the Docker.io API +page_keywords: API, Docker, index, REST, documentation, Docker.io, registry -================= -Docker Index API -================= +# Docker.io API -1. Brief introduction -===================== +## Introduction -- This is the REST API for the Docker index +- This is the REST API for [Docker.io](http://index.docker.io). - Authorization is done with basic auth over SSL - Not all commands require authentication, only those noted as such. -2. Endpoints -============ +## Repository -2.1 Repository -^^^^^^^^^^^^^^ +### Repositories -Repositories -************* +#### User Repo -User Repo -~~~~~~~~~ +`PUT /v1/repositories/(namespace)/(repo_name)/` -.. http:put:: /v1/repositories/(namespace)/(repo_name)/ - - Create a user repository with the given ``namespace`` and ``repo_name``. +Create a user repository with the given `namespace` and `repo_name`. **Example Request**: - .. sourcecode:: http - PUT /v1/repositories/foo/bar/ HTTP/1.1 Host: index.docker.io Accept: application/json @@ -42,13 +31,13 @@ User Repo [{"id": "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f"}] - :parameter namespace: the namespace for the repo - :parameter repo_name: the name for the repo + Parameters: + + - **namespace** – the namespace for the repo + - **repo_name** – the name for the repo **Example Response**: - .. sourcecode:: http - HTTP/1.1 200 Vary: Accept Content-Type: application/json @@ -58,20 +47,19 @@ User Repo "" - :statuscode 200: Created - :statuscode 400: Errors (invalid json, missing or invalid fields, etc) - :statuscode 401: Unauthorized - :statuscode 403: Account is not Active + Status Codes: + - **200** – Created + - **400** – Errors (invalid json, missing or invalid fields, etc) + - **401** – Unauthorized + - **403** – Account is not Active -.. http:delete:: /v1/repositories/(namespace)/(repo_name)/ +`DELETE /v1/repositories/(namespace)/(repo_name)/` - Delete a user repository with the given ``namespace`` and ``repo_name``. +Delete a user repository with the given `namespace` and `repo_name`. **Example Request**: - .. sourcecode:: http - DELETE /v1/repositories/foo/bar/ HTTP/1.1 Host: index.docker.io Accept: application/json @@ -81,13 +69,13 @@ User Repo "" - :parameter namespace: the namespace for the repo - :parameter repo_name: the name for the repo + Parameters: + + - **namespace** – the namespace for the repo + - **repo_name** – the name for the repo **Example Response**: - .. sourcecode:: http - HTTP/1.1 202 Vary: Accept Content-Type: application/json @@ -97,26 +85,26 @@ User Repo "" - :statuscode 200: Deleted - :statuscode 202: Accepted - :statuscode 400: Errors (invalid json, missing or invalid fields, etc) - :statuscode 401: Unauthorized - :statuscode 403: Account is not Active + Status Codes: -Library Repo -~~~~~~~~~~~~ + - **200** – Deleted + - **202** – Accepted + - **400** – Errors (invalid json, missing or invalid fields, etc) + - **401** – Unauthorized + - **403** – Account is not Active -.. http:put:: /v1/repositories/(repo_name)/ +#### Library Repo + +`PUT /v1/repositories/(repo_name)/` + +Create a library repository with the given `repo_name`. +This is a restricted feature only available to docker admins. + + When namespace is missing, it is assumed to be `library` - Create a library repository with the given ``repo_name``. - This is a restricted feature only available to docker admins. - - When namespace is missing, it is assumed to be ``library`` **Example Request**: - .. sourcecode:: http - PUT /v1/repositories/foobar/ HTTP/1.1 Host: index.docker.io Accept: application/json @@ -126,12 +114,12 @@ Library Repo [{"id": "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f"}] - :parameter repo_name: the library name for the repo + Parameters: + + - **repo_name** – the library name for the repo **Example Response**: - .. sourcecode:: http - HTTP/1.1 200 Vary: Accept Content-Type: application/json @@ -141,22 +129,23 @@ Library Repo "" - :statuscode 200: Created - :statuscode 400: Errors (invalid json, missing or invalid fields, etc) - :statuscode 401: Unauthorized - :statuscode 403: Account is not Active + Status Codes: -.. http:delete:: /v1/repositories/(repo_name)/ + - **200** – Created + - **400** – Errors (invalid json, missing or invalid fields, etc) + - **401** – Unauthorized + - **403** – Account is not Active + +`DELETE /v1/repositories/(repo_name)/` + +Delete a library repository with the given `repo_name`. +This is a restricted feature only available to docker admins. + + When namespace is missing, it is assumed to be `library` - Delete a library repository with the given ``repo_name``. - This is a restricted feature only available to docker admins. - - When namespace is missing, it is assumed to be ``library`` **Example Request**: - .. sourcecode:: http - DELETE /v1/repositories/foobar/ HTTP/1.1 Host: index.docker.io Accept: application/json @@ -166,12 +155,12 @@ Library Repo "" - :parameter repo_name: the library name for the repo + Parameters: + + - **repo_name** – the library name for the repo **Example Response**: - .. sourcecode:: http - HTTP/1.1 202 Vary: Accept Content-Type: application/json @@ -181,26 +170,24 @@ Library Repo "" - :statuscode 200: Deleted - :statuscode 202: Accepted - :statuscode 400: Errors (invalid json, missing or invalid fields, etc) - :statuscode 401: Unauthorized - :statuscode 403: Account is not Active + Status Codes: -Repository Images -***************** + - **200** – Deleted + - **202** – Accepted + - **400** – Errors (invalid json, missing or invalid fields, etc) + - **401** – Unauthorized + - **403** – Account is not Active -User Repo Images -~~~~~~~~~~~~~~~~ +### Repository Images -.. http:put:: /v1/repositories/(namespace)/(repo_name)/images +#### User Repo Images - Update the images for a user repo. +`PUT /v1/repositories/(namespace)/(repo_name)/images` + +Update the images for a user repo. **Example Request**: - .. sourcecode:: http - PUT /v1/repositories/foo/bar/images HTTP/1.1 Host: index.docker.io Accept: application/json @@ -210,44 +197,43 @@ User Repo Images [{"id": "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f", "checksum": "b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087"}] - :parameter namespace: the namespace for the repo - :parameter repo_name: the name for the repo + Parameters: + + - **namespace** – the namespace for the repo + - **repo_name** – the name for the repo **Example Response**: - .. sourcecode:: http - HTTP/1.1 204 Vary: Accept Content-Type: application/json "" - :statuscode 204: Created - :statuscode 400: Errors (invalid json, missing or invalid fields, etc) - :statuscode 401: Unauthorized - :statuscode 403: Account is not Active or permission denied + Status Codes: + - **204** – Created + - **400** – Errors (invalid json, missing or invalid fields, etc) + - **401** – Unauthorized + - **403** – Account is not Active or permission denied -.. http:get:: /v1/repositories/(namespace)/(repo_name)/images +`GET /v1/repositories/(namespace)/(repo_name)/images` - get the images for a user repo. +Get the images for a user repo. **Example Request**: - .. sourcecode:: http - GET /v1/repositories/foo/bar/images HTTP/1.1 Host: index.docker.io Accept: application/json - :parameter namespace: the namespace for the repo - :parameter repo_name: the name for the repo + Parameters: + + - **namespace** – the namespace for the repo + - **repo_name** – the name for the repo **Example Response**: - .. sourcecode:: http - HTTP/1.1 200 Vary: Accept Content-Type: application/json @@ -257,20 +243,19 @@ User Repo Images {"id": "ertwetewtwe38722009fe6857087b486531f9a779a0c1dfddgfgsdgdsgds", "checksum": "34t23f23fc17e3ed29dae8f12c4f9e89cc6f0bsdfgfsdgdsgdsgerwgew"}] - :statuscode 200: OK - :statuscode 404: Not found + Status Codes: -Library Repo Images -~~~~~~~~~~~~~~~~~~~ + - **200** – OK + - **404** – Not found -.. http:put:: /v1/repositories/(repo_name)/images +#### Library Repo Images - Update the images for a library repo. +`PUT /v1/repositories/(repo_name)/images` + +Update the images for a library repo. **Example Request**: - .. sourcecode:: http - PUT /v1/repositories/foobar/images HTTP/1.1 Host: index.docker.io Accept: application/json @@ -280,42 +265,41 @@ Library Repo Images [{"id": "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f", "checksum": "b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087"}] - :parameter repo_name: the library name for the repo + Parameters: + + - **repo_name** – the library name for the repo **Example Response**: - .. sourcecode:: http - HTTP/1.1 204 Vary: Accept Content-Type: application/json "" - :statuscode 204: Created - :statuscode 400: Errors (invalid json, missing or invalid fields, etc) - :statuscode 401: Unauthorized - :statuscode 403: Account is not Active or permission denied + Status Codes: + - **204** – Created + - **400** – Errors (invalid json, missing or invalid fields, etc) + - **401** – Unauthorized + - **403** – Account is not Active or permission denied -.. http:get:: /v1/repositories/(repo_name)/images +`GET /v1/repositories/(repo_name)/images` - get the images for a library repo. +Get the images for a library repo. **Example Request**: - .. sourcecode:: http - GET /v1/repositories/foobar/images HTTP/1.1 Host: index.docker.io Accept: application/json - :parameter repo_name: the library name for the repo + Parameters: + + - **repo_name** – the library name for the repo **Example Response**: - .. sourcecode:: http - HTTP/1.1 200 Vary: Accept Content-Type: application/json @@ -325,94 +309,86 @@ Library Repo Images {"id": "ertwetewtwe38722009fe6857087b486531f9a779a0c1dfddgfgsdgdsgds", "checksum": "34t23f23fc17e3ed29dae8f12c4f9e89cc6f0bsdfgfsdgdsgdsgerwgew"}] - :statuscode 200: OK - :statuscode 404: Not found + Status Codes: + - **200** – OK + - **404** – Not found -Repository Authorization -************************ +### Repository Authorization -Library Repo -~~~~~~~~~~~~ +#### Library Repo -.. http:put:: /v1/repositories/(repo_name)/auth +`PUT /v1/repositories/(repo_name)/auth` - authorize a token for a library repo +Authorize a token for a library repo **Example Request**: - .. sourcecode:: http - PUT /v1/repositories/foobar/auth HTTP/1.1 Host: index.docker.io Accept: application/json Authorization: Token signature=123abc,repository="library/foobar",access=write - :parameter repo_name: the library name for the repo + Parameters: + + - **repo_name** – the library name for the repo **Example Response**: - .. sourcecode:: http - HTTP/1.1 200 Vary: Accept Content-Type: application/json "OK" - :statuscode 200: OK - :statuscode 403: Permission denied - :statuscode 404: Not found + Status Codes: + - **200** – OK + - **403** – Permission denied + - **404** – Not found -User Repo -~~~~~~~~~ +#### User Repo -.. http:put:: /v1/repositories/(namespace)/(repo_name)/auth +`PUT /v1/repositories/(namespace)/(repo_name)/auth` - authorize a token for a user repo +Authorize a token for a user repo **Example Request**: - .. sourcecode:: http - PUT /v1/repositories/foo/bar/auth HTTP/1.1 Host: index.docker.io Accept: application/json Authorization: Token signature=123abc,repository="foo/bar",access=write - :parameter namespace: the namespace for the repo - :parameter repo_name: the name for the repo + Parameters: + + - **namespace** – the namespace for the repo + - **repo_name** – the name for the repo **Example Response**: - .. sourcecode:: http - HTTP/1.1 200 Vary: Accept Content-Type: application/json "OK" - :statuscode 200: OK - :statuscode 403: Permission denied - :statuscode 404: Not found + Status Codes: + - **200** – OK + - **403** – Permission denied + - **404** – Not found -2.2 Users -^^^^^^^^^ +### Users -User Login -********** +#### User Login -.. http:get:: /v1/users +`GET /v1/users` + +If you want to check your login, you can try this endpoint - If you want to check your login, you can try this endpoint - **Example Request**: - - .. sourcecode:: http - + GET /v1/users HTTP/1.1 Host: index.docker.io Accept: application/json @@ -420,30 +396,26 @@ User Login **Example Response**: - .. sourcecode:: http - HTTP/1.1 200 OK Vary: Accept Content-Type: application/json OK - :statuscode 200: no error - :statuscode 401: Unauthorized - :statuscode 403: Account is not Active + Status Codes: + - **200** – no error + - **401** – Unauthorized + - **403** – Account is not Active -User Register -************* +#### User Register -.. http:post:: /v1/users +`POST /v1/users` - Registering a new account. +Registering a new account. **Example request**: - .. sourcecode:: http - POST /v1/users HTTP/1.1 Host: index.docker.io Accept: application/json @@ -451,41 +423,45 @@ User Register {"email": "sam@dotcloud.com", "password": "toto42", - "username": "foobar"'} + "username": "foobar"} - :jsonparameter email: valid email address, that needs to be confirmed - :jsonparameter username: min 4 character, max 30 characters, must match the regular expression [a-z0-9\_]. - :jsonparameter password: min 5 characters + Json Parameters: + +   + + - **email** – valid email address, that needs to be confirmed + - **username** – min 4 character, max 30 characters, must match + the regular expression [a-z0-9_]. + - **password** – min 5 characters **Example Response**: - .. sourcecode:: http - HTTP/1.1 201 OK Vary: Accept Content-Type: application/json "User Created" - :statuscode 201: User Created - :statuscode 400: Errors (invalid json, missing or invalid fields, etc) + Status Codes: -Update User -*********** + - **201** – User Created + - **400** – Errors (invalid json, missing or invalid fields, etc) -.. http:put:: /v1/users/(username)/ +#### Update User - Change a password or email address for given user. If you pass in an email, - it will add it to your account, it will not remove the old one. Passwords will - be updated. +`PUT /v1/users/(username)/` - It is up to the client to verify that that password that is sent is the one that - they want. Common approach is to have them type it twice. +Change a password or email address for given user. If you pass in an + + email, it will add it to your account, it will not remove the old + one. Passwords will be updated. + + It is up to the client to verify that that password that is sent is + the one that they want. Common approach is to have them type it + twice. **Example Request**: - .. sourcecode:: http - PUT /v1/users/fakeuser/ HTTP/1.1 Host: index.docker.io Accept: application/json @@ -495,62 +471,65 @@ Update User {"email": "sam@dotcloud.com", "password": "toto42"} - :parameter username: username for the person you want to update + Parameters: + + - **username** – username for the person you want to update **Example Response**: - .. sourcecode:: http - HTTP/1.1 204 Vary: Accept Content-Type: application/json "" - :statuscode 204: User Updated - :statuscode 400: Errors (invalid json, missing or invalid fields, etc) - :statuscode 401: Unauthorized - :statuscode 403: Account is not Active - :statuscode 404: User not found + Status Codes: + - **204** – User Updated + - **400** – Errors (invalid json, missing or invalid fields, etc) + - **401** – Unauthorized + - **403** – Account is not Active + - **404** – User not found + +## Search -2.3 Search -^^^^^^^^^^ If you need to search the index, this is the endpoint you would use. -Search -****** +### Search -.. http:get:: /v1/search +`GET /v1/search` - Search the Index given a search term. It accepts :http:method:`get` only. +Search the Index given a search term. It accepts - **Example request**: + [GET](http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.3) + only. - .. sourcecode:: http + **Example request**: - GET /v1/search?q=search_term HTTP/1.1 - Host: example.com - Accept: application/json + GET /v1/search?q=search_term HTTP/1.1 + Host: example.com + Accept: application/json + **Example response**: - **Example response**: + HTTP/1.1 200 OK + Vary: Accept + Content-Type: application/json - .. sourcecode:: http + {"query":"search_term", + "num_results": 3, + "results" : [ + {"name": "ubuntu", "description": "An ubuntu image..."}, + {"name": "centos", "description": "A centos image..."}, + {"name": "fedora", "description": "A fedora image..."} + ] + } - HTTP/1.1 200 OK - Vary: Accept - Content-Type: application/json + Query Parameters: - {"query":"search_term", - "num_results": 3, - "results" : [ - {"name": "ubuntu", "description": "An ubuntu image..."}, - {"name": "centos", "description": "A centos image..."}, - {"name": "fedora", "description": "A fedora image..."} - ] - } + - **q** – what you want to search for - :query q: what you want to search for - :statuscode 200: no error - :statuscode 500: server error + Status Codes: + + - **200** – no error + - **500** – server error diff --git a/docs/sources/reference/api/docker_io_accounts_api.md b/docs/sources/reference/api/docker_io_accounts_api.md new file mode 100644 index 0000000000..b9f76ba92c --- /dev/null +++ b/docs/sources/reference/api/docker_io_accounts_api.md @@ -0,0 +1,288 @@ +page_title: docker.io Accounts API +page_description: API Documentation for docker.io accounts. +page_keywords: API, Docker, accounts, REST, documentation + +# docker.io Accounts API + +## 1. Endpoints + +### 1.1 Get a single user + +`GET /api/v1.1/users/:username/` + +Get profile info for the specified user. + + Parameters: + + - **username** – username of the user whose profile info is being + requested. + + Request Headers: + +   + + - **Authorization** – required authentication credentials of + either type HTTP Basic or OAuth Bearer Token. + + Status Codes: + + - **200** – success, user data returned. + - **401** – authentication error. + - **403** – permission error, authenticated user must be the user + whose data is being requested, OAuth access tokens must have + `profile_read` scope. + - **404** – the specified username does not exist. + + **Example request**: + + GET /api/v1.1/users/janedoe/ HTTP/1.1 + Host: www.docker.io + Accept: application/json + Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ= + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "id": 2, + "username": "janedoe", + "url": "https://www.docker.io/api/v1.1/users/janedoe/", + "date_joined": "2014-02-12T17:58:01.431312Z", + "type": "User", + "full_name": "Jane Doe", + "location": "San Francisco, CA", + "company": "Success, Inc.", + "profile_url": "https://docker.io/", + "gravatar_url": "https://secure.gravatar.com/avatar/0212b397124be4acd4e7dea9aa357.jpg?s=80&r=g&d=mm" + "email": "jane.doe@example.com", + "is_active": true + } + +### 1.2 Update a single user + +`PATCH /api/v1.1/users/:username/` + +Update profile info for the specified user. + + Parameters: + + - **username** – username of the user whose profile info is being + updated. + + Json Parameters: + +   + + - **full_name** (*string*) – (optional) the new name of the user. + - **location** (*string*) – (optional) the new location. + - **company** (*string*) – (optional) the new company of the user. + - **profile_url** (*string*) – (optional) the new profile url. + - **gravatar_email** (*string*) – (optional) the new Gravatar + email address. + + Request Headers: + +   + + - **Authorization** – required authentication credentials of + either type HTTP Basic or OAuth Bearer Token. + - **Content-Type** – MIME Type of post data. JSON, url-encoded + form data, etc. + + Status Codes: + + - **200** – success, user data updated. + - **400** – post data validation error. + - **401** – authentication error. + - **403** – permission error, authenticated user must be the user + whose data is being updated, OAuth access tokens must have + `profile_write` scope. + - **404** – the specified username does not exist. + + **Example request**: + + PATCH /api/v1.1/users/janedoe/ HTTP/1.1 + Host: www.docker.io + Accept: application/json + Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ= + + { + "location": "Private Island", + "profile_url": "http://janedoe.com/", + "company": "Retired", + } + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "id": 2, + "username": "janedoe", + "url": "https://www.docker.io/api/v1.1/users/janedoe/", + "date_joined": "2014-02-12T17:58:01.431312Z", + "type": "User", + "full_name": "Jane Doe", + "location": "Private Island", + "company": "Retired", + "profile_url": "http://janedoe.com/", + "gravatar_url": "https://secure.gravatar.com/avatar/0212b397124be4acd4e7dea9aa357.jpg?s=80&r=g&d=mm" + "email": "jane.doe@example.com", + "is_active": true + } + +### 1.3 List email addresses for a user + +`GET /api/v1.1/users/:username/emails/` + +List email info for the specified user. + + Parameters: + + - **username** – username of the user whose profile info is being + updated. + + Request Headers: + +   + + - **Authorization** – required authentication credentials of + either type HTTP Basic or OAuth Bearer Token + + Status Codes: + + - **200** – success, user data updated. + - **401** – authentication error. + - **403** – permission error, authenticated user must be the user + whose data is being requested, OAuth access tokens must have + `email_read` scope. + - **404** – the specified username does not exist. + + **Example request**: + + GET /api/v1.1/users/janedoe/emails/ HTTP/1.1 + Host: www.docker.io + Accept: application/json + Authorization: Bearer zAy0BxC1wDv2EuF3tGs4HrI6qJp6KoL7nM + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "email": "jane.doe@example.com", + "verified": true, + "primary": true + } + ] + +### 1.4 Add email address for a user + +`POST /api/v1.1/users/:username/emails/` + +Add a new email address to the specified user's account. The email +address must be verified separately, a confirmation email is not +automatically sent. + + Json Parameters: + +   + + - **email** (*string*) – email address to be added. + + Request Headers: + +   + + - **Authorization** – required authentication credentials of + either type HTTP Basic or OAuth Bearer Token. + - **Content-Type** – MIME Type of post data. JSON, url-encoded + form data, etc. + + Status Codes: + + - **201** – success, new email added. + - **400** – data validation error. + - **401** – authentication error. + - **403** – permission error, authenticated user must be the user + whose data is being requested, OAuth access tokens must have + `email_write` scope. + - **404** – the specified username does not exist. + + **Example request**: + + POST /api/v1.1/users/janedoe/emails/ HTTP/1.1 + Host: www.docker.io + Accept: application/json + Content-Type: application/json + Authorization: Bearer zAy0BxC1wDv2EuF3tGs4HrI6qJp6KoL7nM + + { + "email": "jane.doe+other@example.com" + } + + **Example response**: + + HTTP/1.1 201 Created + Content-Type: application/json + + { + "email": "jane.doe+other@example.com", + "verified": false, + "primary": false + } + +### 1.5 Delete email address for a user + +`DELETE /api/v1.1/users/:username/emails/` + +Delete an email address from the specified user's account. You +cannot delete a user's primary email address. + + Json Parameters: + +   + + - **email** (*string*) – email address to be deleted. + + Request Headers: + +   + + - **Authorization** – required authentication credentials of + either type HTTP Basic or OAuth Bearer Token. + - **Content-Type** – MIME Type of post data. JSON, url-encoded + form data, etc. + + Status Codes: + + - **204** – success, email address removed. + - **400** – validation error. + - **401** – authentication error. + - **403** – permission error, authenticated user must be the user + whose data is being requested, OAuth access tokens must have + `email_write` scope. + - **404** – the specified username or email address does not + exist. + + **Example request**: + + DELETE /api/v1.1/users/janedoe/emails/ HTTP/1.1 + Host: www.docker.io + Accept: application/json + Content-Type: application/json + Authorization: Bearer zAy0BxC1wDv2EuF3tGs4HrI6qJp6KoL7nM + + { + "email": "jane.doe+other@example.com" + } + + **Example response**: + + HTTP/1.1 204 NO CONTENT + Content-Length: 0 diff --git a/docs/sources/reference/api/docker_io_accounts_api.rst b/docs/sources/reference/api/docker_io_accounts_api.rst deleted file mode 100644 index dc5c44d4a8..0000000000 --- a/docs/sources/reference/api/docker_io_accounts_api.rst +++ /dev/null @@ -1,308 +0,0 @@ -:title: docker.io Accounts API -:description: API Documentation for docker.io accounts. -:keywords: API, Docker, accounts, REST, documentation - - -====================== -docker.io Accounts API -====================== - -.. contents:: Table of Contents - - -1. Endpoints -============ - - -1.1 Get a single user -^^^^^^^^^^^^^^^^^^^^^ - -.. http:get:: /api/v1.1/users/:username/ - - Get profile info for the specified user. - - :param username: username of the user whose profile info is being requested. - - :reqheader Authorization: required authentication credentials of either type HTTP Basic or OAuth Bearer Token. - - :statuscode 200: success, user data returned. - :statuscode 401: authentication error. - :statuscode 403: permission error, authenticated user must be the user whose data is being requested, OAuth access tokens must have ``profile_read`` scope. - :statuscode 404: the specified username does not exist. - - **Example request**: - - .. sourcecode:: http - - GET /api/v1.1/users/janedoe/ HTTP/1.1 - Host: www.docker.io - Accept: application/json - Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ= - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "id": 2, - "username": "janedoe", - "url": "https://www.docker.io/api/v1.1/users/janedoe/", - "date_joined": "2014-02-12T17:58:01.431312Z", - "type": "User", - "full_name": "Jane Doe", - "location": "San Francisco, CA", - "company": "Success, Inc.", - "profile_url": "https://docker.io/", - "gravatar_url": "https://secure.gravatar.com/avatar/0212b397124be4acd4e7dea9aa357.jpg?s=80&r=g&d=mm" - "email": "jane.doe@example.com", - "is_active": true - } - - -1.2 Update a single user -^^^^^^^^^^^^^^^^^^^^^^^^ - -.. http:patch:: /api/v1.1/users/:username/ - - Update profile info for the specified user. - - :param username: username of the user whose profile info is being updated. - - :jsonparam string full_name: (optional) the new name of the user. - :jsonparam string location: (optional) the new location. - :jsonparam string company: (optional) the new company of the user. - :jsonparam string profile_url: (optional) the new profile url. - :jsonparam string gravatar_email: (optional) the new Gravatar email address. - - :reqheader Authorization: required authentication credentials of either type HTTP Basic or OAuth Bearer Token. - :reqheader Content-Type: MIME Type of post data. JSON, url-encoded form data, etc. - - :statuscode 200: success, user data updated. - :statuscode 400: post data validation error. - :statuscode 401: authentication error. - :statuscode 403: permission error, authenticated user must be the user whose data is being updated, OAuth access tokens must have ``profile_write`` scope. - :statuscode 404: the specified username does not exist. - - **Example request**: - - .. sourcecode:: http - - PATCH /api/v1.1/users/janedoe/ HTTP/1.1 - Host: www.docker.io - Accept: application/json - Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ= - - { - "location": "Private Island", - "profile_url": "http://janedoe.com/", - "company": "Retired", - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "id": 2, - "username": "janedoe", - "url": "https://www.docker.io/api/v1.1/users/janedoe/", - "date_joined": "2014-02-12T17:58:01.431312Z", - "type": "User", - "full_name": "Jane Doe", - "location": "Private Island", - "company": "Retired", - "profile_url": "http://janedoe.com/", - "gravatar_url": "https://secure.gravatar.com/avatar/0212b397124be4acd4e7dea9aa357.jpg?s=80&r=g&d=mm" - "email": "jane.doe@example.com", - "is_active": true - } - - -1.3 List email addresses for a user -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -.. http:get:: /api/v1.1/users/:username/emails/ - - List email info for the specified user. - - :param username: username of the user whose profile info is being updated. - - :reqheader Authorization: required authentication credentials of either type HTTP Basic or OAuth Bearer Token - - :statuscode 200: success, user data updated. - :statuscode 401: authentication error. - :statuscode 403: permission error, authenticated user must be the user whose data is being requested, OAuth access tokens must have ``email_read`` scope. - :statuscode 404: the specified username does not exist. - - **Example request**: - - .. sourcecode:: http - - GET /api/v1.1/users/janedoe/emails/ HTTP/1.1 - Host: www.docker.io - Accept: application/json - Authorization: Bearer zAy0BxC1wDv2EuF3tGs4HrI6qJp6KoL7nM - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "email": "jane.doe@example.com", - "verified": true, - "primary": true - } - ] - - -1.4 Add email address for a user -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -.. http:post:: /api/v1.1/users/:username/emails/ - - Add a new email address to the specified user's account. The email address - must be verified separately, a confirmation email is not automatically sent. - - :jsonparam string email: email address to be added. - - :reqheader Authorization: required authentication credentials of either type HTTP Basic or OAuth Bearer Token. - :reqheader Content-Type: MIME Type of post data. JSON, url-encoded form data, etc. - - :statuscode 201: success, new email added. - :statuscode 400: data validation error. - :statuscode 401: authentication error. - :statuscode 403: permission error, authenticated user must be the user whose data is being requested, OAuth access tokens must have ``email_write`` scope. - :statuscode 404: the specified username does not exist. - - **Example request**: - - .. sourcecode:: http - - POST /api/v1.1/users/janedoe/emails/ HTTP/1.1 - Host: www.docker.io - Accept: application/json - Content-Type: application/json - Authorization: Bearer zAy0BxC1wDv2EuF3tGs4HrI6qJp6KoL7nM - - { - "email": "jane.doe+other@example.com" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 Created - Content-Type: application/json - - { - "email": "jane.doe+other@example.com", - "verified": false, - "primary": false - } - - -1.5 Update an email address for a user -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -.. http:patch:: /api/v1.1/users/:username/emails/ - - Update an email address for the specified user to either verify an email - address or set it as the primary email for the user. You cannot use this - endpoint to un-verify an email address. You cannot use this endpoint to - unset the primary email, only set another as the primary. - - :param username: username of the user whose email info is being updated. - - :jsonparam string email: the email address to be updated. - :jsonparam boolean verified: (optional) whether the email address is verified, must be ``true`` or absent. - :jsonparam boolean primary: (optional) whether to set the email address as the primary email, must be ``true`` or absent. - - :reqheader Authorization: required authentication credentials of either type HTTP Basic or OAuth Bearer Token. - :reqheader Content-Type: MIME Type of post data. JSON, url-encoded form data, etc. - - :statuscode 200: success, user's email updated. - :statuscode 400: data validation error. - :statuscode 401: authentication error. - :statuscode 403: permission error, authenticated user must be the user whose data is being updated, OAuth access tokens must have ``email_write`` scope. - :statuscode 404: the specified username or email address does not exist. - - **Example request**: - - Once you have independently verified an email address. - - .. sourcecode:: http - - PATCH /api/v1.1/users/janedoe/emails/ HTTP/1.1 - Host: www.docker.io - Accept: application/json - Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ= - - { - "email": "jane.doe+other@example.com", - "verified": true, - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "email": "jane.doe+other@example.com", - "verified": true, - "primary": false - } - - -1.6 Delete email address for a user -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -.. http:delete:: /api/v1.1/users/:username/emails/ - - Delete an email address from the specified user's account. You cannot - delete a user's primary email address. - - :jsonparam string email: email address to be deleted. - - :reqheader Authorization: required authentication credentials of either type HTTP Basic or OAuth Bearer Token. - :reqheader Content-Type: MIME Type of post data. JSON, url-encoded form data, etc. - - :statuscode 204: success, email address removed. - :statuscode 400: validation error. - :statuscode 401: authentication error. - :statuscode 403: permission error, authenticated user must be the user whose data is being requested, OAuth access tokens must have ``email_write`` scope. - :statuscode 404: the specified username or email address does not exist. - - **Example request**: - - .. sourcecode:: http - - DELETE /api/v1.1/users/janedoe/emails/ HTTP/1.1 - Host: www.docker.io - Accept: application/json - Content-Type: application/json - Authorization: Bearer zAy0BxC1wDv2EuF3tGs4HrI6qJp6KoL7nM - - { - "email": "jane.doe+other@example.com" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 NO CONTENT - Content-Length: 0 diff --git a/docs/sources/reference/api/docker_io_oauth_api.md b/docs/sources/reference/api/docker_io_oauth_api.md new file mode 100644 index 0000000000..dd2f6d75ec --- /dev/null +++ b/docs/sources/reference/api/docker_io_oauth_api.md @@ -0,0 +1,254 @@ +page_title: docker.io OAuth API +page_description: API Documentation for docker.io's OAuth flow. +page_keywords: API, Docker, oauth, REST, documentation + +# docker.io OAuth API + +## 1. Brief introduction + +Some docker.io API requests will require an access token to +authenticate. To get an access token for a user, that user must first +grant your application access to their docker.io account. In order for +them to grant your application access you must first register your +application. + +Before continuing, we encourage you to familiarize yourself with [The +OAuth 2.0 Authorization Framework](http://tools.ietf.org/html/rfc6749). + +*Also note that all OAuth interactions must take place over https +connections* + +## 2. Register Your Application + +You will need to register your application with docker.io before users +will be able to grant your application access to their account +information. We are currently only allowing applications selectively. To +request registration of your application send an email to +[support-accounts@docker.com](mailto:support-accounts%40docker.com) with +the following information: + + - The name of your application + - A description of your application and the service it will provide to + docker.io users. + - A callback URI that we will use for redirecting authorization + requests to your application. These are used in the step of getting + an Authorization Code. The domain name of the callback URI will be + visible to the user when they are requested to authorize your + application. + +When your application is approved you will receive a response from the +docker.io team with your `client_id` and +`client_secret` which your application will use in +the steps of getting an Authorization Code and getting an Access Token. + +# 3. Endpoints + +## 3.1 Get an Authorization Code + +Once You have registered you are ready to start integrating docker.io +accounts into your application! The process is usually started by a user +following a link in your application to an OAuth Authorization endpoint. + +`GET /api/v1.1/o/authorize/` + +Request that a docker.io user authorize your application. If the +user is not already logged in, they will be prompted to login. The +user is then presented with a form to authorize your application for +the requested access scope. On submission, the user will be +redirected to the specified `redirect_uri` with +an Authorization Code. + + Query Parameters: + +   + + - **client_id** – The `client_id` given to + your application at registration. + - **response_type** – MUST be set to `code`. + This specifies that you would like an Authorization Code + returned. + - **redirect_uri** – The URI to redirect back to after the user + has authorized your application. If omitted, the first of your + registered `response_uris` is used. If + included, it must be one of the URIs which were submitted when + registering your application. + - **scope** – The extent of access permissions you are requesting. + Currently, the scope options are `profile_read`, `profile_write`, + `email_read`, and `email_write`. Scopes must be separated by a space. If omitted, the + default scopes `profile_read email_read` are + used. + - **state** – (Recommended) Used by your application to maintain + state between the authorization request and callback to protect + against CSRF attacks. + + **Example Request** + + Asking the user for authorization. + + GET /api/v1.1/o/authorize/?client_id=TestClientID&response_type=code&redirect_uri=https%3A//my.app/auth_complete/&scope=profile_read%20email_read&state=abc123 HTTP/1.1 + Host: www.docker.io + + **Authorization Page** + + When the user follows a link, making the above GET request, they + will be asked to login to their docker.io account if they are not + already and then be presented with the following authorization + prompt which asks the user to authorize your application with a + description of the requested scopes. + + ![](/reference/api/_static/io_oauth_authorization_page.png) + + Once the user allows or denies your Authorization Request the user + will be redirected back to your application. Included in that + request will be the following query parameters: + + `code` + : The Authorization code generated by the docker.io authorization + server. Present it again to request an Access Token. This code + expires in 60 seconds. + `state` + : If the `state` parameter was present in the + authorization request this will be the exact value received from + that request. + `error` + : An error message in the event of the user denying the + authorization or some other kind of error with the request. + +## 3.2 Get an Access Token + +Once the user has authorized your application, a request will be made to +your application'sspecified `redirect_uri` which +includes a `code` parameter that you must then use +to get an Access Token. + +`POST /api/v1.1/o/token/` + +Submit your newly granted Authorization Code and your application's +credentials to receive an Access Token and Refresh Token. The code +is valid for 60 seconds and cannot be used more than once. + + Request Headers: + +   + + - **Authorization** – HTTP basic authentication using your + application's `client_id` and + `client_secret` + + Form Parameters: + +   + + - **grant_type** – MUST be set to `authorization_code` + - **code** – The authorization code received from the user's + redirect request. + - **redirect_uri** – The same `redirect_uri` + used in the authentication request. + + **Example Request** + + Using an authorization code to get an access token. + + POST /api/v1.1/o/token/ HTTP/1.1 + Host: www.docker.io + Authorization: Basic VGVzdENsaWVudElEOlRlc3RDbGllbnRTZWNyZXQ= + Accept: application/json + Content-Type: application/json + + { + "grant_type": "code", + "code": "YXV0aG9yaXphdGlvbl9jb2Rl", + "redirect_uri": "https://my.app/auth_complete/" + } + + **Example Response** + + HTTP/1.1 200 OK + Content-Type: application/json;charset=UTF-8 + + { + "username": "janedoe", + "user_id": 42, + "access_token": "t6k2BqgRw59hphQBsbBoPPWLqu6FmS", + "expires_in": 15552000, + "token_type": "Bearer", + "scope": "profile_read email_read", + "refresh_token": "hJDhLH3cfsUrQlT4MxA6s8xAFEqdgc" + } + + In the case of an error, there will be a non-200 HTTP Status and and + data detailing the error. + +## 3.3 Refresh a Token + +Once the Access Token expires you can use your `refresh_token` +to have docker.io issue your application a new Access Token, +if the user has not revoked access from your application. + +`POST /api/v1.1/o/token/` + +Submit your `refresh_token` and application's +credentials to receive a new Access Token and Refresh Token. The +`refresh_token` can be used only once. + + Request Headers: + +   + + - **Authorization** – HTTP basic authentication using your + application's `client_id` and + `client_secret` + + Form Parameters: + +   + + - **grant_type** – MUST be set to `refresh_token` + - **refresh_token** – The `refresh_token` + which was issued to your application. + - **scope** – (optional) The scope of the access token to be + returned. Must not include any scope not originally granted by + the user and if omitted is treated as equal to the scope + originally granted. + + **Example Request** + + Refreshing an access token. + + POST /api/v1.1/o/token/ HTTP/1.1 + Host: www.docker.io + Authorization: Basic VGVzdENsaWVudElEOlRlc3RDbGllbnRTZWNyZXQ= + Accept: application/json + Content-Type: application/json + + { + "grant_type": "refresh_token", + "refresh_token": "hJDhLH3cfsUrQlT4MxA6s8xAFEqdgc", + } + + **Example Response** + + HTTP/1.1 200 OK + Content-Type: application/json;charset=UTF-8 + + { + "username": "janedoe", + "user_id": 42, + "access_token": "t6k2BqgRw59hphQBsbBoPPWLqu6FmS", + "expires_in": 15552000, + "token_type": "Bearer", + "scope": "profile_read email_read", + "refresh_token": "hJDhLH3cfsUrQlT4MxA6s8xAFEqdgc" + } + + In the case of an error, there will be a non-200 HTTP Status and and + data detailing the error. + +# 4. Use an Access Token with the API + +Many of the docker.io API requests will require a Authorization request +header field. Simply ensure you add this header with "Bearer <`access_token`>": + + GET /api/v1.1/resource HTTP/1.1 + Host: docker.io + Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA diff --git a/docs/sources/reference/api/docker_io_oauth_api.rst b/docs/sources/reference/api/docker_io_oauth_api.rst deleted file mode 100644 index d68dd8d36c..0000000000 --- a/docs/sources/reference/api/docker_io_oauth_api.rst +++ /dev/null @@ -1,253 +0,0 @@ -:title: docker.io OAuth API -:description: API Documentation for docker.io's OAuth flow. -:keywords: API, Docker, oauth, REST, documentation - - -=================== -docker.io OAuth API -=================== - -.. contents:: Table of Contents - - -1. Brief introduction -===================== - -Some docker.io API requests will require an access token to authenticate. To -get an access token for a user, that user must first grant your application -access to their docker.io account. In order for them to grant your application -access you must first register your application. - -Before continuing, we encourage you to familiarize yourself with -`The OAuth 2.0 Authorization Framework `_. - -*Also note that all OAuth interactions must take place over https connections* - - -2. Register Your Application -============================ - -You will need to register your application with docker.io before users will -be able to grant your application access to their account information. We -are currently only allowing applications selectively. To request registration -of your application send an email to support-accounts@docker.com with the -following information: - -- The name of your application -- A description of your application and the service it will provide - to docker.io users. -- A callback URI that we will use for redirecting authorization requests to - your application. These are used in the step of getting an Authorization - Code. The domain name of the callback URI will be visible to the user when - they are requested to authorize your application. - -When your application is approved you will receive a response from the -docker.io team with your ``client_id`` and ``client_secret`` which your -application will use in the steps of getting an Authorization Code and getting -an Access Token. - - -3. Endpoints -============ - -3.1 Get an Authorization Code -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Once You have registered you are ready to start integrating docker.io accounts -into your application! The process is usually started by a user following a -link in your application to an OAuth Authorization endpoint. - -.. http:get:: /api/v1.1/o/authorize/ - - Request that a docker.io user authorize your application. If the user is - not already logged in, they will be prompted to login. The user is then - presented with a form to authorize your application for the requested - access scope. On submission, the user will be redirected to the specified - ``redirect_uri`` with an Authorization Code. - - :query client_id: The ``client_id`` given to your application at - registration. - :query response_type: MUST be set to ``code``. This specifies that you - would like an Authorization Code returned. - :query redirect_uri: The URI to redirect back to after the user has - authorized your application. If omitted, the first of your registered - ``response_uris`` is used. If included, it must be one of the URIs - which were submitted when registering your application. - :query scope: The extent of access permissions you are requesting. - Currently, the scope options are ``profile_read``, ``profile_write``, - ``email_read``, and ``email_write``. Scopes must be separated by a - space. If omitted, the default scopes ``profile_read email_read`` are - used. - :query state: (Recommended) Used by your application to maintain state - between the authorization request and callback to protect against CSRF - attacks. - - **Example Request** - - Asking the user for authorization. - - .. sourcecode:: http - - GET /api/v1.1/o/authorize/?client_id=TestClientID&response_type=code&redirect_uri=https%3A//my.app/auth_complete/&scope=profile_read%20email_read&state=abc123 HTTP/1.1 - Host: www.docker.io - - **Authorization Page** - - When the user follows a link, making the above GET request, they will be - asked to login to their docker.io account if they are not already and then - be presented with the following authorization prompt which asks the user - to authorize your application with a description of the requested scopes. - - .. image:: _static/io_oauth_authorization_page.png - - Once the user allows or denies your Authorization Request the user will be - redirected back to your application. Included in that request will be the - following query parameters: - - ``code`` - The Authorization code generated by the docker.io authorization server. - Present it again to request an Access Token. This code expires in 60 - seconds. - - ``state`` - If the ``state`` parameter was present in the authorization request this - will be the exact value received from that request. - - ``error`` - An error message in the event of the user denying the authorization or - some other kind of error with the request. - - -3.2 Get an Access Token -^^^^^^^^^^^^^^^^^^^^^^^ - -Once the user has authorized your application, a request will be made to your -application's specified ``redirect_uri`` which includes a ``code`` parameter -that you must then use to get an Access Token. - -.. http:post:: /api/v1.1/o/token/ - - Submit your newly granted Authorization Code and your application's - credentials to receive an Access Token and Refresh Token. The code is valid - for 60 seconds and cannot be used more than once. - - :reqheader Authorization: HTTP basic authentication using your - application's ``client_id`` and ``client_secret`` - - :form grant_type: MUST be set to ``authorization_code`` - :form code: The authorization code received from the user's redirect - request. - :form redirect_uri: The same ``redirect_uri`` used in the authentication - request. - - **Example Request** - - Using an authorization code to get an access token. - - .. sourcecode:: http - - POST /api/v1.1/o/token/ HTTP/1.1 - Host: www.docker.io - Authorization: Basic VGVzdENsaWVudElEOlRlc3RDbGllbnRTZWNyZXQ= - Accept: application/json - Content-Type: application/json - - { - "grant_type": "code", - "code": "YXV0aG9yaXphdGlvbl9jb2Rl", - "redirect_uri": "https://my.app/auth_complete/" - } - - **Example Response** - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json;charset=UTF-8 - - { - "username": "janedoe", - "user_id": 42, - "access_token": "t6k2BqgRw59hphQBsbBoPPWLqu6FmS", - "expires_in": 15552000, - "token_type": "Bearer", - "scope": "profile_read email_read", - "refresh_token": "hJDhLH3cfsUrQlT4MxA6s8xAFEqdgc" - } - - In the case of an error, there will be a non-200 HTTP Status and and data - detailing the error. - - -3.3 Refresh a Token -^^^^^^^^^^^^^^^^^^^ - -Once the Access Token expires you can use your ``refresh_token`` to have -docker.io issue your application a new Access Token, if the user has not -revoked access from your application. - -.. http:post:: /api/v1.1/o/token/ - - Submit your ``refresh_token`` and application's credentials to receive a - new Access Token and Refresh Token. The ``refresh_token`` can be used - only once. - - :reqheader Authorization: HTTP basic authentication using your - application's ``client_id`` and ``client_secret`` - - :form grant_type: MUST be set to ``refresh_token`` - :form refresh_token: The ``refresh_token`` which was issued to your - application. - :form scope: (optional) The scope of the access token to be returned. - Must not include any scope not originally granted by the user and if - omitted is treated as equal to the scope originally granted. - - **Example Request** - - Refreshing an access token. - - .. sourcecode:: http - - POST /api/v1.1/o/token/ HTTP/1.1 - Host: www.docker.io - Authorization: Basic VGVzdENsaWVudElEOlRlc3RDbGllbnRTZWNyZXQ= - Accept: application/json - Content-Type: application/json - - { - "grant_type": "refresh_token", - "refresh_token": "hJDhLH3cfsUrQlT4MxA6s8xAFEqdgc", - } - - **Example Response** - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json;charset=UTF-8 - - { - "username": "janedoe", - "user_id": 42, - "access_token": "t6k2BqgRw59hphQBsbBoPPWLqu6FmS", - "expires_in": 15552000, - "token_type": "Bearer", - "scope": "profile_read email_read", - "refresh_token": "hJDhLH3cfsUrQlT4MxA6s8xAFEqdgc" - } - - In the case of an error, there will be a non-200 HTTP Status and and data - detailing the error. - - -4. Use an Access Token with the API -=================================== - -Many of the docker.io API requests will require a Authorization request header -field. Simply ensure you add this header with "Bearer <``access_token``>": - -.. sourcecode:: http - - GET /api/v1.1/resource HTTP/1.1 - Host: docker.io - Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA diff --git a/docs/sources/reference/api/docker_remote_api.md b/docs/sources/reference/api/docker_remote_api.md new file mode 100644 index 0000000000..47f4724b1a --- /dev/null +++ b/docs/sources/reference/api/docker_remote_api.md @@ -0,0 +1,403 @@ +page_title: Remote API +page_description: API Documentation for Docker +page_keywords: API, Docker, rcli, REST, documentation + +# Docker Remote API + + - The Remote API is replacing rcli + - By default the Docker daemon listens on unix:///var/run/docker.sock + and the client must have root access to interact with the daemon + - If a group named *docker* exists on your system, docker will apply + ownership of the socket to the group + - The API tends to be REST, but for some complex commands, like attach + or pull, the HTTP connection is hijacked to transport stdout stdin + and stderr + - Since API version 1.2, the auth configuration is now handled client + side, so the client has to send the authConfig as POST in /images/(name)/push + - authConfig, set as the `X-Registry-Auth` header, is currently a Base64 + encoded (json) string with credentials: + `{'username': string, 'password': string, 'email': string, 'serveraddress' : string}` + + + +The current version of the API is v1.11 + +Calling /images//insert is the same as calling +/v1.11/images//insert + +You can still call an old version of the api using +/v1.11/images//insert + +## v1.11 + +### Full Documentation + +[*Docker Remote API v1.11*](/reference/api/docker_remote_api_v1.11/) + +### What's new + +`GET /_ping` + +**New!** +You can now ping the server via the `_ping` endpoint. + +`GET /events` + +**New!** +You can now use the `-until` parameter to close connection +after timestamp. + +`GET /containers/(id)/logs` + +This url is prefered method for getting container logs now. + +## v1.10 + +### Full Documentation + +[*Docker Remote API v1.10*](/reference/api/docker_remote_api_v1.10/) + +### What's new + +`DELETE /images/(name)` + +**New!** +You can now use the force parameter to force delete of an + image, even if it's tagged in multiple repositories. **New!** + You + can now use the noprune parameter to prevent the deletion of parent + images + +`DELETE /containers/(id)` + +**New!** +You can now use the force paramter to force delete a + container, even if it is currently running + +## v1.9 + +### Full Documentation + +[*Docker Remote API v1.9*](/reference/api/docker_remote_api_v1.9/) + +### What's new + +`POST /build` + +**New!** +This endpoint now takes a serialized ConfigFile which it +uses to resolve the proper registry auth credentials for pulling the +base image. Clients which previously implemented the version +accepting an AuthConfig object must be updated. + +## v1.8 + +### Full Documentation + +[*Docker Remote API v1.8*](/reference/api/docker_remote_api_v1.8/) + +### What's new + +`POST /build` + +**New!** +This endpoint now returns build status as json stream. In +case of a build error, it returns the exit status of the failed +command. + +`GET /containers/(id)/json` + +**New!** +This endpoint now returns the host config for the +container. + +`POST /images/create` + +`POST /images/(name)/insert` + +`POST /images/(name)/push` + +**New!** +progressDetail object was added in the JSON. It's now +possible to get the current value and the total of the progress +without having to parse the string. + +## v1.7 + +### Full Documentation + +[*Docker Remote API v1.7*](/reference/api/docker_remote_api_v1.7/) + +### What's new + +`GET /images/json` + +The format of the json returned from this uri changed. Instead of an +entry for each repo/tag on an image, each image is only represented +once, with a nested attribute indicating the repo/tags that apply to +that image. + +Instead of: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "VirtualSize": 131506275, + "Size": 131506275, + "Created": 1365714795, + "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", + "Tag": "12.04", + "Repository": "ubuntu" + }, + { + "VirtualSize": 131506275, + "Size": 131506275, + "Created": 1365714795, + "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", + "Tag": "latest", + "Repository": "ubuntu" + }, + { + "VirtualSize": 131506275, + "Size": 131506275, + "Created": 1365714795, + "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", + "Tag": "precise", + "Repository": "ubuntu" + }, + { + "VirtualSize": 180116135, + "Size": 24653, + "Created": 1364102658, + "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "Tag": "12.10", + "Repository": "ubuntu" + }, + { + "VirtualSize": 180116135, + "Size": 24653, + "Created": 1364102658, + "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "Tag": "quantal", + "Repository": "ubuntu" + } + ] + +The returned json looks like this: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "RepoTags": [ + "ubuntu:12.04", + "ubuntu:precise", + "ubuntu:latest" + ], + "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", + "Created": 1365714795, + "Size": 131506275, + "VirtualSize": 131506275 + }, + { + "RepoTags": [ + "ubuntu:12.10", + "ubuntu:quantal" + ], + "ParentId": "27cf784147099545", + "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "Created": 1364102658, + "Size": 24653, + "VirtualSize": 180116135 + } + ] + +`GET /images/viz` + +This URI no longer exists. The `images --viz` +output is now generated in the client, using the +`/images/json` data. + +## v1.6 + +### Full Documentation + +[*Docker Remote API v1.6*](/reference/api/docker_remote_api_v1.6/) + +### What's new + +`POST /containers/(id)/attach` + +**New!** +You can now split stderr from stdout. This is done by +prefixing a header to each transmition. See +[`POST /containers/(id)/attach`]( +/reference/api/docker_remote_api_v1.9/#post--containers-(id)-attach "POST /containers/(id)/attach"). +The WebSocket attach is unchanged. Note that attach calls on the +previous API version didn't change. Stdout and stderr are merged. + +## v1.5 + +### Full Documentation + +[*Docker Remote API v1.5*](/reference/api/docker_remote_api_v1.5/) + +### What's new + +`POST /images/create` + +**New!** +You can now pass registry credentials (via an AuthConfig + object) through the X-Registry-Auth header + +`POST /images/(name)/push` + +**New!** +The AuthConfig object now needs to be passed through the + X-Registry-Auth header + +`GET /containers/json` + +**New!** +The format of the Ports entry has been changed to a list of +dicts each containing PublicPort, PrivatePort and Type describing a +port mapping. + +## v1.4 + +### Full Documentation + +[*Docker Remote API v1.4*](/reference/api/docker_remote_api_v1.4/) + +### What's new + +`POST /images/create` + +**New!** +When pulling a repo, all images are now downloaded in parallel. + +`GET /containers/(id)/top` + +**New!** +You can now use ps args with docker top, like docker top + aux + +`GET /events` + +**New!** +Image's name added in the events + +## v1.3 + +docker v0.5.0 +[51f6c4a](https://github.com/dotcloud/docker/commit/51f6c4a7372450d164c61e0054daf0223ddbd909) + +### Full Documentation + +[*Docker Remote API v1.3*](/reference/api/docker_remote_api_v1.3/) + +### What's new + +`GET /containers/(id)/top` + +List the processes running inside a container. + +`GET /events` + +**New!** +Monitor docker's events via streaming or via polling + +Builder (/build): + + - Simplify the upload of the build context + - Simply stream a tarball instead of multipart upload with 4 + intermediary buffers + - Simpler, less memory usage, less disk usage and faster + +> **Warning**: +> The /build improvements are not reverse-compatible. Pre 1.3 clients will +> break on /build. + +List containers (/containers/json): + + - You can use size=1 to get the size of the containers + +Start containers (/containers//start): + + - You can now pass host-specific configuration (e.g. bind mounts) in + the POST body for start calls + +## v1.2 + +docker v0.4.2 +[2e7649b](https://github.com/dotcloud/docker/commit/2e7649beda7c820793bd46766cbc2cfeace7b168) + +### Full Documentation + +[*Docker Remote API v1.2*](/reference/api/docker_remote_api_v1.2/) + +### What's new + +The auth configuration is now handled by the client. + +The client should send it's authConfig as POST on each call of +`/images/(name)/push` + +`GET /auth` + +**Deprecated.** + +`POST /auth` + +Only checks the configuration but doesn't store it on the server + + Deleting an image is now improved, will only untag the image if it + has children and remove all the untagged parents if has any. + +`POST /images//delete` + +Now returns a JSON structure with the list of images +deleted/untagged. + +## v1.1 + +docker v0.4.0 +[a8ae398](https://github.com/dotcloud/docker/commit/a8ae398bf52e97148ee7bd0d5868de2e15bd297f) + +### Full Documentation + +[*Docker Remote API v1.1*](/reference/api/docker_remote_api_v1.1/) + +### What's new + +`POST /images/create` + +`POST /images/(name)/insert` + +`POST /images/(name)/push` + +Uses json stream instead of HTML hijack, it looks like this: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Pushing..."} + {"status":"Pushing", "progress":"1/? (n/a)"} + {"error":"Invalid..."} + ... + +## v1.0 + +docker v0.3.4 +[8d73740](https://github.com/dotcloud/docker/commit/8d73740343778651c09160cde9661f5f387b36f4) + +### Full Documentation + +[*Docker Remote API v1.0*](/reference/api/docker_remote_api_v1.0/) + +### What's new + +Initial version diff --git a/docs/sources/reference/api/docker_remote_api.rst b/docs/sources/reference/api/docker_remote_api.rst deleted file mode 100644 index 7fa8468f3c..0000000000 --- a/docs/sources/reference/api/docker_remote_api.rst +++ /dev/null @@ -1,407 +0,0 @@ -:title: Remote API -:description: API Documentation for Docker -:keywords: API, Docker, rcli, REST, documentation - -.. COMMENT use https://pythonhosted.org/sphinxcontrib-httpdomain/ to -.. document the REST API. - -================= -Docker Remote API -================= - - -1. Brief introduction -===================== - -- The Remote API is replacing rcli -- By default the Docker daemon listens on unix:///var/run/docker.sock and the client must have root access to interact with the daemon -- If a group named *docker* exists on your system, docker will apply ownership of the socket to the group -- The API tends to be REST, but for some complex commands, like attach - or pull, the HTTP connection is hijacked to transport stdout stdin - and stderr -- Since API version 1.2, the auth configuration is now handled client - side, so the client has to send the authConfig as POST in - /images/(name)/push -- authConfig, set as the ``X-Registry-Auth`` header, is currently a Base64 encoded (json) string with credentials: - ``{'username': string, 'password': string, 'email': string, 'serveraddress' : string}`` - -2. Versions -=========== - -The current version of the API is 1.10 - -Calling /images//insert is the same as calling -/v1.10/images//insert - -You can still call an old version of the api using -/v1.0/images//insert - - -v1.10 -***** - -Full Documentation ------------------- - -:doc:`docker_remote_api_v1.10` - -What's new ----------- - -.. http:delete:: /images/(name) - - **New!** You can now use the force parameter to force delete of an image, even if it's - tagged in multiple repositories. - **New!** You can now use the noprune parameter to prevent the deletion of parent images - -.. http:delete:: /containers/(id) - - **New!** You can now use the force paramter to force delete a container, even if - it is currently running - -v1.9 -**** - -Full Documentation ------------------- - -:doc:`docker_remote_api_v1.9` - -What's new ----------- - -.. http:post:: /build - - **New!** This endpoint now takes a serialized ConfigFile which it uses to - resolve the proper registry auth credentials for pulling the base image. - Clients which previously implemented the version accepting an AuthConfig - object must be updated. - -v1.8 -**** - -Full Documentation ------------------- - -:doc:`docker_remote_api_v1.8` - -What's new ----------- - -.. http:post:: /build - - **New!** This endpoint now returns build status as json stream. In case - of a build error, it returns the exit status of the failed command. - -.. http:get:: /containers/(id)/json - - **New!** This endpoint now returns the host config for the container. - -.. http:post:: /images/create -.. http:post:: /images/(name)/insert -.. http:post:: /images/(name)/push - - **New!** progressDetail object was added in the JSON. It's now possible - to get the current value and the total of the progress without having to - parse the string. - -v1.7 -**** - -Full Documentation ------------------- - -:doc:`docker_remote_api_v1.7` - -What's new ----------- - -.. http:get:: /images/json - - The format of the json returned from this uri changed. Instead of an entry - for each repo/tag on an image, each image is only represented once, with a - nested attribute indicating the repo/tags that apply to that image. - - Instead of: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "VirtualSize": 131506275, - "Size": 131506275, - "Created": 1365714795, - "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", - "Tag": "12.04", - "Repository": "ubuntu" - }, - { - "VirtualSize": 131506275, - "Size": 131506275, - "Created": 1365714795, - "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", - "Tag": "latest", - "Repository": "ubuntu" - }, - { - "VirtualSize": 131506275, - "Size": 131506275, - "Created": 1365714795, - "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", - "Tag": "precise", - "Repository": "ubuntu" - }, - { - "VirtualSize": 180116135, - "Size": 24653, - "Created": 1364102658, - "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "Tag": "12.10", - "Repository": "ubuntu" - }, - { - "VirtualSize": 180116135, - "Size": 24653, - "Created": 1364102658, - "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "Tag": "quantal", - "Repository": "ubuntu" - } - ] - - The returned json looks like this: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "RepoTags": [ - "ubuntu:12.04", - "ubuntu:precise", - "ubuntu:latest" - ], - "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", - "Created": 1365714795, - "Size": 131506275, - "VirtualSize": 131506275 - }, - { - "RepoTags": [ - "ubuntu:12.10", - "ubuntu:quantal" - ], - "ParentId": "27cf784147099545", - "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "Created": 1364102658, - "Size": 24653, - "VirtualSize": 180116135 - } - ] - -.. http:get:: /images/viz - - This URI no longer exists. The ``images --viz`` output is now generated in - the client, using the ``/images/json`` data. - -v1.6 -**** - -Full Documentation ------------------- - -:doc:`docker_remote_api_v1.6` - -What's new ----------- - -.. http:post:: /containers/(id)/attach - - **New!** You can now split stderr from stdout. This is done by prefixing - a header to each transmition. See :http:post:`/containers/(id)/attach`. - The WebSocket attach is unchanged. - Note that attach calls on the previous API version didn't change. Stdout and - stderr are merged. - - -v1.5 -**** - -Full Documentation ------------------- - -:doc:`docker_remote_api_v1.5` - -What's new ----------- - -.. http:post:: /images/create - - **New!** You can now pass registry credentials (via an AuthConfig object) - through the `X-Registry-Auth` header - -.. http:post:: /images/(name)/push - - **New!** The AuthConfig object now needs to be passed through - the `X-Registry-Auth` header - -.. http:get:: /containers/json - - **New!** The format of the `Ports` entry has been changed to a list of - dicts each containing `PublicPort`, `PrivatePort` and `Type` describing a - port mapping. - -v1.4 -**** - -Full Documentation ------------------- - -:doc:`docker_remote_api_v1.4` - -What's new ----------- - -.. http:post:: /images/create - - **New!** When pulling a repo, all images are now downloaded in parallel. - -.. http:get:: /containers/(id)/top - - **New!** You can now use ps args with docker top, like `docker top aux` - -.. http:get:: /events: - - **New!** Image's name added in the events - -v1.3 -**** - -docker v0.5.0 51f6c4a_ - -Full Documentation ------------------- - -:doc:`docker_remote_api_v1.3` - -What's new ----------- - -.. http:get:: /containers/(id)/top - - List the processes running inside a container. - -.. http:get:: /events: - - **New!** Monitor docker's events via streaming or via polling - -Builder (/build): - -- Simplify the upload of the build context -- Simply stream a tarball instead of multipart upload with 4 - intermediary buffers -- Simpler, less memory usage, less disk usage and faster - -.. Warning:: - - The /build improvements are not reverse-compatible. Pre 1.3 clients - will break on /build. - -List containers (/containers/json): - -- You can use size=1 to get the size of the containers - -Start containers (/containers//start): - -- You can now pass host-specific configuration (e.g. bind mounts) in - the POST body for start calls - -v1.2 -**** - -docker v0.4.2 2e7649b_ - -Full Documentation ------------------- - -:doc:`docker_remote_api_v1.2` - -What's new ----------- - -The auth configuration is now handled by the client. - -The client should send it's authConfig as POST on each call of -/images/(name)/push - -.. http:get:: /auth - - **Deprecated.** - -.. http:post:: /auth - - Only checks the configuration but doesn't store it on the server - - Deleting an image is now improved, will only untag the image if it - has children and remove all the untagged parents if has any. - -.. http:post:: /images//delete - - Now returns a JSON structure with the list of images - deleted/untagged. - - -v1.1 -**** - -docker v0.4.0 a8ae398_ - -Full Documentation ------------------- - -:doc:`docker_remote_api_v1.1` - -What's new ----------- - -.. http:post:: /images/create -.. http:post:: /images/(name)/insert -.. http:post:: /images/(name)/push - - Uses json stream instead of HTML hijack, it looks like this: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pushing..."} - {"status":"Pushing", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - -v1.0 -**** - -docker v0.3.4 8d73740_ - -Full Documentation ------------------- - -:doc:`docker_remote_api_v1.0` - -What's new ----------- - -Initial version - - -.. _a8ae398: https://github.com/dotcloud/docker/commit/a8ae398bf52e97148ee7bd0d5868de2e15bd297f -.. _8d73740: https://github.com/dotcloud/docker/commit/8d73740343778651c09160cde9661f5f387b36f4 -.. _2e7649b: https://github.com/dotcloud/docker/commit/2e7649beda7c820793bd46766cbc2cfeace7b168 -.. _51f6c4a: https://github.com/dotcloud/docker/commit/51f6c4a7372450d164c61e0054daf0223ddbd909 diff --git a/docs/sources/reference/api/docker_remote_api_v1.0.md b/docs/sources/reference/api/docker_remote_api_v1.0.md new file mode 100644 index 0000000000..d719ca27e8 --- /dev/null +++ b/docs/sources/reference/api/docker_remote_api_v1.0.md @@ -0,0 +1,972 @@ +page_title: Remote API v1.0 +page_description: API Documentation for Docker +page_keywords: API, Docker, rcli, REST, documentation + +# Docker Remote API v1.0 + +# 1. Brief introduction + +- The Remote API is replacing rcli +- Default port in the docker daemon is 4243 +- The API tends to be REST, but for some complex commands, like attach + or pull, the HTTP connection is hijacked to transport stdout stdin + and stderr + +# 2. Endpoints + +## 2.1 Containers + +### List containers + +`GET /containers/json` + +List containers + + **Example request**: + + GET /containers/json?all=1&before=8dfafdbc3a40 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Id": "8dfafdbc3a40", + "Image": "ubuntu:latest", + "Command": "echo 1", + "Created": 1367854155, + "Status": "Exit 0" + }, + { + "Id": "9cd87474be90", + "Image": "ubuntu:latest", + "Command": "echo 222222", + "Created": 1367854155, + "Status": "Exit 0" + }, + { + "Id": "3176a2479c92", + "Image": "centos:latest", + "Command": "echo 3333333333333333", + "Created": 1367854154, + "Status": "Exit 0" + }, + { + "Id": "4cb07b47f9fb", + "Image": "fedora:latest", + "Command": "echo 444444444444444444444444444444444", + "Created": 1367854152, + "Status": "Exit 0" + } + ] + + Query Parameters: + +   + + - **all** – 1/True/true or 0/False/false, Show all containers. + Only running containers are shown by default + - **limit** – Show `limit` last created + containers, include non-running ones. + - **since** – Show only containers created since Id, include + non-running ones. + - **before** – Show only containers created before Id, include + non-running ones. + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **500** – server error + +### Create a container + +`POST /containers/create` + +Create a container + + **Example request**: + + POST /containers/create HTTP/1.1 + Content-Type: application/json + + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "AttachStdin":false, + "AttachStdout":true, + "AttachStderr":true, + "PortSpecs":null, + "Tty":false, + "OpenStdin":false, + "StdinOnce":false, + "Env":null, + "Cmd":[ + "date" + ], + "Dns":null, + "Image":"ubuntu", + "Volumes":{}, + "VolumesFrom":"" + } + + **Example response**: + + HTTP/1.1 201 OK + Content-Type: application/json + + { + "Id":"e90e34656806" + "Warnings":[] + } + + Json Parameters: + +   + + - **config** – the container's configuration + + Status Codes: + + - **201** – no error + - **404** – no such container + - **406** – impossible to attach (container not running) + - **500** – server error + +### Inspect a container + +`GET /containers/(id)/json` + +Return low-level information on the container `id` + + + **Example request**: + + GET /containers/4fa6e0f0c678/json HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", + "Created": "2013-05-07T14:51:42.041847+02:00", + "Path": "date", + "Args": [], + "Config": { + "Hostname": "4fa6e0f0c678", + "User": "", + "Memory": 0, + "MemorySwap": 0, + "AttachStdin": false, + "AttachStdout": true, + "AttachStderr": true, + "PortSpecs": null, + "Tty": false, + "OpenStdin": false, + "StdinOnce": false, + "Env": null, + "Cmd": [ + "date" + ], + "Dns": null, + "Image": "ubuntu", + "Volumes": {}, + "VolumesFrom": "" + }, + "State": { + "Running": false, + "Pid": 0, + "ExitCode": 0, + "StartedAt": "2013-05-07T14:51:42.087658+02:01360", + "Ghost": false + }, + "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "NetworkSettings": { + "IpAddress": "", + "IpPrefixLen": 0, + "Gateway": "", + "Bridge": "", + "PortMapping": null + }, + "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", + "ResolvConfPath": "/etc/resolv.conf", + "Volumes": {} + } + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Inspect changes on a container's filesystem + +`GET /containers/(id)/changes` + +Inspect changes on container `id`'s filesystem + + **Example request**: + + GET /containers/4fa6e0f0c678/changes HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Path":"/dev", + "Kind":0 + }, + { + "Path":"/dev/kmsg", + "Kind":1 + }, + { + "Path":"/test", + "Kind":1 + } + ] + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Export a container + +`GET /containers/(id)/export` + +Export the contents of container `id` + + **Example request**: + + GET /containers/4fa6e0f0c678/export HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/octet-stream + + {{ STREAM }} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Start a container + +`POST /containers/(id)/start` + +Start the container `id` + + **Example request**: + + POST /containers/e90e34656806/start HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Stop a container + +`POST /containers/(id)/stop` + +Stop the container `id` + + **Example request**: + + POST /containers/e90e34656806/stop?t=5 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **t** – number of seconds to wait before killing the container + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Restart a container + +`POST /containers/(id)/restart` + +Restart the container `id` + + **Example request**: + + POST /containers/e90e34656806/restart?t=5 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **t** – number of seconds to wait before killing the container + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Kill a container + +`POST /containers/(id)/kill` + +Kill the container `id` + + **Example request**: + + POST /containers/e90e34656806/kill HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Attach to a container + +`POST /containers/(id)/attach` + +Attach to the container `id` + + **Example request**: + + POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/vnd.docker.raw-stream + + {{ STREAM }} + + Query Parameters: + +   + + - **logs** – 1/True/true or 0/False/false, return logs. Default + false + - **stream** – 1/True/true or 0/False/false, return stream. + Default false + - **stdin** – 1/True/true or 0/False/false, if stream=true, attach + to stdin. Default false + - **stdout** – 1/True/true or 0/False/false, if logs=true, return + stdout log, if stream=true, attach to stdout. Default false + - **stderr** – 1/True/true or 0/False/false, if logs=true, return + stderr log, if stream=true, attach to stderr. Default false + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **404** – no such container + - **500** – server error + +### Wait a container + +`POST /containers/(id)/wait` + +Block until container `id` stops, then returns the exit code + + **Example request**: + + POST /containers/16253994b7c4/wait HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"StatusCode":0} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Remove a container + +`DELETE /containers/(id)` + +Remove the container `id` from the filesystem + + **Example request**: + + DELETE /containers/16253994b7c4?v=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **v** – 1/True/true or 0/False/false, Remove the volumes + associated to the container. Default false + + Status Codes: + + - **204** – no error + - **400** – bad parameter + - **404** – no such container + - **500** – server error + +## 2.2 Images + +### List Images + +`GET /images/(format)` + +List images `format` could be json or viz (json default) + + **Example request**: + + GET /images/json?all=0 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Repository":"ubuntu", + "Tag":"precise", + "Id":"b750fe79269d", + "Created":1364102658 + }, + { + "Repository":"ubuntu", + "Tag":"12.04", + "Id":"b750fe79269d", + "Created":1364102658 + } + ] + + **Example request**: + + GET /images/viz HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: text/plain + + digraph docker { + "d82cbacda43a" -> "074be284591f" + "1496068ca813" -> "08306dc45919" + "08306dc45919" -> "0e7893146ac2" + "b750fe79269d" -> "1496068ca813" + base -> "27cf78414709" [style=invis] + "f71189fff3de" -> "9a33b36209ed" + "27cf78414709" -> "b750fe79269d" + "0e7893146ac2" -> "d6434d954665" + "d6434d954665" -> "d82cbacda43a" + base -> "e9aa60c60128" [style=invis] + "074be284591f" -> "f71189fff3de" + "b750fe79269d" [label="b750fe79269d\nubuntu",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; + "e9aa60c60128" [label="e9aa60c60128\ncentos",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; + "9a33b36209ed" [label="9a33b36209ed\nfedora",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; + base [style=invisible] + } + + Query Parameters: + +   + + - **all** – 1/True/true or 0/False/false, Show all containers. + Only running containers are shown by default + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **500** – server error + +### Create an image + +`POST /images/create` + +Create an image, either by pull it from the registry or by importing it + + **Example request**: + + POST /images/create?fromImage=ubuntu HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/vnd.docker.raw-stream + + {{ STREAM }} + + Query Parameters: + +   + + - **fromImage** – name of the image to pull + - **fromSrc** – source to import, - means stdin + - **repo** – repository + - **tag** – tag + - **registry** – the registry to pull from + + Status Codes: + + - **200** – no error + - **500** – server error + +### Insert a file in an image + +`POST /images/(name)/insert` + +Insert a file from `url` in the image `name` at `path` + + **Example request**: + + POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + + {{ STREAM }} + + Status Codes: + + - **200** – no error + - **500** – server error + +### Inspect an image + +`GET /images/(name)/json` + +Return low-level information on the image `name` + + **Example request**: + + GET /images/centos/json HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "parent":"27cf784147099545", + "created":"2013-03-23T22:24:18.818426-07:00", + "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", + "container_config": + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "AttachStdin":false, + "AttachStdout":false, + "AttachStderr":false, + "PortSpecs":null, + "Tty":true, + "OpenStdin":true, + "StdinOnce":false, + "Env":null, + "Cmd": ["/bin/bash"] + ,"Dns":null, + "Image":"centos", + "Volumes":null, + "VolumesFrom":"" + } + } + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Get the history of an image + +`GET /images/(name)/history` + +Return the history of the image `name` + + **Example request**: + + GET /images/fedora/history HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Id":"b750fe79269d", + "Created":1364102658, + "CreatedBy":"/bin/bash" + }, + { + "Id":"27cf78414709", + "Created":1364068391, + "CreatedBy":"" + } + ] + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Push an image on the registry + +`POST /images/(name)/push` + +Push the image `name` on the registry + + > **Example request**: + > + > POST /images/test/push HTTP/1.1 + > + > **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/vnd.docker.raw-stream + + {{ STREAM }} + + Query Parameters: + +   + + - **registry** – the registry you wan to push, optional + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Tag an image into a repository + +`POST /images/(name)/tag` + +Tag the image `name` into a repository + + **Example request**: + + POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 + + **Example response**: + + HTTP/1.1 201 OK + + Query Parameters: + +   + + - **repo** – The repository to tag in + - **force** – 1/True/true or 0/False/false, default false + + Status Codes: + + - **201** – no error + - **400** – bad parameter + - **404** – no such image + - **500** – server error + +### Remove an image + +`DELETE /images/(name)` + +Remove the image `name` from the filesystem + + **Example request**: + + DELETE /images/test HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Status Codes: + + - **204** – no error + - **404** – no such image + - **500** – server error + +### Search images + +`GET /images/search` + +Search for an image on [Docker.io](https://index.docker.io) + + **Example request**: + + GET /images/search?term=sshd HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Name":"cespare/sshd", + "Description":"" + }, + { + "Name":"johnfuller/sshd", + "Description":"" + }, + { + "Name":"dhrp/mongodb-sshd", + "Description":"" + } + ] + + :query term: term to search + :statuscode 200: no error + :statuscode 500: server error + +## 2.3 Misc + +### Build an image from Dockerfile via stdin + +`POST /build` + +Build an image from Dockerfile via stdin + + **Example request**: + + POST /build HTTP/1.1 + + {{ STREAM }} + + **Example response**: + + HTTP/1.1 200 OK + + {{ STREAM }} + + Query Parameters: + +   + + - **t** – repository name to be applied to the resulting image in + case of success + + Status Codes: + + - **200** – no error + - **500** – server error + +### Get default username and email + +`GET /auth` + +Get the default username and email + + **Example request**: + + GET /auth HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "username":"hannibal", + "email":"hannibal@a-team.com" + } + + Status Codes: + + - **200** – no error + - **500** – server error + +### Check auth configuration and store it + +`POST /auth` + +Get the default username and email + + **Example request**: + + POST /auth HTTP/1.1 + Content-Type: application/json + + { + "username":"hannibal", + "password:"xxxx", + "email":"hannibal@a-team.com" + } + + **Example response**: + + HTTP/1.1 200 OK + + Status Codes: + + - **200** – no error + - **204** – no error + - **500** – server error + +### Display system-wide information + +`GET /info` + +Display system-wide information + + **Example request**: + + GET /info HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Containers":11, + "Images":16, + "Debug":false, + "NFd": 11, + "NGoroutines":21, + "MemoryLimit":true, + "SwapLimit":false + } + + Status Codes: + + - **200** – no error + - **500** – server error + +### Show the docker version information + +`GET /version` + +Show the docker version information + + **Example request**: + + GET /version HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Version":"0.2.2", + "GitCommit":"5a2a5cc+CHANGES", + "GoVersion":"go1.0.3" + } + + Status Codes: + + - **200** – no error + - **500** – server error + +### Create a new image from a container's changes + +`POST /commit` + +Create a new image from a container's changes + > + > **Example request**: + + POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 + Content-Type: application/json + + { + "Cmd": ["cat", "/world"], + "PortSpecs":["22"] + } + + **Example response**: + + HTTP/1.1 201 OK + Content-Type: application/vnd.docker.raw-stream + + {"Id":"596069db4bf5"} + + Query Parameters: + +   + + - **container** – source container + - **repo** – repository + - **tag** – tag + - **m** – commit message + - **author** – author (eg. "John Hannibal Smith + <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>") + + Status Codes: + + - **201** – no error + - **404** – no such container + - **500** – server error + +# 3. Going further + +## 3.1 Inside `docker run` + +Here are the steps of `docker run` : + + - Create the container + + - If the status code is 404, it means the image doesn't exists: + - Try to pull it + - Then retry to create the container + + - Start the container + + - If you are not in detached mode: + - Attach to the container, using logs=1 (to have stdout and + stderr from the container's start) and stream=1 + + - If in detached mode or only stdin is attached: + - Display the container's + +## 3.2 Hijacking + +In this first version of the API, some of the endpoints, like /attach, +/pull or /push uses hijacking to transport stdin, stdout and stderr on +the same socket. This might change in the future. diff --git a/docs/sources/reference/api/docker_remote_api_v1.0.rst b/docs/sources/reference/api/docker_remote_api_v1.0.rst deleted file mode 100644 index fa4b969758..0000000000 --- a/docs/sources/reference/api/docker_remote_api_v1.0.rst +++ /dev/null @@ -1,1025 +0,0 @@ -.. use orphan to suppress "WARNING: document isn't included in any toctree" -.. per http://sphinx-doc.org/markup/misc.html#file-wide-metadata - -:orphan: - -:title: Remote API v1.0 -:description: API Documentation for Docker -:keywords: API, Docker, rcli, REST, documentation - -====================== -Docker Remote API v1.0 -====================== - -.. contents:: Table of Contents - -1. Brief introduction -===================== - -- The Remote API is replacing rcli -- Default port in the docker daemon is 4243 -- The API tends to be REST, but for some complex commands, like attach or pull, the HTTP connection is hijacked to transport stdout stdin and stderr - -2. Endpoints -============ - -2.1 Containers --------------- - -List containers -*************** - -.. http:get:: /containers/json - - List containers - - **Example request**: - - .. sourcecode:: http - - GET /containers/json?all=1&before=8dfafdbc3a40 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id": "8dfafdbc3a40", - "Image": "ubuntu:latest", - "Command": "echo 1", - "Created": 1367854155, - "Status": "Exit 0" - }, - { - "Id": "9cd87474be90", - "Image": "ubuntu:latest", - "Command": "echo 222222", - "Created": 1367854155, - "Status": "Exit 0" - }, - { - "Id": "3176a2479c92", - "Image": "centos:latest", - "Command": "echo 3333333333333333", - "Created": 1367854154, - "Status": "Exit 0" - }, - { - "Id": "4cb07b47f9fb", - "Image": "fedora:latest", - "Command": "echo 444444444444444444444444444444444", - "Created": 1367854152, - "Status": "Exit 0" - } - ] - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :query limit: Show ``limit`` last created containers, include non-running ones. - :query since: Show only containers created since Id, include non-running ones. - :query before: Show only containers created before Id, include non-running ones. - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create a container -****************** - -.. http:post:: /containers/create - - Create a container - - **Example request**: - - .. sourcecode:: http - - POST /containers/create HTTP/1.1 - Content-Type: application/json - - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":true, - "AttachStderr":true, - "PortSpecs":null, - "Tty":false, - "OpenStdin":false, - "StdinOnce":false, - "Env":null, - "Cmd":[ - "date" - ], - "Dns":null, - "Image":"ubuntu", - "Volumes":{}, - "VolumesFrom":"" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/json - - { - "Id":"e90e34656806" - "Warnings":[] - } - - :jsonparam config: the container's configuration - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 406: impossible to attach (container not running) - :statuscode 500: server error - - -Inspect a container -******************* - -.. http:get:: /containers/(id)/json - - Return low-level information on the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", - "Created": "2013-05-07T14:51:42.041847+02:00", - "Path": "date", - "Args": [], - "Config": { - "Hostname": "4fa6e0f0c678", - "User": "", - "Memory": 0, - "MemorySwap": 0, - "AttachStdin": false, - "AttachStdout": true, - "AttachStderr": true, - "PortSpecs": null, - "Tty": false, - "OpenStdin": false, - "StdinOnce": false, - "Env": null, - "Cmd": [ - "date" - ], - "Dns": null, - "Image": "ubuntu", - "Volumes": {}, - "VolumesFrom": "" - }, - "State": { - "Running": false, - "Pid": 0, - "ExitCode": 0, - "StartedAt": "2013-05-07T14:51:42.087658+02:01360", - "Ghost": false - }, - "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "NetworkSettings": { - "IpAddress": "", - "IpPrefixLen": 0, - "Gateway": "", - "Bridge": "", - "PortMapping": null - }, - "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", - "ResolvConfPath": "/etc/resolv.conf", - "Volumes": {} - } - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Inspect changes on a container's filesystem -******************************************* - -.. http:get:: /containers/(id)/changes - - Inspect changes on container ``id`` 's filesystem - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/changes HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Path":"/dev", - "Kind":0 - }, - { - "Path":"/dev/kmsg", - "Kind":1 - }, - { - "Path":"/test", - "Kind":1 - } - ] - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Export a container -****************** - -.. http:get:: /containers/(id)/export - - Export the contents of container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/export HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Start a container -***************** - -.. http:post:: /containers/(id)/start - - Start the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/start HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Stop a container -**************** - -.. http:post:: /containers/(id)/stop - - Stop the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/stop?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Restart a container -******************* - -.. http:post:: /containers/(id)/restart - - Restart the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/restart?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Kill a container -**************** - -.. http:post:: /containers/(id)/kill - - Kill the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/kill HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Attach to a container -********************* - -.. http:post:: /containers/(id)/attach - - Attach to the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/vnd.docker.raw-stream - - {{ STREAM }} - - :query logs: 1/True/true or 0/False/false, return logs. Default false - :query stream: 1/True/true or 0/False/false, return stream. Default false - :query stdin: 1/True/true or 0/False/false, if stream=true, attach to stdin. Default false - :query stdout: 1/True/true or 0/False/false, if logs=true, return stdout log, if stream=true, attach to stdout. Default false - :query stderr: 1/True/true or 0/False/false, if logs=true, return stderr log, if stream=true, attach to stderr. Default false - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -Wait a container -**************** - -.. http:post:: /containers/(id)/wait - - Block until container ``id`` stops, then returns the exit code - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/wait HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"StatusCode":0} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Remove a container -******************* - -.. http:delete:: /containers/(id) - - Remove the container ``id`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /containers/16253994b7c4?v=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query v: 1/True/true or 0/False/false, Remove the volumes associated to the container. Default false - :statuscode 204: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -2.2 Images ----------- - -List Images -*********** - -.. http:get:: /images/(format) - - List images ``format`` could be json or viz (json default) - - **Example request**: - - .. sourcecode:: http - - GET /images/json?all=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Repository":"ubuntu", - "Tag":"precise", - "Id":"b750fe79269d", - "Created":1364102658 - }, - { - "Repository":"ubuntu", - "Tag":"12.04", - "Id":"b750fe79269d", - "Created":1364102658 - } - ] - - - **Example request**: - - .. sourcecode:: http - - GET /images/viz HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: text/plain - - digraph docker { - "d82cbacda43a" -> "074be284591f" - "1496068ca813" -> "08306dc45919" - "08306dc45919" -> "0e7893146ac2" - "b750fe79269d" -> "1496068ca813" - base -> "27cf78414709" [style=invis] - "f71189fff3de" -> "9a33b36209ed" - "27cf78414709" -> "b750fe79269d" - "0e7893146ac2" -> "d6434d954665" - "d6434d954665" -> "d82cbacda43a" - base -> "e9aa60c60128" [style=invis] - "074be284591f" -> "f71189fff3de" - "b750fe79269d" [label="b750fe79269d\nubuntu",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - "e9aa60c60128" [label="e9aa60c60128\ncentos",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - "9a33b36209ed" [label="9a33b36209ed\nfedora",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - base [style=invisible] - } - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create an image -*************** - -.. http:post:: /images/create - - Create an image, either by pull it from the registry or by importing it - - **Example request**: - - .. sourcecode:: http - - POST /images/create?fromImage=ubuntu HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/vnd.docker.raw-stream - - {{ STREAM }} - - :query fromImage: name of the image to pull - :query fromSrc: source to import, - means stdin - :query repo: repository - :query tag: tag - :query registry: the registry to pull from - :statuscode 200: no error - :statuscode 500: server error - - -Insert a file in an image -************************* - -.. http:post:: /images/(name)/insert - - Insert a file from ``url`` in the image ``name`` at ``path`` - - **Example request**: - - .. sourcecode:: http - - POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 500: server error - - -Inspect an image -**************** - -.. http:get:: /images/(name)/json - - Return low-level information on the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/centos/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "parent":"27cf784147099545", - "created":"2013-03-23T22:24:18.818426-07:00", - "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", - "container_config": - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":false, - "AttachStderr":false, - "PortSpecs":null, - "Tty":true, - "OpenStdin":true, - "StdinOnce":false, - "Env":null, - "Cmd": ["/bin/bash"] - ,"Dns":null, - "Image":"centos", - "Volumes":null, - "VolumesFrom":"" - } - } - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Get the history of an image -*************************** - -.. http:get:: /images/(name)/history - - Return the history of the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/fedora/history HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id":"b750fe79269d", - "Created":1364102658, - "CreatedBy":"/bin/bash" - }, - { - "Id":"27cf78414709", - "Created":1364068391, - "CreatedBy":"" - } - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Push an image on the registry -***************************** - -.. http:post:: /images/(name)/push - - Push the image ``name`` on the registry - - **Example request**: - - .. sourcecode:: http - - POST /images/test/push HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/vnd.docker.raw-stream - - {{ STREAM }} - - :query registry: the registry you wan to push, optional - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Tag an image into a repository -****************************** - -.. http:post:: /images/(name)/tag - - Tag the image ``name`` into a repository - - **Example request**: - - .. sourcecode:: http - - POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - - :query repo: The repository to tag in - :query force: 1/True/true or 0/False/false, default false - :statuscode 201: no error - :statuscode 400: bad parameter - :statuscode 404: no such image - :statuscode 500: server error - - -Remove an image -*************** - -.. http:delete:: /images/(name) - - Remove the image ``name`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /images/test HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :statuscode 204: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Search images -************* - -.. http:get:: /images/search - - Search for an image in the docker index - - **Example request**: - - .. sourcecode:: http - - GET /images/search?term=sshd HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Name":"cespare/sshd", - "Description":"" - }, - { - "Name":"johnfuller/sshd", - "Description":"" - }, - { - "Name":"dhrp/mongodb-sshd", - "Description":"" - } - ] - - :query term: term to search - :statuscode 200: no error - :statuscode 500: server error - - -2.3 Misc --------- - -Build an image from Dockerfile via stdin -**************************************** - -.. http:post:: /build - - Build an image from Dockerfile via stdin - - **Example request**: - - .. sourcecode:: http - - POST /build HTTP/1.1 - - {{ STREAM }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - {{ STREAM }} - - :query t: repository name to be applied to the resulting image in case of success - :statuscode 200: no error - :statuscode 500: server error - - -Get default username and email -****************************** - -.. http:get:: /auth - - Get the default username and email - - **Example request**: - - .. sourcecode:: http - - GET /auth HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "username":"hannibal", - "email":"hannibal@a-team.com" - } - - :statuscode 200: no error - :statuscode 500: server error - - -Check auth configuration and store it -************************************* - -.. http:post:: /auth - - Get the default username and email - - **Example request**: - - .. sourcecode:: http - - POST /auth HTTP/1.1 - Content-Type: application/json - - { - "username":"hannibal", - "password:"xxxx", - "email":"hannibal@a-team.com" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 204: no error - :statuscode 500: server error - - -Display system-wide information -******************************* - -.. http:get:: /info - - Display system-wide information - - **Example request**: - - .. sourcecode:: http - - GET /info HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Containers":11, - "Images":16, - "Debug":false, - "NFd": 11, - "NGoroutines":21, - "MemoryLimit":true, - "SwapLimit":false - } - - :statuscode 200: no error - :statuscode 500: server error - - -Show the docker version information -*********************************** - -.. http:get:: /version - - Show the docker version information - - **Example request**: - - .. sourcecode:: http - - GET /version HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Version":"0.2.2", - "GitCommit":"5a2a5cc+CHANGES", - "GoVersion":"go1.0.3" - } - - :statuscode 200: no error - :statuscode 500: server error - - -Create a new image from a container's changes -********************************************* - -.. http:post:: /commit - - Create a new image from a container's changes - - **Example request**: - - .. sourcecode:: http - - POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 - Content-Type: application/json - - { - "Cmd": ["cat", "/world"], - "PortSpecs":["22"] - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/vnd.docker.raw-stream - - {"Id":"596069db4bf5"} - - :query container: source container - :query repo: repository - :query tag: tag - :query m: commit message - :query author: author (eg. "John Hannibal Smith ") - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 500: server error - - -3. Going further -================ - -3.1 Inside 'docker run' ------------------------ - -Here are the steps of 'docker run' : - -* Create the container -* If the status code is 404, it means the image doesn't exists: - * Try to pull it - * Then retry to create the container -* Start the container -* If you are not in detached mode: - * Attach to the container, using logs=1 (to have stdout and stderr from the container's start) and stream=1 -* If in detached mode or only stdin is attached: - * Display the container's id - - -3.2 Hijacking -------------- - -In this first version of the API, some of the endpoints, like /attach, /pull or /push uses hijacking to transport stdin, -stdout and stderr on the same socket. This might change in the future. diff --git a/docs/sources/reference/api/docker_remote_api_v1.1.md b/docs/sources/reference/api/docker_remote_api_v1.1.md new file mode 100644 index 0000000000..21997e5488 --- /dev/null +++ b/docs/sources/reference/api/docker_remote_api_v1.1.md @@ -0,0 +1,982 @@ +page_title: Remote API v1.1 +page_description: API Documentation for Docker +page_keywords: API, Docker, rcli, REST, documentation + +# Docker Remote API v1.1 + +# 1. Brief introduction + +- The Remote API is replacing rcli +- Default port in the docker daemon is 4243 +- The API tends to be REST, but for some complex commands, like attach + or pull, the HTTP connection is hijacked to transport stdout stdin + and stderr + +# 2. Endpoints + +## 2.1 Containers + +### List containers + +`GET /containers/json` + +List containers + + **Example request**: + + GET /containers/json?all=1&before=8dfafdbc3a40 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Id": "8dfafdbc3a40", + "Image": "ubuntu:latest", + "Command": "echo 1", + "Created": 1367854155, + "Status": "Exit 0" + }, + { + "Id": "9cd87474be90", + "Image": "ubuntu:latest", + "Command": "echo 222222", + "Created": 1367854155, + "Status": "Exit 0" + }, + { + "Id": "3176a2479c92", + "Image": "centos:latest", + "Command": "echo 3333333333333333", + "Created": 1367854154, + "Status": "Exit 0" + }, + { + "Id": "4cb07b47f9fb", + "Image": "fedora:latest", + "Command": "echo 444444444444444444444444444444444", + "Created": 1367854152, + "Status": "Exit 0" + } + ] + + Query Parameters: + +   + + - **all** – 1/True/true or 0/False/false, Show all containers. + Only running containers are shown by default + - **limit** – Show `limit` last created + containers, include non-running ones. + - **since** – Show only containers created since Id, include + non-running ones. + - **before** – Show only containers created before Id, include + non-running ones. + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **500** – server error + +### Create a container + +`POST /containers/create` + +Create a container + + **Example request**: + + POST /containers/create HTTP/1.1 + Content-Type: application/json + + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "AttachStdin":false, + "AttachStdout":true, + "AttachStderr":true, + "PortSpecs":null, + "Tty":false, + "OpenStdin":false, + "StdinOnce":false, + "Env":null, + "Cmd":[ + "date" + ], + "Dns":null, + "Image":"ubuntu", + "Volumes":{}, + "VolumesFrom":"" + } + + **Example response**: + + HTTP/1.1 201 OK + Content-Type: application/json + + { + "Id":"e90e34656806" + "Warnings":[] + } + + Json Parameters: + +   + + - **config** – the container's configuration + + Status Codes: + + - **201** – no error + - **404** – no such container + - **406** – impossible to attach (container not running) + - **500** – server error + +### Inspect a container + +`GET /containers/(id)/json` + +Return low-level information on the container `id` + + + **Example request**: + + GET /containers/4fa6e0f0c678/json HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", + "Created": "2013-05-07T14:51:42.041847+02:00", + "Path": "date", + "Args": [], + "Config": { + "Hostname": "4fa6e0f0c678", + "User": "", + "Memory": 0, + "MemorySwap": 0, + "AttachStdin": false, + "AttachStdout": true, + "AttachStderr": true, + "PortSpecs": null, + "Tty": false, + "OpenStdin": false, + "StdinOnce": false, + "Env": null, + "Cmd": [ + "date" + ], + "Dns": null, + "Image": "ubuntu", + "Volumes": {}, + "VolumesFrom": "" + }, + "State": { + "Running": false, + "Pid": 0, + "ExitCode": 0, + "StartedAt": "2013-05-07T14:51:42.087658+02:01360", + "Ghost": false + }, + "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "NetworkSettings": { + "IpAddress": "", + "IpPrefixLen": 0, + "Gateway": "", + "Bridge": "", + "PortMapping": null + }, + "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", + "ResolvConfPath": "/etc/resolv.conf", + "Volumes": {} + } + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Inspect changes on a container's filesystem + +`GET /containers/(id)/changes` + +Inspect changes on container `id`'s filesystem + + **Example request**: + + GET /containers/4fa6e0f0c678/changes HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Path":"/dev", + "Kind":0 + }, + { + "Path":"/dev/kmsg", + "Kind":1 + }, + { + "Path":"/test", + "Kind":1 + } + ] + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Export a container + +`GET /containers/(id)/export` + +Export the contents of container `id` + + **Example request**: + + GET /containers/4fa6e0f0c678/export HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/octet-stream + + {{ STREAM }} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Start a container + +`POST /containers/(id)/start` + +Start the container `id` + + **Example request**: + + POST /containers/e90e34656806/start HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Stop a container + +`POST /containers/(id)/stop` + +Stop the container `id` + + **Example request**: + + POST /containers/e90e34656806/stop?t=5 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **t** – number of seconds to wait before killing the container + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Restart a container + +`POST /containers/(id)/restart` + +Restart the container `id` + + **Example request**: + + POST /containers/e90e34656806/restart?t=5 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **t** – number of seconds to wait before killing the container + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Kill a container + +`POST /containers/(id)/kill` + +Kill the container `id` + + **Example request**: + + POST /containers/e90e34656806/kill HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Attach to a container + +`POST /containers/(id)/attach` + +Attach to the container `id` + + **Example request**: + + POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/vnd.docker.raw-stream + + {{ STREAM }} + + Query Parameters: + +   + + - **logs** – 1/True/true or 0/False/false, return logs. Default + false + - **stream** – 1/True/true or 0/False/false, return stream. + Default false + - **stdin** – 1/True/true or 0/False/false, if stream=true, attach + to stdin. Default false + - **stdout** – 1/True/true or 0/False/false, if logs=true, return + stdout log, if stream=true, attach to stdout. Default false + - **stderr** – 1/True/true or 0/False/false, if logs=true, return + stderr log, if stream=true, attach to stderr. Default false + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **404** – no such container + - **500** – server error + +### Wait a container + +`POST /containers/(id)/wait` + +Block until container `id` stops, then returns the exit code + + **Example request**: + + POST /containers/16253994b7c4/wait HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"StatusCode":0} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Remove a container + +`DELETE /containers/(id)` + +Remove the container `id` from the filesystem + + **Example request**: + + DELETE /containers/16253994b7c4?v=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **v** – 1/True/true or 0/False/false, Remove the volumes + associated to the container. Default false + + Status Codes: + + - **204** – no error + - **400** – bad parameter + - **404** – no such container + - **500** – server error + +## 2.2 Images + +### List Images + +`GET /images/(format)` + +List images `format` could be json or viz (json default) + + **Example request**: + + GET /images/json?all=0 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Repository":"ubuntu", + "Tag":"precise", + "Id":"b750fe79269d", + "Created":1364102658 + }, + { + "Repository":"ubuntu", + "Tag":"12.04", + "Id":"b750fe79269d", + "Created":1364102658 + } + ] + + **Example request**: + + GET /images/viz HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: text/plain + + digraph docker { + "d82cbacda43a" -> "074be284591f" + "1496068ca813" -> "08306dc45919" + "08306dc45919" -> "0e7893146ac2" + "b750fe79269d" -> "1496068ca813" + base -> "27cf78414709" [style=invis] + "f71189fff3de" -> "9a33b36209ed" + "27cf78414709" -> "b750fe79269d" + "0e7893146ac2" -> "d6434d954665" + "d6434d954665" -> "d82cbacda43a" + base -> "e9aa60c60128" [style=invis] + "074be284591f" -> "f71189fff3de" + "b750fe79269d" [label="b750fe79269d\nubuntu",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; + "e9aa60c60128" [label="e9aa60c60128\ncentos",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; + "9a33b36209ed" [label="9a33b36209ed\nfedora",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; + base [style=invisible] + } + + Query Parameters: + +   + + - **all** – 1/True/true or 0/False/false, Show all containers. + Only running containers are shown by default + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **500** – server error + +### Create an image + +`POST /images/create` + +Create an image, either by pull it from the registry or by importing it + + **Example request**: + + POST /images/create?fromImage=ubuntu HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Pulling..."} + {"status":"Pulling", "progress":"1/? (n/a)"} + {"error":"Invalid..."} + ... + + Query Parameters: + +   + + - **fromImage** – name of the image to pull + - **fromSrc** – source to import, - means stdin + - **repo** – repository + - **tag** – tag + - **registry** – the registry to pull from + + Status Codes: + + - **200** – no error + - **500** – server error + +### Insert a file in an image + +`POST /images/(name)/insert` + +Insert a file from `url` in the image `name` at `path` + + **Example request**: + + POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Inserting..."} + {"status":"Inserting", "progress":"1/? (n/a)"} + {"error":"Invalid..."} + ... + + Status Codes: + + - **200** – no error + - **500** – server error + +### Inspect an image + +`GET /images/(name)/json` + +Return low-level information on the image `name` + + **Example request**: + + GET /images/centos/json HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "parent":"27cf784147099545", + "created":"2013-03-23T22:24:18.818426-07:00", + "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", + "container_config": + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "AttachStdin":false, + "AttachStdout":false, + "AttachStderr":false, + "PortSpecs":null, + "Tty":true, + "OpenStdin":true, + "StdinOnce":false, + "Env":null, + "Cmd": ["/bin/bash"] + ,"Dns":null, + "Image":"centos", + "Volumes":null, + "VolumesFrom":"" + } + } + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Get the history of an image + +`GET /images/(name)/history` + +Return the history of the image `name` + + **Example request**: + + GET /images/fedora/history HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Id":"b750fe79269d", + "Created":1364102658, + "CreatedBy":"/bin/bash" + }, + { + "Id":"27cf78414709", + "Created":1364068391, + "CreatedBy":"" + } + ] + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Push an image on the registry + +`POST /images/(name)/push` + +Push the image `name` on the registry + + > **Example request**: + > + > POST /images/test/push HTTP/1.1 + > + > **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Pushing..."} + {"status":"Pushing", "progress":"1/? (n/a)"} + {"error":"Invalid..."} + ... + + Query Parameters: + +   + + - **registry** – the registry you wan to push, optional + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Tag an image into a repository + +`POST /images/(name)/tag` + +Tag the image `name` into a repository + + **Example request**: + + POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 + + **Example response**: + + HTTP/1.1 201 OK + + Query Parameters: + +   + + - **repo** – The repository to tag in + - **force** – 1/True/true or 0/False/false, default false + + Status Codes: + + - **201** – no error + - **400** – bad parameter + - **404** – no such image + - **409** – conflict + - **500** – server error + +### Remove an image + +`DELETE /images/(name)` + +Remove the image `name` from the filesystem + + **Example request**: + + DELETE /images/test HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Status Codes: + + - **204** – no error + - **404** – no such image + - **500** – server error + +### Search images + +`GET /images/search` + +Search for an image on [Docker.io](https://index.docker.io) + + **Example request**: + + GET /images/search?term=sshd HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Name":"cespare/sshd", + "Description":"" + }, + { + "Name":"johnfuller/sshd", + "Description":"" + }, + { + "Name":"dhrp/mongodb-sshd", + "Description":"" + } + ] + + :query term: term to search + :statuscode 200: no error + :statuscode 500: server error + +## 2.3 Misc + +### Build an image from Dockerfile via stdin + +`POST /build` + +Build an image from Dockerfile via stdin + + **Example request**: + + POST /build HTTP/1.1 + + {{ STREAM }} + + **Example response**: + + HTTP/1.1 200 OK + + {{ STREAM }} + + Query Parameters: + +   + + - **t** – tag to be applied to the resulting image in case of + success + + Status Codes: + + - **200** – no error + - **500** – server error + +### Get default username and email + +`GET /auth` + +Get the default username and email + + **Example request**: + + GET /auth HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "username":"hannibal", + "email":"hannibal@a-team.com" + } + + Status Codes: + + - **200** – no error + - **500** – server error + +### Check auth configuration and store it + +`POST /auth` + +Get the default username and email + + **Example request**: + + POST /auth HTTP/1.1 + Content-Type: application/json + + { + "username":"hannibal", + "password:"xxxx", + "email":"hannibal@a-team.com" + } + + **Example response**: + + HTTP/1.1 200 OK + + Status Codes: + + - **200** – no error + - **204** – no error + - **500** – server error + +### Display system-wide information + +`GET /info` + +Display system-wide information + + **Example request**: + + GET /info HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Containers":11, + "Images":16, + "Debug":false, + "NFd": 11, + "NGoroutines":21, + "MemoryLimit":true, + "SwapLimit":false + } + + Status Codes: + + - **200** – no error + - **500** – server error + +### Show the docker version information + +`GET /version` + +Show the docker version information + + **Example request**: + + GET /version HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Version":"0.2.2", + "GitCommit":"5a2a5cc+CHANGES", + "GoVersion":"go1.0.3" + } + + Status Codes: + + - **200** – no error + - **500** – server error + +### Create a new image from a container's changes + +`POST /commit` + +Create a new image from a container's changes + + **Example request**: + + POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 + Content-Type: application/json + + { + "Cmd": ["cat", "/world"], + "PortSpecs":["22"] + } + + **Example response**: + + HTTP/1.1 201 OK + Content-Type: application/vnd.docker.raw-stream + + {"Id":"596069db4bf5"} + + Query Parameters: + +   + + - **container** – source container + - **repo** – repository + - **tag** – tag + - **m** – commit message + - **author** – author (eg. "John Hannibal Smith + <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>") + + Status Codes: + + - **201** – no error + - **404** – no such container + - **500** – server error + +# 3. Going further + +## 3.1 Inside `docker run` + +Here are the steps of `docker run` : + + - Create the container + + - If the status code is 404, it means the image doesn't exists: + - Try to pull it + - Then retry to create the container + + - Start the container + + - If you are not in detached mode: + - Attach to the container, using logs=1 (to have stdout and + stderr from the container's start) and stream=1 + + - If in detached mode or only stdin is attached: + - Display the container's + +## 3.2 Hijacking + +In this version of the API, /attach uses hijacking to transport stdin, +stdout and stderr on the same socket. This might change in the future. diff --git a/docs/sources/reference/api/docker_remote_api_v1.1.rst b/docs/sources/reference/api/docker_remote_api_v1.1.rst deleted file mode 100644 index 92b5039aa6..0000000000 --- a/docs/sources/reference/api/docker_remote_api_v1.1.rst +++ /dev/null @@ -1,1035 +0,0 @@ -.. use orphan to suppress "WARNING: document isn't included in any toctree" -.. per http://sphinx-doc.org/markup/misc.html#file-wide-metadata - -:orphan: - -:title: Remote API v1.1 -:description: API Documentation for Docker -:keywords: API, Docker, rcli, REST, documentation - -====================== -Docker Remote API v1.1 -====================== - -.. contents:: Table of Contents - -1. Brief introduction -===================== - -- The Remote API is replacing rcli -- Default port in the docker daemon is 4243 -- The API tends to be REST, but for some complex commands, like attach or pull, the HTTP connection is hijacked to transport stdout stdin and stderr - -2. Endpoints -============ - -2.1 Containers --------------- - -List containers -*************** - -.. http:get:: /containers/json - - List containers - - **Example request**: - - .. sourcecode:: http - - GET /containers/json?all=1&before=8dfafdbc3a40 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id": "8dfafdbc3a40", - "Image": "ubuntu:latest", - "Command": "echo 1", - "Created": 1367854155, - "Status": "Exit 0" - }, - { - "Id": "9cd87474be90", - "Image": "ubuntu:latest", - "Command": "echo 222222", - "Created": 1367854155, - "Status": "Exit 0" - }, - { - "Id": "3176a2479c92", - "Image": "centos:latest", - "Command": "echo 3333333333333333", - "Created": 1367854154, - "Status": "Exit 0" - }, - { - "Id": "4cb07b47f9fb", - "Image": "fedora:latest", - "Command": "echo 444444444444444444444444444444444", - "Created": 1367854152, - "Status": "Exit 0" - } - ] - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :query limit: Show ``limit`` last created containers, include non-running ones. - :query since: Show only containers created since Id, include non-running ones. - :query before: Show only containers created before Id, include non-running ones. - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create a container -****************** - -.. http:post:: /containers/create - - Create a container - - **Example request**: - - .. sourcecode:: http - - POST /containers/create HTTP/1.1 - Content-Type: application/json - - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":true, - "AttachStderr":true, - "PortSpecs":null, - "Tty":false, - "OpenStdin":false, - "StdinOnce":false, - "Env":null, - "Cmd":[ - "date" - ], - "Dns":null, - "Image":"ubuntu", - "Volumes":{}, - "VolumesFrom":"" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/json - - { - "Id":"e90e34656806" - "Warnings":[] - } - - :jsonparam config: the container's configuration - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 406: impossible to attach (container not running) - :statuscode 500: server error - - -Inspect a container -******************* - -.. http:get:: /containers/(id)/json - - Return low-level information on the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", - "Created": "2013-05-07T14:51:42.041847+02:00", - "Path": "date", - "Args": [], - "Config": { - "Hostname": "4fa6e0f0c678", - "User": "", - "Memory": 0, - "MemorySwap": 0, - "AttachStdin": false, - "AttachStdout": true, - "AttachStderr": true, - "PortSpecs": null, - "Tty": false, - "OpenStdin": false, - "StdinOnce": false, - "Env": null, - "Cmd": [ - "date" - ], - "Dns": null, - "Image": "ubuntu", - "Volumes": {}, - "VolumesFrom": "" - }, - "State": { - "Running": false, - "Pid": 0, - "ExitCode": 0, - "StartedAt": "2013-05-07T14:51:42.087658+02:01360", - "Ghost": false - }, - "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "NetworkSettings": { - "IpAddress": "", - "IpPrefixLen": 0, - "Gateway": "", - "Bridge": "", - "PortMapping": null - }, - "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", - "ResolvConfPath": "/etc/resolv.conf", - "Volumes": {} - } - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Inspect changes on a container's filesystem -******************************************* - -.. http:get:: /containers/(id)/changes - - Inspect changes on container ``id`` 's filesystem - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/changes HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Path":"/dev", - "Kind":0 - }, - { - "Path":"/dev/kmsg", - "Kind":1 - }, - { - "Path":"/test", - "Kind":1 - } - ] - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Export a container -****************** - -.. http:get:: /containers/(id)/export - - Export the contents of container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/export HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Start a container -***************** - -.. http:post:: /containers/(id)/start - - Start the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/start HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Stop a container -**************** - -.. http:post:: /containers/(id)/stop - - Stop the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/stop?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Restart a container -******************* - -.. http:post:: /containers/(id)/restart - - Restart the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/restart?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Kill a container -**************** - -.. http:post:: /containers/(id)/kill - - Kill the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/kill HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Attach to a container -********************* - -.. http:post:: /containers/(id)/attach - - Attach to the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/vnd.docker.raw-stream - - {{ STREAM }} - - :query logs: 1/True/true or 0/False/false, return logs. Default false - :query stream: 1/True/true or 0/False/false, return stream. Default false - :query stdin: 1/True/true or 0/False/false, if stream=true, attach to stdin. Default false - :query stdout: 1/True/true or 0/False/false, if logs=true, return stdout log, if stream=true, attach to stdout. Default false - :query stderr: 1/True/true or 0/False/false, if logs=true, return stderr log, if stream=true, attach to stderr. Default false - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -Wait a container -**************** - -.. http:post:: /containers/(id)/wait - - Block until container ``id`` stops, then returns the exit code - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/wait HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"StatusCode":0} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Remove a container -******************* - -.. http:delete:: /containers/(id) - - Remove the container ``id`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /containers/16253994b7c4?v=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query v: 1/True/true or 0/False/false, Remove the volumes associated to the container. Default false - :statuscode 204: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -2.2 Images ----------- - -List Images -*********** - -.. http:get:: /images/(format) - - List images ``format`` could be json or viz (json default) - - **Example request**: - - .. sourcecode:: http - - GET /images/json?all=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Repository":"ubuntu", - "Tag":"precise", - "Id":"b750fe79269d", - "Created":1364102658 - }, - { - "Repository":"ubuntu", - "Tag":"12.04", - "Id":"b750fe79269d", - "Created":1364102658 - } - ] - - - **Example request**: - - .. sourcecode:: http - - GET /images/viz HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: text/plain - - digraph docker { - "d82cbacda43a" -> "074be284591f" - "1496068ca813" -> "08306dc45919" - "08306dc45919" -> "0e7893146ac2" - "b750fe79269d" -> "1496068ca813" - base -> "27cf78414709" [style=invis] - "f71189fff3de" -> "9a33b36209ed" - "27cf78414709" -> "b750fe79269d" - "0e7893146ac2" -> "d6434d954665" - "d6434d954665" -> "d82cbacda43a" - base -> "e9aa60c60128" [style=invis] - "074be284591f" -> "f71189fff3de" - "b750fe79269d" [label="b750fe79269d\nubuntu",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - "e9aa60c60128" [label="e9aa60c60128\ncentos",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - "9a33b36209ed" [label="9a33b36209ed\nfedora",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - base [style=invisible] - } - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create an image -*************** - -.. http:post:: /images/create - - Create an image, either by pull it from the registry or by importing it - - **Example request**: - - .. sourcecode:: http - - POST /images/create?fromImage=ubuntu HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pulling..."} - {"status":"Pulling", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :query fromImage: name of the image to pull - :query fromSrc: source to import, - means stdin - :query repo: repository - :query tag: tag - :query registry: the registry to pull from - :statuscode 200: no error - :statuscode 500: server error - - -Insert a file in an image -************************* - -.. http:post:: /images/(name)/insert - - Insert a file from ``url`` in the image ``name`` at ``path`` - - **Example request**: - - .. sourcecode:: http - - POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Inserting..."} - {"status":"Inserting", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :statuscode 200: no error - :statuscode 500: server error - - -Inspect an image -**************** - -.. http:get:: /images/(name)/json - - Return low-level information on the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/centos/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "parent":"27cf784147099545", - "created":"2013-03-23T22:24:18.818426-07:00", - "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", - "container_config": - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":false, - "AttachStderr":false, - "PortSpecs":null, - "Tty":true, - "OpenStdin":true, - "StdinOnce":false, - "Env":null, - "Cmd": ["/bin/bash"] - ,"Dns":null, - "Image":"centos", - "Volumes":null, - "VolumesFrom":"" - } - } - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Get the history of an image -*************************** - -.. http:get:: /images/(name)/history - - Return the history of the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/fedora/history HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id":"b750fe79269d", - "Created":1364102658, - "CreatedBy":"/bin/bash" - }, - { - "Id":"27cf78414709", - "Created":1364068391, - "CreatedBy":"" - } - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Push an image on the registry -***************************** - -.. http:post:: /images/(name)/push - - Push the image ``name`` on the registry - - **Example request**: - - .. sourcecode:: http - - POST /images/test/push HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pushing..."} - {"status":"Pushing", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :query registry: the registry you wan to push, optional - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Tag an image into a repository -****************************** - -.. http:post:: /images/(name)/tag - - Tag the image ``name`` into a repository - - **Example request**: - - .. sourcecode:: http - - POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - - :query repo: The repository to tag in - :query force: 1/True/true or 0/False/false, default false - :statuscode 201: no error - :statuscode 400: bad parameter - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Remove an image -*************** - -.. http:delete:: /images/(name) - - Remove the image ``name`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /images/test HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :statuscode 204: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Search images -************* - -.. http:get:: /images/search - - Search for an image in the docker index - - **Example request**: - - .. sourcecode:: http - - GET /images/search?term=sshd HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Name":"cespare/sshd", - "Description":"" - }, - { - "Name":"johnfuller/sshd", - "Description":"" - }, - { - "Name":"dhrp/mongodb-sshd", - "Description":"" - } - ] - - :query term: term to search - :statuscode 200: no error - :statuscode 500: server error - - -2.3 Misc --------- - -Build an image from Dockerfile via stdin -**************************************** - -.. http:post:: /build - - Build an image from Dockerfile via stdin - - **Example request**: - - .. sourcecode:: http - - POST /build HTTP/1.1 - - {{ STREAM }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - {{ STREAM }} - - :query t: tag to be applied to the resulting image in case of success - :statuscode 200: no error - :statuscode 500: server error - - -Get default username and email -****************************** - -.. http:get:: /auth - - Get the default username and email - - **Example request**: - - .. sourcecode:: http - - GET /auth HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "username":"hannibal", - "email":"hannibal@a-team.com" - } - - :statuscode 200: no error - :statuscode 500: server error - - -Check auth configuration and store it -************************************* - -.. http:post:: /auth - - Get the default username and email - - **Example request**: - - .. sourcecode:: http - - POST /auth HTTP/1.1 - Content-Type: application/json - - { - "username":"hannibal", - "password:"xxxx", - "email":"hannibal@a-team.com" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 204: no error - :statuscode 500: server error - - -Display system-wide information -******************************* - -.. http:get:: /info - - Display system-wide information - - **Example request**: - - .. sourcecode:: http - - GET /info HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Containers":11, - "Images":16, - "Debug":false, - "NFd": 11, - "NGoroutines":21, - "MemoryLimit":true, - "SwapLimit":false - } - - :statuscode 200: no error - :statuscode 500: server error - - -Show the docker version information -*********************************** - -.. http:get:: /version - - Show the docker version information - - **Example request**: - - .. sourcecode:: http - - GET /version HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Version":"0.2.2", - "GitCommit":"5a2a5cc+CHANGES", - "GoVersion":"go1.0.3" - } - - :statuscode 200: no error - :statuscode 500: server error - - -Create a new image from a container's changes -********************************************* - -.. http:post:: /commit - - Create a new image from a container's changes - - **Example request**: - - .. sourcecode:: http - - POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 - Content-Type: application/json - - { - "Cmd": ["cat", "/world"], - "PortSpecs":["22"] - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/vnd.docker.raw-stream - - {"Id":"596069db4bf5"} - - :query container: source container - :query repo: repository - :query tag: tag - :query m: commit message - :query author: author (eg. "John Hannibal Smith ") - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 500: server error - - -3. Going further -================ - -3.1 Inside 'docker run' ------------------------ - -Here are the steps of 'docker run' : - -* Create the container -* If the status code is 404, it means the image doesn't exists: - * Try to pull it - * Then retry to create the container -* Start the container -* If you are not in detached mode: - * Attach to the container, using logs=1 (to have stdout and stderr from the container's start) and stream=1 -* If in detached mode or only stdin is attached: - * Display the container's id - - -3.2 Hijacking -------------- - -In this version of the API, /attach uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. diff --git a/docs/sources/reference/api/docker_remote_api_v1.10.md b/docs/sources/reference/api/docker_remote_api_v1.10.md new file mode 100644 index 0000000000..721244b49e --- /dev/null +++ b/docs/sources/reference/api/docker_remote_api_v1.10.md @@ -0,0 +1,1300 @@ +page_title: Remote API v1.10 +page_description: API Documentation for Docker +page_keywords: API, Docker, rcli, REST, documentation + +# Docker Remote API v1.10 + +## 1. Brief introduction + + - The Remote API has replaced rcli + - The daemon listens on `unix:///var/run/docker.sock` but you can + [*Bind Docker to another host/port or a Unix socket*]( + /use/basics/#bind-docker). + - The API tends to be REST, but for some complex commands, like `attach` + or `pull`, the HTTP connection is hijacked to transport `stdout, stdin` + and `stderr` + +# 2. Endpoints + +## 2.1 Containers + +### List containers + +`GET /containers/json` + +List containers + + **Example request**: + + GET /containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Id": "8dfafdbc3a40", + "Image": "base:latest", + "Command": "echo 1", + "Created": 1367854155, + "Status": "Exit 0", + "Ports":[{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}], + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "9cd87474be90", + "Image": "base:latest", + "Command": "echo 222222", + "Created": 1367854155, + "Status": "Exit 0", + "Ports":[], + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "3176a2479c92", + "Image": "base:latest", + "Command": "echo 3333333333333333", + "Created": 1367854154, + "Status": "Exit 0", + "Ports":[], + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "4cb07b47f9fb", + "Image": "base:latest", + "Command": "echo 444444444444444444444444444444444", + "Created": 1367854152, + "Status": "Exit 0", + "Ports":[], + "SizeRw":12288, + "SizeRootFs":0 + } + ] + + Query Parameters: + +   + + - **all** – 1/True/true or 0/False/false, Show all containers. + Only running containers are shown by default + - **limit** – Show `limit` last created + containers, include non-running ones. + - **since** – Show only containers created since Id, include + non-running ones. + - **before** – Show only containers created before Id, include + non-running ones. + - **size** – 1/True/true or 0/False/false, Show the containers + sizes + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **500** – server error + +### Create a container + +`POST /containers/create` + +Create a container + + **Example request**: + + POST /containers/create HTTP/1.1 + Content-Type: application/json + + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "AttachStdin":false, + "AttachStdout":true, + "AttachStderr":true, + "PortSpecs":null, + "Tty":false, + "OpenStdin":false, + "StdinOnce":false, + "Env":null, + "Cmd":[ + "date" + ], + "Image":"base", + "Volumes":{ + "/tmp": {} + }, + "WorkingDir":"", + "NetworkDisabled": false, + "ExposedPorts":{ + "22/tcp": {} + } + } + + **Example response**: + + HTTP/1.1 201 OK + Content-Type: application/json + + { + "Id":"e90e34656806" + "Warnings":[] + } + + Json Parameters: + +   + + - **config** – the container's configuration + + Query Parameters: + +   + + - **name** – Assign the specified name to the container. Must + match `/?[a-zA-Z0-9_-]+`. + + Status Codes: + + - **201** – no error + - **404** – no such container + - **406** – impossible to attach (container not running) + - **500** – server error + +### Inspect a container + +`GET /containers/(id)/json` + +Return low-level information on the container `id` + + **Example request**: + + GET /containers/4fa6e0f0c678/json HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", + "Created": "2013-05-07T14:51:42.041847+02:00", + "Path": "date", + "Args": [], + "Config": { + "Hostname": "4fa6e0f0c678", + "User": "", + "Memory": 0, + "MemorySwap": 0, + "AttachStdin": false, + "AttachStdout": true, + "AttachStderr": true, + "PortSpecs": null, + "Tty": false, + "OpenStdin": false, + "StdinOnce": false, + "Env": null, + "Cmd": [ + "date" + ], + "Image": "base", + "Volumes": {}, + "WorkingDir":"" + + }, + "State": { + "Running": false, + "Pid": 0, + "ExitCode": 0, + "StartedAt": "2013-05-07T14:51:42.087658+02:01360", + "Ghost": false + }, + "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "NetworkSettings": { + "IpAddress": "", + "IpPrefixLen": 0, + "Gateway": "", + "Bridge": "", + "PortMapping": null + }, + "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", + "ResolvConfPath": "/etc/resolv.conf", + "Volumes": {}, + "HostConfig": { + "Binds": null, + "ContainerIDFile": "", + "LxcConf": [], + "Privileged": false, + "PortBindings": { + "80/tcp": [ + { + "HostIp": "0.0.0.0", + "HostPort": "49153" + } + ] + }, + "Links": null, + "PublishAllPorts": false + } + } + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### List processes running inside a container + +`GET /containers/(id)/top` + +List processes running inside the container `id` + + **Example request**: + + GET /containers/4fa6e0f0c678/top HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Titles":[ + "USER", + "PID", + "%CPU", + "%MEM", + "VSZ", + "RSS", + "TTY", + "STAT", + "START", + "TIME", + "COMMAND" + ], + "Processes":[ + ["root","20147","0.0","0.1","18060","1864","pts/4","S","10:06","0:00","bash"], + ["root","20271","0.0","0.0","4312","352","pts/4","S+","10:07","0:00","sleep","10"] + ] + } + + Query Parameters: + +   + + - **ps\_args** – ps arguments to use (eg. aux) + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Inspect changes on a container's filesystem + +`GET /containers/(id)/changes` + +Inspect changes on container `id` 's filesystem + + **Example request**: + + GET /containers/4fa6e0f0c678/changes HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Path":"/dev", + "Kind":0 + }, + { + "Path":"/dev/kmsg", + "Kind":1 + }, + { + "Path":"/test", + "Kind":1 + } + ] + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Export a container + +`GET /containers/(id)/export` + +Export the contents of container `id` + + **Example request**: + + GET /containers/4fa6e0f0c678/export HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/octet-stream + + {{ STREAM }} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Start a container + +`POST /containers/(id)/start` + +Start the container `id` + + **Example request**: + + POST /containers/(id)/start HTTP/1.1 + Content-Type: application/json + + { + "Binds":["/tmp:/tmp"], + "LxcConf":{"lxc.utsname":"docker"}, + "PortBindings":{ "22/tcp": [{ "HostPort": "11022" }] }, + "PublishAllPorts":false, + "Privileged":false + "Dns": ["8.8.8.8"], + "VolumesFrom: ["parent", "other:ro"] + } + + **Example response**: + + HTTP/1.1 204 No Content + Content-Type: text/plain + + Json Parameters: + +   + + - **hostConfig** – the container's host configuration (optional) + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Stop a container + +`POST /containers/(id)/stop` + +Stop the container `id` + + **Example request**: + + POST /containers/e90e34656806/stop?t=5 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **t** – number of seconds to wait before killing the container + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Restart a container + +`POST /containers/(id)/restart` + +Restart the container `id` + + **Example request**: + + POST /containers/e90e34656806/restart?t=5 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **t** – number of seconds to wait before killing the container + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Kill a container + +`POST /containers/(id)/kill` + +Kill the container `id` + + **Example request**: + + POST /containers/e90e34656806/kill HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters + + - **signal** - Signal to send to the container: integer or string like "SIGINT". + When not set, SIGKILL is assumed and the call will waits for the container to exit. + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Attach to a container + +`POST /containers/(id)/attach` + +Attach to the container `id` + + **Example request**: + + POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/vnd.docker.raw-stream + + {{ STREAM }} + + Query Parameters: + +   + + - **logs** – 1/True/true or 0/False/false, return logs. Default + false + - **stream** – 1/True/true or 0/False/false, return stream. + Default false + - **stdin** – 1/True/true or 0/False/false, if stream=true, attach + to stdin. Default false + - **stdout** – 1/True/true or 0/False/false, if logs=true, return + stdout log, if stream=true, attach to stdout. Default false + - **stderr** – 1/True/true or 0/False/false, if logs=true, return + stderr log, if stream=true, attach to stderr. Default false + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **404** – no such container + - **500** – server error + + **Stream details**: + + When using the TTY setting is enabled in + [`POST /containers/create` +](../docker_remote_api_v1.9/#post--containers-create "POST /containers/create"), + the stream is the raw data from the process PTY and client's stdin. + When the TTY is disabled, then the stream is multiplexed to separate + stdout and stderr. + + The format is a **Header** and a **Payload** (frame). + + **HEADER** + + The header will contain the information on which stream write the + stream (stdout or stderr). It also contain the size of the + associated frame encoded on the last 4 bytes (uint32). + + It is encoded on the first 8 bytes like this: + + header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4} + + `STREAM_TYPE` can be: + + - 0: stdin (will be writen on stdout) + - 1: stdout + - 2: stderr + + `SIZE1, SIZE2, SIZE3, SIZE4` are the 4 bytes of + the uint32 size encoded as big endian. + + **PAYLOAD** + + The payload is the raw stream. + + **IMPLEMENTATION** + + The simplest way to implement the Attach protocol is the following: + + 1. Read 8 bytes + 2. chose stdout or stderr depending on the first byte + 3. Extract the frame size from the last 4 byets + 4. Read the extracted size and output it on the correct output + 5. Goto 1) + +### Wait a container + +`POST /containers/(id)/wait` + +Block until container `id` stops, then returns + the exit code + + **Example request**: + + POST /containers/16253994b7c4/wait HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"StatusCode":0} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Remove a container + + `DELETE /containers/(id*) +: Remove the container `id` from the filesystem + + **Example request**: + + DELETE /containers/16253994b7c4?v=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **v** – 1/True/true or 0/False/false, Remove the volumes + associated to the container. Default false + - **force** – 1/True/true or 0/False/false, Removes the container + even if it was running. Default false + + Status Codes: + + - **204** – no error + - **400** – bad parameter + - **404** – no such container + - **500** – server error + +### Copy files or folders from a container + +`POST /containers/(id)/copy` + +Copy files or folders of container `id` + + **Example request**: + + POST /containers/4fa6e0f0c678/copy HTTP/1.1 + Content-Type: application/json + + { + "Resource":"test.txt" + } + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/octet-stream + + {{ STREAM }} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### 2.2 Images + +### List Images + +`GET /images/json` + +**Example request**: + + GET /images/json?all=0 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "RepoTags": [ + "ubuntu:12.04", + "ubuntu:precise", + "ubuntu:latest" + ], + "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", + "Created": 1365714795, + "Size": 131506275, + "VirtualSize": 131506275 + }, + { + "RepoTags": [ + "ubuntu:12.10", + "ubuntu:quantal" + ], + "ParentId": "27cf784147099545", + "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "Created": 1364102658, + "Size": 24653, + "VirtualSize": 180116135 + } + ] + +### Create an image + +`POST /images/create` + +Create an image, either by pull it from the registry or by importing + it + + **Example request**: + + POST /images/create?fromImage=base HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Pulling..."} + {"status":"Pulling", "progress":"1 B/ 100 B", "progressDetail":{"current":1, "total":100}} + {"error":"Invalid..."} + ... + + When using this endpoint to pull an image from the registry, the + `X-Registry-Auth` header can be used to include + a base64-encoded AuthConfig object. + + Query Parameters: + +   + + - **fromImage** – name of the image to pull + - **fromSrc** – source to import, - means stdin + - **repo** – repository + - **tag** – tag + - **registry** – the registry to pull from + + Request Headers: + +   + + - **X-Registry-Auth** – base64-encoded AuthConfig object + + Status Codes: + + - **200** – no error + - **500** – server error + +### Insert a file in an image + +`POST /images/(name)/insert` + +Insert a file from `url` in the image + `name` at `path` + + **Example request**: + + POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Inserting..."} + {"status":"Inserting", "progress":"1/? (n/a)", "progressDetail":{"current":1}} + {"error":"Invalid..."} + ... + + Status Codes: + + - **200** – no error + - **500** – server error + +### Inspect an image + +`GET /images/(name)/json` + +Return low-level information on the image `name` + + **Example request**: + + GET /images/base/json HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "parent":"27cf784147099545", + "created":"2013-03-23T22:24:18.818426-07:00", + "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", + "container_config": + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "AttachStdin":false, + "AttachStdout":false, + "AttachStderr":false, + "PortSpecs":null, + "Tty":true, + "OpenStdin":true, + "StdinOnce":false, + "Env":null, + "Cmd": ["/bin/bash"] + "Image":"base", + "Volumes":null, + "WorkingDir":"" + }, + "Size": 6824592 + } + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Get the history of an image + +`GET /images/(name)/history` + +Return the history of the image `name` + + **Example request**: + + GET /images/base/history HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Id":"b750fe79269d", + "Created":1364102658, + "CreatedBy":"/bin/bash" + }, + { + "Id":"27cf78414709", + "Created":1364068391, + "CreatedBy":"" + } + ] + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Push an image on the registry + +`POST /images/(name)/push` + +Push the image `name` on the registry + + **Example request**: + + POST /images/test/push HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Pushing..."} + {"status":"Pushing", "progress":"1/? (n/a)", "progressDetail":{"current":1}}} + {"error":"Invalid..."} + ... + + Query Parameters: + +   + + - **registry** – the registry you wan to push, optional + + Request Headers: + +   + + - **X-Registry-Auth** – include a base64-encoded AuthConfig + object. + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Tag an image into a repository + +`POST /images/(name)/tag` + +Tag the image `name` into a repository + + **Example request**: + + POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 + + **Example response**: + + HTTP/1.1 201 OK + + Query Parameters: + +   + + - **repo** – The repository to tag in + - **force** – 1/True/true or 0/False/false, default false + + Status Codes: + + - **201** – no error + - **400** – bad parameter + - **404** – no such image + - **409** – conflict + - **500** – server error + +### Remove an image + + `DELETE /images/(name*) +: Remove the image `name` from the filesystem + + **Example request**: + + DELETE /images/test HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-type: application/json + + [ + {"Untagged":"3e2f21a89f"}, + {"Deleted":"3e2f21a89f"}, + {"Deleted":"53b4f83ac9"} + ] + + Query Parameters: + +   + + - **force** – 1/True/true or 0/False/false, default false + - **noprune** – 1/True/true or 0/False/false, default false + + Status Codes: + + - **200** – no error + - **404** – no such image + - **409** – conflict + - **500** – server error + +### Search images + +`GET /images/search` + +Search for an image on [Docker.io](https://index.docker.io). + +> **Note**: +> The response keys have changed from API v1.6 to reflect the JSON +> sent by the registry server to the docker daemon's request. + + **Example request**: + + GET /images/search?term=sshd HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "description": "", + "is_official": false, + "is_trusted": false, + "name": "wma55/u1210sshd", + "star_count": 0 + }, + { + "description": "", + "is_official": false, + "is_trusted": false, + "name": "jdswinbank/sshd", + "star_count": 0 + }, + { + "description": "", + "is_official": false, + "is_trusted": false, + "name": "vgauthier/sshd", + "star_count": 0 + } + ... + ] + + Query Parameters: + +   + + - **term** – term to search + + Status Codes: + + - **200** – no error + - **500** – server error + +### 2.3 Misc + +### Build an image from Dockerfile via stdin + +`POST /build` + +Build an image from Dockerfile via stdin + + **Example request**: + + POST /build HTTP/1.1 + + {{ STREAM }} + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"stream":"Step 1..."} + {"stream":"..."} + {"error":"Error...", "errorDetail":{"code": 123, "message": "Error..."}} + + The stream must be a tar archive compressed with one of the + following algorithms: identity (no compression), gzip, bzip2, xz. + + The archive must include a file called `Dockerfile` + at its root. It may include any number of other files, + which will be accessible in the build context (See the [*ADD build + command*](/reference/builder/#dockerbuilder)). + + Query Parameters: + +   + + - **t** – repository name (and optionally a tag) to be applied to + the resulting image in case of success + - **q** – suppress verbose build output + - **nocache** – do not use the cache when building the image + + Request Headers: + +   + + - **Content-type** – should be set to + `"application/tar"`. + - **X-Registry-Config** – base64-encoded ConfigFile object + + Status Codes: + + - **200** – no error + - **500** – server error + +### Check auth configuration + +`POST /auth` + +Get the default username and email + + **Example request**: + + POST /auth HTTP/1.1 + Content-Type: application/json + + { + "username":"hannibal", + "password:"xxxx", + "email":"hannibal@a-team.com", + "serveraddress":"https://index.docker.io/v1/" + } + + **Example response**: + + HTTP/1.1 200 OK + + Status Codes: + + - **200** – no error + - **204** – no error + - **500** – server error + +### Display system-wide information + +`GET /info` + +Display system-wide information + + **Example request**: + + GET /info HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Containers":11, + "Images":16, + "Debug":false, + "NFd": 11, + "NGoroutines":21, + "MemoryLimit":true, + "SwapLimit":false, + "IPv4Forwarding":true + } + + Status Codes: + + - **200** – no error + - **500** – server error + +### Show the docker version information + +`GET /version` + +Show the docker version information + + **Example request**: + + GET /version HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Version":"0.2.2", + "GitCommit":"5a2a5cc+CHANGES", + "GoVersion":"go1.0.3" + } + + Status Codes: + + - **200** – no error + - **500** – server error + +### Create a new image from a container's changes + +`POST /commit` + +Create a new image from a container's changes + + **Example request**: + + POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 + Content-Type: application/json + + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "AttachStdin":false, + "AttachStdout":true, + "AttachStderr":true, + "PortSpecs":null, + "Tty":false, + "OpenStdin":false, + "StdinOnce":false, + "Env":null, + "Cmd":[ + "date" + ], + "Volumes":{ + "/tmp": {} + }, + "WorkingDir":"", + "NetworkDisabled": false, + "ExposedPorts":{ + "22/tcp": {} + } + } + + **Example response**: + + HTTP/1.1 201 OK + Content-Type: application/vnd.docker.raw-stream + + {"Id":"596069db4bf5"} + + + Json Parameters: + + + + - **config** - the container's configuration + + Query Parameters: + +   + + - **container** – source container + - **repo** – repository + - **tag** – tag + - **m** – commit message + - **author** – author (eg. "John Hannibal Smith + <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>") + + Status Codes: + + - **201** – no error + - **404** – no such container + - **500** – server error + +### Monitor Docker's events + +`GET /events` + +Get events from docker, either in real time via streaming, or via + polling (using since) + + **Example request**: + + GET /events?since=1374067924 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"create","id":"dfdf82bd3881","from":"base:latest","time":1374067924} + {"status":"start","id":"dfdf82bd3881","from":"base:latest","time":1374067924} + {"status":"stop","id":"dfdf82bd3881","from":"base:latest","time":1374067966} + {"status":"destroy","id":"dfdf82bd3881","from":"base:latest","time":1374067970} + + Query Parameters: + +   + + - **since** – timestamp used for polling + + Status Codes: + + - **200** – no error + - **500** – server error + +### Get a tarball containing all images and tags in a repository + +`GET /images/(name)/get` + +Get a tarball containing all images and metadata for the repository + specified by `name`. + + **Example request** + + GET /images/ubuntu/get + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/x-tar + + Binary data stream + + Status Codes: + + - **200** – no error + - **500** – server error + +### Load a tarball with a set of images and tags into docker + +`POST /images/load` + +Load a set of images and tags into the docker repository. + + **Example request** + + POST /images/load + + Tarball in body + + **Example response**: + + HTTP/1.1 200 OK + + Status Codes: + + - **200** – no error + - **500** – server error + +# 3. Going further + +## 3.1 Inside `docker run` + +Here are the steps of `docker run` : + + - Create the container + + - If the status code is 404, it means the image doesn't exists: + - Try to pull it + - Then retry to create the container + + - Start the container + + - If you are not in detached mode: + - Attach to the container, using logs=1 (to have stdout and + stderr from the container's start) and stream=1 + + - If in detached mode or only stdin is attached: + - Display the container's id + +## 3.2 Hijacking + +In this version of the API, /attach, uses hijacking to transport stdin, +stdout and stderr on the same socket. This might change in the future. + +## 3.3 CORS Requests + +To enable cross origin requests to the remote api add the flag +"–api-enable-cors" when running docker in daemon mode. + + $ docker -d -H="192.168.1.9:4243" --api-enable-cors diff --git a/docs/sources/reference/api/docker_remote_api_v1.10.rst b/docs/sources/reference/api/docker_remote_api_v1.10.rst deleted file mode 100644 index 98827c9eb2..0000000000 --- a/docs/sources/reference/api/docker_remote_api_v1.10.rst +++ /dev/null @@ -1,1285 +0,0 @@ -:title: Remote API v1.10 -:description: API Documentation for Docker -:keywords: API, Docker, rcli, REST, documentation - -:orphan: - -======================= -Docker Remote API v1.10 -======================= - -.. contents:: Table of Contents - -1. Brief introduction -===================== - -- The Remote API has replaced rcli -- The daemon listens on ``unix:///var/run/docker.sock``, but you can - :ref:`bind_docker`. -- The API tends to be REST, but for some complex commands, like - ``attach`` or ``pull``, the HTTP connection is hijacked to transport - ``stdout, stdin`` and ``stderr`` - -2. Endpoints -============ - -2.1 Containers --------------- - -List containers -*************** - -.. http:get:: /containers/json - - List containers - - **Example request**: - - .. sourcecode:: http - - GET /containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id": "8dfafdbc3a40", - "Image": "base:latest", - "Command": "echo 1", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":[{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "9cd87474be90", - "Image": "base:latest", - "Command": "echo 222222", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "3176a2479c92", - "Image": "base:latest", - "Command": "echo 3333333333333333", - "Created": 1367854154, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "4cb07b47f9fb", - "Image": "base:latest", - "Command": "echo 444444444444444444444444444444444", - "Created": 1367854152, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - } - ] - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :query limit: Show ``limit`` last created containers, include non-running ones. - :query since: Show only containers created since Id, include non-running ones. - :query before: Show only containers created before Id, include non-running ones. - :query size: 1/True/true or 0/False/false, Show the containers sizes - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create a container -****************** - -.. http:post:: /containers/create - - Create a container - - **Example request**: - - .. sourcecode:: http - - POST /containers/create HTTP/1.1 - Content-Type: application/json - - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":true, - "AttachStderr":true, - "PortSpecs":null, - "Tty":false, - "OpenStdin":false, - "StdinOnce":false, - "Env":null, - "Cmd":[ - "date" - ], - "Dns":null, - "Image":"base", - "Volumes":{ - "/tmp": {} - }, - "VolumesFrom":"", - "WorkingDir":"", - "DisableNetwork": false, - "ExposedPorts":{ - "22/tcp": {} - } - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/json - - { - "Id":"e90e34656806" - "Warnings":[] - } - - :jsonparam config: the container's configuration - :query name: Assign the specified name to the container. Must match ``/?[a-zA-Z0-9_-]+``. - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 406: impossible to attach (container not running) - :statuscode 500: server error - - -Inspect a container -******************* - -.. http:get:: /containers/(id)/json - - Return low-level information on the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", - "Created": "2013-05-07T14:51:42.041847+02:00", - "Path": "date", - "Args": [], - "Config": { - "Hostname": "4fa6e0f0c678", - "User": "", - "Memory": 0, - "MemorySwap": 0, - "AttachStdin": false, - "AttachStdout": true, - "AttachStderr": true, - "PortSpecs": null, - "Tty": false, - "OpenStdin": false, - "StdinOnce": false, - "Env": null, - "Cmd": [ - "date" - ], - "Dns": null, - "Image": "base", - "Volumes": {}, - "VolumesFrom": "", - "WorkingDir":"" - - }, - "State": { - "Running": false, - "Pid": 0, - "ExitCode": 0, - "StartedAt": "2013-05-07T14:51:42.087658+02:01360", - "Ghost": false - }, - "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "NetworkSettings": { - "IpAddress": "", - "IpPrefixLen": 0, - "Gateway": "", - "Bridge": "", - "PortMapping": null - }, - "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", - "ResolvConfPath": "/etc/resolv.conf", - "Volumes": {}, - "HostConfig": { - "Binds": null, - "ContainerIDFile": "", - "LxcConf": [], - "Privileged": false, - "PortBindings": { - "80/tcp": [ - { - "HostIp": "0.0.0.0", - "HostPort": "49153" - } - ] - }, - "Links": null, - "PublishAllPorts": false - } - } - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -List processes running inside a container -***************************************** - -.. http:get:: /containers/(id)/top - - List processes running inside the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/top HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Titles":[ - "USER", - "PID", - "%CPU", - "%MEM", - "VSZ", - "RSS", - "TTY", - "STAT", - "START", - "TIME", - "COMMAND" - ], - "Processes":[ - ["root","20147","0.0","0.1","18060","1864","pts/4","S","10:06","0:00","bash"], - ["root","20271","0.0","0.0","4312","352","pts/4","S+","10:07","0:00","sleep","10"] - ] - } - - :query ps_args: ps arguments to use (eg. aux) - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Inspect changes on a container's filesystem -******************************************* - -.. http:get:: /containers/(id)/changes - - Inspect changes on container ``id`` 's filesystem - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/changes HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Path":"/dev", - "Kind":0 - }, - { - "Path":"/dev/kmsg", - "Kind":1 - }, - { - "Path":"/test", - "Kind":1 - } - ] - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Export a container -****************** - -.. http:get:: /containers/(id)/export - - Export the contents of container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/export HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Start a container -***************** - -.. http:post:: /containers/(id)/start - - Start the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/(id)/start HTTP/1.1 - Content-Type: application/json - - { - "Binds":["/tmp:/tmp"], - "LxcConf":{"lxc.utsname":"docker"}, - "PortBindings":{ "22/tcp": [{ "HostPort": "11022" }] }, - "PublishAllPorts":false, - "Privileged":false - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 No Content - Content-Type: text/plain - - :jsonparam hostConfig: the container's host configuration (optional) - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Stop a container -**************** - -.. http:post:: /containers/(id)/stop - - Stop the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/stop?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Restart a container -******************* - -.. http:post:: /containers/(id)/restart - - Restart the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/restart?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Kill a container -**************** - -.. http:post:: /containers/(id)/kill - - Kill the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/kill HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Attach to a container -********************* - -.. http:post:: /containers/(id)/attach - - Attach to the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/vnd.docker.raw-stream - - {{ STREAM }} - - :query logs: 1/True/true or 0/False/false, return logs. Default false - :query stream: 1/True/true or 0/False/false, return stream. Default false - :query stdin: 1/True/true or 0/False/false, if stream=true, attach to stdin. Default false - :query stdout: 1/True/true or 0/False/false, if logs=true, return stdout log, if stream=true, attach to stdout. Default false - :query stderr: 1/True/true or 0/False/false, if logs=true, return stderr log, if stream=true, attach to stderr. Default false - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - **Stream details**: - - When using the TTY setting is enabled in - :http:post:`/containers/create`, the stream is the raw data - from the process PTY and client's stdin. When the TTY is - disabled, then the stream is multiplexed to separate stdout - and stderr. - - The format is a **Header** and a **Payload** (frame). - - **HEADER** - - The header will contain the information on which stream write - the stream (stdout or stderr). It also contain the size of - the associated frame encoded on the last 4 bytes (uint32). - - It is encoded on the first 8 bytes like this:: - - header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4} - - ``STREAM_TYPE`` can be: - - - 0: stdin (will be writen on stdout) - - 1: stdout - - 2: stderr - - ``SIZE1, SIZE2, SIZE3, SIZE4`` are the 4 bytes of the uint32 size encoded as big endian. - - **PAYLOAD** - - The payload is the raw stream. - - **IMPLEMENTATION** - - The simplest way to implement the Attach protocol is the following: - - 1) Read 8 bytes - 2) chose stdout or stderr depending on the first byte - 3) Extract the frame size from the last 4 byets - 4) Read the extracted size and output it on the correct output - 5) Goto 1) - - - -Wait a container -**************** - -.. http:post:: /containers/(id)/wait - - Block until container ``id`` stops, then returns the exit code - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/wait HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"StatusCode":0} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Remove a container -******************* - -.. http:delete:: /containers/(id) - - Remove the container ``id`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /containers/16253994b7c4?v=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query v: 1/True/true or 0/False/false, Remove the volumes associated to the container. Default false - :query force: 1/True/true or 0/False/false, Removes the container even if it was running. Default false - :statuscode 204: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -Copy files or folders from a container -************************************** - -.. http:post:: /containers/(id)/copy - - Copy files or folders of container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/4fa6e0f0c678/copy HTTP/1.1 - Content-Type: application/json - - { - "Resource":"test.txt" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -2.2 Images ----------- - -List Images -*********** - -.. http:get:: /images/json - - **Example request**: - - .. sourcecode:: http - - GET /images/json?all=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "RepoTags": [ - "ubuntu:12.04", - "ubuntu:precise", - "ubuntu:latest" - ], - "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", - "Created": 1365714795, - "Size": 131506275, - "VirtualSize": 131506275 - }, - { - "RepoTags": [ - "ubuntu:12.10", - "ubuntu:quantal" - ], - "ParentId": "27cf784147099545", - "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "Created": 1364102658, - "Size": 24653, - "VirtualSize": 180116135 - } - ] - - -Create an image -*************** - -.. http:post:: /images/create - - Create an image, either by pull it from the registry or by importing it - - **Example request**: - - .. sourcecode:: http - - POST /images/create?fromImage=base HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pulling..."} - {"status":"Pulling", "progress":"1 B/ 100 B", "progressDetail":{"current":1, "total":100}} - {"error":"Invalid..."} - ... - - When using this endpoint to pull an image from the registry, - the ``X-Registry-Auth`` header can be used to include a - base64-encoded AuthConfig object. - - :query fromImage: name of the image to pull - :query fromSrc: source to import, - means stdin - :query repo: repository - :query tag: tag - :query registry: the registry to pull from - :reqheader X-Registry-Auth: base64-encoded AuthConfig object - :statuscode 200: no error - :statuscode 500: server error - - - -Insert a file in an image -************************* - -.. http:post:: /images/(name)/insert - - Insert a file from ``url`` in the image ``name`` at ``path`` - - **Example request**: - - .. sourcecode:: http - - POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Inserting..."} - {"status":"Inserting", "progress":"1/? (n/a)", "progressDetail":{"current":1}} - {"error":"Invalid..."} - ... - - :statuscode 200: no error - :statuscode 500: server error - - -Inspect an image -**************** - -.. http:get:: /images/(name)/json - - Return low-level information on the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/base/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "parent":"27cf784147099545", - "created":"2013-03-23T22:24:18.818426-07:00", - "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", - "container_config": - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":false, - "AttachStderr":false, - "PortSpecs":null, - "Tty":true, - "OpenStdin":true, - "StdinOnce":false, - "Env":null, - "Cmd": ["/bin/bash"] - ,"Dns":null, - "Image":"base", - "Volumes":null, - "VolumesFrom":"", - "WorkingDir":"" - }, - "Size": 6824592 - } - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Get the history of an image -*************************** - -.. http:get:: /images/(name)/history - - Return the history of the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/base/history HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id":"b750fe79269d", - "Created":1364102658, - "CreatedBy":"/bin/bash" - }, - { - "Id":"27cf78414709", - "Created":1364068391, - "CreatedBy":"" - } - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Push an image on the registry -***************************** - -.. http:post:: /images/(name)/push - - Push the image ``name`` on the registry - - **Example request**: - - .. sourcecode:: http - - POST /images/test/push HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pushing..."} - {"status":"Pushing", "progress":"1/? (n/a)", "progressDetail":{"current":1}}} - {"error":"Invalid..."} - ... - - :query registry: the registry you wan to push, optional - :reqheader X-Registry-Auth: include a base64-encoded AuthConfig object. - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Tag an image into a repository -****************************** - -.. http:post:: /images/(name)/tag - - Tag the image ``name`` into a repository - - **Example request**: - - .. sourcecode:: http - - POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - - :query repo: The repository to tag in - :query force: 1/True/true or 0/False/false, default false - :statuscode 201: no error - :statuscode 400: bad parameter - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Remove an image -*************** - -.. http:delete:: /images/(name) - - Remove the image ``name`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /images/test HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-type: application/json - - [ - {"Untagged":"3e2f21a89f"}, - {"Deleted":"3e2f21a89f"}, - {"Deleted":"53b4f83ac9"} - ] - - :query force: 1/True/true or 0/False/false, default false - :query noprune: 1/True/true or 0/False/false, default false - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Search images -************* - -.. http:get:: /images/search - - Search for an image in the docker index. - - .. note:: - - The response keys have changed from API v1.6 to reflect the JSON - sent by the registry server to the docker daemon's request. - - **Example request**: - - .. sourcecode:: http - - GET /images/search?term=sshd HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "description": "", - "is_official": false, - "is_trusted": false, - "name": "wma55/u1210sshd", - "star_count": 0 - }, - { - "description": "", - "is_official": false, - "is_trusted": false, - "name": "jdswinbank/sshd", - "star_count": 0 - }, - { - "description": "", - "is_official": false, - "is_trusted": false, - "name": "vgauthier/sshd", - "star_count": 0 - } - ... - ] - - :query term: term to search - :statuscode 200: no error - :statuscode 500: server error - - -2.3 Misc --------- - -Build an image from Dockerfile via stdin -**************************************** - -.. http:post:: /build - - Build an image from Dockerfile via stdin - - **Example request**: - - .. sourcecode:: http - - POST /build HTTP/1.1 - - {{ STREAM }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"stream":"Step 1..."} - {"stream":"..."} - {"error":"Error...", "errorDetail":{"code": 123, "message": "Error..."}} - - - The stream must be a tar archive compressed with one of the - following algorithms: identity (no compression), gzip, bzip2, - xz. - - The archive must include a file called ``Dockerfile`` at its - root. It may include any number of other files, which will be - accessible in the build context (See the :ref:`ADD build command - `). - - :query t: repository name (and optionally a tag) to be applied to the resulting image in case of success - :query q: suppress verbose build output - :query nocache: do not use the cache when building the image - :reqheader Content-type: should be set to ``"application/tar"``. - :reqheader X-Registry-Config: base64-encoded ConfigFile object - :statuscode 200: no error - :statuscode 500: server error - - - -Check auth configuration -************************ - -.. http:post:: /auth - - Get the default username and email - - **Example request**: - - .. sourcecode:: http - - POST /auth HTTP/1.1 - Content-Type: application/json - - { - "username":"hannibal", - "password:"xxxx", - "email":"hannibal@a-team.com", - "serveraddress":"https://index.docker.io/v1/" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 204: no error - :statuscode 500: server error - - -Display system-wide information -******************************* - -.. http:get:: /info - - Display system-wide information - - **Example request**: - - .. sourcecode:: http - - GET /info HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Containers":11, - "Images":16, - "Debug":false, - "NFd": 11, - "NGoroutines":21, - "MemoryLimit":true, - "SwapLimit":false, - "IPv4Forwarding":true - } - - :statuscode 200: no error - :statuscode 500: server error - - -Show the docker version information -*********************************** - -.. http:get:: /version - - Show the docker version information - - **Example request**: - - .. sourcecode:: http - - GET /version HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Version":"0.2.2", - "GitCommit":"5a2a5cc+CHANGES", - "GoVersion":"go1.0.3" - } - - :statuscode 200: no error - :statuscode 500: server error - - -Create a new image from a container's changes -********************************************* - -.. http:post:: /commit - - Create a new image from a container's changes - - **Example request**: - - .. sourcecode:: http - - POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/vnd.docker.raw-stream - - {"Id":"596069db4bf5"} - - :query container: source container - :query repo: repository - :query tag: tag - :query m: commit message - :query author: author (eg. "John Hannibal Smith ") - :query run: config automatically applied when the image is run. (ex: {"Cmd": ["cat", "/world"], "PortSpecs":["22"]}) - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Monitor Docker's events -*********************** - -.. http:get:: /events - - Get events from docker, either in real time via streaming, or via polling (using `since`) - - **Example request**: - - .. sourcecode:: http - - GET /events?since=1374067924 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"create","id":"dfdf82bd3881","from":"base:latest","time":1374067924} - {"status":"start","id":"dfdf82bd3881","from":"base:latest","time":1374067924} - {"status":"stop","id":"dfdf82bd3881","from":"base:latest","time":1374067966} - {"status":"destroy","id":"dfdf82bd3881","from":"base:latest","time":1374067970} - - :query since: timestamp used for polling - :statuscode 200: no error - :statuscode 500: server error - -Get a tarball containing all images and tags in a repository -************************************************************ - -.. http:get:: /images/(name)/get - - Get a tarball containing all images and metadata for the repository specified by ``name``. - - **Example request** - - .. sourcecode:: http - - GET /images/ubuntu/get - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/x-tar - - Binary data stream - - :statuscode 200: no error - :statuscode 500: server error - -Load a tarball with a set of images and tags into docker -******************************************************** - -.. http:post:: /images/load - - Load a set of images and tags into the docker repository. - - **Example request** - - .. sourcecode:: http - - POST /images/load - - Tarball in body - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 500: server error - -3. Going further -================ - -3.1 Inside 'docker run' ------------------------ - -Here are the steps of 'docker run' : - -* Create the container -* If the status code is 404, it means the image doesn't exists: - * Try to pull it - * Then retry to create the container -* Start the container -* If you are not in detached mode: - * Attach to the container, using logs=1 (to have stdout and stderr from the container's start) and stream=1 -* If in detached mode or only stdin is attached: - * Display the container's id - - -3.2 Hijacking -------------- - -In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. - -3.3 CORS Requests ------------------ - -To enable cross origin requests to the remote api add the flag "--api-enable-cors" when running docker in daemon mode. - -.. code-block:: bash - - docker -d -H="192.168.1.9:4243" --api-enable-cors diff --git a/docs/sources/reference/api/docker_remote_api_v1.11.md b/docs/sources/reference/api/docker_remote_api_v1.11.md new file mode 100644 index 0000000000..53e07b380c --- /dev/null +++ b/docs/sources/reference/api/docker_remote_api_v1.11.md @@ -0,0 +1,1361 @@ +page_title: Remote API v1.11 +page_description: API Documentation for Docker +page_keywords: API, Docker, rcli, REST, documentation + +# Docker Remote API v1.11 + +## 1. Brief introduction + + - The Remote API has replaced rcli + - The daemon listens on `unix:///var/run/docker.sock` but you can + [*Bind Docker to another host/port or a Unix socket*]( + /use/basics/#bind-docker). + - The API tends to be REST, but for some complex commands, like `attach` + or `pull`, the HTTP connection is hijacked to transport `stdout, stdin` + and `stderr` + +# 2. Endpoints + +## 2.1 Containers + +### List containers + +`GET /containers/json` + +List containers + + **Example request**: + + GET /containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Id": "8dfafdbc3a40", + "Image": "base:latest", + "Command": "echo 1", + "Created": 1367854155, + "Status": "Exit 0", + "Ports":[{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}], + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "9cd87474be90", + "Image": "base:latest", + "Command": "echo 222222", + "Created": 1367854155, + "Status": "Exit 0", + "Ports":[], + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "3176a2479c92", + "Image": "base:latest", + "Command": "echo 3333333333333333", + "Created": 1367854154, + "Status": "Exit 0", + "Ports":[], + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "4cb07b47f9fb", + "Image": "base:latest", + "Command": "echo 444444444444444444444444444444444", + "Created": 1367854152, + "Status": "Exit 0", + "Ports":[], + "SizeRw":12288, + "SizeRootFs":0 + } + ] + + Query Parameters: + +   + + - **all** – 1/True/true or 0/False/false, Show all containers. + Only running containers are shown by default + - **limit** – Show `limit` last created + containers, include non-running ones. + - **since** – Show only containers created since Id, include + non-running ones. + - **before** – Show only containers created before Id, include + non-running ones. + - **size** – 1/True/true or 0/False/false, Show the containers + sizes + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **500** – server error + +### Create a container + +`POST /containers/create` + +Create a container + + **Example request**: + + POST /containers/create HTTP/1.1 + Content-Type: application/json + + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "AttachStdin":false, + "AttachStdout":true, + "AttachStderr":true, + "PortSpecs":null, + "Tty":false, + "OpenStdin":false, + "StdinOnce":false, + "Env":null, + "Cmd":[ + "date" + ], + "Dns":null, + "Image":"base", + "Volumes":{ + "/tmp": {} + }, + "VolumesFrom":"", + "WorkingDir":"", + "DisableNetwork": false, + "ExposedPorts":{ + "22/tcp": {} + } + } + + **Example response**: + + HTTP/1.1 201 OK + Content-Type: application/json + + { + "Id":"e90e34656806" + "Warnings":[] + } + + Json Parameters: + +   + + - **config** – the container's configuration + + Query Parameters: + +   + + - **name** – Assign the specified name to the container. Must + match `/?[a-zA-Z0-9_-]+`. + + Status Codes: + + - **201** – no error + - **404** – no such container + - **406** – impossible to attach (container not running) + - **500** – server error + +### Inspect a container + +`GET /containers/(id)/json` + +Return low-level information on the container `id` + + + **Example request**: + + GET /containers/4fa6e0f0c678/json HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", + "Created": "2013-05-07T14:51:42.041847+02:00", + "Path": "date", + "Args": [], + "Config": { + "Hostname": "4fa6e0f0c678", + "User": "", + "Memory": 0, + "MemorySwap": 0, + "AttachStdin": false, + "AttachStdout": true, + "AttachStderr": true, + "PortSpecs": null, + "Tty": false, + "OpenStdin": false, + "StdinOnce": false, + "Env": null, + "Cmd": [ + "date" + ], + "Dns": null, + "Image": "base", + "Volumes": {}, + "VolumesFrom": "", + "WorkingDir":"" + + }, + "State": { + "Running": false, + "Pid": 0, + "ExitCode": 0, + "StartedAt": "2013-05-07T14:51:42.087658+02:01360", + "Ghost": false + }, + "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "NetworkSettings": { + "IpAddress": "", + "IpPrefixLen": 0, + "Gateway": "", + "Bridge": "", + "PortMapping": null + }, + "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", + "ResolvConfPath": "/etc/resolv.conf", + "Volumes": {}, + "HostConfig": { + "Binds": null, + "ContainerIDFile": "", + "LxcConf": [], + "Privileged": false, + "PortBindings": { + "80/tcp": [ + { + "HostIp": "0.0.0.0", + "HostPort": "49153" + } + ] + }, + "Links": null, + "PublishAllPorts": false + } + } + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### List processes running inside a container + +`GET /containers/(id)/top` + +List processes running inside the container `id` + + **Example request**: + + GET /containers/4fa6e0f0c678/top HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Titles":[ + "USER", + "PID", + "%CPU", + "%MEM", + "VSZ", + "RSS", + "TTY", + "STAT", + "START", + "TIME", + "COMMAND" + ], + "Processes":[ + ["root","20147","0.0","0.1","18060","1864","pts/4","S","10:06","0:00","bash"], + ["root","20271","0.0","0.0","4312","352","pts/4","S+","10:07","0:00","sleep","10"] + ] + } + + Query Parameters: + +   + + - **ps_args** – ps arguments to use (eg. aux) + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Get container logs + +`GET /containers/(id)/logs` + +Get stdout and stderr logs from the container ``id`` + + **Example request**: + + GET /containers/4fa6e0f0c678/logs?stderr=1&stdout=1×tamps=1&follow=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/vnd.docker.raw-stream + + {{ STREAM }} + + Query Parameters: + +   + + - **follow** – 1/True/true or 0/False/false, return stream. + Default false + - **stdout** – 1/True/true or 0/False/false, if logs=true, return + stdout log. Default false + - **stderr** – 1/True/true or 0/False/false, if logs=true, return + stderr log. Default false + - **timestamps** – 1/True/true or 0/False/false, if logs=true, print + timestamps for every log line. Default false + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Inspect changes on a container's filesystem + +`GET /containers/(id)/changes` + +Inspect changes on container `id`'s filesystem + + **Example request**: + + GET /containers/4fa6e0f0c678/changes HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Path":"/dev", + "Kind":0 + }, + { + "Path":"/dev/kmsg", + "Kind":1 + }, + { + "Path":"/test", + "Kind":1 + } + ] + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Export a container + +`GET /containers/(id)/export` + +Export the contents of container `id` + + **Example request**: + + GET /containers/4fa6e0f0c678/export HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/octet-stream + + {{ STREAM }} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Start a container + +`POST /containers/(id)/start` + +Start the container `id` + + **Example request**: + + POST /containers/(id)/start HTTP/1.1 + Content-Type: application/json + + { + "Binds":["/tmp:/tmp"], + "LxcConf":{"lxc.utsname":"docker"}, + "PortBindings":{ "22/tcp": [{ "HostPort": "11022" }] }, + "PublishAllPorts":false, + "Privileged":false + } + + **Example response**: + + HTTP/1.1 204 No Content + Content-Type: text/plain + + Json Parameters: + +   + + - **hostConfig** – the container's host configuration (optional) + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Stop a container + +`POST /containers/(id)/stop` + +Stop the container `id` + + **Example request**: + + POST /containers/e90e34656806/stop?t=5 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **t** – number of seconds to wait before killing the container + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Restart a container + +`POST /containers/(id)/restart` + +Restart the container `id` + + **Example request**: + + POST /containers/e90e34656806/restart?t=5 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **t** – number of seconds to wait before killing the container + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Kill a container + +`POST /containers/(id)/kill` + +Kill the container `id` + + **Example request**: + + POST /containers/e90e34656806/kill HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters + + - **signal** - Signal to send to the container: integer or string like "SIGINT". + When not set, SIGKILL is assumed and the call will waits for the container to exit. + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Attach to a container + +`POST /containers/(id)/attach` + +Attach to the container `id` + + **Example request**: + + POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/vnd.docker.raw-stream + + {{ STREAM }} + + Query Parameters: + +   + + - **logs** – 1/True/true or 0/False/false, return logs. Default + false + - **stream** – 1/True/true or 0/False/false, return stream. + Default false + - **stdin** – 1/True/true or 0/False/false, if stream=true, attach + to stdin. Default false + - **stdout** – 1/True/true or 0/False/false, if logs=true, return + stdout log, if stream=true, attach to stdout. Default false + - **stderr** – 1/True/true or 0/False/false, if logs=true, return + stderr log, if stream=true, attach to stderr. Default false + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **404** – no such container + - **500** – server error + + **Stream details**: + + When using the TTY setting is enabled in + [`POST /containers/create` + ](../docker_remote_api_v1.9/#post--containers-create "POST /containers/create"), + the stream is the raw data from the process PTY and client's stdin. + When the TTY is disabled, then the stream is multiplexed to separate + stdout and stderr. + + The format is a **Header** and a **Payload** (frame). + + **HEADER** + + The header will contain the information on which stream write the + stream (stdout or stderr). It also contain the size of the + associated frame encoded on the last 4 bytes (uint32). + + It is encoded on the first 8 bytes like this: + + header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4} + + `STREAM_TYPE` can be: + + - 0: stdin (will be writen on stdout) + - 1: stdout + - 2: stderr + + `SIZE1, SIZE2, SIZE3, SIZE4` are the 4 bytes of + the uint32 size encoded as big endian. + + **PAYLOAD** + + The payload is the raw stream. + + **IMPLEMENTATION** + + The simplest way to implement the Attach protocol is the following: + + 1. Read 8 bytes + 2. chose stdout or stderr depending on the first byte + 3. Extract the frame size from the last 4 byets + 4. Read the extracted size and output it on the correct output + 5. Goto 1) + +### Wait a container + +`POST /containers/(id)/wait` + +Block until container `id` stops, then returns the exit code + + **Example request**: + + POST /containers/16253994b7c4/wait HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"StatusCode":0} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Remove a container + +`DELETE /containers/(id)` + +Remove the container `id` from the filesystem + + **Example request**: + + DELETE /containers/16253994b7c4?v=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **v** – 1/True/true or 0/False/false, Remove the volumes + associated to the container. Default false + - **force** – 1/True/true or 0/False/false, Removes the container + even if it was running. Default false + + Status Codes: + + - **204** – no error + - **400** – bad parameter + - **404** – no such container + - **500** – server error + +### Copy files or folders from a container + +`POST /containers/(id)/copy` + +Copy files or folders of container `id` + + **Example request**: + + POST /containers/4fa6e0f0c678/copy HTTP/1.1 + Content-Type: application/json + + { + "Resource":"test.txt" + } + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/octet-stream + + {{ STREAM }} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +## 2.2 Images + +### List Images + +`GET /images/json` + +**Example request**: + + GET /images/json?all=0 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "RepoTags": [ + "ubuntu:12.04", + "ubuntu:precise", + "ubuntu:latest" + ], + "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", + "Created": 1365714795, + "Size": 131506275, + "VirtualSize": 131506275 + }, + { + "RepoTags": [ + "ubuntu:12.10", + "ubuntu:quantal" + ], + "ParentId": "27cf784147099545", + "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "Created": 1364102658, + "Size": 24653, + "VirtualSize": 180116135 + } + ] + +### Create an image + +`POST /images/create` + +Create an image, either by pull it from the registry or by importing it + + **Example request**: + + POST /images/create?fromImage=base HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Pulling..."} + {"status":"Pulling", "progress":"1 B/ 100 B", "progressDetail":{"current":1, "total":100}} + {"error":"Invalid..."} + ... + + When using this endpoint to pull an image from the registry, the + `X-Registry-Auth` header can be used to include + a base64-encoded AuthConfig object. + + Query Parameters: + +   + + - **fromImage** – name of the image to pull + - **fromSrc** – source to import, - means stdin + - **repo** – repository + - **tag** – tag + - **registry** – the registry to pull from + + Request Headers: + +   + + - **X-Registry-Auth** – base64-encoded AuthConfig object + + Status Codes: + + - **200** – no error + - **500** – server error + +### Insert a file in an image + +`POST /images/(name)/insert` + +Insert a file from `url` in the image `name` at `path` + + **Example request**: + + POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Inserting..."} + {"status":"Inserting", "progress":"1/? (n/a)", "progressDetail":{"current":1}} + {"error":"Invalid..."} + ... + + Status Codes: + + - **200** – no error + - **500** – server error + +### Inspect an image + +`GET /images/(name)/json` + +Return low-level information on the image `name` + + **Example request**: + + GET /images/base/json HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "parent":"27cf784147099545", + "created":"2013-03-23T22:24:18.818426-07:00", + "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", + "container_config": + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "AttachStdin":false, + "AttachStdout":false, + "AttachStderr":false, + "PortSpecs":null, + "Tty":true, + "OpenStdin":true, + "StdinOnce":false, + "Env":null, + "Cmd": ["/bin/bash"] + ,"Dns":null, + "Image":"base", + "Volumes":null, + "VolumesFrom":"", + "WorkingDir":"" + }, + "Size": 6824592 + } + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Get the history of an image + +`GET /images/(name)/history` + +Return the history of the image `name` + + **Example request**: + + GET /images/base/history HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Id":"b750fe79269d", + "Created":1364102658, + "CreatedBy":"/bin/bash" + }, + { + "Id":"27cf78414709", + "Created":1364068391, + "CreatedBy":"" + } + ] + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Push an image on the registry + +`POST /images/(name)/push` + +Push the image `name` on the registry + + **Example request**: + + POST /images/test/push HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Pushing..."} + {"status":"Pushing", "progress":"1/? (n/a)", "progressDetail":{"current":1}}} + {"error":"Invalid..."} + ... + + Query Parameters: + +   + + - **registry** – the registry you wan to push, optional + + Request Headers: + +   + + - **X-Registry-Auth** – include a base64-encoded AuthConfig + object. + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Tag an image into a repository + +`POST /images/(name)/tag` + +Tag the image `name` into a repository + + **Example request**: + + POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 + + **Example response**: + + HTTP/1.1 201 OK + + Query Parameters: + +   + + - **repo** – The repository to tag in + - **force** – 1/True/true or 0/False/false, default false + + Status Codes: + + - **201** – no error + - **400** – bad parameter + - **404** – no such image + - **409** – conflict + - **500** – server error + +### Remove an image + +`DELETE /images/(name)` + +Remove the image `name` from the filesystem + + **Example request**: + + DELETE /images/test HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-type: application/json + + [ + {"Untagged":"3e2f21a89f"}, + {"Deleted":"3e2f21a89f"}, + {"Deleted":"53b4f83ac9"} + ] + + Query Parameters: + +   + + - **force** – 1/True/true or 0/False/false, default false + - **noprune** – 1/True/true or 0/False/false, default false + + Status Codes: + + - **200** – no error + - **404** – no such image + - **409** – conflict + - **500** – server error + +### Search images + +`GET /images/search` + +Search for an image on [Docker.io](https://index.docker.io). + +> **Note**: +> The response keys have changed from API v1.6 to reflect the JSON +> sent by the registry server to the docker daemon's request. + + **Example request**: + + GET /images/search?term=sshd HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "description": "", + "is_official": false, + "is_trusted": false, + "name": "wma55/u1210sshd", + "star_count": 0 + }, + { + "description": "", + "is_official": false, + "is_trusted": false, + "name": "jdswinbank/sshd", + "star_count": 0 + }, + { + "description": "", + "is_official": false, + "is_trusted": false, + "name": "vgauthier/sshd", + "star_count": 0 + } + ... + ] + + Query Parameters: + +   + + - **term** – term to search + + Status Codes: + + - **200** – no error + - **500** – server error + +## 2.3 Misc + +### Build an image from Dockerfile via stdin + +`POST /build` + +Build an image from Dockerfile via stdin + + **Example request**: + + POST /build HTTP/1.1 + + {{ STREAM }} + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"stream":"Step 1..."} + {"stream":"..."} + {"error":"Error...", "errorDetail":{"code": 123, "message": "Error..."}} + + The stream must be a tar archive compressed with one of the + following algorithms: identity (no compression), gzip, bzip2, xz. + + The archive must include a file called `Dockerfile` + at its root. It may include any number of other files, + which will be accessible in the build context (See the [*ADD build + command*](/reference/builder/#dockerbuilder)). + + Query Parameters: + +   + + - **t** – repository name (and optionally a tag) to be applied to + the resulting image in case of success + - **q** – suppress verbose build output + - **nocache** – do not use the cache when building the image + + Request Headers: + +   + + - **Content-type** – should be set to + `"application/tar"`. + - **X-Registry-Config** – base64-encoded ConfigFile object + + Status Codes: + + - **200** – no error + - **500** – server error + +### Check auth configuration + +`POST /auth` + +Get the default username and email + + **Example request**: + + POST /auth HTTP/1.1 + Content-Type: application/json + + { + "username":"hannibal", + "password:"xxxx", + "email":"hannibal@a-team.com", + "serveraddress":"https://index.docker.io/v1/" + } + + **Example response**: + + HTTP/1.1 200 OK + + Status Codes: + + - **200** – no error + - **204** – no error + - **500** – server error + +### Display system-wide information + +`GET /info` + +Display system-wide information + + **Example request**: + + GET /info HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Containers":11, + "Images":16, + "Debug":false, + "NFd": 11, + "NGoroutines":21, + "MemoryLimit":true, + "SwapLimit":false, + "IPv4Forwarding":true + } + + Status Codes: + + - **200** – no error + - **500** – server error + +### Show the docker version information + +`GET /version` + +Show the docker version information + + **Example request**: + + GET /version HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Version":"0.2.2", + "GitCommit":"5a2a5cc+CHANGES", + "GoVersion":"go1.0.3" + } + + Status Codes: + + - **200** – no error + - **500** – server error + +### Ping the docker server + +`GET /_ping` + +Ping the docker server + + **Example request**: + + GET /_ping HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + + OK + + Status Codes: + + - **200** - no error + - **500** - server error + +### Create a new image from a container's changes + +`POST /commit` + +Create a new image from a container's changes + + **Example request**: + + POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 + Content-Type: application/json + + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "AttachStdin":false, + "AttachStdout":true, + "AttachStderr":true, + "PortSpecs":null, + "Tty":false, + "OpenStdin":false, + "StdinOnce":false, + "Env":null, + "Cmd":[ + "date" + ], + "Volumes":{ + "/tmp": {} + }, + "WorkingDir":"", + "DisableNetwork": false, + "ExposedPorts":{ + "22/tcp": {} + } + } + + **Example response**: + + HTTP/1.1 201 OK + Content-Type: application/vnd.docker.raw-stream + + {"Id":"596069db4bf5"} + + Json Parameters: + + + + - **config** - the container's configuration + + Query Parameters: + +   + + - **container** – source container + - **repo** – repository + - **tag** – tag + - **m** – commit message + - **author** – author (eg. "John Hannibal Smith + <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>") + + Status Codes: + + - **201** – no error + - **404** – no such container + - **500** – server error + +### Monitor Docker's events + +`GET /events` + +Get events from docker, either in real time via streaming, or +via polling (using since) + + **Example request**: + + GET /events?since=1374067924 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"create","id":"dfdf82bd3881","from":"base:latest","time":1374067924} + {"status":"start","id":"dfdf82bd3881","from":"base:latest","time":1374067924} + {"status":"stop","id":"dfdf82bd3881","from":"base:latest","time":1374067966} + {"status":"destroy","id":"dfdf82bd3881","from":"base:latest","time":1374067970} + + Query Parameters: + +   + + - **since** – timestamp used for polling + - **until** – timestamp used for polling + + Status Codes: + + - **200** – no error + - **500** – server error + +### Get a tarball containing all images and tags in a repository + +`GET /images/(name)/get` + +Get a tarball containing all images and metadata for the repository +specified by `name`. + + **Example request** + + GET /images/ubuntu/get + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/x-tar + + Binary data stream + + Status Codes: + + - **200** – no error + - **500** – server error + +### Load a tarball with a set of images and tags into docker + +`POST /images/load` + +Load a set of images and tags into the docker repository. + + **Example request** + + POST /images/load + + Tarball in body + + **Example response**: + + HTTP/1.1 200 OK + + Status Codes: + + - **200** – no error + - **500** – server error + +# 3. Going further + +## 3.1 Inside `docker run` + +Here are the steps of `docker run`: + +- Create the container + +- If the status code is 404, it means the image doesn't exists: + - Try to pull it + - Then retry to create the container + +- Start the container + +- If you are not in detached mode: + - Attach to the container, using logs=1 (to have stdout and + stderr from the container's start) and stream=1 + +- If in detached mode or only stdin is attached: + - Display the container's id + +## 3.2 Hijacking + +In this version of the API, /attach, uses hijacking to transport stdin, +stdout and stderr on the same socket. This might change in the future. + +## 3.3 CORS Requests + +To enable cross origin requests to the remote api add the flag +"–api-enable-cors" when running docker in daemon mode. + + $ docker -d -H="192.168.1.9:4243" --api-enable-cors diff --git a/docs/sources/reference/api/docker_remote_api_v1.2.md b/docs/sources/reference/api/docker_remote_api_v1.2.md new file mode 100644 index 0000000000..17967eab3d --- /dev/null +++ b/docs/sources/reference/api/docker_remote_api_v1.2.md @@ -0,0 +1,1003 @@ +page_title: Remote API v1.2 +page_description: API Documentation for Docker +page_keywords: API, Docker, rcli, REST, documentation + +# Docker Remote API v1.2 + +# 1. Brief introduction + +- The Remote API is replacing rcli +- Default port in the docker daemon is 4243 +- The API tends to be REST, but for some complex commands, like attach + or pull, the HTTP connection is hijacked to transport stdout stdin + and stderr + +# 2. Endpoints + +## 2.1 Containers + +### List containers + +`GET /containers/json` + +List containers + + **Example request**: + + GET /containers/json?all=1&before=8dfafdbc3a40 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Id": "8dfafdbc3a40", + "Image": "ubuntu:latest", + "Command": "echo 1", + "Created": 1367854155, + "Status": "Exit 0", + "Ports":"", + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "9cd87474be90", + "Image": "ubuntu:latest", + "Command": "echo 222222", + "Created": 1367854155, + "Status": "Exit 0", + "Ports":"", + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "3176a2479c92", + "Image": "centos:latest", + "Command": "echo 3333333333333333", + "Created": 1367854154, + "Status": "Exit 0", + "Ports":"", + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "4cb07b47f9fb", + "Image": "fedora:latest", + "Command": "echo 444444444444444444444444444444444", + "Created": 1367854152, + "Status": "Exit 0", + "Ports":"", + "SizeRw":12288, + "SizeRootFs":0 + } + ] + + Query Parameters: + +   + + - **all** – 1/True/true or 0/False/false, Show all containers. + Only running containers are shown by default + - **limit** – Show `limit` last created + containers, include non-running ones. + - **since** – Show only containers created since Id, include + non-running ones. + - **before** – Show only containers created before Id, include + non-running ones. + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **500** – server error + +### Create a container + +`POST /containers/create` + +Create a container + + **Example request**: + + POST /containers/create HTTP/1.1 + Content-Type: application/json + + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "AttachStdin":false, + "AttachStdout":true, + "AttachStderr":true, + "PortSpecs":null, + "Tty":false, + "OpenStdin":false, + "StdinOnce":false, + "Env":null, + "Cmd":[ + "date" + ], + "Dns":null, + "Image":"ubuntu", + "Volumes":{}, + "VolumesFrom":"" + } + + **Example response**: + + HTTP/1.1 201 OK + Content-Type: application/json + + { + "Id":"e90e34656806" + "Warnings":[] + } + + Json Parameters: + +   + + - **config** – the container's configuration + + Status Codes: + + - **201** – no error + - **404** – no such container + - **406** – impossible to attach (container not running) + - **500** – server error + +### Inspect a container + +`GET /containers/(id)/json` + +Return low-level information on the container `id` + + + **Example request**: + + GET /containers/4fa6e0f0c678/json HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", + "Created": "2013-05-07T14:51:42.041847+02:00", + "Path": "date", + "Args": [], + "Config": { + "Hostname": "4fa6e0f0c678", + "User": "", + "Memory": 0, + "MemorySwap": 0, + "AttachStdin": false, + "AttachStdout": true, + "AttachStderr": true, + "PortSpecs": null, + "Tty": false, + "OpenStdin": false, + "StdinOnce": false, + "Env": null, + "Cmd": [ + "date" + ], + "Dns": null, + "Image": "ubuntu", + "Volumes": {}, + "VolumesFrom": "" + }, + "State": { + "Running": false, + "Pid": 0, + "ExitCode": 0, + "StartedAt": "2013-05-07T14:51:42.087658+02:01360", + "Ghost": false + }, + "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "NetworkSettings": { + "IpAddress": "", + "IpPrefixLen": 0, + "Gateway": "", + "Bridge": "", + "PortMapping": null + }, + "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", + "ResolvConfPath": "/etc/resolv.conf", + "Volumes": {} + } + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Inspect changes on a container's filesystem + +`GET /containers/(id)/changes` + +Inspect changes on container `id`'s filesystem + + **Example request**: + + GET /containers/4fa6e0f0c678/changes HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Path":"/dev", + "Kind":0 + }, + { + "Path":"/dev/kmsg", + "Kind":1 + }, + { + "Path":"/test", + "Kind":1 + } + ] + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Export a container + +`GET /containers/(id)/export` + +Export the contents of container `id` + + **Example request**: + + GET /containers/4fa6e0f0c678/export HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/octet-stream + + {{ STREAM }} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Start a container + +`POST /containers/(id)/start` + +Start the container `id` + + **Example request**: + + POST /containers/e90e34656806/start HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Stop a container + +`POST /containers/(id)/stop` + +Stop the container `id` + + **Example request**: + + POST /containers/e90e34656806/stop?t=5 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **t** – number of seconds to wait before killing the container + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Restart a container + +`POST /containers/(id)/restart` + +Restart the container `id` + + **Example request**: + + POST /containers/e90e34656806/restart?t=5 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **t** – number of seconds to wait before killing the container + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Kill a container + +`POST /containers/(id)/kill` + +Kill the container `id` + + **Example request**: + + POST /containers/e90e34656806/kill HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Attach to a container + +`POST /containers/(id)/attach` + +Attach to the container `id` + + **Example request**: + + POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/vnd.docker.raw-stream + + {{ STREAM }} + + Query Parameters: + +   + + - **logs** – 1/True/true or 0/False/false, return logs. Default + false + - **stream** – 1/True/true or 0/False/false, return stream. + Default false + - **stdin** – 1/True/true or 0/False/false, if stream=true, attach + to stdin. Default false + - **stdout** – 1/True/true or 0/False/false, if logs=true, return + stdout log, if stream=true, attach to stdout. Default false + - **stderr** – 1/True/true or 0/False/false, if logs=true, return + stderr log, if stream=true, attach to stderr. Default false + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **404** – no such container + - **500** – server error + +### Wait a container + +`POST /containers/(id)/wait` + +Block until container `id` stops, then returns the exit code + + **Example request**: + + POST /containers/16253994b7c4/wait HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"StatusCode":0} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Remove a container + +`DELETE /containers/(id)` + +Remove the container `id` from the filesystem + + **Example request**: + + DELETE /containers/16253994b7c4?v=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **v** – 1/True/true or 0/False/false, Remove the volumes + associated to the container. Default false + + Status Codes: + + - **204** – no error + - **400** – bad parameter + - **404** – no such container + - **500** – server error + +## 2.2 Images + +### List Images + +`GET /images/(format)` + +List images `format` could be json or viz (json default) + + **Example request**: + + GET /images/json?all=0 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Repository":"ubuntu", + "Tag":"precise", + "Id":"b750fe79269d", + "Created":1364102658, + "Size":24653, + "VirtualSize":180116135 + }, + { + "Repository":"ubuntu", + "Tag":"12.04", + "Id":"b750fe79269d", + "Created":1364102658, + "Size":24653, + "VirtualSize":180116135 + } + ] + + **Example request**: + + GET /images/viz HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: text/plain + + digraph docker { + "d82cbacda43a" -> "074be284591f" + "1496068ca813" -> "08306dc45919" + "08306dc45919" -> "0e7893146ac2" + "b750fe79269d" -> "1496068ca813" + base -> "27cf78414709" [style=invis] + "f71189fff3de" -> "9a33b36209ed" + "27cf78414709" -> "b750fe79269d" + "0e7893146ac2" -> "d6434d954665" + "d6434d954665" -> "d82cbacda43a" + base -> "e9aa60c60128" [style=invis] + "074be284591f" -> "f71189fff3de" + "b750fe79269d" [label="b750fe79269d\nubuntu",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; + "e9aa60c60128" [label="e9aa60c60128\ncentos",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; + "9a33b36209ed" [label="9a33b36209ed\nfedora",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; + base [style=invisible] + } + + Query Parameters: + +   + + - **all** – 1/True/true or 0/False/false, Show all containers. + Only running containers are shown by default + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **500** – server error + +### Create an image + +`POST /images/create` + +Create an image, either by pull it from the registry or by importing it + + **Example request**: + + POST /images/create?fromImage=ubuntu HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Pulling..."} + {"status":"Pulling", "progress":"1/? (n/a)"} + {"error":"Invalid..."} + ... + + Query Parameters: + +   + + - **fromImage** – name of the image to pull + - **fromSrc** – source to import, - means stdin + - **repo** – repository + - **tag** – tag + - **registry** – the registry to pull from + + Status Codes: + + - **200** – no error + - **500** – server error + +### Insert a file in an image + +`POST /images/(name)/insert` + +Insert a file from `url` in the image `name` at `path` + + **Example request**: + + POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Inserting..."} + {"status":"Inserting", "progress":"1/? (n/a)"} + {"error":"Invalid..."} + ... + + Status Codes: + + - **200** – no error + - **500** – server error + +### Inspect an image + +`GET /images/(name)/json` + +Return low-level information on the image `name` + + **Example request**: + + GET /images/centos/json HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "parent":"27cf784147099545", + "created":"2013-03-23T22:24:18.818426-07:00", + "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", + "container_config": + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "AttachStdin":false, + "AttachStdout":false, + "AttachStderr":false, + "PortSpecs":null, + "Tty":true, + "OpenStdin":true, + "StdinOnce":false, + "Env":null, + "Cmd": ["/bin/bash"] + ,"Dns":null, + "Image":"centos", + "Volumes":null, + "VolumesFrom":"" + }, + "Size": 6824592 + } + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Get the history of an image + +`GET /images/(name)/history` + +Return the history of the image `name` + + **Example request**: + + GET /images/fedora/history HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Id":"b750fe79269d", + "Tag":["ubuntu:latest"], + "Created":1364102658, + "CreatedBy":"/bin/bash" + }, + { + "Id":"27cf78414709", + "Created":1364068391, + "CreatedBy":"" + } + ] + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Push an image on the registry + +`POST /images/(name)/push` + +Push the image `name` on the registry + + > **Example request**: + > + > POST /images/test/push HTTP/1.1 + > {{ authConfig }} + > + > **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Pushing..."} + {"status":"Pushing", "progress":"1/? (n/a)"} + {"error":"Invalid..."} + ... + + Query Parameters: + +   + + - **registry** – the registry you wan to push, optional + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Tag an image into a repository + +`POST /images/(name)/tag` + +Tag the image `name` into a repository + + **Example request**: + + POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 + + **Example response**: + + HTTP/1.1 201 OK + + Query Parameters: + +   + + - **repo** – The repository to tag in + - **force** – 1/True/true or 0/False/false, default false + + Status Codes: + + - **201** – no error + - **400** – bad parameter + - **404** – no such image + - **409** – conflict + - **500** – server error + +### Remove an image + +`DELETE /images/(name)` + +Remove the image `name` from the filesystem + + **Example request**: + + DELETE /images/test HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-type: application/json + + [ + {"Untagged":"3e2f21a89f"}, + {"Deleted":"3e2f21a89f"}, + {"Deleted":"53b4f83ac9"} + ] + + Status Codes: + + - **204** – no error + - **404** – no such image + - **409** – conflict + - **500** – server error + +### Search images + +`GET /images/search` + +Search for an image on [Docker.io](https://index.docker.io) + + **Example request**: + + GET /images/search?term=sshd HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Name":"cespare/sshd", + "Description":"" + }, + { + "Name":"johnfuller/sshd", + "Description":"" + }, + { + "Name":"dhrp/mongodb-sshd", + "Description":"" + } + ] + + :query term: term to search + :statuscode 200: no error + :statuscode 500: server error + +## 2.3 Misc + +### Build an image from Dockerfile via stdin + +`POST /build` + +Build an image from Dockerfile + + **Example request**: + + POST /build HTTP/1.1 + + {{ STREAM }} + + **Example response**: + + HTTP/1.1 200 OK + + {{ STREAM }} + + Query Parameters: + +   + + - **t** – repository name to be applied to the resulting image in + case of success + - **remote** – resource to fetch, as URI + + Status Codes: + + - **200** – no error + - **500** – server error + +{{ STREAM }} is the raw text output of the build command. It uses the +HTTP Hijack method in order to stream. + +### Check auth configuration + +`POST /auth` + +Get the default username and email + + **Example request**: + + POST /auth HTTP/1.1 + Content-Type: application/json + + { + "username":"hannibal", + "password:"xxxx", + "email":"hannibal@a-team.com" + } + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Status": "Login Succeeded" + } + + Status Codes: + + - **200** – no error + - **204** – no error + - **401** – unauthorized + - **403** – forbidden + - **500** – server error + +### Display system-wide information + +`GET /info` + +Display system-wide information + + **Example request**: + + GET /info HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Containers":11, + "Images":16, + "Debug":false, + "NFd": 11, + "NGoroutines":21, + "MemoryLimit":true, + "SwapLimit":false + } + + Status Codes: + + - **200** – no error + - **500** – server error + +### Show the docker version information + +`GET /version` + +Show the docker version information + + **Example request**: + + GET /version HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Version":"0.2.2", + "GitCommit":"5a2a5cc+CHANGES", + "GoVersion":"go1.0.3" + } + + Status Codes: + + - **200** – no error + - **500** – server error + +### Create a new image from a container's changes + +`POST /commit` + +Create a new image from a container's changes + + **Example request**: + + POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 + Content-Type: application/json + + { + "Cmd": ["cat", "/world"], + "PortSpecs":["22"] + } + + **Example response**: + + HTTP/1.1 201 OK + Content-Type: application/vnd.docker.raw-stream + + {"Id":"596069db4bf5"} + + Query Parameters: + +   + + - **container** – source container + - **repo** – repository + - **tag** – tag + - **m** – commit message + - **author** – author (eg. "John Hannibal Smith + <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>") + + Status Codes: + + - **201** – no error + - **404** – no such container + - **500** – server error + +# 3. Going further + +## 3.1 Inside `docker run` + +Here are the steps of `docker run` : + + - Create the container + + - If the status code is 404, it means the image doesn't exists: + - Try to pull it + - Then retry to create the container + + - Start the container + + - If you are not in detached mode: + - Attach to the container, using logs=1 (to have stdout and + stderr from the container's start) and stream=1 + + - If in detached mode or only stdin is attached: + - Display the container's + +## 3.2 Hijacking + +In this version of the API, /attach, uses hijacking to transport stdin, +stdout and stderr on the same socket. This might change in the future. + +## 3.3 CORS Requests + +To enable cross origin requests to the remote api add the flag +"–api-enable-cors" when running docker in daemon mode. + +> docker -d -H="[tcp://192.168.1.9:4243](tcp://192.168.1.9:4243)" +> –api-enable-cors diff --git a/docs/sources/reference/api/docker_remote_api_v1.2.rst b/docs/sources/reference/api/docker_remote_api_v1.2.rst deleted file mode 100644 index 80f76a3de9..0000000000 --- a/docs/sources/reference/api/docker_remote_api_v1.2.rst +++ /dev/null @@ -1,1051 +0,0 @@ -.. use orphan to suppress "WARNING: document isn't included in any toctree" -.. per http://sphinx-doc.org/markup/misc.html#file-wide-metadata - -:orphan: - -:title: Remote API v1.2 -:description: API Documentation for Docker -:keywords: API, Docker, rcli, REST, documentation - -====================== -Docker Remote API v1.2 -====================== - -.. contents:: Table of Contents - -1. Brief introduction -===================== - -- The Remote API is replacing rcli -- Default port in the docker daemon is 4243 -- The API tends to be REST, but for some complex commands, like attach or pull, the HTTP connection is hijacked to transport stdout stdin and stderr - -2. Endpoints -============ - -2.1 Containers --------------- - -List containers -*************** - -.. http:get:: /containers/json - - List containers - - **Example request**: - - .. sourcecode:: http - - GET /containers/json?all=1&before=8dfafdbc3a40 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id": "8dfafdbc3a40", - "Image": "ubuntu:latest", - "Command": "echo 1", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":"", - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "9cd87474be90", - "Image": "ubuntu:latest", - "Command": "echo 222222", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":"", - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "3176a2479c92", - "Image": "centos:latest", - "Command": "echo 3333333333333333", - "Created": 1367854154, - "Status": "Exit 0", - "Ports":"", - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "4cb07b47f9fb", - "Image": "fedora:latest", - "Command": "echo 444444444444444444444444444444444", - "Created": 1367854152, - "Status": "Exit 0", - "Ports":"", - "SizeRw":12288, - "SizeRootFs":0 - } - ] - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :query limit: Show ``limit`` last created containers, include non-running ones. - :query since: Show only containers created since Id, include non-running ones. - :query before: Show only containers created before Id, include non-running ones. - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create a container -****************** - -.. http:post:: /containers/create - - Create a container - - **Example request**: - - .. sourcecode:: http - - POST /containers/create HTTP/1.1 - Content-Type: application/json - - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":true, - "AttachStderr":true, - "PortSpecs":null, - "Tty":false, - "OpenStdin":false, - "StdinOnce":false, - "Env":null, - "Cmd":[ - "date" - ], - "Dns":null, - "Image":"ubuntu", - "Volumes":{}, - "VolumesFrom":"" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/json - - { - "Id":"e90e34656806" - "Warnings":[] - } - - :jsonparam config: the container's configuration - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 406: impossible to attach (container not running) - :statuscode 500: server error - - -Inspect a container -******************* - -.. http:get:: /containers/(id)/json - - Return low-level information on the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", - "Created": "2013-05-07T14:51:42.041847+02:00", - "Path": "date", - "Args": [], - "Config": { - "Hostname": "4fa6e0f0c678", - "User": "", - "Memory": 0, - "MemorySwap": 0, - "AttachStdin": false, - "AttachStdout": true, - "AttachStderr": true, - "PortSpecs": null, - "Tty": false, - "OpenStdin": false, - "StdinOnce": false, - "Env": null, - "Cmd": [ - "date" - ], - "Dns": null, - "Image": "ubuntu", - "Volumes": {}, - "VolumesFrom": "" - }, - "State": { - "Running": false, - "Pid": 0, - "ExitCode": 0, - "StartedAt": "2013-05-07T14:51:42.087658+02:01360", - "Ghost": false - }, - "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "NetworkSettings": { - "IpAddress": "", - "IpPrefixLen": 0, - "Gateway": "", - "Bridge": "", - "PortMapping": null - }, - "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", - "ResolvConfPath": "/etc/resolv.conf", - "Volumes": {} - } - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Inspect changes on a container's filesystem -******************************************* - -.. http:get:: /containers/(id)/changes - - Inspect changes on container ``id`` 's filesystem - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/changes HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Path":"/dev", - "Kind":0 - }, - { - "Path":"/dev/kmsg", - "Kind":1 - }, - { - "Path":"/test", - "Kind":1 - } - ] - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Export a container -****************** - -.. http:get:: /containers/(id)/export - - Export the contents of container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/export HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Start a container -***************** - -.. http:post:: /containers/(id)/start - - Start the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/start HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Stop a container -**************** - -.. http:post:: /containers/(id)/stop - - Stop the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/stop?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Restart a container -******************* - -.. http:post:: /containers/(id)/restart - - Restart the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/restart?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Kill a container -**************** - -.. http:post:: /containers/(id)/kill - - Kill the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/kill HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Attach to a container -********************* - -.. http:post:: /containers/(id)/attach - - Attach to the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/vnd.docker.raw-stream - - {{ STREAM }} - - :query logs: 1/True/true or 0/False/false, return logs. Default false - :query stream: 1/True/true or 0/False/false, return stream. Default false - :query stdin: 1/True/true or 0/False/false, if stream=true, attach to stdin. Default false - :query stdout: 1/True/true or 0/False/false, if logs=true, return stdout log, if stream=true, attach to stdout. Default false - :query stderr: 1/True/true or 0/False/false, if logs=true, return stderr log, if stream=true, attach to stderr. Default false - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -Wait a container -**************** - -.. http:post:: /containers/(id)/wait - - Block until container ``id`` stops, then returns the exit code - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/wait HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"StatusCode":0} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Remove a container -******************* - -.. http:delete:: /containers/(id) - - Remove the container ``id`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /containers/16253994b7c4?v=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query v: 1/True/true or 0/False/false, Remove the volumes associated to the container. Default false - :statuscode 204: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -2.2 Images ----------- - -List Images -*********** - -.. http:get:: /images/(format) - - List images ``format`` could be json or viz (json default) - - **Example request**: - - .. sourcecode:: http - - GET /images/json?all=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Repository":"ubuntu", - "Tag":"precise", - "Id":"b750fe79269d", - "Created":1364102658, - "Size":24653, - "VirtualSize":180116135 - }, - { - "Repository":"ubuntu", - "Tag":"12.04", - "Id":"b750fe79269d", - "Created":1364102658, - "Size":24653, - "VirtualSize":180116135 - } - ] - - - **Example request**: - - .. sourcecode:: http - - GET /images/viz HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: text/plain - - digraph docker { - "d82cbacda43a" -> "074be284591f" - "1496068ca813" -> "08306dc45919" - "08306dc45919" -> "0e7893146ac2" - "b750fe79269d" -> "1496068ca813" - base -> "27cf78414709" [style=invis] - "f71189fff3de" -> "9a33b36209ed" - "27cf78414709" -> "b750fe79269d" - "0e7893146ac2" -> "d6434d954665" - "d6434d954665" -> "d82cbacda43a" - base -> "e9aa60c60128" [style=invis] - "074be284591f" -> "f71189fff3de" - "b750fe79269d" [label="b750fe79269d\nubuntu",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - "e9aa60c60128" [label="e9aa60c60128\ncentos",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - "9a33b36209ed" [label="9a33b36209ed\nfedora",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - base [style=invisible] - } - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create an image -*************** - -.. http:post:: /images/create - - Create an image, either by pull it from the registry or by importing it - - **Example request**: - - .. sourcecode:: http - - POST /images/create?fromImage=ubuntu HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pulling..."} - {"status":"Pulling", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :query fromImage: name of the image to pull - :query fromSrc: source to import, - means stdin - :query repo: repository - :query tag: tag - :query registry: the registry to pull from - :statuscode 200: no error - :statuscode 500: server error - - -Insert a file in an image -************************* - -.. http:post:: /images/(name)/insert - - Insert a file from ``url`` in the image ``name`` at ``path`` - - **Example request**: - - .. sourcecode:: http - - POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Inserting..."} - {"status":"Inserting", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :statuscode 200: no error - :statuscode 500: server error - - -Inspect an image -**************** - -.. http:get:: /images/(name)/json - - Return low-level information on the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/centos/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "parent":"27cf784147099545", - "created":"2013-03-23T22:24:18.818426-07:00", - "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", - "container_config": - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":false, - "AttachStderr":false, - "PortSpecs":null, - "Tty":true, - "OpenStdin":true, - "StdinOnce":false, - "Env":null, - "Cmd": ["/bin/bash"] - ,"Dns":null, - "Image":"centos", - "Volumes":null, - "VolumesFrom":"" - }, - "Size": 6824592 - } - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Get the history of an image -*************************** - -.. http:get:: /images/(name)/history - - Return the history of the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/fedora/history HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id":"b750fe79269d", - "Tag":["ubuntu:latest"], - "Created":1364102658, - "CreatedBy":"/bin/bash" - }, - { - "Id":"27cf78414709", - "Created":1364068391, - "CreatedBy":"" - } - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Push an image on the registry -***************************** - -.. http:post:: /images/(name)/push - - Push the image ``name`` on the registry - - **Example request**: - - .. sourcecode:: http - - POST /images/test/push HTTP/1.1 - {{ authConfig }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pushing..."} - {"status":"Pushing", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :query registry: the registry you wan to push, optional - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Tag an image into a repository -****************************** - -.. http:post:: /images/(name)/tag - - Tag the image ``name`` into a repository - - **Example request**: - - .. sourcecode:: http - - POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - - :query repo: The repository to tag in - :query force: 1/True/true or 0/False/false, default false - :statuscode 201: no error - :statuscode 400: bad parameter - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Remove an image -*************** - -.. http:delete:: /images/(name) - - Remove the image ``name`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /images/test HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-type: application/json - - [ - {"Untagged":"3e2f21a89f"}, - {"Deleted":"3e2f21a89f"}, - {"Deleted":"53b4f83ac9"} - ] - - :statuscode 204: no error - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Search images -************* - -.. http:get:: /images/search - - Search for an image in the docker index - - **Example request**: - - .. sourcecode:: http - - GET /images/search?term=sshd HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Name":"cespare/sshd", - "Description":"" - }, - { - "Name":"johnfuller/sshd", - "Description":"" - }, - { - "Name":"dhrp/mongodb-sshd", - "Description":"" - } - ] - - :query term: term to search - :statuscode 200: no error - :statuscode 500: server error - - -2.3 Misc --------- - -Build an image from Dockerfile via stdin -**************************************** - -.. http:post:: /build - - Build an image from Dockerfile - - **Example request**: - - .. sourcecode:: http - - POST /build HTTP/1.1 - - {{ STREAM }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - {{ STREAM }} - - :query t: repository name to be applied to the resulting image in case of success - :query remote: resource to fetch, as URI - :statuscode 200: no error - :statuscode 500: server error - -{{ STREAM }} is the raw text output of the build command. It uses the HTTP Hijack method in order to stream. - - -Check auth configuration -************************ - -.. http:post:: /auth - - Get the default username and email - - **Example request**: - - .. sourcecode:: http - - POST /auth HTTP/1.1 - Content-Type: application/json - - { - "username":"hannibal", - "password:"xxxx", - "email":"hannibal@a-team.com" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Status": "Login Succeeded" - } - - :statuscode 200: no error - :statuscode 204: no error - :statuscode 401: unauthorized - :statuscode 403: forbidden - :statuscode 500: server error - - -Display system-wide information -******************************* - -.. http:get:: /info - - Display system-wide information - - **Example request**: - - .. sourcecode:: http - - GET /info HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Containers":11, - "Images":16, - "Debug":false, - "NFd": 11, - "NGoroutines":21, - "MemoryLimit":true, - "SwapLimit":false - } - - :statuscode 200: no error - :statuscode 500: server error - - -Show the docker version information -*********************************** - -.. http:get:: /version - - Show the docker version information - - **Example request**: - - .. sourcecode:: http - - GET /version HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Version":"0.2.2", - "GitCommit":"5a2a5cc+CHANGES", - "GoVersion":"go1.0.3" - } - - :statuscode 200: no error - :statuscode 500: server error - - -Create a new image from a container's changes -********************************************* - -.. http:post:: /commit - - Create a new image from a container's changes - - **Example request**: - - .. sourcecode:: http - - POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 - Content-Type: application/json - - { - "Cmd": ["cat", "/world"], - "PortSpecs":["22"] - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/vnd.docker.raw-stream - - {"Id":"596069db4bf5"} - - :query container: source container - :query repo: repository - :query tag: tag - :query m: commit message - :query author: author (eg. "John Hannibal Smith ") - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 500: server error - - -3. Going further -================ - -3.1 Inside 'docker run' ------------------------ - -Here are the steps of 'docker run' : - -* Create the container -* If the status code is 404, it means the image doesn't exists: - * Try to pull it - * Then retry to create the container -* Start the container -* If you are not in detached mode: - * Attach to the container, using logs=1 (to have stdout and stderr from the container's start) and stream=1 -* If in detached mode or only stdin is attached: - * Display the container's id - - -3.2 Hijacking -------------- - -In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. - -3.3 CORS Requests ------------------ - -To enable cross origin requests to the remote api add the flag "--api-enable-cors" when running docker in daemon mode. - - docker -d -H="tcp://192.168.1.9:4243" --api-enable-cors - diff --git a/docs/sources/reference/api/docker_remote_api_v1.3.md b/docs/sources/reference/api/docker_remote_api_v1.3.md new file mode 100644 index 0000000000..9f7bd22e32 --- /dev/null +++ b/docs/sources/reference/api/docker_remote_api_v1.3.md @@ -0,0 +1,1084 @@ +page_title: Remote API v1.3 +page_description: API Documentation for Docker +page_keywords: API, Docker, rcli, REST, documentation + +# Docker Remote API v1.3 + +# 1. Brief introduction + +- The Remote API is replacing rcli +- Default port in the docker daemon is 4243 +- The API tends to be REST, but for some complex commands, like attach + or pull, the HTTP connection is hijacked to transport stdout stdin + and stderr + +# 2. Endpoints + +## 2.1 Containers + +### List containers + +`GET /containers/json` + +List containers + + **Example request**: + + GET /containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Id": "8dfafdbc3a40", + "Image": "ubuntu:latest", + "Command": "echo 1", + "Created": 1367854155, + "Status": "Exit 0", + "Ports":"", + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "9cd87474be90", + "Image": "ubuntu:latest", + "Command": "echo 222222", + "Created": 1367854155, + "Status": "Exit 0", + "Ports":"", + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "3176a2479c92", + "Image": "centos:latest", + "Command": "echo 3333333333333333", + "Created": 1367854154, + "Status": "Exit 0", + "Ports":"", + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "4cb07b47f9fb", + "Image": "fedora:latest", + "Command": "echo 444444444444444444444444444444444", + "Created": 1367854152, + "Status": "Exit 0", + "Ports":"", + "SizeRw":12288, + "SizeRootFs":0 + } + ] + + Query Parameters: + +   + + - **all** – 1/True/true or 0/False/false, Show all containers. + Only running containers are shown by default + - **limit** – Show `limit` last created + containers, include non-running ones. + - **since** – Show only containers created since Id, include + non-running ones. + - **before** – Show only containers created before Id, include + non-running ones. + - **size** – 1/True/true or 0/False/false, Show the containers + sizes + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **500** – server error + +### Create a container + +`POST /containers/create` + +Create a container + + **Example request**: + + POST /containers/create HTTP/1.1 + Content-Type: application/json + + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "AttachStdin":false, + "AttachStdout":true, + "AttachStderr":true, + "PortSpecs":null, + "Tty":false, + "OpenStdin":false, + "StdinOnce":false, + "Env":null, + "Cmd":[ + "date" + ], + "Dns":null, + "Image":"ubuntu", + "Volumes":{}, + "VolumesFrom":"" + } + + **Example response**: + + HTTP/1.1 201 OK + Content-Type: application/json + + { + "Id":"e90e34656806" + "Warnings":[] + } + + Json Parameters: + +   + + - **config** – the container's configuration + + Status Codes: + + - **201** – no error + - **404** – no such container + - **406** – impossible to attach (container not running) + - **500** – server error + +### Inspect a container + +`GET /containers/(id)/json` + +Return low-level information on the container `id` + + + **Example request**: + + GET /containers/4fa6e0f0c678/json HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", + "Created": "2013-05-07T14:51:42.041847+02:00", + "Path": "date", + "Args": [], + "Config": { + "Hostname": "4fa6e0f0c678", + "User": "", + "Memory": 0, + "MemorySwap": 0, + "AttachStdin": false, + "AttachStdout": true, + "AttachStderr": true, + "PortSpecs": null, + "Tty": false, + "OpenStdin": false, + "StdinOnce": false, + "Env": null, + "Cmd": [ + "date" + ], + "Dns": null, + "Image": "ubuntu", + "Volumes": {}, + "VolumesFrom": "" + }, + "State": { + "Running": false, + "Pid": 0, + "ExitCode": 0, + "StartedAt": "2013-05-07T14:51:42.087658+02:01360", + "Ghost": false + }, + "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "NetworkSettings": { + "IpAddress": "", + "IpPrefixLen": 0, + "Gateway": "", + "Bridge": "", + "PortMapping": null + }, + "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", + "ResolvConfPath": "/etc/resolv.conf", + "Volumes": {} + } + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### List processes running inside a container + +`GET /containers/(id)/top` + +List processes running inside the container `id` + + **Example request**: + + GET /containers/4fa6e0f0c678/top HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "PID":"11935", + "Tty":"pts/2", + "Time":"00:00:00", + "Cmd":"sh" + }, + { + "PID":"12140", + "Tty":"pts/2", + "Time":"00:00:00", + "Cmd":"sleep" + } + ] + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Inspect changes on a container's filesystem + +`GET /containers/(id)/changes` + +Inspect changes on container `id`'s filesystem + + **Example request**: + + GET /containers/4fa6e0f0c678/changes HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Path":"/dev", + "Kind":0 + }, + { + "Path":"/dev/kmsg", + "Kind":1 + }, + { + "Path":"/test", + "Kind":1 + } + ] + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Export a container + +`GET /containers/(id)/export` + +Export the contents of container `id` + + **Example request**: + + GET /containers/4fa6e0f0c678/export HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/octet-stream + + {{ STREAM }} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Start a container + +`POST /containers/(id)/start` + +Start the container `id` + + **Example request**: + + POST /containers/(id)/start HTTP/1.1 + Content-Type: application/json + + { + "Binds":["/tmp:/tmp"] + } + + **Example response**: + + HTTP/1.1 204 No Content + Content-Type: text/plain + + Json Parameters: + +   + + - **hostConfig** – the container's host configuration (optional) + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Stop a container + +`POST /containers/(id)/stop` + +Stop the container `id` + + **Example request**: + + POST /containers/e90e34656806/stop?t=5 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **t** – number of seconds to wait before killing the container + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Restart a container + +`POST /containers/(id)/restart` + +Restart the container `id` + + **Example request**: + + POST /containers/e90e34656806/restart?t=5 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **t** – number of seconds to wait before killing the container + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Kill a container + +`POST /containers/(id)/kill` + +Kill the container `id` + + **Example request**: + + POST /containers/e90e34656806/kill HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Attach to a container + +`POST /containers/(id)/attach` + +Attach to the container `id` + + **Example request**: + + POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/vnd.docker.raw-stream + + {{ STREAM }} + + Query Parameters: + +   + + - **logs** – 1/True/true or 0/False/false, return logs. Default + false + - **stream** – 1/True/true or 0/False/false, return stream. + Default false + - **stdin** – 1/True/true or 0/False/false, if stream=true, attach + to stdin. Default false + - **stdout** – 1/True/true or 0/False/false, if logs=true, return + stdout log, if stream=true, attach to stdout. Default false + - **stderr** – 1/True/true or 0/False/false, if logs=true, return + stderr log, if stream=true, attach to stderr. Default false + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **404** – no such container + - **500** – server error + +### Wait a container + +`POST /containers/(id)/wait` + +Block until container `id` stops, then returns the exit code + + **Example request**: + + POST /containers/16253994b7c4/wait HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"StatusCode":0} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Remove a container + +`DELETE /containers/(id)` + +Remove the container `id` from the filesystem + + **Example request**: + + DELETE /containers/16253994b7c4?v=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **v** – 1/True/true or 0/False/false, Remove the volumes + associated to the container. Default false + + Status Codes: + + - **204** – no error + - **400** – bad parameter + - **404** – no such container + - **500** – server error + +## 2.2 Images + +### List Images + +`GET /images/(format)` + +List images `format` could be json or viz (json default) + + **Example request**: + + GET /images/json?all=0 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Repository":"ubuntu", + "Tag":"precise", + "Id":"b750fe79269d", + "Created":1364102658, + "Size":24653, + "VirtualSize":180116135 + }, + { + "Repository":"ubuntu", + "Tag":"12.04", + "Id":"b750fe79269d", + "Created":1364102658, + "Size":24653, + "VirtualSize":180116135 + } + ] + + **Example request**: + + GET /images/viz HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: text/plain + + digraph docker { + "d82cbacda43a" -> "074be284591f" + "1496068ca813" -> "08306dc45919" + "08306dc45919" -> "0e7893146ac2" + "b750fe79269d" -> "1496068ca813" + base -> "27cf78414709" [style=invis] + "f71189fff3de" -> "9a33b36209ed" + "27cf78414709" -> "b750fe79269d" + "0e7893146ac2" -> "d6434d954665" + "d6434d954665" -> "d82cbacda43a" + base -> "e9aa60c60128" [style=invis] + "074be284591f" -> "f71189fff3de" + "b750fe79269d" [label="b750fe79269d\nubuntu",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; + "e9aa60c60128" [label="e9aa60c60128\ncentos",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; + "9a33b36209ed" [label="9a33b36209ed\nfedora",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; + base [style=invisible] + } + + Query Parameters: + +   + + - **all** – 1/True/true or 0/False/false, Show all containers. + Only running containers are shown by default + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **500** – server error + +### Create an image + +`POST /images/create` + +Create an image, either by pull it from the registry or by importing it + + **Example request**: + + POST /images/create?fromImage=ubuntu HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Pulling..."} + {"status":"Pulling", "progress":"1/? (n/a)"} + {"error":"Invalid..."} + ... + + Query Parameters: + +   + + - **fromImage** – name of the image to pull + - **fromSrc** – source to import, - means stdin + - **repo** – repository + - **tag** – tag + - **registry** – the registry to pull from + + Status Codes: + + - **200** – no error + - **500** – server error + +### Insert a file in an image + +`POST /images/(name)/insert` + +Insert a file from `url` in the image `name` at `path` + + **Example request**: + + POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Inserting..."} + {"status":"Inserting", "progress":"1/? (n/a)"} + {"error":"Invalid..."} + ... + + Status Codes: + + - **200** – no error + - **500** – server error + +### Inspect an image + +`GET /images/(name)/json` + +Return low-level information on the image `name` + + **Example request**: + + GET /images/centos/json HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "parent":"27cf784147099545", + "created":"2013-03-23T22:24:18.818426-07:00", + "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", + "container_config": + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "AttachStdin":false, + "AttachStdout":false, + "AttachStderr":false, + "PortSpecs":null, + "Tty":true, + "OpenStdin":true, + "StdinOnce":false, + "Env":null, + "Cmd": ["/bin/bash"] + ,"Dns":null, + "Image":"centos", + "Volumes":null, + "VolumesFrom":"" + }, + "Size": 6824592 + } + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Get the history of an image + +`GET /images/(name)/history` + +Return the history of the image `name` + + **Example request**: + + GET /images/fedora/history HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Id":"b750fe79269d", + "Created":1364102658, + "CreatedBy":"/bin/bash" + }, + { + "Id":"27cf78414709", + "Created":1364068391, + "CreatedBy":"" + } + ] + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Push an image on the registry + +`POST /images/(name)/push` + +Push the image `name` on the registry + + > **Example request**: + > + > POST /images/test/push HTTP/1.1 + > {{ authConfig }} + > + > **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Pushing..."} + {"status":"Pushing", "progress":"1/? (n/a)"} + {"error":"Invalid..."} + ... + + Query Parameters: + +   + + - **registry** – the registry you wan to push, optional + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Tag an image into a repository + +`POST /images/(name)/tag` + +Tag the image `name` into a repository + + **Example request**: + + POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 + + **Example response**: + + HTTP/1.1 201 OK + + Query Parameters: + +   + + - **repo** – The repository to tag in + - **force** – 1/True/true or 0/False/false, default false + + Status Codes: + + - **201** – no error + - **400** – bad parameter + - **404** – no such image + - **409** – conflict + - **500** – server error + +### Remove an image + +`DELETE /images/(name)` + +Remove the image `name` from the filesystem + + **Example request**: + + DELETE /images/test HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-type: application/json + + [ + {"Untagged":"3e2f21a89f"}, + {"Deleted":"3e2f21a89f"}, + {"Deleted":"53b4f83ac9"} + ] + + Status Codes: + + - **200** – no error + - **404** – no such image + - **409** – conflict + - **500** – server error + +### Search images + +`GET /images/search` + +Search for an image on [Docker.io](https://index.docker.io) + + **Example request**: + + GET /images/search?term=sshd HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Name":"cespare/sshd", + "Description":"" + }, + { + "Name":"johnfuller/sshd", + "Description":"" + }, + { + "Name":"dhrp/mongodb-sshd", + "Description":"" + } + ] + + :query term: term to search + :statuscode 200: no error + :statuscode 500: server error + +## 2.3 Misc + +### Build an image from Dockerfile via stdin + +`POST /build` + +Build an image from Dockerfile via stdin + + **Example request**: + + POST /build HTTP/1.1 + + {{ STREAM }} + + **Example response**: + + HTTP/1.1 200 OK + + {{ STREAM }} + + The stream must be a tar archive compressed with one of the + following algorithms: identity (no compression), gzip, bzip2, xz. + The archive must include a file called Dockerfile at its root. It + may include any number of other files, which will be accessible in + the build context (See the ADD build command). + + The Content-type header should be set to "application/tar". + + Query Parameters: + +   + + - **t** – repository name (and optionally a tag) to be applied to + the resulting image in case of success + - **q** – suppress verbose build output + + Status Codes: + + - **200** – no error + - **500** – server error + +### Check auth configuration + +`POST /auth` + +Get the default username and email + + **Example request**: + + POST /auth HTTP/1.1 + Content-Type: application/json + + { + "username":"hannibal", + "password:"xxxx", + "email":"hannibal@a-team.com" + } + + **Example response**: + + HTTP/1.1 200 OK + + Status Codes: + + - **200** – no error + - **204** – no error + - **500** – server error + +### Display system-wide information + +`GET /info` + +Display system-wide information + + **Example request**: + + GET /info HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Containers":11, + "Images":16, + "Debug":false, + "NFd": 11, + "NGoroutines":21, + "MemoryLimit":true, + "SwapLimit":false, + "EventsListeners":"0", + "LXCVersion":"0.7.5", + "KernelVersion":"3.8.0-19-generic" + } + + Status Codes: + + - **200** – no error + - **500** – server error + +### Show the docker version information + +`GET /version` + +Show the docker version information + + **Example request**: + + GET /version HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Version":"0.2.2", + "GitCommit":"5a2a5cc+CHANGES", + "GoVersion":"go1.0.3" + } + + Status Codes: + + - **200** – no error + - **500** – server error + +### Create a new image from a container's changes + +`POST /commit` + +Create a new image from a container's changes + + **Example request**: + + POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 + Content-Type: application/json + + { + "Cmd": ["cat", "/world"], + "PortSpecs":["22"] + } + + **Example response**: + + HTTP/1.1 201 OK + Content-Type: application/vnd.docker.raw-stream + + {"Id":"596069db4bf5"} + + Query Parameters: + +   + + - **container** – source container + - **repo** – repository + - **tag** – tag + - **m** – commit message + - **author** – author (eg. "John Hannibal Smith + <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>") + + Status Codes: + + - **201** – no error + - **404** – no such container + - **500** – server error + +### Monitor Docker's events + +`GET /events` + +Get events from docker, either in real time via streaming, or via +polling (using since) + + **Example request**: + + GET /events?since=1374067924 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"create","id":"dfdf82bd3881","time":1374067924} + {"status":"start","id":"dfdf82bd3881","time":1374067924} + {"status":"stop","id":"dfdf82bd3881","time":1374067966} + {"status":"destroy","id":"dfdf82bd3881","time":1374067970} + + Query Parameters: + +   + + - **since** – timestamp used for polling + + Status Codes: + + - **200** – no error + - **500** – server error + +# 3. Going further + +## 3.1 Inside `docker run` + +Here are the steps of `docker run` : + + - Create the container + + - If the status code is 404, it means the image doesn't exists: + - Try to pull it + - Then retry to create the container + + - Start the container + + - If you are not in detached mode: + - Attach to the container, using logs=1 (to have stdout and + stderr from the container's start) and stream=1 + + - If in detached mode or only stdin is attached: + - Display the container's id + +## 3.2 Hijacking + +In this version of the API, /attach, uses hijacking to transport stdin, +stdout and stderr on the same socket. This might change in the future. + +## 3.3 CORS Requests + +To enable cross origin requests to the remote api add the flag +"–api-enable-cors" when running docker in daemon mode. + +> docker -d -H="192.168.1.9:4243" –api-enable-cors diff --git a/docs/sources/reference/api/docker_remote_api_v1.3.rst b/docs/sources/reference/api/docker_remote_api_v1.3.rst deleted file mode 100644 index 2b17a37a4d..0000000000 --- a/docs/sources/reference/api/docker_remote_api_v1.3.rst +++ /dev/null @@ -1,1130 +0,0 @@ -.. use orphan to suppress "WARNING: document isn't included in any toctree" -.. per http://sphinx-doc.org/markup/misc.html#file-wide-metadata - -:orphan: - -:title: Remote API v1.3 -:description: API Documentation for Docker -:keywords: API, Docker, rcli, REST, documentation - -====================== -Docker Remote API v1.3 -====================== - -.. contents:: Table of Contents - -1. Brief introduction -===================== - -- The Remote API is replacing rcli -- Default port in the docker daemon is 4243 -- The API tends to be REST, but for some complex commands, like attach or pull, the HTTP connection is hijacked to transport stdout stdin and stderr - -2. Endpoints -============ - -2.1 Containers --------------- - -List containers -*************** - -.. http:get:: /containers/json - - List containers - - **Example request**: - - .. sourcecode:: http - - GET /containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id": "8dfafdbc3a40", - "Image": "ubuntu:latest", - "Command": "echo 1", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":"", - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "9cd87474be90", - "Image": "ubuntu:latest", - "Command": "echo 222222", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":"", - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "3176a2479c92", - "Image": "centos:latest", - "Command": "echo 3333333333333333", - "Created": 1367854154, - "Status": "Exit 0", - "Ports":"", - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "4cb07b47f9fb", - "Image": "fedora:latest", - "Command": "echo 444444444444444444444444444444444", - "Created": 1367854152, - "Status": "Exit 0", - "Ports":"", - "SizeRw":12288, - "SizeRootFs":0 - } - ] - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :query limit: Show ``limit`` last created containers, include non-running ones. - :query since: Show only containers created since Id, include non-running ones. - :query before: Show only containers created before Id, include non-running ones. - :query size: 1/True/true or 0/False/false, Show the containers sizes - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create a container -****************** - -.. http:post:: /containers/create - - Create a container - - **Example request**: - - .. sourcecode:: http - - POST /containers/create HTTP/1.1 - Content-Type: application/json - - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":true, - "AttachStderr":true, - "PortSpecs":null, - "Tty":false, - "OpenStdin":false, - "StdinOnce":false, - "Env":null, - "Cmd":[ - "date" - ], - "Dns":null, - "Image":"ubuntu", - "Volumes":{}, - "VolumesFrom":"" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/json - - { - "Id":"e90e34656806" - "Warnings":[] - } - - :jsonparam config: the container's configuration - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 406: impossible to attach (container not running) - :statuscode 500: server error - - -Inspect a container -******************* - -.. http:get:: /containers/(id)/json - - Return low-level information on the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", - "Created": "2013-05-07T14:51:42.041847+02:00", - "Path": "date", - "Args": [], - "Config": { - "Hostname": "4fa6e0f0c678", - "User": "", - "Memory": 0, - "MemorySwap": 0, - "AttachStdin": false, - "AttachStdout": true, - "AttachStderr": true, - "PortSpecs": null, - "Tty": false, - "OpenStdin": false, - "StdinOnce": false, - "Env": null, - "Cmd": [ - "date" - ], - "Dns": null, - "Image": "ubuntu", - "Volumes": {}, - "VolumesFrom": "" - }, - "State": { - "Running": false, - "Pid": 0, - "ExitCode": 0, - "StartedAt": "2013-05-07T14:51:42.087658+02:01360", - "Ghost": false - }, - "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "NetworkSettings": { - "IpAddress": "", - "IpPrefixLen": 0, - "Gateway": "", - "Bridge": "", - "PortMapping": null - }, - "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", - "ResolvConfPath": "/etc/resolv.conf", - "Volumes": {} - } - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -List processes running inside a container -***************************************** - -.. http:get:: /containers/(id)/top - - List processes running inside the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/top HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "PID":"11935", - "Tty":"pts/2", - "Time":"00:00:00", - "Cmd":"sh" - }, - { - "PID":"12140", - "Tty":"pts/2", - "Time":"00:00:00", - "Cmd":"sleep" - } - ] - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Inspect changes on a container's filesystem -******************************************* - -.. http:get:: /containers/(id)/changes - - Inspect changes on container ``id`` 's filesystem - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/changes HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Path":"/dev", - "Kind":0 - }, - { - "Path":"/dev/kmsg", - "Kind":1 - }, - { - "Path":"/test", - "Kind":1 - } - ] - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Export a container -****************** - -.. http:get:: /containers/(id)/export - - Export the contents of container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/export HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Start a container -***************** - -.. http:post:: /containers/(id)/start - - Start the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/(id)/start HTTP/1.1 - Content-Type: application/json - - { - "Binds":["/tmp:/tmp"] - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 No Content - Content-Type: text/plain - - :jsonparam hostConfig: the container's host configuration (optional) - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Stop a container -**************** - -.. http:post:: /containers/(id)/stop - - Stop the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/stop?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Restart a container -******************* - -.. http:post:: /containers/(id)/restart - - Restart the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/restart?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Kill a container -**************** - -.. http:post:: /containers/(id)/kill - - Kill the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/kill HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Attach to a container -********************* - -.. http:post:: /containers/(id)/attach - - Attach to the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/vnd.docker.raw-stream - - {{ STREAM }} - - :query logs: 1/True/true or 0/False/false, return logs. Default false - :query stream: 1/True/true or 0/False/false, return stream. Default false - :query stdin: 1/True/true or 0/False/false, if stream=true, attach to stdin. Default false - :query stdout: 1/True/true or 0/False/false, if logs=true, return stdout log, if stream=true, attach to stdout. Default false - :query stderr: 1/True/true or 0/False/false, if logs=true, return stderr log, if stream=true, attach to stderr. Default false - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -Wait a container -**************** - -.. http:post:: /containers/(id)/wait - - Block until container ``id`` stops, then returns the exit code - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/wait HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"StatusCode":0} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Remove a container -******************* - -.. http:delete:: /containers/(id) - - Remove the container ``id`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /containers/16253994b7c4?v=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query v: 1/True/true or 0/False/false, Remove the volumes associated to the container. Default false - :statuscode 204: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -2.2 Images ----------- - -List Images -*********** - -.. http:get:: /images/(format) - - List images ``format`` could be json or viz (json default) - - **Example request**: - - .. sourcecode:: http - - GET /images/json?all=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Repository":"ubuntu", - "Tag":"precise", - "Id":"b750fe79269d", - "Created":1364102658, - "Size":24653, - "VirtualSize":180116135 - }, - { - "Repository":"ubuntu", - "Tag":"12.04", - "Id":"b750fe79269d", - "Created":1364102658, - "Size":24653, - "VirtualSize":180116135 - } - ] - - - **Example request**: - - .. sourcecode:: http - - GET /images/viz HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: text/plain - - digraph docker { - "d82cbacda43a" -> "074be284591f" - "1496068ca813" -> "08306dc45919" - "08306dc45919" -> "0e7893146ac2" - "b750fe79269d" -> "1496068ca813" - base -> "27cf78414709" [style=invis] - "f71189fff3de" -> "9a33b36209ed" - "27cf78414709" -> "b750fe79269d" - "0e7893146ac2" -> "d6434d954665" - "d6434d954665" -> "d82cbacda43a" - base -> "e9aa60c60128" [style=invis] - "074be284591f" -> "f71189fff3de" - "b750fe79269d" [label="b750fe79269d\nubuntu",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - "e9aa60c60128" [label="e9aa60c60128\ncentos",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - "9a33b36209ed" [label="9a33b36209ed\nfedora",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - base [style=invisible] - } - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create an image -*************** - -.. http:post:: /images/create - - Create an image, either by pull it from the registry or by importing it - - **Example request**: - - .. sourcecode:: http - - POST /images/create?fromImage=ubuntu HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pulling..."} - {"status":"Pulling", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :query fromImage: name of the image to pull - :query fromSrc: source to import, - means stdin - :query repo: repository - :query tag: tag - :query registry: the registry to pull from - :statuscode 200: no error - :statuscode 500: server error - - -Insert a file in an image -************************* - -.. http:post:: /images/(name)/insert - - Insert a file from ``url`` in the image ``name`` at ``path`` - - **Example request**: - - .. sourcecode:: http - - POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Inserting..."} - {"status":"Inserting", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :statuscode 200: no error - :statuscode 500: server error - - -Inspect an image -**************** - -.. http:get:: /images/(name)/json - - Return low-level information on the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/centos/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "parent":"27cf784147099545", - "created":"2013-03-23T22:24:18.818426-07:00", - "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", - "container_config": - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":false, - "AttachStderr":false, - "PortSpecs":null, - "Tty":true, - "OpenStdin":true, - "StdinOnce":false, - "Env":null, - "Cmd": ["/bin/bash"] - ,"Dns":null, - "Image":"centos", - "Volumes":null, - "VolumesFrom":"" - }, - "Size": 6824592 - } - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Get the history of an image -*************************** - -.. http:get:: /images/(name)/history - - Return the history of the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/fedora/history HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id":"b750fe79269d", - "Created":1364102658, - "CreatedBy":"/bin/bash" - }, - { - "Id":"27cf78414709", - "Created":1364068391, - "CreatedBy":"" - } - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Push an image on the registry -***************************** - -.. http:post:: /images/(name)/push - - Push the image ``name`` on the registry - - **Example request**: - - .. sourcecode:: http - - POST /images/test/push HTTP/1.1 - {{ authConfig }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pushing..."} - {"status":"Pushing", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :query registry: the registry you wan to push, optional - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Tag an image into a repository -****************************** - -.. http:post:: /images/(name)/tag - - Tag the image ``name`` into a repository - - **Example request**: - - .. sourcecode:: http - - POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - - :query repo: The repository to tag in - :query force: 1/True/true or 0/False/false, default false - :statuscode 201: no error - :statuscode 400: bad parameter - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Remove an image -*************** - -.. http:delete:: /images/(name) - - Remove the image ``name`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /images/test HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-type: application/json - - [ - {"Untagged":"3e2f21a89f"}, - {"Deleted":"3e2f21a89f"}, - {"Deleted":"53b4f83ac9"} - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Search images -************* - -.. http:get:: /images/search - - Search for an image in the docker index - - **Example request**: - - .. sourcecode:: http - - GET /images/search?term=sshd HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Name":"cespare/sshd", - "Description":"" - }, - { - "Name":"johnfuller/sshd", - "Description":"" - }, - { - "Name":"dhrp/mongodb-sshd", - "Description":"" - } - ] - - :query term: term to search - :statuscode 200: no error - :statuscode 500: server error - - -2.3 Misc --------- - -Build an image from Dockerfile via stdin -**************************************** - -.. http:post:: /build - - Build an image from Dockerfile via stdin - - **Example request**: - - .. sourcecode:: http - - POST /build HTTP/1.1 - - {{ STREAM }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - {{ STREAM }} - - - The stream must be a tar archive compressed with one of the following algorithms: - identity (no compression), gzip, bzip2, xz. The archive must include a file called - `Dockerfile` at its root. It may include any number of other files, which will be - accessible in the build context (See the ADD build command). - - The Content-type header should be set to "application/tar". - - :query t: repository name (and optionally a tag) to be applied to the resulting image in case of success - :query q: suppress verbose build output - :statuscode 200: no error - :statuscode 500: server error - - -Check auth configuration -************************ - -.. http:post:: /auth - - Get the default username and email - - **Example request**: - - .. sourcecode:: http - - POST /auth HTTP/1.1 - Content-Type: application/json - - { - "username":"hannibal", - "password:"xxxx", - "email":"hannibal@a-team.com" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 204: no error - :statuscode 500: server error - - -Display system-wide information -******************************* - -.. http:get:: /info - - Display system-wide information - - **Example request**: - - .. sourcecode:: http - - GET /info HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Containers":11, - "Images":16, - "Debug":false, - "NFd": 11, - "NGoroutines":21, - "MemoryLimit":true, - "SwapLimit":false, - "EventsListeners":"0", - "LXCVersion":"0.7.5", - "KernelVersion":"3.8.0-19-generic" - } - - :statuscode 200: no error - :statuscode 500: server error - - -Show the docker version information -*********************************** - -.. http:get:: /version - - Show the docker version information - - **Example request**: - - .. sourcecode:: http - - GET /version HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Version":"0.2.2", - "GitCommit":"5a2a5cc+CHANGES", - "GoVersion":"go1.0.3" - } - - :statuscode 200: no error - :statuscode 500: server error - - -Create a new image from a container's changes -********************************************* - -.. http:post:: /commit - - Create a new image from a container's changes - - **Example request**: - - .. sourcecode:: http - - POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 - Content-Type: application/json - - { - "Cmd": ["cat", "/world"], - "PortSpecs":["22"] - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/vnd.docker.raw-stream - - {"Id":"596069db4bf5"} - - :query container: source container - :query repo: repository - :query tag: tag - :query m: commit message - :query author: author (eg. "John Hannibal Smith ") - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Monitor Docker's events -*********************** - -.. http:get:: /events - - Get events from docker, either in real time via streaming, or via polling (using `since`) - - **Example request**: - - .. sourcecode:: http - - GET /events?since=1374067924 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"create","id":"dfdf82bd3881","time":1374067924} - {"status":"start","id":"dfdf82bd3881","time":1374067924} - {"status":"stop","id":"dfdf82bd3881","time":1374067966} - {"status":"destroy","id":"dfdf82bd3881","time":1374067970} - - :query since: timestamp used for polling - :statuscode 200: no error - :statuscode 500: server error - - -3. Going further -================ - -3.1 Inside 'docker run' ------------------------ - -Here are the steps of 'docker run' : - -* Create the container -* If the status code is 404, it means the image doesn't exists: - * Try to pull it - * Then retry to create the container -* Start the container -* If you are not in detached mode: - * Attach to the container, using logs=1 (to have stdout and stderr from the container's start) and stream=1 -* If in detached mode or only stdin is attached: - * Display the container's id - - -3.2 Hijacking -------------- - -In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. - -3.3 CORS Requests ------------------ - -To enable cross origin requests to the remote api add the flag "--api-enable-cors" when running docker in daemon mode. - - docker -d -H="192.168.1.9:4243" --api-enable-cors - diff --git a/docs/sources/reference/api/docker_remote_api_v1.4.md b/docs/sources/reference/api/docker_remote_api_v1.4.md new file mode 100644 index 0000000000..2e7e94f7d4 --- /dev/null +++ b/docs/sources/reference/api/docker_remote_api_v1.4.md @@ -0,0 +1,1130 @@ +page_title: Remote API v1.4 +page_description: API Documentation for Docker +page_keywords: API, Docker, rcli, REST, documentation + +# Docker Remote API v1.4 + +# 1. Brief introduction + +- The Remote API is replacing rcli +- Default port in the docker daemon is 4243 +- The API tends to be REST, but for some complex commands, like attach + or pull, the HTTP connection is hijacked to transport stdout stdin + and stderr + +# 2. Endpoints + +## 2.1 Containers + +### List containers + +`GET /containers/json` + +List containers + + **Example request**: + + GET /containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Id": "8dfafdbc3a40", + "Image": "ubuntu:latest", + "Command": "echo 1", + "Created": 1367854155, + "Status": "Exit 0", + "Ports":"", + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "9cd87474be90", + "Image": "ubuntu:latest", + "Command": "echo 222222", + "Created": 1367854155, + "Status": "Exit 0", + "Ports":"", + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "3176a2479c92", + "Image": "centos:latest", + "Command": "echo 3333333333333333", + "Created": 1367854154, + "Status": "Exit 0", + "Ports":"", + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "4cb07b47f9fb", + "Image": "fedora:latest", + "Command": "echo 444444444444444444444444444444444", + "Created": 1367854152, + "Status": "Exit 0", + "Ports":"", + "SizeRw":12288, + "SizeRootFs":0 + } + ] + + Query Parameters: + +   + + - **all** – 1/True/true or 0/False/false, Show all containers. + Only running containers are shown by default + - **limit** – Show `limit` last created + containers, include non-running ones. + - **since** – Show only containers created since Id, include + non-running ones. + - **before** – Show only containers created before Id, include + non-running ones. + - **size** – 1/True/true or 0/False/false, Show the containers + sizes + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **500** – server error + +### Create a container + +`POST /containers/create` + +Create a container + + **Example request**: + + POST /containers/create HTTP/1.1 + Content-Type: application/json + + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "AttachStdin":false, + "AttachStdout":true, + "AttachStderr":true, + "PortSpecs":null, + "Privileged": false, + "Tty":false, + "OpenStdin":false, + "StdinOnce":false, + "Env":null, + "Cmd":[ + "date" + ], + "Dns":null, + "Image":"ubuntu", + "Volumes":{}, + "VolumesFrom":"", + "WorkingDir":"" + + } + + **Example response**: + + HTTP/1.1 201 OK + Content-Type: application/json + + { + "Id":"e90e34656806" + "Warnings":[] + } + + Json Parameters: + +   + + - **config** – the container's configuration + + Status Codes: + + - **201** – no error + - **404** – no such container + - **406** – impossible to attach (container not running) + - **500** – server error + +### Inspect a container + +`GET /containers/(id)/json` + +Return low-level information on the container `id` + + + **Example request**: + + GET /containers/4fa6e0f0c678/json HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", + "Created": "2013-05-07T14:51:42.041847+02:00", + "Path": "date", + "Args": [], + "Config": { + "Hostname": "4fa6e0f0c678", + "User": "", + "Memory": 0, + "MemorySwap": 0, + "AttachStdin": false, + "AttachStdout": true, + "AttachStderr": true, + "PortSpecs": null, + "Tty": false, + "OpenStdin": false, + "StdinOnce": false, + "Env": null, + "Cmd": [ + "date" + ], + "Dns": null, + "Image": "ubuntu", + "Volumes": {}, + "VolumesFrom": "", + "WorkingDir":"" + + }, + "State": { + "Running": false, + "Pid": 0, + "ExitCode": 0, + "StartedAt": "2013-05-07T14:51:42.087658+02:01360", + "Ghost": false + }, + "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "NetworkSettings": { + "IpAddress": "", + "IpPrefixLen": 0, + "Gateway": "", + "Bridge": "", + "PortMapping": null + }, + "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", + "ResolvConfPath": "/etc/resolv.conf", + "Volumes": {} + } + + Status Codes: + + - **200** – no error + - **404** – no such container + - **409** – conflict between containers and images + - **500** – server error + +### List processes running inside a container + +`GET /containers/(id)/top` + +List processes running inside the container `id` + + **Example request**: + + GET /containers/4fa6e0f0c678/top HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Titles":[ + "USER", + "PID", + "%CPU", + "%MEM", + "VSZ", + "RSS", + "TTY", + "STAT", + "START", + "TIME", + "COMMAND" + ], + "Processes":[ + ["root","20147","0.0","0.1","18060","1864","pts/4","S","10:06","0:00","bash"], + ["root","20271","0.0","0.0","4312","352","pts/4","S+","10:07","0:00","sleep","10"] + ] + } + + Query Parameters: + +   + + - **ps_args** – ps arguments to use (eg. aux) + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Inspect changes on a container's filesystem + +`GET /containers/(id)/changes` + +Inspect changes on container `id`'s filesystem + + **Example request**: + + GET /containers/4fa6e0f0c678/changes HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Path":"/dev", + "Kind":0 + }, + { + "Path":"/dev/kmsg", + "Kind":1 + }, + { + "Path":"/test", + "Kind":1 + } + ] + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Export a container + +`GET /containers/(id)/export` + +Export the contents of container `id` + + **Example request**: + + GET /containers/4fa6e0f0c678/export HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/octet-stream + + {{ STREAM }} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Start a container + +`POST /containers/(id)/start` + +Start the container `id` + + **Example request**: + + POST /containers/(id)/start HTTP/1.1 + Content-Type: application/json + + { + "Binds":["/tmp:/tmp"], + "LxcConf":[{"Key":"lxc.utsname","Value":"docker"}] + } + + **Example response**: + + HTTP/1.1 204 No Content + Content-Type: text/plain + + Json Parameters: + +   + + - **hostConfig** – the container's host configuration (optional) + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Stop a container + +`POST /containers/(id)/stop` + +Stop the container `id` + + **Example request**: + + POST /containers/e90e34656806/stop?t=5 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **t** – number of seconds to wait before killing the container + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Restart a container + +`POST /containers/(id)/restart` + +Restart the container `id` + + **Example request**: + + POST /containers/e90e34656806/restart?t=5 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **t** – number of seconds to wait before killing the container + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Kill a container + +`POST /containers/(id)/kill` + +Kill the container `id` + + **Example request**: + + POST /containers/e90e34656806/kill HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Attach to a container + +`POST /containers/(id)/attach` + +Attach to the container `id` + + **Example request**: + + POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/vnd.docker.raw-stream + + {{ STREAM }} + + Query Parameters: + +   + + - **logs** – 1/True/true or 0/False/false, return logs. Default + false + - **stream** – 1/True/true or 0/False/false, return stream. + Default false + - **stdin** – 1/True/true or 0/False/false, if stream=true, attach + to stdin. Default false + - **stdout** – 1/True/true or 0/False/false, if logs=true, return + stdout log, if stream=true, attach to stdout. Default false + - **stderr** – 1/True/true or 0/False/false, if logs=true, return + stderr log, if stream=true, attach to stderr. Default false + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **404** – no such container + - **500** – server error + +### Wait a container + +`POST /containers/(id)/wait` + +Block until container `id` stops, then returns the exit code + + **Example request**: + + POST /containers/16253994b7c4/wait HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"StatusCode":0} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Remove a container + +`DELETE /containers/(id)` + +Remove the container `id` from the filesystem + + **Example request**: + + DELETE /containers/16253994b7c4?v=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **v** – 1/True/true or 0/False/false, Remove the volumes + associated to the container. Default false + + Status Codes: + + - **204** – no error + - **400** – bad parameter + - **404** – no such container + - **500** – server error + +### Copy files or folders from a container + +`POST /containers/(id)/copy` + +Copy files or folders of container `id` + + **Example request**: + + POST /containers/4fa6e0f0c678/copy HTTP/1.1 + Content-Type: application/json + + { + "Resource":"test.txt" + } + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/octet-stream + + {{ STREAM }} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +## 2.2 Images + +### List Images + +`GET /images/(format)` + +List images `format` could be json or viz (json default) + + **Example request**: + + GET /images/json?all=0 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Repository":"ubuntu", + "Tag":"precise", + "Id":"b750fe79269d", + "Created":1364102658, + "Size":24653, + "VirtualSize":180116135 + }, + { + "Repository":"ubuntu", + "Tag":"12.04", + "Id":"b750fe79269d", + "Created":1364102658, + "Size":24653, + "VirtualSize":180116135 + } + ] + + **Example request**: + + GET /images/viz HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: text/plain + + digraph docker { + "d82cbacda43a" -> "074be284591f" + "1496068ca813" -> "08306dc45919" + "08306dc45919" -> "0e7893146ac2" + "b750fe79269d" -> "1496068ca813" + base -> "27cf78414709" [style=invis] + "f71189fff3de" -> "9a33b36209ed" + "27cf78414709" -> "b750fe79269d" + "0e7893146ac2" -> "d6434d954665" + "d6434d954665" -> "d82cbacda43a" + base -> "e9aa60c60128" [style=invis] + "074be284591f" -> "f71189fff3de" + "b750fe79269d" [label="b750fe79269d\nubuntu",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; + "e9aa60c60128" [label="e9aa60c60128\ncentos",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; + "9a33b36209ed" [label="9a33b36209ed\nfedora",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; + base [style=invisible] + } + + Query Parameters: + +   + + - **all** – 1/True/true or 0/False/false, Show all containers. + Only running containers are shown by default + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **500** – server error + +### Create an image + +`POST /images/create` + +Create an image, either by pull it from the registry or by importing it + + **Example request**: + + POST /images/create?fromImage=ubuntu HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Pulling..."} + {"status":"Pulling", "progress":"1/? (n/a)"} + {"error":"Invalid..."} + ... + + Query Parameters: + +   + + - **fromImage** – name of the image to pull + - **fromSrc** – source to import, - means stdin + - **repo** – repository + - **tag** – tag + - **registry** – the registry to pull from + + Status Codes: + + - **200** – no error + - **500** – server error + +### Insert a file in an image + +`POST /images/(name)/insert` + +Insert a file from `url` in the image `name` at `path` + + **Example request**: + + POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Inserting..."} + {"status":"Inserting", "progress":"1/? (n/a)"} + {"error":"Invalid..."} + ... + + Status Codes: + + - **200** – no error + - **500** – server error + +### Inspect an image + +`GET /images/(name)/json` + +Return low-level information on the image `name` + + **Example request**: + + GET /images/centos/json HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "parent":"27cf784147099545", + "created":"2013-03-23T22:24:18.818426-07:00", + "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", + "container_config": + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "AttachStdin":false, + "AttachStdout":false, + "AttachStderr":false, + "PortSpecs":null, + "Tty":true, + "OpenStdin":true, + "StdinOnce":false, + "Env":null, + "Cmd": ["/bin/bash"] + ,"Dns":null, + "Image":"centos", + "Volumes":null, + "VolumesFrom":"", + "WorkingDir":"" + }, + "Size": 6824592 + } + + Status Codes: + + - **200** – no error + - **404** – no such image + - **409** – conflict between containers and images + - **500** – server error + +### Get the history of an image + +`GET /images/(name)/history` + +Return the history of the image `name` + + **Example request**: + + GET /images/fedora/history HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Id":"b750fe79269d", + "Created":1364102658, + "CreatedBy":"/bin/bash" + }, + { + "Id":"27cf78414709", + "Created":1364068391, + "CreatedBy":"" + } + ] + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Push an image on the registry + +`POST /images/(name)/push` + +Push the image `name` on the registry + + **Example request**: + + POST /images/test/push HTTP/1.1 + {{ authConfig }} + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Pushing..."} {"status":"Pushing", "progress":"1/? (n/a)"} + {"error":"Invalid..."} ... + + Query Parameters: + +   + + - **registry** – the registry you wan to push, optional + + Status Codes: + + - **200** – no error :statuscode 404: no such image :statuscode + 500: server error + +### Tag an image into a repository + +`POST /images/(name)/tag` + +Tag the image `name` into a repository + + **Example request**: + + POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 + + **Example response**: + + HTTP/1.1 201 OK + + Query Parameters: + +   + + - **repo** – The repository to tag in + - **force** – 1/True/true or 0/False/false, default false + + Status Codes: + + - **201** – no error + - **400** – bad parameter + - **404** – no such image + - **409** – conflict + - **500** – server error + +### Remove an image + +`DELETE /images/(name)` + +Remove the image `name` from the filesystem + + **Example request**: + + DELETE /images/test HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-type: application/json + + [ + {"Untagged":"3e2f21a89f"}, + {"Deleted":"3e2f21a89f"}, + {"Deleted":"53b4f83ac9"} + ] + + Status Codes: + + - **200** – no error + - **404** – no such image + - **409** – conflict + - **500** – server error + +### Search images + +`GET /images/search` + +Search for an image on [Docker.io](https://index.docker.io) + + **Example request**: + + GET /images/search?term=sshd HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Name":"cespare/sshd", + "Description":"" + }, + { + "Name":"johnfuller/sshd", + "Description":"" + }, + { + "Name":"dhrp/mongodb-sshd", + "Description":"" + } + ] + + :query term: term to search + :statuscode 200: no error + :statuscode 500: server error + +## 2.3 Misc + +### Build an image from Dockerfile via stdin + +`POST /build` + +Build an image from Dockerfile via stdin + + **Example request**: + + POST /build HTTP/1.1 + + {{ STREAM }} + + **Example response**: + + HTTP/1.1 200 OK + + {{ STREAM }} + + The stream must be a tar archive compressed with one of the + following algorithms: identity (no compression), gzip, bzip2, xz. + The archive must include a file called Dockerfile at its root. It + may include any number of other files, which will be accessible in + the build context (See the ADD build command). + + The Content-type header should be set to "application/tar". + + Query Parameters: + +   + + - **t** – repository name (and optionally a tag) to be applied to + the resulting image in case of success + - **q** – suppress verbose build output + - **nocache** – do not use the cache when building the image + + Status Codes: + + - **200** – no error + - **500** – server error + +### Check auth configuration + +`POST /auth` + +Get the default username and email + + **Example request**: + + POST /auth HTTP/1.1 + Content-Type: application/json + + { + "username":"hannibal", + "password:"xxxx", + "email":"hannibal@a-team.com", + "serveraddress":"https://index.docker.io/v1/" + } + + **Example response**: + + HTTP/1.1 200 OK + + Status Codes: + + - **200** – no error + - **204** – no error + - **500** – server error + +### Display system-wide information + +`GET /info` + +Display system-wide information + + **Example request**: + + GET /info HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Containers":11, + "Images":16, + "Debug":false, + "NFd": 11, + "NGoroutines":21, + "MemoryLimit":true, + "SwapLimit":false, + "IPv4Forwarding":true + } + + Status Codes: + + - **200** – no error + - **500** – server error + +### Show the docker version information + +`GET /version` + +Show the docker version information + + + **Example request**: + + GET /version HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Version":"0.2.2", + "GitCommit":"5a2a5cc+CHANGES", + "GoVersion":"go1.0.3" + } + + Status Codes: + + - **200** – no error + - **500** – server error + +### Create a new image from a container's changes + +`POST /commit` + +Create a new image from a container's changes + + **Example request**: + + POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 + Content-Type: application/json + + { + "Cmd": ["cat", "/world"], + "PortSpecs":["22"] + } + + **Example response**: + + HTTP/1.1 201 OK + Content-Type: application/vnd.docker.raw-stream + + {"Id":"596069db4bf5"} + + Query Parameters: + +   + + - **container** – source container + - **repo** – repository + - **tag** – tag + - **m** – commit message + - **author** – author (eg. "John Hannibal Smith + <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>") + + Status Codes: + + - **201** – no error + - **404** – no such container + - **500** – server error + +### Monitor Docker's events + +`GET /events` + +Get events from docker, either in real time via streaming, or via +polling (using since) + + **Example request**: + + GET /events?since=1374067924 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"create","id":"dfdf82bd3881","from":"ubuntu:latest","time":1374067924} + {"status":"start","id":"dfdf82bd3881","from":"ubuntu:latest","time":1374067924} + {"status":"stop","id":"dfdf82bd3881","from":"ubuntu:latest","time":1374067966} + {"status":"destroy","id":"dfdf82bd3881","from":"ubuntu:latest","time":1374067970} + + Query Parameters: + +   + + - **since** – timestamp used for polling + + Status Codes: + + - **200** – no error + - **500** – server error + +# 3. Going further + +## 3.1 Inside `docker run` + +Here are the steps of `docker run` : + + - Create the container + + - If the status code is 404, it means the image doesn't exists: + - Try to pull it + - Then retry to create the container + + - Start the container + + - If you are not in detached mode: + - Attach to the container, using logs=1 (to have stdout and + stderr from the container's start) and stream=1 + + - If in detached mode or only stdin is attached: + - Display the container's id + +## 3.2 Hijacking + +In this version of the API, /attach, uses hijacking to transport stdin, +stdout and stderr on the same socket. This might change in the future. + +## 3.3 CORS Requests + +To enable cross origin requests to the remote api add the flag +"–api-enable-cors" when running docker in daemon mode. + + $ docker -d -H="192.168.1.9:4243" --api-enable-cors diff --git a/docs/sources/reference/api/docker_remote_api_v1.4.rst b/docs/sources/reference/api/docker_remote_api_v1.4.rst deleted file mode 100644 index ff5aaa7a74..0000000000 --- a/docs/sources/reference/api/docker_remote_api_v1.4.rst +++ /dev/null @@ -1,1176 +0,0 @@ -:title: Remote API v1.4 -:description: API Documentation for Docker -:keywords: API, Docker, rcli, REST, documentation - -:orphan: - -====================== -Docker Remote API v1.4 -====================== - -.. contents:: Table of Contents - -1. Brief introduction -===================== - -- The Remote API is replacing rcli -- Default port in the docker daemon is 4243 -- The API tends to be REST, but for some complex commands, like attach or pull, the HTTP connection is hijacked to transport stdout stdin and stderr - -2. Endpoints -============ - -2.1 Containers --------------- - -List containers -*************** - -.. http:get:: /containers/json - - List containers - - **Example request**: - - .. sourcecode:: http - - GET /containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id": "8dfafdbc3a40", - "Image": "ubuntu:latest", - "Command": "echo 1", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":"", - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "9cd87474be90", - "Image": "ubuntu:latest", - "Command": "echo 222222", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":"", - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "3176a2479c92", - "Image": "centos:latest", - "Command": "echo 3333333333333333", - "Created": 1367854154, - "Status": "Exit 0", - "Ports":"", - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "4cb07b47f9fb", - "Image": "fedora:latest", - "Command": "echo 444444444444444444444444444444444", - "Created": 1367854152, - "Status": "Exit 0", - "Ports":"", - "SizeRw":12288, - "SizeRootFs":0 - } - ] - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :query limit: Show ``limit`` last created containers, include non-running ones. - :query since: Show only containers created since Id, include non-running ones. - :query before: Show only containers created before Id, include non-running ones. - :query size: 1/True/true or 0/False/false, Show the containers sizes - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create a container -****************** - -.. http:post:: /containers/create - - Create a container - - **Example request**: - - .. sourcecode:: http - - POST /containers/create HTTP/1.1 - Content-Type: application/json - - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":true, - "AttachStderr":true, - "PortSpecs":null, - "Privileged": false, - "Tty":false, - "OpenStdin":false, - "StdinOnce":false, - "Env":null, - "Cmd":[ - "date" - ], - "Dns":null, - "Image":"ubuntu", - "Volumes":{}, - "VolumesFrom":"", - "WorkingDir":"" - - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/json - - { - "Id":"e90e34656806" - "Warnings":[] - } - - :jsonparam config: the container's configuration - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 406: impossible to attach (container not running) - :statuscode 500: server error - - -Inspect a container -******************* - -.. http:get:: /containers/(id)/json - - Return low-level information on the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", - "Created": "2013-05-07T14:51:42.041847+02:00", - "Path": "date", - "Args": [], - "Config": { - "Hostname": "4fa6e0f0c678", - "User": "", - "Memory": 0, - "MemorySwap": 0, - "AttachStdin": false, - "AttachStdout": true, - "AttachStderr": true, - "PortSpecs": null, - "Tty": false, - "OpenStdin": false, - "StdinOnce": false, - "Env": null, - "Cmd": [ - "date" - ], - "Dns": null, - "Image": "ubuntu", - "Volumes": {}, - "VolumesFrom": "", - "WorkingDir":"" - - }, - "State": { - "Running": false, - "Pid": 0, - "ExitCode": 0, - "StartedAt": "2013-05-07T14:51:42.087658+02:01360", - "Ghost": false - }, - "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "NetworkSettings": { - "IpAddress": "", - "IpPrefixLen": 0, - "Gateway": "", - "Bridge": "", - "PortMapping": null - }, - "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", - "ResolvConfPath": "/etc/resolv.conf", - "Volumes": {} - } - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 409: conflict between containers and images - :statuscode 500: server error - - -List processes running inside a container -***************************************** - -.. http:get:: /containers/(id)/top - - List processes running inside the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/top HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Titles":[ - "USER", - "PID", - "%CPU", - "%MEM", - "VSZ", - "RSS", - "TTY", - "STAT", - "START", - "TIME", - "COMMAND" - ], - "Processes":[ - ["root","20147","0.0","0.1","18060","1864","pts/4","S","10:06","0:00","bash"], - ["root","20271","0.0","0.0","4312","352","pts/4","S+","10:07","0:00","sleep","10"] - ] - } - - :query ps_args: ps arguments to use (eg. aux) - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Inspect changes on a container's filesystem -******************************************* - -.. http:get:: /containers/(id)/changes - - Inspect changes on container ``id`` 's filesystem - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/changes HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Path":"/dev", - "Kind":0 - }, - { - "Path":"/dev/kmsg", - "Kind":1 - }, - { - "Path":"/test", - "Kind":1 - } - ] - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Export a container -****************** - -.. http:get:: /containers/(id)/export - - Export the contents of container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/export HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Start a container -***************** - -.. http:post:: /containers/(id)/start - - Start the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/(id)/start HTTP/1.1 - Content-Type: application/json - - { - "Binds":["/tmp:/tmp"], - "LxcConf":[{"Key":"lxc.utsname","Value":"docker"}] - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 No Content - Content-Type: text/plain - - :jsonparam hostConfig: the container's host configuration (optional) - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Stop a container -**************** - -.. http:post:: /containers/(id)/stop - - Stop the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/stop?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Restart a container -******************* - -.. http:post:: /containers/(id)/restart - - Restart the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/restart?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Kill a container -**************** - -.. http:post:: /containers/(id)/kill - - Kill the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/kill HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Attach to a container -********************* - -.. http:post:: /containers/(id)/attach - - Attach to the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/vnd.docker.raw-stream - - {{ STREAM }} - - :query logs: 1/True/true or 0/False/false, return logs. Default false - :query stream: 1/True/true or 0/False/false, return stream. Default false - :query stdin: 1/True/true or 0/False/false, if stream=true, attach to stdin. Default false - :query stdout: 1/True/true or 0/False/false, if logs=true, return stdout log, if stream=true, attach to stdout. Default false - :query stderr: 1/True/true or 0/False/false, if logs=true, return stderr log, if stream=true, attach to stderr. Default false - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -Wait a container -**************** - -.. http:post:: /containers/(id)/wait - - Block until container ``id`` stops, then returns the exit code - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/wait HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"StatusCode":0} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Remove a container -******************* - -.. http:delete:: /containers/(id) - - Remove the container ``id`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /containers/16253994b7c4?v=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query v: 1/True/true or 0/False/false, Remove the volumes associated to the container. Default false - :statuscode 204: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -Copy files or folders from a container -************************************** - -.. http:post:: /containers/(id)/copy - - Copy files or folders of container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/4fa6e0f0c678/copy HTTP/1.1 - Content-Type: application/json - - { - "Resource":"test.txt" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -2.2 Images ----------- - -List Images -*********** - -.. http:get:: /images/(format) - - List images ``format`` could be json or viz (json default) - - **Example request**: - - .. sourcecode:: http - - GET /images/json?all=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Repository":"ubuntu", - "Tag":"precise", - "Id":"b750fe79269d", - "Created":1364102658, - "Size":24653, - "VirtualSize":180116135 - }, - { - "Repository":"ubuntu", - "Tag":"12.04", - "Id":"b750fe79269d", - "Created":1364102658, - "Size":24653, - "VirtualSize":180116135 - } - ] - - - **Example request**: - - .. sourcecode:: http - - GET /images/viz HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: text/plain - - digraph docker { - "d82cbacda43a" -> "074be284591f" - "1496068ca813" -> "08306dc45919" - "08306dc45919" -> "0e7893146ac2" - "b750fe79269d" -> "1496068ca813" - base -> "27cf78414709" [style=invis] - "f71189fff3de" -> "9a33b36209ed" - "27cf78414709" -> "b750fe79269d" - "0e7893146ac2" -> "d6434d954665" - "d6434d954665" -> "d82cbacda43a" - base -> "e9aa60c60128" [style=invis] - "074be284591f" -> "f71189fff3de" - "b750fe79269d" [label="b750fe79269d\nubuntu",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - "e9aa60c60128" [label="e9aa60c60128\ncentos",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - "9a33b36209ed" [label="9a33b36209ed\nfedora",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - base [style=invisible] - } - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create an image -*************** - -.. http:post:: /images/create - - Create an image, either by pull it from the registry or by importing it - - **Example request**: - - .. sourcecode:: http - - POST /images/create?fromImage=ubuntu HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pulling..."} - {"status":"Pulling", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :query fromImage: name of the image to pull - :query fromSrc: source to import, - means stdin - :query repo: repository - :query tag: tag - :query registry: the registry to pull from - :statuscode 200: no error - :statuscode 500: server error - - -Insert a file in an image -************************* - -.. http:post:: /images/(name)/insert - - Insert a file from ``url`` in the image ``name`` at ``path`` - - **Example request**: - - .. sourcecode:: http - - POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Inserting..."} - {"status":"Inserting", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :statuscode 200: no error - :statuscode 500: server error - - -Inspect an image -**************** - -.. http:get:: /images/(name)/json - - Return low-level information on the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/centos/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "parent":"27cf784147099545", - "created":"2013-03-23T22:24:18.818426-07:00", - "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", - "container_config": - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":false, - "AttachStderr":false, - "PortSpecs":null, - "Tty":true, - "OpenStdin":true, - "StdinOnce":false, - "Env":null, - "Cmd": ["/bin/bash"] - ,"Dns":null, - "Image":"centos", - "Volumes":null, - "VolumesFrom":"", - "WorkingDir":"" - }, - "Size": 6824592 - } - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 409: conflict between containers and images - :statuscode 500: server error - - -Get the history of an image -*************************** - -.. http:get:: /images/(name)/history - - Return the history of the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/fedora/history HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id":"b750fe79269d", - "Created":1364102658, - "CreatedBy":"/bin/bash" - }, - { - "Id":"27cf78414709", - "Created":1364068391, - "CreatedBy":"" - } - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Push an image on the registry -***************************** - -.. http:post:: /images/(name)/push - - Push the image ``name`` on the registry - - **Example request**: - - .. sourcecode:: http - - POST /images/test/push HTTP/1.1 - {{ authConfig }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pushing..."} - {"status":"Pushing", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :query registry: the registry you wan to push, optional - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Tag an image into a repository -****************************** - -.. http:post:: /images/(name)/tag - - Tag the image ``name`` into a repository - - **Example request**: - - .. sourcecode:: http - - POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - - :query repo: The repository to tag in - :query force: 1/True/true or 0/False/false, default false - :statuscode 201: no error - :statuscode 400: bad parameter - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Remove an image -*************** - -.. http:delete:: /images/(name) - - Remove the image ``name`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /images/test HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-type: application/json - - [ - {"Untagged":"3e2f21a89f"}, - {"Deleted":"3e2f21a89f"}, - {"Deleted":"53b4f83ac9"} - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Search images -************* - -.. http:get:: /images/search - - Search for an image in the docker index - - **Example request**: - - .. sourcecode:: http - - GET /images/search?term=sshd HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Name":"cespare/sshd", - "Description":"" - }, - { - "Name":"johnfuller/sshd", - "Description":"" - }, - { - "Name":"dhrp/mongodb-sshd", - "Description":"" - } - ] - - :query term: term to search - :statuscode 200: no error - :statuscode 500: server error - - -2.3 Misc --------- - -Build an image from Dockerfile via stdin -**************************************** - -.. http:post:: /build - - Build an image from Dockerfile via stdin - - **Example request**: - - .. sourcecode:: http - - POST /build HTTP/1.1 - - {{ STREAM }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - {{ STREAM }} - - - The stream must be a tar archive compressed with one of the following algorithms: - identity (no compression), gzip, bzip2, xz. The archive must include a file called - `Dockerfile` at its root. It may include any number of other files, which will be - accessible in the build context (See the ADD build command). - - The Content-type header should be set to "application/tar". - - :query t: repository name (and optionally a tag) to be applied to the resulting image in case of success - :query q: suppress verbose build output - :query nocache: do not use the cache when building the image - :statuscode 200: no error - :statuscode 500: server error - - -Check auth configuration -************************ - -.. http:post:: /auth - - Get the default username and email - - **Example request**: - - .. sourcecode:: http - - POST /auth HTTP/1.1 - Content-Type: application/json - - { - "username":"hannibal", - "password:"xxxx", - "email":"hannibal@a-team.com", - "serveraddress":"https://index.docker.io/v1/" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 204: no error - :statuscode 500: server error - - -Display system-wide information -******************************* - -.. http:get:: /info - - Display system-wide information - - **Example request**: - - .. sourcecode:: http - - GET /info HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Containers":11, - "Images":16, - "Debug":false, - "NFd": 11, - "NGoroutines":21, - "MemoryLimit":true, - "SwapLimit":false, - "IPv4Forwarding":true - } - - :statuscode 200: no error - :statuscode 500: server error - - -Show the docker version information -*********************************** - -.. http:get:: /version - - Show the docker version information - - **Example request**: - - .. sourcecode:: http - - GET /version HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Version":"0.2.2", - "GitCommit":"5a2a5cc+CHANGES", - "GoVersion":"go1.0.3" - } - - :statuscode 200: no error - :statuscode 500: server error - - -Create a new image from a container's changes -********************************************* - -.. http:post:: /commit - - Create a new image from a container's changes - - **Example request**: - - .. sourcecode:: http - - POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 - Content-Type: application/json - - { - "Cmd": ["cat", "/world"], - "PortSpecs":["22"] - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/vnd.docker.raw-stream - - {"Id":"596069db4bf5"} - - :query container: source container - :query repo: repository - :query tag: tag - :query m: commit message - :query author: author (eg. "John Hannibal Smith ") - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Monitor Docker's events -*********************** - -.. http:get:: /events - - Get events from docker, either in real time via streaming, or via polling (using `since`) - - **Example request**: - - .. sourcecode:: http - - GET /events?since=1374067924 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"create","id":"dfdf82bd3881","from":"ubuntu:latest","time":1374067924} - {"status":"start","id":"dfdf82bd3881","from":"ubuntu:latest","time":1374067924} - {"status":"stop","id":"dfdf82bd3881","from":"ubuntu:latest","time":1374067966} - {"status":"destroy","id":"dfdf82bd3881","from":"ubuntu:latest","time":1374067970} - - :query since: timestamp used for polling - :statuscode 200: no error - :statuscode 500: server error - - -3. Going further -================ - -3.1 Inside 'docker run' ------------------------ - -Here are the steps of 'docker run' : - -* Create the container -* If the status code is 404, it means the image doesn't exists: - * Try to pull it - * Then retry to create the container -* Start the container -* If you are not in detached mode: - * Attach to the container, using logs=1 (to have stdout and stderr from the container's start) and stream=1 -* If in detached mode or only stdin is attached: - * Display the container's id - - -3.2 Hijacking -------------- - -In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. - -3.3 CORS Requests ------------------ - -To enable cross origin requests to the remote api add the flag "--api-enable-cors" when running docker in daemon mode. - -.. code-block:: bash - - docker -d -H="192.168.1.9:4243" --api-enable-cors - diff --git a/docs/sources/reference/api/docker_remote_api_v1.5.md b/docs/sources/reference/api/docker_remote_api_v1.5.md new file mode 100644 index 0000000000..08457bfd94 --- /dev/null +++ b/docs/sources/reference/api/docker_remote_api_v1.5.md @@ -0,0 +1,1137 @@ +page_title: Remote API v1.5 +page_description: API Documentation for Docker +page_keywords: API, Docker, rcli, REST, documentation + +# Docker Remote API v1.5 + +# 1. Brief introduction + +- The Remote API is replacing rcli +- Default port in the docker daemon is 4243 +- The API tends to be REST, but for some complex commands, like attach + or pull, the HTTP connection is hijacked to transport stdout stdin + and stderr + +# 2. Endpoints + +## 2.1 Containers + +### List containers + +`GET /containers/json` + +List containers + + **Example request**: + + GET /containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Id": "8dfafdbc3a40", + "Image": "ubuntu:latest", + "Command": "echo 1", + "Created": 1367854155, + "Status": "Exit 0", + "Ports":[{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}], + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "9cd87474be90", + "Image": "ubuntu:latest", + "Command": "echo 222222", + "Created": 1367854155, + "Status": "Exit 0", + "Ports":[], + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "3176a2479c92", + "Image": "centos:latest", + "Command": "echo 3333333333333333", + "Created": 1367854154, + "Status": "Exit 0", + "Ports":[], + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "4cb07b47f9fb", + "Image": "fedora:latest", + "Command": "echo 444444444444444444444444444444444", + "Created": 1367854152, + "Status": "Exit 0", + "Ports":[], + "SizeRw":12288, + "SizeRootFs":0 + } + ] + + Query Parameters: + +   + + - **all** – 1/True/true or 0/False/false, Show all containers. + Only running containers are shown by default + - **limit** – Show `limit` last created + containers, include non-running ones. + - **since** – Show only containers created since Id, include + non-running ones. + - **before** – Show only containers created before Id, include + non-running ones. + - **size** – 1/True/true or 0/False/false, Show the containers + sizes + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **500** – server error + +### Create a container + +`POST /containers/create` + +Create a container + + **Example request**: + + POST /containers/create HTTP/1.1 + Content-Type: application/json + + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "AttachStdin":false, + "AttachStdout":true, + "AttachStderr":true, + "PortSpecs":null, + "Privileged": false, + "Tty":false, + "OpenStdin":false, + "StdinOnce":false, + "Env":null, + "Cmd":[ + "date" + ], + "Dns":null, + "Image":"ubuntu", + "Volumes":{}, + "VolumesFrom":"", + "WorkingDir":"" + } + + **Example response**: + + HTTP/1.1 201 OK + Content-Type: application/json + + { + "Id":"e90e34656806" + "Warnings":[] + } + + Json Parameters: + +   + + - **config** – the container's configuration + + Status Codes: + + - **201** – no error + - **404** – no such container + - **406** – impossible to attach (container not running) + - **500** – server error + +### Inspect a container + +`GET /containers/(id)/json` + +Return low-level information on the container `id` + + + **Example request**: + + GET /containers/4fa6e0f0c678/json HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", + "Created": "2013-05-07T14:51:42.041847+02:00", + "Path": "date", + "Args": [], + "Config": { + "Hostname": "4fa6e0f0c678", + "User": "", + "Memory": 0, + "MemorySwap": 0, + "AttachStdin": false, + "AttachStdout": true, + "AttachStderr": true, + "PortSpecs": null, + "Tty": false, + "OpenStdin": false, + "StdinOnce": false, + "Env": null, + "Cmd": [ + "date" + ], + "Dns": null, + "Image": "ubuntu", + "Volumes": {}, + "VolumesFrom": "", + "WorkingDir":"" + }, + "State": { + "Running": false, + "Pid": 0, + "ExitCode": 0, + "StartedAt": "2013-05-07T14:51:42.087658+02:01360", + "Ghost": false + }, + "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "NetworkSettings": { + "IpAddress": "", + "IpPrefixLen": 0, + "Gateway": "", + "Bridge": "", + "PortMapping": null + }, + "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", + "ResolvConfPath": "/etc/resolv.conf", + "Volumes": {} + } + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### List processes running inside a container + +`GET /containers/(id)/top` + +List processes running inside the container `id` + + **Example request**: + + GET /containers/4fa6e0f0c678/top HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Titles":[ + "USER", + "PID", + "%CPU", + "%MEM", + "VSZ", + "RSS", + "TTY", + "STAT", + "START", + "TIME", + "COMMAND" + ], + "Processes":[ + ["root","20147","0.0","0.1","18060","1864","pts/4","S","10:06","0:00","bash"], + ["root","20271","0.0","0.0","4312","352","pts/4","S+","10:07","0:00","sleep","10"] + ] + } + + Query Parameters: + +   + + - **ps_args** – ps arguments to use (eg. aux) + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Inspect changes on a container's filesystem + +`GET /containers/(id)/changes` + +Inspect changes on container `id`'s filesystem + + **Example request**: + + GET /containers/4fa6e0f0c678/changes HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Path":"/dev", + "Kind":0 + }, + { + "Path":"/dev/kmsg", + "Kind":1 + }, + { + "Path":"/test", + "Kind":1 + } + ] + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Export a container + +`GET /containers/(id)/export` + +Export the contents of container `id` + + **Example request**: + + GET /containers/4fa6e0f0c678/export HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/octet-stream + + {{ STREAM }} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Start a container + +`POST /containers/(id)/start` + +Start the container `id` + + **Example request**: + + POST /containers/(id)/start HTTP/1.1 + Content-Type: application/json + + { + "Binds":["/tmp:/tmp"], + "LxcConf":[{"Key":"lxc.utsname","Value":"docker"}] + } + + **Example response**: + + HTTP/1.1 204 No Content + Content-Type: text/plain + + Json Parameters: + +   + + - **hostConfig** – the container's host configuration (optional) + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Stop a container + +`POST /containers/(id)/stop` + +Stop the container `id` + + **Example request**: + + POST /containers/e90e34656806/stop?t=5 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **t** – number of seconds to wait before killing the container + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Restart a container + +`POST /containers/(id)/restart` + +Restart the container `id` + + **Example request**: + + POST /containers/e90e34656806/restart?t=5 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **t** – number of seconds to wait before killing the container + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Kill a container + +`POST /containers/(id)/kill` + +Kill the container `id` + + **Example request**: + + POST /containers/e90e34656806/kill HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Attach to a container + +`POST /containers/(id)/attach` + +Attach to the container `id` + + **Example request**: + + POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/vnd.docker.raw-stream + + {{ STREAM }} + + Query Parameters: + +   + + - **logs** – 1/True/true or 0/False/false, return logs. Default + false + - **stream** – 1/True/true or 0/False/false, return stream. + Default false + - **stdin** – 1/True/true or 0/False/false, if stream=true, attach + to stdin. Default false + - **stdout** – 1/True/true or 0/False/false, if logs=true, return + stdout log, if stream=true, attach to stdout. Default false + - **stderr** – 1/True/true or 0/False/false, if logs=true, return + stderr log, if stream=true, attach to stderr. Default false + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **404** – no such container + - **500** – server error + +### Wait a container + +`POST /containers/(id)/wait` + +Block until container `id` stops, then returns the exit code + + **Example request**: + + POST /containers/16253994b7c4/wait HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"StatusCode":0} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Remove a container + +`DELETE /containers/(id)` + +Remove the container `id` from the filesystem + + **Example request**: + + DELETE /containers/16253994b7c4?v=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **v** – 1/True/true or 0/False/false, Remove the volumes + associated to the container. Default false + + Status Codes: + + - **204** – no error + - **400** – bad parameter + - **404** – no such container + - **500** – server error + +### Copy files or folders from a container + +`POST /containers/(id)/copy` + +Copy files or folders of container `id` + + **Example request**: + + POST /containers/4fa6e0f0c678/copy HTTP/1.1 + Content-Type: application/json + + { + "Resource":"test.txt" + } + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/octet-stream + + {{ STREAM }} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +## 2.2 Images + +### List Images + +`GET /images/(format)` + +List images `format` could be json or viz (json default) + + **Example request**: + + GET /images/json?all=0 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Repository":"ubuntu", + "Tag":"precise", + "Id":"b750fe79269d", + "Created":1364102658, + "Size":24653, + "VirtualSize":180116135 + }, + { + "Repository":"ubuntu", + "Tag":"12.04", + "Id":"b750fe79269d", + "Created":1364102658, + "Size":24653, + "VirtualSize":180116135 + } + ] + + **Example request**: + + GET /images/viz HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: text/plain + + digraph docker { + "d82cbacda43a" -> "074be284591f" + "1496068ca813" -> "08306dc45919" + "08306dc45919" -> "0e7893146ac2" + "b750fe79269d" -> "1496068ca813" + base -> "27cf78414709" [style=invis] + "f71189fff3de" -> "9a33b36209ed" + "27cf78414709" -> "b750fe79269d" + "0e7893146ac2" -> "d6434d954665" + "d6434d954665" -> "d82cbacda43a" + base -> "e9aa60c60128" [style=invis] + "074be284591f" -> "f71189fff3de" + "b750fe79269d" [label="b750fe79269d\nubuntu",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; + "e9aa60c60128" [label="e9aa60c60128\ncentos",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; + "9a33b36209ed" [label="9a33b36209ed\nfedora",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; + base [style=invisible] + } + + Query Parameters: + +   + + - **all** – 1/True/true or 0/False/false, Show all containers. + Only running containers are shown by default + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **500** – server error + +### Create an image + +`POST /images/create` + +Create an image, either by pull it from the registry or by importing it + + **Example request**: + + POST /images/create?fromImage=ubuntu HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Pulling..."} + {"status":"Pulling", "progress":"1/? (n/a)"} + {"error":"Invalid..."} + ... + + When using this endpoint to pull an image from the registry, the + `X-Registry-Auth` header can be used to include + a base64-encoded AuthConfig object. + + Query Parameters: + +   + + - **fromImage** – name of the image to pull + - **fromSrc** – source to import, - means stdin + - **repo** – repository + - **tag** – tag + - **registry** – the registry to pull from + + Status Codes: + + - **200** – no error + - **500** – server error + +### Insert a file in an image + +`POST /images/(name)/insert` + +Insert a file from `url` in the image `name` at `path` + + **Example request**: + + POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Inserting..."} + {"status":"Inserting", "progress":"1/? (n/a)"} + {"error":"Invalid..."} + ... + + Status Codes: + + - **200** – no error + - **500** – server error + +### Inspect an image + +`GET /images/(name)/json` + +Return low-level information on the image `name` + + **Example request**: + + GET /images/centos/json HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "parent":"27cf784147099545", + "created":"2013-03-23T22:24:18.818426-07:00", + "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", + "container_config": + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "AttachStdin":false, + "AttachStdout":false, + "AttachStderr":false, + "PortSpecs":null, + "Tty":true, + "OpenStdin":true, + "StdinOnce":false, + "Env":null, + "Cmd": ["/bin/bash"] + ,"Dns":null, + "Image":"centos", + "Volumes":null, + "VolumesFrom":"", + "WorkingDir":"" + }, + "Size": 6824592 + } + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Get the history of an image + +`GET /images/(name)/history` + +Return the history of the image `name` + + **Example request**: + + GET /images/fedora/history HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Id":"b750fe79269d", + "Created":1364102658, + "CreatedBy":"/bin/bash" + }, + { + "Id":"27cf78414709", + "Created":1364068391, + "CreatedBy":"" + } + ] + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Push an image on the registry + +`POST /images/(name)/push` + +Push the image `name` on the registry + + **Example request**: + + POST /images/test/push HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Pushing..."} + {"status":"Pushing", "progress":"1/? (n/a)"} + {"error":"Invalid..."} + ... + + The `X-Registry-Auth` header can be used to + include a base64-encoded AuthConfig object. + + Query Parameters: + +   + + - **registry** – the registry you wan to push, optional + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Tag an image into a repository + +`POST /images/(name)/tag` + +Tag the image `name` into a repository + + **Example request**: + + POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 + + **Example response**: + + HTTP/1.1 201 OK + + Query Parameters: + +   + + - **repo** – The repository to tag in + - **force** – 1/True/true or 0/False/false, default false + + Status Codes: + + - **201** – no error + - **400** – bad parameter + - **404** – no such image + - **409** – conflict + - **500** – server error + +### Remove an image + +`DELETE /images/(name)` + +Remove the image `name` from the filesystem + + **Example request**: + + DELETE /images/test HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-type: application/json + + [ + {"Untagged":"3e2f21a89f"}, + {"Deleted":"3e2f21a89f"}, + {"Deleted":"53b4f83ac9"} + ] + + Status Codes: + + - **200** – no error + - **404** – no such image + - **409** – conflict + - **500** – server error + +### Search images + +`GET /images/search` + +Search for an image on [Docker.io](https://index.docker.io) + + **Example request**: + + GET /images/search?term=sshd HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Name":"cespare/sshd", + "Description":"" + }, + { + "Name":"johnfuller/sshd", + "Description":"" + }, + { + "Name":"dhrp/mongodb-sshd", + "Description":"" + } + ] + + Query Parameters: + +   + + - **term** – term to search + + Status Codes: + + - **200** – no error + - **500** – server error + +## 2.3 Misc + +### Build an image from Dockerfile via stdin + +`POST /build` + +Build an image from Dockerfile via stdin + + **Example request**: + + POST /build HTTP/1.1 + + {{ STREAM }} + + **Example response**: + + HTTP/1.1 200 OK + + {{ STREAM }} + + The stream must be a tar archive compressed with one of the + following algorithms: identity (no compression), gzip, bzip2, xz. + The archive must include a file called Dockerfile at its root. It + may include any number of other files, which will be accessible in + the build context (See the ADD build command). + + The Content-type header should be set to "application/tar". + + Query Parameters: + +   + + - **t** – repository name (and optionally a tag) to be applied to + the resulting image in case of success + - **q** – suppress verbose build output + - **nocache** – do not use the cache when building the image + - **rm** – remove intermediate containers after a successful build + + Status Codes: + + - **200** – no error + - **500** – server error + +### Check auth configuration + +`POST /auth` + +Get the default username and email + + **Example request**: + + POST /auth HTTP/1.1 + Content-Type: application/json + + { + "username":"hannibal", + "password:"xxxx", + "email":"hannibal@a-team.com", + "serveraddress":"https://index.docker.io/v1/" + } + + **Example response**: + + HTTP/1.1 200 OK + + Status Codes: + + - **200** – no error + - **204** – no error + - **500** – server error + +### Display system-wide information + +`GET /info` + +Display system-wide information + + **Example request**: + + GET /info HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Containers":11, + "Images":16, + "Debug":false, + "NFd": 11, + "NGoroutines":21, + "MemoryLimit":true, + "SwapLimit":false, + "IPv4Forwarding":true + } + + Status Codes: + + - **200** – no error + - **500** – server error + +### Show the docker version information + +`GET /version` + +Show the docker version information + + **Example request**: + + GET /version HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Version":"0.2.2", + "GitCommit":"5a2a5cc+CHANGES", + "GoVersion":"go1.0.3" + } + + Status Codes: + + - **200** – no error + - **500** – server error + +### Create a new image from a container's changes + +`POST /commit` + +Create a new image from a container's changes + + **Example request**: + + POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 + Content-Type: application/json + + { + "Cmd": ["cat", "/world"], + "PortSpecs":["22"] + } + + **Example response**: + + HTTP/1.1 201 OK + Content-Type: application/vnd.docker.raw-stream + + {"Id":"596069db4bf5"} + + Query Parameters: + +   + + - **container** – source container + - **repo** – repository + - **tag** – tag + - **m** – commit message + - **author** – author (eg. "John Hannibal Smith + <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>") + + Status Codes: + + - **201** – no error + - **404** – no such container + - **500** – server error + +### Monitor Docker's events + +`GET /events` + +Get events from docker, either in real time via streaming, or via +polling (using since) + + **Example request**: + + GET /events?since=1374067924 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"create","id":"dfdf82bd3881","from":"ubuntu:latest","time":1374067924} + {"status":"start","id":"dfdf82bd3881","from":"ubuntu:latest","time":1374067924} + {"status":"stop","id":"dfdf82bd3881","from":"ubuntu:latest","time":1374067966} + {"status":"destroy","id":"dfdf82bd3881","from":"ubuntu:latest","time":1374067970} + + Query Parameters: + +   + + - **since** – timestamp used for polling + + Status Codes: + + - **200** – no error + - **500** – server error + +# 3. Going further + +## 3.1 Inside `docker run` + +Here are the steps of `docker run`: + + - Create the container + - If the status code is 404, it means the image doesn't exists: + Try to pull it - Then retry to create the container + - Start the container + - If you are not in detached mode: + Attach to the container, using logs=1 (to have stdout and stderr + from the container's start) and stream=1 + - If in detached mode or only stdin is attached: + Display the container's id + +## 3.2 Hijacking + +In this version of the API, /attach, uses hijacking to transport stdin, +stdout and stderr on the same socket. This might change in the future. + +## 3.3 CORS Requests + +To enable cross origin requests to the remote api add the flag +"–api-enable-cors" when running docker in daemon mode. + + $ docker -d -H="192.168.1.9:4243" --api-enable-cors diff --git a/docs/sources/reference/api/docker_remote_api_v1.5.rst b/docs/sources/reference/api/docker_remote_api_v1.5.rst deleted file mode 100644 index d4440e4423..0000000000 --- a/docs/sources/reference/api/docker_remote_api_v1.5.rst +++ /dev/null @@ -1,1144 +0,0 @@ -:title: Remote API v1.5 -:description: API Documentation for Docker -:keywords: API, Docker, rcli, REST, documentation - -:orphan: - -====================== -Docker Remote API v1.5 -====================== - -.. contents:: Table of Contents - -1. Brief introduction -===================== - -- The Remote API is replacing rcli -- Default port in the docker daemon is 4243 -- The API tends to be REST, but for some complex commands, like attach or pull, the HTTP connection is hijacked to transport stdout stdin and stderr - -2. Endpoints -============ - -2.1 Containers --------------- - -List containers -*************** - -.. http:get:: /containers/json - - List containers - - **Example request**: - - .. sourcecode:: http - - GET /containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id": "8dfafdbc3a40", - "Image": "ubuntu:latest", - "Command": "echo 1", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":[{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "9cd87474be90", - "Image": "ubuntu:latest", - "Command": "echo 222222", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "3176a2479c92", - "Image": "centos:latest", - "Command": "echo 3333333333333333", - "Created": 1367854154, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "4cb07b47f9fb", - "Image": "fedora:latest", - "Command": "echo 444444444444444444444444444444444", - "Created": 1367854152, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - } - ] - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :query limit: Show ``limit`` last created containers, include non-running ones. - :query since: Show only containers created since Id, include non-running ones. - :query before: Show only containers created before Id, include non-running ones. - :query size: 1/True/true or 0/False/false, Show the containers sizes - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - -Create a container -****************** - -.. http:post:: /containers/create - - Create a container - - **Example request**: - - .. sourcecode:: http - - POST /containers/create HTTP/1.1 - Content-Type: application/json - - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":true, - "AttachStderr":true, - "PortSpecs":null, - "Privileged": false, - "Tty":false, - "OpenStdin":false, - "StdinOnce":false, - "Env":null, - "Cmd":[ - "date" - ], - "Dns":null, - "Image":"ubuntu", - "Volumes":{}, - "VolumesFrom":"", - "WorkingDir":"" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/json - - { - "Id":"e90e34656806" - "Warnings":[] - } - - :jsonparam config: the container's configuration - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 406: impossible to attach (container not running) - :statuscode 500: server error - -Inspect a container -******************* - -.. http:get:: /containers/(id)/json - - Return low-level information on the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", - "Created": "2013-05-07T14:51:42.041847+02:00", - "Path": "date", - "Args": [], - "Config": { - "Hostname": "4fa6e0f0c678", - "User": "", - "Memory": 0, - "MemorySwap": 0, - "AttachStdin": false, - "AttachStdout": true, - "AttachStderr": true, - "PortSpecs": null, - "Tty": false, - "OpenStdin": false, - "StdinOnce": false, - "Env": null, - "Cmd": [ - "date" - ], - "Dns": null, - "Image": "ubuntu", - "Volumes": {}, - "VolumesFrom": "", - "WorkingDir":"" - }, - "State": { - "Running": false, - "Pid": 0, - "ExitCode": 0, - "StartedAt": "2013-05-07T14:51:42.087658+02:01360", - "Ghost": false - }, - "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "NetworkSettings": { - "IpAddress": "", - "IpPrefixLen": 0, - "Gateway": "", - "Bridge": "", - "PortMapping": null - }, - "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", - "ResolvConfPath": "/etc/resolv.conf", - "Volumes": {} - } - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - -List processes running inside a container -***************************************** - -.. http:get:: /containers/(id)/top - - List processes running inside the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/top HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Titles":[ - "USER", - "PID", - "%CPU", - "%MEM", - "VSZ", - "RSS", - "TTY", - "STAT", - "START", - "TIME", - "COMMAND" - ], - "Processes":[ - ["root","20147","0.0","0.1","18060","1864","pts/4","S","10:06","0:00","bash"], - ["root","20271","0.0","0.0","4312","352","pts/4","S+","10:07","0:00","sleep","10"] - ] - } - - :query ps_args: ps arguments to use (eg. aux) - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - -Inspect changes on a container's filesystem -******************************************* - -.. http:get:: /containers/(id)/changes - - Inspect changes on container ``id`` 's filesystem - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/changes HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Path":"/dev", - "Kind":0 - }, - { - "Path":"/dev/kmsg", - "Kind":1 - }, - { - "Path":"/test", - "Kind":1 - } - ] - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - -Export a container -****************** - -.. http:get:: /containers/(id)/export - - Export the contents of container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/export HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - -Start a container -***************** - -.. http:post:: /containers/(id)/start - - Start the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/(id)/start HTTP/1.1 - Content-Type: application/json - - { - "Binds":["/tmp:/tmp"], - "LxcConf":[{"Key":"lxc.utsname","Value":"docker"}] - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 No Content - Content-Type: text/plain - - :jsonparam hostConfig: the container's host configuration (optional) - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - -Stop a container -**************** - -.. http:post:: /containers/(id)/stop - - Stop the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/stop?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - -Restart a container -******************* - -.. http:post:: /containers/(id)/restart - - Restart the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/restart?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - -Kill a container -**************** - -.. http:post:: /containers/(id)/kill - - Kill the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/kill HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - -Attach to a container -********************* - -.. http:post:: /containers/(id)/attach - - Attach to the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/vnd.docker.raw-stream - - {{ STREAM }} - - :query logs: 1/True/true or 0/False/false, return logs. Default false - :query stream: 1/True/true or 0/False/false, return stream. Default false - :query stdin: 1/True/true or 0/False/false, if stream=true, attach to stdin. Default false - :query stdout: 1/True/true or 0/False/false, if logs=true, return stdout log, if stream=true, attach to stdout. Default false - :query stderr: 1/True/true or 0/False/false, if logs=true, return stderr log, if stream=true, attach to stderr. Default false - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - -Wait a container -**************** - -.. http:post:: /containers/(id)/wait - - Block until container ``id`` stops, then returns the exit code - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/wait HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"StatusCode":0} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - -Remove a container -******************* - -.. http:delete:: /containers/(id) - - Remove the container ``id`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /containers/16253994b7c4?v=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query v: 1/True/true or 0/False/false, Remove the volumes associated to the container. Default false - :statuscode 204: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - -Copy files or folders from a container -************************************** - -.. http:post:: /containers/(id)/copy - - Copy files or folders of container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/4fa6e0f0c678/copy HTTP/1.1 - Content-Type: application/json - - { - "Resource":"test.txt" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - -2.2 Images ----------- - -List Images -*********** - -.. http:get:: /images/(format) - - List images ``format`` could be json or viz (json default) - - **Example request**: - - .. sourcecode:: http - - GET /images/json?all=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Repository":"ubuntu", - "Tag":"precise", - "Id":"b750fe79269d", - "Created":1364102658, - "Size":24653, - "VirtualSize":180116135 - }, - { - "Repository":"ubuntu", - "Tag":"12.04", - "Id":"b750fe79269d", - "Created":1364102658, - "Size":24653, - "VirtualSize":180116135 - } - ] - - **Example request**: - - .. sourcecode:: http - - GET /images/viz HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: text/plain - - digraph docker { - "d82cbacda43a" -> "074be284591f" - "1496068ca813" -> "08306dc45919" - "08306dc45919" -> "0e7893146ac2" - "b750fe79269d" -> "1496068ca813" - base -> "27cf78414709" [style=invis] - "f71189fff3de" -> "9a33b36209ed" - "27cf78414709" -> "b750fe79269d" - "0e7893146ac2" -> "d6434d954665" - "d6434d954665" -> "d82cbacda43a" - base -> "e9aa60c60128" [style=invis] - "074be284591f" -> "f71189fff3de" - "b750fe79269d" [label="b750fe79269d\nubuntu",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - "e9aa60c60128" [label="e9aa60c60128\ncentos",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - "9a33b36209ed" [label="9a33b36209ed\nfedora",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - base [style=invisible] - } - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - -Create an image -*************** - -.. http:post:: /images/create - - Create an image, either by pull it from the registry or by importing it - - **Example request**: - - .. sourcecode:: http - - POST /images/create?fromImage=ubuntu HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pulling..."} - {"status":"Pulling", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - When using this endpoint to pull an image from the registry, - the ``X-Registry-Auth`` header can be used to include a - base64-encoded AuthConfig object. - - :query fromImage: name of the image to pull - :query fromSrc: source to import, - means stdin - :query repo: repository - :query tag: tag - :query registry: the registry to pull from - :statuscode 200: no error - :statuscode 500: server error - -Insert a file in an image -************************* - -.. http:post:: /images/(name)/insert - - Insert a file from ``url`` in the image ``name`` at ``path`` - - **Example request**: - - .. sourcecode:: http - - POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Inserting..."} - {"status":"Inserting", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :statuscode 200: no error - :statuscode 500: server error - -Inspect an image -**************** - -.. http:get:: /images/(name)/json - - Return low-level information on the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/centos/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "parent":"27cf784147099545", - "created":"2013-03-23T22:24:18.818426-07:00", - "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", - "container_config": - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":false, - "AttachStderr":false, - "PortSpecs":null, - "Tty":true, - "OpenStdin":true, - "StdinOnce":false, - "Env":null, - "Cmd": ["/bin/bash"] - ,"Dns":null, - "Image":"centos", - "Volumes":null, - "VolumesFrom":"", - "WorkingDir":"" - }, - "Size": 6824592 - } - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - -Get the history of an image -*************************** - -.. http:get:: /images/(name)/history - - Return the history of the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/fedora/history HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id":"b750fe79269d", - "Created":1364102658, - "CreatedBy":"/bin/bash" - }, - { - "Id":"27cf78414709", - "Created":1364068391, - "CreatedBy":"" - } - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - -Push an image on the registry -***************************** - -.. http:post:: /images/(name)/push - - Push the image ``name`` on the registry - - **Example request**: - - .. sourcecode:: http - - POST /images/test/push HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pushing..."} - {"status":"Pushing", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - The ``X-Registry-Auth`` header can be used to include a - base64-encoded AuthConfig object. - - :query registry: the registry you wan to push, optional - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - -Tag an image into a repository -****************************** - -.. http:post:: /images/(name)/tag - - Tag the image ``name`` into a repository - - **Example request**: - - .. sourcecode:: http - - POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - - :query repo: The repository to tag in - :query force: 1/True/true or 0/False/false, default false - :statuscode 201: no error - :statuscode 400: bad parameter - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - -Remove an image -*************** - -.. http:delete:: /images/(name) - - Remove the image ``name`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /images/test HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-type: application/json - - [ - {"Untagged":"3e2f21a89f"}, - {"Deleted":"3e2f21a89f"}, - {"Deleted":"53b4f83ac9"} - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - -Search images -************* - -.. http:get:: /images/search - - Search for an image in the docker index - - **Example request**: - - .. sourcecode:: http - - GET /images/search?term=sshd HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Name":"cespare/sshd", - "Description":"" - }, - { - "Name":"johnfuller/sshd", - "Description":"" - }, - { - "Name":"dhrp/mongodb-sshd", - "Description":"" - } - ] - - :query term: term to search - :statuscode 200: no error - :statuscode 500: server error - -2.3 Misc --------- - -Build an image from Dockerfile via stdin -**************************************** - -.. http:post:: /build - - Build an image from Dockerfile via stdin - - **Example request**: - - .. sourcecode:: http - - POST /build HTTP/1.1 - - {{ STREAM }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - {{ STREAM }} - - The stream must be a tar archive compressed with one of the following algorithms: - identity (no compression), gzip, bzip2, xz. The archive must include a file called - `Dockerfile` at its root. It may include any number of other files, which will be - accessible in the build context (See the ADD build command). - - The Content-type header should be set to "application/tar". - - :query t: repository name (and optionally a tag) to be applied to the resulting image in case of success - :query q: suppress verbose build output - :query nocache: do not use the cache when building the image - :query rm: remove intermediate containers after a successful build - :statuscode 200: no error - :statuscode 500: server error - -Check auth configuration -************************ - -.. http:post:: /auth - - Get the default username and email - - **Example request**: - - .. sourcecode:: http - - POST /auth HTTP/1.1 - Content-Type: application/json - - { - "username":"hannibal", - "password:"xxxx", - "email":"hannibal@a-team.com", - "serveraddress":"https://index.docker.io/v1/" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 204: no error - :statuscode 500: server error - -Display system-wide information -******************************* - -.. http:get:: /info - - Display system-wide information - - **Example request**: - - .. sourcecode:: http - - GET /info HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Containers":11, - "Images":16, - "Debug":false, - "NFd": 11, - "NGoroutines":21, - "MemoryLimit":true, - "SwapLimit":false, - "IPv4Forwarding":true - } - - :statuscode 200: no error - :statuscode 500: server error - -Show the docker version information -*********************************** - -.. http:get:: /version - - Show the docker version information - - **Example request**: - - .. sourcecode:: http - - GET /version HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Version":"0.2.2", - "GitCommit":"5a2a5cc+CHANGES", - "GoVersion":"go1.0.3" - } - - :statuscode 200: no error - :statuscode 500: server error - -Create a new image from a container's changes -********************************************* - -.. http:post:: /commit - - Create a new image from a container's changes - - **Example request**: - - .. sourcecode:: http - - POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 - Content-Type: application/json - - { - "Cmd": ["cat", "/world"], - "PortSpecs":["22"] - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/vnd.docker.raw-stream - - {"Id":"596069db4bf5"} - - :query container: source container - :query repo: repository - :query tag: tag - :query m: commit message - :query author: author (eg. "John Hannibal Smith ") - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 500: server error - -Monitor Docker's events -*********************** - -.. http:get:: /events - - Get events from docker, either in real time via streaming, or via polling (using `since`) - - **Example request**: - - .. sourcecode:: http - - GET /events?since=1374067924 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"create","id":"dfdf82bd3881","from":"ubuntu:latest","time":1374067924} - {"status":"start","id":"dfdf82bd3881","from":"ubuntu:latest","time":1374067924} - {"status":"stop","id":"dfdf82bd3881","from":"ubuntu:latest","time":1374067966} - {"status":"destroy","id":"dfdf82bd3881","from":"ubuntu:latest","time":1374067970} - - :query since: timestamp used for polling - :statuscode 200: no error - :statuscode 500: server error - -3. Going further -================ - -3.1 Inside 'docker run' ------------------------ - -Here are the steps of 'docker run' : - -* Create the container -* If the status code is 404, it means the image doesn't exists: - * Try to pull it - * Then retry to create the container -* Start the container -* If you are not in detached mode: - * Attach to the container, using logs=1 (to have stdout and stderr from the container's start) and stream=1 -* If in detached mode or only stdin is attached: - * Display the container's id - -3.2 Hijacking -------------- - -In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. - -3.3 CORS Requests ------------------ - -To enable cross origin requests to the remote api add the flag "--api-enable-cors" when running docker in daemon mode. - -.. code-block:: bash - - docker -d -H="192.168.1.9:4243" --api-enable-cors diff --git a/docs/sources/reference/api/docker_remote_api_v1.6.md b/docs/sources/reference/api/docker_remote_api_v1.6.md new file mode 100644 index 0000000000..bca09a3a0e --- /dev/null +++ b/docs/sources/reference/api/docker_remote_api_v1.6.md @@ -0,0 +1,1239 @@ +page_title: Remote API v1.6 +page_description: API Documentation for Docker +page_keywords: API, Docker, rcli, REST, documentation + +# Docker Remote API v1.6 + +# 1. Brief introduction + + - The Remote API has replaced rcli + - The daemon listens on `unix:///var/run/docker.sock` but you can + [*Bind Docker to another host/port or a Unix socket*]( + /use/basics/#bind-docker). + - The API tends to be REST, but for some complex commands, like `attach` + or `pull`, the HTTP connection is hijacked to transport `stdout, stdin` + and `stderr` + +# 2. Endpoints + +## 2.1 Containers + +### List containers + +`GET /containers/json` + +List containers + + **Example request**: + + GET /containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Id": "8dfafdbc3a40", + "Image": "base:latest", + "Command": "echo 1", + "Created": 1367854155, + "Status": "Exit 0", + "Ports":[{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}], + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "9cd87474be90", + "Image": "base:latest", + "Command": "echo 222222", + "Created": 1367854155, + "Status": "Exit 0", + "Ports":[], + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "3176a2479c92", + "Image": "base:latest", + "Command": "echo 3333333333333333", + "Created": 1367854154, + "Status": "Exit 0", + "Ports":[], + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "4cb07b47f9fb", + "Image": "base:latest", + "Command": "echo 444444444444444444444444444444444", + "Created": 1367854152, + "Status": "Exit 0", + "Ports":[], + "SizeRw":12288, + "SizeRootFs":0 + } + ] + + Query Parameters: + +   + + - **all** – 1/True/true or 0/False/false, Show all containers. + Only running containers are shown by default + - **limit** – Show `limit` last created + containers, include non-running ones. + - **since** – Show only containers created since Id, include + non-running ones. + - **before** – Show only containers created before Id, include + non-running ones. + - **size** – 1/True/true or 0/False/false, Show the containers + sizes + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **500** – server error + +### Create a container + +`POST /containers/create` + +Create a container + + **Example request**: + + POST /containers/create HTTP/1.1 + Content-Type: application/json + + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "AttachStdin":false, + "AttachStdout":true, + "AttachStderr":true, + "ExposedPorts":{}, + "Tty":false, + "OpenStdin":false, + "StdinOnce":false, + "Env":null, + "Cmd":[ + "date" + ], + "Dns":null, + "Image":"base", + "Volumes":{}, + "VolumesFrom":"", + "WorkingDir":"" + } + + **Example response**: + + HTTP/1.1 201 OK + Content-Type: application/json + + { + "Id":"e90e34656806" + "Warnings":[] + } + + Json Parameters: + +   + + - **config** – the container's configuration + + Query Parameters: + +   + + - **name** – container name to use + + Status Codes: + + - **201** – no error + - **404** – no such container + - **406** – impossible to attach (container not running) + - **500** – server error + + **More Complex Example request, in 2 steps.** **First, use create to + expose a Private Port, which can be bound back to a Public Port at + startup**: + + POST /containers/create HTTP/1.1 + Content-Type: application/json + + { + "Cmd":[ + "/usr/sbin/sshd","-D" + ], + "Image":"image-with-sshd", + "ExposedPorts":{"22/tcp":{}} + } + + **Example response**: + + HTTP/1.1 201 OK + Content-Type: application/json + + { + "Id":"e90e34656806" + "Warnings":[] + } + + **Second, start (using the ID returned above) the image we just + created, mapping the ssh port 22 to something on the host**: + + POST /containers/e90e34656806/start HTTP/1.1 + Content-Type: application/json + + { + "PortBindings": { "22/tcp": [{ "HostPort": "11022" }]} + } + + **Example response**: + + HTTP/1.1 204 No Content + Content-Type: text/plain; charset=utf-8 + Content-Length: 0 + + **Now you can ssh into your new container on port 11022.** + +### Inspect a container + +`GET /containers/(id)/json` + +Return low-level information on the container `id` + + + **Example request**: + + GET /containers/4fa6e0f0c678/json HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", + "Created": "2013-05-07T14:51:42.041847+02:00", + "Path": "date", + "Args": [], + "Config": { + "Hostname": "4fa6e0f0c678", + "User": "", + "Memory": 0, + "MemorySwap": 0, + "AttachStdin": false, + "AttachStdout": true, + "AttachStderr": true, + "ExposedPorts": {}, + "Tty": false, + "OpenStdin": false, + "StdinOnce": false, + "Env": null, + "Cmd": [ + "date" + ], + "Dns": null, + "Image": "base", + "Volumes": {}, + "VolumesFrom": "", + "WorkingDir":"" + + }, + "State": { + "Running": false, + "Pid": 0, + "ExitCode": 0, + "StartedAt": "2013-05-07T14:51:42.087658+02:01360", + "Ghost": false + }, + "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "NetworkSettings": { + "IpAddress": "", + "IpPrefixLen": 0, + "Gateway": "", + "Bridge": "", + "PortMapping": null + }, + "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", + "ResolvConfPath": "/etc/resolv.conf", + "Volumes": {} + } + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### List processes running inside a container + +`GET /containers/(id)/top` + +List processes running inside the container `id` + + **Example request**: + + GET /containers/4fa6e0f0c678/top HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Titles":[ + "USER", + "PID", + "%CPU", + "%MEM", + "VSZ", + "RSS", + "TTY", + "STAT", + "START", + "TIME", + "COMMAND" + ], + "Processes":[ + ["root","20147","0.0","0.1","18060","1864","pts/4","S","10:06","0:00","bash"], + ["root","20271","0.0","0.0","4312","352","pts/4","S+","10:07","0:00","sleep","10"] + ] + } + + Query Parameters: + +   + + - **ps_args** – ps arguments to use (eg. aux) + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Inspect changes on a container's filesystem + +`GET /containers/(id)/changes` + +Inspect changes on container `id`'s filesystem + + **Example request**: + + GET /containers/4fa6e0f0c678/changes HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Path":"/dev", + "Kind":0 + }, + { + "Path":"/dev/kmsg", + "Kind":1 + }, + { + "Path":"/test", + "Kind":1 + } + ] + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Export a container + +`GET /containers/(id)/export` + +Export the contents of container `id` + + **Example request**: + + GET /containers/4fa6e0f0c678/export HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/octet-stream + + {{ STREAM }} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Start a container + +`POST /containers/(id)/start` + +Start the container `id` + + **Example request**: + + POST /containers/(id)/start HTTP/1.1 + Content-Type: application/json + + { + "Binds":["/tmp:/tmp"], + "LxcConf":{"lxc.utsname":"docker"}, + "ContainerIDFile": "", + "Privileged": false, + "PortBindings": {"22/tcp": [{HostIp:"", HostPort:""}]}, + "Links": [], + "PublishAllPorts": false + } + + **Example response**: + + HTTP/1.1 204 No Content + Content-Type: text/plain + + Json Parameters: + +   + + - **hostConfig** – the container's host configuration (optional) + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Stop a container + +`POST /containers/(id)/stop` + +Stop the container `id` + + **Example request**: + + POST /containers/e90e34656806/stop?t=5 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **t** – number of seconds to wait before killing the container + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Restart a container + +`POST /containers/(id)/restart` + +Restart the container `id` + + **Example request**: + + POST /containers/e90e34656806/restart?t=5 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **t** – number of seconds to wait before killing the container + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Kill a container + +`POST /containers/(id)/kill` + +Kill the container `id` + + **Example request**: + + POST /containers/e90e34656806/kill HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **signal** – Signal to send to the container (integer). When not + set, SIGKILL is assumed and the call will waits for the + container to exit. + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Attach to a container + +`POST /containers/(id)/attach` + +Attach to the container `id` + + **Example request**: + + POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/vnd.docker.raw-stream + + {{ STREAM }} + + Query Parameters: + +   + + - **logs** – 1/True/true or 0/False/false, return logs. Default + false + - **stream** – 1/True/true or 0/False/false, return stream. + Default false + - **stdin** – 1/True/true or 0/False/false, if stream=true, attach + to stdin. Default false + - **stdout** – 1/True/true or 0/False/false, if logs=true, return + stdout log, if stream=true, attach to stdout. Default false + - **stderr** – 1/True/true or 0/False/false, if logs=true, return + stderr log, if stream=true, attach to stderr. Default false + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **404** – no such container + - **500** – server error + + **Stream details**: + + When using the TTY setting is enabled in + [`POST /containers/create` + ](/api/docker_remote_api_v1.9/#post--containers-create "POST /containers/create"), + the stream is the raw data from the process PTY and client's stdin. + When the TTY is disabled, then the stream is multiplexed to separate + stdout and stderr. + + The format is a **Header** and a **Payload** (frame). + + **HEADER** + + The header will contain the information on which stream write the + stream (stdout or stderr). It also contain the size of the + associated frame encoded on the last 4 bytes (uint32). + + It is encoded on the first 8 bytes like this: + + header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4} + + `STREAM_TYPE` can be: + + - 0: stdin (will be writen on stdout) + - 1: stdout + - 2: stderr + + `SIZE1, SIZE2, SIZE3, SIZE4` are the 4 bytes of + the uint32 size encoded as big endian. + + **PAYLOAD** + + The payload is the raw stream. + + **IMPLEMENTATION** + + The simplest way to implement the Attach protocol is the following: + + 1. Read 8 bytes + 2. chose stdout or stderr depending on the first byte + 3. Extract the frame size from the last 4 byets + 4. Read the extracted size and output it on the correct output + 5. Goto 1) + +### Wait a container + +`POST /containers/(id)/wait` + +Block until container `id` stops, then returns the exit code + + **Example request**: + + POST /containers/16253994b7c4/wait HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"StatusCode":0} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Remove a container + +`DELETE /containers/(id)` + +Remove the container `id` from the filesystem + + **Example request**: + + DELETE /containers/16253994b7c4?v=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **v** – 1/True/true or 0/False/false, Remove the volumes + associated to the container. Default false + + Status Codes: + + - **204** – no error + - **400** – bad parameter + - **404** – no such container + - **500** – server error + +### Copy files or folders from a container + +`POST /containers/(id)/copy` + +Copy files or folders of container `id` + + **Example request**: + + POST /containers/4fa6e0f0c678/copy HTTP/1.1 + Content-Type: application/json + + { + "Resource":"test.txt" + } + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/octet-stream + + {{ STREAM }} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +## 2.2 Images + +### List Images + +`GET /images/(format)` + +List images `format` could be json or viz (json default) + + **Example request**: + + GET /images/json?all=0 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Repository":"base", + "Tag":"ubuntu-12.10", + "Id":"b750fe79269d", + "Created":1364102658, + "Size":24653, + "VirtualSize":180116135 + }, + { + "Repository":"base", + "Tag":"ubuntu-quantal", + "Id":"b750fe79269d", + "Created":1364102658, + "Size":24653, + "VirtualSize":180116135 + } + ] + + **Example request**: + + GET /images/viz HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: text/plain + + digraph docker { + "d82cbacda43a" -> "074be284591f" + "1496068ca813" -> "08306dc45919" + "08306dc45919" -> "0e7893146ac2" + "b750fe79269d" -> "1496068ca813" + base -> "27cf78414709" [style=invis] + "f71189fff3de" -> "9a33b36209ed" + "27cf78414709" -> "b750fe79269d" + "0e7893146ac2" -> "d6434d954665" + "d6434d954665" -> "d82cbacda43a" + base -> "e9aa60c60128" [style=invis] + "074be284591f" -> "f71189fff3de" + "b750fe79269d" [label="b750fe79269d\nbase",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; + "e9aa60c60128" [label="e9aa60c60128\nbase2",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; + "9a33b36209ed" [label="9a33b36209ed\ntest",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; + base [style=invisible] + } + + Query Parameters: + +   + + - **all** – 1/True/true or 0/False/false, Show all containers. + Only running containers are shown by default + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **500** – server error + +### Create an image + +`POST /images/create` + +Create an image, either by pull it from the registry or by importing it + + **Example request**: + + POST /images/create?fromImage=base HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Pulling..."} + {"status":"Pulling", "progress":"1/? (n/a)"} + {"error":"Invalid..."} + ... + + When using this endpoint to pull an image from the registry, the + `X-Registry-Auth` header can be used to include + a base64-encoded AuthConfig object. + + Query Parameters: + +   + + - **fromImage** – name of the image to pull + - **fromSrc** – source to import, - means stdin + - **repo** – repository + - **tag** – tag + - **registry** – the registry to pull from + + Status Codes: + + - **200** – no error + - **500** – server error + +### Insert a file in an image + +`POST /images/(name)/insert` + +Insert a file from `url` in the image `name` at `path` + + **Example request**: + + POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Inserting..."} + {"status":"Inserting", "progress":"1/? (n/a)"} + {"error":"Invalid..."} + ... + + Status Codes: + + - **200** – no error + - **500** – server error + +### Inspect an image + +`GET /images/(name)/json` + +Return low-level information on the image `name` + + **Example request**: + + GET /images/base/json HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "parent":"27cf784147099545", + "created":"2013-03-23T22:24:18.818426-07:00", + "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", + "container_config": + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "AttachStdin":false, + "AttachStdout":false, + "AttachStderr":false, + "ExposedPorts":{}, + "Tty":true, + "OpenStdin":true, + "StdinOnce":false, + "Env":null, + "Cmd": ["/bin/bash"] + ,"Dns":null, + "Image":"base", + "Volumes":null, + "VolumesFrom":"", + "WorkingDir":"" + }, + "Size": 6824592 + } + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Get the history of an image + +`GET /images/(name)/history` + +Return the history of the image `name` + + **Example request**: + + GET /images/base/history HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Id":"b750fe79269d", + "Created":1364102658, + "CreatedBy":"/bin/bash" + }, + { + "Id":"27cf78414709", + "Created":1364068391, + "CreatedBy":"" + } + ] + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Push an image on the registry + +`POST /images/(name)/push` + +Push the image `name` on the registry + + **Example request**: + + POST /images/test/push HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Pushing..."} {"status":"Pushing", "progress":"1/? (n/a)"} + {"error":"Invalid..."} ... + + > The `X-Registry-Auth` header can be used to + > include a base64-encoded AuthConfig object. + + Query Parameters: + +   + + - **registry** – the registry you wan to push, optional + + Status Codes: + + - **200** – no error :statuscode 404: no such image :statuscode + 500: server error + +### Tag an image into a repository + +`POST /images/(name)/tag` + +Tag the image `name` into a repository + + **Example request**: + + POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 + + **Example response**: + + HTTP/1.1 201 OK + + Query Parameters: + +   + + - **repo** – The repository to tag in + - **force** – 1/True/true or 0/False/false, default false + + Status Codes: + + - **201** – no error + - **400** – bad parameter + - **404** – no such image + - **409** – conflict + - **500** – server error + +### Remove an image + +`DELETE /images/(name)` + +Remove the image `name` from the filesystem + + **Example request**: + + DELETE /images/test HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-type: application/json + + [ + {"Untagged":"3e2f21a89f"}, + {"Deleted":"3e2f21a89f"}, + {"Deleted":"53b4f83ac9"} + ] + + Status Codes: + + - **200** – no error + - **404** – no such image + - **409** – conflict + - **500** – server error + +### Search images + +`GET /images/search` + +Search for an image on [Docker.io](https://index.docker.io) + + **Example request**: + + GET /images/search?term=sshd HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Name":"cespare/sshd", + "Description":"" + }, + { + "Name":"johnfuller/sshd", + "Description":"" + }, + { + "Name":"dhrp/mongodb-sshd", + "Description":"" + } + ] + + :query term: term to search + :statuscode 200: no error + :statuscode 500: server error + +## 2.3 Misc + +### Build an image from Dockerfile via stdin + +`POST /build` + +Build an image from Dockerfile via stdin + + **Example request**: + + POST /build HTTP/1.1 + + {{ STREAM }} + + **Example response**: + + HTTP/1.1 200 OK + + {{ STREAM }} + + The stream must be a tar archive compressed with one of the + following algorithms: identity (no compression), gzip, bzip2, xz. + The archive must include a file called Dockerfile at its root. It + may include any number of other files, which will be accessible in + the build context (See the ADD build command). + + The Content-type header should be set to "application/tar". + + Query Parameters: + +   + + - **t** – repository name (and optionally a tag) to be applied to + the resulting image in case of success + - **q** – suppress verbose build output + - **nocache** – do not use the cache when building the image + + Status Codes: + + - **200** – no error + - **500** – server error + +### Check auth configuration + +`POST /auth` + +Get the default username and email + + **Example request**: + + POST /auth HTTP/1.1 + Content-Type: application/json + + { + "username":"hannibal", + "password:"xxxx", + "email":"hannibal@a-team.com", + "serveraddress":"https://index.docker.io/v1/" + } + + **Example response**: + + HTTP/1.1 200 OK + + Status Codes: + + - **200** – no error + - **204** – no error + - **500** – server error + +### Display system-wide information + +`GET /info` + +Display system-wide information + + **Example request**: + + GET /info HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Containers":11, + "Images":16, + "Debug":false, + "NFd": 11, + "NGoroutines":21, + "MemoryLimit":true, + "SwapLimit":false, + "IPv4Forwarding":true + } + + Status Codes: + + - **200** – no error + - **500** – server error + +### Show the docker version information + +`GET /version` + +Show the docker version information + + **Example request**: + + GET /version HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Version":"0.2.2", + "GitCommit":"5a2a5cc+CHANGES", + "GoVersion":"go1.0.3" + } + + Status Codes: + + - **200** – no error + - **500** – server error + +### Create a new image from a container's changes + +`POST /commit` + +Create a new image from a container's changes + + **Example request**: + + POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 + Content-Type: application/json + + { + "Cmd": ["cat", "/world"], + "ExposedPorts":{"22/tcp":{}} + } + + **Example response**: + + HTTP/1.1 201 OK + Content-Type: application/vnd.docker.raw-stream + + {"Id":"596069db4bf5"} + + Query Parameters: + +   + + - **container** – source container + - **repo** – repository + - **tag** – tag + - **m** – commit message + - **author** – author (eg. "John Hannibal Smith + <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>") + + Status Codes: + + - **201** – no error + - **404** – no such container + - **500** – server error + +### Monitor Docker's events + +`GET /events` + +Get events from docker, either in real time via streaming, or via +polling (using since) + + **Example request**: + + GET /events?since=1374067924 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"create","id":"dfdf82bd3881","from":"base:latest","time":1374067924} + {"status":"start","id":"dfdf82bd3881","from":"base:latest","time":1374067924} + {"status":"stop","id":"dfdf82bd3881","from":"base:latest","time":1374067966} + {"status":"destroy","id":"dfdf82bd3881","from":"base:latest","time":1374067970} + + Query Parameters: + +   + + - **since** – timestamp used for polling + + Status Codes: + + - **200** – no error + - **500** – server error + +# 3. Going further + +## 3.1 Inside `docker run` + +Here are the steps of `docker run` : + +- Create the container + +- If the status code is 404, it means the image doesn't exists: + - Try to pull it + - Then retry to create the container + +- Start the container + +- If you are not in detached mode: + - Attach to the container, using logs=1 (to have stdout and + stderr from the container's start) and stream=1 + +- If in detached mode or only stdin is attached: + - Display the container's id + +## 3.2 Hijacking + +In this version of the API, /attach, uses hijacking to transport stdin, +stdout and stderr on the same socket. This might change in the future. + +## 3.3 CORS Requests + +To enable cross origin requests to the remote api add the flag +"–api-enable-cors" when running docker in daemon mode. + + $ docker -d -H="192.168.1.9:4243" --api-enable-cors diff --git a/docs/sources/reference/api/docker_remote_api_v1.6.rst b/docs/sources/reference/api/docker_remote_api_v1.6.rst deleted file mode 100644 index cfc37084b8..0000000000 --- a/docs/sources/reference/api/docker_remote_api_v1.6.rst +++ /dev/null @@ -1,1282 +0,0 @@ -:title: Remote API v1.6 -:description: API Documentation for Docker -:keywords: API, Docker, rcli, REST, documentation - -:orphan: - -====================== -Docker Remote API v1.6 -====================== - -.. contents:: Table of Contents - -1. Brief introduction -===================== - -- The Remote API has replaced rcli -- The daemon listens on ``unix:///var/run/docker.sock``, but you can - :ref:`bind_docker`. -- The API tends to be REST, but for some complex commands, like - ``attach`` or ``pull``, the HTTP connection is hijacked to transport - ``stdout, stdin`` and ``stderr`` - -2. Endpoints -============ - -2.1 Containers --------------- - -List containers -*************** - -.. http:get:: /containers/json - - List containers - - **Example request**: - - .. sourcecode:: http - - GET /containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id": "8dfafdbc3a40", - "Image": "base:latest", - "Command": "echo 1", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":[{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "9cd87474be90", - "Image": "base:latest", - "Command": "echo 222222", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "3176a2479c92", - "Image": "base:latest", - "Command": "echo 3333333333333333", - "Created": 1367854154, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "4cb07b47f9fb", - "Image": "base:latest", - "Command": "echo 444444444444444444444444444444444", - "Created": 1367854152, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - } - ] - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :query limit: Show ``limit`` last created containers, include non-running ones. - :query since: Show only containers created since Id, include non-running ones. - :query before: Show only containers created before Id, include non-running ones. - :query size: 1/True/true or 0/False/false, Show the containers sizes - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create a container -****************** - -.. http:post:: /containers/create - - Create a container - - **Example request**: - - .. sourcecode:: http - - POST /containers/create HTTP/1.1 - Content-Type: application/json - - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":true, - "AttachStderr":true, - "ExposedPorts":{}, - "Tty":false, - "OpenStdin":false, - "StdinOnce":false, - "Env":null, - "Cmd":[ - "date" - ], - "Dns":null, - "Image":"base", - "Volumes":{}, - "VolumesFrom":"", - "WorkingDir":"" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/json - - { - "Id":"e90e34656806" - "Warnings":[] - } - - :jsonparam config: the container's configuration - :query name: container name to use - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 406: impossible to attach (container not running) - :statuscode 500: server error - - **More Complex Example request, in 2 steps.** - **First, use create to expose a Private Port, which can be bound back to a Public Port at startup**: - - .. sourcecode:: http - - POST /containers/create HTTP/1.1 - Content-Type: application/json - - { - "Cmd":[ - "/usr/sbin/sshd","-D" - ], - "Image":"image-with-sshd", - "ExposedPorts":{"22/tcp":{}} - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/json - - { - "Id":"e90e34656806" - "Warnings":[] - } - - **Second, start (using the ID returned above) the image we just created, mapping the ssh port 22 to something on the host**: - - .. sourcecode:: http - - POST /containers/e90e34656806/start HTTP/1.1 - Content-Type: application/json - - { - "PortBindings": { "22/tcp": [{ "HostPort": "11022" }]} - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 No Content - Content-Type: text/plain; charset=utf-8 - Content-Length: 0 - - **Now you can ssh into your new container on port 11022.** - - - - -Inspect a container -******************* - -.. http:get:: /containers/(id)/json - - Return low-level information on the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", - "Created": "2013-05-07T14:51:42.041847+02:00", - "Path": "date", - "Args": [], - "Config": { - "Hostname": "4fa6e0f0c678", - "User": "", - "Memory": 0, - "MemorySwap": 0, - "AttachStdin": false, - "AttachStdout": true, - "AttachStderr": true, - "ExposedPorts": {}, - "Tty": false, - "OpenStdin": false, - "StdinOnce": false, - "Env": null, - "Cmd": [ - "date" - ], - "Dns": null, - "Image": "base", - "Volumes": {}, - "VolumesFrom": "", - "WorkingDir":"" - - }, - "State": { - "Running": false, - "Pid": 0, - "ExitCode": 0, - "StartedAt": "2013-05-07T14:51:42.087658+02:01360", - "Ghost": false - }, - "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "NetworkSettings": { - "IpAddress": "", - "IpPrefixLen": 0, - "Gateway": "", - "Bridge": "", - "PortMapping": null - }, - "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", - "ResolvConfPath": "/etc/resolv.conf", - "Volumes": {} - } - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -List processes running inside a container -***************************************** - -.. http:get:: /containers/(id)/top - - List processes running inside the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/top HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Titles":[ - "USER", - "PID", - "%CPU", - "%MEM", - "VSZ", - "RSS", - "TTY", - "STAT", - "START", - "TIME", - "COMMAND" - ], - "Processes":[ - ["root","20147","0.0","0.1","18060","1864","pts/4","S","10:06","0:00","bash"], - ["root","20271","0.0","0.0","4312","352","pts/4","S+","10:07","0:00","sleep","10"] - ] - } - - :query ps_args: ps arguments to use (eg. aux) - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Inspect changes on a container's filesystem -******************************************* - -.. http:get:: /containers/(id)/changes - - Inspect changes on container ``id`` 's filesystem - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/changes HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Path":"/dev", - "Kind":0 - }, - { - "Path":"/dev/kmsg", - "Kind":1 - }, - { - "Path":"/test", - "Kind":1 - } - ] - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Export a container -****************** - -.. http:get:: /containers/(id)/export - - Export the contents of container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/export HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Start a container -***************** - -.. http:post:: /containers/(id)/start - - Start the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/(id)/start HTTP/1.1 - Content-Type: application/json - - { - "Binds":["/tmp:/tmp"], - "LxcConf":{"lxc.utsname":"docker"}, - "ContainerIDFile": "", - "Privileged": false, - "PortBindings": {"22/tcp": [{HostIp:"", HostPort:""}]}, - "Links": [], - "PublishAllPorts": false - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 No Content - Content-Type: text/plain - - :jsonparam hostConfig: the container's host configuration (optional) - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Stop a container -**************** - -.. http:post:: /containers/(id)/stop - - Stop the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/stop?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Restart a container -******************* - -.. http:post:: /containers/(id)/restart - - Restart the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/restart?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Kill a container -**************** - -.. http:post:: /containers/(id)/kill - - Kill the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/kill HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query signal: Signal to send to the container (integer). When not set, SIGKILL is assumed and the call will waits for the container to exit. - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Attach to a container -********************* - -.. http:post:: /containers/(id)/attach - - Attach to the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/vnd.docker.raw-stream - - {{ STREAM }} - - :query logs: 1/True/true or 0/False/false, return logs. Default false - :query stream: 1/True/true or 0/False/false, return stream. Default false - :query stdin: 1/True/true or 0/False/false, if stream=true, attach to stdin. Default false - :query stdout: 1/True/true or 0/False/false, if logs=true, return stdout log, if stream=true, attach to stdout. Default false - :query stderr: 1/True/true or 0/False/false, if logs=true, return stderr log, if stream=true, attach to stderr. Default false - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - **Stream details**: - - When using the TTY setting is enabled in - :http:post:`/containers/create`, the stream is the raw data - from the process PTY and client's stdin. When the TTY is - disabled, then the stream is multiplexed to separate stdout - and stderr. - - The format is a **Header** and a **Payload** (frame). - - **HEADER** - - The header will contain the information on which stream write - the stream (stdout or stderr). It also contain the size of - the associated frame encoded on the last 4 bytes (uint32). - - It is encoded on the first 8 bytes like this:: - - header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4} - - ``STREAM_TYPE`` can be: - - - 0: stdin (will be writen on stdout) - - 1: stdout - - 2: stderr - - ``SIZE1, SIZE2, SIZE3, SIZE4`` are the 4 bytes of the uint32 size encoded as big endian. - - **PAYLOAD** - - The payload is the raw stream. - - **IMPLEMENTATION** - - The simplest way to implement the Attach protocol is the following: - - 1) Read 8 bytes - 2) chose stdout or stderr depending on the first byte - 3) Extract the frame size from the last 4 byets - 4) Read the extracted size and output it on the correct output - 5) Goto 1) - - - -Wait a container -**************** - -.. http:post:: /containers/(id)/wait - - Block until container ``id`` stops, then returns the exit code - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/wait HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"StatusCode":0} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Remove a container -******************* - -.. http:delete:: /containers/(id) - - Remove the container ``id`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /containers/16253994b7c4?v=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query v: 1/True/true or 0/False/false, Remove the volumes associated to the container. Default false - :statuscode 204: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -Copy files or folders from a container -************************************** - -.. http:post:: /containers/(id)/copy - - Copy files or folders of container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/4fa6e0f0c678/copy HTTP/1.1 - Content-Type: application/json - - { - "Resource":"test.txt" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -2.2 Images ----------- - -List Images -*********** - -.. http:get:: /images/(format) - - List images ``format`` could be json or viz (json default) - - **Example request**: - - .. sourcecode:: http - - GET /images/json?all=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Repository":"base", - "Tag":"ubuntu-12.10", - "Id":"b750fe79269d", - "Created":1364102658, - "Size":24653, - "VirtualSize":180116135 - }, - { - "Repository":"base", - "Tag":"ubuntu-quantal", - "Id":"b750fe79269d", - "Created":1364102658, - "Size":24653, - "VirtualSize":180116135 - } - ] - - - **Example request**: - - .. sourcecode:: http - - GET /images/viz HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: text/plain - - digraph docker { - "d82cbacda43a" -> "074be284591f" - "1496068ca813" -> "08306dc45919" - "08306dc45919" -> "0e7893146ac2" - "b750fe79269d" -> "1496068ca813" - base -> "27cf78414709" [style=invis] - "f71189fff3de" -> "9a33b36209ed" - "27cf78414709" -> "b750fe79269d" - "0e7893146ac2" -> "d6434d954665" - "d6434d954665" -> "d82cbacda43a" - base -> "e9aa60c60128" [style=invis] - "074be284591f" -> "f71189fff3de" - "b750fe79269d" [label="b750fe79269d\nbase",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - "e9aa60c60128" [label="e9aa60c60128\nbase2",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - "9a33b36209ed" [label="9a33b36209ed\ntest",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - base [style=invisible] - } - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create an image -*************** - -.. http:post:: /images/create - - Create an image, either by pull it from the registry or by importing it - - **Example request**: - - .. sourcecode:: http - - POST /images/create?fromImage=base HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pulling..."} - {"status":"Pulling", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - When using this endpoint to pull an image from the registry, - the ``X-Registry-Auth`` header can be used to include a - base64-encoded AuthConfig object. - - :query fromImage: name of the image to pull - :query fromSrc: source to import, - means stdin - :query repo: repository - :query tag: tag - :query registry: the registry to pull from - :statuscode 200: no error - :statuscode 500: server error - - -Insert a file in an image -************************* - -.. http:post:: /images/(name)/insert - - Insert a file from ``url`` in the image ``name`` at ``path`` - - **Example request**: - - .. sourcecode:: http - - POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Inserting..."} - {"status":"Inserting", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :statuscode 200: no error - :statuscode 500: server error - - -Inspect an image -**************** - -.. http:get:: /images/(name)/json - - Return low-level information on the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/base/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "parent":"27cf784147099545", - "created":"2013-03-23T22:24:18.818426-07:00", - "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", - "container_config": - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":false, - "AttachStderr":false, - "ExposedPorts":{}, - "Tty":true, - "OpenStdin":true, - "StdinOnce":false, - "Env":null, - "Cmd": ["/bin/bash"] - ,"Dns":null, - "Image":"base", - "Volumes":null, - "VolumesFrom":"", - "WorkingDir":"" - }, - "Size": 6824592 - } - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Get the history of an image -*************************** - -.. http:get:: /images/(name)/history - - Return the history of the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/base/history HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id":"b750fe79269d", - "Created":1364102658, - "CreatedBy":"/bin/bash" - }, - { - "Id":"27cf78414709", - "Created":1364068391, - "CreatedBy":"" - } - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Push an image on the registry -***************************** - -.. http:post:: /images/(name)/push - - Push the image ``name`` on the registry - - **Example request**: - - .. sourcecode:: http - - POST /images/test/push HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pushing..."} - {"status":"Pushing", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - The ``X-Registry-Auth`` header can be used to include a - base64-encoded AuthConfig object. - - :query registry: the registry you wan to push, optional - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Tag an image into a repository -****************************** - -.. http:post:: /images/(name)/tag - - Tag the image ``name`` into a repository - - **Example request**: - - .. sourcecode:: http - - POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - - :query repo: The repository to tag in - :query force: 1/True/true or 0/False/false, default false - :statuscode 201: no error - :statuscode 400: bad parameter - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Remove an image -*************** - -.. http:delete:: /images/(name) - - Remove the image ``name`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /images/test HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-type: application/json - - [ - {"Untagged":"3e2f21a89f"}, - {"Deleted":"3e2f21a89f"}, - {"Deleted":"53b4f83ac9"} - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Search images -************* - -.. http:get:: /images/search - - Search for an image in the docker index - - **Example request**: - - .. sourcecode:: http - - GET /images/search?term=sshd HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Name":"cespare/sshd", - "Description":"" - }, - { - "Name":"johnfuller/sshd", - "Description":"" - }, - { - "Name":"dhrp/mongodb-sshd", - "Description":"" - } - ] - - :query term: term to search - :statuscode 200: no error - :statuscode 500: server error - - -2.3 Misc --------- - -Build an image from Dockerfile via stdin -**************************************** - -.. http:post:: /build - - Build an image from Dockerfile via stdin - - **Example request**: - - .. sourcecode:: http - - POST /build HTTP/1.1 - - {{ STREAM }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - {{ STREAM }} - - - The stream must be a tar archive compressed with one of the following algorithms: - identity (no compression), gzip, bzip2, xz. The archive must include a file called - `Dockerfile` at its root. It may include any number of other files, which will be - accessible in the build context (See the ADD build command). - - The Content-type header should be set to "application/tar". - - :query t: repository name (and optionally a tag) to be applied to the resulting image in case of success - :query q: suppress verbose build output - :query nocache: do not use the cache when building the image - :statuscode 200: no error - :statuscode 500: server error - - -Check auth configuration -************************ - -.. http:post:: /auth - - Get the default username and email - - **Example request**: - - .. sourcecode:: http - - POST /auth HTTP/1.1 - Content-Type: application/json - - { - "username":"hannibal", - "password:"xxxx", - "email":"hannibal@a-team.com", - "serveraddress":"https://index.docker.io/v1/" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 204: no error - :statuscode 500: server error - - -Display system-wide information -******************************* - -.. http:get:: /info - - Display system-wide information - - **Example request**: - - .. sourcecode:: http - - GET /info HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Containers":11, - "Images":16, - "Debug":false, - "NFd": 11, - "NGoroutines":21, - "MemoryLimit":true, - "SwapLimit":false, - "IPv4Forwarding":true - } - - :statuscode 200: no error - :statuscode 500: server error - - -Show the docker version information -*********************************** - -.. http:get:: /version - - Show the docker version information - - **Example request**: - - .. sourcecode:: http - - GET /version HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Version":"0.2.2", - "GitCommit":"5a2a5cc+CHANGES", - "GoVersion":"go1.0.3" - } - - :statuscode 200: no error - :statuscode 500: server error - - -Create a new image from a container's changes -********************************************* - -.. http:post:: /commit - - Create a new image from a container's changes - - **Example request**: - - .. sourcecode:: http - - POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 - Content-Type: application/json - - { - "Cmd": ["cat", "/world"], - "ExposedPorts":{"22/tcp":{}} - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/vnd.docker.raw-stream - - {"Id":"596069db4bf5"} - - :query container: source container - :query repo: repository - :query tag: tag - :query m: commit message - :query author: author (eg. "John Hannibal Smith ") - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Monitor Docker's events -*********************** - -.. http:get:: /events - - Get events from docker, either in real time via streaming, or via polling (using `since`) - - **Example request**: - - .. sourcecode:: http - - GET /events?since=1374067924 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"create","id":"dfdf82bd3881","from":"base:latest","time":1374067924} - {"status":"start","id":"dfdf82bd3881","from":"base:latest","time":1374067924} - {"status":"stop","id":"dfdf82bd3881","from":"base:latest","time":1374067966} - {"status":"destroy","id":"dfdf82bd3881","from":"base:latest","time":1374067970} - - :query since: timestamp used for polling - :statuscode 200: no error - :statuscode 500: server error - - -3. Going further -================ - -3.1 Inside 'docker run' ------------------------ - -Here are the steps of 'docker run' : - -* Create the container -* If the status code is 404, it means the image doesn't exists: - * Try to pull it - * Then retry to create the container -* Start the container -* If you are not in detached mode: - * Attach to the container, using logs=1 (to have stdout and stderr from the container's start) and stream=1 -* If in detached mode or only stdin is attached: - * Display the container's id - - -3.2 Hijacking -------------- - -In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. - -3.3 CORS Requests ------------------ - -To enable cross origin requests to the remote api add the flag "--api-enable-cors" when running docker in daemon mode. - -.. code-block:: bash - - docker -d -H="192.168.1.9:4243" --api-enable-cors - diff --git a/docs/sources/reference/api/docker_remote_api_v1.7.md b/docs/sources/reference/api/docker_remote_api_v1.7.md new file mode 100644 index 0000000000..818fbba11c --- /dev/null +++ b/docs/sources/reference/api/docker_remote_api_v1.7.md @@ -0,0 +1,1233 @@ +page_title: Remote API v1.7 +page_description: API Documentation for Docker +page_keywords: API, Docker, rcli, REST, documentation + +# Docker Remote API v1.7 + +# 1. Brief introduction + + - The Remote API has replaced rcli + - The daemon listens on `unix:///var/run/docker.sock` but you can + [*Bind Docker to another host/port or a Unix socket*]( + /use/basics/#bind-docker). + - The API tends to be REST, but for some complex commands, like `attach` + or `pull`, the HTTP connection is hijacked to transport `stdout, stdin` + and `stderr` + +# 2. Endpoints + +## 2.1 Containers + +### List containers + +`GET /containers/json` + +List containers + + **Example request**: + + GET /containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Id": "8dfafdbc3a40", + "Image": "base:latest", + "Command": "echo 1", + "Created": 1367854155, + "Status": "Exit 0", + "Ports":[{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}], + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "9cd87474be90", + "Image": "base:latest", + "Command": "echo 222222", + "Created": 1367854155, + "Status": "Exit 0", + "Ports":[], + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "3176a2479c92", + "Image": "base:latest", + "Command": "echo 3333333333333333", + "Created": 1367854154, + "Status": "Exit 0", + "Ports":[], + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "4cb07b47f9fb", + "Image": "base:latest", + "Command": "echo 444444444444444444444444444444444", + "Created": 1367854152, + "Status": "Exit 0", + "Ports":[], + "SizeRw":12288, + "SizeRootFs":0 + } + ] + + Query Parameters: + +   + + - **all** – 1/True/true or 0/False/false, Show all containers. + Only running containers are shown by default + - **limit** – Show `limit` last created + containers, include non-running ones. + - **since** – Show only containers created since Id, include + non-running ones. + - **before** – Show only containers created before Id, include + non-running ones. + - **size** – 1/True/true or 0/False/false, Show the containers + sizes + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **500** – server error + +### Create a container + +`POST /containers/create` + +Create a container + + **Example request**: + + POST /containers/create HTTP/1.1 + Content-Type: application/json + + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "AttachStdin":false, + "AttachStdout":true, + "AttachStderr":true, + "PortSpecs":null, + "Tty":false, + "OpenStdin":false, + "StdinOnce":false, + "Env":null, + "Cmd":[ + "date" + ], + "Dns":null, + "Image":"base", + "Volumes":{ + "/tmp": {} + }, + "VolumesFrom":"", + "WorkingDir":"", + "ExposedPorts":{ + "22/tcp": {} + } + } + + **Example response**: + + HTTP/1.1 201 OK + Content-Type: application/json + + { + "Id":"e90e34656806" + "Warnings":[] + } + + Json Parameters: + +   + + - **config** – the container's configuration + + Status Codes: + + - **201** – no error + - **404** – no such container + - **406** – impossible to attach (container not running) + - **500** – server error + +### Inspect a container + +`GET /containers/(id)/json` + +Return low-level information on the container `id` + + + **Example request**: + + GET /containers/4fa6e0f0c678/json HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", + "Created": "2013-05-07T14:51:42.041847+02:00", + "Path": "date", + "Args": [], + "Config": { + "Hostname": "4fa6e0f0c678", + "User": "", + "Memory": 0, + "MemorySwap": 0, + "AttachStdin": false, + "AttachStdout": true, + "AttachStderr": true, + "PortSpecs": null, + "Tty": false, + "OpenStdin": false, + "StdinOnce": false, + "Env": null, + "Cmd": [ + "date" + ], + "Dns": null, + "Image": "base", + "Volumes": {}, + "VolumesFrom": "", + "WorkingDir":"" + + }, + "State": { + "Running": false, + "Pid": 0, + "ExitCode": 0, + "StartedAt": "2013-05-07T14:51:42.087658+02:01360", + "Ghost": false + }, + "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "NetworkSettings": { + "IpAddress": "", + "IpPrefixLen": 0, + "Gateway": "", + "Bridge": "", + "PortMapping": null + }, + "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", + "ResolvConfPath": "/etc/resolv.conf", + "Volumes": {} + } + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### List processes running inside a container + +`GET /containers/(id)/top` + +List processes running inside the container `id` + + **Example request**: + + GET /containers/4fa6e0f0c678/top HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Titles":[ + "USER", + "PID", + "%CPU", + "%MEM", + "VSZ", + "RSS", + "TTY", + "STAT", + "START", + "TIME", + "COMMAND" + ], + "Processes":[ + ["root","20147","0.0","0.1","18060","1864","pts/4","S","10:06","0:00","bash"], + ["root","20271","0.0","0.0","4312","352","pts/4","S+","10:07","0:00","sleep","10"] + ] + } + + Query Parameters: + +   + + - **ps_args** – ps arguments to use (eg. aux) + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Inspect changes on a container's filesystem + +`GET /containers/(id)/changes` + +Inspect changes on container `id`'s filesystem + + **Example request**: + + GET /containers/4fa6e0f0c678/changes HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Path":"/dev", + "Kind":0 + }, + { + "Path":"/dev/kmsg", + "Kind":1 + }, + { + "Path":"/test", + "Kind":1 + } + ] + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Export a container + +`GET /containers/(id)/export` + +Export the contents of container `id` + + **Example request**: + + GET /containers/4fa6e0f0c678/export HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/octet-stream + + {{ STREAM }} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Start a container + +`POST /containers/(id)/start` + +Start the container `id` + + **Example request**: + + POST /containers/(id)/start HTTP/1.1 + Content-Type: application/json + + { + "Binds":["/tmp:/tmp"], + "LxcConf":{"lxc.utsname":"docker"}, + "PortBindings":{ "22/tcp": [{ "HostPort": "11022" }] }, + "Privileged":false, + "PublishAllPorts":false + } + + Binds need to reference Volumes that were defined during container + creation. + + **Example response**: + + HTTP/1.1 204 No Content + Content-Type: text/plain + + Json Parameters: + +   + + - **hostConfig** – the container's host configuration (optional) + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Stop a container + +`POST /containers/(id)/stop` + +Stop the container `id` + + **Example request**: + + POST /containers/e90e34656806/stop?t=5 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **t** – number of seconds to wait before killing the container + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Restart a container + +`POST /containers/(id)/restart` + +Restart the container `id` + + **Example request**: + + POST /containers/e90e34656806/restart?t=5 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **t** – number of seconds to wait before killing the container + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Kill a container + +`POST /containers/(id)/kill` + +Kill the container `id` + + **Example request**: + + POST /containers/e90e34656806/kill HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Attach to a container + +`POST /containers/(id)/attach` + +Attach to the container `id` + + **Example request**: + + POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/vnd.docker.raw-stream + + {{ STREAM }} + + Query Parameters: + +   + + - **logs** – 1/True/true or 0/False/false, return logs. Default + false + - **stream** – 1/True/true or 0/False/false, return stream. + Default false + - **stdin** – 1/True/true or 0/False/false, if stream=true, attach + to stdin. Default false + - **stdout** – 1/True/true or 0/False/false, if logs=true, return + stdout log, if stream=true, attach to stdout. Default false + - **stderr** – 1/True/true or 0/False/false, if logs=true, return + stderr log, if stream=true, attach to stderr. Default false + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **404** – no such container + - **500** – server error + + **Stream details**: + + When using the TTY setting is enabled in + [`POST /containers/create` + ](/api/docker_remote_api_v1.9/#post--containers-create "POST /containers/create"), + the stream is the raw data from the process PTY and client's stdin. + When the TTY is disabled, then the stream is multiplexed to separate + stdout and stderr. + + The format is a **Header** and a **Payload** (frame). + + **HEADER** + + The header will contain the information on which stream write the + stream (stdout or stderr). It also contain the size of the + associated frame encoded on the last 4 bytes (uint32). + + It is encoded on the first 8 bytes like this: + + header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4} + + `STREAM_TYPE` can be: + + - 0: stdin (will be writen on stdout) + - 1: stdout + - 2: stderr + + `SIZE1, SIZE2, SIZE3, SIZE4` are the 4 bytes of + the uint32 size encoded as big endian. + + **PAYLOAD** + + The payload is the raw stream. + + **IMPLEMENTATION** + + The simplest way to implement the Attach protocol is the following: + + 1. Read 8 bytes + 2. chose stdout or stderr depending on the first byte + 3. Extract the frame size from the last 4 byets + 4. Read the extracted size and output it on the correct output + 5. Goto 1) + +### Wait a container + +`POST /containers/(id)/wait` + +Block until container `id` stops, then returns the exit code + + **Example request**: + + POST /containers/16253994b7c4/wait HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"StatusCode":0} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Remove a container + +`DELETE /containers/(id)` + +Remove the container `id` from the filesystem + + **Example request**: + + DELETE /containers/16253994b7c4?v=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **v** – 1/True/true or 0/False/false, Remove the volumes + associated to the container. Default false + + Status Codes: + + - **204** – no error + - **400** – bad parameter + - **404** – no such container + - **500** – server error + +### Copy files or folders from a container + +`POST /containers/(id)/copy` + +Copy files or folders of container `id` + + **Example request**: + + POST /containers/4fa6e0f0c678/copy HTTP/1.1 + Content-Type: application/json + + { + "Resource":"test.txt" + } + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/octet-stream + + {{ STREAM }} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +## 2.2 Images + +### List Images + +`GET /images/json` + +**Example request**: + + GET /images/json?all=0 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "RepoTags": [ + "ubuntu:12.04", + "ubuntu:precise", + "ubuntu:latest" + ], + "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", + "Created": 1365714795, + "Size": 131506275, + "VirtualSize": 131506275 + }, + { + "RepoTags": [ + "ubuntu:12.10", + "ubuntu:quantal" + ], + "ParentId": "27cf784147099545", + "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "Created": 1364102658, + "Size": 24653, + "VirtualSize": 180116135 + } + ] + +### Create an image + +`POST /images/create` + +Create an image, either by pull it from the registry or by importing it + + **Example request**: + + POST /images/create?fromImage=base HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Pulling..."} + {"status":"Pulling", "progress":"1/? (n/a)"} + {"error":"Invalid..."} + ... + + When using this endpoint to pull an image from the registry, the + `X-Registry-Auth` header can be used to include + a base64-encoded AuthConfig object. + + Query Parameters: + +   + + - **fromImage** – name of the image to pull + - **fromSrc** – source to import, - means stdin + - **repo** – repository + - **tag** – tag + - **registry** – the registry to pull from + + Request Headers: + +   + + - **X-Registry-Auth** – base64-encoded AuthConfig object + + Status Codes: + + - **200** – no error + - **500** – server error + +### Insert a file in an image + +`POST /images/(name)/insert` + +Insert a file from `url` in the image `name` at `path` + + **Example request**: + + POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Inserting..."} + {"status":"Inserting", "progress":"1/? (n/a)"} + {"error":"Invalid..."} + ... + + Status Codes: + + - **200** – no error + - **500** – server error + +### Inspect an image + +`GET /images/(name)/json` + +Return low-level information on the image `name` + + **Example request**: + + GET /images/base/json HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "parent":"27cf784147099545", + "created":"2013-03-23T22:24:18.818426-07:00", + "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", + "container_config": + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "AttachStdin":false, + "AttachStdout":false, + "AttachStderr":false, + "PortSpecs":null, + "Tty":true, + "OpenStdin":true, + "StdinOnce":false, + "Env":null, + "Cmd": ["/bin/bash"] + ,"Dns":null, + "Image":"base", + "Volumes":null, + "VolumesFrom":"", + "WorkingDir":"" + }, + "Size": 6824592 + } + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Get the history of an image + +`GET /images/(name)/history` + +Return the history of the image `name` + + **Example request**: + + GET /images/base/history HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Id":"b750fe79269d", + "Created":1364102658, + "CreatedBy":"/bin/bash" + }, + { + "Id":"27cf78414709", + "Created":1364068391, + "CreatedBy":"" + } + ] + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Push an image on the registry + +`POST /images/(name)/push` + +Push the image `name` on the registry + + **Example request**: + + POST /images/test/push HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Pushing..."} + {"status":"Pushing", "progress":"1/? (n/a)"} + {"error":"Invalid..."} + ... + + Query Parameters: + +   + + - **registry** – the registry you wan to push, optional + + Request Headers: + +   + + - **X-Registry-Auth** – include a base64-encoded AuthConfig + object. + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Tag an image into a repository + +`POST /images/(name)/tag` + +Tag the image `name` into a repository + + **Example request**: + + POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 + + **Example response**: + + HTTP/1.1 201 OK + + Query Parameters: + +   + + - **repo** – The repository to tag in + - **force** – 1/True/true or 0/False/false, default false + + Status Codes: + + - **201** – no error + - **400** – bad parameter + - **404** – no such image + - **409** – conflict + - **500** – server error + +### Remove an image + +`DELETE /images/(name)` + +Remove the image `name` from the filesystem + + **Example request**: + + DELETE /images/test HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-type: application/json + + [ + {"Untagged":"3e2f21a89f"}, + {"Deleted":"3e2f21a89f"}, + {"Deleted":"53b4f83ac9"} + ] + + Status Codes: + + - **200** – no error + - **404** – no such image + - **409** – conflict + - **500** – server error + +### Search images + +`GET /images/search` + +Search for an image on [Docker.io](https://index.docker.io). + +> **Note**: +> The response keys have changed from API v1.6 to reflect the JSON +> sent by the registry server to the docker daemon's request. + + **Example request**: + + GET /images/search?term=sshd HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "description": "", + "is_official": false, + "is_trusted": false, + "name": "wma55/u1210sshd", + "star_count": 0 + }, + { + "description": "", + "is_official": false, + "is_trusted": false, + "name": "jdswinbank/sshd", + "star_count": 0 + }, + { + "description": "", + "is_official": false, + "is_trusted": false, + "name": "vgauthier/sshd", + "star_count": 0 + } + ... + ] + + Query Parameters: + +   + + - **term** – term to search + + Status Codes: + + - **200** – no error + - **500** – server error + +## 2.3 Misc + +### Build an image from Dockerfile via stdin + +`POST /build` + +Build an image from Dockerfile via stdin + + **Example request**: + + POST /build HTTP/1.1 + + {{ STREAM }} + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {{ STREAM }} + + The stream must be a tar archive compressed with one of the + following algorithms: identity (no compression), gzip, bzip2, xz. + + The archive must include a file called `Dockerfile` + at its root. It may include any number of other files, + which will be accessible in the build context (See the [*ADD build + command*](/builder/#dockerbuilder)). + + Query Parameters: + +   + + - **t** – repository name (and optionally a tag) to be applied to + the resulting image in case of success + - **q** – suppress verbose build output + - **nocache** – do not use the cache when building the image + + Request Headers: + +   + + - **Content-type** – should be set to + `"application/tar"`. + + Status Codes: + + - **200** – no error + - **500** – server error + +### Check auth configuration + +`POST /auth` + +Get the default username and email + + **Example request**: + + POST /auth HTTP/1.1 + Content-Type: application/json + + { + "username":"hannibal", + "password:"xxxx", + "email":"hannibal@a-team.com", + "serveraddress":"https://index.docker.io/v1/" + } + + **Example response**: + + HTTP/1.1 200 OK + + Status Codes: + + - **200** – no error + - **204** – no error + - **500** – server error + +### Display system-wide information + +`GET /info` + +Display system-wide information + + **Example request**: + + GET /info HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Containers":11, + "Images":16, + "Debug":false, + "NFd": 11, + "NGoroutines":21, + "MemoryLimit":true, + "SwapLimit":false, + "IPv4Forwarding":true + } + + Status Codes: + + - **200** – no error + - **500** – server error + +### Show the docker version information + +`GET /version` + +Show the docker version information + + **Example request**: + + GET /version HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Version":"0.2.2", + "GitCommit":"5a2a5cc+CHANGES", + "GoVersion":"go1.0.3" + } + + Status Codes: + + - **200** – no error + - **500** – server error + +### Create a new image from a container's changes + +`POST /commit` + +Create a new image from a container's changes + + **Example request**: + + POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 + + **Example response**: + + HTTP/1.1 201 OK + Content-Type: application/vnd.docker.raw-stream + + {"Id":"596069db4bf5"} + + Query Parameters: + +   + + - **container** – source container + - **repo** – repository + - **tag** – tag + - **m** – commit message + - **author** – author (eg. "John Hannibal Smith + <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>") + - **run** – config automatically applied when the image is run. + (ex: {"Cmd": ["cat", "/world"], "PortSpecs":["22"]}) + + Status Codes: + + - **201** – no error + - **404** – no such container + - **500** – server error + +### Monitor Docker's events + +`GET /events` + +Get events from docker, either in real time via streaming, or via +polling (using since) + + **Example request**: + + GET /events?since=1374067924 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"create","id":"dfdf82bd3881","from":"base:latest","time":1374067924} + {"status":"start","id":"dfdf82bd3881","from":"base:latest","time":1374067924} + {"status":"stop","id":"dfdf82bd3881","from":"base:latest","time":1374067966} + {"status":"destroy","id":"dfdf82bd3881","from":"base:latest","time":1374067970} + + Query Parameters: + +   + + - **since** – timestamp used for polling + + Status Codes: + + - **200** – no error + - **500** – server error + +### Get a tarball containing all images and tags in a repository + +`GET /images/(name)/get` + +Get a tarball containing all images and metadata for the repository +specified by `name`. + + **Example request** + + GET /images/ubuntu/get + + **Example response**: + + .. sourcecode:: http + + HTTP/1.1 200 OK + Content-Type: application/x-tar + + Binary data stream + :statuscode 200: no error + :statuscode 500: server error + +### Load a tarball with a set of images and tags into docker + +`POST /images/load` + +Load a set of images and tags into the docker repository. + + **Example request** + + POST /images/load + + Tarball in body + + **Example response**: + + .. sourcecode:: http + + HTTP/1.1 200 OK + + :statuscode 200: no error + :statuscode 500: server error + +# 3. Going further + +## 3.1 Inside `docker run` + +Here are the steps of `docker run` : + +- Create the container + +- If the status code is 404, it means the image doesn't exists: + - Try to pull it + - Then retry to create the container + +- Start the container + +- If you are not in detached mode: + - Attach to the container, using logs=1 (to have stdout and + stderr from the container's start) and stream=1 + +- If in detached mode or only stdin is attached: + - Display the container's id + +## 3.2 Hijacking + +In this version of the API, /attach, uses hijacking to transport stdin, +stdout and stderr on the same socket. This might change in the future. + +## 3.3 CORS Requests + +To enable cross origin requests to the remote api add the flag +"–api-enable-cors" when running docker in daemon mode. + + $ docker -d -H="192.168.1.9:4243" --api-enable-cors diff --git a/docs/sources/reference/api/docker_remote_api_v1.7.rst b/docs/sources/reference/api/docker_remote_api_v1.7.rst deleted file mode 100644 index 1bafaddfc5..0000000000 --- a/docs/sources/reference/api/docker_remote_api_v1.7.rst +++ /dev/null @@ -1,1262 +0,0 @@ -:title: Remote API v1.7 -:description: API Documentation for Docker -:keywords: API, Docker, rcli, REST, documentation - -:orphan: - -====================== -Docker Remote API v1.7 -====================== - -.. contents:: Table of Contents - -1. Brief introduction -===================== - -- The Remote API has replaced rcli -- The daemon listens on ``unix:///var/run/docker.sock``, but you can - :ref:`bind_docker`. -- The API tends to be REST, but for some complex commands, like - ``attach`` or ``pull``, the HTTP connection is hijacked to transport - ``stdout, stdin`` and ``stderr`` - -2. Endpoints -============ - -2.1 Containers --------------- - -List containers -*************** - -.. http:get:: /containers/json - - List containers - - **Example request**: - - .. sourcecode:: http - - GET /containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id": "8dfafdbc3a40", - "Image": "base:latest", - "Command": "echo 1", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":[{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "9cd87474be90", - "Image": "base:latest", - "Command": "echo 222222", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "3176a2479c92", - "Image": "base:latest", - "Command": "echo 3333333333333333", - "Created": 1367854154, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "4cb07b47f9fb", - "Image": "base:latest", - "Command": "echo 444444444444444444444444444444444", - "Created": 1367854152, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - } - ] - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :query limit: Show ``limit`` last created containers, include non-running ones. - :query since: Show only containers created since Id, include non-running ones. - :query before: Show only containers created before Id, include non-running ones. - :query size: 1/True/true or 0/False/false, Show the containers sizes - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create a container -****************** - -.. http:post:: /containers/create - - Create a container - - **Example request**: - - .. sourcecode:: http - - POST /containers/create HTTP/1.1 - Content-Type: application/json - - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":true, - "AttachStderr":true, - "PortSpecs":null, - "Tty":false, - "OpenStdin":false, - "StdinOnce":false, - "Env":null, - "Cmd":[ - "date" - ], - "Dns":null, - "Image":"base", - "Volumes":{ - "/tmp": {} - }, - "VolumesFrom":"", - "WorkingDir":"", - "ExposedPorts":{ - "22/tcp": {} - } - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/json - - { - "Id":"e90e34656806" - "Warnings":[] - } - - :jsonparam config: the container's configuration - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 406: impossible to attach (container not running) - :statuscode 500: server error - - -Inspect a container -******************* - -.. http:get:: /containers/(id)/json - - Return low-level information on the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", - "Created": "2013-05-07T14:51:42.041847+02:00", - "Path": "date", - "Args": [], - "Config": { - "Hostname": "4fa6e0f0c678", - "User": "", - "Memory": 0, - "MemorySwap": 0, - "AttachStdin": false, - "AttachStdout": true, - "AttachStderr": true, - "PortSpecs": null, - "Tty": false, - "OpenStdin": false, - "StdinOnce": false, - "Env": null, - "Cmd": [ - "date" - ], - "Dns": null, - "Image": "base", - "Volumes": {}, - "VolumesFrom": "", - "WorkingDir":"" - - }, - "State": { - "Running": false, - "Pid": 0, - "ExitCode": 0, - "StartedAt": "2013-05-07T14:51:42.087658+02:01360", - "Ghost": false - }, - "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "NetworkSettings": { - "IpAddress": "", - "IpPrefixLen": 0, - "Gateway": "", - "Bridge": "", - "PortMapping": null - }, - "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", - "ResolvConfPath": "/etc/resolv.conf", - "Volumes": {} - } - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -List processes running inside a container -***************************************** - -.. http:get:: /containers/(id)/top - - List processes running inside the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/top HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Titles":[ - "USER", - "PID", - "%CPU", - "%MEM", - "VSZ", - "RSS", - "TTY", - "STAT", - "START", - "TIME", - "COMMAND" - ], - "Processes":[ - ["root","20147","0.0","0.1","18060","1864","pts/4","S","10:06","0:00","bash"], - ["root","20271","0.0","0.0","4312","352","pts/4","S+","10:07","0:00","sleep","10"] - ] - } - - :query ps_args: ps arguments to use (eg. aux) - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Inspect changes on a container's filesystem -******************************************* - -.. http:get:: /containers/(id)/changes - - Inspect changes on container ``id`` 's filesystem - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/changes HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Path":"/dev", - "Kind":0 - }, - { - "Path":"/dev/kmsg", - "Kind":1 - }, - { - "Path":"/test", - "Kind":1 - } - ] - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Export a container -****************** - -.. http:get:: /containers/(id)/export - - Export the contents of container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/export HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Start a container -***************** - -.. http:post:: /containers/(id)/start - - Start the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/(id)/start HTTP/1.1 - Content-Type: application/json - - { - "Binds":["/tmp:/tmp"], - "LxcConf":{"lxc.utsname":"docker"}, - "PortBindings":{ "22/tcp": [{ "HostPort": "11022" }] }, - "Privileged":false, - "PublishAllPorts":false - } - - Binds need to reference Volumes that were defined during container creation. - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 No Content - Content-Type: text/plain - - :jsonparam hostConfig: the container's host configuration (optional) - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Stop a container -**************** - -.. http:post:: /containers/(id)/stop - - Stop the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/stop?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Restart a container -******************* - -.. http:post:: /containers/(id)/restart - - Restart the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/restart?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Kill a container -**************** - -.. http:post:: /containers/(id)/kill - - Kill the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/kill HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Attach to a container -********************* - -.. http:post:: /containers/(id)/attach - - Attach to the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/vnd.docker.raw-stream - - {{ STREAM }} - - :query logs: 1/True/true or 0/False/false, return logs. Default false - :query stream: 1/True/true or 0/False/false, return stream. Default false - :query stdin: 1/True/true or 0/False/false, if stream=true, attach to stdin. Default false - :query stdout: 1/True/true or 0/False/false, if logs=true, return stdout log, if stream=true, attach to stdout. Default false - :query stderr: 1/True/true or 0/False/false, if logs=true, return stderr log, if stream=true, attach to stderr. Default false - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - **Stream details**: - - When using the TTY setting is enabled in - :http:post:`/containers/create`, the stream is the raw data - from the process PTY and client's stdin. When the TTY is - disabled, then the stream is multiplexed to separate stdout - and stderr. - - The format is a **Header** and a **Payload** (frame). - - **HEADER** - - The header will contain the information on which stream write - the stream (stdout or stderr). It also contain the size of - the associated frame encoded on the last 4 bytes (uint32). - - It is encoded on the first 8 bytes like this:: - - header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4} - - ``STREAM_TYPE`` can be: - - - 0: stdin (will be writen on stdout) - - 1: stdout - - 2: stderr - - ``SIZE1, SIZE2, SIZE3, SIZE4`` are the 4 bytes of the uint32 size encoded as big endian. - - **PAYLOAD** - - The payload is the raw stream. - - **IMPLEMENTATION** - - The simplest way to implement the Attach protocol is the following: - - 1) Read 8 bytes - 2) chose stdout or stderr depending on the first byte - 3) Extract the frame size from the last 4 byets - 4) Read the extracted size and output it on the correct output - 5) Goto 1) - - - -Wait a container -**************** - -.. http:post:: /containers/(id)/wait - - Block until container ``id`` stops, then returns the exit code - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/wait HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"StatusCode":0} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Remove a container -******************* - -.. http:delete:: /containers/(id) - - Remove the container ``id`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /containers/16253994b7c4?v=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query v: 1/True/true or 0/False/false, Remove the volumes associated to the container. Default false - :statuscode 204: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -Copy files or folders from a container -************************************** - -.. http:post:: /containers/(id)/copy - - Copy files or folders of container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/4fa6e0f0c678/copy HTTP/1.1 - Content-Type: application/json - - { - "Resource":"test.txt" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -2.2 Images ----------- - -List Images -*********** - -.. http:get:: /images/json - - **Example request**: - - .. sourcecode:: http - - GET /images/json?all=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "RepoTags": [ - "ubuntu:12.04", - "ubuntu:precise", - "ubuntu:latest" - ], - "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", - "Created": 1365714795, - "Size": 131506275, - "VirtualSize": 131506275 - }, - { - "RepoTags": [ - "ubuntu:12.10", - "ubuntu:quantal" - ], - "ParentId": "27cf784147099545", - "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "Created": 1364102658, - "Size": 24653, - "VirtualSize": 180116135 - } - ] - - -Create an image -*************** - -.. http:post:: /images/create - - Create an image, either by pull it from the registry or by importing it - - **Example request**: - - .. sourcecode:: http - - POST /images/create?fromImage=base HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pulling..."} - {"status":"Pulling", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - When using this endpoint to pull an image from the registry, - the ``X-Registry-Auth`` header can be used to include a - base64-encoded AuthConfig object. - - :query fromImage: name of the image to pull - :query fromSrc: source to import, - means stdin - :query repo: repository - :query tag: tag - :query registry: the registry to pull from - :reqheader X-Registry-Auth: base64-encoded AuthConfig object - :statuscode 200: no error - :statuscode 500: server error - - - -Insert a file in an image -************************* - -.. http:post:: /images/(name)/insert - - Insert a file from ``url`` in the image ``name`` at ``path`` - - **Example request**: - - .. sourcecode:: http - - POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Inserting..."} - {"status":"Inserting", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :statuscode 200: no error - :statuscode 500: server error - - -Inspect an image -**************** - -.. http:get:: /images/(name)/json - - Return low-level information on the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/base/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "parent":"27cf784147099545", - "created":"2013-03-23T22:24:18.818426-07:00", - "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", - "container_config": - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":false, - "AttachStderr":false, - "PortSpecs":null, - "Tty":true, - "OpenStdin":true, - "StdinOnce":false, - "Env":null, - "Cmd": ["/bin/bash"] - ,"Dns":null, - "Image":"base", - "Volumes":null, - "VolumesFrom":"", - "WorkingDir":"" - }, - "Size": 6824592 - } - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Get the history of an image -*************************** - -.. http:get:: /images/(name)/history - - Return the history of the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/base/history HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id":"b750fe79269d", - "Created":1364102658, - "CreatedBy":"/bin/bash" - }, - { - "Id":"27cf78414709", - "Created":1364068391, - "CreatedBy":"" - } - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Push an image on the registry -***************************** - -.. http:post:: /images/(name)/push - - Push the image ``name`` on the registry - - **Example request**: - - .. sourcecode:: http - - POST /images/test/push HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pushing..."} - {"status":"Pushing", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :query registry: the registry you wan to push, optional - :reqheader X-Registry-Auth: include a base64-encoded AuthConfig object. - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Tag an image into a repository -****************************** - -.. http:post:: /images/(name)/tag - - Tag the image ``name`` into a repository - - **Example request**: - - .. sourcecode:: http - - POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - - :query repo: The repository to tag in - :query force: 1/True/true or 0/False/false, default false - :statuscode 201: no error - :statuscode 400: bad parameter - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Remove an image -*************** - -.. http:delete:: /images/(name) - - Remove the image ``name`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /images/test HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-type: application/json - - [ - {"Untagged":"3e2f21a89f"}, - {"Deleted":"3e2f21a89f"}, - {"Deleted":"53b4f83ac9"} - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Search images -************* - -.. http:get:: /images/search - - Search for an image in the docker index. - - .. note:: - - The response keys have changed from API v1.6 to reflect the JSON - sent by the registry server to the docker daemon's request. - - **Example request**: - - .. sourcecode:: http - - GET /images/search?term=sshd HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "description": "", - "is_official": false, - "is_trusted": false, - "name": "wma55/u1210sshd", - "star_count": 0 - }, - { - "description": "", - "is_official": false, - "is_trusted": false, - "name": "jdswinbank/sshd", - "star_count": 0 - }, - { - "description": "", - "is_official": false, - "is_trusted": false, - "name": "vgauthier/sshd", - "star_count": 0 - } - ... - ] - - :query term: term to search - :statuscode 200: no error - :statuscode 500: server error - - -2.3 Misc --------- - -Build an image from Dockerfile via stdin -**************************************** - -.. http:post:: /build - - Build an image from Dockerfile via stdin - - **Example request**: - - .. sourcecode:: http - - POST /build HTTP/1.1 - - {{ STREAM }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {{ STREAM }} - - The stream must be a tar archive compressed with one of the - following algorithms: identity (no compression), gzip, bzip2, - xz. - - The archive must include a file called ``Dockerfile`` at its - root. It may include any number of other files, which will be - accessible in the build context (See the :ref:`ADD build command - `). - - :query t: repository name (and optionally a tag) to be applied to the resulting image in case of success - :query q: suppress verbose build output - :query nocache: do not use the cache when building the image - :reqheader Content-type: should be set to ``"application/tar"``. - :statuscode 200: no error - :statuscode 500: server error - - - -Check auth configuration -************************ - -.. http:post:: /auth - - Get the default username and email - - **Example request**: - - .. sourcecode:: http - - POST /auth HTTP/1.1 - Content-Type: application/json - - { - "username":"hannibal", - "password:"xxxx", - "email":"hannibal@a-team.com", - "serveraddress":"https://index.docker.io/v1/" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 204: no error - :statuscode 500: server error - - -Display system-wide information -******************************* - -.. http:get:: /info - - Display system-wide information - - **Example request**: - - .. sourcecode:: http - - GET /info HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Containers":11, - "Images":16, - "Debug":false, - "NFd": 11, - "NGoroutines":21, - "MemoryLimit":true, - "SwapLimit":false, - "IPv4Forwarding":true - } - - :statuscode 200: no error - :statuscode 500: server error - - -Show the docker version information -*********************************** - -.. http:get:: /version - - Show the docker version information - - **Example request**: - - .. sourcecode:: http - - GET /version HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Version":"0.2.2", - "GitCommit":"5a2a5cc+CHANGES", - "GoVersion":"go1.0.3" - } - - :statuscode 200: no error - :statuscode 500: server error - - -Create a new image from a container's changes -********************************************* - -.. http:post:: /commit - - Create a new image from a container's changes - - **Example request**: - - .. sourcecode:: http - - POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/vnd.docker.raw-stream - - {"Id":"596069db4bf5"} - - :query container: source container - :query repo: repository - :query tag: tag - :query m: commit message - :query author: author (eg. "John Hannibal Smith ") - :query run: config automatically applied when the image is run. (ex: {"Cmd": ["cat", "/world"], "PortSpecs":["22"]}) - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Monitor Docker's events -*********************** - -.. http:get:: /events - - Get events from docker, either in real time via streaming, or via polling (using `since`) - - **Example request**: - - .. sourcecode:: http - - GET /events?since=1374067924 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"create","id":"dfdf82bd3881","from":"base:latest","time":1374067924} - {"status":"start","id":"dfdf82bd3881","from":"base:latest","time":1374067924} - {"status":"stop","id":"dfdf82bd3881","from":"base:latest","time":1374067966} - {"status":"destroy","id":"dfdf82bd3881","from":"base:latest","time":1374067970} - - :query since: timestamp used for polling - :statuscode 200: no error - :statuscode 500: server error - -Get a tarball containing all images and tags in a repository -************************************************************ - -.. http:get:: /images/(name)/get - - Get a tarball containing all images and metadata for the repository specified by ``name``. - - **Example request** - - .. sourcecode:: http - - GET /images/ubuntu/get - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/x-tar - - Binary data stream - :statuscode 200: no error - :statuscode 500: server error - -Load a tarball with a set of images and tags into docker -******************************************************** - -.. http:post:: /images/load - - Load a set of images and tags into the docker repository. - - **Example request** - - .. sourcecode:: http - - POST /images/load - - Tarball in body - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 500: server error - -3. Going further -================ - -3.1 Inside 'docker run' ------------------------ - -Here are the steps of 'docker run' : - -* Create the container -* If the status code is 404, it means the image doesn't exists: - * Try to pull it - * Then retry to create the container -* Start the container -* If you are not in detached mode: - * Attach to the container, using logs=1 (to have stdout and stderr from the container's start) and stream=1 -* If in detached mode or only stdin is attached: - * Display the container's id - - -3.2 Hijacking -------------- - -In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. - -3.3 CORS Requests ------------------ - -To enable cross origin requests to the remote api add the flag "--api-enable-cors" when running docker in daemon mode. - -.. code-block:: bash - - docker -d -H="192.168.1.9:4243" --api-enable-cors - diff --git a/docs/sources/reference/api/docker_remote_api_v1.8.md b/docs/sources/reference/api/docker_remote_api_v1.8.md new file mode 100644 index 0000000000..0d2997693c --- /dev/null +++ b/docs/sources/reference/api/docker_remote_api_v1.8.md @@ -0,0 +1,1279 @@ +page_title: Remote API v1.8 +page_description: API Documentation for Docker +page_keywords: API, Docker, rcli, REST, documentation + +# Docker Remote API v1.8 + +# 1. Brief introduction + + - The Remote API has replaced rcli + - The daemon listens on `unix:///var/run/docker.sock` but you can + [*Bind Docker to another host/port or a Unix socket*]( + /use/basics/#bind-docker). + - The API tends to be REST, but for some complex commands, like `attach` + or `pull`, the HTTP connection is hijacked to transport `stdout, stdin` + and `stderr` + +# 2. Endpoints + +## 2.1 Containers + +### List containers + +`GET /containers/json` + +List containers + + **Example request**: + + GET /containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Id": "8dfafdbc3a40", + "Image": "base:latest", + "Command": "echo 1", + "Created": 1367854155, + "Status": "Exit 0", + "Ports":[{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}], + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "9cd87474be90", + "Image": "base:latest", + "Command": "echo 222222", + "Created": 1367854155, + "Status": "Exit 0", + "Ports":[], + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "3176a2479c92", + "Image": "base:latest", + "Command": "echo 3333333333333333", + "Created": 1367854154, + "Status": "Exit 0", + "Ports":[], + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "4cb07b47f9fb", + "Image": "base:latest", + "Command": "echo 444444444444444444444444444444444", + "Created": 1367854152, + "Status": "Exit 0", + "Ports":[], + "SizeRw":12288, + "SizeRootFs":0 + } + ] + + Query Parameters: + +   + + - **all** – 1/True/true or 0/False/false, Show all containers. + Only running containers are shown by default + - **limit** – Show `limit` last created + containers, include non-running ones. + - **since** – Show only containers created since Id, include + non-running ones. + - **before** – Show only containers created before Id, include + non-running ones. + - **size** – 1/True/true or 0/False/false, Show the containers + sizes + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **500** – server error + +### Create a container + +`POST /containers/create` + +Create a container + + **Example request**: + + POST /containers/create HTTP/1.1 + Content-Type: application/json + + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "CpuShares":0, + "AttachStdin":false, + "AttachStdout":true, + "AttachStderr":true, + "PortSpecs":null, + "Tty":false, + "OpenStdin":false, + "StdinOnce":false, + "Env":null, + "Cmd":[ + "date" + ], + "Dns":null, + "Image":"base", + "Volumes":{ + "/tmp": {} + }, + "VolumesFrom":"", + "WorkingDir":"", + "ExposedPorts":{ + "22/tcp": {} + } + } + + **Example response**: + + HTTP/1.1 201 OK + Content-Type: application/json + + { + "Id":"e90e34656806" + "Warnings":[] + } + + Json Parameters: + +   + + - **Hostname** – Container host name + - **User** – Username or UID + - **Memory** – Memory Limit in bytes + - **CpuShares** – CPU shares (relative weight) + - **AttachStdin** – 1/True/true or 0/False/false, attach to + standard input. Default false + - **AttachStdout** – 1/True/true or 0/False/false, attach to + standard output. Default false + - **AttachStderr** – 1/True/true or 0/False/false, attach to + standard error. Default false + - **Tty** – 1/True/true or 0/False/false, allocate a pseudo-tty. + Default false + - **OpenStdin** – 1/True/true or 0/False/false, keep stdin open + even if not attached. Default false + + Query Parameters: + +   + + - **name** – Assign the specified name to the container. Must + match `/?[a-zA-Z0-9_-]+`. + + Status Codes: + + - **201** – no error + - **404** – no such container + - **406** – impossible to attach (container not running) + - **500** – server error + +### Inspect a container + +`GET /containers/(id)/json` + +Return low-level information on the container `id` + + **Example request**: + + GET /containers/4fa6e0f0c678/json HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", + "Created": "2013-05-07T14:51:42.041847+02:00", + "Path": "date", + "Args": [], + "Config": { + "Hostname": "4fa6e0f0c678", + "User": "", + "Memory": 0, + "MemorySwap": 0, + "AttachStdin": false, + "AttachStdout": true, + "AttachStderr": true, + "PortSpecs": null, + "Tty": false, + "OpenStdin": false, + "StdinOnce": false, + "Env": null, + "Cmd": [ + "date" + ], + "Dns": null, + "Image": "base", + "Volumes": {}, + "VolumesFrom": "", + "WorkingDir":"" + + }, + "State": { + "Running": false, + "Pid": 0, + "ExitCode": 0, + "StartedAt": "2013-05-07T14:51:42.087658+02:01360", + "Ghost": false + }, + "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "NetworkSettings": { + "IpAddress": "", + "IpPrefixLen": 0, + "Gateway": "", + "Bridge": "", + "PortMapping": null + }, + "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", + "ResolvConfPath": "/etc/resolv.conf", + "Volumes": {}, + "HostConfig": { + "Binds": null, + "ContainerIDFile": "", + "LxcConf": [], + "Privileged": false, + "PortBindings": { + "80/tcp": [ + { + "HostIp": "0.0.0.0", + "HostPort": "49153" + } + ] + }, + "Links": null, + "PublishAllPorts": false + } + } + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### List processes running inside a container + +`GET /containers/(id)/top` + +List processes running inside the container `id` + + **Example request**: + + GET /containers/4fa6e0f0c678/top HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Titles":[ + "USER", + "PID", + "%CPU", + "%MEM", + "VSZ", + "RSS", + "TTY", + "STAT", + "START", + "TIME", + "COMMAND" + ], + "Processes":[ + ["root","20147","0.0","0.1","18060","1864","pts/4","S","10:06","0:00","bash"], + ["root","20271","0.0","0.0","4312","352","pts/4","S+","10:07","0:00","sleep","10"] + ] + } + + Query Parameters: + +   + + - **ps_args** – ps arguments to use (eg. aux) + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Inspect changes on a container's filesystem + +`GET /containers/(id)/changes` + +Inspect changes on container `id`'s filesystem + + **Example request**: + + GET /containers/4fa6e0f0c678/changes HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Path":"/dev", + "Kind":0 + }, + { + "Path":"/dev/kmsg", + "Kind":1 + }, + { + "Path":"/test", + "Kind":1 + } + ] + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Export a container + +`GET /containers/(id)/export` + +Export the contents of container `id` + + **Example request**: + + GET /containers/4fa6e0f0c678/export HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/octet-stream + + {{ STREAM }} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Start a container + +`POST /containers/(id)/start` + +Start the container `id` + + **Example request**: + + POST /containers/(id)/start HTTP/1.1 + Content-Type: application/json + + { + "Binds":["/tmp:/tmp"], + "LxcConf":{"lxc.utsname":"docker"}, + "PortBindings":{ "22/tcp": [{ "HostPort": "11022" }] }, + "PublishAllPorts":false, + "Privileged":false + } + + **Example response**: + + HTTP/1.1 204 No Content + Content-Type: text/plain + + Json Parameters: + +   + + - **Binds** – Create a bind mount to a directory or file with + [host-path]:[container-path]:[rw|ro]. If a directory + "container-path" is missing, then docker creates a new volume. + - **LxcConf** – Map of custom lxc options + - **PortBindings** – Expose ports from the container, optionally + publishing them via the HostPort flag + - **PublishAllPorts** – 1/True/true or 0/False/false, publish all + exposed ports to the host interfaces. Default false + - **Privileged** – 1/True/true or 0/False/false, give extended + privileges to this container. Default false + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Stop a container + +`POST /containers/(id)/stop` + +Stop the container `id` + + **Example request**: + + POST /containers/e90e34656806/stop?t=5 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **t** – number of seconds to wait before killing the container + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Restart a container + +`POST /containers/(id)/restart` + +Restart the container `id` + + **Example request**: + + POST /containers/e90e34656806/restart?t=5 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **t** – number of seconds to wait before killing the container + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Kill a container + +`POST /containers/(id)/kill` + +Kill the container `id` + + **Example request**: + + POST /containers/e90e34656806/kill HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Attach to a container + +`POST /containers/(id)/attach` + +Attach to the container `id` + + **Example request**: + + POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/vnd.docker.raw-stream + + {{ STREAM }} + + Query Parameters: + +   + + - **logs** – 1/True/true or 0/False/false, return logs. Default + false + - **stream** – 1/True/true or 0/False/false, return stream. + Default false + - **stdin** – 1/True/true or 0/False/false, if stream=true, attach + to stdin. Default false + - **stdout** – 1/True/true or 0/False/false, if logs=true, return + stdout log, if stream=true, attach to stdout. Default false + - **stderr** – 1/True/true or 0/False/false, if logs=true, return + stderr log, if stream=true, attach to stderr. Default false + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **404** – no such container + - **500** – server error + + **Stream details**: + + When using the TTY setting is enabled in + [`POST /containers/create` + ](/api/docker_remote_api_v1.9/#post--containers-create "POST /containers/create"), + the stream is the raw data from the process PTY and client's stdin. + When the TTY is disabled, then the stream is multiplexed to separate + stdout and stderr. + + The format is a **Header** and a **Payload** (frame). + + **HEADER** + + The header will contain the information on which stream write the + stream (stdout or stderr). It also contain the size of the + associated frame encoded on the last 4 bytes (uint32). + + It is encoded on the first 8 bytes like this: + + header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4} + + `STREAM_TYPE` can be: + + - 0: stdin (will be writen on stdout) + - 1: stdout + - 2: stderr + + `SIZE1, SIZE2, SIZE3, SIZE4` are the 4 bytes of + the uint32 size encoded as big endian. + + **PAYLOAD** + + The payload is the raw stream. + + **IMPLEMENTATION** + + The simplest way to implement the Attach protocol is the following: + + 1. Read 8 bytes + 2. chose stdout or stderr depending on the first byte + 3. Extract the frame size from the last 4 byets + 4. Read the extracted size and output it on the correct output + 5. Goto 1) + +### Wait a container + +`POST /containers/(id)/wait` + +Block until container `id` stops, then returns the exit code + + **Example request**: + + POST /containers/16253994b7c4/wait HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"StatusCode":0} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Remove a container + +`DELETE /containers/(id)` + +Remove the container `id` from the filesystem + + **Example request**: + + DELETE /containers/16253994b7c4?v=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **v** – 1/True/true or 0/False/false, Remove the volumes + associated to the container. Default false + + Status Codes: + + - **204** – no error + - **400** – bad parameter + - **404** – no such container + - **500** – server error + +### Copy files or folders from a container + +`POST /containers/(id)/copy` + +Copy files or folders of container `id` + + **Example request**: + + POST /containers/4fa6e0f0c678/copy HTTP/1.1 + Content-Type: application/json + + { + "Resource":"test.txt" + } + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/octet-stream + + {{ STREAM }} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +## 2.2 Images + +### List Images + +`GET /images/json` + +**Example request**: + + GET /images/json?all=0 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "RepoTags": [ + "ubuntu:12.04", + "ubuntu:precise", + "ubuntu:latest" + ], + "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", + "Created": 1365714795, + "Size": 131506275, + "VirtualSize": 131506275 + }, + { + "RepoTags": [ + "ubuntu:12.10", + "ubuntu:quantal" + ], + "ParentId": "27cf784147099545", + "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "Created": 1364102658, + "Size": 24653, + "VirtualSize": 180116135 + } + ] + +### Create an image + +`POST /images/create` + +Create an image, either by pull it from the registry or by importing it + + **Example request**: + + POST /images/create?fromImage=base HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Pulling..."} + {"status":"Pulling", "progress":"1 B/ 100 B", "progressDetail":{"current":1, "total":100}} + {"error":"Invalid..."} + ... + + When using this endpoint to pull an image from the registry, the + `X-Registry-Auth` header can be used to include + a base64-encoded AuthConfig object. + + Query Parameters: + +   + + - **fromImage** – name of the image to pull + - **fromSrc** – source to import, - means stdin + - **repo** – repository + - **tag** – tag + - **registry** – the registry to pull from + + Request Headers: + +   + + - **X-Registry-Auth** – base64-encoded AuthConfig object + + Status Codes: + + - **200** – no error + - **500** – server error + +### Insert a file in an image + +`POST /images/(name)/insert` + +Insert a file from `url` in the image `name` at `path` + + **Example request**: + + POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Inserting..."} + {"status":"Inserting", "progress":"1/? (n/a)", "progressDetail":{"current":1}} + {"error":"Invalid..."} + ... + + Status Codes: + + - **200** – no error + - **500** – server error + +### Inspect an image + +`GET /images/(name)/json` + +Return low-level information on the image `name` + + **Example request**: + + GET /images/base/json HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "parent":"27cf784147099545", + "created":"2013-03-23T22:24:18.818426-07:00", + "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", + "container_config": + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "AttachStdin":false, + "AttachStdout":false, + "AttachStderr":false, + "PortSpecs":null, + "Tty":true, + "OpenStdin":true, + "StdinOnce":false, + "Env":null, + "Cmd": ["/bin/bash"] + ,"Dns":null, + "Image":"base", + "Volumes":null, + "VolumesFrom":"", + "WorkingDir":"" + }, + "Size": 6824592 + } + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Get the history of an image + +`GET /images/(name)/history` + +Return the history of the image `name` + + **Example request**: + + GET /images/base/history HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Id":"b750fe79269d", + "Created":1364102658, + "CreatedBy":"/bin/bash" + }, + { + "Id":"27cf78414709", + "Created":1364068391, + "CreatedBy":"" + } + ] + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Push an image on the registry + +`POST /images/(name)/push` + +Push the image `name` on the registry + + **Example request**: + + POST /images/test/push HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Pushing..."} + {"status":"Pushing", "progress":"1/? (n/a)", "progressDetail":{"current":1}}} + {"error":"Invalid..."} + ... + + Query Parameters: + +   + + - **registry** – the registry you wan to push, optional + + Request Headers: + +   + + - **X-Registry-Auth** – include a base64-encoded AuthConfig + object. + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Tag an image into a repository + +`POST /images/(name)/tag` + +Tag the image `name` into a repository + + **Example request**: + + POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 + + **Example response**: + + HTTP/1.1 201 OK + + Query Parameters: + +   + + - **repo** – The repository to tag in + - **force** – 1/True/true or 0/False/false, default false + + Status Codes: + + - **201** – no error + - **400** – bad parameter + - **404** – no such image + - **409** – conflict + - **500** – server error + +### Remove an image + +`DELETE /images/(name)` + +Remove the image `name` from the filesystem + + **Example request**: + + DELETE /images/test HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-type: application/json + + [ + {"Untagged":"3e2f21a89f"}, + {"Deleted":"3e2f21a89f"}, + {"Deleted":"53b4f83ac9"} + ] + + Status Codes: + + - **200** – no error + - **404** – no such image + - **409** – conflict + - **500** – server error + +### Search images + +`GET /images/search` + +Search for an image on [Docker.io](https://index.docker.io). + +> **Note**: +> The response keys have changed from API v1.6 to reflect the JSON +> sent by the registry server to the docker daemon's request. + + **Example request**: + + GET /images/search?term=sshd HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "description": "", + "is_official": false, + "is_trusted": false, + "name": "wma55/u1210sshd", + "star_count": 0 + }, + { + "description": "", + "is_official": false, + "is_trusted": false, + "name": "jdswinbank/sshd", + "star_count": 0 + }, + { + "description": "", + "is_official": false, + "is_trusted": false, + "name": "vgauthier/sshd", + "star_count": 0 + } + ... + ] + + Query Parameters: + +   + + - **term** – term to search + + Status Codes: + + - **200** – no error + - **500** – server error + +## 2.3 Misc + +### Build an image from Dockerfile via stdin + +`POST /build` + +Build an image from Dockerfile via stdin + + **Example request**: + + POST /build HTTP/1.1 + + {{ STREAM }} + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"stream":"Step 1..."} + {"stream":"..."} + {"error":"Error...", "errorDetail":{"code": 123, "message": "Error..."}} + + The stream must be a tar archive compressed with one of the + following algorithms: identity (no compression), gzip, bzip2, xz. + + The archive must include a file called `Dockerfile` + at its root. It may include any number of other files, + which will be accessible in the build context (See the [*ADD build + command*](/reference/builder/#dockerbuilder)). + + Query Parameters: + +   + + - **t** – repository name (and optionally a tag) to be applied to + the resulting image in case of success + - **q** – suppress verbose build output + - **nocache** – do not use the cache when building the image + + Request Headers: + +   + + - **Content-type** – should be set to + `"application/tar"`. + - **X-Registry-Auth** – base64-encoded AuthConfig object + + Status Codes: + + - **200** – no error + - **500** – server error + +### Check auth configuration + +`POST /auth` + +Get the default username and email + + **Example request**: + + POST /auth HTTP/1.1 + Content-Type: application/json + + { + "username":"hannibal", + "password:"xxxx", + "email":"hannibal@a-team.com", + "serveraddress":"https://index.docker.io/v1/" + } + + **Example response**: + + HTTP/1.1 200 OK + + Status Codes: + + - **200** – no error + - **204** – no error + - **500** – server error + +### Display system-wide information + +`GET /info` + +Display system-wide information + + **Example request**: + + GET /info HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Containers":11, + "Images":16, + "Debug":false, + "NFd": 11, + "NGoroutines":21, + "MemoryLimit":true, + "SwapLimit":false, + "IPv4Forwarding":true + } + + Status Codes: + + - **200** – no error + - **500** – server error + +### Show the docker version information + +`GET /version` + +Show the docker version information + + **Example request**: + + GET /version HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Version":"0.2.2", + "GitCommit":"5a2a5cc+CHANGES", + "GoVersion":"go1.0.3" + } + + Status Codes: + + - **200** – no error + - **500** – server error + +### Create a new image from a container's changes + +`POST /commit` + +Create a new image from a container's changes + + **Example request**: + + POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 + + **Example response**: + + HTTP/1.1 201 OK + Content-Type: application/vnd.docker.raw-stream + + {"Id":"596069db4bf5"} + + Query Parameters: + +   + + - **container** – source container + - **repo** – repository + - **tag** – tag + - **m** – commit message + - **author** – author (eg. "John Hannibal Smith + <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>") + - **run** – config automatically applied when the image is run. + (ex: {"Cmd": ["cat", "/world"], "PortSpecs":["22"]}) + + Status Codes: + + - **201** – no error + - **404** – no such container + - **500** – server error + +### Monitor Docker's events + +`GET /events` + +Get events from docker, either in real time via streaming, +or via polling (using since) + + **Example request**: + + GET /events?since=1374067924 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"create","id":"dfdf82bd3881","from":"base:latest","time":1374067924} + {"status":"start","id":"dfdf82bd3881","from":"base:latest","time":1374067924} + {"status":"stop","id":"dfdf82bd3881","from":"base:latest","time":1374067966} + {"status":"destroy","id":"dfdf82bd3881","from":"base:latest","time":1374067970} + + Query Parameters: + +   + + - **since** – timestamp used for polling + + Status Codes: + + - **200** – no error + - **500** – server error + +### Get a tarball containing all images and tags in a repository + +`GET /images/(name)/get` + +Get a tarball containing all images and metadata for the repository +specified by `name`. + + **Example request** + + GET /images/ubuntu/get + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/x-tar + + Binary data stream + + Status Codes: + + - **200** – no error + - **500** – server error + +### Load a tarball with a set of images and tags into docker + +`POST /images/load` + +Load a set of images and tags into the docker repository. + + **Example request** + + POST /images/load + + Tarball in body + + **Example response**: + + HTTP/1.1 200 OK + + Status Codes: + + - **200** – no error + - **500** – server error + +# 3. Going further + +## 3.1 Inside `docker run` + +Here are the steps of `docker run`: + + - Create the container + + - If the status code is 404, it means the image doesn't exists: + - Try to pull it + - Then retry to create the container + + - Start the container + + - If you are not in detached mode: + - Attach to the container, using logs=1 (to have stdout and + stderr from the container's start) and stream=1 + + - If in detached mode or only stdin is attached: + - Display the container's id + +## 3.2 Hijacking + +In this version of the API, /attach, uses hijacking to transport stdin, +stdout and stderr on the same socket. This might change in the future. + +## 3.3 CORS Requests + +To enable cross origin requests to the remote api add the flag +"–api-enable-cors" when running docker in daemon mode. + + $ docker -d -H="192.168.1.9:4243" --api-enable-cors diff --git a/docs/sources/reference/api/docker_remote_api_v1.8.rst b/docs/sources/reference/api/docker_remote_api_v1.8.rst deleted file mode 100644 index 16492dde76..0000000000 --- a/docs/sources/reference/api/docker_remote_api_v1.8.rst +++ /dev/null @@ -1,1294 +0,0 @@ -:title: Remote API v1.8 -:description: API Documentation for Docker -:keywords: API, Docker, rcli, REST, documentation - -:orphan: - -====================== -Docker Remote API v1.8 -====================== - -.. contents:: Table of Contents - -1. Brief introduction -===================== - -- The Remote API has replaced rcli -- The daemon listens on ``unix:///var/run/docker.sock``, but you can - :ref:`bind_docker`. -- The API tends to be REST, but for some complex commands, like - ``attach`` or ``pull``, the HTTP connection is hijacked to transport - ``stdout, stdin`` and ``stderr`` - -2. Endpoints -============ - -2.1 Containers --------------- - -List containers -*************** - -.. http:get:: /containers/json - - List containers - - **Example request**: - - .. sourcecode:: http - - GET /containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id": "8dfafdbc3a40", - "Image": "base:latest", - "Command": "echo 1", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":[{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "9cd87474be90", - "Image": "base:latest", - "Command": "echo 222222", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "3176a2479c92", - "Image": "base:latest", - "Command": "echo 3333333333333333", - "Created": 1367854154, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "4cb07b47f9fb", - "Image": "base:latest", - "Command": "echo 444444444444444444444444444444444", - "Created": 1367854152, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - } - ] - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :query limit: Show ``limit`` last created containers, include non-running ones. - :query since: Show only containers created since Id, include non-running ones. - :query before: Show only containers created before Id, include non-running ones. - :query size: 1/True/true or 0/False/false, Show the containers sizes - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create a container -****************** - -.. http:post:: /containers/create - - Create a container - - **Example request**: - - .. sourcecode:: http - - POST /containers/create HTTP/1.1 - Content-Type: application/json - - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "CpuShares":0, - "AttachStdin":false, - "AttachStdout":true, - "AttachStderr":true, - "PortSpecs":null, - "Tty":false, - "OpenStdin":false, - "StdinOnce":false, - "Env":null, - "Cmd":[ - "date" - ], - "Dns":null, - "Image":"base", - "Volumes":{ - "/tmp": {} - }, - "VolumesFrom":"", - "WorkingDir":"", - "ExposedPorts":{ - "22/tcp": {} - } - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/json - - { - "Id":"e90e34656806" - "Warnings":[] - } - - :jsonparam Hostname: Container host name - :jsonparam User: Username or UID - :jsonparam Memory: Memory Limit in bytes - :jsonparam CpuShares: CPU shares (relative weight) - :jsonparam AttachStdin: 1/True/true or 0/False/false, attach to standard input. Default false - :jsonparam AttachStdout: 1/True/true or 0/False/false, attach to standard output. Default false - :jsonparam AttachStderr: 1/True/true or 0/False/false, attach to standard error. Default false - :jsonparam Tty: 1/True/true or 0/False/false, allocate a pseudo-tty. Default false - :jsonparam OpenStdin: 1/True/true or 0/False/false, keep stdin open even if not attached. Default false - :query name: Assign the specified name to the container. Must match ``/?[a-zA-Z0-9_-]+``. - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 406: impossible to attach (container not running) - :statuscode 500: server error - - -Inspect a container -******************* - -.. http:get:: /containers/(id)/json - - Return low-level information on the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", - "Created": "2013-05-07T14:51:42.041847+02:00", - "Path": "date", - "Args": [], - "Config": { - "Hostname": "4fa6e0f0c678", - "User": "", - "Memory": 0, - "MemorySwap": 0, - "AttachStdin": false, - "AttachStdout": true, - "AttachStderr": true, - "PortSpecs": null, - "Tty": false, - "OpenStdin": false, - "StdinOnce": false, - "Env": null, - "Cmd": [ - "date" - ], - "Dns": null, - "Image": "base", - "Volumes": {}, - "VolumesFrom": "", - "WorkingDir":"" - - }, - "State": { - "Running": false, - "Pid": 0, - "ExitCode": 0, - "StartedAt": "2013-05-07T14:51:42.087658+02:01360", - "Ghost": false - }, - "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "NetworkSettings": { - "IpAddress": "", - "IpPrefixLen": 0, - "Gateway": "", - "Bridge": "", - "PortMapping": null - }, - "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", - "ResolvConfPath": "/etc/resolv.conf", - "Volumes": {}, - "HostConfig": { - "Binds": null, - "ContainerIDFile": "", - "LxcConf": [], - "Privileged": false, - "PortBindings": { - "80/tcp": [ - { - "HostIp": "0.0.0.0", - "HostPort": "49153" - } - ] - }, - "Links": null, - "PublishAllPorts": false - } - } - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -List processes running inside a container -***************************************** - -.. http:get:: /containers/(id)/top - - List processes running inside the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/top HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Titles":[ - "USER", - "PID", - "%CPU", - "%MEM", - "VSZ", - "RSS", - "TTY", - "STAT", - "START", - "TIME", - "COMMAND" - ], - "Processes":[ - ["root","20147","0.0","0.1","18060","1864","pts/4","S","10:06","0:00","bash"], - ["root","20271","0.0","0.0","4312","352","pts/4","S+","10:07","0:00","sleep","10"] - ] - } - - :query ps_args: ps arguments to use (eg. aux) - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Inspect changes on a container's filesystem -******************************************* - -.. http:get:: /containers/(id)/changes - - Inspect changes on container ``id`` 's filesystem - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/changes HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Path":"/dev", - "Kind":0 - }, - { - "Path":"/dev/kmsg", - "Kind":1 - }, - { - "Path":"/test", - "Kind":1 - } - ] - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Export a container -****************** - -.. http:get:: /containers/(id)/export - - Export the contents of container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/export HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Start a container -***************** - -.. http:post:: /containers/(id)/start - - Start the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/(id)/start HTTP/1.1 - Content-Type: application/json - - { - "Binds":["/tmp:/tmp"], - "LxcConf":{"lxc.utsname":"docker"}, - "PortBindings":{ "22/tcp": [{ "HostPort": "11022" }] }, - "PublishAllPorts":false, - "Privileged":false - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 No Content - Content-Type: text/plain - - :jsonparam Binds: Create a bind mount to a directory or file with [host-path]:[container-path]:[rw|ro]. If a directory "container-path" is missing, then docker creates a new volume. - :jsonparam LxcConf: Map of custom lxc options - :jsonparam PortBindings: Expose ports from the container, optionally publishing them via the HostPort flag - :jsonparam PublishAllPorts: 1/True/true or 0/False/false, publish all exposed ports to the host interfaces. Default false - :jsonparam Privileged: 1/True/true or 0/False/false, give extended privileges to this container. Default false - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Stop a container -**************** - -.. http:post:: /containers/(id)/stop - - Stop the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/stop?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Restart a container -******************* - -.. http:post:: /containers/(id)/restart - - Restart the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/restart?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Kill a container -**************** - -.. http:post:: /containers/(id)/kill - - Kill the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/kill HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Attach to a container -********************* - -.. http:post:: /containers/(id)/attach - - Attach to the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/vnd.docker.raw-stream - - {{ STREAM }} - - :query logs: 1/True/true or 0/False/false, return logs. Default false - :query stream: 1/True/true or 0/False/false, return stream. Default false - :query stdin: 1/True/true or 0/False/false, if stream=true, attach to stdin. Default false - :query stdout: 1/True/true or 0/False/false, if logs=true, return stdout log, if stream=true, attach to stdout. Default false - :query stderr: 1/True/true or 0/False/false, if logs=true, return stderr log, if stream=true, attach to stderr. Default false - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - **Stream details**: - - When using the TTY setting is enabled in - :http:post:`/containers/create`, the stream is the raw data - from the process PTY and client's stdin. When the TTY is - disabled, then the stream is multiplexed to separate stdout - and stderr. - - The format is a **Header** and a **Payload** (frame). - - **HEADER** - - The header will contain the information on which stream write - the stream (stdout or stderr). It also contain the size of - the associated frame encoded on the last 4 bytes (uint32). - - It is encoded on the first 8 bytes like this:: - - header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4} - - ``STREAM_TYPE`` can be: - - - 0: stdin (will be writen on stdout) - - 1: stdout - - 2: stderr - - ``SIZE1, SIZE2, SIZE3, SIZE4`` are the 4 bytes of the uint32 size encoded as big endian. - - **PAYLOAD** - - The payload is the raw stream. - - **IMPLEMENTATION** - - The simplest way to implement the Attach protocol is the following: - - 1) Read 8 bytes - 2) chose stdout or stderr depending on the first byte - 3) Extract the frame size from the last 4 byets - 4) Read the extracted size and output it on the correct output - 5) Goto 1) - - - -Wait a container -**************** - -.. http:post:: /containers/(id)/wait - - Block until container ``id`` stops, then returns the exit code - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/wait HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"StatusCode":0} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Remove a container -******************* - -.. http:delete:: /containers/(id) - - Remove the container ``id`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /containers/16253994b7c4?v=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query v: 1/True/true or 0/False/false, Remove the volumes associated to the container. Default false - :statuscode 204: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -Copy files or folders from a container -************************************** - -.. http:post:: /containers/(id)/copy - - Copy files or folders of container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/4fa6e0f0c678/copy HTTP/1.1 - Content-Type: application/json - - { - "Resource":"test.txt" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -2.2 Images ----------- - -List Images -*********** - -.. http:get:: /images/json - - **Example request**: - - .. sourcecode:: http - - GET /images/json?all=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "RepoTags": [ - "ubuntu:12.04", - "ubuntu:precise", - "ubuntu:latest" - ], - "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", - "Created": 1365714795, - "Size": 131506275, - "VirtualSize": 131506275 - }, - { - "RepoTags": [ - "ubuntu:12.10", - "ubuntu:quantal" - ], - "ParentId": "27cf784147099545", - "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "Created": 1364102658, - "Size": 24653, - "VirtualSize": 180116135 - } - ] - - -Create an image -*************** - -.. http:post:: /images/create - - Create an image, either by pull it from the registry or by importing it - - **Example request**: - - .. sourcecode:: http - - POST /images/create?fromImage=base HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pulling..."} - {"status":"Pulling", "progress":"1 B/ 100 B", "progressDetail":{"current":1, "total":100}} - {"error":"Invalid..."} - ... - - When using this endpoint to pull an image from the registry, - the ``X-Registry-Auth`` header can be used to include a - base64-encoded AuthConfig object. - - :query fromImage: name of the image to pull - :query fromSrc: source to import, - means stdin - :query repo: repository - :query tag: tag - :query registry: the registry to pull from - :reqheader X-Registry-Auth: base64-encoded AuthConfig object - :statuscode 200: no error - :statuscode 500: server error - - - -Insert a file in an image -************************* - -.. http:post:: /images/(name)/insert - - Insert a file from ``url`` in the image ``name`` at ``path`` - - **Example request**: - - .. sourcecode:: http - - POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Inserting..."} - {"status":"Inserting", "progress":"1/? (n/a)", "progressDetail":{"current":1}} - {"error":"Invalid..."} - ... - - :statuscode 200: no error - :statuscode 500: server error - - -Inspect an image -**************** - -.. http:get:: /images/(name)/json - - Return low-level information on the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/base/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "parent":"27cf784147099545", - "created":"2013-03-23T22:24:18.818426-07:00", - "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", - "container_config": - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":false, - "AttachStderr":false, - "PortSpecs":null, - "Tty":true, - "OpenStdin":true, - "StdinOnce":false, - "Env":null, - "Cmd": ["/bin/bash"] - ,"Dns":null, - "Image":"base", - "Volumes":null, - "VolumesFrom":"", - "WorkingDir":"" - }, - "Size": 6824592 - } - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Get the history of an image -*************************** - -.. http:get:: /images/(name)/history - - Return the history of the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/base/history HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id":"b750fe79269d", - "Created":1364102658, - "CreatedBy":"/bin/bash" - }, - { - "Id":"27cf78414709", - "Created":1364068391, - "CreatedBy":"" - } - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Push an image on the registry -***************************** - -.. http:post:: /images/(name)/push - - Push the image ``name`` on the registry - - **Example request**: - - .. sourcecode:: http - - POST /images/test/push HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pushing..."} - {"status":"Pushing", "progress":"1/? (n/a)", "progressDetail":{"current":1}}} - {"error":"Invalid..."} - ... - - :query registry: the registry you wan to push, optional - :reqheader X-Registry-Auth: include a base64-encoded AuthConfig object. - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Tag an image into a repository -****************************** - -.. http:post:: /images/(name)/tag - - Tag the image ``name`` into a repository - - **Example request**: - - .. sourcecode:: http - - POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - - :query repo: The repository to tag in - :query force: 1/True/true or 0/False/false, default false - :statuscode 201: no error - :statuscode 400: bad parameter - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Remove an image -*************** - -.. http:delete:: /images/(name) - - Remove the image ``name`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /images/test HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-type: application/json - - [ - {"Untagged":"3e2f21a89f"}, - {"Deleted":"3e2f21a89f"}, - {"Deleted":"53b4f83ac9"} - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Search images -************* - -.. http:get:: /images/search - - Search for an image in the docker index. - - .. note:: - - The response keys have changed from API v1.6 to reflect the JSON - sent by the registry server to the docker daemon's request. - - **Example request**: - - .. sourcecode:: http - - GET /images/search?term=sshd HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "description": "", - "is_official": false, - "is_trusted": false, - "name": "wma55/u1210sshd", - "star_count": 0 - }, - { - "description": "", - "is_official": false, - "is_trusted": false, - "name": "jdswinbank/sshd", - "star_count": 0 - }, - { - "description": "", - "is_official": false, - "is_trusted": false, - "name": "vgauthier/sshd", - "star_count": 0 - } - ... - ] - - :query term: term to search - :statuscode 200: no error - :statuscode 500: server error - - -2.3 Misc --------- - -Build an image from Dockerfile via stdin -**************************************** - -.. http:post:: /build - - Build an image from Dockerfile via stdin - - **Example request**: - - .. sourcecode:: http - - POST /build HTTP/1.1 - - {{ STREAM }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"stream":"Step 1..."} - {"stream":"..."} - {"error":"Error...", "errorDetail":{"code": 123, "message": "Error..."}} - - - The stream must be a tar archive compressed with one of the - following algorithms: identity (no compression), gzip, bzip2, - xz. - - The archive must include a file called ``Dockerfile`` at its - root. It may include any number of other files, which will be - accessible in the build context (See the :ref:`ADD build command - `). - - :query t: repository name (and optionally a tag) to be applied to the resulting image in case of success - :query q: suppress verbose build output - :query nocache: do not use the cache when building the image - :reqheader Content-type: should be set to ``"application/tar"``. - :reqheader X-Registry-Auth: base64-encoded AuthConfig object - :statuscode 200: no error - :statuscode 500: server error - - - -Check auth configuration -************************ - -.. http:post:: /auth - - Get the default username and email - - **Example request**: - - .. sourcecode:: http - - POST /auth HTTP/1.1 - Content-Type: application/json - - { - "username":"hannibal", - "password:"xxxx", - "email":"hannibal@a-team.com", - "serveraddress":"https://index.docker.io/v1/" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 204: no error - :statuscode 500: server error - - -Display system-wide information -******************************* - -.. http:get:: /info - - Display system-wide information - - **Example request**: - - .. sourcecode:: http - - GET /info HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Containers":11, - "Images":16, - "Debug":false, - "NFd": 11, - "NGoroutines":21, - "MemoryLimit":true, - "SwapLimit":false, - "IPv4Forwarding":true - } - - :statuscode 200: no error - :statuscode 500: server error - - -Show the docker version information -*********************************** - -.. http:get:: /version - - Show the docker version information - - **Example request**: - - .. sourcecode:: http - - GET /version HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Version":"0.2.2", - "GitCommit":"5a2a5cc+CHANGES", - "GoVersion":"go1.0.3" - } - - :statuscode 200: no error - :statuscode 500: server error - - -Create a new image from a container's changes -********************************************* - -.. http:post:: /commit - - Create a new image from a container's changes - - **Example request**: - - .. sourcecode:: http - - POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/vnd.docker.raw-stream - - {"Id":"596069db4bf5"} - - :query container: source container - :query repo: repository - :query tag: tag - :query m: commit message - :query author: author (eg. "John Hannibal Smith ") - :query run: config automatically applied when the image is run. (ex: {"Cmd": ["cat", "/world"], "PortSpecs":["22"]}) - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Monitor Docker's events -*********************** - -.. http:get:: /events - - Get events from docker, either in real time via streaming, or via polling (using `since`) - - **Example request**: - - .. sourcecode:: http - - GET /events?since=1374067924 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"create","id":"dfdf82bd3881","from":"base:latest","time":1374067924} - {"status":"start","id":"dfdf82bd3881","from":"base:latest","time":1374067924} - {"status":"stop","id":"dfdf82bd3881","from":"base:latest","time":1374067966} - {"status":"destroy","id":"dfdf82bd3881","from":"base:latest","time":1374067970} - - :query since: timestamp used for polling - :statuscode 200: no error - :statuscode 500: server error - -Get a tarball containing all images and tags in a repository -************************************************************ - -.. http:get:: /images/(name)/get - - Get a tarball containing all images and metadata for the repository specified by ``name``. - - **Example request** - - .. sourcecode:: http - - GET /images/ubuntu/get - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/x-tar - - Binary data stream - - :statuscode 200: no error - :statuscode 500: server error - -Load a tarball with a set of images and tags into docker -******************************************************** - -.. http:post:: /images/load - - Load a set of images and tags into the docker repository. - - **Example request** - - .. sourcecode:: http - - POST /images/load - - Tarball in body - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 500: server error - -3. Going further -================ - -3.1 Inside 'docker run' ------------------------ - -Here are the steps of 'docker run' : - -* Create the container -* If the status code is 404, it means the image doesn't exists: - * Try to pull it - * Then retry to create the container -* Start the container -* If you are not in detached mode: - * Attach to the container, using logs=1 (to have stdout and stderr from the container's start) and stream=1 -* If in detached mode or only stdin is attached: - * Display the container's id - - -3.2 Hijacking -------------- - -In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. - -3.3 CORS Requests ------------------ - -To enable cross origin requests to the remote api add the flag "--api-enable-cors" when running docker in daemon mode. - -.. code-block:: bash - - docker -d -H="192.168.1.9:4243" --api-enable-cors diff --git a/docs/sources/reference/api/docker_remote_api_v1.9.md b/docs/sources/reference/api/docker_remote_api_v1.9.md new file mode 100644 index 0000000000..d8be62a7a7 --- /dev/null +++ b/docs/sources/reference/api/docker_remote_api_v1.9.md @@ -0,0 +1,1316 @@ +page_title: Remote API v1.9 +page_description: API Documentation for Docker +page_keywords: API, Docker, rcli, REST, documentation + +# Docker Remote API v1.9 + +# 1. Brief introduction + + - The Remote API has replaced rcli + - The daemon listens on `unix:///var/run/docker.sock` but you can + [*Bind Docker to another host/port or a Unix socket*]( + /use/basics/#bind-docker). + - The API tends to be REST, but for some complex commands, like `attach` + or `pull`, the HTTP connection is hijacked to transport `stdout, stdin` + and `stderr` + +# 2. Endpoints + +## 2.1 Containers + +### List containers + +`GET /containers/json` + +List containers. + + **Example request**: + + GET /containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Id": "8dfafdbc3a40", + "Image": "base:latest", + "Command": "echo 1", + "Created": 1367854155, + "Status": "Exit 0", + "Ports":[{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}], + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "9cd87474be90", + "Image": "base:latest", + "Command": "echo 222222", + "Created": 1367854155, + "Status": "Exit 0", + "Ports":[], + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "3176a2479c92", + "Image": "base:latest", + "Command": "echo 3333333333333333", + "Created": 1367854154, + "Status": "Exit 0", + "Ports":[], + "SizeRw":12288, + "SizeRootFs":0 + }, + { + "Id": "4cb07b47f9fb", + "Image": "base:latest", + "Command": "echo 444444444444444444444444444444444", + "Created": 1367854152, + "Status": "Exit 0", + "Ports":[], + "SizeRw":12288, + "SizeRootFs":0 + } + ] + + Query Parameters: + +   + + - **all** – 1/True/true or 0/False/false, Show all containers. + Only running containers are shown by default + - **limit** – Show `limit` last created + containers, include non-running ones. + - **since** – Show only containers created since Id, include + non-running ones. + - **before** – Show only containers created before Id, include + non-running ones. + - **size** – 1/True/true or 0/False/false, Show the containers + sizes + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **500** – server error + +### Create a container + +`POST /containers/create` + +Create a container + + **Example request**: + + POST /containers/create HTTP/1.1 + Content-Type: application/json + + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "CpuShares":0, + "AttachStdin":false, + "AttachStdout":true, + "AttachStderr":true, + "PortSpecs":null, + "Tty":false, + "OpenStdin":false, + "StdinOnce":false, + "Env":null, + "Cmd":[ + "date" + ], + "Dns":null, + "Image":"base", + "Volumes":{ + "/tmp": {} + }, + "VolumesFrom":"", + "WorkingDir":"", + "ExposedPorts":{ + "22/tcp": {} + } + } + + **Example response**: + + HTTP/1.1 201 OK + Content-Type: application/json + + { + "Id":"e90e34656806" + "Warnings":[] + } + + Json Parameters: + +   + + - **Hostname** – Container host name + - **User** – Username or UID + - **Memory** – Memory Limit in bytes + - **CpuShares** – CPU shares (relative weight) + - **AttachStdin** – 1/True/true or 0/False/false, attach to + standard input. Default false + - **AttachStdout** – 1/True/true or 0/False/false, attach to + standard output. Default false + - **AttachStderr** – 1/True/true or 0/False/false, attach to + standard error. Default false + - **Tty** – 1/True/true or 0/False/false, allocate a pseudo-tty. + Default false + - **OpenStdin** – 1/True/true or 0/False/false, keep stdin open + even if not attached. Default false + + Query Parameters: + +   + + - **name** – Assign the specified name to the container. Must + match `/?[a-zA-Z0-9_-]+`. + + Status Codes: + + - **201** – no error + - **404** – no such container + - **406** – impossible to attach (container not running) + - **500** – server error + +### Inspect a container + +`GET /containers/(id)/json` + +Return low-level information on the container `id` + + **Example request**: + + GET /containers/4fa6e0f0c678/json HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", + "Created": "2013-05-07T14:51:42.041847+02:00", + "Path": "date", + "Args": [], + "Config": { + "Hostname": "4fa6e0f0c678", + "User": "", + "Memory": 0, + "MemorySwap": 0, + "AttachStdin": false, + "AttachStdout": true, + "AttachStderr": true, + "PortSpecs": null, + "Tty": false, + "OpenStdin": false, + "StdinOnce": false, + "Env": null, + "Cmd": [ + "date" + ], + "Dns": null, + "Image": "base", + "Volumes": {}, + "VolumesFrom": "", + "WorkingDir":"" + + }, + "State": { + "Running": false, + "Pid": 0, + "ExitCode": 0, + "StartedAt": "2013-05-07T14:51:42.087658+02:01360", + "Ghost": false + }, + "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "NetworkSettings": { + "IpAddress": "", + "IpPrefixLen": 0, + "Gateway": "", + "Bridge": "", + "PortMapping": null + }, + "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", + "ResolvConfPath": "/etc/resolv.conf", + "Volumes": {}, + "HostConfig": { + "Binds": null, + "ContainerIDFile": "", + "LxcConf": [], + "Privileged": false, + "PortBindings": { + "80/tcp": [ + { + "HostIp": "0.0.0.0", + "HostPort": "49153" + } + ] + }, + "Links": null, + "PublishAllPorts": false + } + } + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### List processes running inside a container + +`GET /containers/(id)/top` + +List processes running inside the container `id` + + **Example request**: + + GET /containers/4fa6e0f0c678/top HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Titles":[ + "USER", + "PID", + "%CPU", + "%MEM", + "VSZ", + "RSS", + "TTY", + "STAT", + "START", + "TIME", + "COMMAND" + ], + "Processes":[ + ["root","20147","0.0","0.1","18060","1864","pts/4","S","10:06","0:00","bash"], + ["root","20271","0.0","0.0","4312","352","pts/4","S+","10:07","0:00","sleep","10"] + ] + } + + Query Parameters: + +   + + - **ps_args** – ps arguments to use (eg. aux) + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Inspect changes on a container's filesystem + +`GET /containers/(id)/changes` + +Inspect changes on container `id`'s filesystem + + **Example request**: + + GET /containers/4fa6e0f0c678/changes HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Path":"/dev", + "Kind":0 + }, + { + "Path":"/dev/kmsg", + "Kind":1 + }, + { + "Path":"/test", + "Kind":1 + } + ] + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Export a container + +`GET /containers/(id)/export` + +Export the contents of container `id` + + **Example request**: + + GET /containers/4fa6e0f0c678/export HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/octet-stream + + {{ STREAM }} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Start a container + +`POST /containers/(id)/start` + +Start the container `id` + + **Example request**: + + POST /containers/(id)/start HTTP/1.1 + Content-Type: application/json + + { + "Binds":["/tmp:/tmp"], + "LxcConf":{"lxc.utsname":"docker"}, + "PortBindings":{ "22/tcp": [{ "HostPort": "11022" }] }, + "PublishAllPorts":false, + "Privileged":false + } + + **Example response**: + + HTTP/1.1 204 No Content + Content-Type: text/plain + + Json Parameters: + +   + + - **Binds** – Create a bind mount to a directory or file with + [host-path]:[container-path]:[rw|ro]. If a directory + "container-path" is missing, then docker creates a new volume. + - **LxcConf** – Map of custom lxc options + - **PortBindings** – Expose ports from the container, optionally + publishing them via the HostPort flag + - **PublishAllPorts** – 1/True/true or 0/False/false, publish all + exposed ports to the host interfaces. Default false + - **Privileged** – 1/True/true or 0/False/false, give extended + privileges to this container. Default false + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Stop a container + +`POST /containers/(id)/stop` + +Stop the container `id` + + **Example request**: + + POST /containers/e90e34656806/stop?t=5 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **t** – number of seconds to wait before killing the container + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Restart a container + +`POST /containers/(id)/restart` + +Restart the container `id` + + **Example request**: + + POST /containers/e90e34656806/restart?t=5 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **t** – number of seconds to wait before killing the container + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Kill a container + +`POST /containers/(id)/kill` + +Kill the container `id` + + **Example request**: + + POST /containers/e90e34656806/kill HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters + + - **signal** - Signal to send to the container: integer or string like "SIGINT". + When not set, SIGKILL is assumed and the call will waits for the container to exit. + + Status Codes: + + - **204** – no error + - **404** – no such container + - **500** – server error + +### Attach to a container + +`POST /containers/(id)/attach` + +Attach to the container `id` + + **Example request**: + + POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/vnd.docker.raw-stream + + {{ STREAM }} + + Query Parameters: + +   + + - **logs** – 1/True/true or 0/False/false, return logs. Default + false + - **stream** – 1/True/true or 0/False/false, return stream. + Default false + - **stdin** – 1/True/true or 0/False/false, if stream=true, attach + to stdin. Default false + - **stdout** – 1/True/true or 0/False/false, if logs=true, return + stdout log, if stream=true, attach to stdout. Default false + - **stderr** – 1/True/true or 0/False/false, if logs=true, return + stderr log, if stream=true, attach to stderr. Default false + + Status Codes: + + - **200** – no error + - **400** – bad parameter + - **404** – no such container + - **500** – server error + + **Stream details**: + + When using the TTY setting is enabled in + [`POST /containers/create`](#post--containers-create), the + stream is the raw data from the process PTY and client's stdin. When + the TTY is disabled, then the stream is multiplexed to separate + stdout and stderr. + + The format is a **Header** and a **Payload** (frame). + + **HEADER** + + The header will contain the information on which stream write the + stream (stdout or stderr). It also contain the size of the + associated frame encoded on the last 4 bytes (uint32). + + It is encoded on the first 8 bytes like this: + + header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4} + + `STREAM_TYPE` can be: + + - 0: stdin (will be writen on stdout) + - 1: stdout + - 2: stderr + + `SIZE1, SIZE2, SIZE3, SIZE4` are the 4 bytes of + the uint32 size encoded as big endian. + + **PAYLOAD** + + The payload is the raw stream. + + **IMPLEMENTATION** + + The simplest way to implement the Attach protocol is the following: + + 1. Read 8 bytes + 2. chose stdout or stderr depending on the first byte + 3. Extract the frame size from the last 4 byets + 4. Read the extracted size and output it on the correct output + 5. Goto 1) + +### Wait a container + +`POST /containers/(id)/wait` + +Block until container `id` stops, then returns the exit code + + **Example request**: + + POST /containers/16253994b7c4/wait HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"StatusCode":0} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Remove a container + +`DELETE /containers/(id)` + +Remove the container `id` from the filesystem + + **Example request**: + + DELETE /containers/16253994b7c4?v=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 204 OK + + Query Parameters: + +   + + - **v** – 1/True/true or 0/False/false, Remove the volumes + associated to the container. Default false + + Status Codes: + + - **204** – no error + - **400** – bad parameter + - **404** – no such container + - **500** – server error + +### Copy files or folders from a container + +`POST /containers/(id)/copy` + +Copy files or folders of container `id` + + **Example request**: + + POST /containers/4fa6e0f0c678/copy HTTP/1.1 + Content-Type: application/json + + { + "Resource":"test.txt" + } + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/octet-stream + + {{ STREAM }} + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +## 2.2 Images + +### List Images + +`GET /images/json` + +**Example request**: + + GET /images/json?all=0 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "RepoTags": [ + "ubuntu:12.04", + "ubuntu:precise", + "ubuntu:latest" + ], + "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", + "Created": 1365714795, + "Size": 131506275, + "VirtualSize": 131506275 + }, + { + "RepoTags": [ + "ubuntu:12.10", + "ubuntu:quantal" + ], + "ParentId": "27cf784147099545", + "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "Created": 1364102658, + "Size": 24653, + "VirtualSize": 180116135 + } + ] + +### Create an image + +`POST /images/create` + +Create an image, either by pull it from the registry or by importing it + + **Example request**: + + POST /images/create?fromImage=base HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Pulling..."} + {"status":"Pulling", "progress":"1 B/ 100 B", "progressDetail":{"current":1, "total":100}} + {"error":"Invalid..."} + ... + + When using this endpoint to pull an image from the registry, the + `X-Registry-Auth` header can be used to include + a base64-encoded AuthConfig object. + + Query Parameters: + +   + + - **fromImage** – name of the image to pull + - **fromSrc** – source to import, - means stdin + - **repo** – repository + - **tag** – tag + - **registry** – the registry to pull from + + Request Headers: + +   + + - **X-Registry-Auth** – base64-encoded AuthConfig object + + Status Codes: + + - **200** – no error + - **500** – server error + +### Insert a file in an image + +`POST /images/(name)/insert` + +Insert a file from `url` in the image `name` at `path` + + **Example request**: + + POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Inserting..."} + {"status":"Inserting", "progress":"1/? (n/a)", "progressDetail":{"current":1}} + {"error":"Invalid..."} + ... + + Status Codes: + + - **200** – no error + - **500** – server error + +### Inspect an image + +`GET /images/(name)/json` + +Return low-level information on the image `name` + + **Example request**: + + GET /images/base/json HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "parent":"27cf784147099545", + "created":"2013-03-23T22:24:18.818426-07:00", + "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", + "container_config": + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "AttachStdin":false, + "AttachStdout":false, + "AttachStderr":false, + "PortSpecs":null, + "Tty":true, + "OpenStdin":true, + "StdinOnce":false, + "Env":null, + "Cmd": ["/bin/bash"] + ,"Dns":null, + "Image":"base", + "Volumes":null, + "VolumesFrom":"", + "WorkingDir":"" + }, + "Size": 6824592 + } + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Get the history of an image + +`GET /images/(name)/history` + +Return the history of the image `name` + + **Example request**: + + GET /images/base/history HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "Id":"b750fe79269d", + "Created":1364102658, + "CreatedBy":"/bin/bash" + }, + { + "Id":"27cf78414709", + "Created":1364068391, + "CreatedBy":"" + } + ] + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Push an image on the registry + +`POST /images/(name)/push` + +Push the image `name` on the registry + + **Example request**: + + POST /images/test/push HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Pushing..."} + {"status":"Pushing", "progress":"1/? (n/a)", "progressDetail":{"current":1}}} + {"error":"Invalid..."} + ... + + Query Parameters: + +   + + - **registry** – the registry you wan to push, optional + + Request Headers: + +   + + - **X-Registry-Auth** – include a base64-encoded AuthConfig + object. + + Status Codes: + + - **200** – no error + - **404** – no such image + - **500** – server error + +### Tag an image into a repository + +`POST /images/(name)/tag` + +Tag the image `name` into a repository + + **Example request**: + + POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 + + **Example response**: + + HTTP/1.1 201 OK + + Query Parameters: + +   + + - **repo** – The repository to tag in + - **force** – 1/True/true or 0/False/false, default false + + Status Codes: + + - **201** – no error + - **400** – bad parameter + - **404** – no such image + - **409** – conflict + - **500** – server error + +### Remove an image + +`DELETE /images/(name*) +: Remove the image `name` from the filesystem + + **Example request**: + + DELETE /images/test HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-type: application/json + + [ + {"Untagged":"3e2f21a89f"}, + {"Deleted":"3e2f21a89f"}, + {"Deleted":"53b4f83ac9"} + ] + + Status Codes: + + - **200** – no error + - **404** – no such image + - **409** – conflict + - **500** – server error + +### Search images + +`GET /images/search` + +Search for an image on [Docker.io](https://index.docker.io). + +> **Note**: +> The response keys have changed from API v1.6 to reflect the JSON +> sent by the registry server to the docker daemon's request. + + **Example request**: + + GET /images/search?term=sshd HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + [ + { + "description": "", + "is_official": false, + "is_trusted": false, + "name": "wma55/u1210sshd", + "star_count": 0 + }, + { + "description": "", + "is_official": false, + "is_trusted": false, + "name": "jdswinbank/sshd", + "star_count": 0 + }, + { + "description": "", + "is_official": false, + "is_trusted": false, + "name": "vgauthier/sshd", + "star_count": 0 + } + ... + ] + + Query Parameters: + +   + + - **term** – term to search + + Status Codes: + + - **200** – no error + - **500** – server error + +## 2.3 Misc + +### Build an image from Dockerfile + +`POST /build` + +Build an image from Dockerfile using a POST body. + + **Example request**: + + POST /build HTTP/1.1 + + {{ STREAM }} + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"stream":"Step 1..."} + {"stream":"..."} + {"error":"Error...", "errorDetail":{"code": 123, "message": "Error..."}} + + The stream must be a tar archive compressed with one of the + following algorithms: identity (no compression), gzip, bzip2, xz. + + The archive must include a file called `Dockerfile` + at its root. It may include any number of other files, + which will be accessible in the build context (See the [*ADD build + command*](/reference/builder/#dockerbuilder)). + + Query Parameters: + +   + + - **t** – repository name (and optionally a tag) to be applied to + the resulting image in case of success + - **q** – suppress verbose build output + - **nocache** – do not use the cache when building the image + - **rm** – Remove intermediate containers after a successful build + + Request Headers: + +   + + - **Content-type** – should be set to + `"application/tar"`. + - **X-Registry-Config** – base64-encoded ConfigFile object + + Status Codes: + + - **200** – no error + - **500** – server error + +### Check auth configuration + +`POST /auth` + +Get the default username and email + + **Example request**: + + POST /auth HTTP/1.1 + Content-Type: application/json + + { + "username":"hannibal", + "password:"xxxx", + "email":"hannibal@a-team.com", + "serveraddress":"https://index.docker.io/v1/" + } + + **Example response**: + + HTTP/1.1 200 OK + + Status Codes: + + - **200** – no error + - **204** – no error + - **500** – server error + +### Display system-wide information + +`GET /info` + +Display system-wide information + + **Example request**: + + GET /info HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Containers":11, + "Images":16, + "Debug":false, + "NFd": 11, + "NGoroutines":21, + "MemoryLimit":true, + "SwapLimit":false, + "IPv4Forwarding":true + } + + Status Codes: + + - **200** – no error + - **500** – server error + +### Show the docker version information + +`GET /version` + +Show the docker version information + + **Example request**: + + GET /version HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Version":"0.2.2", + "GitCommit":"5a2a5cc+CHANGES", + "GoVersion":"go1.0.3" + } + + Status Codes: + + - **200** – no error + - **500** – server error + +### Create a new image from a container's changes + +`POST /commit` + +Create a new image from a container's changes + + **Example request**: + + POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 + Content-Type: application/json + + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "AttachStdin":false, + "AttachStdout":true, + "AttachStderr":true, + "PortSpecs":null, + "Tty":false, + "OpenStdin":false, + "StdinOnce":false, + "Env":null, + "Cmd":[ + "date" + ], + "Volumes":{ + "/tmp": {} + }, + "WorkingDir":"", + "DisableNetwork": false, + "ExposedPorts":{ + "22/tcp": {} + } + } + + **Example response**: + + HTTP/1.1 201 OK + Content-Type: application/vnd.docker.raw-stream + + {"Id":"596069db4bf5"} + + Json Parameters: + + + + - **config** - the container's configuration + + Query Parameters: + +   + + - **container** – source container + - **repo** – repository + - **tag** – tag + - **m** – commit message + - **author** – author (eg. "John Hannibal Smith + <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>") + + Status Codes: + + - **201** – no error + - **404** – no such container + - **500** – server error + +### Monitor Docker's events + +`GET /events` + +Get events from docker, either in real time via streaming, or via +polling (using since) + + **Example request**: + + GET /events?since=1374067924 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"create","id":"dfdf82bd3881","from":"base:latest","time":1374067924} + {"status":"start","id":"dfdf82bd3881","from":"base:latest","time":1374067924} + {"status":"stop","id":"dfdf82bd3881","from":"base:latest","time":1374067966} + {"status":"destroy","id":"dfdf82bd3881","from":"base:latest","time":1374067970} + + Query Parameters: + +   + + - **since** – timestamp used for polling + + Status Codes: + + - **200** – no error + - **500** – server error + +### Get a tarball containing all images and tags in a repository + +`GET /images/(name)/get` + +Get a tarball containing all images and metadata for the repository specified by `name`. + + **Example request** + + GET /images/ubuntu/get + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/x-tar + + Binary data stream + + Status Codes: + + - **200** – no error + - **500** – server error + +### Load a tarball with a set of images and tags into docker + +`POST /images/load` + +Load a set of images and tags into the docker repository. + + **Example request** + + POST /images/load + + Tarball in body + + **Example response**: + + HTTP/1.1 200 OK + + Status Codes: + + - **200** – no error + - **500** – server error + +# 3. Going further + +## 3.1 Inside `docker run` + +Here are the steps of `docker run` : + + - Create the container + + - If the status code is 404, it means the image doesn't exists: + + - Try to pull it + - Then retry to create the container + + - Start the container + + - If you are not in detached mode: + + - Attach to the container, using logs=1 (to have stdout and + - stderr from the container's start) and stream=1 + + - If in detached mode or only stdin is attached: + + - Display the container's id + +## 3.2 Hijacking + +In this version of the API, /attach, uses hijacking to transport stdin, +stdout and stderr on the same socket. This might change in the future. + +## 3.3 CORS Requests + +To enable cross origin requests to the remote api add the flag +"–api-enable-cors" when running docker in daemon mode. + + $ docker -d -H="192.168.1.9:4243" --api-enable-cors diff --git a/docs/sources/reference/api/docker_remote_api_v1.9.rst b/docs/sources/reference/api/docker_remote_api_v1.9.rst deleted file mode 100644 index 27812457bb..0000000000 --- a/docs/sources/reference/api/docker_remote_api_v1.9.rst +++ /dev/null @@ -1,1295 +0,0 @@ -:title: Remote API v1.9 -:description: API Documentation for Docker -:keywords: API, Docker, rcli, REST, documentation - -:orphan: - -====================== -Docker Remote API v1.9 -====================== - -.. contents:: Table of Contents - -1. Brief introduction -===================== - -- The Remote API has replaced rcli -- The daemon listens on ``unix:///var/run/docker.sock``, but you can - :ref:`bind_docker`. -- The API tends to be REST, but for some complex commands, like - ``attach`` or ``pull``, the HTTP connection is hijacked to transport - ``stdout, stdin`` and ``stderr`` - -2. Endpoints -============ - -2.1 Containers --------------- - -List containers -*************** - -.. http:get:: /containers/json - - List containers - - **Example request**: - - .. sourcecode:: http - - GET /containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id": "8dfafdbc3a40", - "Image": "base:latest", - "Command": "echo 1", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":[{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "9cd87474be90", - "Image": "base:latest", - "Command": "echo 222222", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "3176a2479c92", - "Image": "base:latest", - "Command": "echo 3333333333333333", - "Created": 1367854154, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "4cb07b47f9fb", - "Image": "base:latest", - "Command": "echo 444444444444444444444444444444444", - "Created": 1367854152, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - } - ] - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :query limit: Show ``limit`` last created containers, include non-running ones. - :query since: Show only containers created since Id, include non-running ones. - :query before: Show only containers created before Id, include non-running ones. - :query size: 1/True/true or 0/False/false, Show the containers sizes - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create a container -****************** - -.. http:post:: /containers/create - - Create a container - - **Example request**: - - .. sourcecode:: http - - POST /containers/create HTTP/1.1 - Content-Type: application/json - - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "CpuShares":0, - "AttachStdin":false, - "AttachStdout":true, - "AttachStderr":true, - "PortSpecs":null, - "Tty":false, - "OpenStdin":false, - "StdinOnce":false, - "Env":null, - "Cmd":[ - "date" - ], - "Dns":null, - "Image":"base", - "Volumes":{ - "/tmp": {} - }, - "VolumesFrom":"", - "WorkingDir":"", - "ExposedPorts":{ - "22/tcp": {} - } - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/json - - { - "Id":"e90e34656806" - "Warnings":[] - } - - :jsonparam Hostname: Container host name - :jsonparam User: Username or UID - :jsonparam Memory: Memory Limit in bytes - :jsonparam CpuShares: CPU shares (relative weight) - :jsonparam AttachStdin: 1/True/true or 0/False/false, attach to standard input. Default false - :jsonparam AttachStdout: 1/True/true or 0/False/false, attach to standard output. Default false - :jsonparam AttachStderr: 1/True/true or 0/False/false, attach to standard error. Default false - :jsonparam Tty: 1/True/true or 0/False/false, allocate a pseudo-tty. Default false - :jsonparam OpenStdin: 1/True/true or 0/False/false, keep stdin open even if not attached. Default false - :query name: Assign the specified name to the container. Must match ``/?[a-zA-Z0-9_-]+``. - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 406: impossible to attach (container not running) - :statuscode 500: server error - - -Inspect a container -******************* - -.. http:get:: /containers/(id)/json - - Return low-level information on the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", - "Created": "2013-05-07T14:51:42.041847+02:00", - "Path": "date", - "Args": [], - "Config": { - "Hostname": "4fa6e0f0c678", - "User": "", - "Memory": 0, - "MemorySwap": 0, - "AttachStdin": false, - "AttachStdout": true, - "AttachStderr": true, - "PortSpecs": null, - "Tty": false, - "OpenStdin": false, - "StdinOnce": false, - "Env": null, - "Cmd": [ - "date" - ], - "Dns": null, - "Image": "base", - "Volumes": {}, - "VolumesFrom": "", - "WorkingDir":"" - - }, - "State": { - "Running": false, - "Pid": 0, - "ExitCode": 0, - "StartedAt": "2013-05-07T14:51:42.087658+02:01360", - "Ghost": false - }, - "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "NetworkSettings": { - "IpAddress": "", - "IpPrefixLen": 0, - "Gateway": "", - "Bridge": "", - "PortMapping": null - }, - "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", - "ResolvConfPath": "/etc/resolv.conf", - "Volumes": {}, - "HostConfig": { - "Binds": null, - "ContainerIDFile": "", - "LxcConf": [], - "Privileged": false, - "PortBindings": { - "80/tcp": [ - { - "HostIp": "0.0.0.0", - "HostPort": "49153" - } - ] - }, - "Links": null, - "PublishAllPorts": false - } - } - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -List processes running inside a container -***************************************** - -.. http:get:: /containers/(id)/top - - List processes running inside the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/top HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Titles":[ - "USER", - "PID", - "%CPU", - "%MEM", - "VSZ", - "RSS", - "TTY", - "STAT", - "START", - "TIME", - "COMMAND" - ], - "Processes":[ - ["root","20147","0.0","0.1","18060","1864","pts/4","S","10:06","0:00","bash"], - ["root","20271","0.0","0.0","4312","352","pts/4","S+","10:07","0:00","sleep","10"] - ] - } - - :query ps_args: ps arguments to use (eg. aux) - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Inspect changes on a container's filesystem -******************************************* - -.. http:get:: /containers/(id)/changes - - Inspect changes on container ``id`` 's filesystem - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/changes HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Path":"/dev", - "Kind":0 - }, - { - "Path":"/dev/kmsg", - "Kind":1 - }, - { - "Path":"/test", - "Kind":1 - } - ] - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Export a container -****************** - -.. http:get:: /containers/(id)/export - - Export the contents of container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/export HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Start a container -***************** - -.. http:post:: /containers/(id)/start - - Start the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/(id)/start HTTP/1.1 - Content-Type: application/json - - { - "Binds":["/tmp:/tmp"], - "LxcConf":{"lxc.utsname":"docker"}, - "PortBindings":{ "22/tcp": [{ "HostPort": "11022" }] }, - "PublishAllPorts":false, - "Privileged":false - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 No Content - Content-Type: text/plain - - :jsonparam Binds: Create a bind mount to a directory or file with [host-path]:[container-path]:[rw|ro]. If a directory "container-path" is missing, then docker creates a new volume. - :jsonparam LxcConf: Map of custom lxc options - :jsonparam PortBindings: Expose ports from the container, optionally publishing them via the HostPort flag - :jsonparam PublishAllPorts: 1/True/true or 0/False/false, publish all exposed ports to the host interfaces. Default false - :jsonparam Privileged: 1/True/true or 0/False/false, give extended privileges to this container. Default false - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Stop a container -**************** - -.. http:post:: /containers/(id)/stop - - Stop the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/stop?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Restart a container -******************* - -.. http:post:: /containers/(id)/restart - - Restart the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/restart?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Kill a container -**************** - -.. http:post:: /containers/(id)/kill - - Kill the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/kill HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Attach to a container -********************* - -.. http:post:: /containers/(id)/attach - - Attach to the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/vnd.docker.raw-stream - - {{ STREAM }} - - :query logs: 1/True/true or 0/False/false, return logs. Default false - :query stream: 1/True/true or 0/False/false, return stream. Default false - :query stdin: 1/True/true or 0/False/false, if stream=true, attach to stdin. Default false - :query stdout: 1/True/true or 0/False/false, if logs=true, return stdout log, if stream=true, attach to stdout. Default false - :query stderr: 1/True/true or 0/False/false, if logs=true, return stderr log, if stream=true, attach to stderr. Default false - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - **Stream details**: - - When using the TTY setting is enabled in - :http:post:`/containers/create`, the stream is the raw data - from the process PTY and client's stdin. When the TTY is - disabled, then the stream is multiplexed to separate stdout - and stderr. - - The format is a **Header** and a **Payload** (frame). - - **HEADER** - - The header will contain the information on which stream write - the stream (stdout or stderr). It also contain the size of - the associated frame encoded on the last 4 bytes (uint32). - - It is encoded on the first 8 bytes like this:: - - header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4} - - ``STREAM_TYPE`` can be: - - - 0: stdin (will be writen on stdout) - - 1: stdout - - 2: stderr - - ``SIZE1, SIZE2, SIZE3, SIZE4`` are the 4 bytes of the uint32 size encoded as big endian. - - **PAYLOAD** - - The payload is the raw stream. - - **IMPLEMENTATION** - - The simplest way to implement the Attach protocol is the following: - - 1) Read 8 bytes - 2) chose stdout or stderr depending on the first byte - 3) Extract the frame size from the last 4 byets - 4) Read the extracted size and output it on the correct output - 5) Goto 1) - - - -Wait a container -**************** - -.. http:post:: /containers/(id)/wait - - Block until container ``id`` stops, then returns the exit code - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/wait HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"StatusCode":0} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Remove a container -******************* - -.. http:delete:: /containers/(id) - - Remove the container ``id`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /containers/16253994b7c4?v=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query v: 1/True/true or 0/False/false, Remove the volumes associated to the container. Default false - :statuscode 204: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -Copy files or folders from a container -************************************** - -.. http:post:: /containers/(id)/copy - - Copy files or folders of container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/4fa6e0f0c678/copy HTTP/1.1 - Content-Type: application/json - - { - "Resource":"test.txt" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -2.2 Images ----------- - -List Images -*********** - -.. http:get:: /images/json - - **Example request**: - - .. sourcecode:: http - - GET /images/json?all=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "RepoTags": [ - "ubuntu:12.04", - "ubuntu:precise", - "ubuntu:latest" - ], - "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", - "Created": 1365714795, - "Size": 131506275, - "VirtualSize": 131506275 - }, - { - "RepoTags": [ - "ubuntu:12.10", - "ubuntu:quantal" - ], - "ParentId": "27cf784147099545", - "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "Created": 1364102658, - "Size": 24653, - "VirtualSize": 180116135 - } - ] - - -Create an image -*************** - -.. http:post:: /images/create - - Create an image, either by pull it from the registry or by importing it - - **Example request**: - - .. sourcecode:: http - - POST /images/create?fromImage=base HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pulling..."} - {"status":"Pulling", "progress":"1 B/ 100 B", "progressDetail":{"current":1, "total":100}} - {"error":"Invalid..."} - ... - - When using this endpoint to pull an image from the registry, - the ``X-Registry-Auth`` header can be used to include a - base64-encoded AuthConfig object. - - :query fromImage: name of the image to pull - :query fromSrc: source to import, - means stdin - :query repo: repository - :query tag: tag - :query registry: the registry to pull from - :reqheader X-Registry-Auth: base64-encoded AuthConfig object - :statuscode 200: no error - :statuscode 500: server error - - - -Insert a file in an image -************************* - -.. http:post:: /images/(name)/insert - - Insert a file from ``url`` in the image ``name`` at ``path`` - - **Example request**: - - .. sourcecode:: http - - POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Inserting..."} - {"status":"Inserting", "progress":"1/? (n/a)", "progressDetail":{"current":1}} - {"error":"Invalid..."} - ... - - :statuscode 200: no error - :statuscode 500: server error - - -Inspect an image -**************** - -.. http:get:: /images/(name)/json - - Return low-level information on the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/base/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "parent":"27cf784147099545", - "created":"2013-03-23T22:24:18.818426-07:00", - "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", - "container_config": - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":false, - "AttachStderr":false, - "PortSpecs":null, - "Tty":true, - "OpenStdin":true, - "StdinOnce":false, - "Env":null, - "Cmd": ["/bin/bash"] - ,"Dns":null, - "Image":"base", - "Volumes":null, - "VolumesFrom":"", - "WorkingDir":"" - }, - "Size": 6824592 - } - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Get the history of an image -*************************** - -.. http:get:: /images/(name)/history - - Return the history of the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/base/history HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id":"b750fe79269d", - "Created":1364102658, - "CreatedBy":"/bin/bash" - }, - { - "Id":"27cf78414709", - "Created":1364068391, - "CreatedBy":"" - } - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Push an image on the registry -***************************** - -.. http:post:: /images/(name)/push - - Push the image ``name`` on the registry - - **Example request**: - - .. sourcecode:: http - - POST /images/test/push HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pushing..."} - {"status":"Pushing", "progress":"1/? (n/a)", "progressDetail":{"current":1}}} - {"error":"Invalid..."} - ... - - :query registry: the registry you wan to push, optional - :reqheader X-Registry-Auth: include a base64-encoded AuthConfig object. - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Tag an image into a repository -****************************** - -.. http:post:: /images/(name)/tag - - Tag the image ``name`` into a repository - - **Example request**: - - .. sourcecode:: http - - POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - - :query repo: The repository to tag in - :query force: 1/True/true or 0/False/false, default false - :statuscode 201: no error - :statuscode 400: bad parameter - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Remove an image -*************** - -.. http:delete:: /images/(name) - - Remove the image ``name`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /images/test HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-type: application/json - - [ - {"Untagged":"3e2f21a89f"}, - {"Deleted":"3e2f21a89f"}, - {"Deleted":"53b4f83ac9"} - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Search images -************* - -.. http:get:: /images/search - - Search for an image in the docker index. - - .. note:: - - The response keys have changed from API v1.6 to reflect the JSON - sent by the registry server to the docker daemon's request. - - **Example request**: - - .. sourcecode:: http - - GET /images/search?term=sshd HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "description": "", - "is_official": false, - "is_trusted": false, - "name": "wma55/u1210sshd", - "star_count": 0 - }, - { - "description": "", - "is_official": false, - "is_trusted": false, - "name": "jdswinbank/sshd", - "star_count": 0 - }, - { - "description": "", - "is_official": false, - "is_trusted": false, - "name": "vgauthier/sshd", - "star_count": 0 - } - ... - ] - - :query term: term to search - :statuscode 200: no error - :statuscode 500: server error - - -2.3 Misc --------- - -Build an image from Dockerfile -****************************** - -.. http:post:: /build - - Build an image from Dockerfile using a POST body. - - **Example request**: - - .. sourcecode:: http - - POST /build HTTP/1.1 - - {{ STREAM }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"stream":"Step 1..."} - {"stream":"..."} - {"error":"Error...", "errorDetail":{"code": 123, "message": "Error..."}} - - - The stream must be a tar archive compressed with one of the - following algorithms: identity (no compression), gzip, bzip2, - xz. - - The archive must include a file called ``Dockerfile`` at its - root. It may include any number of other files, which will be - accessible in the build context (See the :ref:`ADD build command - `). - - :query t: repository name (and optionally a tag) to be applied to the resulting image in case of success - :query q: suppress verbose build output - :query nocache: do not use the cache when building the image - :query rm: Remove intermediate containers after a successful build - :reqheader Content-type: should be set to ``"application/tar"``. - :reqheader X-Registry-Config: base64-encoded ConfigFile object - :statuscode 200: no error - :statuscode 500: server error - - - -Check auth configuration -************************ - -.. http:post:: /auth - - Get the default username and email - - **Example request**: - - .. sourcecode:: http - - POST /auth HTTP/1.1 - Content-Type: application/json - - { - "username":"hannibal", - "password:"xxxx", - "email":"hannibal@a-team.com", - "serveraddress":"https://index.docker.io/v1/" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 204: no error - :statuscode 500: server error - - -Display system-wide information -******************************* - -.. http:get:: /info - - Display system-wide information - - **Example request**: - - .. sourcecode:: http - - GET /info HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Containers":11, - "Images":16, - "Debug":false, - "NFd": 11, - "NGoroutines":21, - "MemoryLimit":true, - "SwapLimit":false, - "IPv4Forwarding":true - } - - :statuscode 200: no error - :statuscode 500: server error - - -Show the docker version information -*********************************** - -.. http:get:: /version - - Show the docker version information - - **Example request**: - - .. sourcecode:: http - - GET /version HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Version":"0.2.2", - "GitCommit":"5a2a5cc+CHANGES", - "GoVersion":"go1.0.3" - } - - :statuscode 200: no error - :statuscode 500: server error - - -Create a new image from a container's changes -********************************************* - -.. http:post:: /commit - - Create a new image from a container's changes - - **Example request**: - - .. sourcecode:: http - - POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/vnd.docker.raw-stream - - {"Id":"596069db4bf5"} - - :query container: source container - :query repo: repository - :query tag: tag - :query m: commit message - :query author: author (eg. "John Hannibal Smith ") - :query run: config automatically applied when the image is run. (ex: {"Cmd": ["cat", "/world"], "PortSpecs":["22"]}) - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Monitor Docker's events -*********************** - -.. http:get:: /events - - Get events from docker, either in real time via streaming, or via polling (using `since`) - - **Example request**: - - .. sourcecode:: http - - GET /events?since=1374067924 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"create","id":"dfdf82bd3881","from":"base:latest","time":1374067924} - {"status":"start","id":"dfdf82bd3881","from":"base:latest","time":1374067924} - {"status":"stop","id":"dfdf82bd3881","from":"base:latest","time":1374067966} - {"status":"destroy","id":"dfdf82bd3881","from":"base:latest","time":1374067970} - - :query since: timestamp used for polling - :statuscode 200: no error - :statuscode 500: server error - -Get a tarball containing all images and tags in a repository -************************************************************ - -.. http:get:: /images/(name)/get - - Get a tarball containing all images and metadata for the repository specified by ``name``. - - **Example request** - - .. sourcecode:: http - - GET /images/ubuntu/get - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/x-tar - - Binary data stream - - :statuscode 200: no error - :statuscode 500: server error - -Load a tarball with a set of images and tags into docker -******************************************************** - -.. http:post:: /images/load - - Load a set of images and tags into the docker repository. - - **Example request** - - .. sourcecode:: http - - POST /images/load - - Tarball in body - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 500: server error - -3. Going further -================ - -3.1 Inside 'docker run' ------------------------ - -Here are the steps of 'docker run' : - -* Create the container -* If the status code is 404, it means the image doesn't exists: - * Try to pull it - * Then retry to create the container -* Start the container -* If you are not in detached mode: - * Attach to the container, using logs=1 (to have stdout and stderr from the container's start) and stream=1 -* If in detached mode or only stdin is attached: - * Display the container's id - - -3.2 Hijacking -------------- - -In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. - -3.3 CORS Requests ------------------ - -To enable cross origin requests to the remote api add the flag "--api-enable-cors" when running docker in daemon mode. - -.. code-block:: bash - - docker -d -H="192.168.1.9:4243" --api-enable-cors diff --git a/docs/sources/reference/api/index.rst b/docs/sources/reference/api/index.rst deleted file mode 100644 index 3c84a505c6..0000000000 --- a/docs/sources/reference/api/index.rst +++ /dev/null @@ -1,20 +0,0 @@ -:title: API Documentation -:description: docker documentation -:keywords: docker, ipa, documentation - -APIs -==== - -Your programs and scripts can access Docker's functionality via these interfaces: - -.. toctree:: - :maxdepth: 3 - - registry_index_spec - registry_api - index_api - docker_remote_api - remote_api_client_libraries - docker_io_oauth_api - docker_io_accounts_api - diff --git a/docs/sources/reference/api/registry_api.rst b/docs/sources/reference/api/registry_api.md similarity index 52% rename from docs/sources/reference/api/registry_api.rst rename to docs/sources/reference/api/registry_api.md index b5c36cc344..f8bdd6657d 100644 --- a/docs/sources/reference/api/registry_api.rst +++ b/docs/sources/reference/api/registry_api.md @@ -1,77 +1,96 @@ -:title: Registry API -:description: API Documentation for Docker Registry -:keywords: API, Docker, index, registry, REST, documentation +page_title: Registry API +page_description: API Documentation for Docker Registry +page_keywords: API, Docker, index, registry, REST, documentation -=================== -Docker Registry API -=================== +# Docker Registry API +## Introduction -1. Brief introduction -===================== + - This is the REST API for the Docker Registry + - It stores the images and the graph for a set of repositories + - It does not have user accounts data + - It has no notion of user accounts or authorization + - It delegates authentication and authorization to the Index Auth + service using tokens + - It supports different storage backends (S3, cloud files, local FS) + - It doesn't have a local database + - It will be open-sourced at some point -- This is the REST API for the Docker Registry -- It stores the images and the graph for a set of repositories -- It does not have user accounts data -- It has no notion of user accounts or authorization -- It delegates authentication and authorization to the Index Auth service using tokens -- It supports different storage backends (S3, cloud files, local FS) -- It doesn’t have a local database -- It will be open-sourced at some point +We expect that there will be multiple registries out there. To help to +grasp the context, here are some examples of registries: -We expect that there will be multiple registries out there. To help to grasp -the context, here are some examples of registries: + - **sponsor registry**: such a registry is provided by a third-party + hosting infrastructure as a convenience for their customers and the + docker community as a whole. Its costs are supported by the third + party, but the management and operation of the registry are + supported by dotCloud. It features read/write access, and delegates + authentication and authorization to the Index. + - **mirror registry**: such a registry is provided by a third-party + hosting infrastructure but is targeted at their customers only. Some + mechanism (unspecified to date) ensures that public images are + pulled from a sponsor registry to the mirror registry, to make sure + that the customers of the third-party provider can “docker pull” + those images locally. + - **vendor registry**: such a registry is provided by a software + vendor, who wants to distribute docker images. It would be operated + and managed by the vendor. Only users authorized by the vendor would + be able to get write access. Some images would be public (accessible + for anyone), others private (accessible only for authorized users). + Authentication and authorization would be delegated to the Index. + The goal of vendor registries is to let someone do “docker pull + basho/riak1.3” and automatically push from the vendor registry + (instead of a sponsor registry); i.e. get all the convenience of a + sponsor registry, while retaining control on the asset distribution. + - **private registry**: such a registry is located behind a firewall, + or protected by an additional security layer (HTTP authorization, + SSL client-side certificates, IP address authorization...). The + registry is operated by a private entity, outside of dotCloud's + control. It can optionally delegate additional authorization to the + Index, but it is not mandatory. -- **sponsor registry**: such a registry is provided by a third-party hosting infrastructure as a convenience for their customers and the docker community as a whole. Its costs are supported by the third party, but the management and operation of the registry are supported by dotCloud. It features read/write access, and delegates authentication and authorization to the Index. -- **mirror registry**: such a registry is provided by a third-party hosting infrastructure but is targeted at their customers only. Some mechanism (unspecified to date) ensures that public images are pulled from a sponsor registry to the mirror registry, to make sure that the customers of the third-party provider can “docker pull” those images locally. -- **vendor registry**: such a registry is provided by a software vendor, who wants to distribute docker images. It would be operated and managed by the vendor. Only users authorized by the vendor would be able to get write access. Some images would be public (accessible for anyone), others private (accessible only for authorized users). Authentication and authorization would be delegated to the Index. The goal of vendor registries is to let someone do “docker pull basho/riak1.3” and automatically push from the vendor registry (instead of a sponsor registry); i.e. get all the convenience of a sponsor registry, while retaining control on the asset distribution. -- **private registry**: such a registry is located behind a firewall, or protected by an additional security layer (HTTP authorization, SSL client-side certificates, IP address authorization...). The registry is operated by a private entity, outside of dotCloud’s control. It can optionally delegate additional authorization to the Index, but it is not mandatory. +> **Note**: +> Mirror registries and private registries which do not use the Index +> don't even need to run the registry code. They can be implemented by any +> kind of transport implementing HTTP GET and PUT. Read-only registries +> can be powered by a simple static HTTP server. -.. note:: +> **Note**: +> The latter implies that while HTTP is the protocol of choice for a registry, +> multiple schemes are possible (and in some cases, trivial): +> +> - HTTP with GET (and PUT for read-write registries); +> - local mount point; +> - remote docker addressed through SSH. - Mirror registries and private registries which do not use the Index don’t even need to run the registry code. They can be implemented by any kind of transport implementing HTTP GET and PUT. Read-only registries can be powered by a simple static HTTP server. +The latter would only require two new commands in docker, e.g. +`registryget` and `registryput`, wrapping access to the local filesystem +(and optionally doing consistency checks). Authentication and authorization +are then delegated to SSH (e.g. with public keys). -.. note:: +# Endpoints - The latter implies that while HTTP is the protocol of choice for a registry, multiple schemes are possible (and in some cases, trivial): - - HTTP with GET (and PUT for read-write registries); - - local mount point; - - remote docker addressed through SSH. +## Images -The latter would only require two new commands in docker, e.g. ``registryget`` -and ``registryput``, wrapping access to the local filesystem (and optionally -doing consistency checks). Authentication and authorization are then delegated -to SSH (e.g. with public keys). +### Layer -2. Endpoints -============ +`GET /v1/images/(image_id)/layer` -2.1 Images ----------- - -Layer -***** - -.. http:get:: /v1/images/(image_id)/layer - - get image layer for a given ``image_id`` +Get image layer for a given `image_id` **Example Request**: - .. sourcecode:: http - GET /v1/images/088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c/layer HTTP/1.1 Host: registry-1.docker.io Accept: application/json Content-Type: application/json Authorization: Token signature=123abc,repository="foo/bar",access=read - :parameter image_id: the id for the layer you want to get + Parameters: + + - **image_id** – the id for the layer you want to get **Example Response**: - .. sourcecode:: http - HTTP/1.1 200 Vary: Accept X-Docker-Registry-Version: 0.6.0 @@ -79,19 +98,18 @@ Layer {layer binary data stream} - :statuscode 200: OK - :statuscode 401: Requires authorization - :statuscode 404: Image not found + Status Codes: + - **200** – OK + - **401** – Requires authorization + - **404** – Image not found -.. http:put:: /v1/images/(image_id)/layer +`PUT /v1/images/(image_id)/layer` - put image layer for a given ``image_id`` +Put image layer for a given `image_id` **Example Request**: - .. sourcecode:: http - PUT /v1/images/088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c/layer HTTP/1.1 Host: registry-1.docker.io Transfer-Encoding: chunked @@ -99,13 +117,12 @@ Layer {layer binary data stream} - :parameter image_id: the id for the layer you want to get + Parameters: + - **image_id** – the id for the layer you want to get **Example Response**: - .. sourcecode:: http - HTTP/1.1 200 Vary: Accept Content-Type: application/json @@ -113,22 +130,20 @@ Layer "" - :statuscode 200: OK - :statuscode 401: Requires authorization - :statuscode 404: Image not found + Status Codes: + - **200** – OK + - **401** – Requires authorization + - **404** – Image not found -Image -***** +## Image -.. http:put:: /v1/images/(image_id)/json +`PUT /v1/images/(image_id)/json` - put image for a given ``image_id`` +Put image for a given `image_id` **Example Request**: - .. sourcecode:: http - PUT /v1/images/088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c/json HTTP/1.1 Host: registry-1.docker.io Accept: application/json @@ -166,12 +181,12 @@ Image docker_version: "0.1.7" } - :parameter image_id: the id for the layer you want to get + Parameters: + + - **image_id** – the id for the layer you want to get **Example Response**: - .. sourcecode:: http - HTTP/1.1 200 Vary: Accept Content-Type: application/json @@ -179,29 +194,29 @@ Image "" - :statuscode 200: OK - :statuscode 401: Requires authorization + Status Codes: -.. http:get:: /v1/images/(image_id)/json + - **200** – OK + - **401** – Requires authorization - get image for a given ``image_id`` +`GET /v1/images/(image_id)/json` + +Get image for a given `image_id` **Example Request**: - .. sourcecode:: http - GET /v1/images/088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c/json HTTP/1.1 Host: registry-1.docker.io Accept: application/json Content-Type: application/json Cookie: (Cookie provided by the Registry) - :parameter image_id: the id for the layer you want to get + Parameters: + + - **image_id** – the id for the layer you want to get **Example Response**: - .. sourcecode:: http - HTTP/1.1 200 Vary: Accept Content-Type: application/json @@ -240,34 +255,32 @@ Image docker_version: "0.1.7" } - :statuscode 200: OK - :statuscode 401: Requires authorization - :statuscode 404: Image not found + Status Codes: + - **200** – OK + - **401** – Requires authorization + - **404** – Image not found -Ancestry -******** +## Ancestry -.. http:get:: /v1/images/(image_id)/ancestry +`GET /v1/images/(image_id)/ancestry` - get ancestry for an image given an ``image_id`` +Get ancestry for an image given an `image_id` **Example Request**: - .. sourcecode:: http - GET /v1/images/088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c/ancestry HTTP/1.1 Host: registry-1.docker.io Accept: application/json Content-Type: application/json Cookie: (Cookie provided by the Registry) - :parameter image_id: the id for the layer you want to get + Parameters: + + - **image_id** – the id for the layer you want to get **Example Response**: - .. sourcecode:: http - HTTP/1.1 200 Vary: Accept Content-Type: application/json @@ -278,22 +291,20 @@ Ancestry "bfa4c5326bc764280b0863b46a4b20d940bc1897ef9c1dfec060604bdc383280", "6ab5893c6927c15a15665191f2c6cf751f5056d8b95ceee32e43c5e8a3648544"] - :statuscode 200: OK - :statuscode 401: Requires authorization - :statuscode 404: Image not found + Status Codes: + - **200** – OK + - **401** – Requires authorization + - **404** – Image not found -2.2 Tags --------- +## Tags -.. http:get:: /v1/repositories/(namespace)/(repository)/tags +`GET /v1/repositories/(namespace)/(repository)/tags` - get all of the tags for the given repo. +Get all of the tags for the given repo. **Example Request**: - .. sourcecode:: http - GET /v1/repositories/foo/bar/tags HTTP/1.1 Host: registry-1.docker.io Accept: application/json @@ -301,13 +312,13 @@ Ancestry X-Docker-Registry-Version: 0.6.0 Cookie: (Cookie provided by the Registry) - :parameter namespace: namespace for the repo - :parameter repository: name for the repo + Parameters: + + - **namespace** – namespace for the repo + - **repository** – name for the repo **Example Response**: - .. sourcecode:: http - HTTP/1.1 200 Vary: Accept Content-Type: application/json @@ -318,19 +329,18 @@ Ancestry "0.1.1": "b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087" } - :statuscode 200: OK - :statuscode 401: Requires authorization - :statuscode 404: Repository not found + Status Codes: + - **200** – OK + - **401** – Requires authorization + - **404** – Repository not found -.. http:get:: /v1/repositories/(namespace)/(repository)/tags/(tag) +`GET /v1/repositories/(namespace)/(repository)/tags/(tag*): - get a tag for the given repo. +Get a tag for the given repo. **Example Request**: - .. sourcecode:: http - GET /v1/repositories/foo/bar/tags/latest HTTP/1.1 Host: registry-1.docker.io Accept: application/json @@ -338,14 +348,14 @@ Ancestry X-Docker-Registry-Version: 0.6.0 Cookie: (Cookie provided by the Registry) - :parameter namespace: namespace for the repo - :parameter repository: name for the repo - :parameter tag: name of tag you want to get + Parameters: + + - **namespace** – namespace for the repo + - **repository** – name for the repo + - **tag** – name of tag you want to get **Example Response**: - .. sourcecode:: http - HTTP/1.1 200 Vary: Accept Content-Type: application/json @@ -353,32 +363,32 @@ Ancestry "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f" - :statuscode 200: OK - :statuscode 401: Requires authorization - :statuscode 404: Tag not found + Status Codes: -.. http:delete:: /v1/repositories/(namespace)/(repository)/tags/(tag) + - **200** – OK + - **401** – Requires authorization + - **404** – Tag not found - delete the tag for the repo +`DELETE /v1/repositories/(namespace)/(repository)/tags/(tag*): + +Delete the tag for the repo **Example Request**: - .. sourcecode:: http - DELETE /v1/repositories/foo/bar/tags/latest HTTP/1.1 Host: registry-1.docker.io Accept: application/json Content-Type: application/json Cookie: (Cookie provided by the Registry) - :parameter namespace: namespace for the repo - :parameter repository: name for the repo - :parameter tag: name of tag you want to delete + Parameters: + + - **namespace** – namespace for the repo + - **repository** – name for the repo + - **tag** – name of tag you want to delete **Example Response**: - .. sourcecode:: http - HTTP/1.1 200 Vary: Accept Content-Type: application/json @@ -386,19 +396,18 @@ Ancestry "" - :statuscode 200: OK - :statuscode 401: Requires authorization - :statuscode 404: Tag not found + Status Codes: + - **200** – OK + - **401** – Requires authorization + - **404** – Tag not found -.. http:put:: /v1/repositories/(namespace)/(repository)/tags/(tag) +`PUT /v1/repositories/(namespace)/(repository)/tags/(tag*): - put a tag for the given repo. +Put a tag for the given repo. **Example Request**: - .. sourcecode:: http - PUT /v1/repositories/foo/bar/tags/latest HTTP/1.1 Host: registry-1.docker.io Accept: application/json @@ -407,14 +416,14 @@ Ancestry "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f" - :parameter namespace: namespace for the repo - :parameter repository: name for the repo - :parameter tag: name of tag you want to add + Parameters: + + - **namespace** – namespace for the repo + - **repository** – name for the repo + - **tag** – name of tag you want to add **Example Response**: - .. sourcecode:: http - HTTP/1.1 200 Vary: Accept Content-Type: application/json @@ -422,22 +431,21 @@ Ancestry "" - :statuscode 200: OK - :statuscode 400: Invalid data - :statuscode 401: Requires authorization - :statuscode 404: Image not found + Status Codes: -2.3 Repositories ----------------- + - **200** – OK + - **400** – Invalid data + - **401** – Requires authorization + - **404** – Image not found -.. http:delete:: /v1/repositories/(namespace)/(repository)/ +## Repositories - delete a repository +`DELETE /v1/repositories/(namespace)/(repository)/` + +Delete a repository **Example Request**: - .. sourcecode:: http - DELETE /v1/repositories/foo/bar/ HTTP/1.1 Host: registry-1.docker.io Accept: application/json @@ -446,13 +454,13 @@ Ancestry "" - :parameter namespace: namespace for the repo - :parameter repository: name for the repo + Parameters: + + - **namespace** – namespace for the repo + - **repository** – name for the repo **Example Response**: - .. sourcecode:: http - HTTP/1.1 200 Vary: Accept Content-Type: application/json @@ -460,22 +468,21 @@ Ancestry "" - :statuscode 200: OK - :statuscode 401: Requires authorization - :statuscode 404: Repository not found + Status Codes: -2.4 Status ----------- + - **200** – OK + - **401** – Requires authorization + - **404** – Repository not found -.. http:get:: /v1/_ping +## Status - Check status of the registry. This endpoint is also used to determine if - the registry supports SSL. +`GET /v1/_ping` + +Check status of the registry. This endpoint is also used to +determine if the registry supports SSL. **Example Request**: - .. sourcecode:: http - GET /v1/_ping HTTP/1.1 Host: registry-1.docker.io Accept: application/json @@ -485,8 +492,6 @@ Ancestry **Example Response**: - .. sourcecode:: http - HTTP/1.1 200 Vary: Accept Content-Type: application/json @@ -494,11 +499,13 @@ Ancestry "" - :statuscode 200: OK + Status Codes: + - **200** – OK -3 Authorization -=============== -This is where we describe the authorization process, including the tokens and cookies. +## Authorization + +This is where we describe the authorization process, including the +tokens and cookies. TODO: add more info. diff --git a/docs/sources/reference/api/registry_index_spec.md b/docs/sources/reference/api/registry_index_spec.md new file mode 100644 index 0000000000..93ba469221 --- /dev/null +++ b/docs/sources/reference/api/registry_index_spec.md @@ -0,0 +1,697 @@ +page_title: Registry Documentation +page_description: Documentation for docker Registry and Registry API +page_keywords: docker, registry, api, index + +# Registry & Index Spec + +## The 3 roles + +### Index + +The Index is responsible for centralizing information about: + + - User accounts + - Checksums of the images + - Public namespaces + +The Index has different components: + + - Web UI + - Meta-data store (comments, stars, list public repositories) + - Authentication service + - Tokenization + +The index is authoritative for those information. + +We expect that there will be only one instance of the index, run and +managed by Docker Inc. + +### Registry + + - It stores the images and the graph for a set of repositories + - It does not have user accounts data + - It has no notion of user accounts or authorization + - It delegates authentication and authorization to the Index Auth + service using tokens + - It supports different storage backends (S3, cloud files, local FS) + - It doesn't have a local database + - [Source Code](https://github.com/dotcloud/docker-registry) + +We expect that there will be multiple registries out there. To help to +grasp the context, here are some examples of registries: + + - **sponsor registry**: such a registry is provided by a third-party + hosting infrastructure as a convenience for their customers and the + docker community as a whole. Its costs are supported by the third + party, but the management and operation of the registry are + supported by dotCloud. It features read/write access, and delegates + authentication and authorization to the Index. + - **mirror registry**: such a registry is provided by a third-party + hosting infrastructure but is targeted at their customers only. Some + mechanism (unspecified to date) ensures that public images are + pulled from a sponsor registry to the mirror registry, to make sure + that the customers of the third-party provider can “docker pull” + those images locally. + - **vendor registry**: such a registry is provided by a software + vendor, who wants to distribute docker images. It would be operated + and managed by the vendor. Only users authorized by the vendor would + be able to get write access. Some images would be public (accessible + for anyone), others private (accessible only for authorized users). + Authentication and authorization would be delegated to the Index. + The goal of vendor registries is to let someone do “docker pull + basho/riak1.3” and automatically push from the vendor registry + (instead of a sponsor registry); i.e. get all the convenience of a + sponsor registry, while retaining control on the asset distribution. + - **private registry**: such a registry is located behind a firewall, + or protected by an additional security layer (HTTP authorization, + SSL client-side certificates, IP address authorization...). The + registry is operated by a private entity, outside of dotCloud's + control. It can optionally delegate additional authorization to the + Index, but it is not mandatory. + +> **Note:** The latter implies that while HTTP is the protocol +> of choice for a registry, multiple schemes are possible (and +> in some cases, trivial): +> +> - HTTP with GET (and PUT for read-write registries); +> - local mount point; +> - remote docker addressed through SSH. + +The latter would only require two new commands in docker, e.g. +`registryget` and `registryput`, +wrapping access to the local filesystem (and optionally doing +consistency checks). Authentication and authorization are then delegated +to SSH (e.g. with public keys). + +### Docker + +On top of being a runtime for LXC, Docker is the Registry client. It +supports: + + - Push / Pull on the registry + - Client authentication on the Index + +## Workflow + +### Pull + +![](/static_files/docker_pull_chart.png) + +1. Contact the Index to know where I should download “samalba/busybox” +2. Index replies: a. `samalba/busybox` is on Registry A b. here are the + checksums for `samalba/busybox` (for all layers) c. token +3. Contact Registry A to receive the layers for `samalba/busybox` (all of + them to the base image). Registry A is authoritative for “samalba/busybox” + but keeps a copy of all inherited layers and serve them all from the same + location. +4. registry contacts index to verify if token/user is allowed to download images +5. Index returns true/false lettings registry know if it should proceed or error + out +6. Get the payload for all layers + +It's possible to run: + + $ docker pull https:///repositories/samalba/busybox + +In this case, Docker bypasses the Index. However the security is not +guaranteed (in case Registry A is corrupted) because there won't be any +checksum checks. + +Currently registry redirects to s3 urls for downloads, going forward all +downloads need to be streamed through the registry. The Registry will +then abstract the calls to S3 by a top-level class which implements +sub-classes for S3 and local storage. + +Token is only returned when the `X-Docker-Token` +header is sent with request. + +Basic Auth is required to pull private repos. Basic auth isn't required +for pulling public repos, but if one is provided, it needs to be valid +and for an active account. + +**API (pulling repository foo/bar):** + +1. (Docker -> Index) GET /v1/repositories/foo/bar/images: + + **Headers**: + Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== + X-Docker-Token: true + + **Action**: + (looking up the foo/bar in db and gets images and checksums + for that repo (all if no tag is specified, if tag, only + checksums for those tags) see part 4.4.1) + +2. (Index -> Docker) HTTP 200 OK + + **Headers**: + Authorization: Token + signature=123abc,repository=”foo/bar”,access=write + X-Docker-Endpoints: registry.docker.io [,registry2.docker.io] + + **Body**: + Jsonified checksums (see part 4.4.1) + +3. (Docker -> Registry) GET /v1/repositories/foo/bar/tags/latest + + **Headers**: + Authorization: Token + signature=123abc,repository=”foo/bar”,access=write + +4. (Registry -> Index) GET /v1/repositories/foo/bar/images + + **Headers**: + Authorization: Token + signature=123abc,repository=”foo/bar”,access=read + + **Body**: + + + **Action**: + (Lookup token see if they have access to pull.) + + If good: + HTTP 200 OK Index will invalidate the token + + If bad: + HTTP 401 Unauthorized + +5. (Docker -> Registry) GET /v1/images/928374982374/ancestry + + **Action**: + (for each image id returned in the registry, fetch /json + /layer) + +> **Note**: +> If someone makes a second request, then we will always give a new token, +> never reuse tokens. + +### Push + +![](/static_files/docker_push_chart.png) + +1. Contact the index to allocate the repository name “samalba/busybox” + (authentication required with user credentials) +2. If authentication works and namespace available, “samalba/busybox” + is allocated and a temporary token is returned (namespace is marked + as initialized in index) +3. Push the image on the registry (along with the token) +4. Registry A contacts the Index to verify the token (token must + corresponds to the repository name) +5. Index validates the token. Registry A starts reading the stream + pushed by docker and store the repository (with its images) +6. docker contacts the index to give checksums for upload images + +> **Note:** +> **It's possible not to use the Index at all!** In this case, a deployed +> version of the Registry is deployed to store and serve images. Those +> images are not authenticated and the security is not guaranteed. + +> **Note:** +> **Index can be replaced!** For a private Registry deployed, a custom +> Index can be used to serve and validate token according to different +> policies. + +Docker computes the checksums and submit them to the Index at the end of +the push. When a repository name does not have checksums on the Index, +it means that the push is in progress (since checksums are submitted at +the end). + +**API (pushing repos foo/bar):** + +1. (Docker -> Index) PUT /v1/repositories/foo/bar/ + + **Headers**: + Authorization: Basic sdkjfskdjfhsdkjfh== X-Docker-Token: + true + + **Action**: + - in index, we allocated a new repository, and set to + initialized + + **Body**: + (The body contains the list of images that are going to be + pushed, with empty checksums. The checksums will be set at + the end of the push): + + [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”}] + +2. (Index -> Docker) 200 Created + + **Headers**: + - WWW-Authenticate: Token + signature=123abc,repository=”foo/bar”,access=write + - X-Docker-Endpoints: registry.docker.io [, + registry2.docker.io] + +3. (Docker -> Registry) PUT /v1/images/98765432_parent/json + + **Headers**: + Authorization: Token + signature=123abc,repository=”foo/bar”,access=write + +4. (Registry->Index) GET /v1/repositories/foo/bar/images + + **Headers**: + Authorization: Token + signature=123abc,repository=”foo/bar”,access=write + + **Action**: + - Index: + will invalidate the token. + - Registry: + grants a session (if token is approved) and fetches + the images id + +5. (Docker -> Registry) PUT /v1/images/98765432_parent/json + + **Headers**:: + - Authorization: Token + signature=123abc,repository=”foo/bar”,access=write + - Cookie: (Cookie provided by the Registry) + +6. (Docker -> Registry) PUT /v1/images/98765432/json + + **Headers**: + - Cookie: (Cookie provided by the Registry) + +7. (Docker -> Registry) PUT /v1/images/98765432_parent/layer + + **Headers**: + - Cookie: (Cookie provided by the Registry) + +8. (Docker -> Registry) PUT /v1/images/98765432/layer + + **Headers**: + X-Docker-Checksum: sha256:436745873465fdjkhdfjkgh + +9. (Docker -> Registry) PUT /v1/repositories/foo/bar/tags/latest + + **Headers**: + - Cookie: (Cookie provided by the Registry) + + **Body**: + “98765432” + +10. (Docker -> Index) PUT /v1/repositories/foo/bar/images + + **Headers**: + Authorization: Basic 123oislifjsldfj== X-Docker-Endpoints: + registry1.docker.io (no validation on this right now) + + **Body**: + (The image, id`s, tags and checksums) + [{“id”: + “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”, + “checksum”: + “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”}] + + **Return**: HTTP 204 + +> **Note:** If push fails and they need to start again, what happens in the index, +> there will already be a record for the namespace/name, but it will be +> initialized. Should we allow it, or mark as name already used? One edge +> case could be if someone pushes the same thing at the same time with two +> different shells. + +If it's a retry on the Registry, Docker has a cookie (provided by the +registry after token validation). So the Index won't have to provide a +new token. + +### Delete + +If you need to delete something from the index or registry, we need a +nice clean way to do that. Here is the workflow. + +1. Docker contacts the index to request a delete of a repository + `samalba/busybox` (authentication required with user credentials) +2. If authentication works and repository is valid, `samalba/busybox` + is marked as deleted and a temporary token is returned +3. Send a delete request to the registry for the repository (along with + the token) +4. Registry A contacts the Index to verify the token (token must + corresponds to the repository name) +5. Index validates the token. Registry A deletes the repository and + everything associated to it. +6. docker contacts the index to let it know it was removed from the + registry, the index removes all records from the database. + +> **Note**: +> The Docker client should present an "Are you sure?" prompt to confirm +> the deletion before starting the process. Once it starts it can't be +> undone. + +**API (deleting repository foo/bar):** + +1. (Docker -> Index) DELETE /v1/repositories/foo/bar/ + + **Headers**: + Authorization: Basic sdkjfskdjfhsdkjfh== X-Docker-Token: + true + + **Action**: + - in index, we make sure it is a valid repository, and set + to deleted (logically) + + **Body**: + Empty + +2. (Index -> Docker) 202 Accepted + + **Headers**: + - WWW-Authenticate: Token + signature=123abc,repository=”foo/bar”,access=delete + - X-Docker-Endpoints: registry.docker.io [, + registry2.docker.io] + # list of endpoints where this repo lives. + +3. (Docker -> Registry) DELETE /v1/repositories/foo/bar/ + + **Headers**: + Authorization: Token + signature=123abc,repository=”foo/bar”,access=delete + +4. (Registry->Index) PUT /v1/repositories/foo/bar/auth + + **Headers**: + Authorization: Token + signature=123abc,repository=”foo/bar”,access=delete + + **Action**: + - Index: + will invalidate the token. + - Registry: + deletes the repository (if token is approved) + +5. (Registry -> Docker) 200 OK + + 200 If success 403 if forbidden 400 if bad request 404 + if repository isn't found + +6. (Docker -> Index) DELETE /v1/repositories/foo/bar/ + + **Headers**: + Authorization: Basic 123oislifjsldfj== X-Docker-Endpoints: + registry-1.docker.io (no validation on this right now) + + **Body**: + Empty + + **Return**: HTTP 200 + +## How to use the Registry in standalone mode + +The Index has two main purposes (along with its fancy social features): + + - Resolve short names (to avoid passing absolute URLs all the time): + + username/projectname -> + https://registry.docker.io/users//repositories// + team/projectname -> + https://registry.docker.io/team//repositories// + + - Authenticate a user as a repos owner (for a central referenced + repository) + +### Without an Index + +Using the Registry without the Index can be useful to store the images +on a private network without having to rely on an external entity +controlled by Docker Inc. + +In this case, the registry will be launched in a special mode +(–standalone? –no-index?). In this mode, the only thing which changes is +that Registry will never contact the Index to verify a token. It will be +the Registry owner responsibility to authenticate the user who pushes +(or even pulls) an image using any mechanism (HTTP auth, IP based, +etc...). + +In this scenario, the Registry is responsible for the security in case +of data corruption since the checksums are not delivered by a trusted +entity. + +As hinted previously, a standalone registry can also be implemented by +any HTTP server handling GET/PUT requests (or even only GET requests if +no write access is necessary). + +### With an Index + +The Index data needed by the Registry are simple: + + - Serve the checksums + - Provide and authorize a Token + +In the scenario of a Registry running on a private network with the need +of centralizing and authorizing, it's easy to use a custom Index. + +The only challenge will be to tell Docker to contact (and trust) this +custom Index. Docker will be configurable at some point to use a +specific Index, it'll be the private entity responsibility (basically +the organization who uses Docker in a private environment) to maintain +the Index and the Docker's configuration among its consumers. + +## The API + +The first version of the api is available here: +[https://github.com/jpetazzo/docker/blob/acd51ecea8f5d3c02b00a08176171c59442df8b3/docs/images-repositories-push-pull.md](https://github.com/jpetazzo/docker/blob/acd51ecea8f5d3c02b00a08176171c59442df8b3/docs/images-repositories-push-pull.md) + +### Images + +The format returned in the images is not defined here (for layer and +JSON), basically because Registry stores exactly the same kind of +information as Docker uses to manage them. + +The format of ancestry is a line-separated list of image ids, in age +order, i.e. the image's parent is on the last line, the parent of the +parent on the next-to-last line, etc.; if the image has no parent, the +file is empty. + + GET /v1/images//layer + PUT /v1/images//layer + GET /v1/images//json + PUT /v1/images//json + GET /v1/images//ancestry + PUT /v1/images//ancestry + +### Users + +### Create a user (Index) + + POST /v1/users: + + **Body**: + {"email": "[sam@dotcloud.com](mailto:sam%40dotcloud.com)", + "password": "toto42", "username": "foobar"`} + + **Validation**: + - **username**: min 4 character, max 30 characters, must match the + regular expression [a-z0-9_]. + - **password**: min 5 characters + + **Valid**: return HTTP 200 + +Errors: HTTP 400 (we should create error codes for possible errors) - +invalid json - missing field - wrong format (username, password, email, +etc) - forbidden name - name already exists + +> **Note**: +> A user account will be valid only if the email has been validated (a +> validation link is sent to the email address). + +### Update a user (Index) + + PUT /v1/users/ + + **Body**: + {"password": "toto"} + +> **Note**: +> We can also update email address, if they do, they will need to reverify +> their new email address. + +### Login (Index) + +Does nothing else but asking for a user authentication. Can be used to +validate credentials. HTTP Basic Auth for now, maybe change in future. + +GET /v1/users + + **Return**: + - Valid: HTTP 200 + - Invalid login: HTTP 401 + - Account inactive: HTTP 403 Account is not Active + +### Tags (Registry) + +The Registry does not know anything about users. Even though +repositories are under usernames, it's just a namespace for the +registry. Allowing us to implement organizations or different namespaces +per user later, without modifying the Registry'sAPI. + +The following naming restrictions apply: + + - Namespaces must match the same regular expression as usernames (See + 4.2.1.) + - Repository names must match the regular expression [a-zA-Z0-9-_.] + +### Get all tags: + +GET /v1/repositories///tags + + **Return**: HTTP 200 + { "latest": + "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f", + “0.1.1”: + “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087” } + + **4.3.2 Read the content of a tag (resolve the image id):** + + GET /v1/repositories///tags/ + + **Return**: + "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f" + + **4.3.3 Delete a tag (registry):** + + DELETE /v1/repositories///tags/ + +### 4.4 Images (Index) + +For the Index to “resolve” the repository name to a Registry location, +it uses the X-Docker-Endpoints header. In other terms, this requests +always add a `X-Docker-Endpoints` to indicate the +location of the registry which hosts this repository. + +**4.4.1 Get the images:** + + GET /v1/repositories///images + + **Return**: HTTP 200 + [{“id”: + “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”, + “checksum”: + “[md5:b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087](md5:b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087)”}] + +### Add/update the images: + +You always add images, you never remove them. + + PUT /v1/repositories///images + + **Body**: + [ {“id”: + “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”, + “checksum”: + “sha256:b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”} + ] + + **Return**: 204 + +### Repositories + +### Remove a Repository (Registry) + +DELETE /v1/repositories// + +Return 200 OK + +### Remove a Repository (Index) + +This starts the delete process. see 2.3 for more details. + +DELETE /v1/repositories// + +Return 202 OK + +## Chaining Registries + +It's possible to chain Registries server for several reasons: + + - Load balancing + - Delegate the next request to another server + +When a Registry is a reference for a repository, it should host the +entire images chain in order to avoid breaking the chain during the +download. + +The Index and Registry use this mechanism to redirect on one or the +other. + +Example with an image download: + +On every request, a special header can be returned: + + X-Docker-Endpoints: server1,server2 + +On the next request, the client will always pick a server from this +list. + +## Authentication & Authorization + +### On the Index + +The Index supports both “Basic” and “Token” challenges. Usually when +there is a `401 Unauthorized`, the Index replies +this: + + 401 Unauthorized + WWW-Authenticate: Basic realm="auth required",Token + +You have 3 options: + +1. Provide user credentials and ask for a token + + **Header**: + - Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== + - X-Docker-Token: true + + In this case, along with the 200 response, you'll get a new token + (if user auth is ok): If authorization isn't correct you get a 401 + response. If account isn't active you will get a 403 response. + + **Response**: + - 200 OK + - X-Docker-Token: Token + signature=123abc,repository=”foo/bar”,access=read + + +2. Provide user credentials only + + **Header**: + Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== + +3. Provide Token + + **Header**: + Authorization: Token + signature=123abc,repository=”foo/bar”,access=read + +### 6.2 On the Registry + +The Registry only supports the Token challenge: + + 401 Unauthorized + WWW-Authenticate: Token + +The only way is to provide a token on `401 Unauthorized` +responses: + + Authorization: Token signature=123abc,repository="foo/bar",access=read + +Usually, the Registry provides a Cookie when a Token verification +succeeded. Every time the Registry passes a Cookie, you have to pass it +back the same cookie.: + + 200 OK + Set-Cookie: session="wD/J7LqL5ctqw8haL10vgfhrb2Q=?foo=UydiYXInCnAxCi4=×tamp=RjEzNjYzMTQ5NDcuNDc0NjQzCi4="; Path=/; HttpOnly + +Next request: + + GET /(...) + Cookie: session="wD/J7LqL5ctqw8haL10vgfhrb2Q=?foo=UydiYXInCnAxCi4=×tamp=RjEzNjYzMTQ5NDcuNDc0NjQzCi4=" + +## Document Version + + - 1.0 : May 6th 2013 : initial release + - 1.1 : June 1st 2013 : Added Delete Repository and way to handle new + source namespace. + diff --git a/docs/sources/reference/api/registry_index_spec.rst b/docs/sources/reference/api/registry_index_spec.rst deleted file mode 100644 index 89f6319f5c..0000000000 --- a/docs/sources/reference/api/registry_index_spec.rst +++ /dev/null @@ -1,622 +0,0 @@ -:title: Registry Documentation -:description: Documentation for docker Registry and Registry API -:keywords: docker, registry, api, index - -.. _registryindexspec: - -===================== -Registry & Index Spec -===================== - -1. The 3 roles -=============== - -1.1 Index ---------- - -The Index is responsible for centralizing information about: - -- User accounts -- Checksums of the images -- Public namespaces - -The Index has different components: - -- Web UI -- Meta-data store (comments, stars, list public repositories) -- Authentication service -- Tokenization - -The index is authoritative for those information. - -We expect that there will be only one instance of the index, run and managed by Docker Inc. - -1.2 Registry ------------- -- It stores the images and the graph for a set of repositories -- It does not have user accounts data -- It has no notion of user accounts or authorization -- It delegates authentication and authorization to the Index Auth service using tokens -- It supports different storage backends (S3, cloud files, local FS) -- It doesn’t have a local database -- `Source Code `_ - -We expect that there will be multiple registries out there. To help to grasp the context, here are some examples of registries: - -- **sponsor registry**: such a registry is provided by a third-party hosting infrastructure as a convenience for their customers and the docker community as a whole. Its costs are supported by the third party, but the management and operation of the registry are supported by dotCloud. It features read/write access, and delegates authentication and authorization to the Index. -- **mirror registry**: such a registry is provided by a third-party hosting infrastructure but is targeted at their customers only. Some mechanism (unspecified to date) ensures that public images are pulled from a sponsor registry to the mirror registry, to make sure that the customers of the third-party provider can “docker pull” those images locally. -- **vendor registry**: such a registry is provided by a software vendor, who wants to distribute docker images. It would be operated and managed by the vendor. Only users authorized by the vendor would be able to get write access. Some images would be public (accessible for anyone), others private (accessible only for authorized users). Authentication and authorization would be delegated to the Index. The goal of vendor registries is to let someone do “docker pull basho/riak1.3” and automatically push from the vendor registry (instead of a sponsor registry); i.e. get all the convenience of a sponsor registry, while retaining control on the asset distribution. -- **private registry**: such a registry is located behind a firewall, or protected by an additional security layer (HTTP authorization, SSL client-side certificates, IP address authorization...). The registry is operated by a private entity, outside of dotCloud’s control. It can optionally delegate additional authorization to the Index, but it is not mandatory. - -.. note:: - - The latter implies that while HTTP is the protocol of choice for a registry, multiple schemes are possible (and in some cases, trivial): - - HTTP with GET (and PUT for read-write registries); - - local mount point; - - remote docker addressed through SSH. - -The latter would only require two new commands in docker, e.g. ``registryget`` -and ``registryput``, wrapping access to the local filesystem (and optionally -doing consistency checks). Authentication and authorization are then delegated -to SSH (e.g. with public keys). - -1.3 Docker ----------- - -On top of being a runtime for LXC, Docker is the Registry client. It supports: - -- Push / Pull on the registry -- Client authentication on the Index - -2. Workflow -=========== - -2.1 Pull --------- - -.. image:: /static_files/docker_pull_chart.png - -1. Contact the Index to know where I should download “samalba/busybox” -2. Index replies: - a. ``samalba/busybox`` is on Registry A - b. here are the checksums for ``samalba/busybox`` (for all layers) - c. token -3. Contact Registry A to receive the layers for ``samalba/busybox`` (all of them to the base image). Registry A is authoritative for “samalba/busybox” but keeps a copy of all inherited layers and serve them all from the same location. -4. registry contacts index to verify if token/user is allowed to download images -5. Index returns true/false lettings registry know if it should proceed or error out -6. Get the payload for all layers - -It's possible to run: - -.. code-block:: bash - - docker pull https:///repositories/samalba/busybox - -In this case, Docker bypasses the Index. However the security is not guaranteed -(in case Registry A is corrupted) because there won’t be any checksum checks. - -Currently registry redirects to s3 urls for downloads, going forward all -downloads need to be streamed through the registry. The Registry will then -abstract the calls to S3 by a top-level class which implements sub-classes for -S3 and local storage. - -Token is only returned when the ``X-Docker-Token`` header is sent with request. - -Basic Auth is required to pull private repos. Basic auth isn't required for -pulling public repos, but if one is provided, it needs to be valid and for an -active account. - -API (pulling repository foo/bar): -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -1. (Docker -> Index) GET /v1/repositories/foo/bar/images - **Headers**: - Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== - X-Docker-Token: true - **Action**: - (looking up the foo/bar in db and gets images and checksums for that repo (all if no tag is specified, if tag, only checksums for those tags) see part 4.4.1) - -2. (Index -> Docker) HTTP 200 OK - - **Headers**: - - Authorization: Token signature=123abc,repository=”foo/bar”,access=write - - X-Docker-Endpoints: registry.docker.io [, registry2.docker.io] - **Body**: - Jsonified checksums (see part 4.4.1) - -3. (Docker -> Registry) GET /v1/repositories/foo/bar/tags/latest - **Headers**: - Authorization: Token signature=123abc,repository=”foo/bar”,access=write - -4. (Registry -> Index) GET /v1/repositories/foo/bar/images - - **Headers**: - Authorization: Token signature=123abc,repository=”foo/bar”,access=read - - **Body**: - - - **Action**: - ( Lookup token see if they have access to pull.) - - If good: - HTTP 200 OK - Index will invalidate the token - If bad: - HTTP 401 Unauthorized - -5. (Docker -> Registry) GET /v1/images/928374982374/ancestry - **Action**: - (for each image id returned in the registry, fetch /json + /layer) - -.. note:: - - If someone makes a second request, then we will always give a new token, never reuse tokens. - -2.2 Push --------- - -.. image:: /static_files/docker_push_chart.png - -1. Contact the index to allocate the repository name “samalba/busybox” (authentication required with user credentials) -2. If authentication works and namespace available, “samalba/busybox” is allocated and a temporary token is returned (namespace is marked as initialized in index) -3. Push the image on the registry (along with the token) -4. Registry A contacts the Index to verify the token (token must corresponds to the repository name) -5. Index validates the token. Registry A starts reading the stream pushed by docker and store the repository (with its images) -6. docker contacts the index to give checksums for upload images - -.. note:: - - **It’s possible not to use the Index at all!** In this case, a deployed version of the Registry is deployed to store and serve images. Those images are not authenticated and the security is not guaranteed. - -.. note:: - - **Index can be replaced!** For a private Registry deployed, a custom Index can be used to serve and validate token according to different policies. - -Docker computes the checksums and submit them to the Index at the end of the -push. When a repository name does not have checksums on the Index, it means -that the push is in progress (since checksums are submitted at the end). - -API (pushing repos foo/bar): -^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -1. (Docker -> Index) PUT /v1/repositories/foo/bar/ - **Headers**: - Authorization: Basic sdkjfskdjfhsdkjfh== - X-Docker-Token: true - - **Action**:: - - in index, we allocated a new repository, and set to initialized - - **Body**:: - (The body contains the list of images that are going to be pushed, with empty checksums. The checksums will be set at the end of the push):: - - [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”}] - -2. (Index -> Docker) 200 Created - **Headers**: - - WWW-Authenticate: Token signature=123abc,repository=”foo/bar”,access=write - - X-Docker-Endpoints: registry.docker.io [, registry2.docker.io] - -3. (Docker -> Registry) PUT /v1/images/98765432_parent/json - **Headers**: - Authorization: Token signature=123abc,repository=”foo/bar”,access=write - -4. (Registry->Index) GET /v1/repositories/foo/bar/images - **Headers**: - Authorization: Token signature=123abc,repository=”foo/bar”,access=write - **Action**:: - - Index: - will invalidate the token. - - Registry: - grants a session (if token is approved) and fetches the images id - -5. (Docker -> Registry) PUT /v1/images/98765432_parent/json - **Headers**:: - - Authorization: Token signature=123abc,repository=”foo/bar”,access=write - - Cookie: (Cookie provided by the Registry) - -6. (Docker -> Registry) PUT /v1/images/98765432/json - **Headers**: - Cookie: (Cookie provided by the Registry) - -7. (Docker -> Registry) PUT /v1/images/98765432_parent/layer - **Headers**: - Cookie: (Cookie provided by the Registry) - -8. (Docker -> Registry) PUT /v1/images/98765432/layer - **Headers**: - X-Docker-Checksum: sha256:436745873465fdjkhdfjkgh - -9. (Docker -> Registry) PUT /v1/repositories/foo/bar/tags/latest - **Headers**: - Cookie: (Cookie provided by the Registry) - **Body**: - “98765432” - -10. (Docker -> Index) PUT /v1/repositories/foo/bar/images - - **Headers**: - Authorization: Basic 123oislifjsldfj== - X-Docker-Endpoints: registry1.docker.io (no validation on this right now) - - **Body**: - (The image, id’s, tags and checksums) - - [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”, - “checksum”: “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”}] - - **Return** HTTP 204 - -.. note:: - - If push fails and they need to start again, what happens in the index, there will already be a record for the namespace/name, but it will be initialized. Should we allow it, or mark as name already used? One edge case could be if someone pushes the same thing at the same time with two different shells. - - If it's a retry on the Registry, Docker has a cookie (provided by the registry after token validation). So the Index won’t have to provide a new token. - -2.3 Delete ----------- - -If you need to delete something from the index or registry, we need a nice -clean way to do that. Here is the workflow. - -1. Docker contacts the index to request a delete of a repository ``samalba/busybox`` (authentication required with user credentials) -2. If authentication works and repository is valid, ``samalba/busybox`` is marked as deleted and a temporary token is returned -3. Send a delete request to the registry for the repository (along with the token) -4. Registry A contacts the Index to verify the token (token must corresponds to the repository name) -5. Index validates the token. Registry A deletes the repository and everything associated to it. -6. docker contacts the index to let it know it was removed from the registry, the index removes all records from the database. - -.. note:: - - The Docker client should present an "Are you sure?" prompt to confirm the deletion before starting the process. Once it starts it can't be undone. - -API (deleting repository foo/bar): -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -1. (Docker -> Index) DELETE /v1/repositories/foo/bar/ - **Headers**: - Authorization: Basic sdkjfskdjfhsdkjfh== - X-Docker-Token: true - - **Action**:: - - in index, we make sure it is a valid repository, and set to deleted (logically) - - **Body**:: - Empty - -2. (Index -> Docker) 202 Accepted - **Headers**: - - WWW-Authenticate: Token signature=123abc,repository=”foo/bar”,access=delete - - X-Docker-Endpoints: registry.docker.io [, registry2.docker.io] # list of endpoints where this repo lives. - -3. (Docker -> Registry) DELETE /v1/repositories/foo/bar/ - **Headers**: - Authorization: Token signature=123abc,repository=”foo/bar”,access=delete - -4. (Registry->Index) PUT /v1/repositories/foo/bar/auth - **Headers**: - Authorization: Token signature=123abc,repository=”foo/bar”,access=delete - **Action**:: - - Index: - will invalidate the token. - - Registry: - deletes the repository (if token is approved) - -5. (Registry -> Docker) 200 OK - 200 If success - 403 if forbidden - 400 if bad request - 404 if repository isn't found - -6. (Docker -> Index) DELETE /v1/repositories/foo/bar/ - - **Headers**: - Authorization: Basic 123oislifjsldfj== - X-Docker-Endpoints: registry-1.docker.io (no validation on this right now) - - **Body**: - Empty - - **Return** HTTP 200 - - -3. How to use the Registry in standalone mode -============================================= - -The Index has two main purposes (along with its fancy social features): - -- Resolve short names (to avoid passing absolute URLs all the time) - - username/projectname -> \https://registry.docker.io/users//repositories// - - team/projectname -> \https://registry.docker.io/team//repositories// -- Authenticate a user as a repos owner (for a central referenced repository) - -3.1 Without an Index --------------------- - -Using the Registry without the Index can be useful to store the images on a -private network without having to rely on an external entity controlled by -Docker Inc. - -In this case, the registry will be launched in a special mode (--standalone? ---no-index?). In this mode, the only thing which changes is that Registry will -never contact the Index to verify a token. It will be the Registry owner -responsibility to authenticate the user who pushes (or even pulls) an image -using any mechanism (HTTP auth, IP based, etc...). - -In this scenario, the Registry is responsible for the security in case of data -corruption since the checksums are not delivered by a trusted entity. - -As hinted previously, a standalone registry can also be implemented by any HTTP -server handling GET/PUT requests (or even only GET requests if no write access -is necessary). - -3.2 With an Index ------------------ - -The Index data needed by the Registry are simple: - -- Serve the checksums -- Provide and authorize a Token - -In the scenario of a Registry running on a private network with the need of -centralizing and authorizing, it’s easy to use a custom Index. - -The only challenge will be to tell Docker to contact (and trust) this custom -Index. Docker will be configurable at some point to use a specific Index, it’ll -be the private entity responsibility (basically the organization who uses -Docker in a private environment) to maintain the Index and the Docker’s -configuration among its consumers. - -4. The API -========== - -The first version of the api is available here: https://github.com/jpetazzo/docker/blob/acd51ecea8f5d3c02b00a08176171c59442df8b3/docs/images-repositories-push-pull.md - -4.1 Images ----------- - -The format returned in the images is not defined here (for layer and JSON), -basically because Registry stores exactly the same kind of information as -Docker uses to manage them. - -The format of ancestry is a line-separated list of image ids, in age order, -i.e. the image’s parent is on the last line, the parent of the parent on the -next-to-last line, etc.; if the image has no parent, the file is empty. - -.. code-block:: bash - - GET /v1/images//layer - PUT /v1/images//layer - GET /v1/images//json - PUT /v1/images//json - GET /v1/images//ancestry - PUT /v1/images//ancestry - -4.2 Users ---------- - -4.2.1 Create a user (Index) -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -POST /v1/users - -**Body**: - {"email": "sam@dotcloud.com", "password": "toto42", "username": "foobar"'} - -**Validation**: - - **username**: min 4 character, max 30 characters, must match the regular - expression [a-z0-9\_]. - - **password**: min 5 characters - -**Valid**: return HTTP 200 - -Errors: HTTP 400 (we should create error codes for possible errors) -- invalid json -- missing field -- wrong format (username, password, email, etc) -- forbidden name -- name already exists - -.. note:: - - A user account will be valid only if the email has been validated (a validation link is sent to the email address). - -4.2.2 Update a user (Index) -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -PUT /v1/users/ - -**Body**: - {"password": "toto"} - -.. note:: - - We can also update email address, if they do, they will need to reverify their new email address. - -4.2.3 Login (Index) -^^^^^^^^^^^^^^^^^^^ - -Does nothing else but asking for a user authentication. Can be used to validate -credentials. HTTP Basic Auth for now, maybe change in future. - -GET /v1/users - -**Return**: - - Valid: HTTP 200 - - Invalid login: HTTP 401 - - Account inactive: HTTP 403 Account is not Active - -4.3 Tags (Registry) -------------------- - -The Registry does not know anything about users. Even though repositories are -under usernames, it’s just a namespace for the registry. Allowing us to -implement organizations or different namespaces per user later, without -modifying the Registry’s API. - -The following naming restrictions apply: - -- Namespaces must match the same regular expression as usernames (See 4.2.1.) -- Repository names must match the regular expression [a-zA-Z0-9-_.] - -4.3.1 Get all tags -^^^^^^^^^^^^^^^^^^ - -GET /v1/repositories///tags - -**Return**: HTTP 200 - { - "latest": "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f", - “0.1.1”: “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087” - } - -4.3.2 Read the content of a tag (resolve the image id) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -GET /v1/repositories///tags/ - -**Return**: - "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f" - -4.3.3 Delete a tag (registry) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -DELETE /v1/repositories///tags/ - -4.4 Images (Index) ------------------- - -For the Index to “resolve” the repository name to a Registry location, it uses -the X-Docker-Endpoints header. In other terms, this requests always add a -``X-Docker-Endpoints`` to indicate the location of the registry which hosts this -repository. - -4.4.1 Get the images -^^^^^^^^^^^^^^^^^^^^^ - -GET /v1/repositories///images - -**Return**: HTTP 200 - [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”, “checksum”: “md5:b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”}] - - -4.4.2 Add/update the images -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -You always add images, you never remove them. - -PUT /v1/repositories///images - -**Body**: - [ {“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”, “checksum”: “sha256:b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”} ] - -**Return** 204 - -4.5 Repositories ----------------- - -4.5.1 Remove a Repository (Registry) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -DELETE /v1/repositories// - -Return 200 OK - -4.5.2 Remove a Repository (Index) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -This starts the delete process. see 2.3 for more details. - -DELETE /v1/repositories// - -Return 202 OK - -5. Chaining Registries -====================== - -It’s possible to chain Registries server for several reasons: - -- Load balancing -- Delegate the next request to another server - -When a Registry is a reference for a repository, it should host the entire -images chain in order to avoid breaking the chain during the download. - -The Index and Registry use this mechanism to redirect on one or the other. - -Example with an image download: - -On every request, a special header can be returned:: - - X-Docker-Endpoints: server1,server2 - -On the next request, the client will always pick a server from this list. - -6. Authentication & Authorization -================================= - -6.1 On the Index ------------------ - -The Index supports both “Basic” and “Token” challenges. Usually when there is a -``401 Unauthorized``, the Index replies this:: - - 401 Unauthorized - WWW-Authenticate: Basic realm="auth required",Token - -You have 3 options: - -1. Provide user credentials and ask for a token - - **Header**: - - Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== - - X-Docker-Token: true - - In this case, along with the 200 response, you’ll get a new token (if user auth is ok): - If authorization isn't correct you get a 401 response. - If account isn't active you will get a 403 response. - - **Response**: - - 200 OK - - X-Docker-Token: Token signature=123abc,repository=”foo/bar”,access=read - -2. Provide user credentials only - - **Header**: - Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== - -3. Provide Token - - **Header**: - Authorization: Token signature=123abc,repository=”foo/bar”,access=read - -6.2 On the Registry -------------------- - -The Registry only supports the Token challenge:: - - 401 Unauthorized - WWW-Authenticate: Token - -The only way is to provide a token on ``401 Unauthorized`` responses:: - - Authorization: Token signature=123abc,repository="foo/bar",access=read - -Usually, the Registry provides a Cookie when a Token verification succeeded. -Every time the Registry passes a Cookie, you have to pass it back the same -cookie.:: - - 200 OK - Set-Cookie: session="wD/J7LqL5ctqw8haL10vgfhrb2Q=?foo=UydiYXInCnAxCi4=×tamp=RjEzNjYzMTQ5NDcuNDc0NjQzCi4="; Path=/; HttpOnly - -Next request:: - - GET /(...) - Cookie: session="wD/J7LqL5ctqw8haL10vgfhrb2Q=?foo=UydiYXInCnAxCi4=×tamp=RjEzNjYzMTQ5NDcuNDc0NjQzCi4=" - - -7 Document Version -==================== - -- 1.0 : May 6th 2013 : initial release -- 1.1 : June 1st 2013 : Added Delete Repository and way to handle new source namespace. diff --git a/docs/sources/reference/api/remote_api_client_libraries.md b/docs/sources/reference/api/remote_api_client_libraries.md new file mode 100644 index 0000000000..4b90afc5b0 --- /dev/null +++ b/docs/sources/reference/api/remote_api_client_libraries.md @@ -0,0 +1,132 @@ +page_title: Remote API Client Libraries +page_description: Various client libraries available to use with the Docker remote API +page_keywords: API, Docker, index, registry, REST, documentation, clients, Python, Ruby, JavaScript, Erlang, Go + +# Docker Remote API Client Libraries + +These libraries have not been tested by the Docker Maintainers for +compatibility. Please file issues with the library owners. If you find +more library implementations, please list them in Docker doc bugs and we +will add the libraries here. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Language/FrameworkNameRepositoryStatus
Pythondocker-pyhttps://github.com/dotcloud/docker-pyActive
Rubydocker-clienthttps://github.com/geku/docker-clientOutdated
Rubydocker-apihttps://github.com/swipely/docker-apiActive
JavaScript (NodeJS)dockerodehttps://github.com/apocas/dockerode + Install via NPM: npm install dockerodeActive
JavaScript (NodeJS)docker.iohttps://github.com/appersonlabs/docker.io + Install via NPM: npm install docker.ioActive
JavaScriptdocker-jshttps://github.com/dgoujard/docker-jsOutdated
JavaScript (Angular) WebUIdocker-cphttps://github.com/13W/docker-cpActive
JavaScript (Angular) WebUIdockeruihttps://github.com/crosbymichael/dockeruiActive
Javadocker-javahttps://github.com/kpelykh/docker-javaActive
Erlangerldockerhttps://github.com/proger/erldockerActive
Gogo-dockerclienthttps://github.com/fsouza/go-dockerclientActive
Godockerclienthttps://github.com/samalba/dockerclientActive
PHPAlvinehttp://pear.alvine.io/ (alpha)Active
PHPDocker-PHPhttp://stage1.github.io/docker-php/Active
PerlNet::Dockerhttps://metacpan.org/pod/Net::DockerActive
PerlEixo::Dockerhttps://github.com/alambike/eixo-dockerActive
Scalareactive-dockerhttps://github.com/almoehi/reactive-dockerActive
diff --git a/docs/sources/reference/api/remote_api_client_libraries.rst b/docs/sources/reference/api/remote_api_client_libraries.rst deleted file mode 100644 index 4a445db36f..0000000000 --- a/docs/sources/reference/api/remote_api_client_libraries.rst +++ /dev/null @@ -1,53 +0,0 @@ -:title: Remote API Client Libraries -:description: Various client libraries available to use with the Docker remote API -:keywords: API, Docker, index, registry, REST, documentation, clients, Python, Ruby, JavaScript, Erlang, Go - - -================================== -Docker Remote API Client Libraries -================================== - -These libraries have not been tested by the Docker Maintainers for -compatibility. Please file issues with the library owners. If you -find more library implementations, please list them in Docker doc bugs -and we will add the libraries here. - -+----------------------+----------------+--------------------------------------------+----------+ -| Language/Framework | Name | Repository | Status | -+======================+================+============================================+==========+ -| Python | docker-py | https://github.com/dotcloud/docker-py | Active | -+----------------------+----------------+--------------------------------------------+----------+ -| Ruby | docker-client | https://github.com/geku/docker-client | Outdated | -+----------------------+----------------+--------------------------------------------+----------+ -| Ruby | docker-api | https://github.com/swipely/docker-api | Active | -+----------------------+----------------+--------------------------------------------+----------+ -| JavaScript (NodeJS) | dockerode | https://github.com/apocas/dockerode | Active | -| | | Install via NPM: `npm install dockerode` | | -+----------------------+----------------+--------------------------------------------+----------+ -| JavaScript (NodeJS) | docker.io | https://github.com/appersonlabs/docker.io | Active | -| | | Install via NPM: `npm install docker.io` | | -+----------------------+----------------+--------------------------------------------+----------+ -| JavaScript | docker-js | https://github.com/dgoujard/docker-js | Outdated | -+----------------------+----------------+--------------------------------------------+----------+ -| JavaScript (Angular) | docker-cp | https://github.com/13W/docker-cp | Active | -| **WebUI** | | | | -+----------------------+----------------+--------------------------------------------+----------+ -| JavaScript (Angular) | dockerui | https://github.com/crosbymichael/dockerui | Active | -| **WebUI** | | | | -+----------------------+----------------+--------------------------------------------+----------+ -| Java | docker-java | https://github.com/kpelykh/docker-java | Active | -+----------------------+----------------+--------------------------------------------+----------+ -| Erlang | erldocker | https://github.com/proger/erldocker | Active | -+----------------------+----------------+--------------------------------------------+----------+ -| Go | go-dockerclient| https://github.com/fsouza/go-dockerclient | Active | -+----------------------+----------------+--------------------------------------------+----------+ -| Go | dockerclient | https://github.com/samalba/dockerclient | Active | -+----------------------+----------------+--------------------------------------------+----------+ -| PHP | Alvine | http://pear.alvine.io/ (alpha) | Active | -+----------------------+----------------+--------------------------------------------+----------+ -| PHP | Docker-PHP | http://stage1.github.io/docker-php/ | Active | -+----------------------+----------------+--------------------------------------------+----------+ -| Perl | Net::Docker | https://metacpan.org/pod/Net::Docker | Active | -+----------------------+----------------+--------------------------------------------+----------+ -| Perl | Eixo::Docker | https://github.com/alambike/eixo-docker | Active | -+----------------------+----------------+--------------------------------------------+----------+ diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md new file mode 100644 index 0000000000..98e9e0f544 --- /dev/null +++ b/docs/sources/reference/builder.md @@ -0,0 +1,460 @@ +page_title: Dockerfile Reference +page_description: Dockerfiles use a simple DSL which allows you to automate the steps you would normally manually take to create an image. +page_keywords: builder, docker, Dockerfile, automation, image creation + +# Dockerfile Reference + +**Docker can act as a builder** and read instructions from a text *Dockerfile* +to automate the steps you would otherwise take manually to create an image. +Executing `docker build` will run your steps and commit them along the way, +giving you a final image. + +## Usage + +To [*build*](../commandline/cli/#cli-build) an image from a source repository, +create a description file called Dockerfile at the root of your repository. +This file will describe the steps to assemble the image. + +Then call `docker build` with the path of you source repository as argument +(for example, `.`): + + $ sudo docker build . + +The path to the source repository defines where to find the *context* of +the build. The build is run by the Docker daemon, not by the CLI, so the +whole context must be transferred to the daemon. The Docker CLI reports +"Uploading context" when the context is sent to the daemon. + +You can specify a repository and tag at which to save the new image if +the build succeeds: + + $ sudo docker build -t shykes/myapp . + +The Docker daemon will run your steps one-by-one, committing the result +to a new image if necessary, before finally outputting the ID of your +new image. The Docker daemon will automatically clean up the context you +sent. + +Note that each instruction is run independently, and causes a new image +to be created - so `RUN cd /tmp` will not have any effect on the next +instructions. + +Whenever possible, Docker will re-use the intermediate images, +accelerating `docker build` significantly (indicated by `Using cache`): + + $ docker build -t SvenDowideit/ambassador . + Uploading context 10.24 kB + Uploading context + Step 1 : FROM docker-ut + ---> cbba202fe96b + Step 2 : MAINTAINER SvenDowideit@home.org.au + ---> Using cache + ---> 51182097be13 + Step 3 : CMD env | grep _TCP= | sed 's/.*_PORT_\([0-9]*\)_TCP=tcp:\/\/\(.*\):\(.*\)/socat TCP4-LISTEN:\1,fork,reuseaddr TCP4:\2:\3 \&/' | sh && top + ---> Using cache + ---> 1a5ffc17324d + Successfully built 1a5ffc17324d + +When you're done with your build, you're ready to look into +[*Pushing a repository to its registry*]( +/use/workingwithrepository/#image-push). + +## Format + +Here is the format of the Dockerfile: + + # Comment + INSTRUCTION arguments + +The Instruction is not case-sensitive, however convention is for them to +be UPPERCASE in order to distinguish them from arguments more easily. + +Docker evaluates the instructions in a Dockerfile in order. **The first +instruction must be \`FROM\`** in order to specify the [*Base +Image*](/terms/image/#base-image-def) from which you are building. + +Docker will treat lines that *begin* with `#` as a +comment. A `#` marker anywhere else in the line will +be treated as an argument. This allows statements like: + + # Comment + RUN echo 'we are running some # of cool things' + +Here is the set of instructions you can use in a Dockerfile +for building images. + +## FROM + + FROM + +Or + + FROM : + +The `FROM` instruction sets the [*Base Image*](/terms/image/#base-image-def) +for subsequent instructions. As such, a valid Dockerfile must have `FROM` as +its first instruction. The image can be any valid image – it is especially easy +to start by **pulling an image** from the [*Public Repositories*]( +/use/workingwithrepository/#using-public-repositories). + +`FROM` must be the first non-comment instruction in the Dockerfile. + +`FROM` can appear multiple times within a single Dockerfile in order to create +multiple images. Simply make a note of the last image id output by the commit +before each new `FROM` command. + +If no `tag` is given to the `FROM` instruction, `latest` is assumed. If the +used tag does not exist, an error will be returned. + +## MAINTAINER + + MAINTAINER + +The `MAINTAINER` instruction allows you to set the *Author* field of the +generated images. + +## RUN + +RUN has 2 forms: + +- `RUN ` (the command is run in a shell - `/bin/sh -c`) +- `RUN ["executable", "param1", "param2"]` (*exec* form) + +The `RUN` instruction will execute any commands in a new layer on top of the +current image and commit the results. The resulting committed image will be +used for the next step in the Dockerfile. + +Layering `RUN` instructions and generating commits conforms to the core +concepts of Docker where commits are cheap and containers can be created from +any point in an image's history, much like source control. + +The *exec* form makes it possible to avoid shell string munging, and to `RUN` +commands using a base image that does not contain `/bin/sh`. + +### Known Issues (RUN) + +- [Issue 783](https://github.com/dotcloud/docker/issues/783) is about file + permissions problems that can occur when using the AUFS file system. You + might notice it during an attempt to `rm` a file, for example. The issue + describes a workaround. +- [Issue 2424](https://github.com/dotcloud/docker/issues/2424) Locale will + not be set automatically. + +## CMD + +CMD has three forms: + +- `CMD ["executable","param1","param2"]` (like an *exec*, preferred form) +- `CMD ["param1","param2"]` (as *default parameters to ENTRYPOINT*) +- `CMD command param1 param2` (as a *shell*) + +There can only be one CMD in a Dockerfile. If you list more than one CMD +then only the last CMD will take effect. + +**The main purpose of a CMD is to provide defaults for an executing +container.** These defaults can include an executable, or they can omit +the executable, in which case you must specify an ENTRYPOINT as well. + +When used in the shell or exec formats, the `CMD` instruction sets the command +to be executed when running the image. + +If you use the *shell* form of the CMD, then the `` will execute in +`/bin/sh -c`: + + FROM ubuntu + CMD echo "This is a test." | wc - + +If you want to **run your** `` **without a shell** then you must +express the command as a JSON array and give the full path to the executable. +**This array form is the preferred format of CMD.** Any additional parameters +must be individually expressed as strings in the array: + + FROM ubuntu + CMD ["/usr/bin/wc","--help"] + +If you would like your container to run the same executable every time, then +you should consider using `ENTRYPOINT` in combination with `CMD`. See +[*ENTRYPOINT*](#entrypoint). + +If the user specifies arguments to `docker run` then they will override the +default specified in CMD. + +> **Note**: +> don't confuse `RUN` with `CMD`. `RUN` actually runs a command and commits +> the result; `CMD` does not execute anything at build time, but specifies +> the intended command for the image. + +## EXPOSE + + EXPOSE [...] + +The `EXPOSE` instructions informs Docker that the container will listen on the +specified network ports at runtime. Docker uses this information to interconnect +containers using links (see +[*links*](/use/working_with_links_names/#working-with-links-names)), +and to setup port redirection on the host system (see [*Redirect Ports*]( +/use/port_redirection/#port-redirection)). + +## ENV + + ENV + +The `ENV` instruction sets the environment variable `` to the value +``. This value will be passed to all future `RUN` instructions. This is +functionally equivalent to prefixing the command with `=` + +The environment variables set using `ENV` will persist when a container is run +from the resulting image. You can view the values using `docker inspect`, and +change them using `docker run --env =`. + +> **Note**: +> One example where this can cause unexpected consequenses, is setting +> `ENV DEBIAN_FRONTEND noninteractive`. Which will persist when the container +> is run interactively; for example: `docker run -t -i image bash` + +## ADD + + ADD + +The `ADD` instruction will copy new files from `` and add them to the +container's filesystem at path ``. + +`` must be the path to a file or directory relative to the source directory +being built (also called the *context* of the build) or a remote file URL. + +`` is the absolute path to which the source will be copied inside the +destination container. + +All new files and directories are created with mode 0755, uid and gid 0. + +> **Note**: +> If you build using STDIN (`docker build - < somefile`), there is no +> build context, so the Dockerfile can only contain an URL based ADD +> statement. + +> **Note**: +> If your URL files are protected using authentication, you will need to +> use an `RUN wget` , `RUN curl` +> or other tool from within the container as ADD does not support +> authentication. + +The copy obeys the following rules: + +- The `` path must be inside the *context* of the build; + you cannot `ADD ../something /something`, because the first step of a + `docker build` is to send the context directory (and subdirectories) to the + docker daemon. + +- If `` is a URL and `` does not end with a trailing slash, then a + file is downloaded from the URL and copied to ``. + +- If `` is a URL and `` does end with a trailing slash, then the + filename is inferred from the URL and the file is downloaded to + `/`. For instance, `ADD http://example.com/foobar /` would + create the file `/foobar`. The URL must have a nontrivial path so that an + appropriate filename can be discovered in this case (`http://example.com` + will not work). + +- If `` is a directory, the entire directory is copied, including + filesystem metadata. + +- If `` is a *local* tar archive in a recognized compression format + (identity, gzip, bzip2 or xz) then it is unpacked as a directory. Resources + from *remote* URLs are **not** decompressed. When a directory is copied or + unpacked, it has the same behavior as `tar -x`: the result is the union of: + + 1. whatever existed at the destination path and + 2. the contents of the source tree, with conflicts resolved in favor of + "2." on a file-by-file basis. + +- If `` is any other kind of file, it is copied individually along with + its metadata. In this case, if `` ends with a trailing slash `/`, it + will be considered a directory and the contents of `` will be written + at `/base()`. + +- If `` does not end with a trailing slash, it will be considered a + regular file and the contents of `` will be written at ``. + +- If `` doesn't exist, it is created along with all missing directories + in its path. + +## ENTRYPOINT + +ENTRYPOINT has two forms: + +- `ENTRYPOINT ["executable", "param1", "param2"]` + (like an *exec*, preferred form) +- `ENTRYPOINT command param1 param2` + (as a *shell*) + +There can only be one `ENTRYPOINT` in a Dockerfile. If you have more than one +`ENTRYPOINT`, then only the last one in the Dockerfile will have an effect. + +An `ENTRYPOINT` helps you to configure a container that you can run as an +executable. That is, when you specify an `ENTRYPOINT`, then the whole container +runs as if it was just that executable. + +The `ENTRYPOINT` instruction adds an entry command that will **not** be +overwritten when arguments are passed to `docker run`, unlike the behavior +of `CMD`. This allows arguments to be passed to the entrypoint. i.e. +`docker run -d` will pass the "-d" argument to the ENTRYPOINT. + +You can specify parameters either in the ENTRYPOINT JSON array (as in +"like an exec" above), or by using a CMD statement. Parameters in the +ENTRYPOINT will not be overridden by the `docker run` +arguments, but parameters specified via CMD will be overridden +by `docker run` arguments. + +Like a `CMD`, you can specify a plain string for the `ENTRYPOINT` and it will +execute in `/bin/sh -c`: + + FROM ubuntu + ENTRYPOINT wc -l - + +For example, that Dockerfile's image will *always* take stdin as input +("-") and print the number of lines ("-l"). If you wanted to make this +optional but default, you could use a CMD: + + FROM ubuntu + CMD ["-l", "-"] + ENTRYPOINT ["/usr/bin/wc"] + +## VOLUME + + VOLUME ["/data"] + +The `VOLUME` instruction will create a mount point with the specified name +and mark it as holding externally mounted volumes from native host or other +containers. For more information/examples and mounting instructions via docker +client, refer to [*Share Directories via Volumes*]( +/use/working_with_volumes/#volume-def) documentation. + +## USER + + USER daemon + +The `USER` instruction sets the username or UID to use when running the image. + +## WORKDIR + + WORKDIR /path/to/workdir + +The `WORKDIR` instruction sets the working directory for the `RUN`, `CMD` and +`ENTRYPOINT` Dockerfile commands that follow it. + +It can be used multiple times in the one Dockerfile. If a relative path +is provided, it will be relative to the path of the previous `WORKDIR` +instruction. For example: + + WORKDIR /a WORKDIR b WORKDIR c RUN pwd + +The output of the final `pwd` command in this +Dockerfile would be `/a/b/c`. + +## ONBUILD + + ONBUILD [INSTRUCTION] + +The `ONBUILD` instruction adds to the image a +"trigger" instruction to be executed at a later time, when the image is +used as the base for another build. The trigger will be executed in the +context of the downstream build, as if it had been inserted immediately +after the *FROM* instruction in the downstream Dockerfile. + +Any build instruction can be registered as a trigger. + +This is useful if you are building an image which will be used as a base +to build other images, for example an application build environment or a +daemon which may be customized with user-specific configuration. + +For example, if your image is a reusable python application builder, it +will require application source code to be added in a particular +directory, and it might require a build script to be called *after* +that. You can't just call *ADD* and *RUN* now, because you don't yet +have access to the application source code, and it will be different for +each application build. You could simply provide application developers +with a boilerplate Dockerfile to copy-paste into their application, but +that is inefficient, error-prone and difficult to update because it +mixes with application-specific code. + +The solution is to use *ONBUILD* to register in advance instructions to +run later, during the next build stage. + +Here's how it works: + +1. When it encounters an *ONBUILD* instruction, the builder adds a + trigger to the metadata of the image being built. The instruction + does not otherwise affect the current build. +2. At the end of the build, a list of all triggers is stored in the + image manifest, under the key *OnBuild*. They can be inspected with + *docker inspect*. +3. Later the image may be used as a base for a new build, using the + *FROM* instruction. As part of processing the *FROM* instruction, + the downstream builder looks for *ONBUILD* triggers, and executes + them in the same order they were registered. If any of the triggers + fail, the *FROM* instruction is aborted which in turn causes the + build to fail. If all triggers succeed, the FROM instruction + completes and the build continues as usual. +4. Triggers are cleared from the final image after being executed. In + other words they are not inherited by "grand-children" builds. + +For example you might add something like this: + + [...] + ONBUILD ADD . /app/src + ONBUILD RUN /usr/local/bin/python-build --dir /app/src + [...] + +> **Warning**: Chaining ONBUILD instructions using ONBUILD ONBUILD isn't allowed. + +> **Warning**: ONBUILD may not trigger FROM or MAINTAINER instructions. + +## Dockerfile Examples + + # Nginx + # + # VERSION 0.0.1 + + FROM ubuntu + MAINTAINER Guillaume J. Charmes + + # make sure the package repository is up to date + RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list + RUN apt-get update + + RUN apt-get install -y inotify-tools nginx apache2 openssh-server + + # Firefox over VNC + # + # VERSION 0.3 + + FROM ubuntu + # make sure the package repository is up to date + RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list + RUN apt-get update + + # Install vnc, xvfb in order to create a 'fake' display and firefox + RUN apt-get install -y x11vnc xvfb firefox + RUN mkdir /.vnc + # Setup a password + RUN x11vnc -storepasswd 1234 ~/.vnc/passwd + # Autostart firefox (might not be the best way, but it does the trick) + RUN bash -c 'echo "firefox" >> /.bashrc' + + EXPOSE 5900 + CMD ["x11vnc", "-forever", "-usepw", "-create"] + + # Multiple images example + # + # VERSION 0.1 + + FROM ubuntu + RUN echo foo > bar + # Will output something like ===> 907ad6c2736f + + FROM ubuntu + RUN echo moo > oink + # Will output something like ===> 695d7793cbe4 + + # You᾿ll now have two images, 907ad6c2736f with /bar, and 695d7793cbe4 with + # /oink. diff --git a/docs/sources/reference/builder.rst b/docs/sources/reference/builder.rst deleted file mode 100644 index e8897d1b09..0000000000 --- a/docs/sources/reference/builder.rst +++ /dev/null @@ -1,532 +0,0 @@ -:title: Dockerfile Reference -:description: Dockerfiles use a simple DSL which allows you to automate the steps you would normally manually take to create an image. -:keywords: builder, docker, Dockerfile, automation, image creation - -.. _dockerbuilder: - -==================== -Dockerfile Reference -==================== - -**Docker can act as a builder** and read instructions from a text -``Dockerfile`` to automate the steps you would otherwise take manually -to create an image. Executing ``docker build`` will run your steps and -commit them along the way, giving you a final image. - -.. _dockerfile_usage: - -Usage -===== - -To :ref:`build ` an image from a source repository, create -a description file called ``Dockerfile`` at the root of your -repository. This file will describe the steps to assemble the image. - -Then call ``docker build`` with the path of your source repository as -argument (for example, ``.``): - - ``sudo docker build .`` - -The path to the source repository defines where to find the *context* -of the build. The build is run by the Docker daemon, not by the CLI, -so the whole context must be transferred to the daemon. The Docker CLI -reports "Uploading context" when the context is sent to the daemon. - -You can specify a repository and tag at which to save the new image if the -build succeeds: - - ``sudo docker build -t shykes/myapp .`` - -The Docker daemon will run your steps one-by-one, committing the -result to a new image if necessary, before finally outputting the -ID of your new image. The Docker daemon will automatically clean -up the context you sent. - -Note that each instruction is run independently, and causes a new image -to be created - so ``RUN cd /tmp`` will not have any effect on the next -instructions. - -Whenever possible, Docker will re-use the intermediate images, -accelerating ``docker build`` significantly (indicated by ``Using cache``): - -.. code-block:: bash - - $ docker build -t SvenDowideit/ambassador . - Uploading context 10.24 kB - Uploading context - Step 1 : FROM docker-ut - ---> cbba202fe96b - Step 2 : MAINTAINER SvenDowideit@home.org.au - ---> Using cache - ---> 51182097be13 - Step 3 : CMD env | grep _TCP= | sed 's/.*_PORT_\([0-9]*\)_TCP=tcp:\/\/\(.*\):\(.*\)/socat TCP4-LISTEN:\1,fork,reuseaddr TCP4:\2:\3 \&/' | sh && top - ---> Using cache - ---> 1a5ffc17324d - Successfully built 1a5ffc17324d - -When you're done with your build, you're ready to look into -:ref:`image_push`. - -.. _dockerfile_format: - -Format -====== - -Here is the format of the Dockerfile: - -:: - - # Comment - INSTRUCTION arguments - -The Instruction is not case-sensitive, however convention is for them to be -UPPERCASE in order to distinguish them from arguments more easily. - -Docker evaluates the instructions in a Dockerfile in order. **The -first instruction must be `FROM`** in order to specify the -:ref:`base_image_def` from which you are building. - -Docker will treat lines that *begin* with ``#`` as a comment. A ``#`` -marker anywhere else in the line will be treated as an argument. This -allows statements like: - -:: - - # Comment - RUN echo 'we are running some # of cool things' - -.. _dockerfile_instructions: - - -Here is the set of instructions you can use in a ``Dockerfile`` for -building images. - -.. _dockerfile_from: - -``FROM`` -======== - - ``FROM `` - -Or - - ``FROM :`` - -The ``FROM`` instruction sets the :ref:`base_image_def` for subsequent -instructions. As such, a valid Dockerfile must have ``FROM`` as its -first instruction. The image can be any valid image -- it is -especially easy to start by **pulling an image** from the -:ref:`using_public_repositories`. - -``FROM`` must be the first non-comment instruction in the -``Dockerfile``. - -``FROM`` can appear multiple times within a single Dockerfile in order -to create multiple images. Simply make a note of the last image id -output by the commit before each new ``FROM`` command. - -If no ``tag`` is given to the ``FROM`` instruction, ``latest`` is -assumed. If the used tag does not exist, an error will be returned. - -.. _dockerfile_maintainer: - -``MAINTAINER`` -============== - - ``MAINTAINER `` - -The ``MAINTAINER`` instruction allows you to set the *Author* field of -the generated images. - -.. _dockerfile_run: - -``RUN`` -======= - -RUN has 2 forms: - -* ``RUN `` (the command is run in a shell - ``/bin/sh -c``) -* ``RUN ["executable", "param1", "param2"]`` (*exec* form) - -The ``RUN`` instruction will execute any commands in a new layer on top -of the current image and commit the results. The resulting committed image -will be used for the next step in the Dockerfile. - -Layering ``RUN`` instructions and generating commits conforms to the -core concepts of Docker where commits are cheap and containers can be -created from any point in an image's history, much like source -control. - -The *exec* form makes it possible to avoid shell string munging, and to ``RUN`` -commands using a base image that does not contain ``/bin/sh``. - -Known Issues (RUN) -.................. - -* :issue:`783` is about file permissions problems that can occur when - using the AUFS file system. You might notice it during an attempt to - ``rm`` a file, for example. The issue describes a workaround. -* :issue:`2424` Locale will not be set automatically. - -.. _dockerfile_cmd: - -``CMD`` -======= - -CMD has three forms: - -* ``CMD ["executable","param1","param2"]`` (like an *exec*, preferred form) -* ``CMD ["param1","param2"]`` (as *default parameters to ENTRYPOINT*) -* ``CMD command param1 param2`` (as a *shell*) - -There can only be one CMD in a Dockerfile. If you list more than one -CMD then only the last CMD will take effect. - -**The main purpose of a CMD is to provide defaults for an executing -container.** These defaults can include an executable, or they can -omit the executable, in which case you must specify an ENTRYPOINT as -well. - -When used in the shell or exec formats, the ``CMD`` instruction sets -the command to be executed when running the image. - -If you use the *shell* form of the CMD, then the ```` will -execute in ``/bin/sh -c``: - -.. code-block:: bash - - FROM ubuntu - CMD echo "This is a test." | wc - - -If you want to **run your** ```` **without a shell** then you -must express the command as a JSON array and give the full path to the -executable. **This array form is the preferred format of CMD.** Any -additional parameters must be individually expressed as strings in the -array: - -.. code-block:: bash - - FROM ubuntu - CMD ["/usr/bin/wc","--help"] - -If you would like your container to run the same executable every -time, then you should consider using ``ENTRYPOINT`` in combination -with ``CMD``. See :ref:`dockerfile_entrypoint`. - -If the user specifies arguments to ``docker run`` then they will -override the default specified in CMD. - -.. note:: - Don't confuse ``RUN`` with ``CMD``. ``RUN`` actually runs a - command and commits the result; ``CMD`` does not execute anything at - build time, but specifies the intended command for the image. - -.. _dockerfile_expose: - -``EXPOSE`` -========== - - ``EXPOSE [...]`` - -The ``EXPOSE`` instructions informs Docker that the container will listen -on the specified network ports at runtime. Docker uses this information -to interconnect containers using links (see :ref:`links `), -and to setup port redirection on the host system (see :ref:`port_redirection`). - -.. _dockerfile_env: - -``ENV`` -======= - - ``ENV `` - -The ``ENV`` instruction sets the environment variable ```` to the -value ````. This value will be passed to all future ``RUN`` -instructions. This is functionally equivalent to prefixing the command -with ``=`` - -The environment variables set using ``ENV`` will persist when a container is run -from the resulting image. You can view the values using ``docker inspect``, and change them using ``docker run --env =``. - -.. note:: - One example where this can cause unexpected consequenses, is setting - ``ENV DEBIAN_FRONTEND noninteractive``. - Which will persist when the container is run interactively; for example: - ``docker run -t -i image bash`` - -.. _dockerfile_add: - -``ADD`` -======= - - ``ADD `` - -The ``ADD`` instruction will copy new files from and add them to -the container's filesystem at path ````. - -```` must be the path to a file or directory relative to the -source directory being built (also called the *context* of the build) or -a remote file URL. - -```` is the absolute path to which the source will be copied inside the -destination container. - -All new files and directories are created with mode 0755, uid and gid -0. - -.. note:: - if you build using STDIN (``docker build - < somefile``), there is no build - context, so the Dockerfile can only contain an URL based ADD statement. - -.. note:: - if your URL files are protected using authentication, you will need to use - an ``RUN wget`` , ``RUN curl`` or other tool from within the container as - ADD does not support authentication. - -The copy obeys the following rules: - -* The ```` path must be inside the *context* of the build; you cannot - ``ADD ../something /something``, because the first step of a - ``docker build`` is to send the context directory (and subdirectories) to - the docker daemon. -* If ```` is a URL and ```` does not end with a trailing slash, - then a file is downloaded from the URL and copied to ````. -* If ```` is a URL and ```` does end with a trailing slash, - then the filename is inferred from the URL and the file is downloaded to - ``/``. For instance, ``ADD http://example.com/foobar /`` - would create the file ``/foobar``. The URL must have a nontrivial path - so that an appropriate filename can be discovered in this case - (``http://example.com`` will not work). -* If ```` is a directory, the entire directory is copied, - including filesystem metadata. -* If ```` is a *local* tar archive in a recognized compression - format (identity, gzip, bzip2 or xz) then it is unpacked as a - directory. Resources from *remote* URLs are **not** decompressed. - - When a directory is copied or unpacked, it has the same behavior as - ``tar -x``: the result is the union of - - 1. whatever existed at the destination path and - 2. the contents of the source tree, - - with conflicts resolved in favor of "2." on a file-by-file basis. - -* If ```` is any other kind of file, it is copied individually - along with its metadata. In this case, if ```` ends with a - trailing slash ``/``, it will be considered a directory and the - contents of ```` will be written at ``/base()``. -* If ```` does not end with a trailing slash, it will be - considered a regular file and the contents of ```` will be - written at ````. -* If ```` doesn't exist, it is created along with all missing - directories in its path. - -.. _dockerfile_entrypoint: - -``ENTRYPOINT`` -============== - -ENTRYPOINT has two forms: - -* ``ENTRYPOINT ["executable", "param1", "param2"]`` (like an *exec*, - preferred form) -* ``ENTRYPOINT command param1 param2`` (as a *shell*) - -There can only be one ``ENTRYPOINT`` in a Dockerfile. If you have more -than one ``ENTRYPOINT``, then only the last one in the Dockerfile will -have an effect. - -An ``ENTRYPOINT`` helps you to configure a container that you can run -as an executable. That is, when you specify an ``ENTRYPOINT``, then -the whole container runs as if it was just that executable. - -The ``ENTRYPOINT`` instruction adds an entry command that will **not** -be overwritten when arguments are passed to ``docker run``, unlike the -behavior of ``CMD``. This allows arguments to be passed to the -entrypoint. i.e. ``docker run -d`` will pass the "-d" -argument to the ENTRYPOINT. - -You can specify parameters either in the ENTRYPOINT JSON array (as in -"like an exec" above), or by using a CMD statement. Parameters in the -ENTRYPOINT will not be overridden by the ``docker run`` arguments, but -parameters specified via CMD will be overridden by ``docker run`` -arguments. - -Like a ``CMD``, you can specify a plain string for the ENTRYPOINT and -it will execute in ``/bin/sh -c``: - -.. code-block:: bash - - FROM ubuntu - ENTRYPOINT wc -l - - -For example, that Dockerfile's image will *always* take stdin as input -("-") and print the number of lines ("-l"). If you wanted to make -this optional but default, you could use a CMD: - -.. code-block:: bash - - FROM ubuntu - CMD ["-l", "-"] - ENTRYPOINT ["/usr/bin/wc"] - -.. _dockerfile_volume: - -``VOLUME`` -========== - - ``VOLUME ["/data"]`` - -The ``VOLUME`` instruction will create a mount point with the specified name and mark it -as holding externally mounted volumes from native host or other containers. For more information/examples -and mounting instructions via docker client, refer to :ref:`volume_def` documentation. - -.. _dockerfile_user: - -``USER`` -======== - - ``USER daemon`` - -The ``USER`` instruction sets the username or UID to use when running -the image. - -.. _dockerfile_workdir: - -``WORKDIR`` -=========== - - ``WORKDIR /path/to/workdir`` - -The ``WORKDIR`` instruction sets the working directory for the ``RUN``, ``CMD`` and -``ENTRYPOINT`` Dockerfile commands that follow it. - -It can be used multiple times in the one Dockerfile. If a relative path is -provided, it will be relative to the path of the previous ``WORKDIR`` -instruction. For example: - - WORKDIR /a - WORKDIR b - WORKDIR c - RUN pwd - -The output of the final ``pwd`` command in this Dockerfile would be ``/a/b/c``. - -``ONBUILD`` -=========== - - ``ONBUILD [INSTRUCTION]`` - -The ``ONBUILD`` instruction adds to the image a "trigger" instruction to be -executed at a later time, when the image is used as the base for another build. -The trigger will be executed in the context of the downstream build, as if it -had been inserted immediately after the *FROM* instruction in the downstream -Dockerfile. - -Any build instruction can be registered as a trigger. - -This is useful if you are building an image which will be used as a base to build -other images, for example an application build environment or a daemon which may be -customized with user-specific configuration. - -For example, if your image is a reusable python application builder, it will require -application source code to be added in a particular directory, and it might require -a build script to be called *after* that. You can't just call *ADD* and *RUN* now, -because you don't yet have access to the application source code, and it will be -different for each application build. You could simply provide application developers -with a boilerplate Dockerfile to copy-paste into their application, but that is -inefficient, error-prone and difficult to update because it mixes with -application-specific code. - -The solution is to use *ONBUILD* to register in advance instructions to run later, -during the next build stage. - -Here's how it works: - -1. When it encounters an *ONBUILD* instruction, the builder adds a trigger to - the metadata of the image being built. - The instruction does not otherwise affect the current build. - -2. At the end of the build, a list of all triggers is stored in the image manifest, - under the key *OnBuild*. They can be inspected with *docker inspect*. - -3. Later the image may be used as a base for a new build, using the *FROM* instruction. - As part of processing the *FROM* instruction, the downstream builder looks for *ONBUILD* - triggers, and executes them in the same order they were registered. If any of the - triggers fail, the *FROM* instruction is aborted which in turn causes the build - to fail. If all triggers succeed, the FROM instruction completes and the build - continues as usual. - -4. Triggers are cleared from the final image after being executed. In other words - they are not inherited by "grand-children" builds. - -For example you might add something like this: - -.. code-block:: bash - - [...] - ONBUILD ADD . /app/src - ONBUILD RUN /usr/local/bin/python-build --dir /app/src - [...] - -.. warning:: Chaining ONBUILD instructions using `ONBUILD ONBUILD` isn't allowed. -.. warning:: ONBUILD may not trigger FROM or MAINTAINER instructions. - -.. _dockerfile_examples: - -Dockerfile Examples -====================== - -.. code-block:: bash - - # Nginx - # - # VERSION 0.0.1 - - FROM ubuntu - MAINTAINER Guillaume J. Charmes - - # make sure the package repository is up to date - RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list - RUN apt-get update - - RUN apt-get install -y inotify-tools nginx apache2 openssh-server - -.. code-block:: bash - - # Firefox over VNC - # - # VERSION 0.3 - - FROM ubuntu - # make sure the package repository is up to date - RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list - RUN apt-get update - - # Install vnc, xvfb in order to create a 'fake' display and firefox - RUN apt-get install -y x11vnc xvfb firefox - RUN mkdir /.vnc - # Setup a password - RUN x11vnc -storepasswd 1234 ~/.vnc/passwd - # Autostart firefox (might not be the best way, but it does the trick) - RUN bash -c 'echo "firefox" >> /.bashrc' - - EXPOSE 5900 - CMD ["x11vnc", "-forever", "-usepw", "-create"] - -.. code-block:: bash - - # Multiple images example - # - # VERSION 0.1 - - FROM ubuntu - RUN echo foo > bar - # Will output something like ===> 907ad6c2736f - - FROM ubuntu - RUN echo moo > oink - # Will output something like ===> 695d7793cbe4 - - # You'll now have two images, 907ad6c2736f with /bar, and 695d7793cbe4 with - # /oink. diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md new file mode 100644 index 0000000000..8936bbe332 --- /dev/null +++ b/docs/sources/reference/commandline/cli.md @@ -0,0 +1,1131 @@ +page_title: Command Line Interface +page_description: Docker's CLI command description and usage +page_keywords: Docker, Docker documentation, CLI, command line + +# Command Line + +To list available commands, either run `docker` with no parameters +or execute `docker help`: + + $ sudo docker + Usage: docker [OPTIONS] COMMAND [arg...] + -H, --host=[]: The socket(s) to bind to in daemon mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. + + A self-sufficient runtime for linux containers. + + ... + +## Option types + +Single character commandline options can be combined, so rather than +typing `docker run -t -i --name test busybox sh`, +you can write `docker run -ti --name test busybox sh`. + +### Boolean + +Boolean options look like `-d=false`. The value you +see is the default value which gets set if you do **not** use the +boolean flag. If you do call `run -d`, that sets the +opposite boolean value, so in this case, `true`, and +so `docker run -d` **will** run in "detached" mode, +in the background. Other boolean options are similar – specifying them +will set the value to the opposite of the default value. + +### Multi + +Options like `-a=[]` indicate they can be specified multiple times: + + $ docker run -a stdin -a stdout -a stderr -i -t ubuntu /bin/bash + +Sometimes this can use a more complex value string, as for `-v`: + + $ docker run -v /host:/container example/mysql + +### Strings and Integers + +Options like `--name=""` expect a string, and they +can only be specified once. Options like `-c=0` +expect an integer, and they can only be specified once. + +## daemon + + Usage of docker: + + -D, --debug=false: Enable debug mode + -H, --host=[]: The socket(s) to bind to in daemon mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. + -G, --group="docker": Group to assign the unix socket specified by -H when running in daemon mode; use '' (the empty string) to disable setting of a group + --api-enable-cors=false: Enable CORS headers in the remote API + -b, --bridge="": Attach containers to a pre-existing network bridge; use 'none' to disable container networking + -bip="": Use this CIDR notation address for the network bridge᾿s IP, not compatible with -b + -d, --daemon=false: Enable daemon mode + --dns=[]: Force docker to use specific DNS servers + --dns-search=[]: Force Docker to use specific DNS search domains + --enable-selinux=false: Enable selinux support for running containers + -g, --graph="/var/lib/docker": Path to use as the root of the docker runtime + --icc=true: Enable inter-container communication + --ip="0.0.0.0": Default IP address to use when binding container ports + --ip-forward=true: Enable net.ipv4.ip_forward + --iptables=true: Enable Docker᾿s addition of iptables rules + -p, --pidfile="/var/run/docker.pid": Path to use for daemon PID file + -r, --restart=true: Restart previously running containers + -s, --storage-driver="": Force the docker runtime to use a specific storage driver + -e, --exec-driver="native": Force the docker runtime to use a specific exec driver + -v, --version=false: Print version information and quit + --tls=false: Use TLS; implied by tls-verify flags + --tlscacert="~/.docker/ca.pem": Trust only remotes providing a certificate signed by the CA given here + --tlscert="~/.docker/cert.pem": Path to TLS certificate file + --tlskey="~/.docker/key.pem": Path to TLS key file + --tlsverify=false: Use TLS and verify the remote (daemon: verify client, client: verify daemon) + --mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available + + Options with [] may be specified multiple times. + +The Docker daemon is the persistent process that manages containers. +Docker uses the same binary for both the daemon and client. To run the +daemon you provide the `-d` flag. + +To force Docker to use devicemapper as the storage driver, use +`docker -d -s devicemapper`. + +To set the DNS server for all Docker containers, use +`docker -d --dns 8.8.8.8`. + +To set the DNS search domain for all Docker containers, use +`docker -d --dns-search example.com`. + +To run the daemon with debug output, use `docker -d -D`. + +To use lxc as the execution driver, use `docker -d -e lxc`. + +The docker client will also honor the `DOCKER_HOST` environment variable to set +the `-H` flag for the client. + + $ docker -H tcp://0.0.0.0:4243 ps + # or + $ export DOCKER_HOST="tcp://0.0.0.0:4243" + $ docker ps + # both are equal + +To run the daemon with [systemd socket activation]( +http://0pointer.de/blog/projects/socket-activation.html), use +`docker -d -H fd://`. Using `fd://` will work perfectly for most setups but +you can also specify individual sockets too `docker -d -H fd://3`. If the +specified socket activated files aren't found then docker will exit. You +can find examples of using systemd socket activation with docker and +systemd in the [docker source tree]( +https://github.com/dotcloud/docker/blob/master/contrib/init/systemd/socket-activation/). + +Docker supports softlinks for the Docker data directory +(`/var/lib/docker`) and for `/tmp`. TMPDIR and the data directory can be set +like this: + + TMPDIR=/mnt/disk2/tmp /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 + # or + export TMPDIR=/mnt/disk2/tmp + /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 + +## attach + +Attach to a running container. + + Usage: docker attach CONTAINER + + --no-stdin=false: Do not attach stdin + --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) + +The `attach` command will allow you to view or +interact with any running container, detached (`-d`) +or interactive (`-i`). You can attach to the same +container at the same time - screen sharing style, or quickly view the +progress of your daemonized process. + +You can detach from the container again (and leave it running) with +`CTRL-C` (for a quiet exit) or `CTRL-\` +to get a stacktrace of the Docker client when it quits. When +you detach from the container's process the exit code will be returned +to the client. + +To stop a container, use `docker stop`. + +To kill the container, use `docker kill`. + +### Examples: + + $ ID=$(sudo docker run -d ubuntu /usr/bin/top -b) + $ sudo docker attach $ID + top - 02:05:52 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 + Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie + Cpu(s): 0.1%us, 0.2%sy, 0.0%ni, 99.7%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st + Mem: 373572k total, 355560k used, 18012k free, 27872k buffers + Swap: 786428k total, 0k used, 786428k free, 221740k cached + + PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND + 1 root 20 0 17200 1116 912 R 0 0.3 0:00.03 top + + top - 02:05:55 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 + Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie + Cpu(s): 0.0%us, 0.2%sy, 0.0%ni, 99.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st + Mem: 373572k total, 355244k used, 18328k free, 27872k buffers + Swap: 786428k total, 0k used, 786428k free, 221776k cached + + PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND + 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top + + + top - 02:05:58 up 3:06, 0 users, load average: 0.01, 0.02, 0.05 + Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie + Cpu(s): 0.2%us, 0.3%sy, 0.0%ni, 99.5%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st + Mem: 373572k total, 355780k used, 17792k free, 27880k buffers + Swap: 786428k total, 0k used, 786428k free, 221776k cached + + PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND + 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top + ^C$ + $ sudo docker stop $ID + +## build + +Build a new container image from the source code at PATH + + Usage: docker build [OPTIONS] PATH | URL | - + + -t, --tag="": Repository name (and optionally a tag) to be applied + to the resulting image in case of success. + -q, --quiet=false: Suppress the verbose output generated by the containers. + --no-cache: Do not use the cache when building the image. + --rm=true: Remove intermediate containers after a successful build + +Use this command to build Docker images from a Dockerfile +and a "context". + +The files at `PATH` or `URL` are called the "context" of the build. The build +process may refer to any of the files in the context, for example when using an +[*ADD*](/reference/builder/#dockerfile-add) instruction. When a single Dockerfile is +given as `URL`, then no context is set. + +When a Git repository is set as `URL`, then the +repository is used as the context. The Git repository is cloned with its +submodules (git clone –recursive). A fresh git clone occurs in a +temporary directory on your local host, and then this is sent to the +Docker daemon as the context. This way, your local user credentials and +vpn's etc can be used to access private repositories + +See also: + +[*Dockerfile Reference*](/reference/builder/#dockerbuilder). + +### Examples: + + $ sudo docker build . + Uploading context 10240 bytes + Step 1 : FROM busybox + Pulling repository busybox + ---> e9aa60c60128MB/2.284 MB (100%) endpoint: https://cdn-registry-1.docker.io/v1/ + Step 2 : RUN ls -lh / + ---> Running in 9c9e81692ae9 + total 24 + drwxr-xr-x 2 root root 4.0K Mar 12 2013 bin + drwxr-xr-x 5 root root 4.0K Oct 19 00:19 dev + drwxr-xr-x 2 root root 4.0K Oct 19 00:19 etc + drwxr-xr-x 2 root root 4.0K Nov 15 23:34 lib + lrwxrwxrwx 1 root root 3 Mar 12 2013 lib64 -> lib + dr-xr-xr-x 116 root root 0 Nov 15 23:34 proc + lrwxrwxrwx 1 root root 3 Mar 12 2013 sbin -> bin + dr-xr-xr-x 13 root root 0 Nov 15 23:34 sys + drwxr-xr-x 2 root root 4.0K Mar 12 2013 tmp + drwxr-xr-x 2 root root 4.0K Nov 15 23:34 usr + ---> b35f4035db3f + Step 3 : CMD echo Hello World + ---> Running in 02071fceb21b + ---> f52f38b7823e + Successfully built f52f38b7823e + Removing intermediate container 9c9e81692ae9 + Removing intermediate container 02071fceb21b + +This example specifies that the `PATH` is +`.`, and so all the files in the local directory get +`tar`d and sent to the Docker daemon. The `PATH` +specifies where to find the files for the "context" of the build on the +Docker daemon. Remember that the daemon could be running on a remote +machine and that no parsing of the Dockerfile +happens at the client side (where you're running +`docker build`). That means that *all* the files at +`PATH` get sent, not just the ones listed to +[*ADD*](/reference/builder/#dockerfile-add) in the Dockerfile. + +The transfer of context from the local machine to the Docker daemon is +what the `docker` client means when you see the +"Uploading context" message. + +If you wish to keep the intermediate containers after the build is +complete, you must use `--rm=false`. This does not +affect the build cache. + + $ sudo docker build -t vieux/apache:2.0 . + +This will build like the previous example, but it will then tag the +resulting image. The repository name will be `vieux/apache` +and the tag will be `2.0` + + $ sudo docker build - < Dockerfile + +This will read a Dockerfile from *stdin* without +context. Due to the lack of a context, no contents of any local +directory will be sent to the `docker` daemon. Since +there is no context, a Dockerfile `ADD` +only works if it refers to a remote URL. + + $ sudo docker build github.com/creack/docker-firefox + +This will clone the GitHub repository and use the cloned repository as +context. The Dockerfile at the root of the +repository is used as Dockerfile. Note that you +can specify an arbitrary Git repository by using the `git://` +schema. + +## commit + +Create a new image from a container᾿s changes + + Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]] + + -m, --message="": Commit message + -a, --author="": Author (eg. "John Hannibal Smith " + +It can be useful to commit a container's file changes or settings into a +new image. This allows you debug a container by running an interactive +shell, or to export a working dataset to another server. Generally, it +is better to use Dockerfiles to manage your images in a documented and +maintainable way. + +### Commit an existing container + + $ sudo docker ps + ID IMAGE COMMAND CREATED STATUS PORTS + c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours + 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours + $ docker commit c3f279d17e0a SvenDowideit/testimage:version3 + f5283438590d + $ docker images | head + REPOSITORY TAG ID CREATED VIRTUAL SIZE + SvenDowideit/testimage version3 f5283438590d 16 seconds ago 335.7 MB + +## cp + +Copy files/folders from the containers filesystem to the host +path. Paths are relative to the root of the filesystem. + + Usage: docker cp CONTAINER:PATH HOSTPATH + + $ sudo docker cp 7bb0e258aefe:/etc/debian_version . + $ sudo docker cp blue_frog:/etc/hosts . + +## diff + +List the changed files and directories in a container᾿s filesystem + + Usage: docker diff CONTAINER + +There are 3 events that are listed in the `diff`: + +1. `A` - Add +2. `D` - Delete +3. `C` - Change + +For example: + + $ sudo docker diff 7bb0e258aefe + + C /dev + A /dev/kmsg + C /etc + A /etc/mtab + A /go + A /go/src + A /go/src/github.com + A /go/src/github.com/dotcloud + A /go/src/github.com/dotcloud/docker + A /go/src/github.com/dotcloud/docker/.git + .... + +## events + +Get real time events from the server + + Usage: docker events + + --since="": Show all events created since timestamp + (either seconds since epoch, or date string as below) + --until="": Show events created before timestamp + (either seconds since epoch, or date string as below) + +### Examples + +You'll need two shells for this example. + +**Shell 1: Listening for events:** + + $ sudo docker events + +**Shell 2: Start and Stop a Container:** + + $ sudo docker start 4386fb97867d + $ sudo docker stop 4386fb97867d + +**Shell 1: (Again .. now showing events):** + + [2013-09-03 15:49:26 +0200 CEST] 4386fb97867d: (from 12de384bfb10) start + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop + +**Show events in the past from a specified time:** + + $ sudo docker events --since 1378216169 + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop + + $ sudo docker events --since '2013-09-03' + [2013-09-03 15:49:26 +0200 CEST] 4386fb97867d: (from 12de384bfb10) start + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop + + $ sudo docker events --since '2013-09-03 15:49:29 +0200 CEST' + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop + +## export + +Export the contents of a filesystem as a tar archive to STDOUT + + Usage: docker export CONTAINER + +For example: + + $ sudo docker export red_panda > latest.tar + +## history + +Show the history of an image + + Usage: docker history [OPTIONS] IMAGE + + --no-trunc=false: Don᾿t truncate output + -q, --quiet=false: Only show numeric IDs + +To see how the `docker:latest` image was built: + + $ docker history docker + IMAGE CREATED CREATED BY SIZE + 3e23a5875458790b7a806f95f7ec0d0b2a5c1659bfc899c89f939f6d5b8f7094 8 days ago /bin/sh -c #(nop) ENV LC_ALL=C.UTF-8 0 B + 8578938dd17054dce7993d21de79e96a037400e8d28e15e7290fea4f65128a36 8 days ago /bin/sh -c dpkg-reconfigure locales && locale-gen C.UTF-8 && /usr/sbin/update-locale LANG=C.UTF-8 1.245 MB + be51b77efb42f67a5e96437b3e102f81e0a1399038f77bf28cea0ed23a65cf60 8 days ago /bin/sh -c apt-get update && apt-get install -y git libxml2-dev python build-essential make gcc python-dev locales python-pip 338.3 MB + 4b137612be55ca69776c7f30c2d2dd0aa2e7d72059820abf3e25b629f887a084 6 weeks ago /bin/sh -c #(nop) ADD jessie.tar.xz in / 121 MB + 750d58736b4b6cc0f9a9abe8f258cef269e3e9dceced1146503522be9f985ada 6 weeks ago /bin/sh -c #(nop) MAINTAINER Tianon Gravi - mkimage-debootstrap.sh -t jessie.tar.xz jessie http://http.debian.net/debian 0 B + 511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158 9 months ago 0 B + +## images + +List images + + Usage: docker images [OPTIONS] [NAME] + + -a, --all=false: Show all images (by default filter out the intermediate image layers) + --no-trunc=false: Don᾿t truncate output + -q, --quiet=false: Only show numeric IDs + +The default `docker images` will show all top level +images, their repository and tags, and their virtual size. + +Docker images have intermediate layers that increase reuseability, +decrease disk usage, and speed up `docker build` by +allowing each step to be cached. These intermediate layers are not shown +by default. + +### Listing the most recently created images + + $ sudo docker images | head + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + 77af4d6b9913 19 hours ago 1.089 GB + committest latest b6fa739cedf5 19 hours ago 1.089 GB + 78a85c484f71 19 hours ago 1.089 GB + $ docker latest 30557a29d5ab 20 hours ago 1.089 GB + 0124422dd9f9 20 hours ago 1.089 GB + 18ad6fad3402 22 hours ago 1.082 GB + f9f1e26352f0 23 hours ago 1.089 GB + tryout latest 2629d1fa0b81 23 hours ago 131.5 MB + 5ed6274db6ce 24 hours ago 1.089 GB + +### Listing the full length image IDs + + $ sudo docker images --no-trunc | head + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + 77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182 19 hours ago 1.089 GB + committest latest b6fa739cedf5ea12a620a439402b6004d057da800f91c7524b5086a5e4749c9f 19 hours ago 1.089 GB + 78a85c484f71509adeaace20e72e941f6bdd2b25b4c75da8693efd9f61a37921 19 hours ago 1.089 GB + $ docker latest 30557a29d5abc51e5f1d5b472e79b7e296f595abcf19fe6b9199dbbc809c6ff4 20 hours ago 1.089 GB + 0124422dd9f9cf7ef15c0617cda3931ee68346455441d66ab8bdc5b05e9fdce5 20 hours ago 1.089 GB + 18ad6fad340262ac2a636efd98a6d1f0ea775ae3d45240d3418466495a19a81b 22 hours ago 1.082 GB + f9f1e26352f0a3ba6a0ff68167559f64f3e21ff7ada60366e2d44a04befd1d3a 23 hours ago 1.089 GB + tryout latest 2629d1fa0b81b222fca63371ca16cbf6a0772d07759ff80e8d1369b926940074 23 hours ago 131.5 MB + 5ed6274db6ceb2397844896966ea239290555e74ef307030ebb01ff91b1914df 24 hours ago 1.089 GB + +## import + + Usage: docker import URL|- [REPOSITORY[:TAG]] + + Create an empty filesystem image and import the contents of the tarball + (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then optionally tag it. + +URLs must start with `http` and point to a single +file archive (.tar, .tar.gz, .tgz, .bzip, .tar.xz, or .txz) containing a +root filesystem. If you would like to import from a local directory or +archive, you can use the `-` parameter to take the +data from *stdin*. + +### Examples + +**Import from a remote location:** + +This will create a new untagged image. + + $ sudo docker import http://example.com/exampleimage.tgz + +**Import from a local file:** + +Import to docker via pipe and *stdin*. + + $ cat exampleimage.tgz | sudo docker import - exampleimagelocal:new + +**Import from a local directory:** + + $ sudo tar -c . | sudo docker import - exampleimagedir + +Note the `sudo` in this example – you must preserve +the ownership of the files (especially root ownership) during the +archiving with tar. If you are not root (or the sudo command) when you +tar, then the ownerships might not get preserved. + +## info + +Display system-wide information. + + Usage: docker info + + $ sudo docker info + Containers: 292 + Images: 194 + Debug mode (server): false + Debug mode (client): false + Fds: 22 + Goroutines: 67 + LXC Version: 0.9.0 + EventsListeners: 115 + Kernel Version: 3.8.0-33-generic + WARNING: No swap limit support + +When sending issue reports, please use `docker version` and `docker info` to +ensure we know how your setup is configured. + +## inspect + +Return low-level information on a container/image + + Usage: docker inspect CONTAINER|IMAGE [CONTAINER|IMAGE...] + + -f, --format="": Format the output using the given go template. + +By default, this will render all results in a JSON array. If a format is +specified, the given template will be executed for each result. + +Go's [text/template](http://golang.org/pkg/text/template/) package +describes all the details of the format. + +### Examples + +**Get an instance'sIP Address:** + +For the most part, you can pick out any field from the JSON in a fairly +straightforward manner. + + $ sudo docker inspect --format='{{.NetworkSettings.IPAddress}}' $INSTANCE_ID + +**List All Port Bindings:** + +One can loop over arrays and maps in the results to produce simple text +output: + + $ sudo docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID + +**Find a Specific Port Mapping:** + +The `.Field` syntax doesn't work when the field name +begins with a number, but the template language's `index` +function does. The `.NetworkSettings.Ports` +section contains a map of the internal port mappings to a list +of external address/port objects, so to grab just the numeric public +port, you use `index` to find the specific port map, +and then `index` 0 contains first object inside of +that. Then we ask for the `HostPort` field to get +the public address. + + $ sudo docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID + +**Get config:** + +The `.Field` syntax doesn't work when the field +contains JSON data, but the template language's custom `json` +function does. The `.config` section +contains complex json object, so to grab it as JSON, you use +`json` to convert config object into JSON + + $ sudo docker inspect --format='{{json .config}}' $INSTANCE_ID + +## kill + +Kill a running container (send SIGKILL, or specified signal) + + Usage: docker kill [OPTIONS] CONTAINER [CONTAINER...] + + -s, --signal="KILL": Signal to send to the container + +The main process inside the container will be sent SIGKILL, or any +signal specified with option `--signal`. + +### Known Issues (kill) + +- [Issue 197](https://github.com/dotcloud/docker/issues/197) indicates + that `docker kill` may leave directories behind + and make it difficult to remove the container. +- [Issue 3844](https://github.com/dotcloud/docker/issues/3844) lxc + 1.0.0 beta3 removed `lcx-kill` which is used by + Docker versions before 0.8.0; see the issue for a workaround. + +## load + +Load an image from a tar archive on STDIN + + Usage: docker load + + -i, --input="": Read from a tar archive file, instead of STDIN + +Loads a tarred repository from a file or the standard input stream. +Restores both images and tags. + + $ sudo docker images + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + $ sudo docker load < busybox.tar + $ sudo docker images + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + busybox latest 769b9341d937 7 weeks ago 2.489 MB + $ sudo docker load --input fedora.tar + $ sudo docker images + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + busybox latest 769b9341d937 7 weeks ago 2.489 MB + fedora rawhide 0d20aec6529d 7 weeks ago 387 MB + fedora 20 58394af37342 7 weeks ago 385.5 MB + fedora heisenbug 58394af37342 7 weeks ago 385.5 MB + fedora latest 58394af37342 7 weeks ago 385.5 MB + +## login + +Register or Login to the docker registry server + + Usage: docker login [OPTIONS] [SERVER] + + -e, --email="": Email + -p, --password="": Password + -u, --username="": Username + +If you want to login to a private registry you can +specify this by adding the server name. + + example: + $ docker login localhost:8080 + +## logs + +Fetch the logs of a container + + Usage: docker logs [OPTIONS] CONTAINER + + -f, --follow=false: Follow log output + -t, --timestamps=false: Show timestamps + +The `docker logs` command batch-retrieves all logs +present at the time of execution. + +The ``docker logs --follow`` command will first return all logs from the +beginning and then continue streaming new output from the container's stdout +and stderr. + +## port + + Usage: docker port [OPTIONS] CONTAINER PRIVATE_PORT + +Lookup the public-facing port which is NAT-ed to PRIVATE_PORT + +## ps + +List containers + + Usage: docker ps [OPTIONS] + + -a, --all=false: Show all containers. Only running containers are shown by default. + --before="": Show only container created before Id or Name, include non-running ones. + -l, --latest=false: Show only the latest created container, include non-running ones. + -n=-1: Show n last created containers, include non-running ones. + --no-trunc=false: Don᾿t truncate output + -q, --quiet=false: Only display numeric IDs + -s, --size=false: Display sizes, not to be used with -q + --since="": Show only containers created since Id or Name, include non-running ones. + +Running `docker ps` showing 2 linked containers. + + $ docker ps + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 4c01db0b339c ubuntu:12.04 bash 17 seconds ago Up 16 seconds webapp + d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db + +`docker ps` will show only running containers by default. To see all containers: +`docker ps -a` + +## pull + +Pull an image or a repository from the registry + + Usage: docker pull NAME[:TAG] + +Most of your images will be created on top of a base image from the +[Docker.io](https://index.docker.io) registry. + +[Docker.io](https://index.docker.io) contains many pre-built images that you +can `pull` and try without needing to define and configure your own. + +To download a particular image, or set of images (i.e., a repository), +use `docker pull`: + + $ docker pull debian + # will pull all the images in the debian repository + $ docker pull debian:testing + # will pull only the image named debian:testing and any intermediate layers + # it is based on. (typically the empty `scratch` image, a MAINTAINERs layer, + # and the un-tared base. + +## push + +Push an image or a repository to the registry + + Usage: docker push NAME[:TAG] + +Use `docker push` to share your images on public or +private registries. + +## restart + +Restart a running container + + Usage: docker restart [OPTIONS] NAME + + -t, --time=10: Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default=10 + +## rm + +Remove one or more containers + + Usage: docker rm [OPTIONS] CONTAINER + + -l, --link="": Remove the link instead of the actual container + -f, --force=false: Force removal of running container + -v, --volumes=false: Remove the volumes associated to the container + +### Known Issues (rm) + +- [Issue 197](https://github.com/dotcloud/docker/issues/197) indicates + that `docker kill` may leave directories behind + and make it difficult to remove the container. + +### Examples: + + $ sudo docker rm /redis + /redis + +This will remove the container referenced under the link +`/redis`. + + $ sudo docker rm --link /webapp/redis + /webapp/redis + +This will remove the underlying link between `/webapp` +and the `/redis` containers removing all +network communication. + + $ sudo docker rm $(docker ps -a -q) + +This command will delete all stopped containers. The command +`docker ps -a -q` will return all existing container +IDs and pass them to the `rm` command which will +delete them. Any running containers will not be deleted. + +## rmi + +Remove one or more images + + Usage: docker rmi IMAGE [IMAGE...] + + -f, --force=false: Force + --no-prune=false: Do not delete untagged parents + +### Removing tagged images + +Images can be removed either by their short or long ID`s, or their image +names. If an image has more than one name, each of them needs to be +removed before the image is removed. + + $ sudo docker images + REPOSITORY TAG IMAGE ID CREATED SIZE + test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) + test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) + test2 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) + + $ sudo docker rmi fd484f19954f + Error: Conflict, cannot delete image fd484f19954f because it is tagged in multiple repositories + 2013/12/11 05:47:16 Error: failed to remove one or more images + + $ sudo docker rmi test1 + Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 + $ sudo docker rmi test2 + Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 + + $ sudo docker images + REPOSITORY TAG IMAGE ID CREATED SIZE + test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) + $ sudo docker rmi test + Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 + Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 + +## run + +Run a command in a new container + + Usage: docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] + + -a, --attach=[]: Attach to stdin, stdout or stderr. + -c, --cpu-shares=0: CPU shares (relative weight) + --cidfile="": Write the container ID to the file + -d, --detach=false: Detached mode: Run container in the background, print new container id + --dns=[]: Set custom dns servers + --dns-search=[]: Set custom dns search domains + -e, --env=[]: Set environment variables + --entrypoint="": Overwrite the default entrypoint of the image + --env-file=[]: Read in a line delimited file of ENV variables + --expose=[]: Expose a port from the container without publishing it to your host + -h, --hostname="": Container host name + -i, --interactive=false: Keep stdin open even if not attached + --link=[]: Add link to another container (name:alias) + --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" + -m, --memory="": Memory limit (format: , where unit = b, k, m or g) + --name="": Assign a name to the container + --net="bridge": Set the Network mode for the container ('bridge': creates a new network stack for the container on the docker bridge, 'none': no networking for this container, 'container:': reuses another container network stack), 'host': use the host network stack inside the container + -P, --publish-all=false: Publish all exposed ports to the host interfaces + -p, --publish=[]: Publish a container's port to the host (format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort) (use 'docker port' to see the actual mapping) + --privileged=false: Give extended privileges to this container + --rm=false: Automatically remove the container when it exits (incompatible with -d) + --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) + -t, --tty=false: Allocate a pseudo-tty + -u, --user="": Username or UID + -v, --volume=[]: Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container) + --volumes-from=[]: Mount volumes from the specified container(s) + -w, --workdir="": Working directory inside the container + +The `docker run` command first `creates` a writeable container layer over the +specified image, and then `starts` it using the specified command. That is, +`docker run` is equivalent to the API `/containers/create` then +`/containers/(id)/start`. A stopped container can be restarted with all its +previous changes intact using `docker start`. See `docker ps -a` to view a list +of all containers. + +The `docker run` command can be used in combination with `docker commit` to +[*change the command that a container runs*](#commit-an-existing-container). + +See [*Redirect Ports*](/use/port_redirection/#port-redirection) +for more detailed information about the `--expose`, `-p`, `-P` and `--link` +parameters, and [*Link Containers*]( +/use/working_with_links_names/#working-with-links-names) for specific +examples using `--link`. + +### Known Issues (run –volumes-from) + +- [Issue 2702](https://github.com/dotcloud/docker/issues/2702): + "lxc-start: Permission denied - failed to mount" could indicate a + permissions problem with AppArmor. Please see the issue for a + workaround. + +### Examples: + + $ sudo docker run --cidfile /tmp/docker_test.cid ubuntu echo "test" + +This will create a container and print `test` to the console. The `cidfile` +flag makes Docker attempt to create a new file and write the container ID to it. +If the file exists already, Docker will return an error. Docker will close this +file when `docker run` exits. + + $ sudo docker run -t -i --rm ubuntu bash + root@bc338942ef20:/# mount -t tmpfs none /mnt + mount: permission denied + +This will *not* work, because by default, most potentially dangerous kernel +capabilities are dropped; including `cap_sys_admin` (which is required to mount +filesystems). However, the `--privileged` flag will allow it to run: + + $ sudo docker run --privileged ubuntu bash + root@50e3f57e16e6:/# mount -t tmpfs none /mnt + root@50e3f57e16e6:/# df -h + Filesystem Size Used Avail Use% Mounted on + none 1.9G 0 1.9G 0% /mnt + +The `--privileged` flag gives *all* capabilities to the container, and it also +lifts all the limitations enforced by the `device` cgroup controller. In other +words, the container can then do almost everything that the host can do. This +flag exists to allow special use-cases, like running Docker within Docker. + + $ sudo docker run -w /path/to/dir/ -i -t ubuntu pwd + +The `-w` lets the command being executed inside directory given, here +`/path/to/dir/`. If the path does not exists it is created inside the container. + + $ sudo docker run -v `pwd`:`pwd` -w `pwd` -i -t ubuntu pwd + +The `-v` flag mounts the current working directory into the container. The `-w` +lets the command being executed inside the current working directory, by +changing into the directory to the value returned by `pwd`. So this +combination executes the command using the container, but inside the +current working directory. + + $ sudo docker run -v /doesnt/exist:/foo -w /foo -i -t ubuntu bash + +When the host directory of a bind-mounted volume doesn't exist, Docker +will automatically create this directory on the host for you. In the +example above, Docker will create the `/doesnt/exist` +folder before starting your container. + + $ sudo docker run -t -i -v /var/run/docker.sock:/var/run/docker.sock -v ./static-docker:/usr/bin/docker busybox sh + +By bind-mounting the docker unix socket and statically linked docker +binary (such as that provided by [https://get.docker.io]( +https://get.docker.io)), you give the container the full access to create and +manipulate the host's docker daemon. + + $ sudo docker run -p 127.0.0.1:80:8080 ubuntu bash + +This binds port `8080` of the container to port `80` on `127.0.0.1` of the host +machine. [*Redirect Ports*](/use/port_redirection/#port-redirection) +explains in detail how to manipulate ports in Docker. + + $ sudo docker run --expose 80 ubuntu bash + +This exposes port `80` of the container for use within a link without publishing +the port to the host system's interfaces. [*Redirect Ports*]( +/use/port_redirection/#port-redirection) explains in detail how to +manipulate ports in Docker. + + $ sudo docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash + +This sets environmental variables in the container. For illustration all three +flags are shown here. Where `-e`, `--env` take an environment variable and +value, or if no "=" is provided, then that variable's current value is passed +through (i.e. $MYVAR1 from the host is set to $MYVAR1 in the container). All +three flags, `-e`, `--env` and `--env-file` can be repeated. + +Regardless of the order of these three flags, the `--env-file` are processed +first, and then `-e`, `--env` flags. This way, the `-e` or `--env` will +override variables as needed. + + $ cat ./env.list + TEST_FOO=BAR + $ sudo docker run --env TEST_FOO="This is a test" --env-file ./env.list busybox env | grep TEST_FOO + TEST_FOO=This is a test + +The `--env-file` flag takes a filename as an argument and expects each line +to be in the VAR=VAL format, mimicking the argument passed to `--env`. Comment +lines need only be prefixed with `#` + +An example of a file passed with `--env-file` + + $ cat ./env.list + TEST_FOO=BAR + + # this is a comment + TEST_APP_DEST_HOST=10.10.0.127 + TEST_APP_DEST_PORT=8888 + + # pass through this variable from the caller + TEST_PASSTHROUGH + $ sudo TEST_PASSTHROUGH=howdy docker run --env-file ./env.list busybox env + HOME=/ + PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + HOSTNAME=5198e0745561 + TEST_FOO=BAR + TEST_APP_DEST_HOST=10.10.0.127 + TEST_APP_DEST_PORT=8888 + TEST_PASSTHROUGH=howdy + + $ sudo docker run --name console -t -i ubuntu bash + +This will create and run a new container with the container name being +`console`. + + $ sudo docker run --link /redis:redis --name console ubuntu bash + +The `--link` flag will link the container named `/redis` into the newly +created container with the alias `redis`. The new container can access the +network and environment of the redis container via environment variables. +The `--name` flag will assign the name `console` to the newly created +container. + + $ sudo docker run --volumes-from 777f7dc92da7,ba8c0c54f0f2:ro -i -t ubuntu pwd + +The `--volumes-from` flag mounts all the defined volumes from the referenced +containers. Containers can be specified by a comma separated list or by +repetitions of the `--volumes-from` argument. The container ID may be +optionally suffixed with `:ro` or `:rw` to mount the volumes in read-only +or read-write mode, respectively. By default, the volumes are mounted in +the same mode (read write or read only) as the reference container. + +The `-a` flag tells `docker run` to bind to the container's stdin, stdout or +stderr. This makes it possible to manipulate the output and input as needed. + + $ echo "test" | sudo docker run -i -a stdin ubuntu cat - + +This pipes data into a container and prints the container's ID by attaching +only to the container'sstdin. + + $ sudo docker run -a stderr ubuntu echo test + +This isn't going to print anything unless there's an error because We've +only attached to the stderr of the container. The container's logs still + store what's been written to stderr and stdout. + + $ cat somefile | sudo docker run -i -a stdin mybuilder dobuild + +This is how piping a file into a container could be done for a build. +The container's ID will be printed after the build is done and the build +logs could be retrieved using `docker logs`. This is +useful if you need to pipe a file or something else into a container and +retrieve the container's ID once the container has finished running. + +**A complete example:** + + $ sudo docker run -d --name static static-web-files sh + $ sudo docker run -d --expose=8098 --name riak riakserver + $ sudo docker run -d -m 100m -e DEVELOPMENT=1 -e BRANCH=example-code -v $(pwd):/app/bin:ro --name app appserver + $ sudo docker run -d -p 1443:443 --dns=dns.dev.org --dns-search=dev.org -v /var/log/httpd --volumes-from static --link riak --link app -h www.sven.dev.org --name web webserver + $ sudo docker run -t -i --rm --volumes-from web -w /var/log/httpd busybox tail -f access.log + +This example shows 5 containers that might be set up to test a web +application change: + +1. Start a pre-prepared volume image `static-web-files` (in the background) + that has CSS, image and static HTML in it, (with a `VOLUME` instruction in + the Dockerfile to allow the web server to use those files); +2. Start a pre-prepared `riakserver` image, give the container name `riak` and + expose port `8098` to any containers that link to it; +3. Start the `appserver` image, restricting its memory usage to 100MB, setting + two environment variables `DEVELOPMENT` and `BRANCH` and bind-mounting the + current directory (`$(pwd)`) in the container in read-only mode as `/app/bin`; +4. Start the `webserver`, mapping port `443` in the container to port `1443` on + the Docker server, setting the DNS server to `dns.dev.org` and DNS search + domain to `dev.org`, creating a volume to put the log files into (so we can + access it from another container), then importing the files from the volume + exposed by the `static` container, and linking to all exposed ports from + `riak` and `app`. Lastly, we set the hostname to `web.sven.dev.org` so its + consistent with the pre-generated SSL certificate; +5. Finally, we create a container that runs `tail -f access.log` using the logs + volume from the `web` container, setting the workdir to `/var/log/httpd`. The + `--rm` option means that when the container exits, the container's layer is + removed. + +## save + +Save an image to a tar archive (streamed to stdout by default) + + Usage: docker save IMAGE + + -o, --output="": Write to an file, instead of STDOUT + +Produces a tarred repository to the standard output stream. Contains all +parent layers, and all tags + versions, or specified repo:tag. + +It is used to create a backup that can then be used with +`docker load` + + $ sudo docker save busybox > busybox.tar + $ ls -sh b.tar + 2.7M b.tar + $ sudo docker save --output busybox.tar busybox + $ ls -sh b.tar + 2.7M b.tar + $ sudo docker save -o fedora-all.tar fedora + $ sudo docker save -o fedora-latest.tar fedora:latest + +## search + +Search [Docker.io](https://index.docker.io) for images + + Usage: docker search TERM + + --no-trunc=false: Don᾿t truncate output + -s, --stars=0: Only displays with at least xxx stars + -t, --trusted=false: Only show trusted builds + +See [*Find Public Images on Docker.io*]( +/use/workingwithrepository/#find-public-images-on-dockerio) for +more details on finding shared images from the commandline. + +## start + +Start a stopped container + + Usage: docker start [OPTIONS] CONTAINER + + -a, --attach=false: Attach container᾿s stdout/stderr and forward all signals to the process + -i, --interactive=false: Attach container᾿s stdin + +## stop + +Stop a running container (Send SIGTERM, and then SIGKILL after grace period) + + Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...] + + -t, --time=10: Number of seconds to wait for the container to stop before killing it. + +The main process inside the container will receive SIGTERM, and after a +grace period, SIGKILL + +## tag + +Tag an image into a repository + + Usage: docker tag [OPTIONS] IMAGE [REGISTRYHOST/][USERNAME/]NAME[:TAG] + + -f, --force=false: Force + +You can group your images together using names and tags, and then upload +them to [*Share Images via Repositories*]( +/use/workingwithrepository/#working-with-the-repository). + +## top + + Usage: docker top CONTAINER [ps OPTIONS] + +Lookup the running processes of a container + +## version + +Show the version of the Docker client, daemon, and latest released +version. + +## wait + + Usage: docker wait [OPTIONS] NAME + +Block until a container stops, then print its exit code. diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst deleted file mode 100644 index c0df5f8175..0000000000 --- a/docs/sources/reference/commandline/cli.rst +++ /dev/null @@ -1,1370 +0,0 @@ -:title: Command Line Interface -:description: Docker's CLI command description and usage -:keywords: Docker, Docker documentation, CLI, command line - -.. _cli: - -Command Line Help ------------------ - -To list available commands, either run ``docker`` with no parameters or execute -``docker help``:: - - $ sudo docker - Usage: docker [OPTIONS] COMMAND [arg...] - -H=[unix:///var/run/docker.sock]: tcp://[host]:port to bind/connect to or unix://[/path/to/socket] to use. When host=[127.0.0.1] is omitted for tcp or path=[/var/run/docker.sock] is omitted for unix sockets, default values are used. - - A self-sufficient runtime for linux containers. - - ... - -.. _cli_options: - -Options -------- - -Single character commandline options can be combined, so rather than typing -``docker run -t -i --name test busybox sh``, you can write -``docker run -ti --name test busybox sh``. - -Boolean -~~~~~~~ - -Boolean options look like ``-d=false``. The value you see is the -default value which gets set if you do **not** use the boolean -flag. If you do call ``run -d``, that sets the opposite boolean value, -so in this case, ``true``, and so ``docker run -d`` **will** run in -"detached" mode, in the background. Other boolean options are similar --- specifying them will set the value to the opposite of the default -value. - -Multi -~~~~~ - -Options like ``-a=[]`` indicate they can be specified multiple times:: - - docker run -a stdin -a stdout -a stderr -i -t ubuntu /bin/bash - -Sometimes this can use a more complex value string, as for ``-v``:: - - docker run -v /host:/container example/mysql - -Strings and Integers -~~~~~~~~~~~~~~~~~~~~ - -Options like ``--name=""`` expect a string, and they can only be -specified once. Options like ``-c=0`` expect an integer, and they can -only be specified once. - ----- - -Commands --------- - -.. _cli_daemon: - -``daemon`` ----------- - -:: - - Usage of docker: - -D, --debug=false: Enable debug mode - -H, --host=[]: Multiple tcp://host:port or unix://path/to/socket to bind in daemon mode, single connection otherwise. systemd socket activation can be used with fd://[socketfd]. - -G, --group="docker": Group to assign the unix socket specified by -H when running in daemon mode; use '' (the empty string) to disable setting of a group - --api-enable-cors=false: Enable CORS headers in the remote API - -b, --bridge="": Attach containers to a pre-existing network bridge; use 'none' to disable container networking - -bip="": Use this CIDR notation address for the network bridge's IP, not compatible with -b - -d, --daemon=false: Enable daemon mode - --dns=[]: Force docker to use specific DNS servers - --dns-search=[]: Force Docker to use specific DNS search domains - -g, --graph="/var/lib/docker": Path to use as the root of the docker runtime - --icc=true: Enable inter-container communication - --ip="0.0.0.0": Default IP address to use when binding container ports - --ip-forward=true: Enable net.ipv4.ip_forward - --iptables=true: Enable Docker's addition of iptables rules - -p, --pidfile="/var/run/docker.pid": Path to use for daemon PID file - -r, --restart=true: Restart previously running containers - -s, --storage-driver="": Force the docker runtime to use a specific storage driver - -e, --exec-driver="native": Force the docker runtime to use a specific exec driver - -v, --version=false: Print version information and quit - --tls=false: Use TLS; implied by tls-verify flags - --tlscacert="~/.docker/ca.pem": Trust only remotes providing a certificate signed by the CA given here - --tlscert="~/.docker/cert.pem": Path to TLS certificate file - --tlskey="~/.docker/key.pem": Path to TLS key file - --tlsverify=false: Use TLS and verify the remote (daemon: verify client, client: verify daemon) - --mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available - -The Docker daemon is the persistent process that manages containers. Docker uses the same binary for both the -daemon and client. To run the daemon you provide the ``-d`` flag. - -To force Docker to use devicemapper as the storage driver, use ``docker -d -s devicemapper``. - -To set the DNS server for all Docker containers, use ``docker -d --dns 8.8.8.8``. - -To set the DNS search domain for all Docker containers, use ``docker -d --dns-search example.com``. - -To run the daemon with debug output, use ``docker -d -D``. - -To use lxc as the execution driver, use ``docker -d -e lxc``. - -The docker client will also honor the ``DOCKER_HOST`` environment variable to set -the ``-H`` flag for the client. - -:: - - docker -H tcp://0.0.0.0:4243 ps - # or - export DOCKER_HOST="tcp://0.0.0.0:4243" - docker ps - # both are equal - -To run the daemon with `systemd socket activation `_, use ``docker -d -H fd://``. -Using ``fd://`` will work perfectly for most setups but you can also specify individual sockets too ``docker -d -H fd://3``. -If the specified socket activated files aren't found then docker will exit. -You can find examples of using systemd socket activation with docker and systemd in the `docker source tree `_. - -Docker supports softlinks for the Docker data directory (``/var/lib/docker``) and for ``/tmp``. -TMPDIR and the data directory can be set like this: - -:: - - TMPDIR=/mnt/disk2/tmp /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 - # or - export TMPDIR=/mnt/disk2/tmp - /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 - -.. _cli_attach: - -``attach`` ----------- - -:: - - Usage: docker attach CONTAINER - - Attach to a running container. - - --no-stdin=false: Do not attach stdin - --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) - -You can detach from the container again (and leave it running) with -``CTRL-c`` (for a quiet exit) or ``CTRL-\`` to get a stacktrace of -the Docker client when it quits. When you detach from the container's -process the exit code will be returned to the client. - -To stop a container, use ``docker stop``. - -To kill the container, use ``docker kill``. - -.. _cli_attach_examples: - -Examples: -~~~~~~~~~ - -.. code-block:: bash - - $ ID=$(sudo docker run -d ubuntu /usr/bin/top -b) - $ sudo docker attach $ID - top - 02:05:52 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 - Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie - Cpu(s): 0.1%us, 0.2%sy, 0.0%ni, 99.7%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st - Mem: 373572k total, 355560k used, 18012k free, 27872k buffers - Swap: 786428k total, 0k used, 786428k free, 221740k cached - - PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND - 1 root 20 0 17200 1116 912 R 0 0.3 0:00.03 top - - top - 02:05:55 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 - Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie - Cpu(s): 0.0%us, 0.2%sy, 0.0%ni, 99.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st - Mem: 373572k total, 355244k used, 18328k free, 27872k buffers - Swap: 786428k total, 0k used, 786428k free, 221776k cached - - PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND - 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top - - - top - 02:05:58 up 3:06, 0 users, load average: 0.01, 0.02, 0.05 - Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie - Cpu(s): 0.2%us, 0.3%sy, 0.0%ni, 99.5%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st - Mem: 373572k total, 355780k used, 17792k free, 27880k buffers - Swap: 786428k total, 0k used, 786428k free, 221776k cached - - PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND - 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top - ^C$ - $ sudo docker stop $ID - -.. _cli_build: - -``build`` ---------- - -:: - - Usage: docker build [OPTIONS] PATH | URL | - - Build a new container image from the source code at PATH - -t, --tag="": Repository name (and optionally a tag) to be applied - to the resulting image in case of success. - -q, --quiet=false: Suppress the verbose output generated by the containers. - --no-cache: Do not use the cache when building the image. - --rm=true: Remove intermediate containers after a successful build - -The files at ``PATH`` or ``URL`` are called the "context" of the build. -The build process may refer to any of the files in the context, for example when -using an :ref:`ADD ` instruction. -When a single ``Dockerfile`` is given as ``URL``, then no context is set. - -When a Git repository is set as ``URL``, then the repository is used as the context. -The Git repository is cloned with its submodules (`git clone --recursive`). -A fresh git clone occurs in a temporary directory on your local host, and then this -is sent to the Docker daemon as the context. -This way, your local user credentials and vpn's etc can be used to access private repositories - -.. _cli_build_examples: - -.. seealso:: :ref:`dockerbuilder`. - -Examples: -~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker build . - Uploading context 10240 bytes - Step 1 : FROM busybox - Pulling repository busybox - ---> e9aa60c60128MB/2.284 MB (100%) endpoint: https://cdn-registry-1.docker.io/v1/ - Step 2 : RUN ls -lh / - ---> Running in 9c9e81692ae9 - total 24 - drwxr-xr-x 2 root root 4.0K Mar 12 2013 bin - drwxr-xr-x 5 root root 4.0K Oct 19 00:19 dev - drwxr-xr-x 2 root root 4.0K Oct 19 00:19 etc - drwxr-xr-x 2 root root 4.0K Nov 15 23:34 lib - lrwxrwxrwx 1 root root 3 Mar 12 2013 lib64 -> lib - dr-xr-xr-x 116 root root 0 Nov 15 23:34 proc - lrwxrwxrwx 1 root root 3 Mar 12 2013 sbin -> bin - dr-xr-xr-x 13 root root 0 Nov 15 23:34 sys - drwxr-xr-x 2 root root 4.0K Mar 12 2013 tmp - drwxr-xr-x 2 root root 4.0K Nov 15 23:34 usr - ---> b35f4035db3f - Step 3 : CMD echo Hello World - ---> Running in 02071fceb21b - ---> f52f38b7823e - Successfully built f52f38b7823e - Removing intermediate container 9c9e81692ae9 - Removing intermediate container 02071fceb21b - - -This example specifies that the ``PATH`` is ``.``, and so all the files in -the local directory get tar'd and sent to the Docker daemon. The ``PATH`` -specifies where to find the files for the "context" of the build on -the Docker daemon. Remember that the daemon could be running on a -remote machine and that no parsing of the ``Dockerfile`` happens at the -client side (where you're running ``docker build``). That means that -*all* the files at ``PATH`` get sent, not just the ones listed to -:ref:`ADD ` in the ``Dockerfile``. - -The transfer of context from the local machine to the Docker daemon is -what the ``docker`` client means when you see the "Uploading context" -message. - -If you wish to keep the intermediate containers after the build is complete, -you must use ``--rm=false``. This does not affect the build cache. - - -.. code-block:: bash - - $ sudo docker build -t vieux/apache:2.0 . - -This will build like the previous example, but it will then tag the -resulting image. The repository name will be ``vieux/apache`` and the -tag will be ``2.0`` - - -.. code-block:: bash - - $ sudo docker build - < Dockerfile - -This will read a ``Dockerfile`` from *stdin* without context. Due to -the lack of a context, no contents of any local directory will be sent -to the ``docker`` daemon. Since there is no context, a ``Dockerfile`` -``ADD`` only works if it refers to a remote URL. - -.. code-block:: bash - - $ sudo docker build github.com/creack/docker-firefox - -This will clone the GitHub repository and use the cloned repository as -context. The ``Dockerfile`` at the root of the repository is used as -``Dockerfile``. Note that you can specify an arbitrary Git repository -by using the ``git://`` schema. - - -.. _cli_commit: - -``commit`` ----------- - -:: - - Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]] - - Create a new image from a container's changes - - -m, --message="": Commit message - -a, --author="": Author (eg. "John Hannibal Smith " - -.. _cli_commit_examples: - -Commit an existing container -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker ps - ID IMAGE COMMAND CREATED STATUS PORTS - c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours - 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours - $ docker commit c3f279d17e0a SvenDowideit/testimage:version3 - f5283438590d - $ docker images | head - REPOSITORY TAG ID CREATED VIRTUAL SIZE - SvenDowideit/testimage version3 f5283438590d 16 seconds ago 335.7 MB - - -.. _cli_cp: - -``cp`` ------- - -:: - - Usage: docker cp CONTAINER:PATH HOSTPATH - - Copy files/folders from the containers filesystem to the host - path. Paths are relative to the root of the filesystem. - -.. code-block:: bash - - $ sudo docker cp 7bb0e258aefe:/etc/debian_version . - $ sudo docker cp blue_frog:/etc/hosts . - -.. _cli_diff: - -``diff`` --------- - -:: - - Usage: docker diff CONTAINER - - List the changed files and directories in a container's filesystem - -There are 3 events that are listed in the 'diff': - -1. ```A``` - Add -2. ```D``` - Delete -3. ```C``` - Change - -For example: - -.. code-block:: bash - - $ sudo docker diff 7bb0e258aefe - - C /dev - A /dev/kmsg - C /etc - A /etc/mtab - A /go - A /go/src - A /go/src/github.com - A /go/src/github.com/dotcloud - A /go/src/github.com/dotcloud/docker - A /go/src/github.com/dotcloud/docker/.git - .... - -.. _cli_events: - -``events`` ----------- - -:: - - Usage: docker events - - Get real time events from the server - - --since="": Show previously created events and then stream. - (either seconds since epoch, or date string as below) - -.. _cli_events_example: - -Examples -~~~~~~~~ - -You'll need two shells for this example. - -Shell 1: Listening for events -............................. - -.. code-block:: bash - - $ sudo docker events - -Shell 2: Start and Stop a Container -................................... - -.. code-block:: bash - - $ sudo docker start 4386fb97867d - $ sudo docker stop 4386fb97867d - -Shell 1: (Again .. now showing events) -...................................... - -.. code-block:: bash - - [2013-09-03 15:49:26 +0200 CEST] 4386fb97867d: (from 12de384bfb10) start - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop - -Show events in the past from a specified time -............................................. - -.. code-block:: bash - - $ sudo docker events --since 1378216169 - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop - - $ sudo docker events --since '2013-09-03' - [2013-09-03 15:49:26 +0200 CEST] 4386fb97867d: (from 12de384bfb10) start - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop - - $ sudo docker events --since '2013-09-03 15:49:29 +0200 CEST' - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop - -.. _cli_export: - -``export`` ----------- - -:: - - Usage: docker export CONTAINER - - Export the contents of a filesystem as a tar archive to STDOUT - -For example: - -.. code-block:: bash - - $ sudo docker export red_panda > latest.tar - -.. _cli_history: - -``history`` ------------ - -:: - - Usage: docker history [OPTIONS] IMAGE - - Show the history of an image - - --no-trunc=false: Don't truncate output - -q, --quiet=false: Only show numeric IDs - -To see how the ``docker:latest`` image was built: - -.. code-block:: bash - - $ docker history docker - IMAGE CREATED CREATED BY SIZE - 3e23a5875458790b7a806f95f7ec0d0b2a5c1659bfc899c89f939f6d5b8f7094 8 days ago /bin/sh -c #(nop) ENV LC_ALL=C.UTF-8 0 B - 8578938dd17054dce7993d21de79e96a037400e8d28e15e7290fea4f65128a36 8 days ago /bin/sh -c dpkg-reconfigure locales && locale-gen C.UTF-8 && /usr/sbin/update-locale LANG=C.UTF-8 1.245 MB - be51b77efb42f67a5e96437b3e102f81e0a1399038f77bf28cea0ed23a65cf60 8 days ago /bin/sh -c apt-get update && apt-get install -y git libxml2-dev python build-essential make gcc python-dev locales python-pip 338.3 MB - 4b137612be55ca69776c7f30c2d2dd0aa2e7d72059820abf3e25b629f887a084 6 weeks ago /bin/sh -c #(nop) ADD jessie.tar.xz in / 121 MB - 750d58736b4b6cc0f9a9abe8f258cef269e3e9dceced1146503522be9f985ada 6 weeks ago /bin/sh -c #(nop) MAINTAINER Tianon Gravi - mkimage-debootstrap.sh -t jessie.tar.xz jessie http://http.debian.net/debian 0 B - 511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158 9 months ago 0 B - -.. _cli_images: - -``images`` ----------- - -:: - - Usage: docker images [OPTIONS] [NAME] - - List images - - -a, --all=false: Show all images (by default filter out the intermediate image layers) - --no-trunc=false: Don't truncate output - -q, --quiet=false: Only show numeric IDs - -The default ``docker images`` will show all top level images, their repository -and tags, and their virtual size. - -Docker images have intermediate layers that increase reuseability, decrease -disk usage, and speed up ``docker build`` by allowing each step to be cached. -These intermediate layers are not shown by default. - -Listing the most recently created images -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker images | head - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE - 77af4d6b9913 19 hours ago 1.089 GB - committest latest b6fa739cedf5 19 hours ago 1.089 GB - 78a85c484f71 19 hours ago 1.089 GB - docker latest 30557a29d5ab 20 hours ago 1.089 GB - 0124422dd9f9 20 hours ago 1.089 GB - 18ad6fad3402 22 hours ago 1.082 GB - f9f1e26352f0 23 hours ago 1.089 GB - tryout latest 2629d1fa0b81 23 hours ago 131.5 MB - 5ed6274db6ce 24 hours ago 1.089 GB - -Listing the full length image IDs -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker images --no-trunc | head - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE - 77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182 19 hours ago 1.089 GB - committest latest b6fa739cedf5ea12a620a439402b6004d057da800f91c7524b5086a5e4749c9f 19 hours ago 1.089 GB - 78a85c484f71509adeaace20e72e941f6bdd2b25b4c75da8693efd9f61a37921 19 hours ago 1.089 GB - docker latest 30557a29d5abc51e5f1d5b472e79b7e296f595abcf19fe6b9199dbbc809c6ff4 20 hours ago 1.089 GB - 0124422dd9f9cf7ef15c0617cda3931ee68346455441d66ab8bdc5b05e9fdce5 20 hours ago 1.089 GB - 18ad6fad340262ac2a636efd98a6d1f0ea775ae3d45240d3418466495a19a81b 22 hours ago 1.082 GB - f9f1e26352f0a3ba6a0ff68167559f64f3e21ff7ada60366e2d44a04befd1d3a 23 hours ago 1.089 GB - tryout latest 2629d1fa0b81b222fca63371ca16cbf6a0772d07759ff80e8d1369b926940074 23 hours ago 131.5 MB - 5ed6274db6ceb2397844896966ea239290555e74ef307030ebb01ff91b1914df 24 hours ago 1.089 GB - -.. _cli_import: - -``import`` ----------- - -:: - - Usage: docker import URL|- [REPOSITORY[:TAG]] - - Create an empty filesystem image and import the contents of the tarball - (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then optionally tag it. - -At this time, the URL must start with ``http`` and point to a single -file archive (.tar, .tar.gz, .tgz, .bzip, .tar.xz, or .txz) containing a -root filesystem. If you would like to import from a local directory or -archive, you can use the ``-`` parameter to take the data from *stdin*. - -Examples -~~~~~~~~ - -Import from a remote location -............................. - -This will create a new untagged image. - -.. code-block:: bash - - $ sudo docker import http://example.com/exampleimage.tgz - -Import from a local file -........................ - -Import to docker via pipe and *stdin*. - -.. code-block:: bash - - $ cat exampleimage.tgz | sudo docker import - exampleimagelocal:new - -Import from a local directory -............................. - -.. code-block:: bash - - $ sudo tar -c . | docker import - exampleimagedir - -Note the ``sudo`` in this example -- you must preserve the ownership of the -files (especially root ownership) during the archiving with tar. If you are not -root (or the sudo command) when you tar, then the ownerships might not get -preserved. - -.. _cli_info: - -``info`` --------- - -:: - - Usage: docker info - - Display system-wide information. - -.. code-block:: bash - - $ sudo docker info - Containers: 292 - Images: 194 - Debug mode (server): false - Debug mode (client): false - Fds: 22 - Goroutines: 67 - LXC Version: 0.9.0 - EventsListeners: 115 - Kernel Version: 3.8.0-33-generic - WARNING: No swap limit support - - -.. _cli_inspect: - -``inspect`` ------------ - -:: - - Usage: docker inspect CONTAINER|IMAGE [CONTAINER|IMAGE...] - - Return low-level information on a container/image - - -f, --format="": Format the output using the given go template. - -By default, this will render all results in a JSON array. If a format -is specified, the given template will be executed for each result. - -Go's `text/template `_ package -describes all the details of the format. - -Examples -~~~~~~~~ - -Get an instance's IP Address -............................ - -For the most part, you can pick out any field from the JSON in a -fairly straightforward manner. - -.. code-block:: bash - - $ sudo docker inspect --format='{{.NetworkSettings.IPAddress}}' $INSTANCE_ID - -List All Port Bindings -...................... - -One can loop over arrays and maps in the results to produce simple -text output: - -.. code-block:: bash - - $ sudo docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID - -Find a Specific Port Mapping -............................ - -The ``.Field`` syntax doesn't work when the field name begins with a -number, but the template language's ``index`` function does. The -``.NetworkSettings.Ports`` section contains a map of the internal port -mappings to a list of external address/port objects, so to grab just -the numeric public port, you use ``index`` to find the specific port -map, and then ``index`` 0 contains first object inside of that. Then -we ask for the ``HostPort`` field to get the public address. - -.. code-block:: bash - - $ sudo docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID - -Get config -.......... - -The ``.Field`` syntax doesn't work when the field contains JSON data, -but the template language's custom ``json`` function does. The ``.config`` -section contains complex json object, so to grab it as JSON, you use ``json`` -to convert config object into JSON - -.. code-block:: bash - - $ sudo docker inspect --format='{{json .config}}' $INSTANCE_ID - - -.. _cli_kill: - -``kill`` --------- - -:: - - Usage: docker kill [OPTIONS] CONTAINER [CONTAINER...] - - Kill a running container (send SIGKILL, or specified signal) - - -s, --signal="KILL": Signal to send to the container - -The main process inside the container will be sent SIGKILL, or any signal specified with option ``--signal``. - -Known Issues (kill) -~~~~~~~~~~~~~~~~~~~ - -* :issue:`197` indicates that ``docker kill`` may leave directories - behind and make it difficult to remove the container. -* :issue:`3844` lxc 1.0.0 beta3 removed ``lcx-kill`` which is used by Docker versions before 0.8.0; - see the issue for a workaround. - -.. _cli_load: - -``load`` --------- - -:: - - Usage: docker load - - Load an image from a tar archive on STDIN - - -i, --input="": Read from a tar archive file, instead of STDIN - -Loads a tarred repository from a file or the standard input stream. -Restores both images and tags. - -.. code-block:: bash - - $ sudo docker images - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE - $ sudo docker load < busybox.tar - $ sudo docker images - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE - busybox latest 769b9341d937 7 weeks ago 2.489 MB - $ sudo docker load --input fedora.tar - $ sudo docker images - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE - busybox latest 769b9341d937 7 weeks ago 2.489 MB - fedora rawhide 0d20aec6529d 7 weeks ago 387 MB - fedora 20 58394af37342 7 weeks ago 385.5 MB - fedora heisenbug 58394af37342 7 weeks ago 385.5 MB - fedora latest 58394af37342 7 weeks ago 385.5 MB - - -.. _cli_login: - -``login`` ---------- - -:: - - Usage: docker login [OPTIONS] [SERVER] - - Register or Login to the docker registry server - - -e, --email="": Email - -p, --password="": Password - -u, --username="": Username - - If you want to login to a private registry you can - specify this by adding the server name. - - example: - docker login localhost:8080 - - -.. _cli_logs: - -``logs`` --------- - -:: - - Usage: docker logs [OPTIONS] CONTAINER - - Fetch the logs of a container - - -f, --follow=false: Follow log output - -The ``docker logs`` command is a convenience which batch-retrieves whatever -logs are present at the time of execution. This does not guarantee execution -order when combined with a ``docker run`` (i.e. your run may not have generated -any logs at the time you execute ``docker logs``). - -The ``docker logs --follow`` command combines ``docker logs`` and ``docker attach``: -it will first return all logs from the beginning and then continue streaming -new output from the container's stdout and stderr. - - -.. _cli_port: - -``port`` --------- - -:: - - Usage: docker port [OPTIONS] CONTAINER PRIVATE_PORT - - Lookup the public-facing port which is NAT-ed to PRIVATE_PORT - - -.. _cli_ps: - -``ps`` ------- - -:: - - Usage: docker ps [OPTIONS] - - List containers - - -a, --all=false: Show all containers. Only running containers are shown by default. - --before="": Show only container created before Id or Name, include non-running ones. - -l, --latest=false: Show only the latest created container, include non-running ones. - -n=-1: Show n last created containers, include non-running ones. - --no-trunc=false: Don't truncate output - -q, --quiet=false: Only display numeric IDs - -s, --size=false: Display sizes, not to be used with -q - --since="": Show only containers created since Id or Name, include non-running ones. - - -Running ``docker ps`` showing 2 linked containers. - -.. code-block:: bash - - $ docker ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 4c01db0b339c ubuntu:12.04 bash 17 seconds ago Up 16 seconds webapp - d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db - fd2645e2e2b5 busybox:latest top 10 days ago Ghost insane_ptolemy - -The last container is marked as a ``Ghost`` container. It is a container that was running when the docker daemon was restarted (upgraded, or ``-H`` settings changed). The container is still running, but as this docker daemon process is not able to manage it, you can't attach to it. To bring them out of ``Ghost`` Status, you need to use ``docker kill`` or ``docker restart``. - -``docker ps`` will show only running containers by default. To see all containers: ``docker ps -a`` - -.. _cli_pull: - -``pull`` --------- - -:: - - Usage: docker pull NAME[:TAG] - - Pull an image or a repository from the registry - - -.. _cli_push: - -``push`` --------- - -:: - - Usage: docker push NAME[:TAG] - - Push an image or a repository to the registry - - -.. _cli_restart: - -``restart`` ------------ - -:: - - Usage: docker restart [OPTIONS] NAME - - Restart a running container - - -t, --time=10: Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default=10 - -.. _cli_rm: - -``rm`` ------- - -:: - - Usage: docker rm [OPTIONS] CONTAINER - - Remove one or more containers - -l, --link="": Remove the link instead of the actual container - -f, --force=false: Force removal of running container - -v, --volumes=false: Remove the volumes associated to the container - -Known Issues (rm) -~~~~~~~~~~~~~~~~~ - -* :issue:`197` indicates that ``docker kill`` may leave directories - behind and make it difficult to remove the container. - - -Examples: -~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker rm /redis - /redis - - -This will remove the container referenced under the link ``/redis``. - - -.. code-block:: bash - - $ sudo docker rm --link /webapp/redis - /webapp/redis - - -This will remove the underlying link between ``/webapp`` and the ``/redis`` containers removing all -network communication. - -.. code-block:: bash - - $ sudo docker rm `docker ps -a -q` - - -This command will delete all stopped containers. The command ``docker ps -a -q`` will return all -existing container IDs and pass them to the ``rm`` command which will delete them. Any running -containers will not be deleted. - -.. _cli_rmi: - -``rmi`` -------- - -:: - - Usage: docker rmi IMAGE [IMAGE...] - - Remove one or more images - - -f, --force=false: Force - --no-prune=false: Do not delete untagged parents - -Removing tagged images -~~~~~~~~~~~~~~~~~~~~~~ - -Images can be removed either by their short or long ID's, or their image names. -If an image has more than one name, each of them needs to be removed before the -image is removed. - -.. code-block:: bash - - $ sudo docker images - REPOSITORY TAG IMAGE ID CREATED SIZE - test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - test2 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - - $ sudo docker rmi fd484f19954f - Error: Conflict, cannot delete image fd484f19954f because it is tagged in multiple repositories - 2013/12/11 05:47:16 Error: failed to remove one or more images - - $ sudo docker rmi test1 - Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 - $ sudo docker rmi test2 - Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 - - $ sudo docker images - REPOSITORY TAG IMAGE ID CREATED SIZE - test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - $ sudo docker rmi test - Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 - Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 - - -.. _cli_run: - -``run`` -------- - -:: - - Usage: docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] - - Run a command in a new container - - -a, --attach=map[]: Attach to stdin, stdout or stderr - -c, --cpu-shares=0: CPU shares (relative weight) - --cidfile="": Write the container ID to the file - -d, --detach=false: Detached mode: Run container in the background, print new container id - -e, --env=[]: Set environment variables - --env-file="": Read in a line delimited file of ENV variables - -h, --hostname="": Container host name - -i, --interactive=false: Keep stdin open even if not attached - --privileged=false: Give extended privileges to this container - -m, --memory="": Memory limit (format: , where unit = b, k, m or g) - -n, --networking=true: Enable networking for this container - -p, --publish=[]: Map a network port to the container - --rm=false: Automatically remove the container when it exits (incompatible with -d) - -t, --tty=false: Allocate a pseudo-tty - -u, --user="": Username or UID - --dns=[]: Set custom dns servers for the container - --dns-search=[]: Set custom DNS search domains for the container - -v, --volume=[]: Create a bind mount to a directory or file with: [host-path]:[container-path]:[rw|ro]. If a directory "container-path" is missing, then docker creates a new volume. - --volumes-from="": Mount all volumes from the given container(s) - --entrypoint="": Overwrite the default entrypoint set by the image - -w, --workdir="": Working directory inside the container - --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" - --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) - --expose=[]: Expose a port from the container without publishing it to your host - --link="": Add link to another container (name:alias) - --name="": Assign the specified name to the container. If no name is specific docker will generate a random name - -P, --publish-all=false: Publish all exposed ports to the host interfaces - -The ``docker run`` command first ``creates`` a writeable container layer over -the specified image, and then ``starts`` it using the specified command. That -is, ``docker run`` is equivalent to the API ``/containers/create`` then -``/containers/(id)/start``. -Once the container is stopped it still exists and can be started back up. See ``docker ps -a`` to view a list of all containers. - -The ``docker run`` command can be used in combination with ``docker commit`` to -:ref:`change the command that a container runs `. - -See :ref:`port_redirection` for more detailed information about the ``--expose``, -``-p``, ``-P`` and ``--link`` parameters, and :ref:`working_with_links_names` for -specific examples using ``--link``. - -Known Issues (run --volumes-from) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -* :issue:`2702`: "lxc-start: Permission denied - failed to mount" - could indicate a permissions problem with AppArmor. Please see the - issue for a workaround. - -Examples: -~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker run --cidfile /tmp/docker_test.cid ubuntu echo "test" - -This will create a container and print ``test`` to the console. The -``cidfile`` flag makes Docker attempt to create a new file and write the -container ID to it. If the file exists already, Docker will return an -error. Docker will close this file when ``docker run`` exits. - -.. code-block:: bash - - $ sudo docker run -t -i --rm ubuntu bash - root@bc338942ef20:/# mount -t tmpfs none /mnt - mount: permission denied - - -This will *not* work, because by default, most potentially dangerous -kernel capabilities are dropped; including ``cap_sys_admin`` (which is -required to mount filesystems). However, the ``--privileged`` flag will -allow it to run: - -.. code-block:: bash - - $ sudo docker run --privileged ubuntu bash - root@50e3f57e16e6:/# mount -t tmpfs none /mnt - root@50e3f57e16e6:/# df -h - Filesystem Size Used Avail Use% Mounted on - none 1.9G 0 1.9G 0% /mnt - - -The ``--privileged`` flag gives *all* capabilities to the container, -and it also lifts all the limitations enforced by the ``device`` -cgroup controller. In other words, the container can then do almost -everything that the host can do. This flag exists to allow special -use-cases, like running Docker within Docker. - -.. code-block:: bash - - $ sudo docker run -w /path/to/dir/ -i -t ubuntu pwd - -The ``-w`` lets the command being executed inside directory given, -here ``/path/to/dir/``. If the path does not exists it is created inside the -container. - -.. code-block:: bash - - $ sudo docker run -v `pwd`:`pwd` -w `pwd` -i -t ubuntu pwd - -The ``-v`` flag mounts the current working directory into the container. -The ``-w`` lets the command being executed inside the current -working directory, by changing into the directory to the value -returned by ``pwd``. So this combination executes the command -using the container, but inside the current working directory. - -.. code-block:: bash - - $ sudo docker run -v /doesnt/exist:/foo -w /foo -i -t ubuntu bash - -When the host directory of a bind-mounted volume doesn't exist, Docker -will automatically create this directory on the host for you. In the -example above, Docker will create the ``/doesnt/exist`` folder before -starting your container. - -.. code-block:: bash - - $ sudo docker run -t -i -v /var/run/docker.sock:/var/run/docker.sock -v ./static-docker:/usr/bin/docker busybox sh - -By bind-mounting the docker unix socket and statically linked docker binary -(such as that provided by https://get.docker.io), you give the container -the full access to create and manipulate the host's docker daemon. - -.. code-block:: bash - - $ sudo docker run -p 127.0.0.1:80:8080 ubuntu bash - -This binds port ``8080`` of the container to port ``80`` on ``127.0.0.1`` of the -host machine. :ref:`port_redirection` explains in detail how to manipulate ports -in Docker. - -.. code-block:: bash - - $ sudo docker run --expose 80 ubuntu bash - -This exposes port ``80`` of the container for use within a link without -publishing the port to the host system's interfaces. :ref:`port_redirection` -explains in detail how to manipulate ports in Docker. - -.. code-block:: bash - - $ sudo docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash - -This sets environmental variables in the container. For illustration all three -flags are shown here. Where ``-e``, ``--env`` take an environment variable and -value, or if no "=" is provided, then that variable's current value is passed -through (i.e. $MYVAR1 from the host is set to $MYVAR1 in the container). All -three flags, ``-e``, ``--env`` and ``--env-file`` can be repeated. - -Regardless of the order of these three flags, the ``--env-file`` are processed -first, and then ``-e``/``--env`` flags. This way, the ``-e`` or ``--env`` will -override variables as needed. - -.. code-block:: bash - - $ cat ./env.list - TEST_FOO=BAR - $ sudo docker run --env TEST_FOO="This is a test" --env-file ./env.list busybox env | grep TEST_FOO - TEST_FOO=This is a test - -The ``--env-file`` flag takes a filename as an argument and expects each line -to be in the VAR=VAL format, mimicking the argument passed to ``--env``. -Comment lines need only be prefixed with ``#`` - -An example of a file passed with ``--env-file`` - -.. code-block:: bash - - $ cat ./env.list - TEST_FOO=BAR - - # this is a comment - TEST_APP_DEST_HOST=10.10.0.127 - TEST_APP_DEST_PORT=8888 - - # pass through this variable from the caller - TEST_PASSTHROUGH - $ sudo TEST_PASSTHROUGH=howdy docker run --env-file ./env.list busybox env - HOME=/ - PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - HOSTNAME=5198e0745561 - TEST_FOO=BAR - TEST_APP_DEST_HOST=10.10.0.127 - TEST_APP_DEST_PORT=8888 - TEST_PASSTHROUGH=howdy - - -.. code-block:: bash - - $ sudo docker run --name console -t -i ubuntu bash - -This will create and run a new container with the container name -being ``console``. - -.. code-block:: bash - - $ sudo docker run --link /redis:redis --name console ubuntu bash - -The ``--link`` flag will link the container named ``/redis`` into the -newly created container with the alias ``redis``. The new container -can access the network and environment of the redis container via -environment variables. The ``--name`` flag will assign the name ``console`` -to the newly created container. - -.. code-block:: bash - - $ sudo docker run --volumes-from 777f7dc92da7,ba8c0c54f0f2:ro -i -t ubuntu pwd - -The ``--volumes-from`` flag mounts all the defined volumes from the -referenced containers. Containers can be specified by a comma separated -list or by repetitions of the ``--volumes-from`` argument. The container -ID may be optionally suffixed with ``:ro`` or ``:rw`` to mount the volumes in -read-only or read-write mode, respectively. By default, the volumes are mounted -in the same mode (read write or read only) as the reference container. - -The ``-a`` flag tells ``docker run`` to bind to the container's stdin, stdout -or stderr. This makes it possible to manipulate the output and input as needed. - -.. code-block:: bash - - $ sudo echo "test" | docker run -i -a stdin ubuntu cat - - -This pipes data into a container and prints the container's ID by attaching -only to the container's stdin. - -.. code-block:: bash - - $ sudo docker run -a stderr ubuntu echo test - -This isn't going to print anything unless there's an error because we've only -attached to the stderr of the container. The container's logs still store -what's been written to stderr and stdout. - -.. code-block:: bash - - $ sudo cat somefile | docker run -i -a stdin mybuilder dobuild - -This is how piping a file into a container could be done for a build. -The container's ID will be printed after the build is done and the build logs -could be retrieved using ``docker logs``. This is useful if you need to pipe -a file or something else into a container and retrieve the container's ID once -the container has finished running. - - -A complete example -.................. - -.. code-block:: bash - - $ sudo docker run -d --name static static-web-files sh - $ sudo docker run -d --expose=8098 --name riak riakserver - $ sudo docker run -d -m 100m -e DEVELOPMENT=1 -e BRANCH=example-code -v $(pwd):/app/bin:ro --name app appserver - $ sudo docker run -d -p 1443:443 --dns=dns.dev.org --dns-search=dev.org -v /var/log/httpd --volumes-from static --link riak --link app -h www.sven.dev.org --name web webserver - $ sudo docker run -t -i --rm --volumes-from web -w /var/log/httpd busybox tail -f access.log - -This example shows 5 containers that might be set up to test a web application change: - -1. Start a pre-prepared volume image ``static-web-files`` (in the background) that has CSS, image and static HTML in it, (with a ``VOLUME`` instruction in the ``Dockerfile`` to allow the web server to use those files); -2. Start a pre-prepared ``riakserver`` image, give the container name ``riak`` and expose port ``8098`` to any containers that link to it; -3. Start the ``appserver`` image, restricting its memory usage to 100MB, setting two environment variables ``DEVELOPMENT`` and ``BRANCH`` and bind-mounting the current directory (``$(pwd)``) in the container in read-only mode as ``/app/bin``; -4. Start the ``webserver``, mapping port ``443`` in the container to port ``1443`` on the Docker server, setting the DNS server to ``dns.dev.org`` and DNS search domain to ``dev.org``, creating a volume to put the log files into (so we can access it from another container), then importing the files from the volume exposed by the ``static`` container, and linking to all exposed ports from ``riak`` and ``app``. Lastly, we set the hostname to ``web.sven.dev.org`` so its consistent with the pre-generated SSL certificate; -5. Finally, we create a container that runs ``tail -f access.log`` using the logs volume from the ``web`` container, setting the workdir to ``/var/log/httpd``. The ``--rm`` option means that when the container exits, the container's layer is removed. - - -.. _cli_save: - -``save`` ---------- - -:: - - Usage: docker save IMAGE - - Save an image to a tar archive (streamed to stdout by default) - - -o, --output="": Write to an file, instead of STDOUT - - -Produces a tarred repository to the standard output stream. -Contains all parent layers, and all tags + versions, or specified repo:tag. - -.. code-block:: bash - - $ sudo docker save busybox > busybox.tar - $ ls -sh b.tar - 2.7M b.tar - $ sudo docker save --output busybox.tar busybox - $ ls -sh b.tar - 2.7M b.tar - $ sudo docker save -o fedora-all.tar fedora - $ sudo docker save -o fedora-latest.tar fedora:latest - - -.. _cli_search: - -``search`` ----------- - -:: - - Usage: docker search TERM - - Search the docker index for images - - --no-trunc=false: Don't truncate output - -s, --stars=0: Only displays with at least xxx stars - -t, --trusted=false: Only show trusted builds - -.. _cli_start: - -``start`` ---------- - -:: - - Usage: docker start [OPTIONS] CONTAINER - - Start a stopped container - - -a, --attach=false: Attach container's stdout/stderr and forward all signals to the process - -i, --interactive=false: Attach container's stdin - -.. _cli_stop: - -``stop`` --------- - -:: - - Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...] - - Stop a running container (Send SIGTERM, and then SIGKILL after grace period) - - -t, --time=10: Number of seconds to wait for the container to stop before killing it. - -The main process inside the container will receive SIGTERM, and after a grace period, SIGKILL - -.. _cli_tag: - -``tag`` -------- - -:: - - Usage: docker tag [OPTIONS] IMAGE [REGISTRYHOST/][USERNAME/]NAME[:TAG] - - Tag an image into a repository - - -f, --force=false: Force - -.. _cli_top: - -``top`` -------- - -:: - - Usage: docker top CONTAINER [ps OPTIONS] - - Lookup the running processes of a container - -.. _cli_version: - -``version`` ------------ - -Show the version of the Docker client, daemon, and latest released version. - - -.. _cli_wait: - -``wait`` --------- - -:: - - Usage: docker wait [OPTIONS] NAME - - Block until a container stops, then print its exit code. diff --git a/docs/sources/reference/commandline/index.rst b/docs/sources/reference/commandline/index.rst deleted file mode 100644 index 5536e1012e..0000000000 --- a/docs/sources/reference/commandline/index.rst +++ /dev/null @@ -1,14 +0,0 @@ -:title: Commands -:description: docker command line interface -:keywords: commands, command line, help, docker - - -Commands -======== - -Contents: - -.. toctree:: - :maxdepth: 1 - - cli diff --git a/docs/sources/reference/index.rst b/docs/sources/reference/index.rst deleted file mode 100644 index d35a19b93d..0000000000 --- a/docs/sources/reference/index.rst +++ /dev/null @@ -1,18 +0,0 @@ -:title: Docker Reference Manual -:description: References -:keywords: docker, references, api, command line, commands - -.. _references: - -Reference Manual -================ - -Contents: - -.. toctree:: - :maxdepth: 1 - - commandline/index - builder - run - api/index diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md new file mode 100644 index 0000000000..b3415330fe --- /dev/null +++ b/docs/sources/reference/run.md @@ -0,0 +1,444 @@ +page_title: Docker Run Reference +page_description: Configure containers at runtime +page_keywords: docker, run, configure, runtime + +# Docker Run Reference + +**Docker runs processes in isolated containers**. When an operator +executes `docker run`, she starts a process with its +own file system, its own networking, and its own isolated process tree. +The [*Image*](/terms/image/#image-def) which starts the process may +define defaults related to the binary to run, the networking to expose, +and more, but `docker run` gives final control to +the operator who starts the container from the image. That's the main +reason [*run*](/commandline/cli/#cli-run) has more options than any +other `docker` command. + +Every one of the [*Examples*](/examples/#example-list) shows +running containers, and so here we try to give more in-depth guidance. + +## General Form + +As you`ve seen in the [*Examples*](/examples/#example-list), the +basic run command takes this form: + + $ docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] + +To learn how to interpret the types of `[OPTIONS]`, +see [*Option types*](/commandline/cli/#cli-options). + +The list of `[OPTIONS]` breaks down into two groups: + +1. Settings exclusive to operators, including: + + - Detached or Foreground running, + - Container Identification, + - Network settings, and + - Runtime Constraints on CPU and Memory + - Privileges and LXC Configuration + +2. Setting shared between operators and developers, where operators can + override defaults developers set in images at build time. + +Together, the `docker run [OPTIONS]` give complete +control over runtime behavior to the operator, allowing them to override +all defaults set by the developer during `docker build` +and nearly all the defaults set by the Docker runtime itself. + +## Operator Exclusive Options + +Only the operator (the person executing `docker run`) can set the +following options. + + - [Detached vs Foreground](#detached-vs-foreground) + - [Detached (-d)](#detached-d) + - [Foreground](#foreground) + - [Container Identification](#container-identification) + - [Name (–name)](#name-name) + - [PID Equivalent](#pid-equivalent) + - [Network Settings](#network-settings) + - [Clean Up (–rm)](#clean-up-rm) + - [Runtime Constraints on CPU and + Memory](#runtime-constraints-on-cpu-and-memory) + - [Runtime Privilege and LXC + Configuration](#runtime-privilege-and-lxc-configuration) + +## Detached vs Foreground + +When starting a Docker container, you must first decide if you want to +run the container in the background in a "detached" mode or in the +default foreground mode: + + -d=false: Detached mode: Run container in the background, print new container id + +### Detached (-d) + +In detached mode (`-d=true` or just `-d`), all I/O should be done +through network connections or shared volumes because the container is +no longer listening to the commandline where you executed `docker run`. +You can reattach to a detached container with `docker` +[*attach*](commandline/cli/#attach). If you choose to run a +container in the detached mode, then you cannot use the `--rm` option. + +### Foreground + +In foreground mode (the default when `-d` is not specified), `docker run` +can start the process in the container and attach the console to the process's +standard input, output, and standard error. It can even pretend to be a TTY +(this is what most commandline executables expect) and pass along signals. All +of that is configurable: + + -a=[] : Attach to ``stdin``, ``stdout`` and/or ``stderr`` + -t=false : Allocate a pseudo-tty + --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) + -i=false : Keep STDIN open even if not attached + +If you do not specify `-a` then Docker will [attach everything (stdin,stdout,stderr)]( +https://github.com/dotcloud/docker/blob/ +75a7f4d90cde0295bcfb7213004abce8d4779b75/commands.go#L1797). You can specify to which +of the three standard streams (`stdin`, `stdout`, `stderr`) you'd like to connect +instead, as in: + + $ docker run -a stdin -a stdout -i -t ubuntu /bin/bash + +For interactive processes (like a shell) you will typically want a tty as well as +persistent standard input (`stdin`), so you'll use `-i -t` together in most +interactive cases. + +## Container Identification + +### Name (–name) + +The operator can identify a container in three ways: + +- UUID long identifier + ("f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778") +- UUID short identifier ("f78375b1c487") +- Name ("evil_ptolemy") + +The UUID identifiers come from the Docker daemon, and if you do not +assign a name to the container with `--name` then +the daemon will also generate a random string name too. The name can +become a handy way to add meaning to a container since you can use this +name when defining +[*links*](/use/working_with_links_names/#working-with-links-names) +(or any other place you need to identify a container). This works for +both background and foreground Docker containers. + +### PID Equivalent + +And finally, to help with automation, you can have Docker write the +container ID out to a file of your choosing. This is similar to how some +programs might write out their process ID to a file (you`ve seen them as +PID files): + + --cidfile="": Write the container ID to the file + +## Network Settings + + --dns=[] : Set custom dns servers for the container + --net="bridge": Set the Network mode for the container ('bridge': creates a new network stack for the container on the docker bridge, 'none': no networking for this container, 'container:': reuses another container network stack), 'host': use the host network stack inside the container + +By default, all containers have networking enabled and they can make any +outgoing connections. The operator can completely disable networking +with `docker run --net none` which disables all incoming and +outgoing networking. In cases like this, you would perform I/O through +files or STDIN/STDOUT only. + +Your container will use the same DNS servers as the host by default, but +you can override this with `--dns`. + +Supported networking modes are: + +* none - no networking in the container +* bridge - (default) connect the container to the bridge via veth interfaces +* host - use the host's network stack inside the container +* container - use another container's network stack + +#### Mode: none +With the networking mode set to `none` a container will not have a access to +any external routes. The container will still have a `loopback` interface +enabled in the container but it does not have any routes to external traffic. + +#### Mode: bridge +With the networking mode set to `bridge` a container will use docker's default +networking setup. A bridge is setup on the host, commonly named `docker0`, +and a pair of veth interfaces will be created for the container. One side of +the veth pair will remain on the host attached to the bridge while the other +side of the pair will be placed inside the container's namespaces in addition +to the `loopback` interface. An IP address will be allocated for containers +on the bridge's network and trafic will be routed though this bridge to the +container. + +#### Mode: host +With the networking mode set to `host` a container will share the host's +network stack and all interfaces from the host will be available to the +container. The container's hostname will match the hostname on the host +system. Publishing ports and linking to other containers will not work +when sharing the host's network stack. + +#### Mode: container +With the networking mode set to `container` a container will share the +network stack of another container. The other container's name must be +provided in the format of `--net container:`. + +Example running a redis container with redis binding to localhost then +running the redis-cli and connecting to the redis server over the +localhost interface. + + $ docker run -d --name redis example/redis --bind 127.0.0.1 + $ # use the redis container's network stack to access localhost + $ docker run --rm -ti --net container:redis example/redis-cli -h 127.0.0.1 + +## Clean Up (–rm) + +By default a container's file system persists even after the container +exits. This makes debugging a lot easier (since you can inspect the +final state) and you retain all your data by default. But if you are +running short-term **foreground** processes, these container file +systems can really pile up. If instead you'd like Docker to +**automatically clean up the container and remove the file system when +the container exits**, you can add the `--rm` flag: + + --rm=false: Automatically remove the container when it exits (incompatible with -d) + +## Runtime Constraints on CPU and Memory + +The operator can also adjust the performance parameters of the +container: + + -m="": Memory limit (format: , where unit = b, k, m or g) + -c=0 : CPU shares (relative weight) + +The operator can constrain the memory available to a container easily +with `docker run -m`. If the host supports swap +memory, then the `-m` memory setting can be larger +than physical RAM. + +Similarly the operator can increase the priority of this container with +the `-c` option. By default, all containers run at +the same priority and get the same proportion of CPU cycles, but you can +tell the kernel to give more shares of CPU time to one or more +containers when you start them via Docker. + +## Runtime Privilege and LXC Configuration + + --privileged=false: Give extended privileges to this container + --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" + +By default, Docker containers are "unprivileged" and cannot, for +example, run a Docker daemon inside a Docker container. This is because +by default a container is not allowed to access any devices, but a +"privileged" container is given access to all devices (see [lxc-template.go]( +https://github.com/dotcloud/docker/blob/master/execdriver/lxc/lxc_template.go) +and documentation on [cgroups devices]( +https://www.kernel.org/doc/Documentation/cgroups/devices.txt)). + +When the operator executes `docker run --privileged`, Docker will enable +to access to all devices on the host as well as set some configuration +in AppArmor to allow the container nearly all the same access to the +host as processes running outside containers on the host. Additional +information about running with `--privileged` is available on the +[Docker Blog](http://blog.docker.io/2013/09/docker-can-now-run-within-docker/). + +If the Docker daemon was started using the `lxc` exec-driver +(`docker -d --exec-driver=lxc`) then the operator can also specify LXC options +using one or more `--lxc-conf` parameters. These can be new parameters or +override existing parameters from the [lxc-template.go]( +https://github.com/dotcloud/docker/blob/master/execdriver/lxc/lxc_template.go). +Note that in the future, a given host's docker daemon may not use LXC, so this +is an implementation-specific configuration meant for operators already +familiar with using LXC directly. + +## Overriding Dockerfile Image Defaults + +When a developer builds an image from a [*Dockerfile*](builder/#dockerbuilder) +or when she commits it, the developer can set a number of default parameters +that take effect when the image starts up as a container. + +Four of the Dockerfile commands cannot be overridden at runtime: `FROM`, +`MAINTAINER`, `RUN`, and `ADD`. Everything else has a corresponding override +in `docker run`. We'll go through what the developer might have set in each +Dockerfile instruction and how the operator can override that setting. + + - [CMD (Default Command or Options)](#cmd-default-command-or-options) + - [ENTRYPOINT (Default Command to Execute at Runtime)]( + #entrypoint-default-command-to-execute-at-runtime) + - [EXPOSE (Incoming Ports)](#expose-incoming-ports) + - [ENV (Environment Variables)](#env-environment-variables) + - [VOLUME (Shared Filesystems)](#volume-shared-filesystems) + - [USER](#user) + - [WORKDIR](#workdir) + +## CMD (Default Command or Options) + +Recall the optional `COMMAND` in the Docker +commandline: + + $ docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] + +This command is optional because the person who created the `IMAGE` may have +already provided a default `COMMAND` using the Dockerfile `CMD`. As the +operator (the person running a container from the image), you can override that +`CMD` just by specifying a new `COMMAND`. + +If the image also specifies an `ENTRYPOINT` then the `CMD` or `COMMAND` get +appended as arguments to the `ENTRYPOINT`. + +## ENTRYPOINT (Default Command to Execute at Runtime) + + --entrypoint="": Overwrite the default entrypoint set by the image + +The ENTRYPOINT of an image is similar to a `COMMAND` because it +specifies what executable to run when the container starts, but it is +(purposely) more difficult to override. The `ENTRYPOINT` gives a +container its default nature or behavior, so that when you set an +`ENTRYPOINT` you can run the container *as if it were that binary*, +complete with default options, and you can pass in more options via the +`COMMAND`. But, sometimes an operator may want to run something else +inside the container, so you can override the default `ENTRYPOINT` at +runtime by using a string to specify the new `ENTRYPOINT`. Here is an +example of how to run a shell in a container that has been set up to +automatically run something else (like `/usr/bin/redis-server`): + + $ docker run -i -t --entrypoint /bin/bash example/redis + +or two examples of how to pass more parameters to that ENTRYPOINT: + + $ docker run -i -t --entrypoint /bin/bash example/redis -c ls -l + $ docker run -i -t --entrypoint /usr/bin/redis-cli example/redis --help + +## EXPOSE (Incoming Ports) + +The Dockerfile doesn't give much control over networking, only providing the +`EXPOSE` instruction to give a hint to the operator about what incoming ports +might provide services. The following options work with or override the +Dockerfile's exposed defaults: + + --expose=[]: Expose a port from the container + without publishing it to your host + -P=false : Publish all exposed ports to the host interfaces + -p=[] : Publish a container᾿s port to the host (format: + ip:hostPort:containerPort | ip::containerPort | + hostPort:containerPort) + (use 'docker port' to see the actual mapping) + --link="" : Add link to another container (name:alias) + +As mentioned previously, `EXPOSE` (and `--expose`) make a port available **in** +a container for incoming connections. The port number on the inside of the +container (where the service listens) does not need to be the same number as the +port exposed on the outside of the container (where clients connect), so inside +the container you might have an HTTP service listening on port 80 (and so you +`EXPOSE 80` in the Dockerfile), but outside the container the port might be +42800. + +To help a new client container reach the server container's internal port +operator `--expose`'d by the operator or `EXPOSE`'d by the developer, the +operator has three choices: start the server container with `-P` or `-p,` or +start the client container with `--link`. + +If the operator uses `-P` or `-p` then Docker will make the exposed port +accessible on the host and the ports will be available to any client that +can reach the host. To find the map between the host ports and the exposed +ports, use `docker port`) + +If the operator uses `--link` when starting the new client container, then the +client container can access the exposed port via a private networking interface. +Docker will set some environment variables in the client container to help +indicate which interface and port to use. + +## ENV (Environment Variables) + +The operator can **set any environment variable** in the container by using one +or more `-e` flags, even overriding those already defined by the developer with +a Dockefile `ENV`: + + $ docker run -e "deep=purple" --rm ubuntu /bin/bash -c export + declare -x HOME="/" + declare -x HOSTNAME="85bc26a0e200" + declare -x OLDPWD + declare -x PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + declare -x PWD="/" + declare -x SHLVL="1" + declare -x container="lxc" + declare -x deep="purple" + +Similarly the operator can set the **hostname** with `-h`. + +`--link name:alias` also sets environment variables, using the *alias* string to +define environment variables within the container that give the IP and PORT +information for connecting to the service container. Let's imagine we have a +container running Redis: + + # Start the service container, named redis-name + $ docker run -d --name redis-name dockerfiles/redis + 4241164edf6f5aca5b0e9e4c9eccd899b0b8080c64c0cd26efe02166c73208f3 + + # The redis-name container exposed port 6379 + $ docker ps + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 4241164edf6f $ dockerfiles/redis:latest /redis-stable/src/re 5 seconds ago Up 4 seconds 6379/tcp redis-name + + # Note that there are no public ports exposed since we didn᾿t use -p or -P + $ docker port 4241164edf6f 6379 + 2014/01/25 00:55:38 Error: No public port '6379' published for 4241164edf6f + +Yet we can get information about the Redis container'sexposed ports +with `--link`. Choose an alias that will form a +valid environment variable! + + $ docker run --rm --link redis-name:redis_alias --entrypoint /bin/bash dockerfiles/redis -c export + declare -x HOME="/" + declare -x HOSTNAME="acda7f7b1cdc" + declare -x OLDPWD + declare -x PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + declare -x PWD="/" + declare -x REDIS_ALIAS_NAME="/distracted_wright/redis" + declare -x REDIS_ALIAS_PORT="tcp://172.17.0.32:6379" + declare -x REDIS_ALIAS_PORT_6379_TCP="tcp://172.17.0.32:6379" + declare -x REDIS_ALIAS_PORT_6379_TCP_ADDR="172.17.0.32" + declare -x REDIS_ALIAS_PORT_6379_TCP_PORT="6379" + declare -x REDIS_ALIAS_PORT_6379_TCP_PROTO="tcp" + declare -x SHLVL="1" + declare -x container="lxc" + +And we can use that information to connect from another container as a client: + + $ docker run -i -t --rm --link redis-name:redis_alias --entrypoint /bin/bash dockerfiles/redis -c '/redis-stable/src/redis-cli -h $REDIS_ALIAS_PORT_6379_TCP_ADDR -p $REDIS_ALIAS_PORT_6379_TCP_PORT' + 172.17.0.32:6379> + +Docker will also map the private IP address to the alias of a linked +container by inserting an entry into `/etc/hosts`. You can use this +mechanism to communicate with a linked container by its alias: + + $ docker run -d --name servicename busybox sleep 30 + $ docker run -i -t --link servicename:servicealias busybox ping -c 1 servicealias + +## VOLUME (Shared Filesystems) + + -v=[]: Create a bind mount with: [host-dir]:[container-dir]:[rw|ro]. + If "container-dir" is missing, then docker creates a new volume. + --volumes-from="": Mount all volumes from the given container(s) + +The volumes commands are complex enough to have their own documentation in +section [*Share Directories via Volumes*](/use/working_with_volumes/#volume-def). +A developer can define one or more `VOLUME's associated with an image, but only the +operator can give access from one container to another (or from a container to a +volume mounted on the host). + +## USER + +The default user within a container is `root` (id = 0), but if the developer +created additional users, those are accessible too. The developer can set a +default user to run the first process with the `Dockerfile USER` command, +but the operator can override it: + + -u="": Username or UID + +## WORKDIR + +The default working directory for running binaries within a container is the +root directory (`/`), but the developer can set a different default with the +Dockerfile `WORKDIR` command. The operator can override this with: + + -w="": Working directory inside the container diff --git a/docs/sources/reference/run.rst b/docs/sources/reference/run.rst deleted file mode 100644 index d2fe449c22..0000000000 --- a/docs/sources/reference/run.rst +++ /dev/null @@ -1,421 +0,0 @@ -:title: Docker Run Reference -:description: Configure containers at runtime -:keywords: docker, run, configure, runtime - -.. _run_docker: - -==================== -Docker Run Reference -==================== - -**Docker runs processes in isolated containers**. When an operator -executes ``docker run``, she starts a process with its own file -system, its own networking, and its own isolated process tree. The -:ref:`image_def` which starts the process may define defaults related -to the binary to run, the networking to expose, and more, but ``docker -run`` gives final control to the operator who starts the container -from the image. That's the main reason :ref:`cli_run` has more options -than any other ``docker`` command. - -Every one of the :ref:`example_list` shows running containers, and so -here we try to give more in-depth guidance. - -.. contents:: Table of Contents - :depth: 2 - -.. _run_running: - -General Form -============ - -As you've seen in the :ref:`example_list`, the basic `run` command -takes this form:: - - docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] - -To learn how to interpret the types of ``[OPTIONS]``, see -:ref:`cli_options`. - -The list of ``[OPTIONS]`` breaks down into two groups: - -1. Settings exclusive to operators, including: - - * Detached or Foreground running, - * Container Identification, - * Network settings, and - * Runtime Constraints on CPU and Memory - * Privileges and LXC Configuration - -2. Setting shared between operators and developers, where operators - can override defaults developers set in images at build time. - -Together, the ``docker run [OPTIONS]`` give complete control over -runtime behavior to the operator, allowing them to override all -defaults set by the developer during ``docker build`` and nearly all -the defaults set by the Docker runtime itself. - -Operator Exclusive Options -========================== - -Only the operator (the person executing ``docker run``) can set the -following options. - -.. contents:: - :local: - -Detached vs Foreground ----------------------- - -When starting a Docker container, you must first decide if you want to -run the container in the background in a "detached" mode or in the -default foreground mode:: - - -d=false: Detached mode: Run container in the background, print new container id - -Detached (-d) -............. - -In detached mode (``-d=true`` or just ``-d``), all I/O should be done -through network connections or shared volumes because the container is -no longer listening to the commandline where you executed ``docker -run``. You can reattach to a detached container with ``docker`` -:ref:`cli_attach`. If you choose to run a container in the detached -mode, then you cannot use the ``--rm`` option. - -Foreground -.......... - -In foreground mode (the default when ``-d`` is not specified), -``docker run`` can start the process in the container and attach the -console to the process's standard input, output, and standard -error. It can even pretend to be a TTY (this is what most commandline -executables expect) and pass along signals. All of that is -configurable:: - - -a=[] : Attach to ``stdin``, ``stdout`` and/or ``stderr`` - -t=false : Allocate a pseudo-tty - --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) - -i=false : Keep STDIN open even if not attached - -If you do not specify ``-a`` then Docker will `attach everything -(stdin,stdout,stderr) -`_. You -can specify to which of the three standard streams (``stdin``, ``stdout``, -``stderr``) you'd like to connect instead, as in:: - - docker run -a stdin -a stdout -i -t ubuntu /bin/bash - -For interactive processes (like a shell) you will typically want a tty -as well as persistent standard input (``stdin``), so you'll use ``-i --t`` together in most interactive cases. - -Container Identification ------------------------- - -Name (--name) -............. - -The operator can identify a container in three ways: - -* UUID long identifier ("f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778") -* UUID short identifier ("f78375b1c487") -* Name ("evil_ptolemy") - -The UUID identifiers come from the Docker daemon, and if you do not -assign a name to the container with ``--name`` then the daemon will -also generate a random string name too. The name can become a handy -way to add meaning to a container since you can use this name when -defining :ref:`links ` (or any other place -you need to identify a container). This works for both background and -foreground Docker containers. - -PID Equivalent -.............. - -And finally, to help with automation, you can have Docker write the -container ID out to a file of your choosing. This is similar to how -some programs might write out their process ID to a file (you've seen -them as PID files):: - - --cidfile="": Write the container ID to the file - -Network Settings ----------------- - -:: - - -n=true : Enable networking for this container - --dns=[] : Set custom dns servers for the container - -By default, all containers have networking enabled and they can make -any outgoing connections. The operator can completely disable -networking with ``docker run -n`` which disables all incoming and outgoing -networking. In cases like this, you would perform I/O through files or -STDIN/STDOUT only. - -Your container will use the same DNS servers as the host by default, -but you can override this with ``--dns``. - -Clean Up (--rm) ---------------- - -By default a container's file system persists even after the container -exits. This makes debugging a lot easier (since you can inspect the -final state) and you retain all your data by default. But if you are -running short-term **foreground** processes, these container file -systems can really pile up. If instead you'd like Docker to -**automatically clean up the container and remove the file system when -the container exits**, you can add the ``--rm`` flag:: - - --rm=false: Automatically remove the container when it exits (incompatible with -d) - - -Runtime Constraints on CPU and Memory -------------------------------------- - -The operator can also adjust the performance parameters of the container:: - - -m="": Memory limit (format: , where unit = b, k, m or g) - -c=0 : CPU shares (relative weight) - -The operator can constrain the memory available to a container easily -with ``docker run -m``. If the host supports swap memory, then the -``-m`` memory setting can be larger than physical RAM. - -Similarly the operator can increase the priority of this container -with the ``-c`` option. By default, all containers run at the same -priority and get the same proportion of CPU cycles, but you can tell -the kernel to give more shares of CPU time to one or more containers -when you start them via Docker. - -Runtime Privilege and LXC Configuration ---------------------------------------- - -:: - - --privileged=false: Give extended privileges to this container - --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" - -By default, Docker containers are "unprivileged" and cannot, for -example, run a Docker daemon inside a Docker container. This is -because by default a container is not allowed to access any devices, -but a "privileged" container is given access to all devices (see -lxc-template.go_ and documentation on `cgroups devices -`_). - -When the operator executes ``docker run --privileged``, Docker will -enable to access to all devices on the host as well as set some -configuration in AppArmor to allow the container nearly all the same -access to the host as processes running outside containers on the -host. Additional information about running with ``--privileged`` is -available on the `Docker Blog -`_. - -If the Docker daemon was started using the ``lxc`` exec-driver -(``docker -d --exec-driver=lxc``) then the operator can also specify -LXC options using one or more ``--lxc-conf`` parameters. These can be -new parameters or override existing parameters from the lxc-template.go_. -Note that in the future, a given host's Docker daemon may not use LXC, -so this is an implementation-specific configuration meant for operators -already familiar with using LXC directly. - -.. _lxc-template.go: https://github.com/dotcloud/docker/blob/master/execdriver/lxc/lxc_template.go - - -Overriding ``Dockerfile`` Image Defaults -======================================== - -When a developer builds an image from a :ref:`Dockerfile -` or when she commits it, the developer can set a -number of default parameters that take effect when the image starts up -as a container. - -Four of the ``Dockerfile`` commands cannot be overridden at runtime: -``FROM, MAINTAINER, RUN``, and ``ADD``. Everything else has a -corresponding override in ``docker run``. We'll go through what the -developer might have set in each ``Dockerfile`` instruction and how the -operator can override that setting. - -.. contents:: - :local: - -CMD (Default Command or Options) --------------------------------- - -Recall the optional ``COMMAND`` in the Docker commandline:: - - docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] - -This command is optional because the person who created the ``IMAGE`` -may have already provided a default ``COMMAND`` using the ``Dockerfile`` -``CMD``. As the operator (the person running a container from the -image), you can override that ``CMD`` just by specifying a new -``COMMAND``. - -If the image also specifies an ``ENTRYPOINT`` then the ``CMD`` or -``COMMAND`` get appended as arguments to the ``ENTRYPOINT``. - - -ENTRYPOINT (Default Command to Execute at Runtime -------------------------------------------------- - -:: - - --entrypoint="": Overwrite the default entrypoint set by the image - -The ENTRYPOINT of an image is similar to a ``COMMAND`` because it -specifies what executable to run when the container starts, but it is -(purposely) more difficult to override. The ``ENTRYPOINT`` gives a -container its default nature or behavior, so that when you set an -``ENTRYPOINT`` you can run the container *as if it were that binary*, -complete with default options, and you can pass in more options via -the ``COMMAND``. But, sometimes an operator may want to run something else -inside the container, so you can override the default ``ENTRYPOINT`` at -runtime by using a string to specify the new ``ENTRYPOINT``. Here is an -example of how to run a shell in a container that has been set up to -automatically run something else (like ``/usr/bin/redis-server``):: - - docker run -i -t --entrypoint /bin/bash example/redis - -or two examples of how to pass more parameters to that ENTRYPOINT:: - - docker run -i -t --entrypoint /bin/bash example/redis -c ls -l - docker run -i -t --entrypoint /usr/bin/redis-cli example/redis --help - - -EXPOSE (Incoming Ports) ------------------------ - -The ``Dockerfile`` doesn't give much control over networking, only -providing the ``EXPOSE`` instruction to give a hint to the operator -about what incoming ports might provide services. The following -options work with or override the ``Dockerfile``'s exposed defaults:: - - --expose=[]: Expose a port from the container - without publishing it to your host - -P=false : Publish all exposed ports to the host interfaces - -p=[] : Publish a container's port to the host (format: - ip:hostPort:containerPort | ip::containerPort | - hostPort:containerPort) - (use 'docker port' to see the actual mapping) - --link="" : Add link to another container (name:alias) - -As mentioned previously, ``EXPOSE`` (and ``--expose``) make a port -available **in** a container for incoming connections. The port number -on the inside of the container (where the service listens) does not -need to be the same number as the port exposed on the outside of the -container (where clients connect), so inside the container you might -have an HTTP service listening on port 80 (and so you ``EXPOSE 80`` in -the ``Dockerfile``), but outside the container the port might be 42800. - -To help a new client container reach the server container's internal -port operator ``--expose``'d by the operator or ``EXPOSE``'d by the -developer, the operator has three choices: start the server container -with ``-P`` or ``-p,`` or start the client container with ``--link``. - -If the operator uses ``-P`` or ``-p`` then Docker will make the -exposed port accessible on the host and the ports will be available to -any client that can reach the host. To find the map between the host -ports and the exposed ports, use ``docker port``) - -If the operator uses ``--link`` when starting the new client container, -then the client container can access the exposed port via a private -networking interface. Docker will set some environment variables in -the client container to help indicate which interface and port to use. - -ENV (Environment Variables) ---------------------------- - -The operator can **set any environment variable** in the container by -using one or more ``-e`` flags, even overriding those already defined by the -developer with a Dockefile ``ENV``:: - - $ docker run -e "deep=purple" --rm ubuntu /bin/bash -c export - declare -x HOME="/" - declare -x HOSTNAME="85bc26a0e200" - declare -x OLDPWD - declare -x PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - declare -x PWD="/" - declare -x SHLVL="1" - declare -x container="lxc" - declare -x deep="purple" - -Similarly the operator can set the **hostname** with ``-h``. - -``--link name:alias`` also sets environment variables, using the -*alias* string to define environment variables within the container -that give the IP and PORT information for connecting to the service -container. Let's imagine we have a container running Redis:: - - # Start the service container, named redis-name - $ docker run -d --name redis-name dockerfiles/redis - 4241164edf6f5aca5b0e9e4c9eccd899b0b8080c64c0cd26efe02166c73208f3 - - # The redis-name container exposed port 6379 - $ docker ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 4241164edf6f dockerfiles/redis:latest /redis-stable/src/re 5 seconds ago Up 4 seconds 6379/tcp redis-name - - # Note that there are no public ports exposed since we didn't use -p or -P - $ docker port 4241164edf6f 6379 - 2014/01/25 00:55:38 Error: No public port '6379' published for 4241164edf6f - - -Yet we can get information about the Redis container's exposed ports -with ``--link``. Choose an alias that will form a valid environment -variable! - -:: - - $ docker run --rm --link redis-name:redis_alias --entrypoint /bin/bash dockerfiles/redis -c export - declare -x HOME="/" - declare -x HOSTNAME="acda7f7b1cdc" - declare -x OLDPWD - declare -x PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - declare -x PWD="/" - declare -x REDIS_ALIAS_NAME="/distracted_wright/redis" - declare -x REDIS_ALIAS_PORT="tcp://172.17.0.32:6379" - declare -x REDIS_ALIAS_PORT_6379_TCP="tcp://172.17.0.32:6379" - declare -x REDIS_ALIAS_PORT_6379_TCP_ADDR="172.17.0.32" - declare -x REDIS_ALIAS_PORT_6379_TCP_PORT="6379" - declare -x REDIS_ALIAS_PORT_6379_TCP_PROTO="tcp" - declare -x SHLVL="1" - declare -x container="lxc" - -And we can use that information to connect from another container as a client:: - - $ docker run -i -t --rm --link redis-name:redis_alias --entrypoint /bin/bash dockerfiles/redis -c '/redis-stable/src/redis-cli -h $REDIS_ALIAS_PORT_6379_TCP_ADDR -p $REDIS_ALIAS_PORT_6379_TCP_PORT' - 172.17.0.32:6379> - -VOLUME (Shared Filesystems) ---------------------------- - -:: - - -v=[]: Create a bind mount with: [host-dir]:[container-dir]:[rw|ro]. - If "container-dir" is missing, then docker creates a new volume. - --volumes-from="": Mount all volumes from the given container(s) - -The volumes commands are complex enough to have their own -documentation in section :ref:`volume_def`. A developer can define one -or more ``VOLUME``\s associated with an image, but only the operator can -give access from one container to another (or from a container to a -volume mounted on the host). - -USER ----- - -The default user within a container is ``root`` (id = 0), but if the -developer created additional users, those are accessible too. The -developer can set a default user to run the first process with the -``Dockerfile USER`` command, but the operator can override it :: - - -u="": Username or UID - -WORKDIR -------- - -The default working directory for running binaries within a container is the root directory (``/``), but the developer can set a different default with the ``Dockerfile WORKDIR`` command. The operator can override this with:: - - -w="": Working directory inside the container - diff --git a/docs/sources/robots.txt b/docs/sources/robots.txt new file mode 100644 index 0000000000..c2a49f4fb8 --- /dev/null +++ b/docs/sources/robots.txt @@ -0,0 +1,2 @@ +User-agent: * +Allow: / diff --git a/docs/sources/search.md b/docs/sources/search.md new file mode 100644 index 0000000000..0e2e13fb08 --- /dev/null +++ b/docs/sources/search.md @@ -0,0 +1,10 @@ +# Search + +*Please activate JavaScript to enable the search functionality.* + +## How To Search + +From here you can search these documents. Enter your search words into +the box below and click "search". Note that the search function will +automatically search for all of the words. Pages containing fewer words +won't appear in the result list. diff --git a/docs/sources/terms.md b/docs/sources/terms.md new file mode 100644 index 0000000000..228b18fbd9 --- /dev/null +++ b/docs/sources/terms.md @@ -0,0 +1,13 @@ +# Glossary + +*Definitions of terms used in Docker documentation.* + +## Contents: + + - [File System](filesystem/) + - [Layers](layer/) + - [Image](image/) + - [Container](container/) + - [Registry](registry/) + - [Repository](repository/) + diff --git a/docs/sources/terms/container.md b/docs/sources/terms/container.md new file mode 100644 index 0000000000..5bedc3160e --- /dev/null +++ b/docs/sources/terms/container.md @@ -0,0 +1,43 @@ +page_title: Container +page_description: Definitions of a container +page_keywords: containers, lxc, concepts, explanation, image, container + +# Container + +## Introduction + +![](/terms/images/docker-filesystems-busyboxrw.png) + +Once you start a process in Docker from an [*Image*](image.md), Docker fetches +the image and its [*Parent Image*](image.md), and repeats the process until it +reaches the [*Base Image*](image.md/#base-image-def). Then the +[*Union File System*](layer.md) adds a read-write layer on top. That read-write +layer, plus the information about its [*Parent Image*](image.md) and some +additional information like its unique id, networking configuration, and +resource limits is called a **container**. + +## Container State + +Containers can change, and so they have state. A container may be **running** or +**exited**. + +When a container is running, the idea of a "container" also includes a +tree of processes running on the CPU, isolated from the other processes +running on the host. + +When the container is exited, the state of the file system and its exit +value is preserved. You can start, stop, and restart a container. The +processes restart from scratch (their memory state is **not** preserved +in a container), but the file system is just as it was when the +container was stopped. + +You can promote a container to an [*Image*](image.md) with `docker commit`. +Once a container is an image, you can use it as a parent for new containers. + +## Container IDs + +All containers are identified by a 64 hexadecimal digit string +(internally a 256bit value). To simplify their use, a short ID of the +first 12 characters can be used on the commandline. There is a small +possibility of short id collisions, so the docker server will always +return the long ID. diff --git a/docs/sources/terms/container.rst b/docs/sources/terms/container.rst deleted file mode 100644 index 206664bd82..0000000000 --- a/docs/sources/terms/container.rst +++ /dev/null @@ -1,47 +0,0 @@ -:title: Container -:description: Definitions of a container -:keywords: containers, lxc, concepts, explanation, image, container - -.. _container_def: - -Container -========= - -.. image:: images/docker-filesystems-busyboxrw.png - -Once you start a process in Docker from an :ref:`image_def`, Docker -fetches the image and its :ref:`parent_image_def`, and repeats the -process until it reaches the :ref:`base_image_def`. Then the -:ref:`ufs_def` adds a read-write layer on top. That read-write layer, -plus the information about its :ref:`parent_image_def` and some -additional information like its unique id, networking configuration, -and resource limits is called a **container**. - -.. _container_state_def: - -Container State -............... - -Containers can change, and so they have state. A container may be -**running** or **exited**. - -When a container is running, the idea of a "container" also includes a -tree of processes running on the CPU, isolated from the other -processes running on the host. - -When the container is exited, the state of the file system and -its exit value is preserved. You can start, stop, and restart a -container. The processes restart from scratch (their memory state is -**not** preserved in a container), but the file system is just as it -was when the container was stopped. - -You can promote a container to an :ref:`image_def` with ``docker -commit``. Once a container is an image, you can use it as a parent for -new containers. - -Container IDs -............. -All containers are identified by a 64 hexadecimal digit string (internally a 256bit -value). To simplify their use, a short ID of the first 12 characters can be used -on the commandline. There is a small possibility of short id collisions, so the -docker server will always return the long ID. diff --git a/docs/sources/terms/filesystem.md b/docs/sources/terms/filesystem.md new file mode 100644 index 0000000000..5587e3c831 --- /dev/null +++ b/docs/sources/terms/filesystem.md @@ -0,0 +1,35 @@ +page_title: File Systems +page_description: How Linux organizes its persistent storage +page_keywords: containers, files, linux + +# File System + +## Introduction + +![](/terms/images/docker-filesystems-generic.png) + +In order for a Linux system to run, it typically needs two [file +systems](http://en.wikipedia.org/wiki/Filesystem): + +1. boot file system (bootfs) +2. root file system (rootfs) + +The **boot file system** contains the bootloader and the kernel. The +user never makes any changes to the boot file system. In fact, soon +after the boot process is complete, the entire kernel is in memory, and +the boot file system is unmounted to free up the RAM associated with the +initrd disk image. + +The **root file system** includes the typical directory structure we +associate with Unix-like operating systems: +`/dev, /proc, /bin, /etc, /lib, /usr,` and `/tmp` plus all the configuration +files, binaries and libraries required to run user applications (like bash, +ls, and so forth). + +While there can be important kernel differences between different Linux +distributions, the contents and organization of the root file system are +usually what make your software packages dependent on one distribution +versus another. Docker can help solve this problem by running multiple +distributions at the same time. + +![](/terms/images/docker-filesystems-multiroot.png) diff --git a/docs/sources/terms/filesystem.rst b/docs/sources/terms/filesystem.rst deleted file mode 100644 index 0af893f198..0000000000 --- a/docs/sources/terms/filesystem.rst +++ /dev/null @@ -1,38 +0,0 @@ -:title: File Systems -:description: How Linux organizes its persistent storage -:keywords: containers, files, linux - -.. _filesystem_def: - -File System -=========== - -.. image:: images/docker-filesystems-generic.png - -In order for a Linux system to run, it typically needs two `file -systems `_: - -1. boot file system (bootfs) -2. root file system (rootfs) - -The **boot file system** contains the bootloader and the kernel. The -user never makes any changes to the boot file system. In fact, soon -after the boot process is complete, the entire kernel is in memory, -and the boot file system is unmounted to free up the RAM associated -with the initrd disk image. - - -The **root file system** includes the typical directory structure we -associate with Unix-like operating systems: ``/dev, /proc, /bin, /etc, -/lib, /usr,`` and ``/tmp`` plus all the configuration files, binaries -and libraries required to run user applications (like bash, ls, and so -forth). - -While there can be important kernel differences between different -Linux distributions, the contents and organization of the root file -system are usually what make your software packages dependent on one -distribution versus another. Docker can help solve this problem by -running multiple distributions at the same time. - -.. image:: images/docker-filesystems-multiroot.png - diff --git a/docs/sources/terms/image.md b/docs/sources/terms/image.md new file mode 100644 index 0000000000..b10debcc6a --- /dev/null +++ b/docs/sources/terms/image.md @@ -0,0 +1,40 @@ +page_title: Images +page_description: Definition of an image +page_keywords: containers, lxc, concepts, explanation, image, container + +# Image + +## Introduction + +![](/terms/images/docker-filesystems-debian.png) + +In Docker terminology, a read-only [*Layer*](../layer/#layer-def) is +called an **image**. An image never changes. + +Since Docker uses a [*Union File System*](../layer/#ufs-def), the +processes think the whole file system is mounted read-write. But all the +changes go to the top-most writeable layer, and underneath, the original +file in the read-only image is unchanged. Since images don't change, +images do not have state. + +![](/terms/images/docker-filesystems-debianrw.png) + +## Parent Image + +![](/terms/images/docker-filesystems-multilayer.png) + +Each image may depend on one more image which forms the layer beneath +it. We sometimes say that the lower image is the **parent** of the upper +image. + +## Base Image + +An image that has no parent is a **base image**. + +## Image IDs + +All images are identified by a 64 hexadecimal digit string (internally a +256bit value). To simplify their use, a short ID of the first 12 +characters can be used on the command line. There is a small possibility +of short id collisions, so the docker server will always return the long +ID. diff --git a/docs/sources/terms/image.rst b/docs/sources/terms/image.rst deleted file mode 100644 index 6d5c8b2e7c..0000000000 --- a/docs/sources/terms/image.rst +++ /dev/null @@ -1,46 +0,0 @@ -:title: Images -:description: Definition of an image -:keywords: containers, lxc, concepts, explanation, image, container - -.. _image_def: - -Image -===== - -.. image:: images/docker-filesystems-debian.png - -In Docker terminology, a read-only :ref:`layer_def` is called an -**image**. An image never changes. - -Since Docker uses a :ref:`ufs_def`, the processes think the whole file -system is mounted read-write. But all the changes go to the top-most -writeable layer, and underneath, the original file in the read-only -image is unchanged. Since images don't change, images do not have state. - -.. image:: images/docker-filesystems-debianrw.png - -.. _parent_image_def: - -Parent Image -............ - -.. image:: images/docker-filesystems-multilayer.png - -Each image may depend on one more image which forms the layer beneath -it. We sometimes say that the lower image is the **parent** of the -upper image. - -.. _base_image_def: - -Base Image -.......... - -An image that has no parent is a **base image**. - -Image IDs -......... -All images are identified by a 64 hexadecimal digit string (internally a 256bit -value). To simplify their use, a short ID of the first 12 characters can be used -on the command line. There is a small possibility of short id collisions, so the -docker server will always return the long ID. - diff --git a/docs/sources/terms/index.rst b/docs/sources/terms/index.rst deleted file mode 100644 index 40851082b5..0000000000 --- a/docs/sources/terms/index.rst +++ /dev/null @@ -1,24 +0,0 @@ -:title: Glossary -:description: Definitions of terms used in Docker documentation -:keywords: concepts, documentation, docker, containers - - - -Glossary -======== - -Definitions of terms used in Docker documentation. - -Contents: - -.. toctree:: - :maxdepth: 1 - - filesystem - layer - image - container - registry - repository - - diff --git a/docs/sources/terms/layer.md b/docs/sources/terms/layer.md new file mode 100644 index 0000000000..b4b2ea4b7a --- /dev/null +++ b/docs/sources/terms/layer.md @@ -0,0 +1,35 @@ +page_title: Layers +page_description: Organizing the Docker Root File System +page_keywords: containers, lxc, concepts, explanation, image, container + +# Layers + +## Introduction + +In a traditional Linux boot, the kernel first mounts the root [*File +System*](../filesystem/#filesystem-def) as read-only, checks its +integrity, and then switches the whole rootfs volume to read-write mode. + +## Layer + +When Docker mounts the rootfs, it starts read-only, as in a traditional +Linux boot, but then, instead of changing the file system to read-write +mode, it takes advantage of a [union +mount](http://en.wikipedia.org/wiki/Union_mount) to add a read-write +file system *over* the read-only file system. In fact there may be +multiple read-only file systems stacked on top of each other. We think +of each one of these file systems as a **layer**. + +![](/terms/images/docker-filesystems-multilayer.png) + +At first, the top read-write layer has nothing in it, but any time a +process creates a file, this happens in the top layer. And if something +needs to update an existing file in a lower layer, then the file gets +copied to the upper layer and changes go into the copy. The version of +the file on the lower layer cannot be seen by the applications anymore, +but it is there, unchanged. + +## Union File System + +We call the union of the read-write layer and all the read-only layers a +**union file system**. diff --git a/docs/sources/terms/layer.rst b/docs/sources/terms/layer.rst deleted file mode 100644 index 509dbe5cba..0000000000 --- a/docs/sources/terms/layer.rst +++ /dev/null @@ -1,40 +0,0 @@ -:title: Layers -:description: Organizing the Docker Root File System -:keywords: containers, lxc, concepts, explanation, image, container - -Layers -====== - -In a traditional Linux boot, the kernel first mounts the root -:ref:`filesystem_def` as read-only, checks its integrity, and then -switches the whole rootfs volume to read-write mode. - -.. _layer_def: - -Layer -..... - -When Docker mounts the rootfs, it starts read-only, as in a traditional -Linux boot, but then, instead of changing the file system to -read-write mode, it takes advantage of a `union mount -`_ to add a read-write file -system *over* the read-only file system. In fact there may be multiple -read-only file systems stacked on top of each other. We think of each -one of these file systems as a **layer**. - -.. image:: images/docker-filesystems-multilayer.png - -At first, the top read-write layer has nothing in it, but any time a -process creates a file, this happens in the top layer. And if -something needs to update an existing file in a lower layer, then the -file gets copied to the upper layer and changes go into the copy. The -version of the file on the lower layer cannot be seen by the -applications anymore, but it is there, unchanged. - -.. _ufs_def: - -Union File System -................. - -We call the union of the read-write layer and all the read-only layers -a **union file system**. diff --git a/docs/sources/terms/registry.md b/docs/sources/terms/registry.md new file mode 100644 index 0000000000..2006710607 --- /dev/null +++ b/docs/sources/terms/registry.md @@ -0,0 +1,20 @@ +page_title: Registry +page_description: Definition of an Registry +page_keywords: containers, concepts, explanation, image, repository, container + +# Registry + +## Introduction + +A Registry is a hosted service containing [*repositories*]( +../repository/#repository-def) of [*images*](../image/#image-def) which +responds to the Registry API. + +The default registry can be accessed using a browser at +[Docker.io](http://index.docker.io) or using the +`sudo docker search` command. + +## Further Reading + +For more information see [*Working with Repositories*]( +../use/workingwithrepository/#working-with-the-repository) diff --git a/docs/sources/terms/registry.rst b/docs/sources/terms/registry.rst deleted file mode 100644 index 90c3ee721c..0000000000 --- a/docs/sources/terms/registry.rst +++ /dev/null @@ -1,16 +0,0 @@ -:title: Registry -:description: Definition of an Registry -:keywords: containers, lxc, concepts, explanation, image, repository, container - -.. _registry_def: - -Registry -========== - -A Registry is a hosted service containing :ref:`repositories` -of :ref:`images` which responds to the Registry API. - -The default registry can be accessed using a browser at http://images.docker.io -or using the ``sudo docker search`` command. - -For more information see :ref:`Working with Repositories` diff --git a/docs/sources/terms/repository.md b/docs/sources/terms/repository.md new file mode 100644 index 0000000000..1e035c95f4 --- /dev/null +++ b/docs/sources/terms/repository.md @@ -0,0 +1,35 @@ +page_title: Repository +page_description: Definition of an Repository +page_keywords: containers, concepts, explanation, image, repository, container + +# Repository + +## Introduction + +A repository is a set of images either on your local Docker server, or +shared, by pushing it to a [*Registry*](../registry/#registry-def) +server. + +Images can be associated with a repository (or multiple) by giving them +an image name using one of three different commands: + +1. At build time (e.g. `sudo docker build -t IMAGENAME`), +2. When committing a container (e.g. + `sudo docker commit CONTAINERID IMAGENAME`) or +3. When tagging an image id with an image name (e.g. + `sudo docker tag IMAGEID IMAGENAME`). + +A Fully Qualified Image Name (FQIN) can be made up of 3 parts: + +`[registry_hostname[:port]/][user_name/](repository_name:version_tag)` + +`username` and `registry_hostname` default to an empty string. When +`registry_hostname` is an empty string, then `docker push` will push to +`index.docker.io:80`. + +If you create a new repository which you want to share, you will need to +set at least the `user_name`, as the `default` blank `user_name` prefix is +reserved for official Docker images. + +For more information see [*Working with Repositories*]( +../use/workingwithrepository/#working-with-the-repository) diff --git a/docs/sources/terms/repository.rst b/docs/sources/terms/repository.rst deleted file mode 100644 index e4fe4b8fd1..0000000000 --- a/docs/sources/terms/repository.rst +++ /dev/null @@ -1,30 +0,0 @@ -:title: Repository -:description: Definition of an Repository -:keywords: containers, lxc, concepts, explanation, image, repository, container - -.. _repository_def: - -Repository -========== - -A repository is a set of images either on your local Docker server, or -shared, by pushing it to a :ref:`Registry` server. - -Images can be associated with a repository (or multiple) by giving them an image name -using one of three different commands: - -1. At build time (e.g. ``sudo docker build -t IMAGENAME``), -2. When committing a container (e.g. ``sudo docker commit CONTAINERID IMAGENAME``) or -3. When tagging an image id with an image name (e.g. ``sudo docker tag IMAGEID IMAGENAME``). - -A `Fully Qualified Image Name` (FQIN) can be made up of 3 parts: - -``[registry_hostname[:port]/][user_name/](repository_name[:version_tag])`` - -``version_tag`` defaults to ``latest``, ``username`` and ``registry_hostname`` default to an empty string. -When ``registry_hostname`` is an empty string, then ``docker push`` will push to ``index.docker.io:80``. - -If you create a new repository which you want to share, you will need to set at least the -``user_name``, as the 'default' blank ``user_name`` prefix is reserved for official Docker images. - -For more information see :ref:`Working with Repositories` diff --git a/docs/sources/toctree.md b/docs/sources/toctree.md new file mode 100644 index 0000000000..ec1832fc21 --- /dev/null +++ b/docs/sources/toctree.md @@ -0,0 +1,17 @@ +page_title: Documentation +page_description: -- todo: change me +page_keywords: todo, docker, documentation, installation, usage, examples, contributing, faq, command line, concepts + +# Documentation + +This documentation has the following resources: + + - [Installation](../installation/) + - [Use](../use/) + - [Examples](../examples/) + - [Reference Manual](../reference/) + - [Contributing](../contributing/) + - [Glossary](../terms/) + - [Articles](../articles/) + - [FAQ](../faq/) + diff --git a/docs/sources/toctree.rst b/docs/sources/toctree.rst deleted file mode 100644 index d1f98b6a5d..0000000000 --- a/docs/sources/toctree.rst +++ /dev/null @@ -1,22 +0,0 @@ -:title: Documentation -:description: -- todo: change me -:keywords: todo, docker, documentation, installation, usage, examples, contributing, faq, command line, concepts - -Documentation -============= - -This documentation has the following resources: - -.. toctree:: - :maxdepth: 1 - - Introduction - installation/index - use/index - examples/index - reference/index - contributing/index - terms/index - articles/index - faq - diff --git a/docs/sources/use.md b/docs/sources/use.md new file mode 100644 index 0000000000..5b2524361e --- /dev/null +++ b/docs/sources/use.md @@ -0,0 +1,13 @@ +# Use + +## Contents: + + - [First steps with Docker](basics/) + - [Share Images via Repositories](workingwithrepository/) + - [Redirect Ports](port_redirection/) + - [Configure Networking](networking/) + - [Automatically Start Containers](host_integration/) + - [Share Directories via Volumes](working_with_volumes/) + - [Link Containers](working_with_links_names/) + - [Link via an Ambassador Container](ambassador_pattern_linking/) + - [Using Puppet](puppet/) \ No newline at end of file diff --git a/docs/sources/use/ambassador_pattern_linking.md b/docs/sources/use/ambassador_pattern_linking.md new file mode 100644 index 0000000000..2bdd434f6e --- /dev/null +++ b/docs/sources/use/ambassador_pattern_linking.md @@ -0,0 +1,155 @@ +page_title: Link via an Ambassador Container +page_description: Using the Ambassador pattern to abstract (network) services +page_keywords: Examples, Usage, links, docker, documentation, examples, names, name, container naming + +# Link via an Ambassador Container + +## Introduction + +Rather than hardcoding network links between a service consumer and +provider, Docker encourages service portability. + +eg, instead of + + (consumer) --> (redis) + +requiring you to restart the `consumer` to attach it +to a different `redis` service, you can add +ambassadors + + (consumer) --> (redis-ambassador) --> (redis) + + or + + (consumer) --> (redis-ambassador) ---network---> (redis-ambassador) --> (redis) + +When you need to rewire your consumer to talk to a different redis +server, you can just restart the `redis-ambassador` +container that the consumer is connected to. + +This pattern also allows you to transparently move the redis server to a +different docker host from the consumer. + +Using the `svendowideit/ambassador` container, the +link wiring is controlled entirely from the `docker run` +parameters. + +## Two host Example + +Start actual redis server on one Docker host + + big-server $ docker run -d -name redis crosbymichael/redis + +Then add an ambassador linked to the redis server, mapping a port to the +outside world + + big-server $ docker run -d -link redis:redis -name redis_ambassador -p 6379:6379 svendowideit/ambassador + +On the other host, you can set up another ambassador setting environment +variables for each remote port we want to proxy to the +`big-server` + + client-server $ docker run -d -name redis_ambassador -expose 6379 -e REDIS_PORT_6379_TCP=tcp://192.168.1.52:6379 svendowideit/ambassador + +Then on the `client-server` host, you can use a +redis client container to talk to the remote redis server, just by +linking to the local redis ambassador. + + client-server $ docker run -i -t -rm -link redis_ambassador:redis relateiq/redis-cli + redis 172.17.0.160:6379> ping + PONG + +## How it works + +The following example shows what the `svendowideit/ambassador` +container does automatically (with a tiny amount of `sed`) + +On the docker host (192.168.1.52) that redis will run on: + + # start actual redis server + $ docker run -d -name redis crosbymichael/redis + + # get a redis-cli container for connection testing + $ docker pull relateiq/redis-cli + + # test the redis server by talking to it directly + $ docker run -t -i -rm -link redis:redis relateiq/redis-cli + redis 172.17.0.136:6379> ping + PONG + ^D + + # add redis ambassador + $ docker run -t -i -link redis:redis -name redis_ambassador -p 6379:6379 busybox sh + +in the redis_ambassador container, you can see the linked redis +containers'senv + + $ env + REDIS_PORT=tcp://172.17.0.136:6379 + REDIS_PORT_6379_TCP_ADDR=172.17.0.136 + REDIS_NAME=/redis_ambassador/redis + HOSTNAME=19d7adf4705e + REDIS_PORT_6379_TCP_PORT=6379 + HOME=/ + REDIS_PORT_6379_TCP_PROTO=tcp + container=lxc + REDIS_PORT_6379_TCP=tcp://172.17.0.136:6379 + TERM=xterm + PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + PWD=/ + +This environment is used by the ambassador socat script to expose redis +to the world (via the -p 6379:6379 port mapping) + + $ docker rm redis_ambassador + $ sudo ./contrib/mkimage-unittest.sh + $ docker run -t -i -link redis:redis -name redis_ambassador -p 6379:6379 docker-ut sh + + $ socat TCP4-LISTEN:6379,fork,reuseaddr TCP4:172.17.0.136:6379 + +then ping the redis server via the ambassador + +Now goto a different server + + $ sudo ./contrib/mkimage-unittest.sh + $ docker run -t -i -expose 6379 -name redis_ambassador docker-ut sh + + $ socat TCP4-LISTEN:6379,fork,reuseaddr TCP4:192.168.1.52:6379 + +and get the redis-cli image so we can talk over the ambassador bridge + + $ docker pull relateiq/redis-cli + $ docker run -i -t -rm -link redis_ambassador:redis relateiq/redis-cli + redis 172.17.0.160:6379> ping + PONG + +## The svendowideit/ambassador Dockerfile + +The `svendowideit/ambassador` image is a small +busybox image with `socat` built in. When you start +the container, it uses a small `sed` script to parse +out the (possibly multiple) link environment variables to set up the +port forwarding. On the remote host, you need to set the variable using +the `-e` command line option. + +`--expose 1234 -e REDIS_PORT_1234_TCP=tcp://192.168.1.52:6379` +will forward the local `1234` port to the +remote IP and port - in this case `192.168.1.52:6379`. + + # + # + # first you need to build the docker-ut image + # using ./contrib/mkimage-unittest.sh + # then + # docker build -t SvenDowideit/ambassador . + # docker tag SvenDowideit/ambassador ambassador + # then to run it (on the host that has the real backend on it) + # docker run -t -i -link redis:redis -name redis_ambassador -p 6379:6379 ambassador + # on the remote host, you can set up another ambassador + # docker run -t -i -name redis_ambassador -expose 6379 sh + + FROM docker-ut + MAINTAINER SvenDowideit@home.org.au + + + CMD env | grep _TCP= | sed 's/.*_PORT_\([0-9]*\)_TCP=tcp:\/\/\(.*\):\(.*\)/socat TCP4-LISTEN:\1,fork,reuseaddr TCP4:\2:\3 \&/' | sh && top diff --git a/docs/sources/use/ambassador_pattern_linking.rst b/docs/sources/use/ambassador_pattern_linking.rst deleted file mode 100644 index bbd5816768..0000000000 --- a/docs/sources/use/ambassador_pattern_linking.rst +++ /dev/null @@ -1,183 +0,0 @@ -:title: Link via an Ambassador Container -:description: Using the Ambassador pattern to abstract (network) services -:keywords: Examples, Usage, links, docker, documentation, examples, names, name, container naming - -.. _ambassador_pattern_linking: - -Link via an Ambassador Container -================================ - -Rather than hardcoding network links between a service consumer and provider, Docker -encourages service portability. - -eg, instead of - -.. code-block:: bash - - (consumer) --> (redis) - -requiring you to restart the ``consumer`` to attach it to a different ``redis`` service, -you can add ambassadors - -.. code-block:: bash - - (consumer) --> (redis-ambassador) --> (redis) - - or - - (consumer) --> (redis-ambassador) ---network---> (redis-ambassador) --> (redis) - -When you need to rewire your consumer to talk to a different redis server, you -can just restart the ``redis-ambassador`` container that the consumer is connected to. - -This pattern also allows you to transparently move the redis server to a different -docker host from the consumer. - -Using the ``svendowideit/ambassador`` container, the link wiring is controlled entirely -from the ``docker run`` parameters. - -Two host Example ----------------- - -Start actual redis server on one Docker host - -.. code-block:: bash - - big-server $ docker run -d --name redis crosbymichael/redis - -Then add an ambassador linked to the redis server, mapping a port to the outside world - -.. code-block:: bash - - big-server $ docker run -d --link redis:redis --name redis_ambassador -p 6379:6379 svendowideit/ambassador - -On the other host, you can set up another ambassador setting environment variables for each remote port we want to proxy to the ``big-server`` - -.. code-block:: bash - - client-server $ docker run -d --name redis_ambassador --expose 6379 -e REDIS_PORT_6379_TCP=tcp://192.168.1.52:6379 svendowideit/ambassador - -Then on the ``client-server`` host, you can use a redis client container to talk -to the remote redis server, just by linking to the local redis ambassador. - -.. code-block:: bash - - client-server $ docker run -i -t --rm --link redis_ambassador:redis relateiq/redis-cli - redis 172.17.0.160:6379> ping - PONG - - - -How it works ------------- - -The following example shows what the ``svendowideit/ambassador`` container does -automatically (with a tiny amount of ``sed``) - -On the docker host (192.168.1.52) that redis will run on: - -.. code-block:: bash - - # start actual redis server - $ docker run -d --name redis crosbymichael/redis - - # get a redis-cli container for connection testing - $ docker pull relateiq/redis-cli - - # test the redis server by talking to it directly - $ docker run -t -i --rm --link redis:redis relateiq/redis-cli - redis 172.17.0.136:6379> ping - PONG - ^D - - # add redis ambassador - $ docker run -t -i --link redis:redis --name redis_ambassador -p 6379:6379 busybox sh - -in the redis_ambassador container, you can see the linked redis containers's env - -.. code-block:: bash - - $ env - REDIS_PORT=tcp://172.17.0.136:6379 - REDIS_PORT_6379_TCP_ADDR=172.17.0.136 - REDIS_NAME=/redis_ambassador/redis - HOSTNAME=19d7adf4705e - REDIS_PORT_6379_TCP_PORT=6379 - HOME=/ - REDIS_PORT_6379_TCP_PROTO=tcp - container=lxc - REDIS_PORT_6379_TCP=tcp://172.17.0.136:6379 - TERM=xterm - PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - PWD=/ - - -This environment is used by the ambassador socat script to expose redis to the world -(via the -p 6379:6379 port mapping) - -.. code-block:: bash - - $ docker rm redis_ambassador - $ sudo ./contrib/mkimage-unittest.sh - $ docker run -t -i --link redis:redis --name redis_ambassador -p 6379:6379 docker-ut sh - - $ socat TCP4-LISTEN:6379,fork,reuseaddr TCP4:172.17.0.136:6379 - -then ping the redis server via the ambassador - -.. code-block::bash - - $ docker run -i -t --rm --link redis_ambassador:redis relateiq/redis-cli - redis 172.17.0.160:6379> ping - PONG - -Now goto a different server - -.. code-block:: bash - - $ sudo ./contrib/mkimage-unittest.sh - $ docker run -t -i --expose 6379 --name redis_ambassador docker-ut sh - - $ socat TCP4-LISTEN:6379,fork,reuseaddr TCP4:192.168.1.52:6379 - -and get the redis-cli image so we can talk over the ambassador bridge - -.. code-block:: bash - - $ docker pull relateiq/redis-cli - $ docker run -i -t --rm --link redis_ambassador:redis relateiq/redis-cli - redis 172.17.0.160:6379> ping - PONG - -The svendowideit/ambassador Dockerfile --------------------------------------- - -The ``svendowideit/ambassador`` image is a small busybox image with ``socat`` built in. -When you start the container, it uses a small ``sed`` script to parse out the (possibly multiple) -link environment variables to set up the port forwarding. On the remote host, you need to set the -variable using the ``-e`` command line option. - -``--expose 1234 -e REDIS_PORT_1234_TCP=tcp://192.168.1.52:6379`` will forward the -local ``1234`` port to the remote IP and port - in this case ``192.168.1.52:6379``. - - -:: - - # - # - # first you need to build the docker-ut image - # using ./contrib/mkimage-unittest.sh - # then - # docker build -t SvenDowideit/ambassador . - # docker tag SvenDowideit/ambassador ambassador - # then to run it (on the host that has the real backend on it) - # docker run -t -i --link redis:redis --name redis_ambassador -p 6379:6379 ambassador - # on the remote host, you can set up another ambassador - # docker run -t -i --name redis_ambassador --expose 6379 sh - - FROM docker-ut - MAINTAINER SvenDowideit@home.org.au - - - CMD env | grep _TCP= | sed 's/.*_PORT_\([0-9]*\)_TCP=tcp:\/\/\(.*\):\(.*\)/socat TCP4-LISTEN:\1,fork,reuseaddr TCP4:\2:\3 \&/' | sh && top - diff --git a/docs/sources/use/basics.md b/docs/sources/use/basics.md new file mode 100644 index 0000000000..ee3eeabd9d --- /dev/null +++ b/docs/sources/use/basics.md @@ -0,0 +1,175 @@ +page_title: First steps with Docker +page_description: Common usage and commands +page_keywords: Examples, Usage, basic commands, docker, documentation, examples + +# First steps with Docker + +## Check your Docker install + +This guide assumes you have a working installation of Docker. To check +your Docker install, run the following command: + + # Check that you have a working install + $ docker info + +If you get `docker: command not found` or something +like `/var/lib/docker/repositories: permission denied` +you may have an incomplete docker installation or insufficient +privileges to access Docker on your machine. + +Please refer to [*Installation*](/installation/#installation-list) +for installation instructions. + +## Download a pre-built image + + # Download an ubuntu image + $ sudo docker pull ubuntu + +This will find the `ubuntu` image by name on +[*Docker.io*](../workingwithrepository/#find-public-images-on-dockerio) and +download it from [Docker.io](https://index.docker.io) to a local image +cache. + +> **Note**: +> When the image has successfully downloaded, you will see a 12 character +> hash `539c0211cd76: Download complete` which is the +> short form of the image ID. These short image IDs are the first 12 +> characters of the full image ID - which can be found using +> `docker inspect` or `docker images --no-trunc=true` + +**If you're using OS X** then you shouldn't use `sudo`. + +## Running an interactive shell + + # Run an interactive shell in the ubuntu image, + # allocate a tty, attach stdin and stdout + # To detach the tty without exiting the shell, + # use the escape sequence Ctrl-p + Ctrl-q + # note: This will continue to exist in a stopped state once exited (see "docker ps -a") + $ sudo docker run -i -t ubuntu /bin/bash + +## Bind Docker to another host/port or a Unix socket + +> **Warning**: +> Changing the default `docker` daemon binding to a +> TCP port or Unix *docker* user group will increase your security risks +> by allowing non-root users to gain *root* access on the host. Make sure +> you control access to `docker`. If you are binding +> to a TCP port, anyone with access to that port has full Docker access; +> so it is not advisable on an open network. + +With `-H` it is possible to make the Docker daemon +to listen on a specific IP and port. By default, it will listen on +`unix:///var/run/docker.sock` to allow only local +connections by the *root* user. You *could* set it to +`0.0.0.0:4243` or a specific host IP to give access +to everybody, but that is **not recommended** because then it is trivial +for someone to gain root access to the host where the daemon is running. + +Similarly, the Docker client can use `-H` to connect +to a custom port. + +`-H` accepts host and port assignment in the +following format: `tcp://[host][:port]` or +`unix://path` + +For example: + +- `tcp://host:4243` -> tcp connection on + host:4243 +- `unix://path/to/socket` -> unix socket located + at `path/to/socket` + +`-H`, when empty, will default to the same value as +when no `-H` was passed in. + +`-H` also accepts short form for TCP bindings: +`host[:port]` or `:port` + + # Run docker in daemon mode + $ sudo /docker -H 0.0.0.0:5555 -d & + # Download an ubuntu image + $ sudo docker -H :5555 pull ubuntu + +You can use multiple `-H`, for example, if you want +to listen on both TCP and a Unix socket + + # Run docker in daemon mode + $ sudo /docker -H tcp://127.0.0.1:4243 -H unix:///var/run/docker.sock -d & + # Download an ubuntu image, use default Unix socket + $ sudo docker pull ubuntu + # OR use the TCP port + $ sudo docker -H tcp://127.0.0.1:4243 pull ubuntu + +## Starting a long-running worker process + + # Start a very useful long-running process + $ JOB=$(sudo docker run -d ubuntu /bin/sh -c "while true; do echo Hello world; sleep 1; done") + + # Collect the output of the job so far + $ sudo docker logs $JOB + + # Kill the job + $ sudo docker kill $JOB + +## Listing containers + + $ sudo docker ps # Lists only running containers + $ sudo docker ps -a # Lists all containers + +## Controlling containers + + # Start a new container + $ JOB=$(sudo docker run -d ubuntu /bin/sh -c "while true; do echo Hello world; sleep 1; done") + + # Stop the container + $ docker stop $JOB + + # Start the container + $ docker start $JOB + + # Restart the container + $ docker restart $JOB + + # SIGKILL a container + $ docker kill $JOB + + # Remove a container + $ docker stop $JOB # Container must be stopped to remove it + $ docker rm $JOB + +## Bind a service on a TCP port + + # Bind port 4444 of this container, and tell netcat to listen on it + $ JOB=$(sudo docker run -d -p 4444 ubuntu:12.10 /bin/nc -l 4444) + + # Which public port is NATed to my container? + $ PORT=$(sudo docker port $JOB 4444 | awk -F: '{ print $2 }') + + # Connect to the public port + $ echo hello world | nc 127.0.0.1 $PORT + + # Verify that the network connection worked + $ echo "Daemon received: $(sudo docker logs $JOB)" + +## Committing (saving) a container state + +Save your containers state to a container image, so the state can be +re-used. + +When you commit your container only the differences between the image +the container was created from and the current state of the container +will be stored (as a diff). See which images you already have using the +`docker images` command. + + # Commit your container to a new named image + $ sudo docker commit + + # List your containers + $ sudo docker images + +You now have a image state from which you can create new instances. + +Read more about [*Share Images via Repositories*]( +../workingwithrepository/#working-with-the-repository) or +continue to the complete [*Command Line*](/reference/commandline/cli/#cli) diff --git a/docs/sources/use/basics.rst b/docs/sources/use/basics.rst deleted file mode 100644 index 4164e706f7..0000000000 --- a/docs/sources/use/basics.rst +++ /dev/null @@ -1,199 +0,0 @@ -:title: First steps with Docker -:description: Common usage and commands -:keywords: Examples, Usage, basic commands, docker, documentation, examples - - -First steps with Docker -======================= - -Check your Docker install -------------------------- - -This guide assumes you have a working installation of Docker. To check -your Docker install, run the following command: - -.. code-block:: bash - - # Check that you have a working install - docker info - -If you get ``docker: command not found`` or something like -``/var/lib/docker/repositories: permission denied`` you may have an incomplete -docker installation or insufficient privileges to access Docker on your machine. - -Please refer to :ref:`installation_list` for installation instructions. - -Download a pre-built image --------------------------- - -.. code-block:: bash - - # Download an ubuntu image - sudo docker pull ubuntu - -This will find the ``ubuntu`` image by name in the :ref:`Central Index -` and download it from the top-level Central -Repository to a local image cache. - -.. NOTE:: When the image has successfully downloaded, you will see a - 12 character hash ``539c0211cd76: Download complete`` which is the - short form of the image ID. These short image IDs are the first 12 - characters of the full image ID - which can be found using ``docker - inspect`` or ``docker images --no-trunc=true`` - - **If you're using OS X** then you shouldn't use ``sudo`` - -Running an interactive shell ----------------------------- - -.. code-block:: bash - - # Run an interactive shell in the ubuntu image, - # allocate a tty, attach stdin and stdout - # To detach the tty without exiting the shell, - # use the escape sequence Ctrl-p + Ctrl-q - # note: This will continue to exist in a stopped state once exited (see "docker ps -a") - sudo docker run -i -t ubuntu /bin/bash - -.. _bind_docker: - -Bind Docker to another host/port or a Unix socket -------------------------------------------------- - -.. warning:: Changing the default ``docker`` daemon binding to a TCP - port or Unix *docker* user group will increase your security risks - by allowing non-root users to gain *root* access on the - host. Make sure you control access to ``docker``. If you are binding - to a TCP port, anyone with access to that port has full Docker access; - so it is not advisable on an open network. - -With ``-H`` it is possible to make the Docker daemon to listen on a -specific IP and port. By default, it will listen on -``unix:///var/run/docker.sock`` to allow only local connections by the -*root* user. You *could* set it to ``0.0.0.0:4243`` or a specific host IP to -give access to everybody, but that is **not recommended** because then -it is trivial for someone to gain root access to the host where the -daemon is running. - -Similarly, the Docker client can use ``-H`` to connect to a custom port. - -``-H`` accepts host and port assignment in the following format: -``tcp://[host][:port]`` or ``unix://path`` - -For example: - -* ``tcp://host:4243`` -> tcp connection on host:4243 -* ``unix://path/to/socket`` -> unix socket located at ``path/to/socket`` - -``-H``, when empty, will default to the same value as when no ``-H`` was passed in. - -``-H`` also accepts short form for TCP bindings: -``host[:port]`` or ``:port`` - -.. code-block:: bash - - # Run docker in daemon mode - sudo /docker -H 0.0.0.0:5555 -d & - # Download an ubuntu image - sudo docker -H :5555 pull ubuntu - -You can use multiple ``-H``, for example, if you want to listen on -both TCP and a Unix socket - -.. code-block:: bash - - # Run docker in daemon mode - sudo /docker -H tcp://127.0.0.1:4243 -H unix:///var/run/docker.sock -d & - # Download an ubuntu image, use default Unix socket - sudo docker pull ubuntu - # OR use the TCP port - sudo docker -H tcp://127.0.0.1:4243 pull ubuntu - -Starting a long-running worker process --------------------------------------- - -.. code-block:: bash - - # Start a very useful long-running process - JOB=$(sudo docker run -d ubuntu /bin/sh -c "while true; do echo Hello world; sleep 1; done") - - # Collect the output of the job so far - sudo docker logs $JOB - - # Kill the job - sudo docker kill $JOB - - -Listing containers ------------------- - -.. code-block:: bash - - sudo docker ps # Lists only running containers - sudo docker ps -a # Lists all containers - - -Controlling containers ----------------------- -.. code-block:: bash - - # Start a new container - JOB=$(sudo docker run -d ubuntu /bin/sh -c "while true; do echo Hello world; sleep 1; done") - - # Stop the container - docker stop $JOB - - # Start the container - docker start $JOB - - # Restart the container - docker restart $JOB - - # SIGKILL a container - docker kill $JOB - - # Remove a container - docker stop $JOB # Container must be stopped to remove it - docker rm $JOB - - -Bind a service on a TCP port ------------------------------- - -.. code-block:: bash - - # Bind port 4444 of this container, and tell netcat to listen on it - JOB=$(sudo docker run -d -p 4444 ubuntu:12.10 /bin/nc -l 4444) - - # Which public port is NATed to my container? - PORT=$(sudo docker port $JOB 4444 | awk -F: '{ print $2 }') - - # Connect to the public port - echo hello world | nc 127.0.0.1 $PORT - - # Verify that the network connection worked - echo "Daemon received: $(sudo docker logs $JOB)" - - -Committing (saving) a container state -------------------------------------- - -Save your containers state to a container image, so the state can be re-used. - -When you commit your container only the differences between the image the -container was created from and the current state of the container will be -stored (as a diff). See which images you already have using the ``docker -images`` command. - -.. code-block:: bash - - # Commit your container to a new named image - sudo docker commit - - # List your containers - sudo docker images - -You now have a image state from which you can create new instances. - -Read more about :ref:`working_with_the_repository` or continue to the -complete :ref:`cli` diff --git a/docs/sources/use/chef.md b/docs/sources/use/chef.md new file mode 100644 index 0000000000..897c2b429a --- /dev/null +++ b/docs/sources/use/chef.md @@ -0,0 +1,74 @@ +page_title: Chef Usage +page_description: Installation and using Docker via Chef +page_keywords: chef, installation, usage, docker, documentation + +# Using Chef + +> **Note**: +> Please note this is a community contributed installation path. The only +> `official` installation is using the +> [*Ubuntu*](/installation/ubuntulinux/#ubuntu-linux) installation +> path. This version may sometimes be out of date. + +## Requirements + +To use this guide you'll need a working installation of +[Chef](http://www.getchef.com/). This cookbook supports a variety of +operating systems. + +## Installation + +The cookbook is available on the [Chef Community +Site](http://community.opscode.com/cookbooks/docker) and can be installed using +your favorite cookbook dependency manager. + +The source can be found on +[GitHub](https://github.com/bflad/chef-docker). + +## Usage + +The cookbook provides recipes for installing Docker, configuring init +for Docker, and resources for managing images and containers. It +supports almost all Docker functionality. + +### Installation + + include_recipe 'docker' + +### Images + +The next step is to pull a Docker image. For this, we have a resource: + + docker_image 'samalba/docker-registry' + +This is equivalent to running: + + $ docker pull samalba/docker-registry + +There are attributes available to control how long the cookbook will +allow for downloading (5 minute default). + +To remove images you no longer need: + + docker_image 'samalba/docker-registry' do + action :remove + end + +### Containers + +Now you have an image where you can run commands within a container +managed by Docker. + + docker_container 'samalba/docker-registry' do + detach true + port '5000:5000' + env 'SETTINGS_FLAVOR=local' + volume '/mnt/docker:/docker-storage' + end + +This is equivalent to running the following command, but under upstart: + + $ docker run --detach=true --publish='5000:5000' --env='SETTINGS_FLAVOR=local' --volume='/mnt/docker:/docker-storage' samalba/docker-registry + +The resources will accept a single string or an array of values for any +docker flags that allow multiple values. diff --git a/docs/sources/use/chef.rst b/docs/sources/use/chef.rst deleted file mode 100644 index 919eba7a8f..0000000000 --- a/docs/sources/use/chef.rst +++ /dev/null @@ -1,95 +0,0 @@ -:title: Chef Usage -:description: Installation and using Docker via Chef -:keywords: chef, installation, usage, docker, documentation - -.. _install_using_chef: - -Using Chef -============= - -.. note:: - - Please note this is a community contributed installation path. The - only 'official' installation is using the :ref:`ubuntu_linux` - installation path. This version may sometimes be out of date. - -Requirements ------------- - -To use this guide you'll need a working installation of -`Chef `_. This cookbook supports a variety of -operating systems. - -Installation ------------- - -The cookbook is available on the `Chef Community Site -`_ and can be installed -using your favorite cookbook dependency manager. - -The source can be found on `GitHub -`_. - -Usage ------ - -The cookbook provides recipes for installing Docker, configuring init -for Docker, and resources for managing images and containers. -It supports almost all Docker functionality. - -Installation -~~~~~~~~~~~~ - -.. code-block:: ruby - - include_recipe 'docker' - -Images -~~~~~~ - -The next step is to pull a Docker image. For this, we have a resource: - -.. code-block:: ruby - - docker_image 'samalba/docker-registry' - -This is equivalent to running: - -.. code-block:: bash - - docker pull samalba/docker-registry - -There are attributes available to control how long the cookbook -will allow for downloading (5 minute default). - -To remove images you no longer need: - -.. code-block:: ruby - - docker_image 'samalba/docker-registry' do - action :remove - end - -Containers -~~~~~~~~~~ - -Now you have an image where you can run commands within a container -managed by Docker. - -.. code-block:: ruby - - docker_container 'samalba/docker-registry' do - detach true - port '5000:5000' - env 'SETTINGS_FLAVOR=local' - volume '/mnt/docker:/docker-storage' - end - -This is equivalent to running the following command, but under upstart: - -.. code-block:: bash - - docker run --detach=true --publish='5000:5000' --env='SETTINGS_FLAVOR=local' --volume='/mnt/docker:/docker-storage' samalba/docker-registry - -The resources will accept a single string or an array of values -for any docker flags that allow multiple values. diff --git a/docs/sources/use/host_integration.md b/docs/sources/use/host_integration.md new file mode 100644 index 0000000000..370c00e20a --- /dev/null +++ b/docs/sources/use/host_integration.md @@ -0,0 +1,62 @@ +page_title: Automatically Start Containers +page_description: How to generate scripts for upstart, systemd, etc. +page_keywords: systemd, upstart, supervisor, docker, documentation, host integration + +# Automatically Start Containers + +You can use your Docker containers with process managers like +`upstart`, `systemd` and `supervisor`. + +## Introduction + +If you want a process manager to manage your containers you will need to +run the docker daemon with the `-r=false` so that +docker will not automatically restart your containers when the host is +restarted. + +When you have finished setting up your image and are happy with your +running container, you can then attach a process manager to manage it. +When your run `docker start -a` docker will +automatically attach to the running container, or start it if needed and +forward all signals so that the process manager can detect when a +container stops and correctly restart it. + +Here are a few sample scripts for systemd and upstart to integrate with +docker. + +## Sample Upstart Script + +In this example We've already created a container to run Redis with +`--name redis_server`. To create an upstart script +for our container, we create a file named +`/etc/init/redis.conf` and place the following into +it: + + description "Redis container" + author "Me" + start on filesystem and started docker + stop on runlevel [!2345] + respawn + script + /usr/bin/docker start -a redis_server + end script + +Next, we have to configure docker so that it's run with the option +`-r=false`. Run the following command: + + $ sudo sh -c "echo 'DOCKER_OPTS=\"-r=false\"' > /etc/default/docker" + +## Sample systemd Script + + [Unit] + Description=Redis container + Author=Me + After=docker.service + + [Service] + Restart=always + ExecStart=/usr/bin/docker start -a redis_server + ExecStop=/usr/bin/docker stop -t 2 redis_server + + [Install] + WantedBy=local.target diff --git a/docs/sources/use/host_integration.rst b/docs/sources/use/host_integration.rst deleted file mode 100644 index cb920a5908..0000000000 --- a/docs/sources/use/host_integration.rst +++ /dev/null @@ -1,74 +0,0 @@ -:title: Automatically Start Containers -:description: How to generate scripts for upstart, systemd, etc. -:keywords: systemd, upstart, supervisor, docker, documentation, host integration - - - -Automatically Start Containers -============================== - -You can use your Docker containers with process managers like ``upstart``, -``systemd`` and ``supervisor``. - -Introduction ------------- - -If you want a process manager to manage your containers you will need to run -the docker daemon with the ``-r=false`` so that docker will not automatically -restart your containers when the host is restarted. - -When you have finished setting up your image and are happy with your -running container, you can then attach a process manager to manage -it. When your run ``docker start -a`` docker will automatically attach -to the running container, or start it if needed and forward all signals -so that the process manager can detect when a container stops and correctly -restart it. - -Here are a few sample scripts for systemd and upstart to integrate with docker. - - -Sample Upstart Script ---------------------- - -In this example we've already created a container to run Redis with -``--name redis_server``. To create an upstart script for our container, -we create a file named ``/etc/init/redis.conf`` and place the following -into it: - -.. code-block:: bash - - description "Redis container" - author "Me" - start on filesystem and started docker - stop on runlevel [!2345] - respawn - script - /usr/bin/docker start -a redis_server - end script - -Next, we have to configure docker so that it's run with the option ``-r=false``. -Run the following command: - -.. code-block:: bash - - $ sudo sh -c "echo 'DOCKER_OPTS=\"-r=false\"' > /etc/default/docker" - - -Sample systemd Script ---------------------- - -.. code-block:: bash - - [Unit] - Description=Redis container - Author=Me - After=docker.service - - [Service] - Restart=always - ExecStart=/usr/bin/docker start -a redis_server - ExecStop=/usr/bin/docker stop -t 2 redis_server - - [Install] - WantedBy=local.target - diff --git a/docs/sources/use/index.rst b/docs/sources/use/index.rst deleted file mode 100644 index dcf6289b41..0000000000 --- a/docs/sources/use/index.rst +++ /dev/null @@ -1,24 +0,0 @@ -:title: Documentation -:description: -- todo: change me -:keywords: todo, docker, documentation, basic, builder - - - -Use -======== - -Contents: - -.. toctree:: - :maxdepth: 1 - - basics - workingwithrepository - port_redirection - networking - host_integration - working_with_volumes - working_with_links_names - ambassador_pattern_linking - chef - puppet diff --git a/docs/sources/use/networking.md b/docs/sources/use/networking.md new file mode 100644 index 0000000000..00d0684256 --- /dev/null +++ b/docs/sources/use/networking.md @@ -0,0 +1,138 @@ +page_title: Configure Networking +page_description: Docker networking +page_keywords: network, networking, bridge, docker, documentation + +# Configure Networking + +## Introduction + +Docker uses Linux bridge capabilities to provide network connectivity to +containers. The `docker0` bridge interface is +managed by Docker for this purpose. When the Docker daemon starts it : + + - creates the `docker0` bridge if not present + - searches for an IP address range which doesn't overlap with an existing route + - picks an IP in the selected range + - assigns this IP to the `docker0` bridge + + + + # List host bridges + $ sudo brctl show + bridge name bridge id STP enabled interfaces + docker0 8000.000000000000 no + + # Show docker0 IP address + $ sudo ifconfig docker0 + docker0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx + inet addr:172.17.42.1 Bcast:0.0.0.0 Mask:255.255.0.0 + +At runtime, a [*specific kind of virtual interface*](#vethxxxx-device) +is given to each container which is then bonded to the `docker0` bridge. +Each container also receives a dedicated IP address from the same range +as `docker0`. The `docker0` IP address is used as the default gateway +for the container. + + # Run a container + $ sudo docker run -t -i -d base /bin/bash + 52f811c5d3d69edddefc75aff5a4525fc8ba8bcfa1818132f9dc7d4f7c7e78b4 + + $ sudo brctl show + bridge name bridge id STP enabled interfaces + docker0 8000.fef213db5a66 no vethQCDY1N + +Above, `docker0` acts as a bridge for the `vethQCDY1N` interface which +is dedicated to the 52f811c5d3d6 container. + +## How to use a specific IP address range + +Docker will try hard to find an IP range that is not used by the host. +Even though it works for most cases, it's not bullet-proof and sometimes +you need to have more control over the IP addressing scheme. + +For this purpose, Docker allows you to manage the `docker0` +bridge or your own one using the `-b=` +parameter. + +In this scenario: + + - ensure Docker is stopped + - create your own bridge (`bridge0` for example) + - assign a specific IP to this bridge + - start Docker with the `-b=bridge0` parameter + + + + # Stop Docker + $ sudo service docker stop + + # Clean docker0 bridge and + # add your very own bridge0 + $ sudo ifconfig docker0 down + $ sudo brctl addbr bridge0 + $ sudo ifconfig bridge0 192.168.227.1 netmask 255.255.255.0 + + # Edit your Docker startup file + $ echo "DOCKER_OPTS=\"-b=bridge0\"" >> /etc/default/docker + + # Start Docker + $ sudo service docker start + + # Ensure bridge0 IP is not changed by Docker + $ sudo ifconfig bridge0 + bridge0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx + inet addr:192.168.227.1 Bcast:192.168.227.255 Mask:255.255.255.0 + + # Run a container + docker run -i -t base /bin/bash + + # Container IP in the 192.168.227/24 range + root@261c272cd7d5:/# ifconfig eth0 + eth0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx + inet addr:192.168.227.5 Bcast:192.168.227.255 Mask:255.255.255.0 + + # bridge0 IP as the default gateway + root@261c272cd7d5:/# route -n + Kernel IP routing table + Destination Gateway Genmask Flags Metric Ref Use Iface + 0.0.0.0 192.168.227.1 0.0.0.0 UG 0 0 0 eth0 + 192.168.227.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 + + # hits CTRL+P then CTRL+Q to detach + + # Display bridge info + $ sudo brctl show + bridge name bridge id STP enabled interfaces + bridge0 8000.fe7c2e0faebd no vethAQI2QT + +## Container intercommunication + +The value of the Docker daemon's `icc` parameter +determines whether containers can communicate with each other over the +bridge network. + + - The default, `-icc=true` allows containers to communicate with each other. + - `-icc=false` means containers are isolated from each other. + +Docker uses `iptables` under the hood to either +accept or drop communication between containers. + +## What is the vethXXXX device? + +Well. Things get complicated here. + +The `vethXXXX` interface is the host side of a +point-to-point link between the host and the corresponding container; +the other side of the link is the container's `eth0` +interface. This pair (host `vethXXX` and container +`eth0`) are connected like a tube. Everything that +comes in one side will come out the other side. + +All the plumbing is delegated to Linux network capabilities (check the +ip link command) and the namespaces infrastructure. + +## I want more + +Jérôme Petazzoni has create `pipework` to connect together containers in +arbitrarily complex scenarios: +[https://github.com/jpetazzo/pipework](https://github.com/jpetazzo/pipework) diff --git a/docs/sources/use/networking.rst b/docs/sources/use/networking.rst deleted file mode 100644 index 59c63ed674..0000000000 --- a/docs/sources/use/networking.rst +++ /dev/null @@ -1,153 +0,0 @@ -:title: Configure Networking -:description: Docker networking -:keywords: network, networking, bridge, docker, documentation - - -Configure Networking -==================== - -Docker uses Linux bridge capabilities to provide network connectivity -to containers. The ``docker0`` bridge interface is managed by Docker -for this purpose. When the Docker daemon starts it : - -- creates the ``docker0`` bridge if not present -- searches for an IP address range which doesn't overlap with an existing route -- picks an IP in the selected range -- assigns this IP to the ``docker0`` bridge - - -.. code-block:: bash - - # List host bridges - $ sudo brctl show - bridge name bridge id STP enabled interfaces - docker0 8000.000000000000 no - - # Show docker0 IP address - $ sudo ifconfig docker0 - docker0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx - inet addr:172.17.42.1 Bcast:0.0.0.0 Mask:255.255.0.0 - - - -At runtime, a :ref:`specific kind of virtual -interface` is given to each container which is then -bonded to the ``docker0`` bridge. Each container also receives a -dedicated IP address from the same range as ``docker0``. The -``docker0`` IP address is used as the default gateway for the -container. - -.. code-block:: bash - - # Run a container - $ sudo docker run -t -i -d base /bin/bash - 52f811c5d3d69edddefc75aff5a4525fc8ba8bcfa1818132f9dc7d4f7c7e78b4 - - $ sudo brctl show - bridge name bridge id STP enabled interfaces - docker0 8000.fef213db5a66 no vethQCDY1N - - -Above, ``docker0`` acts as a bridge for the ``vethQCDY1N`` interface -which is dedicated to the 52f811c5d3d6 container. - - -How to use a specific IP address range ---------------------------------------- - -Docker will try hard to find an IP range that is not used by the -host. Even though it works for most cases, it's not bullet-proof and -sometimes you need to have more control over the IP addressing scheme. - -For this purpose, Docker allows you to manage the ``docker0`` bridge -or your own one using the ``-b=`` parameter. - -In this scenario: - -- ensure Docker is stopped -- create your own bridge (``bridge0`` for example) -- assign a specific IP to this bridge -- start Docker with the ``-b=bridge0`` parameter - - -.. code-block:: bash - - # Stop Docker - $ sudo service docker stop - - # Clean docker0 bridge and - # add your very own bridge0 - $ sudo ifconfig docker0 down - $ sudo brctl addbr bridge0 - $ sudo ifconfig bridge0 192.168.227.1 netmask 255.255.255.0 - - # Edit your Docker startup file - $ echo "DOCKER_OPTS=\"-b=bridge0\"" >> /etc/default/docker - - # Start Docker - $ sudo service docker start - - # Ensure bridge0 IP is not changed by Docker - $ sudo ifconfig bridge0 - bridge0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx - inet addr:192.168.227.1 Bcast:192.168.227.255 Mask:255.255.255.0 - - # Run a container - $ docker run -i -t base /bin/bash - - # Container IP in the 192.168.227/24 range - root@261c272cd7d5:/# ifconfig eth0 - eth0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx - inet addr:192.168.227.5 Bcast:192.168.227.255 Mask:255.255.255.0 - - # bridge0 IP as the default gateway - root@261c272cd7d5:/# route -n - Kernel IP routing table - Destination Gateway Genmask Flags Metric Ref Use Iface - 0.0.0.0 192.168.227.1 0.0.0.0 UG 0 0 0 eth0 - 192.168.227.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 - - # hits CTRL+P then CTRL+Q to detach - - # Display bridge info - $ sudo brctl show - bridge name bridge id STP enabled interfaces - bridge0 8000.fe7c2e0faebd no vethAQI2QT - - -Container intercommunication -------------------------------- - -The value of the Docker daemon's ``icc`` parameter determines whether -containers can communicate with each other over the bridge network. - -- The default, ``--icc=true`` allows containers to communicate with each other. -- ``--icc=false`` means containers are isolated from each other. - -Docker uses ``iptables`` under the hood to either accept or -drop communication between containers. - - -.. _vethxxxx-device: - -What is the vethXXXX device? ------------------------------------ -Well. Things get complicated here. - -The ``vethXXXX`` interface is the host side of a point-to-point link -between the host and the corresponding container; the other side of -the link is the container's ``eth0`` -interface. This pair (host ``vethXXX`` and container ``eth0``) are -connected like a tube. Everything that comes in one side will come out -the other side. - -All the plumbing is delegated to Linux network capabilities (check the -ip link command) and the namespaces infrastructure. - - -I want more ------------- - -Jérôme Petazzoni has created ``pipework`` to connect together -containers in arbitrarily complex scenarios : -https://github.com/jpetazzo/pipework diff --git a/docs/sources/use/port_redirection.md b/docs/sources/use/port_redirection.md new file mode 100644 index 0000000000..9f2ce98eae --- /dev/null +++ b/docs/sources/use/port_redirection.md @@ -0,0 +1,124 @@ +page_title: Redirect Ports +page_description: usage about port redirection +page_keywords: Usage, basic port, docker, documentation, examples + +# Redirect Ports + +## Introduction + +Interacting with a service is commonly done through a connection to a +port. When this service runs inside a container, one can connect to the +port after finding the IP address of the container as follows: + + # Find IP address of container with ID + $ docker inspect | grep IPAddress | cut -d '"' -f 4 + +However, this IP address is local to the host system and the container +port is not reachable by the outside world. Furthermore, even if the +port is used locally, e.g. by another container, this method is tedious +as the IP address of the container changes every time it starts. + +Docker addresses these two problems and give a simple and robust way to +access services running inside containers. + +To allow non-local clients to reach the service running inside the +container, Docker provide ways to bind the container port to an +interface of the host system. To simplify communication between +containers, Docker provides the linking mechanism. + +## Auto map all exposed ports on the host + +To bind all the exposed container ports to the host automatically, use +`docker run -P `. The mapped host ports +will be auto-selected from a pool of unused ports (49000..49900), and +you will need to use `docker ps`, `docker inspect ` or +`docker port ` to determine what they are. + +## Binding a port to a host interface + +To bind a port of the container to a specific interface of the host +system, use the `-p` parameter of the `docker run` command: + + # General syntax + $ docker run -p [([:[host_port]])|():][/udp] + +When no host interface is provided, the port is bound to all available +interfaces of the host machine (aka INADDR_ANY, or 0.0.0.0). When no +host port is provided, one is dynamically allocated. The possible +combinations of options for TCP port are the following: + + # Bind TCP port 8080 of the container to TCP port 80 on 127.0.0.1 of the host machine. + $ docker run -p 127.0.0.1:80:8080 + + # Bind TCP port 8080 of the container to a dynamically allocated TCP port on 127.0.0.1 of the host machine. + $ docker run -p 127.0.0.1::8080 + + # Bind TCP port 8080 of the container to TCP port 80 on all available interfaces of the host machine. + $ docker run -p 80:8080 + + # Bind TCP port 8080 of the container to a dynamically allocated TCP port on all available interfaces of the host machine. + $ docker run -p 8080 + +UDP ports can also be bound by adding a trailing `/udp`. All the +combinations described for TCP work. Here is only one example: + + # Bind UDP port 5353 of the container to UDP port 53 on 127.0.0.1 of the host machine. + $ docker run -p 127.0.0.1:53:5353/udp + +The command `docker port` lists the interface and port on the host machine +bound to a given container port. It is useful when using dynamically allocated +ports: + + # Bind to a dynamically allocated port + $ docker run -p 127.0.0.1::8080 --name dyn-bound + + # Lookup the actual port + $ docker port dyn-bound 8080 + 127.0.0.1:49160 + +## Linking a container + +Communication between two containers can also be established in a +docker-specific way called linking. + +To briefly present the concept of linking, let us consider two containers: +`server`, containing the service, and `client`, accessing the service. Once +`server` is running, `client` is started and links to server. Linking sets +environment variables in `client` giving it some information about `server`. +In this sense, linking is a method of service discovery. + +Let us now get back to our topic of interest; communication between the two +containers. We mentioned that the tricky part about this communication was that +the IP address of `server` was not fixed. Therefore, some of the environment +variables are going to be used to inform `client` about this IP address. This +process called exposure, is possible because `client` is started after `server` +has been started. + +Here is a full example. On `server`, the port of interest is exposed. The +exposure is done either through the `--expose` parameter to the `docker run` +command, or the `EXPOSE` build command in a Dockerfile: + + # Expose port 80 + $ docker run --expose 80 --name server + +The `client` then links to the `server`: + + # Link + $ docker run --name client --link server:linked-server + +`client` locally refers to `server` as `linked-server`. The following +environment variables, among others, are available on `client`: + + # The default protocol, ip, and port of the service running in the container + $ LINKED-SERVER_PORT=tcp://172.17.0.8:80 + + # A specific protocol, ip, and port of various services + $ LINKED-SERVER_PORT_80_TCP=tcp://172.17.0.8:80 + $ LINKED-SERVER_PORT_80_TCP_PROTO=tcp + $ LINKED-SERVER_PORT_80_TCP_ADDR=172.17.0.8 + $ LINKED-SERVER_PORT_80_TCP_PORT=80 + +This tells `client` that a service is running on port 80 of `server` and that +`server` is accessible at the IP address 172.17.0.8 + +Note: Using the `-p` parameter also exposes the port. diff --git a/docs/sources/use/port_redirection.rst b/docs/sources/use/port_redirection.rst deleted file mode 100644 index cf5c2100a9..0000000000 --- a/docs/sources/use/port_redirection.rst +++ /dev/null @@ -1,152 +0,0 @@ -:title: Redirect Ports -:description: usage about port redirection -:keywords: Usage, basic port, docker, documentation, examples - - -.. _port_redirection: - -Redirect Ports -============== - -Interacting with a service is commonly done through a connection to a -port. When this service runs inside a container, one can connect to -the port after finding the IP address of the container as follows: - -.. code-block:: bash - - # Find IP address of container with ID - docker inspect | grep IPAddress | cut -d '"' -f 4 - -However, this IP address is local to the host system and the container -port is not reachable by the outside world. Furthermore, even if the -port is used locally, e.g. by another container, this method is -tedious as the IP address of the container changes every time it -starts. - -Docker addresses these two problems and give a simple and robust way -to access services running inside containers. - -To allow non-local clients to reach the service running inside the -container, Docker provide ways to bind the container port to an -interface of the host system. To simplify communication between -containers, Docker provides the linking mechanism. - -Auto map all exposed ports on the host --------------------------------------- - -To bind all the exposed container ports to the host automatically, use -``docker run -P ``. The mapped host ports will be auto-selected -from a pool of unused ports (49000..49900), and you will need to use -``docker ps``, ``docker inspect `` or -``docker port `` to determine what they are. - -Binding a port to a host interface ------------------------------------ - -To bind a port of the container to a specific interface of the host -system, use the ``-p`` parameter of the ``docker run`` command: - -.. code-block:: bash - - # General syntax - docker run -p [([:[host_port]])|():][/udp] - -When no host interface is provided, the port is bound to all available -interfaces of the host machine (aka INADDR_ANY, or 0.0.0.0).When no host port is -provided, one is dynamically allocated. The possible combinations of options for -TCP port are the following: - -.. code-block:: bash - - # Bind TCP port 8080 of the container to TCP port 80 on 127.0.0.1 of the host machine. - docker run -p 127.0.0.1:80:8080 - - # Bind TCP port 8080 of the container to a dynamically allocated TCP port on 127.0.0.1 of the host machine. - docker run -p 127.0.0.1::8080 - - # Bind TCP port 8080 of the container to TCP port 80 on all available interfaces of the host machine. - docker run -p 80:8080 - - # Bind TCP port 8080 of the container to a dynamically allocated TCP port on all available interfaces of the host machine. - docker run -p 8080 - -UDP ports can also be bound by adding a trailing ``/udp``. All the -combinations described for TCP work. Here is only one example: - -.. code-block:: bash - - # Bind UDP port 5353 of the container to UDP port 53 on 127.0.0.1 of the host machine. - docker run -p 127.0.0.1:53:5353/udp - -The command ``docker port`` lists the interface and port on the host -machine bound to a given container port. It is useful when using -dynamically allocated ports: - -.. code-block:: bash - - # Bind to a dynamically allocated port - docker run -p 127.0.0.1::8080 --name dyn-bound - - # Lookup the actual port - docker port dyn-bound 8080 - 127.0.0.1:49160 - - -Linking a container -------------------- - -Communication between two containers can also be established in a -docker-specific way called linking. - -To briefly present the concept of linking, let us consider two -containers: ``server``, containing the service, and ``client``, -accessing the service. Once ``server`` is running, ``client`` is -started and links to server. Linking sets environment variables in -``client`` giving it some information about ``server``. In this sense, -linking is a method of service discovery. - -Let us now get back to our topic of interest; communication between -the two containers. We mentioned that the tricky part about this -communication was that the IP address of ``server`` was not -fixed. Therefore, some of the environment variables are going to be -used to inform ``client`` about this IP address. This process called -exposure, is possible because ``client`` is started after ``server`` -has been started. - -Here is a full example. On ``server``, the port of interest is -exposed. The exposure is done either through the ``--expose`` parameter -to the ``docker run`` command, or the ``EXPOSE`` build command in a -Dockerfile: - -.. code-block:: bash - - # Expose port 80 - docker run --expose 80 --name server - -The ``client`` then links to the ``server``: - -.. code-block:: bash - - # Link - docker run --name client --link server:linked-server - -``client`` locally refers to ``server`` as ``linked-server``. The -following environment variables, among others, are available on -``client``: - -.. code-block:: bash - - # The default protocol, ip, and port of the service running in the container - LINKED-SERVER_PORT=tcp://172.17.0.8:80 - - # A specific protocol, ip, and port of various services - LINKED-SERVER_PORT_80_TCP=tcp://172.17.0.8:80 - LINKED-SERVER_PORT_80_TCP_PROTO=tcp - LINKED-SERVER_PORT_80_TCP_ADDR=172.17.0.8 - LINKED-SERVER_PORT_80_TCP_PORT=80 - -This tells ``client`` that a service is running on port 80 of -``server`` and that ``server`` is accessible at the IP address -172.17.0.8 - -Note: Using the ``-p`` parameter also exposes the port. diff --git a/docs/sources/use/puppet.md b/docs/sources/use/puppet.md new file mode 100644 index 0000000000..a0d20ab446 --- /dev/null +++ b/docs/sources/use/puppet.md @@ -0,0 +1,92 @@ +page_title: Puppet Usage +page_description: Installating and using Puppet +page_keywords: puppet, installation, usage, docker, documentation + +# Using Puppet + +> *Note:* Please note this is a community contributed installation path. The +> only `official` installation is using the +> [*Ubuntu*](/installation/ubuntulinux/#ubuntu-linux) installation +> path. This version may sometimes be out of date. + +## Requirements + +To use this guide you'll need a working installation of Puppet from +[Puppetlabs](https://puppetlabs.com) . + +The module also currently uses the official PPA so only works with +Ubuntu. + +## Installation + +The module is available on the [Puppet +Forge](https://forge.puppetlabs.com/garethr/docker/) and can be +installed using the built-in module tool. + + $ puppet module install garethr/docker + +It can also be found on +[GitHub](https://github.com/garethr/garethr-docker) if you would +rather download the source. + +## Usage + +The module provides a puppet class for installing Docker and two defined +types for managing images and containers. + +### Installation + + include 'docker' + +### Images + +The next step is probably to install a Docker image. For this, we have a +defined type which can be used like so: + + docker::image { 'ubuntu': } + +This is equivalent to running: + + $ docker pull ubuntu + +Note that it will only be downloaded if an image of that name does not +already exist. This is downloading a large binary so on first run can +take a while. For that reason this define turns off the default 5 minute +timeout for the exec type. Note that you can also remove images you no +longer need with: + + docker::image { 'ubuntu': + ensure => 'absent', + } + +### Containers + +Now you have an image where you can run commands within a container +managed by Docker. + + docker::run { 'helloworld': + image => 'ubuntu', + command => '/bin/sh -c "while true; do echo hello world; sleep 1; done"', + } + +This is equivalent to running the following command, but under upstart: + + $ docker run -d ubuntu /bin/sh -c "while true; do echo hello world; sleep 1; done" + +Run also contains a number of optional parameters: + + docker::run { 'helloworld': + image => 'ubuntu', + command => '/bin/sh -c "while true; do echo hello world; sleep 1; done"', + ports => ['4444', '4555'], + volumes => ['/var/lib/couchdb', '/var/log'], + volumes_from => '6446ea52fbc9', + memory_limit => 10485760, # bytes + username => 'example', + hostname => 'example.com', + env => ['FOO=BAR', 'FOO2=BAR2'], + dns => ['8.8.8.8', '8.8.4.4'], + } + +Note that ports, env, dns and volumes can be set with either a single +string or as above with an array of values. diff --git a/docs/sources/use/puppet.rst b/docs/sources/use/puppet.rst deleted file mode 100644 index 4183c14f18..0000000000 --- a/docs/sources/use/puppet.rst +++ /dev/null @@ -1,117 +0,0 @@ -:title: Puppet Usage -:description: Installating and using Puppet -:keywords: puppet, installation, usage, docker, documentation - -.. _install_using_puppet: - -Using Puppet -============= - -.. note:: - - Please note this is a community contributed installation path. The - only 'official' installation is using the :ref:`ubuntu_linux` - installation path. This version may sometimes be out of date. - -Requirements ------------- - -To use this guide you'll need a working installation of Puppet from -`Puppetlabs `_ . - -The module also currently uses the official PPA so only works with Ubuntu. - -Installation ------------- - -The module is available on the `Puppet Forge -`_ and can be installed -using the built-in module tool. - -.. code-block:: bash - - puppet module install garethr/docker - -It can also be found on `GitHub -`_ if you would rather -download the source. - -Usage ------ - -The module provides a puppet class for installing Docker and two defined types -for managing images and containers. - -Installation -~~~~~~~~~~~~ - -.. code-block:: ruby - - include 'docker' - -Images -~~~~~~ - -The next step is probably to install a Docker image. For this, we have a -defined type which can be used like so: - -.. code-block:: ruby - - docker::image { 'ubuntu': } - -This is equivalent to running: - -.. code-block:: bash - - docker pull ubuntu - -Note that it will only be downloaded if an image of that name does -not already exist. This is downloading a large binary so on first -run can take a while. For that reason this define turns off the -default 5 minute timeout for the exec type. Note that you can also -remove images you no longer need with: - -.. code-block:: ruby - - docker::image { 'ubuntu': - ensure => 'absent', - } - -Containers -~~~~~~~~~~ - -Now you have an image where you can run commands within a container -managed by Docker. - -.. code-block:: ruby - - docker::run { 'helloworld': - image => 'ubuntu', - command => '/bin/sh -c "while true; do echo hello world; sleep 1; done"', - } - -This is equivalent to running the following command, but under upstart: - -.. code-block:: bash - - docker run -d ubuntu /bin/sh -c "while true; do echo hello world; sleep 1; done" - -Run also contains a number of optional parameters: - -.. code-block:: ruby - - docker::run { 'helloworld': - image => 'ubuntu', - command => '/bin/sh -c "while true; do echo hello world; sleep 1; done"', - ports => ['4444', '4555'], - volumes => ['/var/lib/couchdb', '/var/log'], - volumes_from => '6446ea52fbc9', - memory_limit => 10485760, # bytes - username => 'example', - hostname => 'example.com', - env => ['FOO=BAR', 'FOO2=BAR2'], - dns => ['8.8.8.8', '8.8.4.4'], - } - -Note that ports, env, dns and volumes can be set with either a single string -or as above with an array of values. diff --git a/docs/sources/use/working_with_links_names.md b/docs/sources/use/working_with_links_names.md new file mode 100644 index 0000000000..6951e3c26f --- /dev/null +++ b/docs/sources/use/working_with_links_names.md @@ -0,0 +1,140 @@ +page_title: Link Containers +page_description: How to create and use both links and names +page_keywords: Examples, Usage, links, linking, docker, documentation, examples, names, name, container naming + +# Link Containers + +## Introduction + +From version 0.6.5 you are now able to `name` a container and `link` it to +another container by referring to its name. This will create a parent -> child +relationship where the parent container can see selected information about its +child. + +## Container Naming + +New in version v0.6.5. + +You can now name your container by using the `--name` flag. If no name is +provided, Docker will automatically generate a name. You can see this name +using the `docker ps` command. + + # format is "sudo docker run --name " + $ sudo docker run --name test ubuntu /bin/bash + + # the flag "-a" Show all containers. Only running containers are shown by default. + $ sudo docker ps -a + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 2522602a0d99 ubuntu:12.04 /bin/bash 14 seconds ago Exit 0 test + +## Links: service discovery for docker + +New in version v0.6.5. + +Links allow containers to discover and securely communicate with each +other by using the flag `-link name:alias`. Inter-container communication +can be disabled with the daemon flag `-icc=false`. With this flag set to +`false`, Container A cannot access Container unless explicitly allowed via +a link. This is a huge win for securing your containers. When two containers +are linked together Docker creates a parent child relationship between the +containers. The parent container will be able to access information via +environment variables of the child such as name, exposed ports, IP and other +selected environment variables. + +When linking two containers Docker will use the exposed ports of the container +to create a secure tunnel for the parent to access. If a database container +only exposes port 8080 then the linked container will only be allowed to access +port 8080 and nothing else if inter-container communication is set to false. + +For example, there is an image called `crosbymichael/redis` that exposes the +port 6379 and starts the Redis server. Let's name the container as `redis` +based on that image and run it as daemon. + + $ sudo docker run -d --name redis crosbymichael/redis + +We can issue all the commands that you would expect using the name `redis`; +start, stop, attach, using the name for our container. The name also allows +us to link other containers into this one. + +Next, we can start a new web application that has a dependency on Redis and +apply a link to connect both containers. If you noticed when running our Redis +server we did not use the `-p` flag to publish the Redis port to the host +system. Redis exposed port 6379 and this is all we need to establish a link. + + $ sudo docker run -t -i --link redis:db --name webapp ubuntu bash + +When you specified `--link redis:db` you are telling Docker to link the +container named `redis` into this new container with the alias `db`. +Environment variables are prefixed with the alias so that the parent container +can access network and environment information from the containers that are +linked into it. + +If we inspect the environment variables of the second container, we would see +all the information about the child container. + + $ root@4c01db0b339c:/# env + + HOSTNAME=4c01db0b339c + DB_NAME=/webapp/db + TERM=xterm + DB_PORT=tcp://172.17.0.8:6379 + DB_PORT_6379_TCP=tcp://172.17.0.8:6379 + DB_PORT_6379_TCP_PROTO=tcp + DB_PORT_6379_TCP_ADDR=172.17.0.8 + DB_PORT_6379_TCP_PORT=6379 + PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + PWD=/ + SHLVL=1 + HOME=/ + container=lxc + _=/usr/bin/env + root@4c01db0b339c:/# + +Accessing the network information along with the environment of the child +container allows us to easily connect to the Redis service on the specific +IP and port in the environment. + +> **Note**: +> These Environment variables are only set for the first process in the +> container. Similarly, some daemons (such as `sshd`) +> will scrub them when spawning shells for connection. + +You can work around this by storing the initial `env` in a file, or looking +at `/proc/1/environ`. + +Running `docker ps` shows the 2 containers, and the `webapp/db` alias name for +the Redis container. + + $ docker ps + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 4c01db0b339c ubuntu:12.04 bash 17 seconds ago Up 16 seconds webapp + d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db + +## Resolving Links by Name + +New in version v0.11. + +Linked containers can be accessed by hostname. Hostnames are mapped by +appending entries to '/etc/hosts' using the linked container's alias. + +For example, linking a container using '--link redis:db' will generate the +following '/etc/hosts' file: + + root@6541a75d44a0:/# cat /etc/hosts + 172.17.0.3 6541a75d44a0 + 172.17.0.2 db + + 127.0.0.1 localhost + ::1 localhost ip6-localhost ip6-loopback + fe00::0 ip6-localnet + ff00::0 ip6-mcastprefix + ff02::1 ip6-allnodes + ff02::2 ip6-allrouters + root@6541a75d44a0:/# + +Using this mechanism, you can communicate with the linked container by +name: + + root@6541a75d44a0:/# echo PING | redis-cli -h db + PONG + root@6541a75d44a0:/# diff --git a/docs/sources/use/working_with_links_names.rst b/docs/sources/use/working_with_links_names.rst deleted file mode 100644 index 4acb6079c1..0000000000 --- a/docs/sources/use/working_with_links_names.rst +++ /dev/null @@ -1,132 +0,0 @@ -:title: Link Containers -:description: How to create and use both links and names -:keywords: Examples, Usage, links, linking, docker, documentation, examples, names, name, container naming - -.. _working_with_links_names: - -Link Containers -=============== - -From version 0.6.5 you are now able to ``name`` a container and -``link`` it to another container by referring to its name. This will -create a parent -> child relationship where the parent container can -see selected information about its child. - -.. _run_name: - -Container Naming ----------------- - -.. versionadded:: v0.6.5 - -You can now name your container by using the ``--name`` flag. If no -name is provided, Docker will automatically generate a name. You can -see this name using the ``docker ps`` command. - -.. code-block:: bash - - # format is "sudo docker run --name " - $ sudo docker run --name test ubuntu /bin/bash - - # the flag "-a" Show all containers. Only running containers are shown by default. - $ sudo docker ps -a - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 2522602a0d99 ubuntu:12.04 /bin/bash 14 seconds ago Exit 0 test - -.. _run_link: - -Links: service discovery for docker ------------------------------------ - -.. versionadded:: v0.6.5 - -Links allow containers to discover and securely communicate with each -other by using the flag ``--link name:alias``. Inter-container -communication can be disabled with the daemon flag -``--icc=false``. With this flag set to ``false``, Container A cannot -access Container B unless explicitly allowed via a link. This is a -huge win for securing your containers. When two containers are linked -together Docker creates a parent child relationship between the -containers. The parent container will be able to access information -via environment variables of the child such as name, exposed ports, IP -and other selected environment variables. - -When linking two containers Docker will use the exposed ports of the -container to create a secure tunnel for the parent to access. If a -database container only exposes port 8080 then the linked container -will only be allowed to access port 8080 and nothing else if -inter-container communication is set to false. - -For example, there is an image called ``crosbymichael/redis`` that exposes the -port 6379 and starts the Redis server. Let's name the container as ``redis`` -based on that image and run it as a daemon. - -.. code-block:: bash - - $ sudo docker run -d --name redis crosbymichael/redis - -We can issue all the commands that you would expect using the name -``redis``; start, stop, attach, using the name for our container. The -name also allows us to link other containers into this one. - -Next, we can start a new web application that has a dependency on -Redis and apply a link to connect both containers. If you noticed when -running our Redis server we did not use the ``-p`` flag to publish the -Redis port to the host system. Redis exposed port 6379 and this is all -we need to establish a link. - -.. code-block:: bash - - $ sudo docker run -t -i --link redis:db --name webapp ubuntu bash - -When you specified ``--link redis:db`` you are telling Docker to link -the container named ``redis`` into this new container with the alias -``db``. Environment variables are prefixed with the alias so that the -parent container can access network and environment information from -the containers that are linked into it. - -If we inspect the environment variables of the second container, we -would see all the information about the child container. - -.. code-block:: bash - - $ root@4c01db0b339c:/# env - - HOSTNAME=4c01db0b339c - DB_NAME=/webapp/db - TERM=xterm - DB_PORT=tcp://172.17.0.8:6379 - DB_PORT_6379_TCP=tcp://172.17.0.8:6379 - DB_PORT_6379_TCP_PROTO=tcp - DB_PORT_6379_TCP_ADDR=172.17.0.8 - DB_PORT_6379_TCP_PORT=6379 - PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - PWD=/ - SHLVL=1 - HOME=/ - container=lxc - _=/usr/bin/env - root@4c01db0b339c:/# - -Accessing the network information along with the environment of the -child container allows us to easily connect to the Redis service on -the specific IP and port in the environment. - -.. note:: - These Environment variables are only set for the first process in - the container. Similarly, some daemons (such as ``sshd``) will - scrub them when spawning shells for connection. - - You can work around this by storing the initial ``env`` in a file, - or looking at ``/proc/1/environ``. - -Running ``docker ps`` shows the 2 containers, and the ``webapp/db`` -alias name for the Redis container. - -.. code-block:: bash - - $ docker ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 4c01db0b339c ubuntu:12.04 bash 17 seconds ago Up 16 seconds webapp - d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db - diff --git a/docs/sources/use/working_with_volumes.md b/docs/sources/use/working_with_volumes.md new file mode 100644 index 0000000000..7d6136b85a --- /dev/null +++ b/docs/sources/use/working_with_volumes.md @@ -0,0 +1,171 @@ +page_title: Share Directories via Volumes +page_description: How to create and share volumes +page_keywords: Examples, Usage, volume, docker, documentation, examples + +# Share Directories via Volumes + +## Introduction + +A *data volume* is a specially-designated directory within one or more +containers that bypasses the [*Union File +System*](/terms/layer/#ufs-def) to provide several useful features +for persistent or shared data: + + - **Data volumes can be shared and reused between containers:** + This is the feature that makes data volumes so powerful. You can + use it for anything from hot database upgrades to custom backup or + replication tools. See the example below. + - **Changes to a data volume are made directly:** + Without the overhead of a copy-on-write mechanism. This is good for + very large files. + - **Changes to a data volume will not be included at the next commit:** + Because they are not recorded as regular filesystem changes in the + top layer of the [*Union File System*](/terms/layer/#ufs-def) + - **Volumes persist until no containers use them:** + As they are a reference counted resource. The container does not need to be + running to share its volumes, but running it can help protect it + against accidental removal via `docker rm`. + +Each container can have zero or more data volumes. + +New in version v0.3.0. + +## Getting Started + +Using data volumes is as simple as adding a `-v` +parameter to the `docker run` command. The +`-v` parameter can be used more than once in order +to create more volumes within the new container. To create a new +container with two new volumes: + + $ docker run -v /var/volume1 -v /var/volume2 busybox true + +This command will create the new container with two new volumes that +exits instantly (`true` is pretty much the smallest, +simplest program that you can run). Once created you can mount its +volumes in any other container using the `--volumes-from` +option; irrespective of whether the container is running or +not. + +Or, you can use the VOLUME instruction in a Dockerfile to add one or +more new volumes to any container created from that image: + + # BUILD-USING: $ docker build -t data . + # RUN-USING: $ docker run -name DATA data + FROM busybox + VOLUME ["/var/volume1", "/var/volume2"] + CMD ["/bin/true"] + +### Creating and mounting a Data Volume Container + +If you have some persistent data that you want to share between +containers, or want to use from non-persistent containers, it's best to +create a named Data Volume Container, and then to mount the data from +it. + +Create a named container with volumes to share (`/var/volume1` +and `/var/volume2`): + + $ docker run -v /var/volume1 -v /var/volume2 -name DATA busybox true + +Then mount those data volumes into your application containers: + + $ docker run -t -i -rm -volumes-from DATA -name client1 ubuntu bash + +You can use multiple `-volumes-from` parameters to +bring together multiple data volumes from multiple containers. + +Interestingly, you can mount the volumes that came from the +`DATA` container in yet another container via the +`client1` middleman container: + + $ docker run -t -i -rm -volumes-from client1 -name client2 ubuntu bash + +This allows you to abstract the actual data source from users of that +data, similar to [*Ambassador Pattern Linking*]( +../ambassador_pattern_linking/#ambassador-pattern-linking). + +If you remove containers that mount volumes, including the initial DATA +container, or the middleman, the volumes will not be deleted until there +are no containers still referencing those volumes. This allows you to +upgrade, or effectively migrate data volumes between containers. + +### Mount a Host Directory as a Container Volume: + + -v=[]: Create a bind mount with: [host-dir]:[container-dir]:[rw|ro]. + +You must specify an absolute path for `host-dir`. If `host-dir` is missing from +the command, then Docker creates a new volume. If `host-dir` is present but +points to a non-existent directory on the host, Docker will automatically +create this directory and use it as the source of the bind-mount. + +Note that this is not available from a Dockerfile due the portability and +sharing purpose of it. The `host-dir` volumes are entirely host-dependent +and might not work on any other machine. + +For example: + + # Usage: + # sudo docker run [OPTIONS] -v /(dir. on host):/(dir. in container):(Read-Write or Read-Only) [ARG..] + # Example: + $ sudo docker run -i -t -v /var/log:/logs_from_host:ro ubuntu bash + +The command above mounts the host directory `/var/log` into the container +with *read only* permissions as `/logs_from_host`. + +New in version v0.5.0. + +### Note for OS/X users and remote daemon users: + +OS/X users run `boot2docker` to create a minimalist virtual machine running +the docker daemon. That virtual machine then launches docker commands on +behalf of the OS/X command line. The means that `host directories` refer to +directories in the `boot2docker` virtual machine, not the OS/X filesystem. + +Similarly, anytime when the docker daemon is on a remote machine, the +`host directories` always refer to directories on the daemon's machine. + +### Backup, restore, or migrate data volumes + +You cannot back up volumes using `docker export`, `docker save` and `docker cp` +because they are external to images. Instead you can use `--volumes-from` to +start a new container that can access the data-container's volume. For example: + + $ sudo docker run -rm --volumes-from DATA -v $(pwd):/backup busybox tar cvf /backup/backup.tar /data + + - `-rm`: + remove the container when it exits + - `--volumes-from DATA`: + attach to the volumes shared by the `DATA` container + - `-v $(pwd):/backup`: + bind mount the current directory into the container; to write the tar file to + - `busybox`: + a small simpler image - good for quick maintenance + - `tar cvf /backup/backup.tar /data`: + creates an uncompressed tar file of all the files in the `/data` directory + +Then to restore to the same container, or another that you`ve made elsewhere: + + # create a new data container + $ sudo docker run -v /data -name DATA2 busybox true + # untar the backup files into the new container᾿s data volume + $ sudo docker run -rm --volumes-from DATA2 -v $(pwd):/backup busybox tar xvf /backup/backup.tar + data/ + data/sven.txt + # compare to the original container + $ sudo docker run -rm --volumes-from DATA -v `pwd`:/backup busybox ls /data + sven.txt + +You can use the basic techniques above to automate backup, migration and +restore testing using your preferred tools. + +## Known Issues + + - [Issue 2702](https://github.com/dotcloud/docker/issues/2702): + "lxc-start: Permission denied - failed to mount" could indicate a + permissions problem with AppArmor. Please see the issue for a + workaround. + - [Issue 2528](https://github.com/dotcloud/docker/issues/2528): the + busybox container is used to make the resulting container as small + and simple as possible - whenever you need to interact with the data + in the volume you mount it into another container. diff --git a/docs/sources/use/working_with_volumes.rst b/docs/sources/use/working_with_volumes.rst deleted file mode 100644 index d2f035dc84..0000000000 --- a/docs/sources/use/working_with_volumes.rst +++ /dev/null @@ -1,164 +0,0 @@ -:title: Share Directories via Volumes -:description: How to create and share volumes -:keywords: Examples, Usage, volume, docker, documentation, examples - -.. _volume_def: - -Share Directories via Volumes -============================= - -A *data volume* is a specially-designated directory within one or more -containers that bypasses the :ref:`ufs_def` to provide several useful -features for persistent or shared data: - -* **Data volumes can be shared and reused between containers.** This - is the feature that makes data volumes so powerful. You can use it - for anything from hot database upgrades to custom backup or - replication tools. See the example below. -* **Changes to a data volume are made directly**, without the overhead - of a copy-on-write mechanism. This is good for very large files. -* **Changes to a data volume will not be included at the next commit** - because they are not recorded as regular filesystem changes in the - top layer of the :ref:`ufs_def` -* **Volumes persist until no containers use them** as they are a reference - counted resource. The container does not need to be running to share its - volumes, but running it can help protect it against accidental removal - via ``docker rm``. - -Each container can have zero or more data volumes. - -.. versionadded:: v0.3.0 - -Getting Started -............... - -Using data volumes is as simple as adding a ``-v`` parameter to the ``docker run`` -command. The ``-v`` parameter can be used more than once in order to -create more volumes within the new container. To create a new container with -two new volumes:: - - $ docker run -v /var/volume1 -v /var/volume2 busybox true - -This command will create the new container with two new volumes that -exits instantly (``true`` is pretty much the smallest, simplest program -that you can run). Once created you can mount its volumes in any other -container using the ``--volumes-from`` option; irrespective of whether the -container is running or not. - -Or, you can use the VOLUME instruction in a Dockerfile to add one or more new -volumes to any container created from that image:: - - # BUILD-USING: docker build -t data . - # RUN-USING: docker run --name DATA data - FROM busybox - VOLUME ["/var/volume1", "/var/volume2"] - CMD ["/bin/true"] - -Creating and mounting a Data Volume Container ---------------------------------------------- - -If you have some persistent data that you want to share between containers, -or want to use from non-persistent containers, its best to create a named -Data Volume Container, and then to mount the data from it. - -Create a named container with volumes to share (``/var/volume1`` and ``/var/volume2``):: - - $ docker run -v /var/volume1 -v /var/volume2 --name DATA busybox true - -Then mount those data volumes into your application containers:: - - $ docker run -t -i --rm --volumes-from DATA --name client1 ubuntu bash - -You can use multiple ``--volumes-from`` parameters to bring together multiple -data volumes from multiple containers. - -Interestingly, you can mount the volumes that came from the ``DATA`` container in -yet another container via the ``client1`` middleman container:: - - $ docker run -t -i --rm --volumes-from client1 --name client2 ubuntu bash - -This allows you to abstract the actual data source from users of that data, -similar to :ref:`ambassador_pattern_linking `. - -If you remove containers that mount volumes, including the initial DATA container, -or the middleman, the volumes will not be deleted until there are no containers still -referencing those volumes. This allows you to upgrade, or effectively migrate data volumes -between containers. - -Mount a Host Directory as a Container Volume: ---------------------------------------------- - -:: - - -v=[]: Create a bind mount with: [host-dir]:[container-dir]:[rw|ro]. - -You must specify an absolute path for ``host-dir``. -If ``host-dir`` is missing from the command, then docker creates a new volume. -If ``host-dir`` is present but points to a non-existent directory on the host, -Docker will automatically create this directory and use it as the source of the -bind-mount. - -Note that this is not available from a Dockerfile due the portability and -sharing purpose of it. The ``host-dir`` volumes are entirely host-dependent and -might not work on any other machine. - -For example:: - - sudo docker run -t -i -v /var/logs:/var/host_logs:ro ubuntu bash - -The command above mounts the host directory ``/var/logs`` into the -container with read only permissions as ``/var/host_logs``. - -.. versionadded:: v0.5.0 - - -Note for OS/X users and remote daemon users: --------------------------------------------- - -OS/X users run ``boot2docker`` to create a minimalist virtual machine running the docker daemon. That -virtual machine then launches docker commands on behalf of the OS/X command line. The means that ``host -directories`` refer to directories in the ``boot2docker`` virtual machine, not the OS/X filesystem. - -Similarly, anytime when the docker daemon is on a remote machine, the ``host directories`` always refer to directories on the daemon's machine. - -Backup, restore, or migrate data volumes ----------------------------------------- - -You cannot back up volumes using ``docker export``, ``docker save`` and ``docker cp`` -because they are external to images. -Instead you can use ``--volumes-from`` to start a new container that can access the -data-container's volume. For example:: - - $ sudo docker run --rm --volumes-from DATA -v $(pwd):/backup busybox tar cvf /backup/backup.tar /data - -* ``--rm`` - remove the container when it exits -* ``--volumes-from DATA`` - attach to the volumes shared by the ``DATA`` container -* ``-v $(pwd):/backup`` - bind mount the current directory into the container; to write the tar file to -* ``busybox`` - a small simpler image - good for quick maintenance -* ``tar cvf /backup/backup.tar /data`` - creates an uncompressed tar file of all the files in the ``/data`` directory - -Then to restore to the same container, or another that you've made elsewhere:: - - # create a new data container - $ sudo docker run -v /data --name DATA2 busybox true - # untar the backup files into the new container's data volume - $ sudo docker run --rm --volumes-from DATA2 -v $(pwd):/backup busybox tar xvf /backup/backup.tar - data/ - data/sven.txt - # compare to the original container - $ sudo docker run --rm --volumes-from DATA -v `pwd`:/backup busybox ls /data - sven.txt - - -You can use the basic techniques above to automate backup, migration and restore -testing using your preferred tools. - -Known Issues -............ - -* :issue:`2702`: "lxc-start: Permission denied - failed to mount" - could indicate a permissions problem with AppArmor. Please see the - issue for a workaround. -* :issue:`2528`: the busybox container is used to make the resulting container as small and - simple as possible - whenever you need to interact with the data in the volume - you mount it into another container. diff --git a/docs/sources/use/workingwithrepository.md b/docs/sources/use/workingwithrepository.md new file mode 100644 index 0000000000..07f130a909 --- /dev/null +++ b/docs/sources/use/workingwithrepository.md @@ -0,0 +1,246 @@ +page_title: Share Images via Repositories +page_description: Repositories allow users to share images. +page_keywords: repo, repositories, usage, pull image, push image, image, documentation + +# Share Images via Repositories + +## Introduction + +Docker is not only a tool for creating and managing your own +[*containers*](/terms/container/#container-def) – **Docker is also a +tool for sharing**. A *repository* is a shareable collection of tagged +[*images*](/terms/image/#image-def) that together create the file +systems for containers. The repository's name is a label that indicates +the provenance of the repository, i.e. who created it and where the +original copy is located. + +You can find one or more repositories hosted on a *registry*. There are +two types of *registry*: public and private. There's also a default +*registry* that Docker uses which is called +[Docker.io](http://index.docker.io). +[Docker.io](http://index.docker.io) is the home of +"top-level" repositories and public "user" repositories. The Docker +project provides [Docker.io](http://index.docker.io) to host public and +[private repositories](https://index.docker.io/plans/), namespaced by +user. We provide user authentication and search over all the public +repositories. + +Docker acts as a client for these services via the `docker search, pull, +login` and `push` commands. + +## Repositories + +### Local Repositories + +Docker images which have been created and labeled on your local Docker +server need to be pushed to a Public (by default they are pushed to +[Docker.io](http://index.docker.io)) or Private registry to be shared. + +### Public Repositories + +There are two types of public repositories: *top-level* repositories +which are controlled by the Docker team, and *user* repositories created +by individual contributors. Anyone can read from these repositories – +they really help people get started quickly! You could also use +[*Trusted Builds*](#trusted-builds) if you need to keep +control of who accesses your images. + +- Top-level repositories can easily be recognized by **not** having a + `/` (slash) in their name. These repositories represent trusted images + provided by the Docker team. +- User repositories always come in the form of `/`. + This is what your published images will look like if you push to the + public [Docker.io](http://index.docker.io) registry. +- Only the authenticated user can push to their *username* namespace on + a [Docker.io](http://index.docker.io) repository. +- User images are not curated, it is therefore up to you whether or not + you trust the creator of this image. + +### Private repositories + +You can also create private repositories on +[Docker.io](https://index.docker.io/plans/). These allow you to store +images that you don't want to share publicly. Only authenticated users +can push to private repositories. + +## Find Public Images on Docker.io + +You can search the [Docker.io](https://index.docker.io) registry or +using the command line interface. Searching can find images by name, +user name or description: + + $ sudo docker help search + Usage: docker search NAME + + Search the docker index for images + + -notrunc=false: Don᾿t truncate output + $ sudo docker search centos + Found 25 results matching your query ("centos") + NAME DESCRIPTION + centos + slantview/centos-chef-solo CentOS 6.4 with chef-solo. + ... + +There you can see two example results: `centos` and +`slantview/centos-chef-solo`. The second result +shows that it comes from the public repository of a user, +`slantview/`, while the first result +(`centos`) doesn't explicitly list a repository so +it comes from the trusted top-level namespace. The `/` +character separates a user's repository and the image name. + +Once you have found the image name, you can download it: + + # sudo docker pull + $ sudo docker pull centos + Pulling repository centos + 539c0211cd76: Download complete + +What can you do with that image? Check out the +[*Examples*](/examples/#example-list) and, when you're ready with +your own image, come back here to learn how to share it. + +## Contributing to Docker.io + +Anyone can pull public images from the +[Docker.io](http://index.docker.io) registry, but if you would like to +share one of your own images, then you must register a unique user name +first. You can create your username and login on +[Docker.io](https://index.docker.io/account/signup/), or by running + + $ sudo docker login + +This will prompt you for a username, which will become a public +namespace for your public repositories. + +If your username is available then `docker` will +also prompt you to enter a password and your e-mail address. It will +then automatically log you in. Now you're ready to commit and push your +own images! + +> **Note:** +> Your authentication credentials will be stored in the [`.dockercfg` +> authentication file](#authentication-file). + +## Committing a Container to a Named Image + +When you make changes to an existing image, those changes get saved to a +container's file system. You can then promote that container to become +an image by making a `commit`. In addition to converting the container +to an image, this is also your opportunity to name the image, +specifically a name that includes your user name from +[Docker.io](http://index.docker.io) (as you did a `login` above) and a +meaningful name for the image. + + # format is "sudo docker commit /" + $ sudo docker commit $CONTAINER_ID myname/kickassapp + +## Pushing a repository to its registry + +In order to push an repository to its registry you need to have named an +image, or committed your container to a named image (see above) + +Now you can push this repository to the registry designated by its name +or tag. + + # format is "docker push /" + $ sudo docker push myname/kickassapp + +## Trusted Builds + +Trusted Builds automate the building and updating of images from GitHub, +directly on `docker.io` servers. It works by adding +a commit hook to your selected repository, triggering a build and update +when you push a commit. + +### To setup a trusted build + +1. Create a [Docker.io account](https://index.docker.io/) and login. +2. Link your GitHub account through the `Link Accounts` menu. +3. [Configure a Trusted build](https://index.docker.io/builds/). +4. Pick a GitHub project that has a `Dockerfile` that you want to build. +5. Pick the branch you want to build (the default is the `master` branch). +6. Give the Trusted Build a name. +7. Assign an optional Docker tag to the Build. +8. Specify where the `Dockerfile` is located. The default is `/`. + +Once the Trusted Build is configured it will automatically trigger a +build, and in a few minutes, if there are no errors, you will see your +new trusted build on the [Docker.io](https://index.docker.io) Registry. +It will will stay in sync with your GitHub repo until you deactivate the +Trusted Build. + +If you want to see the status of your Trusted Builds you can go to your +[Trusted Builds page](https://index.docker.io/builds/) on the Docker +index, and it will show you the status of your builds, and the build +history. + +Once you`ve created a Trusted Build you can deactivate or delete it. You +cannot however push to a Trusted Build with the `docker push` command. +You can only manage it by committing code to your GitHub repository. + +You can create multiple Trusted Builds per repository and configure them +to point to specific `Dockerfile`'s or Git branches. + +## Private Registry + +Private registries are possible by hosting [your own +registry](https://github.com/dotcloud/docker-registry). + +> **Note**: +> You can also use private repositories on +> [Docker.io](https://index.docker.io/plans/). + +To push or pull to a repository on your own registry, you must prefix +the tag with the address of the registry's host (a `.` or `:` is used to +identify a host), like this: + + # Tag to create a repository with the full registry location. + # The location (e.g. localhost.localdomain:5000) becomes + # a permanent part of the repository name + $ sudo docker tag 0u812deadbeef localhost.localdomain:5000/repo_name + + # Push the new repository to its home location on localhost + $ sudo docker push localhost.localdomain:5000/repo_name + +Once a repository has your registry's host name as part of the tag, you +can push and pull it like any other repository, but it will **not** be +searchable (or indexed at all) on [Docker.io](http://index.docker.io), and there will be +no user name checking performed. Your registry will function completely +independently from the [Docker.io](http://index.docker.io) registry. + + + +See also + +[Docker Blog: How to use your own registry]( +http://blog.docker.io/2013/07/how-to-use-your-own-registry/) + +## Authentication File + +The authentication is stored in a json file, `.dockercfg` +located in your home directory. It supports multiple registry +urls. + +`docker login` will create the "[https://index.docker.io/v1/]( +https://index.docker.io/v1/)" key. + +`docker login https://my-registry.com` will create the +"[https://my-registry.com](https://my-registry.com)" key. + +For example: + + { + "https://index.docker.io/v1/": { + "auth": "xXxXxXxXxXx=", + "email": "email@example.com" + }, + "https://my-registry.com": { + "auth": "XxXxXxXxXxX=", + "email": "email@my-registry.com" + } + } + +The `auth` field represents +`base64(:)` diff --git a/docs/sources/use/workingwithrepository.rst b/docs/sources/use/workingwithrepository.rst deleted file mode 100644 index c126361f8c..0000000000 --- a/docs/sources/use/workingwithrepository.rst +++ /dev/null @@ -1,256 +0,0 @@ -:title: Share Images via Repositories -:description: Repositories allow users to share images. -:keywords: repo, repositories, usage, pull image, push image, image, documentation - -.. _working_with_the_repository: - -Share Images via Repositories -============================= - -A *repository* is a shareable collection of tagged :ref:`images` -that together create the file systems for containers. The -repository's name is a label that indicates the provenance of the -repository, i.e. who created it and where the original copy is -located. - -You can find one or more repositories hosted on a *registry*. There -can be an implicit or explicit host name as part of the repository -tag. The implicit registry is located at ``index.docker.io``, the home -of "top-level" repositories and the Central Index. This registry may -also include public "user" repositories. - -Docker is not only a tool for creating and managing your own -:ref:`containers ` -- **Docker is also a tool for -sharing**. The Docker project provides a Central Registry to host -public repositories, namespaced by user, and a Central Index which -provides user authentication and search over all the public -repositories. You can host your own Registry too! Docker acts as a -client for these services via ``docker search, pull, login`` and -``push``. - -Local Repositories ------------------- - -Docker images which have been created and labeled on your local Docker server -need to be pushed to a Public or Private registry to be shared. - -.. _using_public_repositories: - -Public Repositories -------------------- - -There are two types of public repositories: *top-level* repositories -which are controlled by the Docker team, and *user* repositories -created by individual contributors. Anyone can read from these -repositories -- they really help people get started quickly! You could -also use :ref:`using_private_repositories` if you need to keep control -of who accesses your images, but we will only refer to public -repositories in these examples. - -* Top-level repositories can easily be recognized by **not** having a - ``/`` (slash) in their name. These repositories can generally be - trusted. -* User repositories always come in the form of - ``/``. This is what your published images will - look like if you push to the public Central Registry. -* Only the authenticated user can push to their *username* namespace - on the Central Registry. -* User images are not checked, it is therefore up to you whether or - not you trust the creator of this image. - -.. _searching_central_index: - -Find Public Images on the Central Index ---------------------------------------- - -You can search the Central Index `online `_ -or using the command line interface. Searching can find images by name, user -name or description: - -.. code-block:: bash - - $ sudo docker help search - Usage: docker search NAME - - Search the docker index for images - - --no-trunc=false: Don't truncate output - $ sudo docker search centos - Found 25 results matching your query ("centos") - NAME DESCRIPTION - centos - slantview/centos-chef-solo CentOS 6.4 with chef-solo. - ... - -There you can see two example results: ``centos`` and -``slantview/centos-chef-solo``. The second result shows that it comes -from the public repository of a user, ``slantview/``, while the first -result (``centos``) doesn't explicitly list a repository so it comes -from the trusted Central Repository. The ``/`` character separates a -user's repository and the image name. - -Once you have found the image name, you can download it: - -.. code-block:: bash - - # sudo docker pull - $ sudo docker pull centos - Pulling repository centos - 539c0211cd76: Download complete - -What can you do with that image? Check out the :ref:`example_list` -and, when you're ready with your own image, come back here to learn -how to share it. - -Contributing to the Central Registry ------------------------------------- - -Anyone can pull public images from the Central Registry, but if you -would like to share one of your own images, then you must register a -unique user name first. You can create your username and login on the -`central Docker Index online -`_, or by running - -.. code-block:: bash - - sudo docker login - -This will prompt you for a username, which will become a public -namespace for your public repositories. - -If your username is available then ``docker`` will also prompt you to -enter a password and your e-mail address. It will then automatically -log you in. Now you're ready to commit and push your own images! - -.. _container_commit: - -Committing a Container to a Named Image ---------------------------------------- - -When you make changes to an existing image, those changes get saved to -a container's file system. You can then promote that container to -become an image by making a ``commit``. In addition to converting the -container to an image, this is also your opportunity to name the -image, specifically a name that includes your user name from the -Central Docker Index (as you did a ``login`` above) and a meaningful -name for the image. - -.. code-block:: bash - - # format is "sudo docker commit /" - $ sudo docker commit $CONTAINER_ID myname/kickassapp - -.. _image_push: - -Pushing a repository to its registry ------------------------------------- - -In order to push an repository to its registry you need to have named an image, -or committed your container to a named image (see above) - -Now you can push this repository to the registry designated by its name -or tag. - -.. code-block:: bash - - # format is "docker push /" - $ sudo docker push myname/kickassapp - -.. _using_private_repositories: - -Trusted Builds --------------- - -Trusted Builds automate the building and updating of images from GitHub, directly -on ``docker.io`` servers. It works by adding a commit hook to your selected repository, -triggering a build and update when you push a commit. - -To setup a trusted build -++++++++++++++++++++++++ - -#. Create a `Docker Index account `_ and login. -#. Link your GitHub account through the ``Link Accounts`` menu. -#. `Configure a Trusted build `_. -#. Pick a GitHub project that has a ``Dockerfile`` that you want to build. -#. Pick the branch you want to build (the default is the ``master`` branch). -#. Give the Trusted Build a name. -#. Assign an optional Docker tag to the Build. -#. Specify where the ``Dockerfile`` is located. The default is ``/``. - -Once the Trusted Build is configured it will automatically trigger a build, and -in a few minutes, if there are no errors, you will see your new trusted build -on the Docker Index. It will will stay in sync with your GitHub repo until you -deactivate the Trusted Build. - -If you want to see the status of your Trusted Builds you can go to your -`Trusted Builds page `_ on the Docker index, -and it will show you the status of your builds, and the build history. - -Once you've created a Trusted Build you can deactivate or delete it. You cannot -however push to a Trusted Build with the ``docker push`` command. You can only -manage it by committing code to your GitHub repository. - -You can create multiple Trusted Builds per repository and configure them to -point to specific ``Dockerfile``'s or Git branches. - -Private Registry ----------------- - -Private registries and private shared repositories are -only possible by hosting `your own registry -`_. To push or pull to a -repository on your own registry, you must prefix the tag with the -address of the registry's host (a ``.`` or ``:`` is used to identify a host), -like this: - -.. code-block:: bash - - # Tag to create a repository with the full registry location. - # The location (e.g. localhost.localdomain:5000) becomes - # a permanent part of the repository name - sudo docker tag 0u812deadbeef localhost.localdomain:5000/repo_name - - # Push the new repository to its home location on localhost - sudo docker push localhost.localdomain:5000/repo_name - -Once a repository has your registry's host name as part of the tag, -you can push and pull it like any other repository, but it will -**not** be searchable (or indexed at all) in the Central Index, and -there will be no user name checking performed. Your registry will -function completely independently from the Central Index. - -.. raw:: html - - - -.. seealso:: `Docker Blog: How to use your own registry - `_ - -Authentication file -------------------- - -The authentication is stored in a json file, ``.dockercfg`` located in your -home directory. It supports multiple registry urls. - -``docker login`` will create the "https://index.docker.io/v1/" key. - -``docker login https://my-registry.com`` will create the "https://my-registry.com" key. - -For example: - -.. code-block:: json - - { - "https://index.docker.io/v1/": { - "auth": "xXxXxXxXxXx=", - "email": "email@example.com" - }, - "https://my-registry.com": { - "auth": "XxXxXxXxXxX=", - "email": "email@my-registry.com" - } - } - -The ``auth`` field represents ``base64(:)`` diff --git a/docs/theme/MAINTAINERS b/docs/theme/MAINTAINERS index 93231b1223..081aa684d4 100644 --- a/docs/theme/MAINTAINERS +++ b/docs/theme/MAINTAINERS @@ -1 +1,2 @@ +O.S. Tezer (@OSTezer) Thatcher Peskens (@dhrp) diff --git a/docs/theme/docker/layout.html b/docs/theme/docker/layout.html deleted file mode 100755 index 7d78fb9c3c..0000000000 --- a/docs/theme/docker/layout.html +++ /dev/null @@ -1,224 +0,0 @@ - - - - - - - {{ meta['title'] if meta and meta['title'] else title }} - Docker Documentation - - - - - - - {%- set url_root = pathto('', 1) %} - {%- if url_root == '#' %}{% set url_root = '' %}{% endif %} - - {%- if current_version == 'latest' %} - {% set github_tag = 'master' %} - {% else %} - {% set github_tag = current_version %} - {% endif %} - - - - {%- set css_files = css_files + ['_static/css/bootstrap.css'] %} - {%- set css_files = css_files + ['_static/pygments.css'] %} - {%- set css_files = css_files + ['_static/css/main.css'] %} - - {%- set script_files = - ['//code.jquery.com/jquery-1.10.1.min.js'] - + ['//fonts.googleapis.com/css?family=Cabin:400,700,400italic'] - %} - - {# - This part is hopefully complex because things like |cut '/index/' are not available in Sphinx jinja - and will make it crash. (and we need index/ out. - #} - - - {%- for cssfile in css_files %} - - {%- endfor %} - - {%- for scriptfile in script_files if scriptfile != '_static/jquery.js' %} - - {%- endfor %} - - {%- block extrahead %}{% endblock %} - - - - - -
-
-
-
- -
- -
- - -
-
-
- -
- - -
- -
-
-

DOCUMENTATION

-
- - {{ toctree(collapse=False, maxdepth=3) }} -
- -
-
-
- - -
- - -
- {% block body %}{% endblock %} -
- -
Edit this article on GitHub
-
-
-
- - -
- - - - - - - - - - - - - - - - diff --git a/docs/theme/docker/redirect_build.html b/docs/theme/docker/redirect_build.html deleted file mode 100644 index 1f26fc3aaa..0000000000 --- a/docs/theme/docker/redirect_build.html +++ /dev/null @@ -1,12 +0,0 @@ - - - - Page Moved - - - - -This page has moved. Perhaps you should visit the Builder page - - - diff --git a/docs/theme/docker/redirect_home.html b/docs/theme/docker/redirect_home.html deleted file mode 100644 index 109239f819..0000000000 --- a/docs/theme/docker/redirect_home.html +++ /dev/null @@ -1,12 +0,0 @@ - - - - Page Moved - - - - -This page has moved. Perhaps you should visit the Documentation Homepage - - - diff --git a/docs/theme/docker/static/css/bootstrap.css b/docs/theme/docker/static/css/bootstrap.css deleted file mode 100755 index b255056927..0000000000 --- a/docs/theme/docker/static/css/bootstrap.css +++ /dev/null @@ -1,6158 +0,0 @@ -/*! - * Bootstrap v2.3.0 - * - * Copyright 2012 Twitter, Inc - * Licensed under the Apache License v2.0 - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Designed and built with all the love in the world @twitter by @mdo and @fat. - */ - -.clearfix { - *zoom: 1; -} - -.clearfix:before, -.clearfix:after { - display: table; - line-height: 0; - content: ""; -} - -.clearfix:after { - clear: both; -} - -.hide-text { - font: 0/0 a; - color: transparent; - text-shadow: none; - background-color: transparent; - border: 0; -} - -.input-block-level { - display: block; - width: 100%; - min-height: 30px; - -webkit-box-sizing: border-box; - -moz-box-sizing: border-box; - box-sizing: border-box; -} - -article, -aside, -details, -figcaption, -figure, -footer, -header, -hgroup, -nav, -section { - display: block; -} - -audio, -canvas, -video { - display: inline-block; - *display: inline; - *zoom: 1; -} - -audio:not([controls]) { - display: none; -} - -html { - font-size: 100%; - -webkit-text-size-adjust: 100%; - -ms-text-size-adjust: 100%; -} - -a:focus { - outline: thin dotted #333; - outline: 5px auto -webkit-focus-ring-color; - outline-offset: -2px; -} - -a:hover, -a:active { - outline: 0; -} - -sub, -sup { - position: relative; - font-size: 75%; - line-height: 0; - vertical-align: baseline; -} - -sup { - top: -0.5em; -} - -sub { - bottom: -0.25em; -} - -img { - width: auto\9; - height: auto; - max-width: 100%; - vertical-align: middle; - border: 0; - -ms-interpolation-mode: bicubic; -} - -#map_canvas img, -.google-maps img { - max-width: none; -} - -button, -input, -select, -textarea { - margin: 0; - font-size: 100%; - vertical-align: middle; -} - -button, -input { - *overflow: visible; - line-height: normal; -} - -button::-moz-focus-inner, -input::-moz-focus-inner { - padding: 0; - border: 0; -} - -button, -html input[type="button"], -input[type="reset"], -input[type="submit"] { - cursor: pointer; - -webkit-appearance: button; -} - -label, -select, -button, -input[type="button"], -input[type="reset"], -input[type="submit"], -input[type="radio"], -input[type="checkbox"] { - cursor: pointer; -} - -input[type="search"] { - -webkit-box-sizing: content-box; - -moz-box-sizing: content-box; - box-sizing: content-box; - -webkit-appearance: textfield; -} - -input[type="search"]::-webkit-search-decoration, -input[type="search"]::-webkit-search-cancel-button { - -webkit-appearance: none; -} - -textarea { - overflow: auto; - vertical-align: top; -} - -@media print { - * { - color: #000 !important; - text-shadow: none !important; - background: transparent !important; - box-shadow: none !important; - } - a, - a:visited { - text-decoration: underline; - } - a[href]:after { - content: " (" attr(href) ")"; - } - abbr[title]:after { - content: " (" attr(title) ")"; - } - .ir a:after, - a[href^="javascript:"]:after, - a[href^="#"]:after { - content: ""; - } - pre, - blockquote { - border: 1px solid #999; - page-break-inside: avoid; - } - thead { - display: table-header-group; - } - tr, - img { - page-break-inside: avoid; - } - img { - max-width: 100% !important; - } - @page { - margin: 0.5cm; - } - p, - h2, - h3 { - orphans: 3; - widows: 3; - } - h2, - h3 { - page-break-after: avoid; - } -} - -body { - margin: 0; - font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; - font-size: 14px; - line-height: 20px; - color: #333333; - background-color: #ffffff; -} - -a { - color: #0088cc; - text-decoration: none; -} - -a:hover, -a:focus { - color: #005580; - text-decoration: underline; -} - -.img-rounded { - -webkit-border-radius: 6px; - -moz-border-radius: 6px; - border-radius: 6px; -} - -.img-polaroid { - padding: 4px; - background-color: #fff; - border: 1px solid #ccc; - border: 1px solid rgba(0, 0, 0, 0.2); - -webkit-box-shadow: 0 1px 3px rgba(0, 0, 0, 0.1); - -moz-box-shadow: 0 1px 3px rgba(0, 0, 0, 0.1); - box-shadow: 0 1px 3px rgba(0, 0, 0, 0.1); -} - -.img-circle { - -webkit-border-radius: 500px; - -moz-border-radius: 500px; - border-radius: 500px; -} - -.row { - margin-left: -20px; - *zoom: 1; -} - -.row:before, -.row:after { - display: table; - line-height: 0; - content: ""; -} - -.row:after { - clear: both; -} - -[class*="span"] { - float: left; - min-height: 1px; - margin-left: 20px; -} - -.container, -.navbar-static-top .container, -.navbar-fixed-top .container, -.navbar-fixed-bottom .container { - width: 940px; -} - -.span12 { - width: 940px; -} - -.span11 { - width: 860px; -} - -.span10 { - width: 780px; -} - -.span9 { - width: 700px; -} - -.span8 { - width: 620px; -} - -.span7 { - width: 540px; -} - -.span6 { - width: 460px; -} - -.span5 { - width: 380px; -} - -.span4 { - width: 300px; -} - -.span3 { - width: 220px; -} - -.span2 { - width: 140px; -} - -.span1 { - width: 60px; -} - -.offset12 { - margin-left: 980px; -} - -.offset11 { - margin-left: 900px; -} - -.offset10 { - margin-left: 820px; -} - -.offset9 { - margin-left: 740px; -} - -.offset8 { - margin-left: 660px; -} - -.offset7 { - margin-left: 580px; -} - -.offset6 { - margin-left: 500px; -} - -.offset5 { - margin-left: 420px; -} - -.offset4 { - margin-left: 340px; -} - -.offset3 { - margin-left: 260px; -} - -.offset2 { - margin-left: 180px; -} - -.offset1 { - margin-left: 100px; -} - -.row-fluid { - width: 100%; - *zoom: 1; -} - -.row-fluid:before, -.row-fluid:after { - display: table; - line-height: 0; - content: ""; -} - -.row-fluid:after { - clear: both; -} - -.row-fluid [class*="span"] { - display: block; - float: left; - width: 100%; - min-height: 30px; - margin-left: 2.127659574468085%; - *margin-left: 2.074468085106383%; - -webkit-box-sizing: border-box; - -moz-box-sizing: border-box; - box-sizing: border-box; -} - -.row-fluid [class*="span"]:first-child { - margin-left: 0; -} - -.row-fluid .controls-row [class*="span"] + [class*="span"] { - margin-left: 2.127659574468085%; -} - -.row-fluid .span12 { - width: 100%; - *width: 99.94680851063829%; -} - -.row-fluid .span11 { - width: 91.48936170212765%; - *width: 91.43617021276594%; -} - -.row-fluid .span10 { - width: 82.97872340425532%; - *width: 82.92553191489361%; -} - -.row-fluid .span9 { - width: 74.46808510638297%; - *width: 74.41489361702126%; -} - -.row-fluid .span8 { - width: 65.95744680851064%; - *width: 65.90425531914893%; -} - -.row-fluid .span7 { - width: 57.44680851063829%; - *width: 57.39361702127659%; -} - -.row-fluid .span6 { - width: 48.93617021276595%; - *width: 48.88297872340425%; -} - -.row-fluid .span5 { - width: 40.42553191489362%; - *width: 40.37234042553192%; -} - -.row-fluid .span4 { - width: 31.914893617021278%; - *width: 31.861702127659576%; -} - -.row-fluid .span3 { - width: 23.404255319148934%; - *width: 23.351063829787233%; -} - -.row-fluid .span2 { - width: 14.893617021276595%; - *width: 14.840425531914894%; -} - -.row-fluid .span1 { - width: 6.382978723404255%; - *width: 6.329787234042553%; -} - -.row-fluid .offset12 { - margin-left: 104.25531914893617%; - *margin-left: 104.14893617021275%; -} - -.row-fluid .offset12:first-child { - margin-left: 102.12765957446808%; - *margin-left: 102.02127659574467%; -} - -.row-fluid .offset11 { - margin-left: 95.74468085106382%; - *margin-left: 95.6382978723404%; -} - -.row-fluid .offset11:first-child { - margin-left: 93.61702127659574%; - *margin-left: 93.51063829787232%; -} - -.row-fluid .offset10 { - margin-left: 87.23404255319149%; - *margin-left: 87.12765957446807%; -} - -.row-fluid .offset10:first-child { - margin-left: 85.1063829787234%; - *margin-left: 84.99999999999999%; -} - -.row-fluid .offset9 { - margin-left: 78.72340425531914%; - *margin-left: 78.61702127659572%; -} - -.row-fluid .offset9:first-child { - margin-left: 76.59574468085106%; - *margin-left: 76.48936170212764%; -} - -.row-fluid .offset8 { - margin-left: 70.2127659574468%; - *margin-left: 70.10638297872339%; -} - -.row-fluid .offset8:first-child { - margin-left: 68.08510638297872%; - *margin-left: 67.9787234042553%; -} - -.row-fluid .offset7 { - margin-left: 61.70212765957446%; - *margin-left: 61.59574468085106%; -} - -.row-fluid .offset7:first-child { - margin-left: 59.574468085106375%; - *margin-left: 59.46808510638297%; -} - -.row-fluid .offset6 { - margin-left: 53.191489361702125%; - *margin-left: 53.085106382978715%; -} - -.row-fluid .offset6:first-child { - margin-left: 51.063829787234035%; - *margin-left: 50.95744680851063%; -} - -.row-fluid .offset5 { - margin-left: 44.68085106382979%; - *margin-left: 44.57446808510638%; -} - -.row-fluid .offset5:first-child { - margin-left: 42.5531914893617%; - *margin-left: 42.4468085106383%; -} - -.row-fluid .offset4 { - margin-left: 36.170212765957444%; - *margin-left: 36.06382978723405%; -} - -.row-fluid .offset4:first-child { - margin-left: 34.04255319148936%; - *margin-left: 33.93617021276596%; -} - -.row-fluid .offset3 { - margin-left: 27.659574468085104%; - *margin-left: 27.5531914893617%; -} - -.row-fluid .offset3:first-child { - margin-left: 25.53191489361702%; - *margin-left: 25.425531914893618%; -} - -.row-fluid .offset2 { - margin-left: 19.148936170212764%; - *margin-left: 19.04255319148936%; -} - -.row-fluid .offset2:first-child { - margin-left: 17.02127659574468%; - *margin-left: 16.914893617021278%; -} - -.row-fluid .offset1 { - margin-left: 10.638297872340425%; - *margin-left: 10.53191489361702%; -} - -.row-fluid .offset1:first-child { - margin-left: 8.51063829787234%; - *margin-left: 8.404255319148938%; -} - -[class*="span"].hide, -.row-fluid [class*="span"].hide { - display: none; -} - -[class*="span"].pull-right, -.row-fluid [class*="span"].pull-right { - float: right; -} - -.container { - margin-right: auto; - margin-left: auto; - *zoom: 1; -} - -.container:before, -.container:after { - display: table; - line-height: 0; - content: ""; -} - -.container:after { - clear: both; -} - -.container-fluid { - padding-right: 20px; - padding-left: 20px; - *zoom: 1; -} - -.container-fluid:before, -.container-fluid:after { - display: table; - line-height: 0; - content: ""; -} - -.container-fluid:after { - clear: both; -} - -p { - margin: 0 0 10px; -} - -.lead { - margin-bottom: 20px; - font-size: 21px; - font-weight: 200; - line-height: 30px; -} - -small { - font-size: 85%; -} - -strong { - font-weight: bold; -} - -em { - font-style: italic; -} - -cite { - font-style: normal; -} - -.muted { - color: #999999; -} - -a.muted:hover, -a.muted:focus { - color: #808080; -} - -.text-warning { - color: #c09853; -} - -a.text-warning:hover, -a.text-warning:focus { - color: #a47e3c; -} - -.text-error { - color: #b94a48; -} - -a.text-error:hover, -a.text-error:focus { - color: #953b39; -} - -.text-info { - color: #3a87ad; -} - -a.text-info:hover, -a.text-info:focus { - color: #2d6987; -} - -.text-success { - color: #468847; -} - -a.text-success:hover, -a.text-success:focus { - color: #356635; -} - -.text-left { - text-align: left; -} - -.text-right { - text-align: right; -} - -.text-center { - text-align: center; -} - -h1, -h2, -h3, -h4, -h5, -h6 { - margin: 10px 0; - font-family: inherit; - font-weight: bold; - line-height: 20px; - color: inherit; - text-rendering: optimizelegibility; -} - -h1 small, -h2 small, -h3 small, -h4 small, -h5 small, -h6 small { - font-weight: normal; - line-height: 1; - color: #999999; -} - -h1, -h2, -h3 { - line-height: 40px; -} - -h1 { - font-size: 38.5px; -} - -h2 { - font-size: 31.5px; -} - -h3 { - font-size: 24.5px; -} - -h4 { - font-size: 17.5px; -} - -h5 { - font-size: 14px; -} - -h6 { - font-size: 11.9px; -} - -h1 small { - font-size: 24.5px; -} - -h2 small { - font-size: 17.5px; -} - -h3 small { - font-size: 14px; -} - -h4 small { - font-size: 14px; -} - -.page-header { - padding-bottom: 9px; - margin: 20px 0 30px; - border-bottom: 1px solid #eeeeee; -} - -ul, -ol { - padding: 0; - margin: 0 0 10px 25px; -} - -ul ul, -ul ol, -ol ol, -ol ul { - margin-bottom: 0; -} - -li { - line-height: 20px; -} - -ul.unstyled, -ol.unstyled { - margin-left: 0; - list-style: none; -} - -ul.inline, -ol.inline { - margin-left: 0; - list-style: none; -} - -ul.inline > li, -ol.inline > li { - display: inline-block; - *display: inline; - padding-right: 5px; - padding-left: 5px; - *zoom: 1; -} - -dl { - margin-bottom: 20px; -} - -dt, -dd { - line-height: 20px; -} - -dt { - font-weight: bold; -} - -dd { - margin-left: 10px; -} - -.dl-horizontal { - *zoom: 1; -} - -.dl-horizontal:before, -.dl-horizontal:after { - display: table; - line-height: 0; - content: ""; -} - -.dl-horizontal:after { - clear: both; -} - -.dl-horizontal dt { - float: left; - width: 160px; - overflow: hidden; - clear: left; - text-align: right; - text-overflow: ellipsis; - white-space: nowrap; -} - -.dl-horizontal dd { - margin-left: 180px; -} - -hr { - margin: 20px 0; - border: 0; - border-top: 1px solid #eeeeee; - border-bottom: 1px solid #ffffff; -} - -abbr[title], -abbr[data-original-title] { - cursor: help; - border-bottom: 1px dotted #999999; -} - -abbr.initialism { - font-size: 90%; - text-transform: uppercase; -} - -blockquote { - padding: 0 0 0 15px; - margin: 0 0 20px; - border-left: 5px solid #eeeeee; -} - -blockquote p { - margin-bottom: 0; - font-size: 17.5px; - font-weight: 300; - line-height: 1.25; -} - -blockquote small { - display: block; - line-height: 20px; - color: #999999; -} - -blockquote small:before { - content: '\2014 \00A0'; -} - -blockquote.pull-right { - float: right; - padding-right: 15px; - padding-left: 0; - border-right: 5px solid #eeeeee; - border-left: 0; -} - -blockquote.pull-right p, -blockquote.pull-right small { - text-align: right; -} - -blockquote.pull-right small:before { - content: ''; -} - -blockquote.pull-right small:after { - content: '\00A0 \2014'; -} - -q:before, -q:after, -blockquote:before, -blockquote:after { - content: ""; -} - -address { - display: block; - margin-bottom: 20px; - font-style: normal; - line-height: 20px; -} - -code, -pre { - padding: 0 3px 2px; - font-family: Monaco, Menlo, Consolas, "Courier New", monospace; - font-size: 12px; - color: #333333; - -webkit-border-radius: 3px; - -moz-border-radius: 3px; - border-radius: 3px; -} - -code { - padding: 2px 4px; - color: #d14; - white-space: nowrap; - background-color: #f7f7f9; - border: 1px solid #e1e1e8; -} - -pre { - display: block; - padding: 9.5px; - margin: 0 0 10px; - font-size: 13px; - line-height: 20px; - word-break: break-all; - word-wrap: break-word; - white-space: pre; - white-space: pre-wrap; - background-color: #f5f5f5; - border: 1px solid #ccc; - border: 1px solid rgba(0, 0, 0, 0.15); - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; -} - -pre.prettyprint { - margin-bottom: 20px; -} - -pre code { - padding: 0; - color: inherit; - white-space: pre; - white-space: pre-wrap; - background-color: transparent; - border: 0; -} - -.pre-scrollable { - max-height: 340px; - overflow-y: scroll; -} - -form { - margin: 0 0 20px; -} - -fieldset { - padding: 0; - margin: 0; - border: 0; -} - -legend { - display: block; - width: 100%; - padding: 0; - margin-bottom: 20px; - font-size: 21px; - line-height: 40px; - color: #333333; - border: 0; - border-bottom: 1px solid #e5e5e5; -} - -legend small { - font-size: 15px; - color: #999999; -} - -label, -input, -button, -select, -textarea { - font-size: 14px; - font-weight: normal; - line-height: 20px; -} - -input, -button, -select, -textarea { - font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; -} - -label { - display: block; - margin-bottom: 5px; -} - -select, -textarea, -input[type="text"], -input[type="password"], -input[type="datetime"], -input[type="datetime-local"], -input[type="date"], -input[type="month"], -input[type="time"], -input[type="week"], -input[type="number"], -input[type="email"], -input[type="url"], -input[type="search"], -input[type="tel"], -input[type="color"], -.uneditable-input { - display: inline-block; - height: 20px; - padding: 4px 6px; - margin-bottom: 10px; - font-size: 14px; - line-height: 20px; - color: #555555; - vertical-align: middle; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; -} - -input, -textarea, -.uneditable-input { - width: 206px; -} - -textarea { - height: auto; -} - -textarea, -input[type="text"], -input[type="password"], -input[type="datetime"], -input[type="datetime-local"], -input[type="date"], -input[type="month"], -input[type="time"], -input[type="week"], -input[type="number"], -input[type="email"], -input[type="url"], -input[type="search"], -input[type="tel"], -input[type="color"], -.uneditable-input { - background-color: #ffffff; - border: 1px solid #cccccc; - -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); - -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); - -webkit-transition: border linear 0.2s, box-shadow linear 0.2s; - -moz-transition: border linear 0.2s, box-shadow linear 0.2s; - -o-transition: border linear 0.2s, box-shadow linear 0.2s; - transition: border linear 0.2s, box-shadow linear 0.2s; -} - -textarea:focus, -input[type="text"]:focus, -input[type="password"]:focus, -input[type="datetime"]:focus, -input[type="datetime-local"]:focus, -input[type="date"]:focus, -input[type="month"]:focus, -input[type="time"]:focus, -input[type="week"]:focus, -input[type="number"]:focus, -input[type="email"]:focus, -input[type="url"]:focus, -input[type="search"]:focus, -input[type="tel"]:focus, -input[type="color"]:focus, -.uneditable-input:focus { - border-color: rgba(82, 168, 236, 0.8); - outline: 0; - outline: thin dotted \9; - /* IE6-9 */ - - -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 8px rgba(82, 168, 236, 0.6); - -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 8px rgba(82, 168, 236, 0.6); - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 8px rgba(82, 168, 236, 0.6); -} - -input[type="radio"], -input[type="checkbox"] { - margin: 4px 0 0; - margin-top: 1px \9; - *margin-top: 0; - line-height: normal; -} - -input[type="file"], -input[type="image"], -input[type="submit"], -input[type="reset"], -input[type="button"], -input[type="radio"], -input[type="checkbox"] { - width: auto; -} - -select, -input[type="file"] { - height: 30px; - /* In IE7, the height of the select element cannot be changed by height, only font-size */ - - *margin-top: 4px; - /* For IE7, add top margin to align select with labels */ - - line-height: 30px; -} - -select { - width: 220px; - background-color: #ffffff; - border: 1px solid #cccccc; -} - -select[multiple], -select[size] { - height: auto; -} - -select:focus, -input[type="file"]:focus, -input[type="radio"]:focus, -input[type="checkbox"]:focus { - outline: thin dotted #333; - outline: 5px auto -webkit-focus-ring-color; - outline-offset: -2px; -} - -.uneditable-input, -.uneditable-textarea { - color: #999999; - cursor: not-allowed; - background-color: #fcfcfc; - border-color: #cccccc; - -webkit-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.025); - -moz-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.025); - box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.025); -} - -.uneditable-input { - overflow: hidden; - white-space: nowrap; -} - -.uneditable-textarea { - width: auto; - height: auto; -} - -input:-moz-placeholder, -textarea:-moz-placeholder { - color: #999999; -} - -input:-ms-input-placeholder, -textarea:-ms-input-placeholder { - color: #999999; -} - -input::-webkit-input-placeholder, -textarea::-webkit-input-placeholder { - color: #999999; -} - -.radio, -.checkbox { - min-height: 20px; - padding-left: 20px; -} - -.radio input[type="radio"], -.checkbox input[type="checkbox"] { - float: left; - margin-left: -20px; -} - -.controls > .radio:first-child, -.controls > .checkbox:first-child { - padding-top: 5px; -} - -.radio.inline, -.checkbox.inline { - display: inline-block; - padding-top: 5px; - margin-bottom: 0; - vertical-align: middle; -} - -.radio.inline + .radio.inline, -.checkbox.inline + .checkbox.inline { - margin-left: 10px; -} - -.input-mini { - width: 60px; -} - -.input-small { - width: 90px; -} - -.input-medium { - width: 150px; -} - -.input-large { - width: 210px; -} - -.input-xlarge { - width: 270px; -} - -.input-xxlarge { - width: 530px; -} - -input[class*="span"], -select[class*="span"], -textarea[class*="span"], -.uneditable-input[class*="span"], -.row-fluid input[class*="span"], -.row-fluid select[class*="span"], -.row-fluid textarea[class*="span"], -.row-fluid .uneditable-input[class*="span"] { - float: none; - margin-left: 0; -} - -.input-append input[class*="span"], -.input-append .uneditable-input[class*="span"], -.input-prepend input[class*="span"], -.input-prepend .uneditable-input[class*="span"], -.row-fluid input[class*="span"], -.row-fluid select[class*="span"], -.row-fluid textarea[class*="span"], -.row-fluid .uneditable-input[class*="span"], -.row-fluid .input-prepend [class*="span"], -.row-fluid .input-append [class*="span"] { - display: inline-block; -} - -input, -textarea, -.uneditable-input { - margin-left: 0; -} - -.controls-row [class*="span"] + [class*="span"] { - margin-left: 20px; -} - -input.span12, -textarea.span12, -.uneditable-input.span12 { - width: 926px; -} - -input.span11, -textarea.span11, -.uneditable-input.span11 { - width: 846px; -} - -input.span10, -textarea.span10, -.uneditable-input.span10 { - width: 766px; -} - -input.span9, -textarea.span9, -.uneditable-input.span9 { - width: 686px; -} - -input.span8, -textarea.span8, -.uneditable-input.span8 { - width: 606px; -} - -input.span7, -textarea.span7, -.uneditable-input.span7 { - width: 526px; -} - -input.span6, -textarea.span6, -.uneditable-input.span6 { - width: 446px; -} - -input.span5, -textarea.span5, -.uneditable-input.span5 { - width: 366px; -} - -input.span4, -textarea.span4, -.uneditable-input.span4 { - width: 286px; -} - -input.span3, -textarea.span3, -.uneditable-input.span3 { - width: 206px; -} - -input.span2, -textarea.span2, -.uneditable-input.span2 { - width: 126px; -} - -input.span1, -textarea.span1, -.uneditable-input.span1 { - width: 46px; -} - -.controls-row { - *zoom: 1; -} - -.controls-row:before, -.controls-row:after { - display: table; - line-height: 0; - content: ""; -} - -.controls-row:after { - clear: both; -} - -.controls-row [class*="span"], -.row-fluid .controls-row [class*="span"] { - float: left; -} - -.controls-row .checkbox[class*="span"], -.controls-row .radio[class*="span"] { - padding-top: 5px; -} - -input[disabled], -select[disabled], -textarea[disabled], -input[readonly], -select[readonly], -textarea[readonly] { - cursor: not-allowed; - background-color: #eeeeee; -} - -input[type="radio"][disabled], -input[type="checkbox"][disabled], -input[type="radio"][readonly], -input[type="checkbox"][readonly] { - background-color: transparent; -} - -.control-group.warning .control-label, -.control-group.warning .help-block, -.control-group.warning .help-inline { - color: #c09853; -} - -.control-group.warning .checkbox, -.control-group.warning .radio, -.control-group.warning input, -.control-group.warning select, -.control-group.warning textarea { - color: #c09853; -} - -.control-group.warning input, -.control-group.warning select, -.control-group.warning textarea { - border-color: #c09853; - -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); - -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); -} - -.control-group.warning input:focus, -.control-group.warning select:focus, -.control-group.warning textarea:focus { - border-color: #a47e3c; - -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #dbc59e; - -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #dbc59e; - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #dbc59e; -} - -.control-group.warning .input-prepend .add-on, -.control-group.warning .input-append .add-on { - color: #c09853; - background-color: #fcf8e3; - border-color: #c09853; -} - -.control-group.error .control-label, -.control-group.error .help-block, -.control-group.error .help-inline { - color: #b94a48; -} - -.control-group.error .checkbox, -.control-group.error .radio, -.control-group.error input, -.control-group.error select, -.control-group.error textarea { - color: #b94a48; -} - -.control-group.error input, -.control-group.error select, -.control-group.error textarea { - border-color: #b94a48; - -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); - -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); -} - -.control-group.error input:focus, -.control-group.error select:focus, -.control-group.error textarea:focus { - border-color: #953b39; - -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #d59392; - -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #d59392; - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #d59392; -} - -.control-group.error .input-prepend .add-on, -.control-group.error .input-append .add-on { - color: #b94a48; - background-color: #f2dede; - border-color: #b94a48; -} - -.control-group.success .control-label, -.control-group.success .help-block, -.control-group.success .help-inline { - color: #468847; -} - -.control-group.success .checkbox, -.control-group.success .radio, -.control-group.success input, -.control-group.success select, -.control-group.success textarea { - color: #468847; -} - -.control-group.success input, -.control-group.success select, -.control-group.success textarea { - border-color: #468847; - -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); - -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); -} - -.control-group.success input:focus, -.control-group.success select:focus, -.control-group.success textarea:focus { - border-color: #356635; - -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #7aba7b; - -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #7aba7b; - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #7aba7b; -} - -.control-group.success .input-prepend .add-on, -.control-group.success .input-append .add-on { - color: #468847; - background-color: #dff0d8; - border-color: #468847; -} - -.control-group.info .control-label, -.control-group.info .help-block, -.control-group.info .help-inline { - color: #3a87ad; -} - -.control-group.info .checkbox, -.control-group.info .radio, -.control-group.info input, -.control-group.info select, -.control-group.info textarea { - color: #3a87ad; -} - -.control-group.info input, -.control-group.info select, -.control-group.info textarea { - border-color: #3a87ad; - -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); - -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); -} - -.control-group.info input:focus, -.control-group.info select:focus, -.control-group.info textarea:focus { - border-color: #2d6987; - -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #7ab5d3; - -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #7ab5d3; - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #7ab5d3; -} - -.control-group.info .input-prepend .add-on, -.control-group.info .input-append .add-on { - color: #3a87ad; - background-color: #d9edf7; - border-color: #3a87ad; -} - -input:focus:invalid, -textarea:focus:invalid, -select:focus:invalid { - color: #b94a48; - border-color: #ee5f5b; -} - -input:focus:invalid:focus, -textarea:focus:invalid:focus, -select:focus:invalid:focus { - border-color: #e9322d; - -webkit-box-shadow: 0 0 6px #f8b9b7; - -moz-box-shadow: 0 0 6px #f8b9b7; - box-shadow: 0 0 6px #f8b9b7; -} - -.form-actions { - padding: 19px 20px 20px; - margin-top: 20px; - margin-bottom: 20px; - background-color: #f5f5f5; - border-top: 1px solid #e5e5e5; - *zoom: 1; -} - -.form-actions:before, -.form-actions:after { - display: table; - line-height: 0; - content: ""; -} - -.form-actions:after { - clear: both; -} - -.help-block, -.help-inline { - color: #595959; -} - -.help-block { - display: block; - margin-bottom: 10px; -} - -.help-inline { - display: inline-block; - *display: inline; - padding-left: 5px; - vertical-align: middle; - *zoom: 1; -} - -.input-append, -.input-prepend { - display: inline-block; - margin-bottom: 10px; - font-size: 0; - white-space: nowrap; - vertical-align: middle; -} - -.input-append input, -.input-prepend input, -.input-append select, -.input-prepend select, -.input-append .uneditable-input, -.input-prepend .uneditable-input, -.input-append .dropdown-menu, -.input-prepend .dropdown-menu, -.input-append .popover, -.input-prepend .popover { - font-size: 14px; -} - -.input-append input, -.input-prepend input, -.input-append select, -.input-prepend select, -.input-append .uneditable-input, -.input-prepend .uneditable-input { - position: relative; - margin-bottom: 0; - *margin-left: 0; - vertical-align: top; - -webkit-border-radius: 0 4px 4px 0; - -moz-border-radius: 0 4px 4px 0; - border-radius: 0 4px 4px 0; -} - -.input-append input:focus, -.input-prepend input:focus, -.input-append select:focus, -.input-prepend select:focus, -.input-append .uneditable-input:focus, -.input-prepend .uneditable-input:focus { - z-index: 2; -} - -.input-append .add-on, -.input-prepend .add-on { - display: inline-block; - width: auto; - height: 20px; - min-width: 16px; - padding: 4px 5px; - font-size: 14px; - font-weight: normal; - line-height: 20px; - text-align: center; - text-shadow: 0 1px 0 #ffffff; - background-color: #eeeeee; - border: 1px solid #ccc; -} - -.input-append .add-on, -.input-prepend .add-on, -.input-append .btn, -.input-prepend .btn, -.input-append .btn-group > .dropdown-toggle, -.input-prepend .btn-group > .dropdown-toggle { - vertical-align: top; - -webkit-border-radius: 0; - -moz-border-radius: 0; - border-radius: 0; -} - -.input-append .active, -.input-prepend .active { - background-color: #a9dba9; - border-color: #46a546; -} - -.input-prepend .add-on, -.input-prepend .btn { - margin-right: -1px; -} - -.input-prepend .add-on:first-child, -.input-prepend .btn:first-child { - -webkit-border-radius: 4px 0 0 4px; - -moz-border-radius: 4px 0 0 4px; - border-radius: 4px 0 0 4px; -} - -.input-append input, -.input-append select, -.input-append .uneditable-input { - -webkit-border-radius: 4px 0 0 4px; - -moz-border-radius: 4px 0 0 4px; - border-radius: 4px 0 0 4px; -} - -.input-append input + .btn-group .btn:last-child, -.input-append select + .btn-group .btn:last-child, -.input-append .uneditable-input + .btn-group .btn:last-child { - -webkit-border-radius: 0 4px 4px 0; - -moz-border-radius: 0 4px 4px 0; - border-radius: 0 4px 4px 0; -} - -.input-append .add-on, -.input-append .btn, -.input-append .btn-group { - margin-left: -1px; -} - -.input-append .add-on:last-child, -.input-append .btn:last-child, -.input-append .btn-group:last-child > .dropdown-toggle { - -webkit-border-radius: 0 4px 4px 0; - -moz-border-radius: 0 4px 4px 0; - border-radius: 0 4px 4px 0; -} - -.input-prepend.input-append input, -.input-prepend.input-append select, -.input-prepend.input-append .uneditable-input { - -webkit-border-radius: 0; - -moz-border-radius: 0; - border-radius: 0; -} - -.input-prepend.input-append input + .btn-group .btn, -.input-prepend.input-append select + .btn-group .btn, -.input-prepend.input-append .uneditable-input + .btn-group .btn { - -webkit-border-radius: 0 4px 4px 0; - -moz-border-radius: 0 4px 4px 0; - border-radius: 0 4px 4px 0; -} - -.input-prepend.input-append .add-on:first-child, -.input-prepend.input-append .btn:first-child { - margin-right: -1px; - -webkit-border-radius: 4px 0 0 4px; - -moz-border-radius: 4px 0 0 4px; - border-radius: 4px 0 0 4px; -} - -.input-prepend.input-append .add-on:last-child, -.input-prepend.input-append .btn:last-child { - margin-left: -1px; - -webkit-border-radius: 0 4px 4px 0; - -moz-border-radius: 0 4px 4px 0; - border-radius: 0 4px 4px 0; -} - -.input-prepend.input-append .btn-group:first-child { - margin-left: 0; -} - -input.search-query { - padding-right: 14px; - padding-right: 4px \9; - padding-left: 14px; - padding-left: 4px \9; - /* IE7-8 doesn't have border-radius, so don't indent the padding */ - - margin-bottom: 0; - -webkit-border-radius: 15px; - -moz-border-radius: 15px; - border-radius: 15px; -} - -/* Allow for input prepend/append in search forms */ - -.form-search .input-append .search-query, -.form-search .input-prepend .search-query { - -webkit-border-radius: 0; - -moz-border-radius: 0; - border-radius: 0; -} - -.form-search .input-append .search-query { - -webkit-border-radius: 14px 0 0 14px; - -moz-border-radius: 14px 0 0 14px; - border-radius: 14px 0 0 14px; -} - -.form-search .input-append .btn { - -webkit-border-radius: 0 14px 14px 0; - -moz-border-radius: 0 14px 14px 0; - border-radius: 0 14px 14px 0; -} - -.form-search .input-prepend .search-query { - -webkit-border-radius: 0 14px 14px 0; - -moz-border-radius: 0 14px 14px 0; - border-radius: 0 14px 14px 0; -} - -.form-search .input-prepend .btn { - -webkit-border-radius: 14px 0 0 14px; - -moz-border-radius: 14px 0 0 14px; - border-radius: 14px 0 0 14px; -} - -.form-search input, -.form-inline input, -.form-horizontal input, -.form-search textarea, -.form-inline textarea, -.form-horizontal textarea, -.form-search select, -.form-inline select, -.form-horizontal select, -.form-search .help-inline, -.form-inline .help-inline, -.form-horizontal .help-inline, -.form-search .uneditable-input, -.form-inline .uneditable-input, -.form-horizontal .uneditable-input, -.form-search .input-prepend, -.form-inline .input-prepend, -.form-horizontal .input-prepend, -.form-search .input-append, -.form-inline .input-append, -.form-horizontal .input-append { - display: inline-block; - *display: inline; - margin-bottom: 0; - vertical-align: middle; - *zoom: 1; -} - -.form-search .hide, -.form-inline .hide, -.form-horizontal .hide { - display: none; -} - -.form-search label, -.form-inline label, -.form-search .btn-group, -.form-inline .btn-group { - display: inline-block; -} - -.form-search .input-append, -.form-inline .input-append, -.form-search .input-prepend, -.form-inline .input-prepend { - margin-bottom: 0; -} - -.form-search .radio, -.form-search .checkbox, -.form-inline .radio, -.form-inline .checkbox { - padding-left: 0; - margin-bottom: 0; - vertical-align: middle; -} - -.form-search .radio input[type="radio"], -.form-search .checkbox input[type="checkbox"], -.form-inline .radio input[type="radio"], -.form-inline .checkbox input[type="checkbox"] { - float: left; - margin-right: 3px; - margin-left: 0; -} - -.control-group { - margin-bottom: 10px; -} - -legend + .control-group { - margin-top: 20px; - -webkit-margin-top-collapse: separate; -} - -.form-horizontal .control-group { - margin-bottom: 20px; - *zoom: 1; -} - -.form-horizontal .control-group:before, -.form-horizontal .control-group:after { - display: table; - line-height: 0; - content: ""; -} - -.form-horizontal .control-group:after { - clear: both; -} - -.form-horizontal .control-label { - float: left; - width: 160px; - padding-top: 5px; - text-align: right; -} - -.form-horizontal .controls { - *display: inline-block; - *padding-left: 20px; - margin-left: 180px; - *margin-left: 0; -} - -.form-horizontal .controls:first-child { - *padding-left: 180px; -} - -.form-horizontal .help-block { - margin-bottom: 0; -} - -.form-horizontal input + .help-block, -.form-horizontal select + .help-block, -.form-horizontal textarea + .help-block, -.form-horizontal .uneditable-input + .help-block, -.form-horizontal .input-prepend + .help-block, -.form-horizontal .input-append + .help-block { - margin-top: 10px; -} - -.form-horizontal .form-actions { - padding-left: 180px; -} - -table { - max-width: 100%; - background-color: transparent; - border-collapse: collapse; - border-spacing: 0; -} - -.table { - width: 100%; - margin-bottom: 20px; -} - -.table th, -.table td { - padding: 8px; - line-height: 20px; - text-align: left; - vertical-align: top; - border-top: 1px solid #dddddd; -} - -.table th { - font-weight: bold; -} - -.table thead th { - vertical-align: bottom; -} - -.table caption + thead tr:first-child th, -.table caption + thead tr:first-child td, -.table colgroup + thead tr:first-child th, -.table colgroup + thead tr:first-child td, -.table thead:first-child tr:first-child th, -.table thead:first-child tr:first-child td { - border-top: 0; -} - -.table tbody + tbody { - border-top: 2px solid #dddddd; -} - -.table .table { - background-color: #ffffff; -} - -.table-condensed th, -.table-condensed td { - padding: 4px 5px; -} - -.table-bordered { - border: 1px solid #dddddd; - border-collapse: separate; - *border-collapse: collapse; - border-left: 0; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; -} - -.table-bordered th, -.table-bordered td { - border-left: 1px solid #dddddd; -} - -.table-bordered caption + thead tr:first-child th, -.table-bordered caption + tbody tr:first-child th, -.table-bordered caption + tbody tr:first-child td, -.table-bordered colgroup + thead tr:first-child th, -.table-bordered colgroup + tbody tr:first-child th, -.table-bordered colgroup + tbody tr:first-child td, -.table-bordered thead:first-child tr:first-child th, -.table-bordered tbody:first-child tr:first-child th, -.table-bordered tbody:first-child tr:first-child td { - border-top: 0; -} - -.table-bordered thead:first-child tr:first-child > th:first-child, -.table-bordered tbody:first-child tr:first-child > td:first-child, -.table-bordered tbody:first-child tr:first-child > th:first-child { - -webkit-border-top-left-radius: 4px; - border-top-left-radius: 4px; - -moz-border-radius-topleft: 4px; -} - -.table-bordered thead:first-child tr:first-child > th:last-child, -.table-bordered tbody:first-child tr:first-child > td:last-child, -.table-bordered tbody:first-child tr:first-child > th:last-child { - -webkit-border-top-right-radius: 4px; - border-top-right-radius: 4px; - -moz-border-radius-topright: 4px; -} - -.table-bordered thead:last-child tr:last-child > th:first-child, -.table-bordered tbody:last-child tr:last-child > td:first-child, -.table-bordered tbody:last-child tr:last-child > th:first-child, -.table-bordered tfoot:last-child tr:last-child > td:first-child, -.table-bordered tfoot:last-child tr:last-child > th:first-child { - -webkit-border-bottom-left-radius: 4px; - border-bottom-left-radius: 4px; - -moz-border-radius-bottomleft: 4px; -} - -.table-bordered thead:last-child tr:last-child > th:last-child, -.table-bordered tbody:last-child tr:last-child > td:last-child, -.table-bordered tbody:last-child tr:last-child > th:last-child, -.table-bordered tfoot:last-child tr:last-child > td:last-child, -.table-bordered tfoot:last-child tr:last-child > th:last-child { - -webkit-border-bottom-right-radius: 4px; - border-bottom-right-radius: 4px; - -moz-border-radius-bottomright: 4px; -} - -.table-bordered tfoot + tbody:last-child tr:last-child td:first-child { - -webkit-border-bottom-left-radius: 0; - border-bottom-left-radius: 0; - -moz-border-radius-bottomleft: 0; -} - -.table-bordered tfoot + tbody:last-child tr:last-child td:last-child { - -webkit-border-bottom-right-radius: 0; - border-bottom-right-radius: 0; - -moz-border-radius-bottomright: 0; -} - -.table-bordered caption + thead tr:first-child th:first-child, -.table-bordered caption + tbody tr:first-child td:first-child, -.table-bordered colgroup + thead tr:first-child th:first-child, -.table-bordered colgroup + tbody tr:first-child td:first-child { - -webkit-border-top-left-radius: 4px; - border-top-left-radius: 4px; - -moz-border-radius-topleft: 4px; -} - -.table-bordered caption + thead tr:first-child th:last-child, -.table-bordered caption + tbody tr:first-child td:last-child, -.table-bordered colgroup + thead tr:first-child th:last-child, -.table-bordered colgroup + tbody tr:first-child td:last-child { - -webkit-border-top-right-radius: 4px; - border-top-right-radius: 4px; - -moz-border-radius-topright: 4px; -} - -.table-striped tbody > tr:nth-child(odd) > td, -.table-striped tbody > tr:nth-child(odd) > th { - background-color: #f9f9f9; -} - -.table-hover tbody tr:hover > td, -.table-hover tbody tr:hover > th { - background-color: #f5f5f5; -} - -table td[class*="span"], -table th[class*="span"], -.row-fluid table td[class*="span"], -.row-fluid table th[class*="span"] { - display: table-cell; - float: none; - margin-left: 0; -} - -.table td.span1, -.table th.span1 { - float: none; - width: 44px; - margin-left: 0; -} - -.table td.span2, -.table th.span2 { - float: none; - width: 124px; - margin-left: 0; -} - -.table td.span3, -.table th.span3 { - float: none; - width: 204px; - margin-left: 0; -} - -.table td.span4, -.table th.span4 { - float: none; - width: 284px; - margin-left: 0; -} - -.table td.span5, -.table th.span5 { - float: none; - width: 364px; - margin-left: 0; -} - -.table td.span6, -.table th.span6 { - float: none; - width: 444px; - margin-left: 0; -} - -.table td.span7, -.table th.span7 { - float: none; - width: 524px; - margin-left: 0; -} - -.table td.span8, -.table th.span8 { - float: none; - width: 604px; - margin-left: 0; -} - -.table td.span9, -.table th.span9 { - float: none; - width: 684px; - margin-left: 0; -} - -.table td.span10, -.table th.span10 { - float: none; - width: 764px; - margin-left: 0; -} - -.table td.span11, -.table th.span11 { - float: none; - width: 844px; - margin-left: 0; -} - -.table td.span12, -.table th.span12 { - float: none; - width: 924px; - margin-left: 0; -} - -.table tbody tr.success > td { - background-color: #dff0d8; -} - -.table tbody tr.error > td { - background-color: #f2dede; -} - -.table tbody tr.warning > td { - background-color: #fcf8e3; -} - -.table tbody tr.info > td { - background-color: #d9edf7; -} - -.table-hover tbody tr.success:hover > td { - background-color: #d0e9c6; -} - -.table-hover tbody tr.error:hover > td { - background-color: #ebcccc; -} - -.table-hover tbody tr.warning:hover > td { - background-color: #faf2cc; -} - -.table-hover tbody tr.info:hover > td { - background-color: #c4e3f3; -} - -[class^="icon-"], -[class*=" icon-"] { - display: inline-block; - width: 14px; - height: 14px; - margin-top: 1px; - *margin-right: .3em; - line-height: 14px; - vertical-align: text-top; - background-image: url("../img/glyphicons-halflings.png"); - background-position: 14px 14px; - background-repeat: no-repeat; -} - -/* White icons with optional class, or on hover/focus/active states of certain elements */ - -.icon-white, -.nav-pills > .active > a > [class^="icon-"], -.nav-pills > .active > a > [class*=" icon-"], -.nav-list > .active > a > [class^="icon-"], -.nav-list > .active > a > [class*=" icon-"], -.navbar-inverse .nav > .active > a > [class^="icon-"], -.navbar-inverse .nav > .active > a > [class*=" icon-"], -.dropdown-menu > li > a:hover > [class^="icon-"], -.dropdown-menu > li > a:focus > [class^="icon-"], -.dropdown-menu > li > a:hover > [class*=" icon-"], -.dropdown-menu > li > a:focus > [class*=" icon-"], -.dropdown-menu > .active > a > [class^="icon-"], -.dropdown-menu > .active > a > [class*=" icon-"], -.dropdown-submenu:hover > a > [class^="icon-"], -.dropdown-submenu:focus > a > [class^="icon-"], -.dropdown-submenu:hover > a > [class*=" icon-"], -.dropdown-submenu:focus > a > [class*=" icon-"] { - background-image: url("../img/glyphicons-halflings-white.png"); -} - -.icon-glass { - background-position: 0 0; -} - -.icon-music { - background-position: -24px 0; -} - -.icon-search { - background-position: -48px 0; -} - -.icon-envelope { - background-position: -72px 0; -} - -.icon-heart { - background-position: -96px 0; -} - -.icon-star { - background-position: -120px 0; -} - -.icon-star-empty { - background-position: -144px 0; -} - -.icon-user { - background-position: -168px 0; -} - -.icon-film { - background-position: -192px 0; -} - -.icon-th-large { - background-position: -216px 0; -} - -.icon-th { - background-position: -240px 0; -} - -.icon-th-list { - background-position: -264px 0; -} - -.icon-ok { - background-position: -288px 0; -} - -.icon-remove { - background-position: -312px 0; -} - -.icon-zoom-in { - background-position: -336px 0; -} - -.icon-zoom-out { - background-position: -360px 0; -} - -.icon-off { - background-position: -384px 0; -} - -.icon-signal { - background-position: -408px 0; -} - -.icon-cog { - background-position: -432px 0; -} - -.icon-trash { - background-position: -456px 0; -} - -.icon-home { - background-position: 0 -24px; -} - -.icon-file { - background-position: -24px -24px; -} - -.icon-time { - background-position: -48px -24px; -} - -.icon-road { - background-position: -72px -24px; -} - -.icon-download-alt { - background-position: -96px -24px; -} - -.icon-download { - background-position: -120px -24px; -} - -.icon-upload { - background-position: -144px -24px; -} - -.icon-inbox { - background-position: -168px -24px; -} - -.icon-play-circle { - background-position: -192px -24px; -} - -.icon-repeat { - background-position: -216px -24px; -} - -.icon-refresh { - background-position: -240px -24px; -} - -.icon-list-alt { - background-position: -264px -24px; -} - -.icon-lock { - background-position: -287px -24px; -} - -.icon-flag { - background-position: -312px -24px; -} - -.icon-headphones { - background-position: -336px -24px; -} - -.icon-volume-off { - background-position: -360px -24px; -} - -.icon-volume-down { - background-position: -384px -24px; -} - -.icon-volume-up { - background-position: -408px -24px; -} - -.icon-qrcode { - background-position: -432px -24px; -} - -.icon-barcode { - background-position: -456px -24px; -} - -.icon-tag { - background-position: 0 -48px; -} - -.icon-tags { - background-position: -25px -48px; -} - -.icon-book { - background-position: -48px -48px; -} - -.icon-bookmark { - background-position: -72px -48px; -} - -.icon-print { - background-position: -96px -48px; -} - -.icon-camera { - background-position: -120px -48px; -} - -.icon-font { - background-position: -144px -48px; -} - -.icon-bold { - background-position: -167px -48px; -} - -.icon-italic { - background-position: -192px -48px; -} - -.icon-text-height { - background-position: -216px -48px; -} - -.icon-text-width { - background-position: -240px -48px; -} - -.icon-align-left { - background-position: -264px -48px; -} - -.icon-align-center { - background-position: -288px -48px; -} - -.icon-align-right { - background-position: -312px -48px; -} - -.icon-align-justify { - background-position: -336px -48px; -} - -.icon-list { - background-position: -360px -48px; -} - -.icon-indent-left { - background-position: -384px -48px; -} - -.icon-indent-right { - background-position: -408px -48px; -} - -.icon-facetime-video { - background-position: -432px -48px; -} - -.icon-picture { - background-position: -456px -48px; -} - -.icon-pencil { - background-position: 0 -72px; -} - -.icon-map-marker { - background-position: -24px -72px; -} - -.icon-adjust { - background-position: -48px -72px; -} - -.icon-tint { - background-position: -72px -72px; -} - -.icon-edit { - background-position: -96px -72px; -} - -.icon-share { - background-position: -120px -72px; -} - -.icon-check { - background-position: -144px -72px; -} - -.icon-move { - background-position: -168px -72px; -} - -.icon-step-backward { - background-position: -192px -72px; -} - -.icon-fast-backward { - background-position: -216px -72px; -} - -.icon-backward { - background-position: -240px -72px; -} - -.icon-play { - background-position: -264px -72px; -} - -.icon-pause { - background-position: -288px -72px; -} - -.icon-stop { - background-position: -312px -72px; -} - -.icon-forward { - background-position: -336px -72px; -} - -.icon-fast-forward { - background-position: -360px -72px; -} - -.icon-step-forward { - background-position: -384px -72px; -} - -.icon-eject { - background-position: -408px -72px; -} - -.icon-chevron-left { - background-position: -432px -72px; -} - -.icon-chevron-right { - background-position: -456px -72px; -} - -.icon-plus-sign { - background-position: 0 -96px; -} - -.icon-minus-sign { - background-position: -24px -96px; -} - -.icon-remove-sign { - background-position: -48px -96px; -} - -.icon-ok-sign { - background-position: -72px -96px; -} - -.icon-question-sign { - background-position: -96px -96px; -} - -.icon-info-sign { - background-position: -120px -96px; -} - -.icon-screenshot { - background-position: -144px -96px; -} - -.icon-remove-circle { - background-position: -168px -96px; -} - -.icon-ok-circle { - background-position: -192px -96px; -} - -.icon-ban-circle { - background-position: -216px -96px; -} - -.icon-arrow-left { - background-position: -240px -96px; -} - -.icon-arrow-right { - background-position: -264px -96px; -} - -.icon-arrow-up { - background-position: -289px -96px; -} - -.icon-arrow-down { - background-position: -312px -96px; -} - -.icon-share-alt { - background-position: -336px -96px; -} - -.icon-resize-full { - background-position: -360px -96px; -} - -.icon-resize-small { - background-position: -384px -96px; -} - -.icon-plus { - background-position: -408px -96px; -} - -.icon-minus { - background-position: -433px -96px; -} - -.icon-asterisk { - background-position: -456px -96px; -} - -.icon-exclamation-sign { - background-position: 0 -120px; -} - -.icon-gift { - background-position: -24px -120px; -} - -.icon-leaf { - background-position: -48px -120px; -} - -.icon-fire { - background-position: -72px -120px; -} - -.icon-eye-open { - background-position: -96px -120px; -} - -.icon-eye-close { - background-position: -120px -120px; -} - -.icon-warning-sign { - background-position: -144px -120px; -} - -.icon-plane { - background-position: -168px -120px; -} - -.icon-calendar { - background-position: -192px -120px; -} - -.icon-random { - width: 16px; - background-position: -216px -120px; -} - -.icon-comment { - background-position: -240px -120px; -} - -.icon-magnet { - background-position: -264px -120px; -} - -.icon-chevron-up { - background-position: -288px -120px; -} - -.icon-chevron-down { - background-position: -313px -119px; -} - -.icon-retweet { - background-position: -336px -120px; -} - -.icon-shopping-cart { - background-position: -360px -120px; -} - -.icon-folder-close { - width: 16px; - background-position: -384px -120px; -} - -.icon-folder-open { - width: 16px; - background-position: -408px -120px; -} - -.icon-resize-vertical { - background-position: -432px -119px; -} - -.icon-resize-horizontal { - background-position: -456px -118px; -} - -.icon-hdd { - background-position: 0 -144px; -} - -.icon-bullhorn { - background-position: -24px -144px; -} - -.icon-bell { - background-position: -48px -144px; -} - -.icon-certificate { - background-position: -72px -144px; -} - -.icon-thumbs-up { - background-position: -96px -144px; -} - -.icon-thumbs-down { - background-position: -120px -144px; -} - -.icon-hand-right { - background-position: -144px -144px; -} - -.icon-hand-left { - background-position: -168px -144px; -} - -.icon-hand-up { - background-position: -192px -144px; -} - -.icon-hand-down { - background-position: -216px -144px; -} - -.icon-circle-arrow-right { - background-position: -240px -144px; -} - -.icon-circle-arrow-left { - background-position: -264px -144px; -} - -.icon-circle-arrow-up { - background-position: -288px -144px; -} - -.icon-circle-arrow-down { - background-position: -312px -144px; -} - -.icon-globe { - background-position: -336px -144px; -} - -.icon-wrench { - background-position: -360px -144px; -} - -.icon-tasks { - background-position: -384px -144px; -} - -.icon-filter { - background-position: -408px -144px; -} - -.icon-briefcase { - background-position: -432px -144px; -} - -.icon-fullscreen { - background-position: -456px -144px; -} - -.dropup, -.dropdown { - position: relative; -} - -.dropdown-toggle { - *margin-bottom: -3px; -} - -.dropdown-toggle:active, -.open .dropdown-toggle { - outline: 0; -} - -.caret { - display: inline-block; - width: 0; - height: 0; - vertical-align: top; - border-top: 4px solid #000000; - border-right: 4px solid transparent; - border-left: 4px solid transparent; - content: ""; -} - -.dropdown .caret { - margin-top: 8px; - margin-left: 2px; -} - -.dropdown-menu { - position: absolute; - top: 100%; - left: 0; - z-index: 1000; - display: none; - float: left; - min-width: 160px; - padding: 5px 0; - margin: 2px 0 0; - list-style: none; - background-color: #ffffff; - border: 1px solid #ccc; - border: 1px solid rgba(0, 0, 0, 0.2); - *border-right-width: 2px; - *border-bottom-width: 2px; - -webkit-border-radius: 6px; - -moz-border-radius: 6px; - border-radius: 6px; - -webkit-box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); - -moz-box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); - box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); - -webkit-background-clip: padding-box; - -moz-background-clip: padding; - background-clip: padding-box; -} - -.dropdown-menu.pull-right { - right: 0; - left: auto; -} - -.dropdown-menu .divider { - *width: 100%; - height: 1px; - margin: 9px 1px; - *margin: -5px 0 5px; - overflow: hidden; - background-color: #e5e5e5; - border-bottom: 1px solid #ffffff; -} - -.dropdown-menu > li > a { - display: block; - padding: 3px 20px; - clear: both; - font-weight: normal; - line-height: 20px; - color: #333333; - white-space: nowrap; -} - -.dropdown-menu > li > a:hover, -.dropdown-menu > li > a:focus, -.dropdown-submenu:hover > a, -.dropdown-submenu:focus > a { - color: #ffffff; - text-decoration: none; - background-color: #0081c2; - background-image: -moz-linear-gradient(top, #0088cc, #0077b3); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#0088cc), to(#0077b3)); - background-image: -webkit-linear-gradient(top, #0088cc, #0077b3); - background-image: -o-linear-gradient(top, #0088cc, #0077b3); - background-image: linear-gradient(to bottom, #0088cc, #0077b3); - background-repeat: repeat-x; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0088cc', endColorstr='#ff0077b3', GradientType=0); -} - -.dropdown-menu > .active > a, -.dropdown-menu > .active > a:hover, -.dropdown-menu > .active > a:focus { - color: #ffffff; - text-decoration: none; - background-color: #0081c2; - background-image: -moz-linear-gradient(top, #0088cc, #0077b3); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#0088cc), to(#0077b3)); - background-image: -webkit-linear-gradient(top, #0088cc, #0077b3); - background-image: -o-linear-gradient(top, #0088cc, #0077b3); - background-image: linear-gradient(to bottom, #0088cc, #0077b3); - background-repeat: repeat-x; - outline: 0; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0088cc', endColorstr='#ff0077b3', GradientType=0); -} - -.dropdown-menu > .disabled > a, -.dropdown-menu > .disabled > a:hover, -.dropdown-menu > .disabled > a:focus { - color: #999999; -} - -.dropdown-menu > .disabled > a:hover, -.dropdown-menu > .disabled > a:focus { - text-decoration: none; - cursor: default; - background-color: transparent; - background-image: none; - filter: progid:DXImageTransform.Microsoft.gradient(enabled=false); -} - -.open { - *z-index: 1000; -} - -.open > .dropdown-menu { - display: block; -} - -.pull-right > .dropdown-menu { - right: 0; - left: auto; -} - -.dropup .caret, -.navbar-fixed-bottom .dropdown .caret { - border-top: 0; - border-bottom: 4px solid #000000; - content: ""; -} - -.dropup .dropdown-menu, -.navbar-fixed-bottom .dropdown .dropdown-menu { - top: auto; - bottom: 100%; - margin-bottom: 1px; -} - -.dropdown-submenu { - position: relative; -} - -.dropdown-submenu > .dropdown-menu { - top: 0; - left: 100%; - margin-top: -6px; - margin-left: -1px; - -webkit-border-radius: 0 6px 6px 6px; - -moz-border-radius: 0 6px 6px 6px; - border-radius: 0 6px 6px 6px; -} - -.dropdown-submenu:hover > .dropdown-menu { - display: block; -} - -.dropup .dropdown-submenu > .dropdown-menu { - top: auto; - bottom: 0; - margin-top: 0; - margin-bottom: -2px; - -webkit-border-radius: 5px 5px 5px 0; - -moz-border-radius: 5px 5px 5px 0; - border-radius: 5px 5px 5px 0; -} - -.dropdown-submenu > a:after { - display: block; - float: right; - width: 0; - height: 0; - margin-top: 5px; - margin-right: -10px; - border-color: transparent; - border-left-color: #cccccc; - border-style: solid; - border-width: 5px 0 5px 5px; - content: " "; -} - -.dropdown-submenu:hover > a:after { - border-left-color: #ffffff; -} - -.dropdown-submenu.pull-left { - float: none; -} - -.dropdown-submenu.pull-left > .dropdown-menu { - left: -100%; - margin-left: 10px; - -webkit-border-radius: 6px 0 6px 6px; - -moz-border-radius: 6px 0 6px 6px; - border-radius: 6px 0 6px 6px; -} - -.dropdown .dropdown-menu .nav-header { - padding-right: 20px; - padding-left: 20px; -} - -.typeahead { - z-index: 1051; - margin-top: 2px; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; -} - -.well { - min-height: 20px; - padding: 19px; - margin-bottom: 20px; - background-color: #f5f5f5; - border: 1px solid #e3e3e3; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; - -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.05); - -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.05); - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.05); -} - -.well blockquote { - border-color: #ddd; - border-color: rgba(0, 0, 0, 0.15); -} - -.well-large { - padding: 24px; - -webkit-border-radius: 6px; - -moz-border-radius: 6px; - border-radius: 6px; -} - -.well-small { - padding: 9px; - -webkit-border-radius: 3px; - -moz-border-radius: 3px; - border-radius: 3px; -} - -.fade { - opacity: 0; - -webkit-transition: opacity 0.15s linear; - -moz-transition: opacity 0.15s linear; - -o-transition: opacity 0.15s linear; - transition: opacity 0.15s linear; -} - -.fade.in { - opacity: 1; -} - -.collapse { - position: relative; - height: 0; - overflow: hidden; - -webkit-transition: height 0.35s ease; - -moz-transition: height 0.35s ease; - -o-transition: height 0.35s ease; - transition: height 0.35s ease; -} - -.collapse.in { - height: auto; -} - -.close { - float: right; - font-size: 20px; - font-weight: bold; - line-height: 20px; - color: #000000; - text-shadow: 0 1px 0 #ffffff; - opacity: 0.2; - filter: alpha(opacity=20); -} - -.close:hover, -.close:focus { - color: #000000; - text-decoration: none; - cursor: pointer; - opacity: 0.4; - filter: alpha(opacity=40); -} - -button.close { - padding: 0; - cursor: pointer; - background: transparent; - border: 0; - -webkit-appearance: none; -} - -.btn { - display: inline-block; - *display: inline; - padding: 4px 12px; - margin-bottom: 0; - *margin-left: .3em; - font-size: 14px; - line-height: 20px; - color: #333333; - text-align: center; - text-shadow: 0 1px 1px rgba(255, 255, 255, 0.75); - vertical-align: middle; - cursor: pointer; - background-color: #f5f5f5; - *background-color: #e6e6e6; - background-image: -moz-linear-gradient(top, #ffffff, #e6e6e6); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#ffffff), to(#e6e6e6)); - background-image: -webkit-linear-gradient(top, #ffffff, #e6e6e6); - background-image: -o-linear-gradient(top, #ffffff, #e6e6e6); - background-image: linear-gradient(to bottom, #ffffff, #e6e6e6); - background-repeat: repeat-x; - border: 1px solid #cccccc; - *border: 0; - border-color: #e6e6e6 #e6e6e6 #bfbfbf; - border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); - border-bottom-color: #b3b3b3; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#ffe6e6e6', GradientType=0); - filter: progid:DXImageTransform.Microsoft.gradient(enabled=false); - *zoom: 1; - -webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05); - -moz-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05); - box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05); -} - -.btn:hover, -.btn:focus, -.btn:active, -.btn.active, -.btn.disabled, -.btn[disabled] { - color: #333333; - background-color: #e6e6e6; - *background-color: #d9d9d9; -} - -.btn:active, -.btn.active { - background-color: #cccccc \9; -} - -.btn:first-child { - *margin-left: 0; -} - -.btn:hover, -.btn:focus { - color: #333333; - text-decoration: none; - background-position: 0 -15px; - -webkit-transition: background-position 0.1s linear; - -moz-transition: background-position 0.1s linear; - -o-transition: background-position 0.1s linear; - transition: background-position 0.1s linear; -} - -.btn:focus { - outline: thin dotted #333; - outline: 5px auto -webkit-focus-ring-color; - outline-offset: -2px; -} - -.btn.active, -.btn:active { - background-image: none; - outline: 0; - -webkit-box-shadow: inset 0 2px 4px rgba(0, 0, 0, 0.15), 0 1px 2px rgba(0, 0, 0, 0.05); - -moz-box-shadow: inset 0 2px 4px rgba(0, 0, 0, 0.15), 0 1px 2px rgba(0, 0, 0, 0.05); - box-shadow: inset 0 2px 4px rgba(0, 0, 0, 0.15), 0 1px 2px rgba(0, 0, 0, 0.05); -} - -.btn.disabled, -.btn[disabled] { - cursor: default; - background-image: none; - opacity: 0.65; - filter: alpha(opacity=65); - -webkit-box-shadow: none; - -moz-box-shadow: none; - box-shadow: none; -} - -.btn-large { - padding: 11px 19px; - font-size: 17.5px; - -webkit-border-radius: 6px; - -moz-border-radius: 6px; - border-radius: 6px; -} - -.btn-large [class^="icon-"], -.btn-large [class*=" icon-"] { - margin-top: 4px; -} - -.btn-small { - padding: 2px 10px; - font-size: 11.9px; - -webkit-border-radius: 3px; - -moz-border-radius: 3px; - border-radius: 3px; -} - -.btn-small [class^="icon-"], -.btn-small [class*=" icon-"] { - margin-top: 0; -} - -.btn-mini [class^="icon-"], -.btn-mini [class*=" icon-"] { - margin-top: -1px; -} - -.btn-mini { - padding: 0 6px; - font-size: 10.5px; - -webkit-border-radius: 3px; - -moz-border-radius: 3px; - border-radius: 3px; -} - -.btn-block { - display: block; - width: 100%; - padding-right: 0; - padding-left: 0; - -webkit-box-sizing: border-box; - -moz-box-sizing: border-box; - box-sizing: border-box; -} - -.btn-block + .btn-block { - margin-top: 5px; -} - -input[type="submit"].btn-block, -input[type="reset"].btn-block, -input[type="button"].btn-block { - width: 100%; -} - -.btn-primary.active, -.btn-warning.active, -.btn-danger.active, -.btn-success.active, -.btn-info.active, -.btn-inverse.active { - color: rgba(255, 255, 255, 0.75); -} - -.btn-primary { - color: #ffffff; - text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); - background-color: #006dcc; - *background-color: #0044cc; - background-image: -moz-linear-gradient(top, #0088cc, #0044cc); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#0088cc), to(#0044cc)); - background-image: -webkit-linear-gradient(top, #0088cc, #0044cc); - background-image: -o-linear-gradient(top, #0088cc, #0044cc); - background-image: linear-gradient(to bottom, #0088cc, #0044cc); - background-repeat: repeat-x; - border-color: #0044cc #0044cc #002a80; - border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0088cc', endColorstr='#ff0044cc', GradientType=0); - filter: progid:DXImageTransform.Microsoft.gradient(enabled=false); -} - -.btn-primary:hover, -.btn-primary:focus, -.btn-primary:active, -.btn-primary.active, -.btn-primary.disabled, -.btn-primary[disabled] { - color: #ffffff; - background-color: #0044cc; - *background-color: #003bb3; -} - -.btn-primary:active, -.btn-primary.active { - background-color: #003399 \9; -} - -.btn-warning { - color: #ffffff; - text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); - background-color: #faa732; - *background-color: #f89406; - background-image: -moz-linear-gradient(top, #fbb450, #f89406); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#fbb450), to(#f89406)); - background-image: -webkit-linear-gradient(top, #fbb450, #f89406); - background-image: -o-linear-gradient(top, #fbb450, #f89406); - background-image: linear-gradient(to bottom, #fbb450, #f89406); - background-repeat: repeat-x; - border-color: #f89406 #f89406 #ad6704; - border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffbb450', endColorstr='#fff89406', GradientType=0); - filter: progid:DXImageTransform.Microsoft.gradient(enabled=false); -} - -.btn-warning:hover, -.btn-warning:focus, -.btn-warning:active, -.btn-warning.active, -.btn-warning.disabled, -.btn-warning[disabled] { - color: #ffffff; - background-color: #f89406; - *background-color: #df8505; -} - -.btn-warning:active, -.btn-warning.active { - background-color: #c67605 \9; -} - -.btn-danger { - color: #ffffff; - text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); - background-color: #da4f49; - *background-color: #bd362f; - background-image: -moz-linear-gradient(top, #ee5f5b, #bd362f); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#ee5f5b), to(#bd362f)); - background-image: -webkit-linear-gradient(top, #ee5f5b, #bd362f); - background-image: -o-linear-gradient(top, #ee5f5b, #bd362f); - background-image: linear-gradient(to bottom, #ee5f5b, #bd362f); - background-repeat: repeat-x; - border-color: #bd362f #bd362f #802420; - border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffee5f5b', endColorstr='#ffbd362f', GradientType=0); - filter: progid:DXImageTransform.Microsoft.gradient(enabled=false); -} - -.btn-danger:hover, -.btn-danger:focus, -.btn-danger:active, -.btn-danger.active, -.btn-danger.disabled, -.btn-danger[disabled] { - color: #ffffff; - background-color: #bd362f; - *background-color: #a9302a; -} - -.btn-danger:active, -.btn-danger.active { - background-color: #942a25 \9; -} - -.btn-success { - color: #ffffff; - text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); - background-color: #5bb75b; - *background-color: #51a351; - background-image: -moz-linear-gradient(top, #62c462, #51a351); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#62c462), to(#51a351)); - background-image: -webkit-linear-gradient(top, #62c462, #51a351); - background-image: -o-linear-gradient(top, #62c462, #51a351); - background-image: linear-gradient(to bottom, #62c462, #51a351); - background-repeat: repeat-x; - border-color: #51a351 #51a351 #387038; - border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff62c462', endColorstr='#ff51a351', GradientType=0); - filter: progid:DXImageTransform.Microsoft.gradient(enabled=false); -} - -.btn-success:hover, -.btn-success:focus, -.btn-success:active, -.btn-success.active, -.btn-success.disabled, -.btn-success[disabled] { - color: #ffffff; - background-color: #51a351; - *background-color: #499249; -} - -.btn-success:active, -.btn-success.active { - background-color: #408140 \9; -} - -.btn-info { - color: #ffffff; - text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); - background-color: #49afcd; - *background-color: #2f96b4; - background-image: -moz-linear-gradient(top, #5bc0de, #2f96b4); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#5bc0de), to(#2f96b4)); - background-image: -webkit-linear-gradient(top, #5bc0de, #2f96b4); - background-image: -o-linear-gradient(top, #5bc0de, #2f96b4); - background-image: linear-gradient(to bottom, #5bc0de, #2f96b4); - background-repeat: repeat-x; - border-color: #2f96b4 #2f96b4 #1f6377; - border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff2f96b4', GradientType=0); - filter: progid:DXImageTransform.Microsoft.gradient(enabled=false); -} - -.btn-info:hover, -.btn-info:focus, -.btn-info:active, -.btn-info.active, -.btn-info.disabled, -.btn-info[disabled] { - color: #ffffff; - background-color: #2f96b4; - *background-color: #2a85a0; -} - -.btn-info:active, -.btn-info.active { - background-color: #24748c \9; -} - -.btn-inverse { - color: #ffffff; - text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); - background-color: #363636; - *background-color: #222222; - background-image: -moz-linear-gradient(top, #444444, #222222); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#444444), to(#222222)); - background-image: -webkit-linear-gradient(top, #444444, #222222); - background-image: -o-linear-gradient(top, #444444, #222222); - background-image: linear-gradient(to bottom, #444444, #222222); - background-repeat: repeat-x; - border-color: #222222 #222222 #000000; - border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff444444', endColorstr='#ff222222', GradientType=0); - filter: progid:DXImageTransform.Microsoft.gradient(enabled=false); -} - -.btn-inverse:hover, -.btn-inverse:focus, -.btn-inverse:active, -.btn-inverse.active, -.btn-inverse.disabled, -.btn-inverse[disabled] { - color: #ffffff; - background-color: #222222; - *background-color: #151515; -} - -.btn-inverse:active, -.btn-inverse.active { - background-color: #080808 \9; -} - -button.btn, -input[type="submit"].btn { - *padding-top: 3px; - *padding-bottom: 3px; -} - -button.btn::-moz-focus-inner, -input[type="submit"].btn::-moz-focus-inner { - padding: 0; - border: 0; -} - -button.btn.btn-large, -input[type="submit"].btn.btn-large { - *padding-top: 7px; - *padding-bottom: 7px; -} - -button.btn.btn-small, -input[type="submit"].btn.btn-small { - *padding-top: 3px; - *padding-bottom: 3px; -} - -button.btn.btn-mini, -input[type="submit"].btn.btn-mini { - *padding-top: 1px; - *padding-bottom: 1px; -} - -.btn-link, -.btn-link:active, -.btn-link[disabled] { - background-color: transparent; - background-image: none; - -webkit-box-shadow: none; - -moz-box-shadow: none; - box-shadow: none; -} - -.btn-link { - color: #0088cc; - cursor: pointer; - border-color: transparent; - -webkit-border-radius: 0; - -moz-border-radius: 0; - border-radius: 0; -} - -.btn-link:hover, -.btn-link:focus { - color: #005580; - text-decoration: underline; - background-color: transparent; -} - -.btn-link[disabled]:hover, -.btn-link[disabled]:focus { - color: #333333; - text-decoration: none; -} - -.btn-group { - position: relative; - display: inline-block; - *display: inline; - *margin-left: .3em; - font-size: 0; - white-space: nowrap; - vertical-align: middle; - *zoom: 1; -} - -.btn-group:first-child { - *margin-left: 0; -} - -.btn-group + .btn-group { - margin-left: 5px; -} - -.btn-toolbar { - margin-top: 10px; - margin-bottom: 10px; - font-size: 0; -} - -.btn-toolbar > .btn + .btn, -.btn-toolbar > .btn-group + .btn, -.btn-toolbar > .btn + .btn-group { - margin-left: 5px; -} - -.btn-group > .btn { - position: relative; - -webkit-border-radius: 0; - -moz-border-radius: 0; - border-radius: 0; -} - -.btn-group > .btn + .btn { - margin-left: -1px; -} - -.btn-group > .btn, -.btn-group > .dropdown-menu, -.btn-group > .popover { - font-size: 14px; -} - -.btn-group > .btn-mini { - font-size: 10.5px; -} - -.btn-group > .btn-small { - font-size: 11.9px; -} - -.btn-group > .btn-large { - font-size: 17.5px; -} - -.btn-group > .btn:first-child { - margin-left: 0; - -webkit-border-bottom-left-radius: 4px; - border-bottom-left-radius: 4px; - -webkit-border-top-left-radius: 4px; - border-top-left-radius: 4px; - -moz-border-radius-bottomleft: 4px; - -moz-border-radius-topleft: 4px; -} - -.btn-group > .btn:last-child, -.btn-group > .dropdown-toggle { - -webkit-border-top-right-radius: 4px; - border-top-right-radius: 4px; - -webkit-border-bottom-right-radius: 4px; - border-bottom-right-radius: 4px; - -moz-border-radius-topright: 4px; - -moz-border-radius-bottomright: 4px; -} - -.btn-group > .btn.large:first-child { - margin-left: 0; - -webkit-border-bottom-left-radius: 6px; - border-bottom-left-radius: 6px; - -webkit-border-top-left-radius: 6px; - border-top-left-radius: 6px; - -moz-border-radius-bottomleft: 6px; - -moz-border-radius-topleft: 6px; -} - -.btn-group > .btn.large:last-child, -.btn-group > .large.dropdown-toggle { - -webkit-border-top-right-radius: 6px; - border-top-right-radius: 6px; - -webkit-border-bottom-right-radius: 6px; - border-bottom-right-radius: 6px; - -moz-border-radius-topright: 6px; - -moz-border-radius-bottomright: 6px; -} - -.btn-group > .btn:hover, -.btn-group > .btn:focus, -.btn-group > .btn:active, -.btn-group > .btn.active { - z-index: 2; -} - -.btn-group .dropdown-toggle:active, -.btn-group.open .dropdown-toggle { - outline: 0; -} - -.btn-group > .btn + .dropdown-toggle { - *padding-top: 5px; - padding-right: 8px; - *padding-bottom: 5px; - padding-left: 8px; - -webkit-box-shadow: inset 1px 0 0 rgba(255, 255, 255, 0.125), inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05); - -moz-box-shadow: inset 1px 0 0 rgba(255, 255, 255, 0.125), inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05); - box-shadow: inset 1px 0 0 rgba(255, 255, 255, 0.125), inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05); -} - -.btn-group > .btn-mini + .dropdown-toggle { - *padding-top: 2px; - padding-right: 5px; - *padding-bottom: 2px; - padding-left: 5px; -} - -.btn-group > .btn-small + .dropdown-toggle { - *padding-top: 5px; - *padding-bottom: 4px; -} - -.btn-group > .btn-large + .dropdown-toggle { - *padding-top: 7px; - padding-right: 12px; - *padding-bottom: 7px; - padding-left: 12px; -} - -.btn-group.open .dropdown-toggle { - background-image: none; - -webkit-box-shadow: inset 0 2px 4px rgba(0, 0, 0, 0.15), 0 1px 2px rgba(0, 0, 0, 0.05); - -moz-box-shadow: inset 0 2px 4px rgba(0, 0, 0, 0.15), 0 1px 2px rgba(0, 0, 0, 0.05); - box-shadow: inset 0 2px 4px rgba(0, 0, 0, 0.15), 0 1px 2px rgba(0, 0, 0, 0.05); -} - -.btn-group.open .btn.dropdown-toggle { - background-color: #e6e6e6; -} - -.btn-group.open .btn-primary.dropdown-toggle { - background-color: #0044cc; -} - -.btn-group.open .btn-warning.dropdown-toggle { - background-color: #f89406; -} - -.btn-group.open .btn-danger.dropdown-toggle { - background-color: #bd362f; -} - -.btn-group.open .btn-success.dropdown-toggle { - background-color: #51a351; -} - -.btn-group.open .btn-info.dropdown-toggle { - background-color: #2f96b4; -} - -.btn-group.open .btn-inverse.dropdown-toggle { - background-color: #222222; -} - -.btn .caret { - margin-top: 8px; - margin-left: 0; -} - -.btn-large .caret { - margin-top: 6px; -} - -.btn-large .caret { - border-top-width: 5px; - border-right-width: 5px; - border-left-width: 5px; -} - -.btn-mini .caret, -.btn-small .caret { - margin-top: 8px; -} - -.dropup .btn-large .caret { - border-bottom-width: 5px; -} - -.btn-primary .caret, -.btn-warning .caret, -.btn-danger .caret, -.btn-info .caret, -.btn-success .caret, -.btn-inverse .caret { - border-top-color: #ffffff; - border-bottom-color: #ffffff; -} - -.btn-group-vertical { - display: inline-block; - *display: inline; - /* IE7 inline-block hack */ - - *zoom: 1; -} - -.btn-group-vertical > .btn { - display: block; - float: none; - max-width: 100%; - -webkit-border-radius: 0; - -moz-border-radius: 0; - border-radius: 0; -} - -.btn-group-vertical > .btn + .btn { - margin-top: -1px; - margin-left: 0; -} - -.btn-group-vertical > .btn:first-child { - -webkit-border-radius: 4px 4px 0 0; - -moz-border-radius: 4px 4px 0 0; - border-radius: 4px 4px 0 0; -} - -.btn-group-vertical > .btn:last-child { - -webkit-border-radius: 0 0 4px 4px; - -moz-border-radius: 0 0 4px 4px; - border-radius: 0 0 4px 4px; -} - -.btn-group-vertical > .btn-large:first-child { - -webkit-border-radius: 6px 6px 0 0; - -moz-border-radius: 6px 6px 0 0; - border-radius: 6px 6px 0 0; -} - -.btn-group-vertical > .btn-large:last-child { - -webkit-border-radius: 0 0 6px 6px; - -moz-border-radius: 0 0 6px 6px; - border-radius: 0 0 6px 6px; -} - -.alert { - padding: 8px 35px 8px 14px; - margin-bottom: 20px; - text-shadow: 0 1px 0 rgba(255, 255, 255, 0.5); - background-color: #fcf8e3; - border: 1px solid #fbeed5; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; -} - -.alert, -.alert h4 { - color: #c09853; -} - -.alert h4 { - margin: 0; -} - -.alert .close { - position: relative; - top: -2px; - right: -21px; - line-height: 20px; -} - -.alert-success { - color: #468847; - background-color: #dff0d8; - border-color: #d6e9c6; -} - -.alert-success h4 { - color: #468847; -} - -.alert-danger, -.alert-error { - color: #b94a48; - background-color: #f2dede; - border-color: #eed3d7; -} - -.alert-danger h4, -.alert-error h4 { - color: #b94a48; -} - -.alert-info { - color: #3a87ad; - background-color: #d9edf7; - border-color: #bce8f1; -} - -.alert-info h4 { - color: #3a87ad; -} - -.alert-block { - padding-top: 14px; - padding-bottom: 14px; -} - -.alert-block > p, -.alert-block > ul { - margin-bottom: 0; -} - -.alert-block p + p { - margin-top: 5px; -} - -.nav { - margin-bottom: 20px; - margin-left: 0; - list-style: none; -} - -.nav > li > a { - display: block; -} - -.nav > li > a:hover, -.nav > li > a:focus { - text-decoration: none; - background-color: #eeeeee; -} - -.nav > li > a > img { - max-width: none; -} - -.nav > .pull-right { - float: right; -} - -.nav-header { - display: block; - padding: 3px 15px; - font-size: 11px; - font-weight: bold; - line-height: 20px; - color: #999999; - text-shadow: 0 1px 0 rgba(255, 255, 255, 0.5); - text-transform: uppercase; -} - -.nav li + .nav-header { - margin-top: 9px; -} - -.nav-list { - padding-right: 15px; - padding-left: 15px; - margin-bottom: 0; -} - -.nav-list > li > a, -.nav-list .nav-header { - margin-right: -15px; - margin-left: -15px; - text-shadow: 0 1px 0 rgba(255, 255, 255, 0.5); -} - -.nav-list > li > a { - padding: 3px 15px; -} - -.nav-list > .active > a, -.nav-list > .active > a:hover, -.nav-list > .active > a:focus { - color: #ffffff; - text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.2); - background-color: #0088cc; -} - -.nav-list [class^="icon-"], -.nav-list [class*=" icon-"] { - margin-right: 2px; -} - -.nav-list .divider { - *width: 100%; - height: 1px; - margin: 9px 1px; - *margin: -5px 0 5px; - overflow: hidden; - background-color: #e5e5e5; - border-bottom: 1px solid #ffffff; -} - -.nav-tabs, -.nav-pills { - *zoom: 1; -} - -.nav-tabs:before, -.nav-pills:before, -.nav-tabs:after, -.nav-pills:after { - display: table; - line-height: 0; - content: ""; -} - -.nav-tabs:after, -.nav-pills:after { - clear: both; -} - -.nav-tabs > li, -.nav-pills > li { - float: left; -} - -.nav-tabs > li > a, -.nav-pills > li > a { - padding-right: 12px; - padding-left: 12px; - margin-right: 2px; - line-height: 14px; -} - -.nav-tabs { - border-bottom: 1px solid #ddd; -} - -.nav-tabs > li { - margin-bottom: -1px; -} - -.nav-tabs > li > a { - padding-top: 8px; - padding-bottom: 8px; - line-height: 20px; - border: 1px solid transparent; - -webkit-border-radius: 4px 4px 0 0; - -moz-border-radius: 4px 4px 0 0; - border-radius: 4px 4px 0 0; -} - -.nav-tabs > li > a:hover, -.nav-tabs > li > a:focus { - border-color: #eeeeee #eeeeee #dddddd; -} - -.nav-tabs > .active > a, -.nav-tabs > .active > a:hover, -.nav-tabs > .active > a:focus { - color: #555555; - cursor: default; - background-color: #ffffff; - border: 1px solid #ddd; - border-bottom-color: transparent; -} - -.nav-pills > li > a { - padding-top: 8px; - padding-bottom: 8px; - margin-top: 2px; - margin-bottom: 2px; - -webkit-border-radius: 5px; - -moz-border-radius: 5px; - border-radius: 5px; -} - -.nav-pills > .active > a, -.nav-pills > .active > a:hover, -.nav-pills > .active > a:focus { - color: #ffffff; - background-color: #0088cc; -} - -.nav-stacked > li { - float: none; -} - -.nav-stacked > li > a { - margin-right: 0; -} - -.nav-tabs.nav-stacked { - border-bottom: 0; -} - -.nav-tabs.nav-stacked > li > a { - border: 1px solid #ddd; - -webkit-border-radius: 0; - -moz-border-radius: 0; - border-radius: 0; -} - -.nav-tabs.nav-stacked > li:first-child > a { - -webkit-border-top-right-radius: 4px; - border-top-right-radius: 4px; - -webkit-border-top-left-radius: 4px; - border-top-left-radius: 4px; - -moz-border-radius-topright: 4px; - -moz-border-radius-topleft: 4px; -} - -.nav-tabs.nav-stacked > li:last-child > a { - -webkit-border-bottom-right-radius: 4px; - border-bottom-right-radius: 4px; - -webkit-border-bottom-left-radius: 4px; - border-bottom-left-radius: 4px; - -moz-border-radius-bottomright: 4px; - -moz-border-radius-bottomleft: 4px; -} - -.nav-tabs.nav-stacked > li > a:hover, -.nav-tabs.nav-stacked > li > a:focus { - z-index: 2; - border-color: #ddd; -} - -.nav-pills.nav-stacked > li > a { - margin-bottom: 3px; -} - -.nav-pills.nav-stacked > li:last-child > a { - margin-bottom: 1px; -} - -.nav-tabs .dropdown-menu { - -webkit-border-radius: 0 0 6px 6px; - -moz-border-radius: 0 0 6px 6px; - border-radius: 0 0 6px 6px; -} - -.nav-pills .dropdown-menu { - -webkit-border-radius: 6px; - -moz-border-radius: 6px; - border-radius: 6px; -} - -.nav .dropdown-toggle .caret { - margin-top: 6px; - border-top-color: #0088cc; - border-bottom-color: #0088cc; -} - -.nav .dropdown-toggle:hover .caret, -.nav .dropdown-toggle:focus .caret { - border-top-color: #005580; - border-bottom-color: #005580; -} - -/* move down carets for tabs */ - -.nav-tabs .dropdown-toggle .caret { - margin-top: 8px; -} - -.nav .active .dropdown-toggle .caret { - border-top-color: #fff; - border-bottom-color: #fff; -} - -.nav-tabs .active .dropdown-toggle .caret { - border-top-color: #555555; - border-bottom-color: #555555; -} - -.nav > .dropdown.active > a:hover, -.nav > .dropdown.active > a:focus { - cursor: pointer; -} - -.nav-tabs .open .dropdown-toggle, -.nav-pills .open .dropdown-toggle, -.nav > li.dropdown.open.active > a:hover, -.nav > li.dropdown.open.active > a:focus { - color: #ffffff; - background-color: #999999; - border-color: #999999; -} - -.nav li.dropdown.open .caret, -.nav li.dropdown.open.active .caret, -.nav li.dropdown.open a:hover .caret, -.nav li.dropdown.open a:focus .caret { - border-top-color: #ffffff; - border-bottom-color: #ffffff; - opacity: 1; - filter: alpha(opacity=100); -} - -.tabs-stacked .open > a:hover, -.tabs-stacked .open > a:focus { - border-color: #999999; -} - -.tabbable { - *zoom: 1; -} - -.tabbable:before, -.tabbable:after { - display: table; - line-height: 0; - content: ""; -} - -.tabbable:after { - clear: both; -} - -.tab-content { - overflow: auto; -} - -.tabs-below > .nav-tabs, -.tabs-right > .nav-tabs, -.tabs-left > .nav-tabs { - border-bottom: 0; -} - -.tab-content > .tab-pane, -.pill-content > .pill-pane { - display: none; -} - -.tab-content > .active, -.pill-content > .active { - display: block; -} - -.tabs-below > .nav-tabs { - border-top: 1px solid #ddd; -} - -.tabs-below > .nav-tabs > li { - margin-top: -1px; - margin-bottom: 0; -} - -.tabs-below > .nav-tabs > li > a { - -webkit-border-radius: 0 0 4px 4px; - -moz-border-radius: 0 0 4px 4px; - border-radius: 0 0 4px 4px; -} - -.tabs-below > .nav-tabs > li > a:hover, -.tabs-below > .nav-tabs > li > a:focus { - border-top-color: #ddd; - border-bottom-color: transparent; -} - -.tabs-below > .nav-tabs > .active > a, -.tabs-below > .nav-tabs > .active > a:hover, -.tabs-below > .nav-tabs > .active > a:focus { - border-color: transparent #ddd #ddd #ddd; -} - -.tabs-left > .nav-tabs > li, -.tabs-right > .nav-tabs > li { - float: none; -} - -.tabs-left > .nav-tabs > li > a, -.tabs-right > .nav-tabs > li > a { - min-width: 74px; - margin-right: 0; - margin-bottom: 3px; -} - -.tabs-left > .nav-tabs { - float: left; - margin-right: 19px; - border-right: 1px solid #ddd; -} - -.tabs-left > .nav-tabs > li > a { - margin-right: -1px; - -webkit-border-radius: 4px 0 0 4px; - -moz-border-radius: 4px 0 0 4px; - border-radius: 4px 0 0 4px; -} - -.tabs-left > .nav-tabs > li > a:hover, -.tabs-left > .nav-tabs > li > a:focus { - border-color: #eeeeee #dddddd #eeeeee #eeeeee; -} - -.tabs-left > .nav-tabs .active > a, -.tabs-left > .nav-tabs .active > a:hover, -.tabs-left > .nav-tabs .active > a:focus { - border-color: #ddd transparent #ddd #ddd; - *border-right-color: #ffffff; -} - -.tabs-right > .nav-tabs { - float: right; - margin-left: 19px; - border-left: 1px solid #ddd; -} - -.tabs-right > .nav-tabs > li > a { - margin-left: -1px; - -webkit-border-radius: 0 4px 4px 0; - -moz-border-radius: 0 4px 4px 0; - border-radius: 0 4px 4px 0; -} - -.tabs-right > .nav-tabs > li > a:hover, -.tabs-right > .nav-tabs > li > a:focus { - border-color: #eeeeee #eeeeee #eeeeee #dddddd; -} - -.tabs-right > .nav-tabs .active > a, -.tabs-right > .nav-tabs .active > a:hover, -.tabs-right > .nav-tabs .active > a:focus { - border-color: #ddd #ddd #ddd transparent; - *border-left-color: #ffffff; -} - -.nav > .disabled > a { - color: #999999; -} - -.nav > .disabled > a:hover, -.nav > .disabled > a:focus { - text-decoration: none; - cursor: default; - background-color: transparent; -} - -.navbar { - *position: relative; - *z-index: 2; - margin-bottom: 20px; - overflow: visible; -} - -.navbar-inner { - min-height: 40px; - padding-right: 20px; - padding-left: 20px; - background-color: #fafafa; - background-image: -moz-linear-gradient(top, #ffffff, #f2f2f2); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#ffffff), to(#f2f2f2)); - background-image: -webkit-linear-gradient(top, #ffffff, #f2f2f2); - background-image: -o-linear-gradient(top, #ffffff, #f2f2f2); - background-image: linear-gradient(to bottom, #ffffff, #f2f2f2); - background-repeat: repeat-x; - border: 1px solid #d4d4d4; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#fff2f2f2', GradientType=0); - *zoom: 1; - -webkit-box-shadow: 0 1px 4px rgba(0, 0, 0, 0.065); - -moz-box-shadow: 0 1px 4px rgba(0, 0, 0, 0.065); - box-shadow: 0 1px 4px rgba(0, 0, 0, 0.065); -} - -.navbar-inner:before, -.navbar-inner:after { - display: table; - line-height: 0; - content: ""; -} - -.navbar-inner:after { - clear: both; -} - -.navbar .container { - width: auto; -} - -.nav-collapse.collapse { - height: auto; - overflow: visible; -} - -.navbar .brand { - display: block; - float: left; - padding: 10px 20px 10px; - margin-left: -20px; - font-size: 20px; - font-weight: 200; - color: #777777; - text-shadow: 0 1px 0 #ffffff; -} - -.navbar .brand:hover, -.navbar .brand:focus { - text-decoration: none; -} - -.navbar-text { - margin-bottom: 0; - line-height: 40px; - color: #777777; -} - -.navbar-link { - color: #777777; -} - -.navbar-link:hover, -.navbar-link:focus { - color: #333333; -} - -.navbar .divider-vertical { - height: 40px; - margin: 0 9px; - border-right: 1px solid #ffffff; - border-left: 1px solid #f2f2f2; -} - -.navbar .btn, -.navbar .btn-group { - margin-top: 5px; -} - -.navbar .btn-group .btn, -.navbar .input-prepend .btn, -.navbar .input-append .btn, -.navbar .input-prepend .btn-group, -.navbar .input-append .btn-group { - margin-top: 0; -} - -.navbar-form { - margin-bottom: 0; - *zoom: 1; -} - -.navbar-form:before, -.navbar-form:after { - display: table; - line-height: 0; - content: ""; -} - -.navbar-form:after { - clear: both; -} - -.navbar-form input, -.navbar-form select, -.navbar-form .radio, -.navbar-form .checkbox { - margin-top: 5px; -} - -.navbar-form input, -.navbar-form select, -.navbar-form .btn { - display: inline-block; - margin-bottom: 0; -} - -.navbar-form input[type="image"], -.navbar-form input[type="checkbox"], -.navbar-form input[type="radio"] { - margin-top: 3px; -} - -.navbar-form .input-append, -.navbar-form .input-prepend { - margin-top: 5px; - white-space: nowrap; -} - -.navbar-form .input-append input, -.navbar-form .input-prepend input { - margin-top: 0; -} - -.navbar-search { - position: relative; - float: left; - margin-top: 5px; - margin-bottom: 0; -} - -.navbar-search .search-query { - padding: 4px 14px; - margin-bottom: 0; - font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; - font-size: 13px; - font-weight: normal; - line-height: 1; - -webkit-border-radius: 15px; - -moz-border-radius: 15px; - border-radius: 15px; -} - -.navbar-static-top { - position: static; - margin-bottom: 0; -} - -.navbar-static-top .navbar-inner { - -webkit-border-radius: 0; - -moz-border-radius: 0; - border-radius: 0; -} - -.navbar-fixed-top, -.navbar-fixed-bottom { - position: fixed; - right: 0; - left: 0; - z-index: 1030; - margin-bottom: 0; -} - -.navbar-fixed-top .navbar-inner, -.navbar-static-top .navbar-inner { - border-width: 0 0 1px; -} - -.navbar-fixed-bottom .navbar-inner { - border-width: 1px 0 0; -} - -.navbar-fixed-top .navbar-inner, -.navbar-fixed-bottom .navbar-inner { - padding-right: 0; - padding-left: 0; - -webkit-border-radius: 0; - -moz-border-radius: 0; - border-radius: 0; -} - -.navbar-static-top .container, -.navbar-fixed-top .container, -.navbar-fixed-bottom .container { - width: 940px; -} - -.navbar-fixed-top { - top: 0; -} - -.navbar-fixed-top .navbar-inner, -.navbar-static-top .navbar-inner { - -webkit-box-shadow: 0 1px 10px rgba(0, 0, 0, 0.1); - -moz-box-shadow: 0 1px 10px rgba(0, 0, 0, 0.1); - box-shadow: 0 1px 10px rgba(0, 0, 0, 0.1); -} - -.navbar-fixed-bottom { - bottom: 0; -} - -.navbar-fixed-bottom .navbar-inner { - -webkit-box-shadow: 0 -1px 10px rgba(0, 0, 0, 0.1); - -moz-box-shadow: 0 -1px 10px rgba(0, 0, 0, 0.1); - box-shadow: 0 -1px 10px rgba(0, 0, 0, 0.1); -} - -.navbar .nav { - position: relative; - left: 0; - display: block; - float: left; - margin: 0 10px 0 0; -} - -.navbar .nav.pull-right { - float: right; - margin-right: 0; -} - -.navbar .nav > li { - float: left; -} - -.navbar .nav > li > a { - float: none; - padding: 10px 15px 10px; - color: #777777; - text-decoration: none; - text-shadow: 0 1px 0 #ffffff; -} - -.navbar .nav .dropdown-toggle .caret { - margin-top: 8px; -} - -.navbar .nav > li > a:focus, -.navbar .nav > li > a:hover { - color: #333333; - text-decoration: none; - background-color: transparent; -} - -.navbar .nav > .active > a, -.navbar .nav > .active > a:hover, -.navbar .nav > .active > a:focus { - color: #555555; - text-decoration: none; - background-color: #e5e5e5; - -webkit-box-shadow: inset 0 3px 8px rgba(0, 0, 0, 0.125); - -moz-box-shadow: inset 0 3px 8px rgba(0, 0, 0, 0.125); - box-shadow: inset 0 3px 8px rgba(0, 0, 0, 0.125); -} - -.navbar .btn-navbar { - display: none; - float: right; - padding: 7px 10px; - margin-right: 5px; - margin-left: 5px; - color: #ffffff; - text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); - background-color: #ededed; - *background-color: #e5e5e5; - background-image: -moz-linear-gradient(top, #f2f2f2, #e5e5e5); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#f2f2f2), to(#e5e5e5)); - background-image: -webkit-linear-gradient(top, #f2f2f2, #e5e5e5); - background-image: -o-linear-gradient(top, #f2f2f2, #e5e5e5); - background-image: linear-gradient(to bottom, #f2f2f2, #e5e5e5); - background-repeat: repeat-x; - border-color: #e5e5e5 #e5e5e5 #bfbfbf; - border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2f2f2', endColorstr='#ffe5e5e5', GradientType=0); - filter: progid:DXImageTransform.Microsoft.gradient(enabled=false); - -webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.1), 0 1px 0 rgba(255, 255, 255, 0.075); - -moz-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.1), 0 1px 0 rgba(255, 255, 255, 0.075); - box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.1), 0 1px 0 rgba(255, 255, 255, 0.075); -} - -.navbar .btn-navbar:hover, -.navbar .btn-navbar:focus, -.navbar .btn-navbar:active, -.navbar .btn-navbar.active, -.navbar .btn-navbar.disabled, -.navbar .btn-navbar[disabled] { - color: #ffffff; - background-color: #e5e5e5; - *background-color: #d9d9d9; -} - -.navbar .btn-navbar:active, -.navbar .btn-navbar.active { - background-color: #cccccc \9; -} - -.navbar .btn-navbar .icon-bar { - display: block; - width: 18px; - height: 2px; - background-color: #f5f5f5; - -webkit-border-radius: 1px; - -moz-border-radius: 1px; - border-radius: 1px; - -webkit-box-shadow: 0 1px 0 rgba(0, 0, 0, 0.25); - -moz-box-shadow: 0 1px 0 rgba(0, 0, 0, 0.25); - box-shadow: 0 1px 0 rgba(0, 0, 0, 0.25); -} - -.btn-navbar .icon-bar + .icon-bar { - margin-top: 3px; -} - -.navbar .nav > li > .dropdown-menu:before { - position: absolute; - top: -7px; - left: 9px; - display: inline-block; - border-right: 7px solid transparent; - border-bottom: 7px solid #ccc; - border-left: 7px solid transparent; - border-bottom-color: rgba(0, 0, 0, 0.2); - content: ''; -} - -.navbar .nav > li > .dropdown-menu:after { - position: absolute; - top: -6px; - left: 10px; - display: inline-block; - border-right: 6px solid transparent; - border-bottom: 6px solid #ffffff; - border-left: 6px solid transparent; - content: ''; -} - -.navbar-fixed-bottom .nav > li > .dropdown-menu:before { - top: auto; - bottom: -7px; - border-top: 7px solid #ccc; - border-bottom: 0; - border-top-color: rgba(0, 0, 0, 0.2); -} - -.navbar-fixed-bottom .nav > li > .dropdown-menu:after { - top: auto; - bottom: -6px; - border-top: 6px solid #ffffff; - border-bottom: 0; -} - -.navbar .nav li.dropdown > a:hover .caret, -.navbar .nav li.dropdown > a:focus .caret { - border-top-color: #333333; - border-bottom-color: #333333; -} - -.navbar .nav li.dropdown.open > .dropdown-toggle, -.navbar .nav li.dropdown.active > .dropdown-toggle, -.navbar .nav li.dropdown.open.active > .dropdown-toggle { - color: #555555; - background-color: #e5e5e5; -} - -.navbar .nav li.dropdown > .dropdown-toggle .caret { - border-top-color: #777777; - border-bottom-color: #777777; -} - -.navbar .nav li.dropdown.open > .dropdown-toggle .caret, -.navbar .nav li.dropdown.active > .dropdown-toggle .caret, -.navbar .nav li.dropdown.open.active > .dropdown-toggle .caret { - border-top-color: #555555; - border-bottom-color: #555555; -} - -.navbar .pull-right > li > .dropdown-menu, -.navbar .nav > li > .dropdown-menu.pull-right { - right: 0; - left: auto; -} - -.navbar .pull-right > li > .dropdown-menu:before, -.navbar .nav > li > .dropdown-menu.pull-right:before { - right: 12px; - left: auto; -} - -.navbar .pull-right > li > .dropdown-menu:after, -.navbar .nav > li > .dropdown-menu.pull-right:after { - right: 13px; - left: auto; -} - -.navbar .pull-right > li > .dropdown-menu .dropdown-menu, -.navbar .nav > li > .dropdown-menu.pull-right .dropdown-menu { - right: 100%; - left: auto; - margin-right: -1px; - margin-left: 0; - -webkit-border-radius: 6px 0 6px 6px; - -moz-border-radius: 6px 0 6px 6px; - border-radius: 6px 0 6px 6px; -} - -.navbar-inverse .navbar-inner { - background-color: #1b1b1b; - background-image: -moz-linear-gradient(top, #222222, #111111); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#222222), to(#111111)); - background-image: -webkit-linear-gradient(top, #222222, #111111); - background-image: -o-linear-gradient(top, #222222, #111111); - background-image: linear-gradient(to bottom, #222222, #111111); - background-repeat: repeat-x; - border-color: #252525; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff222222', endColorstr='#ff111111', GradientType=0); -} - -.navbar-inverse .brand, -.navbar-inverse .nav > li > a { - color: #999999; - text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); -} - -.navbar-inverse .brand:hover, -.navbar-inverse .nav > li > a:hover, -.navbar-inverse .brand:focus, -.navbar-inverse .nav > li > a:focus { - color: #ffffff; -} - -.navbar-inverse .brand { - color: #999999; -} - -.navbar-inverse .navbar-text { - color: #999999; -} - -.navbar-inverse .nav > li > a:focus, -.navbar-inverse .nav > li > a:hover { - color: #ffffff; - background-color: transparent; -} - -.navbar-inverse .nav .active > a, -.navbar-inverse .nav .active > a:hover, -.navbar-inverse .nav .active > a:focus { - color: #ffffff; - background-color: #111111; -} - -.navbar-inverse .navbar-link { - color: #999999; -} - -.navbar-inverse .navbar-link:hover, -.navbar-inverse .navbar-link:focus { - color: #ffffff; -} - -.navbar-inverse .divider-vertical { - border-right-color: #222222; - border-left-color: #111111; -} - -.navbar-inverse .nav li.dropdown.open > .dropdown-toggle, -.navbar-inverse .nav li.dropdown.active > .dropdown-toggle, -.navbar-inverse .nav li.dropdown.open.active > .dropdown-toggle { - color: #ffffff; - background-color: #111111; -} - -.navbar-inverse .nav li.dropdown > a:hover .caret, -.navbar-inverse .nav li.dropdown > a:focus .caret { - border-top-color: #ffffff; - border-bottom-color: #ffffff; -} - -.navbar-inverse .nav li.dropdown > .dropdown-toggle .caret { - border-top-color: #999999; - border-bottom-color: #999999; -} - -.navbar-inverse .nav li.dropdown.open > .dropdown-toggle .caret, -.navbar-inverse .nav li.dropdown.active > .dropdown-toggle .caret, -.navbar-inverse .nav li.dropdown.open.active > .dropdown-toggle .caret { - border-top-color: #ffffff; - border-bottom-color: #ffffff; -} - -.navbar-inverse .navbar-search .search-query { - color: #ffffff; - background-color: #515151; - border-color: #111111; - -webkit-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1), 0 1px 0 rgba(255, 255, 255, 0.15); - -moz-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1), 0 1px 0 rgba(255, 255, 255, 0.15); - box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1), 0 1px 0 rgba(255, 255, 255, 0.15); - -webkit-transition: none; - -moz-transition: none; - -o-transition: none; - transition: none; -} - -.navbar-inverse .navbar-search .search-query:-moz-placeholder { - color: #cccccc; -} - -.navbar-inverse .navbar-search .search-query:-ms-input-placeholder { - color: #cccccc; -} - -.navbar-inverse .navbar-search .search-query::-webkit-input-placeholder { - color: #cccccc; -} - -.navbar-inverse .navbar-search .search-query:focus, -.navbar-inverse .navbar-search .search-query.focused { - padding: 5px 15px; - color: #333333; - text-shadow: 0 1px 0 #ffffff; - background-color: #ffffff; - border: 0; - outline: 0; - -webkit-box-shadow: 0 0 3px rgba(0, 0, 0, 0.15); - -moz-box-shadow: 0 0 3px rgba(0, 0, 0, 0.15); - box-shadow: 0 0 3px rgba(0, 0, 0, 0.15); -} - -.navbar-inverse .btn-navbar { - color: #ffffff; - text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); - background-color: #0e0e0e; - *background-color: #040404; - background-image: -moz-linear-gradient(top, #151515, #040404); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#151515), to(#040404)); - background-image: -webkit-linear-gradient(top, #151515, #040404); - background-image: -o-linear-gradient(top, #151515, #040404); - background-image: linear-gradient(to bottom, #151515, #040404); - background-repeat: repeat-x; - border-color: #040404 #040404 #000000; - border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff151515', endColorstr='#ff040404', GradientType=0); - filter: progid:DXImageTransform.Microsoft.gradient(enabled=false); -} - -.navbar-inverse .btn-navbar:hover, -.navbar-inverse .btn-navbar:focus, -.navbar-inverse .btn-navbar:active, -.navbar-inverse .btn-navbar.active, -.navbar-inverse .btn-navbar.disabled, -.navbar-inverse .btn-navbar[disabled] { - color: #ffffff; - background-color: #040404; - *background-color: #000000; -} - -.navbar-inverse .btn-navbar:active, -.navbar-inverse .btn-navbar.active { - background-color: #000000 \9; -} - -.breadcrumb { - padding: 8px 15px; - margin: 0 0 20px; - list-style: none; - background-color: #f5f5f5; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; -} - -.breadcrumb > li { - display: inline-block; - *display: inline; - text-shadow: 0 1px 0 #ffffff; - *zoom: 1; -} - -.breadcrumb > li > .divider { - padding: 0 5px; - color: #ccc; -} - -.breadcrumb > .active { - color: #999999; -} - -.pagination { - margin: 20px 0; -} - -.pagination ul { - display: inline-block; - *display: inline; - margin-bottom: 0; - margin-left: 0; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; - *zoom: 1; - -webkit-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.05); - -moz-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.05); - box-shadow: 0 1px 2px rgba(0, 0, 0, 0.05); -} - -.pagination ul > li { - display: inline; -} - -.pagination ul > li > a, -.pagination ul > li > span { - float: left; - padding: 4px 12px; - line-height: 20px; - text-decoration: none; - background-color: #ffffff; - border: 1px solid #dddddd; - border-left-width: 0; -} - -.pagination ul > li > a:hover, -.pagination ul > li > a:focus, -.pagination ul > .active > a, -.pagination ul > .active > span { - background-color: #f5f5f5; -} - -.pagination ul > .active > a, -.pagination ul > .active > span { - color: #999999; - cursor: default; -} - -.pagination ul > .disabled > span, -.pagination ul > .disabled > a, -.pagination ul > .disabled > a:hover, -.pagination ul > .disabled > a:focus { - color: #999999; - cursor: default; - background-color: transparent; -} - -.pagination ul > li:first-child > a, -.pagination ul > li:first-child > span { - border-left-width: 1px; - -webkit-border-bottom-left-radius: 4px; - border-bottom-left-radius: 4px; - -webkit-border-top-left-radius: 4px; - border-top-left-radius: 4px; - -moz-border-radius-bottomleft: 4px; - -moz-border-radius-topleft: 4px; -} - -.pagination ul > li:last-child > a, -.pagination ul > li:last-child > span { - -webkit-border-top-right-radius: 4px; - border-top-right-radius: 4px; - -webkit-border-bottom-right-radius: 4px; - border-bottom-right-radius: 4px; - -moz-border-radius-topright: 4px; - -moz-border-radius-bottomright: 4px; -} - -.pagination-centered { - text-align: center; -} - -.pagination-right { - text-align: right; -} - -.pagination-large ul > li > a, -.pagination-large ul > li > span { - padding: 11px 19px; - font-size: 17.5px; -} - -.pagination-large ul > li:first-child > a, -.pagination-large ul > li:first-child > span { - -webkit-border-bottom-left-radius: 6px; - border-bottom-left-radius: 6px; - -webkit-border-top-left-radius: 6px; - border-top-left-radius: 6px; - -moz-border-radius-bottomleft: 6px; - -moz-border-radius-topleft: 6px; -} - -.pagination-large ul > li:last-child > a, -.pagination-large ul > li:last-child > span { - -webkit-border-top-right-radius: 6px; - border-top-right-radius: 6px; - -webkit-border-bottom-right-radius: 6px; - border-bottom-right-radius: 6px; - -moz-border-radius-topright: 6px; - -moz-border-radius-bottomright: 6px; -} - -.pagination-mini ul > li:first-child > a, -.pagination-small ul > li:first-child > a, -.pagination-mini ul > li:first-child > span, -.pagination-small ul > li:first-child > span { - -webkit-border-bottom-left-radius: 3px; - border-bottom-left-radius: 3px; - -webkit-border-top-left-radius: 3px; - border-top-left-radius: 3px; - -moz-border-radius-bottomleft: 3px; - -moz-border-radius-topleft: 3px; -} - -.pagination-mini ul > li:last-child > a, -.pagination-small ul > li:last-child > a, -.pagination-mini ul > li:last-child > span, -.pagination-small ul > li:last-child > span { - -webkit-border-top-right-radius: 3px; - border-top-right-radius: 3px; - -webkit-border-bottom-right-radius: 3px; - border-bottom-right-radius: 3px; - -moz-border-radius-topright: 3px; - -moz-border-radius-bottomright: 3px; -} - -.pagination-small ul > li > a, -.pagination-small ul > li > span { - padding: 2px 10px; - font-size: 11.9px; -} - -.pagination-mini ul > li > a, -.pagination-mini ul > li > span { - padding: 0 6px; - font-size: 10.5px; -} - -.pager { - margin: 20px 0; - text-align: center; - list-style: none; - *zoom: 1; -} - -.pager:before, -.pager:after { - display: table; - line-height: 0; - content: ""; -} - -.pager:after { - clear: both; -} - -.pager li { - display: inline; -} - -.pager li > a, -.pager li > span { - display: inline-block; - padding: 5px 14px; - background-color: #fff; - border: 1px solid #ddd; - -webkit-border-radius: 15px; - -moz-border-radius: 15px; - border-radius: 15px; -} - -.pager li > a:hover, -.pager li > a:focus { - text-decoration: none; - background-color: #f5f5f5; -} - -.pager .next > a, -.pager .next > span { - float: right; -} - -.pager .previous > a, -.pager .previous > span { - float: left; -} - -.pager .disabled > a, -.pager .disabled > a:hover, -.pager .disabled > a:focus, -.pager .disabled > span { - color: #999999; - cursor: default; - background-color: #fff; -} - -.modal-backdrop { - position: fixed; - top: 0; - right: 0; - bottom: 0; - left: 0; - z-index: 1040; - background-color: #000000; -} - -.modal-backdrop.fade { - opacity: 0; -} - -.modal-backdrop, -.modal-backdrop.fade.in { - opacity: 0.8; - filter: alpha(opacity=80); -} - -.modal { - position: fixed; - top: 10%; - left: 50%; - z-index: 1050; - width: 560px; - margin-left: -280px; - background-color: #ffffff; - border: 1px solid #999; - border: 1px solid rgba(0, 0, 0, 0.3); - *border: 1px solid #999; - -webkit-border-radius: 6px; - -moz-border-radius: 6px; - border-radius: 6px; - outline: none; - -webkit-box-shadow: 0 3px 7px rgba(0, 0, 0, 0.3); - -moz-box-shadow: 0 3px 7px rgba(0, 0, 0, 0.3); - box-shadow: 0 3px 7px rgba(0, 0, 0, 0.3); - -webkit-background-clip: padding-box; - -moz-background-clip: padding-box; - background-clip: padding-box; -} - -.modal.fade { - top: -25%; - -webkit-transition: opacity 0.3s linear, top 0.3s ease-out; - -moz-transition: opacity 0.3s linear, top 0.3s ease-out; - -o-transition: opacity 0.3s linear, top 0.3s ease-out; - transition: opacity 0.3s linear, top 0.3s ease-out; -} - -.modal.fade.in { - top: 10%; -} - -.modal-header { - padding: 9px 15px; - border-bottom: 1px solid #eee; -} - -.modal-header .close { - margin-top: 2px; -} - -.modal-header h3 { - margin: 0; - line-height: 30px; -} - -.modal-body { - position: relative; - max-height: 400px; - padding: 15px; - overflow-y: auto; -} - -.modal-form { - margin-bottom: 0; -} - -.modal-footer { - padding: 14px 15px 15px; - margin-bottom: 0; - text-align: right; - background-color: #f5f5f5; - border-top: 1px solid #ddd; - -webkit-border-radius: 0 0 6px 6px; - -moz-border-radius: 0 0 6px 6px; - border-radius: 0 0 6px 6px; - *zoom: 1; - -webkit-box-shadow: inset 0 1px 0 #ffffff; - -moz-box-shadow: inset 0 1px 0 #ffffff; - box-shadow: inset 0 1px 0 #ffffff; -} - -.modal-footer:before, -.modal-footer:after { - display: table; - line-height: 0; - content: ""; -} - -.modal-footer:after { - clear: both; -} - -.modal-footer .btn + .btn { - margin-bottom: 0; - margin-left: 5px; -} - -.modal-footer .btn-group .btn + .btn { - margin-left: -1px; -} - -.modal-footer .btn-block + .btn-block { - margin-left: 0; -} - -.tooltip { - position: absolute; - z-index: 1030; - display: block; - font-size: 11px; - line-height: 1.4; - opacity: 0; - filter: alpha(opacity=0); - visibility: visible; -} - -.tooltip.in { - opacity: 0.8; - filter: alpha(opacity=80); -} - -.tooltip.top { - padding: 5px 0; - margin-top: -3px; -} - -.tooltip.right { - padding: 0 5px; - margin-left: 3px; -} - -.tooltip.bottom { - padding: 5px 0; - margin-top: 3px; -} - -.tooltip.left { - padding: 0 5px; - margin-left: -3px; -} - -.tooltip-inner { - max-width: 200px; - padding: 8px; - color: #ffffff; - text-align: center; - text-decoration: none; - background-color: #000000; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; -} - -.tooltip-arrow { - position: absolute; - width: 0; - height: 0; - border-color: transparent; - border-style: solid; -} - -.tooltip.top .tooltip-arrow { - bottom: 0; - left: 50%; - margin-left: -5px; - border-top-color: #000000; - border-width: 5px 5px 0; -} - -.tooltip.right .tooltip-arrow { - top: 50%; - left: 0; - margin-top: -5px; - border-right-color: #000000; - border-width: 5px 5px 5px 0; -} - -.tooltip.left .tooltip-arrow { - top: 50%; - right: 0; - margin-top: -5px; - border-left-color: #000000; - border-width: 5px 0 5px 5px; -} - -.tooltip.bottom .tooltip-arrow { - top: 0; - left: 50%; - margin-left: -5px; - border-bottom-color: #000000; - border-width: 0 5px 5px; -} - -.popover { - position: absolute; - top: 0; - left: 0; - z-index: 1010; - display: none; - max-width: 276px; - padding: 1px; - text-align: left; - white-space: normal; - background-color: #ffffff; - border: 1px solid #ccc; - border: 1px solid rgba(0, 0, 0, 0.2); - -webkit-border-radius: 6px; - -moz-border-radius: 6px; - border-radius: 6px; - -webkit-box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); - -moz-box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); - box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); - -webkit-background-clip: padding-box; - -moz-background-clip: padding; - background-clip: padding-box; -} - -.popover.top { - margin-top: -10px; -} - -.popover.right { - margin-left: 10px; -} - -.popover.bottom { - margin-top: 10px; -} - -.popover.left { - margin-left: -10px; -} - -.popover-title { - padding: 8px 14px; - margin: 0; - font-size: 14px; - font-weight: normal; - line-height: 18px; - background-color: #f7f7f7; - border-bottom: 1px solid #ebebeb; - -webkit-border-radius: 5px 5px 0 0; - -moz-border-radius: 5px 5px 0 0; - border-radius: 5px 5px 0 0; -} - -.popover-title:empty { - display: none; -} - -.popover-content { - padding: 9px 14px; -} - -.popover .arrow, -.popover .arrow:after { - position: absolute; - display: block; - width: 0; - height: 0; - border-color: transparent; - border-style: solid; -} - -.popover .arrow { - border-width: 11px; -} - -.popover .arrow:after { - border-width: 10px; - content: ""; -} - -.popover.top .arrow { - bottom: -11px; - left: 50%; - margin-left: -11px; - border-top-color: #999; - border-top-color: rgba(0, 0, 0, 0.25); - border-bottom-width: 0; -} - -.popover.top .arrow:after { - bottom: 1px; - margin-left: -10px; - border-top-color: #ffffff; - border-bottom-width: 0; -} - -.popover.right .arrow { - top: 50%; - left: -11px; - margin-top: -11px; - border-right-color: #999; - border-right-color: rgba(0, 0, 0, 0.25); - border-left-width: 0; -} - -.popover.right .arrow:after { - bottom: -10px; - left: 1px; - border-right-color: #ffffff; - border-left-width: 0; -} - -.popover.bottom .arrow { - top: -11px; - left: 50%; - margin-left: -11px; - border-bottom-color: #999; - border-bottom-color: rgba(0, 0, 0, 0.25); - border-top-width: 0; -} - -.popover.bottom .arrow:after { - top: 1px; - margin-left: -10px; - border-bottom-color: #ffffff; - border-top-width: 0; -} - -.popover.left .arrow { - top: 50%; - right: -11px; - margin-top: -11px; - border-left-color: #999; - border-left-color: rgba(0, 0, 0, 0.25); - border-right-width: 0; -} - -.popover.left .arrow:after { - right: 1px; - bottom: -10px; - border-left-color: #ffffff; - border-right-width: 0; -} - -.thumbnails { - margin-left: -20px; - list-style: none; - *zoom: 1; -} - -.thumbnails:before, -.thumbnails:after { - display: table; - line-height: 0; - content: ""; -} - -.thumbnails:after { - clear: both; -} - -.row-fluid .thumbnails { - margin-left: 0; -} - -.thumbnails > li { - float: left; - margin-bottom: 20px; - margin-left: 20px; -} - -.thumbnail { - display: block; - padding: 4px; - line-height: 20px; - border: 1px solid #ddd; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; - -webkit-box-shadow: 0 1px 3px rgba(0, 0, 0, 0.055); - -moz-box-shadow: 0 1px 3px rgba(0, 0, 0, 0.055); - box-shadow: 0 1px 3px rgba(0, 0, 0, 0.055); - -webkit-transition: all 0.2s ease-in-out; - -moz-transition: all 0.2s ease-in-out; - -o-transition: all 0.2s ease-in-out; - transition: all 0.2s ease-in-out; -} - -a.thumbnail:hover, -a.thumbnail:focus { - border-color: #0088cc; - -webkit-box-shadow: 0 1px 4px rgba(0, 105, 214, 0.25); - -moz-box-shadow: 0 1px 4px rgba(0, 105, 214, 0.25); - box-shadow: 0 1px 4px rgba(0, 105, 214, 0.25); -} - -.thumbnail > img { - display: block; - max-width: 100%; - margin-right: auto; - margin-left: auto; -} - -.thumbnail .caption { - padding: 9px; - color: #555555; -} - -.media, -.media-body { - overflow: hidden; - *overflow: visible; - zoom: 1; -} - -.media, -.media .media { - margin-top: 15px; -} - -.media:first-child { - margin-top: 0; -} - -.media-object { - display: block; -} - -.media-heading { - margin: 0 0 5px; -} - -.media > .pull-left { - margin-right: 10px; -} - -.media > .pull-right { - margin-left: 10px; -} - -.media-list { - margin-left: 0; - list-style: none; -} - -.label, -.badge { - display: inline-block; - padding: 2px 4px; - font-size: 11.844px; - font-weight: bold; - line-height: 14px; - color: #ffffff; - text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); - white-space: nowrap; - vertical-align: baseline; - background-color: #999999; -} - -.label { - -webkit-border-radius: 3px; - -moz-border-radius: 3px; - border-radius: 3px; -} - -.badge { - padding-right: 9px; - padding-left: 9px; - -webkit-border-radius: 9px; - -moz-border-radius: 9px; - border-radius: 9px; -} - -.label:empty, -.badge:empty { - display: none; -} - -a.label:hover, -a.label:focus, -a.badge:hover, -a.badge:focus { - color: #ffffff; - text-decoration: none; - cursor: pointer; -} - -.label-important, -.badge-important { - background-color: #b94a48; -} - -.label-important[href], -.badge-important[href] { - background-color: #953b39; -} - -.label-warning, -.badge-warning { - background-color: #f89406; -} - -.label-warning[href], -.badge-warning[href] { - background-color: #c67605; -} - -.label-success, -.badge-success { - background-color: #468847; -} - -.label-success[href], -.badge-success[href] { - background-color: #356635; -} - -.label-info, -.badge-info { - background-color: #3a87ad; -} - -.label-info[href], -.badge-info[href] { - background-color: #2d6987; -} - -.label-inverse, -.badge-inverse { - background-color: #333333; -} - -.label-inverse[href], -.badge-inverse[href] { - background-color: #1a1a1a; -} - -.btn .label, -.btn .badge { - position: relative; - top: -1px; -} - -.btn-mini .label, -.btn-mini .badge { - top: 0; -} - -@-webkit-keyframes progress-bar-stripes { - from { - background-position: 40px 0; - } - to { - background-position: 0 0; - } -} - -@-moz-keyframes progress-bar-stripes { - from { - background-position: 40px 0; - } - to { - background-position: 0 0; - } -} - -@-ms-keyframes progress-bar-stripes { - from { - background-position: 40px 0; - } - to { - background-position: 0 0; - } -} - -@-o-keyframes progress-bar-stripes { - from { - background-position: 0 0; - } - to { - background-position: 40px 0; - } -} - -@keyframes progress-bar-stripes { - from { - background-position: 40px 0; - } - to { - background-position: 0 0; - } -} - -.progress { - height: 20px; - margin-bottom: 20px; - overflow: hidden; - background-color: #f7f7f7; - background-image: -moz-linear-gradient(top, #f5f5f5, #f9f9f9); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#f5f5f5), to(#f9f9f9)); - background-image: -webkit-linear-gradient(top, #f5f5f5, #f9f9f9); - background-image: -o-linear-gradient(top, #f5f5f5, #f9f9f9); - background-image: linear-gradient(to bottom, #f5f5f5, #f9f9f9); - background-repeat: repeat-x; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff5f5f5', endColorstr='#fff9f9f9', GradientType=0); - -webkit-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1); - -moz-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1); - box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1); -} - -.progress .bar { - float: left; - width: 0; - height: 100%; - font-size: 12px; - color: #ffffff; - text-align: center; - text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); - background-color: #0e90d2; - background-image: -moz-linear-gradient(top, #149bdf, #0480be); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#149bdf), to(#0480be)); - background-image: -webkit-linear-gradient(top, #149bdf, #0480be); - background-image: -o-linear-gradient(top, #149bdf, #0480be); - background-image: linear-gradient(to bottom, #149bdf, #0480be); - background-repeat: repeat-x; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff149bdf', endColorstr='#ff0480be', GradientType=0); - -webkit-box-shadow: inset 0 -1px 0 rgba(0, 0, 0, 0.15); - -moz-box-shadow: inset 0 -1px 0 rgba(0, 0, 0, 0.15); - box-shadow: inset 0 -1px 0 rgba(0, 0, 0, 0.15); - -webkit-box-sizing: border-box; - -moz-box-sizing: border-box; - box-sizing: border-box; - -webkit-transition: width 0.6s ease; - -moz-transition: width 0.6s ease; - -o-transition: width 0.6s ease; - transition: width 0.6s ease; -} - -.progress .bar + .bar { - -webkit-box-shadow: inset 1px 0 0 rgba(0, 0, 0, 0.15), inset 0 -1px 0 rgba(0, 0, 0, 0.15); - -moz-box-shadow: inset 1px 0 0 rgba(0, 0, 0, 0.15), inset 0 -1px 0 rgba(0, 0, 0, 0.15); - box-shadow: inset 1px 0 0 rgba(0, 0, 0, 0.15), inset 0 -1px 0 rgba(0, 0, 0, 0.15); -} - -.progress-striped .bar { - background-color: #149bdf; - background-image: -webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent)); - background-image: -webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: -moz-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: -o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - -webkit-background-size: 40px 40px; - -moz-background-size: 40px 40px; - -o-background-size: 40px 40px; - background-size: 40px 40px; -} - -.progress.active .bar { - -webkit-animation: progress-bar-stripes 2s linear infinite; - -moz-animation: progress-bar-stripes 2s linear infinite; - -ms-animation: progress-bar-stripes 2s linear infinite; - -o-animation: progress-bar-stripes 2s linear infinite; - animation: progress-bar-stripes 2s linear infinite; -} - -.progress-danger .bar, -.progress .bar-danger { - background-color: #dd514c; - background-image: -moz-linear-gradient(top, #ee5f5b, #c43c35); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#ee5f5b), to(#c43c35)); - background-image: -webkit-linear-gradient(top, #ee5f5b, #c43c35); - background-image: -o-linear-gradient(top, #ee5f5b, #c43c35); - background-image: linear-gradient(to bottom, #ee5f5b, #c43c35); - background-repeat: repeat-x; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffee5f5b', endColorstr='#ffc43c35', GradientType=0); -} - -.progress-danger.progress-striped .bar, -.progress-striped .bar-danger { - background-color: #ee5f5b; - background-image: -webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent)); - background-image: -webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: -moz-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: -o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); -} - -.progress-success .bar, -.progress .bar-success { - background-color: #5eb95e; - background-image: -moz-linear-gradient(top, #62c462, #57a957); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#62c462), to(#57a957)); - background-image: -webkit-linear-gradient(top, #62c462, #57a957); - background-image: -o-linear-gradient(top, #62c462, #57a957); - background-image: linear-gradient(to bottom, #62c462, #57a957); - background-repeat: repeat-x; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff62c462', endColorstr='#ff57a957', GradientType=0); -} - -.progress-success.progress-striped .bar, -.progress-striped .bar-success { - background-color: #62c462; - background-image: -webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent)); - background-image: -webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: -moz-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: -o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); -} - -.progress-info .bar, -.progress .bar-info { - background-color: #4bb1cf; - background-image: -moz-linear-gradient(top, #5bc0de, #339bb9); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#5bc0de), to(#339bb9)); - background-image: -webkit-linear-gradient(top, #5bc0de, #339bb9); - background-image: -o-linear-gradient(top, #5bc0de, #339bb9); - background-image: linear-gradient(to bottom, #5bc0de, #339bb9); - background-repeat: repeat-x; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff339bb9', GradientType=0); -} - -.progress-info.progress-striped .bar, -.progress-striped .bar-info { - background-color: #5bc0de; - background-image: -webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent)); - background-image: -webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: -moz-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: -o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); -} - -.progress-warning .bar, -.progress .bar-warning { - background-color: #faa732; - background-image: -moz-linear-gradient(top, #fbb450, #f89406); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#fbb450), to(#f89406)); - background-image: -webkit-linear-gradient(top, #fbb450, #f89406); - background-image: -o-linear-gradient(top, #fbb450, #f89406); - background-image: linear-gradient(to bottom, #fbb450, #f89406); - background-repeat: repeat-x; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffbb450', endColorstr='#fff89406', GradientType=0); -} - -.progress-warning.progress-striped .bar, -.progress-striped .bar-warning { - background-color: #fbb450; - background-image: -webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent)); - background-image: -webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: -moz-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: -o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); -} - -.accordion { - margin-bottom: 20px; -} - -.accordion-group { - margin-bottom: 2px; - border: 1px solid #e5e5e5; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; -} - -.accordion-heading { - border-bottom: 0; -} - -.accordion-heading .accordion-toggle { - display: block; - padding: 8px 15px; -} - -.accordion-toggle { - cursor: pointer; -} - -.accordion-inner { - padding: 9px 15px; - border-top: 1px solid #e5e5e5; -} - -.carousel { - position: relative; - margin-bottom: 20px; - line-height: 1; -} - -.carousel-inner { - position: relative; - width: 100%; - overflow: hidden; -} - -.carousel-inner > .item { - position: relative; - display: none; - -webkit-transition: 0.6s ease-in-out left; - -moz-transition: 0.6s ease-in-out left; - -o-transition: 0.6s ease-in-out left; - transition: 0.6s ease-in-out left; -} - -.carousel-inner > .item > img, -.carousel-inner > .item > a > img { - display: block; - line-height: 1; -} - -.carousel-inner > .active, -.carousel-inner > .next, -.carousel-inner > .prev { - display: block; -} - -.carousel-inner > .active { - left: 0; -} - -.carousel-inner > .next, -.carousel-inner > .prev { - position: absolute; - top: 0; - width: 100%; -} - -.carousel-inner > .next { - left: 100%; -} - -.carousel-inner > .prev { - left: -100%; -} - -.carousel-inner > .next.left, -.carousel-inner > .prev.right { - left: 0; -} - -.carousel-inner > .active.left { - left: -100%; -} - -.carousel-inner > .active.right { - left: 100%; -} - -.carousel-control { - position: absolute; - top: 40%; - left: 15px; - width: 40px; - height: 40px; - margin-top: -20px; - font-size: 60px; - font-weight: 100; - line-height: 30px; - color: #ffffff; - text-align: center; - background: #222222; - border: 3px solid #ffffff; - -webkit-border-radius: 23px; - -moz-border-radius: 23px; - border-radius: 23px; - opacity: 0.5; - filter: alpha(opacity=50); -} - -.carousel-control.right { - right: 15px; - left: auto; -} - -.carousel-control:hover, -.carousel-control:focus { - color: #ffffff; - text-decoration: none; - opacity: 0.9; - filter: alpha(opacity=90); -} - -.carousel-indicators { - position: absolute; - top: 15px; - right: 15px; - z-index: 5; - margin: 0; - list-style: none; -} - -.carousel-indicators li { - display: block; - float: left; - width: 10px; - height: 10px; - margin-left: 5px; - text-indent: -999px; - background-color: #ccc; - background-color: rgba(255, 255, 255, 0.25); - border-radius: 5px; -} - -.carousel-indicators .active { - background-color: #fff; -} - -.carousel-caption { - position: absolute; - right: 0; - bottom: 0; - left: 0; - padding: 15px; - background: #333333; - background: rgba(0, 0, 0, 0.75); -} - -.carousel-caption h4, -.carousel-caption p { - line-height: 20px; - color: #ffffff; -} - -.carousel-caption h4 { - margin: 0 0 5px; -} - -.carousel-caption p { - margin-bottom: 0; -} - -.hero-unit { - padding: 60px; - margin-bottom: 30px; - font-size: 18px; - font-weight: 200; - line-height: 30px; - color: inherit; - background-color: #eeeeee; - -webkit-border-radius: 6px; - -moz-border-radius: 6px; - border-radius: 6px; -} - -.hero-unit h1 { - margin-bottom: 0; - font-size: 60px; - line-height: 1; - letter-spacing: -1px; - color: inherit; -} - -.hero-unit li { - line-height: 30px; -} - -.pull-right { - float: right; -} - -.pull-left { - float: left; -} - -.hide { - display: none; -} - -.show { - display: block; -} - -.invisible { - visibility: hidden; -} - -.affix { - position: fixed; -} diff --git a/docs/theme/docker/static/css/bootstrap.min.css b/docs/theme/docker/static/css/bootstrap.min.css deleted file mode 100755 index fd5ed73407..0000000000 --- a/docs/theme/docker/static/css/bootstrap.min.css +++ /dev/null @@ -1,9 +0,0 @@ -/*! - * Bootstrap v2.3.0 - * - * Copyright 2012 Twitter, Inc - * Licensed under the Apache License v2.0 - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Designed and built with all the love in the world @twitter by @mdo and @fat. - */.clearfix{*zoom:1}.clearfix:before,.clearfix:after{display:table;line-height:0;content:""}.clearfix:after{clear:both}.hide-text{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.input-block-level{display:block;width:100%;min-height:30px;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}article,aside,details,figcaption,figure,footer,header,hgroup,nav,section{display:block}audio,canvas,video{display:inline-block;*display:inline;*zoom:1}audio:not([controls]){display:none}html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}a:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}a:hover,a:active{outline:0}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{width:auto\9;height:auto;max-width:100%;vertical-align:middle;border:0;-ms-interpolation-mode:bicubic}#map_canvas img,.google-maps img{max-width:none}button,input,select,textarea{margin:0;font-size:100%;vertical-align:middle}button,input{*overflow:visible;line-height:normal}button::-moz-focus-inner,input::-moz-focus-inner{padding:0;border:0}button,html input[type="button"],input[type="reset"],input[type="submit"]{cursor:pointer;-webkit-appearance:button}label,select,button,input[type="button"],input[type="reset"],input[type="submit"],input[type="radio"],input[type="checkbox"]{cursor:pointer}input[type="search"]{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-appearance:textfield}input[type="search"]::-webkit-search-decoration,input[type="search"]::-webkit-search-cancel-button{-webkit-appearance:none}textarea{overflow:auto;vertical-align:top}@media print{*{color:#000!important;text-shadow:none!important;background:transparent!important;box-shadow:none!important}a,a:visited{text-decoration:underline}a[href]:after{content:" (" attr(href) ")"}abbr[title]:after{content:" (" attr(title) ")"}.ir a:after,a[href^="javascript:"]:after,a[href^="#"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100%!important}@page{margin:.5cm}p,h2,h3{orphans:3;widows:3}h2,h3{page-break-after:avoid}}body{margin:0;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:20px;color:#333;background-color:#fff}a{color:#08c;text-decoration:none}a:hover,a:focus{color:#005580;text-decoration:underline}.img-rounded{-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px}.img-polaroid{padding:4px;background-color:#fff;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.2);-webkit-box-shadow:0 1px 3px rgba(0,0,0,0.1);-moz-box-shadow:0 1px 3px rgba(0,0,0,0.1);box-shadow:0 1px 3px rgba(0,0,0,0.1)}.img-circle{-webkit-border-radius:500px;-moz-border-radius:500px;border-radius:500px}.row{margin-left:-20px;*zoom:1}.row:before,.row:after{display:table;line-height:0;content:""}.row:after{clear:both}[class*="span"]{float:left;min-height:1px;margin-left:20px}.container,.navbar-static-top .container,.navbar-fixed-top .container,.navbar-fixed-bottom .container{width:940px}.span12{width:940px}.span11{width:860px}.span10{width:780px}.span9{width:700px}.span8{width:620px}.span7{width:540px}.span6{width:460px}.span5{width:380px}.span4{width:300px}.span3{width:220px}.span2{width:140px}.span1{width:60px}.offset12{margin-left:980px}.offset11{margin-left:900px}.offset10{margin-left:820px}.offset9{margin-left:740px}.offset8{margin-left:660px}.offset7{margin-left:580px}.offset6{margin-left:500px}.offset5{margin-left:420px}.offset4{margin-left:340px}.offset3{margin-left:260px}.offset2{margin-left:180px}.offset1{margin-left:100px}.row-fluid{width:100%;*zoom:1}.row-fluid:before,.row-fluid:after{display:table;line-height:0;content:""}.row-fluid:after{clear:both}.row-fluid [class*="span"]{display:block;float:left;width:100%;min-height:30px;margin-left:2.127659574468085%;*margin-left:2.074468085106383%;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}.row-fluid [class*="span"]:first-child{margin-left:0}.row-fluid .controls-row [class*="span"]+[class*="span"]{margin-left:2.127659574468085%}.row-fluid .span12{width:100%;*width:99.94680851063829%}.row-fluid .span11{width:91.48936170212765%;*width:91.43617021276594%}.row-fluid .span10{width:82.97872340425532%;*width:82.92553191489361%}.row-fluid .span9{width:74.46808510638297%;*width:74.41489361702126%}.row-fluid .span8{width:65.95744680851064%;*width:65.90425531914893%}.row-fluid .span7{width:57.44680851063829%;*width:57.39361702127659%}.row-fluid .span6{width:48.93617021276595%;*width:48.88297872340425%}.row-fluid .span5{width:40.42553191489362%;*width:40.37234042553192%}.row-fluid .span4{width:31.914893617021278%;*width:31.861702127659576%}.row-fluid .span3{width:23.404255319148934%;*width:23.351063829787233%}.row-fluid .span2{width:14.893617021276595%;*width:14.840425531914894%}.row-fluid .span1{width:6.382978723404255%;*width:6.329787234042553%}.row-fluid .offset12{margin-left:104.25531914893617%;*margin-left:104.14893617021275%}.row-fluid .offset12:first-child{margin-left:102.12765957446808%;*margin-left:102.02127659574467%}.row-fluid .offset11{margin-left:95.74468085106382%;*margin-left:95.6382978723404%}.row-fluid .offset11:first-child{margin-left:93.61702127659574%;*margin-left:93.51063829787232%}.row-fluid .offset10{margin-left:87.23404255319149%;*margin-left:87.12765957446807%}.row-fluid .offset10:first-child{margin-left:85.1063829787234%;*margin-left:84.99999999999999%}.row-fluid .offset9{margin-left:78.72340425531914%;*margin-left:78.61702127659572%}.row-fluid .offset9:first-child{margin-left:76.59574468085106%;*margin-left:76.48936170212764%}.row-fluid .offset8{margin-left:70.2127659574468%;*margin-left:70.10638297872339%}.row-fluid .offset8:first-child{margin-left:68.08510638297872%;*margin-left:67.9787234042553%}.row-fluid .offset7{margin-left:61.70212765957446%;*margin-left:61.59574468085106%}.row-fluid .offset7:first-child{margin-left:59.574468085106375%;*margin-left:59.46808510638297%}.row-fluid .offset6{margin-left:53.191489361702125%;*margin-left:53.085106382978715%}.row-fluid .offset6:first-child{margin-left:51.063829787234035%;*margin-left:50.95744680851063%}.row-fluid .offset5{margin-left:44.68085106382979%;*margin-left:44.57446808510638%}.row-fluid .offset5:first-child{margin-left:42.5531914893617%;*margin-left:42.4468085106383%}.row-fluid .offset4{margin-left:36.170212765957444%;*margin-left:36.06382978723405%}.row-fluid .offset4:first-child{margin-left:34.04255319148936%;*margin-left:33.93617021276596%}.row-fluid .offset3{margin-left:27.659574468085104%;*margin-left:27.5531914893617%}.row-fluid .offset3:first-child{margin-left:25.53191489361702%;*margin-left:25.425531914893618%}.row-fluid .offset2{margin-left:19.148936170212764%;*margin-left:19.04255319148936%}.row-fluid .offset2:first-child{margin-left:17.02127659574468%;*margin-left:16.914893617021278%}.row-fluid .offset1{margin-left:10.638297872340425%;*margin-left:10.53191489361702%}.row-fluid .offset1:first-child{margin-left:8.51063829787234%;*margin-left:8.404255319148938%}[class*="span"].hide,.row-fluid [class*="span"].hide{display:none}[class*="span"].pull-right,.row-fluid [class*="span"].pull-right{float:right}.container{margin-right:auto;margin-left:auto;*zoom:1}.container:before,.container:after{display:table;line-height:0;content:""}.container:after{clear:both}.container-fluid{padding-right:20px;padding-left:20px;*zoom:1}.container-fluid:before,.container-fluid:after{display:table;line-height:0;content:""}.container-fluid:after{clear:both}p{margin:0 0 10px}.lead{margin-bottom:20px;font-size:21px;font-weight:200;line-height:30px}small{font-size:85%}strong{font-weight:bold}em{font-style:italic}cite{font-style:normal}.muted{color:#999}a.muted:hover,a.muted:focus{color:#808080}.text-warning{color:#c09853}a.text-warning:hover,a.text-warning:focus{color:#a47e3c}.text-error{color:#b94a48}a.text-error:hover,a.text-error:focus{color:#953b39}.text-info{color:#3a87ad}a.text-info:hover,a.text-info:focus{color:#2d6987}.text-success{color:#468847}a.text-success:hover,a.text-success:focus{color:#356635}.text-left{text-align:left}.text-right{text-align:right}.text-center{text-align:center}h1,h2,h3,h4,h5,h6{margin:10px 0;font-family:inherit;font-weight:bold;line-height:20px;color:inherit;text-rendering:optimizelegibility}h1 small,h2 small,h3 small,h4 small,h5 small,h6 small{font-weight:normal;line-height:1;color:#999}h1,h2,h3{line-height:40px}h1{font-size:38.5px}h2{font-size:31.5px}h3{font-size:24.5px}h4{font-size:17.5px}h5{font-size:14px}h6{font-size:11.9px}h1 small{font-size:24.5px}h2 small{font-size:17.5px}h3 small{font-size:14px}h4 small{font-size:14px}.page-header{padding-bottom:9px;margin:20px 0 30px;border-bottom:1px solid #eee}ul,ol{padding:0;margin:0 0 10px 25px}ul ul,ul ol,ol ol,ol ul{margin-bottom:0}li{line-height:20px}ul.unstyled,ol.unstyled{margin-left:0;list-style:none}ul.inline,ol.inline{margin-left:0;list-style:none}ul.inline>li,ol.inline>li{display:inline-block;*display:inline;padding-right:5px;padding-left:5px;*zoom:1}dl{margin-bottom:20px}dt,dd{line-height:20px}dt{font-weight:bold}dd{margin-left:10px}.dl-horizontal{*zoom:1}.dl-horizontal:before,.dl-horizontal:after{display:table;line-height:0;content:""}.dl-horizontal:after{clear:both}.dl-horizontal dt{float:left;width:160px;overflow:hidden;clear:left;text-align:right;text-overflow:ellipsis;white-space:nowrap}.dl-horizontal dd{margin-left:180px}hr{margin:20px 0;border:0;border-top:1px solid #eee;border-bottom:1px solid #fff}abbr[title],abbr[data-original-title]{cursor:help;border-bottom:1px dotted #999}abbr.initialism{font-size:90%;text-transform:uppercase}blockquote{padding:0 0 0 15px;margin:0 0 20px;border-left:5px solid #eee}blockquote p{margin-bottom:0;font-size:17.5px;font-weight:300;line-height:1.25}blockquote small{display:block;line-height:20px;color:#999}blockquote small:before{content:'\2014 \00A0'}blockquote.pull-right{float:right;padding-right:15px;padding-left:0;border-right:5px solid #eee;border-left:0}blockquote.pull-right p,blockquote.pull-right small{text-align:right}blockquote.pull-right small:before{content:''}blockquote.pull-right small:after{content:'\00A0 \2014'}q:before,q:after,blockquote:before,blockquote:after{content:""}address{display:block;margin-bottom:20px;font-style:normal;line-height:20px}code,pre{padding:0 3px 2px;font-family:Monaco,Menlo,Consolas,"Courier New",monospace;font-size:12px;color:#333;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px}code{padding:2px 4px;color:#d14;white-space:nowrap;background-color:#f7f7f9;border:1px solid #e1e1e8}pre{display:block;padding:9.5px;margin:0 0 10px;font-size:13px;line-height:20px;word-break:break-all;word-wrap:break-word;white-space:pre;white-space:pre-wrap;background-color:#f5f5f5;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.15);-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}pre.prettyprint{margin-bottom:20px}pre code{padding:0;color:inherit;white-space:pre;white-space:pre-wrap;background-color:transparent;border:0}.pre-scrollable{max-height:340px;overflow-y:scroll}form{margin:0 0 20px}fieldset{padding:0;margin:0;border:0}legend{display:block;width:100%;padding:0;margin-bottom:20px;font-size:21px;line-height:40px;color:#333;border:0;border-bottom:1px solid #e5e5e5}legend small{font-size:15px;color:#999}label,input,button,select,textarea{font-size:14px;font-weight:normal;line-height:20px}input,button,select,textarea{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif}label{display:block;margin-bottom:5px}select,textarea,input[type="text"],input[type="password"],input[type="datetime"],input[type="datetime-local"],input[type="date"],input[type="month"],input[type="time"],input[type="week"],input[type="number"],input[type="email"],input[type="url"],input[type="search"],input[type="tel"],input[type="color"],.uneditable-input{display:inline-block;height:20px;padding:4px 6px;margin-bottom:10px;font-size:14px;line-height:20px;color:#555;vertical-align:middle;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}input,textarea,.uneditable-input{width:206px}textarea{height:auto}textarea,input[type="text"],input[type="password"],input[type="datetime"],input[type="datetime-local"],input[type="date"],input[type="month"],input[type="time"],input[type="week"],input[type="number"],input[type="email"],input[type="url"],input[type="search"],input[type="tel"],input[type="color"],.uneditable-input{background-color:#fff;border:1px solid #ccc;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-webkit-transition:border linear .2s,box-shadow linear .2s;-moz-transition:border linear .2s,box-shadow linear .2s;-o-transition:border linear .2s,box-shadow linear .2s;transition:border linear .2s,box-shadow linear .2s}textarea:focus,input[type="text"]:focus,input[type="password"]:focus,input[type="datetime"]:focus,input[type="datetime-local"]:focus,input[type="date"]:focus,input[type="month"]:focus,input[type="time"]:focus,input[type="week"]:focus,input[type="number"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type="search"]:focus,input[type="tel"]:focus,input[type="color"]:focus,.uneditable-input:focus{border-color:rgba(82,168,236,0.8);outline:0;outline:thin dotted \9;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6)}input[type="radio"],input[type="checkbox"]{margin:4px 0 0;margin-top:1px \9;*margin-top:0;line-height:normal}input[type="file"],input[type="image"],input[type="submit"],input[type="reset"],input[type="button"],input[type="radio"],input[type="checkbox"]{width:auto}select,input[type="file"]{height:30px;*margin-top:4px;line-height:30px}select{width:220px;background-color:#fff;border:1px solid #ccc}select[multiple],select[size]{height:auto}select:focus,input[type="file"]:focus,input[type="radio"]:focus,input[type="checkbox"]:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.uneditable-input,.uneditable-textarea{color:#999;cursor:not-allowed;background-color:#fcfcfc;border-color:#ccc;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.025);-moz-box-shadow:inset 0 1px 2px rgba(0,0,0,0.025);box-shadow:inset 0 1px 2px rgba(0,0,0,0.025)}.uneditable-input{overflow:hidden;white-space:nowrap}.uneditable-textarea{width:auto;height:auto}input:-moz-placeholder,textarea:-moz-placeholder{color:#999}input:-ms-input-placeholder,textarea:-ms-input-placeholder{color:#999}input::-webkit-input-placeholder,textarea::-webkit-input-placeholder{color:#999}.radio,.checkbox{min-height:20px;padding-left:20px}.radio input[type="radio"],.checkbox input[type="checkbox"]{float:left;margin-left:-20px}.controls>.radio:first-child,.controls>.checkbox:first-child{padding-top:5px}.radio.inline,.checkbox.inline{display:inline-block;padding-top:5px;margin-bottom:0;vertical-align:middle}.radio.inline+.radio.inline,.checkbox.inline+.checkbox.inline{margin-left:10px}.input-mini{width:60px}.input-small{width:90px}.input-medium{width:150px}.input-large{width:210px}.input-xlarge{width:270px}.input-xxlarge{width:530px}input[class*="span"],select[class*="span"],textarea[class*="span"],.uneditable-input[class*="span"],.row-fluid input[class*="span"],.row-fluid select[class*="span"],.row-fluid textarea[class*="span"],.row-fluid .uneditable-input[class*="span"]{float:none;margin-left:0}.input-append input[class*="span"],.input-append .uneditable-input[class*="span"],.input-prepend input[class*="span"],.input-prepend .uneditable-input[class*="span"],.row-fluid input[class*="span"],.row-fluid select[class*="span"],.row-fluid textarea[class*="span"],.row-fluid .uneditable-input[class*="span"],.row-fluid .input-prepend [class*="span"],.row-fluid .input-append [class*="span"]{display:inline-block}input,textarea,.uneditable-input{margin-left:0}.controls-row [class*="span"]+[class*="span"]{margin-left:20px}input.span12,textarea.span12,.uneditable-input.span12{width:926px}input.span11,textarea.span11,.uneditable-input.span11{width:846px}input.span10,textarea.span10,.uneditable-input.span10{width:766px}input.span9,textarea.span9,.uneditable-input.span9{width:686px}input.span8,textarea.span8,.uneditable-input.span8{width:606px}input.span7,textarea.span7,.uneditable-input.span7{width:526px}input.span6,textarea.span6,.uneditable-input.span6{width:446px}input.span5,textarea.span5,.uneditable-input.span5{width:366px}input.span4,textarea.span4,.uneditable-input.span4{width:286px}input.span3,textarea.span3,.uneditable-input.span3{width:206px}input.span2,textarea.span2,.uneditable-input.span2{width:126px}input.span1,textarea.span1,.uneditable-input.span1{width:46px}.controls-row{*zoom:1}.controls-row:before,.controls-row:after{display:table;line-height:0;content:""}.controls-row:after{clear:both}.controls-row [class*="span"],.row-fluid .controls-row [class*="span"]{float:left}.controls-row .checkbox[class*="span"],.controls-row .radio[class*="span"]{padding-top:5px}input[disabled],select[disabled],textarea[disabled],input[readonly],select[readonly],textarea[readonly]{cursor:not-allowed;background-color:#eee}input[type="radio"][disabled],input[type="checkbox"][disabled],input[type="radio"][readonly],input[type="checkbox"][readonly]{background-color:transparent}.control-group.warning .control-label,.control-group.warning .help-block,.control-group.warning .help-inline{color:#c09853}.control-group.warning .checkbox,.control-group.warning .radio,.control-group.warning input,.control-group.warning select,.control-group.warning textarea{color:#c09853}.control-group.warning input,.control-group.warning select,.control-group.warning textarea{border-color:#c09853;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.control-group.warning input:focus,.control-group.warning select:focus,.control-group.warning textarea:focus{border-color:#a47e3c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #dbc59e;-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #dbc59e;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #dbc59e}.control-group.warning .input-prepend .add-on,.control-group.warning .input-append .add-on{color:#c09853;background-color:#fcf8e3;border-color:#c09853}.control-group.error .control-label,.control-group.error .help-block,.control-group.error .help-inline{color:#b94a48}.control-group.error .checkbox,.control-group.error .radio,.control-group.error input,.control-group.error select,.control-group.error textarea{color:#b94a48}.control-group.error input,.control-group.error select,.control-group.error textarea{border-color:#b94a48;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.control-group.error input:focus,.control-group.error select:focus,.control-group.error textarea:focus{border-color:#953b39;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #d59392;-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #d59392;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #d59392}.control-group.error .input-prepend .add-on,.control-group.error .input-append .add-on{color:#b94a48;background-color:#f2dede;border-color:#b94a48}.control-group.success .control-label,.control-group.success .help-block,.control-group.success .help-inline{color:#468847}.control-group.success .checkbox,.control-group.success .radio,.control-group.success input,.control-group.success select,.control-group.success textarea{color:#468847}.control-group.success input,.control-group.success select,.control-group.success textarea{border-color:#468847;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.control-group.success input:focus,.control-group.success select:focus,.control-group.success textarea:focus{border-color:#356635;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7aba7b;-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7aba7b;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7aba7b}.control-group.success .input-prepend .add-on,.control-group.success .input-append .add-on{color:#468847;background-color:#dff0d8;border-color:#468847}.control-group.info .control-label,.control-group.info .help-block,.control-group.info .help-inline{color:#3a87ad}.control-group.info .checkbox,.control-group.info .radio,.control-group.info input,.control-group.info select,.control-group.info textarea{color:#3a87ad}.control-group.info input,.control-group.info select,.control-group.info textarea{border-color:#3a87ad;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.control-group.info input:focus,.control-group.info select:focus,.control-group.info textarea:focus{border-color:#2d6987;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7ab5d3;-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7ab5d3;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7ab5d3}.control-group.info .input-prepend .add-on,.control-group.info .input-append .add-on{color:#3a87ad;background-color:#d9edf7;border-color:#3a87ad}input:focus:invalid,textarea:focus:invalid,select:focus:invalid{color:#b94a48;border-color:#ee5f5b}input:focus:invalid:focus,textarea:focus:invalid:focus,select:focus:invalid:focus{border-color:#e9322d;-webkit-box-shadow:0 0 6px #f8b9b7;-moz-box-shadow:0 0 6px #f8b9b7;box-shadow:0 0 6px #f8b9b7}.form-actions{padding:19px 20px 20px;margin-top:20px;margin-bottom:20px;background-color:#f5f5f5;border-top:1px solid #e5e5e5;*zoom:1}.form-actions:before,.form-actions:after{display:table;line-height:0;content:""}.form-actions:after{clear:both}.help-block,.help-inline{color:#595959}.help-block{display:block;margin-bottom:10px}.help-inline{display:inline-block;*display:inline;padding-left:5px;vertical-align:middle;*zoom:1}.input-append,.input-prepend{display:inline-block;margin-bottom:10px;font-size:0;white-space:nowrap;vertical-align:middle}.input-append input,.input-prepend input,.input-append select,.input-prepend select,.input-append .uneditable-input,.input-prepend .uneditable-input,.input-append .dropdown-menu,.input-prepend .dropdown-menu,.input-append .popover,.input-prepend .popover{font-size:14px}.input-append input,.input-prepend input,.input-append select,.input-prepend select,.input-append .uneditable-input,.input-prepend .uneditable-input{position:relative;margin-bottom:0;*margin-left:0;vertical-align:top;-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0}.input-append input:focus,.input-prepend input:focus,.input-append select:focus,.input-prepend select:focus,.input-append .uneditable-input:focus,.input-prepend .uneditable-input:focus{z-index:2}.input-append .add-on,.input-prepend .add-on{display:inline-block;width:auto;height:20px;min-width:16px;padding:4px 5px;font-size:14px;font-weight:normal;line-height:20px;text-align:center;text-shadow:0 1px 0 #fff;background-color:#eee;border:1px solid #ccc}.input-append .add-on,.input-prepend .add-on,.input-append .btn,.input-prepend .btn,.input-append .btn-group>.dropdown-toggle,.input-prepend .btn-group>.dropdown-toggle{vertical-align:top;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.input-append .active,.input-prepend .active{background-color:#a9dba9;border-color:#46a546}.input-prepend .add-on,.input-prepend .btn{margin-right:-1px}.input-prepend .add-on:first-child,.input-prepend .btn:first-child{-webkit-border-radius:4px 0 0 4px;-moz-border-radius:4px 0 0 4px;border-radius:4px 0 0 4px}.input-append input,.input-append select,.input-append .uneditable-input{-webkit-border-radius:4px 0 0 4px;-moz-border-radius:4px 0 0 4px;border-radius:4px 0 0 4px}.input-append input+.btn-group .btn:last-child,.input-append select+.btn-group .btn:last-child,.input-append .uneditable-input+.btn-group .btn:last-child{-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0}.input-append .add-on,.input-append .btn,.input-append .btn-group{margin-left:-1px}.input-append .add-on:last-child,.input-append .btn:last-child,.input-append .btn-group:last-child>.dropdown-toggle{-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0}.input-prepend.input-append input,.input-prepend.input-append select,.input-prepend.input-append .uneditable-input{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.input-prepend.input-append input+.btn-group .btn,.input-prepend.input-append select+.btn-group .btn,.input-prepend.input-append .uneditable-input+.btn-group .btn{-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0}.input-prepend.input-append .add-on:first-child,.input-prepend.input-append .btn:first-child{margin-right:-1px;-webkit-border-radius:4px 0 0 4px;-moz-border-radius:4px 0 0 4px;border-radius:4px 0 0 4px}.input-prepend.input-append .add-on:last-child,.input-prepend.input-append .btn:last-child{margin-left:-1px;-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0}.input-prepend.input-append .btn-group:first-child{margin-left:0}input.search-query{padding-right:14px;padding-right:4px \9;padding-left:14px;padding-left:4px \9;margin-bottom:0;-webkit-border-radius:15px;-moz-border-radius:15px;border-radius:15px}.form-search .input-append .search-query,.form-search .input-prepend .search-query{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.form-search .input-append .search-query{-webkit-border-radius:14px 0 0 14px;-moz-border-radius:14px 0 0 14px;border-radius:14px 0 0 14px}.form-search .input-append .btn{-webkit-border-radius:0 14px 14px 0;-moz-border-radius:0 14px 14px 0;border-radius:0 14px 14px 0}.form-search .input-prepend .search-query{-webkit-border-radius:0 14px 14px 0;-moz-border-radius:0 14px 14px 0;border-radius:0 14px 14px 0}.form-search .input-prepend .btn{-webkit-border-radius:14px 0 0 14px;-moz-border-radius:14px 0 0 14px;border-radius:14px 0 0 14px}.form-search input,.form-inline input,.form-horizontal input,.form-search textarea,.form-inline textarea,.form-horizontal textarea,.form-search select,.form-inline select,.form-horizontal select,.form-search .help-inline,.form-inline .help-inline,.form-horizontal .help-inline,.form-search .uneditable-input,.form-inline .uneditable-input,.form-horizontal .uneditable-input,.form-search .input-prepend,.form-inline .input-prepend,.form-horizontal .input-prepend,.form-search .input-append,.form-inline .input-append,.form-horizontal .input-append{display:inline-block;*display:inline;margin-bottom:0;vertical-align:middle;*zoom:1}.form-search .hide,.form-inline .hide,.form-horizontal .hide{display:none}.form-search label,.form-inline label,.form-search .btn-group,.form-inline .btn-group{display:inline-block}.form-search .input-append,.form-inline .input-append,.form-search .input-prepend,.form-inline .input-prepend{margin-bottom:0}.form-search .radio,.form-search .checkbox,.form-inline .radio,.form-inline .checkbox{padding-left:0;margin-bottom:0;vertical-align:middle}.form-search .radio input[type="radio"],.form-search .checkbox input[type="checkbox"],.form-inline .radio input[type="radio"],.form-inline .checkbox input[type="checkbox"]{float:left;margin-right:3px;margin-left:0}.control-group{margin-bottom:10px}legend+.control-group{margin-top:20px;-webkit-margin-top-collapse:separate}.form-horizontal .control-group{margin-bottom:20px;*zoom:1}.form-horizontal .control-group:before,.form-horizontal .control-group:after{display:table;line-height:0;content:""}.form-horizontal .control-group:after{clear:both}.form-horizontal .control-label{float:left;width:160px;padding-top:5px;text-align:right}.form-horizontal .controls{*display:inline-block;*padding-left:20px;margin-left:180px;*margin-left:0}.form-horizontal .controls:first-child{*padding-left:180px}.form-horizontal .help-block{margin-bottom:0}.form-horizontal input+.help-block,.form-horizontal select+.help-block,.form-horizontal textarea+.help-block,.form-horizontal .uneditable-input+.help-block,.form-horizontal .input-prepend+.help-block,.form-horizontal .input-append+.help-block{margin-top:10px}.form-horizontal .form-actions{padding-left:180px}table{max-width:100%;background-color:transparent;border-collapse:collapse;border-spacing:0}.table{width:100%;margin-bottom:20px}.table th,.table td{padding:8px;line-height:20px;text-align:left;vertical-align:top;border-top:1px solid #ddd}.table th{font-weight:bold}.table thead th{vertical-align:bottom}.table caption+thead tr:first-child th,.table caption+thead tr:first-child td,.table colgroup+thead tr:first-child th,.table colgroup+thead tr:first-child td,.table thead:first-child tr:first-child th,.table thead:first-child tr:first-child td{border-top:0}.table tbody+tbody{border-top:2px solid #ddd}.table .table{background-color:#fff}.table-condensed th,.table-condensed td{padding:4px 5px}.table-bordered{border:1px solid #ddd;border-collapse:separate;*border-collapse:collapse;border-left:0;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.table-bordered th,.table-bordered td{border-left:1px solid #ddd}.table-bordered caption+thead tr:first-child th,.table-bordered caption+tbody tr:first-child th,.table-bordered caption+tbody tr:first-child td,.table-bordered colgroup+thead tr:first-child th,.table-bordered colgroup+tbody tr:first-child th,.table-bordered colgroup+tbody tr:first-child td,.table-bordered thead:first-child tr:first-child th,.table-bordered tbody:first-child tr:first-child th,.table-bordered tbody:first-child tr:first-child td{border-top:0}.table-bordered thead:first-child tr:first-child>th:first-child,.table-bordered tbody:first-child tr:first-child>td:first-child,.table-bordered tbody:first-child tr:first-child>th:first-child{-webkit-border-top-left-radius:4px;border-top-left-radius:4px;-moz-border-radius-topleft:4px}.table-bordered thead:first-child tr:first-child>th:last-child,.table-bordered tbody:first-child tr:first-child>td:last-child,.table-bordered tbody:first-child tr:first-child>th:last-child{-webkit-border-top-right-radius:4px;border-top-right-radius:4px;-moz-border-radius-topright:4px}.table-bordered thead:last-child tr:last-child>th:first-child,.table-bordered tbody:last-child tr:last-child>td:first-child,.table-bordered tbody:last-child tr:last-child>th:first-child,.table-bordered tfoot:last-child tr:last-child>td:first-child,.table-bordered tfoot:last-child tr:last-child>th:first-child{-webkit-border-bottom-left-radius:4px;border-bottom-left-radius:4px;-moz-border-radius-bottomleft:4px}.table-bordered thead:last-child tr:last-child>th:last-child,.table-bordered tbody:last-child tr:last-child>td:last-child,.table-bordered tbody:last-child tr:last-child>th:last-child,.table-bordered tfoot:last-child tr:last-child>td:last-child,.table-bordered tfoot:last-child tr:last-child>th:last-child{-webkit-border-bottom-right-radius:4px;border-bottom-right-radius:4px;-moz-border-radius-bottomright:4px}.table-bordered tfoot+tbody:last-child tr:last-child td:first-child{-webkit-border-bottom-left-radius:0;border-bottom-left-radius:0;-moz-border-radius-bottomleft:0}.table-bordered tfoot+tbody:last-child tr:last-child td:last-child{-webkit-border-bottom-right-radius:0;border-bottom-right-radius:0;-moz-border-radius-bottomright:0}.table-bordered caption+thead tr:first-child th:first-child,.table-bordered caption+tbody tr:first-child td:first-child,.table-bordered colgroup+thead tr:first-child th:first-child,.table-bordered colgroup+tbody tr:first-child td:first-child{-webkit-border-top-left-radius:4px;border-top-left-radius:4px;-moz-border-radius-topleft:4px}.table-bordered caption+thead tr:first-child th:last-child,.table-bordered caption+tbody tr:first-child td:last-child,.table-bordered colgroup+thead tr:first-child th:last-child,.table-bordered colgroup+tbody tr:first-child td:last-child{-webkit-border-top-right-radius:4px;border-top-right-radius:4px;-moz-border-radius-topright:4px}.table-striped tbody>tr:nth-child(odd)>td,.table-striped tbody>tr:nth-child(odd)>th{background-color:#f9f9f9}.table-hover tbody tr:hover>td,.table-hover tbody tr:hover>th{background-color:#f5f5f5}table td[class*="span"],table th[class*="span"],.row-fluid table td[class*="span"],.row-fluid table th[class*="span"]{display:table-cell;float:none;margin-left:0}.table td.span1,.table th.span1{float:none;width:44px;margin-left:0}.table td.span2,.table th.span2{float:none;width:124px;margin-left:0}.table td.span3,.table th.span3{float:none;width:204px;margin-left:0}.table td.span4,.table th.span4{float:none;width:284px;margin-left:0}.table td.span5,.table th.span5{float:none;width:364px;margin-left:0}.table td.span6,.table th.span6{float:none;width:444px;margin-left:0}.table td.span7,.table th.span7{float:none;width:524px;margin-left:0}.table td.span8,.table th.span8{float:none;width:604px;margin-left:0}.table td.span9,.table th.span9{float:none;width:684px;margin-left:0}.table td.span10,.table th.span10{float:none;width:764px;margin-left:0}.table td.span11,.table th.span11{float:none;width:844px;margin-left:0}.table td.span12,.table th.span12{float:none;width:924px;margin-left:0}.table tbody tr.success>td{background-color:#dff0d8}.table tbody tr.error>td{background-color:#f2dede}.table tbody tr.warning>td{background-color:#fcf8e3}.table tbody tr.info>td{background-color:#d9edf7}.table-hover tbody tr.success:hover>td{background-color:#d0e9c6}.table-hover tbody tr.error:hover>td{background-color:#ebcccc}.table-hover tbody tr.warning:hover>td{background-color:#faf2cc}.table-hover tbody tr.info:hover>td{background-color:#c4e3f3}[class^="icon-"],[class*=" icon-"]{display:inline-block;width:14px;height:14px;margin-top:1px;*margin-right:.3em;line-height:14px;vertical-align:text-top;background-image:url("../img/glyphicons-halflings.png");background-position:14px 14px;background-repeat:no-repeat}.icon-white,.nav-pills>.active>a>[class^="icon-"],.nav-pills>.active>a>[class*=" icon-"],.nav-list>.active>a>[class^="icon-"],.nav-list>.active>a>[class*=" icon-"],.navbar-inverse .nav>.active>a>[class^="icon-"],.navbar-inverse .nav>.active>a>[class*=" icon-"],.dropdown-menu>li>a:hover>[class^="icon-"],.dropdown-menu>li>a:focus>[class^="icon-"],.dropdown-menu>li>a:hover>[class*=" icon-"],.dropdown-menu>li>a:focus>[class*=" icon-"],.dropdown-menu>.active>a>[class^="icon-"],.dropdown-menu>.active>a>[class*=" icon-"],.dropdown-submenu:hover>a>[class^="icon-"],.dropdown-submenu:focus>a>[class^="icon-"],.dropdown-submenu:hover>a>[class*=" icon-"],.dropdown-submenu:focus>a>[class*=" icon-"]{background-image:url("../img/glyphicons-halflings-white.png")}.icon-glass{background-position:0 0}.icon-music{background-position:-24px 0}.icon-search{background-position:-48px 0}.icon-envelope{background-position:-72px 0}.icon-heart{background-position:-96px 0}.icon-star{background-position:-120px 0}.icon-star-empty{background-position:-144px 0}.icon-user{background-position:-168px 0}.icon-film{background-position:-192px 0}.icon-th-large{background-position:-216px 0}.icon-th{background-position:-240px 0}.icon-th-list{background-position:-264px 0}.icon-ok{background-position:-288px 0}.icon-remove{background-position:-312px 0}.icon-zoom-in{background-position:-336px 0}.icon-zoom-out{background-position:-360px 0}.icon-off{background-position:-384px 0}.icon-signal{background-position:-408px 0}.icon-cog{background-position:-432px 0}.icon-trash{background-position:-456px 0}.icon-home{background-position:0 -24px}.icon-file{background-position:-24px -24px}.icon-time{background-position:-48px -24px}.icon-road{background-position:-72px -24px}.icon-download-alt{background-position:-96px -24px}.icon-download{background-position:-120px -24px}.icon-upload{background-position:-144px -24px}.icon-inbox{background-position:-168px -24px}.icon-play-circle{background-position:-192px -24px}.icon-repeat{background-position:-216px -24px}.icon-refresh{background-position:-240px -24px}.icon-list-alt{background-position:-264px -24px}.icon-lock{background-position:-287px -24px}.icon-flag{background-position:-312px -24px}.icon-headphones{background-position:-336px -24px}.icon-volume-off{background-position:-360px -24px}.icon-volume-down{background-position:-384px -24px}.icon-volume-up{background-position:-408px -24px}.icon-qrcode{background-position:-432px -24px}.icon-barcode{background-position:-456px -24px}.icon-tag{background-position:0 -48px}.icon-tags{background-position:-25px -48px}.icon-book{background-position:-48px -48px}.icon-bookmark{background-position:-72px -48px}.icon-print{background-position:-96px -48px}.icon-camera{background-position:-120px -48px}.icon-font{background-position:-144px -48px}.icon-bold{background-position:-167px -48px}.icon-italic{background-position:-192px -48px}.icon-text-height{background-position:-216px -48px}.icon-text-width{background-position:-240px -48px}.icon-align-left{background-position:-264px -48px}.icon-align-center{background-position:-288px -48px}.icon-align-right{background-position:-312px -48px}.icon-align-justify{background-position:-336px -48px}.icon-list{background-position:-360px -48px}.icon-indent-left{background-position:-384px -48px}.icon-indent-right{background-position:-408px -48px}.icon-facetime-video{background-position:-432px -48px}.icon-picture{background-position:-456px -48px}.icon-pencil{background-position:0 -72px}.icon-map-marker{background-position:-24px -72px}.icon-adjust{background-position:-48px -72px}.icon-tint{background-position:-72px -72px}.icon-edit{background-position:-96px -72px}.icon-share{background-position:-120px -72px}.icon-check{background-position:-144px -72px}.icon-move{background-position:-168px -72px}.icon-step-backward{background-position:-192px -72px}.icon-fast-backward{background-position:-216px -72px}.icon-backward{background-position:-240px -72px}.icon-play{background-position:-264px -72px}.icon-pause{background-position:-288px -72px}.icon-stop{background-position:-312px -72px}.icon-forward{background-position:-336px -72px}.icon-fast-forward{background-position:-360px -72px}.icon-step-forward{background-position:-384px -72px}.icon-eject{background-position:-408px -72px}.icon-chevron-left{background-position:-432px -72px}.icon-chevron-right{background-position:-456px -72px}.icon-plus-sign{background-position:0 -96px}.icon-minus-sign{background-position:-24px -96px}.icon-remove-sign{background-position:-48px -96px}.icon-ok-sign{background-position:-72px -96px}.icon-question-sign{background-position:-96px -96px}.icon-info-sign{background-position:-120px -96px}.icon-screenshot{background-position:-144px -96px}.icon-remove-circle{background-position:-168px -96px}.icon-ok-circle{background-position:-192px -96px}.icon-ban-circle{background-position:-216px -96px}.icon-arrow-left{background-position:-240px -96px}.icon-arrow-right{background-position:-264px -96px}.icon-arrow-up{background-position:-289px -96px}.icon-arrow-down{background-position:-312px -96px}.icon-share-alt{background-position:-336px -96px}.icon-resize-full{background-position:-360px -96px}.icon-resize-small{background-position:-384px -96px}.icon-plus{background-position:-408px -96px}.icon-minus{background-position:-433px -96px}.icon-asterisk{background-position:-456px -96px}.icon-exclamation-sign{background-position:0 -120px}.icon-gift{background-position:-24px -120px}.icon-leaf{background-position:-48px -120px}.icon-fire{background-position:-72px -120px}.icon-eye-open{background-position:-96px -120px}.icon-eye-close{background-position:-120px -120px}.icon-warning-sign{background-position:-144px -120px}.icon-plane{background-position:-168px -120px}.icon-calendar{background-position:-192px -120px}.icon-random{width:16px;background-position:-216px -120px}.icon-comment{background-position:-240px -120px}.icon-magnet{background-position:-264px -120px}.icon-chevron-up{background-position:-288px -120px}.icon-chevron-down{background-position:-313px -119px}.icon-retweet{background-position:-336px -120px}.icon-shopping-cart{background-position:-360px -120px}.icon-folder-close{width:16px;background-position:-384px -120px}.icon-folder-open{width:16px;background-position:-408px -120px}.icon-resize-vertical{background-position:-432px -119px}.icon-resize-horizontal{background-position:-456px -118px}.icon-hdd{background-position:0 -144px}.icon-bullhorn{background-position:-24px -144px}.icon-bell{background-position:-48px -144px}.icon-certificate{background-position:-72px -144px}.icon-thumbs-up{background-position:-96px -144px}.icon-thumbs-down{background-position:-120px -144px}.icon-hand-right{background-position:-144px -144px}.icon-hand-left{background-position:-168px -144px}.icon-hand-up{background-position:-192px -144px}.icon-hand-down{background-position:-216px -144px}.icon-circle-arrow-right{background-position:-240px -144px}.icon-circle-arrow-left{background-position:-264px -144px}.icon-circle-arrow-up{background-position:-288px -144px}.icon-circle-arrow-down{background-position:-312px -144px}.icon-globe{background-position:-336px -144px}.icon-wrench{background-position:-360px -144px}.icon-tasks{background-position:-384px -144px}.icon-filter{background-position:-408px -144px}.icon-briefcase{background-position:-432px -144px}.icon-fullscreen{background-position:-456px -144px}.dropup,.dropdown{position:relative}.dropdown-toggle{*margin-bottom:-3px}.dropdown-toggle:active,.open .dropdown-toggle{outline:0}.caret{display:inline-block;width:0;height:0;vertical-align:top;border-top:4px solid #000;border-right:4px solid transparent;border-left:4px solid transparent;content:""}.dropdown .caret{margin-top:8px;margin-left:2px}.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;display:none;float:left;min-width:160px;padding:5px 0;margin:2px 0 0;list-style:none;background-color:#fff;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.2);*border-right-width:2px;*border-bottom-width:2px;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;-webkit-box-shadow:0 5px 10px rgba(0,0,0,0.2);-moz-box-shadow:0 5px 10px rgba(0,0,0,0.2);box-shadow:0 5px 10px rgba(0,0,0,0.2);-webkit-background-clip:padding-box;-moz-background-clip:padding;background-clip:padding-box}.dropdown-menu.pull-right{right:0;left:auto}.dropdown-menu .divider{*width:100%;height:1px;margin:9px 1px;*margin:-5px 0 5px;overflow:hidden;background-color:#e5e5e5;border-bottom:1px solid #fff}.dropdown-menu>li>a{display:block;padding:3px 20px;clear:both;font-weight:normal;line-height:20px;color:#333;white-space:nowrap}.dropdown-menu>li>a:hover,.dropdown-menu>li>a:focus,.dropdown-submenu:hover>a,.dropdown-submenu:focus>a{color:#fff;text-decoration:none;background-color:#0081c2;background-image:-moz-linear-gradient(top,#08c,#0077b3);background-image:-webkit-gradient(linear,0 0,0 100%,from(#08c),to(#0077b3));background-image:-webkit-linear-gradient(top,#08c,#0077b3);background-image:-o-linear-gradient(top,#08c,#0077b3);background-image:linear-gradient(to bottom,#08c,#0077b3);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0088cc',endColorstr='#ff0077b3',GradientType=0)}.dropdown-menu>.active>a,.dropdown-menu>.active>a:hover,.dropdown-menu>.active>a:focus{color:#fff;text-decoration:none;background-color:#0081c2;background-image:-moz-linear-gradient(top,#08c,#0077b3);background-image:-webkit-gradient(linear,0 0,0 100%,from(#08c),to(#0077b3));background-image:-webkit-linear-gradient(top,#08c,#0077b3);background-image:-o-linear-gradient(top,#08c,#0077b3);background-image:linear-gradient(to bottom,#08c,#0077b3);background-repeat:repeat-x;outline:0;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0088cc',endColorstr='#ff0077b3',GradientType=0)}.dropdown-menu>.disabled>a,.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{color:#999}.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{text-decoration:none;cursor:default;background-color:transparent;background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.open{*z-index:1000}.open>.dropdown-menu{display:block}.pull-right>.dropdown-menu{right:0;left:auto}.dropup .caret,.navbar-fixed-bottom .dropdown .caret{border-top:0;border-bottom:4px solid #000;content:""}.dropup .dropdown-menu,.navbar-fixed-bottom .dropdown .dropdown-menu{top:auto;bottom:100%;margin-bottom:1px}.dropdown-submenu{position:relative}.dropdown-submenu>.dropdown-menu{top:0;left:100%;margin-top:-6px;margin-left:-1px;-webkit-border-radius:0 6px 6px 6px;-moz-border-radius:0 6px 6px 6px;border-radius:0 6px 6px 6px}.dropdown-submenu:hover>.dropdown-menu{display:block}.dropup .dropdown-submenu>.dropdown-menu{top:auto;bottom:0;margin-top:0;margin-bottom:-2px;-webkit-border-radius:5px 5px 5px 0;-moz-border-radius:5px 5px 5px 0;border-radius:5px 5px 5px 0}.dropdown-submenu>a:after{display:block;float:right;width:0;height:0;margin-top:5px;margin-right:-10px;border-color:transparent;border-left-color:#ccc;border-style:solid;border-width:5px 0 5px 5px;content:" "}.dropdown-submenu:hover>a:after{border-left-color:#fff}.dropdown-submenu.pull-left{float:none}.dropdown-submenu.pull-left>.dropdown-menu{left:-100%;margin-left:10px;-webkit-border-radius:6px 0 6px 6px;-moz-border-radius:6px 0 6px 6px;border-radius:6px 0 6px 6px}.dropdown .dropdown-menu .nav-header{padding-right:20px;padding-left:20px}.typeahead{z-index:1051;margin-top:2px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.well{min-height:20px;padding:19px;margin-bottom:20px;background-color:#f5f5f5;border:1px solid #e3e3e3;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.05);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.05);box-shadow:inset 0 1px 1px rgba(0,0,0,0.05)}.well blockquote{border-color:#ddd;border-color:rgba(0,0,0,0.15)}.well-large{padding:24px;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px}.well-small{padding:9px;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px}.fade{opacity:0;-webkit-transition:opacity .15s linear;-moz-transition:opacity .15s linear;-o-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1}.collapse{position:relative;height:0;overflow:hidden;-webkit-transition:height .35s ease;-moz-transition:height .35s ease;-o-transition:height .35s ease;transition:height .35s ease}.collapse.in{height:auto}.close{float:right;font-size:20px;font-weight:bold;line-height:20px;color:#000;text-shadow:0 1px 0 #fff;opacity:.2;filter:alpha(opacity=20)}.close:hover,.close:focus{color:#000;text-decoration:none;cursor:pointer;opacity:.4;filter:alpha(opacity=40)}button.close{padding:0;cursor:pointer;background:transparent;border:0;-webkit-appearance:none}.btn{display:inline-block;*display:inline;padding:4px 12px;margin-bottom:0;*margin-left:.3em;font-size:14px;line-height:20px;color:#333;text-align:center;text-shadow:0 1px 1px rgba(255,255,255,0.75);vertical-align:middle;cursor:pointer;background-color:#f5f5f5;*background-color:#e6e6e6;background-image:-moz-linear-gradient(top,#fff,#e6e6e6);background-image:-webkit-gradient(linear,0 0,0 100%,from(#fff),to(#e6e6e6));background-image:-webkit-linear-gradient(top,#fff,#e6e6e6);background-image:-o-linear-gradient(top,#fff,#e6e6e6);background-image:linear-gradient(to bottom,#fff,#e6e6e6);background-repeat:repeat-x;border:1px solid #ccc;*border:0;border-color:#e6e6e6 #e6e6e6 #bfbfbf;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);border-bottom-color:#b3b3b3;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff',endColorstr='#ffe6e6e6',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);*zoom:1;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05);box-shadow:inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05)}.btn:hover,.btn:focus,.btn:active,.btn.active,.btn.disabled,.btn[disabled]{color:#333;background-color:#e6e6e6;*background-color:#d9d9d9}.btn:active,.btn.active{background-color:#ccc \9}.btn:first-child{*margin-left:0}.btn:hover,.btn:focus{color:#333;text-decoration:none;background-position:0 -15px;-webkit-transition:background-position .1s linear;-moz-transition:background-position .1s linear;-o-transition:background-position .1s linear;transition:background-position .1s linear}.btn:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.btn.active,.btn:active{background-image:none;outline:0;-webkit-box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05);box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05)}.btn.disabled,.btn[disabled]{cursor:default;background-image:none;opacity:.65;filter:alpha(opacity=65);-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}.btn-large{padding:11px 19px;font-size:17.5px;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px}.btn-large [class^="icon-"],.btn-large [class*=" icon-"]{margin-top:4px}.btn-small{padding:2px 10px;font-size:11.9px;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px}.btn-small [class^="icon-"],.btn-small [class*=" icon-"]{margin-top:0}.btn-mini [class^="icon-"],.btn-mini [class*=" icon-"]{margin-top:-1px}.btn-mini{padding:0 6px;font-size:10.5px;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px}.btn-block{display:block;width:100%;padding-right:0;padding-left:0;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}.btn-block+.btn-block{margin-top:5px}input[type="submit"].btn-block,input[type="reset"].btn-block,input[type="button"].btn-block{width:100%}.btn-primary.active,.btn-warning.active,.btn-danger.active,.btn-success.active,.btn-info.active,.btn-inverse.active{color:rgba(255,255,255,0.75)}.btn-primary{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#006dcc;*background-color:#04c;background-image:-moz-linear-gradient(top,#08c,#04c);background-image:-webkit-gradient(linear,0 0,0 100%,from(#08c),to(#04c));background-image:-webkit-linear-gradient(top,#08c,#04c);background-image:-o-linear-gradient(top,#08c,#04c);background-image:linear-gradient(to bottom,#08c,#04c);background-repeat:repeat-x;border-color:#04c #04c #002a80;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0088cc',endColorstr='#ff0044cc',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-primary:hover,.btn-primary:focus,.btn-primary:active,.btn-primary.active,.btn-primary.disabled,.btn-primary[disabled]{color:#fff;background-color:#04c;*background-color:#003bb3}.btn-primary:active,.btn-primary.active{background-color:#039 \9}.btn-warning{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#faa732;*background-color:#f89406;background-image:-moz-linear-gradient(top,#fbb450,#f89406);background-image:-webkit-gradient(linear,0 0,0 100%,from(#fbb450),to(#f89406));background-image:-webkit-linear-gradient(top,#fbb450,#f89406);background-image:-o-linear-gradient(top,#fbb450,#f89406);background-image:linear-gradient(to bottom,#fbb450,#f89406);background-repeat:repeat-x;border-color:#f89406 #f89406 #ad6704;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffbb450',endColorstr='#fff89406',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-warning:hover,.btn-warning:focus,.btn-warning:active,.btn-warning.active,.btn-warning.disabled,.btn-warning[disabled]{color:#fff;background-color:#f89406;*background-color:#df8505}.btn-warning:active,.btn-warning.active{background-color:#c67605 \9}.btn-danger{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#da4f49;*background-color:#bd362f;background-image:-moz-linear-gradient(top,#ee5f5b,#bd362f);background-image:-webkit-gradient(linear,0 0,0 100%,from(#ee5f5b),to(#bd362f));background-image:-webkit-linear-gradient(top,#ee5f5b,#bd362f);background-image:-o-linear-gradient(top,#ee5f5b,#bd362f);background-image:linear-gradient(to bottom,#ee5f5b,#bd362f);background-repeat:repeat-x;border-color:#bd362f #bd362f #802420;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffee5f5b',endColorstr='#ffbd362f',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-danger:hover,.btn-danger:focus,.btn-danger:active,.btn-danger.active,.btn-danger.disabled,.btn-danger[disabled]{color:#fff;background-color:#bd362f;*background-color:#a9302a}.btn-danger:active,.btn-danger.active{background-color:#942a25 \9}.btn-success{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#5bb75b;*background-color:#51a351;background-image:-moz-linear-gradient(top,#62c462,#51a351);background-image:-webkit-gradient(linear,0 0,0 100%,from(#62c462),to(#51a351));background-image:-webkit-linear-gradient(top,#62c462,#51a351);background-image:-o-linear-gradient(top,#62c462,#51a351);background-image:linear-gradient(to bottom,#62c462,#51a351);background-repeat:repeat-x;border-color:#51a351 #51a351 #387038;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff62c462',endColorstr='#ff51a351',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-success:hover,.btn-success:focus,.btn-success:active,.btn-success.active,.btn-success.disabled,.btn-success[disabled]{color:#fff;background-color:#51a351;*background-color:#499249}.btn-success:active,.btn-success.active{background-color:#408140 \9}.btn-info{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#49afcd;*background-color:#2f96b4;background-image:-moz-linear-gradient(top,#5bc0de,#2f96b4);background-image:-webkit-gradient(linear,0 0,0 100%,from(#5bc0de),to(#2f96b4));background-image:-webkit-linear-gradient(top,#5bc0de,#2f96b4);background-image:-o-linear-gradient(top,#5bc0de,#2f96b4);background-image:linear-gradient(to bottom,#5bc0de,#2f96b4);background-repeat:repeat-x;border-color:#2f96b4 #2f96b4 #1f6377;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de',endColorstr='#ff2f96b4',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-info:hover,.btn-info:focus,.btn-info:active,.btn-info.active,.btn-info.disabled,.btn-info[disabled]{color:#fff;background-color:#2f96b4;*background-color:#2a85a0}.btn-info:active,.btn-info.active{background-color:#24748c \9}.btn-inverse{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#363636;*background-color:#222;background-image:-moz-linear-gradient(top,#444,#222);background-image:-webkit-gradient(linear,0 0,0 100%,from(#444),to(#222));background-image:-webkit-linear-gradient(top,#444,#222);background-image:-o-linear-gradient(top,#444,#222);background-image:linear-gradient(to bottom,#444,#222);background-repeat:repeat-x;border-color:#222 #222 #000;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff444444',endColorstr='#ff222222',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-inverse:hover,.btn-inverse:focus,.btn-inverse:active,.btn-inverse.active,.btn-inverse.disabled,.btn-inverse[disabled]{color:#fff;background-color:#222;*background-color:#151515}.btn-inverse:active,.btn-inverse.active{background-color:#080808 \9}button.btn,input[type="submit"].btn{*padding-top:3px;*padding-bottom:3px}button.btn::-moz-focus-inner,input[type="submit"].btn::-moz-focus-inner{padding:0;border:0}button.btn.btn-large,input[type="submit"].btn.btn-large{*padding-top:7px;*padding-bottom:7px}button.btn.btn-small,input[type="submit"].btn.btn-small{*padding-top:3px;*padding-bottom:3px}button.btn.btn-mini,input[type="submit"].btn.btn-mini{*padding-top:1px;*padding-bottom:1px}.btn-link,.btn-link:active,.btn-link[disabled]{background-color:transparent;background-image:none;-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}.btn-link{color:#08c;cursor:pointer;border-color:transparent;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.btn-link:hover,.btn-link:focus{color:#005580;text-decoration:underline;background-color:transparent}.btn-link[disabled]:hover,.btn-link[disabled]:focus{color:#333;text-decoration:none}.btn-group{position:relative;display:inline-block;*display:inline;*margin-left:.3em;font-size:0;white-space:nowrap;vertical-align:middle;*zoom:1}.btn-group:first-child{*margin-left:0}.btn-group+.btn-group{margin-left:5px}.btn-toolbar{margin-top:10px;margin-bottom:10px;font-size:0}.btn-toolbar>.btn+.btn,.btn-toolbar>.btn-group+.btn,.btn-toolbar>.btn+.btn-group{margin-left:5px}.btn-group>.btn{position:relative;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.btn-group>.btn+.btn{margin-left:-1px}.btn-group>.btn,.btn-group>.dropdown-menu,.btn-group>.popover{font-size:14px}.btn-group>.btn-mini{font-size:10.5px}.btn-group>.btn-small{font-size:11.9px}.btn-group>.btn-large{font-size:17.5px}.btn-group>.btn:first-child{margin-left:0;-webkit-border-bottom-left-radius:4px;border-bottom-left-radius:4px;-webkit-border-top-left-radius:4px;border-top-left-radius:4px;-moz-border-radius-bottomleft:4px;-moz-border-radius-topleft:4px}.btn-group>.btn:last-child,.btn-group>.dropdown-toggle{-webkit-border-top-right-radius:4px;border-top-right-radius:4px;-webkit-border-bottom-right-radius:4px;border-bottom-right-radius:4px;-moz-border-radius-topright:4px;-moz-border-radius-bottomright:4px}.btn-group>.btn.large:first-child{margin-left:0;-webkit-border-bottom-left-radius:6px;border-bottom-left-radius:6px;-webkit-border-top-left-radius:6px;border-top-left-radius:6px;-moz-border-radius-bottomleft:6px;-moz-border-radius-topleft:6px}.btn-group>.btn.large:last-child,.btn-group>.large.dropdown-toggle{-webkit-border-top-right-radius:6px;border-top-right-radius:6px;-webkit-border-bottom-right-radius:6px;border-bottom-right-radius:6px;-moz-border-radius-topright:6px;-moz-border-radius-bottomright:6px}.btn-group>.btn:hover,.btn-group>.btn:focus,.btn-group>.btn:active,.btn-group>.btn.active{z-index:2}.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle{outline:0}.btn-group>.btn+.dropdown-toggle{*padding-top:5px;padding-right:8px;*padding-bottom:5px;padding-left:8px;-webkit-box-shadow:inset 1px 0 0 rgba(255,255,255,0.125),inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:inset 1px 0 0 rgba(255,255,255,0.125),inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05);box-shadow:inset 1px 0 0 rgba(255,255,255,0.125),inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05)}.btn-group>.btn-mini+.dropdown-toggle{*padding-top:2px;padding-right:5px;*padding-bottom:2px;padding-left:5px}.btn-group>.btn-small+.dropdown-toggle{*padding-top:5px;*padding-bottom:4px}.btn-group>.btn-large+.dropdown-toggle{*padding-top:7px;padding-right:12px;*padding-bottom:7px;padding-left:12px}.btn-group.open .dropdown-toggle{background-image:none;-webkit-box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05);box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05)}.btn-group.open .btn.dropdown-toggle{background-color:#e6e6e6}.btn-group.open .btn-primary.dropdown-toggle{background-color:#04c}.btn-group.open .btn-warning.dropdown-toggle{background-color:#f89406}.btn-group.open .btn-danger.dropdown-toggle{background-color:#bd362f}.btn-group.open .btn-success.dropdown-toggle{background-color:#51a351}.btn-group.open .btn-info.dropdown-toggle{background-color:#2f96b4}.btn-group.open .btn-inverse.dropdown-toggle{background-color:#222}.btn .caret{margin-top:8px;margin-left:0}.btn-large .caret{margin-top:6px}.btn-large .caret{border-top-width:5px;border-right-width:5px;border-left-width:5px}.btn-mini .caret,.btn-small .caret{margin-top:8px}.dropup .btn-large .caret{border-bottom-width:5px}.btn-primary .caret,.btn-warning .caret,.btn-danger .caret,.btn-info .caret,.btn-success .caret,.btn-inverse .caret{border-top-color:#fff;border-bottom-color:#fff}.btn-group-vertical{display:inline-block;*display:inline;*zoom:1}.btn-group-vertical>.btn{display:block;float:none;max-width:100%;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.btn-group-vertical>.btn+.btn{margin-top:-1px;margin-left:0}.btn-group-vertical>.btn:first-child{-webkit-border-radius:4px 4px 0 0;-moz-border-radius:4px 4px 0 0;border-radius:4px 4px 0 0}.btn-group-vertical>.btn:last-child{-webkit-border-radius:0 0 4px 4px;-moz-border-radius:0 0 4px 4px;border-radius:0 0 4px 4px}.btn-group-vertical>.btn-large:first-child{-webkit-border-radius:6px 6px 0 0;-moz-border-radius:6px 6px 0 0;border-radius:6px 6px 0 0}.btn-group-vertical>.btn-large:last-child{-webkit-border-radius:0 0 6px 6px;-moz-border-radius:0 0 6px 6px;border-radius:0 0 6px 6px}.alert{padding:8px 35px 8px 14px;margin-bottom:20px;text-shadow:0 1px 0 rgba(255,255,255,0.5);background-color:#fcf8e3;border:1px solid #fbeed5;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.alert,.alert h4{color:#c09853}.alert h4{margin:0}.alert .close{position:relative;top:-2px;right:-21px;line-height:20px}.alert-success{color:#468847;background-color:#dff0d8;border-color:#d6e9c6}.alert-success h4{color:#468847}.alert-danger,.alert-error{color:#b94a48;background-color:#f2dede;border-color:#eed3d7}.alert-danger h4,.alert-error h4{color:#b94a48}.alert-info{color:#3a87ad;background-color:#d9edf7;border-color:#bce8f1}.alert-info h4{color:#3a87ad}.alert-block{padding-top:14px;padding-bottom:14px}.alert-block>p,.alert-block>ul{margin-bottom:0}.alert-block p+p{margin-top:5px}.nav{margin-bottom:20px;margin-left:0;list-style:none}.nav>li>a{display:block}.nav>li>a:hover,.nav>li>a:focus{text-decoration:none;background-color:#eee}.nav>li>a>img{max-width:none}.nav>.pull-right{float:right}.nav-header{display:block;padding:3px 15px;font-size:11px;font-weight:bold;line-height:20px;color:#999;text-shadow:0 1px 0 rgba(255,255,255,0.5);text-transform:uppercase}.nav li+.nav-header{margin-top:9px}.nav-list{padding-right:15px;padding-left:15px;margin-bottom:0}.nav-list>li>a,.nav-list .nav-header{margin-right:-15px;margin-left:-15px;text-shadow:0 1px 0 rgba(255,255,255,0.5)}.nav-list>li>a{padding:3px 15px}.nav-list>.active>a,.nav-list>.active>a:hover,.nav-list>.active>a:focus{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.2);background-color:#08c}.nav-list [class^="icon-"],.nav-list [class*=" icon-"]{margin-right:2px}.nav-list .divider{*width:100%;height:1px;margin:9px 1px;*margin:-5px 0 5px;overflow:hidden;background-color:#e5e5e5;border-bottom:1px solid #fff}.nav-tabs,.nav-pills{*zoom:1}.nav-tabs:before,.nav-pills:before,.nav-tabs:after,.nav-pills:after{display:table;line-height:0;content:""}.nav-tabs:after,.nav-pills:after{clear:both}.nav-tabs>li,.nav-pills>li{float:left}.nav-tabs>li>a,.nav-pills>li>a{padding-right:12px;padding-left:12px;margin-right:2px;line-height:14px}.nav-tabs{border-bottom:1px solid #ddd}.nav-tabs>li{margin-bottom:-1px}.nav-tabs>li>a{padding-top:8px;padding-bottom:8px;line-height:20px;border:1px solid transparent;-webkit-border-radius:4px 4px 0 0;-moz-border-radius:4px 4px 0 0;border-radius:4px 4px 0 0}.nav-tabs>li>a:hover,.nav-tabs>li>a:focus{border-color:#eee #eee #ddd}.nav-tabs>.active>a,.nav-tabs>.active>a:hover,.nav-tabs>.active>a:focus{color:#555;cursor:default;background-color:#fff;border:1px solid #ddd;border-bottom-color:transparent}.nav-pills>li>a{padding-top:8px;padding-bottom:8px;margin-top:2px;margin-bottom:2px;-webkit-border-radius:5px;-moz-border-radius:5px;border-radius:5px}.nav-pills>.active>a,.nav-pills>.active>a:hover,.nav-pills>.active>a:focus{color:#fff;background-color:#08c}.nav-stacked>li{float:none}.nav-stacked>li>a{margin-right:0}.nav-tabs.nav-stacked{border-bottom:0}.nav-tabs.nav-stacked>li>a{border:1px solid #ddd;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.nav-tabs.nav-stacked>li:first-child>a{-webkit-border-top-right-radius:4px;border-top-right-radius:4px;-webkit-border-top-left-radius:4px;border-top-left-radius:4px;-moz-border-radius-topright:4px;-moz-border-radius-topleft:4px}.nav-tabs.nav-stacked>li:last-child>a{-webkit-border-bottom-right-radius:4px;border-bottom-right-radius:4px;-webkit-border-bottom-left-radius:4px;border-bottom-left-radius:4px;-moz-border-radius-bottomright:4px;-moz-border-radius-bottomleft:4px}.nav-tabs.nav-stacked>li>a:hover,.nav-tabs.nav-stacked>li>a:focus{z-index:2;border-color:#ddd}.nav-pills.nav-stacked>li>a{margin-bottom:3px}.nav-pills.nav-stacked>li:last-child>a{margin-bottom:1px}.nav-tabs .dropdown-menu{-webkit-border-radius:0 0 6px 6px;-moz-border-radius:0 0 6px 6px;border-radius:0 0 6px 6px}.nav-pills .dropdown-menu{-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px}.nav .dropdown-toggle .caret{margin-top:6px;border-top-color:#08c;border-bottom-color:#08c}.nav .dropdown-toggle:hover .caret,.nav .dropdown-toggle:focus .caret{border-top-color:#005580;border-bottom-color:#005580}.nav-tabs .dropdown-toggle .caret{margin-top:8px}.nav .active .dropdown-toggle .caret{border-top-color:#fff;border-bottom-color:#fff}.nav-tabs .active .dropdown-toggle .caret{border-top-color:#555;border-bottom-color:#555}.nav>.dropdown.active>a:hover,.nav>.dropdown.active>a:focus{cursor:pointer}.nav-tabs .open .dropdown-toggle,.nav-pills .open .dropdown-toggle,.nav>li.dropdown.open.active>a:hover,.nav>li.dropdown.open.active>a:focus{color:#fff;background-color:#999;border-color:#999}.nav li.dropdown.open .caret,.nav li.dropdown.open.active .caret,.nav li.dropdown.open a:hover .caret,.nav li.dropdown.open a:focus .caret{border-top-color:#fff;border-bottom-color:#fff;opacity:1;filter:alpha(opacity=100)}.tabs-stacked .open>a:hover,.tabs-stacked .open>a:focus{border-color:#999}.tabbable{*zoom:1}.tabbable:before,.tabbable:after{display:table;line-height:0;content:""}.tabbable:after{clear:both}.tab-content{overflow:auto}.tabs-below>.nav-tabs,.tabs-right>.nav-tabs,.tabs-left>.nav-tabs{border-bottom:0}.tab-content>.tab-pane,.pill-content>.pill-pane{display:none}.tab-content>.active,.pill-content>.active{display:block}.tabs-below>.nav-tabs{border-top:1px solid #ddd}.tabs-below>.nav-tabs>li{margin-top:-1px;margin-bottom:0}.tabs-below>.nav-tabs>li>a{-webkit-border-radius:0 0 4px 4px;-moz-border-radius:0 0 4px 4px;border-radius:0 0 4px 4px}.tabs-below>.nav-tabs>li>a:hover,.tabs-below>.nav-tabs>li>a:focus{border-top-color:#ddd;border-bottom-color:transparent}.tabs-below>.nav-tabs>.active>a,.tabs-below>.nav-tabs>.active>a:hover,.tabs-below>.nav-tabs>.active>a:focus{border-color:transparent #ddd #ddd #ddd}.tabs-left>.nav-tabs>li,.tabs-right>.nav-tabs>li{float:none}.tabs-left>.nav-tabs>li>a,.tabs-right>.nav-tabs>li>a{min-width:74px;margin-right:0;margin-bottom:3px}.tabs-left>.nav-tabs{float:left;margin-right:19px;border-right:1px solid #ddd}.tabs-left>.nav-tabs>li>a{margin-right:-1px;-webkit-border-radius:4px 0 0 4px;-moz-border-radius:4px 0 0 4px;border-radius:4px 0 0 4px}.tabs-left>.nav-tabs>li>a:hover,.tabs-left>.nav-tabs>li>a:focus{border-color:#eee #ddd #eee #eee}.tabs-left>.nav-tabs .active>a,.tabs-left>.nav-tabs .active>a:hover,.tabs-left>.nav-tabs .active>a:focus{border-color:#ddd transparent #ddd #ddd;*border-right-color:#fff}.tabs-right>.nav-tabs{float:right;margin-left:19px;border-left:1px solid #ddd}.tabs-right>.nav-tabs>li>a{margin-left:-1px;-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0}.tabs-right>.nav-tabs>li>a:hover,.tabs-right>.nav-tabs>li>a:focus{border-color:#eee #eee #eee #ddd}.tabs-right>.nav-tabs .active>a,.tabs-right>.nav-tabs .active>a:hover,.tabs-right>.nav-tabs .active>a:focus{border-color:#ddd #ddd #ddd transparent;*border-left-color:#fff}.nav>.disabled>a{color:#999}.nav>.disabled>a:hover,.nav>.disabled>a:focus{text-decoration:none;cursor:default;background-color:transparent}.navbar{*position:relative;*z-index:2;margin-bottom:20px;overflow:visible}.navbar-inner{min-height:40px;padding-right:20px;padding-left:20px;background-color:#fafafa;background-image:-moz-linear-gradient(top,#fff,#f2f2f2);background-image:-webkit-gradient(linear,0 0,0 100%,from(#fff),to(#f2f2f2));background-image:-webkit-linear-gradient(top,#fff,#f2f2f2);background-image:-o-linear-gradient(top,#fff,#f2f2f2);background-image:linear-gradient(to bottom,#fff,#f2f2f2);background-repeat:repeat-x;border:1px solid #d4d4d4;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff',endColorstr='#fff2f2f2',GradientType=0);*zoom:1;-webkit-box-shadow:0 1px 4px rgba(0,0,0,0.065);-moz-box-shadow:0 1px 4px rgba(0,0,0,0.065);box-shadow:0 1px 4px rgba(0,0,0,0.065)}.navbar-inner:before,.navbar-inner:after{display:table;line-height:0;content:""}.navbar-inner:after{clear:both}.navbar .container{width:auto}.nav-collapse.collapse{height:auto;overflow:visible}.navbar .brand{display:block;float:left;padding:10px 20px 10px;margin-left:-20px;font-size:20px;font-weight:200;color:#777;text-shadow:0 1px 0 #fff}.navbar .brand:hover,.navbar .brand:focus{text-decoration:none}.navbar-text{margin-bottom:0;line-height:40px;color:#777}.navbar-link{color:#777}.navbar-link:hover,.navbar-link:focus{color:#333}.navbar .divider-vertical{height:40px;margin:0 9px;border-right:1px solid #fff;border-left:1px solid #f2f2f2}.navbar .btn,.navbar .btn-group{margin-top:5px}.navbar .btn-group .btn,.navbar .input-prepend .btn,.navbar .input-append .btn,.navbar .input-prepend .btn-group,.navbar .input-append .btn-group{margin-top:0}.navbar-form{margin-bottom:0;*zoom:1}.navbar-form:before,.navbar-form:after{display:table;line-height:0;content:""}.navbar-form:after{clear:both}.navbar-form input,.navbar-form select,.navbar-form .radio,.navbar-form .checkbox{margin-top:5px}.navbar-form input,.navbar-form select,.navbar-form .btn{display:inline-block;margin-bottom:0}.navbar-form input[type="image"],.navbar-form input[type="checkbox"],.navbar-form input[type="radio"]{margin-top:3px}.navbar-form .input-append,.navbar-form .input-prepend{margin-top:5px;white-space:nowrap}.navbar-form .input-append input,.navbar-form .input-prepend input{margin-top:0}.navbar-search{position:relative;float:left;margin-top:5px;margin-bottom:0}.navbar-search .search-query{padding:4px 14px;margin-bottom:0;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:13px;font-weight:normal;line-height:1;-webkit-border-radius:15px;-moz-border-radius:15px;border-radius:15px}.navbar-static-top{position:static;margin-bottom:0}.navbar-static-top .navbar-inner{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.navbar-fixed-top,.navbar-fixed-bottom{position:fixed;right:0;left:0;z-index:1030;margin-bottom:0}.navbar-fixed-top .navbar-inner,.navbar-static-top .navbar-inner{border-width:0 0 1px}.navbar-fixed-bottom .navbar-inner{border-width:1px 0 0}.navbar-fixed-top .navbar-inner,.navbar-fixed-bottom .navbar-inner{padding-right:0;padding-left:0;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.navbar-static-top .container,.navbar-fixed-top .container,.navbar-fixed-bottom .container{width:940px}.navbar-fixed-top{top:0}.navbar-fixed-top .navbar-inner,.navbar-static-top .navbar-inner{-webkit-box-shadow:0 1px 10px rgba(0,0,0,0.1);-moz-box-shadow:0 1px 10px rgba(0,0,0,0.1);box-shadow:0 1px 10px rgba(0,0,0,0.1)}.navbar-fixed-bottom{bottom:0}.navbar-fixed-bottom .navbar-inner{-webkit-box-shadow:0 -1px 10px rgba(0,0,0,0.1);-moz-box-shadow:0 -1px 10px rgba(0,0,0,0.1);box-shadow:0 -1px 10px rgba(0,0,0,0.1)}.navbar .nav{position:relative;left:0;display:block;float:left;margin:0 10px 0 0}.navbar .nav.pull-right{float:right;margin-right:0}.navbar .nav>li{float:left}.navbar .nav>li>a{float:none;padding:10px 15px 10px;color:#777;text-decoration:none;text-shadow:0 1px 0 #fff}.navbar .nav .dropdown-toggle .caret{margin-top:8px}.navbar .nav>li>a:focus,.navbar .nav>li>a:hover{color:#333;text-decoration:none;background-color:transparent}.navbar .nav>.active>a,.navbar .nav>.active>a:hover,.navbar .nav>.active>a:focus{color:#555;text-decoration:none;background-color:#e5e5e5;-webkit-box-shadow:inset 0 3px 8px rgba(0,0,0,0.125);-moz-box-shadow:inset 0 3px 8px rgba(0,0,0,0.125);box-shadow:inset 0 3px 8px rgba(0,0,0,0.125)}.navbar .btn-navbar{display:none;float:right;padding:7px 10px;margin-right:5px;margin-left:5px;color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#ededed;*background-color:#e5e5e5;background-image:-moz-linear-gradient(top,#f2f2f2,#e5e5e5);background-image:-webkit-gradient(linear,0 0,0 100%,from(#f2f2f2),to(#e5e5e5));background-image:-webkit-linear-gradient(top,#f2f2f2,#e5e5e5);background-image:-o-linear-gradient(top,#f2f2f2,#e5e5e5);background-image:linear-gradient(to bottom,#f2f2f2,#e5e5e5);background-repeat:repeat-x;border-color:#e5e5e5 #e5e5e5 #bfbfbf;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2f2f2',endColorstr='#ffe5e5e5',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.075);-moz-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.075);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.075)}.navbar .btn-navbar:hover,.navbar .btn-navbar:focus,.navbar .btn-navbar:active,.navbar .btn-navbar.active,.navbar .btn-navbar.disabled,.navbar .btn-navbar[disabled]{color:#fff;background-color:#e5e5e5;*background-color:#d9d9d9}.navbar .btn-navbar:active,.navbar .btn-navbar.active{background-color:#ccc \9}.navbar .btn-navbar .icon-bar{display:block;width:18px;height:2px;background-color:#f5f5f5;-webkit-border-radius:1px;-moz-border-radius:1px;border-radius:1px;-webkit-box-shadow:0 1px 0 rgba(0,0,0,0.25);-moz-box-shadow:0 1px 0 rgba(0,0,0,0.25);box-shadow:0 1px 0 rgba(0,0,0,0.25)}.btn-navbar .icon-bar+.icon-bar{margin-top:3px}.navbar .nav>li>.dropdown-menu:before{position:absolute;top:-7px;left:9px;display:inline-block;border-right:7px solid transparent;border-bottom:7px solid #ccc;border-left:7px solid transparent;border-bottom-color:rgba(0,0,0,0.2);content:''}.navbar .nav>li>.dropdown-menu:after{position:absolute;top:-6px;left:10px;display:inline-block;border-right:6px solid transparent;border-bottom:6px solid #fff;border-left:6px solid transparent;content:''}.navbar-fixed-bottom .nav>li>.dropdown-menu:before{top:auto;bottom:-7px;border-top:7px solid #ccc;border-bottom:0;border-top-color:rgba(0,0,0,0.2)}.navbar-fixed-bottom .nav>li>.dropdown-menu:after{top:auto;bottom:-6px;border-top:6px solid #fff;border-bottom:0}.navbar .nav li.dropdown>a:hover .caret,.navbar .nav li.dropdown>a:focus .caret{border-top-color:#333;border-bottom-color:#333}.navbar .nav li.dropdown.open>.dropdown-toggle,.navbar .nav li.dropdown.active>.dropdown-toggle,.navbar .nav li.dropdown.open.active>.dropdown-toggle{color:#555;background-color:#e5e5e5}.navbar .nav li.dropdown>.dropdown-toggle .caret{border-top-color:#777;border-bottom-color:#777}.navbar .nav li.dropdown.open>.dropdown-toggle .caret,.navbar .nav li.dropdown.active>.dropdown-toggle .caret,.navbar .nav li.dropdown.open.active>.dropdown-toggle .caret{border-top-color:#555;border-bottom-color:#555}.navbar .pull-right>li>.dropdown-menu,.navbar .nav>li>.dropdown-menu.pull-right{right:0;left:auto}.navbar .pull-right>li>.dropdown-menu:before,.navbar .nav>li>.dropdown-menu.pull-right:before{right:12px;left:auto}.navbar .pull-right>li>.dropdown-menu:after,.navbar .nav>li>.dropdown-menu.pull-right:after{right:13px;left:auto}.navbar .pull-right>li>.dropdown-menu .dropdown-menu,.navbar .nav>li>.dropdown-menu.pull-right .dropdown-menu{right:100%;left:auto;margin-right:-1px;margin-left:0;-webkit-border-radius:6px 0 6px 6px;-moz-border-radius:6px 0 6px 6px;border-radius:6px 0 6px 6px}.navbar-inverse .navbar-inner{background-color:#1b1b1b;background-image:-moz-linear-gradient(top,#222,#111);background-image:-webkit-gradient(linear,0 0,0 100%,from(#222),to(#111));background-image:-webkit-linear-gradient(top,#222,#111);background-image:-o-linear-gradient(top,#222,#111);background-image:linear-gradient(to bottom,#222,#111);background-repeat:repeat-x;border-color:#252525;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff222222',endColorstr='#ff111111',GradientType=0)}.navbar-inverse .brand,.navbar-inverse .nav>li>a{color:#999;text-shadow:0 -1px 0 rgba(0,0,0,0.25)}.navbar-inverse .brand:hover,.navbar-inverse .nav>li>a:hover,.navbar-inverse .brand:focus,.navbar-inverse .nav>li>a:focus{color:#fff}.navbar-inverse .brand{color:#999}.navbar-inverse .navbar-text{color:#999}.navbar-inverse .nav>li>a:focus,.navbar-inverse .nav>li>a:hover{color:#fff;background-color:transparent}.navbar-inverse .nav .active>a,.navbar-inverse .nav .active>a:hover,.navbar-inverse .nav .active>a:focus{color:#fff;background-color:#111}.navbar-inverse .navbar-link{color:#999}.navbar-inverse .navbar-link:hover,.navbar-inverse .navbar-link:focus{color:#fff}.navbar-inverse .divider-vertical{border-right-color:#222;border-left-color:#111}.navbar-inverse .nav li.dropdown.open>.dropdown-toggle,.navbar-inverse .nav li.dropdown.active>.dropdown-toggle,.navbar-inverse .nav li.dropdown.open.active>.dropdown-toggle{color:#fff;background-color:#111}.navbar-inverse .nav li.dropdown>a:hover .caret,.navbar-inverse .nav li.dropdown>a:focus .caret{border-top-color:#fff;border-bottom-color:#fff}.navbar-inverse .nav li.dropdown>.dropdown-toggle .caret{border-top-color:#999;border-bottom-color:#999}.navbar-inverse .nav li.dropdown.open>.dropdown-toggle .caret,.navbar-inverse .nav li.dropdown.active>.dropdown-toggle .caret,.navbar-inverse .nav li.dropdown.open.active>.dropdown-toggle .caret{border-top-color:#fff;border-bottom-color:#fff}.navbar-inverse .navbar-search .search-query{color:#fff;background-color:#515151;border-color:#111;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1),0 1px 0 rgba(255,255,255,0.15);-moz-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1),0 1px 0 rgba(255,255,255,0.15);box-shadow:inset 0 1px 2px rgba(0,0,0,0.1),0 1px 0 rgba(255,255,255,0.15);-webkit-transition:none;-moz-transition:none;-o-transition:none;transition:none}.navbar-inverse .navbar-search .search-query:-moz-placeholder{color:#ccc}.navbar-inverse .navbar-search .search-query:-ms-input-placeholder{color:#ccc}.navbar-inverse .navbar-search .search-query::-webkit-input-placeholder{color:#ccc}.navbar-inverse .navbar-search .search-query:focus,.navbar-inverse .navbar-search .search-query.focused{padding:5px 15px;color:#333;text-shadow:0 1px 0 #fff;background-color:#fff;border:0;outline:0;-webkit-box-shadow:0 0 3px rgba(0,0,0,0.15);-moz-box-shadow:0 0 3px rgba(0,0,0,0.15);box-shadow:0 0 3px rgba(0,0,0,0.15)}.navbar-inverse .btn-navbar{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#0e0e0e;*background-color:#040404;background-image:-moz-linear-gradient(top,#151515,#040404);background-image:-webkit-gradient(linear,0 0,0 100%,from(#151515),to(#040404));background-image:-webkit-linear-gradient(top,#151515,#040404);background-image:-o-linear-gradient(top,#151515,#040404);background-image:linear-gradient(to bottom,#151515,#040404);background-repeat:repeat-x;border-color:#040404 #040404 #000;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff151515',endColorstr='#ff040404',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.navbar-inverse .btn-navbar:hover,.navbar-inverse .btn-navbar:focus,.navbar-inverse .btn-navbar:active,.navbar-inverse .btn-navbar.active,.navbar-inverse .btn-navbar.disabled,.navbar-inverse .btn-navbar[disabled]{color:#fff;background-color:#040404;*background-color:#000}.navbar-inverse .btn-navbar:active,.navbar-inverse .btn-navbar.active{background-color:#000 \9}.breadcrumb{padding:8px 15px;margin:0 0 20px;list-style:none;background-color:#f5f5f5;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.breadcrumb>li{display:inline-block;*display:inline;text-shadow:0 1px 0 #fff;*zoom:1}.breadcrumb>li>.divider{padding:0 5px;color:#ccc}.breadcrumb>.active{color:#999}.pagination{margin:20px 0}.pagination ul{display:inline-block;*display:inline;margin-bottom:0;margin-left:0;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;*zoom:1;-webkit-box-shadow:0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:0 1px 2px rgba(0,0,0,0.05);box-shadow:0 1px 2px rgba(0,0,0,0.05)}.pagination ul>li{display:inline}.pagination ul>li>a,.pagination ul>li>span{float:left;padding:4px 12px;line-height:20px;text-decoration:none;background-color:#fff;border:1px solid #ddd;border-left-width:0}.pagination ul>li>a:hover,.pagination ul>li>a:focus,.pagination ul>.active>a,.pagination ul>.active>span{background-color:#f5f5f5}.pagination ul>.active>a,.pagination ul>.active>span{color:#999;cursor:default}.pagination ul>.disabled>span,.pagination ul>.disabled>a,.pagination ul>.disabled>a:hover,.pagination ul>.disabled>a:focus{color:#999;cursor:default;background-color:transparent}.pagination ul>li:first-child>a,.pagination ul>li:first-child>span{border-left-width:1px;-webkit-border-bottom-left-radius:4px;border-bottom-left-radius:4px;-webkit-border-top-left-radius:4px;border-top-left-radius:4px;-moz-border-radius-bottomleft:4px;-moz-border-radius-topleft:4px}.pagination ul>li:last-child>a,.pagination ul>li:last-child>span{-webkit-border-top-right-radius:4px;border-top-right-radius:4px;-webkit-border-bottom-right-radius:4px;border-bottom-right-radius:4px;-moz-border-radius-topright:4px;-moz-border-radius-bottomright:4px}.pagination-centered{text-align:center}.pagination-right{text-align:right}.pagination-large ul>li>a,.pagination-large ul>li>span{padding:11px 19px;font-size:17.5px}.pagination-large ul>li:first-child>a,.pagination-large ul>li:first-child>span{-webkit-border-bottom-left-radius:6px;border-bottom-left-radius:6px;-webkit-border-top-left-radius:6px;border-top-left-radius:6px;-moz-border-radius-bottomleft:6px;-moz-border-radius-topleft:6px}.pagination-large ul>li:last-child>a,.pagination-large ul>li:last-child>span{-webkit-border-top-right-radius:6px;border-top-right-radius:6px;-webkit-border-bottom-right-radius:6px;border-bottom-right-radius:6px;-moz-border-radius-topright:6px;-moz-border-radius-bottomright:6px}.pagination-mini ul>li:first-child>a,.pagination-small ul>li:first-child>a,.pagination-mini ul>li:first-child>span,.pagination-small ul>li:first-child>span{-webkit-border-bottom-left-radius:3px;border-bottom-left-radius:3px;-webkit-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-bottomleft:3px;-moz-border-radius-topleft:3px}.pagination-mini ul>li:last-child>a,.pagination-small ul>li:last-child>a,.pagination-mini ul>li:last-child>span,.pagination-small ul>li:last-child>span{-webkit-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-border-bottom-right-radius:3px;border-bottom-right-radius:3px;-moz-border-radius-topright:3px;-moz-border-radius-bottomright:3px}.pagination-small ul>li>a,.pagination-small ul>li>span{padding:2px 10px;font-size:11.9px}.pagination-mini ul>li>a,.pagination-mini ul>li>span{padding:0 6px;font-size:10.5px}.pager{margin:20px 0;text-align:center;list-style:none;*zoom:1}.pager:before,.pager:after{display:table;line-height:0;content:""}.pager:after{clear:both}.pager li{display:inline}.pager li>a,.pager li>span{display:inline-block;padding:5px 14px;background-color:#fff;border:1px solid #ddd;-webkit-border-radius:15px;-moz-border-radius:15px;border-radius:15px}.pager li>a:hover,.pager li>a:focus{text-decoration:none;background-color:#f5f5f5}.pager .next>a,.pager .next>span{float:right}.pager .previous>a,.pager .previous>span{float:left}.pager .disabled>a,.pager .disabled>a:hover,.pager .disabled>a:focus,.pager .disabled>span{color:#999;cursor:default;background-color:#fff}.modal-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;background-color:#000}.modal-backdrop.fade{opacity:0}.modal-backdrop,.modal-backdrop.fade.in{opacity:.8;filter:alpha(opacity=80)}.modal{position:fixed;top:10%;left:50%;z-index:1050;width:560px;margin-left:-280px;background-color:#fff;border:1px solid #999;border:1px solid rgba(0,0,0,0.3);*border:1px solid #999;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;outline:0;-webkit-box-shadow:0 3px 7px rgba(0,0,0,0.3);-moz-box-shadow:0 3px 7px rgba(0,0,0,0.3);box-shadow:0 3px 7px rgba(0,0,0,0.3);-webkit-background-clip:padding-box;-moz-background-clip:padding-box;background-clip:padding-box}.modal.fade{top:-25%;-webkit-transition:opacity .3s linear,top .3s ease-out;-moz-transition:opacity .3s linear,top .3s ease-out;-o-transition:opacity .3s linear,top .3s ease-out;transition:opacity .3s linear,top .3s ease-out}.modal.fade.in{top:10%}.modal-header{padding:9px 15px;border-bottom:1px solid #eee}.modal-header .close{margin-top:2px}.modal-header h3{margin:0;line-height:30px}.modal-body{position:relative;max-height:400px;padding:15px;overflow-y:auto}.modal-form{margin-bottom:0}.modal-footer{padding:14px 15px 15px;margin-bottom:0;text-align:right;background-color:#f5f5f5;border-top:1px solid #ddd;-webkit-border-radius:0 0 6px 6px;-moz-border-radius:0 0 6px 6px;border-radius:0 0 6px 6px;*zoom:1;-webkit-box-shadow:inset 0 1px 0 #fff;-moz-box-shadow:inset 0 1px 0 #fff;box-shadow:inset 0 1px 0 #fff}.modal-footer:before,.modal-footer:after{display:table;line-height:0;content:""}.modal-footer:after{clear:both}.modal-footer .btn+.btn{margin-bottom:0;margin-left:5px}.modal-footer .btn-group .btn+.btn{margin-left:-1px}.modal-footer .btn-block+.btn-block{margin-left:0}.tooltip{position:absolute;z-index:1030;display:block;font-size:11px;line-height:1.4;opacity:0;filter:alpha(opacity=0);visibility:visible}.tooltip.in{opacity:.8;filter:alpha(opacity=80)}.tooltip.top{padding:5px 0;margin-top:-3px}.tooltip.right{padding:0 5px;margin-left:3px}.tooltip.bottom{padding:5px 0;margin-top:3px}.tooltip.left{padding:0 5px;margin-left:-3px}.tooltip-inner{max-width:200px;padding:8px;color:#fff;text-align:center;text-decoration:none;background-color:#000;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.tooltip-arrow{position:absolute;width:0;height:0;border-color:transparent;border-style:solid}.tooltip.top .tooltip-arrow{bottom:0;left:50%;margin-left:-5px;border-top-color:#000;border-width:5px 5px 0}.tooltip.right .tooltip-arrow{top:50%;left:0;margin-top:-5px;border-right-color:#000;border-width:5px 5px 5px 0}.tooltip.left .tooltip-arrow{top:50%;right:0;margin-top:-5px;border-left-color:#000;border-width:5px 0 5px 5px}.tooltip.bottom .tooltip-arrow{top:0;left:50%;margin-left:-5px;border-bottom-color:#000;border-width:0 5px 5px}.popover{position:absolute;top:0;left:0;z-index:1010;display:none;max-width:276px;padding:1px;text-align:left;white-space:normal;background-color:#fff;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.2);-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;-webkit-box-shadow:0 5px 10px rgba(0,0,0,0.2);-moz-box-shadow:0 5px 10px rgba(0,0,0,0.2);box-shadow:0 5px 10px rgba(0,0,0,0.2);-webkit-background-clip:padding-box;-moz-background-clip:padding;background-clip:padding-box}.popover.top{margin-top:-10px}.popover.right{margin-left:10px}.popover.bottom{margin-top:10px}.popover.left{margin-left:-10px}.popover-title{padding:8px 14px;margin:0;font-size:14px;font-weight:normal;line-height:18px;background-color:#f7f7f7;border-bottom:1px solid #ebebeb;-webkit-border-radius:5px 5px 0 0;-moz-border-radius:5px 5px 0 0;border-radius:5px 5px 0 0}.popover-title:empty{display:none}.popover-content{padding:9px 14px}.popover .arrow,.popover .arrow:after{position:absolute;display:block;width:0;height:0;border-color:transparent;border-style:solid}.popover .arrow{border-width:11px}.popover .arrow:after{border-width:10px;content:""}.popover.top .arrow{bottom:-11px;left:50%;margin-left:-11px;border-top-color:#999;border-top-color:rgba(0,0,0,0.25);border-bottom-width:0}.popover.top .arrow:after{bottom:1px;margin-left:-10px;border-top-color:#fff;border-bottom-width:0}.popover.right .arrow{top:50%;left:-11px;margin-top:-11px;border-right-color:#999;border-right-color:rgba(0,0,0,0.25);border-left-width:0}.popover.right .arrow:after{bottom:-10px;left:1px;border-right-color:#fff;border-left-width:0}.popover.bottom .arrow{top:-11px;left:50%;margin-left:-11px;border-bottom-color:#999;border-bottom-color:rgba(0,0,0,0.25);border-top-width:0}.popover.bottom .arrow:after{top:1px;margin-left:-10px;border-bottom-color:#fff;border-top-width:0}.popover.left .arrow{top:50%;right:-11px;margin-top:-11px;border-left-color:#999;border-left-color:rgba(0,0,0,0.25);border-right-width:0}.popover.left .arrow:after{right:1px;bottom:-10px;border-left-color:#fff;border-right-width:0}.thumbnails{margin-left:-20px;list-style:none;*zoom:1}.thumbnails:before,.thumbnails:after{display:table;line-height:0;content:""}.thumbnails:after{clear:both}.row-fluid .thumbnails{margin-left:0}.thumbnails>li{float:left;margin-bottom:20px;margin-left:20px}.thumbnail{display:block;padding:4px;line-height:20px;border:1px solid #ddd;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:0 1px 3px rgba(0,0,0,0.055);-moz-box-shadow:0 1px 3px rgba(0,0,0,0.055);box-shadow:0 1px 3px rgba(0,0,0,0.055);-webkit-transition:all .2s ease-in-out;-moz-transition:all .2s ease-in-out;-o-transition:all .2s ease-in-out;transition:all .2s ease-in-out}a.thumbnail:hover,a.thumbnail:focus{border-color:#08c;-webkit-box-shadow:0 1px 4px rgba(0,105,214,0.25);-moz-box-shadow:0 1px 4px rgba(0,105,214,0.25);box-shadow:0 1px 4px rgba(0,105,214,0.25)}.thumbnail>img{display:block;max-width:100%;margin-right:auto;margin-left:auto}.thumbnail .caption{padding:9px;color:#555}.media,.media-body{overflow:hidden;*overflow:visible;zoom:1}.media,.media .media{margin-top:15px}.media:first-child{margin-top:0}.media-object{display:block}.media-heading{margin:0 0 5px}.media>.pull-left{margin-right:10px}.media>.pull-right{margin-left:10px}.media-list{margin-left:0;list-style:none}.label,.badge{display:inline-block;padding:2px 4px;font-size:11.844px;font-weight:bold;line-height:14px;color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);white-space:nowrap;vertical-align:baseline;background-color:#999}.label{-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px}.badge{padding-right:9px;padding-left:9px;-webkit-border-radius:9px;-moz-border-radius:9px;border-radius:9px}.label:empty,.badge:empty{display:none}a.label:hover,a.label:focus,a.badge:hover,a.badge:focus{color:#fff;text-decoration:none;cursor:pointer}.label-important,.badge-important{background-color:#b94a48}.label-important[href],.badge-important[href]{background-color:#953b39}.label-warning,.badge-warning{background-color:#f89406}.label-warning[href],.badge-warning[href]{background-color:#c67605}.label-success,.badge-success{background-color:#468847}.label-success[href],.badge-success[href]{background-color:#356635}.label-info,.badge-info{background-color:#3a87ad}.label-info[href],.badge-info[href]{background-color:#2d6987}.label-inverse,.badge-inverse{background-color:#333}.label-inverse[href],.badge-inverse[href]{background-color:#1a1a1a}.btn .label,.btn .badge{position:relative;top:-1px}.btn-mini .label,.btn-mini .badge{top:0}@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-moz-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-ms-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-o-keyframes progress-bar-stripes{from{background-position:0 0}to{background-position:40px 0}}@keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}.progress{height:20px;margin-bottom:20px;overflow:hidden;background-color:#f7f7f7;background-image:-moz-linear-gradient(top,#f5f5f5,#f9f9f9);background-image:-webkit-gradient(linear,0 0,0 100%,from(#f5f5f5),to(#f9f9f9));background-image:-webkit-linear-gradient(top,#f5f5f5,#f9f9f9);background-image:-o-linear-gradient(top,#f5f5f5,#f9f9f9);background-image:linear-gradient(to bottom,#f5f5f5,#f9f9f9);background-repeat:repeat-x;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff5f5f5',endColorstr='#fff9f9f9',GradientType=0);-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1);-moz-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1);box-shadow:inset 0 1px 2px rgba(0,0,0,0.1)}.progress .bar{float:left;width:0;height:100%;font-size:12px;color:#fff;text-align:center;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#0e90d2;background-image:-moz-linear-gradient(top,#149bdf,#0480be);background-image:-webkit-gradient(linear,0 0,0 100%,from(#149bdf),to(#0480be));background-image:-webkit-linear-gradient(top,#149bdf,#0480be);background-image:-o-linear-gradient(top,#149bdf,#0480be);background-image:linear-gradient(to bottom,#149bdf,#0480be);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff149bdf',endColorstr='#ff0480be',GradientType=0);-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);-moz-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;-webkit-transition:width .6s ease;-moz-transition:width .6s ease;-o-transition:width .6s ease;transition:width .6s ease}.progress .bar+.bar{-webkit-box-shadow:inset 1px 0 0 rgba(0,0,0,0.15),inset 0 -1px 0 rgba(0,0,0,0.15);-moz-box-shadow:inset 1px 0 0 rgba(0,0,0,0.15),inset 0 -1px 0 rgba(0,0,0,0.15);box-shadow:inset 1px 0 0 rgba(0,0,0,0.15),inset 0 -1px 0 rgba(0,0,0,0.15)}.progress-striped .bar{background-color:#149bdf;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);-webkit-background-size:40px 40px;-moz-background-size:40px 40px;-o-background-size:40px 40px;background-size:40px 40px}.progress.active .bar{-webkit-animation:progress-bar-stripes 2s linear infinite;-moz-animation:progress-bar-stripes 2s linear infinite;-ms-animation:progress-bar-stripes 2s linear infinite;-o-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-danger .bar,.progress .bar-danger{background-color:#dd514c;background-image:-moz-linear-gradient(top,#ee5f5b,#c43c35);background-image:-webkit-gradient(linear,0 0,0 100%,from(#ee5f5b),to(#c43c35));background-image:-webkit-linear-gradient(top,#ee5f5b,#c43c35);background-image:-o-linear-gradient(top,#ee5f5b,#c43c35);background-image:linear-gradient(to bottom,#ee5f5b,#c43c35);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffee5f5b',endColorstr='#ffc43c35',GradientType=0)}.progress-danger.progress-striped .bar,.progress-striped .bar-danger{background-color:#ee5f5b;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-success .bar,.progress .bar-success{background-color:#5eb95e;background-image:-moz-linear-gradient(top,#62c462,#57a957);background-image:-webkit-gradient(linear,0 0,0 100%,from(#62c462),to(#57a957));background-image:-webkit-linear-gradient(top,#62c462,#57a957);background-image:-o-linear-gradient(top,#62c462,#57a957);background-image:linear-gradient(to bottom,#62c462,#57a957);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff62c462',endColorstr='#ff57a957',GradientType=0)}.progress-success.progress-striped .bar,.progress-striped .bar-success{background-color:#62c462;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-info .bar,.progress .bar-info{background-color:#4bb1cf;background-image:-moz-linear-gradient(top,#5bc0de,#339bb9);background-image:-webkit-gradient(linear,0 0,0 100%,from(#5bc0de),to(#339bb9));background-image:-webkit-linear-gradient(top,#5bc0de,#339bb9);background-image:-o-linear-gradient(top,#5bc0de,#339bb9);background-image:linear-gradient(to bottom,#5bc0de,#339bb9);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de',endColorstr='#ff339bb9',GradientType=0)}.progress-info.progress-striped .bar,.progress-striped .bar-info{background-color:#5bc0de;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-warning .bar,.progress .bar-warning{background-color:#faa732;background-image:-moz-linear-gradient(top,#fbb450,#f89406);background-image:-webkit-gradient(linear,0 0,0 100%,from(#fbb450),to(#f89406));background-image:-webkit-linear-gradient(top,#fbb450,#f89406);background-image:-o-linear-gradient(top,#fbb450,#f89406);background-image:linear-gradient(to bottom,#fbb450,#f89406);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffbb450',endColorstr='#fff89406',GradientType=0)}.progress-warning.progress-striped .bar,.progress-striped .bar-warning{background-color:#fbb450;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.accordion{margin-bottom:20px}.accordion-group{margin-bottom:2px;border:1px solid #e5e5e5;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.accordion-heading{border-bottom:0}.accordion-heading .accordion-toggle{display:block;padding:8px 15px}.accordion-toggle{cursor:pointer}.accordion-inner{padding:9px 15px;border-top:1px solid #e5e5e5}.carousel{position:relative;margin-bottom:20px;line-height:1}.carousel-inner{position:relative;width:100%;overflow:hidden}.carousel-inner>.item{position:relative;display:none;-webkit-transition:.6s ease-in-out left;-moz-transition:.6s ease-in-out left;-o-transition:.6s ease-in-out left;transition:.6s ease-in-out left}.carousel-inner>.item>img,.carousel-inner>.item>a>img{display:block;line-height:1}.carousel-inner>.active,.carousel-inner>.next,.carousel-inner>.prev{display:block}.carousel-inner>.active{left:0}.carousel-inner>.next,.carousel-inner>.prev{position:absolute;top:0;width:100%}.carousel-inner>.next{left:100%}.carousel-inner>.prev{left:-100%}.carousel-inner>.next.left,.carousel-inner>.prev.right{left:0}.carousel-inner>.active.left{left:-100%}.carousel-inner>.active.right{left:100%}.carousel-control{position:absolute;top:40%;left:15px;width:40px;height:40px;margin-top:-20px;font-size:60px;font-weight:100;line-height:30px;color:#fff;text-align:center;background:#222;border:3px solid #fff;-webkit-border-radius:23px;-moz-border-radius:23px;border-radius:23px;opacity:.5;filter:alpha(opacity=50)}.carousel-control.right{right:15px;left:auto}.carousel-control:hover,.carousel-control:focus{color:#fff;text-decoration:none;opacity:.9;filter:alpha(opacity=90)}.carousel-indicators{position:absolute;top:15px;right:15px;z-index:5;margin:0;list-style:none}.carousel-indicators li{display:block;float:left;width:10px;height:10px;margin-left:5px;text-indent:-999px;background-color:#ccc;background-color:rgba(255,255,255,0.25);border-radius:5px}.carousel-indicators .active{background-color:#fff}.carousel-caption{position:absolute;right:0;bottom:0;left:0;padding:15px;background:#333;background:rgba(0,0,0,0.75)}.carousel-caption h4,.carousel-caption p{line-height:20px;color:#fff}.carousel-caption h4{margin:0 0 5px}.carousel-caption p{margin-bottom:0}.hero-unit{padding:60px;margin-bottom:30px;font-size:18px;font-weight:200;line-height:30px;color:inherit;background-color:#eee;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px}.hero-unit h1{margin-bottom:0;font-size:60px;line-height:1;letter-spacing:-1px;color:inherit}.hero-unit li{line-height:30px}.pull-right{float:right}.pull-left{float:left}.hide{display:none}.show{display:block}.invisible{visibility:hidden}.affix{position:fixed} diff --git a/docs/theme/docker/static/css/main.css b/docs/theme/docker/static/css/main.css deleted file mode 100755 index ce4ba7b869..0000000000 --- a/docs/theme/docker/static/css/main.css +++ /dev/null @@ -1,477 +0,0 @@ -.debug { - border: 2px dotted red !important; - box-sizing: border-box; - -moz-box-sizing: border-box; -} -body { - min-width: 940px; - font-family: "Cabin", "Helvetica Neue", Helvetica, Arial, sans-serif; -} -p a { - text-decoration: underline; -} -p a.btn { - text-decoration: none; -} -.brand.logo a { - text-decoration: none; -} -.navbar .navbar-inner { - padding-left: 0px; - padding-right: 0px; -} -.navbar .nav li a { - padding: 24.2857142855px 17px 24.2857142855px; - color: #777777; - text-decoration: none; - text-shadow: 0 1px 0 #f2f2f2; -} -.navbar .nav > li { - float: left; -} -.nav-underline { - height: 6px; - background-color: #71afc0; -} -.nav-login li a { - color: white; - padding: 10px 15px 10px; -} -.navbar .brand { - margin-left: 0px; - float: left; - display: block; -} -.navbar-inner { - min-height: 70px; - padding-left: 20px; - padding-right: 20px; - background-color: #ededed; - background-image: -moz-linear-gradient(top, #f2f2f2, #e5e5e5); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#f2f2f2), to(#e5e5e5)); - background-image: -webkit-linear-gradient(top, #f2f2f2, #e5e5e5); - background-image: -o-linear-gradient(top, #f2f2f2, #e5e5e5); - background-image: linear-gradient(to bottom, #f2f2f2, #e5e5e5); - background-repeat: repeat-x; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2f2f2', endColorstr='#ffe5e5e5', GradientType=0); - border: 1px solid #c7c7c7; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; - -webkit-box-shadow: 0 1px 4px rgba(0, 0, 0, 0.065); - -moz-box-shadow: 0 1px 4px rgba(0, 0, 0, 0.065); - box-shadow: 0 1px 4px rgba(0, 0, 0, 0.065); -} -.brand-logo a { - color: white; -} -.brand-logo a img { - width: auto; -} -.inline-icon { - margin-bottom: 6px; -} -.row { - margin-top: 15px; - margin-bottom: 15px; -} -div[class*='span'] { - -moz-box-sizing: border-box; - box-sizing: border-box; -} -.box { - padding: 30px; - background-color: white; - margin-top: 8px; -} -.paper { - background-color: white; - padding-top: 30px; - padding-bottom: 30px; -} -.copy-headline { - margin-top: 0px; -} -.box h1, -.box h2, -.box h3, -.box h4 { - margin-top: -5px; -} -.nested { - padding: 30px; -} -.box.div { - padding: 30px; -} -span.read-more { - margin-left: 15px; - white-space: nowrap; -} -.forcetopalign { - margin-top: 15px !important; -} -.forcetopmargin { - margin-top: 23px !important; -} -.forceleftalign { - margin-left: 15px !important; -} -.forceleftmargin { - margin-left: 21px !important; -} -.textcenter { - text-align: center; -} -.textright { - text-align: right; -} -.textsmaller { - font-size: 12px; -} -.modal-backdrop { - opacity: 0.4; -} -/* generic page copy styles */ -.copy-headline h1 { - font-size: 21px; -} -/* ======================= - Sticky footer -======================= */ -html, -body { - height: 100%; - /* The html and body elements cannot have any padding or margin. */ - -} -/* Wrapper for page content to push down footer */ -#wrap { - min-height: 100%; - height: auto !important; - height: 100%; - /* Negative indent footer by it's height */ - - margin: 0 auto -280px; -} -/* Set the fixed height of the footer here */ -#push-the-footer, -#footer { - height: 280px; -} -.main-row { - padding-top: 50px; -} -#footer .footer { - margin-top: 160px; -} -#footer .footer .ligaturesymbols { - font-size: 30px; - color: black; -} -#footer .footer .ligaturesymbols a { - color: black; -} -#footer .footer .footerlist h3, -#footer .footer .footerlist h4 { - /* correct the top alignment */ - - margin-top: 0px; -} -.footer-landscape-image { - position: absolute: - bottom: 0; - margin-bottom: 0; - background-image: url('https://www.docker.io/static/img/website-footer_clean.svg'); - background-repeat: repeat-x; - height: 280px; -} -.main-row { - margin-top: 40px; -} -.sidebar { - width: 215px; - float: left; -} -.main-content { - padding: 16px 18px inherit; - margin-left: 230px; - /* space for sidebar */ - -} -/* ======================= - Social footer -======================= */ -.social { - margin-left: 0px; - margin-top: 15px; -} -.social .twitter, -.social .github, -.social .googleplus, -.social .facebook, -.social .slideshare, -.social .linkedin, -.social .flickr, -.social .youtube, -.social .reddit { - background: url("../img/social/docker_social_logos.png") no-repeat transparent; - display: inline-block; - height: 32px; - overflow: hidden; - text-indent: 9999px; - width: 32px; - margin-right: 5px; -} -.social :hover { - -webkit-transform: rotate(-10deg); - -moz-transform: rotate(-10deg); - -o-transform: rotate(-10deg); - -ms-transform: rotate(-10deg); - transform: rotate(-10deg); -} -.social .twitter { - background-position: -160px 0px; -} -.social .reddit { - background-position: -256px 0px; -} -.social .github { - background-position: -64px 0px; -} -.social .googleplus { - background-position: -96px 0px; -} -.social .facebook { - background-position: 0px 0px; -} -.social .slideshare { - background-position: -128px 0px; -} -.social .youtube { - background-position: -192px 0px; -} -.social .flickr { - background-position: -32px 0px; -} -.social .linkedin { - background-position: -224px 0px; -} -form table th { - vertical-align: top; - text-align: right; - white-space: nowrap; -} -form .labeldd label { - font-weight: bold; -} -form .helptext { - font-size: 12px; - margin-top: -4px; - margin-bottom: 10px; -} -form .fielddd input { - width: 250px; -} -form .error { - color: #a30000; -} -div.alert.alert-block { - margin-bottom: 15px; -} -/* ======================= ======================= - Documentation -========================= ========================= */ -/* ======================= - Styles for the sidebar -========================= */ -.page-title { - background-color: white; - border: 1px solid transparent; - text-align: center; - width: 100%; -} -.page-title h4 { - font-size: 20px; -} -.bs-docs-sidebar { - padding-left: 5px; - max-width: 100%; - box-sizing: border-box; - -moz-box-sizing: border-box; - margin-top: 18px; -} -.bs-docs-sidebar ul { - list-style: none; - margin-left: 0px; -} -.bs-docs-sidebar .toctree-l2 > ul { - width: 100%; -} -.bs-docs-sidebar ul > li.toctree-l1.has-children { - background-image: url('../img/menu_arrow_right.gif'); - background-repeat: no-repeat; - background-position: 13px 13px; - list-style-type: none; - padding: 0px 0px 0px 0px; - vertical-align: middle; -} -.bs-docs-sidebar ul > li.toctree-l1.has-children.open { - background-image: url('../img/menu_arrow_down.gif'); -} -.bs-docs-sidebar ul > li > a { - box-sizing: border-box; - -moz-box-sizing: border-box; - width: 100%; - display: inline-block; - padding-top: 8px; - padding-bottom: 8px; - padding-left: 35px; - padding-right: 20px; - font-size: 14px; - border-bottom: 1.5px solid #595959; - line-height: 20px; -} -.bs-docs-sidebar ul > li:first-child.active > a { - border-top: 1.5px solid #595959; -} -.bs-docs-sidebar ul > li:last-child > a { - border-bottom: none; -} -.bs-docs-sidebar ul > li:last-child.active > a { - border-bottom: 1.5px solid #595959; -} -.bs-docs-sidebar ul > li.active > a { - border-right: 1.5px solid #595959; - border-left: 1.5px solid #595959; - color: #394d54; -} -.bs-docs-sidebar ul > li:hover { - background-color: #e8e8e8; -} -.bs-docs-sidebar.toctree-l3 ul { - display: inherit; - margin-left: 15px; - font-size: smaller; -} -.bs-docs-sidebar .toctree-l3 a { - border: none; - font-size: 12px; - line-height: 15px; -} -.bs-docs-sidebar ul > li > ul { - display: none; -} -.bs-docs-sidebar ul > li.current > ul { - display: inline-block; - padding-left: 0px; - width: 100%; -} -.toctree-l2.current > a { - font-weight: bold; -} -.toctree-l2.current { - border: 1.5px solid #595959; - color: #394d54; -} -/* ===================================== - Styles for the floating version widget -====================================== */ -.version-flyer { - position: fixed; - float: right; - right: 0; - bottom: 40px; - background-color: #E0E0E0; - border: 1px solid #88BABC; - padding: 5px; - font-size: larger; - max-width: 300px; -} -.version-flyer .content { - padding-right: 45px; - margin-top: 7px; - margin-left: 7px; - background-image: url('../img/container3.png'); - background-position: right center; - background-repeat: no-repeat; -} -.version-flyer .active-slug { - visibility: visible; - display: inline-block; - font-weight: bolder; -} -.version-flyer:hover .alternative { - animation-duration: 1s; - display: inline-block; -} -.version-flyer .version-note { - font-size: 16px; - color: black; -} -/* ===================================== - Styles for -====================================== */ -h1:hover > a.headerlink, -h2:hover > a.headerlink, -h3:hover > a.headerlink, -h4:hover > a.headerlink, -h5:hover > a.headerlink, -h6:hover > a.headerlink, -dt:hover > a.headerlink { - visibility: visible; -} -.headerlink { - font-size: smaller; - color: #666; - font-weight: bold; - float: right; - visibility: hidden; -} -h2, h3, h4, h5, h6 { - margin-top: 0.7em; -} -/* ===================================== - Miscellaneous information -====================================== */ -.admonition.warning, -.admonition.note, -.admonition.seealso, -.admonition.todo { - border: 3px solid black; - padding: 10px; - margin: 5px auto 10px; -} -.admonition .admonition-title { - font-size: larger; -} -.admonition.warning, -.admonition.danger { - border-color: #ac0004; -} -.admonition.note { - border-color: #cbc200; -} -.admonition.todo { - border-color: orange; -} -.admonition.seealso { - border-color: #23cb1f; -} -/* Add styles for other types of comments */ -.versionchanged, -.versionadded, -.versionmodified, -.deprecated { - font-size: larger; - font-weight: bold; -} -.versionchanged { - color: lightseagreen; -} -.versionadded { - color: mediumblue; -} -.deprecated { - color: orangered; -} diff --git a/docs/theme/docker/static/css/main.less b/docs/theme/docker/static/css/main.less deleted file mode 100644 index e248e21c08..0000000000 --- a/docs/theme/docker/static/css/main.less +++ /dev/null @@ -1,691 +0,0 @@ -// Main CSS configuration file -// by Thatcher Peskens, thatcher@dotcloud.com -// -// Please note variables.less is customized to include custom font, background-color, and link colors. - - -@import "variables.less"; - -// Variables for main.less -// ----------------------- - -@box-top-margin: 8px; -@box-padding-size: 30px; -@docker-background-color: #71AFC0; -@very-dark-sea-green: #394D54; - -// Custom colors for Docker -// -------------------------- -@gray-super-light: #F2F2F2; -@deep-red: #A30000; -@deep-blue: #1B2033; -@deep-green: #007035; -@link-blue: #213B8F; - - -.debug { - border: 2px dotted red !important; - box-sizing: border-box; - -moz-box-sizing: border-box; -} - - -// Other custom colors for Docker -// -------------------------- - -// ** are defined in sources/less/variables ** -//@import "bootstrap/variables.less"; - - -// Styles generic for each and every page -// ----------------------------------- // ----------------------------------- - - -// moving body down to make place for fixed navigation -body { - min-width: 940px; - font-family: @font-family-base; - -} - - -p a { - text-decoration: underline; - - &.btn { - text-decoration: none; - } - -} - -.brand.logo a { - text-decoration: none; -} - -// Styles for top navigation -// ---------------------------------- -.navbar .navbar-inner { - padding-left: 0px; - padding-right: 0px; -} - -.navbar .nav { - li a { - padding: ((@navbar-height - @line-height-base) / 2) 17px ((@navbar-height - @line-height-base) / 2); - color: #777777; - text-decoration: none; - text-shadow: 0 1px 0 #f2f2f2; - } -} - - -.navbar .nav > li { - float: left; -} - -.nav-underline { - height: 6px; - background-color: @docker-background-color; -} - -.nav-login { - li { - a { - color: white; - padding: 10px 15px 10px; - } - } -} - - -.navbar .brand { - margin-left: 0px; - float: left; - display: block; -} - -.navbar-inner { - min-height: 70px; - padding-left: 20px; - padding-right: 20px; - background-color: #ededed; - background-image: -moz-linear-gradient(top, #f2f2f2, #e5e5e5); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#f2f2f2), to(#e5e5e5)); - background-image: -webkit-linear-gradient(top, #f2f2f2, #e5e5e5); - background-image: -o-linear-gradient(top, #f2f2f2, #e5e5e5); - background-image: linear-gradient(to bottom, #f2f2f2, #e5e5e5); - background-repeat: repeat-x; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2f2f2', endColorstr='#ffe5e5e5', GradientType=0); - border: 1px solid #c7c7c7; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; - -webkit-box-shadow: 0 1px 4px rgba(0, 0, 0, 0.065); - -moz-box-shadow: 0 1px 4px rgba(0, 0, 0, 0.065); - box-shadow: 0 1px 4px rgba(0, 0, 0, 0.065); -} - -.brand-logo a { - color: white; - img { - width: auto; - } -} - -.logo { -// background-color: #A30000; -// color: white; -} - -.inline-icon { - margin-bottom: 6px; -} - -// Bootstrap elements -// ---------------------------------- - -.row { - margin-top: 15px; - margin-bottom: 15px; -} - -.container { - // background-color: green; -} - -// Styles on blocks of content -// ---------------------------------- - -// everything which is a block should have box-sizing: border-box; - -div[class*='span'] -{ - -moz-box-sizing: border-box; - box-sizing: border-box; -} - - -// Box for making white with a border, and some nice spacings -.box { - padding: @box-padding-size; - background-color: white; - margin-top: @box-top-margin; -} - -.paper { - background-color: white; - padding-top: 30px; - padding-bottom: 30px; -} - -.copy-headline { - margin-top: 0px; -// border-bottom: 1.2px solid @veryDarkSeaGreen; -} - -.box { - h1, h2, h3, h4 { - margin-top: -5px; - } -} - -.nested { - padding: @box-padding-size; -} - -.box.div { - padding: @box-padding-size; -} - -span.read-more { - margin-left: 15px; - white-space: nowrap; -} - - -// set a top margin of @box-top-margin + 8 px to make it show a margin -//instead of the div being flush against the side. Typically only -// required for a stacked div in a column, w.o. using row. -.forcetopalign { - margin-top: 15px !important; -} -.forcetopmargin { - margin-top: 23px !important; -} -.forceleftalign { - margin-left: 15px !important; -} -.forceleftmargin { - margin-left: 21px !important; -} - - -// simple text aligns -.textcenter { - text-align: center; -} - -.textright { - text-align: right; -} - -.textsmaller { - font-size: @font-size-small; -} - -.modal-backdrop { - opacity: 0.4; -} - - -/* generic page copy styles */ - -.copy-headline h1 { - font-size: 21px; -} - - -/* ======================= - Sticky footer -======================= */ - -@sticky-footer-height: 280px; - -html, -body { - height: 100%; - /* The html and body elements cannot have any padding or margin. */ -} - -/* Wrapper for page content to push down footer */ -#wrap { - min-height: 100%; - height: auto !important; - height: 100%; - /* Negative indent footer by it's height */ - margin: 0 auto -@sticky-footer-height; -} - -/* Set the fixed height of the footer here */ -#push-the-footer, -#footer { - height: @sticky-footer-height; -} - -#footer { -// margin-bottom: -60px; -// margin-top: 160px; -} - -.main-row { - padding-top: @navbar-height; -} - - -// Styles on the footer -// ---------------------------------- - -// -#footer .footer { - margin-top: 160px; - .ligaturesymbols { - font-size: 30px; - color: black; - a { - color: black; - } - } - - .footerlist { - h3, h4 { - /* correct the top alignment */ - margin-top: 0px; - } - } - -} - -.footer-landscape-image { - position: absolute: - bottom: 0; - margin-bottom: 0; - background-image: url('https://www.docker.io/static/img/website-footer_clean.svg'); - background-repeat: repeat-x; - height: @sticky-footer-height; -} - -.main-row { - margin-top: 40px; -} - -.sidebar { - width: 215px; - float: left; -} - -.main-content { - padding: 16px 18px inherit; - margin-left: 230px; /* space for sidebar */ -} - - - -/* ======================= - Social footer -======================= */ - -.social { - margin-left: 0px; - margin-top: 15px; -} - -.social { - .twitter, .github, .googleplus, .facebook, .slideshare, .linkedin, .flickr, .youtube, .reddit { - background: url("../img/social/docker_social_logos.png") no-repeat transparent; - display: inline-block; - height: 32px; - overflow: hidden; - text-indent: 9999px; - width: 32px; - margin-right: 5px; - } -} - -.social :hover { - -webkit-transform: rotate(-10deg); - -moz-transform: rotate(-10deg); - -o-transform: rotate(-10deg); - -ms-transform: rotate(-10deg); - transform: rotate(-10deg); -} - -.social .twitter { - background-position: -160px 0px; -} - -.social .reddit { - background-position: -256px 0px; -} - -.social .github { - background-position: -64px 0px; -} - -.social .googleplus { - background-position: -96px 0px; -} - -.social .facebook { - background-position: -0px 0px; -} - -.social .slideshare { - background-position: -128px 0px; -} - -.social .youtube { - background-position: -192px 0px; -} - -.social .flickr { - background-position: -32px 0px; -} - -.social .linkedin { - background-position: -224px 0px; -} - - - -// Styles on the forms -// ---------------------------------- - -form table { - th { - vertical-align: top; - text-align: right; - white-space: nowrap; - } -} - -form { - .labeldd label { - font-weight: bold; - } - - .helptext { - font-size: @font-size-small; - margin-top: -4px; - margin-bottom: 10px; - } - - .fielddd input { - width: 250px; - } - - .error { - color: @deep-red; - } - - [type=submit] { -// margin-top: -8px; - } -} - -div.alert.alert-block { - margin-bottom: 15px; -} - -/* ======================= ======================= - Documentation -========================= ========================= */ - - -/* ======================= - Styles for the sidebar -========================= */ - - -@sidebar-navigation-border: 1.5px solid #595959; -@sidebar-navigation-width: 225px; - - -.page-title { - // border-bottom: 1px solid #bbbbbb; - background-color: white; - border: 1px solid transparent; - text-align: center; - width: 100%; - h4 { - font-size: 20px; - } -} - -.bs-docs-sidebar { - padding-left: 5px; - max-width: 100%; - box-sizing: border-box; - -moz-box-sizing: border-box; - margin-top: 18px; - - ul { - list-style: none; - margin-left: 0px; - } - - .toctree-l2 > ul { - width: 100%; - } - - ul > li { - &.toctree-l1.has-children { - background-image: url('../img/menu_arrow_right.gif'); - background-repeat: no-repeat; - background-position: 13px 13px; - list-style-type: none; - // margin-left: px; - padding: 0px 0px 0px 0px; - vertical-align: middle; - - &.open { - background-image: url('../img/menu_arrow_down.gif'); - } - } - - & > a { - box-sizing: border-box; - -moz-box-sizing: border-box; - width: 100%; - display:inline-block; - padding-top: 8px; - padding-bottom: 8px; - padding-left: 35px; - padding-right: 20px; - font-size: @font-size-base; - border-bottom: @sidebar-navigation-border; - line-height: 20px; - } - - &:first-child.active > a { - border-top: @sidebar-navigation-border; - } - - &:last-child > a { - border-bottom: none; - } - - &:last-child.active > a { - border-bottom: @sidebar-navigation-border; - } - - &.active > a { - border-right: @sidebar-navigation-border; - border-left: @sidebar-navigation-border; - color: @very-dark-sea-green; - } - - &:hover { - background-color: #e8e8e8; - } - } - - &.toctree-l3 ul { - display: inherit; - - margin-left: 15px; - font-size: smaller; - } - - .toctree-l3 a { - border: none; - font-size: 12px; - line-height: 15px; - } - - ul > li > ul { - display: none; - } - - ul > li.current > ul { - display: inline-block; - padding-left: 0px; - width: 100%; - } -} - -.toctree-l2 { - &.current > a { - font-weight: bold; - } - &.current { - border: 1.5px solid #595959; - color: #394d54; - } -} - - -/* ===================================== - Styles for the floating version widget -====================================== */ - -.version-flyer { - position: fixed; - float: right; - right: 0; - bottom: 40px; - background-color: #E0E0E0; - border: 1px solid #88BABC; - padding: 5px; - font-size: larger; - max-width: 300px; - - .content { - padding-right: 45px; - margin-top: 7px; - margin-left: 7px; - background-image: url('../img/container3.png'); - background-position: right center; - background-repeat: no-repeat; - } - - .alternative { - } - - .active-slug { - visibility: visible; - display: inline-block; - font-weight: bolder; - } - - &:hover .alternative { - animation-duration: 1s; - display: inline-block; - } - - .version-note { - font-size: 16px; - color: black; - } - -} - -/* ===================================== - Styles for -====================================== */ - -h1:hover > a.headerlink, -h2:hover > a.headerlink, -h3:hover > a.headerlink, -h4:hover > a.headerlink, -h5:hover > a.headerlink, -h6:hover > a.headerlink, -dt:hover > a.headerlink { - visibility: visible; -} - -.headerlink { - font-size: smaller; - color: #666; - font-weight: bold; - float: right; - visibility: hidden; -} - -h2, h3, h4, h5, h6 { - margin-top: 0.7em; -} - -/* ===================================== - Miscellaneous information -====================================== */ - -.admonition { - &.warning, &.note, &.seealso, &.todo { - border: 3px solid black; - padding: 10px; - margin: 5px auto 10px; - } - - .admonition-title { - font-size: larger; - } - - &.warning, &.danger { - border-color: #ac0004; - } - - &.note { - border-color: #cbc200; - } - - &.todo { - border-color: orange; - } - - &.seealso { - border-color: #23cb1f; - } - -} - -/* Add styles for other types of comments */ - -.versionchanged, -.versionadded, -.versionmodified, -.deprecated { - font-size: larger; - font-weight: bold; -} - -.versionchanged { - color: lightseagreen; -} - -.versionadded { - color: mediumblue; -} - -.deprecated { - color: orangered; -} diff --git a/docs/theme/docker/static/css/variables.css b/docs/theme/docker/static/css/variables.css deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/docs/theme/docker/static/css/variables.less b/docs/theme/docker/static/css/variables.less deleted file mode 100644 index cc1d764364..0000000000 --- a/docs/theme/docker/static/css/variables.less +++ /dev/null @@ -1,622 +0,0 @@ -// -// Variables -// -------------------------------------------------- - - -// Global values -// -------------------------------------------------- - - -// Grays -// ------------------------- - -@gray-darker: lighten(#000, 13.5%); // #222 -@gray-dark: lighten(#000, 20%); // #333 -@gray: lighten(#000, 33.5%); // #555 -@gray-light: lighten(#000, 60%); // #999 -@gray-lighter: lighten(#000, 93.5%); // #eee - -// Brand colors -// ------------------------- - -@brand-primary: #428bca; -@brand-success: #5cb85c; -@brand-warning: #f0ad4e; -@brand-danger: #d9534f; -@brand-info: #5bc0de; - -// Scaffolding -// ------------------------- - -@body-bg: #fff; -@text-color: @gray-dark; - -// Links -// ------------------------- - -@link-color: @brand-primary; -@link-hover-color: darken(@link-color, 15%); - -// Typography -// ------------------------- - -@font-family-sans-serif: "Cabin", "Helvetica Neue", Helvetica, Arial, sans-serif; -@font-family-serif: Georgia, "Times New Roman", Times, serif; -@font-family-monospace: Monaco, Menlo, Consolas, "Courier New", monospace; -@font-family-base: @font-family-sans-serif; - -@font-size-base: 14px; -@font-size-large: ceil(@font-size-base * 1.25); // ~18px -@font-size-small: ceil(@font-size-base * 0.85); // ~12px - -@line-height-base: 1.428571429; // 20/14 -@line-height-computed: floor(@font-size-base * @line-height-base); // ~20px - -@headings-font-family: @font-family-base; -@headings-font-weight: 500; -@headings-line-height: 1.1; - -// Iconography -// ------------------------- - -@icon-font-path: "../fonts/"; -@icon-font-name: "glyphicons-halflings-regular"; - - -// Components -// ------------------------- -// Based on 14px font-size and 1.428 line-height (~20px to start) - -@padding-base-vertical: 6px; -@padding-base-horizontal: 12px; - -@padding-large-vertical: 10px; -@padding-large-horizontal: 16px; - -@padding-small-vertical: 5px; -@padding-small-horizontal: 10px; - -@line-height-large: 1.33; -@line-height-small: 1.5; - -@border-radius-base: 4px; -@border-radius-large: 6px; -@border-radius-small: 3px; - -@component-active-bg: @brand-primary; - -@caret-width-base: 4px; -@caret-width-large: 5px; - -// Tables -// ------------------------- - -@table-cell-padding: 8px; -@table-condensed-cell-padding: 5px; - -@table-bg: transparent; // overall background-color -@table-bg-accent: #f9f9f9; // for striping -@table-bg-hover: #f5f5f5; -@table-bg-active: @table-bg-hover; - -@table-border-color: #ddd; // table and cell border - - -// Buttons -// ------------------------- - -@btn-font-weight: normal; - -@btn-default-color: #333; -@btn-default-bg: #fff; -@btn-default-border: #ccc; - -@btn-primary-color: #fff; -@btn-primary-bg: @brand-primary; -@btn-primary-border: darken(@btn-primary-bg, 5%); - -@btn-success-color: #fff; -@btn-success-bg: @brand-success; -@btn-success-border: darken(@btn-success-bg, 5%); - -@btn-warning-color: #fff; -@btn-warning-bg: @brand-warning; -@btn-warning-border: darken(@btn-warning-bg, 5%); - -@btn-danger-color: #fff; -@btn-danger-bg: @brand-danger; -@btn-danger-border: darken(@btn-danger-bg, 5%); - -@btn-info-color: #fff; -@btn-info-bg: @brand-info; -@btn-info-border: darken(@btn-info-bg, 5%); - -@btn-link-disabled-color: @gray-light; - - -// Forms -// ------------------------- - -@input-bg: #fff; -@input-bg-disabled: @gray-lighter; - -@input-color: @gray; -@input-border: #ccc; -@input-border-radius: @border-radius-base; -@input-border-focus: #66afe9; - -@input-color-placeholder: @gray-light; - -@input-height-base: (@line-height-computed + (@padding-base-vertical * 2) + 2); -@input-height-large: (floor(@font-size-large * @line-height-large) + (@padding-large-vertical * 2) + 2); -@input-height-small: (floor(@font-size-small * @line-height-small) + (@padding-small-vertical * 2) + 2); - -@legend-color: @gray-dark; -@legend-border-color: #e5e5e5; - -@input-group-addon-bg: @gray-lighter; -@input-group-addon-border-color: @input-border; - - -// Dropdowns -// ------------------------- - -@dropdown-bg: #fff; -@dropdown-border: rgba(0,0,0,.15); -@dropdown-fallback-border: #ccc; -@dropdown-divider-bg: #e5e5e5; - -@dropdown-link-active-color: #fff; -@dropdown-link-active-bg: @component-active-bg; - -@dropdown-link-color: @gray-dark; -@dropdown-link-hover-color: #fff; -@dropdown-link-hover-bg: @dropdown-link-active-bg; - -@dropdown-link-disabled-color: @gray-light; - -@dropdown-header-color: @gray-light; - -@dropdown-caret-color: #000; - - -// COMPONENT VARIABLES -// -------------------------------------------------- - - -// Z-index master list -// ------------------------- -// Used for a bird's eye view of components dependent on the z-axis -// Try to avoid customizing these :) - -@zindex-navbar: 1000; -@zindex-dropdown: 1000; -@zindex-popover: 1010; -@zindex-tooltip: 1030; -@zindex-navbar-fixed: 1030; -@zindex-modal-background: 1040; -@zindex-modal: 1050; - -// Media queries breakpoints -// -------------------------------------------------- - -// Extra small screen / phone -@screen-xs: 480px; -@screen-phone: @screen-xs; - -// Small screen / tablet -@screen-sm: 768px; -@screen-tablet: @screen-sm; - -// Medium screen / desktop -@screen-md: 992px; -@screen-desktop: @screen-md; - -// Large screen / wide desktop -@screen-lg: 1600px; -@screen-lg-desktop: @screen-lg; - -// So media queries don't overlap when required, provide a maximum -@screen-xs-max: (@screen-sm - 1); -@screen-sm-max: (@screen-md - 1); -@screen-md-max: (@screen-lg - 1); - - -// Grid system -// -------------------------------------------------- - -// Number of columns in the grid system -@grid-columns: 12; -// Padding, to be divided by two and applied to the left and right of all columns -@grid-gutter-width: 30px; -// Point at which the navbar stops collapsing -@grid-float-breakpoint: @screen-desktop; - - -// Navbar -// ------------------------- - - -// Basics of a navbar -@navbar-height: 50px; -@navbar-margin-bottom: @line-height-computed; -@navbar-default-color: #777; -@navbar-default-bg: #f8f8f8; -@navbar-default-border: darken(@navbar-default-bg, 6.5%); -@navbar-border-radius: @border-radius-base; -@navbar-padding-horizontal: floor(@grid-gutter-width / 2); -@navbar-padding-vertical: ((@navbar-height - @line-height-computed) / 2); - -// Navbar links -@navbar-default-link-color: #777; -@navbar-default-link-hover-color: #333; -@navbar-default-link-hover-bg: transparent; -@navbar-default-link-active-color: #555; -@navbar-default-link-active-bg: darken(@navbar-default-bg, 6.5%); -@navbar-default-link-disabled-color: #ccc; -@navbar-default-link-disabled-bg: transparent; - -// Navbar brand label -@navbar-default-brand-color: @navbar-default-link-color; -@navbar-default-brand-hover-color: darken(@navbar-default-link-color, 10%); -@navbar-default-brand-hover-bg: transparent; - -// Navbar toggle -@navbar-default-toggle-hover-bg: #ddd; -@navbar-default-toggle-icon-bar-bg: #ccc; -@navbar-default-toggle-border-color: #ddd; - - -// Inverted navbar -// -// Reset inverted navbar basics -@navbar-inverse-color: @gray-light; -@navbar-inverse-bg: #222; -@navbar-inverse-border: darken(@navbar-inverse-bg, 10%); - -// Inverted navbar links -@navbar-inverse-link-color: @gray-light; -@navbar-inverse-link-hover-color: #fff; -@navbar-inverse-link-hover-bg: transparent; -@navbar-inverse-link-active-color: @navbar-inverse-link-hover-color; -@navbar-inverse-link-active-bg: darken(@navbar-inverse-bg, 10%); -@navbar-inverse-link-disabled-color: #444; -@navbar-inverse-link-disabled-bg: transparent; - -// Inverted navbar brand label -@navbar-inverse-brand-color: @navbar-inverse-link-color; -@navbar-inverse-brand-hover-color: #fff; -@navbar-inverse-brand-hover-bg: transparent; - -// Inverted navbar search -// Normal navbar needs no special styles or vars -@navbar-inverse-search-bg: lighten(@navbar-inverse-bg, 25%); -@navbar-inverse-search-bg-focus: #fff; -@navbar-inverse-search-border: @navbar-inverse-bg; -@navbar-inverse-search-placeholder-color: #ccc; - -// Inverted navbar toggle -@navbar-inverse-toggle-hover-bg: #333; -@navbar-inverse-toggle-icon-bar-bg: #fff; -@navbar-inverse-toggle-border-color: #333; - - -// Navs -// ------------------------- - -@nav-link-padding: 10px 15px; -@nav-link-hover-bg: @gray-lighter; - -@nav-disabled-link-color: @gray-light; -@nav-disabled-link-hover-color: @gray-light; - -@nav-open-link-hover-color: #fff; -@nav-open-caret-border-color: #fff; - -// Tabs -@nav-tabs-border-color: #ddd; - -@nav-tabs-link-hover-border-color: @gray-lighter; - -@nav-tabs-active-link-hover-bg: @body-bg; -@nav-tabs-active-link-hover-color: @gray; -@nav-tabs-active-link-hover-border-color: #ddd; - -@nav-tabs-justified-link-border-color: #ddd; -@nav-tabs-justified-active-link-border-color: @body-bg; - -// Pills -@nav-pills-active-link-hover-bg: @component-active-bg; -@nav-pills-active-link-hover-color: #fff; - - -// Pagination -// ------------------------- - -@pagination-bg: #fff; -@pagination-border: #ddd; - -@pagination-hover-bg: @gray-lighter; - -@pagination-active-bg: @brand-primary; -@pagination-active-color: #fff; - -@pagination-disabled-color: @gray-light; - - -// Pager -// ------------------------- - -@pager-border-radius: 15px; -@pager-disabled-color: @gray-light; - - -// Jumbotron -// ------------------------- - -@jumbotron-padding: 30px; -@jumbotron-color: inherit; -@jumbotron-bg: @gray-lighter; - -@jumbotron-heading-color: inherit; - - -// Form states and alerts -// ------------------------- - -@state-warning-text: #c09853; -@state-warning-bg: #fcf8e3; -@state-warning-border: darken(spin(@state-warning-bg, -10), 3%); - -@state-danger-text: #b94a48; -@state-danger-bg: #f2dede; -@state-danger-border: darken(spin(@state-danger-bg, -10), 3%); - -@state-success-text: #468847; -@state-success-bg: #dff0d8; -@state-success-border: darken(spin(@state-success-bg, -10), 5%); - -@state-info-text: #3a87ad; -@state-info-bg: #d9edf7; -@state-info-border: darken(spin(@state-info-bg, -10), 7%); - - -// Tooltips -// ------------------------- -@tooltip-max-width: 200px; -@tooltip-color: #fff; -@tooltip-bg: #000; - -@tooltip-arrow-width: 5px; -@tooltip-arrow-color: @tooltip-bg; - - -// Popovers -// ------------------------- -@popover-bg: #fff; -@popover-max-width: 276px; -@popover-border-color: rgba(0,0,0,.2); -@popover-fallback-border-color: #ccc; - -@popover-title-bg: darken(@popover-bg, 3%); - -@popover-arrow-width: 10px; -@popover-arrow-color: #fff; - -@popover-arrow-outer-width: (@popover-arrow-width + 1); -@popover-arrow-outer-color: rgba(0,0,0,.25); -@popover-arrow-outer-fallback-color: #999; - - -// Labels -// ------------------------- - -@label-default-bg: @gray-light; -@label-primary-bg: @brand-primary; -@label-success-bg: @brand-success; -@label-info-bg: @brand-info; -@label-warning-bg: @brand-warning; -@label-danger-bg: @brand-danger; - -@label-color: #fff; -@label-link-hover-color: #fff; - - -// Modals -// ------------------------- -@modal-inner-padding: 20px; - -@modal-title-padding: 15px; -@modal-title-line-height: @line-height-base; - -@modal-content-bg: #fff; -@modal-content-border-color: rgba(0,0,0,.2); -@modal-content-fallback-border-color: #999; - -@modal-backdrop-bg: #000; -@modal-header-border-color: #e5e5e5; -@modal-footer-border-color: @modal-header-border-color; - - -// Alerts -// ------------------------- -@alert-padding: 15px; -@alert-border-radius: @border-radius-base; -@alert-link-font-weight: bold; - -@alert-success-bg: @state-success-bg; -@alert-success-text: @state-success-text; -@alert-success-border: @state-success-border; - -@alert-info-bg: @state-info-bg; -@alert-info-text: @state-info-text; -@alert-info-border: @state-info-border; - -@alert-warning-bg: @state-warning-bg; -@alert-warning-text: @state-warning-text; -@alert-warning-border: @state-warning-border; - -@alert-danger-bg: @state-danger-bg; -@alert-danger-text: @state-danger-text; -@alert-danger-border: @state-danger-border; - - -// Progress bars -// ------------------------- -@progress-bg: #f5f5f5; -@progress-bar-color: #fff; - -@progress-bar-bg: @brand-primary; -@progress-bar-success-bg: @brand-success; -@progress-bar-warning-bg: @brand-warning; -@progress-bar-danger-bg: @brand-danger; -@progress-bar-info-bg: @brand-info; - - -// List group -// ------------------------- -@list-group-bg: #fff; -@list-group-border: #ddd; -@list-group-border-radius: @border-radius-base; - -@list-group-hover-bg: #f5f5f5; -@list-group-active-color: #fff; -@list-group-active-bg: @component-active-bg; -@list-group-active-border: @list-group-active-bg; - -@list-group-link-color: #555; -@list-group-link-heading-color: #333; - - -// Panels -// ------------------------- -@panel-bg: #fff; -@panel-inner-border: #ddd; -@panel-border-radius: @border-radius-base; -@panel-footer-bg: #f5f5f5; - -@panel-default-text: @gray-dark; -@panel-default-border: #ddd; -@panel-default-heading-bg: #f5f5f5; - -@panel-primary-text: #fff; -@panel-primary-border: @brand-primary; -@panel-primary-heading-bg: @brand-primary; - -@panel-success-text: @state-success-text; -@panel-success-border: @state-success-border; -@panel-success-heading-bg: @state-success-bg; - -@panel-warning-text: @state-warning-text; -@panel-warning-border: @state-warning-border; -@panel-warning-heading-bg: @state-warning-bg; - -@panel-danger-text: @state-danger-text; -@panel-danger-border: @state-danger-border; -@panel-danger-heading-bg: @state-danger-bg; - -@panel-info-text: @state-info-text; -@panel-info-border: @state-info-border; -@panel-info-heading-bg: @state-info-bg; - - -// Thumbnails -// ------------------------- -@thumbnail-padding: 4px; -@thumbnail-bg: @body-bg; -@thumbnail-border: #ddd; -@thumbnail-border-radius: @border-radius-base; - -@thumbnail-caption-color: @text-color; -@thumbnail-caption-padding: 9px; - - -// Wells -// ------------------------- -@well-bg: #f5f5f5; - - -// Badges -// ------------------------- -@badge-color: #fff; -@badge-link-hover-color: #fff; -@badge-bg: @gray-light; - -@badge-active-color: @link-color; -@badge-active-bg: #fff; - -@badge-font-weight: bold; -@badge-line-height: 1; -@badge-border-radius: 10px; - - -// Breadcrumbs -// ------------------------- -@breadcrumb-bg: #f5f5f5; -@breadcrumb-color: #ccc; -@breadcrumb-active-color: @gray-light; - - -// Carousel -// ------------------------ - -@carousel-text-shadow: 0 1px 2px rgba(0,0,0,.6); - -@carousel-control-color: #fff; -@carousel-control-width: 15%; -@carousel-control-opacity: .5; -@carousel-control-font-size: 20px; - -@carousel-indicator-active-bg: #fff; -@carousel-indicator-border-color: #fff; - -@carousel-caption-color: #fff; - - -// Close -// ------------------------ -@close-color: #000; -@close-font-weight: bold; -@close-text-shadow: 0 1px 0 #fff; - - -// Code -// ------------------------ -@code-color: #c7254e; -@code-bg: #f9f2f4; - -@pre-bg: #f5f5f5; -@pre-color: @gray-dark; -@pre-border-color: #ccc; -@pre-scrollable-max-height: 340px; - -// Type -// ------------------------ -@text-muted: @gray-light; -@abbr-border-color: @gray-light; -@headings-small-color: @gray-light; -@blockquote-small-color: @gray-light; -@blockquote-border-color: @gray-lighter; -@page-header-border-color: @gray-lighter; - -// Miscellaneous -// ------------------------- - -// Hr border color -@hr-border: @gray-lighter; - -// Horizontal forms & lists -@component-offset-horizontal: 180px; - - -// Container sizes -// -------------------------------------------------- - -// Small screen / tablet -@container-tablet: ((720px + @grid-gutter-width)); - -// Medium screen / desktop -@container-desktop: ((940px + @grid-gutter-width)); - -// Large screen / wide desktop -@container-lg-desktop: ((1140px + @grid-gutter-width)); diff --git a/docs/theme/docker/static/img/container3.png b/docs/theme/docker/static/img/container3.png deleted file mode 100644 index 0e8b59f75d..0000000000 Binary files a/docs/theme/docker/static/img/container3.png and /dev/null differ diff --git a/docs/theme/docker/static/img/docker-letters-logo.gif b/docs/theme/docker/static/img/docker-letters-logo.gif deleted file mode 100644 index b394ae4ecc..0000000000 Binary files a/docs/theme/docker/static/img/docker-letters-logo.gif and /dev/null differ diff --git a/docs/theme/docker/static/img/docker-top-logo.png b/docs/theme/docker/static/img/docker-top-logo.png deleted file mode 100644 index 4955f499bd..0000000000 Binary files a/docs/theme/docker/static/img/docker-top-logo.png and /dev/null differ diff --git a/docs/theme/docker/static/img/docker_letters_500px.png b/docs/theme/docker/static/img/docker_letters_500px.png deleted file mode 100644 index 242cd5901b..0000000000 Binary files a/docs/theme/docker/static/img/docker_letters_500px.png and /dev/null differ diff --git a/docs/theme/docker/static/img/dockerlogo-h.png b/docs/theme/docker/static/img/dockerlogo-h.png deleted file mode 100644 index d0e37e548b..0000000000 Binary files a/docs/theme/docker/static/img/dockerlogo-h.png and /dev/null differ diff --git a/docs/theme/docker/static/img/docs-splash-colhead320.png b/docs/theme/docker/static/img/docs-splash-colhead320.png deleted file mode 100755 index 2f6d1b693d..0000000000 Binary files a/docs/theme/docker/static/img/docs-splash-colhead320.png and /dev/null differ diff --git a/docs/theme/docker/static/img/external-link-icon.png b/docs/theme/docker/static/img/external-link-icon.png deleted file mode 100644 index 2b150908c9..0000000000 Binary files a/docs/theme/docker/static/img/external-link-icon.png and /dev/null differ diff --git a/docs/theme/docker/static/img/fork-us.png b/docs/theme/docker/static/img/fork-us.png deleted file mode 100644 index efb749c1f9..0000000000 Binary files a/docs/theme/docker/static/img/fork-us.png and /dev/null differ diff --git a/docs/theme/docker/static/img/glyphicons-halflings-white.png b/docs/theme/docker/static/img/glyphicons-halflings-white.png deleted file mode 100755 index 3bf6484a29..0000000000 Binary files a/docs/theme/docker/static/img/glyphicons-halflings-white.png and /dev/null differ diff --git a/docs/theme/docker/static/img/glyphicons-halflings.png b/docs/theme/docker/static/img/glyphicons-halflings.png deleted file mode 100755 index a996999320..0000000000 Binary files a/docs/theme/docker/static/img/glyphicons-halflings.png and /dev/null differ diff --git a/docs/theme/docker/static/img/hiring_graphic.png b/docs/theme/docker/static/img/hiring_graphic.png deleted file mode 100644 index b3a6b99644..0000000000 Binary files a/docs/theme/docker/static/img/hiring_graphic.png and /dev/null differ diff --git a/docs/theme/docker/static/img/menu_arrow_down.gif b/docs/theme/docker/static/img/menu_arrow_down.gif deleted file mode 100644 index 8257c3846b..0000000000 Binary files a/docs/theme/docker/static/img/menu_arrow_down.gif and /dev/null differ diff --git a/docs/theme/docker/static/img/menu_arrow_right.gif b/docs/theme/docker/static/img/menu_arrow_right.gif deleted file mode 100644 index 7dd7253952..0000000000 Binary files a/docs/theme/docker/static/img/menu_arrow_right.gif and /dev/null differ diff --git a/docs/theme/docker/static/js/docs.js b/docs/theme/docker/static/js/docs.js deleted file mode 100755 index 03401909fa..0000000000 --- a/docs/theme/docker/static/js/docs.js +++ /dev/null @@ -1,104 +0,0 @@ - -// This script should be included at the END of the document. -// For the fastest loading it does not inlude $(document).ready() - -// This Document contains a few helper functions for the documentation to display the current version, -// collapse and expand the menu etc. - - -// Function to make the sticky header possible -function shiftWindow() { - scrollBy(0, -70); - console.log("window shifted") -} - -window.addEventListener("hashchange", shiftWindow); - -function loadShift() { - if (window.location.hash) { - console.log("window has hash"); - shiftWindow(); - } -} - -$(window).load(function() { - loadShift(); -}); - -$(function(){ - - // sidebar accordian-ing - // don't apply on last object (it should be the FAQ) or the first (it should be introduction) - - // define an array to which all opened items should be added - var openmenus = []; - - var elements = $('.toctree-l2'); - // for (var i = 0; i < elements.length; i += 1) { var current = $(elements[i]); current.children('ul').hide();} - - - // set initial collapsed state - var elements = $('.toctree-l1'); - for (var i = 0; i < elements.length; i += 1) { - var current = $(elements[i]); - if (current.hasClass('current')) { - current.addClass('open'); - currentlink = current.children('a')[0].href; - openmenus.push(currentlink); - - // do nothing - } else { - // collapse children - current.children('ul').hide(); - } - } - - // attached handler on click - // Do not attach to first element or last (intro, faq) so that - // first and last link directly instead of accordian - $('.sidebar > ul > li > a').not(':last').not(':first').click(function(){ - - var index = $.inArray(this.href, openmenus) - - if (index > -1) { - console.log(index); - openmenus.splice(index, 1); - - - $(this).parent().children('ul').slideUp(200, function() { - $(this).parent().removeClass('open'); // toggle after effect - }); - } - else { - openmenus.push(this.href); - - var current = $(this); - - setTimeout(function() { - // $('.sidebar > ul > li').removeClass('current'); - current.parent().addClass('current').addClass('open'); // toggle before effect - current.parent().children('ul').hide(); - current.parent().children('ul').slideDown(200); - }, 100); - } - return false; - }); - - // add class to all those which have children - $('.sidebar > ul > li').not(':last').not(':first').addClass('has-children'); - - - if (doc_version == "") { - $('.version-flyer ul').html('
  • Local
    • '); - } - - if (doc_version == "latest") { - $('.version-flyer .version-note').hide(); - } - - // mark the active documentation in the version widget - $(".version-flyer a:contains('" + doc_version + "')").parent().addClass('active-slug').setAttribute("title", "Current version"); - - - -}); \ No newline at end of file diff --git a/docs/theme/docker/theme.conf b/docs/theme/docker/theme.conf deleted file mode 100755 index 5843e97d70..0000000000 --- a/docs/theme/docker/theme.conf +++ /dev/null @@ -1,11 +0,0 @@ -[theme] -inherit = basic -pygments_style = monokai - -[options] -full_logo = true -textcolor = #444444 -headingcolor = #0c3762 -linkcolor = #8C7B65 -visitedlinkcolor = #AFA599 -hoverlinkcolor = #4e4334 diff --git a/docs/theme/mkdocs/autoindex.html b/docs/theme/mkdocs/autoindex.html new file mode 100644 index 0000000000..cc4a41ec94 --- /dev/null +++ b/docs/theme/mkdocs/autoindex.html @@ -0,0 +1,12 @@ +# Table of Contents + +{% for nav_item in nav %} + {% if nav_item.children %} +## {{ nav_item.title }} {{ nav_item.url }} + + {% for nav_item in nav_item.children %} +- [{{ nav_item.title }}]({{ nav_item.url }}) + {% endfor %} + + {% endif %} +{% endfor %} diff --git a/docs/theme/mkdocs/base.html b/docs/theme/mkdocs/base.html new file mode 100644 index 0000000000..ca418b3cd7 --- /dev/null +++ b/docs/theme/mkdocs/base.html @@ -0,0 +1,71 @@ + + + + + + + {% if meta.page_description %}{% endif %} + {% if meta.page_keywords %}{% endif %} + {% if site_author %}{% endif %} + {% if canonical_url %}{% endif %} + + + + + + + {% if page_title != '**HIDDEN** - '+site_name %}{{ page_title }}{% else %}{{ site_name }}{% endif %} + + + {% if config.google_analytics %} + + {% endif %} + + +
    +
    +
    {% include "nav.html" %}
    +
    +
    +
    +
    +
    + {% include "toc.html" %} +
    +
    + {% include "breadcrumbs.html" %} +
    + {% include "version.html" %} + {{ content }} +
    +
    +
    +
    +
    +
    +
    {% include "footer.html" %}
    +
    +
    + {% include "prev_next.html" %} + + + + + + + + + diff --git a/docs/theme/mkdocs/beta_warning.html b/docs/theme/mkdocs/beta_warning.html new file mode 100644 index 0000000000..c46f9fd0be --- /dev/null +++ b/docs/theme/mkdocs/beta_warning.html @@ -0,0 +1,31 @@ +{% if aws_bucket != "docs.docker.io" %} + +
    +

    This is the + {% if docker_version != docker_version|replace("-dev", "bingo") %}{{ docker_branch }} development branch{% else %}beta{% endif %} + documentation for Docker version {{ docker_version }}.

    + Please go to http://docs.docker.io for the current Docker release documentation. +
    +{% endif %} diff --git a/docs/theme/mkdocs/breadcrumbs.html b/docs/theme/mkdocs/breadcrumbs.html new file mode 100644 index 0000000000..3dc2dbbafb --- /dev/null +++ b/docs/theme/mkdocs/breadcrumbs.html @@ -0,0 +1,12 @@ +
      +
      2. + {% for section in nav %} + {% if section.active %} +
    2. {{ section.title }}
      3. + {% if section.children %} +
    3. {{ current_page.title }}
      4. + {% endif %} + {% endif %} + {% endfor %} +
    4. Edit on GitHub
      5. +
    \ No newline at end of file diff --git a/docs/theme/mkdocs/css/base.css b/docs/theme/mkdocs/css/base.css new file mode 100644 index 0000000000..999a0dedbe --- /dev/null +++ b/docs/theme/mkdocs/css/base.css @@ -0,0 +1,752 @@ +html, +body { + margin: 0; + font-size: 14px; + background-color: #F0F0F0; + height: 100%; + width: 100%; + font-family: "Cabin", "Helvetica Neue", Helvetica, Arial, sans-serif; +} + +h1, +h2, +h3, +h4, +h5, +h6, +.h1, +.h2, +.h3, +.h4, +.h5, +.h6 { + font-family: "Cabin", "Helvetica Neue", Helvetica, Arial, sans-serif; + font-weight: 500; + line-height: 1.1; + color: #0e6b8d; +} + + +/* Content rendering styles */ +#content { + font-size: 1.2em; + line-height: 1.8em; +} +#content h1 { + padding: 0.5em 0em 0em 0em; +} +#content h2 { + padding: 0.5em 0em 0.3em 0em; + /* Desktop click-to-scroll margin/padding fixes */ + padding-top: 2em !important; + margin-top: -2em !important; + pointer-events:none; +} +#content h3 { + padding: 0.7em 0em 0.3em 0em; +} +#content ul { + margin: 1em 0em 1.2em 0.3em; +} +#content li { + margin: 0.5em 0em 0.3em 0em; +} +#content p { + margin-bottom: 1.2em; +} +#content pre { + margin: 1em 0em; + padding: 0.5em 0.75em !important; + line-height: 1.8em; + background: #fff; +} +#content blockquote { + background: #fff; + border-left-color: #ccc; +} +#content blockquote p { + line-height: 1.6em; + margin-bottom: 0em !important; +} +#content .search_input { + height: 30px; + color: #5992a3; + font-weight: bold; + padding: 10px 5px; + border: 1px solid #71afc0; + -webkit-border-radius: 3px; + -moz-border-radius: 3px; + border-radius: 3px; + background: #fff; +} +#content .search_input:focus { + background: #fff; + outline: none; + border-color: #71afc0; +} +#content .search_input::-webkit-input-placeholder { + color: #71afc0; +} +/* Content rendering END */ + +/* Fix bootstrap madding (//padding) issue(s) */ +.row { + margin-left: 0; + margin-right: 0; +} +[class^="col-"] > [class^="col-"]:first-child, +[class^="col-"] > [class*=" col-"]:first-child +[class*=" col-"] > [class^="col-"]:first-child, +[class*=" col-"]> [class*=" col-"]:first-child, +.row > [class^="col-"]:first-child, +.row > [class*=" col-"]:first-child{ + padding-left: 0px; +} +[class^="col-"] > [class^="col-"]:last-child, +[class^="col-"] > [class*=" col-"]:last-child +[class*=" col-"] > [class^="col-"]:last-child, +[class*=" col-"]> [class*=" col-"]:last-child, +.row > [class^="col-"]:last-child, +.row > [class*=" col-"]:last-child{ + padding-right: 0px; +} + + +.navbar { + border: none; +} + +/* Previous & Next floating navigation */ +#nav_prev_next { + position: fixed; + bottom: 0; right: 1em; + background: #fff !important; + border: 1px solid #ccc; + border-bottom: none; + list-style: none; + -webkit-border-radius: 7px 7px 0px 0px; + -moz-border-radius: 7px 7px 0px 0px; + border-radius: 7px 7px 0px 0px; +} +#nav_prev_next > li:hover > a { + background: none; +} +#nav_prev_next > li:hover > a > span { + color: #8fb0ba; +} +#nav_prev_next > li.prev { + text-align: right; +} +#nav_prev_next > li.next { + text-align: left; +} +#nav_prev_next > li > a { + padding: 0.5em 0.7em !important; +} +#nav_prev_next > li > a > span { + display: block; + color: #a4c9d4; +} + +/* Scroll to top button */ +#scroll_to_top { + position: fixed; + bottom: 0; left: 1em; + background: #fff !important; + border: 1px solid #ccc; + border-bottom: none; + list-style: none; + -webkit-border-radius: 7px 7px 0px 0px; + -moz-border-radius: 7px 7px 0px 0px; + border-radius: 7px 7px 0px 0px; + font-weight: bold; +} +#scroll_to_top > li:hover > a { + background: none; +} +#scroll_to_top > li:hover > a > span { + color: #8fb0ba; +} +#scroll_to_top > li.prev { + text-align: right; +} +#scroll_to_top > li.next { + text-align: left; +} +#scroll_to_top > li > a { + padding: 0.5em 0.7em !important; +} +#scroll_to_top > li > a > span { + display: block; + color: #a4c9d4; + min-width: 75px; +} + +/* Top navigation from Docker IO */ +#header { + margin-bottom: 0; + width: 100%; + height: 70px; + z-index: 10; + background-color: #f2f2f2; +} +#header .brand > img { + height: 70px; +} +#header ul li a { + padding: 25px 15px 25px 15px; + color: #777777; +} +#header .navbar-nav { + float: right; +} +#header .navbar-inner { + padding-right: 0px; + padding-left: 0px; +} +#header ul li.active { + color: #555555; + background-color: #d8d8d8; +} +#header ul li.active a:hover { + background-color: #d8d8d8; +} +/* Horizontal Thin Sticky Menu */ +#horizontal_thin_menu { + width: 100%; + background-color: #5992a3; + height: 30px; + color: white; + text-align: right; + padding: 5px 10px; +} +#horizontal_thin_menu a { + display: inline-block; + color: white; + padding: 0px 10px; +} + +/* Submenu (dropdown) styling */ +.dd_menu { + cursor: pointer; +} +.dd_menu .dd_submenu { + display: none; + position: absolute; + top: 50px; + list-style: none; + margin: 0px; + margin-left: -15px; + font-size: 18px; + overflow-y: auto; + background: #fff; + border: 1px solid #ccc; + border-top: none; + border-bottom: 3px solid #ccc; + -webkit-border-radius: 0px 0px 4px 4px; + -moz-border-radius: 0px 0px 4px 4px; + border-radius: 0px 0px 4px 4px; + padding: 0px; +} +.dd_menu.dd_on_hover .dd_submenu { + display: block; +} +.dd_menu.dd_on_hover .dd_submenu > li:first-child { + border: none; +} +.dd_menu.dd_on_hover .dd_submenu > li { + border-top: 1px solid #ddd; +} +.dd_menu.dd_on_hover .dd_submenu > li.active > a { + border-color: #b1d5df; + color: #FF8100 !important; +} +.dd_menu.dd_on_hover .dd_submenu > li:hover { + background: #eee; +} +.dd_menu.dd_on_hover .dd_submenu > li > a { + padding: 0.6em 0.8em 0.4em 0.8em; + width: 100%; + display: block; +} + +/* Main Docs navigaton menu (horizontal) */ +#nav_menu { + position: relative; + width: 100%; + background-color: #71afc0; + padding: 0px 10px; + color: white; +} +#nav_menu > #docsnav > #nav_search_toggle { + display: none; + margin-top: 10px; +} +#nav_menu > #docsnav > #nav_search { + margin-top: 10px; +} +.search_input { + height: 30px; + color: #5992a3; + font-weight: bold; + padding: 10px 5px; + background: #b1d5df; + border: 1px solid #71afc0; + -webkit-border-radius: 3px; + -moz-border-radius: 3px; + border-radius: 3px; +} +.search_input:focus { + background: #fff; + outline: none; +} +.search_input::-webkit-input-placeholder { + color: #71afc0; +} +#nav_menu > #docsnav > #mobile_menu_button { + display: none; + float: left; + height: 50px; + font-size: 1.2em; + padding: 0em 14px; + padding-top: 12px; +} +#nav_menu > #docsnav > .arrow { + display: none; +} +#nav_menu > #docsnav > #main-nav { + height: 50px; + margin: 0px; + padding: 0em; +} +#nav_menu > #docsnav > #main-nav > li { + display: block; + padding: 0em 14px; + height: 100%; + padding-top: 12px; + color: #fff; + font-size: 1.2em; +} +#nav_menu > #docsnav > #main-nav > li.active { + background: #5992a3; +} +#nav_menu > #docsnav > #main-nav > li.dd_on_hover { + background: #b1d5df; + color: #5992a3; +} +#nav_menu > #docsnav > #main-nav > li > span > b { + border-top-color: #b1d5df !important; +} +#nav_menu > #docsnav > #main-nav > li.dd_on_hover > span > b { + border-top-color: #71afc0 !important; +} +#nav_menu > #docsnav > #main-nav > li form { + margin-top: -12px; +} +#nav_menu > #docsnav > #main-nav > li.home > a { + color: #fff; +} +#nav_menu > #docsnav > #main-nav > li.home:hover { + background: #b1d5df; +} +#nav_menu > #docsnav > #main-nav > li.home:hover > a { + color: #5992a3; +} + +/* TOC (Left) */ +#toc_table { + margin-right: 1em; +} +#toc_table > h2 { + margin: 0px; + font-size: 1.7em; + font-weight: bold; + color: #0e6b8d; +} +#toc_table > h2 > a > b { + display: none; + border-top-color: #0e6b8d !important; +} +#toc_table > h3 { + font-size: 1em; + color: #0e6b8d; +} +#toc_table > #toc_navigation { + display: block; + margin-top: 1.5em !important; + background: #fff; + border-bottom: 3px solid #ddd; + border: 1px solid #eee; + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px; +} +#toc_table > #toc_navigation > li { + font-size: 1.2em; + padding-bottom: 0px; + padding: 0.2em 0.5em; + border-bottom: 1px solid #ddd; + text-align: left; +} +#toc_table > #toc_navigation > li > a { + padding: 0.4em 0.5em 0.4em 0em; +} +#toc_table > #toc_navigation > li > a:hover { + color: #71afc0; + background: none; + text-decoration: underline; +} +#toc_table > #toc_navigation > li > a > .active_icon { + display: none; + text-decoration: none; + width: 1.5em; + margin-top: 0.2em; +} +#toc_table > #toc_navigation > li.active > a > .active_icon { + display: block; + float: left; +} +#toc_table > #toc_navigation > li > a > .passive_icon { + text-decoration: none; + margin-right: 0.3em; + margin-top: 0.2em; +} +#toc_table > #toc_navigation > li.active > a > .passive_icon { + display: none; + float: left; +} + +#toc_table > #toc_navigation > li.active > a { + color: #FF8100; +} +#toc_table .bs-sidenav { + margin: 0; +} + +/* Main content area */ +#content { + margin-left: -15px; + min-height: 500px; +} +ol.breadcrumb { + margin-left: -15px; + background: #fff; + border-bottom: 3px solid #ccc; +} +ol.breadcrumb > li + li:before { + content: "\3E"; +} +ol.breadcrumb > li:last-child > a { + font-weight: bold; +} +ol.breadcrumb > li.edit-on-github:before { + content: none; +} +ol.breadcrumb > li.edit-on-github a { + color: #FF8100; +} +ol.breadcrumb > li.edit-on-github span { + margin-right: 0.25em; +} +#content h1 { + margin-top: 0px; +} + +/* Footer from original CSSs */ +@media (min-width: 960px) { + #footer { + height: 450px; + } + #footer .container { + max-width: 952px; + } + footer, + .footer { + margin-top: 160px; + } + footer .ligaturesymbols, + .footer .ligaturesymbols { + font-size: 30px; + color: black; + } + footer .ligaturesymbols a, + .footer .ligaturesymbols a { + color: black; + } + footer .footerlist, + .footer .footerlist { + float: left; + margin: 3px; + margin-right: 30px; + } + footer .footer-items-right, + .footer .footer-items-right { + text-align: right; + margin-top: -6px; + float: right; + } + footer .footer-licence, + .footer .footer-licence { + line-height: 2em; + } + footer form, + .footer form { + margin-bottom: 0px; + } + .footer-landscape-image { + bottom: 0; + width: 100%; + margin-bottom: 0; + background-image: url('../img/website-footer_clean.svg'); + background-repeat: repeat-x; + height: 450px; + position: relative; + clear: both + } + .social { + margin-left: 0px; + margin-top: 15px; + } + .social .twitter, + .social .github, + .social .googleplus, + .social .facebook, + .social .slideshare, + .social .linkedin, + .social .flickr, + .social .youtube, + .social .reddit { + background: url("../img/social/docker_social_logos.png") no-repeat transparent; + display: inline-block; + height: 32px; + overflow: hidden; + text-indent: 9999px; + width: 32px; + margin-right: 5px; + } + .social :hover { + -webkit-transform: rotate(-10deg); + -moz-transform: rotate(-10deg); + -o-transform: rotate(-10deg); + -ms-transform: rotate(-10deg); + transform: rotate(-10deg); + } + .social .twitter { + background-position: -160px 0px; + } + .social .reddit { + background-position: -256px 0px; + } + .social .github { + background-position: -64px 0px; + } + .social .googleplus { + background-position: -96px 0px; + } + .social .facebook { + background-position: 0px 0px; + } + .social .slideshare { + background-position: -128px 0px; + } + .social .youtube { + background-position: -192px 0px; + } + .social .flickr { + background-position: -32px 0px; + } + .social .linkedin { + background-position: -224px 0px; + } + ul.unstyled, + ol.unstyled { + margin-left: -40px; + list-style: none; + } +} + +/***************************** +* Mobile CSS Adjustments * +*****************************/ + +/* Horizontal nav. (menu & thin menu) convenience fix for Tablets */ +@media (min-width: 768px) and (max-width: 952px) { + + #docsnav, #horizontal_thin_menu { + width: 100% !important; + } + +} + +@media (max-width: 767px) { + + /* TOC Table (Left) */ + #toc_table { + padding: 1em; + margin: 0em -15px 15px 0em; + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px; + cursor: pointer; + background: #fff; + border-bottom: 3px solid #ccc; + } + #toc_table > h2 { + margin-bottom: 0.3em; + font-size: 2em; + } + #toc_table > h2 > a > b { + display: inline-block; + } + #toc_table > h3 { + display: block; + margin: 0; + } + #toc_table > #toc_navigation { + display: none; + margin-top: 1em !important; + border: none; + background: #f2f2f2; + } + #toc_table > #toc_navigation > li > a > .passive_icon { + display: block; + display: inline-block; + } + #toc_table > #toc_navigation > li > a > .active_icon { + display: none; + } + +} + +/* Container responsiveness fixes to maximise realestate expenditure */ +.container { + width: 100% !important; +} + +@media (max-width: 900px) { + + #nav_menu { + padding-left: 0px !important; + padding-right: 0px !important; + } + + /* Dropdown Submenu adjust */ + .dd_menu .dd_submenu > li > a { + padding: 1em 0.8em 0.7em 0.8em !important; + min-width: 10em; + } + + /* Disable breadcrumbs */ + ol.breadcrumb { + display: none; + } + + /* Shrink main navigation menu to one item (i.e., form breadcrumbs) */ + #nav_menu > #docsnav > #main-nav > li { + display: none; + } + #nav_menu > #docsnav > #main-nav > .dd_menu.active { + display: block; + background: #71afc0; + } + #nav_menu > #docsnav > #main-nav > .dd_menu.active:hover { + background: #b1d5df; + } + #nav_menu > #docsnav > #mobile_menu_button { + display: block; + } + #nav_menu > #docsnav > #mobile_menu_button:hover { + background: #b1d5df; + } + #nav_menu > #docsnav > #mobile_menu_button > b { + border-top-color: #b1d5df !important; + } + #nav_menu > #docsnav > #mobile_menu_button:hover > b { + border-top-color: #71afc0 !important; + } + #nav_menu > #docsnav > .arrow { + display: block; + } + + /* Prev Next for Mobile */ + #nav_prev_next { + background: #f2f2f2; + border-bottom: none; + list-style: none; + -webkit-border-radius: 7px 0px 0px 7px; + -moz-border-radius: 7px 0px 0px 7px; + border-radius: 7px 0px 0px 7px; + border: 1px solid #ccc; + font-weight: bold !important; + } + #nav_prev_next > li > a { + padding: 0.5em 0.7em !important; + } + #nav_prev_next > li > a > span, i { + display: none; + } + + /* Scroll up */ + #scroll_to_top { + background: #f2f2f2; + border-bottom: none; + list-style: none; + -webkit-border-radius: 0px 7px 7px 0px; + -moz-border-radius: 0px 7px 7px 0px; + border-radius: 0px 7px 7px 0px; + border: 1px solid #ccc; + } + #scroll_to_top > li > a { + padding: 0.5em 0.7em !important; + } + #scroll_to_top > li > a > span, i { + display: none; + } + + /* Main Content Clip */ + #content { + max-width: 100%; + } + + /* Thin menu (login - signup) */ + #horizontal_thin_menu { display: none; } + + #header #nav_docker_io { + display: none; + } + + #header #condensed_docker_io_nav { + display: block; + } +} + +@media (min-width: 999px) { + /* Hide in-content search box for desktop */ + #content .search_input { + display: none; + } +} + +@media (max-width: 1025px) { + + /* Search on mobile */ + #nav_menu > #docsnav > #nav_search { + display: none; + } + #nav_menu > #docsnav > #nav_search_toggle { + display: block; + margin-top: 10px; + margin-right: 0.5em; + } + + /* Show in-content search box for desktop */ + #content .search_input { + display: block; + } + + #nav_menu > #docsnav { + padding-left: 0px !important; + padding-right: 0px !important; + } + +} \ No newline at end of file diff --git a/docs/theme/mkdocs/css/bootstrap-custom.css b/docs/theme/mkdocs/css/bootstrap-custom.css new file mode 100644 index 0000000000..6aef1f6fd6 --- /dev/null +++ b/docs/theme/mkdocs/css/bootstrap-custom.css @@ -0,0 +1,7098 @@ +/*! + * Bootstrap v3.0.2 by @fat and @mdo + * Copyright 2013 Twitter, Inc. + * Licensed under http://www.apache.org/licenses/LICENSE-2.0 + * + * Designed and built with all the love in the world by @mdo and @fat. + */ + +/*! normalize.css v2.1.3 | MIT License | git.io/normalize */ + +article, +aside, +details, +figcaption, +figure, +footer, +header, +hgroup, +main, +nav, +section, +summary { + display: block; +} + +audio, +canvas, +video { + display: inline-block; +} + +audio:not([controls]) { + display: none; + height: 0; +} + +[hidden], +template { + display: none; +} + +html { + font-family: sans-serif; + -webkit-text-size-adjust: 100%; + -ms-text-size-adjust: 100%; +} + +body { + margin: 0; +} + +a { + background: transparent; +} + +a:focus { + outline: thin dotted; +} + +a:active, +a:hover { + outline: 0; +} + +h1 { + margin: 0.67em 0; + font-size: 2em; +} + +abbr[title] { + border-bottom: 1px dotted; +} + +b, +strong { + font-weight: bold; +} + +dfn { + font-style: italic; +} + +hr { + height: 0; + -moz-box-sizing: content-box; + box-sizing: content-box; +} + +mark { + color: #000; + background: #ff0; +} + +code, +kbd, +pre, +samp { + font-family: monospace, serif; + font-size: 1em; +} + +pre { + white-space: pre-wrap; +} + +q { + quotes: "\201C" "\201D" "\2018" "\2019"; +} + +small { + font-size: 80%; +} + +sub, +sup { + position: relative; + font-size: 75%; + line-height: 0; + vertical-align: baseline; +} + +sup { + top: -0.5em; +} + +sub { + bottom: -0.25em; +} + +img { + border: 0; +} + +svg:not(:root) { + overflow: hidden; +} + +figure { + margin: 0; +} + +fieldset { + padding: 0.35em 0.625em 0.75em; + margin: 0 2px; + border: 1px solid #c0c0c0; +} + +legend { + padding: 0; + border: 0; +} + +button, +input, +select, +textarea { + margin: 0; + font-family: inherit; + font-size: 100%; +} + +button, +input { + line-height: normal; +} + +button, +select { + text-transform: none; +} + +button, +html input[type="button"], +input[type="reset"], +input[type="submit"] { + cursor: pointer; + -webkit-appearance: button; +} + +button[disabled], +html input[disabled] { + cursor: default; +} + +input[type="checkbox"], +input[type="radio"] { + padding: 0; + box-sizing: border-box; +} + +input[type="search"] { + -webkit-box-sizing: content-box; + -moz-box-sizing: content-box; + box-sizing: content-box; + -webkit-appearance: textfield; +} + +input[type="search"]::-webkit-search-cancel-button, +input[type="search"]::-webkit-search-decoration { + -webkit-appearance: none; +} + +button::-moz-focus-inner, +input::-moz-focus-inner { + padding: 0; + border: 0; +} + +textarea { + overflow: auto; + vertical-align: top; +} + +table { + border-collapse: collapse; + border-spacing: 0; +} + +@media print { + * { + color: #000 !important; + text-shadow: none !important; + background: transparent !important; + box-shadow: none !important; + } + a, + a:visited { + text-decoration: underline; + } + a[href]:after { + content: " (" attr(href) ")"; + } + abbr[title]:after { + content: " (" attr(title) ")"; + } + a[href^="javascript:"]:after, + a[href^="#"]:after { + content: ""; + } + pre, + blockquote { + border: 1px solid #999; + page-break-inside: avoid; + } + thead { + display: table-header-group; + } + tr, + img { + page-break-inside: avoid; + } + img { + max-width: 100% !important; + } + @page { + margin: 2cm .5cm; + } + p, + h2, + h3 { + orphans: 3; + widows: 3; + } + h2, + h3 { + page-break-after: avoid; + } + select { + background: #fff !important; + } + .navbar { + display: none; + } + .table td, + .table th { + background-color: #fff !important; + } + .btn > .caret, + .dropup > .btn > .caret { + border-top-color: #000 !important; + } + .label { + border: 1px solid #000; + } + .table { + border-collapse: collapse !important; + } + .table-bordered th, + .table-bordered td { + border: 1px solid #ddd !important; + } +} + +*, +*:before, +*:after { + -webkit-box-sizing: border-box; + -moz-box-sizing: border-box; + box-sizing: border-box; +} + +html { + font-size: 62.5%; + -webkit-tap-highlight-color: rgba(0, 0, 0, 0); +} + +body { + font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; + font-size: 14px; + line-height: 1.428571429; + color: #333333; + background-color: #ffffff; +} + +input, +button, +select, +textarea { + font-family: inherit; + font-size: inherit; + line-height: inherit; +} + +a { + color: #428bca; + text-decoration: none; +} + +a:hover, +a:focus { + color: #2a6496; + text-decoration: underline; +} + +a:focus { + outline: thin dotted #333; + outline: 5px auto -webkit-focus-ring-color; + outline-offset: -2px; +} + +img { + vertical-align: middle; +} + +.img-responsive { + display: block; + height: auto; + max-width: 100%; +} + +.img-rounded { + border-radius: 6px; +} + +.img-thumbnail { + display: inline-block; + height: auto; + max-width: 100%; + padding: 4px; + line-height: 1.428571429; + background-color: #ffffff; + border: 1px solid #dddddd; + border-radius: 4px; + -webkit-transition: all 0.2s ease-in-out; + transition: all 0.2s ease-in-out; +} + +.img-circle { + border-radius: 50%; +} + +hr { + margin-top: 20px; + margin-bottom: 20px; + border: 0; + border-top: 1px solid #eeeeee; +} + +.sr-only { + position: absolute; + width: 1px; + height: 1px; + padding: 0; + margin: -1px; + overflow: hidden; + clip: rect(0, 0, 0, 0); + border: 0; +} + +p { + margin: 0 0 10px; +} + +.lead { + margin-bottom: 20px; + font-size: 16px; + font-weight: 200; + line-height: 1.4; +} + +@media (min-width: 768px) { + .lead { + font-size: 21px; + } +} + +small, +.small { + font-size: 85%; +} + +cite { + font-style: normal; +} + +.text-muted { + color: #999999; +} + +.text-primary { + color: #428bca; +} + +.text-primary:hover { + color: #3071a9; +} + +.text-warning { + color: #c09853; +} + +.text-warning:hover { + color: #a47e3c; +} + +.text-danger { + color: #b94a48; +} + +.text-danger:hover { + color: #953b39; +} + +.text-success { + color: #468847; +} + +.text-success:hover { + color: #356635; +} + +.text-info { + color: #3a87ad; +} + +.text-info:hover { + color: #2d6987; +} + +.text-left { + text-align: left; +} + +.text-right { + text-align: right; +} + +.text-center { + text-align: center; +} + +h1, +h2, +h3, +h4, +h5, +h6, +.h1, +.h2, +.h3, +.h4, +.h5, +.h6 { + font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; + font-weight: 500; + line-height: 1.1; + color: inherit; +} + +h1 small, +h2 small, +h3 small, +h4 small, +h5 small, +h6 small, +.h1 small, +.h2 small, +.h3 small, +.h4 small, +.h5 small, +.h6 small, +h1 .small, +h2 .small, +h3 .small, +h4 .small, +h5 .small, +h6 .small, +.h1 .small, +.h2 .small, +.h3 .small, +.h4 .small, +.h5 .small, +.h6 .small { + font-weight: normal; + line-height: 1; + color: #999999; +} + +h1, +h2, +h3 { + margin-top: 20px; + margin-bottom: 10px; +} + +h1 small, +h2 small, +h3 small, +h1 .small, +h2 .small, +h3 .small { + font-size: 65%; +} + +h4, +h5, +h6 { + margin-top: 10px; + margin-bottom: 10px; +} + +h4 small, +h5 small, +h6 small, +h4 .small, +h5 .small, +h6 .small { + font-size: 75%; +} + +h1, +.h1 { + font-size: 36px; +} + +h2, +.h2 { + font-size: 30px; +} + +h3, +.h3 { + font-size: 24px; +} + +h4, +.h4 { + font-size: 18px; +} + +h5, +.h5 { + font-size: 14px; +} + +h6, +.h6 { + font-size: 12px; +} + +.page-header { + padding-bottom: 9px; + margin: 40px 0 20px; + border-bottom: 1px solid #eeeeee; +} + +ul, +ol { + margin-top: 0; + margin-bottom: 10px; +} + +ul ul, +ol ul, +ul ol, +ol ol { + margin-bottom: 0; +} + +.list-unstyled { + padding-left: 0; + list-style: none; +} + +.list-inline { + padding-left: 0; + list-style: none; +} + +.list-inline > li { + display: inline-block; + padding-right: 5px; + padding-left: 5px; +} + +.list-inline > li:first-child { + padding-left: 0; +} + +dl { + margin-bottom: 20px; +} + +dt, +dd { + line-height: 1.428571429; +} + +dt { + font-weight: bold; +} + +dd { + margin-left: 0; +} + +@media (min-width: 768px) { + .dl-horizontal dt { + float: left; + width: 160px; + overflow: hidden; + clear: left; + text-align: right; + text-overflow: ellipsis; + white-space: nowrap; + } + .dl-horizontal dd { + margin-left: 180px; + } + .dl-horizontal dd:before, + .dl-horizontal dd:after { + display: table; + content: " "; + } + .dl-horizontal dd:after { + clear: both; + } + .dl-horizontal dd:before, + .dl-horizontal dd:after { + display: table; + content: " "; + } + .dl-horizontal dd:after { + clear: both; + } +} + +abbr[title], +abbr[data-original-title] { + cursor: help; + border-bottom: 1px dotted #999999; +} + +abbr.initialism { + font-size: 90%; + text-transform: uppercase; +} + +blockquote { + padding: 10px 20px; + margin: 0 0 20px; + border-left: 5px solid #eeeeee; +} + +blockquote p { + font-size: 17.5px; + font-weight: 300; + line-height: 1.25; +} + +blockquote p:last-child { + margin-bottom: 0; +} + +blockquote small { + display: block; + line-height: 1.428571429; + color: #999999; +} + +blockquote small:before { + content: '\2014 \00A0'; +} + +blockquote.pull-right { + padding-right: 15px; + padding-left: 0; + border-right: 5px solid #eeeeee; + border-left: 0; +} + +blockquote.pull-right p, +blockquote.pull-right small, +blockquote.pull-right .small { + text-align: right; +} + +blockquote.pull-right small:before, +blockquote.pull-right .small:before { + content: ''; +} + +blockquote.pull-right small:after, +blockquote.pull-right .small:after { + content: '\00A0 \2014'; +} + +blockquote:before, +blockquote:after { + content: ""; +} + +address { + margin-bottom: 20px; + font-style: normal; + line-height: 1.428571429; +} + +code, +kbd, +pre, +samp { + font-family: Monaco, Menlo, Consolas, "Courier New", monospace; +} + +code { + padding: 2px 4px; + font-size: 90%; + color: #c7254e; + white-space: nowrap; + background-color: #f9f2f4; + border-radius: 4px; +} + +pre { + display: block; + padding: 9.5px; + margin: 0 0 10px; + font-size: 13px; + line-height: 1.428571429; + color: #333333; + word-break: break-all; + word-wrap: break-word; + background-color: #f5f5f5; + border: 1px solid #cccccc; + border-radius: 4px; +} + +pre code { + padding: 0; + font-size: inherit; + color: inherit; + white-space: pre-wrap; + background-color: transparent; + border-radius: 0; +} + +.pre-scrollable { + max-height: 340px; + overflow-y: scroll; +} + +.container { + padding-right: 15px; + padding-left: 15px; + margin-right: auto; + margin-left: auto; +} + +.container:before, +.container:after { + display: table; + content: " "; +} + +.container:after { + clear: both; +} + +.container:before, +.container:after { + display: table; + content: " "; +} + +.container:after { + clear: both; +} + +.row { + margin-right: -15px; + margin-left: -15px; +} + +.row:before, +.row:after { + display: table; + content: " "; +} + +.row:after { + clear: both; +} + +.row:before, +.row:after { + display: table; + content: " "; +} + +.row:after { + clear: both; +} + +.col-xs-1, +.col-sm-1, +.col-md-1, +.col-lg-1, +.col-xs-2, +.col-sm-2, +.col-md-2, +.col-lg-2, +.col-xs-3, +.col-sm-3, +.col-md-3, +.col-lg-3, +.col-xs-4, +.col-sm-4, +.col-md-4, +.col-lg-4, +.col-xs-5, +.col-sm-5, +.col-md-5, +.col-lg-5, +.col-xs-6, +.col-sm-6, +.col-md-6, +.col-lg-6, +.col-xs-7, +.col-sm-7, +.col-md-7, +.col-lg-7, +.col-xs-8, +.col-sm-8, +.col-md-8, +.col-lg-8, +.col-xs-9, +.col-sm-9, +.col-md-9, +.col-lg-9, +.col-xs-10, +.col-sm-10, +.col-md-10, +.col-lg-10, +.col-xs-11, +.col-sm-11, +.col-md-11, +.col-lg-11, +.col-xs-12, +.col-sm-12, +.col-md-12, +.col-lg-12 { + position: relative; + min-height: 1px; + padding-right: 15px; + padding-left: 15px; +} + +.col-xs-1, +.col-xs-2, +.col-xs-3, +.col-xs-4, +.col-xs-5, +.col-xs-6, +.col-xs-7, +.col-xs-8, +.col-xs-9, +.col-xs-10, +.col-xs-11 { + float: left; +} + +.col-xs-12 { + width: 100%; +} + +.col-xs-11 { + width: 91.66666666666666%; +} + +.col-xs-10 { + width: 83.33333333333334%; +} + +.col-xs-9 { + width: 75%; +} + +.col-xs-8 { + width: 66.66666666666666%; +} + +.col-xs-7 { + width: 58.333333333333336%; +} + +.col-xs-6 { + width: 50%; +} + +.col-xs-5 { + width: 41.66666666666667%; +} + +.col-xs-4 { + width: 33.33333333333333%; +} + +.col-xs-3 { + width: 25%; +} + +.col-xs-2 { + width: 16.666666666666664%; +} + +.col-xs-1 { + width: 8.333333333333332%; +} + +.col-xs-pull-12 { + right: 100%; +} + +.col-xs-pull-11 { + right: 91.66666666666666%; +} + +.col-xs-pull-10 { + right: 83.33333333333334%; +} + +.col-xs-pull-9 { + right: 75%; +} + +.col-xs-pull-8 { + right: 66.66666666666666%; +} + +.col-xs-pull-7 { + right: 58.333333333333336%; +} + +.col-xs-pull-6 { + right: 50%; +} + +.col-xs-pull-5 { + right: 41.66666666666667%; +} + +.col-xs-pull-4 { + right: 33.33333333333333%; +} + +.col-xs-pull-3 { + right: 25%; +} + +.col-xs-pull-2 { + right: 16.666666666666664%; +} + +.col-xs-pull-1 { + right: 8.333333333333332%; +} + +.col-xs-pull-0 { + right: 0; +} + +.col-xs-push-12 { + left: 100%; +} + +.col-xs-push-11 { + left: 91.66666666666666%; +} + +.col-xs-push-10 { + left: 83.33333333333334%; +} + +.col-xs-push-9 { + left: 75%; +} + +.col-xs-push-8 { + left: 66.66666666666666%; +} + +.col-xs-push-7 { + left: 58.333333333333336%; +} + +.col-xs-push-6 { + left: 50%; +} + +.col-xs-push-5 { + left: 41.66666666666667%; +} + +.col-xs-push-4 { + left: 33.33333333333333%; +} + +.col-xs-push-3 { + left: 25%; +} + +.col-xs-push-2 { + left: 16.666666666666664%; +} + +.col-xs-push-1 { + left: 8.333333333333332%; +} + +.col-xs-push-0 { + left: 0; +} + +.col-xs-offset-12 { + margin-left: 100%; +} + +.col-xs-offset-11 { + margin-left: 91.66666666666666%; +} + +.col-xs-offset-10 { + margin-left: 83.33333333333334%; +} + +.col-xs-offset-9 { + margin-left: 75%; +} + +.col-xs-offset-8 { + margin-left: 66.66666666666666%; +} + +.col-xs-offset-7 { + margin-left: 58.333333333333336%; +} + +.col-xs-offset-6 { + margin-left: 50%; +} + +.col-xs-offset-5 { + margin-left: 41.66666666666667%; +} + +.col-xs-offset-4 { + margin-left: 33.33333333333333%; +} + +.col-xs-offset-3 { + margin-left: 25%; +} + +.col-xs-offset-2 { + margin-left: 16.666666666666664%; +} + +.col-xs-offset-1 { + margin-left: 8.333333333333332%; +} + +.col-xs-offset-0 { + margin-left: 0; +} + +@media (min-width: 768px) { + .container { + width: 750px; + } + .col-sm-1, + .col-sm-2, + .col-sm-3, + .col-sm-4, + .col-sm-5, + .col-sm-6, + .col-sm-7, + .col-sm-8, + .col-sm-9, + .col-sm-10, + .col-sm-11 { + float: left; + } + .col-sm-12 { + width: 100%; + } + .col-sm-11 { + width: 91.66666666666666%; + } + .col-sm-10 { + width: 83.33333333333334%; + } + .col-sm-9 { + width: 75%; + } + .col-sm-8 { + width: 66.66666666666666%; + } + .col-sm-7 { + width: 58.333333333333336%; + } + .col-sm-6 { + width: 50%; + } + .col-sm-5 { + width: 41.66666666666667%; + } + .col-sm-4 { + width: 33.33333333333333%; + } + .col-sm-3 { + width: 25%; + } + .col-sm-2 { + width: 16.666666666666664%; + } + .col-sm-1 { + width: 8.333333333333332%; + } + .col-sm-pull-12 { + right: 100%; + } + .col-sm-pull-11 { + right: 91.66666666666666%; + } + .col-sm-pull-10 { + right: 83.33333333333334%; + } + .col-sm-pull-9 { + right: 75%; + } + .col-sm-pull-8 { + right: 66.66666666666666%; + } + .col-sm-pull-7 { + right: 58.333333333333336%; + } + .col-sm-pull-6 { + right: 50%; + } + .col-sm-pull-5 { + right: 41.66666666666667%; + } + .col-sm-pull-4 { + right: 33.33333333333333%; + } + .col-sm-pull-3 { + right: 25%; + } + .col-sm-pull-2 { + right: 16.666666666666664%; + } + .col-sm-pull-1 { + right: 8.333333333333332%; + } + .col-sm-pull-0 { + right: 0; + } + .col-sm-push-12 { + left: 100%; + } + .col-sm-push-11 { + left: 91.66666666666666%; + } + .col-sm-push-10 { + left: 83.33333333333334%; + } + .col-sm-push-9 { + left: 75%; + } + .col-sm-push-8 { + left: 66.66666666666666%; + } + .col-sm-push-7 { + left: 58.333333333333336%; + } + .col-sm-push-6 { + left: 50%; + } + .col-sm-push-5 { + left: 41.66666666666667%; + } + .col-sm-push-4 { + left: 33.33333333333333%; + } + .col-sm-push-3 { + left: 25%; + } + .col-sm-push-2 { + left: 16.666666666666664%; + } + .col-sm-push-1 { + left: 8.333333333333332%; + } + .col-sm-push-0 { + left: 0; + } + .col-sm-offset-12 { + margin-left: 100%; + } + .col-sm-offset-11 { + margin-left: 91.66666666666666%; + } + .col-sm-offset-10 { + margin-left: 83.33333333333334%; + } + .col-sm-offset-9 { + margin-left: 75%; + } + .col-sm-offset-8 { + margin-left: 66.66666666666666%; + } + .col-sm-offset-7 { + margin-left: 58.333333333333336%; + } + .col-sm-offset-6 { + margin-left: 50%; + } + .col-sm-offset-5 { + margin-left: 41.66666666666667%; + } + .col-sm-offset-4 { + margin-left: 33.33333333333333%; + } + .col-sm-offset-3 { + margin-left: 25%; + } + .col-sm-offset-2 { + margin-left: 16.666666666666664%; + } + .col-sm-offset-1 { + margin-left: 8.333333333333332%; + } + .col-sm-offset-0 { + margin-left: 0; + } +} + +@media (min-width: 992px) { + .container { + width: 970px; + } + .col-md-1, + .col-md-2, + .col-md-3, + .col-md-4, + .col-md-5, + .col-md-6, + .col-md-7, + .col-md-8, + .col-md-9, + .col-md-10, + .col-md-11 { + float: left; + } + .col-md-12 { + width: 100%; + } + .col-md-11 { + width: 91.66666666666666%; + } + .col-md-10 { + width: 83.33333333333334%; + } + .col-md-9 { + width: 75%; + } + .col-md-8 { + width: 66.66666666666666%; + } + .col-md-7 { + width: 58.333333333333336%; + } + .col-md-6 { + width: 50%; + } + .col-md-5 { + width: 41.66666666666667%; + } + .col-md-4 { + width: 33.33333333333333%; + } + .col-md-3 { + width: 25%; + } + .col-md-2 { + width: 16.666666666666664%; + } + .col-md-1 { + width: 8.333333333333332%; + } + .col-md-pull-12 { + right: 100%; + } + .col-md-pull-11 { + right: 91.66666666666666%; + } + .col-md-pull-10 { + right: 83.33333333333334%; + } + .col-md-pull-9 { + right: 75%; + } + .col-md-pull-8 { + right: 66.66666666666666%; + } + .col-md-pull-7 { + right: 58.333333333333336%; + } + .col-md-pull-6 { + right: 50%; + } + .col-md-pull-5 { + right: 41.66666666666667%; + } + .col-md-pull-4 { + right: 33.33333333333333%; + } + .col-md-pull-3 { + right: 25%; + } + .col-md-pull-2 { + right: 16.666666666666664%; + } + .col-md-pull-1 { + right: 8.333333333333332%; + } + .col-md-pull-0 { + right: 0; + } + .col-md-push-12 { + left: 100%; + } + .col-md-push-11 { + left: 91.66666666666666%; + } + .col-md-push-10 { + left: 83.33333333333334%; + } + .col-md-push-9 { + left: 75%; + } + .col-md-push-8 { + left: 66.66666666666666%; + } + .col-md-push-7 { + left: 58.333333333333336%; + } + .col-md-push-6 { + left: 50%; + } + .col-md-push-5 { + left: 41.66666666666667%; + } + .col-md-push-4 { + left: 33.33333333333333%; + } + .col-md-push-3 { + left: 25%; + } + .col-md-push-2 { + left: 16.666666666666664%; + } + .col-md-push-1 { + left: 8.333333333333332%; + } + .col-md-push-0 { + left: 0; + } + .col-md-offset-12 { + margin-left: 100%; + } + .col-md-offset-11 { + margin-left: 91.66666666666666%; + } + .col-md-offset-10 { + margin-left: 83.33333333333334%; + } + .col-md-offset-9 { + margin-left: 75%; + } + .col-md-offset-8 { + margin-left: 66.66666666666666%; + } + .col-md-offset-7 { + margin-left: 58.333333333333336%; + } + .col-md-offset-6 { + margin-left: 50%; + } + .col-md-offset-5 { + margin-left: 41.66666666666667%; + } + .col-md-offset-4 { + margin-left: 33.33333333333333%; + } + .col-md-offset-3 { + margin-left: 25%; + } + .col-md-offset-2 { + margin-left: 16.666666666666664%; + } + .col-md-offset-1 { + margin-left: 8.333333333333332%; + } + .col-md-offset-0 { + margin-left: 0; + } +} + +@media (min-width: 1200px) { + .container { + width: 1170px; + } + .col-lg-1, + .col-lg-2, + .col-lg-3, + .col-lg-4, + .col-lg-5, + .col-lg-6, + .col-lg-7, + .col-lg-8, + .col-lg-9, + .col-lg-10, + .col-lg-11 { + float: left; + } + .col-lg-12 { + width: 100%; + } + .col-lg-11 { + width: 91.66666666666666%; + } + .col-lg-10 { + width: 83.33333333333334%; + } + .col-lg-9 { + width: 75%; + } + .col-lg-8 { + width: 66.66666666666666%; + } + .col-lg-7 { + width: 58.333333333333336%; + } + .col-lg-6 { + width: 50%; + } + .col-lg-5 { + width: 41.66666666666667%; + } + .col-lg-4 { + width: 33.33333333333333%; + } + .col-lg-3 { + width: 25%; + } + .col-lg-2 { + width: 16.666666666666664%; + } + .col-lg-1 { + width: 8.333333333333332%; + } + .col-lg-pull-12 { + right: 100%; + } + .col-lg-pull-11 { + right: 91.66666666666666%; + } + .col-lg-pull-10 { + right: 83.33333333333334%; + } + .col-lg-pull-9 { + right: 75%; + } + .col-lg-pull-8 { + right: 66.66666666666666%; + } + .col-lg-pull-7 { + right: 58.333333333333336%; + } + .col-lg-pull-6 { + right: 50%; + } + .col-lg-pull-5 { + right: 41.66666666666667%; + } + .col-lg-pull-4 { + right: 33.33333333333333%; + } + .col-lg-pull-3 { + right: 25%; + } + .col-lg-pull-2 { + right: 16.666666666666664%; + } + .col-lg-pull-1 { + right: 8.333333333333332%; + } + .col-lg-pull-0 { + right: 0; + } + .col-lg-push-12 { + left: 100%; + } + .col-lg-push-11 { + left: 91.66666666666666%; + } + .col-lg-push-10 { + left: 83.33333333333334%; + } + .col-lg-push-9 { + left: 75%; + } + .col-lg-push-8 { + left: 66.66666666666666%; + } + .col-lg-push-7 { + left: 58.333333333333336%; + } + .col-lg-push-6 { + left: 50%; + } + .col-lg-push-5 { + left: 41.66666666666667%; + } + .col-lg-push-4 { + left: 33.33333333333333%; + } + .col-lg-push-3 { + left: 25%; + } + .col-lg-push-2 { + left: 16.666666666666664%; + } + .col-lg-push-1 { + left: 8.333333333333332%; + } + .col-lg-push-0 { + left: 0; + } + .col-lg-offset-12 { + margin-left: 100%; + } + .col-lg-offset-11 { + margin-left: 91.66666666666666%; + } + .col-lg-offset-10 { + margin-left: 83.33333333333334%; + } + .col-lg-offset-9 { + margin-left: 75%; + } + .col-lg-offset-8 { + margin-left: 66.66666666666666%; + } + .col-lg-offset-7 { + margin-left: 58.333333333333336%; + } + .col-lg-offset-6 { + margin-left: 50%; + } + .col-lg-offset-5 { + margin-left: 41.66666666666667%; + } + .col-lg-offset-4 { + margin-left: 33.33333333333333%; + } + .col-lg-offset-3 { + margin-left: 25%; + } + .col-lg-offset-2 { + margin-left: 16.666666666666664%; + } + .col-lg-offset-1 { + margin-left: 8.333333333333332%; + } + .col-lg-offset-0 { + margin-left: 0; + } +} + +table { + max-width: 100%; + background-color: transparent; +} + +th { + text-align: left; +} + +.table { + width: 100%; + margin-bottom: 20px; +} + +.table > thead > tr > th, +.table > tbody > tr > th, +.table > tfoot > tr > th, +.table > thead > tr > td, +.table > tbody > tr > td, +.table > tfoot > tr > td { + padding: 8px; + line-height: 1.428571429; + vertical-align: top; + border-top: 1px solid #dddddd; +} + +.table > thead > tr > th { + vertical-align: bottom; + border-bottom: 2px solid #dddddd; +} + +.table > caption + thead > tr:first-child > th, +.table > colgroup + thead > tr:first-child > th, +.table > thead:first-child > tr:first-child > th, +.table > caption + thead > tr:first-child > td, +.table > colgroup + thead > tr:first-child > td, +.table > thead:first-child > tr:first-child > td { + border-top: 0; +} + +.table > tbody + tbody { + border-top: 2px solid #dddddd; +} + +.table .table { + background-color: #ffffff; +} + +.table-condensed > thead > tr > th, +.table-condensed > tbody > tr > th, +.table-condensed > tfoot > tr > th, +.table-condensed > thead > tr > td, +.table-condensed > tbody > tr > td, +.table-condensed > tfoot > tr > td { + padding: 5px; +} + +.table-bordered { + border: 1px solid #dddddd; +} + +.table-bordered > thead > tr > th, +.table-bordered > tbody > tr > th, +.table-bordered > tfoot > tr > th, +.table-bordered > thead > tr > td, +.table-bordered > tbody > tr > td, +.table-bordered > tfoot > tr > td { + border: 1px solid #dddddd; +} + +.table-bordered > thead > tr > th, +.table-bordered > thead > tr > td { + border-bottom-width: 2px; +} + +.table-striped > tbody > tr:nth-child(odd) > td, +.table-striped > tbody > tr:nth-child(odd) > th { + background-color: #f9f9f9; +} + +.table-hover > tbody > tr:hover > td, +.table-hover > tbody > tr:hover > th { + background-color: #f5f5f5; +} + +table col[class*="col-"] { + display: table-column; + float: none; +} + +table td[class*="col-"], +table th[class*="col-"] { + display: table-cell; + float: none; +} + +.table > thead > tr > td.active, +.table > tbody > tr > td.active, +.table > tfoot > tr > td.active, +.table > thead > tr > th.active, +.table > tbody > tr > th.active, +.table > tfoot > tr > th.active, +.table > thead > tr.active > td, +.table > tbody > tr.active > td, +.table > tfoot > tr.active > td, +.table > thead > tr.active > th, +.table > tbody > tr.active > th, +.table > tfoot > tr.active > th { + background-color: #f5f5f5; +} + +.table > thead > tr > td.success, +.table > tbody > tr > td.success, +.table > tfoot > tr > td.success, +.table > thead > tr > th.success, +.table > tbody > tr > th.success, +.table > tfoot > tr > th.success, +.table > thead > tr.success > td, +.table > tbody > tr.success > td, +.table > tfoot > tr.success > td, +.table > thead > tr.success > th, +.table > tbody > tr.success > th, +.table > tfoot > tr.success > th { + background-color: #dff0d8; +} + +.table-hover > tbody > tr > td.success:hover, +.table-hover > tbody > tr > th.success:hover, +.table-hover > tbody > tr.success:hover > td, +.table-hover > tbody > tr.success:hover > th { + background-color: #d0e9c6; +} + +.table > thead > tr > td.danger, +.table > tbody > tr > td.danger, +.table > tfoot > tr > td.danger, +.table > thead > tr > th.danger, +.table > tbody > tr > th.danger, +.table > tfoot > tr > th.danger, +.table > thead > tr.danger > td, +.table > tbody > tr.danger > td, +.table > tfoot > tr.danger > td, +.table > thead > tr.danger > th, +.table > tbody > tr.danger > th, +.table > tfoot > tr.danger > th { + background-color: #f2dede; +} + +.table-hover > tbody > tr > td.danger:hover, +.table-hover > tbody > tr > th.danger:hover, +.table-hover > tbody > tr.danger:hover > td, +.table-hover > tbody > tr.danger:hover > th { + background-color: #ebcccc; +} + +.table > thead > tr > td.warning, +.table > tbody > tr > td.warning, +.table > tfoot > tr > td.warning, +.table > thead > tr > th.warning, +.table > tbody > tr > th.warning, +.table > tfoot > tr > th.warning, +.table > thead > tr.warning > td, +.table > tbody > tr.warning > td, +.table > tfoot > tr.warning > td, +.table > thead > tr.warning > th, +.table > tbody > tr.warning > th, +.table > tfoot > tr.warning > th { + background-color: #fcf8e3; +} + +.table-hover > tbody > tr > td.warning:hover, +.table-hover > tbody > tr > th.warning:hover, +.table-hover > tbody > tr.warning:hover > td, +.table-hover > tbody > tr.warning:hover > th { + background-color: #faf2cc; +} + +@media (max-width: 767px) { + .table-responsive { + width: 100%; + margin-bottom: 15px; + overflow-x: scroll; + overflow-y: hidden; + border: 1px solid #dddddd; + -ms-overflow-style: -ms-autohiding-scrollbar; + -webkit-overflow-scrolling: touch; + } + .table-responsive > .table { + margin-bottom: 0; + } + .table-responsive > .table > thead > tr > th, + .table-responsive > .table > tbody > tr > th, + .table-responsive > .table > tfoot > tr > th, + .table-responsive > .table > thead > tr > td, + .table-responsive > .table > tbody > tr > td, + .table-responsive > .table > tfoot > tr > td { + white-space: nowrap; + } + .table-responsive > .table-bordered { + border: 0; + } + .table-responsive > .table-bordered > thead > tr > th:first-child, + .table-responsive > .table-bordered > tbody > tr > th:first-child, + .table-responsive > .table-bordered > tfoot > tr > th:first-child, + .table-responsive > .table-bordered > thead > tr > td:first-child, + .table-responsive > .table-bordered > tbody > tr > td:first-child, + .table-responsive > .table-bordered > tfoot > tr > td:first-child { + border-left: 0; + } + .table-responsive > .table-bordered > thead > tr > th:last-child, + .table-responsive > .table-bordered > tbody > tr > th:last-child, + .table-responsive > .table-bordered > tfoot > tr > th:last-child, + .table-responsive > .table-bordered > thead > tr > td:last-child, + .table-responsive > .table-bordered > tbody > tr > td:last-child, + .table-responsive > .table-bordered > tfoot > tr > td:last-child { + border-right: 0; + } + .table-responsive > .table-bordered > tbody > tr:last-child > th, + .table-responsive > .table-bordered > tfoot > tr:last-child > th, + .table-responsive > .table-bordered > tbody > tr:last-child > td, + .table-responsive > .table-bordered > tfoot > tr:last-child > td { + border-bottom: 0; + } +} + +fieldset { + padding: 0; + margin: 0; + border: 0; +} + +legend { + display: block; + width: 100%; + padding: 0; + margin-bottom: 20px; + font-size: 21px; + line-height: inherit; + color: #333333; + border: 0; + border-bottom: 1px solid #e5e5e5; +} + +label { + display: inline-block; + margin-bottom: 5px; + font-weight: bold; +} + +input[type="search"] { + -webkit-box-sizing: border-box; + -moz-box-sizing: border-box; + box-sizing: border-box; +} + +input[type="radio"], +input[type="checkbox"] { + margin: 4px 0 0; + margin-top: 1px \9; + /* IE8-9 */ + + line-height: normal; +} + +input[type="file"] { + display: block; +} + +select[multiple], +select[size] { + height: auto; +} + +select optgroup { + font-family: inherit; + font-size: inherit; + font-style: inherit; +} + +input[type="file"]:focus, +input[type="radio"]:focus, +input[type="checkbox"]:focus { + outline: thin dotted #333; + outline: 5px auto -webkit-focus-ring-color; + outline-offset: -2px; +} + +input[type="number"]::-webkit-outer-spin-button, +input[type="number"]::-webkit-inner-spin-button { + height: auto; +} + +output { + display: block; + padding-top: 7px; + font-size: 14px; + line-height: 1.428571429; + color: #555555; + vertical-align: middle; +} + +.form-control { + display: block; + width: 100%; + height: 34px; + padding: 6px 12px; + font-size: 14px; + line-height: 1.428571429; + color: #555555; + vertical-align: middle; + background-color: #ffffff; + background-image: none; + border: 1px solid #cccccc; + border-radius: 4px; + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); + box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); + -webkit-transition: border-color ease-in-out 0.15s, box-shadow ease-in-out 0.15s; + transition: border-color ease-in-out 0.15s, box-shadow ease-in-out 0.15s; +} + +.form-control:focus { + border-color: #66afe9; + outline: 0; + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 8px rgba(102, 175, 233, 0.6); + box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 8px rgba(102, 175, 233, 0.6); +} + +.form-control:-moz-placeholder { + color: #999999; +} + +.form-control::-moz-placeholder { + color: #999999; +} + +.form-control:-ms-input-placeholder { + color: #999999; +} + +.form-control::-webkit-input-placeholder { + color: #999999; +} + +.form-control[disabled], +.form-control[readonly], +fieldset[disabled] .form-control { + cursor: not-allowed; + background-color: #eeeeee; +} + +textarea.form-control { + height: auto; +} + +.form-group { + margin-bottom: 15px; +} + +.radio, +.checkbox { + display: block; + min-height: 20px; + padding-left: 20px; + margin-top: 10px; + margin-bottom: 10px; + vertical-align: middle; +} + +.radio label, +.checkbox label { + display: inline; + margin-bottom: 0; + font-weight: normal; + cursor: pointer; +} + +.radio input[type="radio"], +.radio-inline input[type="radio"], +.checkbox input[type="checkbox"], +.checkbox-inline input[type="checkbox"] { + float: left; + margin-left: -20px; +} + +.radio + .radio, +.checkbox + .checkbox { + margin-top: -5px; +} + +.radio-inline, +.checkbox-inline { + display: inline-block; + padding-left: 20px; + margin-bottom: 0; + font-weight: normal; + vertical-align: middle; + cursor: pointer; +} + +.radio-inline + .radio-inline, +.checkbox-inline + .checkbox-inline { + margin-top: 0; + margin-left: 10px; +} + +input[type="radio"][disabled], +input[type="checkbox"][disabled], +.radio[disabled], +.radio-inline[disabled], +.checkbox[disabled], +.checkbox-inline[disabled], +fieldset[disabled] input[type="radio"], +fieldset[disabled] input[type="checkbox"], +fieldset[disabled] .radio, +fieldset[disabled] .radio-inline, +fieldset[disabled] .checkbox, +fieldset[disabled] .checkbox-inline { + cursor: not-allowed; +} + +.input-sm { + height: 30px; + padding: 5px 10px; + font-size: 12px; + line-height: 1.5; + border-radius: 3px; +} + +select.input-sm { + height: 30px; + line-height: 30px; +} + +textarea.input-sm { + height: auto; +} + +.input-lg { + height: 45px; + padding: 10px 16px; + font-size: 18px; + line-height: 1.33; + border-radius: 6px; +} + +select.input-lg { + height: 45px; + line-height: 45px; +} + +textarea.input-lg { + height: auto; +} + +.has-warning .help-block, +.has-warning .control-label, +.has-warning .radio, +.has-warning .checkbox, +.has-warning .radio-inline, +.has-warning .checkbox-inline { + color: #c09853; +} + +.has-warning .form-control { + border-color: #c09853; + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); + box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); +} + +.has-warning .form-control:focus { + border-color: #a47e3c; + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #dbc59e; + box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #dbc59e; +} + +.has-warning .input-group-addon { + color: #c09853; + background-color: #fcf8e3; + border-color: #c09853; +} + +.has-error .help-block, +.has-error .control-label, +.has-error .radio, +.has-error .checkbox, +.has-error .radio-inline, +.has-error .checkbox-inline { + color: #b94a48; +} + +.has-error .form-control { + border-color: #b94a48; + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); + box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); +} + +.has-error .form-control:focus { + border-color: #953b39; + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #d59392; + box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #d59392; +} + +.has-error .input-group-addon { + color: #b94a48; + background-color: #f2dede; + border-color: #b94a48; +} + +.has-success .help-block, +.has-success .control-label, +.has-success .radio, +.has-success .checkbox, +.has-success .radio-inline, +.has-success .checkbox-inline { + color: #468847; +} + +.has-success .form-control { + border-color: #468847; + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); + box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); +} + +.has-success .form-control:focus { + border-color: #356635; + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #7aba7b; + box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #7aba7b; +} + +.has-success .input-group-addon { + color: #468847; + background-color: #dff0d8; + border-color: #468847; +} + +.form-control-static { + margin-bottom: 0; +} + +.help-block { + display: block; + margin-top: 5px; + margin-bottom: 10px; + color: #737373; +} + +@media (min-width: 768px) { + .form-inline .form-group { + display: inline-block; + margin-bottom: 0; + vertical-align: middle; + } + .form-inline .form-control { + display: inline-block; + } + .form-inline .radio, + .form-inline .checkbox { + display: inline-block; + padding-left: 0; + margin-top: 0; + margin-bottom: 0; + } + .form-inline .radio input[type="radio"], + .form-inline .checkbox input[type="checkbox"] { + float: none; + margin-left: 0; + } +} + +.form-horizontal .control-label, +.form-horizontal .radio, +.form-horizontal .checkbox, +.form-horizontal .radio-inline, +.form-horizontal .checkbox-inline { + padding-top: 7px; + margin-top: 0; + margin-bottom: 0; +} + +.form-horizontal .form-group { + margin-right: -15px; + margin-left: -15px; +} + +.form-horizontal .form-group:before, +.form-horizontal .form-group:after { + display: table; + content: " "; +} + +.form-horizontal .form-group:after { + clear: both; +} + +.form-horizontal .form-group:before, +.form-horizontal .form-group:after { + display: table; + content: " "; +} + +.form-horizontal .form-group:after { + clear: both; +} + +.form-horizontal .form-control-static { + padding-top: 7px; +} + +@media (min-width: 768px) { + .form-horizontal .control-label { + text-align: right; + } +} + +.btn { + display: inline-block; + padding: 6px 12px; + margin-bottom: 0; + font-size: 14px; + font-weight: normal; + line-height: 1.428571429; + text-align: center; + white-space: nowrap; + vertical-align: middle; + cursor: pointer; + background-image: none; + border: 1px solid transparent; + border-radius: 4px; + -webkit-user-select: none; + -moz-user-select: none; + -ms-user-select: none; + -o-user-select: none; + user-select: none; +} + +.btn:focus { + outline: thin dotted #333; + outline: 5px auto -webkit-focus-ring-color; + outline-offset: -2px; +} + +.btn:hover, +.btn:focus { + color: #333333; + text-decoration: none; +} + +.btn:active, +.btn.active { + background-image: none; + outline: 0; + -webkit-box-shadow: inset 0 3px 5px rgba(0, 0, 0, 0.125); + box-shadow: inset 0 3px 5px rgba(0, 0, 0, 0.125); +} + +.btn.disabled, +.btn[disabled], +fieldset[disabled] .btn { + pointer-events: none; + cursor: not-allowed; + opacity: 0.65; + filter: alpha(opacity=65); + -webkit-box-shadow: none; + box-shadow: none; +} + +.btn-default { + color: #333333; + background-color: #ffffff; + border-color: #cccccc; +} + +.btn-default:hover, +.btn-default:focus, +.btn-default:active, +.btn-default.active, +.open .dropdown-toggle.btn-default { + color: #333333; + background-color: #ebebeb; + border-color: #adadad; +} + +.btn-default:active, +.btn-default.active, +.open .dropdown-toggle.btn-default { + background-image: none; +} + +.btn-default.disabled, +.btn-default[disabled], +fieldset[disabled] .btn-default, +.btn-default.disabled:hover, +.btn-default[disabled]:hover, +fieldset[disabled] .btn-default:hover, +.btn-default.disabled:focus, +.btn-default[disabled]:focus, +fieldset[disabled] .btn-default:focus, +.btn-default.disabled:active, +.btn-default[disabled]:active, +fieldset[disabled] .btn-default:active, +.btn-default.disabled.active, +.btn-default[disabled].active, +fieldset[disabled] .btn-default.active { + background-color: #ffffff; + border-color: #cccccc; +} + +.btn-primary { + color: #ffffff; + background-color: #428bca; + border-color: #357ebd; +} + +.btn-primary:hover, +.btn-primary:focus, +.btn-primary:active, +.btn-primary.active, +.open .dropdown-toggle.btn-primary { + color: #ffffff; + background-color: #3276b1; + border-color: #285e8e; +} + +.btn-primary:active, +.btn-primary.active, +.open .dropdown-toggle.btn-primary { + background-image: none; +} + +.btn-primary.disabled, +.btn-primary[disabled], +fieldset[disabled] .btn-primary, +.btn-primary.disabled:hover, +.btn-primary[disabled]:hover, +fieldset[disabled] .btn-primary:hover, +.btn-primary.disabled:focus, +.btn-primary[disabled]:focus, +fieldset[disabled] .btn-primary:focus, +.btn-primary.disabled:active, +.btn-primary[disabled]:active, +fieldset[disabled] .btn-primary:active, +.btn-primary.disabled.active, +.btn-primary[disabled].active, +fieldset[disabled] .btn-primary.active { + background-color: #428bca; + border-color: #357ebd; +} + +.btn-warning { + color: #ffffff; + background-color: #f0ad4e; + border-color: #eea236; +} + +.btn-warning:hover, +.btn-warning:focus, +.btn-warning:active, +.btn-warning.active, +.open .dropdown-toggle.btn-warning { + color: #ffffff; + background-color: #ed9c28; + border-color: #d58512; +} + +.btn-warning:active, +.btn-warning.active, +.open .dropdown-toggle.btn-warning { + background-image: none; +} + +.btn-warning.disabled, +.btn-warning[disabled], +fieldset[disabled] .btn-warning, +.btn-warning.disabled:hover, +.btn-warning[disabled]:hover, +fieldset[disabled] .btn-warning:hover, +.btn-warning.disabled:focus, +.btn-warning[disabled]:focus, +fieldset[disabled] .btn-warning:focus, +.btn-warning.disabled:active, +.btn-warning[disabled]:active, +fieldset[disabled] .btn-warning:active, +.btn-warning.disabled.active, +.btn-warning[disabled].active, +fieldset[disabled] .btn-warning.active { + background-color: #f0ad4e; + border-color: #eea236; +} + +.btn-danger { + color: #ffffff; + background-color: #d9534f; + border-color: #d43f3a; +} + +.btn-danger:hover, +.btn-danger:focus, +.btn-danger:active, +.btn-danger.active, +.open .dropdown-toggle.btn-danger { + color: #ffffff; + background-color: #d2322d; + border-color: #ac2925; +} + +.btn-danger:active, +.btn-danger.active, +.open .dropdown-toggle.btn-danger { + background-image: none; +} + +.btn-danger.disabled, +.btn-danger[disabled], +fieldset[disabled] .btn-danger, +.btn-danger.disabled:hover, +.btn-danger[disabled]:hover, +fieldset[disabled] .btn-danger:hover, +.btn-danger.disabled:focus, +.btn-danger[disabled]:focus, +fieldset[disabled] .btn-danger:focus, +.btn-danger.disabled:active, +.btn-danger[disabled]:active, +fieldset[disabled] .btn-danger:active, +.btn-danger.disabled.active, +.btn-danger[disabled].active, +fieldset[disabled] .btn-danger.active { + background-color: #d9534f; + border-color: #d43f3a; +} + +.btn-success { + color: #ffffff; + background-color: #5cb85c; + border-color: #4cae4c; +} + +.btn-success:hover, +.btn-success:focus, +.btn-success:active, +.btn-success.active, +.open .dropdown-toggle.btn-success { + color: #ffffff; + background-color: #47a447; + border-color: #398439; +} + +.btn-success:active, +.btn-success.active, +.open .dropdown-toggle.btn-success { + background-image: none; +} + +.btn-success.disabled, +.btn-success[disabled], +fieldset[disabled] .btn-success, +.btn-success.disabled:hover, +.btn-success[disabled]:hover, +fieldset[disabled] .btn-success:hover, +.btn-success.disabled:focus, +.btn-success[disabled]:focus, +fieldset[disabled] .btn-success:focus, +.btn-success.disabled:active, +.btn-success[disabled]:active, +fieldset[disabled] .btn-success:active, +.btn-success.disabled.active, +.btn-success[disabled].active, +fieldset[disabled] .btn-success.active { + background-color: #5cb85c; + border-color: #4cae4c; +} + +.btn-info { + color: #ffffff; + background-color: #5bc0de; + border-color: #46b8da; +} + +.btn-info:hover, +.btn-info:focus, +.btn-info:active, +.btn-info.active, +.open .dropdown-toggle.btn-info { + color: #ffffff; + background-color: #39b3d7; + border-color: #269abc; +} + +.btn-info:active, +.btn-info.active, +.open .dropdown-toggle.btn-info { + background-image: none; +} + +.btn-info.disabled, +.btn-info[disabled], +fieldset[disabled] .btn-info, +.btn-info.disabled:hover, +.btn-info[disabled]:hover, +fieldset[disabled] .btn-info:hover, +.btn-info.disabled:focus, +.btn-info[disabled]:focus, +fieldset[disabled] .btn-info:focus, +.btn-info.disabled:active, +.btn-info[disabled]:active, +fieldset[disabled] .btn-info:active, +.btn-info.disabled.active, +.btn-info[disabled].active, +fieldset[disabled] .btn-info.active { + background-color: #5bc0de; + border-color: #46b8da; +} + +.btn-link { + font-weight: normal; + color: #428bca; + cursor: pointer; + border-radius: 0; +} + +.btn-link, +.btn-link:active, +.btn-link[disabled], +fieldset[disabled] .btn-link { + background-color: transparent; + -webkit-box-shadow: none; + box-shadow: none; +} + +.btn-link, +.btn-link:hover, +.btn-link:focus, +.btn-link:active { + border-color: transparent; +} + +.btn-link:hover, +.btn-link:focus { + color: #2a6496; + text-decoration: underline; + background-color: transparent; +} + +.btn-link[disabled]:hover, +fieldset[disabled] .btn-link:hover, +.btn-link[disabled]:focus, +fieldset[disabled] .btn-link:focus { + color: #999999; + text-decoration: none; +} + +.btn-lg { + padding: 10px 16px; + font-size: 18px; + line-height: 1.33; + border-radius: 6px; +} + +.btn-sm, +.btn-xs { + padding: 5px 10px; + font-size: 12px; + line-height: 1.5; + border-radius: 3px; +} + +.btn-xs { + padding: 1px 5px; +} + +.btn-block { + display: block; + width: 100%; + padding-right: 0; + padding-left: 0; +} + +.btn-block + .btn-block { + margin-top: 5px; +} + +input[type="submit"].btn-block, +input[type="reset"].btn-block, +input[type="button"].btn-block { + width: 100%; +} + +.fade { + opacity: 0; + -webkit-transition: opacity 0.15s linear; + transition: opacity 0.15s linear; +} + +.fade.in { + opacity: 1; +} + +.collapse { + display: none; +} + +.collapse.in { + display: block; +} + +.collapsing { + position: relative; + height: 0; + overflow: hidden; + -webkit-transition: height 0.35s ease; + transition: height 0.35s ease; +} + +@font-face { + font-family: 'Glyphicons Halflings'; + src: url('../fonts/glyphicons-halflings-regular.eot'); + src: url('../fonts/glyphicons-halflings-regular.eot?#iefix') format('embedded-opentype'), url('../fonts/glyphicons-halflings-regular.woff') format('woff'), url('../fonts/glyphicons-halflings-regular.ttf') format('truetype'), url('../fonts/glyphicons-halflings-regular.svg#glyphicons_halflingsregular') format('svg'); +} + +.glyphicon { + position: relative; + top: 1px; + display: inline-block; + font-family: 'Glyphicons Halflings'; + -webkit-font-smoothing: antialiased; + font-style: normal; + font-weight: normal; + line-height: 1; + -moz-osx-font-smoothing: grayscale; +} + +.glyphicon:empty { + width: 1em; +} + +.glyphicon-asterisk:before { + content: "\2a"; +} + +.glyphicon-plus:before { + content: "\2b"; +} + +.glyphicon-euro:before { + content: "\20ac"; +} + +.glyphicon-minus:before { + content: "\2212"; +} + +.glyphicon-cloud:before { + content: "\2601"; +} + +.glyphicon-envelope:before { + content: "\2709"; +} + +.glyphicon-pencil:before { + content: "\270f"; +} + +.glyphicon-glass:before { + content: "\e001"; +} + +.glyphicon-music:before { + content: "\e002"; +} + +.glyphicon-search:before { + content: "\e003"; +} + +.glyphicon-heart:before { + content: "\e005"; +} + +.glyphicon-star:before { + content: "\e006"; +} + +.glyphicon-star-empty:before { + content: "\e007"; +} + +.glyphicon-user:before { + content: "\e008"; +} + +.glyphicon-film:before { + content: "\e009"; +} + +.glyphicon-th-large:before { + content: "\e010"; +} + +.glyphicon-th:before { + content: "\e011"; +} + +.glyphicon-th-list:before { + content: "\e012"; +} + +.glyphicon-ok:before { + content: "\e013"; +} + +.glyphicon-remove:before { + content: "\e014"; +} + +.glyphicon-zoom-in:before { + content: "\e015"; +} + +.glyphicon-zoom-out:before { + content: "\e016"; +} + +.glyphicon-off:before { + content: "\e017"; +} + +.glyphicon-signal:before { + content: "\e018"; +} + +.glyphicon-cog:before { + content: "\e019"; +} + +.glyphicon-trash:before { + content: "\e020"; +} + +.glyphicon-home:before { + content: "\e021"; +} + +.glyphicon-file:before { + content: "\e022"; +} + +.glyphicon-time:before { + content: "\e023"; +} + +.glyphicon-road:before { + content: "\e024"; +} + +.glyphicon-download-alt:before { + content: "\e025"; +} + +.glyphicon-download:before { + content: "\e026"; +} + +.glyphicon-upload:before { + content: "\e027"; +} + +.glyphicon-inbox:before { + content: "\e028"; +} + +.glyphicon-play-circle:before { + content: "\e029"; +} + +.glyphicon-repeat:before { + content: "\e030"; +} + +.glyphicon-refresh:before { + content: "\e031"; +} + +.glyphicon-list-alt:before { + content: "\e032"; +} + +.glyphicon-lock:before { + content: "\e033"; +} + +.glyphicon-flag:before { + content: "\e034"; +} + +.glyphicon-headphones:before { + content: "\e035"; +} + +.glyphicon-volume-off:before { + content: "\e036"; +} + +.glyphicon-volume-down:before { + content: "\e037"; +} + +.glyphicon-volume-up:before { + content: "\e038"; +} + +.glyphicon-qrcode:before { + content: "\e039"; +} + +.glyphicon-barcode:before { + content: "\e040"; +} + +.glyphicon-tag:before { + content: "\e041"; +} + +.glyphicon-tags:before { + content: "\e042"; +} + +.glyphicon-book:before { + content: "\e043"; +} + +.glyphicon-bookmark:before { + content: "\e044"; +} + +.glyphicon-print:before { + content: "\e045"; +} + +.glyphicon-camera:before { + content: "\e046"; +} + +.glyphicon-font:before { + content: "\e047"; +} + +.glyphicon-bold:before { + content: "\e048"; +} + +.glyphicon-italic:before { + content: "\e049"; +} + +.glyphicon-text-height:before { + content: "\e050"; +} + +.glyphicon-text-width:before { + content: "\e051"; +} + +.glyphicon-align-left:before { + content: "\e052"; +} + +.glyphicon-align-center:before { + content: "\e053"; +} + +.glyphicon-align-right:before { + content: "\e054"; +} + +.glyphicon-align-justify:before { + content: "\e055"; +} + +.glyphicon-list:before { + content: "\e056"; +} + +.glyphicon-indent-left:before { + content: "\e057"; +} + +.glyphicon-indent-right:before { + content: "\e058"; +} + +.glyphicon-facetime-video:before { + content: "\e059"; +} + +.glyphicon-picture:before { + content: "\e060"; +} + +.glyphicon-map-marker:before { + content: "\e062"; +} + +.glyphicon-adjust:before { + content: "\e063"; +} + +.glyphicon-tint:before { + content: "\e064"; +} + +.glyphicon-edit:before { + content: "\e065"; +} + +.glyphicon-share:before { + content: "\e066"; +} + +.glyphicon-check:before { + content: "\e067"; +} + +.glyphicon-move:before { + content: "\e068"; +} + +.glyphicon-step-backward:before { + content: "\e069"; +} + +.glyphicon-fast-backward:before { + content: "\e070"; +} + +.glyphicon-backward:before { + content: "\e071"; +} + +.glyphicon-play:before { + content: "\e072"; +} + +.glyphicon-pause:before { + content: "\e073"; +} + +.glyphicon-stop:before { + content: "\e074"; +} + +.glyphicon-forward:before { + content: "\e075"; +} + +.glyphicon-fast-forward:before { + content: "\e076"; +} + +.glyphicon-step-forward:before { + content: "\e077"; +} + +.glyphicon-eject:before { + content: "\e078"; +} + +.glyphicon-chevron-left:before { + content: "\e079"; +} + +.glyphicon-chevron-right:before { + content: "\e080"; +} + +.glyphicon-plus-sign:before { + content: "\e081"; +} + +.glyphicon-minus-sign:before { + content: "\e082"; +} + +.glyphicon-remove-sign:before { + content: "\e083"; +} + +.glyphicon-ok-sign:before { + content: "\e084"; +} + +.glyphicon-question-sign:before { + content: "\e085"; +} + +.glyphicon-info-sign:before { + content: "\e086"; +} + +.glyphicon-screenshot:before { + content: "\e087"; +} + +.glyphicon-remove-circle:before { + content: "\e088"; +} + +.glyphicon-ok-circle:before { + content: "\e089"; +} + +.glyphicon-ban-circle:before { + content: "\e090"; +} + +.glyphicon-arrow-left:before { + content: "\e091"; +} + +.glyphicon-arrow-right:before { + content: "\e092"; +} + +.glyphicon-arrow-up:before { + content: "\e093"; +} + +.glyphicon-arrow-down:before { + content: "\e094"; +} + +.glyphicon-share-alt:before { + content: "\e095"; +} + +.glyphicon-resize-full:before { + content: "\e096"; +} + +.glyphicon-resize-small:before { + content: "\e097"; +} + +.glyphicon-exclamation-sign:before { + content: "\e101"; +} + +.glyphicon-gift:before { + content: "\e102"; +} + +.glyphicon-leaf:before { + content: "\e103"; +} + +.glyphicon-fire:before { + content: "\e104"; +} + +.glyphicon-eye-open:before { + content: "\e105"; +} + +.glyphicon-eye-close:before { + content: "\e106"; +} + +.glyphicon-warning-sign:before { + content: "\e107"; +} + +.glyphicon-plane:before { + content: "\e108"; +} + +.glyphicon-calendar:before { + content: "\e109"; +} + +.glyphicon-random:before { + content: "\e110"; +} + +.glyphicon-comment:before { + content: "\e111"; +} + +.glyphicon-magnet:before { + content: "\e112"; +} + +.glyphicon-chevron-up:before { + content: "\e113"; +} + +.glyphicon-chevron-down:before { + content: "\e114"; +} + +.glyphicon-retweet:before { + content: "\e115"; +} + +.glyphicon-shopping-cart:before { + content: "\e116"; +} + +.glyphicon-folder-close:before { + content: "\e117"; +} + +.glyphicon-folder-open:before { + content: "\e118"; +} + +.glyphicon-resize-vertical:before { + content: "\e119"; +} + +.glyphicon-resize-horizontal:before { + content: "\e120"; +} + +.glyphicon-hdd:before { + content: "\e121"; +} + +.glyphicon-bullhorn:before { + content: "\e122"; +} + +.glyphicon-bell:before { + content: "\e123"; +} + +.glyphicon-certificate:before { + content: "\e124"; +} + +.glyphicon-thumbs-up:before { + content: "\e125"; +} + +.glyphicon-thumbs-down:before { + content: "\e126"; +} + +.glyphicon-hand-right:before { + content: "\e127"; +} + +.glyphicon-hand-left:before { + content: "\e128"; +} + +.glyphicon-hand-up:before { + content: "\e129"; +} + +.glyphicon-hand-down:before { + content: "\e130"; +} + +.glyphicon-circle-arrow-right:before { + content: "\e131"; +} + +.glyphicon-circle-arrow-left:before { + content: "\e132"; +} + +.glyphicon-circle-arrow-up:before { + content: "\e133"; +} + +.glyphicon-circle-arrow-down:before { + content: "\e134"; +} + +.glyphicon-globe:before { + content: "\e135"; +} + +.glyphicon-wrench:before { + content: "\e136"; +} + +.glyphicon-tasks:before { + content: "\e137"; +} + +.glyphicon-filter:before { + content: "\e138"; +} + +.glyphicon-briefcase:before { + content: "\e139"; +} + +.glyphicon-fullscreen:before { + content: "\e140"; +} + +.glyphicon-dashboard:before { + content: "\e141"; +} + +.glyphicon-paperclip:before { + content: "\e142"; +} + +.glyphicon-heart-empty:before { + content: "\e143"; +} + +.glyphicon-link:before { + content: "\e144"; +} + +.glyphicon-phone:before { + content: "\e145"; +} + +.glyphicon-pushpin:before { + content: "\e146"; +} + +.glyphicon-usd:before { + content: "\e148"; +} + +.glyphicon-gbp:before { + content: "\e149"; +} + +.glyphicon-sort:before { + content: "\e150"; +} + +.glyphicon-sort-by-alphabet:before { + content: "\e151"; +} + +.glyphicon-sort-by-alphabet-alt:before { + content: "\e152"; +} + +.glyphicon-sort-by-order:before { + content: "\e153"; +} + +.glyphicon-sort-by-order-alt:before { + content: "\e154"; +} + +.glyphicon-sort-by-attributes:before { + content: "\e155"; +} + +.glyphicon-sort-by-attributes-alt:before { + content: "\e156"; +} + +.glyphicon-unchecked:before { + content: "\e157"; +} + +.glyphicon-expand:before { + content: "\e158"; +} + +.glyphicon-collapse-down:before { + content: "\e159"; +} + +.glyphicon-collapse-up:before { + content: "\e160"; +} + +.glyphicon-log-in:before { + content: "\e161"; +} + +.glyphicon-flash:before { + content: "\e162"; +} + +.glyphicon-log-out:before { + content: "\e163"; +} + +.glyphicon-new-window:before { + content: "\e164"; +} + +.glyphicon-record:before { + content: "\e165"; +} + +.glyphicon-save:before { + content: "\e166"; +} + +.glyphicon-open:before { + content: "\e167"; +} + +.glyphicon-saved:before { + content: "\e168"; +} + +.glyphicon-import:before { + content: "\e169"; +} + +.glyphicon-export:before { + content: "\e170"; +} + +.glyphicon-send:before { + content: "\e171"; +} + +.glyphicon-floppy-disk:before { + content: "\e172"; +} + +.glyphicon-floppy-saved:before { + content: "\e173"; +} + +.glyphicon-floppy-remove:before { + content: "\e174"; +} + +.glyphicon-floppy-save:before { + content: "\e175"; +} + +.glyphicon-floppy-open:before { + content: "\e176"; +} + +.glyphicon-credit-card:before { + content: "\e177"; +} + +.glyphicon-transfer:before { + content: "\e178"; +} + +.glyphicon-cutlery:before { + content: "\e179"; +} + +.glyphicon-header:before { + content: "\e180"; +} + +.glyphicon-compressed:before { + content: "\e181"; +} + +.glyphicon-earphone:before { + content: "\e182"; +} + +.glyphicon-phone-alt:before { + content: "\e183"; +} + +.glyphicon-tower:before { + content: "\e184"; +} + +.glyphicon-stats:before { + content: "\e185"; +} + +.glyphicon-sd-video:before { + content: "\e186"; +} + +.glyphicon-hd-video:before { + content: "\e187"; +} + +.glyphicon-subtitles:before { + content: "\e188"; +} + +.glyphicon-sound-stereo:before { + content: "\e189"; +} + +.glyphicon-sound-dolby:before { + content: "\e190"; +} + +.glyphicon-sound-5-1:before { + content: "\e191"; +} + +.glyphicon-sound-6-1:before { + content: "\e192"; +} + +.glyphicon-sound-7-1:before { + content: "\e193"; +} + +.glyphicon-copyright-mark:before { + content: "\e194"; +} + +.glyphicon-registration-mark:before { + content: "\e195"; +} + +.glyphicon-cloud-download:before { + content: "\e197"; +} + +.glyphicon-cloud-upload:before { + content: "\e198"; +} + +.glyphicon-tree-conifer:before { + content: "\e199"; +} + +.glyphicon-tree-deciduous:before { + content: "\e200"; +} + +.caret { + display: inline-block; + width: 0; + height: 0; + margin-left: 2px; + vertical-align: middle; + border-top: 4px solid #000000; + border-right: 4px solid transparent; + border-bottom: 0 dotted; + border-left: 4px solid transparent; +} + +.dropdown { + position: relative; +} + +.dropdown-toggle:focus { + outline: 0; +} + +.dropdown-menu { + position: absolute; + top: 100%; + left: 0; + z-index: 1000; + display: none; + float: left; + min-width: 160px; + padding: 5px 0; + margin: 2px 0 0; + font-size: 14px; + list-style: none; + background-color: #ffffff; + border: 1px solid #cccccc; + border: 1px solid rgba(0, 0, 0, 0.15); + border-radius: 4px; + -webkit-box-shadow: 0 6px 12px rgba(0, 0, 0, 0.175); + box-shadow: 0 6px 12px rgba(0, 0, 0, 0.175); + background-clip: padding-box; +} + +.dropdown-menu.pull-right { + right: 0; + left: auto; +} + +.dropdown-menu .divider { + height: 1px; + margin: 9px 0; + overflow: hidden; + background-color: #e5e5e5; +} + +.dropdown-menu > li > a { + display: block; + padding: 3px 20px; + clear: both; + font-weight: normal; + line-height: 1.428571429; + color: #333333; + white-space: nowrap; +} + +.dropdown-menu > li > a:hover, +.dropdown-menu > li > a:focus { + color: #262626; + text-decoration: none; + background-color: #f5f5f5; +} + +.dropdown-menu > .active > a, +.dropdown-menu > .active > a:hover, +.dropdown-menu > .active > a:focus { + color: #ffffff; + text-decoration: none; + background-color: #428bca; + outline: 0; +} + +.dropdown-menu > .disabled > a, +.dropdown-menu > .disabled > a:hover, +.dropdown-menu > .disabled > a:focus { + color: #999999; +} + +.dropdown-menu > .disabled > a:hover, +.dropdown-menu > .disabled > a:focus { + text-decoration: none; + cursor: not-allowed; + background-color: transparent; + background-image: none; + filter: progid:DXImageTransform.Microsoft.gradient(enabled=false); +} + +.open > .dropdown-menu { + display: block; +} + +.open > a { + outline: 0; +} + +.dropdown-header { + display: block; + padding: 3px 20px; + font-size: 12px; + line-height: 1.428571429; + color: #999999; +} + +.dropdown-backdrop { + position: fixed; + top: 0; + right: 0; + bottom: 0; + left: 0; + z-index: 990; +} + +.pull-right > .dropdown-menu { + right: 0; + left: auto; +} + +.dropup .caret, +.navbar-fixed-bottom .dropdown .caret { + border-top: 0 dotted; + border-bottom: 4px solid #000000; + content: ""; +} + +.dropup .dropdown-menu, +.navbar-fixed-bottom .dropdown .dropdown-menu { + top: auto; + bottom: 100%; + margin-bottom: 1px; +} + +@media (min-width: 768px) { + .navbar-right .dropdown-menu { + right: 0; + left: auto; + } +} + +.btn-default .caret { + border-top-color: #333333; +} + +.btn-primary .caret, +.btn-success .caret, +.btn-warning .caret, +.btn-danger .caret, +.btn-info .caret { + border-top-color: #fff; +} + +.dropup .btn-default .caret { + border-bottom-color: #333333; +} + +.dropup .btn-primary .caret, +.dropup .btn-success .caret, +.dropup .btn-warning .caret, +.dropup .btn-danger .caret, +.dropup .btn-info .caret { + border-bottom-color: #fff; +} + +.btn-group, +.btn-group-vertical { + position: relative; + display: inline-block; + vertical-align: middle; +} + +.btn-group > .btn, +.btn-group-vertical > .btn { + position: relative; + float: left; +} + +.btn-group > .btn:hover, +.btn-group-vertical > .btn:hover, +.btn-group > .btn:focus, +.btn-group-vertical > .btn:focus, +.btn-group > .btn:active, +.btn-group-vertical > .btn:active, +.btn-group > .btn.active, +.btn-group-vertical > .btn.active { + z-index: 2; +} + +.btn-group > .btn:focus, +.btn-group-vertical > .btn:focus { + outline: none; +} + +.btn-group .btn + .btn, +.btn-group .btn + .btn-group, +.btn-group .btn-group + .btn, +.btn-group .btn-group + .btn-group { + margin-left: -1px; +} + +.btn-toolbar:before, +.btn-toolbar:after { + display: table; + content: " "; +} + +.btn-toolbar:after { + clear: both; +} + +.btn-toolbar:before, +.btn-toolbar:after { + display: table; + content: " "; +} + +.btn-toolbar:after { + clear: both; +} + +.btn-toolbar .btn-group { + float: left; +} + +.btn-toolbar > .btn + .btn, +.btn-toolbar > .btn-group + .btn, +.btn-toolbar > .btn + .btn-group, +.btn-toolbar > .btn-group + .btn-group { + margin-left: 5px; +} + +.btn-group > .btn:not(:first-child):not(:last-child):not(.dropdown-toggle) { + border-radius: 0; +} + +.btn-group > .btn:first-child { + margin-left: 0; +} + +.btn-group > .btn:first-child:not(:last-child):not(.dropdown-toggle) { + border-top-right-radius: 0; + border-bottom-right-radius: 0; +} + +.btn-group > .btn:last-child:not(:first-child), +.btn-group > .dropdown-toggle:not(:first-child) { + border-bottom-left-radius: 0; + border-top-left-radius: 0; +} + +.btn-group > .btn-group { + float: left; +} + +.btn-group > .btn-group:not(:first-child):not(:last-child) > .btn { + border-radius: 0; +} + +.btn-group > .btn-group:first-child > .btn:last-child, +.btn-group > .btn-group:first-child > .dropdown-toggle { + border-top-right-radius: 0; + border-bottom-right-radius: 0; +} + +.btn-group > .btn-group:last-child > .btn:first-child { + border-bottom-left-radius: 0; + border-top-left-radius: 0; +} + +.btn-group .dropdown-toggle:active, +.btn-group.open .dropdown-toggle { + outline: 0; +} + +.btn-group-xs > .btn { + padding: 5px 10px; + padding: 1px 5px; + font-size: 12px; + line-height: 1.5; + border-radius: 3px; +} + +.btn-group-sm > .btn { + padding: 5px 10px; + font-size: 12px; + line-height: 1.5; + border-radius: 3px; +} + +.btn-group-lg > .btn { + padding: 10px 16px; + font-size: 18px; + line-height: 1.33; + border-radius: 6px; +} + +.btn-group > .btn + .dropdown-toggle { + padding-right: 8px; + padding-left: 8px; +} + +.btn-group > .btn-lg + .dropdown-toggle { + padding-right: 12px; + padding-left: 12px; +} + +.btn-group.open .dropdown-toggle { + -webkit-box-shadow: inset 0 3px 5px rgba(0, 0, 0, 0.125); + box-shadow: inset 0 3px 5px rgba(0, 0, 0, 0.125); +} + +.btn-group.open .dropdown-toggle.btn-link { + -webkit-box-shadow: none; + box-shadow: none; +} + +.btn .caret { + margin-left: 0; +} + +.btn-lg .caret { + border-width: 5px 5px 0; + border-bottom-width: 0; +} + +.dropup .btn-lg .caret { + border-width: 0 5px 5px; +} + +.btn-group-vertical > .btn, +.btn-group-vertical > .btn-group { + display: block; + float: none; + width: 100%; + max-width: 100%; +} + +.btn-group-vertical > .btn-group:before, +.btn-group-vertical > .btn-group:after { + display: table; + content: " "; +} + +.btn-group-vertical > .btn-group:after { + clear: both; +} + +.btn-group-vertical > .btn-group:before, +.btn-group-vertical > .btn-group:after { + display: table; + content: " "; +} + +.btn-group-vertical > .btn-group:after { + clear: both; +} + +.btn-group-vertical > .btn-group > .btn { + float: none; +} + +.btn-group-vertical > .btn + .btn, +.btn-group-vertical > .btn + .btn-group, +.btn-group-vertical > .btn-group + .btn, +.btn-group-vertical > .btn-group + .btn-group { + margin-top: -1px; + margin-left: 0; +} + +.btn-group-vertical > .btn:not(:first-child):not(:last-child) { + border-radius: 0; +} + +.btn-group-vertical > .btn:first-child:not(:last-child) { + border-top-right-radius: 4px; + border-bottom-right-radius: 0; + border-bottom-left-radius: 0; +} + +.btn-group-vertical > .btn:last-child:not(:first-child) { + border-top-right-radius: 0; + border-bottom-left-radius: 4px; + border-top-left-radius: 0; +} + +.btn-group-vertical > .btn-group:not(:first-child):not(:last-child) > .btn { + border-radius: 0; +} + +.btn-group-vertical > .btn-group:first-child > .btn:last-child, +.btn-group-vertical > .btn-group:first-child > .dropdown-toggle { + border-bottom-right-radius: 0; + border-bottom-left-radius: 0; +} + +.btn-group-vertical > .btn-group:last-child > .btn:first-child { + border-top-right-radius: 0; + border-top-left-radius: 0; +} + +.btn-group-justified { + display: table; + width: 100%; + border-collapse: separate; + table-layout: fixed; +} + +.btn-group-justified .btn { + display: table-cell; + float: none; + width: 1%; +} + +[data-toggle="buttons"] > .btn > input[type="radio"], +[data-toggle="buttons"] > .btn > input[type="checkbox"] { + display: none; +} + +.input-group { + position: relative; + display: table; + border-collapse: separate; +} + +.input-group.col { + float: none; + padding-right: 0; + padding-left: 0; +} + +.input-group .form-control { + width: 100%; + margin-bottom: 0; +} + +.input-group-lg > .form-control, +.input-group-lg > .input-group-addon, +.input-group-lg > .input-group-btn > .btn { + height: 45px; + padding: 10px 16px; + font-size: 18px; + line-height: 1.33; + border-radius: 6px; +} + +select.input-group-lg > .form-control, +select.input-group-lg > .input-group-addon, +select.input-group-lg > .input-group-btn > .btn { + height: 45px; + line-height: 45px; +} + +textarea.input-group-lg > .form-control, +textarea.input-group-lg > .input-group-addon, +textarea.input-group-lg > .input-group-btn > .btn { + height: auto; +} + +.input-group-sm > .form-control, +.input-group-sm > .input-group-addon, +.input-group-sm > .input-group-btn > .btn { + height: 30px; + padding: 5px 10px; + font-size: 12px; + line-height: 1.5; + border-radius: 3px; +} + +select.input-group-sm > .form-control, +select.input-group-sm > .input-group-addon, +select.input-group-sm > .input-group-btn > .btn { + height: 30px; + line-height: 30px; +} + +textarea.input-group-sm > .form-control, +textarea.input-group-sm > .input-group-addon, +textarea.input-group-sm > .input-group-btn > .btn { + height: auto; +} + +.input-group-addon, +.input-group-btn, +.input-group .form-control { + display: table-cell; +} + +.input-group-addon:not(:first-child):not(:last-child), +.input-group-btn:not(:first-child):not(:last-child), +.input-group .form-control:not(:first-child):not(:last-child) { + border-radius: 0; +} + +.input-group-addon, +.input-group-btn { + width: 1%; + white-space: nowrap; + vertical-align: middle; +} + +.input-group-addon { + padding: 6px 12px; + font-size: 14px; + font-weight: normal; + line-height: 1; + color: #555555; + text-align: center; + background-color: #eeeeee; + border: 1px solid #cccccc; + border-radius: 4px; +} + +.input-group-addon.input-sm { + padding: 5px 10px; + font-size: 12px; + border-radius: 3px; +} + +.input-group-addon.input-lg { + padding: 10px 16px; + font-size: 18px; + border-radius: 6px; +} + +.input-group-addon input[type="radio"], +.input-group-addon input[type="checkbox"] { + margin-top: 0; +} + +.input-group .form-control:first-child, +.input-group-addon:first-child, +.input-group-btn:first-child > .btn, +.input-group-btn:first-child > .dropdown-toggle, +.input-group-btn:last-child > .btn:not(:last-child):not(.dropdown-toggle) { + border-top-right-radius: 0; + border-bottom-right-radius: 0; +} + +.input-group-addon:first-child { + border-right: 0; +} + +.input-group .form-control:last-child, +.input-group-addon:last-child, +.input-group-btn:last-child > .btn, +.input-group-btn:last-child > .dropdown-toggle, +.input-group-btn:first-child > .btn:not(:first-child) { + border-bottom-left-radius: 0; + border-top-left-radius: 0; +} + +.input-group-addon:last-child { + border-left: 0; +} + +.input-group-btn { + position: relative; + white-space: nowrap; +} + +.input-group-btn:first-child > .btn { + margin-right: -1px; +} + +.input-group-btn:last-child > .btn { + margin-left: -1px; +} + +.input-group-btn > .btn { + position: relative; +} + +.input-group-btn > .btn + .btn { + margin-left: -4px; +} + +.input-group-btn > .btn:hover, +.input-group-btn > .btn:active { + z-index: 2; +} + +.nav { + padding-left: 0; + margin-bottom: 0; + list-style: none; +} + +.nav:before, +.nav:after { + display: table; + content: " "; +} + +.nav:after { + clear: both; +} + +.nav:before, +.nav:after { + display: table; + content: " "; +} + +.nav:after { + clear: both; +} + +.nav > li { + position: relative; + display: block; +} + +.nav > li > a { + position: relative; + display: block; + padding: 10px 15px; +} + +.nav > li > a:hover, +.nav > li > a:focus { + text-decoration: none; + background-color: #eeeeee; +} + +.nav > li.disabled > a { + color: #999999; +} + +.nav > li.disabled > a:hover, +.nav > li.disabled > a:focus { + color: #999999; + text-decoration: none; + cursor: not-allowed; + background-color: transparent; +} + +.nav .open > a, +.nav .open > a:hover, +.nav .open > a:focus { + background-color: #eeeeee; + border-color: #428bca; +} + +.nav .open > a .caret, +.nav .open > a:hover .caret, +.nav .open > a:focus .caret { + border-top-color: #2a6496; + border-bottom-color: #2a6496; +} + +.nav .nav-divider { + height: 1px; + margin: 9px 0; + overflow: hidden; + background-color: #e5e5e5; +} + +.nav > li > a > img { + max-width: none; +} + +.nav-tabs { + border-bottom: 1px solid #dddddd; +} + +.nav-tabs > li { + float: left; + margin-bottom: -1px; +} + +.nav-tabs > li > a { + margin-right: 2px; + line-height: 1.428571429; + border: 1px solid transparent; + border-radius: 4px 4px 0 0; +} + +.nav-tabs > li > a:hover { + border-color: #eeeeee #eeeeee #dddddd; +} + +.nav-tabs > li.active > a, +.nav-tabs > li.active > a:hover, +.nav-tabs > li.active > a:focus { + color: #555555; + cursor: default; + background-color: #ffffff; + border: 1px solid #dddddd; + border-bottom-color: transparent; +} + +.nav-tabs.nav-justified { + width: 100%; + border-bottom: 0; +} + +.nav-tabs.nav-justified > li { + float: none; +} + +.nav-tabs.nav-justified > li > a { + margin-bottom: 5px; + text-align: center; +} + +.nav-tabs.nav-justified > .dropdown .dropdown-menu { + top: auto; + left: auto; +} + +@media (min-width: 768px) { + .nav-tabs.nav-justified > li { + display: table-cell; + width: 1%; + } + .nav-tabs.nav-justified > li > a { + margin-bottom: 0; + } +} + +.nav-tabs.nav-justified > li > a { + margin-right: 0; + border-radius: 4px; +} + +.nav-tabs.nav-justified > .active > a, +.nav-tabs.nav-justified > .active > a:hover, +.nav-tabs.nav-justified > .active > a:focus { + border: 1px solid #dddddd; +} + +@media (min-width: 768px) { + .nav-tabs.nav-justified > li > a { + border-bottom: 1px solid #dddddd; + border-radius: 4px 4px 0 0; + } + .nav-tabs.nav-justified > .active > a, + .nav-tabs.nav-justified > .active > a:hover, + .nav-tabs.nav-justified > .active > a:focus { + border-bottom-color: #ffffff; + } +} + +.nav-pills > li { + float: left; +} + +.nav-pills > li > a { + border-radius: 4px; +} + +.nav-pills > li + li { + margin-left: 2px; +} + +.nav-pills > li.active > a, +.nav-pills > li.active > a:hover, +.nav-pills > li.active > a:focus { + color: #ffffff; + background-color: #428bca; +} + +.nav-pills > li.active > a .caret, +.nav-pills > li.active > a:hover .caret, +.nav-pills > li.active > a:focus .caret { + border-top-color: #ffffff; + border-bottom-color: #ffffff; +} + +.nav-stacked > li { + float: none; +} + +.nav-stacked > li + li { + margin-top: 2px; + margin-left: 0; +} + +.nav-justified { + width: 100%; +} + +.nav-justified > li { + float: none; +} + +.nav-justified > li > a { + margin-bottom: 5px; + text-align: center; +} + +.nav-justified > .dropdown .dropdown-menu { + top: auto; + left: auto; +} + +@media (min-width: 768px) { + .nav-justified > li { + display: table-cell; + width: 1%; + } + .nav-justified > li > a { + margin-bottom: 0; + } +} + +.nav-tabs-justified { + border-bottom: 0; +} + +.nav-tabs-justified > li > a { + margin-right: 0; + border-radius: 4px; +} + +.nav-tabs-justified > .active > a, +.nav-tabs-justified > .active > a:hover, +.nav-tabs-justified > .active > a:focus { + border: 1px solid #dddddd; +} + +@media (min-width: 768px) { + .nav-tabs-justified > li > a { + border-bottom: 1px solid #dddddd; + border-radius: 4px 4px 0 0; + } + .nav-tabs-justified > .active > a, + .nav-tabs-justified > .active > a:hover, + .nav-tabs-justified > .active > a:focus { + border-bottom-color: #ffffff; + } +} + +.tab-content > .tab-pane { + display: none; +} + +.tab-content > .active { + display: block; +} + +.nav .caret { + border-top-color: #428bca; + border-bottom-color: #428bca; +} + +.nav a:hover .caret { + border-top-color: #2a6496; + border-bottom-color: #2a6496; +} + +.nav-tabs .dropdown-menu { + margin-top: -1px; + border-top-right-radius: 0; + border-top-left-radius: 0; +} + +.navbar { + position: relative; + min-height: 50px; + margin-bottom: 20px; + border: 1px solid transparent; +} + +.navbar:before, +.navbar:after { + display: table; + content: " "; +} + +.navbar:after { + clear: both; +} + +.navbar:before, +.navbar:after { + display: table; + content: " "; +} + +.navbar:after { + clear: both; +} + +@media (min-width: 768px) { + .navbar { + border-radius: 4px; + } +} + +.navbar-header:before, +.navbar-header:after { + display: table; + content: " "; +} + +.navbar-header:after { + clear: both; +} + +.navbar-header:before, +.navbar-header:after { + display: table; + content: " "; +} + +.navbar-header:after { + clear: both; +} + +@media (min-width: 768px) { + .navbar-header { + float: left; + } +} + +.navbar-collapse { + max-height: 340px; + padding-right: 15px; + padding-left: 15px; + overflow-x: visible; + border-top: 1px solid transparent; + box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.1); + -webkit-overflow-scrolling: touch; +} + +.navbar-collapse:before, +.navbar-collapse:after { + display: table; + content: " "; +} + +.navbar-collapse:after { + clear: both; +} + +.navbar-collapse:before, +.navbar-collapse:after { + display: table; + content: " "; +} + +.navbar-collapse:after { + clear: both; +} + +.navbar-collapse.in { + overflow-y: auto; +} + +@media (min-width: 768px) { + .navbar-collapse { + width: auto; + border-top: 0; + box-shadow: none; + } + .navbar-collapse.collapse { + display: block !important; + height: auto !important; + padding-bottom: 0; + overflow: visible !important; + } + .navbar-collapse.in { + overflow-y: auto; + } + .navbar-collapse .navbar-nav.navbar-left:first-child { + margin-left: -15px; + } + .navbar-collapse .navbar-nav.navbar-right:last-child { + margin-right: -15px; + } + .navbar-collapse .navbar-text:last-child { + margin-right: 0; + } +} + +.container > .navbar-header, +.container > .navbar-collapse { + margin-right: -15px; + margin-left: -15px; +} + +@media (min-width: 768px) { + .container > .navbar-header, + .container > .navbar-collapse { + margin-right: 0; + margin-left: 0; + } +} + +.navbar-static-top { + z-index: 1000; + border-width: 0 0 1px; +} + +@media (min-width: 768px) { + .navbar-static-top { + border-radius: 0; + } +} + +.navbar-fixed-top, +.navbar-fixed-bottom { + position: fixed; + right: 0; + left: 0; + z-index: 1030; +} + +@media (min-width: 768px) { + .navbar-fixed-top, + .navbar-fixed-bottom { + border-radius: 0; + } +} + +.navbar-fixed-top { + top: 0; + border-width: 0 0 1px; +} + +.navbar-fixed-bottom { + bottom: 0; + margin-bottom: 0; + border-width: 1px 0 0; +} + +.navbar-brand { + float: left; + padding: 15px 15px; + font-size: 18px; + line-height: 20px; +} + +.navbar-brand:hover, +.navbar-brand:focus { + text-decoration: none; +} + +@media (min-width: 768px) { + .navbar > .container .navbar-brand { + margin-left: -15px; + } +} + +.navbar-toggle { + position: relative; + float: right; + padding: 9px 10px; + margin-top: 8px; + margin-right: 15px; + margin-bottom: 8px; + background-color: transparent; + border: 1px solid transparent; + border-radius: 4px; +} + +.navbar-toggle .icon-bar { + display: block; + width: 22px; + height: 2px; + border-radius: 1px; +} + +.navbar-toggle .icon-bar + .icon-bar { + margin-top: 4px; +} + +@media (min-width: 768px) { + .navbar-toggle { + display: none; + } +} + +.navbar-nav { + margin: 7.5px -15px; +} + +.navbar-nav > li > a { + padding-top: 10px; + padding-bottom: 10px; + line-height: 20px; +} + +@media (max-width: 767px) { + .navbar-nav .open .dropdown-menu { + position: static; + float: none; + width: auto; + margin-top: 0; + background-color: transparent; + border: 0; + box-shadow: none; + } + .navbar-nav .open .dropdown-menu > li > a, + .navbar-nav .open .dropdown-menu .dropdown-header { + padding: 5px 15px 5px 25px; + } + .navbar-nav .open .dropdown-menu > li > a { + line-height: 20px; + } + .navbar-nav .open .dropdown-menu > li > a:hover, + .navbar-nav .open .dropdown-menu > li > a:focus { + background-image: none; + } +} + +@media (min-width: 768px) { + .navbar-nav { + float: left; + margin: 0; + } + .navbar-nav > li { + float: left; + } + .navbar-nav > li > a { + padding-top: 15px; + padding-bottom: 15px; + } +} + +@media (min-width: 768px) { + .navbar-left { + float: left !important; + } + .navbar-right { + float: right !important; + } +} + +.navbar-form { + padding: 10px 15px; + margin-top: 8px; + margin-right: -15px; + margin-bottom: 8px; + margin-left: -15px; + border-top: 1px solid transparent; + border-bottom: 1px solid transparent; + -webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.1), 0 1px 0 rgba(255, 255, 255, 0.1); + box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.1), 0 1px 0 rgba(255, 255, 255, 0.1); +} + +@media (min-width: 768px) { + .navbar-form .form-group { + display: inline-block; + margin-bottom: 0; + vertical-align: middle; + } + .navbar-form .form-control { + display: inline-block; + } + .navbar-form .radio, + .navbar-form .checkbox { + display: inline-block; + padding-left: 0; + margin-top: 0; + margin-bottom: 0; + } + .navbar-form .radio input[type="radio"], + .navbar-form .checkbox input[type="checkbox"] { + float: none; + margin-left: 0; + } +} + +@media (max-width: 767px) { + .navbar-form .form-group { + margin-bottom: 5px; + } +} + +@media (min-width: 768px) { + .navbar-form { + width: auto; + padding-top: 0; + padding-bottom: 0; + margin-right: 0; + margin-left: 0; + border: 0; + -webkit-box-shadow: none; + box-shadow: none; + } +} + +.navbar-nav > li > .dropdown-menu { + margin-top: 0; + border-top-right-radius: 0; + border-top-left-radius: 0; +} + +.navbar-fixed-bottom .navbar-nav > li > .dropdown-menu { + border-bottom-right-radius: 0; + border-bottom-left-radius: 0; +} + +.navbar-nav.pull-right > li > .dropdown-menu, +.navbar-nav > li > .dropdown-menu.pull-right { + right: 0; + left: auto; +} + +.navbar-btn { + margin-top: 8px; + margin-bottom: 8px; +} + +.navbar-text { + float: left; + margin-top: 15px; + margin-bottom: 15px; +} + +@media (min-width: 768px) { + .navbar-text { + margin-right: 15px; + margin-left: 15px; + } +} + +.navbar-default { + background-color: #f8f8f8; + border-color: #e7e7e7; +} + +.navbar-default .navbar-brand { + color: #777777; +} + +.navbar-default .navbar-brand:hover, +.navbar-default .navbar-brand:focus { + color: #5e5e5e; + background-color: transparent; +} + +.navbar-default .navbar-text { + color: #777777; +} + +.navbar-default .navbar-nav > li > a { + color: #777777; +} + +.navbar-default .navbar-nav > li > a:hover, +.navbar-default .navbar-nav > li > a:focus { + color: #333333; + background-color: transparent; +} + +.navbar-default .navbar-nav > .active > a, +.navbar-default .navbar-nav > .active > a:hover, +.navbar-default .navbar-nav > .active > a:focus { + color: #555555; + background-color: #e7e7e7; +} + +.navbar-default .navbar-nav > .disabled > a, +.navbar-default .navbar-nav > .disabled > a:hover, +.navbar-default .navbar-nav > .disabled > a:focus { + color: #cccccc; + background-color: transparent; +} + +.navbar-default .navbar-toggle { + border-color: #dddddd; +} + +.navbar-default .navbar-toggle:hover, +.navbar-default .navbar-toggle:focus { + background-color: #dddddd; +} + +.navbar-default .navbar-toggle .icon-bar { + background-color: #cccccc; +} + +.navbar-default .navbar-collapse, +.navbar-default .navbar-form { + border-color: #e7e7e7; +} + +.navbar-default .navbar-nav > .dropdown > a:hover .caret, +.navbar-default .navbar-nav > .dropdown > a:focus .caret { + border-top-color: #333333; + border-bottom-color: #333333; +} + +.navbar-default .navbar-nav > .open > a, +.navbar-default .navbar-nav > .open > a:hover, +.navbar-default .navbar-nav > .open > a:focus { + color: #555555; + background-color: #e7e7e7; +} + +.navbar-default .navbar-nav > .open > a .caret, +.navbar-default .navbar-nav > .open > a:hover .caret, +.navbar-default .navbar-nav > .open > a:focus .caret { + border-top-color: #555555; + border-bottom-color: #555555; +} + +.navbar-default .navbar-nav > .dropdown > a .caret { + border-top-color: #777777; + border-bottom-color: #777777; +} + +@media (max-width: 767px) { + .navbar-default .navbar-nav .open .dropdown-menu > li > a { + color: #777777; + } + .navbar-default .navbar-nav .open .dropdown-menu > li > a:hover, + .navbar-default .navbar-nav .open .dropdown-menu > li > a:focus { + color: #333333; + background-color: transparent; + } + .navbar-default .navbar-nav .open .dropdown-menu > .active > a, + .navbar-default .navbar-nav .open .dropdown-menu > .active > a:hover, + .navbar-default .navbar-nav .open .dropdown-menu > .active > a:focus { + color: #555555; + background-color: #e7e7e7; + } + .navbar-default .navbar-nav .open .dropdown-menu > .disabled > a, + .navbar-default .navbar-nav .open .dropdown-menu > .disabled > a:hover, + .navbar-default .navbar-nav .open .dropdown-menu > .disabled > a:focus { + color: #cccccc; + background-color: transparent; + } +} + +.navbar-default .navbar-link { + color: #777777; +} + +.navbar-default .navbar-link:hover { + color: #333333; +} + +.navbar-inverse { + background-color: #222222; + border-color: #080808; +} + +.navbar-inverse .navbar-brand { + color: #999999; +} + +.navbar-inverse .navbar-brand:hover, +.navbar-inverse .navbar-brand:focus { + color: #ffffff; + background-color: transparent; +} + +.navbar-inverse .navbar-text { + color: #999999; +} + +.navbar-inverse .navbar-nav > li > a { + color: #999999; +} + +.navbar-inverse .navbar-nav > li > a:hover, +.navbar-inverse .navbar-nav > li > a:focus { + color: #ffffff; + background-color: transparent; +} + +.navbar-inverse .navbar-nav > .active > a, +.navbar-inverse .navbar-nav > .active > a:hover, +.navbar-inverse .navbar-nav > .active > a:focus { + color: #ffffff; + background-color: #080808; +} + +.navbar-inverse .navbar-nav > .disabled > a, +.navbar-inverse .navbar-nav > .disabled > a:hover, +.navbar-inverse .navbar-nav > .disabled > a:focus { + color: #444444; + background-color: transparent; +} + +.navbar-inverse .navbar-toggle { + border-color: #333333; +} + +.navbar-inverse .navbar-toggle:hover, +.navbar-inverse .navbar-toggle:focus { + background-color: #333333; +} + +.navbar-inverse .navbar-toggle .icon-bar { + background-color: #ffffff; +} + +.navbar-inverse .navbar-collapse, +.navbar-inverse .navbar-form { + border-color: #101010; +} + +.navbar-inverse .navbar-nav > .open > a, +.navbar-inverse .navbar-nav > .open > a:hover, +.navbar-inverse .navbar-nav > .open > a:focus { + color: #ffffff; + background-color: #080808; +} + +.navbar-inverse .navbar-nav > .dropdown > a:hover .caret { + border-top-color: #ffffff; + border-bottom-color: #ffffff; +} + +.navbar-inverse .navbar-nav > .dropdown > a .caret { + border-top-color: #999999; + border-bottom-color: #999999; +} + +.navbar-inverse .navbar-nav > .open > a .caret, +.navbar-inverse .navbar-nav > .open > a:hover .caret, +.navbar-inverse .navbar-nav > .open > a:focus .caret { + border-top-color: #ffffff; + border-bottom-color: #ffffff; +} + +@media (max-width: 767px) { + .navbar-inverse .navbar-nav .open .dropdown-menu > .dropdown-header { + border-color: #080808; + } + .navbar-inverse .navbar-nav .open .dropdown-menu > li > a { + color: #999999; + } + .navbar-inverse .navbar-nav .open .dropdown-menu > li > a:hover, + .navbar-inverse .navbar-nav .open .dropdown-menu > li > a:focus { + color: #ffffff; + background-color: transparent; + } + .navbar-inverse .navbar-nav .open .dropdown-menu > .active > a, + .navbar-inverse .navbar-nav .open .dropdown-menu > .active > a:hover, + .navbar-inverse .navbar-nav .open .dropdown-menu > .active > a:focus { + color: #ffffff; + background-color: #080808; + } + .navbar-inverse .navbar-nav .open .dropdown-menu > .disabled > a, + .navbar-inverse .navbar-nav .open .dropdown-menu > .disabled > a:hover, + .navbar-inverse .navbar-nav .open .dropdown-menu > .disabled > a:focus { + color: #444444; + background-color: transparent; + } +} + +.navbar-inverse .navbar-link { + color: #999999; +} + +.navbar-inverse .navbar-link:hover { + color: #ffffff; +} + +.breadcrumb { + padding: 8px 15px; + margin-bottom: 20px; + list-style: none; + background-color: #f5f5f5; + border-radius: 4px; +} + +.breadcrumb > li { + display: inline-block; +} + +.breadcrumb > li + li:before { + padding: 0 5px; + color: #cccccc; + content: "/\00a0"; +} + +.breadcrumb > .active { + color: #999999; +} + +.pagination { + display: inline-block; + padding-left: 0; + margin: 20px 0; + border-radius: 4px; +} + +.pagination > li { + display: inline; +} + +.pagination > li > a, +.pagination > li > span { + position: relative; + float: left; + padding: 6px 12px; + margin-left: -1px; + line-height: 1.428571429; + text-decoration: none; + background-color: #ffffff; + border: 1px solid #dddddd; +} + +.pagination > li:first-child > a, +.pagination > li:first-child > span { + margin-left: 0; + border-bottom-left-radius: 4px; + border-top-left-radius: 4px; +} + +.pagination > li:last-child > a, +.pagination > li:last-child > span { + border-top-right-radius: 4px; + border-bottom-right-radius: 4px; +} + +.pagination > li > a:hover, +.pagination > li > span:hover, +.pagination > li > a:focus, +.pagination > li > span:focus { + background-color: #eeeeee; +} + +.pagination > .active > a, +.pagination > .active > span, +.pagination > .active > a:hover, +.pagination > .active > span:hover, +.pagination > .active > a:focus, +.pagination > .active > span:focus { + z-index: 2; + color: #ffffff; + cursor: default; + background-color: #428bca; + border-color: #428bca; +} + +.pagination > .disabled > span, +.pagination > .disabled > span:hover, +.pagination > .disabled > span:focus, +.pagination > .disabled > a, +.pagination > .disabled > a:hover, +.pagination > .disabled > a:focus { + color: #999999; + cursor: not-allowed; + background-color: #ffffff; + border-color: #dddddd; +} + +.pagination-lg > li > a, +.pagination-lg > li > span { + padding: 10px 16px; + font-size: 18px; +} + +.pagination-lg > li:first-child > a, +.pagination-lg > li:first-child > span { + border-bottom-left-radius: 6px; + border-top-left-radius: 6px; +} + +.pagination-lg > li:last-child > a, +.pagination-lg > li:last-child > span { + border-top-right-radius: 6px; + border-bottom-right-radius: 6px; +} + +.pagination-sm > li > a, +.pagination-sm > li > span { + padding: 5px 10px; + font-size: 12px; +} + +.pagination-sm > li:first-child > a, +.pagination-sm > li:first-child > span { + border-bottom-left-radius: 3px; + border-top-left-radius: 3px; +} + +.pagination-sm > li:last-child > a, +.pagination-sm > li:last-child > span { + border-top-right-radius: 3px; + border-bottom-right-radius: 3px; +} + +.pager { + padding-left: 0; + margin: 20px 0; + text-align: center; + list-style: none; +} + +.pager:before, +.pager:after { + display: table; + content: " "; +} + +.pager:after { + clear: both; +} + +.pager:before, +.pager:after { + display: table; + content: " "; +} + +.pager:after { + clear: both; +} + +.pager li { + display: inline; +} + +.pager li > a, +.pager li > span { + display: inline-block; + padding: 5px 14px; + background-color: #ffffff; + border: 1px solid #dddddd; + border-radius: 15px; +} + +.pager li > a:hover, +.pager li > a:focus { + text-decoration: none; + background-color: #eeeeee; +} + +.pager .next > a, +.pager .next > span { + float: right; +} + +.pager .previous > a, +.pager .previous > span { + float: left; +} + +.pager .disabled > a, +.pager .disabled > a:hover, +.pager .disabled > a:focus, +.pager .disabled > span { + color: #999999; + cursor: not-allowed; + background-color: #ffffff; +} + +.label { + display: inline; + padding: .2em .6em .3em; + font-size: 75%; + font-weight: bold; + line-height: 1; + color: #ffffff; + text-align: center; + white-space: nowrap; + vertical-align: baseline; + border-radius: .25em; +} + +.label[href]:hover, +.label[href]:focus { + color: #ffffff; + text-decoration: none; + cursor: pointer; +} + +.label:empty { + display: none; +} + +.label-default { + background-color: #999999; +} + +.label-default[href]:hover, +.label-default[href]:focus { + background-color: #808080; +} + +.label-primary { + background-color: #428bca; +} + +.label-primary[href]:hover, +.label-primary[href]:focus { + background-color: #3071a9; +} + +.label-success { + background-color: #5cb85c; +} + +.label-success[href]:hover, +.label-success[href]:focus { + background-color: #449d44; +} + +.label-info { + background-color: #5bc0de; +} + +.label-info[href]:hover, +.label-info[href]:focus { + background-color: #31b0d5; +} + +.label-warning { + background-color: #f0ad4e; +} + +.label-warning[href]:hover, +.label-warning[href]:focus { + background-color: #ec971f; +} + +.label-danger { + background-color: #d9534f; +} + +.label-danger[href]:hover, +.label-danger[href]:focus { + background-color: #c9302c; +} + +.badge { + display: inline-block; + min-width: 10px; + padding: 3px 7px; + font-size: 12px; + font-weight: bold; + line-height: 1; + color: #ffffff; + text-align: center; + white-space: nowrap; + vertical-align: baseline; + background-color: #999999; + border-radius: 10px; +} + +.badge:empty { + display: none; +} + +a.badge:hover, +a.badge:focus { + color: #ffffff; + text-decoration: none; + cursor: pointer; +} + +.btn .badge { + position: relative; + top: -1px; +} + +a.list-group-item.active > .badge, +.nav-pills > .active > a > .badge { + color: #428bca; + background-color: #ffffff; +} + +.nav-pills > li > a > .badge { + margin-left: 3px; +} + +.jumbotron { + padding: 30px; + margin-bottom: 30px; + font-size: 21px; + font-weight: 200; + line-height: 2.1428571435; + color: inherit; + background-color: #eeeeee; +} + +.jumbotron h1 { + line-height: 1; + color: inherit; +} + +.jumbotron p { + line-height: 1.4; +} + +.container .jumbotron { + border-radius: 6px; +} + +@media screen and (min-width: 768px) { + .jumbotron { + padding-top: 48px; + padding-bottom: 48px; + } + .container .jumbotron { + padding-right: 60px; + padding-left: 60px; + } + .jumbotron h1 { + font-size: 63px; + } +} + +.thumbnail { + display: inline-block; + display: block; + height: auto; + max-width: 100%; + padding: 4px; + margin-bottom: 20px; + line-height: 1.428571429; + background-color: #ffffff; + border: 1px solid #dddddd; + border-radius: 4px; + -webkit-transition: all 0.2s ease-in-out; + transition: all 0.2s ease-in-out; +} + +.thumbnail > img { + display: block; + height: auto; + max-width: 100%; + margin-right: auto; + margin-left: auto; +} + +a.thumbnail:hover, +a.thumbnail:focus, +a.thumbnail.active { + border-color: #428bca; +} + +.thumbnail .caption { + padding: 9px; + color: #333333; +} + +.alert { + padding: 15px; + margin-bottom: 20px; + border: 1px solid transparent; + border-radius: 4px; +} + +.alert h4 { + margin-top: 0; + color: inherit; +} + +.alert .alert-link { + font-weight: bold; +} + +.alert > p, +.alert > ul { + margin-bottom: 0; +} + +.alert > p + p { + margin-top: 5px; +} + +.alert-dismissable { + padding-right: 35px; +} + +.alert-dismissable .close { + position: relative; + top: -2px; + right: -21px; + color: inherit; +} + +.alert-success { + color: #468847; + background-color: #dff0d8; + border-color: #d6e9c6; +} + +.alert-success hr { + border-top-color: #c9e2b3; +} + +.alert-success .alert-link { + color: #356635; +} + +.alert-info { + color: #3a87ad; + background-color: #d9edf7; + border-color: #bce8f1; +} + +.alert-info hr { + border-top-color: #a6e1ec; +} + +.alert-info .alert-link { + color: #2d6987; +} + +.alert-warning { + color: #c09853; + background-color: #fcf8e3; + border-color: #faebcc; +} + +.alert-warning hr { + border-top-color: #f7e1b5; +} + +.alert-warning .alert-link { + color: #a47e3c; +} + +.alert-danger { + color: #b94a48; + background-color: #f2dede; + border-color: #ebccd1; +} + +.alert-danger hr { + border-top-color: #e4b9c0; +} + +.alert-danger .alert-link { + color: #953b39; +} + +@-webkit-keyframes progress-bar-stripes { + from { + background-position: 40px 0; + } + to { + background-position: 0 0; + } +} + +@-moz-keyframes progress-bar-stripes { + from { + background-position: 40px 0; + } + to { + background-position: 0 0; + } +} + +@-o-keyframes progress-bar-stripes { + from { + background-position: 0 0; + } + to { + background-position: 40px 0; + } +} + +@keyframes progress-bar-stripes { + from { + background-position: 40px 0; + } + to { + background-position: 0 0; + } +} + +.progress { + height: 20px; + margin-bottom: 20px; + overflow: hidden; + background-color: #f5f5f5; + border-radius: 4px; + -webkit-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1); + box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1); +} + +.progress-bar { + float: left; + width: 0; + height: 100%; + font-size: 12px; + line-height: 20px; + color: #ffffff; + text-align: center; + background-color: #428bca; + -webkit-box-shadow: inset 0 -1px 0 rgba(0, 0, 0, 0.15); + box-shadow: inset 0 -1px 0 rgba(0, 0, 0, 0.15); + -webkit-transition: width 0.6s ease; + transition: width 0.6s ease; +} + +.progress-striped .progress-bar { + background-image: -webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent)); + background-image: -webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -moz-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-size: 40px 40px; +} + +.progress.active .progress-bar { + -webkit-animation: progress-bar-stripes 2s linear infinite; + animation: progress-bar-stripes 2s linear infinite; +} + +.progress-bar-success { + background-color: #5cb85c; +} + +.progress-striped .progress-bar-success { + background-image: -webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent)); + background-image: -webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -moz-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); +} + +.progress-bar-info { + background-color: #5bc0de; +} + +.progress-striped .progress-bar-info { + background-image: -webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent)); + background-image: -webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -moz-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); +} + +.progress-bar-warning { + background-color: #f0ad4e; +} + +.progress-striped .progress-bar-warning { + background-image: -webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent)); + background-image: -webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -moz-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); +} + +.progress-bar-danger { + background-color: #d9534f; +} + +.progress-striped .progress-bar-danger { + background-image: -webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent)); + background-image: -webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: -moz-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); + background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); +} + +.media, +.media-body { + overflow: hidden; + zoom: 1; +} + +.media, +.media .media { + margin-top: 15px; +} + +.media:first-child { + margin-top: 0; +} + +.media-object { + display: block; +} + +.media-heading { + margin: 0 0 5px; +} + +.media > .pull-left { + margin-right: 10px; +} + +.media > .pull-right { + margin-left: 10px; +} + +.media-list { + padding-left: 0; + list-style: none; +} + +.list-group { + padding-left: 0; + margin-bottom: 20px; +} + +.list-group-item { + position: relative; + display: block; + padding: 10px 15px; + margin-bottom: -1px; + background-color: #ffffff; + border: 1px solid #dddddd; +} + +.list-group-item:first-child { + border-top-right-radius: 4px; + border-top-left-radius: 4px; +} + +.list-group-item:last-child { + margin-bottom: 0; + border-bottom-right-radius: 4px; + border-bottom-left-radius: 4px; +} + +.list-group-item > .badge { + float: right; +} + +.list-group-item > .badge + .badge { + margin-right: 5px; +} + +a.list-group-item { + color: #555555; +} + +a.list-group-item .list-group-item-heading { + color: #333333; +} + +a.list-group-item:hover, +a.list-group-item:focus { + text-decoration: none; + background-color: #f5f5f5; +} + +a.list-group-item.active, +a.list-group-item.active:hover, +a.list-group-item.active:focus { + z-index: 2; + color: #ffffff; + background-color: #428bca; + border-color: #428bca; +} + +a.list-group-item.active .list-group-item-heading, +a.list-group-item.active:hover .list-group-item-heading, +a.list-group-item.active:focus .list-group-item-heading { + color: inherit; +} + +a.list-group-item.active .list-group-item-text, +a.list-group-item.active:hover .list-group-item-text, +a.list-group-item.active:focus .list-group-item-text { + color: #e1edf7; +} + +.list-group-item-heading { + margin-top: 0; + margin-bottom: 5px; +} + +.list-group-item-text { + margin-bottom: 0; + line-height: 1.3; +} + +.panel { + margin-bottom: 20px; + background-color: #ffffff; + border: 1px solid transparent; + border-radius: 4px; + -webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, 0.05); + box-shadow: 0 1px 1px rgba(0, 0, 0, 0.05); +} + +.panel-body { + padding: 15px; +} + +.panel-body:before, +.panel-body:after { + display: table; + content: " "; +} + +.panel-body:after { + clear: both; +} + +.panel-body:before, +.panel-body:after { + display: table; + content: " "; +} + +.panel-body:after { + clear: both; +} + +.panel > .list-group { + margin-bottom: 0; +} + +.panel > .list-group .list-group-item { + border-width: 1px 0; +} + +.panel > .list-group .list-group-item:first-child { + border-top-right-radius: 0; + border-top-left-radius: 0; +} + +.panel > .list-group .list-group-item:last-child { + border-bottom: 0; +} + +.panel-heading + .list-group .list-group-item:first-child { + border-top-width: 0; +} + +.panel > .table, +.panel > .table-responsive { + margin-bottom: 0; +} + +.panel > .panel-body + .table, +.panel > .panel-body + .table-responsive { + border-top: 1px solid #dddddd; +} + +.panel > .table-bordered, +.panel > .table-responsive > .table-bordered { + border: 0; +} + +.panel > .table-bordered > thead > tr > th:first-child, +.panel > .table-responsive > .table-bordered > thead > tr > th:first-child, +.panel > .table-bordered > tbody > tr > th:first-child, +.panel > .table-responsive > .table-bordered > tbody > tr > th:first-child, +.panel > .table-bordered > tfoot > tr > th:first-child, +.panel > .table-responsive > .table-bordered > tfoot > tr > th:first-child, +.panel > .table-bordered > thead > tr > td:first-child, +.panel > .table-responsive > .table-bordered > thead > tr > td:first-child, +.panel > .table-bordered > tbody > tr > td:first-child, +.panel > .table-responsive > .table-bordered > tbody > tr > td:first-child, +.panel > .table-bordered > tfoot > tr > td:first-child, +.panel > .table-responsive > .table-bordered > tfoot > tr > td:first-child { + border-left: 0; +} + +.panel > .table-bordered > thead > tr > th:last-child, +.panel > .table-responsive > .table-bordered > thead > tr > th:last-child, +.panel > .table-bordered > tbody > tr > th:last-child, +.panel > .table-responsive > .table-bordered > tbody > tr > th:last-child, +.panel > .table-bordered > tfoot > tr > th:last-child, +.panel > .table-responsive > .table-bordered > tfoot > tr > th:last-child, +.panel > .table-bordered > thead > tr > td:last-child, +.panel > .table-responsive > .table-bordered > thead > tr > td:last-child, +.panel > .table-bordered > tbody > tr > td:last-child, +.panel > .table-responsive > .table-bordered > tbody > tr > td:last-child, +.panel > .table-bordered > tfoot > tr > td:last-child, +.panel > .table-responsive > .table-bordered > tfoot > tr > td:last-child { + border-right: 0; +} + +.panel > .table-bordered > thead > tr:last-child > th, +.panel > .table-responsive > .table-bordered > thead > tr:last-child > th, +.panel > .table-bordered > tbody > tr:last-child > th, +.panel > .table-responsive > .table-bordered > tbody > tr:last-child > th, +.panel > .table-bordered > tfoot > tr:last-child > th, +.panel > .table-responsive > .table-bordered > tfoot > tr:last-child > th, +.panel > .table-bordered > thead > tr:last-child > td, +.panel > .table-responsive > .table-bordered > thead > tr:last-child > td, +.panel > .table-bordered > tbody > tr:last-child > td, +.panel > .table-responsive > .table-bordered > tbody > tr:last-child > td, +.panel > .table-bordered > tfoot > tr:last-child > td, +.panel > .table-responsive > .table-bordered > tfoot > tr:last-child > td { + border-bottom: 0; +} + +.panel-heading { + padding: 10px 15px; + border-bottom: 1px solid transparent; + border-top-right-radius: 3px; + border-top-left-radius: 3px; +} + +.panel-heading > .dropdown .dropdown-toggle { + color: inherit; +} + +.panel-title { + margin-top: 0; + margin-bottom: 0; + font-size: 16px; +} + +.panel-title > a { + color: inherit; +} + +.panel-footer { + padding: 10px 15px; + background-color: #f5f5f5; + border-top: 1px solid #dddddd; + border-bottom-right-radius: 3px; + border-bottom-left-radius: 3px; +} + +.panel-group .panel { + margin-bottom: 0; + overflow: hidden; + border-radius: 4px; +} + +.panel-group .panel + .panel { + margin-top: 5px; +} + +.panel-group .panel-heading { + border-bottom: 0; +} + +.panel-group .panel-heading + .panel-collapse .panel-body { + border-top: 1px solid #dddddd; +} + +.panel-group .panel-footer { + border-top: 0; +} + +.panel-group .panel-footer + .panel-collapse .panel-body { + border-bottom: 1px solid #dddddd; +} + +.panel-default { + border-color: #dddddd; +} + +.panel-default > .panel-heading { + color: #333333; + background-color: #f5f5f5; + border-color: #dddddd; +} + +.panel-default > .panel-heading + .panel-collapse .panel-body { + border-top-color: #dddddd; +} + +.panel-default > .panel-heading > .dropdown .caret { + border-color: #333333 transparent; +} + +.panel-default > .panel-footer + .panel-collapse .panel-body { + border-bottom-color: #dddddd; +} + +.panel-primary { + border-color: #428bca; +} + +.panel-primary > .panel-heading { + color: #ffffff; + background-color: #428bca; + border-color: #428bca; +} + +.panel-primary > .panel-heading + .panel-collapse .panel-body { + border-top-color: #428bca; +} + +.panel-primary > .panel-heading > .dropdown .caret { + border-color: #ffffff transparent; +} + +.panel-primary > .panel-footer + .panel-collapse .panel-body { + border-bottom-color: #428bca; +} + +.panel-success { + border-color: #d6e9c6; +} + +.panel-success > .panel-heading { + color: #468847; + background-color: #dff0d8; + border-color: #d6e9c6; +} + +.panel-success > .panel-heading + .panel-collapse .panel-body { + border-top-color: #d6e9c6; +} + +.panel-success > .panel-heading > .dropdown .caret { + border-color: #468847 transparent; +} + +.panel-success > .panel-footer + .panel-collapse .panel-body { + border-bottom-color: #d6e9c6; +} + +.panel-warning { + border-color: #faebcc; +} + +.panel-warning > .panel-heading { + color: #c09853; + background-color: #fcf8e3; + border-color: #faebcc; +} + +.panel-warning > .panel-heading + .panel-collapse .panel-body { + border-top-color: #faebcc; +} + +.panel-warning > .panel-heading > .dropdown .caret { + border-color: #c09853 transparent; +} + +.panel-warning > .panel-footer + .panel-collapse .panel-body { + border-bottom-color: #faebcc; +} + +.panel-danger { + border-color: #ebccd1; +} + +.panel-danger > .panel-heading { + color: #b94a48; + background-color: #f2dede; + border-color: #ebccd1; +} + +.panel-danger > .panel-heading + .panel-collapse .panel-body { + border-top-color: #ebccd1; +} + +.panel-danger > .panel-heading > .dropdown .caret { + border-color: #b94a48 transparent; +} + +.panel-danger > .panel-footer + .panel-collapse .panel-body { + border-bottom-color: #ebccd1; +} + +.panel-info { + border-color: #bce8f1; +} + +.panel-info > .panel-heading { + color: #3a87ad; + background-color: #d9edf7; + border-color: #bce8f1; +} + +.panel-info > .panel-heading + .panel-collapse .panel-body { + border-top-color: #bce8f1; +} + +.panel-info > .panel-heading > .dropdown .caret { + border-color: #3a87ad transparent; +} + +.panel-info > .panel-footer + .panel-collapse .panel-body { + border-bottom-color: #bce8f1; +} + +.well { + min-height: 20px; + padding: 19px; + margin-bottom: 20px; + background-color: #f5f5f5; + border: 1px solid #e3e3e3; + border-radius: 4px; + -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.05); + box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.05); +} + +.well blockquote { + border-color: #ddd; + border-color: rgba(0, 0, 0, 0.15); +} + +.well-lg { + padding: 24px; + border-radius: 6px; +} + +.well-sm { + padding: 9px; + border-radius: 3px; +} + +.close { + float: right; + font-size: 21px; + font-weight: bold; + line-height: 1; + color: #000000; + text-shadow: 0 1px 0 #ffffff; + opacity: 0.2; + filter: alpha(opacity=20); +} + +.close:hover, +.close:focus { + color: #000000; + text-decoration: none; + cursor: pointer; + opacity: 0.5; + filter: alpha(opacity=50); +} + +button.close { + padding: 0; + cursor: pointer; + background: transparent; + border: 0; + -webkit-appearance: none; +} + +.modal-open { + overflow: hidden; +} + +.modal { + position: fixed; + top: 0; + right: 0; + bottom: 0; + left: 0; + z-index: 1040; + display: none; + overflow: auto; + overflow-y: scroll; +} + +.modal.fade .modal-dialog { + -webkit-transform: translate(0, -25%); + -ms-transform: translate(0, -25%); + transform: translate(0, -25%); + -webkit-transition: -webkit-transform 0.3s ease-out; + -moz-transition: -moz-transform 0.3s ease-out; + -o-transition: -o-transform 0.3s ease-out; + transition: transform 0.3s ease-out; +} + +.modal.in .modal-dialog { + -webkit-transform: translate(0, 0); + -ms-transform: translate(0, 0); + transform: translate(0, 0); +} + +.modal-dialog { + position: relative; + z-index: 1050; + width: auto; + padding: 10px; + margin-right: auto; + margin-left: auto; +} + +.modal-content { + position: relative; + background-color: #ffffff; + border: 1px solid #999999; + border: 1px solid rgba(0, 0, 0, 0.2); + border-radius: 6px; + outline: none; + -webkit-box-shadow: 0 3px 9px rgba(0, 0, 0, 0.5); + box-shadow: 0 3px 9px rgba(0, 0, 0, 0.5); + background-clip: padding-box; +} + +.modal-backdrop { + position: fixed; + top: 0; + right: 0; + bottom: 0; + left: 0; + z-index: 1030; + background-color: #000000; +} + +.modal-backdrop.fade { + opacity: 0; + filter: alpha(opacity=0); +} + +.modal-backdrop.in { + opacity: 0.5; + filter: alpha(opacity=50); +} + +.modal-header { + min-height: 16.428571429px; + padding: 15px; + border-bottom: 1px solid #e5e5e5; +} + +.modal-header .close { + margin-top: -2px; +} + +.modal-title { + margin: 0; + line-height: 1.428571429; +} + +.modal-body { + position: relative; + padding: 20px; +} + +.modal-footer { + padding: 19px 20px 20px; + margin-top: 15px; + text-align: right; + border-top: 1px solid #e5e5e5; +} + +.modal-footer:before, +.modal-footer:after { + display: table; + content: " "; +} + +.modal-footer:after { + clear: both; +} + +.modal-footer:before, +.modal-footer:after { + display: table; + content: " "; +} + +.modal-footer:after { + clear: both; +} + +.modal-footer .btn + .btn { + margin-bottom: 0; + margin-left: 5px; +} + +.modal-footer .btn-group .btn + .btn { + margin-left: -1px; +} + +.modal-footer .btn-block + .btn-block { + margin-left: 0; +} + +@media screen and (min-width: 768px) { + .modal-dialog { + width: 600px; + padding-top: 30px; + padding-bottom: 30px; + } + .modal-content { + -webkit-box-shadow: 0 5px 15px rgba(0, 0, 0, 0.5); + box-shadow: 0 5px 15px rgba(0, 0, 0, 0.5); + } +} + +.tooltip { + position: absolute; + z-index: 1030; + display: block; + font-size: 12px; + line-height: 1.4; + opacity: 0; + filter: alpha(opacity=0); + visibility: visible; +} + +.tooltip.in { + opacity: 0.9; + filter: alpha(opacity=90); +} + +.tooltip.top { + padding: 5px 0; + margin-top: -3px; +} + +.tooltip.right { + padding: 0 5px; + margin-left: 3px; +} + +.tooltip.bottom { + padding: 5px 0; + margin-top: 3px; +} + +.tooltip.left { + padding: 0 5px; + margin-left: -3px; +} + +.tooltip-inner { + max-width: 200px; + padding: 3px 8px; + color: #ffffff; + text-align: center; + text-decoration: none; + background-color: #000000; + border-radius: 4px; +} + +.tooltip-arrow { + position: absolute; + width: 0; + height: 0; + border-color: transparent; + border-style: solid; +} + +.tooltip.top .tooltip-arrow { + bottom: 0; + left: 50%; + margin-left: -5px; + border-top-color: #000000; + border-width: 5px 5px 0; +} + +.tooltip.top-left .tooltip-arrow { + bottom: 0; + left: 5px; + border-top-color: #000000; + border-width: 5px 5px 0; +} + +.tooltip.top-right .tooltip-arrow { + right: 5px; + bottom: 0; + border-top-color: #000000; + border-width: 5px 5px 0; +} + +.tooltip.right .tooltip-arrow { + top: 50%; + left: 0; + margin-top: -5px; + border-right-color: #000000; + border-width: 5px 5px 5px 0; +} + +.tooltip.left .tooltip-arrow { + top: 50%; + right: 0; + margin-top: -5px; + border-left-color: #000000; + border-width: 5px 0 5px 5px; +} + +.tooltip.bottom .tooltip-arrow { + top: 0; + left: 50%; + margin-left: -5px; + border-bottom-color: #000000; + border-width: 0 5px 5px; +} + +.tooltip.bottom-left .tooltip-arrow { + top: 0; + left: 5px; + border-bottom-color: #000000; + border-width: 0 5px 5px; +} + +.tooltip.bottom-right .tooltip-arrow { + top: 0; + right: 5px; + border-bottom-color: #000000; + border-width: 0 5px 5px; +} + +.popover { + position: absolute; + top: 0; + left: 0; + z-index: 1010; + display: none; + max-width: 276px; + padding: 1px; + text-align: left; + white-space: normal; + background-color: #ffffff; + border: 1px solid #cccccc; + border: 1px solid rgba(0, 0, 0, 0.2); + border-radius: 6px; + -webkit-box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); + box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); + background-clip: padding-box; +} + +.popover.top { + margin-top: -10px; +} + +.popover.right { + margin-left: 10px; +} + +.popover.bottom { + margin-top: 10px; +} + +.popover.left { + margin-left: -10px; +} + +.popover-title { + padding: 8px 14px; + margin: 0; + font-size: 14px; + font-weight: normal; + line-height: 18px; + background-color: #f7f7f7; + border-bottom: 1px solid #ebebeb; + border-radius: 5px 5px 0 0; +} + +.popover-content { + padding: 9px 14px; +} + +.popover .arrow, +.popover .arrow:after { + position: absolute; + display: block; + width: 0; + height: 0; + border-color: transparent; + border-style: solid; +} + +.popover .arrow { + border-width: 11px; +} + +.popover .arrow:after { + border-width: 10px; + content: ""; +} + +.popover.top .arrow { + bottom: -11px; + left: 50%; + margin-left: -11px; + border-top-color: #999999; + border-top-color: rgba(0, 0, 0, 0.25); + border-bottom-width: 0; +} + +.popover.top .arrow:after { + bottom: 1px; + margin-left: -10px; + border-top-color: #ffffff; + border-bottom-width: 0; + content: " "; +} + +.popover.right .arrow { + top: 50%; + left: -11px; + margin-top: -11px; + border-right-color: #999999; + border-right-color: rgba(0, 0, 0, 0.25); + border-left-width: 0; +} + +.popover.right .arrow:after { + bottom: -10px; + left: 1px; + border-right-color: #ffffff; + border-left-width: 0; + content: " "; +} + +.popover.bottom .arrow { + top: -11px; + left: 50%; + margin-left: -11px; + border-bottom-color: #999999; + border-bottom-color: rgba(0, 0, 0, 0.25); + border-top-width: 0; +} + +.popover.bottom .arrow:after { + top: 1px; + margin-left: -10px; + border-bottom-color: #ffffff; + border-top-width: 0; + content: " "; +} + +.popover.left .arrow { + top: 50%; + right: -11px; + margin-top: -11px; + border-left-color: #999999; + border-left-color: rgba(0, 0, 0, 0.25); + border-right-width: 0; +} + +.popover.left .arrow:after { + right: 1px; + bottom: -10px; + border-left-color: #ffffff; + border-right-width: 0; + content: " "; +} + +.carousel { + position: relative; +} + +.carousel-inner { + position: relative; + width: 100%; + overflow: hidden; +} + +.carousel-inner > .item { + position: relative; + display: none; + -webkit-transition: 0.6s ease-in-out left; + transition: 0.6s ease-in-out left; +} + +.carousel-inner > .item > img, +.carousel-inner > .item > a > img { + display: block; + height: auto; + max-width: 100%; + line-height: 1; +} + +.carousel-inner > .active, +.carousel-inner > .next, +.carousel-inner > .prev { + display: block; +} + +.carousel-inner > .active { + left: 0; +} + +.carousel-inner > .next, +.carousel-inner > .prev { + position: absolute; + top: 0; + width: 100%; +} + +.carousel-inner > .next { + left: 100%; +} + +.carousel-inner > .prev { + left: -100%; +} + +.carousel-inner > .next.left, +.carousel-inner > .prev.right { + left: 0; +} + +.carousel-inner > .active.left { + left: -100%; +} + +.carousel-inner > .active.right { + left: 100%; +} + +.carousel-control { + position: absolute; + top: 0; + bottom: 0; + left: 0; + width: 15%; + font-size: 20px; + color: #ffffff; + text-align: center; + text-shadow: 0 1px 2px rgba(0, 0, 0, 0.6); + opacity: 0.5; + filter: alpha(opacity=50); +} + +.carousel-control.left { + background-image: -webkit-gradient(linear, 0 top, 100% top, from(rgba(0, 0, 0, 0.5)), to(rgba(0, 0, 0, 0.0001))); + background-image: -webkit-linear-gradient(left, color-stop(rgba(0, 0, 0, 0.5) 0), color-stop(rgba(0, 0, 0, 0.0001) 100%)); + background-image: -moz-linear-gradient(left, rgba(0, 0, 0, 0.5) 0, rgba(0, 0, 0, 0.0001) 100%); + background-image: linear-gradient(to right, rgba(0, 0, 0, 0.5) 0, rgba(0, 0, 0, 0.0001) 100%); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#80000000', endColorstr='#00000000', GradientType=1); +} + +.carousel-control.right { + right: 0; + left: auto; + background-image: -webkit-gradient(linear, 0 top, 100% top, from(rgba(0, 0, 0, 0.0001)), to(rgba(0, 0, 0, 0.5))); + background-image: -webkit-linear-gradient(left, color-stop(rgba(0, 0, 0, 0.0001) 0), color-stop(rgba(0, 0, 0, 0.5) 100%)); + background-image: -moz-linear-gradient(left, rgba(0, 0, 0, 0.0001) 0, rgba(0, 0, 0, 0.5) 100%); + background-image: linear-gradient(to right, rgba(0, 0, 0, 0.0001) 0, rgba(0, 0, 0, 0.5) 100%); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#00000000', endColorstr='#80000000', GradientType=1); +} + +.carousel-control:hover, +.carousel-control:focus { + color: #ffffff; + text-decoration: none; + opacity: 0.9; + filter: alpha(opacity=90); +} + +.carousel-control .icon-prev, +.carousel-control .icon-next, +.carousel-control .glyphicon-chevron-left, +.carousel-control .glyphicon-chevron-right { + position: absolute; + top: 50%; + z-index: 5; + display: inline-block; +} + +.carousel-control .icon-prev, +.carousel-control .glyphicon-chevron-left { + left: 50%; +} + +.carousel-control .icon-next, +.carousel-control .glyphicon-chevron-right { + right: 50%; +} + +.carousel-control .icon-prev, +.carousel-control .icon-next { + width: 20px; + height: 20px; + margin-top: -10px; + margin-left: -10px; + font-family: serif; +} + +.carousel-control .icon-prev:before { + content: '\2039'; +} + +.carousel-control .icon-next:before { + content: '\203a'; +} + +.carousel-indicators { + position: absolute; + bottom: 10px; + left: 50%; + z-index: 15; + width: 60%; + padding-left: 0; + margin-left: -30%; + text-align: center; + list-style: none; +} + +.carousel-indicators li { + display: inline-block; + width: 10px; + height: 10px; + margin: 1px; + text-indent: -999px; + cursor: pointer; + background-color: #000 \9; + background-color: rgba(0, 0, 0, 0); + border: 1px solid #ffffff; + border-radius: 10px; +} + +.carousel-indicators .active { + width: 12px; + height: 12px; + margin: 0; + background-color: #ffffff; +} + +.carousel-caption { + position: absolute; + right: 15%; + bottom: 20px; + left: 15%; + z-index: 10; + padding-top: 20px; + padding-bottom: 20px; + color: #ffffff; + text-align: center; + text-shadow: 0 1px 2px rgba(0, 0, 0, 0.6); +} + +.carousel-caption .btn { + text-shadow: none; +} + +@media screen and (min-width: 768px) { + .carousel-control .glyphicons-chevron-left, + .carousel-control .glyphicons-chevron-right, + .carousel-control .icon-prev, + .carousel-control .icon-next { + width: 30px; + height: 30px; + margin-top: -15px; + margin-left: -15px; + font-size: 30px; + } + .carousel-caption { + right: 20%; + left: 20%; + padding-bottom: 30px; + } + .carousel-indicators { + bottom: 20px; + } +} + +.clearfix:before, +.clearfix:after { + display: table; + content: " "; +} + +.clearfix:after { + clear: both; +} + +.center-block { + display: block; + margin-right: auto; + margin-left: auto; +} + +.pull-right { + float: right !important; +} + +.pull-left { + float: left !important; +} + +.hide { + display: none !important; +} + +.show { + display: block !important; +} + +.invisible { + visibility: hidden; +} + +.text-hide { + font: 0/0 a; + color: transparent; + text-shadow: none; + background-color: transparent; + border: 0; +} + +.hidden { + display: none !important; + visibility: hidden !important; +} + +.affix { + position: fixed; +} + +@-ms-viewport { + width: device-width; +} + +.visible-xs, +tr.visible-xs, +th.visible-xs, +td.visible-xs { + display: none !important; +} + +@media (max-width: 767px) { + .visible-xs { + display: block !important; + } + tr.visible-xs { + display: table-row !important; + } + th.visible-xs, + td.visible-xs { + display: table-cell !important; + } +} + +@media (min-width: 768px) and (max-width: 991px) { + .visible-xs.visible-sm { + display: block !important; + } + tr.visible-xs.visible-sm { + display: table-row !important; + } + th.visible-xs.visible-sm, + td.visible-xs.visible-sm { + display: table-cell !important; + } +} + +@media (min-width: 992px) and (max-width: 1199px) { + .visible-xs.visible-md { + display: block !important; + } + tr.visible-xs.visible-md { + display: table-row !important; + } + th.visible-xs.visible-md, + td.visible-xs.visible-md { + display: table-cell !important; + } +} + +@media (min-width: 1200px) { + .visible-xs.visible-lg { + display: block !important; + } + tr.visible-xs.visible-lg { + display: table-row !important; + } + th.visible-xs.visible-lg, + td.visible-xs.visible-lg { + display: table-cell !important; + } +} + +.visible-sm, +tr.visible-sm, +th.visible-sm, +td.visible-sm { + display: none !important; +} + +@media (max-width: 767px) { + .visible-sm.visible-xs { + display: block !important; + } + tr.visible-sm.visible-xs { + display: table-row !important; + } + th.visible-sm.visible-xs, + td.visible-sm.visible-xs { + display: table-cell !important; + } +} + +@media (min-width: 768px) and (max-width: 991px) { + .visible-sm { + display: block !important; + } + tr.visible-sm { + display: table-row !important; + } + th.visible-sm, + td.visible-sm { + display: table-cell !important; + } +} + +@media (min-width: 992px) and (max-width: 1199px) { + .visible-sm.visible-md { + display: block !important; + } + tr.visible-sm.visible-md { + display: table-row !important; + } + th.visible-sm.visible-md, + td.visible-sm.visible-md { + display: table-cell !important; + } +} + +@media (min-width: 1200px) { + .visible-sm.visible-lg { + display: block !important; + } + tr.visible-sm.visible-lg { + display: table-row !important; + } + th.visible-sm.visible-lg, + td.visible-sm.visible-lg { + display: table-cell !important; + } +} + +.visible-md, +tr.visible-md, +th.visible-md, +td.visible-md { + display: none !important; +} + +@media (max-width: 767px) { + .visible-md.visible-xs { + display: block !important; + } + tr.visible-md.visible-xs { + display: table-row !important; + } + th.visible-md.visible-xs, + td.visible-md.visible-xs { + display: table-cell !important; + } +} + +@media (min-width: 768px) and (max-width: 991px) { + .visible-md.visible-sm { + display: block !important; + } + tr.visible-md.visible-sm { + display: table-row !important; + } + th.visible-md.visible-sm, + td.visible-md.visible-sm { + display: table-cell !important; + } +} + +@media (min-width: 992px) and (max-width: 1199px) { + .visible-md { + display: block !important; + } + tr.visible-md { + display: table-row !important; + } + th.visible-md, + td.visible-md { + display: table-cell !important; + } +} + +@media (min-width: 1200px) { + .visible-md.visible-lg { + display: block !important; + } + tr.visible-md.visible-lg { + display: table-row !important; + } + th.visible-md.visible-lg, + td.visible-md.visible-lg { + display: table-cell !important; + } +} + +.visible-lg, +tr.visible-lg, +th.visible-lg, +td.visible-lg { + display: none !important; +} + +@media (max-width: 767px) { + .visible-lg.visible-xs { + display: block !important; + } + tr.visible-lg.visible-xs { + display: table-row !important; + } + th.visible-lg.visible-xs, + td.visible-lg.visible-xs { + display: table-cell !important; + } +} + +@media (min-width: 768px) and (max-width: 991px) { + .visible-lg.visible-sm { + display: block !important; + } + tr.visible-lg.visible-sm { + display: table-row !important; + } + th.visible-lg.visible-sm, + td.visible-lg.visible-sm { + display: table-cell !important; + } +} + +@media (min-width: 992px) and (max-width: 1199px) { + .visible-lg.visible-md { + display: block !important; + } + tr.visible-lg.visible-md { + display: table-row !important; + } + th.visible-lg.visible-md, + td.visible-lg.visible-md { + display: table-cell !important; + } +} + +@media (min-width: 1200px) { + .visible-lg { + display: block !important; + } + tr.visible-lg { + display: table-row !important; + } + th.visible-lg, + td.visible-lg { + display: table-cell !important; + } +} + +.hidden-xs { + display: block !important; +} + +tr.hidden-xs { + display: table-row !important; +} + +th.hidden-xs, +td.hidden-xs { + display: table-cell !important; +} + +@media (max-width: 767px) { + .hidden-xs, + tr.hidden-xs, + th.hidden-xs, + td.hidden-xs { + display: none !important; + } +} + +@media (min-width: 768px) and (max-width: 991px) { + .hidden-xs.hidden-sm, + tr.hidden-xs.hidden-sm, + th.hidden-xs.hidden-sm, + td.hidden-xs.hidden-sm { + display: none !important; + } +} + +@media (min-width: 992px) and (max-width: 1199px) { + .hidden-xs.hidden-md, + tr.hidden-xs.hidden-md, + th.hidden-xs.hidden-md, + td.hidden-xs.hidden-md { + display: none !important; + } +} + +@media (min-width: 1200px) { + .hidden-xs.hidden-lg, + tr.hidden-xs.hidden-lg, + th.hidden-xs.hidden-lg, + td.hidden-xs.hidden-lg { + display: none !important; + } +} + +.hidden-sm { + display: block !important; +} + +tr.hidden-sm { + display: table-row !important; +} + +th.hidden-sm, +td.hidden-sm { + display: table-cell !important; +} + +@media (max-width: 767px) { + .hidden-sm.hidden-xs, + tr.hidden-sm.hidden-xs, + th.hidden-sm.hidden-xs, + td.hidden-sm.hidden-xs { + display: none !important; + } +} + +@media (min-width: 768px) and (max-width: 991px) { + .hidden-sm, + tr.hidden-sm, + th.hidden-sm, + td.hidden-sm { + display: none !important; + } +} + +@media (min-width: 992px) and (max-width: 1199px) { + .hidden-sm.hidden-md, + tr.hidden-sm.hidden-md, + th.hidden-sm.hidden-md, + td.hidden-sm.hidden-md { + display: none !important; + } +} + +@media (min-width: 1200px) { + .hidden-sm.hidden-lg, + tr.hidden-sm.hidden-lg, + th.hidden-sm.hidden-lg, + td.hidden-sm.hidden-lg { + display: none !important; + } +} + +.hidden-md { + display: block !important; +} + +tr.hidden-md { + display: table-row !important; +} + +th.hidden-md, +td.hidden-md { + display: table-cell !important; +} + +@media (max-width: 767px) { + .hidden-md.hidden-xs, + tr.hidden-md.hidden-xs, + th.hidden-md.hidden-xs, + td.hidden-md.hidden-xs { + display: none !important; + } +} + +@media (min-width: 768px) and (max-width: 991px) { + .hidden-md.hidden-sm, + tr.hidden-md.hidden-sm, + th.hidden-md.hidden-sm, + td.hidden-md.hidden-sm { + display: none !important; + } +} + +@media (min-width: 992px) and (max-width: 1199px) { + .hidden-md, + tr.hidden-md, + th.hidden-md, + td.hidden-md { + display: none !important; + } +} + +@media (min-width: 1200px) { + .hidden-md.hidden-lg, + tr.hidden-md.hidden-lg, + th.hidden-md.hidden-lg, + td.hidden-md.hidden-lg { + display: none !important; + } +} + +.hidden-lg { + display: block !important; +} + +tr.hidden-lg { + display: table-row !important; +} + +th.hidden-lg, +td.hidden-lg { + display: table-cell !important; +} + +@media (max-width: 767px) { + .hidden-lg.hidden-xs, + tr.hidden-lg.hidden-xs, + th.hidden-lg.hidden-xs, + td.hidden-lg.hidden-xs { + display: none !important; + } +} + +@media (min-width: 768px) and (max-width: 991px) { + .hidden-lg.hidden-sm, + tr.hidden-lg.hidden-sm, + th.hidden-lg.hidden-sm, + td.hidden-lg.hidden-sm { + display: none !important; + } +} + +@media (min-width: 992px) and (max-width: 1199px) { + .hidden-lg.hidden-md, + tr.hidden-lg.hidden-md, + th.hidden-lg.hidden-md, + td.hidden-lg.hidden-md { + display: none !important; + } +} + +@media (min-width: 1200px) { + .hidden-lg, + tr.hidden-lg, + th.hidden-lg, + td.hidden-lg { + display: none !important; + } +} + +.visible-print, +tr.visible-print, +th.visible-print, +td.visible-print { + display: none !important; +} + +@media print { + .visible-print { + display: block !important; + } + tr.visible-print { + display: table-row !important; + } + th.visible-print, + td.visible-print { + display: table-cell !important; + } + .hidden-print, + tr.hidden-print, + th.hidden-print, + td.hidden-print { + display: none !important; + } +} \ No newline at end of file diff --git a/docs/theme/mkdocs/css/bootstrap-custom.min.css b/docs/theme/mkdocs/css/bootstrap-custom.min.css new file mode 100644 index 0000000000..74ffc98dc4 --- /dev/null +++ b/docs/theme/mkdocs/css/bootstrap-custom.min.css @@ -0,0 +1,7 @@ +/*! + * Bootstrap v3.0.2 by @fat and @mdo + * Copyright 2013 Twitter, Inc. + * Licensed under http://www.apache.org/licenses/LICENSE-2.0 + * + * Designed and built with all the love in the world by @mdo and @fat. + *//*! normalize.css v2.1.3 | MIT License | git.io/normalize */article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display:block}audio,canvas,video{display:inline-block}audio:not([controls]){display:none;height:0}[hidden],template{display:none}html{font-family:sans-serif;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}a{background:transparent}a:focus{outline:thin dotted}a:active,a:hover{outline:0}h1{margin:.67em 0;font-size:2em}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}hr{height:0;-moz-box-sizing:content-box;box-sizing:content-box}mark{color:#000;background:#ff0}code,kbd,pre,samp{font-family:monospace,serif;font-size:1em}pre{white-space:pre-wrap}q{quotes:"\201C" "\201D" "\2018" "\2019"}small{font-size:80%}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:0}fieldset{padding:.35em .625em .75em;margin:0 2px;border:1px solid silver}legend{padding:0;border:0}button,input,select,textarea{margin:0;font-family:inherit;font-size:100%}button,input{line-height:normal}button,select{text-transform:none}button,html input[type="button"],input[type="reset"],input[type="submit"]{cursor:pointer;-webkit-appearance:button}button[disabled],html input[disabled]{cursor:default}input[type="checkbox"],input[type="radio"]{padding:0;box-sizing:border-box}input[type="search"]{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-appearance:textfield}input[type="search"]::-webkit-search-cancel-button,input[type="search"]::-webkit-search-decoration{-webkit-appearance:none}button::-moz-focus-inner,input::-moz-focus-inner{padding:0;border:0}textarea{overflow:auto;vertical-align:top}table{border-collapse:collapse;border-spacing:0}@media print{*{color:#000 !important;text-shadow:none !important;background:transparent !important;box-shadow:none !important}a,a:visited{text-decoration:underline}a[href]:after{content:" (" attr(href) ")"}abbr[title]:after{content:" (" attr(title) ")"}a[href^="javascript:"]:after,a[href^="#"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100% !important}@page{margin:2cm .5cm}p,h2,h3{orphans:3;widows:3}h2,h3{page-break-after:avoid}select{background:#fff !important}.navbar{display:none}.table td,.table th{background-color:#fff !important}.btn>.caret,.dropup>.btn>.caret{border-top-color:#000 !important}.label{border:1px solid #000}.table{border-collapse:collapse !important}.table-bordered th,.table-bordered td{border:1px solid #ddd !important}}*,*:before,*:after{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html{font-size:62.5%;-webkit-tap-highlight-color:rgba(0,0,0,0)}body{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:1.428571429;color:#333;background-color:#fff}input,button,select,textarea{font-family:inherit;font-size:inherit;line-height:inherit}a{color:#428bca;text-decoration:none}a:hover,a:focus{color:#2a6496;text-decoration:underline}a:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}img{vertical-align:middle}.img-responsive{display:block;height:auto;max-width:100%}.img-rounded{border-radius:6px}.img-thumbnail{display:inline-block;height:auto;max-width:100%;padding:4px;line-height:1.428571429;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:all .2s ease-in-out;transition:all .2s ease-in-out}.img-circle{border-radius:50%}hr{margin-top:20px;margin-bottom:20px;border:0;border-top:1px solid #eee}.sr-only{position:absolute;width:1px;height:1px;padding:0;margin:-1px;overflow:hidden;clip:rect(0,0,0,0);border:0}p{margin:0 0 10px}.lead{margin-bottom:20px;font-size:16px;font-weight:200;line-height:1.4}@media(min-width:768px){.lead{font-size:21px}}small,.small{font-size:85%}cite{font-style:normal}.text-muted{color:#999}.text-primary{color:#428bca}.text-primary:hover{color:#3071a9}.text-warning{color:#c09853}.text-warning:hover{color:#a47e3c}.text-danger{color:#b94a48}.text-danger:hover{color:#953b39}.text-success{color:#468847}.text-success:hover{color:#356635}.text-info{color:#3a87ad}.text-info:hover{color:#2d6987}.text-left{text-align:left}.text-right{text-align:right}.text-center{text-align:center}h1,h2,h3,h4,h5,h6,.h1,.h2,.h3,.h4,.h5,.h6{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-weight:500;line-height:1.1;color:inherit}h1 small,h2 small,h3 small,h4 small,h5 small,h6 small,.h1 small,.h2 small,.h3 small,.h4 small,.h5 small,.h6 small,h1 .small,h2 .small,h3 .small,h4 .small,h5 .small,h6 .small,.h1 .small,.h2 .small,.h3 .small,.h4 .small,.h5 .small,.h6 .small{font-weight:normal;line-height:1;color:#999}h1,h2,h3{margin-top:20px;margin-bottom:10px}h1 small,h2 small,h3 small,h1 .small,h2 .small,h3 .small{font-size:65%}h4,h5,h6{margin-top:10px;margin-bottom:10px}h4 small,h5 small,h6 small,h4 .small,h5 .small,h6 .small{font-size:75%}h1,.h1{font-size:36px}h2,.h2{font-size:30px}h3,.h3{font-size:24px}h4,.h4{font-size:18px}h5,.h5{font-size:14px}h6,.h6{font-size:12px}.page-header{padding-bottom:9px;margin:40px 0 20px;border-bottom:1px solid #eee}ul,ol{margin-top:0;margin-bottom:10px}ul ul,ol ul,ul ol,ol ol{margin-bottom:0}.list-unstyled{padding-left:0;list-style:none}.list-inline{padding-left:0;list-style:none}.list-inline>li{display:inline-block;padding-right:5px;padding-left:5px}.list-inline>li:first-child{padding-left:0}dl{margin-bottom:20px}dt,dd{line-height:1.428571429}dt{font-weight:bold}dd{margin-left:0}@media(min-width:768px){.dl-horizontal dt{float:left;width:160px;overflow:hidden;clear:left;text-align:right;text-overflow:ellipsis;white-space:nowrap}.dl-horizontal dd{margin-left:180px}.dl-horizontal dd:before,.dl-horizontal dd:after{display:table;content:" "}.dl-horizontal dd:after{clear:both}.dl-horizontal dd:before,.dl-horizontal dd:after{display:table;content:" "}.dl-horizontal dd:after{clear:both}}abbr[title],abbr[data-original-title]{cursor:help;border-bottom:1px dotted #999}abbr.initialism{font-size:90%;text-transform:uppercase}blockquote{padding:10px 20px;margin:0 0 20px;border-left:5px solid #eee}blockquote p{font-size:17.5px;font-weight:300;line-height:1.25}blockquote p:last-child{margin-bottom:0}blockquote small{display:block;line-height:1.428571429;color:#999}blockquote small:before{content:'\2014 \00A0'}blockquote.pull-right{padding-right:15px;padding-left:0;border-right:5px solid #eee;border-left:0}blockquote.pull-right p,blockquote.pull-right small,blockquote.pull-right .small{text-align:right}blockquote.pull-right small:before,blockquote.pull-right .small:before{content:''}blockquote.pull-right small:after,blockquote.pull-right .small:after{content:'\00A0 \2014'}blockquote:before,blockquote:after{content:""}address{margin-bottom:20px;font-style:normal;line-height:1.428571429}code,kbd,pre,samp{font-family:Monaco,Menlo,Consolas,"Courier New",monospace}code{padding:2px 4px;font-size:90%;color:#c7254e;white-space:nowrap;background-color:#f9f2f4;border-radius:4px}pre{display:block;padding:9.5px;margin:0 0 10px;font-size:13px;line-height:1.428571429;color:#333;word-break:break-all;word-wrap:break-word;background-color:#f5f5f5;border:1px solid #ccc;border-radius:4px}pre code{padding:0;font-size:inherit;color:inherit;white-space:pre-wrap;background-color:transparent;border-radius:0}.pre-scrollable{max-height:340px;overflow-y:scroll}.container{padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}.container:before,.container:after{display:table;content:" "}.container:after{clear:both}.container:before,.container:after{display:table;content:" "}.container:after{clear:both}.row{margin-right:-15px;margin-left:-15px}.row:before,.row:after{display:table;content:" "}.row:after{clear:both}.row:before,.row:after{display:table;content:" "}.row:after{clear:both}.col-xs-1,.col-sm-1,.col-md-1,.col-lg-1,.col-xs-2,.col-sm-2,.col-md-2,.col-lg-2,.col-xs-3,.col-sm-3,.col-md-3,.col-lg-3,.col-xs-4,.col-sm-4,.col-md-4,.col-lg-4,.col-xs-5,.col-sm-5,.col-md-5,.col-lg-5,.col-xs-6,.col-sm-6,.col-md-6,.col-lg-6,.col-xs-7,.col-sm-7,.col-md-7,.col-lg-7,.col-xs-8,.col-sm-8,.col-md-8,.col-lg-8,.col-xs-9,.col-sm-9,.col-md-9,.col-lg-9,.col-xs-10,.col-sm-10,.col-md-10,.col-lg-10,.col-xs-11,.col-sm-11,.col-md-11,.col-lg-11,.col-xs-12,.col-sm-12,.col-md-12,.col-lg-12{position:relative;min-height:1px;padding-right:15px;padding-left:15px}.col-xs-1,.col-xs-2,.col-xs-3,.col-xs-4,.col-xs-5,.col-xs-6,.col-xs-7,.col-xs-8,.col-xs-9,.col-xs-10,.col-xs-11{float:left}.col-xs-12{width:100%}.col-xs-11{width:91.66666666666666%}.col-xs-10{width:83.33333333333334%}.col-xs-9{width:75%}.col-xs-8{width:66.66666666666666%}.col-xs-7{width:58.333333333333336%}.col-xs-6{width:50%}.col-xs-5{width:41.66666666666667%}.col-xs-4{width:33.33333333333333%}.col-xs-3{width:25%}.col-xs-2{width:16.666666666666664%}.col-xs-1{width:8.333333333333332%}.col-xs-pull-12{right:100%}.col-xs-pull-11{right:91.66666666666666%}.col-xs-pull-10{right:83.33333333333334%}.col-xs-pull-9{right:75%}.col-xs-pull-8{right:66.66666666666666%}.col-xs-pull-7{right:58.333333333333336%}.col-xs-pull-6{right:50%}.col-xs-pull-5{right:41.66666666666667%}.col-xs-pull-4{right:33.33333333333333%}.col-xs-pull-3{right:25%}.col-xs-pull-2{right:16.666666666666664%}.col-xs-pull-1{right:8.333333333333332%}.col-xs-pull-0{right:0}.col-xs-push-12{left:100%}.col-xs-push-11{left:91.66666666666666%}.col-xs-push-10{left:83.33333333333334%}.col-xs-push-9{left:75%}.col-xs-push-8{left:66.66666666666666%}.col-xs-push-7{left:58.333333333333336%}.col-xs-push-6{left:50%}.col-xs-push-5{left:41.66666666666667%}.col-xs-push-4{left:33.33333333333333%}.col-xs-push-3{left:25%}.col-xs-push-2{left:16.666666666666664%}.col-xs-push-1{left:8.333333333333332%}.col-xs-push-0{left:0}.col-xs-offset-12{margin-left:100%}.col-xs-offset-11{margin-left:91.66666666666666%}.col-xs-offset-10{margin-left:83.33333333333334%}.col-xs-offset-9{margin-left:75%}.col-xs-offset-8{margin-left:66.66666666666666%}.col-xs-offset-7{margin-left:58.333333333333336%}.col-xs-offset-6{margin-left:50%}.col-xs-offset-5{margin-left:41.66666666666667%}.col-xs-offset-4{margin-left:33.33333333333333%}.col-xs-offset-3{margin-left:25%}.col-xs-offset-2{margin-left:16.666666666666664%}.col-xs-offset-1{margin-left:8.333333333333332%}.col-xs-offset-0{margin-left:0}@media(min-width:768px){.container{width:750px}.col-sm-1,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9,.col-sm-10,.col-sm-11{float:left}.col-sm-12{width:100%}.col-sm-11{width:91.66666666666666%}.col-sm-10{width:83.33333333333334%}.col-sm-9{width:75%}.col-sm-8{width:66.66666666666666%}.col-sm-7{width:58.333333333333336%}.col-sm-6{width:50%}.col-sm-5{width:41.66666666666667%}.col-sm-4{width:33.33333333333333%}.col-sm-3{width:25%}.col-sm-2{width:16.666666666666664%}.col-sm-1{width:8.333333333333332%}.col-sm-pull-12{right:100%}.col-sm-pull-11{right:91.66666666666666%}.col-sm-pull-10{right:83.33333333333334%}.col-sm-pull-9{right:75%}.col-sm-pull-8{right:66.66666666666666%}.col-sm-pull-7{right:58.333333333333336%}.col-sm-pull-6{right:50%}.col-sm-pull-5{right:41.66666666666667%}.col-sm-pull-4{right:33.33333333333333%}.col-sm-pull-3{right:25%}.col-sm-pull-2{right:16.666666666666664%}.col-sm-pull-1{right:8.333333333333332%}.col-sm-pull-0{right:0}.col-sm-push-12{left:100%}.col-sm-push-11{left:91.66666666666666%}.col-sm-push-10{left:83.33333333333334%}.col-sm-push-9{left:75%}.col-sm-push-8{left:66.66666666666666%}.col-sm-push-7{left:58.333333333333336%}.col-sm-push-6{left:50%}.col-sm-push-5{left:41.66666666666667%}.col-sm-push-4{left:33.33333333333333%}.col-sm-push-3{left:25%}.col-sm-push-2{left:16.666666666666664%}.col-sm-push-1{left:8.333333333333332%}.col-sm-push-0{left:0}.col-sm-offset-12{margin-left:100%}.col-sm-offset-11{margin-left:91.66666666666666%}.col-sm-offset-10{margin-left:83.33333333333334%}.col-sm-offset-9{margin-left:75%}.col-sm-offset-8{margin-left:66.66666666666666%}.col-sm-offset-7{margin-left:58.333333333333336%}.col-sm-offset-6{margin-left:50%}.col-sm-offset-5{margin-left:41.66666666666667%}.col-sm-offset-4{margin-left:33.33333333333333%}.col-sm-offset-3{margin-left:25%}.col-sm-offset-2{margin-left:16.666666666666664%}.col-sm-offset-1{margin-left:8.333333333333332%}.col-sm-offset-0{margin-left:0}}@media(min-width:992px){.container{width:970px}.col-md-1,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-md-10,.col-md-11{float:left}.col-md-12{width:100%}.col-md-11{width:91.66666666666666%}.col-md-10{width:83.33333333333334%}.col-md-9{width:75%}.col-md-8{width:66.66666666666666%}.col-md-7{width:58.333333333333336%}.col-md-6{width:50%}.col-md-5{width:41.66666666666667%}.col-md-4{width:33.33333333333333%}.col-md-3{width:25%}.col-md-2{width:16.666666666666664%}.col-md-1{width:8.333333333333332%}.col-md-pull-12{right:100%}.col-md-pull-11{right:91.66666666666666%}.col-md-pull-10{right:83.33333333333334%}.col-md-pull-9{right:75%}.col-md-pull-8{right:66.66666666666666%}.col-md-pull-7{right:58.333333333333336%}.col-md-pull-6{right:50%}.col-md-pull-5{right:41.66666666666667%}.col-md-pull-4{right:33.33333333333333%}.col-md-pull-3{right:25%}.col-md-pull-2{right:16.666666666666664%}.col-md-pull-1{right:8.333333333333332%}.col-md-pull-0{right:0}.col-md-push-12{left:100%}.col-md-push-11{left:91.66666666666666%}.col-md-push-10{left:83.33333333333334%}.col-md-push-9{left:75%}.col-md-push-8{left:66.66666666666666%}.col-md-push-7{left:58.333333333333336%}.col-md-push-6{left:50%}.col-md-push-5{left:41.66666666666667%}.col-md-push-4{left:33.33333333333333%}.col-md-push-3{left:25%}.col-md-push-2{left:16.666666666666664%}.col-md-push-1{left:8.333333333333332%}.col-md-push-0{left:0}.col-md-offset-12{margin-left:100%}.col-md-offset-11{margin-left:91.66666666666666%}.col-md-offset-10{margin-left:83.33333333333334%}.col-md-offset-9{margin-left:75%}.col-md-offset-8{margin-left:66.66666666666666%}.col-md-offset-7{margin-left:58.333333333333336%}.col-md-offset-6{margin-left:50%}.col-md-offset-5{margin-left:41.66666666666667%}.col-md-offset-4{margin-left:33.33333333333333%}.col-md-offset-3{margin-left:25%}.col-md-offset-2{margin-left:16.666666666666664%}.col-md-offset-1{margin-left:8.333333333333332%}.col-md-offset-0{margin-left:0}}@media(min-width:1200px){.container{width:1170px}.col-lg-1,.col-lg-2,.col-lg-3,.col-lg-4,.col-lg-5,.col-lg-6,.col-lg-7,.col-lg-8,.col-lg-9,.col-lg-10,.col-lg-11{float:left}.col-lg-12{width:100%}.col-lg-11{width:91.66666666666666%}.col-lg-10{width:83.33333333333334%}.col-lg-9{width:75%}.col-lg-8{width:66.66666666666666%}.col-lg-7{width:58.333333333333336%}.col-lg-6{width:50%}.col-lg-5{width:41.66666666666667%}.col-lg-4{width:33.33333333333333%}.col-lg-3{width:25%}.col-lg-2{width:16.666666666666664%}.col-lg-1{width:8.333333333333332%}.col-lg-pull-12{right:100%}.col-lg-pull-11{right:91.66666666666666%}.col-lg-pull-10{right:83.33333333333334%}.col-lg-pull-9{right:75%}.col-lg-pull-8{right:66.66666666666666%}.col-lg-pull-7{right:58.333333333333336%}.col-lg-pull-6{right:50%}.col-lg-pull-5{right:41.66666666666667%}.col-lg-pull-4{right:33.33333333333333%}.col-lg-pull-3{right:25%}.col-lg-pull-2{right:16.666666666666664%}.col-lg-pull-1{right:8.333333333333332%}.col-lg-pull-0{right:0}.col-lg-push-12{left:100%}.col-lg-push-11{left:91.66666666666666%}.col-lg-push-10{left:83.33333333333334%}.col-lg-push-9{left:75%}.col-lg-push-8{left:66.66666666666666%}.col-lg-push-7{left:58.333333333333336%}.col-lg-push-6{left:50%}.col-lg-push-5{left:41.66666666666667%}.col-lg-push-4{left:33.33333333333333%}.col-lg-push-3{left:25%}.col-lg-push-2{left:16.666666666666664%}.col-lg-push-1{left:8.333333333333332%}.col-lg-push-0{left:0}.col-lg-offset-12{margin-left:100%}.col-lg-offset-11{margin-left:91.66666666666666%}.col-lg-offset-10{margin-left:83.33333333333334%}.col-lg-offset-9{margin-left:75%}.col-lg-offset-8{margin-left:66.66666666666666%}.col-lg-offset-7{margin-left:58.333333333333336%}.col-lg-offset-6{margin-left:50%}.col-lg-offset-5{margin-left:41.66666666666667%}.col-lg-offset-4{margin-left:33.33333333333333%}.col-lg-offset-3{margin-left:25%}.col-lg-offset-2{margin-left:16.666666666666664%}.col-lg-offset-1{margin-left:8.333333333333332%}.col-lg-offset-0{margin-left:0}}table{max-width:100%;background-color:transparent}th{text-align:left}.table{width:100%;margin-bottom:20px}.table>thead>tr>th,.table>tbody>tr>th,.table>tfoot>tr>th,.table>thead>tr>td,.table>tbody>tr>td,.table>tfoot>tr>td{padding:8px;line-height:1.428571429;vertical-align:top;border-top:1px solid #ddd}.table>thead>tr>th{vertical-align:bottom;border-bottom:2px solid #ddd}.table>caption+thead>tr:first-child>th,.table>colgroup+thead>tr:first-child>th,.table>thead:first-child>tr:first-child>th,.table>caption+thead>tr:first-child>td,.table>colgroup+thead>tr:first-child>td,.table>thead:first-child>tr:first-child>td{border-top:0}.table>tbody+tbody{border-top:2px solid #ddd}.table .table{background-color:#fff}.table-condensed>thead>tr>th,.table-condensed>tbody>tr>th,.table-condensed>tfoot>tr>th,.table-condensed>thead>tr>td,.table-condensed>tbody>tr>td,.table-condensed>tfoot>tr>td{padding:5px}.table-bordered{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>tbody>tr>th,.table-bordered>tfoot>tr>th,.table-bordered>thead>tr>td,.table-bordered>tbody>tr>td,.table-bordered>tfoot>tr>td{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>thead>tr>td{border-bottom-width:2px}.table-striped>tbody>tr:nth-child(odd)>td,.table-striped>tbody>tr:nth-child(odd)>th{background-color:#f9f9f9}.table-hover>tbody>tr:hover>td,.table-hover>tbody>tr:hover>th{background-color:#f5f5f5}table col[class*="col-"]{display:table-column;float:none}table td[class*="col-"],table th[class*="col-"]{display:table-cell;float:none}.table>thead>tr>td.active,.table>tbody>tr>td.active,.table>tfoot>tr>td.active,.table>thead>tr>th.active,.table>tbody>tr>th.active,.table>tfoot>tr>th.active,.table>thead>tr.active>td,.table>tbody>tr.active>td,.table>tfoot>tr.active>td,.table>thead>tr.active>th,.table>tbody>tr.active>th,.table>tfoot>tr.active>th{background-color:#f5f5f5}.table>thead>tr>td.success,.table>tbody>tr>td.success,.table>tfoot>tr>td.success,.table>thead>tr>th.success,.table>tbody>tr>th.success,.table>tfoot>tr>th.success,.table>thead>tr.success>td,.table>tbody>tr.success>td,.table>tfoot>tr.success>td,.table>thead>tr.success>th,.table>tbody>tr.success>th,.table>tfoot>tr.success>th{background-color:#dff0d8}.table-hover>tbody>tr>td.success:hover,.table-hover>tbody>tr>th.success:hover,.table-hover>tbody>tr.success:hover>td,.table-hover>tbody>tr.success:hover>th{background-color:#d0e9c6}.table>thead>tr>td.danger,.table>tbody>tr>td.danger,.table>tfoot>tr>td.danger,.table>thead>tr>th.danger,.table>tbody>tr>th.danger,.table>tfoot>tr>th.danger,.table>thead>tr.danger>td,.table>tbody>tr.danger>td,.table>tfoot>tr.danger>td,.table>thead>tr.danger>th,.table>tbody>tr.danger>th,.table>tfoot>tr.danger>th{background-color:#f2dede}.table-hover>tbody>tr>td.danger:hover,.table-hover>tbody>tr>th.danger:hover,.table-hover>tbody>tr.danger:hover>td,.table-hover>tbody>tr.danger:hover>th{background-color:#ebcccc}.table>thead>tr>td.warning,.table>tbody>tr>td.warning,.table>tfoot>tr>td.warning,.table>thead>tr>th.warning,.table>tbody>tr>th.warning,.table>tfoot>tr>th.warning,.table>thead>tr.warning>td,.table>tbody>tr.warning>td,.table>tfoot>tr.warning>td,.table>thead>tr.warning>th,.table>tbody>tr.warning>th,.table>tfoot>tr.warning>th{background-color:#fcf8e3}.table-hover>tbody>tr>td.warning:hover,.table-hover>tbody>tr>th.warning:hover,.table-hover>tbody>tr.warning:hover>td,.table-hover>tbody>tr.warning:hover>th{background-color:#faf2cc}@media(max-width:767px){.table-responsive{width:100%;margin-bottom:15px;overflow-x:scroll;overflow-y:hidden;border:1px solid #ddd;-ms-overflow-style:-ms-autohiding-scrollbar;-webkit-overflow-scrolling:touch}.table-responsive>.table{margin-bottom:0}.table-responsive>.table>thead>tr>th,.table-responsive>.table>tbody>tr>th,.table-responsive>.table>tfoot>tr>th,.table-responsive>.table>thead>tr>td,.table-responsive>.table>tbody>tr>td,.table-responsive>.table>tfoot>tr>td{white-space:nowrap}.table-responsive>.table-bordered{border:0}.table-responsive>.table-bordered>thead>tr>th:first-child,.table-responsive>.table-bordered>tbody>tr>th:first-child,.table-responsive>.table-bordered>tfoot>tr>th:first-child,.table-responsive>.table-bordered>thead>tr>td:first-child,.table-responsive>.table-bordered>tbody>tr>td:first-child,.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.table-responsive>.table-bordered>thead>tr>th:last-child,.table-responsive>.table-bordered>tbody>tr>th:last-child,.table-responsive>.table-bordered>tfoot>tr>th:last-child,.table-responsive>.table-bordered>thead>tr>td:last-child,.table-responsive>.table-bordered>tbody>tr>td:last-child,.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.table-responsive>.table-bordered>tbody>tr:last-child>th,.table-responsive>.table-bordered>tfoot>tr:last-child>th,.table-responsive>.table-bordered>tbody>tr:last-child>td,.table-responsive>.table-bordered>tfoot>tr:last-child>td{border-bottom:0}}fieldset{padding:0;margin:0;border:0}legend{display:block;width:100%;padding:0;margin-bottom:20px;font-size:21px;line-height:inherit;color:#333;border:0;border-bottom:1px solid #e5e5e5}label{display:inline-block;margin-bottom:5px;font-weight:bold}input[type="search"]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}input[type="radio"],input[type="checkbox"]{margin:4px 0 0;margin-top:1px \9;line-height:normal}input[type="file"]{display:block}select[multiple],select[size]{height:auto}select optgroup{font-family:inherit;font-size:inherit;font-style:inherit}input[type="file"]:focus,input[type="radio"]:focus,input[type="checkbox"]:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}input[type="number"]::-webkit-outer-spin-button,input[type="number"]::-webkit-inner-spin-button{height:auto}output{display:block;padding-top:7px;font-size:14px;line-height:1.428571429;color:#555;vertical-align:middle}.form-control{display:block;width:100%;height:34px;padding:6px 12px;font-size:14px;line-height:1.428571429;color:#555;vertical-align:middle;background-color:#fff;background-image:none;border:1px solid #ccc;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-webkit-transition:border-color ease-in-out .15s,box-shadow ease-in-out .15s;transition:border-color ease-in-out .15s,box-shadow ease-in-out .15s}.form-control:focus{border-color:#66afe9;outline:0;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(102,175,233,0.6);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(102,175,233,0.6)}.form-control:-moz-placeholder{color:#999}.form-control::-moz-placeholder{color:#999}.form-control:-ms-input-placeholder{color:#999}.form-control::-webkit-input-placeholder{color:#999}.form-control[disabled],.form-control[readonly],fieldset[disabled] .form-control{cursor:not-allowed;background-color:#eee}textarea.form-control{height:auto}.form-group{margin-bottom:15px}.radio,.checkbox{display:block;min-height:20px;padding-left:20px;margin-top:10px;margin-bottom:10px;vertical-align:middle}.radio label,.checkbox label{display:inline;margin-bottom:0;font-weight:normal;cursor:pointer}.radio input[type="radio"],.radio-inline input[type="radio"],.checkbox input[type="checkbox"],.checkbox-inline input[type="checkbox"]{float:left;margin-left:-20px}.radio+.radio,.checkbox+.checkbox{margin-top:-5px}.radio-inline,.checkbox-inline{display:inline-block;padding-left:20px;margin-bottom:0;font-weight:normal;vertical-align:middle;cursor:pointer}.radio-inline+.radio-inline,.checkbox-inline+.checkbox-inline{margin-top:0;margin-left:10px}input[type="radio"][disabled],input[type="checkbox"][disabled],.radio[disabled],.radio-inline[disabled],.checkbox[disabled],.checkbox-inline[disabled],fieldset[disabled] input[type="radio"],fieldset[disabled] input[type="checkbox"],fieldset[disabled] .radio,fieldset[disabled] .radio-inline,fieldset[disabled] .checkbox,fieldset[disabled] .checkbox-inline{cursor:not-allowed}.input-sm{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-sm{height:30px;line-height:30px}textarea.input-sm{height:auto}.input-lg{height:45px;padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}select.input-lg{height:45px;line-height:45px}textarea.input-lg{height:auto}.has-warning .help-block,.has-warning .control-label,.has-warning .radio,.has-warning .checkbox,.has-warning .radio-inline,.has-warning .checkbox-inline{color:#c09853}.has-warning .form-control{border-color:#c09853;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-warning .form-control:focus{border-color:#a47e3c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #dbc59e;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #dbc59e}.has-warning .input-group-addon{color:#c09853;background-color:#fcf8e3;border-color:#c09853}.has-error .help-block,.has-error .control-label,.has-error .radio,.has-error .checkbox,.has-error .radio-inline,.has-error .checkbox-inline{color:#b94a48}.has-error .form-control{border-color:#b94a48;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-error .form-control:focus{border-color:#953b39;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #d59392;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #d59392}.has-error .input-group-addon{color:#b94a48;background-color:#f2dede;border-color:#b94a48}.has-success .help-block,.has-success .control-label,.has-success .radio,.has-success .checkbox,.has-success .radio-inline,.has-success .checkbox-inline{color:#468847}.has-success .form-control{border-color:#468847;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-success .form-control:focus{border-color:#356635;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7aba7b;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7aba7b}.has-success .input-group-addon{color:#468847;background-color:#dff0d8;border-color:#468847}.form-control-static{margin-bottom:0}.help-block{display:block;margin-top:5px;margin-bottom:10px;color:#737373}@media(min-width:768px){.form-inline .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.form-inline .form-control{display:inline-block}.form-inline .radio,.form-inline .checkbox{display:inline-block;padding-left:0;margin-top:0;margin-bottom:0}.form-inline .radio input[type="radio"],.form-inline .checkbox input[type="checkbox"]{float:none;margin-left:0}}.form-horizontal .control-label,.form-horizontal .radio,.form-horizontal .checkbox,.form-horizontal .radio-inline,.form-horizontal .checkbox-inline{padding-top:7px;margin-top:0;margin-bottom:0}.form-horizontal .form-group{margin-right:-15px;margin-left:-15px}.form-horizontal .form-group:before,.form-horizontal .form-group:after{display:table;content:" "}.form-horizontal .form-group:after{clear:both}.form-horizontal .form-group:before,.form-horizontal .form-group:after{display:table;content:" "}.form-horizontal .form-group:after{clear:both}.form-horizontal .form-control-static{padding-top:7px}@media(min-width:768px){.form-horizontal .control-label{text-align:right}}.btn{display:inline-block;padding:6px 12px;margin-bottom:0;font-size:14px;font-weight:normal;line-height:1.428571429;text-align:center;white-space:nowrap;vertical-align:middle;cursor:pointer;background-image:none;border:1px solid transparent;border-radius:4px;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;-o-user-select:none;user-select:none}.btn:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.btn:hover,.btn:focus{color:#333;text-decoration:none}.btn:active,.btn.active{background-image:none;outline:0;-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn.disabled,.btn[disabled],fieldset[disabled] .btn{pointer-events:none;cursor:not-allowed;opacity:.65;filter:alpha(opacity=65);-webkit-box-shadow:none;box-shadow:none}.btn-default{color:#333;background-color:#fff;border-color:#ccc}.btn-default:hover,.btn-default:focus,.btn-default:active,.btn-default.active,.open .dropdown-toggle.btn-default{color:#333;background-color:#ebebeb;border-color:#adadad}.btn-default:active,.btn-default.active,.open .dropdown-toggle.btn-default{background-image:none}.btn-default.disabled,.btn-default[disabled],fieldset[disabled] .btn-default,.btn-default.disabled:hover,.btn-default[disabled]:hover,fieldset[disabled] .btn-default:hover,.btn-default.disabled:focus,.btn-default[disabled]:focus,fieldset[disabled] .btn-default:focus,.btn-default.disabled:active,.btn-default[disabled]:active,fieldset[disabled] .btn-default:active,.btn-default.disabled.active,.btn-default[disabled].active,fieldset[disabled] .btn-default.active{background-color:#fff;border-color:#ccc}.btn-primary{color:#fff;background-color:#428bca;border-color:#357ebd}.btn-primary:hover,.btn-primary:focus,.btn-primary:active,.btn-primary.active,.open .dropdown-toggle.btn-primary{color:#fff;background-color:#3276b1;border-color:#285e8e}.btn-primary:active,.btn-primary.active,.open .dropdown-toggle.btn-primary{background-image:none}.btn-primary.disabled,.btn-primary[disabled],fieldset[disabled] .btn-primary,.btn-primary.disabled:hover,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary:hover,.btn-primary.disabled:focus,.btn-primary[disabled]:focus,fieldset[disabled] .btn-primary:focus,.btn-primary.disabled:active,.btn-primary[disabled]:active,fieldset[disabled] .btn-primary:active,.btn-primary.disabled.active,.btn-primary[disabled].active,fieldset[disabled] .btn-primary.active{background-color:#428bca;border-color:#357ebd}.btn-warning{color:#fff;background-color:#f0ad4e;border-color:#eea236}.btn-warning:hover,.btn-warning:focus,.btn-warning:active,.btn-warning.active,.open .dropdown-toggle.btn-warning{color:#fff;background-color:#ed9c28;border-color:#d58512}.btn-warning:active,.btn-warning.active,.open .dropdown-toggle.btn-warning{background-image:none}.btn-warning.disabled,.btn-warning[disabled],fieldset[disabled] .btn-warning,.btn-warning.disabled:hover,.btn-warning[disabled]:hover,fieldset[disabled] .btn-warning:hover,.btn-warning.disabled:focus,.btn-warning[disabled]:focus,fieldset[disabled] .btn-warning:focus,.btn-warning.disabled:active,.btn-warning[disabled]:active,fieldset[disabled] .btn-warning:active,.btn-warning.disabled.active,.btn-warning[disabled].active,fieldset[disabled] .btn-warning.active{background-color:#f0ad4e;border-color:#eea236}.btn-danger{color:#fff;background-color:#d9534f;border-color:#d43f3a}.btn-danger:hover,.btn-danger:focus,.btn-danger:active,.btn-danger.active,.open .dropdown-toggle.btn-danger{color:#fff;background-color:#d2322d;border-color:#ac2925}.btn-danger:active,.btn-danger.active,.open .dropdown-toggle.btn-danger{background-image:none}.btn-danger.disabled,.btn-danger[disabled],fieldset[disabled] .btn-danger,.btn-danger.disabled:hover,.btn-danger[disabled]:hover,fieldset[disabled] .btn-danger:hover,.btn-danger.disabled:focus,.btn-danger[disabled]:focus,fieldset[disabled] .btn-danger:focus,.btn-danger.disabled:active,.btn-danger[disabled]:active,fieldset[disabled] .btn-danger:active,.btn-danger.disabled.active,.btn-danger[disabled].active,fieldset[disabled] .btn-danger.active{background-color:#d9534f;border-color:#d43f3a}.btn-success{color:#fff;background-color:#5cb85c;border-color:#4cae4c}.btn-success:hover,.btn-success:focus,.btn-success:active,.btn-success.active,.open .dropdown-toggle.btn-success{color:#fff;background-color:#47a447;border-color:#398439}.btn-success:active,.btn-success.active,.open .dropdown-toggle.btn-success{background-image:none}.btn-success.disabled,.btn-success[disabled],fieldset[disabled] .btn-success,.btn-success.disabled:hover,.btn-success[disabled]:hover,fieldset[disabled] .btn-success:hover,.btn-success.disabled:focus,.btn-success[disabled]:focus,fieldset[disabled] .btn-success:focus,.btn-success.disabled:active,.btn-success[disabled]:active,fieldset[disabled] .btn-success:active,.btn-success.disabled.active,.btn-success[disabled].active,fieldset[disabled] .btn-success.active{background-color:#5cb85c;border-color:#4cae4c}.btn-info{color:#fff;background-color:#5bc0de;border-color:#46b8da}.btn-info:hover,.btn-info:focus,.btn-info:active,.btn-info.active,.open .dropdown-toggle.btn-info{color:#fff;background-color:#39b3d7;border-color:#269abc}.btn-info:active,.btn-info.active,.open .dropdown-toggle.btn-info{background-image:none}.btn-info.disabled,.btn-info[disabled],fieldset[disabled] .btn-info,.btn-info.disabled:hover,.btn-info[disabled]:hover,fieldset[disabled] .btn-info:hover,.btn-info.disabled:focus,.btn-info[disabled]:focus,fieldset[disabled] .btn-info:focus,.btn-info.disabled:active,.btn-info[disabled]:active,fieldset[disabled] .btn-info:active,.btn-info.disabled.active,.btn-info[disabled].active,fieldset[disabled] .btn-info.active{background-color:#5bc0de;border-color:#46b8da}.btn-link{font-weight:normal;color:#428bca;cursor:pointer;border-radius:0}.btn-link,.btn-link:active,.btn-link[disabled],fieldset[disabled] .btn-link{background-color:transparent;-webkit-box-shadow:none;box-shadow:none}.btn-link,.btn-link:hover,.btn-link:focus,.btn-link:active{border-color:transparent}.btn-link:hover,.btn-link:focus{color:#2a6496;text-decoration:underline;background-color:transparent}.btn-link[disabled]:hover,fieldset[disabled] .btn-link:hover,.btn-link[disabled]:focus,fieldset[disabled] .btn-link:focus{color:#999;text-decoration:none}.btn-lg{padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}.btn-sm,.btn-xs{padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.btn-xs{padding:1px 5px}.btn-block{display:block;width:100%;padding-right:0;padding-left:0}.btn-block+.btn-block{margin-top:5px}input[type="submit"].btn-block,input[type="reset"].btn-block,input[type="button"].btn-block{width:100%}.fade{opacity:0;-webkit-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1}.collapse{display:none}.collapse.in{display:block}.collapsing{position:relative;height:0;overflow:hidden;-webkit-transition:height .35s ease;transition:height .35s ease}@font-face{font-family:'Glyphicons Halflings';src:url('../fonts/glyphicons-halflings-regular.eot');src:url('../fonts/glyphicons-halflings-regular.eot?#iefix') format('embedded-opentype'),url('../fonts/glyphicons-halflings-regular.woff') format('woff'),url('../fonts/glyphicons-halflings-regular.ttf') format('truetype'),url('../fonts/glyphicons-halflings-regular.svg#glyphicons_halflingsregular') format('svg')}.glyphicon{position:relative;top:1px;display:inline-block;font-family:'Glyphicons Halflings';-webkit-font-smoothing:antialiased;font-style:normal;font-weight:normal;line-height:1;-moz-osx-font-smoothing:grayscale}.glyphicon:empty{width:1em}.glyphicon-asterisk:before{content:"\2a"}.glyphicon-plus:before{content:"\2b"}.glyphicon-euro:before{content:"\20ac"}.glyphicon-minus:before{content:"\2212"}.glyphicon-cloud:before{content:"\2601"}.glyphicon-envelope:before{content:"\2709"}.glyphicon-pencil:before{content:"\270f"}.glyphicon-glass:before{content:"\e001"}.glyphicon-music:before{content:"\e002"}.glyphicon-search:before{content:"\e003"}.glyphicon-heart:before{content:"\e005"}.glyphicon-star:before{content:"\e006"}.glyphicon-star-empty:before{content:"\e007"}.glyphicon-user:before{content:"\e008"}.glyphicon-film:before{content:"\e009"}.glyphicon-th-large:before{content:"\e010"}.glyphicon-th:before{content:"\e011"}.glyphicon-th-list:before{content:"\e012"}.glyphicon-ok:before{content:"\e013"}.glyphicon-remove:before{content:"\e014"}.glyphicon-zoom-in:before{content:"\e015"}.glyphicon-zoom-out:before{content:"\e016"}.glyphicon-off:before{content:"\e017"}.glyphicon-signal:before{content:"\e018"}.glyphicon-cog:before{content:"\e019"}.glyphicon-trash:before{content:"\e020"}.glyphicon-home:before{content:"\e021"}.glyphicon-file:before{content:"\e022"}.glyphicon-time:before{content:"\e023"}.glyphicon-road:before{content:"\e024"}.glyphicon-download-alt:before{content:"\e025"}.glyphicon-download:before{content:"\e026"}.glyphicon-upload:before{content:"\e027"}.glyphicon-inbox:before{content:"\e028"}.glyphicon-play-circle:before{content:"\e029"}.glyphicon-repeat:before{content:"\e030"}.glyphicon-refresh:before{content:"\e031"}.glyphicon-list-alt:before{content:"\e032"}.glyphicon-lock:before{content:"\e033"}.glyphicon-flag:before{content:"\e034"}.glyphicon-headphones:before{content:"\e035"}.glyphicon-volume-off:before{content:"\e036"}.glyphicon-volume-down:before{content:"\e037"}.glyphicon-volume-up:before{content:"\e038"}.glyphicon-qrcode:before{content:"\e039"}.glyphicon-barcode:before{content:"\e040"}.glyphicon-tag:before{content:"\e041"}.glyphicon-tags:before{content:"\e042"}.glyphicon-book:before{content:"\e043"}.glyphicon-bookmark:before{content:"\e044"}.glyphicon-print:before{content:"\e045"}.glyphicon-camera:before{content:"\e046"}.glyphicon-font:before{content:"\e047"}.glyphicon-bold:before{content:"\e048"}.glyphicon-italic:before{content:"\e049"}.glyphicon-text-height:before{content:"\e050"}.glyphicon-text-width:before{content:"\e051"}.glyphicon-align-left:before{content:"\e052"}.glyphicon-align-center:before{content:"\e053"}.glyphicon-align-right:before{content:"\e054"}.glyphicon-align-justify:before{content:"\e055"}.glyphicon-list:before{content:"\e056"}.glyphicon-indent-left:before{content:"\e057"}.glyphicon-indent-right:before{content:"\e058"}.glyphicon-facetime-video:before{content:"\e059"}.glyphicon-picture:before{content:"\e060"}.glyphicon-map-marker:before{content:"\e062"}.glyphicon-adjust:before{content:"\e063"}.glyphicon-tint:before{content:"\e064"}.glyphicon-edit:before{content:"\e065"}.glyphicon-share:before{content:"\e066"}.glyphicon-check:before{content:"\e067"}.glyphicon-move:before{content:"\e068"}.glyphicon-step-backward:before{content:"\e069"}.glyphicon-fast-backward:before{content:"\e070"}.glyphicon-backward:before{content:"\e071"}.glyphicon-play:before{content:"\e072"}.glyphicon-pause:before{content:"\e073"}.glyphicon-stop:before{content:"\e074"}.glyphicon-forward:before{content:"\e075"}.glyphicon-fast-forward:before{content:"\e076"}.glyphicon-step-forward:before{content:"\e077"}.glyphicon-eject:before{content:"\e078"}.glyphicon-chevron-left:before{content:"\e079"}.glyphicon-chevron-right:before{content:"\e080"}.glyphicon-plus-sign:before{content:"\e081"}.glyphicon-minus-sign:before{content:"\e082"}.glyphicon-remove-sign:before{content:"\e083"}.glyphicon-ok-sign:before{content:"\e084"}.glyphicon-question-sign:before{content:"\e085"}.glyphicon-info-sign:before{content:"\e086"}.glyphicon-screenshot:before{content:"\e087"}.glyphicon-remove-circle:before{content:"\e088"}.glyphicon-ok-circle:before{content:"\e089"}.glyphicon-ban-circle:before{content:"\e090"}.glyphicon-arrow-left:before{content:"\e091"}.glyphicon-arrow-right:before{content:"\e092"}.glyphicon-arrow-up:before{content:"\e093"}.glyphicon-arrow-down:before{content:"\e094"}.glyphicon-share-alt:before{content:"\e095"}.glyphicon-resize-full:before{content:"\e096"}.glyphicon-resize-small:before{content:"\e097"}.glyphicon-exclamation-sign:before{content:"\e101"}.glyphicon-gift:before{content:"\e102"}.glyphicon-leaf:before{content:"\e103"}.glyphicon-fire:before{content:"\e104"}.glyphicon-eye-open:before{content:"\e105"}.glyphicon-eye-close:before{content:"\e106"}.glyphicon-warning-sign:before{content:"\e107"}.glyphicon-plane:before{content:"\e108"}.glyphicon-calendar:before{content:"\e109"}.glyphicon-random:before{content:"\e110"}.glyphicon-comment:before{content:"\e111"}.glyphicon-magnet:before{content:"\e112"}.glyphicon-chevron-up:before{content:"\e113"}.glyphicon-chevron-down:before{content:"\e114"}.glyphicon-retweet:before{content:"\e115"}.glyphicon-shopping-cart:before{content:"\e116"}.glyphicon-folder-close:before{content:"\e117"}.glyphicon-folder-open:before{content:"\e118"}.glyphicon-resize-vertical:before{content:"\e119"}.glyphicon-resize-horizontal:before{content:"\e120"}.glyphicon-hdd:before{content:"\e121"}.glyphicon-bullhorn:before{content:"\e122"}.glyphicon-bell:before{content:"\e123"}.glyphicon-certificate:before{content:"\e124"}.glyphicon-thumbs-up:before{content:"\e125"}.glyphicon-thumbs-down:before{content:"\e126"}.glyphicon-hand-right:before{content:"\e127"}.glyphicon-hand-left:before{content:"\e128"}.glyphicon-hand-up:before{content:"\e129"}.glyphicon-hand-down:before{content:"\e130"}.glyphicon-circle-arrow-right:before{content:"\e131"}.glyphicon-circle-arrow-left:before{content:"\e132"}.glyphicon-circle-arrow-up:before{content:"\e133"}.glyphicon-circle-arrow-down:before{content:"\e134"}.glyphicon-globe:before{content:"\e135"}.glyphicon-wrench:before{content:"\e136"}.glyphicon-tasks:before{content:"\e137"}.glyphicon-filter:before{content:"\e138"}.glyphicon-briefcase:before{content:"\e139"}.glyphicon-fullscreen:before{content:"\e140"}.glyphicon-dashboard:before{content:"\e141"}.glyphicon-paperclip:before{content:"\e142"}.glyphicon-heart-empty:before{content:"\e143"}.glyphicon-link:before{content:"\e144"}.glyphicon-phone:before{content:"\e145"}.glyphicon-pushpin:before{content:"\e146"}.glyphicon-usd:before{content:"\e148"}.glyphicon-gbp:before{content:"\e149"}.glyphicon-sort:before{content:"\e150"}.glyphicon-sort-by-alphabet:before{content:"\e151"}.glyphicon-sort-by-alphabet-alt:before{content:"\e152"}.glyphicon-sort-by-order:before{content:"\e153"}.glyphicon-sort-by-order-alt:before{content:"\e154"}.glyphicon-sort-by-attributes:before{content:"\e155"}.glyphicon-sort-by-attributes-alt:before{content:"\e156"}.glyphicon-unchecked:before{content:"\e157"}.glyphicon-expand:before{content:"\e158"}.glyphicon-collapse-down:before{content:"\e159"}.glyphicon-collapse-up:before{content:"\e160"}.glyphicon-log-in:before{content:"\e161"}.glyphicon-flash:before{content:"\e162"}.glyphicon-log-out:before{content:"\e163"}.glyphicon-new-window:before{content:"\e164"}.glyphicon-record:before{content:"\e165"}.glyphicon-save:before{content:"\e166"}.glyphicon-open:before{content:"\e167"}.glyphicon-saved:before{content:"\e168"}.glyphicon-import:before{content:"\e169"}.glyphicon-export:before{content:"\e170"}.glyphicon-send:before{content:"\e171"}.glyphicon-floppy-disk:before{content:"\e172"}.glyphicon-floppy-saved:before{content:"\e173"}.glyphicon-floppy-remove:before{content:"\e174"}.glyphicon-floppy-save:before{content:"\e175"}.glyphicon-floppy-open:before{content:"\e176"}.glyphicon-credit-card:before{content:"\e177"}.glyphicon-transfer:before{content:"\e178"}.glyphicon-cutlery:before{content:"\e179"}.glyphicon-header:before{content:"\e180"}.glyphicon-compressed:before{content:"\e181"}.glyphicon-earphone:before{content:"\e182"}.glyphicon-phone-alt:before{content:"\e183"}.glyphicon-tower:before{content:"\e184"}.glyphicon-stats:before{content:"\e185"}.glyphicon-sd-video:before{content:"\e186"}.glyphicon-hd-video:before{content:"\e187"}.glyphicon-subtitles:before{content:"\e188"}.glyphicon-sound-stereo:before{content:"\e189"}.glyphicon-sound-dolby:before{content:"\e190"}.glyphicon-sound-5-1:before{content:"\e191"}.glyphicon-sound-6-1:before{content:"\e192"}.glyphicon-sound-7-1:before{content:"\e193"}.glyphicon-copyright-mark:before{content:"\e194"}.glyphicon-registration-mark:before{content:"\e195"}.glyphicon-cloud-download:before{content:"\e197"}.glyphicon-cloud-upload:before{content:"\e198"}.glyphicon-tree-conifer:before{content:"\e199"}.glyphicon-tree-deciduous:before{content:"\e200"}.caret{display:inline-block;width:0;height:0;margin-left:2px;vertical-align:middle;border-top:4px solid #000;border-right:4px solid transparent;border-bottom:0 dotted;border-left:4px solid transparent}.dropdown{position:relative}.dropdown-toggle:focus{outline:0}.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;display:none;float:left;min-width:160px;padding:5px 0;margin:2px 0 0;font-size:14px;list-style:none;background-color:#fff;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.15);border-radius:4px;-webkit-box-shadow:0 6px 12px rgba(0,0,0,0.175);box-shadow:0 6px 12px rgba(0,0,0,0.175);background-clip:padding-box}.dropdown-menu.pull-right{right:0;left:auto}.dropdown-menu .divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.dropdown-menu>li>a{display:block;padding:3px 20px;clear:both;font-weight:normal;line-height:1.428571429;color:#333;white-space:nowrap}.dropdown-menu>li>a:hover,.dropdown-menu>li>a:focus{color:#262626;text-decoration:none;background-color:#f5f5f5}.dropdown-menu>.active>a,.dropdown-menu>.active>a:hover,.dropdown-menu>.active>a:focus{color:#fff;text-decoration:none;background-color:#428bca;outline:0}.dropdown-menu>.disabled>a,.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{color:#999}.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{text-decoration:none;cursor:not-allowed;background-color:transparent;background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.open>.dropdown-menu{display:block}.open>a{outline:0}.dropdown-header{display:block;padding:3px 20px;font-size:12px;line-height:1.428571429;color:#999}.dropdown-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:990}.pull-right>.dropdown-menu{right:0;left:auto}.dropup .caret,.navbar-fixed-bottom .dropdown .caret{border-top:0 dotted;border-bottom:4px solid #000;content:""}.dropup .dropdown-menu,.navbar-fixed-bottom .dropdown .dropdown-menu{top:auto;bottom:100%;margin-bottom:1px}@media(min-width:768px){.navbar-right .dropdown-menu{right:0;left:auto}}.btn-default .caret{border-top-color:#333}.btn-primary .caret,.btn-success .caret,.btn-warning .caret,.btn-danger .caret,.btn-info .caret{border-top-color:#fff}.dropup .btn-default .caret{border-bottom-color:#333}.dropup .btn-primary .caret,.dropup .btn-success .caret,.dropup .btn-warning .caret,.dropup .btn-danger .caret,.dropup .btn-info .caret{border-bottom-color:#fff}.btn-group,.btn-group-vertical{position:relative;display:inline-block;vertical-align:middle}.btn-group>.btn,.btn-group-vertical>.btn{position:relative;float:left}.btn-group>.btn:hover,.btn-group-vertical>.btn:hover,.btn-group>.btn:focus,.btn-group-vertical>.btn:focus,.btn-group>.btn:active,.btn-group-vertical>.btn:active,.btn-group>.btn.active,.btn-group-vertical>.btn.active{z-index:2}.btn-group>.btn:focus,.btn-group-vertical>.btn:focus{outline:0}.btn-group .btn+.btn,.btn-group .btn+.btn-group,.btn-group .btn-group+.btn,.btn-group .btn-group+.btn-group{margin-left:-1px}.btn-toolbar:before,.btn-toolbar:after{display:table;content:" "}.btn-toolbar:after{clear:both}.btn-toolbar:before,.btn-toolbar:after{display:table;content:" "}.btn-toolbar:after{clear:both}.btn-toolbar .btn-group{float:left}.btn-toolbar>.btn+.btn,.btn-toolbar>.btn-group+.btn,.btn-toolbar>.btn+.btn-group,.btn-toolbar>.btn-group+.btn-group{margin-left:5px}.btn-group>.btn:not(:first-child):not(:last-child):not(.dropdown-toggle){border-radius:0}.btn-group>.btn:first-child{margin-left:0}.btn-group>.btn:first-child:not(:last-child):not(.dropdown-toggle){border-top-right-radius:0;border-bottom-right-radius:0}.btn-group>.btn:last-child:not(:first-child),.btn-group>.dropdown-toggle:not(:first-child){border-bottom-left-radius:0;border-top-left-radius:0}.btn-group>.btn-group{float:left}.btn-group>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group>.btn-group:first-child>.btn:last-child,.btn-group>.btn-group:first-child>.dropdown-toggle{border-top-right-radius:0;border-bottom-right-radius:0}.btn-group>.btn-group:last-child>.btn:first-child{border-bottom-left-radius:0;border-top-left-radius:0}.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle{outline:0}.btn-group-xs>.btn{padding:5px 10px;padding:1px 5px;font-size:12px;line-height:1.5;border-radius:3px}.btn-group-sm>.btn{padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.btn-group-lg>.btn{padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}.btn-group>.btn+.dropdown-toggle{padding-right:8px;padding-left:8px}.btn-group>.btn-lg+.dropdown-toggle{padding-right:12px;padding-left:12px}.btn-group.open .dropdown-toggle{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn-group.open .dropdown-toggle.btn-link{-webkit-box-shadow:none;box-shadow:none}.btn .caret{margin-left:0}.btn-lg .caret{border-width:5px 5px 0;border-bottom-width:0}.dropup .btn-lg .caret{border-width:0 5px 5px}.btn-group-vertical>.btn,.btn-group-vertical>.btn-group{display:block;float:none;width:100%;max-width:100%}.btn-group-vertical>.btn-group:before,.btn-group-vertical>.btn-group:after{display:table;content:" "}.btn-group-vertical>.btn-group:after{clear:both}.btn-group-vertical>.btn-group:before,.btn-group-vertical>.btn-group:after{display:table;content:" "}.btn-group-vertical>.btn-group:after{clear:both}.btn-group-vertical>.btn-group>.btn{float:none}.btn-group-vertical>.btn+.btn,.btn-group-vertical>.btn+.btn-group,.btn-group-vertical>.btn-group+.btn,.btn-group-vertical>.btn-group+.btn-group{margin-top:-1px;margin-left:0}.btn-group-vertical>.btn:not(:first-child):not(:last-child){border-radius:0}.btn-group-vertical>.btn:first-child:not(:last-child){border-top-right-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn:last-child:not(:first-child){border-top-right-radius:0;border-bottom-left-radius:4px;border-top-left-radius:0}.btn-group-vertical>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group-vertical>.btn-group:first-child>.btn:last-child,.btn-group-vertical>.btn-group:first-child>.dropdown-toggle{border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn-group:last-child>.btn:first-child{border-top-right-radius:0;border-top-left-radius:0}.btn-group-justified{display:table;width:100%;border-collapse:separate;table-layout:fixed}.btn-group-justified .btn{display:table-cell;float:none;width:1%}[data-toggle="buttons"]>.btn>input[type="radio"],[data-toggle="buttons"]>.btn>input[type="checkbox"]{display:none}.input-group{position:relative;display:table;border-collapse:separate}.input-group.col{float:none;padding-right:0;padding-left:0}.input-group .form-control{width:100%;margin-bottom:0}.input-group-lg>.form-control,.input-group-lg>.input-group-addon,.input-group-lg>.input-group-btn>.btn{height:45px;padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}select.input-group-lg>.form-control,select.input-group-lg>.input-group-addon,select.input-group-lg>.input-group-btn>.btn{height:45px;line-height:45px}textarea.input-group-lg>.form-control,textarea.input-group-lg>.input-group-addon,textarea.input-group-lg>.input-group-btn>.btn{height:auto}.input-group-sm>.form-control,.input-group-sm>.input-group-addon,.input-group-sm>.input-group-btn>.btn{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-group-sm>.form-control,select.input-group-sm>.input-group-addon,select.input-group-sm>.input-group-btn>.btn{height:30px;line-height:30px}textarea.input-group-sm>.form-control,textarea.input-group-sm>.input-group-addon,textarea.input-group-sm>.input-group-btn>.btn{height:auto}.input-group-addon,.input-group-btn,.input-group .form-control{display:table-cell}.input-group-addon:not(:first-child):not(:last-child),.input-group-btn:not(:first-child):not(:last-child),.input-group .form-control:not(:first-child):not(:last-child){border-radius:0}.input-group-addon,.input-group-btn{width:1%;white-space:nowrap;vertical-align:middle}.input-group-addon{padding:6px 12px;font-size:14px;font-weight:normal;line-height:1;color:#555;text-align:center;background-color:#eee;border:1px solid #ccc;border-radius:4px}.input-group-addon.input-sm{padding:5px 10px;font-size:12px;border-radius:3px}.input-group-addon.input-lg{padding:10px 16px;font-size:18px;border-radius:6px}.input-group-addon input[type="radio"],.input-group-addon input[type="checkbox"]{margin-top:0}.input-group .form-control:first-child,.input-group-addon:first-child,.input-group-btn:first-child>.btn,.input-group-btn:first-child>.dropdown-toggle,.input-group-btn:last-child>.btn:not(:last-child):not(.dropdown-toggle){border-top-right-radius:0;border-bottom-right-radius:0}.input-group-addon:first-child{border-right:0}.input-group .form-control:last-child,.input-group-addon:last-child,.input-group-btn:last-child>.btn,.input-group-btn:last-child>.dropdown-toggle,.input-group-btn:first-child>.btn:not(:first-child){border-bottom-left-radius:0;border-top-left-radius:0}.input-group-addon:last-child{border-left:0}.input-group-btn{position:relative;white-space:nowrap}.input-group-btn:first-child>.btn{margin-right:-1px}.input-group-btn:last-child>.btn{margin-left:-1px}.input-group-btn>.btn{position:relative}.input-group-btn>.btn+.btn{margin-left:-4px}.input-group-btn>.btn:hover,.input-group-btn>.btn:active{z-index:2}.nav{padding-left:0;margin-bottom:0;list-style:none}.nav:before,.nav:after{display:table;content:" "}.nav:after{clear:both}.nav:before,.nav:after{display:table;content:" "}.nav:after{clear:both}.nav>li{position:relative;display:block}.nav>li>a{position:relative;display:block;padding:10px 15px}.nav>li>a:hover,.nav>li>a:focus{text-decoration:none;background-color:#eee}.nav>li.disabled>a{color:#999}.nav>li.disabled>a:hover,.nav>li.disabled>a:focus{color:#999;text-decoration:none;cursor:not-allowed;background-color:transparent}.nav .open>a,.nav .open>a:hover,.nav .open>a:focus{background-color:#eee;border-color:#428bca}.nav .open>a .caret,.nav .open>a:hover .caret,.nav .open>a:focus .caret{border-top-color:#2a6496;border-bottom-color:#2a6496}.nav .nav-divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.nav>li>a>img{max-width:none}.nav-tabs{border-bottom:1px solid #ddd}.nav-tabs>li{float:left;margin-bottom:-1px}.nav-tabs>li>a{margin-right:2px;line-height:1.428571429;border:1px solid transparent;border-radius:4px 4px 0 0}.nav-tabs>li>a:hover{border-color:#eee #eee #ddd}.nav-tabs>li.active>a,.nav-tabs>li.active>a:hover,.nav-tabs>li.active>a:focus{color:#555;cursor:default;background-color:#fff;border:1px solid #ddd;border-bottom-color:transparent}.nav-tabs.nav-justified{width:100%;border-bottom:0}.nav-tabs.nav-justified>li{float:none}.nav-tabs.nav-justified>li>a{margin-bottom:5px;text-align:center}.nav-tabs.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media(min-width:768px){.nav-tabs.nav-justified>li{display:table-cell;width:1%}.nav-tabs.nav-justified>li>a{margin-bottom:0}}.nav-tabs.nav-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:hover,.nav-tabs.nav-justified>.active>a:focus{border:1px solid #ddd}@media(min-width:768px){.nav-tabs.nav-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:hover,.nav-tabs.nav-justified>.active>a:focus{border-bottom-color:#fff}}.nav-pills>li{float:left}.nav-pills>li>a{border-radius:4px}.nav-pills>li+li{margin-left:2px}.nav-pills>li.active>a,.nav-pills>li.active>a:hover,.nav-pills>li.active>a:focus{color:#fff;background-color:#428bca}.nav-pills>li.active>a .caret,.nav-pills>li.active>a:hover .caret,.nav-pills>li.active>a:focus .caret{border-top-color:#fff;border-bottom-color:#fff}.nav-stacked>li{float:none}.nav-stacked>li+li{margin-top:2px;margin-left:0}.nav-justified{width:100%}.nav-justified>li{float:none}.nav-justified>li>a{margin-bottom:5px;text-align:center}.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media(min-width:768px){.nav-justified>li{display:table-cell;width:1%}.nav-justified>li>a{margin-bottom:0}}.nav-tabs-justified{border-bottom:0}.nav-tabs-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:hover,.nav-tabs-justified>.active>a:focus{border:1px solid #ddd}@media(min-width:768px){.nav-tabs-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:hover,.nav-tabs-justified>.active>a:focus{border-bottom-color:#fff}}.tab-content>.tab-pane{display:none}.tab-content>.active{display:block}.nav .caret{border-top-color:#428bca;border-bottom-color:#428bca}.nav a:hover .caret{border-top-color:#2a6496;border-bottom-color:#2a6496}.nav-tabs .dropdown-menu{margin-top:-1px;border-top-right-radius:0;border-top-left-radius:0}.navbar{position:relative;min-height:50px;margin-bottom:20px;border:1px solid transparent}.navbar:before,.navbar:after{display:table;content:" "}.navbar:after{clear:both}.navbar:before,.navbar:after{display:table;content:" "}.navbar:after{clear:both}@media(min-width:768px){.navbar{border-radius:4px}}.navbar-header:before,.navbar-header:after{display:table;content:" "}.navbar-header:after{clear:both}.navbar-header:before,.navbar-header:after{display:table;content:" "}.navbar-header:after{clear:both}@media(min-width:768px){.navbar-header{float:left}}.navbar-collapse{max-height:340px;padding-right:15px;padding-left:15px;overflow-x:visible;border-top:1px solid transparent;box-shadow:inset 0 1px 0 rgba(255,255,255,0.1);-webkit-overflow-scrolling:touch}.navbar-collapse:before,.navbar-collapse:after{display:table;content:" "}.navbar-collapse:after{clear:both}.navbar-collapse:before,.navbar-collapse:after{display:table;content:" "}.navbar-collapse:after{clear:both}.navbar-collapse.in{overflow-y:auto}@media(min-width:768px){.navbar-collapse{width:auto;border-top:0;box-shadow:none}.navbar-collapse.collapse{display:block !important;height:auto !important;padding-bottom:0;overflow:visible !important}.navbar-collapse.in{overflow-y:auto}.navbar-collapse .navbar-nav.navbar-left:first-child{margin-left:-15px}.navbar-collapse .navbar-nav.navbar-right:last-child{margin-right:-15px}.navbar-collapse .navbar-text:last-child{margin-right:0}}.container>.navbar-header,.container>.navbar-collapse{margin-right:-15px;margin-left:-15px}@media(min-width:768px){.container>.navbar-header,.container>.navbar-collapse{margin-right:0;margin-left:0}}.navbar-static-top{z-index:1000;border-width:0 0 1px}@media(min-width:768px){.navbar-static-top{border-radius:0}}.navbar-fixed-top,.navbar-fixed-bottom{position:fixed;right:0;left:0;z-index:1030}@media(min-width:768px){.navbar-fixed-top,.navbar-fixed-bottom{border-radius:0}}.navbar-fixed-top{top:0;border-width:0 0 1px}.navbar-fixed-bottom{bottom:0;margin-bottom:0;border-width:1px 0 0}.navbar-brand{float:left;padding:15px 15px;font-size:18px;line-height:20px}.navbar-brand:hover,.navbar-brand:focus{text-decoration:none}@media(min-width:768px){.navbar>.container .navbar-brand{margin-left:-15px}}.navbar-toggle{position:relative;float:right;padding:9px 10px;margin-top:8px;margin-right:15px;margin-bottom:8px;background-color:transparent;border:1px solid transparent;border-radius:4px}.navbar-toggle .icon-bar{display:block;width:22px;height:2px;border-radius:1px}.navbar-toggle .icon-bar+.icon-bar{margin-top:4px}@media(min-width:768px){.navbar-toggle{display:none}}.navbar-nav{margin:7.5px -15px}.navbar-nav>li>a{padding-top:10px;padding-bottom:10px;line-height:20px}@media(max-width:767px){.navbar-nav .open .dropdown-menu{position:static;float:none;width:auto;margin-top:0;background-color:transparent;border:0;box-shadow:none}.navbar-nav .open .dropdown-menu>li>a,.navbar-nav .open .dropdown-menu .dropdown-header{padding:5px 15px 5px 25px}.navbar-nav .open .dropdown-menu>li>a{line-height:20px}.navbar-nav .open .dropdown-menu>li>a:hover,.navbar-nav .open .dropdown-menu>li>a:focus{background-image:none}}@media(min-width:768px){.navbar-nav{float:left;margin:0}.navbar-nav>li{float:left}.navbar-nav>li>a{padding-top:15px;padding-bottom:15px}}@media(min-width:768px){.navbar-left{float:left !important}.navbar-right{float:right !important}}.navbar-form{padding:10px 15px;margin-top:8px;margin-right:-15px;margin-bottom:8px;margin-left:-15px;border-top:1px solid transparent;border-bottom:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.1);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.1)}@media(min-width:768px){.navbar-form .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.navbar-form .form-control{display:inline-block}.navbar-form .radio,.navbar-form .checkbox{display:inline-block;padding-left:0;margin-top:0;margin-bottom:0}.navbar-form .radio input[type="radio"],.navbar-form .checkbox input[type="checkbox"]{float:none;margin-left:0}}@media(max-width:767px){.navbar-form .form-group{margin-bottom:5px}}@media(min-width:768px){.navbar-form{width:auto;padding-top:0;padding-bottom:0;margin-right:0;margin-left:0;border:0;-webkit-box-shadow:none;box-shadow:none}}.navbar-nav>li>.dropdown-menu{margin-top:0;border-top-right-radius:0;border-top-left-radius:0}.navbar-fixed-bottom .navbar-nav>li>.dropdown-menu{border-bottom-right-radius:0;border-bottom-left-radius:0}.navbar-nav.pull-right>li>.dropdown-menu,.navbar-nav>li>.dropdown-menu.pull-right{right:0;left:auto}.navbar-btn{margin-top:8px;margin-bottom:8px}.navbar-text{float:left;margin-top:15px;margin-bottom:15px}@media(min-width:768px){.navbar-text{margin-right:15px;margin-left:15px}}.navbar-default{background-color:#f8f8f8;border-color:#e7e7e7}.navbar-default .navbar-brand{color:#777}.navbar-default .navbar-brand:hover,.navbar-default .navbar-brand:focus{color:#5e5e5e;background-color:transparent}.navbar-default .navbar-text{color:#777}.navbar-default .navbar-nav>li>a{color:#777}.navbar-default .navbar-nav>li>a:hover,.navbar-default .navbar-nav>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav>.active>a,.navbar-default .navbar-nav>.active>a:hover,.navbar-default .navbar-nav>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav>.disabled>a,.navbar-default .navbar-nav>.disabled>a:hover,.navbar-default .navbar-nav>.disabled>a:focus{color:#ccc;background-color:transparent}.navbar-default .navbar-toggle{border-color:#ddd}.navbar-default .navbar-toggle:hover,.navbar-default .navbar-toggle:focus{background-color:#ddd}.navbar-default .navbar-toggle .icon-bar{background-color:#ccc}.navbar-default .navbar-collapse,.navbar-default .navbar-form{border-color:#e7e7e7}.navbar-default .navbar-nav>.dropdown>a:hover .caret,.navbar-default .navbar-nav>.dropdown>a:focus .caret{border-top-color:#333;border-bottom-color:#333}.navbar-default .navbar-nav>.open>a,.navbar-default .navbar-nav>.open>a:hover,.navbar-default .navbar-nav>.open>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav>.open>a .caret,.navbar-default .navbar-nav>.open>a:hover .caret,.navbar-default .navbar-nav>.open>a:focus .caret{border-top-color:#555;border-bottom-color:#555}.navbar-default .navbar-nav>.dropdown>a .caret{border-top-color:#777;border-bottom-color:#777}@media(max-width:767px){.navbar-default .navbar-nav .open .dropdown-menu>li>a{color:#777}.navbar-default .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav .open .dropdown-menu>.active>a,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#ccc;background-color:transparent}}.navbar-default .navbar-link{color:#777}.navbar-default .navbar-link:hover{color:#333}.navbar-inverse{background-color:#222;border-color:#080808}.navbar-inverse .navbar-brand{color:#999}.navbar-inverse .navbar-brand:hover,.navbar-inverse .navbar-brand:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-text{color:#999}.navbar-inverse .navbar-nav>li>a{color:#999}.navbar-inverse .navbar-nav>li>a:hover,.navbar-inverse .navbar-nav>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav>.active>a,.navbar-inverse .navbar-nav>.active>a:hover,.navbar-inverse .navbar-nav>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav>.disabled>a,.navbar-inverse .navbar-nav>.disabled>a:hover,.navbar-inverse .navbar-nav>.disabled>a:focus{color:#444;background-color:transparent}.navbar-inverse .navbar-toggle{border-color:#333}.navbar-inverse .navbar-toggle:hover,.navbar-inverse .navbar-toggle:focus{background-color:#333}.navbar-inverse .navbar-toggle .icon-bar{background-color:#fff}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#101010}.navbar-inverse .navbar-nav>.open>a,.navbar-inverse .navbar-nav>.open>a:hover,.navbar-inverse .navbar-nav>.open>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav>.dropdown>a:hover .caret{border-top-color:#fff;border-bottom-color:#fff}.navbar-inverse .navbar-nav>.dropdown>a .caret{border-top-color:#999;border-bottom-color:#999}.navbar-inverse .navbar-nav>.open>a .caret,.navbar-inverse .navbar-nav>.open>a:hover .caret,.navbar-inverse .navbar-nav>.open>a:focus .caret{border-top-color:#fff;border-bottom-color:#fff}@media(max-width:767px){.navbar-inverse .navbar-nav .open .dropdown-menu>.dropdown-header{border-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a{color:#999}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#444;background-color:transparent}}.navbar-inverse .navbar-link{color:#999}.navbar-inverse .navbar-link:hover{color:#fff}.breadcrumb{padding:8px 15px;margin-bottom:20px;list-style:none;background-color:#f5f5f5;border-radius:4px}.breadcrumb>li{display:inline-block}.breadcrumb>li+li:before{padding:0 5px;color:#ccc;content:"/\00a0"}.breadcrumb>.active{color:#999}.pagination{display:inline-block;padding-left:0;margin:20px 0;border-radius:4px}.pagination>li{display:inline}.pagination>li>a,.pagination>li>span{position:relative;float:left;padding:6px 12px;margin-left:-1px;line-height:1.428571429;text-decoration:none;background-color:#fff;border:1px solid #ddd}.pagination>li:first-child>a,.pagination>li:first-child>span{margin-left:0;border-bottom-left-radius:4px;border-top-left-radius:4px}.pagination>li:last-child>a,.pagination>li:last-child>span{border-top-right-radius:4px;border-bottom-right-radius:4px}.pagination>li>a:hover,.pagination>li>span:hover,.pagination>li>a:focus,.pagination>li>span:focus{background-color:#eee}.pagination>.active>a,.pagination>.active>span,.pagination>.active>a:hover,.pagination>.active>span:hover,.pagination>.active>a:focus,.pagination>.active>span:focus{z-index:2;color:#fff;cursor:default;background-color:#428bca;border-color:#428bca}.pagination>.disabled>span,.pagination>.disabled>span:hover,.pagination>.disabled>span:focus,.pagination>.disabled>a,.pagination>.disabled>a:hover,.pagination>.disabled>a:focus{color:#999;cursor:not-allowed;background-color:#fff;border-color:#ddd}.pagination-lg>li>a,.pagination-lg>li>span{padding:10px 16px;font-size:18px}.pagination-lg>li:first-child>a,.pagination-lg>li:first-child>span{border-bottom-left-radius:6px;border-top-left-radius:6px}.pagination-lg>li:last-child>a,.pagination-lg>li:last-child>span{border-top-right-radius:6px;border-bottom-right-radius:6px}.pagination-sm>li>a,.pagination-sm>li>span{padding:5px 10px;font-size:12px}.pagination-sm>li:first-child>a,.pagination-sm>li:first-child>span{border-bottom-left-radius:3px;border-top-left-radius:3px}.pagination-sm>li:last-child>a,.pagination-sm>li:last-child>span{border-top-right-radius:3px;border-bottom-right-radius:3px}.pager{padding-left:0;margin:20px 0;text-align:center;list-style:none}.pager:before,.pager:after{display:table;content:" "}.pager:after{clear:both}.pager:before,.pager:after{display:table;content:" "}.pager:after{clear:both}.pager li{display:inline}.pager li>a,.pager li>span{display:inline-block;padding:5px 14px;background-color:#fff;border:1px solid #ddd;border-radius:15px}.pager li>a:hover,.pager li>a:focus{text-decoration:none;background-color:#eee}.pager .next>a,.pager .next>span{float:right}.pager .previous>a,.pager .previous>span{float:left}.pager .disabled>a,.pager .disabled>a:hover,.pager .disabled>a:focus,.pager .disabled>span{color:#999;cursor:not-allowed;background-color:#fff}.label{display:inline;padding:.2em .6em .3em;font-size:75%;font-weight:bold;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:baseline;border-radius:.25em}.label[href]:hover,.label[href]:focus{color:#fff;text-decoration:none;cursor:pointer}.label:empty{display:none}.label-default{background-color:#999}.label-default[href]:hover,.label-default[href]:focus{background-color:gray}.label-primary{background-color:#428bca}.label-primary[href]:hover,.label-primary[href]:focus{background-color:#3071a9}.label-success{background-color:#5cb85c}.label-success[href]:hover,.label-success[href]:focus{background-color:#449d44}.label-info{background-color:#5bc0de}.label-info[href]:hover,.label-info[href]:focus{background-color:#31b0d5}.label-warning{background-color:#f0ad4e}.label-warning[href]:hover,.label-warning[href]:focus{background-color:#ec971f}.label-danger{background-color:#d9534f}.label-danger[href]:hover,.label-danger[href]:focus{background-color:#c9302c}.badge{display:inline-block;min-width:10px;padding:3px 7px;font-size:12px;font-weight:bold;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:baseline;background-color:#999;border-radius:10px}.badge:empty{display:none}a.badge:hover,a.badge:focus{color:#fff;text-decoration:none;cursor:pointer}.btn .badge{position:relative;top:-1px}a.list-group-item.active>.badge,.nav-pills>.active>a>.badge{color:#428bca;background-color:#fff}.nav-pills>li>a>.badge{margin-left:3px}.jumbotron{padding:30px;margin-bottom:30px;font-size:21px;font-weight:200;line-height:2.1428571435;color:inherit;background-color:#eee}.jumbotron h1{line-height:1;color:inherit}.jumbotron p{line-height:1.4}.container .jumbotron{border-radius:6px}@media screen and (min-width:768px){.jumbotron{padding-top:48px;padding-bottom:48px}.container .jumbotron{padding-right:60px;padding-left:60px}.jumbotron h1{font-size:63px}}.thumbnail{display:inline-block;display:block;height:auto;max-width:100%;padding:4px;margin-bottom:20px;line-height:1.428571429;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:all .2s ease-in-out;transition:all .2s ease-in-out}.thumbnail>img{display:block;height:auto;max-width:100%;margin-right:auto;margin-left:auto}a.thumbnail:hover,a.thumbnail:focus,a.thumbnail.active{border-color:#428bca}.thumbnail .caption{padding:9px;color:#333}.alert{padding:15px;margin-bottom:20px;border:1px solid transparent;border-radius:4px}.alert h4{margin-top:0;color:inherit}.alert .alert-link{font-weight:bold}.alert>p,.alert>ul{margin-bottom:0}.alert>p+p{margin-top:5px}.alert-dismissable{padding-right:35px}.alert-dismissable .close{position:relative;top:-2px;right:-21px;color:inherit}.alert-success{color:#468847;background-color:#dff0d8;border-color:#d6e9c6}.alert-success hr{border-top-color:#c9e2b3}.alert-success .alert-link{color:#356635}.alert-info{color:#3a87ad;background-color:#d9edf7;border-color:#bce8f1}.alert-info hr{border-top-color:#a6e1ec}.alert-info .alert-link{color:#2d6987}.alert-warning{color:#c09853;background-color:#fcf8e3;border-color:#faebcc}.alert-warning hr{border-top-color:#f7e1b5}.alert-warning .alert-link{color:#a47e3c}.alert-danger{color:#b94a48;background-color:#f2dede;border-color:#ebccd1}.alert-danger hr{border-top-color:#e4b9c0}.alert-danger .alert-link{color:#953b39}@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-moz-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-o-keyframes progress-bar-stripes{from{background-position:0 0}to{background-position:40px 0}}@keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}.progress{height:20px;margin-bottom:20px;overflow:hidden;background-color:#f5f5f5;border-radius:4px;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1);box-shadow:inset 0 1px 2px rgba(0,0,0,0.1)}.progress-bar{float:left;width:0;height:100%;font-size:12px;line-height:20px;color:#fff;text-align:center;background-color:#428bca;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);-webkit-transition:width .6s ease;transition:width .6s ease}.progress-striped .progress-bar{background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-size:40px 40px}.progress.active .progress-bar{-webkit-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-bar-success{background-color:#5cb85c}.progress-striped .progress-bar-success{background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-bar-info{background-color:#5bc0de}.progress-striped .progress-bar-info{background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-bar-warning{background-color:#f0ad4e}.progress-striped .progress-bar-warning{background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-bar-danger{background-color:#d9534f}.progress-striped .progress-bar-danger{background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.media,.media-body{overflow:hidden;zoom:1}.media,.media .media{margin-top:15px}.media:first-child{margin-top:0}.media-object{display:block}.media-heading{margin:0 0 5px}.media>.pull-left{margin-right:10px}.media>.pull-right{margin-left:10px}.media-list{padding-left:0;list-style:none}.list-group{padding-left:0;margin-bottom:20px}.list-group-item{position:relative;display:block;padding:10px 15px;margin-bottom:-1px;background-color:#fff;border:1px solid #ddd}.list-group-item:first-child{border-top-right-radius:4px;border-top-left-radius:4px}.list-group-item:last-child{margin-bottom:0;border-bottom-right-radius:4px;border-bottom-left-radius:4px}.list-group-item>.badge{float:right}.list-group-item>.badge+.badge{margin-right:5px}a.list-group-item{color:#555}a.list-group-item .list-group-item-heading{color:#333}a.list-group-item:hover,a.list-group-item:focus{text-decoration:none;background-color:#f5f5f5}a.list-group-item.active,a.list-group-item.active:hover,a.list-group-item.active:focus{z-index:2;color:#fff;background-color:#428bca;border-color:#428bca}a.list-group-item.active .list-group-item-heading,a.list-group-item.active:hover .list-group-item-heading,a.list-group-item.active:focus .list-group-item-heading{color:inherit}a.list-group-item.active .list-group-item-text,a.list-group-item.active:hover .list-group-item-text,a.list-group-item.active:focus .list-group-item-text{color:#e1edf7}.list-group-item-heading{margin-top:0;margin-bottom:5px}.list-group-item-text{margin-bottom:0;line-height:1.3}.panel{margin-bottom:20px;background-color:#fff;border:1px solid transparent;border-radius:4px;-webkit-box-shadow:0 1px 1px rgba(0,0,0,0.05);box-shadow:0 1px 1px rgba(0,0,0,0.05)}.panel-body{padding:15px}.panel-body:before,.panel-body:after{display:table;content:" "}.panel-body:after{clear:both}.panel-body:before,.panel-body:after{display:table;content:" "}.panel-body:after{clear:both}.panel>.list-group{margin-bottom:0}.panel>.list-group .list-group-item{border-width:1px 0}.panel>.list-group .list-group-item:first-child{border-top-right-radius:0;border-top-left-radius:0}.panel>.list-group .list-group-item:last-child{border-bottom:0}.panel-heading+.list-group .list-group-item:first-child{border-top-width:0}.panel>.table,.panel>.table-responsive{margin-bottom:0}.panel>.panel-body+.table,.panel>.panel-body+.table-responsive{border-top:1px solid #ddd}.panel>.table-bordered,.panel>.table-responsive>.table-bordered{border:0}.panel>.table-bordered>thead>tr>th:first-child,.panel>.table-responsive>.table-bordered>thead>tr>th:first-child,.panel>.table-bordered>tbody>tr>th:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:first-child,.panel>.table-bordered>tfoot>tr>th:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:first-child,.panel>.table-bordered>thead>tr>td:first-child,.panel>.table-responsive>.table-bordered>thead>tr>td:first-child,.panel>.table-bordered>tbody>tr>td:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:first-child,.panel>.table-bordered>tfoot>tr>td:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.panel>.table-bordered>thead>tr>th:last-child,.panel>.table-responsive>.table-bordered>thead>tr>th:last-child,.panel>.table-bordered>tbody>tr>th:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:last-child,.panel>.table-bordered>tfoot>tr>th:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:last-child,.panel>.table-bordered>thead>tr>td:last-child,.panel>.table-responsive>.table-bordered>thead>tr>td:last-child,.panel>.table-bordered>tbody>tr>td:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:last-child,.panel>.table-bordered>tfoot>tr>td:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.panel>.table-bordered>thead>tr:last-child>th,.panel>.table-responsive>.table-bordered>thead>tr:last-child>th,.panel>.table-bordered>tbody>tr:last-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>th,.panel>.table-bordered>tfoot>tr:last-child>th,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>th,.panel>.table-bordered>thead>tr:last-child>td,.panel>.table-responsive>.table-bordered>thead>tr:last-child>td,.panel>.table-bordered>tbody>tr:last-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>td,.panel>.table-bordered>tfoot>tr:last-child>td,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>td{border-bottom:0}.panel-heading{padding:10px 15px;border-bottom:1px solid transparent;border-top-right-radius:3px;border-top-left-radius:3px}.panel-heading>.dropdown .dropdown-toggle{color:inherit}.panel-title{margin-top:0;margin-bottom:0;font-size:16px}.panel-title>a{color:inherit}.panel-footer{padding:10px 15px;background-color:#f5f5f5;border-top:1px solid #ddd;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel-group .panel{margin-bottom:0;overflow:hidden;border-radius:4px}.panel-group .panel+.panel{margin-top:5px}.panel-group .panel-heading{border-bottom:0}.panel-group .panel-heading+.panel-collapse .panel-body{border-top:1px solid #ddd}.panel-group .panel-footer{border-top:0}.panel-group .panel-footer+.panel-collapse .panel-body{border-bottom:1px solid #ddd}.panel-default{border-color:#ddd}.panel-default>.panel-heading{color:#333;background-color:#f5f5f5;border-color:#ddd}.panel-default>.panel-heading+.panel-collapse .panel-body{border-top-color:#ddd}.panel-default>.panel-heading>.dropdown .caret{border-color:#333 transparent}.panel-default>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#ddd}.panel-primary{border-color:#428bca}.panel-primary>.panel-heading{color:#fff;background-color:#428bca;border-color:#428bca}.panel-primary>.panel-heading+.panel-collapse .panel-body{border-top-color:#428bca}.panel-primary>.panel-heading>.dropdown .caret{border-color:#fff transparent}.panel-primary>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#428bca}.panel-success{border-color:#d6e9c6}.panel-success>.panel-heading{color:#468847;background-color:#dff0d8;border-color:#d6e9c6}.panel-success>.panel-heading+.panel-collapse .panel-body{border-top-color:#d6e9c6}.panel-success>.panel-heading>.dropdown .caret{border-color:#468847 transparent}.panel-success>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#d6e9c6}.panel-warning{border-color:#faebcc}.panel-warning>.panel-heading{color:#c09853;background-color:#fcf8e3;border-color:#faebcc}.panel-warning>.panel-heading+.panel-collapse .panel-body{border-top-color:#faebcc}.panel-warning>.panel-heading>.dropdown .caret{border-color:#c09853 transparent}.panel-warning>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#faebcc}.panel-danger{border-color:#ebccd1}.panel-danger>.panel-heading{color:#b94a48;background-color:#f2dede;border-color:#ebccd1}.panel-danger>.panel-heading+.panel-collapse .panel-body{border-top-color:#ebccd1}.panel-danger>.panel-heading>.dropdown .caret{border-color:#b94a48 transparent}.panel-danger>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#ebccd1}.panel-info{border-color:#bce8f1}.panel-info>.panel-heading{color:#3a87ad;background-color:#d9edf7;border-color:#bce8f1}.panel-info>.panel-heading+.panel-collapse .panel-body{border-top-color:#bce8f1}.panel-info>.panel-heading>.dropdown .caret{border-color:#3a87ad transparent}.panel-info>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#bce8f1}.well{min-height:20px;padding:19px;margin-bottom:20px;background-color:#f5f5f5;border:1px solid #e3e3e3;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.05);box-shadow:inset 0 1px 1px rgba(0,0,0,0.05)}.well blockquote{border-color:#ddd;border-color:rgba(0,0,0,0.15)}.well-lg{padding:24px;border-radius:6px}.well-sm{padding:9px;border-radius:3px}.close{float:right;font-size:21px;font-weight:bold;line-height:1;color:#000;text-shadow:0 1px 0 #fff;opacity:.2;filter:alpha(opacity=20)}.close:hover,.close:focus{color:#000;text-decoration:none;cursor:pointer;opacity:.5;filter:alpha(opacity=50)}button.close{padding:0;cursor:pointer;background:transparent;border:0;-webkit-appearance:none}.modal-open{overflow:hidden}.modal{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;display:none;overflow:auto;overflow-y:scroll}.modal.fade .modal-dialog{-webkit-transform:translate(0,-25%);-ms-transform:translate(0,-25%);transform:translate(0,-25%);-webkit-transition:-webkit-transform .3s ease-out;-moz-transition:-moz-transform .3s ease-out;-o-transition:-o-transform .3s ease-out;transition:transform .3s ease-out}.modal.in .modal-dialog{-webkit-transform:translate(0,0);-ms-transform:translate(0,0);transform:translate(0,0)}.modal-dialog{position:relative;z-index:1050;width:auto;padding:10px;margin-right:auto;margin-left:auto}.modal-content{position:relative;background-color:#fff;border:1px solid #999;border:1px solid rgba(0,0,0,0.2);border-radius:6px;outline:0;-webkit-box-shadow:0 3px 9px rgba(0,0,0,0.5);box-shadow:0 3px 9px rgba(0,0,0,0.5);background-clip:padding-box}.modal-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1030;background-color:#000}.modal-backdrop.fade{opacity:0;filter:alpha(opacity=0)}.modal-backdrop.in{opacity:.5;filter:alpha(opacity=50)}.modal-header{min-height:16.428571429px;padding:15px;border-bottom:1px solid #e5e5e5}.modal-header .close{margin-top:-2px}.modal-title{margin:0;line-height:1.428571429}.modal-body{position:relative;padding:20px}.modal-footer{padding:19px 20px 20px;margin-top:15px;text-align:right;border-top:1px solid #e5e5e5}.modal-footer:before,.modal-footer:after{display:table;content:" "}.modal-footer:after{clear:both}.modal-footer:before,.modal-footer:after{display:table;content:" "}.modal-footer:after{clear:both}.modal-footer .btn+.btn{margin-bottom:0;margin-left:5px}.modal-footer .btn-group .btn+.btn{margin-left:-1px}.modal-footer .btn-block+.btn-block{margin-left:0}@media screen and (min-width:768px){.modal-dialog{width:600px;padding-top:30px;padding-bottom:30px}.modal-content{-webkit-box-shadow:0 5px 15px rgba(0,0,0,0.5);box-shadow:0 5px 15px rgba(0,0,0,0.5)}}.tooltip{position:absolute;z-index:1030;display:block;font-size:12px;line-height:1.4;opacity:0;filter:alpha(opacity=0);visibility:visible}.tooltip.in{opacity:.9;filter:alpha(opacity=90)}.tooltip.top{padding:5px 0;margin-top:-3px}.tooltip.right{padding:0 5px;margin-left:3px}.tooltip.bottom{padding:5px 0;margin-top:3px}.tooltip.left{padding:0 5px;margin-left:-3px}.tooltip-inner{max-width:200px;padding:3px 8px;color:#fff;text-align:center;text-decoration:none;background-color:#000;border-radius:4px}.tooltip-arrow{position:absolute;width:0;height:0;border-color:transparent;border-style:solid}.tooltip.top .tooltip-arrow{bottom:0;left:50%;margin-left:-5px;border-top-color:#000;border-width:5px 5px 0}.tooltip.top-left .tooltip-arrow{bottom:0;left:5px;border-top-color:#000;border-width:5px 5px 0}.tooltip.top-right .tooltip-arrow{right:5px;bottom:0;border-top-color:#000;border-width:5px 5px 0}.tooltip.right .tooltip-arrow{top:50%;left:0;margin-top:-5px;border-right-color:#000;border-width:5px 5px 5px 0}.tooltip.left .tooltip-arrow{top:50%;right:0;margin-top:-5px;border-left-color:#000;border-width:5px 0 5px 5px}.tooltip.bottom .tooltip-arrow{top:0;left:50%;margin-left:-5px;border-bottom-color:#000;border-width:0 5px 5px}.tooltip.bottom-left .tooltip-arrow{top:0;left:5px;border-bottom-color:#000;border-width:0 5px 5px}.tooltip.bottom-right .tooltip-arrow{top:0;right:5px;border-bottom-color:#000;border-width:0 5px 5px}.popover{position:absolute;top:0;left:0;z-index:1010;display:none;max-width:276px;padding:1px;text-align:left;white-space:normal;background-color:#fff;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.2);border-radius:6px;-webkit-box-shadow:0 5px 10px rgba(0,0,0,0.2);box-shadow:0 5px 10px rgba(0,0,0,0.2);background-clip:padding-box}.popover.top{margin-top:-10px}.popover.right{margin-left:10px}.popover.bottom{margin-top:10px}.popover.left{margin-left:-10px}.popover-title{padding:8px 14px;margin:0;font-size:14px;font-weight:normal;line-height:18px;background-color:#f7f7f7;border-bottom:1px solid #ebebeb;border-radius:5px 5px 0 0}.popover-content{padding:9px 14px}.popover .arrow,.popover .arrow:after{position:absolute;display:block;width:0;height:0;border-color:transparent;border-style:solid}.popover .arrow{border-width:11px}.popover .arrow:after{border-width:10px;content:""}.popover.top .arrow{bottom:-11px;left:50%;margin-left:-11px;border-top-color:#999;border-top-color:rgba(0,0,0,0.25);border-bottom-width:0}.popover.top .arrow:after{bottom:1px;margin-left:-10px;border-top-color:#fff;border-bottom-width:0;content:" "}.popover.right .arrow{top:50%;left:-11px;margin-top:-11px;border-right-color:#999;border-right-color:rgba(0,0,0,0.25);border-left-width:0}.popover.right .arrow:after{bottom:-10px;left:1px;border-right-color:#fff;border-left-width:0;content:" "}.popover.bottom .arrow{top:-11px;left:50%;margin-left:-11px;border-bottom-color:#999;border-bottom-color:rgba(0,0,0,0.25);border-top-width:0}.popover.bottom .arrow:after{top:1px;margin-left:-10px;border-bottom-color:#fff;border-top-width:0;content:" "}.popover.left .arrow{top:50%;right:-11px;margin-top:-11px;border-left-color:#999;border-left-color:rgba(0,0,0,0.25);border-right-width:0}.popover.left .arrow:after{right:1px;bottom:-10px;border-left-color:#fff;border-right-width:0;content:" "}.carousel{position:relative}.carousel-inner{position:relative;width:100%;overflow:hidden}.carousel-inner>.item{position:relative;display:none;-webkit-transition:.6s ease-in-out left;transition:.6s ease-in-out left}.carousel-inner>.item>img,.carousel-inner>.item>a>img{display:block;height:auto;max-width:100%;line-height:1}.carousel-inner>.active,.carousel-inner>.next,.carousel-inner>.prev{display:block}.carousel-inner>.active{left:0}.carousel-inner>.next,.carousel-inner>.prev{position:absolute;top:0;width:100%}.carousel-inner>.next{left:100%}.carousel-inner>.prev{left:-100%}.carousel-inner>.next.left,.carousel-inner>.prev.right{left:0}.carousel-inner>.active.left{left:-100%}.carousel-inner>.active.right{left:100%}.carousel-control{position:absolute;top:0;bottom:0;left:0;width:15%;font-size:20px;color:#fff;text-align:center;text-shadow:0 1px 2px rgba(0,0,0,0.6);opacity:.5;filter:alpha(opacity=50)}.carousel-control.left{background-image:-webkit-gradient(linear,0 top,100% top,from(rgba(0,0,0,0.5)),to(rgba(0,0,0,0.0001)));background-image:-webkit-linear-gradient(left,color-stop(rgba(0,0,0,0.5) 0),color-stop(rgba(0,0,0,0.0001) 100%));background-image:-moz-linear-gradient(left,rgba(0,0,0,0.5) 0,rgba(0,0,0,0.0001) 100%);background-image:linear-gradient(to right,rgba(0,0,0,0.5) 0,rgba(0,0,0,0.0001) 100%);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#80000000',endColorstr='#00000000',GradientType=1)}.carousel-control.right{right:0;left:auto;background-image:-webkit-gradient(linear,0 top,100% top,from(rgba(0,0,0,0.0001)),to(rgba(0,0,0,0.5)));background-image:-webkit-linear-gradient(left,color-stop(rgba(0,0,0,0.0001) 0),color-stop(rgba(0,0,0,0.5) 100%));background-image:-moz-linear-gradient(left,rgba(0,0,0,0.0001) 0,rgba(0,0,0,0.5) 100%);background-image:linear-gradient(to right,rgba(0,0,0,0.0001) 0,rgba(0,0,0,0.5) 100%);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#00000000',endColorstr='#80000000',GradientType=1)}.carousel-control:hover,.carousel-control:focus{color:#fff;text-decoration:none;opacity:.9;filter:alpha(opacity=90)}.carousel-control .icon-prev,.carousel-control .icon-next,.carousel-control .glyphicon-chevron-left,.carousel-control .glyphicon-chevron-right{position:absolute;top:50%;z-index:5;display:inline-block}.carousel-control .icon-prev,.carousel-control .glyphicon-chevron-left{left:50%}.carousel-control .icon-next,.carousel-control .glyphicon-chevron-right{right:50%}.carousel-control .icon-prev,.carousel-control .icon-next{width:20px;height:20px;margin-top:-10px;margin-left:-10px;font-family:serif}.carousel-control .icon-prev:before{content:'\2039'}.carousel-control .icon-next:before{content:'\203a'}.carousel-indicators{position:absolute;bottom:10px;left:50%;z-index:15;width:60%;padding-left:0;margin-left:-30%;text-align:center;list-style:none}.carousel-indicators li{display:inline-block;width:10px;height:10px;margin:1px;text-indent:-999px;cursor:pointer;background-color:#000 \9;background-color:rgba(0,0,0,0);border:1px solid #fff;border-radius:10px}.carousel-indicators .active{width:12px;height:12px;margin:0;background-color:#fff}.carousel-caption{position:absolute;right:15%;bottom:20px;left:15%;z-index:10;padding-top:20px;padding-bottom:20px;color:#fff;text-align:center;text-shadow:0 1px 2px rgba(0,0,0,0.6)}.carousel-caption .btn{text-shadow:none}@media screen and (min-width:768px){.carousel-control .glyphicons-chevron-left,.carousel-control .glyphicons-chevron-right,.carousel-control .icon-prev,.carousel-control .icon-next{width:30px;height:30px;margin-top:-15px;margin-left:-15px;font-size:30px}.carousel-caption{right:20%;left:20%;padding-bottom:30px}.carousel-indicators{bottom:20px}}.clearfix:before,.clearfix:after{display:table;content:" "}.clearfix:after{clear:both}.center-block{display:block;margin-right:auto;margin-left:auto}.pull-right{float:right !important}.pull-left{float:left !important}.hide{display:none !important}.show{display:block !important}.invisible{visibility:hidden}.text-hide{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.hidden{display:none !important;visibility:hidden !important}.affix{position:fixed}@-ms-viewport{width:device-width}.visible-xs,tr.visible-xs,th.visible-xs,td.visible-xs{display:none !important}@media(max-width:767px){.visible-xs{display:block !important}tr.visible-xs{display:table-row !important}th.visible-xs,td.visible-xs{display:table-cell !important}}@media(min-width:768px) and (max-width:991px){.visible-xs.visible-sm{display:block !important}tr.visible-xs.visible-sm{display:table-row !important}th.visible-xs.visible-sm,td.visible-xs.visible-sm{display:table-cell !important}}@media(min-width:992px) and (max-width:1199px){.visible-xs.visible-md{display:block !important}tr.visible-xs.visible-md{display:table-row !important}th.visible-xs.visible-md,td.visible-xs.visible-md{display:table-cell !important}}@media(min-width:1200px){.visible-xs.visible-lg{display:block !important}tr.visible-xs.visible-lg{display:table-row !important}th.visible-xs.visible-lg,td.visible-xs.visible-lg{display:table-cell !important}}.visible-sm,tr.visible-sm,th.visible-sm,td.visible-sm{display:none !important}@media(max-width:767px){.visible-sm.visible-xs{display:block !important}tr.visible-sm.visible-xs{display:table-row !important}th.visible-sm.visible-xs,td.visible-sm.visible-xs{display:table-cell !important}}@media(min-width:768px) and (max-width:991px){.visible-sm{display:block !important}tr.visible-sm{display:table-row !important}th.visible-sm,td.visible-sm{display:table-cell !important}}@media(min-width:992px) and (max-width:1199px){.visible-sm.visible-md{display:block !important}tr.visible-sm.visible-md{display:table-row !important}th.visible-sm.visible-md,td.visible-sm.visible-md{display:table-cell !important}}@media(min-width:1200px){.visible-sm.visible-lg{display:block !important}tr.visible-sm.visible-lg{display:table-row !important}th.visible-sm.visible-lg,td.visible-sm.visible-lg{display:table-cell !important}}.visible-md,tr.visible-md,th.visible-md,td.visible-md{display:none !important}@media(max-width:767px){.visible-md.visible-xs{display:block !important}tr.visible-md.visible-xs{display:table-row !important}th.visible-md.visible-xs,td.visible-md.visible-xs{display:table-cell !important}}@media(min-width:768px) and (max-width:991px){.visible-md.visible-sm{display:block !important}tr.visible-md.visible-sm{display:table-row !important}th.visible-md.visible-sm,td.visible-md.visible-sm{display:table-cell !important}}@media(min-width:992px) and (max-width:1199px){.visible-md{display:block !important}tr.visible-md{display:table-row !important}th.visible-md,td.visible-md{display:table-cell !important}}@media(min-width:1200px){.visible-md.visible-lg{display:block !important}tr.visible-md.visible-lg{display:table-row !important}th.visible-md.visible-lg,td.visible-md.visible-lg{display:table-cell !important}}.visible-lg,tr.visible-lg,th.visible-lg,td.visible-lg{display:none !important}@media(max-width:767px){.visible-lg.visible-xs{display:block !important}tr.visible-lg.visible-xs{display:table-row !important}th.visible-lg.visible-xs,td.visible-lg.visible-xs{display:table-cell !important}}@media(min-width:768px) and (max-width:991px){.visible-lg.visible-sm{display:block !important}tr.visible-lg.visible-sm{display:table-row !important}th.visible-lg.visible-sm,td.visible-lg.visible-sm{display:table-cell !important}}@media(min-width:992px) and (max-width:1199px){.visible-lg.visible-md{display:block !important}tr.visible-lg.visible-md{display:table-row !important}th.visible-lg.visible-md,td.visible-lg.visible-md{display:table-cell !important}}@media(min-width:1200px){.visible-lg{display:block !important}tr.visible-lg{display:table-row !important}th.visible-lg,td.visible-lg{display:table-cell !important}}.hidden-xs{display:block !important}tr.hidden-xs{display:table-row !important}th.hidden-xs,td.hidden-xs{display:table-cell !important}@media(max-width:767px){.hidden-xs,tr.hidden-xs,th.hidden-xs,td.hidden-xs{display:none !important}}@media(min-width:768px) and (max-width:991px){.hidden-xs.hidden-sm,tr.hidden-xs.hidden-sm,th.hidden-xs.hidden-sm,td.hidden-xs.hidden-sm{display:none !important}}@media(min-width:992px) and (max-width:1199px){.hidden-xs.hidden-md,tr.hidden-xs.hidden-md,th.hidden-xs.hidden-md,td.hidden-xs.hidden-md{display:none !important}}@media(min-width:1200px){.hidden-xs.hidden-lg,tr.hidden-xs.hidden-lg,th.hidden-xs.hidden-lg,td.hidden-xs.hidden-lg{display:none !important}}.hidden-sm{display:block !important}tr.hidden-sm{display:table-row !important}th.hidden-sm,td.hidden-sm{display:table-cell !important}@media(max-width:767px){.hidden-sm.hidden-xs,tr.hidden-sm.hidden-xs,th.hidden-sm.hidden-xs,td.hidden-sm.hidden-xs{display:none !important}}@media(min-width:768px) and (max-width:991px){.hidden-sm,tr.hidden-sm,th.hidden-sm,td.hidden-sm{display:none !important}}@media(min-width:992px) and (max-width:1199px){.hidden-sm.hidden-md,tr.hidden-sm.hidden-md,th.hidden-sm.hidden-md,td.hidden-sm.hidden-md{display:none !important}}@media(min-width:1200px){.hidden-sm.hidden-lg,tr.hidden-sm.hidden-lg,th.hidden-sm.hidden-lg,td.hidden-sm.hidden-lg{display:none !important}}.hidden-md{display:block !important}tr.hidden-md{display:table-row !important}th.hidden-md,td.hidden-md{display:table-cell !important}@media(max-width:767px){.hidden-md.hidden-xs,tr.hidden-md.hidden-xs,th.hidden-md.hidden-xs,td.hidden-md.hidden-xs{display:none !important}}@media(min-width:768px) and (max-width:991px){.hidden-md.hidden-sm,tr.hidden-md.hidden-sm,th.hidden-md.hidden-sm,td.hidden-md.hidden-sm{display:none !important}}@media(min-width:992px) and (max-width:1199px){.hidden-md,tr.hidden-md,th.hidden-md,td.hidden-md{display:none !important}}@media(min-width:1200px){.hidden-md.hidden-lg,tr.hidden-md.hidden-lg,th.hidden-md.hidden-lg,td.hidden-md.hidden-lg{display:none !important}}.hidden-lg{display:block !important}tr.hidden-lg{display:table-row !important}th.hidden-lg,td.hidden-lg{display:table-cell !important}@media(max-width:767px){.hidden-lg.hidden-xs,tr.hidden-lg.hidden-xs,th.hidden-lg.hidden-xs,td.hidden-lg.hidden-xs{display:none !important}}@media(min-width:768px) and (max-width:991px){.hidden-lg.hidden-sm,tr.hidden-lg.hidden-sm,th.hidden-lg.hidden-sm,td.hidden-lg.hidden-sm{display:none !important}}@media(min-width:992px) and (max-width:1199px){.hidden-lg.hidden-md,tr.hidden-lg.hidden-md,th.hidden-lg.hidden-md,td.hidden-lg.hidden-md{display:none !important}}@media(min-width:1200px){.hidden-lg,tr.hidden-lg,th.hidden-lg,td.hidden-lg{display:none !important}}.visible-print,tr.visible-print,th.visible-print,td.visible-print{display:none !important}@media print{.visible-print{display:block !important}tr.visible-print{display:table-row !important}th.visible-print,td.visible-print{display:table-cell !important}.hidden-print,tr.hidden-print,th.hidden-print,td.hidden-print{display:none !important}} \ No newline at end of file diff --git a/docs/theme/mkdocs/css/prettify-1.0.css b/docs/theme/mkdocs/css/prettify-1.0.css new file mode 100644 index 0000000000..e0df245523 --- /dev/null +++ b/docs/theme/mkdocs/css/prettify-1.0.css @@ -0,0 +1,28 @@ +.com { color: #93a1a1; } +.lit { color: #195f91; } +.pun, .opn, .clo { color: #93a1a1; } +.fun { color: #dc322f; } +.str, .atv { color: #D14; } +.kwd, .prettyprint .tag { color: #1e347b; } +.typ, .atn, .dec, .var { color: teal; } +.pln { color: #48484c; } + +.prettyprint { + padding: 8px; +} +.prettyprint.linenums { + -webkit-box-shadow: inset 40px 0 0 #fbfbfc, inset 41px 0 0 #ececf0; + -moz-box-shadow: inset 40px 0 0 #fbfbfc, inset 41px 0 0 #ececf0; + box-shadow: inset 40px 0 0 #fbfbfc, inset 41px 0 0 #ececf0; +} + +/* Specify class=linenums on a pre to get line numbering */ +ol.linenums { + margin: 0 0 0 33px; /* IE indents via margin-left */ +} +ol.linenums li { + padding-left: 12px; + color: #bebec5; + line-height: 20px; + text-shadow: 0 1px 0 #fff; +} diff --git a/docs/theme/mkdocs/docker_io_nav.html b/docs/theme/mkdocs/docker_io_nav.html new file mode 100644 index 0000000000..814e1f5976 --- /dev/null +++ b/docs/theme/mkdocs/docker_io_nav.html @@ -0,0 +1,38 @@ + +
    +
    + sign up + login +
    +
    \ No newline at end of file diff --git a/docs/theme/mkdocs/fonts/fontawesome-webfont.eot b/docs/theme/mkdocs/fonts/fontawesome-webfont.eot new file mode 100755 index 0000000000..7c79c6a6bc Binary files /dev/null and b/docs/theme/mkdocs/fonts/fontawesome-webfont.eot differ diff --git a/docs/theme/mkdocs/fonts/fontawesome-webfont.svg b/docs/theme/mkdocs/fonts/fontawesome-webfont.svg new file mode 100755 index 0000000000..45fdf33830 --- /dev/null +++ b/docs/theme/mkdocs/fonts/fontawesome-webfont.svg @@ -0,0 +1,414 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/theme/mkdocs/fonts/fontawesome-webfont.ttf b/docs/theme/mkdocs/fonts/fontawesome-webfont.ttf new file mode 100755 index 0000000000..e89738de5e Binary files /dev/null and b/docs/theme/mkdocs/fonts/fontawesome-webfont.ttf differ diff --git a/docs/theme/mkdocs/fonts/fontawesome-webfont.woff b/docs/theme/mkdocs/fonts/fontawesome-webfont.woff new file mode 100755 index 0000000000..8c1748aab7 Binary files /dev/null and b/docs/theme/mkdocs/fonts/fontawesome-webfont.woff differ diff --git a/docs/theme/mkdocs/fonts/glyphicons-halflings-regular.eot b/docs/theme/mkdocs/fonts/glyphicons-halflings-regular.eot new file mode 100644 index 0000000000..4a4ca865d6 Binary files /dev/null and b/docs/theme/mkdocs/fonts/glyphicons-halflings-regular.eot differ diff --git a/docs/theme/mkdocs/fonts/glyphicons-halflings-regular.svg b/docs/theme/mkdocs/fonts/glyphicons-halflings-regular.svg new file mode 100644 index 0000000000..e3e2dc739d --- /dev/null +++ b/docs/theme/mkdocs/fonts/glyphicons-halflings-regular.svg @@ -0,0 +1,229 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/theme/mkdocs/fonts/glyphicons-halflings-regular.ttf b/docs/theme/mkdocs/fonts/glyphicons-halflings-regular.ttf new file mode 100644 index 0000000000..67fa00bf83 Binary files /dev/null and b/docs/theme/mkdocs/fonts/glyphicons-halflings-regular.ttf differ diff --git a/docs/theme/mkdocs/fonts/glyphicons-halflings-regular.woff b/docs/theme/mkdocs/fonts/glyphicons-halflings-regular.woff new file mode 100644 index 0000000000..8c54182aa5 Binary files /dev/null and b/docs/theme/mkdocs/fonts/glyphicons-halflings-regular.woff differ diff --git a/docs/theme/mkdocs/footer.html b/docs/theme/mkdocs/footer.html new file mode 100644 index 0000000000..affaef0996 --- /dev/null +++ b/docs/theme/mkdocs/footer.html @@ -0,0 +1,84 @@ + + + \ No newline at end of file diff --git a/docs/theme/mkdocs/img/docs_nav_menu_arrow_1x.png b/docs/theme/mkdocs/img/docs_nav_menu_arrow_1x.png new file mode 100644 index 0000000000..9c209dd5ec Binary files /dev/null and b/docs/theme/mkdocs/img/docs_nav_menu_arrow_1x.png differ diff --git a/docs/theme/docker/static/favicon.png b/docs/theme/mkdocs/img/favicon.png similarity index 100% rename from docs/theme/docker/static/favicon.png rename to docs/theme/mkdocs/img/favicon.png diff --git a/docs/theme/mkdocs/img/logo.png b/docs/theme/mkdocs/img/logo.png new file mode 100644 index 0000000000..dce5155683 Binary files /dev/null and b/docs/theme/mkdocs/img/logo.png differ diff --git a/docs/theme/mkdocs/img/logo_compressed.png b/docs/theme/mkdocs/img/logo_compressed.png new file mode 100644 index 0000000000..717d09d773 Binary files /dev/null and b/docs/theme/mkdocs/img/logo_compressed.png differ diff --git a/docs/theme/docker/static/img/social/docker_social_logos.png b/docs/theme/mkdocs/img/social/docker_social_logos.png similarity index 100% rename from docs/theme/docker/static/img/social/docker_social_logos.png rename to docs/theme/mkdocs/img/social/docker_social_logos.png diff --git a/docs/theme/mkdocs/img/website-footer_clean.svg b/docs/theme/mkdocs/img/website-footer_clean.svg new file mode 100644 index 0000000000..affc804c6d --- /dev/null +++ b/docs/theme/mkdocs/img/website-footer_clean.svg @@ -0,0 +1,197 @@ + + + + +Layer 1 + + + + + + + + + + + + + + + diff --git a/docs/theme/mkdocs/js/base.js b/docs/theme/mkdocs/js/base.js new file mode 100644 index 0000000000..c303f2a806 --- /dev/null +++ b/docs/theme/mkdocs/js/base.js @@ -0,0 +1,108 @@ +$(document).ready(function () +{ + + // Detect if the device is "touch" capable + var isTouchDevice = (('ontouchstart' in window) || (navigator.msMaxTouchPoints > 0)); + + // Tipue Search activation + $('#tipue_search_input').tipuesearch({ + 'mode': 'json', + 'contentLocation': '/search_content.json' + }); + + prettyPrint(); + + // Resizing + resizeMenuDropdown(); + checkToScrollTOC(); + $(window).resize(function() { + if(this.resizeTO) + { + clearTimeout(this.resizeTO); + } + this.resizeTO = setTimeout(function () + { + resizeMenuDropdown(); + checkToScrollTOC(); + }, 500); + }); + + /* Auto scroll */ + $('#nav_menu').scrollToFixed({ + dontSetWidth: true, + }); + + /* Toggle TOC view for Mobile */ + $('#toc_table > h2').on('click', function () + { + if ( $(window).width() <= 991 ) + { + $('#toc_table > #toc_navigation').slideToggle(); + } + }); + + // Submenu ensured drop-down functionality for desktops & mobiles + $('.dd_menu').on({ + click: function () + { + if (isTouchDevice) + { + $(this).toggleClass('dd_on_hover'); + } + }, + mouseenter: function () + { + if (!isTouchDevice) + { + $(this).addClass('dd_on_hover'); + } + }, + mouseleave: function () + { + $(this).removeClass('dd_on_hover'); + }, + }); + + /* Follow TOC links (ScrollSpy) */ + $('body').scrollspy({ + target: '#toc_table', + }); + + /* Prevent disabled link clicks */ + $("li.disabled a").click(function () + { + event.preventDefault(); + }); + +}); + +function resizeMenuDropdown () +{ + $('.dd_menu > .dd_submenu').css("max-height", ($('body').height() - 160) + 'px'); +} + +// https://github.com/bigspotteddog/ScrollToFixed +function checkToScrollTOC () +{ + if ( $(window).width() >= 768 ) + { + // If TOC is hidden, expand. + $('#toc_table > #toc_navigation').css("display", "block"); + // Then attach or detach fixed-scroll + if ( ($('#toc_table').height() + 100) >= $(window).height() ) + { + $('#toc_table').trigger('detach.ScrollToFixed'); + $('#toc_navigation > li.active').removeClass('active'); + } + else + { + $('#toc_table').scrollToFixed({ + marginTop: $('#nav_menu').height() + 14, + limit: function () { return $('#footer').offset().top - 450; }, + zIndex: 1, + minWidth: 768, + removeOffsets: true, + }); + } + } +} \ No newline at end of file diff --git a/docs/theme/mkdocs/js/bootstrap-3.0.3.min.js b/docs/theme/mkdocs/js/bootstrap-3.0.3.min.js new file mode 100644 index 0000000000..1a6258efcb --- /dev/null +++ b/docs/theme/mkdocs/js/bootstrap-3.0.3.min.js @@ -0,0 +1,7 @@ +/*! + * Bootstrap v3.0.3 (http://getbootstrap.com) + * Copyright 2013 Twitter, Inc. + * Licensed under http://www.apache.org/licenses/LICENSE-2.0 + */ + +if("undefined"==typeof jQuery)throw new Error("Bootstrap requires jQuery");+function(a){"use strict";function b(){var a=document.createElement("bootstrap"),b={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var c in b)if(void 0!==a.style[c])return{end:b[c]}}a.fn.emulateTransitionEnd=function(b){var c=!1,d=this;a(this).one(a.support.transition.end,function(){c=!0});var e=function(){c||a(d).trigger(a.support.transition.end)};return setTimeout(e,b),this},a(function(){a.support.transition=b()})}(jQuery),+function(a){"use strict";var b='[data-dismiss="alert"]',c=function(c){a(c).on("click",b,this.close)};c.prototype.close=function(b){function c(){f.trigger("closed.bs.alert").remove()}var d=a(this),e=d.attr("data-target");e||(e=d.attr("href"),e=e&&e.replace(/.*(?=#[^\s]*$)/,""));var f=a(e);b&&b.preventDefault(),f.length||(f=d.hasClass("alert")?d:d.parent()),f.trigger(b=a.Event("close.bs.alert")),b.isDefaultPrevented()||(f.removeClass("in"),a.support.transition&&f.hasClass("fade")?f.one(a.support.transition.end,c).emulateTransitionEnd(150):c())};var d=a.fn.alert;a.fn.alert=function(b){return this.each(function(){var d=a(this),e=d.data("bs.alert");e||d.data("bs.alert",e=new c(this)),"string"==typeof b&&e[b].call(d)})},a.fn.alert.Constructor=c,a.fn.alert.noConflict=function(){return a.fn.alert=d,this},a(document).on("click.bs.alert.data-api",b,c.prototype.close)}(jQuery),+function(a){"use strict";var b=function(c,d){this.$element=a(c),this.options=a.extend({},b.DEFAULTS,d)};b.DEFAULTS={loadingText:"loading..."},b.prototype.setState=function(a){var b="disabled",c=this.$element,d=c.is("input")?"val":"html",e=c.data();a+="Text",e.resetText||c.data("resetText",c[d]()),c[d](e[a]||this.options[a]),setTimeout(function(){"loadingText"==a?c.addClass(b).attr(b,b):c.removeClass(b).removeAttr(b)},0)},b.prototype.toggle=function(){var a=this.$element.closest('[data-toggle="buttons"]'),b=!0;if(a.length){var c=this.$element.find("input");"radio"===c.prop("type")&&(c.prop("checked")&&this.$element.hasClass("active")?b=!1:a.find(".active").removeClass("active")),b&&c.prop("checked",!this.$element.hasClass("active")).trigger("change")}b&&this.$element.toggleClass("active")};var c=a.fn.button;a.fn.button=function(c){return this.each(function(){var d=a(this),e=d.data("bs.button"),f="object"==typeof c&&c;e||d.data("bs.button",e=new b(this,f)),"toggle"==c?e.toggle():c&&e.setState(c)})},a.fn.button.Constructor=b,a.fn.button.noConflict=function(){return a.fn.button=c,this},a(document).on("click.bs.button.data-api","[data-toggle^=button]",function(b){var c=a(b.target);c.hasClass("btn")||(c=c.closest(".btn")),c.button("toggle"),b.preventDefault()})}(jQuery),+function(a){"use strict";var b=function(b,c){this.$element=a(b),this.$indicators=this.$element.find(".carousel-indicators"),this.options=c,this.paused=this.sliding=this.interval=this.$active=this.$items=null,"hover"==this.options.pause&&this.$element.on("mouseenter",a.proxy(this.pause,this)).on("mouseleave",a.proxy(this.cycle,this))};b.DEFAULTS={interval:5e3,pause:"hover",wrap:!0},b.prototype.cycle=function(b){return b||(this.paused=!1),this.interval&&clearInterval(this.interval),this.options.interval&&!this.paused&&(this.interval=setInterval(a.proxy(this.next,this),this.options.interval)),this},b.prototype.getActiveIndex=function(){return this.$active=this.$element.find(".item.active"),this.$items=this.$active.parent().children(),this.$items.index(this.$active)},b.prototype.to=function(b){var c=this,d=this.getActiveIndex();return b>this.$items.length-1||0>b?void 0:this.sliding?this.$element.one("slid.bs.carousel",function(){c.to(b)}):d==b?this.pause().cycle():this.slide(b>d?"next":"prev",a(this.$items[b]))},b.prototype.pause=function(b){return b||(this.paused=!0),this.$element.find(".next, .prev").length&&a.support.transition.end&&(this.$element.trigger(a.support.transition.end),this.cycle(!0)),this.interval=clearInterval(this.interval),this},b.prototype.next=function(){return this.sliding?void 0:this.slide("next")},b.prototype.prev=function(){return this.sliding?void 0:this.slide("prev")},b.prototype.slide=function(b,c){var d=this.$element.find(".item.active"),e=c||d[b](),f=this.interval,g="next"==b?"left":"right",h="next"==b?"first":"last",i=this;if(!e.length){if(!this.options.wrap)return;e=this.$element.find(".item")[h]()}this.sliding=!0,f&&this.pause();var j=a.Event("slide.bs.carousel",{relatedTarget:e[0],direction:g});if(!e.hasClass("active")){if(this.$indicators.length&&(this.$indicators.find(".active").removeClass("active"),this.$element.one("slid.bs.carousel",function(){var b=a(i.$indicators.children()[i.getActiveIndex()]);b&&b.addClass("active")})),a.support.transition&&this.$element.hasClass("slide")){if(this.$element.trigger(j),j.isDefaultPrevented())return;e.addClass(b),e[0].offsetWidth,d.addClass(g),e.addClass(g),d.one(a.support.transition.end,function(){e.removeClass([b,g].join(" ")).addClass("active"),d.removeClass(["active",g].join(" ")),i.sliding=!1,setTimeout(function(){i.$element.trigger("slid.bs.carousel")},0)}).emulateTransitionEnd(600)}else{if(this.$element.trigger(j),j.isDefaultPrevented())return;d.removeClass("active"),e.addClass("active"),this.sliding=!1,this.$element.trigger("slid.bs.carousel")}return f&&this.cycle(),this}};var c=a.fn.carousel;a.fn.carousel=function(c){return this.each(function(){var d=a(this),e=d.data("bs.carousel"),f=a.extend({},b.DEFAULTS,d.data(),"object"==typeof c&&c),g="string"==typeof c?c:f.slide;e||d.data("bs.carousel",e=new b(this,f)),"number"==typeof c?e.to(c):g?e[g]():f.interval&&e.pause().cycle()})},a.fn.carousel.Constructor=b,a.fn.carousel.noConflict=function(){return a.fn.carousel=c,this},a(document).on("click.bs.carousel.data-api","[data-slide], [data-slide-to]",function(b){var c,d=a(this),e=a(d.attr("data-target")||(c=d.attr("href"))&&c.replace(/.*(?=#[^\s]+$)/,"")),f=a.extend({},e.data(),d.data()),g=d.attr("data-slide-to");g&&(f.interval=!1),e.carousel(f),(g=d.attr("data-slide-to"))&&e.data("bs.carousel").to(g),b.preventDefault()}),a(window).on("load",function(){a('[data-ride="carousel"]').each(function(){var b=a(this);b.carousel(b.data())})})}(jQuery),+function(a){"use strict";var b=function(c,d){this.$element=a(c),this.options=a.extend({},b.DEFAULTS,d),this.transitioning=null,this.options.parent&&(this.$parent=a(this.options.parent)),this.options.toggle&&this.toggle()};b.DEFAULTS={toggle:!0},b.prototype.dimension=function(){var a=this.$element.hasClass("width");return a?"width":"height"},b.prototype.show=function(){if(!this.transitioning&&!this.$element.hasClass("in")){var b=a.Event("show.bs.collapse");if(this.$element.trigger(b),!b.isDefaultPrevented()){var c=this.$parent&&this.$parent.find("> .panel > .in");if(c&&c.length){var d=c.data("bs.collapse");if(d&&d.transitioning)return;c.collapse("hide"),d||c.data("bs.collapse",null)}var e=this.dimension();this.$element.removeClass("collapse").addClass("collapsing")[e](0),this.transitioning=1;var f=function(){this.$element.removeClass("collapsing").addClass("in")[e]("auto"),this.transitioning=0,this.$element.trigger("shown.bs.collapse")};if(!a.support.transition)return f.call(this);var g=a.camelCase(["scroll",e].join("-"));this.$element.one(a.support.transition.end,a.proxy(f,this)).emulateTransitionEnd(350)[e](this.$element[0][g])}}},b.prototype.hide=function(){if(!this.transitioning&&this.$element.hasClass("in")){var b=a.Event("hide.bs.collapse");if(this.$element.trigger(b),!b.isDefaultPrevented()){var c=this.dimension();this.$element[c](this.$element[c]())[0].offsetHeight,this.$element.addClass("collapsing").removeClass("collapse").removeClass("in"),this.transitioning=1;var d=function(){this.transitioning=0,this.$element.trigger("hidden.bs.collapse").removeClass("collapsing").addClass("collapse")};return a.support.transition?(this.$element[c](0).one(a.support.transition.end,a.proxy(d,this)).emulateTransitionEnd(350),void 0):d.call(this)}}},b.prototype.toggle=function(){this[this.$element.hasClass("in")?"hide":"show"]()};var c=a.fn.collapse;a.fn.collapse=function(c){return this.each(function(){var d=a(this),e=d.data("bs.collapse"),f=a.extend({},b.DEFAULTS,d.data(),"object"==typeof c&&c);e||d.data("bs.collapse",e=new b(this,f)),"string"==typeof c&&e[c]()})},a.fn.collapse.Constructor=b,a.fn.collapse.noConflict=function(){return a.fn.collapse=c,this},a(document).on("click.bs.collapse.data-api","[data-toggle=collapse]",function(b){var c,d=a(this),e=d.attr("data-target")||b.preventDefault()||(c=d.attr("href"))&&c.replace(/.*(?=#[^\s]+$)/,""),f=a(e),g=f.data("bs.collapse"),h=g?"toggle":d.data(),i=d.attr("data-parent"),j=i&&a(i);g&&g.transitioning||(j&&j.find('[data-toggle=collapse][data-parent="'+i+'"]').not(d).addClass("collapsed"),d[f.hasClass("in")?"addClass":"removeClass"]("collapsed")),f.collapse(h)})}(jQuery),+function(a){"use strict";function b(){a(d).remove(),a(e).each(function(b){var d=c(a(this));d.hasClass("open")&&(d.trigger(b=a.Event("hide.bs.dropdown")),b.isDefaultPrevented()||d.removeClass("open").trigger("hidden.bs.dropdown"))})}function c(b){var c=b.attr("data-target");c||(c=b.attr("href"),c=c&&/#/.test(c)&&c.replace(/.*(?=#[^\s]*$)/,""));var d=c&&a(c);return d&&d.length?d:b.parent()}var d=".dropdown-backdrop",e="[data-toggle=dropdown]",f=function(b){a(b).on("click.bs.dropdown",this.toggle)};f.prototype.toggle=function(d){var e=a(this);if(!e.is(".disabled, :disabled")){var f=c(e),g=f.hasClass("open");if(b(),!g){if("ontouchstart"in document.documentElement&&!f.closest(".navbar-nav").length&&a('
    ').insertAfter(a(this)).on("click",b),f.trigger(d=a.Event("show.bs.dropdown")),d.isDefaultPrevented())return;f.toggleClass("open").trigger("shown.bs.dropdown"),e.focus()}return!1}},f.prototype.keydown=function(b){if(/(38|40|27)/.test(b.keyCode)){var d=a(this);if(b.preventDefault(),b.stopPropagation(),!d.is(".disabled, :disabled")){var f=c(d),g=f.hasClass("open");if(!g||g&&27==b.keyCode)return 27==b.which&&f.find(e).focus(),d.click();var h=a("[role=menu] li:not(.divider):visible a",f);if(h.length){var i=h.index(h.filter(":focus"));38==b.keyCode&&i>0&&i--,40==b.keyCode&&i').appendTo(document.body),this.$element.on("click.dismiss.modal",a.proxy(function(a){a.target===a.currentTarget&&("static"==this.options.backdrop?this.$element[0].focus.call(this.$element[0]):this.hide.call(this))},this)),d&&this.$backdrop[0].offsetWidth,this.$backdrop.addClass("in"),!b)return;d?this.$backdrop.one(a.support.transition.end,b).emulateTransitionEnd(150):b()}else!this.isShown&&this.$backdrop?(this.$backdrop.removeClass("in"),a.support.transition&&this.$element.hasClass("fade")?this.$backdrop.one(a.support.transition.end,b).emulateTransitionEnd(150):b()):b&&b()};var c=a.fn.modal;a.fn.modal=function(c,d){return this.each(function(){var e=a(this),f=e.data("bs.modal"),g=a.extend({},b.DEFAULTS,e.data(),"object"==typeof c&&c);f||e.data("bs.modal",f=new b(this,g)),"string"==typeof c?f[c](d):g.show&&f.show(d)})},a.fn.modal.Constructor=b,a.fn.modal.noConflict=function(){return a.fn.modal=c,this},a(document).on("click.bs.modal.data-api",'[data-toggle="modal"]',function(b){var c=a(this),d=c.attr("href"),e=a(c.attr("data-target")||d&&d.replace(/.*(?=#[^\s]+$)/,"")),f=e.data("modal")?"toggle":a.extend({remote:!/#/.test(d)&&d},e.data(),c.data());b.preventDefault(),e.modal(f,this).one("hide",function(){c.is(":visible")&&c.focus()})}),a(document).on("show.bs.modal",".modal",function(){a(document.body).addClass("modal-open")}).on("hidden.bs.modal",".modal",function(){a(document.body).removeClass("modal-open")})}(jQuery),+function(a){"use strict";var b=function(a,b){this.type=this.options=this.enabled=this.timeout=this.hoverState=this.$element=null,this.init("tooltip",a,b)};b.DEFAULTS={animation:!0,placement:"top",selector:!1,template:'
    ',trigger:"hover focus",title:"",delay:0,html:!1,container:!1},b.prototype.init=function(b,c,d){this.enabled=!0,this.type=b,this.$element=a(c),this.options=this.getOptions(d);for(var e=this.options.trigger.split(" "),f=e.length;f--;){var g=e[f];if("click"==g)this.$element.on("click."+this.type,this.options.selector,a.proxy(this.toggle,this));else if("manual"!=g){var h="hover"==g?"mouseenter":"focus",i="hover"==g?"mouseleave":"blur";this.$element.on(h+"."+this.type,this.options.selector,a.proxy(this.enter,this)),this.$element.on(i+"."+this.type,this.options.selector,a.proxy(this.leave,this))}}this.options.selector?this._options=a.extend({},this.options,{trigger:"manual",selector:""}):this.fixTitle()},b.prototype.getDefaults=function(){return b.DEFAULTS},b.prototype.getOptions=function(b){return b=a.extend({},this.getDefaults(),this.$element.data(),b),b.delay&&"number"==typeof b.delay&&(b.delay={show:b.delay,hide:b.delay}),b},b.prototype.getDelegateOptions=function(){var b={},c=this.getDefaults();return this._options&&a.each(this._options,function(a,d){c[a]!=d&&(b[a]=d)}),b},b.prototype.enter=function(b){var c=b instanceof this.constructor?b:a(b.currentTarget)[this.type](this.getDelegateOptions()).data("bs."+this.type);return clearTimeout(c.timeout),c.hoverState="in",c.options.delay&&c.options.delay.show?(c.timeout=setTimeout(function(){"in"==c.hoverState&&c.show()},c.options.delay.show),void 0):c.show()},b.prototype.leave=function(b){var c=b instanceof this.constructor?b:a(b.currentTarget)[this.type](this.getDelegateOptions()).data("bs."+this.type);return clearTimeout(c.timeout),c.hoverState="out",c.options.delay&&c.options.delay.hide?(c.timeout=setTimeout(function(){"out"==c.hoverState&&c.hide()},c.options.delay.hide),void 0):c.hide()},b.prototype.show=function(){var b=a.Event("show.bs."+this.type);if(this.hasContent()&&this.enabled){if(this.$element.trigger(b),b.isDefaultPrevented())return;var c=this.tip();this.setContent(),this.options.animation&&c.addClass("fade");var d="function"==typeof this.options.placement?this.options.placement.call(this,c[0],this.$element[0]):this.options.placement,e=/\s?auto?\s?/i,f=e.test(d);f&&(d=d.replace(e,"")||"top"),c.detach().css({top:0,left:0,display:"block"}).addClass(d),this.options.container?c.appendTo(this.options.container):c.insertAfter(this.$element);var g=this.getPosition(),h=c[0].offsetWidth,i=c[0].offsetHeight;if(f){var j=this.$element.parent(),k=d,l=document.documentElement.scrollTop||document.body.scrollTop,m="body"==this.options.container?window.innerWidth:j.outerWidth(),n="body"==this.options.container?window.innerHeight:j.outerHeight(),o="body"==this.options.container?0:j.offset().left;d="bottom"==d&&g.top+g.height+i-l>n?"top":"top"==d&&g.top-l-i<0?"bottom":"right"==d&&g.right+h>m?"left":"left"==d&&g.left-h

    '}),b.prototype=a.extend({},a.fn.tooltip.Constructor.prototype),b.prototype.constructor=b,b.prototype.getDefaults=function(){return b.DEFAULTS},b.prototype.setContent=function(){var a=this.tip(),b=this.getTitle(),c=this.getContent();a.find(".popover-title")[this.options.html?"html":"text"](b),a.find(".popover-content")[this.options.html?"html":"text"](c),a.removeClass("fade top bottom left right in"),a.find(".popover-title").html()||a.find(".popover-title").hide()},b.prototype.hasContent=function(){return this.getTitle()||this.getContent()},b.prototype.getContent=function(){var a=this.$element,b=this.options;return a.attr("data-content")||("function"==typeof b.content?b.content.call(a[0]):b.content)},b.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".arrow")},b.prototype.tip=function(){return this.$tip||(this.$tip=a(this.options.template)),this.$tip};var c=a.fn.popover;a.fn.popover=function(c){return this.each(function(){var d=a(this),e=d.data("bs.popover"),f="object"==typeof c&&c;e||d.data("bs.popover",e=new b(this,f)),"string"==typeof c&&e[c]()})},a.fn.popover.Constructor=b,a.fn.popover.noConflict=function(){return a.fn.popover=c,this}}(jQuery),+function(a){"use strict";function b(c,d){var e,f=a.proxy(this.process,this);this.$element=a(c).is("body")?a(window):a(c),this.$body=a("body"),this.$scrollElement=this.$element.on("scroll.bs.scroll-spy.data-api",f),this.options=a.extend({},b.DEFAULTS,d),this.selector=(this.options.target||(e=a(c).attr("href"))&&e.replace(/.*(?=#[^\s]+$)/,"")||"")+" .nav li > a",this.offsets=a([]),this.targets=a([]),this.activeTarget=null,this.refresh(),this.process()}b.DEFAULTS={offset:10},b.prototype.refresh=function(){var b=this.$element[0]==window?"offset":"position";this.offsets=a([]),this.targets=a([]);var c=this;this.$body.find(this.selector).map(function(){var d=a(this),e=d.data("target")||d.attr("href"),f=/^#\w/.test(e)&&a(e);return f&&f.length&&[[f[b]().top+(!a.isWindow(c.$scrollElement.get(0))&&c.$scrollElement.scrollTop()),e]]||null}).sort(function(a,b){return a[0]-b[0]}).each(function(){c.offsets.push(this[0]),c.targets.push(this[1])})},b.prototype.process=function(){var a,b=this.$scrollElement.scrollTop()+this.options.offset,c=this.$scrollElement[0].scrollHeight||this.$body[0].scrollHeight,d=c-this.$scrollElement.height(),e=this.offsets,f=this.targets,g=this.activeTarget;if(b>=d)return g!=(a=f.last()[0])&&this.activate(a);for(a=e.length;a--;)g!=f[a]&&b>=e[a]&&(!e[a+1]||b<=e[a+1])&&this.activate(f[a])},b.prototype.activate=function(b){this.activeTarget=b,a(this.selector).parents(".active").removeClass("active");var c=this.selector+'[data-target="'+b+'"],'+this.selector+'[href="'+b+'"]',d=a(c).parents("li").addClass("active");d.parent(".dropdown-menu").length&&(d=d.closest("li.dropdown").addClass("active")),d.trigger("activate.bs.scrollspy")};var c=a.fn.scrollspy;a.fn.scrollspy=function(c){return this.each(function(){var d=a(this),e=d.data("bs.scrollspy"),f="object"==typeof c&&c;e||d.data("bs.scrollspy",e=new b(this,f)),"string"==typeof c&&e[c]()})},a.fn.scrollspy.Constructor=b,a.fn.scrollspy.noConflict=function(){return a.fn.scrollspy=c,this},a(window).on("load",function(){a('[data-spy="scroll"]').each(function(){var b=a(this);b.scrollspy(b.data())})})}(jQuery),+function(a){"use strict";var b=function(b){this.element=a(b)};b.prototype.show=function(){var b=this.element,c=b.closest("ul:not(.dropdown-menu)"),d=b.data("target");if(d||(d=b.attr("href"),d=d&&d.replace(/.*(?=#[^\s]*$)/,"")),!b.parent("li").hasClass("active")){var e=c.find(".active:last a")[0],f=a.Event("show.bs.tab",{relatedTarget:e});if(b.trigger(f),!f.isDefaultPrevented()){var g=a(d);this.activate(b.parent("li"),c),this.activate(g,g.parent(),function(){b.trigger({type:"shown.bs.tab",relatedTarget:e})})}}},b.prototype.activate=function(b,c,d){function e(){f.removeClass("active").find("> .dropdown-menu > .active").removeClass("active"),b.addClass("active"),g?(b[0].offsetWidth,b.addClass("in")):b.removeClass("fade"),b.parent(".dropdown-menu")&&b.closest("li.dropdown").addClass("active"),d&&d()}var f=c.find("> .active"),g=d&&a.support.transition&&f.hasClass("fade");g?f.one(a.support.transition.end,e).emulateTransitionEnd(150):e(),f.removeClass("in")};var c=a.fn.tab;a.fn.tab=function(c){return this.each(function(){var d=a(this),e=d.data("bs.tab");e||d.data("bs.tab",e=new b(this)),"string"==typeof c&&e[c]()})},a.fn.tab.Constructor=b,a.fn.tab.noConflict=function(){return a.fn.tab=c,this},a(document).on("click.bs.tab.data-api",'[data-toggle="tab"], [data-toggle="pill"]',function(b){b.preventDefault(),a(this).tab("show")})}(jQuery),+function(a){"use strict";var b=function(c,d){this.options=a.extend({},b.DEFAULTS,d),this.$window=a(window).on("scroll.bs.affix.data-api",a.proxy(this.checkPosition,this)).on("click.bs.affix.data-api",a.proxy(this.checkPositionWithEventLoop,this)),this.$element=a(c),this.affixed=this.unpin=null,this.checkPosition()};b.RESET="affix affix-top affix-bottom",b.DEFAULTS={offset:0},b.prototype.checkPositionWithEventLoop=function(){setTimeout(a.proxy(this.checkPosition,this),1)},b.prototype.checkPosition=function(){if(this.$element.is(":visible")){var c=a(document).height(),d=this.$window.scrollTop(),e=this.$element.offset(),f=this.options.offset,g=f.top,h=f.bottom;"object"!=typeof f&&(h=g=f),"function"==typeof g&&(g=f.top()),"function"==typeof h&&(h=f.bottom());var i=null!=this.unpin&&d+this.unpin<=e.top?!1:null!=h&&e.top+this.$element.height()>=c-h?"bottom":null!=g&&g>=d?"top":!1;this.affixed!==i&&(this.unpin&&this.$element.css("top",""),this.affixed=i,this.unpin="bottom"==i?e.top-d:null,this.$element.removeClass(b.RESET).addClass("affix"+(i?"-"+i:"")),"bottom"==i&&this.$element.offset({top:document.body.offsetHeight-h-this.$element.height()}))}};var c=a.fn.affix;a.fn.affix=function(c){return this.each(function(){var d=a(this),e=d.data("bs.affix"),f="object"==typeof c&&c;e||d.data("bs.affix",e=new b(this,f)),"string"==typeof c&&e[c]()})},a.fn.affix.Constructor=b,a.fn.affix.noConflict=function(){return a.fn.affix=c,this},a(window).on("load",function(){a('[data-spy="affix"]').each(function(){var b=a(this),c=b.data();c.offset=c.offset||{},c.offsetBottom&&(c.offset.bottom=c.offsetBottom),c.offsetTop&&(c.offset.top=c.offsetTop),b.affix(c)})})}(jQuery); \ No newline at end of file diff --git a/docs/theme/mkdocs/js/jquery-scrolltofixed-min.js b/docs/theme/mkdocs/js/jquery-scrolltofixed-min.js new file mode 100644 index 0000000000..5382c04485 --- /dev/null +++ b/docs/theme/mkdocs/js/jquery-scrolltofixed-min.js @@ -0,0 +1,8 @@ +/* + * ScrollToFixed + * https://github.com/bigspotteddog/ScrollToFixed + * + * Copyright (c) 2011 Joseph Cava-Lynch + * MIT license + */ +(function(a){a.isScrollToFixed=function(b){return !!a(b).data("ScrollToFixed")};a.ScrollToFixed=function(d,i){var l=this;l.$el=a(d);l.el=d;l.$el.data("ScrollToFixed",l);var c=false;var F=l.$el;var G;var D;var e;var C=0;var q=0;var j=-1;var f=-1;var t=null;var y;var g;function u(){F.trigger("preUnfixed.ScrollToFixed");k();F.trigger("unfixed.ScrollToFixed");f=-1;C=F.offset().top;q=F.offset().left;if(l.options.offsets){q+=(F.offset().left-F.position().left)}if(j==-1){j=q}G=F.css("position");c=true;if(l.options.bottom!=-1){F.trigger("preFixed.ScrollToFixed");w();F.trigger("fixed.ScrollToFixed")}}function n(){var H=l.options.limit;if(!H){return 0}if(typeof(H)==="function"){return H.apply(F)}return H}function p(){return G==="fixed"}function x(){return G==="absolute"}function h(){return !(p()||x())}function w(){if(!p()){t.css({display:F.css("display"),width:F.outerWidth(true),height:F.outerHeight(true),"float":F.css("float")});cssOptions={position:"fixed",top:l.options.bottom==-1?s():"",bottom:l.options.bottom==-1?"":l.options.bottom,"margin-left":"0px"};if(!l.options.dontSetWidth){cssOptions.width=F.width()}F.css(cssOptions);F.addClass(l.options.baseClassName);if(l.options.className){F.addClass(l.options.className)}G="fixed"}}function b(){var I=n();var H=q;if(l.options.removeOffsets){H="";I=I-C}cssOptions={position:"absolute",top:I,left:H,"margin-left":"0px",bottom:""};if(!l.options.dontSetWidth){cssOptions.width=F.width()}F.css(cssOptions);G="absolute"}function k(){if(!h()){f=-1;t.css("display","none");F.css({width:"",position:D,left:"",top:e,"margin-left":""});F.removeClass("scroll-to-fixed-fixed");if(l.options.className){F.removeClass(l.options.className)}G=null}}function v(H){if(H!=f){F.css("left",q-H);f=H}}function s(){var H=l.options.marginTop;if(!H){return 0}if(typeof(H)==="function"){return H.apply(F)}return H}function z(){if(!a.isScrollToFixed(F)){return}var J=c;if(!c){u()}var H=a(window).scrollLeft();var K=a(window).scrollTop();var I=n();if(l.options.minWidth&&a(window).width()l.options.maxWidth){if(!h()||!J){o();F.trigger("preUnfixed.ScrollToFixed");k();F.trigger("unfixed.ScrollToFixed")}}else{if(l.options.bottom==-1){if(I>0&&K>=I-s()){if(!x()||!J){o();F.trigger("preAbsolute.ScrollToFixed");b();F.trigger("unfixed.ScrollToFixed")}}else{if(K>=C-s()){if(!p()||!J){o();F.trigger("preFixed.ScrollToFixed");w();f=-1;F.trigger("fixed.ScrollToFixed")}v(H)}else{if(!h()||!J){o();F.trigger("preUnfixed.ScrollToFixed");k();F.trigger("unfixed.ScrollToFixed")}}}}else{if(I>0){if(K+a(window).height()-F.outerHeight(true)>=I-(s()||-m())){if(p()){o();F.trigger("preUnfixed.ScrollToFixed");if(D==="absolute"){b()}else{k()}F.trigger("unfixed.ScrollToFixed")}}else{if(!p()){o();F.trigger("preFixed.ScrollToFixed");w()}v(H);F.trigger("fixed.ScrollToFixed")}}else{v(H)}}}}}function m(){if(!l.options.bottom){return 0}return l.options.bottom}function o(){var H=F.css("position");if(H=="absolute"){F.trigger("postAbsolute.ScrollToFixed")}else{if(H=="fixed"){F.trigger("postFixed.ScrollToFixed")}else{F.trigger("postUnfixed.ScrollToFixed")}}}var B=function(H){if(F.is(":visible")){c=false;z()}};var E=function(H){z()};var A=function(){var I=document.body;if(document.createElement&&I&&I.appendChild&&I.removeChild){var K=document.createElement("div");if(!K.getBoundingClientRect){return null}K.innerHTML="x";K.style.cssText="position:fixed;top:100px;";I.appendChild(K);var L=I.style.height,M=I.scrollTop;I.style.height="3000px";I.scrollTop=500;var H=K.getBoundingClientRect().top;I.style.height=L;var J=(H===100);I.removeChild(K);I.scrollTop=M;return J}return null};var r=function(H){H=H||window.event;if(H.preventDefault){H.preventDefault()}H.returnValue=false};l.init=function(){l.options=a.extend({},a.ScrollToFixed.defaultOptions,i);l.$el.css("z-index",l.options.zIndex);t=a("
    ");G=F.css("position");D=F.css("position");e=F.css("top");if(h()){l.$el.after(t)}a(window).bind("resize.ScrollToFixed",B);a(window).bind("scroll.ScrollToFixed",E);if(l.options.preFixed){F.bind("preFixed.ScrollToFixed",l.options.preFixed)}if(l.options.postFixed){F.bind("postFixed.ScrollToFixed",l.options.postFixed)}if(l.options.preUnfixed){F.bind("preUnfixed.ScrollToFixed",l.options.preUnfixed)}if(l.options.postUnfixed){F.bind("postUnfixed.ScrollToFixed",l.options.postUnfixed)}if(l.options.preAbsolute){F.bind("preAbsolute.ScrollToFixed",l.options.preAbsolute)}if(l.options.postAbsolute){F.bind("postAbsolute.ScrollToFixed",l.options.postAbsolute)}if(l.options.fixed){F.bind("fixed.ScrollToFixed",l.options.fixed)}if(l.options.unfixed){F.bind("unfixed.ScrollToFixed",l.options.unfixed)}if(l.options.spacerClass){t.addClass(l.options.spacerClass)}F.bind("resize.ScrollToFixed",function(){t.height(F.height())});F.bind("scroll.ScrollToFixed",function(){F.trigger("preUnfixed.ScrollToFixed");k();F.trigger("unfixed.ScrollToFixed");z()});F.bind("detach.ScrollToFixed",function(H){r(H);F.trigger("preUnfixed.ScrollToFixed");k();F.trigger("unfixed.ScrollToFixed");a(window).unbind("resize.ScrollToFixed",B);a(window).unbind("scroll.ScrollToFixed",E);F.unbind(".ScrollToFixed");t.remove();l.$el.removeData("ScrollToFixed")});B()};l.init()};a.ScrollToFixed.defaultOptions={marginTop:0,limit:0,bottom:-1,zIndex:1000,baseClassName:"scroll-to-fixed-fixed"};a.fn.scrollToFixed=function(b){return this.each(function(){(new a.ScrollToFixed(this,b))})}})(jQuery); diff --git a/docs/theme/mkdocs/js/prettify-1.0.min.js b/docs/theme/mkdocs/js/prettify-1.0.min.js new file mode 100644 index 0000000000..eef5ad7e6a --- /dev/null +++ b/docs/theme/mkdocs/js/prettify-1.0.min.js @@ -0,0 +1,28 @@ +var q=null;window.PR_SHOULD_USE_CONTINUATION=!0; +(function(){function L(a){function m(a){var f=a.charCodeAt(0);if(f!==92)return f;var b=a.charAt(1);return(f=r[b])?f:"0"<=b&&b<="7"?parseInt(a.substring(1),8):b==="u"||b==="x"?parseInt(a.substring(2),16):a.charCodeAt(1)}function e(a){if(a<32)return(a<16?"\\x0":"\\x")+a.toString(16);a=String.fromCharCode(a);if(a==="\\"||a==="-"||a==="["||a==="]")a="\\"+a;return a}function h(a){for(var f=a.substring(1,a.length-1).match(/\\u[\dA-Fa-f]{4}|\\x[\dA-Fa-f]{2}|\\[0-3][0-7]{0,2}|\\[0-7]{1,2}|\\[\S\s]|[^\\]/g),a= +[],b=[],o=f[0]==="^",c=o?1:0,i=f.length;c122||(d<65||j>90||b.push([Math.max(65,j)|32,Math.min(d,90)|32]),d<97||j>122||b.push([Math.max(97,j)&-33,Math.min(d,122)&-33]))}}b.sort(function(a,f){return a[0]-f[0]||f[1]-a[1]});f=[];j=[NaN,NaN];for(c=0;ci[0]&&(i[1]+1>i[0]&&b.push("-"),b.push(e(i[1])));b.push("]");return b.join("")}function y(a){for(var f=a.source.match(/\[(?:[^\\\]]|\\[\S\s])*]|\\u[\dA-Fa-f]{4}|\\x[\dA-Fa-f]{2}|\\\d+|\\[^\dux]|\(\?[!:=]|[()^]|[^()[\\^]+/g),b=f.length,d=[],c=0,i=0;c=2&&a==="["?f[c]=h(j):a!=="\\"&&(f[c]=j.replace(/[A-Za-z]/g,function(a){a=a.charCodeAt(0);return"["+String.fromCharCode(a&-33,a|32)+"]"}));return f.join("")}for(var t=0,s=!1,l=!1,p=0,d=a.length;p=5&&"lang-"===b.substring(0,5))&&!(o&&typeof o[1]==="string"))c=!1,b="src";c||(r[f]=b)}i=d;d+=f.length;if(c){c=o[1];var j=f.indexOf(c),k=j+c.length;o[2]&&(k=f.length-o[2].length,j=k-c.length);b=b.substring(5);B(l+i,f.substring(0,j),e,p);B(l+i+j,c,C(b,c),p);B(l+i+k,f.substring(k),e,p)}else p.push(l+i,b)}a.e=p}var h={},y;(function(){for(var e=a.concat(m), +l=[],p={},d=0,g=e.length;d=0;)h[n.charAt(k)]=r;r=r[1];n=""+r;p.hasOwnProperty(n)||(l.push(r),p[n]=q)}l.push(/[\S\s]/);y=L(l)})();var t=m.length;return e}function u(a){var m=[],e=[];a.tripleQuotedStrings?m.push(["str",/^(?:'''(?:[^'\\]|\\[\S\s]|''?(?=[^']))*(?:'''|$)|"""(?:[^"\\]|\\[\S\s]|""?(?=[^"]))*(?:"""|$)|'(?:[^'\\]|\\[\S\s])*(?:'|$)|"(?:[^"\\]|\\[\S\s])*(?:"|$))/,q,"'\""]):a.multiLineStrings?m.push(["str",/^(?:'(?:[^'\\]|\\[\S\s])*(?:'|$)|"(?:[^"\\]|\\[\S\s])*(?:"|$)|`(?:[^\\`]|\\[\S\s])*(?:`|$))/, +q,"'\"`"]):m.push(["str",/^(?:'(?:[^\n\r'\\]|\\.)*(?:'|$)|"(?:[^\n\r"\\]|\\.)*(?:"|$))/,q,"\"'"]);a.verbatimStrings&&e.push(["str",/^@"(?:[^"]|"")*(?:"|$)/,q]);var h=a.hashComments;h&&(a.cStyleComments?(h>1?m.push(["com",/^#(?:##(?:[^#]|#(?!##))*(?:###|$)|.*)/,q,"#"]):m.push(["com",/^#(?:(?:define|elif|else|endif|error|ifdef|include|ifndef|line|pragma|undef|warning)\b|[^\n\r]*)/,q,"#"]),e.push(["str",/^<(?:(?:(?:\.\.\/)*|\/?)(?:[\w-]+(?:\/[\w-]+)+)?[\w-]+\.h|[a-z]\w*)>/,q])):m.push(["com",/^#[^\n\r]*/, +q,"#"]));a.cStyleComments&&(e.push(["com",/^\/\/[^\n\r]*/,q]),e.push(["com",/^\/\*[\S\s]*?(?:\*\/|$)/,q]));a.regexLiterals&&e.push(["lang-regex",/^(?:^^\.?|[!+-]|!=|!==|#|%|%=|&|&&|&&=|&=|\(|\*|\*=|\+=|,|-=|->|\/|\/=|:|::|;|<|<<|<<=|<=|=|==|===|>|>=|>>|>>=|>>>|>>>=|[?@[^]|\^=|\^\^|\^\^=|{|\||\|=|\|\||\|\|=|~|break|case|continue|delete|do|else|finally|instanceof|return|throw|try|typeof)\s*(\/(?=[^*/])(?:[^/[\\]|\\[\S\s]|\[(?:[^\\\]]|\\[\S\s])*(?:]|$))+\/)/]);(h=a.types)&&e.push(["typ",h]);a=(""+a.keywords).replace(/^ | $/g, +"");a.length&&e.push(["kwd",RegExp("^(?:"+a.replace(/[\s,]+/g,"|")+")\\b"),q]);m.push(["pln",/^\s+/,q," \r\n\t\xa0"]);e.push(["lit",/^@[$_a-z][\w$@]*/i,q],["typ",/^(?:[@_]?[A-Z]+[a-z][\w$@]*|\w+_t\b)/,q],["pln",/^[$_a-z][\w$@]*/i,q],["lit",/^(?:0x[\da-f]+|(?:\d(?:_\d+)*\d*(?:\.\d*)?|\.\d\+)(?:e[+-]?\d+)?)[a-z]*/i,q,"0123456789"],["pln",/^\\[\S\s]?/,q],["pun",/^.[^\s\w"-$'./@\\`]*/,q]);return x(m,e)}function D(a,m){function e(a){switch(a.nodeType){case 1:if(k.test(a.className))break;if("BR"===a.nodeName)h(a), +a.parentNode&&a.parentNode.removeChild(a);else for(a=a.firstChild;a;a=a.nextSibling)e(a);break;case 3:case 4:if(p){var b=a.nodeValue,d=b.match(t);if(d){var c=b.substring(0,d.index);a.nodeValue=c;(b=b.substring(d.index+d[0].length))&&a.parentNode.insertBefore(s.createTextNode(b),a.nextSibling);h(a);c||a.parentNode.removeChild(a)}}}}function h(a){function b(a,d){var e=d?a.cloneNode(!1):a,f=a.parentNode;if(f){var f=b(f,1),g=a.nextSibling;f.appendChild(e);for(var h=g;h;h=g)g=h.nextSibling,f.appendChild(h)}return e} +for(;!a.nextSibling;)if(a=a.parentNode,!a)return;for(var a=b(a.nextSibling,0),e;(e=a.parentNode)&&e.nodeType===1;)a=e;d.push(a)}var k=/(?:^|\s)nocode(?:\s|$)/,t=/\r\n?|\n/,s=a.ownerDocument,l;a.currentStyle?l=a.currentStyle.whiteSpace:window.getComputedStyle&&(l=s.defaultView.getComputedStyle(a,q).getPropertyValue("white-space"));var p=l&&"pre"===l.substring(0,3);for(l=s.createElement("LI");a.firstChild;)l.appendChild(a.firstChild);for(var d=[l],g=0;g=0;){var h=m[e];A.hasOwnProperty(h)?window.console&&console.warn("cannot override language handler %s",h):A[h]=a}}function C(a,m){if(!a||!A.hasOwnProperty(a))a=/^\s*=o&&(h+=2);e>=c&&(a+=2)}}catch(w){"console"in window&&console.log(w&&w.stack?w.stack:w)}}var v=["break,continue,do,else,for,if,return,while"],w=[[v,"auto,case,char,const,default,double,enum,extern,float,goto,int,long,register,short,signed,sizeof,static,struct,switch,typedef,union,unsigned,void,volatile"], +"catch,class,delete,false,import,new,operator,private,protected,public,this,throw,true,try,typeof"],F=[w,"alignof,align_union,asm,axiom,bool,concept,concept_map,const_cast,constexpr,decltype,dynamic_cast,explicit,export,friend,inline,late_check,mutable,namespace,nullptr,reinterpret_cast,static_assert,static_cast,template,typeid,typename,using,virtual,where"],G=[w,"abstract,boolean,byte,extends,final,finally,implements,import,instanceof,null,native,package,strictfp,super,synchronized,throws,transient"], +H=[G,"as,base,by,checked,decimal,delegate,descending,dynamic,event,fixed,foreach,from,group,implicit,in,interface,internal,into,is,lock,object,out,override,orderby,params,partial,readonly,ref,sbyte,sealed,stackalloc,string,select,uint,ulong,unchecked,unsafe,ushort,var"],w=[w,"debugger,eval,export,function,get,null,set,undefined,var,with,Infinity,NaN"],I=[v,"and,as,assert,class,def,del,elif,except,exec,finally,from,global,import,in,is,lambda,nonlocal,not,or,pass,print,raise,try,with,yield,False,True,None"], +J=[v,"alias,and,begin,case,class,def,defined,elsif,end,ensure,false,in,module,next,nil,not,or,redo,rescue,retry,self,super,then,true,undef,unless,until,when,yield,BEGIN,END"],v=[v,"case,done,elif,esac,eval,fi,function,in,local,set,then,until"],K=/^(DIR|FILE|vector|(de|priority_)?queue|list|stack|(const_)?iterator|(multi)?(set|map)|bitset|u?(int|float)\d*)/,N=/\S/,O=u({keywords:[F,H,w,"caller,delete,die,do,dump,elsif,eval,exit,foreach,for,goto,if,import,last,local,my,next,no,our,print,package,redo,require,sub,undef,unless,until,use,wantarray,while,BEGIN,END"+ +I,J,v],hashComments:!0,cStyleComments:!0,multiLineStrings:!0,regexLiterals:!0}),A={};k(O,["default-code"]);k(x([],[["pln",/^[^]*(?:>|$)/],["com",/^<\!--[\S\s]*?(?:--\>|$)/],["lang-",/^<\?([\S\s]+?)(?:\?>|$)/],["lang-",/^<%([\S\s]+?)(?:%>|$)/],["pun",/^(?:<[%?]|[%?]>)/],["lang-",/^]*>([\S\s]+?)<\/xmp\b[^>]*>/i],["lang-js",/^]*>([\S\s]*?)(<\/script\b[^>]*>)/i],["lang-css",/^]*>([\S\s]*?)(<\/style\b[^>]*>)/i],["lang-in.tag",/^(<\/?[a-z][^<>]*>)/i]]), +["default-markup","htm","html","mxml","xhtml","xml","xsl"]);k(x([["pln",/^\s+/,q," \t\r\n"],["atv",/^(?:"[^"]*"?|'[^']*'?)/,q,"\"'"]],[["tag",/^^<\/?[a-z](?:[\w-.:]*\w)?|\/?>$/i],["atn",/^(?!style[\s=]|on)[a-z](?:[\w:-]*\w)?/i],["lang-uq.val",/^=\s*([^\s"'>]*(?:[^\s"'/>]|\/(?=\s)))/],["pun",/^[/<->]+/],["lang-js",/^on\w+\s*=\s*"([^"]+)"/i],["lang-js",/^on\w+\s*=\s*'([^']+)'/i],["lang-js",/^on\w+\s*=\s*([^\s"'>]+)/i],["lang-css",/^style\s*=\s*"([^"]+)"/i],["lang-css",/^style\s*=\s*'([^']+)'/i],["lang-css", +/^style\s*=\s*([^\s"'>]+)/i]]),["in.tag"]);k(x([],[["atv",/^[\S\s]+/]]),["uq.val"]);k(u({keywords:F,hashComments:!0,cStyleComments:!0,types:K}),["c","cc","cpp","cxx","cyc","m"]);k(u({keywords:"null,true,false"}),["json"]);k(u({keywords:H,hashComments:!0,cStyleComments:!0,verbatimStrings:!0,types:K}),["cs"]);k(u({keywords:G,cStyleComments:!0}),["java"]);k(u({keywords:v,hashComments:!0,multiLineStrings:!0}),["bsh","csh","sh"]);k(u({keywords:I,hashComments:!0,multiLineStrings:!0,tripleQuotedStrings:!0}), +["cv","py"]);k(u({keywords:"caller,delete,die,do,dump,elsif,eval,exit,foreach,for,goto,if,import,last,local,my,next,no,our,print,package,redo,require,sub,undef,unless,until,use,wantarray,while,BEGIN,END",hashComments:!0,multiLineStrings:!0,regexLiterals:!0}),["perl","pl","pm"]);k(u({keywords:J,hashComments:!0,multiLineStrings:!0,regexLiterals:!0}),["rb"]);k(u({keywords:w,cStyleComments:!0,regexLiterals:!0}),["js"]);k(u({keywords:"all,and,by,catch,class,else,extends,false,finally,for,if,in,is,isnt,loop,new,no,not,null,of,off,on,or,return,super,then,true,try,unless,until,when,while,yes", +hashComments:3,cStyleComments:!0,multilineStrings:!0,tripleQuotedStrings:!0,regexLiterals:!0}),["coffee"]);k(x([],[["str",/^[\S\s]+/]]),["regex"]);window.prettyPrintOne=function(a,m,e){var h=document.createElement("PRE");h.innerHTML=a;e&&D(h,e);E({g:m,i:e,h:h});return h.innerHTML};window.prettyPrint=function(a){function m(){for(var e=window.PR_SHOULD_USE_CONTINUATION?l.now()+250:Infinity;p=0){var k=k.match(g),f,b;if(b= +!k){b=n;for(var o=void 0,c=b.firstChild;c;c=c.nextSibling)var i=c.nodeType,o=i===1?o?b:c:i===3?N.test(c.nodeValue)?b:o:o;b=(f=o===b?void 0:o)&&"CODE"===f.tagName}b&&(k=f.className.match(g));k&&(k=k[1]);b=!1;for(o=n.parentNode;o;o=o.parentNode)if((o.tagName==="pre"||o.tagName==="code"||o.tagName==="xmp")&&o.className&&o.className.indexOf("prettyprint")>=0){b=!0;break}b||((b=(b=n.className.match(/\blinenums\b(?::(\d+))?/))?b[1]&&b[1].length?+b[1]:!0:!1)&&D(n,b),d={g:k,h:n,i:b},E(d))}}p +
    + Sections +
      +
    • + Home +
      • + {% for menu in nav %} + {% if menu.title != '**HIDDEN**' %} +
    • + {% if menu.children %} + {% for item in menu.children[:1] %} + {{ menu.title }} + {% endfor %} + {% endif %} +
      • + {% endif %} + {% endfor %} +
    +     + + + + + + +
    +
    + diff --git a/docs/theme/mkdocs/prev_next.html b/docs/theme/mkdocs/prev_next.html new file mode 100644 index 0000000000..693bfbcaa4 --- /dev/null +++ b/docs/theme/mkdocs/prev_next.html @@ -0,0 +1,22 @@ + + + \ No newline at end of file diff --git a/docs/theme/mkdocs/tipuesearch/img/loader.gif b/docs/theme/mkdocs/tipuesearch/img/loader.gif new file mode 100644 index 0000000000..9c97738a27 Binary files /dev/null and b/docs/theme/mkdocs/tipuesearch/img/loader.gif differ diff --git a/docs/theme/mkdocs/tipuesearch/img/search.png b/docs/theme/mkdocs/tipuesearch/img/search.png new file mode 100755 index 0000000000..9ab0f2c1a9 Binary files /dev/null and b/docs/theme/mkdocs/tipuesearch/img/search.png differ diff --git a/docs/theme/mkdocs/tipuesearch/tipuesearch.css b/docs/theme/mkdocs/tipuesearch/tipuesearch.css new file mode 100755 index 0000000000..d5847d22dc --- /dev/null +++ b/docs/theme/mkdocs/tipuesearch/tipuesearch.css @@ -0,0 +1,136 @@ + +/* +Tipue Search 3.1 +Copyright (c) 2013 Tipue +Tipue Search is released under the MIT License +http://www.tipue.com/search +*/ + +#tipue_search_button +{ + width: 70px; + height: 36px; + border: 0; + border-radius: 1px; + background: #75a8fb url('img/search.png') no-repeat center; + outline: none; +} +#tipue_search_button:hover +{ + background-color: #5193fb; +} + +#tipue_search_content +{ + clear: left; + max-width: 650px; + padding: 25px 0 13px 0; + margin: 0; +} +#tipue_search_loading +{ + padding-top: 60px; + background: #fff url('img/loader.gif') no-repeat left; +} + +#tipue_search_warning_head +{ + font: 300 16px/1.6 'Open Sans', sans-serif; +} +#tipue_search_warning +{ + font: 13px/1.6 'Open Sans', sans-serif; + margin: 7px 0; +} +#tipue_search_warning a +{ + font-weight: 300; + text-decoration: none; +} +#tipue_search_warning a:hover +{ +} +#tipue_search_results_count +{ + font: 13px/1.6 'Open Sans', sans-serif; +} +.tipue_search_content_title +{ + font: 300 23px/1.6 'Open Sans', sans-serif; + text-rendering: optimizelegibility; + margin-top: 23px; +} +.tipue_search_content_title a +{ + text-decoration: none; +} +.tipue_search_content_title a:hover +{ +} +.tipue_search_content_text +{ + font: 13px/1.7 'Open Sans', sans-serif; + padding: 13px 0; + word-break: break-all; + word-break: break-word; + -webkit-hyphens: auto; + -moz-hyphens: auto; + hyphens: auto; +} +.tipue_search_content_loc +{ + font: 300 13px/1.7 'Open Sans', sans-serif; + word-break: break-all; + word-break: break-word; + -webkit-hyphens: auto; + -moz-hyphens: auto; + hyphens: auto; +} +.tipue_search_content_loc a +{ + text-decoration: none; +} +.tipue_search_content_loc a:hover +{ +} +#tipue_search_foot +{ + margin: 51px 0 21px 0; +} +#tipue_search_foot_boxes +{ + padding: 0; + margin: 0; + font: 12px/1 'Open Sans', sans-serif; +} +#tipue_search_foot_boxes li +{ + list-style: none; + margin: 0; + padding: 0; + display: inline; +} +#tipue_search_foot_boxes li a +{ + padding: 9px 15px 10px 15px; + background-color: #f1f1f1; + border: 1px solid #dcdcdc; + border-radius: 1px; + margin-right: 7px; + text-decoration: none; + text-align: center; +} +#tipue_search_foot_boxes li.current +{ + padding: 9px 15px 10px 15px; + background: #fff; + border: 1px solid #dcdcdc; + border-radius: 1px; + margin-right: 7px; + text-align: center; +} +#tipue_search_foot_boxes li a:hover +{ + border: 1px solid #ccc; + background-color: #f3f3f3; +} diff --git a/docs/theme/mkdocs/tipuesearch/tipuesearch.js b/docs/theme/mkdocs/tipuesearch/tipuesearch.js new file mode 100644 index 0000000000..01c09f2b8c --- /dev/null +++ b/docs/theme/mkdocs/tipuesearch/tipuesearch.js @@ -0,0 +1,383 @@ + +/* +Tipue Search 3.1 +Copyright (c) 2013 Tipue +Tipue Search is released under the MIT License +http://www.tipue.com/search +*/ + + +(function($) { + + $.fn.tipuesearch = function(options) { + + var set = $.extend( { + + 'show' : 7, + 'newWindow' : false, + 'showURL' : true, + 'minimumLength' : 3, + 'descriptiveWords' : 25, + 'highlightTerms' : true, + 'highlightEveryTerm' : false, + 'mode' : 'static', + 'liveDescription' : '*', + 'liveContent' : '*', + 'contentLocation' : 'tipuesearch/tipuesearch_content.json' + + }, options); + + return this.each(function() { + + var tipuesearch_in = { + pages: [] + }; + $.ajaxSetup({ + async: false + }); + + if (set.mode == 'live') + { + for (var i = 0; i < tipuesearch_pages.length; i++) + { + $.get(tipuesearch_pages[i], '', + function (html) + { + var cont = $(set.liveContent, html).text(); + cont = cont.replace(/\s+/g, ' '); + var desc = $(set.liveDescription, html).text(); + desc = desc.replace(/\s+/g, ' '); + + var t_1 = html.toLowerCase().indexOf(''); + var t_2 = html.toLowerCase().indexOf('', t_1 + 7); + if (t_1 != -1 && t_2 != -1) + { + var tit = html.slice(t_1 + 7, t_2); + } + else + { + var tit = 'No title'; + } + + tipuesearch_in.pages.push({ + "title": tit, + "text": desc, + "tags": cont, + "loc": tipuesearch_pages[i] + }); + } + ); + } + } + + if (set.mode == 'json') + { + $.getJSON(set.contentLocation, + function(json) + { + tipuesearch_in = $.extend({}, json); + } + ); + } + + if (set.mode == 'static') + { + tipuesearch_in = $.extend({}, tipuesearch); + } + + var tipue_search_w = ''; + if (set.newWindow) + { + tipue_search_w = ' target="_blank"'; + } + + function getURLP(name) + { + return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search)||[,""])[1].replace(/\+/g, '%20')) || null; + } + if (getURLP('q')) + { + $('#tipue_search_input').val(getURLP('q')); + getTipueSearch(0, true); + } + + $('#tipue_search_button').click(function() + { + getTipueSearch(0, true); + }); + $(this).keyup(function(event) + { + if(event.keyCode == '13') + { + getTipueSearch(0, true); + } + }); + + function getTipueSearch(start, replace) + { + $('#tipue_search_content').hide(); + var out = ''; + var results = ''; + var show_replace = false; + var show_stop = false; + + var d = $('#tipue_search_input').val().toLowerCase(); + d = $.trim(d); + var d_w = d.split(' '); + d = ''; + for (var i = 0; i < d_w.length; i++) + { + var a_w = true; + for (var f = 0; f < tipuesearch_stop_words.length; f++) + { + if (d_w[i] == tipuesearch_stop_words[f]) + { + a_w = false; + show_stop = true; + } + } + if (a_w) + { + d = d + ' ' + d_w[i]; + } + } + d = $.trim(d); + d_w = d.split(' '); + + if (d.length >= set.minimumLength) + { + if (replace) + { + var d_r = d; + for (var i = 0; i < d_w.length; i++) + { + for (var f = 0; f < tipuesearch_replace.words.length; f++) + { + if (d_w[i] == tipuesearch_replace.words[f].word) + { + d = d.replace(d_w[i], tipuesearch_replace.words[f].replace_with); + show_replace = true; + } + } + } + d_w = d.split(' '); + } + + var d_t = d; + for (var i = 0; i < d_w.length; i++) + { + for (var f = 0; f < tipuesearch_stem.words.length; f++) + { + if (d_w[i] == tipuesearch_stem.words[f].word) + { + d_t = d_t + ' ' + tipuesearch_stem.words[f].stem; + } + } + } + d_w = d_t.split(' '); + + var c = 0; + found = new Array(); + for (var i = 0; i < tipuesearch_in.pages.length; i++) + { + var score = 1000000000; + var s_t = tipuesearch_in.pages[i].text; + for (var f = 0; f < d_w.length; f++) + { + var pat = new RegExp(d_w[f], 'i'); + if (tipuesearch_in.pages[i].title.search(pat) != -1) + { + score -= (200000 - i); + } + if (tipuesearch_in.pages[i].text.search(pat) != -1) + { + score -= (150000 - i); + } + + if (set.highlightTerms) + { + if (set.highlightEveryTerm) + { + var patr = new RegExp('(' + d_w[f] + ')', 'gi'); + } + else + { + var patr = new RegExp('(' + d_w[f] + ')', 'i'); + } + s_t = s_t.replace(patr, "$1"); + } + if (tipuesearch_in.pages[i].tags.search(pat) != -1) + { + score -= (100000 - i); + } + + } + if (score < 1000000000) + { + found[c++] = score + '^' + tipuesearch_in.pages[i].title + '^' + s_t + '^' + tipuesearch_in.pages[i].loc; + } + } + + if (c != 0) + { + if (show_replace == 1) + { + out += '
    Showing results for ' + d + '
    '; + out += '
    Search for ' + d_r + '
    '; + } + if (c == 1) + { + out += '
    1 result
    '; + } + else + { + c_c = c.toString().replace(/\B(?=(\d{3})+(?!\d))/g, ","); + out += '
    ' + c_c + ' results
    '; + } + + found.sort(); + var l_o = 0; + for (var i = 0; i < found.length; i++) + { + var fo = found[i].split('^'); + if (l_o >= start && l_o < set.show + start) + { + out += '
    ' + fo[1] + '
    '; + + var t = fo[2]; + var t_d = ''; + var t_w = t.split(' '); + if (t_w.length < set.descriptiveWords) + { + t_d = t; + } + else + { + for (var f = 0; f < set.descriptiveWords; f++) + { + t_d += t_w[f] + ' '; + } + } + t_d = $.trim(t_d); + if (t_d.charAt(t_d.length - 1) != '.') + { + t_d += ' ...'; + } + out += '
    ' + t_d + '
    '; + + if (set.showURL) + { + out += '
    ' + fo[3] + '
    '; + } + } + l_o++; + } + + if (c > set.show) + { + var pages = Math.ceil(c / set.show); + var page = (start / set.show); + out += '
      '; + + if (start > 0) + { + out += '
    • « Prev
      • '; + } + + if (page <= 2) + { + var p_b = pages; + if (pages > 3) + { + p_b = 3; + } + for (var f = 0; f < p_b; f++) + { + if (f == page) + { + out += '
    • ' + (f + 1) + '
      • '; + } + else + { + out += '
    • ' + (f + 1) + '
      • '; + } + } + } + else + { + var p_b = pages + 2; + if (p_b > pages) + { + p_b = pages; + } + for (var f = page; f < p_b; f++) + { + if (f == page) + { + out += '
    • ' + (f + 1) + '
      • '; + } + else + { + out += '
    • ' + (f + 1) + '
      • '; + } + } + } + + if (page + 1 != pages) + { + out += '
    • Next »
      • '; + } + + out += '
    '; + } + } + else + { + out += '
    Nothing found
    '; + } + } + else + { + if (show_stop) + { + out += '
    Nothing found
    Common words are largely ignored
    '; + } + else + { + out += '
    Search too short
    '; + if (set.minimumLength == 1) + { + out += '
    Should be one character or more
    '; + } + else + { + out += '
    Should be ' + set.minimumLength + ' characters or more
    '; + } + } + } + + $('#tipue_search_content').html(out); + $('#tipue_search_content').slideDown(200); + + $('#tipue_search_replaced').click(function() + { + getTipueSearch(0, false); + }); + + $('.tipue_search_foot_box').click(function() + { + var id_v = $(this).attr('id'); + var id_a = id_v.split('_'); + + getTipueSearch(parseInt(id_a[0]), id_a[1]); + }); + } + + }); + }; + +})(jQuery); + + + + diff --git a/docs/theme/mkdocs/tipuesearch/tipuesearch.min.js b/docs/theme/mkdocs/tipuesearch/tipuesearch.min.js new file mode 100644 index 0000000000..bfc66f1f64 --- /dev/null +++ b/docs/theme/mkdocs/tipuesearch/tipuesearch.min.js @@ -0,0 +1,12 @@ +(function($){$.fn.tipuesearch=function(options){var set=$.extend({"show":7,"newWindow":false,"showURL":true,"minimumLength":3,"descriptiveWords":25,"highlightTerms":true,"highlightEveryTerm":false,"mode":"static","liveDescription":"*","liveContent":"*","contentLocation":"tipuesearch/tipuesearch_content.json"},options);return this.each(function(){var tipuesearch_in={pages:[]};$.ajaxSetup({async:false});if(set.mode=="live")for(var i=0;i");var t_2=html.toLowerCase().indexOf("",t_1+7);if(t_1!=-1&&t_2!=-1)var tit=html.slice(t_1+7,t_2);else var tit="No title";tipuesearch_in.pages.push({"title":tit,"text":desc,"tags":cont,"loc":tipuesearch_pages[i]})});if(set.mode=="json")$.getJSON(set.contentLocation,function(json){tipuesearch_in=$.extend({},json)}); +if(set.mode=="static")tipuesearch_in=$.extend({},tipuesearch);var tipue_search_w="";if(set.newWindow)tipue_search_w=' target="_blank"';function getURLP(name){return decodeURIComponent(((new RegExp("[?|&]"+name+"="+"([^&;]+?)(&|#|;|$)")).exec(location.search)||[,""])[1].replace(/\+/g,"%20"))||null}if(getURLP("q")){$("#tipue_search_input").val(getURLP("q"));getTipueSearch(0,true)}$("#tipue_search_button").click(function(){getTipueSearch(0,true)});$(this).keyup(function(event){if(event.keyCode=="13")getTipueSearch(0, +true)});function getTipueSearch(start,replace){$("#tipue_search_content").hide();var out="";var results="";var show_replace=false;var show_stop=false;var d=$("#tipue_search_input").val().toLowerCase();d=$.trim(d);var d_w=d.split(" ");d="";for(var i=0;i=set.minimumLength){if(replace){var d_r=d;for(var i= +0;i$1")}if(tipuesearch_in.pages[i].tags.search(pat)!=-1)score-=1E5-i}if(score<1E9)found[c++]=score+"^"+tipuesearch_in.pages[i].title+"^"+s_t+"^"+tipuesearch_in.pages[i].loc}if(c!= +0){if(show_replace==1){out+='
    Showing results for '+d+"
    ";out+='
    Search for '+d_r+"
    "}if(c==1)out+='
    1 result
    ';else{c_c=c.toString().replace(/\B(?=(\d{3})+(?!\d))/g,",");out+='
    '+c_c+" results
    "}found.sort();var l_o=0;for(var i=0;i= +start&&l_o"+fo[1]+"
    ";var t=fo[2];var t_d="";var t_w=t.split(" ");if(t_w.length";if(set.showURL)out+='
    "+fo[3]+ +"
    "}l_o++}if(c>set.show){var pages=Math.ceil(c/set.show);var page=start/set.show;out+='
      ';if(start>0)out+='
    • « Prev
      • ';if(page<=2){var p_b=pages;if(pages>3)p_b=3;for(var f=0;f'+(f+1)+"";else out+='
    • '+(f+1)+"
      • "}else{var p_b=pages+2;if(p_b>pages)p_b=pages;for(var f=page;f'+(f+1)+"";else out+='
    • '+(f+1)+"
      • "}if(page+1!=pages)out+='
    • Next »
      • ';out+="
    "}}else out+='
    Nothing found
    '}else if(show_stop)out+= +'
    Nothing found
    Common words are largely ignored
    ';else{out+='
    Search too short
    ';if(set.minimumLength==1)out+='
    Should be one character or more
    ';else out+='
    Should be '+set.minimumLength+" characters or more
    "}$("#tipue_search_content").html(out);$("#tipue_search_content").slideDown(200);$("#tipue_search_replaced").click(function(){getTipueSearch(0, +false)});$(".tipue_search_foot_box").click(function(){var id_v=$(this).attr("id");var id_a=id_v.split("_");getTipueSearch(parseInt(id_a[0]),id_a[1])})}})}})(jQuery); diff --git a/docs/theme/mkdocs/tipuesearch/tipuesearch_content.js b/docs/theme/mkdocs/tipuesearch/tipuesearch_content.js new file mode 100644 index 0000000000..f20d45a42b --- /dev/null +++ b/docs/theme/mkdocs/tipuesearch/tipuesearch_content.js @@ -0,0 +1,13 @@ +var tipuesearch = {"pages": [ + {"title": "Tipue Search, a site search engine jQuery plugin", "text": "Tipue Search is a site search engine jQuery plugin. Tipue Search is open source and released under the MIT License, which means it's free for both commercial and non-commercial use. Tipue Search is responsive and works on all reasonably modern browsers.", "tags": "JavaScript", "loc": "http://www.tipue.com/search"}, + {"title": "Tipue Search Static mode demo", "text": "This is a demo of Tipue Search Static mode.", "tags": "", "loc": "http://www.tipue.com/search/demos/static"}, + {"title": "Tipue Image Search demo", "text": "This is a demo of Tipue Image Search.", "tags": "", "loc": "http://www.tipue.com/search/demos/images"}, + {"title": "Tipue Search docs", "text": "If you haven't already done so, download Tipue Search. Copy the tipuesearch folder to your site.", "tags": "documentation", "loc": "http://www.tipue.com/search/docs"}, + {"title": "Tipue drop, a search suggestion box jQuery plugin", "text": "Tipue drop is a search suggestion box jQuery plugin. Tipue drop is open source and released under the MIT License, which means it's free for both commercial and non-commercial use. Tipue drop is responsive and works on all reasonably modern browsers.", "tags": "JavaScript", "loc": "http://www.tipue.com/drop"}, + {"title": "Tipue drop demo", "text": "Tipue drop demo. Tipue drop is a search suggestion box jQuery plugin.", "tags": "JavaScript", "loc": "http://www.tipue.com/drop/demo"}, + {"title": "Support plans", "text": "Stuck? We offer a range of flexible support plans for our jQuery plugins.", "tags": "", "loc": "http://www.tipue.com/support"}, + {"title": "About Tipue", "text": "Tipue is a small web development studio based in North London. We've been around for over a decade. We like Perl, MySQL and jQuery.", "tags": "", "loc": "http://www.tipue.com/about"} +]}; + + + diff --git a/docs/theme/mkdocs/tipuesearch/tipuesearch_set.js b/docs/theme/mkdocs/tipuesearch/tipuesearch_set.js new file mode 100644 index 0000000000..6bda3fad66 --- /dev/null +++ b/docs/theme/mkdocs/tipuesearch/tipuesearch_set.js @@ -0,0 +1,23 @@ + +/* +Tipue Search 3.1 +Copyright (c) 2013 Tipue +Tipue Search is released under the MIT License +http://www.tipue.com/search +*/ + + +var tipuesearch_stop_words = ["and", "be", "by", "do", "for", "he", "how", "if", "is", "it", "my", "not", "of", "or", "the", "to", "up", "what", "when"]; + +var tipuesearch_replace = {"words": [ + {"word": "tipua", replace_with: "tipue"}, + {"word": "javscript", replace_with: "javascript"} +]}; + +var tipuesearch_stem = {"words": [ + {"word": "e-mail", stem: "email"}, + {"word": "javascript", stem: "script"}, + {"word": "javascript", stem: "js"} +]}; + + diff --git a/docs/theme/mkdocs/toc.html b/docs/theme/mkdocs/toc.html new file mode 100644 index 0000000000..e53310d829 --- /dev/null +++ b/docs/theme/mkdocs/toc.html @@ -0,0 +1,13 @@ + diff --git a/engine/MAINTAINERS b/engine/MAINTAINERS index 354798f72e..aee10c8421 100644 --- a/engine/MAINTAINERS +++ b/engine/MAINTAINERS @@ -1 +1 @@ -#Solomon Hykes Temporarily unavailable +Solomon Hykes (@shykes) diff --git a/engine/engine.go b/engine/engine.go index 685924077c..58b43eca04 100644 --- a/engine/engine.go +++ b/engine/engine.go @@ -5,13 +5,18 @@ import ( "fmt" "github.com/dotcloud/docker/utils" "io" - "log" "os" - "runtime" "sort" "strings" ) +// Installer is a standard interface for objects which can "install" themselves +// on an engine by registering handlers. +// This can be used as an entrypoint for external plugins etc. +type Installer interface { + Install(*Engine) error +} + type Handler func(*Job) Status var globalHandlers map[string]Handler @@ -37,17 +42,14 @@ func unregister(name string) { // It acts as a store for *containers*, and allows manipulation of these // containers by executing *jobs*. type Engine struct { - root string handlers map[string]Handler + catchall Handler hack Hack // data for temporary hackery (see hack.go) id string Stdout io.Writer Stderr io.Writer Stdin io.Reader -} - -func (eng *Engine) Root() string { - return eng.root + Logging bool } func (eng *Engine) Register(name string, handler Handler) error { @@ -59,43 +61,19 @@ func (eng *Engine) Register(name string, handler Handler) error { return nil } -// New initializes a new engine managing the directory specified at `root`. -// `root` is used to store containers and any other state private to the engine. -// Changing the contents of the root without executing a job will cause unspecified -// behavior. -func New(root string) (*Engine, error) { - // Check for unsupported architectures - if runtime.GOARCH != "amd64" { - return nil, fmt.Errorf("The docker runtime currently only supports amd64 (not %s). This will change in the future. Aborting.", runtime.GOARCH) - } - // Check for unsupported kernel versions - // FIXME: it would be cleaner to not test for specific versions, but rather - // test for specific functionalities. - // Unfortunately we can't test for the feature "does not cause a kernel panic" - // without actually causing a kernel panic, so we need this workaround until - // the circumstances of pre-3.8 crashes are clearer. - // For details see http://github.com/dotcloud/docker/issues/407 - if k, err := utils.GetKernelVersion(); err != nil { - log.Printf("WARNING: %s\n", err) - } else { - if utils.CompareKernelVersion(k, &utils.KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0}) < 0 { - if os.Getenv("DOCKER_NOWARN_KERNEL_VERSION") == "" { - log.Printf("WARNING: You are running linux kernel version %s, which might be unstable running docker. Please upgrade your kernel to 3.8.0.", k.String()) - } - } - } - - if err := os.MkdirAll(root, 0700); err != nil && !os.IsExist(err) { - return nil, err - } +func (eng *Engine) RegisterCatchall(catchall Handler) { + eng.catchall = catchall +} +// New initializes a new engine. +func New() *Engine { eng := &Engine{ - root: root, handlers: make(map[string]Handler), id: utils.RandomString(), Stdout: os.Stdout, Stderr: os.Stderr, Stdin: os.Stdin, + Logging: true, } eng.Register("commands", func(job *Job) Status { for _, name := range eng.commands() { @@ -107,11 +85,11 @@ func New(root string) (*Engine, error) { for k, v := range globalHandlers { eng.handlers[k] = v } - return eng, nil + return eng } func (eng *Engine) String() string { - return fmt.Sprintf("%s|%s", eng.Root(), eng.id[:8]) + return fmt.Sprintf("%s", eng.id[:8]) } // Commands returns a list of all currently registered commands, @@ -137,10 +115,16 @@ func (eng *Engine) Job(name string, args ...string) *Job { Stderr: NewOutput(), env: &Env{}, } - job.Stderr.Add(utils.NopWriteCloser(eng.Stderr)) - handler, exists := eng.handlers[name] - if exists { + if eng.Logging { + job.Stderr.Add(utils.NopWriteCloser(eng.Stderr)) + } + + // Catchall is shadowed by specific Register. + if handler, exists := eng.handlers[name]; exists { job.handler = handler + } else if eng.catchall != nil && name != "" { + // empty job names are illegal, catchall or not. + job.handler = eng.catchall } return job } @@ -188,9 +172,9 @@ func (eng *Engine) ParseJob(input string) (*Job, error) { } func (eng *Engine) Logf(format string, args ...interface{}) (n int, err error) { - if os.Getenv("TEST") == "" { - prefixedFormat := fmt.Sprintf("[%s] %s\n", eng, strings.TrimRight(format, "\n")) - return fmt.Fprintf(eng.Stderr, prefixedFormat, args...) + if !eng.Logging { + return 0, nil } - return 0, nil + prefixedFormat := fmt.Sprintf("[%s] %s\n", eng, strings.TrimRight(format, "\n")) + return fmt.Fprintf(eng.Stderr, prefixedFormat, args...) } diff --git a/engine/engine_test.go b/engine/engine_test.go index a16c352678..de7f74012e 100644 --- a/engine/engine_test.go +++ b/engine/engine_test.go @@ -2,10 +2,6 @@ package engine import ( "bytes" - "io/ioutil" - "os" - "path" - "path/filepath" "strings" "testing" ) @@ -21,7 +17,7 @@ func TestRegister(t *testing.T) { // Register is global so let's cleanup to avoid conflicts defer unregister("dummy1") - eng := newTestEngine(t) + eng := New() //Should fail because global handlers are copied //at the engine creation @@ -40,7 +36,7 @@ func TestRegister(t *testing.T) { } func TestJob(t *testing.T) { - eng := newTestEngine(t) + eng := New() job1 := eng.Job("dummy1", "--level=awesome") if job1.handler != nil { @@ -66,8 +62,7 @@ func TestJob(t *testing.T) { } func TestEngineCommands(t *testing.T) { - eng := newTestEngine(t) - defer os.RemoveAll(eng.Root()) + eng := New() handler := func(job *Job) Status { return StatusOK } eng.Register("foo", handler) eng.Register("bar", handler) @@ -83,44 +78,9 @@ func TestEngineCommands(t *testing.T) { } } -func TestEngineRoot(t *testing.T) { - tmp, err := ioutil.TempDir("", "docker-test-TestEngineCreateDir") - if err != nil { - t.Fatal(err) - } - defer os.RemoveAll(tmp) - // We expect Root to resolve to an absolute path. - // FIXME: this should not be necessary. - // Until the above FIXME is implemented, let's check for the - // current behavior. - tmp, err = filepath.EvalSymlinks(tmp) - if err != nil { - t.Fatal(err) - } - tmp, err = filepath.Abs(tmp) - if err != nil { - t.Fatal(err) - } - dir := path.Join(tmp, "dir") - eng, err := New(dir) - if err != nil { - t.Fatal(err) - } - if st, err := os.Stat(dir); err != nil { - t.Fatal(err) - } else if !st.IsDir() { - t.Fatalf("engine.New() created something other than a directory at %s", dir) - } - if r := eng.Root(); r != dir { - t.Fatalf("Expected: %v\nReceived: %v", dir, r) - } -} - func TestEngineString(t *testing.T) { - eng1 := newTestEngine(t) - defer os.RemoveAll(eng1.Root()) - eng2 := newTestEngine(t) - defer os.RemoveAll(eng2.Root()) + eng1 := New() + eng2 := New() s1 := eng1.String() s2 := eng2.String() if eng1 == eng2 { @@ -129,8 +89,7 @@ func TestEngineString(t *testing.T) { } func TestEngineLogf(t *testing.T) { - eng := newTestEngine(t) - defer os.RemoveAll(eng.Root()) + eng := New() input := "Test log line" if n, err := eng.Logf("%s\n", input); err != nil { t.Fatal(err) @@ -140,8 +99,7 @@ func TestEngineLogf(t *testing.T) { } func TestParseJob(t *testing.T) { - eng := newTestEngine(t) - defer os.RemoveAll(eng.Root()) + eng := New() // Verify that the resulting job calls to the right place var called bool eng.Register("echo", func(job *Job) Status { @@ -175,3 +133,19 @@ func TestParseJob(t *testing.T) { t.Fatalf("Job was not called") } } + +func TestCatchallEmptyName(t *testing.T) { + eng := New() + var called bool + eng.RegisterCatchall(func(job *Job) Status { + called = true + return StatusOK + }) + err := eng.Job("").Run() + if err == nil { + t.Fatalf("Engine.Job(\"\").Run() should return an error") + } + if called { + t.Fatalf("Engine.Job(\"\").Run() should return an error") + } +} diff --git a/engine/env.go b/engine/env.go index c43a5ec971..f96795f48c 100644 --- a/engine/env.go +++ b/engine/env.go @@ -36,6 +36,13 @@ func (env *Env) Exists(key string) bool { return exists } +// Len returns the number of keys in the environment. +// Note that len(env) might be different from env.Len(), +// because the same key might be set multiple times. +func (env *Env) Len() int { + return len(env.Map()) +} + func (env *Env) Init(src *Env) { (*env) = make([]string, 0, len(*src)) for _, val := range *src { diff --git a/engine/env_test.go b/engine/env_test.go index c7079ff942..0c66cea04e 100644 --- a/engine/env_test.go +++ b/engine/env_test.go @@ -4,6 +4,34 @@ import ( "testing" ) +func TestEnvLenZero(t *testing.T) { + env := &Env{} + if env.Len() != 0 { + t.Fatalf("%d", env.Len()) + } +} + +func TestEnvLenNotZero(t *testing.T) { + env := &Env{} + env.Set("foo", "bar") + env.Set("ga", "bu") + if env.Len() != 2 { + t.Fatalf("%d", env.Len()) + } +} + +func TestEnvLenDup(t *testing.T) { + env := &Env{ + "foo=bar", + "foo=baz", + "a=b", + } + // len(env) != env.Len() + if env.Len() != 2 { + t.Fatalf("%d", env.Len()) + } +} + func TestNewJob(t *testing.T) { job := mkJob(t, "dummy", "--level=awesome") if job.Name != "dummy" { diff --git a/engine/helpers_test.go b/engine/helpers_test.go index 488529fc7f..cfa11da7cd 100644 --- a/engine/helpers_test.go +++ b/engine/helpers_test.go @@ -1,24 +1,11 @@ package engine import ( - "github.com/dotcloud/docker/utils" "testing" ) var globalTestID string -func newTestEngine(t *testing.T) *Engine { - tmp, err := utils.TestDirectory("") - if err != nil { - t.Fatal(err) - } - eng, err := New(tmp) - if err != nil { - t.Fatal(err) - } - return eng -} - func mkJob(t *testing.T, name string, args ...string) *Job { - return newTestEngine(t).Job(name, args...) + return New().Job(name, args...) } diff --git a/engine/http.go b/engine/http.go index c0418bcfb0..7e4dcd7bb4 100644 --- a/engine/http.go +++ b/engine/http.go @@ -9,7 +9,7 @@ import ( // result as an http response. // This method allows an Engine instance to be passed as a standard http.Handler interface. // -// Note that the protocol used in this methid is a convenience wrapper and is not the canonical +// Note that the protocol used in this method is a convenience wrapper and is not the canonical // implementation of remote job execution. This is because HTTP/1 does not handle stream multiplexing, // and so cannot differentiate stdout from stderr. Additionally, headers cannot be added to a response // once data has been written to the body, which makes it inconvenient to return metadata such diff --git a/engine/job.go b/engine/job.go index e83e18e4d7..b56155ac1c 100644 --- a/engine/job.go +++ b/engine/job.go @@ -3,7 +3,6 @@ package engine import ( "fmt" "io" - "os" "strings" "time" ) @@ -189,11 +188,8 @@ func (job *Job) Environ() map[string]string { } func (job *Job) Logf(format string, args ...interface{}) (n int, err error) { - if os.Getenv("TEST") == "" { - prefixedFormat := fmt.Sprintf("[%s] %s\n", job, strings.TrimRight(format, "\n")) - return fmt.Fprintf(job.Stderr, prefixedFormat, args...) - } - return 0, nil + prefixedFormat := fmt.Sprintf("[%s] %s\n", job, strings.TrimRight(format, "\n")) + return fmt.Fprintf(job.Stderr, prefixedFormat, args...) } func (job *Job) Printf(format string, args ...interface{}) (n int, err error) { @@ -212,3 +208,7 @@ func (job *Job) Error(err error) Status { fmt.Fprintf(job.Stderr, "%s\n", err) return StatusErr } + +func (job *Job) StatusCode() int { + return int(job.status) +} diff --git a/engine/job_test.go b/engine/job_test.go index 50d882c44b..1f927cbafc 100644 --- a/engine/job_test.go +++ b/engine/job_test.go @@ -1,13 +1,11 @@ package engine import ( - "os" "testing" ) func TestJobStatusOK(t *testing.T) { - eng := newTestEngine(t) - defer os.RemoveAll(eng.Root()) + eng := New() eng.Register("return_ok", func(job *Job) Status { return StatusOK }) err := eng.Job("return_ok").Run() if err != nil { @@ -16,8 +14,7 @@ func TestJobStatusOK(t *testing.T) { } func TestJobStatusErr(t *testing.T) { - eng := newTestEngine(t) - defer os.RemoveAll(eng.Root()) + eng := New() eng.Register("return_err", func(job *Job) Status { return StatusErr }) err := eng.Job("return_err").Run() if err == nil { @@ -26,8 +23,7 @@ func TestJobStatusErr(t *testing.T) { } func TestJobStatusNotFound(t *testing.T) { - eng := newTestEngine(t) - defer os.RemoveAll(eng.Root()) + eng := New() eng.Register("return_not_found", func(job *Job) Status { return StatusNotFound }) err := eng.Job("return_not_found").Run() if err == nil { @@ -36,8 +32,7 @@ func TestJobStatusNotFound(t *testing.T) { } func TestJobStdoutString(t *testing.T) { - eng := newTestEngine(t) - defer os.RemoveAll(eng.Root()) + eng := New() // FIXME: test multiple combinations of output and status eng.Register("say_something_in_stdout", func(job *Job) Status { job.Printf("Hello world\n") @@ -58,8 +53,7 @@ func TestJobStdoutString(t *testing.T) { } func TestJobStderrString(t *testing.T) { - eng := newTestEngine(t) - defer os.RemoveAll(eng.Root()) + eng := New() // FIXME: test multiple combinations of output and status eng.Register("say_something_in_stderr", func(job *Job) Status { job.Errorf("Warning, something might happen\nHere it comes!\nOh no...\nSomething happened\n") diff --git a/engine/remote.go b/engine/remote.go new file mode 100644 index 0000000000..60aad243c5 --- /dev/null +++ b/engine/remote.go @@ -0,0 +1,120 @@ +package engine + +import ( + "fmt" + "github.com/dotcloud/docker/pkg/beam" + "github.com/dotcloud/docker/pkg/beam/data" + "io" + "os" + "strconv" + "sync" +) + +type Sender struct { + beam.Sender +} + +func NewSender(s beam.Sender) *Sender { + return &Sender{s} +} + +func (s *Sender) Install(eng *Engine) error { + // FIXME: this doesn't exist yet. + eng.RegisterCatchall(s.Handle) + return nil +} + +func (s *Sender) Handle(job *Job) Status { + msg := data.Empty().Set("cmd", append([]string{job.Name}, job.Args...)...) + peer, err := beam.SendConn(s, msg.Bytes()) + if err != nil { + return job.Errorf("beamsend: %v", err) + } + defer peer.Close() + var tasks sync.WaitGroup + defer tasks.Wait() + r := beam.NewRouter(nil) + r.NewRoute().KeyStartsWith("cmd", "log", "stdout").HasAttachment().Handler(func(p []byte, stdout *os.File) error { + tasks.Add(1) + io.Copy(job.Stdout, stdout) + tasks.Done() + return nil + }) + r.NewRoute().KeyStartsWith("cmd", "log", "stderr").HasAttachment().Handler(func(p []byte, stderr *os.File) error { + tasks.Add(1) + io.Copy(job.Stderr, stderr) + tasks.Done() + return nil + }) + r.NewRoute().KeyStartsWith("cmd", "log", "stdin").HasAttachment().Handler(func(p []byte, stdin *os.File) error { + tasks.Add(1) + io.Copy(stdin, job.Stdin) + tasks.Done() + return nil + }) + var status int + r.NewRoute().KeyStartsWith("cmd", "status").Handler(func(p []byte, f *os.File) error { + cmd := data.Message(p).Get("cmd") + if len(cmd) != 2 { + return fmt.Errorf("usage: %s <0-127>", cmd[0]) + } + s, err := strconv.ParseUint(cmd[1], 10, 8) + if err != nil { + return fmt.Errorf("usage: %s <0-127>", cmd[0]) + } + status = int(s) + return nil + + }) + if _, err := beam.Copy(r, peer); err != nil { + return job.Errorf("%v", err) + } + return Status(status) +} + +type Receiver struct { + *Engine + peer beam.Receiver +} + +func NewReceiver(peer beam.Receiver) *Receiver { + return &Receiver{Engine: New(), peer: peer} +} + +func (rcv *Receiver) Run() error { + r := beam.NewRouter(nil) + r.NewRoute().KeyExists("cmd").Handler(func(p []byte, f *os.File) error { + // Use the attachment as a beam return channel + peer, err := beam.FileConn(f) + if err != nil { + f.Close() + return err + } + cmd := data.Message(p).Get("cmd") + job := rcv.Engine.Job(cmd[0], cmd[1:]...) + stdout, err := beam.SendPipe(peer, data.Empty().Set("cmd", "log", "stdout").Bytes()) + if err != nil { + return err + } + job.Stdout.Add(stdout) + stderr, err := beam.SendPipe(peer, data.Empty().Set("cmd", "log", "stderr").Bytes()) + if err != nil { + return err + } + job.Stderr.Add(stderr) + stdin, err := beam.SendPipe(peer, data.Empty().Set("cmd", "log", "stdin").Bytes()) + if err != nil { + return err + } + job.Stdin.Add(stdin) + // ignore error because we pass the raw status + job.Run() + err = peer.Send(data.Empty().Set("cmd", "status", fmt.Sprintf("%d", job.status)).Bytes(), nil) + if err != nil { + return err + } + return nil + }) + _, err := beam.Copy(r, rcv.peer) + return err +} diff --git a/engine/remote_test.go b/engine/remote_test.go new file mode 100644 index 0000000000..54092ec934 --- /dev/null +++ b/engine/remote_test.go @@ -0,0 +1,3 @@ +package engine + +import () diff --git a/engine/rengine/main.go b/engine/rengine/main.go new file mode 100644 index 0000000000..b4fa01d39c --- /dev/null +++ b/engine/rengine/main.go @@ -0,0 +1,43 @@ +package main + +import ( + "fmt" + "github.com/dotcloud/docker/engine" + "github.com/dotcloud/docker/pkg/beam" + "net" + "os" +) + +func main() { + eng := engine.New() + + c, err := net.Dial("unix", "beam.sock") + if err != nil { + fmt.Fprintf(os.Stderr, "%v\n", err) + return + } + defer c.Close() + f, err := c.(*net.UnixConn).File() + if err != nil { + fmt.Fprintf(os.Stderr, "%v\n", err) + return + } + + child, err := beam.FileConn(f) + if err != nil { + fmt.Fprintf(os.Stderr, "%v\n", err) + return + } + defer child.Close() + + sender := engine.NewSender(child) + sender.Install(eng) + + cmd := eng.Job(os.Args[1], os.Args[2:]...) + cmd.Stdout.Add(os.Stdout) + cmd.Stderr.Add(os.Stderr) + if err := cmd.Run(); err != nil { + fmt.Fprintf(os.Stderr, "%v\n", err) + os.Exit(1) + } +} diff --git a/engine/spawn/spawn.go b/engine/spawn/spawn.go new file mode 100644 index 0000000000..6680845bc1 --- /dev/null +++ b/engine/spawn/spawn.go @@ -0,0 +1,119 @@ +package spawn + +import ( + "fmt" + "github.com/dotcloud/docker/engine" + "github.com/dotcloud/docker/pkg/beam" + "github.com/dotcloud/docker/utils" + "os" + "os/exec" +) + +var initCalled bool + +// Init checks if the current process has been created by Spawn. +// +// If no, it returns nil and the original program can continue +// unmodified. +// +// If no, it hijacks the process to run as a child worker controlled +// by its parent over a beam connection, with f exposed as a remote +// service. In this case Init never returns. +// +// The hijacking process takes place as follows: +// - Open file descriptor 3 as a beam endpoint. If this fails, +// terminate the current process. +// - Start a new engine. +// - Call f.Install on the engine. Any handlers registered +// will be available for remote invocation by the parent. +// - Listen for beam messages from the parent and pass them to +// the handlers. +// - When the beam endpoint is closed by the parent, terminate +// the current process. +// +// NOTE: Init must be called at the beginning of the same program +// calling Spawn. This is because Spawn approximates a "fork" by +// re-executing the current binary - where it expects spawn.Init +// to intercept the control flow and execute the worker code. +func Init(f engine.Installer) error { + initCalled = true + if os.Getenv("ENGINESPAWN") != "1" { + return nil + } + fmt.Printf("[%d child]\n", os.Getpid()) + // Hijack the process + childErr := func() error { + fd3 := os.NewFile(3, "beam-introspect") + introsp, err := beam.FileConn(fd3) + if err != nil { + return fmt.Errorf("beam introspection error: %v", err) + } + fd3.Close() + defer introsp.Close() + eng := engine.NewReceiver(introsp) + if err := f.Install(eng.Engine); err != nil { + return err + } + if err := eng.Run(); err != nil { + return err + } + return nil + }() + if childErr != nil { + os.Exit(1) + } + os.Exit(0) + return nil // Never reached +} + +// Spawn starts a new Engine in a child process and returns +// a proxy Engine through which it can be controlled. +// +// The commands available on the child engine are determined +// by an earlier call to Init. It is important that Init be +// called at the very beginning of the current program - this +// allows it to be called as a re-execution hook in the child +// process. +// +// Long story short, if you want to expose `myservice` in a child +// process, do this: +// +// func main() { +// spawn.Init(myservice) +// [..] +// child, err := spawn.Spawn() +// [..] +// child.Job("dosomething").Run() +// } +func Spawn() (*engine.Engine, error) { + if !initCalled { + return nil, fmt.Errorf("spawn.Init must be called at the top of the main() function") + } + cmd := exec.Command(utils.SelfPath()) + cmd.Env = append(cmd.Env, "ENGINESPAWN=1") + local, remote, err := beam.SocketPair() + if err != nil { + return nil, err + } + child, err := beam.FileConn(local) + if err != nil { + local.Close() + remote.Close() + return nil, err + } + local.Close() + cmd.ExtraFiles = append(cmd.ExtraFiles, remote) + // FIXME: the beam/engine glue has no way to inform the caller + // of the child's termination. The next call will simply return + // an error. + if err := cmd.Start(); err != nil { + child.Close() + return nil, err + } + eng := engine.New() + if err := engine.NewSender(child).Install(eng); err != nil { + child.Close() + return nil, err + } + return eng, nil +} diff --git a/engine/spawn/subengine/main.go b/engine/spawn/subengine/main.go new file mode 100644 index 0000000000..3be7520a67 --- /dev/null +++ b/engine/spawn/subengine/main.go @@ -0,0 +1,61 @@ +package main + +import ( + "fmt" + "github.com/dotcloud/docker/engine" + "github.com/dotcloud/docker/engine/spawn" + "log" + "os" + "os/exec" + "strings" +) + +func main() { + fmt.Printf("[%d] MAIN\n", os.Getpid()) + spawn.Init(&Worker{}) + fmt.Printf("[%d parent] spawning\n", os.Getpid()) + eng, err := spawn.Spawn() + if err != nil { + log.Fatal(err) + } + fmt.Printf("[parent] spawned\n") + job := eng.Job(os.Args[1], os.Args[2:]...) + job.Stdout.Add(os.Stdout) + job.Stderr.Add(os.Stderr) + job.Run() + // FIXME: use the job's status code + os.Exit(0) +} + +type Worker struct { +} + +func (w *Worker) Install(eng *engine.Engine) error { + eng.Register("exec", w.Exec) + eng.Register("cd", w.Cd) + eng.Register("echo", w.Echo) + return nil +} + +func (w *Worker) Exec(job *engine.Job) engine.Status { + fmt.Printf("--> %v\n", job.Args) + cmd := exec.Command(job.Args[0], job.Args[1:]...) + cmd.Stdout = job.Stdout + cmd.Stderr = os.Stderr + if err := cmd.Run(); err != nil { + return job.Errorf("%v\n", err) + } + return engine.StatusOK +} + +func (w *Worker) Cd(job *engine.Job) engine.Status { + if err := os.Chdir(job.Args[0]); err != nil { + return job.Errorf("%v\n", err) + } + return engine.StatusOK +} + +func (w *Worker) Echo(job *engine.Job) engine.Status { + fmt.Fprintf(job.Stdout, "%s\n", strings.Join(job.Args, " ")) + return engine.StatusOK +} diff --git a/graph/graph.go b/graph/graph.go index 5b08ce3cf1..b889139121 100644 --- a/graph/graph.go +++ b/graph/graph.go @@ -3,10 +3,10 @@ package graph import ( "fmt" "github.com/dotcloud/docker/archive" + "github.com/dotcloud/docker/daemon/graphdriver" "github.com/dotcloud/docker/dockerversion" "github.com/dotcloud/docker/image" "github.com/dotcloud/docker/runconfig" - "github.com/dotcloud/docker/runtime/graphdriver" "github.com/dotcloud/docker/utils" "io" "io/ioutil" @@ -40,7 +40,7 @@ func NewGraph(root string, driver graphdriver.Driver) (*Graph, error) { graph := &Graph{ Root: abspath, - idIndex: utils.NewTruncIndex(), + idIndex: utils.NewTruncIndex([]string{}), driver: driver, } if err := graph.restore(); err != nil { @@ -54,12 +54,14 @@ func (graph *Graph) restore() error { if err != nil { return err } + var ids = []string{} for _, v := range dir { id := v.Name() if graph.driver.Exists(id) { - graph.idIndex.Add(id) + ids = append(ids, id) } } + graph.idIndex = utils.NewTruncIndex(ids) utils.Debugf("Restored %d elements", len(dir)) return nil } @@ -96,7 +98,7 @@ func (graph *Graph) Get(name string) (*image.Image, error) { img.SetGraph(graph) if img.Size < 0 { - rootfs, err := graph.driver.Get(img.ID) + rootfs, err := graph.driver.Get(img.ID, "") if err != nil { return nil, fmt.Errorf("Driver %s failed to get image rootfs %s: %s", graph.driver, img.ID, err) } @@ -108,7 +110,7 @@ func (graph *Graph) Get(name string) (*image.Image, error) { return nil, err } } else { - parentFs, err := graph.driver.Get(img.Parent) + parentFs, err := graph.driver.Get(img.Parent, "") if err != nil { return nil, err } @@ -189,11 +191,11 @@ func (graph *Graph) Register(jsonData []byte, layerData archive.ArchiveReader, i } // Create root filesystem in the driver - if err := graph.driver.Create(img.ID, img.Parent, ""); err != nil { + if err := graph.driver.Create(img.ID, img.Parent); err != nil { return fmt.Errorf("Driver %s failed to create image rootfs %s: %s", graph.driver, img.ID, err) } // Mount the root filesystem so we can apply the diff/layer - rootfs, err := graph.driver.Get(img.ID) + rootfs, err := graph.driver.Get(img.ID, "") if err != nil { return fmt.Errorf("Driver %s failed to get image rootfs %s: %s", graph.driver, img.ID, err) } @@ -272,15 +274,15 @@ func SetupInitLayer(initLayer string) error { if _, err := os.Stat(path.Join(initLayer, pth)); err != nil { if os.IsNotExist(err) { + if err := os.MkdirAll(path.Join(initLayer, path.Dir(pth)), 0755); err != nil { + return err + } switch typ { case "dir": if err := os.MkdirAll(path.Join(initLayer, pth), 0755); err != nil { return err } case "file": - if err := os.MkdirAll(path.Join(initLayer, path.Dir(pth)), 0755); err != nil { - return err - } f, err := os.OpenFile(path.Join(initLayer, pth), os.O_CREATE, 0755) if err != nil { return err diff --git a/graph/tags_unit_test.go b/graph/tags_unit_test.go index 17773912cf..bc438131ca 100644 --- a/graph/tags_unit_test.go +++ b/graph/tags_unit_test.go @@ -2,9 +2,9 @@ package graph import ( "bytes" + "github.com/dotcloud/docker/daemon/graphdriver" + _ "github.com/dotcloud/docker/daemon/graphdriver/vfs" // import the vfs driver so it is used in the tests "github.com/dotcloud/docker/image" - "github.com/dotcloud/docker/runtime/graphdriver" - _ "github.com/dotcloud/docker/runtime/graphdriver/vfs" // import the vfs driver so it is used in the tests "github.com/dotcloud/docker/utils" "github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar" "io" diff --git a/hack/MAINTAINERS b/hack/MAINTAINERS index 18e05a3070..299d9a14af 100644 --- a/hack/MAINTAINERS +++ b/hack/MAINTAINERS @@ -1 +1,2 @@ Tianon Gravi (@tianon) +dind: Jerome Petazzoni (@jpetazzo) diff --git a/hack/PACKAGERS.md b/hack/PACKAGERS.md index 7170c5ad25..9edb4a3e14 100644 --- a/hack/PACKAGERS.md +++ b/hack/PACKAGERS.md @@ -265,6 +265,7 @@ To function properly, the Docker daemon needs the following software to be installed and available at runtime: * iptables version 1.4 or later +* procps (or similar provider of a "ps" executable) * XZ Utils version 4.9 or later * a [properly mounted](https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount) diff --git a/hack/bootcamp/README.md b/hack/bootcamp/README.md deleted file mode 100644 index 2c3d356daf..0000000000 --- a/hack/bootcamp/README.md +++ /dev/null @@ -1,91 +0,0 @@ -# Docker maintainer bootcamp - -## Introduction: we need more maintainers - -Docker is growing incredibly fast. At the time of writing, it has received over 200 contributions from 90 people, -and its API is used by dozens of 3rd-party tools. Over 1,000 issues have been opened. As the first production deployments -start going live, the growth will only accelerate. - -Also at the time of writing, Docker has 3 full-time maintainers, and 7 part-time subsystem maintainers. If docker -is going to live up to the expectations, we need more than that. - -This document describes a *bootcamp* to guide and train volunteers interested in helping the project, either with individual -contributions, maintainer work, or both. - -This bootcamp is an experiment. If you decide to go through it, consider yourself an alpha-tester. You should expect quirks, -and report them to us as you encounter them to help us smooth out the process. - - -## How it works - -The maintainer bootcamp is a 12-step program - one step for each of the maintainer's responsibilities. The aspiring maintainer must -validate all 12 steps by 1) studying it, 2) practicing it, and 3) getting endorsed for it. - -Steps are all equally important and can be validated in any order. Validating all 12 steps is a pre-requisite for becoming a core -maintainer, but even 1 step will make you a better contributor! - -### List of steps - -#### 1) Be a power user - -Use docker daily, build cool things with it, know its quirks inside and out. - - -#### 2) Help users - -Answer questions on irc, twitter, email, in person. - - -#### 3) Manage the bug tracker - -Help triage tickets - ask the right questions, find duplicates, reference relevant resources, know when to close a ticket when necessary, take the time to go over older tickets. - - -#### 4) Improve the documentation - -Follow the documentation from scratch regularly and make sure it is still up-to-date. Find and fix inconsistencies. Remove stale information. Find a frequently asked question that is not documented. Simplify the content and the form. - - -#### 5) Evangelize the principles of docker - -Understand what the underlying goals and principle of docker are. Explain design decisions based on what docker is, and what it is not. When someone is not using docker, find how docker can be valuable to them. If they are using docker, find how they can use it better. - - -#### 6) Fix bugs - -Self-explanatory. Contribute improvements to docker which solve defects. Bugfixes should be well-tested, and prioritized by impact to the user. - - -#### 7) Improve the testing infrastructure - -Automated testing is complicated and should be perpetually improved. Invest time to improve the current tooling. Refactor existing tests, create new ones, make testing more accessible to developers, add new testing capabilities (integration tests, mocking, stress test...), improve integration between tests and documentation... - - -#### 8) Contribute features - -Improve docker to do more things, or get better at doing the same things. Features should be well-tested, not break existing APIs, respect the project goals. They should make the user's life measurably better. Features should be discussed ahead of time to avoid wasting time and duplicating effort. - - -#### 9) Refactor internals - -Improve docker to repay technical debt. Simplify code layout, improve performance, add missing comments, reduce the number of files and functions, rename functions and variables to be more readable, go over FIXMEs, etc. - -#### 10) Review and merge contributions - -Review pull requests in a timely manner, review code in detail and offer feedback. Keep a high bar without being pedantic. Share the load of testing and merging pull requests. - -#### 11) Release - -Manage a release of docker from beginning to end. Tests, final review, tags, builds, upload to mirrors, distro packaging, etc. - -#### 12) Train other maintainers - -Contribute to training other maintainers. Give advice, delegate work, help organize the bootcamp. This also means contribute to the maintainer's manual, look for ways to improve the project organization etc. - -### How to study a step - -### How to practice a step - -### How to get endorsed for a step - - diff --git a/hack/dind b/hack/dind index 94147f5324..df2baa2757 100755 --- a/hack/dind +++ b/hack/dind @@ -1,4 +1,5 @@ #!/bin/bash +set -e # DinD: a wrapper script which allows docker to be run inside a docker container. # Original version by Jerome Petazzoni @@ -9,32 +10,34 @@ # Usage: dind CMD [ARG...] +# apparmor sucks and Docker needs to know that it's in a container (c) @tianon +export container=docker + # First, make sure that cgroups are mounted correctly. CGROUP=/sys/fs/cgroup -[ -d $CGROUP ] || - mkdir $CGROUP +mkdir -p "$CGROUP" -mountpoint -q $CGROUP || +if ! mountpoint -q "$CGROUP"; then mount -n -t tmpfs -o uid=0,gid=0,mode=0755 cgroup $CGROUP || { - echo "Could not make a tmpfs mount. Did you use --privileged?" + echo >&2 'Could not make a tmpfs mount. Did you use --privileged?' exit 1 } +fi -if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security -then - mount -t securityfs none /sys/kernel/security || { - echo "Could not mount /sys/kernel/security." - echo "AppArmor detection and -privileged mode might break." - } +if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security; then + mount -t securityfs none /sys/kernel/security || { + echo >&2 'Could not mount /sys/kernel/security.' + echo >&2 'AppArmor detection and -privileged mode might break.' + } fi # Mount the cgroup hierarchies exactly as they are in the parent system. -for SUBSYS in $(cut -d: -f2 /proc/1/cgroup) -do - [ -d $CGROUP/$SUBSYS ] || mkdir $CGROUP/$SUBSYS - mountpoint -q $CGROUP/$SUBSYS || - mount -n -t cgroup -o $SUBSYS cgroup $CGROUP/$SUBSYS +for SUBSYS in $(cut -d: -f2 /proc/1/cgroup); do + mkdir -p "$CGROUP/$SUBSYS" + if ! mountpoint -q $CGROUP/$SUBSYS; then + mount -n -t cgroup -o "$SUBSYS" cgroup "$CGROUP/$SUBSYS" + fi # The two following sections address a bug which manifests itself # by a cryptic "lxc-start: no ns_cgroup option specified" when @@ -49,45 +52,37 @@ do # Systemd and OpenRC (and possibly others) both create such a # cgroup. To avoid the aforementioned bug, we symlink "foo" to # "name=foo". This shouldn't have any adverse effect. - echo $SUBSYS | grep -q ^name= && { - NAME=$(echo $SUBSYS | sed s/^name=//) - ln -s $SUBSYS $CGROUP/$NAME - } + name="${SUBSYS#name=}" + if [ "$name" != "$SUBSYS" ]; then + ln -s "$SUBSYS" "$CGROUP/$name" + fi # Likewise, on at least one system, it has been reported that # systemd would mount the CPU and CPU accounting controllers # (respectively "cpu" and "cpuacct") with "-o cpuacct,cpu" # but on a directory called "cpu,cpuacct" (note the inversion # in the order of the groups). This tries to work around it. - [ $SUBSYS = cpuacct,cpu ] && ln -s $SUBSYS $CGROUP/cpu,cpuacct + if [ "$SUBSYS" = 'cpuacct,cpu' ]; then + ln -s "$SUBSYS" "$CGROUP/cpu,cpuacct" + fi done # Note: as I write those lines, the LXC userland tools cannot setup # a "sub-container" properly if the "devices" cgroup is not in its # own hierarchy. Let's detect this and issue a warning. -grep -q :devices: /proc/1/cgroup || - echo "WARNING: the 'devices' cgroup should be in its own hierarchy." -grep -qw devices /proc/1/cgroup || - echo "WARNING: it looks like the 'devices' cgroup is not mounted." - -# Now, close extraneous file descriptors. -pushd /proc/self/fd >/dev/null -for FD in * -do - case "$FD" in - # Keep stdin/stdout/stderr - [012]) - ;; - # Nuke everything else - *) - eval exec "$FD>&-" - ;; - esac -done -popd >/dev/null +if ! grep -q :devices: /proc/1/cgroup; then + echo >&2 'WARNING: the "devices" cgroup should be in its own hierarchy.' +fi +if ! grep -qw devices /proc/1/cgroup; then + echo >&2 'WARNING: it looks like the "devices" cgroup is not mounted.' +fi # Mount /tmp mount -t tmpfs none /tmp -[ "$1" ] && exec "$@" -echo "You probably want to run hack/make.sh, or maybe a shell?" +if [ $# -gt 0 ]; then + exec "$@" +fi + +echo >&2 'ERROR: No command specified.' +echo >&2 'You probably want to run hack/make.sh, or maybe a shell?' diff --git a/hack/infrastructure/MAINTAINERS b/hack/infrastructure/MAINTAINERS deleted file mode 100644 index bd089c55f4..0000000000 --- a/hack/infrastructure/MAINTAINERS +++ /dev/null @@ -1,2 +0,0 @@ -Ken Cochrane (@kencochrane) -Jerome Petazzoni (@jpetazzo) diff --git a/hack/make.sh b/hack/make.sh index e81271370d..8636756c87 100755 --- a/hack/make.sh +++ b/hack/make.sh @@ -40,13 +40,19 @@ echo # List of bundles to create when no argument is passed DEFAULT_BUNDLES=( + validate-dco + validate-gofmt + binary - test + + test-unit test-integration test-integration-cli + dynbinary dyntest dyntest-integration + cover cross tgz @@ -101,6 +107,24 @@ LDFLAGS_STATIC_DOCKER=" -extldflags \"$EXTLDFLAGS_STATIC_DOCKER\" " +if [ "$(uname -s)" = 'FreeBSD' ]; then + # Tell cgo the compiler is Clang, not GCC + # https://code.google.com/p/go/source/browse/src/cmd/cgo/gcc.go?spec=svne77e74371f2340ee08622ce602e9f7b15f29d8d3&r=e6794866ebeba2bf8818b9261b54e2eef1c9e588#752 + export CC=clang + + # "-extld clang" is a workaround for + # https://code.google.com/p/go/issues/detail?id=6845 + LDFLAGS="$LDFLAGS -extld clang" +fi + +# If sqlite3.h doesn't exist under /usr/include, +# check /usr/local/include also just in case +# (e.g. FreeBSD Ports installs it under the directory) +if [ ! -e /usr/include/sqlite3.h ] && [ -e /usr/local/include/sqlite3.h ]; then + export CGO_CFLAGS='-I/usr/local/include' + export CGO_LDFLAGS='-L/usr/local/lib' +fi + HAVE_GO_TEST_COVER= if \ go help testflag | grep -- -cover > /dev/null \ @@ -136,7 +160,7 @@ go_test_dir() { # holding certain files ($1 parameter), and prints their paths on standard # output, one per line. find_dirs() { - find -not \( \ + find . -not \( \ \( \ -wholename './vendor' \ -o -wholename './integration' \ diff --git a/hack/make/.ensure-busybox b/hack/make/.ensure-busybox new file mode 100644 index 0000000000..3861faaf11 --- /dev/null +++ b/hack/make/.ensure-busybox @@ -0,0 +1,10 @@ +#!/bin/bash + +if ! docker inspect busybox &> /dev/null; then + if [ -d /docker-busybox ]; then + source "$(dirname "$BASH_SOURCE")/.ensure-scratch" + ( set -x; docker build -t busybox /docker-busybox ) + else + ( set -x; docker pull busybox ) + fi +fi diff --git a/hack/make/.ensure-scratch b/hack/make/.ensure-scratch new file mode 100644 index 0000000000..487e85ae27 --- /dev/null +++ b/hack/make/.ensure-scratch @@ -0,0 +1,21 @@ +#!/bin/bash + +if ! docker inspect scratch &> /dev/null; then + # let's build a "docker save" tarball for "scratch" + # see https://github.com/dotcloud/docker/pull/5262 + # and also https://github.com/dotcloud/docker/issues/4242 + mkdir -p /docker-scratch + ( + cd /docker-scratch + echo '{"scratch":{"latest":"511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158"}}' > repositories + mkdir -p 511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158 + ( + cd 511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158 + echo '{"id":"511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158","comment":"Imported from -","created":"2013-06-13T14:03:50.821769-07:00","container_config":{"Hostname":"","Domainname":"","User":"","Memory":0,"MemorySwap":0,"CpuShares":0,"AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"PortSpecs":null,"ExposedPorts":null,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":null,"Image":"","Volumes":null,"WorkingDir":"","Entrypoint":null,"NetworkDisabled":false,"OnBuild":null},"docker_version":"0.4.0","architecture":"x86_64","Size":0}' > json + echo '1.0' > VERSION + tar -cf layer.tar --files-from /dev/null + ) + ) + ( set -x; tar -cf /docker-scratch.tar -C /docker-scratch . ) + ( set -x; docker load --input /docker-scratch.tar ) +fi diff --git a/hack/make/.validate b/hack/make/.validate new file mode 100644 index 0000000000..cf6be53a68 --- /dev/null +++ b/hack/make/.validate @@ -0,0 +1,33 @@ +#!/bin/bash + +if [ -z "$VALIDATE_UPSTREAM" ]; then + # this is kind of an expensive check, so let's not do this twice if we + # are running more than one validate bundlescript + + VALIDATE_REPO='https://github.com/dotcloud/docker.git' + VALIDATE_BRANCH='master' + + if [ "$TRAVIS" = 'true' -a "$TRAVIS_PULL_REQUEST" != 'false' ]; then + VALIDATE_REPO="https://github.com/${TRAVIS_REPO_SLUG}.git" + VALIDATE_BRANCH="${TRAVIS_BRANCH}" + fi + + VALIDATE_HEAD="$(git rev-parse --verify HEAD)" + + git fetch -q "$VALIDATE_REPO" "refs/heads/$VALIDATE_BRANCH" + VALIDATE_UPSTREAM="$(git rev-parse --verify FETCH_HEAD)" + + VALIDATE_COMMIT_LOG="$VALIDATE_UPSTREAM..$VALIDATE_HEAD" + VALIDATE_COMMIT_DIFF="$VALIDATE_UPSTREAM...$VALIDATE_HEAD" + + validate_diff() { + if [ "$VALIDATE_UPSTREAM" != "$VALIDATE_HEAD" ]; then + git diff "$VALIDATE_COMMIT_DIFF" "$@" + fi + } + validate_log() { + if [ "$VALIDATE_UPSTREAM" != "$VALIDATE_HEAD" ]; then + git log "$VALIDATE_COMMIT_LOG" "$@" + fi + } +fi diff --git a/hack/make/binary b/hack/make/binary index 041e4d1ee8..b97069a856 100755 --- a/hack/make/binary +++ b/hack/make/binary @@ -1,4 +1,5 @@ #!/bin/bash +set -e DEST=$1 diff --git a/hack/make/cover b/hack/make/cover index 6dc71d1c7e..ca772d03bc 100644 --- a/hack/make/cover +++ b/hack/make/cover @@ -1,4 +1,5 @@ #!/bin/bash +set -e DEST="$1" diff --git a/hack/make/cross b/hack/make/cross index e8f90e29b7..32fbbc38f9 100644 --- a/hack/make/cross +++ b/hack/make/cross @@ -1,4 +1,5 @@ #!/bin/bash +set -e DEST=$1 diff --git a/hack/make/dynbinary b/hack/make/dynbinary index 75cffe3dcc..426b9cb566 100644 --- a/hack/make/dynbinary +++ b/hack/make/dynbinary @@ -1,4 +1,5 @@ #!/bin/bash +set -e DEST=$1 diff --git a/hack/make/dyntest b/hack/make/dyntest index 744db3e999..56f624b1f5 100644 --- a/hack/make/dyntest +++ b/hack/make/dyntest @@ -1,10 +1,9 @@ #!/bin/bash +set -e DEST=$1 INIT=$DEST/../dynbinary/dockerinit-$VERSION -set -e - if [ ! -x "$INIT" ]; then echo >&2 'error: dynbinary must be run before dyntest' false diff --git a/hack/make/dyntest-integration b/hack/make/dyntest-integration index ef7e6a5a41..03d7cbef95 100644 --- a/hack/make/dyntest-integration +++ b/hack/make/dyntest-integration @@ -1,10 +1,9 @@ #!/bin/bash +set -e DEST=$1 INIT=$DEST/../dynbinary/dockerinit-$VERSION -set -e - if [ ! -x "$INIT" ]; then echo >&2 'error: dynbinary must be run before dyntest-integration' false diff --git a/hack/make/test-integration b/hack/make/test-integration index 0af4c23c48..4c2bccaead 100644 --- a/hack/make/test-integration +++ b/hack/make/test-integration @@ -1,9 +1,8 @@ #!/bin/bash +set -e DEST=$1 -set -e - bundle_test_integration() { LDFLAGS="$LDFLAGS $LDFLAGS_STATIC_DOCKER" go_test_dir ./integration \ "-coverpkg $(find_dirs '*.go' | sed 's,^\.,github.com/dotcloud/docker,g' | paste -d, -s)" diff --git a/hack/make/test-integration-cli b/hack/make/test-integration-cli index b0506d261a..f2128a26ac 100644 --- a/hack/make/test-integration-cli +++ b/hack/make/test-integration-cli @@ -1,9 +1,8 @@ #!/bin/bash +set -e DEST=$1 -set -e - DOCKER_GRAPHDRIVER=${DOCKER_GRAPHDRIVER:-vfs} DOCKER_EXECDRIVER=${DOCKER_EXECDRIVER:-native} @@ -14,12 +13,15 @@ bundle_test_integration_cli() { # subshell so that we can export PATH without breaking other things ( export PATH="$DEST/../binary:$DEST/../dynbinary:$PATH" - + if ! command -v docker &> /dev/null; then echo >&2 'error: binary or dynbinary must be run before test-integration-cli' false fi - + + # intentionally open a couple bogus file descriptors to help test that they get scrubbed in containers + exec 41>&1 42>&2 + ( set -x; exec \ docker --daemon --debug \ --storage-driver "$DOCKER_GRAPHDRIVER" \ @@ -27,13 +29,14 @@ bundle_test_integration_cli() { --pidfile "$DEST/docker.pid" \ &> "$DEST/docker.log" ) & - + # pull the busybox image before running the tests sleep 2 - ( set -x; docker pull busybox ) - + + source "$(dirname "$BASH_SOURCE")/.ensure-busybox" + bundle_test_integration_cli - + DOCKERD_PID=$(set -x; cat $DEST/docker.pid) ( set -x; kill $DOCKERD_PID ) wait $DOCKERD_PID || true diff --git a/hack/make/test b/hack/make/test-unit similarity index 80% rename from hack/make/test rename to hack/make/test-unit index 39ba5cd3a5..066865859c 100644 --- a/hack/make/test +++ b/hack/make/test-unit @@ -1,9 +1,8 @@ #!/bin/bash +set -e DEST=$1 -set -e - RED=$'\033[31m' GREEN=$'\033[32m' TEXTRESET=$'\033[0m' # reset the foreground colour @@ -12,14 +11,19 @@ TEXTRESET=$'\033[0m' # reset the foreground colour # If $TESTFLAGS is set in the environment, it is passed as extra arguments to 'go test'. # You can use this to select certain tests to run, eg. # -# TESTFLAGS='-run ^TestBuild$' ./hack/make.sh test +# TESTFLAGS='-run ^TestBuild$' ./hack/make.sh test-unit # -bundle_test() { +bundle_test_unit() { { date + # Run all the tests if no TESTDIRS were specified. + if [ -z "$TESTDIRS" ]; then + TESTDIRS=$(find_dirs '*_test.go') + fi + TESTS_FAILED=() - for test_dir in $(find_dirs '*_test.go'); do + for test_dir in $TESTDIRS; do echo if ! LDFLAGS="$LDFLAGS $LDFLAGS_STATIC_DOCKER" go_test_dir "$test_dir"; then @@ -48,4 +52,4 @@ bundle_test() { } 2>&1 | tee $DEST/test.log } -bundle_test +bundle_test_unit diff --git a/hack/make/ubuntu b/hack/make/ubuntu index 403a6c7652..751eacf868 100644 --- a/hack/make/ubuntu +++ b/hack/make/ubuntu @@ -46,6 +46,19 @@ bundle_ubuntu() { mkdir -p $DIR/etc/fish/completions cp contrib/completion/fish/docker.fish $DIR/etc/fish/completions/ + # Include contributed man pages + contrib/man/md/md2man-all.sh -q + manRoot="$DIR/usr/share/man" + mkdir -p "$manRoot" + for manDir in contrib/man/man*; do + manBase="$(basename "$manDir")" # "man1" + for manFile in "$manDir"/*; do + manName="$(basename "$manFile")" # "docker-build.1" + mkdir -p "$manRoot/$manBase" + gzip -c "$manFile" > "$manRoot/$manBase/$manName.gz" + done + done + # Copy the binary # This will fail if the binary bundle hasn't been built mkdir -p $DIR/usr/bin @@ -122,7 +135,7 @@ EOF --deb-recommends ca-certificates \ --deb-recommends git \ --deb-recommends xz-utils \ - --deb-suggests cgroup-lite \ + --deb-recommends 'cgroupfs-mount | cgroup-lite' \ --description "$PACKAGE_DESCRIPTION" \ --maintainer "$PACKAGE_MAINTAINER" \ --conflicts docker \ diff --git a/hack/make/validate-dco b/hack/make/validate-dco new file mode 100644 index 0000000000..6dbbe2250f --- /dev/null +++ b/hack/make/validate-dco @@ -0,0 +1,47 @@ +#!/bin/bash + +source "$(dirname "$BASH_SOURCE")/.validate" + +adds=$(validate_diff --numstat | awk '{ s += $1 } END { print s }') +dels=$(validate_diff --numstat | awk '{ s += $2 } END { print s }') +notDocs="$(validate_diff --numstat | awk '$3 !~ /^docs\// { print $3 }')" + +: ${adds:=0} +: ${dels:=0} + +if [ $adds -eq 0 -a $dels -eq 0 ]; then + echo '0 adds, 0 deletions; nothing to validate! :)' +elif [ -z "$notDocs" -a $adds -le 1 -a $dels -le 1 ]; then + echo 'Congratulations! DCO small-patch-exception material!' +else + dcoPrefix='Docker-DCO-1.1-Signed-off-by:' + dcoRegex="^$dcoPrefix ([^<]+) <([^<>@]+@[^<>]+)> \\(github: (\S+)\\)$" + commits=( $(validate_log --format='format:%H%n') ) + badCommits=() + for commit in "${commits[@]}"; do + if [ -z "$(git log -1 --format='format:' --name-status "$commit")" ]; then + # no content (ie, Merge commit, etc) + continue + fi + if ! git log -1 --format='format:%B' "$commit" | grep -qE "$dcoRegex"; then + badCommits+=( "$commit" ) + fi + done + if [ ${#badCommits[@]} -eq 0 ]; then + echo "Congratulations! All commits are properly signed with the DCO!" + else + { + echo "These commits do not have a proper '$dcoPrefix' marker:" + for commit in "${badCommits[@]}"; do + echo " - $commit" + done + echo + echo 'Please amend each commit to include a properly formatted DCO marker.' + echo + echo 'Visit the following URL for information about the Docker DCO:' + echo ' https://github.com/dotcloud/docker/blob/master/CONTRIBUTING.md#sign-your-work' + echo + } >&2 + false + fi +fi diff --git a/hack/make/validate-gofmt b/hack/make/validate-gofmt new file mode 100644 index 0000000000..8fc88cc559 --- /dev/null +++ b/hack/make/validate-gofmt @@ -0,0 +1,30 @@ +#!/bin/bash + +source "$(dirname "$BASH_SOURCE")/.validate" + +IFS=$'\n' +files=( $(validate_diff --diff-filter=ACMR --name-only -- '*.go' | grep -v '^vendor/' || true) ) +unset IFS + +badFiles=() +for f in "${files[@]}"; do + # we use "git show" here to validate that what's committed is formatted + if [ "$(git show "$VALIDATE_HEAD:$f" | gofmt -s -l)" ]; then + badFiles+=( "$f" ) + fi +done + +if [ ${#badFiles[@]} -eq 0 ]; then + echo 'Congratulations! All Go source files are properly formatted.' +else + { + echo "These files are not properly gofmt'd:" + for f in "${badFiles[@]}"; do + echo " - $f" + done + echo + echo 'Please reformat the above files using "gofmt -s -w" and commit the result.' + echo + } >&2 + false +fi diff --git a/hack/release.sh b/hack/release.sh index d77d454e27..8642a4edb9 100755 --- a/hack/release.sh +++ b/hack/release.sh @@ -54,7 +54,7 @@ RELEASE_BUNDLES=( if [ "$1" != '--release-regardless-of-test-failure' ]; then RELEASE_BUNDLES=( - test test-integration + test-unit test-integration "${RELEASE_BUNDLES[@]}" test-integration-cli ) diff --git a/hack/travis/dco.py b/hack/travis/dco.py deleted file mode 100755 index f873940815..0000000000 --- a/hack/travis/dco.py +++ /dev/null @@ -1,54 +0,0 @@ -#!/usr/bin/env python -import re -import subprocess -import yaml - -from env import commit_range - -commit_format = '-%n hash: "%h"%n author: %aN <%aE>%n message: |%n%w(0,2,2).%B' - -gitlog = subprocess.check_output([ - 'git', 'log', '--reverse', - '--format=format:'+commit_format, - '..'.join(commit_range), '--', -]) - -commits = yaml.load(gitlog) -if not commits: - exit(0) # what? how can we have no commits? - -DCO = 'Docker-DCO-1.1-Signed-off-by:' - -p = re.compile(r'^{0} ([^<]+) <([^<>@]+@[^<>]+)> \(github: (\S+)\)$'.format(re.escape(DCO)), re.MULTILINE|re.UNICODE) - -failed_commits = 0 - -for commit in commits: - commit['message'] = commit['message'][1:] - # trim off our '.' that exists just to prevent fun YAML parsing issues - # see https://github.com/dotcloud/docker/pull/3836#issuecomment-33723094 - # and https://travis-ci.org/dotcloud/docker/builds/17926783 - - commit['stat'] = subprocess.check_output([ - 'git', 'log', '--format=format:', '--max-count=1', - '--name-status', commit['hash'], '--', - ]) - if commit['stat'] == '': - print 'Commit {0} has no actual changed content, skipping.'.format(commit['hash']) - continue - - m = p.search(commit['message']) - if not m: - print 'Commit {1} does not have a properly formatted "{0}" marker.'.format(DCO, commit['hash']) - failed_commits += 1 - continue # print ALL the commits that don't have a proper DCO - - (name, email, github) = m.groups() - - # TODO verify that "github" is the person who actually made this commit via the GitHub API - -if failed_commits > 0: - exit(failed_commits) - -print 'All commits have a valid "{0}" marker.'.format(DCO) -exit(0) diff --git a/hack/travis/env.py b/hack/travis/env.py deleted file mode 100644 index 9830b8df34..0000000000 --- a/hack/travis/env.py +++ /dev/null @@ -1,21 +0,0 @@ -import os -import subprocess - -if 'TRAVIS' not in os.environ: - print 'TRAVIS is not defined; this should run in TRAVIS. Sorry.' - exit(127) - -if os.environ['TRAVIS_PULL_REQUEST'] != 'false': - commit_range = ['upstream/' + os.environ['TRAVIS_BRANCH'], 'FETCH_HEAD'] -else: - try: - subprocess.check_call([ - 'git', 'log', '-1', '--format=format:', - os.environ['TRAVIS_COMMIT_RANGE'], '--', - ]) - commit_range = os.environ['TRAVIS_COMMIT_RANGE'].split('...') - if len(commit_range) == 1: # if it didn't split, it must have been separated by '..' instead - commit_range = commit_range[0].split('..') - except subprocess.CalledProcessError: - print 'TRAVIS_COMMIT_RANGE is invalid. This seems to be a force push. We will just assume it must be against upstream master and compare all commits in between.' - commit_range = ['upstream/master', 'HEAD'] diff --git a/hack/travis/gofmt.py b/hack/travis/gofmt.py deleted file mode 100755 index dc724bc90e..0000000000 --- a/hack/travis/gofmt.py +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env python -import subprocess - -from env import commit_range - -files = subprocess.check_output([ - 'git', 'diff', '--diff-filter=ACMR', - '--name-only', '...'.join(commit_range), '--', -]) - -exit_status = 0 - -for filename in files.split('\n'): - if filename.startswith('vendor/'): - continue # we can't be changing our upstream vendors for gofmt, so don't even check them - - if filename.endswith('.go'): - try: - out = subprocess.check_output(['gofmt', '-s', '-l', filename]) - if out != '': - print out, - exit_status = 1 - except subprocess.CalledProcessError: - exit_status = 1 - -if exit_status != 0: - print 'Reformat the files listed above with "gofmt -s -w" and try again.' - exit(exit_status) - -print 'All files pass gofmt.' -exit(0) diff --git a/hack/vendor.sh b/hack/vendor.sh index 4200d90867..79322cd9af 100755 --- a/hack/vendor.sh +++ b/hack/vendor.sh @@ -59,5 +59,5 @@ rm -rf src/code.google.com/p/go mkdir -p src/code.google.com/p/go/src/pkg/archive mv tmp-tar src/code.google.com/p/go/src/pkg/archive/tar -clone git github.com/godbus/dbus cb98efbb933d8389ab549a060e880ea3c375d213 -clone git github.com/coreos/go-systemd 4c14ed39b8a643ac44b4f95b5a53c00e94261475 +clone git github.com/godbus/dbus v1 +clone git github.com/coreos/go-systemd v1 diff --git a/image/graph.go b/image/graph.go index dd0136b00e..64a38d7a29 100644 --- a/image/graph.go +++ b/image/graph.go @@ -1,7 +1,7 @@ package image import ( - "github.com/dotcloud/docker/runtime/graphdriver" + "github.com/dotcloud/docker/daemon/graphdriver" ) type Graph interface { diff --git a/image/image.go b/image/image.go index 33503bad5a..b56cbf08ee 100644 --- a/image/image.go +++ b/image/image.go @@ -4,8 +4,8 @@ import ( "encoding/json" "fmt" "github.com/dotcloud/docker/archive" + "github.com/dotcloud/docker/daemon/graphdriver" "github.com/dotcloud/docker/runconfig" - "github.com/dotcloud/docker/runtime/graphdriver" "github.com/dotcloud/docker/utils" "io/ioutil" "os" @@ -98,7 +98,7 @@ func StoreImage(img *Image, jsonData []byte, layerData archive.ArchiveReader, ro return err } } else { - parent, err := driver.Get(img.Parent) + parent, err := driver.Get(img.Parent, "") if err != nil { return err } @@ -159,7 +159,7 @@ func (img *Image) TarLayer() (arch archive.Archive, err error) { return differ.Diff(img.ID) } - imgFs, err := driver.Get(img.ID) + imgFs, err := driver.Get(img.ID, "") if err != nil { return nil, err } @@ -182,7 +182,7 @@ func (img *Image) TarLayer() (arch archive.Archive, err error) { }), nil } - parentFs, err := driver.Get(img.Parent) + parentFs, err := driver.Get(img.Parent, "") if err != nil { return nil, err } diff --git a/integration-cli/docker_cli_attach_test.go b/integration-cli/docker_cli_attach_test.go new file mode 100644 index 0000000000..1480b807aa --- /dev/null +++ b/integration-cli/docker_cli_attach_test.go @@ -0,0 +1,51 @@ +package main + +import ( + "os/exec" + "strings" + "sync" + "testing" + "time" +) + +func TestMultipleAttachRestart(t *testing.T) { + cmd := exec.Command(dockerBinary, "run", "--name", "attacher", "-d", "busybox", + "/bin/sh", "-c", "sleep 1 && echo hello") + + group := sync.WaitGroup{} + group.Add(4) + + go func() { + defer group.Done() + out, _, err := runCommandWithOutput(cmd) + if err != nil { + t.Fatal(err, out) + } + }() + time.Sleep(500 * time.Millisecond) + + for i := 0; i < 3; i++ { + go func() { + defer group.Done() + c := exec.Command(dockerBinary, "attach", "attacher") + + out, _, err := runCommandWithOutput(c) + if err != nil { + t.Fatal(err, out) + } + if actual := strings.Trim(out, "\r\n"); actual != "hello" { + t.Fatalf("unexpected output %s expected hello", actual) + } + }() + } + + group.Wait() + + cmd = exec.Command(dockerBinary, "kill", "attacher") + if _, err := runCommand(cmd); err != nil { + t.Fatal(err) + } + deleteAllContainers() + + logDone("run - multiple attach") +} diff --git a/integration-cli/docker_cli_commit_test.go b/integration-cli/docker_cli_commit_test.go index 51adaac9df..e99379231e 100644 --- a/integration-cli/docker_cli_commit_test.go +++ b/integration-cli/docker_cli_commit_test.go @@ -3,6 +3,7 @@ package main import ( "fmt" "os/exec" + "strings" "testing" ) @@ -32,3 +33,32 @@ func TestCommitAfterContainerIsDone(t *testing.T) { logDone("commit - echo foo and commit the image") } + +func TestCommitNewFile(t *testing.T) { + cmd := exec.Command(dockerBinary, "run", "--name", "commiter", "busybox", "/bin/sh", "-c", "echo koye > /foo") + if _, err := runCommand(cmd); err != nil { + t.Fatal(err) + } + + cmd = exec.Command(dockerBinary, "commit", "commiter") + imageId, _, err := runCommandWithOutput(cmd) + if err != nil { + t.Fatal(err) + } + imageId = strings.Trim(imageId, "\r\n") + + cmd = exec.Command(dockerBinary, "run", imageId, "cat", "/foo") + + out, _, err := runCommandWithOutput(cmd) + if err != nil { + t.Fatal(err, out) + } + if actual := strings.Trim(out, "\r\n"); actual != "koye" { + t.Fatalf("expected output koye received %s", actual) + } + + deleteAllContainers() + deleteImages(imageId) + + logDone("commit - commit file and read") +} diff --git a/integration-cli/docker_cli_links_test.go b/integration-cli/docker_cli_links_test.go new file mode 100644 index 0000000000..55c41e0bbc --- /dev/null +++ b/integration-cli/docker_cli_links_test.go @@ -0,0 +1,30 @@ +package main + +import ( + "fmt" + "os/exec" + "testing" +) + +func TestPingUnlinkedContainers(t *testing.T) { + runCmd := exec.Command(dockerBinary, "run", "--rm", "busybox", "sh", "-c", "ping -c 1 alias1 -W 1 && ping -c 1 alias2 -W 1") + exitCode, err := runCommand(runCmd) + + if exitCode == 0 { + t.Fatal("run ping did not fail") + } else if exitCode != 1 { + errorOut(err, t, fmt.Sprintf("run ping failed with errors: %v", err)) + } +} + +func TestPingLinkedContainers(t *testing.T) { + var out string + out, _, _ = cmd(t, "run", "-d", "--name", "container1", "busybox", "sleep", "10") + idA := stripTrailingCharacters(out) + out, _, _ = cmd(t, "run", "-d", "--name", "container2", "busybox", "sleep", "10") + idB := stripTrailingCharacters(out) + cmd(t, "run", "--rm", "--link", "container1:alias1", "--link", "container2:alias2", "busybox", "sh", "-c", "ping -c 1 alias1 -W 1 && ping -c 1 alias2 -W 1") + cmd(t, "kill", idA) + cmd(t, "kill", idB) + deleteAllContainers() +} diff --git a/integration-cli/docker_cli_logs_test.go b/integration-cli/docker_cli_logs_test.go index 8fcf4d7333..75235b6bb8 100644 --- a/integration-cli/docker_cli_logs_test.go +++ b/integration-cli/docker_cli_logs_test.go @@ -3,7 +3,10 @@ package main import ( "fmt" "os/exec" + "regexp" + "strings" "testing" + "time" ) // This used to work, it test a log of PageSize-1 (gh#4851) @@ -74,3 +77,95 @@ func TestLogsContainerMuchBiggerThanPage(t *testing.T) { logDone("logs - logs container running echo much bigger than page size") } + +func TestLogsTimestamps(t *testing.T) { + testLen := 100 + runCmd := exec.Command(dockerBinary, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("for i in $(seq 1 %d); do echo =; done;", testLen)) + + out, _, _, err := runCommandWithStdoutStderr(runCmd) + errorOut(err, t, fmt.Sprintf("run failed with errors: %v", err)) + + cleanedContainerID := stripTrailingCharacters(out) + exec.Command(dockerBinary, "wait", cleanedContainerID).Run() + + logsCmd := exec.Command(dockerBinary, "logs", "-t", cleanedContainerID) + out, _, _, err = runCommandWithStdoutStderr(logsCmd) + errorOut(err, t, fmt.Sprintf("failed to log container: %v %v", out, err)) + + lines := strings.Split(out, "\n") + + if len(lines) != testLen+1 { + t.Fatalf("Expected log %d lines, received %d\n", testLen+1, len(lines)) + } + + ts := regexp.MustCompile(`^\[.*?\]`) + + for _, l := range lines { + if l != "" { + _, err := time.Parse("["+time.StampMilli+"]", ts.FindString(l)) + if err != nil { + t.Fatalf("Failed to parse timestamp from %v: %v", l, err) + } + } + } + + deleteContainer(cleanedContainerID) + + logDone("logs - logs with timestamps") +} + +func TestLogsSeparateStderr(t *testing.T) { + msg := "stderr_log" + runCmd := exec.Command(dockerBinary, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("echo %s 1>&2", msg)) + + out, _, _, err := runCommandWithStdoutStderr(runCmd) + errorOut(err, t, fmt.Sprintf("run failed with errors: %v", err)) + + cleanedContainerID := stripTrailingCharacters(out) + exec.Command(dockerBinary, "wait", cleanedContainerID).Run() + + logsCmd := exec.Command(dockerBinary, "logs", cleanedContainerID) + stdout, stderr, _, err := runCommandWithStdoutStderr(logsCmd) + errorOut(err, t, fmt.Sprintf("failed to log container: %v %v", out, err)) + + if stdout != "" { + t.Fatalf("Expected empty stdout stream, got %v", stdout) + } + + stderr = strings.TrimSpace(stderr) + if stderr != msg { + t.Fatalf("Expected %v in stderr stream, got %v", msg, stderr) + } + + deleteContainer(cleanedContainerID) + + logDone("logs - separate stderr (without pseudo-tty)") +} + +func TestLogsStderrInStdout(t *testing.T) { + msg := "stderr_log" + runCmd := exec.Command(dockerBinary, "run", "-d", "-t", "busybox", "sh", "-c", fmt.Sprintf("echo %s 1>&2", msg)) + + out, _, _, err := runCommandWithStdoutStderr(runCmd) + errorOut(err, t, fmt.Sprintf("run failed with errors: %v", err)) + + cleanedContainerID := stripTrailingCharacters(out) + exec.Command(dockerBinary, "wait", cleanedContainerID).Run() + + logsCmd := exec.Command(dockerBinary, "logs", cleanedContainerID) + stdout, stderr, _, err := runCommandWithStdoutStderr(logsCmd) + errorOut(err, t, fmt.Sprintf("failed to log container: %v %v", out, err)) + + if stderr != "" { + t.Fatalf("Expected empty stderr stream, got %v", stdout) + } + + stdout = strings.TrimSpace(stdout) + if stdout != msg { + t.Fatalf("Expected %v in stdout stream, got %v", msg, stdout) + } + + deleteContainer(cleanedContainerID) + + logDone("logs - stderr in stdout (with pseudo-tty)") +} diff --git a/integration-cli/docker_cli_nat_test.go b/integration-cli/docker_cli_nat_test.go new file mode 100644 index 0000000000..90af933be9 --- /dev/null +++ b/integration-cli/docker_cli_nat_test.go @@ -0,0 +1,84 @@ +package main + +import ( + "encoding/json" + "fmt" + "github.com/dotcloud/docker/daemon" + "net" + "os/exec" + "path/filepath" + "testing" +) + +func TestNetworkNat(t *testing.T) { + ncPath, err := exec.LookPath("nc") + if err != nil { + t.Skip("Test not running with `make test`. Netcat not found: %s", err) + } + ncPath, err = filepath.EvalSymlinks(ncPath) + if err != nil { + t.Fatalf("Error resolving netcat symlink: %s", err) + } + iface, err := net.InterfaceByName("eth0") + if err != nil { + t.Skip("Test not running with `make test`. Interface eth0 not found: %s", err) + } + + ifaceAddrs, err := iface.Addrs() + if err != nil || len(ifaceAddrs) == 0 { + t.Fatalf("Error retrieving addresses for eth0: %v (%d addresses)", err, len(ifaceAddrs)) + } + + ifaceIp, _, err := net.ParseCIDR(ifaceAddrs[0].String()) + if err != nil { + t.Fatalf("Error retrieving the up for eth0: %s", err) + } + + runCmd := exec.Command(dockerBinary, "run", "-d", + "-v", ncPath+":/bin/nc", + "-v", "/lib/x86_64-linux-gnu/libc.so.6:/lib/libc.so.6", "-v", "/lib/x86_64-linux-gnu/libresolv.so.2:/lib/libresolv.so.2", "-v", "/lib/x86_64-linux-gnu/libbsd.so.0:/lib/libbsd.so.0", "-v", "/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2:/lib/ld-linux-x86-64.so.2", + "-p", "8080", "busybox", "/bin/nc", "-lp", "8080") + out, _, err := runCommandWithOutput(runCmd) + errorOut(err, t, fmt.Sprintf("run1 failed with errors: %v (%s)", err, out)) + + cleanedContainerID := stripTrailingCharacters(out) + + inspectCmd := exec.Command(dockerBinary, "inspect", cleanedContainerID) + inspectOut, _, err := runCommandWithOutput(inspectCmd) + errorOut(err, t, fmt.Sprintf("out should've been a container id: %v %v", inspectOut, err)) + + containers := []*daemon.Container{} + if err := json.Unmarshal([]byte(inspectOut), &containers); err != nil { + t.Fatalf("Error inspecting the container: %s", err) + } + if len(containers) != 1 { + t.Fatalf("Unepexted container count. Expected 0, recieved: %d", len(containers)) + } + + port8080, exists := containers[0].NetworkSettings.Ports["8080/tcp"] + if !exists || len(port8080) == 0 { + t.Fatal("Port 8080/tcp not found in NetworkSettings") + } + + runCmd = exec.Command(dockerBinary, "run", + "-v", ncPath+":/bin/nc", + "-v", "/lib/x86_64-linux-gnu/libc.so.6:/lib/libc.so.6", "-v", "/lib/x86_64-linux-gnu/libresolv.so.2:/lib/libresolv.so.2", "-v", "/lib/x86_64-linux-gnu/libbsd.so.0:/lib/libbsd.so.0", "-v", "/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2:/lib/ld-linux-x86-64.so.2", + "-p", "8080", "busybox", "sh", "-c", fmt.Sprintf("echo hello world | /bin/nc -w 30 %s %s", ifaceIp, port8080[0].HostPort)) + out, _, err = runCommandWithOutput(runCmd) + errorOut(err, t, fmt.Sprintf("run2 failed with errors: %v (%s)", err, out)) + + runCmd = exec.Command(dockerBinary, "logs", cleanedContainerID) + out, _, err = runCommandWithOutput(runCmd) + errorOut(err, t, fmt.Sprintf("failed to retrieve logs for container: %v %v", cleanedContainerID, err)) + + if expected := "hello world\n"; out != expected { + t.Fatalf("Unexpected output. Expected: %s, recieved: -->%s<--", expected, out) + } + + killCmd := exec.Command(dockerBinary, "kill", cleanedContainerID) + out, _, err = runCommandWithOutput(killCmd) + errorOut(err, t, fmt.Sprintf("failed to kill container: %v %v", out, err)) + deleteAllContainers() + + logDone("network - make sure nat works through the host") +} diff --git a/integration-cli/docker_cli_rm_test.go b/integration-cli/docker_cli_rm_test.go new file mode 100644 index 0000000000..e25c9991de --- /dev/null +++ b/integration-cli/docker_cli_rm_test.go @@ -0,0 +1,66 @@ +package main + +import ( + "os" + "os/exec" + "testing" +) + +func TestRemoveContainerWithRemovedVolume(t *testing.T) { + cmd := exec.Command(dockerBinary, "run", "--name", "losemyvolumes", "-v", "/tmp/testing:/test", "busybox", "true") + if _, err := runCommand(cmd); err != nil { + t.Fatal(err) + } + + if err := os.Remove("/tmp/testing"); err != nil { + t.Fatal(err) + } + + cmd = exec.Command(dockerBinary, "rm", "-v", "losemyvolumes") + if _, err := runCommand(cmd); err != nil { + t.Fatal(err) + } + + deleteAllContainers() + + logDone("rm - removed volume") +} + +func TestRemoveContainerWithVolume(t *testing.T) { + cmd := exec.Command(dockerBinary, "run", "--name", "foo", "-v", "/srv", "busybox", "true") + if _, err := runCommand(cmd); err != nil { + t.Fatal(err) + } + + cmd = exec.Command(dockerBinary, "rm", "-v", "foo") + if _, err := runCommand(cmd); err != nil { + t.Fatal(err) + } + + deleteAllContainers() + + logDone("rm - volume") +} + +func TestRemoveContainerRunning(t *testing.T) { + cmd := exec.Command(dockerBinary, "run", "-d", "--name", "foo", "busybox", "sleep", "300") + if _, err := runCommand(cmd); err != nil { + t.Fatal(err) + } + + // Test cannot remove running container + cmd = exec.Command(dockerBinary, "rm", "foo") + if _, err := runCommand(cmd); err == nil { + t.Fatalf("Expected error, can't rm a running container") + } + + // Remove with -f + cmd = exec.Command(dockerBinary, "rm", "-f", "foo") + if _, err := runCommand(cmd); err != nil { + t.Fatal(err) + } + + deleteAllContainers() + + logDone("rm - running container") +} diff --git a/integration-cli/docker_cli_run_test.go b/integration-cli/docker_cli_run_test.go index b0805dd35c..b9737feeea 100644 --- a/integration-cli/docker_cli_run_test.go +++ b/integration-cli/docker_cli_run_test.go @@ -2,8 +2,13 @@ package main import ( "fmt" + "os" "os/exec" + "path/filepath" + "regexp" + "sort" "strings" + "sync" "testing" ) @@ -87,6 +92,22 @@ func TestDockerRunEchoNamedContainer(t *testing.T) { logDone("run - echo with named container") } +// docker run should not leak file descriptors +func TestDockerRunLeakyFileDescriptors(t *testing.T) { + runCmd := exec.Command(dockerBinary, "run", "busybox", "ls", "-C", "/proc/self/fd") + out, _, _, err := runCommandWithStdoutStderr(runCmd) + errorOut(err, t, out) + + // normally, we should only get 0, 1, and 2, but 3 gets created by "ls" when it does "opendir" on the "fd" directory + if out != "0 1 2 3\n" { + t.Errorf("container should've printed '0 1 2 3', not: %s", out) + } + + deleteAllContainers() + + logDone("run - check file descriptor leakage") +} + // it should be possible to ping Google DNS resolver // this will fail when Internet access is unavailable func TestDockerRunPingGoogle(t *testing.T) { @@ -384,3 +405,366 @@ func TestMultipleVolumesFrom(t *testing.T) { logDone("run - multiple volumes from") } + +// this tests verifies the ID format for the container +func TestVerifyContainerID(t *testing.T) { + cmd := exec.Command(dockerBinary, "run", "-d", "busybox", "true") + out, exit, err := runCommandWithOutput(cmd) + if err != nil { + t.Fatal(err) + } + if exit != 0 { + t.Fatalf("expected exit code 0 received %d", exit) + } + match, err := regexp.MatchString("^[0-9a-f]{64}$", strings.TrimSuffix(out, "\n")) + if err != nil { + t.Fatal(err) + } + if !match { + t.Fatalf("Invalid container ID: %s", out) + } + + deleteAllContainers() + + logDone("run - verify container ID") +} + +// Test that creating a container with a volume doesn't crash. Regression test for #995. +func TestCreateVolume(t *testing.T) { + cmd := exec.Command(dockerBinary, "run", "-v", "/var/lib/data", "busybox", "true") + if _, err := runCommand(cmd); err != nil { + t.Fatal(err) + } + + deleteAllContainers() + + logDone("run - create docker mangaed volume") +} + +// Test that creating a volume with a symlink in its path works correctly. Test for #5152. +// Note that this bug happens only with symlinks with a target that starts with '/'. +func TestVolumeWithSymlink(t *testing.T) { + buildDirectory := filepath.Join(workingDirectory, "run_tests", "TestVolumeWithSymlink") + buildCmd := exec.Command(dockerBinary, "build", "-t", "docker-test-volumewithsymlink", ".") + buildCmd.Dir = buildDirectory + err := buildCmd.Run() + if err != nil { + t.Fatal("could not build 'docker-test-volumewithsymlink': %v", err) + } + + cmd := exec.Command(dockerBinary, "run", "-v", "/bar/foo", "--name", "test-volumewithsymlink", "docker-test-volumewithsymlink", "sh", "-c", "mount | grep -q /foo/foo") + exitCode, err := runCommand(cmd) + if err != nil || exitCode != 0 { + t.Fatal("[run] err: %v, exitcode: %d", err, exitCode) + } + + var volPath string + cmd = exec.Command(dockerBinary, "inspect", "-f", "{{range .Volumes}}{{.}}{{end}}", "test-volumewithsymlink") + volPath, exitCode, err = runCommandWithOutput(cmd) + if err != nil || exitCode != 0 { + t.Fatal("[inspect] err: %v, exitcode: %d", err, exitCode) + } + + cmd = exec.Command(dockerBinary, "rm", "-v", "test-volumewithsymlink") + exitCode, err = runCommand(cmd) + if err != nil || exitCode != 0 { + t.Fatal("[rm] err: %v, exitcode: %d", err, exitCode) + } + + f, err := os.Open(volPath) + defer f.Close() + if !os.IsNotExist(err) { + t.Fatal("[open] (expecting 'file does not exist' error) err: %v, volPath: %s", err, volPath) + } + + deleteImages("docker-test-volumewithsymlink") + deleteAllContainers() + + logDone("run - volume with symlink") +} + +func TestExitCode(t *testing.T) { + cmd := exec.Command(dockerBinary, "run", "busybox", "/bin/sh", "-c", "exit 72") + + exit, err := runCommand(cmd) + if err == nil { + t.Fatal("should not have a non nil error") + } + if exit != 72 { + t.Fatalf("expected exit code 72 received %d", exit) + } + + deleteAllContainers() + + logDone("run - correct exit code") +} + +func TestUserDefaultsToRoot(t *testing.T) { + cmd := exec.Command(dockerBinary, "run", "busybox", "id") + + out, _, err := runCommandWithOutput(cmd) + if err != nil { + t.Fatal(err, out) + } + if !strings.Contains(out, "uid=0(root) gid=0(root)") { + t.Fatalf("expected root user got %s", out) + } + deleteAllContainers() + + logDone("run - default user") +} + +func TestUserByName(t *testing.T) { + cmd := exec.Command(dockerBinary, "run", "-u", "root", "busybox", "id") + + out, _, err := runCommandWithOutput(cmd) + if err != nil { + t.Fatal(err, out) + } + if !strings.Contains(out, "uid=0(root) gid=0(root)") { + t.Fatalf("expected root user got %s", out) + } + deleteAllContainers() + + logDone("run - user by name") +} + +func TestUserByID(t *testing.T) { + cmd := exec.Command(dockerBinary, "run", "-u", "1", "busybox", "id") + + out, _, err := runCommandWithOutput(cmd) + if err != nil { + t.Fatal(err, out) + } + if !strings.Contains(out, "uid=1(daemon) gid=1(daemon)") { + t.Fatalf("expected daemon user got %s", out) + } + deleteAllContainers() + + logDone("run - user by id") +} + +func TestUserNotFound(t *testing.T) { + cmd := exec.Command(dockerBinary, "run", "-u", "notme", "busybox", "id") + + _, err := runCommand(cmd) + if err == nil { + t.Fatal("unknown user should cause container to fail") + } + deleteAllContainers() + + logDone("run - user not found") +} + +func TestRunTwoConcurrentContainers(t *testing.T) { + group := sync.WaitGroup{} + group.Add(2) + + for i := 0; i < 2; i++ { + go func() { + defer group.Done() + cmd := exec.Command(dockerBinary, "run", "busybox", "sleep", "2") + if _, err := runCommand(cmd); err != nil { + t.Fatal(err) + } + }() + } + + group.Wait() + + deleteAllContainers() + + logDone("run - two concurrent containers") +} + +func TestEnvironment(t *testing.T) { + cmd := exec.Command(dockerBinary, "run", "-h", "testing", "-e=FALSE=true", "-e=TRUE", "-e=TRICKY", "busybox", "env") + cmd.Env = append(os.Environ(), + "TRUE=false", + "TRICKY=tri\ncky\n", + ) + + out, _, err := runCommandWithOutput(cmd) + if err != nil { + t.Fatal(err, out) + } + + actualEnv := strings.Split(out, "\n") + if actualEnv[len(actualEnv)-1] == "" { + actualEnv = actualEnv[:len(actualEnv)-1] + } + sort.Strings(actualEnv) + + goodEnv := []string{ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "HOME=/", + "HOSTNAME=testing", + "FALSE=true", + "TRUE=false", + "TRICKY=tri", + "cky", + "", + } + sort.Strings(goodEnv) + if len(goodEnv) != len(actualEnv) { + t.Fatalf("Wrong environment: should be %d variables, not: '%s'\n", len(goodEnv), strings.Join(actualEnv, ", ")) + } + for i := range goodEnv { + if actualEnv[i] != goodEnv[i] { + t.Fatalf("Wrong environment variable: should be %s, not %s", goodEnv[i], actualEnv[i]) + } + } + + deleteAllContainers() + + logDone("run - verify environment") +} + +func TestContainerNetwork(t *testing.T) { + cmd := exec.Command(dockerBinary, "run", "busybox", "ping", "-c", "1", "127.0.0.1") + if _, err := runCommand(cmd); err != nil { + t.Fatal(err) + } + + deleteAllContainers() + + logDone("run - test container network via ping") +} + +// Issue #4681 +func TestLoopbackWhenNetworkDisabled(t *testing.T) { + cmd := exec.Command(dockerBinary, "run", "--networking=false", "busybox", "ping", "-c", "1", "127.0.0.1") + if _, err := runCommand(cmd); err != nil { + t.Fatal(err) + } + + deleteAllContainers() + + logDone("run - test container loopback when networking disabled") +} + +func TestLoopbackOnlyExistsWhenNetworkingDisabled(t *testing.T) { + cmd := exec.Command(dockerBinary, "run", "--networking=false", "busybox", "ip", "a", "show", "up") + out, _, err := runCommandWithOutput(cmd) + if err != nil { + t.Fatal(err, out) + } + + interfaces := regexp.MustCompile(`(?m)^[0-9]+: [a-zA-Z0-9]+`).FindAllString(out, -1) + if len(interfaces) != 1 { + t.Fatalf("Wrong interface count in test container: expected [*: lo], got %s", interfaces) + } + if !strings.HasSuffix(interfaces[0], ": lo") { + t.Fatalf("Wrong interface in test container: expected [*: lo], got %s", interfaces) + } + + deleteAllContainers() + + logDone("run - test loopback only exists when networking disabled") +} + +func TestPrivilegedCanMknod(t *testing.T) { + cmd := exec.Command(dockerBinary, "run", "--privileged", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok") + out, _, err := runCommandWithOutput(cmd) + if err != nil { + t.Fatal(err) + } + + if actual := strings.Trim(out, "\r\n"); actual != "ok" { + t.Fatalf("expected output ok received %s", actual) + } + deleteAllContainers() + + logDone("run - test privileged can mknod") +} + +func TestUnPrivilegedCanMknod(t *testing.T) { + cmd := exec.Command(dockerBinary, "run", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok") + out, _, err := runCommandWithOutput(cmd) + if err != nil { + t.Fatal(err) + } + + if actual := strings.Trim(out, "\r\n"); actual != "ok" { + t.Fatalf("expected output ok received %s", actual) + } + deleteAllContainers() + + logDone("run - test un-privileged can mknod") +} + +func TestPrivilegedCanMount(t *testing.T) { + cmd := exec.Command(dockerBinary, "run", "--privileged", "busybox", "sh", "-c", "mount -t tmpfs none /tmp && echo ok") + + out, _, err := runCommandWithOutput(cmd) + if err != nil { + t.Fatal(err) + } + + if actual := strings.Trim(out, "\r\n"); actual != "ok" { + t.Fatalf("expected output ok received %s", actual) + } + deleteAllContainers() + + logDone("run - test privileged can mount") +} + +func TestUnPrivilegedCannotMount(t *testing.T) { + cmd := exec.Command(dockerBinary, "run", "busybox", "sh", "-c", "mount -t tmpfs none /tmp && echo ok") + + out, _, err := runCommandWithOutput(cmd) + if err == nil { + t.Fatal(err, out) + } + + if actual := strings.Trim(out, "\r\n"); actual == "ok" { + t.Fatalf("expected output not ok received %s", actual) + } + deleteAllContainers() + + logDone("run - test un-privileged cannot mount") +} + +func TestSysNotWritableInNonPrivilegedContainers(t *testing.T) { + cmd := exec.Command(dockerBinary, "run", "busybox", "touch", "/sys/kernel/profiling") + if code, err := runCommand(cmd); err == nil || code == 0 { + t.Fatal("sys should not be writable in a non privileged container") + } + + deleteAllContainers() + + logDone("run - sys not writable in non privileged container") +} + +func TestSysWritableInPrivilegedContainers(t *testing.T) { + cmd := exec.Command(dockerBinary, "run", "--privileged", "busybox", "touch", "/sys/kernel/profiling") + if code, err := runCommand(cmd); err != nil || code != 0 { + t.Fatalf("sys should be writable in privileged container") + } + + deleteAllContainers() + + logDone("run - sys writable in privileged container") +} + +func TestProcNotWritableInNonPrivilegedContainers(t *testing.T) { + cmd := exec.Command(dockerBinary, "run", "busybox", "touch", "/proc/sysrq-trigger") + if code, err := runCommand(cmd); err == nil || code == 0 { + t.Fatal("proc should not be writable in a non privileged container") + } + + deleteAllContainers() + + logDone("run - proc not writable in non privileged container") +} + +func TestProcWritableInPrivilegedContainers(t *testing.T) { + cmd := exec.Command(dockerBinary, "run", "--privileged", "busybox", "touch", "/proc/sysrq-trigger") + if code, err := runCommand(cmd); err != nil || code != 0 { + t.Fatalf("proc should be writable in privileged container") + } + + deleteAllContainers() + + logDone("run - proc writable in privileged container") +} diff --git a/integration-cli/docker_cli_top_test.go b/integration-cli/docker_cli_top_test.go index 73d590cf06..6535473430 100644 --- a/integration-cli/docker_cli_top_test.go +++ b/integration-cli/docker_cli_top_test.go @@ -7,7 +7,7 @@ import ( "testing" ) -func TestTop(t *testing.T) { +func TestTopNonPrivileged(t *testing.T) { runCmd := exec.Command(dockerBinary, "run", "-i", "-d", "busybox", "sleep", "20") out, _, err := runCommandWithOutput(runCmd) errorOut(err, t, fmt.Sprintf("failed to start the container: %v", err)) @@ -18,15 +18,55 @@ func TestTop(t *testing.T) { out, _, err = runCommandWithOutput(topCmd) errorOut(err, t, fmt.Sprintf("failed to run top: %v %v", out, err)) + topCmd = exec.Command(dockerBinary, "top", cleanedContainerID) + out2, _, err2 := runCommandWithOutput(topCmd) + errorOut(err, t, fmt.Sprintf("failed to run top: %v %v", out2, err2)) + killCmd := exec.Command(dockerBinary, "kill", cleanedContainerID) _, err = runCommand(killCmd) errorOut(err, t, fmt.Sprintf("failed to kill container: %v", err)) deleteContainer(cleanedContainerID) - if !strings.Contains(out, "sleep 20") { - t.Fatal("top should've listed sleep 20 in the process list") + if !strings.Contains(out, "sleep 20") && !strings.Contains(out2, "sleep 20") { + t.Fatal("top should've listed `sleep 20` in the process list, but failed twice") + } else if !strings.Contains(out, "sleep 20") { + t.Fatal("top should've listed `sleep 20` in the process list, but failed the first time") + } else if !strings.Contains(out2, "sleep 20") { + t.Fatal("top should've listed `sleep 20` in the process list, but failed the second itime") } - logDone("top - sleep process should be listed") + logDone("top - sleep process should be listed in non privileged mode") +} + +func TestTopPrivileged(t *testing.T) { + runCmd := exec.Command(dockerBinary, "run", "--privileged", "-i", "-d", "busybox", "sleep", "20") + out, _, err := runCommandWithOutput(runCmd) + errorOut(err, t, fmt.Sprintf("failed to start the container: %v", err)) + + cleanedContainerID := stripTrailingCharacters(out) + + topCmd := exec.Command(dockerBinary, "top", cleanedContainerID) + out, _, err = runCommandWithOutput(topCmd) + errorOut(err, t, fmt.Sprintf("failed to run top: %v %v", out, err)) + + topCmd = exec.Command(dockerBinary, "top", cleanedContainerID) + out2, _, err2 := runCommandWithOutput(topCmd) + errorOut(err, t, fmt.Sprintf("failed to run top: %v %v", out2, err2)) + + killCmd := exec.Command(dockerBinary, "kill", cleanedContainerID) + _, err = runCommand(killCmd) + errorOut(err, t, fmt.Sprintf("failed to kill container: %v", err)) + + deleteContainer(cleanedContainerID) + + if !strings.Contains(out, "sleep 20") && !strings.Contains(out2, "sleep 20") { + t.Fatal("top should've listed `sleep 20` in the process list, but failed twice") + } else if !strings.Contains(out, "sleep 20") { + t.Fatal("top should've listed `sleep 20` in the process list, but failed the first time") + } else if !strings.Contains(out2, "sleep 20") { + t.Fatal("top should've listed `sleep 20` in the process list, but failed the second itime") + } + + logDone("top - sleep process should be listed in privileged mode") } diff --git a/integration-cli/run_tests/TestVolumeWithSymlink/Dockerfile b/integration-cli/run_tests/TestVolumeWithSymlink/Dockerfile new file mode 100644 index 0000000000..46bed8540b --- /dev/null +++ b/integration-cli/run_tests/TestVolumeWithSymlink/Dockerfile @@ -0,0 +1,3 @@ +FROM busybox + +RUN mkdir /foo && ln -s /foo /bar diff --git a/integration/MAINTAINERS b/integration/MAINTAINERS new file mode 100644 index 0000000000..d7bef621cf --- /dev/null +++ b/integration/MAINTAINERS @@ -0,0 +1,4 @@ +Solomon Hykes (@shykes) +# WE ARE LOOKING FOR VOLUNTEERS TO HELP CLEAN THIS UP. +# TO VOLUNTEER PLEASE OPEN A PULL REQUEST ADDING YOURSELF TO THIS FILE. +# WE WILL HELP YOU GET STARTED. THANKS! diff --git a/integration/README.md b/integration/README.md new file mode 100644 index 0000000000..41f43a4ba7 --- /dev/null +++ b/integration/README.md @@ -0,0 +1,23 @@ +## Legacy integration tests + +`./integration` contains Docker's legacy integration tests. +It is DEPRECATED and will eventually be removed. + +### If you are a *CONTRIBUTOR* and want to add a test: + +* Consider mocking out side effects and contributing a *unit test* in the subsystem +you're modifying. For example, the remote API has unit tests in `./api/server/server_unit_tests.go`. +The events subsystem has unit tests in `./events/events_test.go`. And so on. + +* For end-to-end integration tests, please contribute to `./integration-cli`. + + +### If you are a *MAINTAINER* + +Please don't allow patches adding new tests to `./integration`. + +### If you are *LOOKING FOR A WAY TO HELP* + +Please consider porting tests away from `./integration` and into either unit tests or CLI tests. + +Any help will be greatly appreciated! diff --git a/integration/api_test.go b/integration/api_test.go index 26441a2668..04611dfe3d 100644 --- a/integration/api_test.go +++ b/integration/api_test.go @@ -16,10 +16,10 @@ import ( "github.com/dotcloud/docker/api" "github.com/dotcloud/docker/api/server" + "github.com/dotcloud/docker/daemon" "github.com/dotcloud/docker/engine" "github.com/dotcloud/docker/image" "github.com/dotcloud/docker/runconfig" - "github.com/dotcloud/docker/runtime" "github.com/dotcloud/docker/utils" "github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar" ) @@ -27,10 +27,10 @@ import ( func TestGetEvents(t *testing.T) { eng := NewTestEngine(t) srv := mkServerFromEngine(eng, t) - // FIXME: we might not need runtime, why not simply nuke + // FIXME: we might not need daemon, why not simply nuke // the engine? - runtime := mkRuntimeFromEngine(eng, t) - defer nuke(runtime) + daemon := mkDaemonFromEngine(eng, t) + defer nuke(daemon) var events []*utils.JSONMessage for _, parts := range [][3]string{ @@ -72,7 +72,7 @@ func TestGetEvents(t *testing.T) { func TestGetImagesJSON(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() job := eng.Job("images") initialImages, err := job.Stdout.AddListTable() @@ -175,7 +175,7 @@ func TestGetImagesJSON(t *testing.T) { func TestGetImagesHistory(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() r := httptest.NewRecorder() @@ -199,7 +199,7 @@ func TestGetImagesHistory(t *testing.T) { func TestGetImagesByName(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() req, err := http.NewRequest("GET", "/images/"+unitTestImageName+"/json", nil) if err != nil { @@ -223,7 +223,7 @@ func TestGetImagesByName(t *testing.T) { func TestGetContainersJSON(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() job := eng.Job("containers") job.SetenvBool("all", true) @@ -269,7 +269,7 @@ func TestGetContainersJSON(t *testing.T) { func TestGetContainersExport(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() // Create a container and remove a file containerID := createTestContainer(eng, @@ -317,7 +317,7 @@ func TestGetContainersExport(t *testing.T) { func TestSaveImageAndThenLoad(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() // save image r := httptest.NewRecorder() @@ -388,7 +388,7 @@ func TestSaveImageAndThenLoad(t *testing.T) { func TestGetContainersChanges(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() // Create a container and remove a file containerID := createTestContainer(eng, @@ -428,7 +428,7 @@ func TestGetContainersChanges(t *testing.T) { func TestGetContainersTop(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() containerID := createTestContainer(eng, &runconfig.Config{ @@ -439,7 +439,7 @@ func TestGetContainersTop(t *testing.T) { t, ) defer func() { - // Make sure the process dies before destroying runtime + // Make sure the process dies before destroying daemon containerKill(eng, containerID, t) containerWait(eng, containerID, t) }() @@ -504,7 +504,7 @@ func TestGetContainersTop(t *testing.T) { func TestGetContainersByName(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() // Create a container and remove a file containerID := createTestContainer(eng, @@ -524,7 +524,7 @@ func TestGetContainersByName(t *testing.T) { t.Fatal(err) } assertHttpNotError(r, t) - outContainer := &runtime.Container{} + outContainer := &daemon.Container{} if err := json.Unmarshal(r.Body.Bytes(), outContainer); err != nil { t.Fatal(err) } @@ -535,7 +535,7 @@ func TestGetContainersByName(t *testing.T) { func TestPostCommit(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() srv := mkServerFromEngine(eng, t) // Create a container and remove a file @@ -574,7 +574,7 @@ func TestPostCommit(t *testing.T) { func TestPostContainersCreate(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() configJSON, err := json.Marshal(&runconfig.Config{ Image: unitTestImageID, @@ -615,7 +615,7 @@ func TestPostContainersCreate(t *testing.T) { func TestPostContainersKill(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() containerID := createTestContainer(eng, &runconfig.Config{ @@ -654,7 +654,7 @@ func TestPostContainersKill(t *testing.T) { func TestPostContainersRestart(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() containerID := createTestContainer(eng, &runconfig.Config{ @@ -699,7 +699,7 @@ func TestPostContainersRestart(t *testing.T) { func TestPostContainersStart(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() containerID := createTestContainer( eng, @@ -752,7 +752,7 @@ func TestPostContainersStart(t *testing.T) { // Expected behaviour: using / as a bind mount source should throw an error func TestRunErrorBindMountRootSource(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() containerID := createTestContainer( eng, @@ -787,7 +787,7 @@ func TestRunErrorBindMountRootSource(t *testing.T) { func TestPostContainersStop(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() containerID := createTestContainer(eng, &runconfig.Config{ @@ -827,7 +827,7 @@ func TestPostContainersStop(t *testing.T) { func TestPostContainersWait(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() containerID := createTestContainer(eng, &runconfig.Config{ @@ -865,7 +865,7 @@ func TestPostContainersWait(t *testing.T) { func TestPostContainersAttach(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() containerID := createTestContainer(eng, &runconfig.Config{ @@ -943,7 +943,7 @@ func TestPostContainersAttach(t *testing.T) { func TestPostContainersAttachStderr(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() containerID := createTestContainer(eng, &runconfig.Config{ @@ -1024,7 +1024,7 @@ func TestPostContainersAttachStderr(t *testing.T) { // FIXME: Test deleting volume in use by other container func TestDeleteContainers(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() containerID := createTestContainer(eng, &runconfig.Config{ @@ -1050,7 +1050,7 @@ func TestDeleteContainers(t *testing.T) { func TestOptionsRoute(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() r := httptest.NewRecorder() req, err := http.NewRequest("OPTIONS", "/", nil) @@ -1068,7 +1068,7 @@ func TestOptionsRoute(t *testing.T) { func TestGetEnabledCors(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() r := httptest.NewRecorder() @@ -1103,7 +1103,7 @@ func TestDeleteImages(t *testing.T) { eng := NewTestEngine(t) //we expect errors, so we disable stderr eng.Stderr = ioutil.Discard - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() initialImages := getImages(eng, t, true, "") @@ -1160,7 +1160,7 @@ func TestDeleteImages(t *testing.T) { func TestPostContainersCopy(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() // Create a container and remove a file containerID := createTestContainer(eng, @@ -1218,7 +1218,7 @@ func TestPostContainersCopy(t *testing.T) { func TestPostContainersCopyWhenContainerNotFound(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() r := httptest.NewRecorder() diff --git a/integration/buildfile_test.go b/integration/buildfile_test.go index bb864a5a12..81580ec98c 100644 --- a/integration/buildfile_test.go +++ b/integration/buildfile_test.go @@ -365,7 +365,7 @@ func TestBuild(t *testing.T) { func buildImage(context testContextTemplate, t *testing.T, eng *engine.Engine, useCache bool) (*image.Image, error) { if eng == nil { eng = NewTestEngine(t) - runtime := mkRuntimeFromEngine(eng, t) + runtime := mkDaemonFromEngine(eng, t) // FIXME: we might not need runtime, why not simply nuke // the engine? defer nuke(runtime) @@ -394,7 +394,7 @@ func buildImage(context testContextTemplate, t *testing.T, eng *engine.Engine, u } dockerfile := constructDockerfile(context.dockerfile, ip, port) - buildfile := server.NewBuildFile(srv, ioutil.Discard, ioutil.Discard, false, useCache, false, ioutil.Discard, utils.NewStreamFormatter(false), nil, nil) + buildfile := server.NewBuildFile(srv, ioutil.Discard, ioutil.Discard, false, useCache, false, ioutil.Discard, utils.NewStreamFormatter(false), nil) id, err := buildfile.Build(context.Archive(dockerfile, t)) if err != nil { return nil, err @@ -547,7 +547,7 @@ func TestBuildEntrypoint(t *testing.T) { // utilizing cache func TestBuildEntrypointRunCleanup(t *testing.T) { eng := NewTestEngine(t) - defer nuke(mkRuntimeFromEngine(eng, t)) + defer nuke(mkDaemonFromEngine(eng, t)) img, err := buildImage(testContextTemplate{` from {IMAGE} @@ -576,7 +576,7 @@ func TestBuildEntrypointRunCleanup(t *testing.T) { func checkCacheBehavior(t *testing.T, template testContextTemplate, expectHit bool) (imageId string) { eng := NewTestEngine(t) - defer nuke(mkRuntimeFromEngine(eng, t)) + defer nuke(mkDaemonFromEngine(eng, t)) img, err := buildImage(template, t, eng, true) if err != nil { @@ -660,7 +660,7 @@ func TestBuildADDLocalFileWithCache(t *testing.T) { }, nil} eng := NewTestEngine(t) - defer nuke(mkRuntimeFromEngine(eng, t)) + defer nuke(mkDaemonFromEngine(eng, t)) id1 := checkCacheBehaviorFromEngime(t, template, true, eng) template.files = append(template.files, [2]string{"bar", "hello2"}) @@ -796,7 +796,7 @@ func TestBuildADDLocalAndRemoteFilesWithoutCache(t *testing.T) { func TestForbiddenContextPath(t *testing.T) { eng := NewTestEngine(t) - defer nuke(mkRuntimeFromEngine(eng, t)) + defer nuke(mkDaemonFromEngine(eng, t)) srv := mkServerFromEngine(eng, t) context := testContextTemplate{` @@ -828,7 +828,7 @@ func TestForbiddenContextPath(t *testing.T) { } dockerfile := constructDockerfile(context.dockerfile, ip, port) - buildfile := server.NewBuildFile(srv, ioutil.Discard, ioutil.Discard, false, true, false, ioutil.Discard, utils.NewStreamFormatter(false), nil, nil) + buildfile := server.NewBuildFile(srv, ioutil.Discard, ioutil.Discard, false, true, false, ioutil.Discard, utils.NewStreamFormatter(false), nil) _, err = buildfile.Build(context.Archive(dockerfile, t)) if err == nil { @@ -844,7 +844,7 @@ func TestForbiddenContextPath(t *testing.T) { func TestBuildADDFileNotFound(t *testing.T) { eng := NewTestEngine(t) - defer nuke(mkRuntimeFromEngine(eng, t)) + defer nuke(mkDaemonFromEngine(eng, t)) context := testContextTemplate{` from {IMAGE} @@ -874,7 +874,7 @@ func TestBuildADDFileNotFound(t *testing.T) { } dockerfile := constructDockerfile(context.dockerfile, ip, port) - buildfile := server.NewBuildFile(mkServerFromEngine(eng, t), ioutil.Discard, ioutil.Discard, false, true, false, ioutil.Discard, utils.NewStreamFormatter(false), nil, nil) + buildfile := server.NewBuildFile(mkServerFromEngine(eng, t), ioutil.Discard, ioutil.Discard, false, true, false, ioutil.Discard, utils.NewStreamFormatter(false), nil) _, err = buildfile.Build(context.Archive(dockerfile, t)) if err == nil { @@ -890,7 +890,7 @@ func TestBuildADDFileNotFound(t *testing.T) { func TestBuildInheritance(t *testing.T) { eng := NewTestEngine(t) - defer nuke(mkRuntimeFromEngine(eng, t)) + defer nuke(mkDaemonFromEngine(eng, t)) img, err := buildImage(testContextTemplate{` from {IMAGE} @@ -1012,7 +1012,7 @@ func TestBuildOnBuildForbiddenMaintainerTrigger(t *testing.T) { // gh #2446 func TestBuildAddToSymlinkDest(t *testing.T) { eng := NewTestEngine(t) - defer nuke(mkRuntimeFromEngine(eng, t)) + defer nuke(mkDaemonFromEngine(eng, t)) _, err := buildImage(testContextTemplate{` from {IMAGE} diff --git a/integration/commands_test.go b/integration/commands_test.go index 15bb61b49c..5b967b68cc 100644 --- a/integration/commands_test.go +++ b/integration/commands_test.go @@ -4,10 +4,10 @@ import ( "bufio" "fmt" "github.com/dotcloud/docker/api/client" + "github.com/dotcloud/docker/daemon" "github.com/dotcloud/docker/engine" "github.com/dotcloud/docker/image" "github.com/dotcloud/docker/pkg/term" - "github.com/dotcloud/docker/runtime" "github.com/dotcloud/docker/utils" "io" "io/ioutil" @@ -36,7 +36,7 @@ func closeWrap(args ...io.Closer) error { return nil } -func setRaw(t *testing.T, c *runtime.Container) *term.State { +func setRaw(t *testing.T, c *daemon.Container) *term.State { pty, err := c.GetPtyMaster() if err != nil { t.Fatal(err) @@ -48,7 +48,7 @@ func setRaw(t *testing.T, c *runtime.Container) *term.State { return state } -func unsetRaw(t *testing.T, c *runtime.Container, state *term.State) { +func unsetRaw(t *testing.T, c *daemon.Container, state *term.State) { pty, err := c.GetPtyMaster() if err != nil { t.Fatal(err) @@ -56,12 +56,12 @@ func unsetRaw(t *testing.T, c *runtime.Container, state *term.State) { term.RestoreTerminal(pty.Fd(), state) } -func waitContainerStart(t *testing.T, timeout time.Duration) *runtime.Container { - var container *runtime.Container +func waitContainerStart(t *testing.T, timeout time.Duration) *daemon.Container { + var container *daemon.Container setTimeout(t, "Waiting for the container to be started timed out", timeout, func() { for { - l := globalRuntime.List() + l := globalDaemon.List() if len(l) == 1 && l[0].State.IsRunning() { container = l[0] break @@ -142,7 +142,7 @@ func TestRunHostname(t *testing.T) { } }) - container := globalRuntime.List()[0] + container := globalDaemon.List()[0] setTimeout(t, "CmdRun timed out", 10*time.Second, func() { <-c @@ -187,7 +187,7 @@ func TestRunWorkdir(t *testing.T) { } }) - container := globalRuntime.List()[0] + container := globalDaemon.List()[0] setTimeout(t, "CmdRun timed out", 10*time.Second, func() { <-c @@ -232,7 +232,7 @@ func TestRunWorkdirExists(t *testing.T) { } }) - container := globalRuntime.List()[0] + container := globalDaemon.List()[0] setTimeout(t, "CmdRun timed out", 5*time.Second, func() { <-c @@ -290,7 +290,7 @@ func TestRunExit(t *testing.T) { } }) - container := globalRuntime.List()[0] + container := globalDaemon.List()[0] // Closing /bin/cat stdin, expect it to exit if err := stdin.Close(); err != nil { @@ -359,7 +359,7 @@ func TestRunDisconnect(t *testing.T) { // Client disconnect after run -i should cause stdin to be closed, which should // cause /bin/cat to exit. setTimeout(t, "Waiting for /bin/cat to exit timed out", 2*time.Second, func() { - container := globalRuntime.List()[0] + container := globalDaemon.List()[0] container.Wait() if container.State.IsRunning() { t.Fatalf("/bin/cat is still running after closing stdin") @@ -445,7 +445,7 @@ func TestRunAttachStdin(t *testing.T) { } }) - container := globalRuntime.List()[0] + container := globalDaemon.List()[0] // Check output setTimeout(t, "Reading command output time out", 10*time.Second, func() { @@ -701,7 +701,7 @@ func TestAttachDisconnect(t *testing.T) { setTimeout(t, "Waiting for the container to be started timed out", 10*time.Second, func() { for { - l := globalRuntime.List() + l := globalDaemon.List() if len(l) == 1 && l[0].State.IsRunning() { break } @@ -709,7 +709,7 @@ func TestAttachDisconnect(t *testing.T) { } }) - container := globalRuntime.List()[0] + container := globalDaemon.List()[0] // Attach to it c1 := make(chan struct{}) @@ -781,7 +781,7 @@ func TestRunAutoRemove(t *testing.T) { time.Sleep(500 * time.Millisecond) - if len(globalRuntime.List()) > 0 { + if len(globalDaemon.List()) > 0 { t.Fatalf("failed to remove container automatically: container %s still exists", temporaryContainerID) } } @@ -798,7 +798,7 @@ func TestCmdLogs(t *testing.T) { t.Fatal(err) } - if err := cli.CmdLogs(globalRuntime.List()[0].ID); err != nil { + if err := cli.CmdLogs(globalDaemon.List()[0].ID); err != nil { t.Fatal(err) } } diff --git a/integration/container_test.go b/integration/container_test.go index 43f51c1e5f..8fe52a3cd6 100644 --- a/integration/container_test.go +++ b/integration/container_test.go @@ -1,445 +1,23 @@ package docker import ( - "bufio" "fmt" "github.com/dotcloud/docker/runconfig" - "github.com/dotcloud/docker/utils" "io" "io/ioutil" "os" "path" - "regexp" - "sort" "strings" "testing" "time" ) -func TestIDFormat(t *testing.T) { - runtime := mkRuntime(t) - defer nuke(runtime) - container1, _, err := runtime.Create( - &runconfig.Config{ - Image: GetTestImage(runtime).ID, - Cmd: []string{"/bin/sh", "-c", "echo hello world"}, - }, - "", - ) - if err != nil { - t.Fatal(err) - } - match, err := regexp.Match("^[0-9a-f]{64}$", []byte(container1.ID)) - if err != nil { - t.Fatal(err) - } - if !match { - t.Fatalf("Invalid container ID: %s", container1.ID) - } -} - -func TestMultipleAttachRestart(t *testing.T) { - runtime := mkRuntime(t) - defer nuke(runtime) - container, _, _ := mkContainer( - runtime, - []string{"_", "/bin/sh", "-c", "i=1; while [ $i -le 5 ]; do i=`expr $i + 1`; echo hello; done"}, - t, - ) - defer runtime.Destroy(container) - - // Simulate 3 client attaching to the container and stop/restart - - stdout1, err := container.StdoutPipe() - if err != nil { - t.Fatal(err) - } - stdout2, err := container.StdoutPipe() - if err != nil { - t.Fatal(err) - } - stdout3, err := container.StdoutPipe() - if err != nil { - t.Fatal(err) - } - if err := container.Start(); err != nil { - t.Fatal(err) - } - l1, err := bufio.NewReader(stdout1).ReadString('\n') - if err != nil { - t.Fatal(err) - } - if strings.Trim(l1, " \r\n") != "hello" { - t.Fatalf("Unexpected output. Expected [%s], received [%s]", "hello", l1) - } - l2, err := bufio.NewReader(stdout2).ReadString('\n') - if err != nil { - t.Fatal(err) - } - if strings.Trim(l2, " \r\n") != "hello" { - t.Fatalf("Unexpected output. Expected [%s], received [%s]", "hello", l2) - } - l3, err := bufio.NewReader(stdout3).ReadString('\n') - if err != nil { - t.Fatal(err) - } - if strings.Trim(l3, " \r\n") != "hello" { - t.Fatalf("Unexpected output. Expected [%s], received [%s]", "hello", l3) - } - - if err := container.Stop(10); err != nil { - t.Fatal(err) - } - - stdout1, err = container.StdoutPipe() - if err != nil { - t.Fatal(err) - } - stdout2, err = container.StdoutPipe() - if err != nil { - t.Fatal(err) - } - stdout3, err = container.StdoutPipe() - if err != nil { - t.Fatal(err) - } - if err := container.Start(); err != nil { - t.Fatal(err) - } - - setTimeout(t, "Timeout reading from the process", 3*time.Second, func() { - l1, err = bufio.NewReader(stdout1).ReadString('\n') - if err != nil { - t.Fatal(err) - } - if strings.Trim(l1, " \r\n") != "hello" { - t.Fatalf("Unexpected output. Expected [%s], received [%s]", "hello", l1) - } - l2, err = bufio.NewReader(stdout2).ReadString('\n') - if err != nil { - t.Fatal(err) - } - if strings.Trim(l2, " \r\n") != "hello" { - t.Fatalf("Unexpected output. Expected [%s], received [%s]", "hello", l2) - } - l3, err = bufio.NewReader(stdout3).ReadString('\n') - if err != nil { - t.Fatal(err) - } - if strings.Trim(l3, " \r\n") != "hello" { - t.Fatalf("Unexpected output. Expected [%s], received [%s]", "hello", l3) - } - }) - container.Wait() -} - -func TestDiff(t *testing.T) { - eng := NewTestEngine(t) - runtime := mkRuntimeFromEngine(eng, t) - defer nuke(runtime) - // Create a container and remove a file - container1, _, _ := mkContainer(runtime, []string{"_", "/bin/rm", "/etc/passwd"}, t) - defer runtime.Destroy(container1) - - // The changelog should be empty and not fail before run. See #1705 - c, err := container1.Changes() - if err != nil { - t.Fatal(err) - } - if len(c) != 0 { - t.Fatalf("Changelog should be empty before run") - } - - if err := container1.Run(); err != nil { - t.Fatal(err) - } - - // Check the changelog - c, err = container1.Changes() - if err != nil { - t.Fatal(err) - } - success := false - for _, elem := range c { - if elem.Path == "/etc/passwd" && elem.Kind == 2 { - success = true - } - } - if !success { - t.Fatalf("/etc/passwd as been removed but is not present in the diff") - } - - // Commit the container - img, err := runtime.Commit(container1, "", "", "unit test commited image - diff", "", nil) - if err != nil { - t.Fatal(err) - } - - // Create a new container from the commited image - container2, _, _ := mkContainer(runtime, []string{img.ID, "cat", "/etc/passwd"}, t) - defer runtime.Destroy(container2) - - if err := container2.Run(); err != nil { - t.Fatal(err) - } - - // Check the changelog - c, err = container2.Changes() - if err != nil { - t.Fatal(err) - } - for _, elem := range c { - if elem.Path == "/etc/passwd" { - t.Fatalf("/etc/passwd should not be present in the diff after commit.") - } - } - - // Create a new container - container3, _, _ := mkContainer(runtime, []string{"_", "rm", "/bin/httpd"}, t) - defer runtime.Destroy(container3) - - if err := container3.Run(); err != nil { - t.Fatal(err) - } - - // Check the changelog - c, err = container3.Changes() - if err != nil { - t.Fatal(err) - } - success = false - for _, elem := range c { - if elem.Path == "/bin/httpd" && elem.Kind == 2 { - success = true - } - } - if !success { - t.Fatalf("/bin/httpd should be present in the diff after commit.") - } -} - -func TestCommitAutoRun(t *testing.T) { - runtime := mkRuntime(t) - defer nuke(runtime) - container1, _, _ := mkContainer(runtime, []string{"_", "/bin/sh", "-c", "echo hello > /world"}, t) - defer runtime.Destroy(container1) - - if container1.State.IsRunning() { - t.Errorf("Container shouldn't be running") - } - if err := container1.Run(); err != nil { - t.Fatal(err) - } - if container1.State.IsRunning() { - t.Errorf("Container shouldn't be running") - } - - img, err := runtime.Commit(container1, "", "", "unit test commited image", "", &runconfig.Config{Cmd: []string{"cat", "/world"}}) - if err != nil { - t.Error(err) - } - - // FIXME: Make a TestCommit that stops here and check docker.root/layers/img.id/world - container2, _, _ := mkContainer(runtime, []string{img.ID}, t) - defer runtime.Destroy(container2) - stdout, err := container2.StdoutPipe() - if err != nil { - t.Fatal(err) - } - stderr, err := container2.StderrPipe() - if err != nil { - t.Fatal(err) - } - if err := container2.Start(); err != nil { - t.Fatal(err) - } - container2.Wait() - output, err := ioutil.ReadAll(stdout) - if err != nil { - t.Fatal(err) - } - output2, err := ioutil.ReadAll(stderr) - if err != nil { - t.Fatal(err) - } - if err := stdout.Close(); err != nil { - t.Fatal(err) - } - if err := stderr.Close(); err != nil { - t.Fatal(err) - } - if string(output) != "hello\n" { - t.Fatalf("Unexpected output. Expected %s, received: %s (err: %s)", "hello\n", output, output2) - } -} - -func TestCommitRun(t *testing.T) { - runtime := mkRuntime(t) - defer nuke(runtime) - - container1, _, _ := mkContainer(runtime, []string{"_", "/bin/sh", "-c", "echo hello > /world"}, t) - defer runtime.Destroy(container1) - - if container1.State.IsRunning() { - t.Errorf("Container shouldn't be running") - } - if err := container1.Run(); err != nil { - t.Fatal(err) - } - if container1.State.IsRunning() { - t.Errorf("Container shouldn't be running") - } - - img, err := runtime.Commit(container1, "", "", "unit test commited image", "", nil) - if err != nil { - t.Error(err) - } - - // FIXME: Make a TestCommit that stops here and check docker.root/layers/img.id/world - container2, _, _ := mkContainer(runtime, []string{img.ID, "cat", "/world"}, t) - defer runtime.Destroy(container2) - stdout, err := container2.StdoutPipe() - if err != nil { - t.Fatal(err) - } - stderr, err := container2.StderrPipe() - if err != nil { - t.Fatal(err) - } - if err := container2.Start(); err != nil { - t.Fatal(err) - } - container2.Wait() - output, err := ioutil.ReadAll(stdout) - if err != nil { - t.Fatal(err) - } - output2, err := ioutil.ReadAll(stderr) - if err != nil { - t.Fatal(err) - } - if err := stdout.Close(); err != nil { - t.Fatal(err) - } - if err := stderr.Close(); err != nil { - t.Fatal(err) - } - if string(output) != "hello\n" { - t.Fatalf("Unexpected output. Expected %s, received: %s (err: %s)", "hello\n", output, output2) - } -} - -func TestStart(t *testing.T) { - runtime := mkRuntime(t) - defer nuke(runtime) - container, _, _ := mkContainer(runtime, []string{"-i", "_", "/bin/cat"}, t) - defer runtime.Destroy(container) - - cStdin, err := container.StdinPipe() - if err != nil { - t.Fatal(err) - } - - if err := container.Start(); err != nil { - t.Fatal(err) - } - - // Give some time to the process to start - container.WaitTimeout(500 * time.Millisecond) - - if !container.State.IsRunning() { - t.Errorf("Container should be running") - } - if err := container.Start(); err != nil { - t.Fatalf("A running container should be able to be started") - } - - // Try to avoid the timeout in destroy. Best effort, don't check error - cStdin.Close() - container.WaitTimeout(2 * time.Second) -} - -func TestCpuShares(t *testing.T) { - _, err1 := os.Stat("/sys/fs/cgroup/cpuacct,cpu") - _, err2 := os.Stat("/sys/fs/cgroup/cpu,cpuacct") - if err1 == nil || err2 == nil { - t.Skip("Fixme. Setting cpu cgroup shares doesn't work in dind on a Fedora host. The lxc utils are confused by the cpu,cpuacct mount.") - } - runtime := mkRuntime(t) - defer nuke(runtime) - container, _, _ := mkContainer(runtime, []string{"-m", "33554432", "-c", "1000", "-i", "_", "/bin/cat"}, t) - defer runtime.Destroy(container) - - cStdin, err := container.StdinPipe() - if err != nil { - t.Fatal(err) - } - - if err := container.Start(); err != nil { - t.Fatal(err) - } - - // Give some time to the process to start - container.WaitTimeout(500 * time.Millisecond) - - if !container.State.IsRunning() { - t.Errorf("Container should be running") - } - if err := container.Start(); err != nil { - t.Fatalf("A running container should be able to be started") - } - - // Try to avoid the timeout in destroy. Best effort, don't check error - cStdin.Close() - container.WaitTimeout(2 * time.Second) -} - -func TestRun(t *testing.T) { - runtime := mkRuntime(t) - defer nuke(runtime) - container, _, _ := mkContainer(runtime, []string{"_", "ls", "-al"}, t) - defer runtime.Destroy(container) - - if container.State.IsRunning() { - t.Errorf("Container shouldn't be running") - } - if err := container.Run(); err != nil { - t.Fatal(err) - } - if container.State.IsRunning() { - t.Errorf("Container shouldn't be running") - } -} - -func TestOutput(t *testing.T) { - runtime := mkRuntime(t) - defer nuke(runtime) - container, _, err := runtime.Create( - &runconfig.Config{ - Image: GetTestImage(runtime).ID, - Cmd: []string{"echo", "-n", "foobar"}, - }, - "", - ) - if err != nil { - t.Fatal(err) - } - defer runtime.Destroy(container) - output, err := container.Output() - if err != nil { - t.Fatal(err) - } - if string(output) != "foobar" { - t.Fatalf("%s != %s", string(output), "foobar") - } -} - func TestKillDifferentUser(t *testing.T) { - runtime := mkRuntime(t) - defer nuke(runtime) + daemon := mkDaemon(t) + defer nuke(daemon) - container, _, err := runtime.Create(&runconfig.Config{ - Image: GetTestImage(runtime).ID, + container, _, err := daemon.Create(&runconfig.Config{ + Image: GetTestImage(daemon).ID, Cmd: []string{"cat"}, OpenStdin: true, User: "daemon", @@ -449,7 +27,7 @@ func TestKillDifferentUser(t *testing.T) { if err != nil { t.Fatal(err) } - defer runtime.Destroy(container) + defer daemon.Destroy(container) // FIXME @shykes: this seems redundant, but is very old, I'm leaving it in case // there is a side effect I'm not seeing. // defer container.stdin.Close() @@ -492,124 +70,11 @@ func TestKillDifferentUser(t *testing.T) { } } -// Test that creating a container with a volume doesn't crash. Regression test for #995. -func TestCreateVolume(t *testing.T) { - eng := NewTestEngine(t) - runtime := mkRuntimeFromEngine(eng, t) - defer nuke(runtime) - - config, hc, _, err := runconfig.Parse([]string{"-v", "/var/lib/data", unitTestImageID, "echo", "hello", "world"}, nil) - if err != nil { - t.Fatal(err) - } - jobCreate := eng.Job("create") - if err := jobCreate.ImportEnv(config); err != nil { - t.Fatal(err) - } - var id string - jobCreate.Stdout.AddString(&id) - if err := jobCreate.Run(); err != nil { - t.Fatal(err) - } - jobStart := eng.Job("start", id) - if err := jobStart.ImportEnv(hc); err != nil { - t.Fatal(err) - } - if err := jobStart.Run(); err != nil { - t.Fatal(err) - } - // FIXME: this hack can be removed once Wait is a job - c := runtime.Get(id) - if c == nil { - t.Fatalf("Couldn't retrieve container %s from runtime", id) - } - c.WaitTimeout(500 * time.Millisecond) - c.Wait() -} - -func TestKill(t *testing.T) { - runtime := mkRuntime(t) - defer nuke(runtime) - container, _, err := runtime.Create(&runconfig.Config{ - Image: GetTestImage(runtime).ID, - Cmd: []string{"sleep", "2"}, - }, - "", - ) - if err != nil { - t.Fatal(err) - } - defer runtime.Destroy(container) - - if container.State.IsRunning() { - t.Errorf("Container shouldn't be running") - } - if err := container.Start(); err != nil { - t.Fatal(err) - } - - // Give some time to lxc to spawn the process - container.WaitTimeout(500 * time.Millisecond) - - if !container.State.IsRunning() { - t.Errorf("Container should be running") - } - if err := container.Kill(); err != nil { - t.Fatal(err) - } - if container.State.IsRunning() { - t.Errorf("Container shouldn't be running") - } - container.Wait() - if container.State.IsRunning() { - t.Errorf("Container shouldn't be running") - } - // Try stopping twice - if err := container.Kill(); err != nil { - t.Fatal(err) - } -} - -func TestExitCode(t *testing.T) { - runtime := mkRuntime(t) - defer nuke(runtime) - - trueContainer, _, err := runtime.Create(&runconfig.Config{ - Image: GetTestImage(runtime).ID, - Cmd: []string{"/bin/true"}, - }, "") - if err != nil { - t.Fatal(err) - } - defer runtime.Destroy(trueContainer) - if err := trueContainer.Run(); err != nil { - t.Fatal(err) - } - if code := trueContainer.State.GetExitCode(); code != 0 { - t.Fatalf("Unexpected exit code %d (expected 0)", code) - } - - falseContainer, _, err := runtime.Create(&runconfig.Config{ - Image: GetTestImage(runtime).ID, - Cmd: []string{"/bin/false"}, - }, "") - if err != nil { - t.Fatal(err) - } - defer runtime.Destroy(falseContainer) - if err := falseContainer.Run(); err != nil { - t.Fatal(err) - } - if code := falseContainer.State.GetExitCode(); code != 1 { - t.Fatalf("Unexpected exit code %d (expected 1)", code) - } -} - func TestRestart(t *testing.T) { - runtime := mkRuntime(t) - defer nuke(runtime) - container, _, err := runtime.Create(&runconfig.Config{ - Image: GetTestImage(runtime).ID, + daemon := mkDaemon(t) + defer nuke(daemon) + container, _, err := daemon.Create(&runconfig.Config{ + Image: GetTestImage(daemon).ID, Cmd: []string{"echo", "-n", "foobar"}, }, "", @@ -617,7 +82,7 @@ func TestRestart(t *testing.T) { if err != nil { t.Fatal(err) } - defer runtime.Destroy(container) + defer daemon.Destroy(container) output, err := container.Output() if err != nil { t.Fatal(err) @@ -637,10 +102,10 @@ func TestRestart(t *testing.T) { } func TestRestartStdin(t *testing.T) { - runtime := mkRuntime(t) - defer nuke(runtime) - container, _, err := runtime.Create(&runconfig.Config{ - Image: GetTestImage(runtime).ID, + daemon := mkDaemon(t) + defer nuke(daemon) + container, _, err := daemon.Create(&runconfig.Config{ + Image: GetTestImage(daemon).ID, Cmd: []string{"cat"}, OpenStdin: true, @@ -650,7 +115,7 @@ func TestRestartStdin(t *testing.T) { if err != nil { t.Fatal(err) } - defer runtime.Destroy(container) + defer daemon.Destroy(container) stdin, err := container.StdinPipe() if err != nil { @@ -712,195 +177,11 @@ func TestRestartStdin(t *testing.T) { } } -func TestUser(t *testing.T) { - runtime := mkRuntime(t) - defer nuke(runtime) - - // Default user must be root - container, _, err := runtime.Create(&runconfig.Config{ - Image: GetTestImage(runtime).ID, - Cmd: []string{"id"}, - }, - "", - ) - if err != nil { - t.Fatal(err) - } - defer runtime.Destroy(container) - output, err := container.Output() - if err != nil { - t.Fatal(err) - } - if !strings.Contains(string(output), "uid=0(root) gid=0(root)") { - t.Error(string(output)) - } - - // Set a username - container, _, err = runtime.Create(&runconfig.Config{ - Image: GetTestImage(runtime).ID, - Cmd: []string{"id"}, - - User: "root", - }, - "", - ) - if err != nil { - t.Fatal(err) - } - defer runtime.Destroy(container) - output, err = container.Output() - if code := container.State.GetExitCode(); err != nil || code != 0 { - t.Fatal(err) - } - if !strings.Contains(string(output), "uid=0(root) gid=0(root)") { - t.Error(string(output)) - } - - // Set a UID - container, _, err = runtime.Create(&runconfig.Config{ - Image: GetTestImage(runtime).ID, - Cmd: []string{"id"}, - - User: "0", - }, - "", - ) - if code := container.State.GetExitCode(); err != nil || code != 0 { - t.Fatal(err) - } - defer runtime.Destroy(container) - output, err = container.Output() - if code := container.State.GetExitCode(); err != nil || code != 0 { - t.Fatal(err) - } - if !strings.Contains(string(output), "uid=0(root) gid=0(root)") { - t.Error(string(output)) - } - - // Set a different user by uid - container, _, err = runtime.Create(&runconfig.Config{ - Image: GetTestImage(runtime).ID, - Cmd: []string{"id"}, - - User: "1", - }, - "", - ) - if err != nil { - t.Fatal(err) - } - defer runtime.Destroy(container) - output, err = container.Output() - if err != nil { - t.Fatal(err) - } else if code := container.State.GetExitCode(); code != 0 { - t.Fatalf("Container exit code is invalid: %d\nOutput:\n%s\n", code, output) - } - if !strings.Contains(string(output), "uid=1(daemon) gid=1(daemon)") { - t.Error(string(output)) - } - - // Set a different user by username - container, _, err = runtime.Create(&runconfig.Config{ - Image: GetTestImage(runtime).ID, - Cmd: []string{"id"}, - - User: "daemon", - }, - "", - ) - if err != nil { - t.Fatal(err) - } - defer runtime.Destroy(container) - output, err = container.Output() - if code := container.State.GetExitCode(); err != nil || code != 0 { - t.Fatal(err) - } - if !strings.Contains(string(output), "uid=1(daemon) gid=1(daemon)") { - t.Error(string(output)) - } - - // Test an wrong username - container, _, err = runtime.Create(&runconfig.Config{ - Image: GetTestImage(runtime).ID, - Cmd: []string{"id"}, - - User: "unknownuser", - }, - "", - ) - if err != nil { - t.Fatal(err) - } - defer runtime.Destroy(container) - output, err = container.Output() - if container.State.GetExitCode() == 0 { - t.Fatal("Starting container with wrong uid should fail but it passed.") - } -} - -func TestMultipleContainers(t *testing.T) { - runtime := mkRuntime(t) - defer nuke(runtime) - - container1, _, err := runtime.Create(&runconfig.Config{ - Image: GetTestImage(runtime).ID, - Cmd: []string{"sleep", "2"}, - }, - "", - ) - if err != nil { - t.Fatal(err) - } - defer runtime.Destroy(container1) - - container2, _, err := runtime.Create(&runconfig.Config{ - Image: GetTestImage(runtime).ID, - Cmd: []string{"sleep", "2"}, - }, - "", - ) - if err != nil { - t.Fatal(err) - } - defer runtime.Destroy(container2) - - // Start both containers - if err := container1.Start(); err != nil { - t.Fatal(err) - } - if err := container2.Start(); err != nil { - t.Fatal(err) - } - - // Make sure they are running before trying to kill them - container1.WaitTimeout(250 * time.Millisecond) - container2.WaitTimeout(250 * time.Millisecond) - - // If we are here, both containers should be running - if !container1.State.IsRunning() { - t.Fatal("Container not running") - } - if !container2.State.IsRunning() { - t.Fatal("Container not running") - } - - // Kill them - if err := container1.Kill(); err != nil { - t.Fatal(err) - } - - if err := container2.Kill(); err != nil { - t.Fatal(err) - } -} - func TestStdin(t *testing.T) { - runtime := mkRuntime(t) - defer nuke(runtime) - container, _, err := runtime.Create(&runconfig.Config{ - Image: GetTestImage(runtime).ID, + daemon := mkDaemon(t) + defer nuke(daemon) + container, _, err := daemon.Create(&runconfig.Config{ + Image: GetTestImage(daemon).ID, Cmd: []string{"cat"}, OpenStdin: true, @@ -910,7 +191,7 @@ func TestStdin(t *testing.T) { if err != nil { t.Fatal(err) } - defer runtime.Destroy(container) + defer daemon.Destroy(container) stdin, err := container.StdinPipe() if err != nil { @@ -942,10 +223,10 @@ func TestStdin(t *testing.T) { } func TestTty(t *testing.T) { - runtime := mkRuntime(t) - defer nuke(runtime) - container, _, err := runtime.Create(&runconfig.Config{ - Image: GetTestImage(runtime).ID, + daemon := mkDaemon(t) + defer nuke(daemon) + container, _, err := daemon.Create(&runconfig.Config{ + Image: GetTestImage(daemon).ID, Cmd: []string{"cat"}, OpenStdin: true, @@ -955,7 +236,7 @@ func TestTty(t *testing.T) { if err != nil { t.Fatal(err) } - defer runtime.Destroy(container) + defer daemon.Destroy(container) stdin, err := container.StdinPipe() if err != nil { @@ -986,66 +267,12 @@ func TestTty(t *testing.T) { } } -func TestEnv(t *testing.T) { - os.Setenv("TRUE", "false") - os.Setenv("TRICKY", "tri\ncky\n") - runtime := mkRuntime(t) - defer nuke(runtime) - config, _, _, err := runconfig.Parse([]string{"-e=FALSE=true", "-e=TRUE", "-e=TRICKY", GetTestImage(runtime).ID, "env"}, nil) - if err != nil { - t.Fatal(err) - } - container, _, err := runtime.Create(config, "") - if err != nil { - t.Fatal(err) - } - defer runtime.Destroy(container) - - stdout, err := container.StdoutPipe() - if err != nil { - t.Fatal(err) - } - defer stdout.Close() - if err := container.Start(); err != nil { - t.Fatal(err) - } - container.Wait() - output, err := ioutil.ReadAll(stdout) - if err != nil { - t.Fatal(err) - } - actualEnv := strings.Split(string(output), "\n") - if actualEnv[len(actualEnv)-1] == "" { - actualEnv = actualEnv[:len(actualEnv)-1] - } - sort.Strings(actualEnv) - goodEnv := []string{ - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", - "HOME=/", - "HOSTNAME=" + utils.TruncateID(container.ID), - "FALSE=true", - "TRUE=false", - "TRICKY=tri", - "cky", - "", - } - sort.Strings(goodEnv) - if len(goodEnv) != len(actualEnv) { - t.Fatalf("Wrong environment: should be %d variables, not: '%s'\n", len(goodEnv), strings.Join(actualEnv, ", ")) - } - for i := range goodEnv { - if actualEnv[i] != goodEnv[i] { - t.Fatalf("Wrong environment variable: should be %s, not %s", goodEnv[i], actualEnv[i]) - } - } -} - func TestEntrypoint(t *testing.T) { - runtime := mkRuntime(t) - defer nuke(runtime) - container, _, err := runtime.Create( + daemon := mkDaemon(t) + defer nuke(daemon) + container, _, err := daemon.Create( &runconfig.Config{ - Image: GetTestImage(runtime).ID, + Image: GetTestImage(daemon).ID, Entrypoint: []string{"/bin/echo"}, Cmd: []string{"-n", "foobar"}, }, @@ -1054,7 +281,7 @@ func TestEntrypoint(t *testing.T) { if err != nil { t.Fatal(err) } - defer runtime.Destroy(container) + defer daemon.Destroy(container) output, err := container.Output() if err != nil { t.Fatal(err) @@ -1065,11 +292,11 @@ func TestEntrypoint(t *testing.T) { } func TestEntrypointNoCmd(t *testing.T) { - runtime := mkRuntime(t) - defer nuke(runtime) - container, _, err := runtime.Create( + daemon := mkDaemon(t) + defer nuke(daemon) + container, _, err := daemon.Create( &runconfig.Config{ - Image: GetTestImage(runtime).ID, + Image: GetTestImage(daemon).ID, Entrypoint: []string{"/bin/echo", "foobar"}, }, "", @@ -1077,7 +304,7 @@ func TestEntrypointNoCmd(t *testing.T) { if err != nil { t.Fatal(err) } - defer runtime.Destroy(container) + defer daemon.Destroy(container) output, err := container.Output() if err != nil { t.Fatal(err) @@ -1088,11 +315,11 @@ func TestEntrypointNoCmd(t *testing.T) { } func BenchmarkRunSequential(b *testing.B) { - runtime := mkRuntime(b) - defer nuke(runtime) + daemon := mkDaemon(b) + defer nuke(daemon) for i := 0; i < b.N; i++ { - container, _, err := runtime.Create(&runconfig.Config{ - Image: GetTestImage(runtime).ID, + container, _, err := daemon.Create(&runconfig.Config{ + Image: GetTestImage(daemon).ID, Cmd: []string{"echo", "-n", "foo"}, }, "", @@ -1100,7 +327,7 @@ func BenchmarkRunSequential(b *testing.B) { if err != nil { b.Fatal(err) } - defer runtime.Destroy(container) + defer daemon.Destroy(container) output, err := container.Output() if err != nil { b.Fatal(err) @@ -1108,15 +335,15 @@ func BenchmarkRunSequential(b *testing.B) { if string(output) != "foo" { b.Fatalf("Unexpected output: %s", output) } - if err := runtime.Destroy(container); err != nil { + if err := daemon.Destroy(container); err != nil { b.Fatal(err) } } } func BenchmarkRunParallel(b *testing.B) { - runtime := mkRuntime(b) - defer nuke(runtime) + daemon := mkDaemon(b) + defer nuke(daemon) var tasks []chan error @@ -1124,8 +351,8 @@ func BenchmarkRunParallel(b *testing.B) { complete := make(chan error) tasks = append(tasks, complete) go func(i int, complete chan error) { - container, _, err := runtime.Create(&runconfig.Config{ - Image: GetTestImage(runtime).ID, + container, _, err := daemon.Create(&runconfig.Config{ + Image: GetTestImage(daemon).ID, Cmd: []string{"echo", "-n", "foo"}, }, "", @@ -1134,7 +361,7 @@ func BenchmarkRunParallel(b *testing.B) { complete <- err return } - defer runtime.Destroy(container) + defer daemon.Destroy(container) if err := container.Start(); err != nil { complete <- err return @@ -1146,7 +373,7 @@ func BenchmarkRunParallel(b *testing.B) { // if string(output) != "foo" { // complete <- fmt.Errorf("Unexecpted output: %v", string(output)) // } - if err := runtime.Destroy(container); err != nil { + if err := daemon.Destroy(container); err != nil { complete <- err return } @@ -1176,11 +403,11 @@ func tempDir(t *testing.T) string { // Test for #1737 func TestCopyVolumeUidGid(t *testing.T) { eng := NewTestEngine(t) - r := mkRuntimeFromEngine(eng, t) + r := mkDaemonFromEngine(eng, t) defer r.Nuke() // Add directory not owned by root - container1, _, _ := mkContainer(r, []string{"_", "/bin/sh", "-c", "mkdir -p /hello && touch /hello/test.txt && chown daemon.daemon /hello"}, t) + container1, _, _ := mkContainer(r, []string{"_", "/bin/sh", "-c", "mkdir -p /hello && touch /hello/test && chown daemon.daemon /hello"}, t) defer r.Destroy(container1) if container1.State.IsRunning() { @@ -1205,12 +432,38 @@ func TestCopyVolumeUidGid(t *testing.T) { if !strings.Contains(stdout1, "daemon daemon") { t.Fatal("Container failed to transfer uid and gid to volume") } + + container2, _, _ := mkContainer(r, []string{"_", "/bin/sh", "-c", "mkdir -p /hello && chown daemon.daemon /hello"}, t) + defer r.Destroy(container1) + + if container2.State.IsRunning() { + t.Errorf("Container shouldn't be running") + } + if err := container2.Run(); err != nil { + t.Fatal(err) + } + if container2.State.IsRunning() { + t.Errorf("Container shouldn't be running") + } + + img2, err := r.Commit(container2, "", "", "unit test commited image", "", nil) + if err != nil { + t.Error(err) + } + + // Test that the uid and gid is copied from the image to the volume + tmpDir2 := tempDir(t) + defer os.RemoveAll(tmpDir2) + stdout2, _ := runContainer(eng, r, []string{"-v", "/hello", img2.ID, "stat", "-c", "%U %G", "/hello"}, t) + if !strings.Contains(stdout2, "daemon daemon") { + t.Fatal("Container failed to transfer uid and gid to volume") + } } // Test for #1582 func TestCopyVolumeContent(t *testing.T) { eng := NewTestEngine(t) - r := mkRuntimeFromEngine(eng, t) + r := mkDaemonFromEngine(eng, t) defer r.Nuke() // Put some content in a directory of a container and commit it @@ -1243,7 +496,7 @@ func TestCopyVolumeContent(t *testing.T) { func TestBindMounts(t *testing.T) { eng := NewTestEngine(t) - r := mkRuntimeFromEngine(eng, t) + r := mkDaemonFromEngine(eng, t) defer r.Nuke() tmpDir := tempDir(t) @@ -1275,11 +528,11 @@ func TestBindMounts(t *testing.T) { // Test that restarting a container with a volume does not create a new volume on restart. Regression test for #819. func TestRestartWithVolumes(t *testing.T) { - runtime := mkRuntime(t) - defer nuke(runtime) + daemon := mkDaemon(t) + defer nuke(daemon) - container, _, err := runtime.Create(&runconfig.Config{ - Image: GetTestImage(runtime).ID, + container, _, err := daemon.Create(&runconfig.Config{ + Image: GetTestImage(daemon).ID, Cmd: []string{"echo", "-n", "foobar"}, Volumes: map[string]struct{}{"/test": {}}, }, @@ -1288,7 +541,7 @@ func TestRestartWithVolumes(t *testing.T) { if err != nil { t.Fatal(err) } - defer runtime.Destroy(container) + defer daemon.Destroy(container) for key := range container.Config.Volumes { if key != "/test" { @@ -1316,139 +569,3 @@ func TestRestartWithVolumes(t *testing.T) { t.Fatalf("Expected volume path: %s Actual path: %s", expected, actual) } } - -func TestContainerNetwork(t *testing.T) { - runtime := mkRuntime(t) - defer nuke(runtime) - container, _, err := runtime.Create( - &runconfig.Config{ - Image: GetTestImage(runtime).ID, - // If I change this to ping 8.8.8.8 it fails. Any idea why? - timthelion - Cmd: []string{"ping", "-c", "1", "127.0.0.1"}, - }, - "", - ) - if err != nil { - t.Fatal(err) - } - defer runtime.Destroy(container) - if err := container.Run(); err != nil { - t.Fatal(err) - } - if code := container.State.GetExitCode(); code != 0 { - t.Fatalf("Unexpected ping 127.0.0.1 exit code %d (expected 0)", code) - } -} - -// Issue #4681 -func TestLoopbackFunctionsWhenNetworkingIsDissabled(t *testing.T) { - runtime := mkRuntime(t) - defer nuke(runtime) - container, _, err := runtime.Create( - &runconfig.Config{ - Image: GetTestImage(runtime).ID, - Cmd: []string{"ping", "-c", "1", "127.0.0.1"}, - NetworkDisabled: true, - }, - "", - ) - if err != nil { - t.Fatal(err) - } - defer runtime.Destroy(container) - if err := container.Run(); err != nil { - t.Fatal(err) - } - if code := container.State.GetExitCode(); code != 0 { - t.Fatalf("Unexpected ping 127.0.0.1 exit code %d (expected 0)", code) - } -} - -func TestOnlyLoopbackExistsWhenUsingDisableNetworkOption(t *testing.T) { - eng := NewTestEngine(t) - runtime := mkRuntimeFromEngine(eng, t) - defer nuke(runtime) - - config, hc, _, err := runconfig.Parse([]string{"-n=false", GetTestImage(runtime).ID, "ip", "addr", "show", "up"}, nil) - if err != nil { - t.Fatal(err) - } - - jobCreate := eng.Job("create") - if err := jobCreate.ImportEnv(config); err != nil { - t.Fatal(err) - } - var id string - jobCreate.Stdout.AddString(&id) - if err := jobCreate.Run(); err != nil { - t.Fatal(err) - } - // FIXME: this hack can be removed once Wait is a job - c := runtime.Get(id) - if c == nil { - t.Fatalf("Couldn't retrieve container %s from runtime", id) - } - stdout, err := c.StdoutPipe() - if err != nil { - t.Fatal(err) - } - - jobStart := eng.Job("start", id) - if err := jobStart.ImportEnv(hc); err != nil { - t.Fatal(err) - } - if err := jobStart.Run(); err != nil { - t.Fatal(err) - } - - c.WaitTimeout(500 * time.Millisecond) - c.Wait() - output, err := ioutil.ReadAll(stdout) - if err != nil { - t.Fatal(err) - } - - interfaces := regexp.MustCompile(`(?m)^[0-9]+: [a-zA-Z0-9]+`).FindAllString(string(output), -1) - if len(interfaces) != 1 { - t.Fatalf("Wrong interface count in test container: expected [*: lo], got %s", interfaces) - } - if !strings.HasSuffix(interfaces[0], ": lo") { - t.Fatalf("Wrong interface in test container: expected [*: lo], got %s", interfaces) - } -} - -func TestPrivilegedCanMknod(t *testing.T) { - eng := NewTestEngine(t) - runtime := mkRuntimeFromEngine(eng, t) - defer runtime.Nuke() - if output, err := runContainer(eng, runtime, []string{"--privileged", "_", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok"}, t); output != "ok\n" { - t.Fatalf("Could not mknod into privileged container %s %v", output, err) - } -} - -func TestPrivilegedCanMount(t *testing.T) { - eng := NewTestEngine(t) - runtime := mkRuntimeFromEngine(eng, t) - defer runtime.Nuke() - if output, _ := runContainer(eng, runtime, []string{"--privileged", "_", "sh", "-c", "mount -t tmpfs none /tmp && echo ok"}, t); output != "ok\n" { - t.Fatal("Could not mount into privileged container") - } -} - -func TestUnprivilegedCanMknod(t *testing.T) { - eng := NewTestEngine(t) - runtime := mkRuntimeFromEngine(eng, t) - defer runtime.Nuke() - if output, _ := runContainer(eng, runtime, []string{"_", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok"}, t); output != "ok\n" { - t.Fatal("Couldn't mknod into secure container") - } -} - -func TestUnprivilegedCannotMount(t *testing.T) { - eng := NewTestEngine(t) - runtime := mkRuntimeFromEngine(eng, t) - defer runtime.Nuke() - if output, _ := runContainer(eng, runtime, []string{"_", "sh", "-c", "mount -t tmpfs none /tmp || echo ok"}, t); output != "ok\n" { - t.Fatal("Could mount into secure container") - } -} diff --git a/integration/graph_test.go b/integration/graph_test.go index 5602b3938d..c29055edfc 100644 --- a/integration/graph_test.go +++ b/integration/graph_test.go @@ -3,10 +3,10 @@ package docker import ( "errors" "github.com/dotcloud/docker/archive" + "github.com/dotcloud/docker/daemon/graphdriver" "github.com/dotcloud/docker/dockerversion" "github.com/dotcloud/docker/graph" "github.com/dotcloud/docker/image" - "github.com/dotcloud/docker/runtime/graphdriver" "github.com/dotcloud/docker/utils" "io" "io/ioutil" @@ -43,7 +43,7 @@ func TestMount(t *testing.T) { t.Fatal(err) } - if _, err := driver.Get(image.ID); err != nil { + if _, err := driver.Get(image.ID, ""); err != nil { t.Fatal(err) } } diff --git a/integration/https_test.go b/integration/https_test.go index 0b4abea881..34c16cf9f9 100644 --- a/integration/https_test.go +++ b/integration/https_test.go @@ -3,10 +3,12 @@ package docker import ( "crypto/tls" "crypto/x509" - "github.com/dotcloud/docker/api/client" "io/ioutil" + "strings" "testing" "time" + + "github.com/dotcloud/docker/api/client" ) const ( @@ -56,7 +58,7 @@ func TestHttpsInfoRogueCert(t *testing.T) { if err == nil { t.Fatal("Expected error but got nil") } - if err.Error() != errBadCertificate { + if !strings.Contains(err.Error(), errBadCertificate) { t.Fatalf("Expected error: %s, got instead: %s", errBadCertificate, err) } }) @@ -74,7 +76,7 @@ func TestHttpsInfoRogueServerCert(t *testing.T) { t.Fatal("Expected error but got nil") } - if err.Error() != errCaUnknown { + if !strings.Contains(err.Error(), errCaUnknown) { t.Fatalf("Expected error: %s, got instead: %s", errBadCertificate, err) } diff --git a/integration/iptables_test.go b/integration/iptables_test.go deleted file mode 100644 index 1dd4194350..0000000000 --- a/integration/iptables_test.go +++ /dev/null @@ -1,22 +0,0 @@ -package docker - -import ( - "github.com/dotcloud/docker/pkg/iptables" - "os" - "testing" -) - -// FIXME: this test should be a unit test. -// For example by mocking os/exec to make sure iptables is not actually called. - -func TestIptables(t *testing.T) { - if _, err := iptables.Raw("-L"); err != nil { - t.Fatal(err) - } - path := os.Getenv("PATH") - os.Setenv("PATH", "") - defer os.Setenv("PATH", path) - if _, err := iptables.Raw("-L"); err == nil { - t.Fatal("Not finding iptables in the PATH should cause an error") - } -} diff --git a/integration/runtime_test.go b/integration/runtime_test.go index 6058d8f3e8..c84ea5bed2 100644 --- a/integration/runtime_test.go +++ b/integration/runtime_test.go @@ -3,11 +3,11 @@ package docker import ( "bytes" "fmt" + "github.com/dotcloud/docker/daemon" "github.com/dotcloud/docker/engine" "github.com/dotcloud/docker/image" "github.com/dotcloud/docker/nat" "github.com/dotcloud/docker/runconfig" - "github.com/dotcloud/docker/runtime" "github.com/dotcloud/docker/sysinit" "github.com/dotcloud/docker/utils" "io" @@ -38,8 +38,8 @@ const ( ) var ( - // FIXME: globalRuntime is deprecated by globalEngine. All tests should be converted. - globalRuntime *runtime.Runtime + // FIXME: globalDaemon is deprecated by globalEngine. All tests should be converted. + globalDaemon *daemon.Daemon globalEngine *engine.Engine globalHttpsEngine *engine.Engine globalRogueHttpsEngine *engine.Engine @@ -47,17 +47,17 @@ var ( startGoroutines int ) -// FIXME: nuke() is deprecated by Runtime.Nuke() -func nuke(runtime *runtime.Runtime) error { - return runtime.Nuke() +// FIXME: nuke() is deprecated by Daemon.Nuke() +func nuke(daemon *daemon.Daemon) error { + return daemon.Nuke() } // FIXME: cleanup and nuke are redundant. func cleanup(eng *engine.Engine, t *testing.T) error { - runtime := mkRuntimeFromEngine(eng, t) - for _, container := range runtime.List() { + daemon := mkDaemonFromEngine(eng, t) + for _, container := range daemon.List() { container.Kill() - runtime.Destroy(container) + daemon.Destroy(container) } job := eng.Job("images") images, err := job.Stdout.AddTable() @@ -119,11 +119,11 @@ func init() { src.Close() } - // Setup the base runtime, which will be duplicated for each test. + // Setup the base daemon, which will be duplicated for each test. // (no tests are run directly in the base) setupBaseImage() - // Create the "global runtime" with a long-running daemons for integration tests + // Create the "global daemon" with a long-running daemons for integration tests spawnGlobalDaemon() spawnLegitHttpsDaemon() spawnRogueHttpsDaemon() @@ -146,14 +146,14 @@ func setupBaseImage() { } func spawnGlobalDaemon() { - if globalRuntime != nil { - utils.Debugf("Global runtime already exists. Skipping.") + if globalDaemon != nil { + utils.Debugf("Global daemon already exists. Skipping.") return } t := log.New(os.Stderr, "", 0) eng := NewTestEngine(t) globalEngine = eng - globalRuntime = mkRuntimeFromEngine(eng, t) + globalDaemon = mkDaemonFromEngine(eng, t) // Spawn a Daemon go func() { @@ -235,8 +235,8 @@ func spawnHttpsDaemon(addr, cacert, cert, key string) *engine.Engine { // FIXME: test that ImagePull(json=true) send correct json output -func GetTestImage(runtime *runtime.Runtime) *image.Image { - imgs, err := runtime.Graph().Map() +func GetTestImage(daemon *daemon.Daemon) *image.Image { + imgs, err := daemon.Graph().Map() if err != nil { log.Fatalf("Unable to get the test image: %s", err) } @@ -245,21 +245,21 @@ func GetTestImage(runtime *runtime.Runtime) *image.Image { return image } } - log.Fatalf("Test image %v not found in %s: %s", unitTestImageID, runtime.Graph().Root, imgs) + log.Fatalf("Test image %v not found in %s: %s", unitTestImageID, daemon.Graph().Root, imgs) return nil } -func TestRuntimeCreate(t *testing.T) { - runtime := mkRuntime(t) - defer nuke(runtime) +func TestDaemonCreate(t *testing.T) { + daemon := mkDaemon(t) + defer nuke(daemon) // Make sure we start we 0 containers - if len(runtime.List()) != 0 { - t.Errorf("Expected 0 containers, %v found", len(runtime.List())) + if len(daemon.List()) != 0 { + t.Errorf("Expected 0 containers, %v found", len(daemon.List())) } - container, _, err := runtime.Create(&runconfig.Config{ - Image: GetTestImage(runtime).ID, + container, _, err := daemon.Create(&runconfig.Config{ + Image: GetTestImage(daemon).ID, Cmd: []string{"ls", "-al"}, }, "", @@ -269,56 +269,56 @@ func TestRuntimeCreate(t *testing.T) { } defer func() { - if err := runtime.Destroy(container); err != nil { + if err := daemon.Destroy(container); err != nil { t.Error(err) } }() // Make sure we can find the newly created container with List() - if len(runtime.List()) != 1 { - t.Errorf("Expected 1 container, %v found", len(runtime.List())) + if len(daemon.List()) != 1 { + t.Errorf("Expected 1 container, %v found", len(daemon.List())) } // Make sure the container List() returns is the right one - if runtime.List()[0].ID != container.ID { - t.Errorf("Unexpected container %v returned by List", runtime.List()[0]) + if daemon.List()[0].ID != container.ID { + t.Errorf("Unexpected container %v returned by List", daemon.List()[0]) } // Make sure we can get the container with Get() - if runtime.Get(container.ID) == nil { + if daemon.Get(container.ID) == nil { t.Errorf("Unable to get newly created container") } // Make sure it is the right container - if runtime.Get(container.ID) != container { + if daemon.Get(container.ID) != container { t.Errorf("Get() returned the wrong container") } // Make sure Exists returns it as existing - if !runtime.Exists(container.ID) { + if !daemon.Exists(container.ID) { t.Errorf("Exists() returned false for a newly created container") } // Test that conflict error displays correct details - testContainer, _, _ := runtime.Create( + testContainer, _, _ := daemon.Create( &runconfig.Config{ - Image: GetTestImage(runtime).ID, + Image: GetTestImage(daemon).ID, Cmd: []string{"ls", "-al"}, }, "conflictname", ) - if _, _, err := runtime.Create(&runconfig.Config{Image: GetTestImage(runtime).ID, Cmd: []string{"ls", "-al"}}, testContainer.Name); err == nil || !strings.Contains(err.Error(), utils.TruncateID(testContainer.ID)) { + if _, _, err := daemon.Create(&runconfig.Config{Image: GetTestImage(daemon).ID, Cmd: []string{"ls", "-al"}}, testContainer.Name); err == nil || !strings.Contains(err.Error(), utils.TruncateID(testContainer.ID)) { t.Fatalf("Name conflict error doesn't include the correct short id. Message was: %s", err.Error()) } // Make sure create with bad parameters returns an error - if _, _, err = runtime.Create(&runconfig.Config{Image: GetTestImage(runtime).ID}, ""); err == nil { + if _, _, err = daemon.Create(&runconfig.Config{Image: GetTestImage(daemon).ID}, ""); err == nil { t.Fatal("Builder.Create should throw an error when Cmd is missing") } - if _, _, err := runtime.Create( + if _, _, err := daemon.Create( &runconfig.Config{ - Image: GetTestImage(runtime).ID, + Image: GetTestImage(daemon).ID, Cmd: []string{}, }, "", @@ -327,20 +327,20 @@ func TestRuntimeCreate(t *testing.T) { } config := &runconfig.Config{ - Image: GetTestImage(runtime).ID, + Image: GetTestImage(daemon).ID, Cmd: []string{"/bin/ls"}, PortSpecs: []string{"80"}, } - container, _, err = runtime.Create(config, "") + container, _, err = daemon.Create(config, "") - _, err = runtime.Commit(container, "testrepo", "testtag", "", "", config) + _, err = daemon.Commit(container, "testrepo", "testtag", "", "", config) if err != nil { t.Error(err) } // test expose 80:8000 - container, warnings, err := runtime.Create(&runconfig.Config{ - Image: GetTestImage(runtime).ID, + container, warnings, err := daemon.Create(&runconfig.Config{ + Image: GetTestImage(daemon).ID, Cmd: []string{"ls", "-al"}, PortSpecs: []string{"80:8000"}, }, @@ -355,83 +355,83 @@ func TestRuntimeCreate(t *testing.T) { } func TestDestroy(t *testing.T) { - runtime := mkRuntime(t) - defer nuke(runtime) + daemon := mkDaemon(t) + defer nuke(daemon) - container, _, err := runtime.Create(&runconfig.Config{ - Image: GetTestImage(runtime).ID, + container, _, err := daemon.Create(&runconfig.Config{ + Image: GetTestImage(daemon).ID, Cmd: []string{"ls", "-al"}, }, "") if err != nil { t.Fatal(err) } // Destroy - if err := runtime.Destroy(container); err != nil { + if err := daemon.Destroy(container); err != nil { t.Error(err) } - // Make sure runtime.Exists() behaves correctly - if runtime.Exists("test_destroy") { + // Make sure daemon.Exists() behaves correctly + if daemon.Exists("test_destroy") { t.Errorf("Exists() returned true") } - // Make sure runtime.List() doesn't list the destroyed container - if len(runtime.List()) != 0 { - t.Errorf("Expected 0 container, %v found", len(runtime.List())) + // Make sure daemon.List() doesn't list the destroyed container + if len(daemon.List()) != 0 { + t.Errorf("Expected 0 container, %v found", len(daemon.List())) } - // Make sure runtime.Get() refuses to return the unexisting container - if runtime.Get(container.ID) != nil { + // Make sure daemon.Get() refuses to return the unexisting container + if daemon.Get(container.ID) != nil { t.Errorf("Unable to get newly created container") } // Test double destroy - if err := runtime.Destroy(container); err == nil { + if err := daemon.Destroy(container); err == nil { // It should have failed t.Errorf("Double destroy did not fail") } } func TestGet(t *testing.T) { - runtime := mkRuntime(t) - defer nuke(runtime) + daemon := mkDaemon(t) + defer nuke(daemon) - container1, _, _ := mkContainer(runtime, []string{"_", "ls", "-al"}, t) - defer runtime.Destroy(container1) + container1, _, _ := mkContainer(daemon, []string{"_", "ls", "-al"}, t) + defer daemon.Destroy(container1) - container2, _, _ := mkContainer(runtime, []string{"_", "ls", "-al"}, t) - defer runtime.Destroy(container2) + container2, _, _ := mkContainer(daemon, []string{"_", "ls", "-al"}, t) + defer daemon.Destroy(container2) - container3, _, _ := mkContainer(runtime, []string{"_", "ls", "-al"}, t) - defer runtime.Destroy(container3) + container3, _, _ := mkContainer(daemon, []string{"_", "ls", "-al"}, t) + defer daemon.Destroy(container3) - if runtime.Get(container1.ID) != container1 { - t.Errorf("Get(test1) returned %v while expecting %v", runtime.Get(container1.ID), container1) + if daemon.Get(container1.ID) != container1 { + t.Errorf("Get(test1) returned %v while expecting %v", daemon.Get(container1.ID), container1) } - if runtime.Get(container2.ID) != container2 { - t.Errorf("Get(test2) returned %v while expecting %v", runtime.Get(container2.ID), container2) + if daemon.Get(container2.ID) != container2 { + t.Errorf("Get(test2) returned %v while expecting %v", daemon.Get(container2.ID), container2) } - if runtime.Get(container3.ID) != container3 { - t.Errorf("Get(test3) returned %v while expecting %v", runtime.Get(container3.ID), container3) + if daemon.Get(container3.ID) != container3 { + t.Errorf("Get(test3) returned %v while expecting %v", daemon.Get(container3.ID), container3) } } -func startEchoServerContainer(t *testing.T, proto string) (*runtime.Runtime, *runtime.Container, string) { +func startEchoServerContainer(t *testing.T, proto string) (*daemon.Daemon, *daemon.Container, string) { var ( err error id string strPort string eng = NewTestEngine(t) - runtime = mkRuntimeFromEngine(eng, t) + daemon = mkDaemonFromEngine(eng, t) port = 5554 p nat.Port ) defer func() { if err != nil { - runtime.Nuke() + daemon.Nuke() } }() @@ -459,7 +459,7 @@ func startEchoServerContainer(t *testing.T, proto string) (*runtime.Runtime, *ru if err := jobCreate.Run(); err != nil { t.Fatal(err) } - // FIXME: this relies on the undocumented behavior of runtime.Create + // FIXME: this relies on the undocumented behavior of daemon.Create // which will return a nil error AND container if the exposed ports // are invalid. That behavior should be fixed! if id != "" { @@ -481,7 +481,7 @@ func startEchoServerContainer(t *testing.T, proto string) (*runtime.Runtime, *ru t.Fatal(err) } - container := runtime.Get(id) + container := daemon.Get(id) if container == nil { t.Fatalf("Couldn't fetch test container %s", id) } @@ -496,13 +496,13 @@ func startEchoServerContainer(t *testing.T, proto string) (*runtime.Runtime, *ru container.WaitTimeout(500 * time.Millisecond) strPort = container.NetworkSettings.Ports[p][0].HostPort - return runtime, container, strPort + return daemon, container, strPort } // Run a container with a TCP port allocated, and test that it can receive connections on localhost func TestAllocateTCPPortLocalhost(t *testing.T) { - runtime, container, port := startEchoServerContainer(t, "tcp") - defer nuke(runtime) + daemon, container, port := startEchoServerContainer(t, "tcp") + defer nuke(daemon) defer container.Kill() for i := 0; i != 10; i++ { @@ -550,8 +550,8 @@ func TestAllocateTCPPortLocalhost(t *testing.T) { // Run a container with an UDP port allocated, and test that it can receive connections on localhost func TestAllocateUDPPortLocalhost(t *testing.T) { - runtime, container, port := startEchoServerContainer(t, "udp") - defer nuke(runtime) + daemon, container, port := startEchoServerContainer(t, "udp") + defer nuke(daemon) defer container.Kill() conn, err := net.Dial("udp", fmt.Sprintf("localhost:%v", port)) @@ -586,15 +586,15 @@ func TestAllocateUDPPortLocalhost(t *testing.T) { func TestRestore(t *testing.T) { eng := NewTestEngine(t) - runtime1 := mkRuntimeFromEngine(eng, t) - defer runtime1.Nuke() + daemon1 := mkDaemonFromEngine(eng, t) + defer daemon1.Nuke() // Create a container with one instance of docker - container1, _, _ := mkContainer(runtime1, []string{"_", "ls", "-al"}, t) - defer runtime1.Destroy(container1) + container1, _, _ := mkContainer(daemon1, []string{"_", "ls", "-al"}, t) + defer daemon1.Destroy(container1) // Create a second container meant to be killed - container2, _, _ := mkContainer(runtime1, []string{"-i", "_", "/bin/cat"}, t) - defer runtime1.Destroy(container2) + container2, _, _ := mkContainer(daemon1, []string{"-i", "_", "/bin/cat"}, t) + defer daemon1.Destroy(container2) // Start the container non blocking if err := container2.Start(); err != nil { @@ -614,8 +614,8 @@ func TestRestore(t *testing.T) { container2.State.SetRunning(42) container2.ToDisk() - if len(runtime1.List()) != 2 { - t.Errorf("Expected 2 container, %v found", len(runtime1.List())) + if len(daemon1.List()) != 2 { + t.Errorf("Expected 2 container, %v found", len(daemon1.List())) } if err := container1.Run(); err != nil { t.Fatal(err) @@ -627,13 +627,13 @@ func TestRestore(t *testing.T) { // Here are are simulating a docker restart - that is, reloading all containers // from scratch - eng = newTestEngine(t, false, eng.Root()) - runtime2 := mkRuntimeFromEngine(eng, t) - if len(runtime2.List()) != 2 { - t.Errorf("Expected 2 container, %v found", len(runtime2.List())) + eng = newTestEngine(t, false, daemon1.Config().Root) + daemon2 := mkDaemonFromEngine(eng, t) + if len(daemon2.List()) != 2 { + t.Errorf("Expected 2 container, %v found", len(daemon2.List())) } runningCount := 0 - for _, c := range runtime2.List() { + for _, c := range daemon2.List() { if c.State.IsRunning() { t.Errorf("Running container found: %v (%v)", c.ID, c.Path) runningCount++ @@ -642,7 +642,7 @@ func TestRestore(t *testing.T) { if runningCount != 0 { t.Fatalf("Expected 0 container alive, %d found", runningCount) } - container3 := runtime2.Get(container1.ID) + container3 := daemon2.Get(container1.ID) if container3 == nil { t.Fatal("Unable to Get container") } @@ -654,22 +654,22 @@ func TestRestore(t *testing.T) { func TestDefaultContainerName(t *testing.T) { eng := NewTestEngine(t) - runtime := mkRuntimeFromEngine(eng, t) - defer nuke(runtime) + daemon := mkDaemonFromEngine(eng, t) + defer nuke(daemon) config, _, _, err := runconfig.Parse([]string{unitTestImageID, "echo test"}, nil) if err != nil { t.Fatal(err) } - container := runtime.Get(createNamedTestContainer(eng, config, t, "some_name")) + container := daemon.Get(createNamedTestContainer(eng, config, t, "some_name")) containerID := container.ID if container.Name != "/some_name" { t.Fatalf("Expect /some_name got %s", container.Name) } - if c := runtime.Get("/some_name"); c == nil { + if c := daemon.Get("/some_name"); c == nil { t.Fatalf("Couldn't retrieve test container as /some_name") } else if c.ID != containerID { t.Fatalf("Container /some_name has ID %s instead of %s", c.ID, containerID) @@ -678,22 +678,22 @@ func TestDefaultContainerName(t *testing.T) { func TestRandomContainerName(t *testing.T) { eng := NewTestEngine(t) - runtime := mkRuntimeFromEngine(eng, t) - defer nuke(runtime) + daemon := mkDaemonFromEngine(eng, t) + defer nuke(daemon) - config, _, _, err := runconfig.Parse([]string{GetTestImage(runtime).ID, "echo test"}, nil) + config, _, _, err := runconfig.Parse([]string{GetTestImage(daemon).ID, "echo test"}, nil) if err != nil { t.Fatal(err) } - container := runtime.Get(createTestContainer(eng, config, t)) + container := daemon.Get(createTestContainer(eng, config, t)) containerID := container.ID if container.Name == "" { t.Fatalf("Expected not empty container name") } - if c := runtime.Get(container.Name); c == nil { + if c := daemon.Get(container.Name); c == nil { log.Fatalf("Could not lookup container %s by its name", container.Name) } else if c.ID != containerID { log.Fatalf("Looking up container name %s returned id %s instead of %s", container.Name, c.ID, containerID) @@ -702,8 +702,8 @@ func TestRandomContainerName(t *testing.T) { func TestContainerNameValidation(t *testing.T) { eng := NewTestEngine(t) - runtime := mkRuntimeFromEngine(eng, t) - defer nuke(runtime) + daemon := mkDaemonFromEngine(eng, t) + defer nuke(daemon) for _, test := range []struct { Name string @@ -733,13 +733,13 @@ func TestContainerNameValidation(t *testing.T) { t.Fatal(err) } - container := runtime.Get(shortID) + container := daemon.Get(shortID) if container.Name != "/"+test.Name { t.Fatalf("Expect /%s got %s", test.Name, container.Name) } - if c := runtime.Get("/" + test.Name); c == nil { + if c := daemon.Get("/" + test.Name); c == nil { t.Fatalf("Couldn't retrieve test container as /%s", test.Name) } else if c.ID != container.ID { t.Fatalf("Container /%s has ID %s instead of %s", test.Name, c.ID, container.ID) @@ -750,17 +750,17 @@ func TestContainerNameValidation(t *testing.T) { func TestLinkChildContainer(t *testing.T) { eng := NewTestEngine(t) - runtime := mkRuntimeFromEngine(eng, t) - defer nuke(runtime) + daemon := mkDaemonFromEngine(eng, t) + defer nuke(daemon) config, _, _, err := runconfig.Parse([]string{unitTestImageID, "echo test"}, nil) if err != nil { t.Fatal(err) } - container := runtime.Get(createNamedTestContainer(eng, config, t, "/webapp")) + container := daemon.Get(createNamedTestContainer(eng, config, t, "/webapp")) - webapp, err := runtime.GetByName("/webapp") + webapp, err := daemon.GetByName("/webapp") if err != nil { t.Fatal(err) } @@ -769,19 +769,19 @@ func TestLinkChildContainer(t *testing.T) { t.Fatalf("Expect webapp id to match container id: %s != %s", webapp.ID, container.ID) } - config, _, _, err = runconfig.Parse([]string{GetTestImage(runtime).ID, "echo test"}, nil) + config, _, _, err = runconfig.Parse([]string{GetTestImage(daemon).ID, "echo test"}, nil) if err != nil { t.Fatal(err) } - childContainer := runtime.Get(createTestContainer(eng, config, t)) + childContainer := daemon.Get(createTestContainer(eng, config, t)) - if err := runtime.RegisterLink(webapp, childContainer, "db"); err != nil { + if err := daemon.RegisterLink(webapp, childContainer, "db"); err != nil { t.Fatal(err) } // Get the child by it's new name - db, err := runtime.GetByName("/webapp/db") + db, err := daemon.GetByName("/webapp/db") if err != nil { t.Fatal(err) } @@ -792,17 +792,17 @@ func TestLinkChildContainer(t *testing.T) { func TestGetAllChildren(t *testing.T) { eng := NewTestEngine(t) - runtime := mkRuntimeFromEngine(eng, t) - defer nuke(runtime) + daemon := mkDaemonFromEngine(eng, t) + defer nuke(daemon) config, _, _, err := runconfig.Parse([]string{unitTestImageID, "echo test"}, nil) if err != nil { t.Fatal(err) } - container := runtime.Get(createNamedTestContainer(eng, config, t, "/webapp")) + container := daemon.Get(createNamedTestContainer(eng, config, t, "/webapp")) - webapp, err := runtime.GetByName("/webapp") + webapp, err := daemon.GetByName("/webapp") if err != nil { t.Fatal(err) } @@ -816,13 +816,13 @@ func TestGetAllChildren(t *testing.T) { t.Fatal(err) } - childContainer := runtime.Get(createTestContainer(eng, config, t)) + childContainer := daemon.Get(createTestContainer(eng, config, t)) - if err := runtime.RegisterLink(webapp, childContainer, "db"); err != nil { + if err := daemon.RegisterLink(webapp, childContainer, "db"); err != nil { t.Fatal(err) } - children, err := runtime.Children("/webapp") + children, err := daemon.Children("/webapp") if err != nil { t.Fatal(err) } @@ -845,11 +845,11 @@ func TestGetAllChildren(t *testing.T) { } func TestDestroyWithInitLayer(t *testing.T) { - runtime := mkRuntime(t) - defer nuke(runtime) + daemon := mkDaemon(t) + defer nuke(daemon) - container, _, err := runtime.Create(&runconfig.Config{ - Image: GetTestImage(runtime).ID, + container, _, err := daemon.Create(&runconfig.Config{ + Image: GetTestImage(daemon).ID, Cmd: []string{"ls", "-al"}, }, "") @@ -857,29 +857,29 @@ func TestDestroyWithInitLayer(t *testing.T) { t.Fatal(err) } // Destroy - if err := runtime.Destroy(container); err != nil { + if err := daemon.Destroy(container); err != nil { t.Fatal(err) } - // Make sure runtime.Exists() behaves correctly - if runtime.Exists("test_destroy") { + // Make sure daemon.Exists() behaves correctly + if daemon.Exists("test_destroy") { t.Fatalf("Exists() returned true") } - // Make sure runtime.List() doesn't list the destroyed container - if len(runtime.List()) != 0 { - t.Fatalf("Expected 0 container, %v found", len(runtime.List())) + // Make sure daemon.List() doesn't list the destroyed container + if len(daemon.List()) != 0 { + t.Fatalf("Expected 0 container, %v found", len(daemon.List())) } - driver := runtime.Graph().Driver() + driver := daemon.Graph().Driver() // Make sure that the container does not exist in the driver - if _, err := driver.Get(container.ID); err == nil { + if _, err := driver.Get(container.ID, ""); err == nil { t.Fatal("Conttainer should not exist in the driver") } // Make sure that the init layer is removed from the driver - if _, err := driver.Get(fmt.Sprintf("%s-init", container.ID)); err == nil { + if _, err := driver.Get(fmt.Sprintf("%s-init", container.ID), ""); err == nil { t.Fatal("Container's init layer should not exist in the driver") } } diff --git a/integration/server_test.go b/integration/server_test.go index 9137e8031b..226247556d 100644 --- a/integration/server_test.go +++ b/integration/server_test.go @@ -9,56 +9,9 @@ import ( "time" ) -func TestCreateRm(t *testing.T) { - eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() - - config, _, _, err := runconfig.Parse([]string{unitTestImageID, "echo test"}, nil) - if err != nil { - t.Fatal(err) - } - - id := createTestContainer(eng, config, t) - - job := eng.Job("containers") - job.SetenvBool("all", true) - outs, err := job.Stdout.AddListTable() - if err != nil { - t.Fatal(err) - } - if err := job.Run(); err != nil { - t.Fatal(err) - } - - if len(outs.Data) != 1 { - t.Errorf("Expected 1 container, %v found", len(outs.Data)) - } - - job = eng.Job("container_delete", id) - job.SetenvBool("removeVolume", true) - if err := job.Run(); err != nil { - t.Fatal(err) - } - - job = eng.Job("containers") - job.SetenvBool("all", true) - outs, err = job.Stdout.AddListTable() - if err != nil { - t.Fatal(err) - } - if err := job.Run(); err != nil { - t.Fatal(err) - } - - if len(outs.Data) != 0 { - t.Errorf("Expected 0 container, %v found", len(outs.Data)) - } - -} - func TestCreateNumberHostname(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() config, _, _, err := runconfig.Parse([]string{"-h", "web.0", unitTestImageID, "echo test"}, nil) if err != nil { @@ -70,7 +23,7 @@ func TestCreateNumberHostname(t *testing.T) { func TestCreateNumberUsername(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() config, _, _, err := runconfig.Parse([]string{"-u", "1002", unitTestImageID, "echo test"}, nil) if err != nil { @@ -80,143 +33,9 @@ func TestCreateNumberUsername(t *testing.T) { createTestContainer(eng, config, t) } -func TestCreateRmVolumes(t *testing.T) { - eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() - - config, hostConfig, _, err := runconfig.Parse([]string{"-v", "/srv", unitTestImageID, "echo", "test"}, nil) - if err != nil { - t.Fatal(err) - } - - id := createTestContainer(eng, config, t) - - job := eng.Job("containers") - job.SetenvBool("all", true) - outs, err := job.Stdout.AddListTable() - if err != nil { - t.Fatal(err) - } - if err := job.Run(); err != nil { - t.Fatal(err) - } - - if len(outs.Data) != 1 { - t.Errorf("Expected 1 container, %v found", len(outs.Data)) - } - - job = eng.Job("start", id) - if err := job.ImportEnv(hostConfig); err != nil { - t.Fatal(err) - } - if err := job.Run(); err != nil { - t.Fatal(err) - } - - job = eng.Job("stop", id) - job.SetenvInt("t", 1) - if err := job.Run(); err != nil { - t.Fatal(err) - } - - job = eng.Job("container_delete", id) - job.SetenvBool("removeVolume", true) - if err := job.Run(); err != nil { - t.Fatal(err) - } - - job = eng.Job("containers") - job.SetenvBool("all", true) - outs, err = job.Stdout.AddListTable() - if err != nil { - t.Fatal(err) - } - if err := job.Run(); err != nil { - t.Fatal(err) - } - - if len(outs.Data) != 0 { - t.Errorf("Expected 0 container, %v found", len(outs.Data)) - } -} - -func TestCreateRmRunning(t *testing.T) { - eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() - - config, hostConfig, _, err := runconfig.Parse([]string{"--name", "foo", unitTestImageID, "sleep 300"}, nil) - if err != nil { - t.Fatal(err) - } - - id := createTestContainer(eng, config, t) - - job := eng.Job("start", id) - if err := job.ImportEnv(hostConfig); err != nil { - t.Fatal(err) - } - if err := job.Run(); err != nil { - t.Fatal(err) - } - - job = eng.Job("containers") - outs, err := job.Stdout.AddListTable() - if err != nil { - t.Fatal(err) - } - if err := job.Run(); err != nil { - t.Fatal(err) - } - - if len(outs.Data) != 1 { - t.Errorf("Expected 1 container, %v found", len(outs.Data)) - } - - // Test cannot remove running container - job = eng.Job("container_delete", id) - job.SetenvBool("forceRemove", false) - if err := job.Run(); err == nil { - t.Fatal("Expected container delete to fail") - } - - job = eng.Job("containers") - outs, err = job.Stdout.AddListTable() - if err != nil { - t.Fatal(err) - } - if err := job.Run(); err != nil { - t.Fatal(err) - } - - if len(outs.Data) != 1 { - t.Errorf("Expected 1 container, %v found", len(outs.Data)) - } - - // Test can force removal of running container - job = eng.Job("container_delete", id) - job.SetenvBool("forceRemove", true) - if err := job.Run(); err != nil { - t.Fatal(err) - } - - job = eng.Job("containers") - job.SetenvBool("all", true) - outs, err = job.Stdout.AddListTable() - if err != nil { - t.Fatal(err) - } - if err := job.Run(); err != nil { - t.Fatal(err) - } - - if len(outs.Data) != 0 { - t.Errorf("Expected 0 container, %v found", len(outs.Data)) - } -} - func TestCommit(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() config, _, _, err := runconfig.Parse([]string{unitTestImageID, "/bin/cat"}, nil) if err != nil { @@ -236,7 +55,7 @@ func TestCommit(t *testing.T) { func TestMergeConfigOnCommit(t *testing.T) { eng := NewTestEngine(t) - runtime := mkRuntimeFromEngine(eng, t) + runtime := mkDaemonFromEngine(eng, t) defer runtime.Nuke() container1, _, _ := mkContainer(runtime, []string{"-e", "FOO=bar", unitTestImageID, "echo test > /tmp/foo"}, t) @@ -294,7 +113,7 @@ func TestMergeConfigOnCommit(t *testing.T) { func TestRestartKillWait(t *testing.T) { eng := NewTestEngine(t) srv := mkServerFromEngine(eng, t) - runtime := mkRuntimeFromEngine(eng, t) + runtime := mkDaemonFromEngine(eng, t) defer runtime.Nuke() config, hostConfig, _, err := runconfig.Parse([]string{"-i", unitTestImageID, "/bin/cat"}, nil) @@ -330,7 +149,7 @@ func TestRestartKillWait(t *testing.T) { t.Fatal(err) } - eng = newTestEngine(t, false, eng.Root()) + eng = newTestEngine(t, false, runtime.Config().Root) srv = mkServerFromEngine(eng, t) job = srv.Eng.Job("containers") @@ -360,7 +179,7 @@ func TestRestartKillWait(t *testing.T) { func TestCreateStartRestartStopStartKillRm(t *testing.T) { eng := NewTestEngine(t) srv := mkServerFromEngine(eng, t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() config, hostConfig, _, err := runconfig.Parse([]string{"-i", unitTestImageID, "/bin/cat"}, nil) if err != nil { @@ -439,7 +258,7 @@ func TestCreateStartRestartStopStartKillRm(t *testing.T) { func TestRunWithTooLowMemoryLimit(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() // Try to create a container with a memory limit of 1 byte less than the minimum allowed limit. job := eng.Job("create") @@ -457,7 +276,7 @@ func TestRunWithTooLowMemoryLimit(t *testing.T) { func TestRmi(t *testing.T) { eng := NewTestEngine(t) srv := mkServerFromEngine(eng, t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() initialImages := getAllImages(eng, t) @@ -542,7 +361,7 @@ func TestRmi(t *testing.T) { func TestImagesFilter(t *testing.T) { eng := NewTestEngine(t) - defer nuke(mkRuntimeFromEngine(eng, t)) + defer nuke(mkDaemonFromEngine(eng, t)) if err := eng.Job("tag", unitTestImageName, "utest", "tag1").Run(); err != nil { t.Fatal(err) @@ -584,7 +403,7 @@ func TestImagesFilter(t *testing.T) { // FIXE: 'insert' is deprecated and should be removed in a future version. func TestImageInsert(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() srv := mkServerFromEngine(eng, t) // bad image name fails @@ -606,7 +425,7 @@ func TestImageInsert(t *testing.T) { func TestListContainers(t *testing.T) { eng := NewTestEngine(t) srv := mkServerFromEngine(eng, t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() config := runconfig.Config{ Image: unitTestImageID, @@ -721,7 +540,7 @@ func assertContainerList(srv *server.Server, all bool, limit int, since, before // container func TestDeleteTagWithExistingContainers(t *testing.T) { eng := NewTestEngine(t) - defer nuke(mkRuntimeFromEngine(eng, t)) + defer nuke(mkDaemonFromEngine(eng, t)) srv := mkServerFromEngine(eng, t) diff --git a/integration/sorter_test.go b/integration/sorter_test.go index 3ce1225ca4..610fe9b3ab 100644 --- a/integration/sorter_test.go +++ b/integration/sorter_test.go @@ -8,7 +8,7 @@ import ( func TestServerListOrderedImagesByCreationDate(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() if err := generateImage("", eng); err != nil { t.Fatal(err) @@ -23,7 +23,7 @@ func TestServerListOrderedImagesByCreationDate(t *testing.T) { func TestServerListOrderedImagesByCreationDateAndTag(t *testing.T) { eng := NewTestEngine(t) - defer mkRuntimeFromEngine(eng, t).Nuke() + defer mkDaemonFromEngine(eng, t).Nuke() err := generateImage("bar", eng) if err != nil { diff --git a/integration/utils_test.go b/integration/utils_test.go index 8ad6ccb123..6901662ce6 100644 --- a/integration/utils_test.go +++ b/integration/utils_test.go @@ -15,9 +15,9 @@ import ( "time" "github.com/dotcloud/docker/builtins" + "github.com/dotcloud/docker/daemon" "github.com/dotcloud/docker/engine" "github.com/dotcloud/docker/runconfig" - "github.com/dotcloud/docker/runtime" "github.com/dotcloud/docker/server" "github.com/dotcloud/docker/utils" ) @@ -26,11 +26,11 @@ import ( // It has to be named XXX_test.go, apparently, in other to access private functions // from other XXX_test.go functions. -// Create a temporary runtime suitable for unit testing. +// Create a temporary daemon suitable for unit testing. // Call t.Fatal() at the first error. -func mkRuntime(f utils.Fataler) *runtime.Runtime { +func mkDaemon(f utils.Fataler) *daemon.Daemon { eng := newTestEngine(f, false, "") - return mkRuntimeFromEngine(eng, f) + return mkDaemonFromEngine(eng, f) // FIXME: // [...] // Mtu: docker.GetDefaultNetworkMtu(), @@ -116,8 +116,8 @@ func containerAssertExists(eng *engine.Engine, id string, t utils.Fataler) { } func containerAssertNotExists(eng *engine.Engine, id string, t utils.Fataler) { - runtime := mkRuntimeFromEngine(eng, t) - if c := runtime.Get(id); c != nil { + daemon := mkDaemonFromEngine(eng, t) + if c := daemon.Get(id); c != nil { t.Fatal(fmt.Errorf("Container %s should not exist", id)) } } @@ -140,9 +140,9 @@ func assertHttpError(r *httptest.ResponseRecorder, t utils.Fataler) { } } -func getContainer(eng *engine.Engine, id string, t utils.Fataler) *runtime.Container { - runtime := mkRuntimeFromEngine(eng, t) - c := runtime.Get(id) +func getContainer(eng *engine.Engine, id string, t utils.Fataler) *daemon.Container { + daemon := mkDaemonFromEngine(eng, t) + c := daemon.Get(id) if c == nil { t.Fatal(fmt.Errorf("No such container: %s", id)) } @@ -161,16 +161,16 @@ func mkServerFromEngine(eng *engine.Engine, t utils.Fataler) *server.Server { return srv } -func mkRuntimeFromEngine(eng *engine.Engine, t utils.Fataler) *runtime.Runtime { - iRuntime := eng.Hack_GetGlobalVar("httpapi.runtime") - if iRuntime == nil { - panic("Legacy runtime field not set in engine") +func mkDaemonFromEngine(eng *engine.Engine, t utils.Fataler) *daemon.Daemon { + iDaemon := eng.Hack_GetGlobalVar("httpapi.daemon") + if iDaemon == nil { + panic("Legacy daemon field not set in engine") } - runtime, ok := iRuntime.(*runtime.Runtime) + daemon, ok := iDaemon.(*daemon.Daemon) if !ok { - panic("Legacy runtime field in engine does not cast to *runtime.Runtime") + panic("Legacy daemon field in engine does not cast to *daemon.Daemon") } - return runtime + return daemon } func newTestEngine(t utils.Fataler, autorestart bool, root string) *engine.Engine { @@ -181,10 +181,9 @@ func newTestEngine(t utils.Fataler, autorestart bool, root string) *engine.Engin root = dir } } - eng, err := engine.New(root) - if err != nil { - t.Fatal(err) - } + os.MkdirAll(root, 0700) + + eng := engine.New() // Load default plugins builtins.Register(eng) // (This is manually copied and modified from main() until we have a more generic plugin system) @@ -245,12 +244,12 @@ func readFile(src string, t *testing.T) (content string) { return string(data) } -// Create a test container from the given runtime `r` and run arguments `args`. +// Create a test container from the given daemon `r` and run arguments `args`. // If the image name is "_", (eg. []string{"-i", "-t", "_", "bash"}, it is // dynamically replaced by the current test image. // The caller is responsible for destroying the container. // Call t.Fatal() at the first error. -func mkContainer(r *runtime.Runtime, args []string, t *testing.T) (*runtime.Container, *runconfig.HostConfig, error) { +func mkContainer(r *daemon.Daemon, args []string, t *testing.T) (*daemon.Container, *runconfig.HostConfig, error) { config, hc, _, err := runconfig.Parse(args, nil) defer func() { if err != nil && t != nil { @@ -281,7 +280,7 @@ func mkContainer(r *runtime.Runtime, args []string, t *testing.T) (*runtime.Cont // and return its standard output as a string. // The image name (eg. the XXX in []string{"-i", "-t", "XXX", "bash"}, is dynamically replaced by the current test image. // If t is not nil, call t.Fatal() at the first error. Otherwise return errors normally. -func runContainer(eng *engine.Engine, r *runtime.Runtime, args []string, t *testing.T) (output string, err error) { +func runContainer(eng *engine.Engine, r *daemon.Daemon, args []string, t *testing.T) (output string, err error) { defer func() { if err != nil && t != nil { t.Fatal(err) diff --git a/integration/z_final_test.go b/integration/z_final_test.go index 837b5d13e6..6065230b92 100644 --- a/integration/z_final_test.go +++ b/integration/z_final_test.go @@ -11,7 +11,7 @@ func displayFdGoroutines(t *testing.T) { } func TestFinal(t *testing.T) { - nuke(globalRuntime) + nuke(globalDaemon) t.Logf("Start Fds: %d, Start Goroutines: %d", startFds, startGoroutines) displayFdGoroutines(t) } diff --git a/nat/nat.go b/nat/nat.go index f3af362f8b..7aad775d70 100644 --- a/nat/nat.go +++ b/nat/nat.go @@ -69,7 +69,7 @@ func SplitProtoPort(rawPort string) (string, string) { if l == 1 { return "tcp", rawPort } - return parts[0], parts[1] + return parts[1], parts[0] } // We will receive port specs in the format of ip:public:private/proto and these need to be diff --git a/pkg/libcontainer/apparmor/apparmor.go b/pkg/apparmor/apparmor.go similarity index 54% rename from pkg/libcontainer/apparmor/apparmor.go rename to pkg/apparmor/apparmor.go index a6d57d4f09..704ee29ed0 100644 --- a/pkg/libcontainer/apparmor/apparmor.go +++ b/pkg/apparmor/apparmor.go @@ -8,16 +8,20 @@ package apparmor import "C" import ( "io/ioutil" + "os" "unsafe" ) func IsEnabled() bool { - buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled") - return err == nil && len(buf) > 1 && buf[0] == 'Y' + if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil && os.Getenv("container") == "" { + buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled") + return err == nil && len(buf) > 1 && buf[0] == 'Y' + } + return false } -func ApplyProfile(pid int, name string) error { - if !IsEnabled() || name == "" { +func ApplyProfile(name string) error { + if name == "" { return nil } diff --git a/pkg/libcontainer/apparmor/apparmor_disabled.go b/pkg/apparmor/apparmor_disabled.go similarity index 64% rename from pkg/libcontainer/apparmor/apparmor_disabled.go rename to pkg/apparmor/apparmor_disabled.go index 77543e4a87..8d86ce9d4a 100644 --- a/pkg/libcontainer/apparmor/apparmor_disabled.go +++ b/pkg/apparmor/apparmor_disabled.go @@ -2,12 +2,10 @@ package apparmor -import () - func IsEnabled() bool { return false } -func ApplyProfile(pid int, name string) error { +func ApplyProfile(name string) error { return nil } diff --git a/pkg/apparmor/gen.go b/pkg/apparmor/gen.go new file mode 100644 index 0000000000..825e646d92 --- /dev/null +++ b/pkg/apparmor/gen.go @@ -0,0 +1,94 @@ +package apparmor + +import ( + "io" + "os" + "text/template" +) + +type data struct { + Name string + Imports []string + InnerImports []string +} + +const baseTemplate = ` +{{range $value := .Imports}} +{{$value}} +{{end}} + +profile {{.Name}} flags=(attach_disconnected,mediate_deleted) { +{{range $value := .InnerImports}} + {{$value}} +{{end}} + + network, + capability, + file, + umount, + + mount fstype=tmpfs, + mount fstype=mqueue, + mount fstype=fuse.*, + mount fstype=binfmt_misc -> /proc/sys/fs/binfmt_misc/, + mount fstype=efivarfs -> /sys/firmware/efi/efivars/, + mount fstype=fusectl -> /sys/fs/fuse/connections/, + mount fstype=securityfs -> /sys/kernel/security/, + mount fstype=debugfs -> /sys/kernel/debug/, + mount fstype=proc -> /proc/, + mount fstype=sysfs -> /sys/, + + deny @{PROC}/sys/fs/** wklx, + deny @{PROC}/sysrq-trigger rwklx, + deny @{PROC}/mem rwklx, + deny @{PROC}/kmem rwklx, + deny @{PROC}/sys/kernel/[^s][^h][^m]* wklx, + deny @{PROC}/sys/kernel/*/** wklx, + + deny mount options=(ro, remount) -> /, + deny mount fstype=debugfs -> /var/lib/ureadahead/debugfs/, + deny mount fstype=devpts, + + deny /sys/[^f]*/** wklx, + deny /sys/f[^s]*/** wklx, + deny /sys/fs/[^c]*/** wklx, + deny /sys/fs/c[^g]*/** wklx, + deny /sys/fs/cg[^r]*/** wklx, + deny /sys/firmware/efi/efivars/** rwklx, + deny /sys/kernel/security/** rwklx, +} +` + +func generateProfile(out io.Writer) error { + compiled, err := template.New("apparmor_profile").Parse(baseTemplate) + if err != nil { + return err + } + data := &data{ + Name: "docker-default", + } + if tuntablesExists() { + data.Imports = append(data.Imports, "#include ") + } else { + data.Imports = append(data.Imports, "@{PROC}=/proc/") + } + if abstrctionsEsists() { + data.InnerImports = append(data.InnerImports, "#include ") + } + if err := compiled.Execute(out, data); err != nil { + return err + } + return nil +} + +// check if the tunables/global exist +func tuntablesExists() bool { + _, err := os.Stat("/etc/apparmor.d/tunables/global") + return err == nil +} + +// check if abstractions/base exist +func abstrctionsEsists() bool { + _, err := os.Stat("/etc/apparmor.d/abstractions/base") + return err == nil +} diff --git a/pkg/apparmor/setup.go b/pkg/apparmor/setup.go new file mode 100644 index 0000000000..ef6333a01a --- /dev/null +++ b/pkg/apparmor/setup.go @@ -0,0 +1,76 @@ +package apparmor + +import ( + "fmt" + "io" + "os" + "os/exec" + "path" +) + +const ( + DefaultProfilePath = "/etc/apparmor.d/docker" +) + +func InstallDefaultProfile(backupPath string) error { + if !IsEnabled() { + return nil + } + + // If the profile already exists, check if we already have a backup + // if not, do the backup and override it. (docker 0.10 upgrade changed the apparmor profile) + // see gh#5049, apparmor blocks signals in ubuntu 14.04 + if _, err := os.Stat(DefaultProfilePath); err == nil { + if _, err := os.Stat(backupPath); err == nil { + // If both the profile and the backup are present, do nothing + return nil + } + // Make sure the directory exists + if err := os.MkdirAll(path.Dir(backupPath), 0755); err != nil { + return err + } + + // Create the backup file + f, err := os.Create(backupPath) + if err != nil { + return err + } + defer f.Close() + + src, err := os.Open(DefaultProfilePath) + if err != nil { + return err + } + defer src.Close() + + if _, err := io.Copy(f, src); err != nil { + return err + } + } + + // Make sure /etc/apparmor.d exists + if err := os.MkdirAll(path.Dir(DefaultProfilePath), 0755); err != nil { + return err + } + + f, err := os.OpenFile(DefaultProfilePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644) + if err != nil { + return err + } + if err := generateProfile(f); err != nil { + f.Close() + return err + } + f.Close() + + cmd := exec.Command("/sbin/apparmor_parser", "-r", "-W", "docker") + // to use the parser directly we have to make sure we are in the correct + // dir with the profile + cmd.Dir = "/etc/apparmor.d" + + output, err := cmd.CombinedOutput() + if err != nil { + return fmt.Errorf("Error loading docker apparmor profile: %s (%s)", err, output) + } + return nil +} diff --git a/pkg/beam/MAINTAINERS b/pkg/beam/MAINTAINERS new file mode 100644 index 0000000000..aee10c8421 --- /dev/null +++ b/pkg/beam/MAINTAINERS @@ -0,0 +1 @@ +Solomon Hykes (@shykes) diff --git a/pkg/beam/beam.go b/pkg/beam/beam.go new file mode 100644 index 0000000000..b1e4667a3f --- /dev/null +++ b/pkg/beam/beam.go @@ -0,0 +1,135 @@ +package beam + +import ( + "fmt" + "io" + "os" +) + +type Sender interface { + Send([]byte, *os.File) error +} + +type Receiver interface { + Receive() ([]byte, *os.File, error) +} + +type ReceiveCloser interface { + Receiver + Close() error +} + +type SendCloser interface { + Sender + Close() error +} + +type ReceiveSender interface { + Receiver + Sender +} + +func SendPipe(dst Sender, data []byte) (*os.File, error) { + r, w, err := os.Pipe() + if err != nil { + return nil, err + } + if err := dst.Send(data, r); err != nil { + r.Close() + w.Close() + return nil, err + } + return w, nil +} + +func SendConn(dst Sender, data []byte) (conn *UnixConn, err error) { + local, remote, err := SocketPair() + if err != nil { + return nil, err + } + defer func() { + if err != nil { + local.Close() + remote.Close() + } + }() + conn, err = FileConn(local) + if err != nil { + return nil, err + } + local.Close() + if err := dst.Send(data, remote); err != nil { + return nil, err + } + return conn, nil +} + +func ReceiveConn(src Receiver) ([]byte, *UnixConn, error) { + for { + data, f, err := src.Receive() + if err != nil { + return nil, nil, err + } + if f == nil { + // Skip empty attachments + continue + } + conn, err := FileConn(f) + if err != nil { + // Skip beam attachments which are not connections + // (for example might be a regular file, directory etc) + continue + } + return data, conn, nil + } + panic("impossibru!") + return nil, nil, nil +} + +func Copy(dst Sender, src Receiver) (int, error) { + var n int + for { + payload, attachment, err := src.Receive() + if err == io.EOF { + return n, nil + } else if err != nil { + return n, err + } + if err := dst.Send(payload, attachment); err != nil { + if attachment != nil { + attachment.Close() + } + return n, err + } + n++ + } + panic("impossibru!") + return n, nil +} + +// MsgDesc returns a human readable description of a beam message, usually +// for debugging purposes. +func MsgDesc(payload []byte, attachment *os.File) string { + var filedesc string = "" + if attachment != nil { + filedesc = fmt.Sprintf("%d", attachment.Fd()) + } + return fmt.Sprintf("'%s'[%s]", payload, filedesc) +} + +type devnull struct{} + +func Devnull() ReceiveSender { + return devnull{} +} + +func (d devnull) Send(p []byte, a *os.File) error { + if a != nil { + a.Close() + } + return nil +} + +func (d devnull) Receive() ([]byte, *os.File, error) { + return nil, nil, io.EOF +} diff --git a/pkg/beam/beam_test.go b/pkg/beam/beam_test.go new file mode 100644 index 0000000000..2822861a37 --- /dev/null +++ b/pkg/beam/beam_test.go @@ -0,0 +1,39 @@ +package beam + +import ( + "github.com/dotcloud/docker/pkg/beam/data" + "testing" +) + +func TestSendConn(t *testing.T) { + a, b, err := USocketPair() + if err != nil { + t.Fatal(err) + } + defer a.Close() + defer b.Close() + go func() { + conn, err := SendConn(a, data.Empty().Set("type", "connection").Bytes()) + if err != nil { + t.Fatal(err) + } + if err := conn.Send(data.Empty().Set("foo", "bar").Bytes(), nil); err != nil { + t.Fatal(err) + } + conn.CloseWrite() + }() + payload, conn, err := ReceiveConn(b) + if err != nil { + t.Fatal(err) + } + if val := data.Message(string(payload)).Get("type"); val == nil || val[0] != "connection" { + t.Fatalf("%v != %v\n", val, "connection") + } + msg, _, err := conn.Receive() + if err != nil { + t.Fatal(err) + } + if val := data.Message(string(msg)).Get("foo"); val == nil || val[0] != "bar" { + t.Fatalf("%v != %v\n", val, "bar") + } +} diff --git a/pkg/beam/data/data.go b/pkg/beam/data/data.go new file mode 100644 index 0000000000..e205fe43f4 --- /dev/null +++ b/pkg/beam/data/data.go @@ -0,0 +1,115 @@ +package data + +import ( + "fmt" + "strconv" + "strings" +) + +func Encode(obj map[string][]string) string { + var msg string + msg += encodeHeader(0) + for k, values := range obj { + msg += encodeNamedList(k, values) + } + return msg +} + +func encodeHeader(msgtype int) string { + return fmt.Sprintf("%03.3d;", msgtype) +} + +func encodeString(s string) string { + return fmt.Sprintf("%d:%s,", len(s), s) +} + +var EncodeString = encodeString +var DecodeString = decodeString + +func encodeList(l []string) string { + values := make([]string, 0, len(l)) + for _, s := range l { + values = append(values, encodeString(s)) + } + return encodeString(strings.Join(values, "")) +} + +func encodeNamedList(name string, l []string) string { + return encodeString(name) + encodeList(l) +} + +func Decode(msg string) (map[string][]string, error) { + msgtype, skip, err := decodeHeader(msg) + if err != nil { + return nil, err + } + if msgtype != 0 { + // FIXME: use special error type so the caller can easily ignore + return nil, fmt.Errorf("unknown message type: %d", msgtype) + } + msg = msg[skip:] + obj := make(map[string][]string) + for len(msg) > 0 { + k, skip, err := decodeString(msg) + if err != nil { + return nil, err + } + msg = msg[skip:] + values, skip, err := decodeList(msg) + if err != nil { + return nil, err + } + msg = msg[skip:] + obj[k] = values + } + return obj, nil +} + +func decodeList(msg string) ([]string, int, error) { + blob, skip, err := decodeString(msg) + if err != nil { + return nil, 0, err + } + var l []string + for len(blob) > 0 { + v, skipv, err := decodeString(blob) + if err != nil { + return nil, 0, err + } + l = append(l, v) + blob = blob[skipv:] + } + return l, skip, nil +} + +func decodeString(msg string) (string, int, error) { + parts := strings.SplitN(msg, ":", 2) + if len(parts) != 2 { + return "", 0, fmt.Errorf("invalid format: no column") + } + var length int + if l, err := strconv.ParseUint(parts[0], 10, 64); err != nil { + return "", 0, err + } else { + length = int(l) + } + if len(parts[1]) < length+1 { + return "", 0, fmt.Errorf("message '%s' is %d bytes, expected at least %d", parts[1], len(parts[1]), length+1) + } + payload := parts[1][:length+1] + if payload[length] != ',' { + return "", 0, fmt.Errorf("message is not comma-terminated") + } + return payload[:length], len(parts[0]) + 1 + length + 1, nil +} + +func decodeHeader(msg string) (int, int, error) { + if len(msg) < 4 { + return 0, 0, fmt.Errorf("message too small") + } + msgtype, err := strconv.ParseInt(msg[:3], 10, 32) + if err != nil { + return 0, 0, err + } + return int(msgtype), 4, nil +} diff --git a/pkg/beam/data/data_test.go b/pkg/beam/data/data_test.go new file mode 100644 index 0000000000..9059922b3b --- /dev/null +++ b/pkg/beam/data/data_test.go @@ -0,0 +1,129 @@ +package data + +import ( + "strings" + "testing" +) + +func TestEncodeHelloWorld(t *testing.T) { + input := "hello world!" + output := encodeString(input) + expectedOutput := "12:hello world!," + if output != expectedOutput { + t.Fatalf("'%v' != '%v'", output, expectedOutput) + } +} + +func TestEncodeEmptyString(t *testing.T) { + input := "" + output := encodeString(input) + expectedOutput := "0:," + if output != expectedOutput { + t.Fatalf("'%v' != '%v'", output, expectedOutput) + } +} + +func TestEncodeEmptyList(t *testing.T) { + input := []string{} + output := encodeList(input) + expectedOutput := "0:," + if output != expectedOutput { + t.Fatalf("'%v' != '%v'", output, expectedOutput) + } +} + +func TestEncodeEmptyMap(t *testing.T) { + input := make(map[string][]string) + output := Encode(input) + expectedOutput := "000;" + if output != expectedOutput { + t.Fatalf("'%v' != '%v'", output, expectedOutput) + } +} + +func TestEncode1Key1Value(t *testing.T) { + input := make(map[string][]string) + input["hello"] = []string{"world"} + output := Encode(input) + expectedOutput := "000;5:hello,8:5:world,," + if output != expectedOutput { + t.Fatalf("'%v' != '%v'", output, expectedOutput) + } +} + +func TestEncode1Key2Value(t *testing.T) { + input := make(map[string][]string) + input["hello"] = []string{"beautiful", "world"} + output := Encode(input) + expectedOutput := "000;5:hello,20:9:beautiful,5:world,," + if output != expectedOutput { + t.Fatalf("'%v' != '%v'", output, expectedOutput) + } +} + +func TestEncodeEmptyValue(t *testing.T) { + input := make(map[string][]string) + input["foo"] = []string{} + output := Encode(input) + expectedOutput := "000;3:foo,0:," + if output != expectedOutput { + t.Fatalf("'%v' != '%v'", output, expectedOutput) + } +} + +func TestEncodeBinaryKey(t *testing.T) { + input := make(map[string][]string) + input["foo\x00bar\x7f"] = []string{} + output := Encode(input) + expectedOutput := "000;8:foo\x00bar\x7f,0:," + if output != expectedOutput { + t.Fatalf("'%v' != '%v'", output, expectedOutput) + } +} + +func TestEncodeBinaryValue(t *testing.T) { + input := make(map[string][]string) + input["foo\x00bar\x7f"] = []string{"\x01\x02\x03\x04"} + output := Encode(input) + expectedOutput := "000;8:foo\x00bar\x7f,7:4:\x01\x02\x03\x04,," + if output != expectedOutput { + t.Fatalf("'%v' != '%v'", output, expectedOutput) + } +} + +func TestDecodeString(t *testing.T) { + validEncodedStrings := []struct { + input string + output string + skip int + }{ + {"3:foo,", "foo", 6}, + {"5:hello,", "hello", 8}, + {"5:hello,5:world,", "hello", 8}, + } + for _, sample := range validEncodedStrings { + output, skip, err := decodeString(sample.input) + if err != nil { + t.Fatalf("error decoding '%v': %v", sample.input, err) + } + if skip != sample.skip { + t.Fatalf("invalid skip: %v!=%v", skip, sample.skip) + } + if output != sample.output { + t.Fatalf("invalid output: %v!=%v", output, sample.output) + } + } +} + +func TestDecode1Key1Value(t *testing.T) { + input := "000;3:foo,6:3:bar,," + output, err := Decode(input) + if err != nil { + t.Fatal(err) + } + if v, exists := output["foo"]; !exists { + t.Fatalf("wrong output: %v\n", output) + } else if len(v) != 1 || strings.Join(v, "") != "bar" { + t.Fatalf("wrong output: %v\n", output) + } +} diff --git a/pkg/beam/data/message.go b/pkg/beam/data/message.go new file mode 100644 index 0000000000..193fb7b241 --- /dev/null +++ b/pkg/beam/data/message.go @@ -0,0 +1,93 @@ +package data + +import ( + "fmt" + "strings" +) + +type Message string + +func Empty() Message { + return Message(Encode(nil)) +} + +func Parse(args []string) Message { + data := make(map[string][]string) + for _, word := range args { + if strings.Contains(word, "=") { + kv := strings.SplitN(word, "=", 2) + key := kv[0] + var val string + if len(kv) == 2 { + val = kv[1] + } + data[key] = []string{val} + } + } + return Message(Encode(data)) +} + +func (m Message) Add(k, v string) Message { + data, err := Decode(string(m)) + if err != nil { + return m + } + if values, exists := data[k]; exists { + data[k] = append(values, v) + } else { + data[k] = []string{v} + } + return Message(Encode(data)) +} + +func (m Message) Set(k string, v ...string) Message { + data, err := Decode(string(m)) + if err != nil { + panic(err) + return m + } + data[k] = v + return Message(Encode(data)) +} + +func (m Message) Del(k string) Message { + data, err := Decode(string(m)) + if err != nil { + panic(err) + return m + } + delete(data, k) + return Message(Encode(data)) +} + +func (m Message) Get(k string) []string { + data, err := Decode(string(m)) + if err != nil { + return nil + } + v, exists := data[k] + if !exists { + return nil + } + return v +} + +func (m Message) Pretty() string { + data, err := Decode(string(m)) + if err != nil { + return "" + } + entries := make([]string, 0, len(data)) + for k, values := range data { + entries = append(entries, fmt.Sprintf("%s=%s", k, strings.Join(values, ","))) + } + return strings.Join(entries, " ") +} + +func (m Message) String() string { + return string(m) +} + +func (m Message) Bytes() []byte { + return []byte(m) +} diff --git a/pkg/beam/data/message_test.go b/pkg/beam/data/message_test.go new file mode 100644 index 0000000000..7685769069 --- /dev/null +++ b/pkg/beam/data/message_test.go @@ -0,0 +1,53 @@ +package data + +import ( + "testing" +) + +func TestEmptyMessage(t *testing.T) { + m := Empty() + if m.String() != Encode(nil) { + t.Fatalf("%v != %v", m.String(), Encode(nil)) + } +} + +func TestSetMessage(t *testing.T) { + m := Empty().Set("foo", "bar") + output := m.String() + expectedOutput := "000;3:foo,6:3:bar,," + if output != expectedOutput { + t.Fatalf("'%v' != '%v'", output, expectedOutput) + } + decodedOutput, err := Decode(output) + if err != nil { + t.Fatal(err) + } + if len(decodedOutput) != 1 { + t.Fatalf("wrong output data: %#v\n", decodedOutput) + } +} + +func TestSetMessageTwice(t *testing.T) { + m := Empty().Set("foo", "bar").Set("ga", "bu") + output := m.String() + expectedOutput := "000;3:foo,6:3:bar,,2:ga,5:2:bu,," + if output != expectedOutput { + t.Fatalf("'%v' != '%v'", output, expectedOutput) + } + decodedOutput, err := Decode(output) + if err != nil { + t.Fatal(err) + } + if len(decodedOutput) != 2 { + t.Fatalf("wrong output data: %#v\n", decodedOutput) + } +} + +func TestSetDelMessage(t *testing.T) { + m := Empty().Set("foo", "bar").Del("foo") + output := m.String() + expectedOutput := Encode(nil) + if output != expectedOutput { + t.Fatalf("'%v' != '%v'", output, expectedOutput) + } +} diff --git a/pkg/beam/data/netstring.txt b/pkg/beam/data/netstring.txt new file mode 100644 index 0000000000..17560929b6 --- /dev/null +++ b/pkg/beam/data/netstring.txt @@ -0,0 +1,92 @@ +## +## Netstrings spec copied as-is from http://cr.yp.to/proto/netstrings.txt +## + +Netstrings +D. J. Bernstein, djb@pobox.com +19970201 + + +1. Introduction + + A netstring is a self-delimiting encoding of a string. Netstrings are + very easy to generate and to parse. Any string may be encoded as a + netstring; there are no restrictions on length or on allowed bytes. + Another virtue of a netstring is that it declares the string size up + front. Thus an application can check in advance whether it has enough + space to store the entire string. + + Netstrings may be used as a basic building block for reliable network + protocols. Most high-level protocols, in effect, transmit a sequence + of strings; those strings may be encoded as netstrings and then + concatenated into a sequence of characters, which in turn may be + transmitted over a reliable stream protocol such as TCP. + + Note that netstrings can be used recursively. The result of encoding + a sequence of strings is a single string. A series of those encoded + strings may in turn be encoded into a single string. And so on. + + In this document, a string of 8-bit bytes may be written in two + different forms: as a series of hexadecimal numbers between angle + brackets, or as a sequence of ASCII characters between double quotes. + For example, <68 65 6c 6c 6f 20 77 6f 72 6c 64 21> is a string of + length 12; it is the same as the string "hello world!". + + Although this document restricts attention to strings of 8-bit bytes, + netstrings could be used with any 6-bit-or-larger character set. + + +2. Definition + + Any string of 8-bit bytes may be encoded as [len]":"[string]",". + Here [string] is the string and [len] is a nonempty sequence of ASCII + digits giving the length of [string] in decimal. The ASCII digits are + <30> for 0, <31> for 1, and so on up through <39> for 9. Extra zeros + at the front of [len] are prohibited: [len] begins with <30> exactly + when [string] is empty. + + For example, the string "hello world!" is encoded as <31 32 3a 68 + 65 6c 6c 6f 20 77 6f 72 6c 64 21 2c>, i.e., "12:hello world!,". The + empty string is encoded as "0:,". + + [len]":"[string]"," is called a netstring. [string] is called the + interpretation of the netstring. + + +3. Sample code + + The following C code starts with a buffer buf of length len and + prints it as a netstring. + + if (printf("%lu:",len) < 0) barf(); + if (fwrite(buf,1,len,stdout) < len) barf(); + if (putchar(',') < 0) barf(); + + The following C code reads a netstring and decodes it into a + dynamically allocated buffer buf of length len. + + if (scanf("%9lu",&len) < 1) barf(); /* >999999999 bytes is bad */ + if (getchar() != ':') barf(); + buf = malloc(len + 1); /* malloc(0) is not portable */ + if (!buf) barf(); + if (fread(buf,1,len,stdin) < len) barf(); + if (getchar() != ',') barf(); + + Both of these code fragments assume that the local character set is + ASCII, and that the relevant stdio streams are in binary mode. + + +4. Security considerations + + The famous Finger security hole may be blamed on Finger's use of the + CRLF encoding. In that encoding, each string is simply terminated by + CRLF. This encoding has several problems. Most importantly, it does + not declare the string size in advance. This means that a correct + CRLF parser must be prepared to ask for more and more memory as it is + reading the string. In the case of Finger, a lazy implementor found + this to be too much trouble; instead he simply declared a fixed-size + buffer and used C's gets() function. The rest is history. + + In contrast, as the above sample code shows, it is very easy to + handle netstrings without risking buffer overflow. Thus widespread + use of netstrings may improve network security. diff --git a/pkg/beam/examples/beamsh/beamsh b/pkg/beam/examples/beamsh/beamsh new file mode 100755 index 0000000000..9bfe78ef4a Binary files /dev/null and b/pkg/beam/examples/beamsh/beamsh differ diff --git a/pkg/beam/examples/beamsh/beamsh.go b/pkg/beam/examples/beamsh/beamsh.go new file mode 100644 index 0000000000..3f258de332 --- /dev/null +++ b/pkg/beam/examples/beamsh/beamsh.go @@ -0,0 +1,542 @@ +package main + +import ( + "bufio" + "flag" + "fmt" + "github.com/dotcloud/docker/pkg/beam" + "github.com/dotcloud/docker/pkg/beam/data" + "github.com/dotcloud/docker/pkg/dockerscript" + "github.com/dotcloud/docker/pkg/term" + "io" + "net" + "net/url" + "os" + "path" + "strings" + "sync" +) + +var rootPlugins = []string{ + "stdio", +} + +var ( + flX bool + flPing bool + introspect beam.ReceiveSender = beam.Devnull() +) + +func main() { + fd3 := os.NewFile(3, "beam-introspect") + if introsp, err := beam.FileConn(fd3); err == nil { + introspect = introsp + Logf("introspection enabled\n") + } else { + Logf("introspection disabled\n") + } + fd3.Close() + flag.BoolVar(&flX, "x", false, "print commands as they are being executed") + flag.Parse() + if flag.NArg() == 0 { + if term.IsTerminal(0) { + // No arguments, stdin is terminal --> interactive mode + input := bufio.NewScanner(os.Stdin) + for { + fmt.Printf("[%d] beamsh> ", os.Getpid()) + if !input.Scan() { + break + } + line := input.Text() + if len(line) != 0 { + cmd, err := dockerscript.Parse(strings.NewReader(line)) + if err != nil { + fmt.Fprintf(os.Stderr, "error: %v\n", err) + continue + } + if err := executeRootScript(cmd); err != nil { + Fatal(err) + } + } + if err := input.Err(); err == io.EOF { + break + } else if err != nil { + Fatal(err) + } + } + } else { + // No arguments, stdin not terminal --> batch mode + script, err := dockerscript.Parse(os.Stdin) + if err != nil { + Fatal("parse error: %v\n", err) + } + if err := executeRootScript(script); err != nil { + Fatal(err) + } + } + } else { + // 1+ arguments: parse them as script files + for _, scriptpath := range flag.Args() { + f, err := os.Open(scriptpath) + if err != nil { + Fatal(err) + } + script, err := dockerscript.Parse(f) + if err != nil { + Fatal("parse error: %v\n", err) + } + if err := executeRootScript(script); err != nil { + Fatal(err) + } + } + } +} + +func executeRootScript(script []*dockerscript.Command) error { + if len(rootPlugins) > 0 { + // If there are root plugins, wrap the script inside them + var ( + rootCmd *dockerscript.Command + lastCmd *dockerscript.Command + ) + for _, plugin := range rootPlugins { + pluginCmd := &dockerscript.Command{ + Args: []string{plugin}, + } + if rootCmd == nil { + rootCmd = pluginCmd + } else { + lastCmd.Children = []*dockerscript.Command{pluginCmd} + } + lastCmd = pluginCmd + } + lastCmd.Children = script + script = []*dockerscript.Command{rootCmd} + } + handlers, err := Handlers(introspect) + if err != nil { + return err + } + defer handlers.Close() + var tasks sync.WaitGroup + defer func() { + Debugf("Waiting for introspection...\n") + tasks.Wait() + Debugf("DONE Waiting for introspection\n") + }() + if introspect != nil { + tasks.Add(1) + go func() { + Debugf("starting introspection\n") + defer Debugf("done with introspection\n") + defer tasks.Done() + introspect.Send(data.Empty().Set("cmd", "log", "stdout").Set("message", "introspection worked!").Bytes(), nil) + Debugf("XXX starting reading introspection messages\n") + r := beam.NewRouter(handlers) + r.NewRoute().All().Handler(func(p []byte, a *os.File) error { + Logf("[INTROSPECTION] %s\n", beam.MsgDesc(p, a)) + return handlers.Send(p, a) + }) + n, err := beam.Copy(r, introspect) + Debugf("XXX done reading %d introspection messages: %v\n", n, err) + }() + } + if err := executeScript(handlers, script); err != nil { + return err + } + return nil +} + +func executeScript(out beam.Sender, script []*dockerscript.Command) error { + Debugf("executeScript(%s)\n", scriptString(script)) + defer Debugf("executeScript(%s) DONE\n", scriptString(script)) + var background sync.WaitGroup + defer background.Wait() + for _, cmd := range script { + if cmd.Background { + background.Add(1) + go func(out beam.Sender, cmd *dockerscript.Command) { + executeCommand(out, cmd) + background.Done() + }(out, cmd) + } else { + if err := executeCommand(out, cmd); err != nil { + return err + } + } + } + return nil +} + +// 1) Find a handler for the command (if no handler, fail) +// 2) Attach new in & out pair to the handler +// 3) [in the background] Copy handler output to our own output +// 4) [in the background] Run the handler +// 5) Recursively executeScript() all children commands and wait for them to complete +// 6) Wait for handler to return and (shortly afterwards) output copy to complete +// 7) Profit +func executeCommand(out beam.Sender, cmd *dockerscript.Command) error { + if flX { + fmt.Printf("+ %v\n", strings.Replace(strings.TrimRight(cmd.String(), "\n"), "\n", "\n+ ", -1)) + } + Debugf("executeCommand(%s)\n", strings.Join(cmd.Args, " ")) + defer Debugf("executeCommand(%s) DONE\n", strings.Join(cmd.Args, " ")) + if len(cmd.Args) == 0 { + return fmt.Errorf("empty command") + } + Debugf("[executeCommand] sending job '%s'\n", strings.Join(cmd.Args, " ")) + job, err := beam.SendConn(out, data.Empty().Set("cmd", cmd.Args...).Set("type", "job").Bytes()) + if err != nil { + return fmt.Errorf("%v\n", err) + } + var tasks sync.WaitGroup + tasks.Add(1) + Debugf("[executeCommand] spawning background copy of the output of '%s'\n", strings.Join(cmd.Args, " ")) + go func() { + if out != nil { + Debugf("[executeCommand] background copy of the output of '%s'\n", strings.Join(cmd.Args, " ")) + n, err := beam.Copy(out, job) + if err != nil { + Fatalf("[executeCommand] [%s] error during background copy: %v\n", strings.Join(cmd.Args, " "), err) + } + Debugf("[executeCommand] background copy done of the output of '%s': copied %d messages\n", strings.Join(cmd.Args, " "), n) + } + tasks.Done() + }() + // depth-first execution of children commands + // executeScript() blocks until all commands are completed + Debugf("[executeCommand] recursively running children of '%s'\n", strings.Join(cmd.Args, " ")) + executeScript(job, cmd.Children) + Debugf("[executeCommand] DONE recursively running children of '%s'\n", strings.Join(cmd.Args, " ")) + job.CloseWrite() + Debugf("[executeCommand] closing the input of '%s' (all children are completed)\n", strings.Join(cmd.Args, " ")) + Debugf("[executeCommand] waiting for background copy of '%s' to complete...\n", strings.Join(cmd.Args, " ")) + tasks.Wait() + Debugf("[executeCommand] background copy of '%s' complete! This means the job completed.\n", strings.Join(cmd.Args, " ")) + return nil +} + +type Handler func([]string, io.Writer, io.Writer, beam.Receiver, beam.Sender) + +func Handlers(sink beam.Sender) (*beam.UnixConn, error) { + var tasks sync.WaitGroup + pub, priv, err := beam.USocketPair() + if err != nil { + return nil, err + } + go func() { + defer func() { + Debugf("[handlers] closewrite() on endpoint\n") + // FIXME: this is not yet necessary but will be once + // there is synchronization over standard beam messages + priv.CloseWrite() + Debugf("[handlers] done closewrite() on endpoint\n") + }() + r := beam.NewRouter(sink) + r.NewRoute().HasAttachment().KeyIncludes("type", "job").Handler(func(payload []byte, attachment *os.File) error { + conn, err := beam.FileConn(attachment) + if err != nil { + attachment.Close() + return err + } + // attachment.Close() + tasks.Add(1) + go func() { + defer tasks.Done() + defer func() { + Debugf("[handlers] '%s' closewrite\n", payload) + conn.CloseWrite() + Debugf("[handlers] '%s' done closewrite\n", payload) + }() + cmd := data.Message(payload).Get("cmd") + Debugf("[handlers] received %s\n", strings.Join(cmd, " ")) + if len(cmd) == 0 { + return + } + handler := GetHandler(cmd[0]) + if handler == nil { + return + } + stdout, err := beam.SendPipe(conn, data.Empty().Set("cmd", "log", "stdout").Set("fromcmd", cmd...).Bytes()) + if err != nil { + return + } + defer stdout.Close() + stderr, err := beam.SendPipe(conn, data.Empty().Set("cmd", "log", "stderr").Set("fromcmd", cmd...).Bytes()) + if err != nil { + return + } + defer stderr.Close() + Debugf("[handlers] calling %s\n", strings.Join(cmd, " ")) + handler(cmd, stdout, stderr, beam.Receiver(conn), beam.Sender(conn)) + Debugf("[handlers] returned: %s\n", strings.Join(cmd, " ")) + }() + return nil + }) + beam.Copy(r, priv) + Debugf("[handlers] waiting for all tasks\n") + tasks.Wait() + Debugf("[handlers] all tasks returned\n") + }() + return pub, nil +} + +func GetHandler(name string) Handler { + if name == "logger" { + return CmdLogger + } else if name == "render" { + return CmdRender + } else if name == "devnull" { + return CmdDevnull + } else if name == "prompt" { + return CmdPrompt + } else if name == "stdio" { + return CmdStdio + } else if name == "echo" { + return CmdEcho + } else if name == "pass" { + return CmdPass + } else if name == "in" { + return CmdIn + } else if name == "exec" { + return CmdExec + } else if name == "trace" { + return CmdTrace + } else if name == "emit" { + return CmdEmit + } else if name == "print" { + return CmdPrint + } else if name == "multiprint" { + return CmdMultiprint + } else if name == "listen" { + return CmdListen + } else if name == "beamsend" { + return CmdBeamsend + } else if name == "beamreceive" { + return CmdBeamreceive + } else if name == "connect" { + return CmdConnect + } else if name == "openfile" { + return CmdOpenfile + } else if name == "spawn" { + return CmdSpawn + } else if name == "chdir" { + return CmdChdir + } + return nil +} + +// VARIOUS HELPER FUNCTIONS: + +func connToFile(conn net.Conn) (f *os.File, err error) { + if connWithFile, ok := conn.(interface { + File() (*os.File, error) + }); !ok { + return nil, fmt.Errorf("no file descriptor available") + } else { + f, err = connWithFile.File() + if err != nil { + return nil, err + } + } + return f, err +} + +type Msg struct { + payload []byte + attachment *os.File +} + +func Logf(msg string, args ...interface{}) (int, error) { + if len(msg) == 0 || msg[len(msg)-1] != '\n' { + msg = msg + "\n" + } + msg = fmt.Sprintf("[%v] [%v] %s", os.Getpid(), path.Base(os.Args[0]), msg) + return fmt.Printf(msg, args...) +} + +func Debugf(msg string, args ...interface{}) { + if os.Getenv("BEAMDEBUG") != "" { + Logf(msg, args...) + } +} + +func Fatalf(msg string, args ...interface{}) { + Logf(msg, args...) + os.Exit(1) +} + +func Fatal(args ...interface{}) { + Fatalf("%v", args[0]) +} + +func scriptString(script []*dockerscript.Command) string { + lines := make([]string, 0, len(script)) + for _, cmd := range script { + line := strings.Join(cmd.Args, " ") + if len(cmd.Children) > 0 { + line += fmt.Sprintf(" { %s }", scriptString(cmd.Children)) + } else { + line += " {}" + } + lines = append(lines, line) + } + return fmt.Sprintf("'%s'", strings.Join(lines, "; ")) +} + +func dialer(addr string) (chan net.Conn, error) { + u, err := url.Parse(addr) + if err != nil { + return nil, err + } + connections := make(chan net.Conn) + go func() { + defer close(connections) + for { + conn, err := net.Dial(u.Scheme, u.Host) + if err != nil { + return + } + connections <- conn + } + }() + return connections, nil +} + +func listener(addr string) (chan net.Conn, error) { + u, err := url.Parse(addr) + if err != nil { + return nil, err + } + l, err := net.Listen(u.Scheme, u.Host) + if err != nil { + return nil, err + } + connections := make(chan net.Conn) + go func() { + defer close(connections) + for { + conn, err := l.Accept() + if err != nil { + return + } + Logf("new connection\n") + connections <- conn + } + }() + return connections, nil +} + +func SendToConn(connections chan net.Conn, src beam.Receiver) error { + var tasks sync.WaitGroup + defer tasks.Wait() + for { + payload, attachment, err := src.Receive() + if err == io.EOF { + return nil + } else if err != nil { + return err + } + conn, ok := <-connections + if !ok { + break + } + Logf("Sending %s\n", msgDesc(payload, attachment)) + tasks.Add(1) + go func(payload []byte, attachment *os.File, conn net.Conn) { + defer tasks.Done() + if _, err := conn.Write([]byte(data.EncodeString(string(payload)))); err != nil { + return + } + if attachment == nil { + conn.Close() + return + } + var iotasks sync.WaitGroup + iotasks.Add(2) + go func(attachment *os.File, conn net.Conn) { + defer iotasks.Done() + Debugf("copying the connection to [%d]\n", attachment.Fd()) + io.Copy(attachment, conn) + attachment.Close() + Debugf("done copying the connection to [%d]\n", attachment.Fd()) + }(attachment, conn) + go func(attachment *os.File, conn net.Conn) { + defer iotasks.Done() + Debugf("copying [%d] to the connection\n", attachment.Fd()) + io.Copy(conn, attachment) + conn.Close() + Debugf("done copying [%d] to the connection\n", attachment.Fd()) + }(attachment, conn) + iotasks.Wait() + }(payload, attachment, conn) + } + return nil +} + +func msgDesc(payload []byte, attachment *os.File) string { + return beam.MsgDesc(payload, attachment) +} + +func ReceiveFromConn(connections chan net.Conn, dst beam.Sender) error { + for conn := range connections { + err := func() error { + Logf("parsing message from network...\n") + defer Logf("done parsing message from network\n") + buf := make([]byte, 4098) + n, err := conn.Read(buf) + if n == 0 { + conn.Close() + if err == io.EOF { + return nil + } else { + return err + } + } + Logf("decoding message from '%s'\n", buf[:n]) + header, skip, err := data.DecodeString(string(buf[:n])) + if err != nil { + conn.Close() + return err + } + pub, priv, err := beam.SocketPair() + if err != nil { + return err + } + Logf("decoded message: %s\n", data.Message(header).Pretty()) + go func(skipped []byte, conn net.Conn, f *os.File) { + // this closes both conn and f + if len(skipped) > 0 { + if _, err := f.Write(skipped); err != nil { + Logf("ERROR: %v\n", err) + f.Close() + conn.Close() + return + } + } + bicopy(conn, f) + }(buf[skip:n], conn, pub) + if err := dst.Send([]byte(header), priv); err != nil { + return err + } + return nil + }() + if err != nil { + Logf("Error reading from connection: %v\n", err) + } + } + return nil +} + +func bicopy(a, b io.ReadWriteCloser) { + var iotasks sync.WaitGroup + oneCopy := func(dst io.WriteCloser, src io.Reader) { + defer iotasks.Done() + io.Copy(dst, src) + dst.Close() + } + iotasks.Add(2) + go oneCopy(a, b) + go oneCopy(b, a) + iotasks.Wait() +} diff --git a/pkg/beam/examples/beamsh/builtins.go b/pkg/beam/examples/beamsh/builtins.go new file mode 100644 index 0000000000..cc94d2b5fb --- /dev/null +++ b/pkg/beam/examples/beamsh/builtins.go @@ -0,0 +1,441 @@ +package main + +import ( + "bufio" + "fmt" + "github.com/dotcloud/docker/pkg/beam" + "github.com/dotcloud/docker/pkg/beam/data" + "github.com/dotcloud/docker/pkg/term" + "github.com/dotcloud/docker/utils" + "io" + "net" + "net/url" + "os" + "os/exec" + "path" + "strings" + "sync" + "text/template" +) + +func CmdLogger(args []string, stdout, stderr io.Writer, in beam.Receiver, out beam.Sender) { + if err := os.MkdirAll("logs", 0700); err != nil { + fmt.Fprintf(stderr, "%v\n", err) + return + } + var tasks sync.WaitGroup + defer tasks.Wait() + var n int = 1 + r := beam.NewRouter(out) + r.NewRoute().HasAttachment().KeyStartsWith("cmd", "log").Handler(func(payload []byte, attachment *os.File) error { + tasks.Add(1) + go func(n int) { + defer tasks.Done() + defer attachment.Close() + var streamname string + if cmd := data.Message(payload).Get("cmd"); len(cmd) == 1 || cmd[1] == "stdout" { + streamname = "stdout" + } else { + streamname = cmd[1] + } + if fromcmd := data.Message(payload).Get("fromcmd"); len(fromcmd) != 0 { + streamname = fmt.Sprintf("%s-%s", strings.Replace(strings.Join(fromcmd, "_"), "/", "_", -1), streamname) + } + logfile, err := os.OpenFile(path.Join("logs", fmt.Sprintf("%d-%s", n, streamname)), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0700) + if err != nil { + fmt.Fprintf(stderr, "%v\n", err) + return + } + defer logfile.Close() + io.Copy(logfile, attachment) + logfile.Sync() + }(n) + n++ + return nil + }).Tee(out) + if _, err := beam.Copy(r, in); err != nil { + fmt.Fprintf(stderr, "%v\n", err) + return + } +} + +func CmdRender(args []string, stdout, stderr io.Writer, in beam.Receiver, out beam.Sender) { + if len(args) != 2 { + fmt.Fprintf(stderr, "Usage: %s FORMAT\n", args[0]) + out.Send(data.Empty().Set("status", "1").Bytes(), nil) + return + } + txt := args[1] + if !strings.HasSuffix(txt, "\n") { + txt += "\n" + } + t := template.Must(template.New("render").Parse(txt)) + for { + payload, attachment, err := in.Receive() + if err != nil { + return + } + msg, err := data.Decode(string(payload)) + if err != nil { + fmt.Fprintf(stderr, "decode error: %v\n") + } + if err := t.Execute(stdout, msg); err != nil { + fmt.Fprintf(stderr, "rendering error: %v\n", err) + out.Send(data.Empty().Set("status", "1").Bytes(), nil) + return + } + if err := out.Send(payload, attachment); err != nil { + return + } + } +} + +func CmdDevnull(args []string, stdout, stderr io.Writer, in beam.Receiver, out beam.Sender) { + for { + _, attachment, err := in.Receive() + if err != nil { + return + } + if attachment != nil { + attachment.Close() + } + } +} + +func CmdPrompt(args []string, stdout, stderr io.Writer, in beam.Receiver, out beam.Sender) { + if len(args) < 2 { + fmt.Fprintf(stderr, "usage: %s PROMPT...\n", args[0]) + return + } + if !term.IsTerminal(0) { + fmt.Fprintf(stderr, "can't prompt: no tty available...\n") + return + } + fmt.Printf("%s: ", strings.Join(args[1:], " ")) + oldState, _ := term.SaveState(0) + term.DisableEcho(0, oldState) + line, _, err := bufio.NewReader(os.Stdin).ReadLine() + if err != nil { + fmt.Fprintln(stderr, err.Error()) + return + } + val := string(line) + fmt.Printf("\n") + term.RestoreTerminal(0, oldState) + out.Send(data.Empty().Set("fromcmd", args...).Set("value", val).Bytes(), nil) +} + +func CmdStdio(args []string, stdout, stderr io.Writer, in beam.Receiver, out beam.Sender) { + var tasks sync.WaitGroup + defer tasks.Wait() + + r := beam.NewRouter(out) + r.NewRoute().HasAttachment().KeyStartsWith("cmd", "log").Handler(func(payload []byte, attachment *os.File) error { + tasks.Add(1) + go func() { + defer tasks.Done() + defer attachment.Close() + io.Copy(os.Stdout, attachment) + attachment.Close() + }() + return nil + }).Tee(out) + + if _, err := beam.Copy(r, in); err != nil { + Fatal(err) + fmt.Fprintf(stderr, "%v\n", err) + return + } +} + +func CmdEcho(args []string, stdout, stderr io.Writer, in beam.Receiver, out beam.Sender) { + fmt.Fprintln(stdout, strings.Join(args[1:], " ")) +} + +func CmdPass(args []string, stdout, stderr io.Writer, in beam.Receiver, out beam.Sender) { + for { + payload, attachment, err := in.Receive() + if err != nil { + return + } + if err := out.Send(payload, attachment); err != nil { + if attachment != nil { + attachment.Close() + } + return + } + } +} + +func CmdSpawn(args []string, stdout, stderr io.Writer, in beam.Receiver, out beam.Sender) { + c := exec.Command(utils.SelfPath()) + r, w, err := os.Pipe() + if err != nil { + fmt.Fprintf(stderr, "%v\n", err) + return + } + c.Stdin = r + c.Stdout = stdout + c.Stderr = stderr + go func() { + fmt.Fprintf(w, strings.Join(args[1:], " ")) + w.Sync() + w.Close() + }() + if err := c.Run(); err != nil { + fmt.Fprintf(stderr, "%v\n", err) + return + } +} + +func CmdIn(args []string, stdout, stderr io.Writer, in beam.Receiver, out beam.Sender) { + os.Chdir(args[1]) + GetHandler("pass")([]string{"pass"}, stdout, stderr, in, out) +} + +func CmdExec(args []string, stdout, stderr io.Writer, in beam.Receiver, out beam.Sender) { + cmd := exec.Command(args[1], args[2:]...) + cmd.Stdout = stdout + cmd.Stderr = stderr + //cmd.Stdin = os.Stdin + local, remote, err := beam.SocketPair() + if err != nil { + fmt.Fprintf(stderr, "%v\n", err) + return + } + child, err := beam.FileConn(local) + if err != nil { + local.Close() + remote.Close() + fmt.Fprintf(stderr, "%v\n", err) + return + } + local.Close() + cmd.ExtraFiles = append(cmd.ExtraFiles, remote) + + var tasks sync.WaitGroup + tasks.Add(1) + go func() { + defer Debugf("done copying to child\n") + defer tasks.Done() + defer child.CloseWrite() + beam.Copy(child, in) + }() + + tasks.Add(1) + go func() { + defer Debugf("done copying from child %d\n") + defer tasks.Done() + r := beam.NewRouter(out) + r.NewRoute().All().Handler(func(p []byte, a *os.File) error { + return out.Send(data.Message(p).Set("pid", fmt.Sprintf("%d", cmd.Process.Pid)).Bytes(), a) + }) + beam.Copy(r, child) + }() + execErr := cmd.Run() + // We can close both ends of the socket without worrying about data stuck in the buffer, + // because unix socket writes are fully synchronous. + child.Close() + tasks.Wait() + var status string + if execErr != nil { + status = execErr.Error() + } else { + status = "ok" + } + out.Send(data.Empty().Set("status", status).Set("cmd", args...).Bytes(), nil) +} + +func CmdTrace(args []string, stdout, stderr io.Writer, in beam.Receiver, out beam.Sender) { + r := beam.NewRouter(out) + r.NewRoute().All().Handler(func(payload []byte, attachment *os.File) error { + var sfd string = "nil" + if attachment != nil { + sfd = fmt.Sprintf("%d", attachment.Fd()) + } + fmt.Printf("===> %s [%s]\n", data.Message(payload).Pretty(), sfd) + out.Send(payload, attachment) + return nil + }) + beam.Copy(r, in) +} + +func CmdEmit(args []string, stdout, stderr io.Writer, in beam.Receiver, out beam.Sender) { + out.Send(data.Parse(args[1:]).Bytes(), nil) +} + +func CmdPrint(args []string, stdout, stderr io.Writer, in beam.Receiver, out beam.Sender) { + for { + payload, a, err := in.Receive() + if err != nil { + return + } + // Skip commands + if a != nil && data.Message(payload).Get("cmd") == nil { + dup, err := beam.SendPipe(out, payload) + if err != nil { + a.Close() + return + } + io.Copy(io.MultiWriter(os.Stdout, dup), a) + dup.Close() + } else { + if err := out.Send(payload, a); err != nil { + return + } + } + } +} + +func CmdMultiprint(args []string, stdout, stderr io.Writer, in beam.Receiver, out beam.Sender) { + var tasks sync.WaitGroup + defer tasks.Wait() + r := beam.NewRouter(out) + multiprint := func(p []byte, a *os.File) error { + tasks.Add(1) + go func() { + defer tasks.Done() + defer a.Close() + msg := data.Message(string(p)) + input := bufio.NewScanner(a) + for input.Scan() { + fmt.Printf("[%s] %s\n", msg.Pretty(), input.Text()) + } + }() + return nil + } + r.NewRoute().KeyIncludes("type", "job").Passthrough(out) + r.NewRoute().HasAttachment().Handler(multiprint).Tee(out) + beam.Copy(r, in) +} + +func CmdListen(args []string, stdout, stderr io.Writer, in beam.Receiver, out beam.Sender) { + if len(args) != 2 { + out.Send(data.Empty().Set("status", "1").Set("message", "wrong number of arguments").Bytes(), nil) + return + } + u, err := url.Parse(args[1]) + if err != nil { + out.Send(data.Empty().Set("status", "1").Set("message", err.Error()).Bytes(), nil) + return + } + l, err := net.Listen(u.Scheme, u.Host) + if err != nil { + out.Send(data.Empty().Set("status", "1").Set("message", err.Error()).Bytes(), nil) + return + } + for { + conn, err := l.Accept() + if err != nil { + out.Send(data.Empty().Set("status", "1").Set("message", err.Error()).Bytes(), nil) + return + } + f, err := connToFile(conn) + if err != nil { + conn.Close() + continue + } + out.Send(data.Empty().Set("type", "socket").Set("remoteaddr", conn.RemoteAddr().String()).Bytes(), f) + } +} + +func CmdBeamsend(args []string, stdout, stderr io.Writer, in beam.Receiver, out beam.Sender) { + if len(args) < 2 { + if err := out.Send(data.Empty().Set("status", "1").Set("message", "wrong number of arguments").Bytes(), nil); err != nil { + Fatal(err) + } + return + } + var connector func(string) (chan net.Conn, error) + connector = dialer + connections, err := connector(args[1]) + if err != nil { + out.Send(data.Empty().Set("status", "1").Set("message", err.Error()).Bytes(), nil) + return + } + // Copy in to conn + SendToConn(connections, in) +} + +func CmdBeamreceive(args []string, stdout, stderr io.Writer, in beam.Receiver, out beam.Sender) { + if len(args) != 2 { + if err := out.Send(data.Empty().Set("status", "1").Set("message", "wrong number of arguments").Bytes(), nil); err != nil { + Fatal(err) + } + return + } + var connector func(string) (chan net.Conn, error) + connector = listener + connections, err := connector(args[1]) + if err != nil { + out.Send(data.Empty().Set("status", "1").Set("message", err.Error()).Bytes(), nil) + return + } + // Copy in to conn + ReceiveFromConn(connections, out) +} + +func CmdConnect(args []string, stdout, stderr io.Writer, in beam.Receiver, out beam.Sender) { + if len(args) != 2 { + out.Send(data.Empty().Set("status", "1").Set("message", "wrong number of arguments").Bytes(), nil) + return + } + u, err := url.Parse(args[1]) + if err != nil { + out.Send(data.Empty().Set("status", "1").Set("message", err.Error()).Bytes(), nil) + return + } + var tasks sync.WaitGroup + for { + _, attachment, err := in.Receive() + if err != nil { + break + } + if attachment == nil { + continue + } + Logf("connecting to %s/%s\n", u.Scheme, u.Host) + conn, err := net.Dial(u.Scheme, u.Host) + if err != nil { + out.Send(data.Empty().Set("cmd", "msg", "connect error: "+err.Error()).Bytes(), nil) + return + } + out.Send(data.Empty().Set("cmd", "msg", "connection established").Bytes(), nil) + tasks.Add(1) + go func(attachment *os.File, conn net.Conn) { + defer tasks.Done() + // even when successful, conn.File() returns a duplicate, + // so we must close the original + var iotasks sync.WaitGroup + iotasks.Add(2) + go func(attachment *os.File, conn net.Conn) { + defer iotasks.Done() + io.Copy(attachment, conn) + }(attachment, conn) + go func(attachment *os.File, conn net.Conn) { + defer iotasks.Done() + io.Copy(conn, attachment) + }(attachment, conn) + iotasks.Wait() + conn.Close() + attachment.Close() + }(attachment, conn) + } + tasks.Wait() +} + +func CmdOpenfile(args []string, stdout, stderr io.Writer, in beam.Receiver, out beam.Sender) { + for _, name := range args { + f, err := os.Open(name) + if err != nil { + continue + } + if err := out.Send(data.Empty().Set("path", name).Set("type", "file").Bytes(), f); err != nil { + f.Close() + } + } +} + +func CmdChdir(args []string, stdout, stderr io.Writer, in beam.Receiver, out beam.Sender) { + os.Chdir(args[1]) +} diff --git a/pkg/beam/examples/beamsh/scripts/bug0.ds b/pkg/beam/examples/beamsh/scripts/bug0.ds new file mode 100755 index 0000000000..89b75230be --- /dev/null +++ b/pkg/beam/examples/beamsh/scripts/bug0.ds @@ -0,0 +1,3 @@ +#!/usr/bin/env beamsh + +exec ls -l diff --git a/pkg/beam/examples/beamsh/scripts/bug1.ds b/pkg/beam/examples/beamsh/scripts/bug1.ds new file mode 100755 index 0000000000..2d8a9e2ed9 --- /dev/null +++ b/pkg/beam/examples/beamsh/scripts/bug1.ds @@ -0,0 +1,5 @@ +#!/usr/bin/env beamsh + +trace { + exec ls -l +} diff --git a/pkg/beam/examples/beamsh/scripts/bug2.ds b/pkg/beam/examples/beamsh/scripts/bug2.ds new file mode 100755 index 0000000000..08f0431f68 --- /dev/null +++ b/pkg/beam/examples/beamsh/scripts/bug2.ds @@ -0,0 +1,7 @@ +#!/usr/bin/env beamsh + +trace { + stdio { + exec ls -l + } +} diff --git a/pkg/beam/examples/beamsh/scripts/bug3.ds b/pkg/beam/examples/beamsh/scripts/bug3.ds new file mode 100755 index 0000000000..7bb8694d49 --- /dev/null +++ b/pkg/beam/examples/beamsh/scripts/bug3.ds @@ -0,0 +1,10 @@ +#!/usr/bin/env beamsh -x + +trace outer { + # stdio fails + stdio { + trace inner { + exec ls -l + } + } +} diff --git a/pkg/beam/examples/beamsh/scripts/bug4.ds b/pkg/beam/examples/beamsh/scripts/bug4.ds new file mode 100755 index 0000000000..b7beedbae2 --- /dev/null +++ b/pkg/beam/examples/beamsh/scripts/bug4.ds @@ -0,0 +1,9 @@ +#!/usr/bin/env beamsh + +stdio { + trace { + stdio { + exec ls -l + } + } +} diff --git a/pkg/beam/examples/beamsh/scripts/bug5.ds b/pkg/beam/examples/beamsh/scripts/bug5.ds new file mode 100755 index 0000000000..9f9a85515d --- /dev/null +++ b/pkg/beam/examples/beamsh/scripts/bug5.ds @@ -0,0 +1,6 @@ +#!/usr/bin/env beamsh + +stdio { + # exec fails + exec ls -l +} diff --git a/pkg/beam/examples/beamsh/scripts/bug6.ds b/pkg/beam/examples/beamsh/scripts/bug6.ds new file mode 100755 index 0000000000..90281401cd --- /dev/null +++ b/pkg/beam/examples/beamsh/scripts/bug6.ds @@ -0,0 +1,7 @@ +#!/usr/bin/env beamsh + +stdio { + trace { + echo hello + } +} diff --git a/pkg/beam/examples/beamsh/scripts/bug7.ds b/pkg/beam/examples/beamsh/scripts/bug7.ds new file mode 100755 index 0000000000..b6e7bd9201 --- /dev/null +++ b/pkg/beam/examples/beamsh/scripts/bug7.ds @@ -0,0 +1,6 @@ +#!/usr/bin/env beamsh + +stdio { + # exec fails + echo hello world +} diff --git a/pkg/beam/examples/beamsh/scripts/demo1.ds b/pkg/beam/examples/beamsh/scripts/demo1.ds new file mode 100755 index 0000000000..20a3359f3a --- /dev/null +++ b/pkg/beam/examples/beamsh/scripts/demo1.ds @@ -0,0 +1,9 @@ +#!/usr/bin/env beamsh + +devnull { + multiprint { + exec tail -f /var/log/system.log & + exec ls -l + exec ls ksdhfkjdshf jksdfhkjsdhf + } +} diff --git a/pkg/beam/examples/beamsh/scripts/helloworld.ds b/pkg/beam/examples/beamsh/scripts/helloworld.ds new file mode 100755 index 0000000000..32e59b062e --- /dev/null +++ b/pkg/beam/examples/beamsh/scripts/helloworld.ds @@ -0,0 +1,8 @@ +#!/usr/bin/env beamsh + +print { + trace { + emit msg=hello + emit msg=world + } +} diff --git a/pkg/beam/examples/beamsh/scripts/logdemo.ds b/pkg/beam/examples/beamsh/scripts/logdemo.ds new file mode 100755 index 0000000000..8b729a966f --- /dev/null +++ b/pkg/beam/examples/beamsh/scripts/logdemo.ds @@ -0,0 +1,9 @@ +#!/usr/bin/env beamsh + +trace { + log { + exec ls -l + exec ls /tmp/jhsdfkjhsdjkfhsdjkfhsdjkkhsdjkf + echo hello world + } +} diff --git a/pkg/beam/examples/beamsh/scripts/miniserver.ds b/pkg/beam/examples/beamsh/scripts/miniserver.ds new file mode 100755 index 0000000000..9707477ee0 --- /dev/null +++ b/pkg/beam/examples/beamsh/scripts/miniserver.ds @@ -0,0 +1,9 @@ +#!/usr/bin/env beamsh + +multiprint { + trace { + listen tcp://localhost:7676 & + listen tcp://localhost:8787 & + } +} + diff --git a/pkg/beam/router.go b/pkg/beam/router.go new file mode 100644 index 0000000000..fc41a8991b --- /dev/null +++ b/pkg/beam/router.go @@ -0,0 +1,184 @@ +package beam + +import ( + "fmt" + "github.com/dotcloud/docker/pkg/beam/data" + "io" + "os" +) + +type Router struct { + routes []*Route + sink Sender +} + +func NewRouter(sink Sender) *Router { + return &Router{sink: sink} +} + +func (r *Router) Send(payload []byte, attachment *os.File) (err error) { + //fmt.Printf("Router.Send(%s)\n", MsgDesc(payload, attachment)) + defer func() { + //fmt.Printf("DONE Router.Send(%s) = %v\n", MsgDesc(payload, attachment), err) + }() + for _, route := range r.routes { + if route.Match(payload, attachment) { + return route.Handle(payload, attachment) + } + } + if r.sink != nil { + // fmt.Printf("[%d] [Router.Send] no match. sending %s to sink %#v\n", os.Getpid(), MsgDesc(payload, attachment), r.sink) + return r.sink.Send(payload, attachment) + } + //fmt.Printf("[Router.Send] no match. return error.\n") + return fmt.Errorf("no matching route") +} + +func (r *Router) NewRoute() *Route { + route := &Route{} + r.routes = append(r.routes, route) + return route +} + +type Route struct { + rules []func([]byte, *os.File) bool + handler func([]byte, *os.File) error +} + +func (route *Route) Match(payload []byte, attachment *os.File) bool { + for _, rule := range route.rules { + if !rule(payload, attachment) { + return false + } + } + return true +} + +func (route *Route) Handle(payload []byte, attachment *os.File) error { + if route.handler == nil { + return nil + } + return route.handler(payload, attachment) +} + +func (r *Route) HasAttachment() *Route { + r.rules = append(r.rules, func(payload []byte, attachment *os.File) bool { + return attachment != nil + }) + return r +} + +func (route *Route) Tee(dst Sender) *Route { + inner := route.handler + route.handler = func(payload []byte, attachment *os.File) error { + if inner == nil { + return nil + } + if attachment == nil { + return inner(payload, attachment) + } + // Setup the tee + w, err := SendPipe(dst, payload) + if err != nil { + return err + } + teeR, teeW, err := os.Pipe() + if err != nil { + w.Close() + return err + } + go func() { + io.Copy(io.MultiWriter(teeW, w), attachment) + attachment.Close() + w.Close() + teeW.Close() + }() + return inner(payload, teeR) + } + return route +} + +func (r *Route) Filter(f func([]byte, *os.File) bool) *Route { + r.rules = append(r.rules, f) + return r +} + +func (r *Route) KeyStartsWith(k string, beginning ...string) *Route { + r.rules = append(r.rules, func(payload []byte, attachment *os.File) bool { + values := data.Message(payload).Get(k) + if values == nil { + return false + } + if len(values) < len(beginning) { + return false + } + for i, v := range beginning { + if v != values[i] { + return false + } + } + return true + }) + return r +} + +func (r *Route) KeyEquals(k string, full ...string) *Route { + r.rules = append(r.rules, func(payload []byte, attachment *os.File) bool { + values := data.Message(payload).Get(k) + if len(values) != len(full) { + return false + } + for i, v := range full { + if v != values[i] { + return false + } + } + return true + }) + return r +} + +func (r *Route) KeyIncludes(k, v string) *Route { + r.rules = append(r.rules, func(payload []byte, attachment *os.File) bool { + for _, val := range data.Message(payload).Get(k) { + if val == v { + return true + } + } + return false + }) + return r +} + +func (r *Route) NoKey(k string) *Route { + r.rules = append(r.rules, func(payload []byte, attachment *os.File) bool { + return len(data.Message(payload).Get(k)) == 0 + }) + return r +} + +func (r *Route) KeyExists(k string) *Route { + r.rules = append(r.rules, func(payload []byte, attachment *os.File) bool { + return data.Message(payload).Get(k) != nil + }) + return r +} + +func (r *Route) Passthrough(dst Sender) *Route { + r.handler = func(payload []byte, attachment *os.File) error { + return dst.Send(payload, attachment) + } + return r +} + +func (r *Route) All() *Route { + r.rules = append(r.rules, func(payload []byte, attachment *os.File) bool { + return true + }) + return r +} + +func (r *Route) Handler(h func([]byte, *os.File) error) *Route { + r.handler = h + return r +} diff --git a/pkg/beam/router_test.go b/pkg/beam/router_test.go new file mode 100644 index 0000000000..f7f7bf1d2d --- /dev/null +++ b/pkg/beam/router_test.go @@ -0,0 +1,95 @@ +package beam + +import ( + "fmt" + "io/ioutil" + "os" + "sync" + "testing" +) + +type msg struct { + payload []byte + attachment *os.File +} + +func (m msg) String() string { + return MsgDesc(m.payload, m.attachment) +} + +type mockReceiver []msg + +func (r *mockReceiver) Send(p []byte, a *os.File) error { + (*r) = append((*r), msg{p, a}) + return nil +} + +func TestSendNoSinkNoRoute(t *testing.T) { + r := NewRouter(nil) + if err := r.Send([]byte("hello"), nil); err == nil { + t.Fatalf("error expected") + } + a, b, err := os.Pipe() + if err != nil { + t.Fatal(err) + } + defer a.Close() + defer b.Close() + if err := r.Send([]byte("foo bar baz"), a); err == nil { + t.Fatalf("error expected") + } +} + +func TestSendSinkNoRoute(t *testing.T) { + var sink mockReceiver + r := NewRouter(&sink) + if err := r.Send([]byte("hello"), nil); err != nil { + t.Fatal(err) + } + a, b, err := os.Pipe() + if err != nil { + t.Fatal(err) + } + defer a.Close() + defer b.Close() + if err := r.Send([]byte("world"), a); err != nil { + t.Fatal(err) + } + if len(sink) != 2 { + t.Fatalf("%#v\n", sink) + } + if string(sink[0].payload) != "hello" { + t.Fatalf("%#v\n", sink) + } + if sink[0].attachment != nil { + t.Fatalf("%#v\n", sink) + } + if string(sink[1].payload) != "world" { + t.Fatalf("%#v\n", sink) + } + if sink[1].attachment == nil || sink[1].attachment.Fd() > 42 || sink[1].attachment.Fd() < 0 { + t.Fatalf("%v\n", sink) + } + var tasks sync.WaitGroup + tasks.Add(2) + go func() { + defer tasks.Done() + fmt.Printf("[%d] Reading from '%d'\n", os.Getpid(), sink[1].attachment.Fd()) + data, err := ioutil.ReadAll(sink[1].attachment) + if err != nil { + t.Fatal(err) + } + if string(data) != "foo bar\n" { + t.Fatalf("%v\n", string(data)) + } + }() + go func() { + defer tasks.Done() + fmt.Printf("[%d] writing to '%d'\n", os.Getpid(), a.Fd()) + if _, err := fmt.Fprintf(b, "foo bar\n"); err != nil { + t.Fatal(err) + } + b.Close() + }() + tasks.Wait() +} diff --git a/pkg/beam/service.go b/pkg/beam/service.go new file mode 100644 index 0000000000..8e117059cb --- /dev/null +++ b/pkg/beam/service.go @@ -0,0 +1,85 @@ +package beam + +import ( + "net" +) + +// Listen is a convenience interface for applications to create service endpoints +// which can be easily used with existing networking code. +// +// Listen registers a new service endpoint on the beam connection `conn`, using the +// service name `name`. It returns a listener which can be used in the usual +// way. Calling Accept() on the listener will block until a new connection is available +// on the service endpoint. The endpoint is then returned as a regular net.Conn and +// can be used as a regular network connection. +// +// Note that if the underlying file descriptor received in attachment is nil or does +// not point to a connection, that message will be skipped. +// +func Listen(conn Sender, name string) (net.Listener, error) { + endpoint, err := SendConn(conn, []byte(name)) + if err != nil { + return nil, err + } + return &listener{ + name: name, + endpoint: endpoint, + }, nil +} + +func Connect(ctx *UnixConn, name string) (net.Conn, error) { + l, err := Listen(ctx, name) + if err != nil { + return nil, err + } + conn, err := l.Accept() + if err != nil { + return nil, err + } + return conn, nil +} + +type listener struct { + name string + endpoint ReceiveCloser +} + +func (l *listener) Accept() (net.Conn, error) { + for { + _, f, err := l.endpoint.Receive() + if err != nil { + return nil, err + } + if f == nil { + // Skip empty attachments + continue + } + conn, err := net.FileConn(f) + if err != nil { + // Skip beam attachments which are not connections + // (for example might be a regular file, directory etc) + continue + } + return conn, nil + } + panic("impossibru!") + return nil, nil +} + +func (l *listener) Close() error { + return l.endpoint.Close() +} + +func (l *listener) Addr() net.Addr { + return addr(l.name) +} + +type addr string + +func (a addr) Network() string { + return "beam" +} + +func (a addr) String() string { + return string(a) +} diff --git a/pkg/beam/unix.go b/pkg/beam/unix.go new file mode 100644 index 0000000000..b2d0d94150 --- /dev/null +++ b/pkg/beam/unix.go @@ -0,0 +1,317 @@ +package beam + +import ( + "bufio" + "fmt" + "net" + "os" + "syscall" +) + +func debugCheckpoint(msg string, args ...interface{}) { + if os.Getenv("DEBUG") == "" { + return + } + os.Stdout.Sync() + tty, _ := os.OpenFile("/dev/tty", os.O_RDWR, 0700) + fmt.Fprintf(tty, msg, args...) + bufio.NewScanner(tty).Scan() + tty.Close() +} + +type UnixConn struct { + *net.UnixConn + fds []*os.File +} + +// Framing: +// In order to handle framing in Send/Recieve, as these give frame +// boundaries we use a very simple 4 bytes header. It is a big endiand +// uint32 where the high bit is set if the message includes a file +// descriptor. The rest of the uint32 is the length of the next frame. +// We need the bit in order to be able to assign recieved fds to +// the right message, as multiple messages may be coalesced into +// a single recieve operation. +func makeHeader(data []byte, fds []int) ([]byte, error) { + header := make([]byte, 4) + + length := uint32(len(data)) + + if length > 0x7fffffff { + return nil, fmt.Errorf("Data to large") + } + + if len(fds) != 0 { + length = length | 0x80000000 + } + header[0] = byte((length >> 24) & 0xff) + header[1] = byte((length >> 16) & 0xff) + header[2] = byte((length >> 8) & 0xff) + header[3] = byte((length >> 0) & 0xff) + + return header, nil +} + +func parseHeader(header []byte) (uint32, bool) { + length := uint32(header[0])<<24 | uint32(header[1])<<16 | uint32(header[2])<<8 | uint32(header[3]) + hasFd := length&0x80000000 != 0 + length = length & ^uint32(0x80000000) + + return length, hasFd +} + +func FileConn(f *os.File) (*UnixConn, error) { + conn, err := net.FileConn(f) + if err != nil { + return nil, err + } + uconn, ok := conn.(*net.UnixConn) + if !ok { + conn.Close() + return nil, fmt.Errorf("%d: not a unix connection", f.Fd()) + } + return &UnixConn{UnixConn: uconn}, nil + +} + +// Send sends a new message on conn with data and f as payload and +// attachment, respectively. +// On success, f is closed +func (conn *UnixConn) Send(data []byte, f *os.File) error { + { + var fd int = -1 + if f != nil { + fd = int(f.Fd()) + } + debugCheckpoint("===DEBUG=== about to send '%s'[%d]. Hit enter to confirm: ", data, fd) + } + var fds []int + if f != nil { + fds = append(fds, int(f.Fd())) + } + if err := conn.sendUnix(data, fds...); err != nil { + return err + } + + if f != nil { + f.Close() + } + return nil +} + +// Receive waits for a new message on conn, and receives its payload +// and attachment, or an error if any. +// +// If more than 1 file descriptor is sent in the message, they are all +// closed except for the first, which is the attachment. +// It is legal for a message to have no attachment or an empty payload. +func (conn *UnixConn) Receive() (rdata []byte, rf *os.File, rerr error) { + defer func() { + var fd int = -1 + if rf != nil { + fd = int(rf.Fd()) + } + debugCheckpoint("===DEBUG=== Receive() -> '%s'[%d]. Hit enter to continue.\n", rdata, fd) + }() + + // Read header + header := make([]byte, 4) + nRead := uint32(0) + + for nRead < 4 { + n, err := conn.receiveUnix(header[nRead:]) + if err != nil { + return nil, nil, err + } + nRead = nRead + uint32(n) + } + + length, hasFd := parseHeader(header) + + if hasFd { + if len(conn.fds) == 0 { + return nil, nil, fmt.Errorf("No expected file descriptor in message") + } + + rf = conn.fds[0] + conn.fds = conn.fds[1:] + } + + rdata = make([]byte, length) + + nRead = 0 + for nRead < length { + n, err := conn.receiveUnix(rdata[nRead:]) + if err != nil { + return nil, nil, err + } + nRead = nRead + uint32(n) + } + + return +} + +func (conn *UnixConn) receiveUnix(buf []byte) (int, error) { + oob := make([]byte, syscall.CmsgSpace(4)) + bufn, oobn, _, _, err := conn.ReadMsgUnix(buf, oob) + if err != nil { + return 0, err + } + fd := extractFd(oob[:oobn]) + if fd != -1 { + f := os.NewFile(uintptr(fd), "") + conn.fds = append(conn.fds, f) + } + + return bufn, nil +} + +func (conn *UnixConn) sendUnix(data []byte, fds ...int) error { + header, err := makeHeader(data, fds) + if err != nil { + return err + } + + // There is a bug in conn.WriteMsgUnix where it doesn't correctly return + // the number of bytes writte (http://code.google.com/p/go/issues/detail?id=7645) + // So, we can't rely on the return value from it. However, we must use it to + // send the fds. In order to handle this we only write one byte using WriteMsgUnix + // (when we have to), as that can only ever block or fully suceed. We then write + // the rest with conn.Write() + // The reader side should not rely on this though, as hopefully this gets fixed + // in go later. + written := 0 + if len(fds) != 0 { + oob := syscall.UnixRights(fds...) + wrote, _, err := conn.WriteMsgUnix(header[0:1], oob, nil) + if err != nil { + return err + } + written = written + wrote + } + + for written < len(header) { + wrote, err := conn.Write(header[written:]) + if err != nil { + return err + } + written = written + wrote + } + + written = 0 + for written < len(data) { + wrote, err := conn.Write(data[written:]) + if err != nil { + return err + } + written = written + wrote + } + + return nil +} + +func extractFd(oob []byte) int { + // Grab forklock to make sure no forks accidentally inherit the new + // fds before they are made CLOEXEC + // There is a slight race condition between ReadMsgUnix returns and + // when we grap the lock, so this is not perfect. Unfortunately + // There is no way to pass MSG_CMSG_CLOEXEC to recvmsg() nor any + // way to implement non-blocking i/o in go, so this is hard to fix. + syscall.ForkLock.Lock() + defer syscall.ForkLock.Unlock() + scms, err := syscall.ParseSocketControlMessage(oob) + if err != nil { + return -1 + } + + foundFd := -1 + for _, scm := range scms { + fds, err := syscall.ParseUnixRights(&scm) + if err != nil { + continue + } + + for _, fd := range fds { + if foundFd == -1 { + syscall.CloseOnExec(fd) + foundFd = fd + } else { + syscall.Close(fd) + } + } + } + + return foundFd +} + +func socketpair() ([2]int, error) { + return syscall.Socketpair(syscall.AF_LOCAL, syscall.SOCK_STREAM|syscall.FD_CLOEXEC, 0) +} + +// SocketPair is a convenience wrapper around the socketpair(2) syscall. +// It returns a unix socket of type SOCK_STREAM in the form of 2 file descriptors +// not bound to the underlying filesystem. +// Messages sent on one end are received on the other, and vice-versa. +// It is the caller's responsibility to close both ends. +func SocketPair() (a *os.File, b *os.File, err error) { + defer func() { + var ( + fdA int = -1 + fdB int = -1 + ) + if a != nil { + fdA = int(a.Fd()) + } + if b != nil { + fdB = int(b.Fd()) + } + debugCheckpoint("===DEBUG=== SocketPair() = [%d-%d]. Hit enter to confirm: ", fdA, fdB) + }() + pair, err := socketpair() + if err != nil { + return nil, nil, err + } + return os.NewFile(uintptr(pair[0]), ""), os.NewFile(uintptr(pair[1]), ""), nil +} + +func USocketPair() (*UnixConn, *UnixConn, error) { + debugCheckpoint("===DEBUG=== USocketPair(). Hit enter to confirm: ") + defer debugCheckpoint("===DEBUG=== USocketPair() returned. Hit enter to confirm ") + a, b, err := SocketPair() + if err != nil { + return nil, nil, err + } + defer a.Close() + defer b.Close() + uA, err := FileConn(a) + if err != nil { + return nil, nil, err + } + uB, err := FileConn(b) + if err != nil { + uA.Close() + return nil, nil, err + } + return uA, uB, nil +} + +// FdConn wraps a file descriptor in a standard *net.UnixConn object, or +// returns an error if the file descriptor does not point to a unix socket. +// This creates a duplicate file descriptor. It's the caller's responsibility +// to close both. +func FdConn(fd int) (n *net.UnixConn, err error) { + { + debugCheckpoint("===DEBUG=== FdConn([%d]) = (unknown fd). Hit enter to confirm: ", fd) + } + f := os.NewFile(uintptr(fd), fmt.Sprintf("%d", fd)) + conn, err := net.FileConn(f) + if err != nil { + return nil, err + } + uconn, ok := conn.(*net.UnixConn) + if !ok { + conn.Close() + return nil, fmt.Errorf("%d: not a unix connection", fd) + } + return uconn, nil +} diff --git a/pkg/beam/unix_test.go b/pkg/beam/unix_test.go new file mode 100644 index 0000000000..976f089c23 --- /dev/null +++ b/pkg/beam/unix_test.go @@ -0,0 +1,237 @@ +package beam + +import ( + "fmt" + "io/ioutil" + "testing" +) + +func TestSocketPair(t *testing.T) { + a, b, err := SocketPair() + if err != nil { + t.Fatal(err) + } + go func() { + a.Write([]byte("hello world!")) + fmt.Printf("done writing. closing\n") + a.Close() + fmt.Printf("done closing\n") + }() + data, err := ioutil.ReadAll(b) + if err != nil { + t.Fatal(err) + } + fmt.Printf("--> %s\n", data) + fmt.Printf("still open: %v\n", a.Fd()) +} + +func TestUSocketPair(t *testing.T) { + a, b, err := USocketPair() + if err != nil { + t.Fatal(err) + } + + data := "hello world!" + go func() { + a.Write([]byte(data)) + a.Close() + }() + res := make([]byte, 1024) + size, err := b.Read(res) + if err != nil { + t.Fatal(err) + } + if size != len(data) { + t.Fatal("Unexpected size") + } + if string(res[0:size]) != data { + t.Fatal("Unexpected data") + } +} + +func TestSendUnixSocket(t *testing.T) { + a1, a2, err := USocketPair() + if err != nil { + t.Fatal(err) + } + // defer a1.Close() + // defer a2.Close() + b1, b2, err := USocketPair() + if err != nil { + t.Fatal(err) + } + // defer b1.Close() + // defer b2.Close() + glueA, glueB, err := SocketPair() + if err != nil { + t.Fatal(err) + } + // defer glueA.Close() + // defer glueB.Close() + go func() { + err := b2.Send([]byte("a"), glueB) + if err != nil { + t.Fatal(err) + } + }() + go func() { + err := a2.Send([]byte("b"), glueA) + if err != nil { + t.Fatal(err) + } + }() + connAhdr, connA, err := a1.Receive() + if err != nil { + t.Fatal(err) + } + if string(connAhdr) != "b" { + t.Fatalf("unexpected: %s", connAhdr) + } + connBhdr, connB, err := b1.Receive() + if err != nil { + t.Fatal(err) + } + if string(connBhdr) != "a" { + t.Fatalf("unexpected: %s", connBhdr) + } + fmt.Printf("received both ends: %v <-> %v\n", connA.Fd(), connB.Fd()) + go func() { + fmt.Printf("sending message on %v\n", connA.Fd()) + connA.Write([]byte("hello world")) + connA.Sync() + fmt.Printf("closing %v\n", connA.Fd()) + connA.Close() + }() + data, err := ioutil.ReadAll(connB) + if err != nil { + t.Fatal(err) + } + fmt.Printf("---> %s\n", data) + +} + +// Ensure we get proper segmenting of messages +func TestSendSegmenting(t *testing.T) { + a, b, err := USocketPair() + if err != nil { + t.Fatal(err) + } + defer a.Close() + defer b.Close() + + extrafd1, extrafd2, err := SocketPair() + if err != nil { + t.Fatal(err) + } + extrafd2.Close() + + go func() { + a.Send([]byte("message 1"), nil) + a.Send([]byte("message 2"), extrafd1) + a.Send([]byte("message 3"), nil) + }() + + msg1, file1, err := b.Receive() + if err != nil { + t.Fatal(err) + } + if string(msg1) != "message 1" { + t.Fatal("unexpected msg1:", string(msg1)) + } + if file1 != nil { + t.Fatal("unexpectedly got file1") + } + + msg2, file2, err := b.Receive() + if err != nil { + t.Fatal(err) + } + if string(msg2) != "message 2" { + t.Fatal("unexpected msg2:", string(msg2)) + } + if file2 == nil { + t.Fatal("didn't get file2") + } + file2.Close() + + msg3, file3, err := b.Receive() + if err != nil { + t.Fatal(err) + } + if string(msg3) != "message 3" { + t.Fatal("unexpected msg3:", string(msg3)) + } + if file3 != nil { + t.Fatal("unexpectedly got file3") + } + +} + +// Test sending a zero byte message +func TestSendEmpty(t *testing.T) { + a, b, err := USocketPair() + if err != nil { + t.Fatal(err) + } + defer a.Close() + defer b.Close() + go func() { + a.Send([]byte{}, nil) + }() + + msg, file, err := b.Receive() + if err != nil { + t.Fatal(err) + } + if len(msg) != 0 { + t.Fatalf("unexpected non-empty message: %v", msg) + } + if file != nil { + t.Fatal("unexpectedly got file") + } + +} + +func makeLarge(size int) []byte { + res := make([]byte, size) + for i := range res { + res[i] = byte(i % 255) + } + return res +} + +func verifyLarge(data []byte, size int) bool { + if len(data) != size { + return false + } + for i := range data { + if data[i] != byte(i%255) { + return false + } + } + return true +} + +// Test sending a large message +func TestSendLarge(t *testing.T) { + a, b, err := USocketPair() + if err != nil { + t.Fatal(err) + } + defer a.Close() + defer b.Close() + go func() { + a.Send(makeLarge(100000), nil) + }() + + msg, file, err := b.Receive() + if err != nil { + t.Fatal(err) + } + if !verifyLarge(msg, 100000) { + t.Fatalf("unexpected message (size %d)", len(msg)) + } + if file != nil { + t.Fatal("unexpectedly got file") + } +} diff --git a/pkg/cgroups/apply_nosystemd.go b/pkg/cgroups/apply_nosystemd.go deleted file mode 100644 index f94d475907..0000000000 --- a/pkg/cgroups/apply_nosystemd.go +++ /dev/null @@ -1,15 +0,0 @@ -// +build !linux - -package cgroups - -import ( - "fmt" -) - -func useSystemd() bool { - return false -} - -func systemdApply(c *Cgroup, pid int) (ActiveCgroup, error) { - return nil, fmt.Errorf("Systemd not supported") -} diff --git a/pkg/cgroups/apply_raw.go b/pkg/cgroups/apply_raw.go deleted file mode 100644 index 220f08f1dc..0000000000 --- a/pkg/cgroups/apply_raw.go +++ /dev/null @@ -1,216 +0,0 @@ -package cgroups - -import ( - "fmt" - "os" - "path/filepath" - "strconv" -) - -type rawCgroup struct { - root string - cgroup string -} - -func rawApply(c *Cgroup, pid int) (ActiveCgroup, error) { - // We have two implementation of cgroups support, one is based on - // systemd and the dbus api, and one is based on raw cgroup fs operations - // following the pre-single-writer model docs at: - // http://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups/ - // - // we can pick any subsystem to find the root - - cgroupRoot, err := FindCgroupMountpoint("cpu") - if err != nil { - return nil, err - } - cgroupRoot = filepath.Dir(cgroupRoot) - - if _, err := os.Stat(cgroupRoot); err != nil { - return nil, fmt.Errorf("cgroups fs not found") - } - - cgroup := c.Name - if c.Parent != "" { - cgroup = filepath.Join(c.Parent, cgroup) - } - - raw := &rawCgroup{ - root: cgroupRoot, - cgroup: cgroup, - } - - if err := raw.setupDevices(c, pid); err != nil { - return nil, err - } - if err := raw.setupMemory(c, pid); err != nil { - return nil, err - } - if err := raw.setupCpu(c, pid); err != nil { - return nil, err - } - if err := raw.setupCpuset(c, pid); err != nil { - return nil, err - } - return raw, nil -} - -func (raw *rawCgroup) path(subsystem string) (string, error) { - initPath, err := GetInitCgroupDir(subsystem) - if err != nil { - return "", err - } - return filepath.Join(raw.root, subsystem, initPath, raw.cgroup), nil -} - -func (raw *rawCgroup) join(subsystem string, pid int) (string, error) { - path, err := raw.path(subsystem) - if err != nil { - return "", err - } - if err := os.MkdirAll(path, 0755); err != nil && !os.IsExist(err) { - return "", err - } - if err := writeFile(path, "cgroup.procs", strconv.Itoa(pid)); err != nil { - return "", err - } - return path, nil -} - -func (raw *rawCgroup) setupDevices(c *Cgroup, pid int) (err error) { - if !c.DeviceAccess { - dir, err := raw.join("devices", pid) - if err != nil { - return err - } - - defer func() { - if err != nil { - os.RemoveAll(dir) - } - }() - - if err := writeFile(dir, "devices.deny", "a"); err != nil { - return err - } - - allow := []string{ - // allow mknod for any device - "c *:* m", - "b *:* m", - - // /dev/null, zero, full - "c 1:3 rwm", - "c 1:5 rwm", - "c 1:7 rwm", - - // consoles - "c 5:1 rwm", - "c 5:0 rwm", - "c 4:0 rwm", - "c 4:1 rwm", - - // /dev/urandom,/dev/random - "c 1:9 rwm", - "c 1:8 rwm", - - // /dev/pts/ - pts namespaces are "coming soon" - "c 136:* rwm", - "c 5:2 rwm", - - // tuntap - "c 10:200 rwm", - } - - for _, val := range allow { - if err := writeFile(dir, "devices.allow", val); err != nil { - return err - } - } - } - return nil -} - -func (raw *rawCgroup) setupMemory(c *Cgroup, pid int) (err error) { - if c.Memory != 0 || c.MemorySwap != 0 { - dir, err := raw.join("memory", pid) - if err != nil { - return err - } - defer func() { - if err != nil { - os.RemoveAll(dir) - } - }() - - if c.Memory != 0 { - if err := writeFile(dir, "memory.limit_in_bytes", strconv.FormatInt(c.Memory, 10)); err != nil { - return err - } - if err := writeFile(dir, "memory.soft_limit_in_bytes", strconv.FormatInt(c.Memory, 10)); err != nil { - return err - } - } - // By default, MemorySwap is set to twice the size of RAM. - // If you want to omit MemorySwap, set it to `-1'. - if c.MemorySwap != -1 { - if err := writeFile(dir, "memory.memsw.limit_in_bytes", strconv.FormatInt(c.Memory*2, 10)); err != nil { - return err - } - } - } - return nil -} - -func (raw *rawCgroup) setupCpu(c *Cgroup, pid int) (err error) { - // We always want to join the cpu group, to allow fair cpu scheduling - // on a container basis - dir, err := raw.join("cpu", pid) - if err != nil { - return err - } - if c.CpuShares != 0 { - if err := writeFile(dir, "cpu.shares", strconv.FormatInt(c.CpuShares, 10)); err != nil { - return err - } - } - return nil -} - -func (raw *rawCgroup) setupCpuset(c *Cgroup, pid int) (err error) { - if c.CpusetCpus != "" { - dir, err := raw.join("cpuset", pid) - if err != nil { - return err - } - defer func() { - if err != nil { - os.RemoveAll(dir) - } - }() - - if err := writeFile(dir, "cpuset.cpus", c.CpusetCpus); err != nil { - return err - } - } - return nil -} - -func (raw *rawCgroup) Cleanup() error { - get := func(subsystem string) string { - path, _ := raw.path(subsystem) - return path - } - - for _, path := range []string{ - get("memory"), - get("devices"), - get("cpu"), - get("cpuset"), - } { - if path != "" { - os.RemoveAll(path) - } - } - return nil -} diff --git a/pkg/cgroups/apply_systemd.go b/pkg/cgroups/apply_systemd.go deleted file mode 100644 index c689d5753e..0000000000 --- a/pkg/cgroups/apply_systemd.go +++ /dev/null @@ -1,158 +0,0 @@ -// +build linux - -package cgroups - -import ( - "fmt" - systemd1 "github.com/coreos/go-systemd/dbus" - "github.com/dotcloud/docker/pkg/systemd" - "github.com/godbus/dbus" - "path/filepath" - "strings" - "sync" -) - -type systemdCgroup struct { -} - -var ( - connLock sync.Mutex - theConn *systemd1.Conn - hasStartTransientUnit bool -) - -func useSystemd() bool { - if !systemd.SdBooted() { - return false - } - - connLock.Lock() - defer connLock.Unlock() - - if theConn == nil { - var err error - theConn, err = systemd1.New() - if err != nil { - return false - } - - // Assume we have StartTransientUnit - hasStartTransientUnit = true - - // But if we get UnknownMethod error we don't - if _, err := theConn.StartTransientUnit("test.scope", "invalid"); err != nil { - if dbusError, ok := err.(dbus.Error); ok { - if dbusError.Name == "org.freedesktop.DBus.Error.UnknownMethod" { - hasStartTransientUnit = false - } - } - } - } - - return hasStartTransientUnit -} - -type DeviceAllow struct { - Node string - Permissions string -} - -func getIfaceForUnit(unitName string) string { - if strings.HasSuffix(unitName, ".scope") { - return "Scope" - } - if strings.HasSuffix(unitName, ".service") { - return "Service" - } - return "Unit" -} - -func systemdApply(c *Cgroup, pid int) (ActiveCgroup, error) { - unitName := c.Parent + "-" + c.Name + ".scope" - slice := "system.slice" - - var properties []systemd1.Property - - for _, v := range c.UnitProperties { - switch v[0] { - case "Slice": - slice = v[1] - default: - return nil, fmt.Errorf("Unknown unit propery %s", v[0]) - } - } - - properties = append(properties, - systemd1.Property{"Slice", dbus.MakeVariant(slice)}, - systemd1.Property{"Description", dbus.MakeVariant("docker container " + c.Name)}, - systemd1.Property{"PIDs", dbus.MakeVariant([]uint32{uint32(pid)})}) - - if !c.DeviceAccess { - properties = append(properties, - systemd1.Property{"DevicePolicy", dbus.MakeVariant("strict")}, - systemd1.Property{"DeviceAllow", dbus.MakeVariant([]DeviceAllow{ - {"/dev/null", "rwm"}, - {"/dev/zero", "rwm"}, - {"/dev/full", "rwm"}, - {"/dev/random", "rwm"}, - {"/dev/urandom", "rwm"}, - {"/dev/tty", "rwm"}, - {"/dev/console", "rwm"}, - {"/dev/tty0", "rwm"}, - {"/dev/tty1", "rwm"}, - {"/dev/pts/ptmx", "rwm"}, - // There is no way to add /dev/pts/* here atm, so we hack this manually below - // /dev/pts/* (how to add this?) - // Same with tuntap, which doesn't exist as a node most of the time - })}) - } - - if c.Memory != 0 { - properties = append(properties, - systemd1.Property{"MemoryLimit", dbus.MakeVariant(uint64(c.Memory))}) - } - // TODO: MemorySwap not available in systemd - - if c.CpuShares != 0 { - properties = append(properties, - systemd1.Property{"CPUShares", dbus.MakeVariant(uint64(c.CpuShares))}) - } - - if _, err := theConn.StartTransientUnit(unitName, "replace", properties...); err != nil { - return nil, err - } - - // To work around the lack of /dev/pts/* support above we need to manually add these - // so, ask systemd for the cgroup used - props, err := theConn.GetUnitTypeProperties(unitName, getIfaceForUnit(unitName)) - if err != nil { - return nil, err - } - - cgroup := props["ControlGroup"].(string) - - if !c.DeviceAccess { - mountpoint, err := FindCgroupMountpoint("devices") - if err != nil { - return nil, err - } - - path := filepath.Join(mountpoint, cgroup) - - // /dev/pts/* - if err := writeFile(path, "devices.allow", "c 136:* rwm"); err != nil { - return nil, err - } - // tuntap - if err := writeFile(path, "devices.allow", "c 10:200 rwm"); err != nil { - return nil, err - } - } - - return &systemdCgroup{}, nil -} - -func (c *systemdCgroup) Cleanup() error { - // systemd cleans up, we don't need to do anything - return nil -} diff --git a/pkg/cgroups/cgroups.go b/pkg/cgroups/cgroups.go index 5fe10346df..0f93320725 100644 --- a/pkg/cgroups/cgroups.go +++ b/pkg/cgroups/cgroups.go @@ -1,103 +1,30 @@ package cgroups import ( - "bufio" - "fmt" - "github.com/dotcloud/docker/pkg/mount" - "io" - "io/ioutil" - "os" - "path/filepath" - "strings" + "errors" +) + +var ( + ErrNotFound = errors.New("mountpoint not found") ) type Cgroup struct { Name string `json:"name,omitempty"` Parent string `json:"parent,omitempty"` - DeviceAccess bool `json:"device_access,omitempty"` // name of parent cgroup or slice - Memory int64 `json:"memory,omitempty"` // Memory limit (in bytes) - MemorySwap int64 `json:"memory_swap,omitempty"` // Total memory usage (memory + swap); set `-1' to disable swap - CpuShares int64 `json:"cpu_shares,omitempty"` // CPU shares (relative weight vs. other containers) - CpusetCpus string `json:"cpuset_cpus,omitempty"` // CPU to use + DeviceAccess bool `json:"device_access,omitempty"` // name of parent cgroup or slice + Memory int64 `json:"memory,omitempty"` // Memory limit (in bytes) + MemoryReservation int64 `json:"memory_reservation,omitempty"` // Memory reservation or soft_limit (in bytes) + MemorySwap int64 `json:"memory_swap,omitempty"` // Total memory usage (memory + swap); set `-1' to disable swap + CpuShares int64 `json:"cpu_shares,omitempty"` // CPU shares (relative weight vs. other containers) + CpuQuota int64 `json:"cpu_quota,omitempty"` // CPU hardcap limit (in usecs). Allowed cpu time in a given period. + CpuPeriod int64 `json:"cpu_period,omitempty"` // CPU period to be used for hardcapping (in usecs). 0 to use system default. + CpusetCpus string `json:"cpuset_cpus,omitempty"` // CPU to use + Freezer string `json:"freezer,omitempty"` // set the freeze value for the process - UnitProperties [][2]string `json:"unit_properties,omitempty"` // systemd unit properties + Slice string `json:"slice,omitempty"` // Parent slice to use for systemd } type ActiveCgroup interface { Cleanup() error } - -// https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt -func FindCgroupMountpoint(subsystem string) (string, error) { - mounts, err := mount.GetMounts() - if err != nil { - return "", err - } - - for _, mount := range mounts { - if mount.Fstype == "cgroup" { - for _, opt := range strings.Split(mount.VfsOpts, ",") { - if opt == subsystem { - return mount.Mountpoint, nil - } - } - } - } - return "", fmt.Errorf("cgroup mountpoint not found for %s", subsystem) -} - -// Returns the relative path to the cgroup docker is running in. -func GetThisCgroupDir(subsystem string) (string, error) { - f, err := os.Open("/proc/self/cgroup") - if err != nil { - return "", err - } - defer f.Close() - - return parseCgroupFile(subsystem, f) -} - -func GetInitCgroupDir(subsystem string) (string, error) { - f, err := os.Open("/proc/1/cgroup") - if err != nil { - return "", err - } - defer f.Close() - - return parseCgroupFile(subsystem, f) -} - -func parseCgroupFile(subsystem string, r io.Reader) (string, error) { - s := bufio.NewScanner(r) - for s.Scan() { - if err := s.Err(); err != nil { - return "", err - } - text := s.Text() - parts := strings.Split(text, ":") - for _, subs := range strings.Split(parts[1], ",") { - if subs == subsystem { - return parts[2], nil - } - } - } - return "", fmt.Errorf("cgroup '%s' not found in /proc/self/cgroup", subsystem) -} - -func writeFile(dir, file, data string) error { - return ioutil.WriteFile(filepath.Join(dir, file), []byte(data), 0700) -} - -func (c *Cgroup) Apply(pid int) (ActiveCgroup, error) { - // We have two implementation of cgroups support, one is based on - // systemd and the dbus api, and one is based on raw cgroup fs operations - // following the pre-single-writer model docs at: - // http://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups/ - - if useSystemd() { - return systemdApply(c, pid) - } else { - return rawApply(c, pid) - } -} diff --git a/pkg/cgroups/fs/apply_raw.go b/pkg/cgroups/fs/apply_raw.go new file mode 100644 index 0000000000..5f9fc826b3 --- /dev/null +++ b/pkg/cgroups/fs/apply_raw.go @@ -0,0 +1,147 @@ +package fs + +import ( + "fmt" + "io/ioutil" + "os" + "path/filepath" + "strconv" + + "github.com/dotcloud/docker/pkg/cgroups" +) + +var ( + subsystems = map[string]subsystem{ + "devices": &devicesGroup{}, + "memory": &memoryGroup{}, + "cpu": &cpuGroup{}, + "cpuset": &cpusetGroup{}, + "cpuacct": &cpuacctGroup{}, + "blkio": &blkioGroup{}, + "perf_event": &perfEventGroup{}, + "freezer": &freezerGroup{}, + } +) + +type subsystem interface { + Set(*data) error + Remove(*data) error + Stats(*data) (map[string]float64, error) +} + +type data struct { + root string + cgroup string + c *cgroups.Cgroup + pid int +} + +func Apply(c *cgroups.Cgroup, pid int) (cgroups.ActiveCgroup, error) { + // We have two implementation of cgroups support, one is based on + // systemd and the dbus api, and one is based on raw cgroup fs operations + // following the pre-single-writer model docs at: + // http://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups/ + // + // we can pick any subsystem to find the root + + cgroupRoot, err := cgroups.FindCgroupMountpoint("cpu") + if err != nil { + return nil, err + } + cgroupRoot = filepath.Dir(cgroupRoot) + + if _, err := os.Stat(cgroupRoot); err != nil { + return nil, fmt.Errorf("cgroups fs not found") + } + + cgroup := c.Name + if c.Parent != "" { + cgroup = filepath.Join(c.Parent, cgroup) + } + + d := &data{ + root: cgroupRoot, + cgroup: cgroup, + c: c, + pid: pid, + } + for _, sys := range subsystems { + if err := sys.Set(d); err != nil { + d.Cleanup() + return nil, err + } + } + return d, nil +} + +func GetStats(c *cgroups.Cgroup, subsystem string, pid int) (map[string]float64, error) { + cgroupRoot, err := cgroups.FindCgroupMountpoint("cpu") + if err != nil { + return nil, err + } + cgroupRoot = filepath.Dir(cgroupRoot) + + if _, err := os.Stat(cgroupRoot); err != nil { + return nil, fmt.Errorf("cgroups fs not found") + } + + cgroup := c.Name + if c.Parent != "" { + cgroup = filepath.Join(c.Parent, cgroup) + } + + d := &data{ + root: cgroupRoot, + cgroup: cgroup, + c: c, + pid: pid, + } + sys, exists := subsystems[subsystem] + if !exists { + return nil, fmt.Errorf("subsystem %s does not exist", subsystem) + } + return sys.Stats(d) +} + +func (raw *data) path(subsystem string) (string, error) { + initPath, err := cgroups.GetInitCgroupDir(subsystem) + if err != nil { + return "", err + } + return filepath.Join(raw.root, subsystem, initPath, raw.cgroup), nil +} + +func (raw *data) join(subsystem string) (string, error) { + path, err := raw.path(subsystem) + if err != nil { + return "", err + } + if err := os.MkdirAll(path, 0755); err != nil && !os.IsExist(err) { + return "", err + } + if err := writeFile(path, "cgroup.procs", strconv.Itoa(raw.pid)); err != nil { + return "", err + } + return path, nil +} + +func (raw *data) Cleanup() error { + for _, sys := range subsystems { + sys.Remove(raw) + } + return nil +} + +func writeFile(dir, file, data string) error { + return ioutil.WriteFile(filepath.Join(dir, file), []byte(data), 0700) +} + +func removePath(p string, err error) error { + if err != nil { + return err + } + if p != "" { + return os.RemoveAll(p) + } + return nil +} diff --git a/pkg/cgroups/fs/blkio.go b/pkg/cgroups/fs/blkio.go new file mode 100644 index 0000000000..79e14fa2dc --- /dev/null +++ b/pkg/cgroups/fs/blkio.go @@ -0,0 +1,121 @@ +package fs + +import ( + "bufio" + "fmt" + "io/ioutil" + "os" + "path/filepath" + "strconv" + "strings" + + "github.com/dotcloud/docker/pkg/cgroups" +) + +type blkioGroup struct { +} + +func (s *blkioGroup) Set(d *data) error { + // we just want to join this group even though we don't set anything + if _, err := d.join("blkio"); err != nil && err != cgroups.ErrNotFound { + return err + } + return nil +} + +func (s *blkioGroup) Remove(d *data) error { + return removePath(d.path("blkio")) +} + +/* +examples: + + blkio.sectors + 8:0 6792 + + blkio.io_service_bytes + 8:0 Read 1282048 + 8:0 Write 2195456 + 8:0 Sync 2195456 + 8:0 Async 1282048 + 8:0 Total 3477504 + Total 3477504 + + blkio.io_serviced + 8:0 Read 124 + 8:0 Write 104 + 8:0 Sync 104 + 8:0 Async 124 + 8:0 Total 228 + Total 228 + + blkio.io_queued + 8:0 Read 0 + 8:0 Write 0 + 8:0 Sync 0 + 8:0 Async 0 + 8:0 Total 0 + Total 0 +*/ +func (s *blkioGroup) Stats(d *data) (map[string]float64, error) { + var ( + paramData = make(map[string]float64) + params = []string{ + "io_service_bytes_recursive", + "io_serviced_recursive", + "io_queued_recursive", + } + ) + + path, err := d.path("blkio") + if err != nil { + return nil, err + } + + k, v, err := s.getSectors(path) + if err != nil { + return nil, err + } + paramData[fmt.Sprintf("blkio.sectors_recursive:%s", k)] = v + + for _, param := range params { + f, err := os.Open(filepath.Join(path, fmt.Sprintf("blkio.%s", param))) + if err != nil { + return nil, err + } + defer f.Close() + + sc := bufio.NewScanner(f) + for sc.Scan() { + // format: dev type amount + fields := strings.Fields(sc.Text()) + switch len(fields) { + case 3: + v, err := strconv.ParseFloat(fields[2], 64) + if err != nil { + return nil, err + } + paramData[fmt.Sprintf("%s:%s:%s", param, fields[0], fields[1])] = v + case 2: + // this is the total line, skip + default: + return nil, ErrNotValidFormat + } + } + } + return paramData, nil +} + +func (s *blkioGroup) getSectors(path string) (string, float64, error) { + f, err := os.Open(filepath.Join(path, "blkio.sectors_recursive")) + if err != nil { + return "", 0, err + } + defer f.Close() + + data, err := ioutil.ReadAll(f) + if err != nil { + return "", 0, err + } + return getCgroupParamKeyValue(string(data)) +} diff --git a/pkg/cgroups/fs/blkio_test.go b/pkg/cgroups/fs/blkio_test.go new file mode 100644 index 0000000000..5279ac437b --- /dev/null +++ b/pkg/cgroups/fs/blkio_test.go @@ -0,0 +1,169 @@ +package fs + +import ( + "testing" +) + +const ( + sectorsRecursiveContents = `8:0 1024` + serviceBytesRecursiveContents = `8:0 Read 100 +8:0 Write 400 +8:0 Sync 200 +8:0 Async 300 +8:0 Total 500 +Total 500` + servicedRecursiveContents = `8:0 Read 10 +8:0 Write 40 +8:0 Sync 20 +8:0 Async 30 +8:0 Total 50 +Total 50` + queuedRecursiveContents = `8:0 Read 1 +8:0 Write 4 +8:0 Sync 2 +8:0 Async 3 +8:0 Total 5 +Total 5` +) + +func TestBlkioStats(t *testing.T) { + helper := NewCgroupTestUtil("blkio", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + "blkio.io_service_bytes_recursive": serviceBytesRecursiveContents, + "blkio.io_serviced_recursive": servicedRecursiveContents, + "blkio.io_queued_recursive": queuedRecursiveContents, + "blkio.sectors_recursive": sectorsRecursiveContents, + }) + + blkio := &blkioGroup{} + stats, err := blkio.Stats(helper.CgroupData) + if err != nil { + t.Fatal(err) + } + + // Verify expected stats. + expectedStats := map[string]float64{ + "blkio.sectors_recursive:8:0": 1024.0, + + // Serviced bytes. + "io_service_bytes_recursive:8:0:Read": 100.0, + "io_service_bytes_recursive:8:0:Write": 400.0, + "io_service_bytes_recursive:8:0:Sync": 200.0, + "io_service_bytes_recursive:8:0:Async": 300.0, + "io_service_bytes_recursive:8:0:Total": 500.0, + + // Serviced requests. + "io_serviced_recursive:8:0:Read": 10.0, + "io_serviced_recursive:8:0:Write": 40.0, + "io_serviced_recursive:8:0:Sync": 20.0, + "io_serviced_recursive:8:0:Async": 30.0, + "io_serviced_recursive:8:0:Total": 50.0, + + // Queued requests. + "io_queued_recursive:8:0:Read": 1.0, + "io_queued_recursive:8:0:Write": 4.0, + "io_queued_recursive:8:0:Sync": 2.0, + "io_queued_recursive:8:0:Async": 3.0, + "io_queued_recursive:8:0:Total": 5.0, + } + expectStats(t, expectedStats, stats) +} + +func TestBlkioStatsNoSectorsFile(t *testing.T) { + helper := NewCgroupTestUtil("blkio", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + "blkio.io_service_bytes_recursive": serviceBytesRecursiveContents, + "blkio.io_serviced_recursive": servicedRecursiveContents, + "blkio.io_queued_recursive": queuedRecursiveContents, + }) + + blkio := &blkioGroup{} + _, err := blkio.Stats(helper.CgroupData) + if err == nil { + t.Fatal("Expected to fail, but did not") + } +} + +func TestBlkioStatsNoServiceBytesFile(t *testing.T) { + helper := NewCgroupTestUtil("blkio", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + "blkio.io_serviced_recursive": servicedRecursiveContents, + "blkio.io_queued_recursive": queuedRecursiveContents, + "blkio.sectors_recursive": sectorsRecursiveContents, + }) + + blkio := &blkioGroup{} + _, err := blkio.Stats(helper.CgroupData) + if err == nil { + t.Fatal("Expected to fail, but did not") + } +} + +func TestBlkioStatsNoServicedFile(t *testing.T) { + helper := NewCgroupTestUtil("blkio", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + "blkio.io_service_bytes_recursive": serviceBytesRecursiveContents, + "blkio.io_queued_recursive": queuedRecursiveContents, + "blkio.sectors_recursive": sectorsRecursiveContents, + }) + + blkio := &blkioGroup{} + _, err := blkio.Stats(helper.CgroupData) + if err == nil { + t.Fatal("Expected to fail, but did not") + } +} + +func TestBlkioStatsNoQueuedFile(t *testing.T) { + helper := NewCgroupTestUtil("blkio", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + "blkio.io_service_bytes_recursive": serviceBytesRecursiveContents, + "blkio.io_serviced_recursive": servicedRecursiveContents, + "blkio.sectors_recursive": sectorsRecursiveContents, + }) + + blkio := &blkioGroup{} + _, err := blkio.Stats(helper.CgroupData) + if err == nil { + t.Fatal("Expected to fail, but did not") + } +} + +func TestBlkioStatsUnexpectedNumberOfFields(t *testing.T) { + helper := NewCgroupTestUtil("blkio", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + "blkio.io_service_bytes_recursive": "8:0 Read 100 100", + "blkio.io_serviced_recursive": servicedRecursiveContents, + "blkio.io_queued_recursive": queuedRecursiveContents, + "blkio.sectors_recursive": sectorsRecursiveContents, + }) + + blkio := &blkioGroup{} + _, err := blkio.Stats(helper.CgroupData) + if err == nil { + t.Fatal("Expected to fail, but did not") + } +} + +func TestBlkioStatsUnexpectedFieldType(t *testing.T) { + helper := NewCgroupTestUtil("blkio", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + "blkio.io_service_bytes_recursive": "8:0 Read Write", + "blkio.io_serviced_recursive": servicedRecursiveContents, + "blkio.io_queued_recursive": queuedRecursiveContents, + "blkio.sectors_recursive": sectorsRecursiveContents, + }) + + blkio := &blkioGroup{} + _, err := blkio.Stats(helper.CgroupData) + if err == nil { + t.Fatal("Expected to fail, but did not") + } +} diff --git a/pkg/cgroups/fs/cpu.go b/pkg/cgroups/fs/cpu.go new file mode 100644 index 0000000000..6a7f66c72d --- /dev/null +++ b/pkg/cgroups/fs/cpu.go @@ -0,0 +1,64 @@ +package fs + +import ( + "bufio" + "os" + "path/filepath" + "strconv" +) + +type cpuGroup struct { +} + +func (s *cpuGroup) Set(d *data) error { + // We always want to join the cpu group, to allow fair cpu scheduling + // on a container basis + dir, err := d.join("cpu") + if err != nil { + return err + } + if d.c.CpuShares != 0 { + if err := writeFile(dir, "cpu.shares", strconv.FormatInt(d.c.CpuShares, 10)); err != nil { + return err + } + } + if d.c.CpuPeriod != 0 { + if err := writeFile(dir, "cpu.cfs_period_us", strconv.FormatInt(d.c.CpuPeriod, 10)); err != nil { + return err + } + } + if d.c.CpuQuota != 0 { + if err := writeFile(dir, "cpu.cfs_quota_us", strconv.FormatInt(d.c.CpuQuota, 10)); err != nil { + return err + } + } + return nil +} + +func (s *cpuGroup) Remove(d *data) error { + return removePath(d.path("cpu")) +} + +func (s *cpuGroup) Stats(d *data) (map[string]float64, error) { + paramData := make(map[string]float64) + path, err := d.path("cpu") + if err != nil { + return nil, err + } + + f, err := os.Open(filepath.Join(path, "cpu.stat")) + if err != nil { + return nil, err + } + defer f.Close() + + sc := bufio.NewScanner(f) + for sc.Scan() { + t, v, err := getCgroupParamKeyValue(sc.Text()) + if err != nil { + return nil, err + } + paramData[t] = v + } + return paramData, nil +} diff --git a/pkg/cgroups/fs/cpu_test.go b/pkg/cgroups/fs/cpu_test.go new file mode 100644 index 0000000000..698ae921d8 --- /dev/null +++ b/pkg/cgroups/fs/cpu_test.go @@ -0,0 +1,57 @@ +package fs + +import ( + "testing" +) + +func TestCpuStats(t *testing.T) { + helper := NewCgroupTestUtil("cpu", t) + defer helper.cleanup() + cpuStatContent := `nr_periods 2000 + nr_throttled 200 + throttled_time 42424242424` + helper.writeFileContents(map[string]string{ + "cpu.stat": cpuStatContent, + }) + + cpu := &cpuGroup{} + stats, err := cpu.Stats(helper.CgroupData) + if err != nil { + t.Fatal(err) + } + + expected_stats := map[string]float64{ + "nr_periods": 2000.0, + "nr_throttled": 200.0, + "throttled_time": 42424242424.0, + } + expectStats(t, expected_stats, stats) +} + +func TestNoCpuStatFile(t *testing.T) { + helper := NewCgroupTestUtil("cpu", t) + defer helper.cleanup() + + cpu := &cpuGroup{} + _, err := cpu.Stats(helper.CgroupData) + if err == nil { + t.Fatal("Expected to fail, but did not.") + } +} + +func TestInvalidCpuStat(t *testing.T) { + helper := NewCgroupTestUtil("cpu", t) + defer helper.cleanup() + cpuStatContent := `nr_periods 2000 + nr_throttled 200 + throttled_time fortytwo` + helper.writeFileContents(map[string]string{ + "cpu.stat": cpuStatContent, + }) + + cpu := &cpuGroup{} + _, err := cpu.Stats(helper.CgroupData) + if err == nil { + t.Fatal("Expected failed stat parsing.") + } +} diff --git a/pkg/cgroups/fs/cpuacct.go b/pkg/cgroups/fs/cpuacct.go new file mode 100644 index 0000000000..892b5ab6b1 --- /dev/null +++ b/pkg/cgroups/fs/cpuacct.go @@ -0,0 +1,143 @@ +package fs + +import ( + "bufio" + "fmt" + "os" + "path/filepath" + "runtime" + "strconv" + "strings" + "time" + + "github.com/dotcloud/docker/pkg/cgroups" + "github.com/dotcloud/docker/pkg/system" +) + +var ( + cpuCount = float64(runtime.NumCPU()) + clockTicks = float64(system.GetClockTicks()) +) + +type cpuacctGroup struct { +} + +func (s *cpuacctGroup) Set(d *data) error { + // we just want to join this group even though we don't set anything + if _, err := d.join("cpuacct"); err != nil && err != cgroups.ErrNotFound { + return err + } + return nil +} + +func (s *cpuacctGroup) Remove(d *data) error { + return removePath(d.path("cpuacct")) +} + +func (s *cpuacctGroup) Stats(d *data) (map[string]float64, error) { + var ( + startCpu, lastCpu, startSystem, lastSystem, startUsage, lastUsage float64 + percentage float64 + paramData = make(map[string]float64) + ) + path, err := d.path("cpuacct") + if startCpu, err = s.getCpuUsage(d, path); err != nil { + return nil, err + } + if startSystem, err = s.getSystemCpuUsage(d); err != nil { + return nil, err + } + startUsageTime := time.Now() + if startUsage, err = getCgroupParamFloat64(path, "cpuacct.usage"); err != nil { + return nil, err + } + // sample for 100ms + time.Sleep(100 * time.Millisecond) + if lastCpu, err = s.getCpuUsage(d, path); err != nil { + return nil, err + } + if lastSystem, err = s.getSystemCpuUsage(d); err != nil { + return nil, err + } + usageSampleDuration := time.Since(startUsageTime) + if lastUsage, err = getCgroupParamFloat64(path, "cpuacct.usage"); err != nil { + return nil, err + } + + var ( + deltaProc = lastCpu - startCpu + deltaSystem = lastSystem - startSystem + deltaUsage = lastUsage - startUsage + ) + if deltaSystem > 0.0 { + percentage = ((deltaProc / deltaSystem) * clockTicks) * cpuCount + } + // NOTE: a percentage over 100% is valid for POSIX because that means the + // processes is using multiple cores + paramData["percentage"] = percentage + + // Delta usage is in nanoseconds of CPU time so get the usage (in cores) over the sample time. + paramData["usage"] = deltaUsage / float64(usageSampleDuration.Nanoseconds()) + return paramData, nil +} + +func (s *cpuacctGroup) getProcStarttime(d *data) (float64, error) { + rawStart, err := system.GetProcessStartTime(d.pid) + if err != nil { + return 0, err + } + return strconv.ParseFloat(rawStart, 64) +} + +func (s *cpuacctGroup) getSystemCpuUsage(d *data) (float64, error) { + + f, err := os.Open("/proc/stat") + if err != nil { + return 0, err + } + defer f.Close() + + sc := bufio.NewScanner(f) + for sc.Scan() { + parts := strings.Fields(sc.Text()) + switch parts[0] { + case "cpu": + if len(parts) < 8 { + return 0, fmt.Errorf("invalid number of cpu fields") + } + + var total float64 + for _, i := range parts[1:8] { + v, err := strconv.ParseFloat(i, 64) + if err != nil { + return 0.0, fmt.Errorf("Unable to convert value %s to float: %s", i, err) + } + total += v + } + return total, nil + default: + continue + } + } + return 0, fmt.Errorf("invalid stat format") +} + +func (s *cpuacctGroup) getCpuUsage(d *data, path string) (float64, error) { + cpuTotal := 0.0 + f, err := os.Open(filepath.Join(path, "cpuacct.stat")) + if err != nil { + return 0.0, err + } + defer f.Close() + + sc := bufio.NewScanner(f) + for sc.Scan() { + _, v, err := getCgroupParamKeyValue(sc.Text()) + if err != nil { + return 0.0, err + } + // set the raw data in map + cpuTotal += v + } + return cpuTotal, nil +} diff --git a/pkg/cgroups/fs/cpuset.go b/pkg/cgroups/fs/cpuset.go new file mode 100644 index 0000000000..8a13c56cea --- /dev/null +++ b/pkg/cgroups/fs/cpuset.go @@ -0,0 +1,36 @@ +package fs + +import ( + "os" +) + +type cpusetGroup struct { +} + +func (s *cpusetGroup) Set(d *data) error { + // we don't want to join this cgroup unless it is specified + if d.c.CpusetCpus != "" { + dir, err := d.join("cpuset") + if err != nil && d.c.CpusetCpus != "" { + return err + } + defer func() { + if err != nil { + os.RemoveAll(dir) + } + }() + + if err := writeFile(dir, "cpuset.cpus", d.c.CpusetCpus); err != nil { + return err + } + } + return nil +} + +func (s *cpusetGroup) Remove(d *data) error { + return removePath(d.path("cpuset")) +} + +func (s *cpusetGroup) Stats(d *data) (map[string]float64, error) { + return nil, ErrNotSupportStat +} diff --git a/pkg/cgroups/fs/devices.go b/pkg/cgroups/fs/devices.go new file mode 100644 index 0000000000..a2f91eda14 --- /dev/null +++ b/pkg/cgroups/fs/devices.go @@ -0,0 +1,69 @@ +package fs + +import ( + "os" +) + +type devicesGroup struct { +} + +func (s *devicesGroup) Set(d *data) error { + dir, err := d.join("devices") + if err != nil { + return err + } + defer func() { + if err != nil { + os.RemoveAll(dir) + } + }() + + if !d.c.DeviceAccess { + if err := writeFile(dir, "devices.deny", "a"); err != nil { + return err + } + + allow := []string{ + // allow mknod for any device + "c *:* m", + "b *:* m", + + // /dev/null, zero, full + "c 1:3 rwm", + "c 1:5 rwm", + "c 1:7 rwm", + + // consoles + "c 5:1 rwm", + "c 5:0 rwm", + "c 4:0 rwm", + "c 4:1 rwm", + + // /dev/urandom,/dev/random + "c 1:9 rwm", + "c 1:8 rwm", + + // /dev/pts/ - pts namespaces are "coming soon" + "c 136:* rwm", + "c 5:2 rwm", + + // tuntap + "c 10:200 rwm", + } + + for _, val := range allow { + if err := writeFile(dir, "devices.allow", val); err != nil { + return err + } + } + } + return nil +} + +func (s *devicesGroup) Remove(d *data) error { + return removePath(d.path("devices")) +} + +func (s *devicesGroup) Stats(d *data) (map[string]float64, error) { + return nil, ErrNotSupportStat +} diff --git a/pkg/cgroups/fs/freezer.go b/pkg/cgroups/fs/freezer.go new file mode 100644 index 0000000000..70cfcdde72 --- /dev/null +++ b/pkg/cgroups/fs/freezer.go @@ -0,0 +1,72 @@ +package fs + +import ( + "fmt" + "io/ioutil" + "os" + "path/filepath" + "strconv" + "strings" + + "github.com/dotcloud/docker/pkg/cgroups" +) + +type freezerGroup struct { +} + +func (s *freezerGroup) Set(d *data) error { + dir, err := d.join("freezer") + if err != nil { + if err != cgroups.ErrNotFound { + return err + } + return nil + } + + if d.c.Freezer != "" { + if err := writeFile(dir, "freezer.state", d.c.Freezer); err != nil { + return err + } + } + return nil +} + +func (s *freezerGroup) Remove(d *data) error { + return removePath(d.path("freezer")) +} + +func (s *freezerGroup) Stats(d *data) (map[string]float64, error) { + var ( + paramData = make(map[string]float64) + params = []string{ + "parent_freezing", + "self_freezing", + // comment out right now because this is string "state", + } + ) + + path, err := d.path("freezer") + if err != nil { + return nil, err + } + + for _, param := range params { + f, err := os.Open(filepath.Join(path, fmt.Sprintf("freezer.%s", param))) + if err != nil { + return nil, err + } + defer f.Close() + + data, err := ioutil.ReadAll(f) + if err != nil { + return nil, err + } + + v, err := strconv.ParseFloat(strings.TrimSuffix(string(data), "\n"), 64) + if err != nil { + return nil, err + } + paramData[param] = v + } + return paramData, nil +} diff --git a/pkg/cgroups/fs/memory.go b/pkg/cgroups/fs/memory.go new file mode 100644 index 0000000000..837640c088 --- /dev/null +++ b/pkg/cgroups/fs/memory.go @@ -0,0 +1,90 @@ +package fs + +import ( + "bufio" + "fmt" + "os" + "path/filepath" + "strconv" +) + +type memoryGroup struct { +} + +func (s *memoryGroup) Set(d *data) error { + dir, err := d.join("memory") + // only return an error for memory if it was not specified + if err != nil && (d.c.Memory != 0 || d.c.MemoryReservation != 0 || d.c.MemorySwap != 0) { + return err + } + defer func() { + if err != nil { + os.RemoveAll(dir) + } + }() + + // Only set values if some config was specified. + if d.c.Memory != 0 || d.c.MemoryReservation != 0 || d.c.MemorySwap != 0 { + if d.c.Memory != 0 { + if err := writeFile(dir, "memory.limit_in_bytes", strconv.FormatInt(d.c.Memory, 10)); err != nil { + return err + } + } + if d.c.MemoryReservation != 0 { + if err := writeFile(dir, "memory.soft_limit_in_bytes", strconv.FormatInt(d.c.MemoryReservation, 10)); err != nil { + return err + } + } + // By default, MemorySwap is set to twice the size of RAM. + // If you want to omit MemorySwap, set it to `-1'. + if d.c.MemorySwap != -1 { + if err := writeFile(dir, "memory.memsw.limit_in_bytes", strconv.FormatInt(d.c.Memory*2, 10)); err != nil { + return err + } + } + } + return nil +} + +func (s *memoryGroup) Remove(d *data) error { + return removePath(d.path("memory")) +} + +func (s *memoryGroup) Stats(d *data) (map[string]float64, error) { + paramData := make(map[string]float64) + path, err := d.path("memory") + if err != nil { + return nil, err + } + + // Set stats from memory.stat. + statsFile, err := os.Open(filepath.Join(path, "memory.stat")) + if err != nil { + return nil, err + } + defer statsFile.Close() + + sc := bufio.NewScanner(statsFile) + for sc.Scan() { + t, v, err := getCgroupParamKeyValue(sc.Text()) + if err != nil { + return nil, err + } + paramData[t] = v + } + + // Set memory usage and max historical usage. + params := []string{ + "usage_in_bytes", + "max_usage_in_bytes", + } + for _, param := range params { + value, err := getCgroupParamFloat64(path, fmt.Sprintf("memory.%s", param)) + if err != nil { + return nil, err + } + paramData[param] = value + } + + return paramData, nil +} diff --git a/pkg/cgroups/fs/memory_test.go b/pkg/cgroups/fs/memory_test.go new file mode 100644 index 0000000000..6c1fb735e9 --- /dev/null +++ b/pkg/cgroups/fs/memory_test.go @@ -0,0 +1,123 @@ +package fs + +import ( + "testing" +) + +const ( + memoryStatContents = `cache 512 +rss 1024` + memoryUsageContents = "2048\n" + memoryMaxUsageContents = "4096\n" +) + +func TestMemoryStats(t *testing.T) { + helper := NewCgroupTestUtil("memory", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + "memory.stat": memoryStatContents, + "memory.usage_in_bytes": memoryUsageContents, + "memory.max_usage_in_bytes": memoryMaxUsageContents, + }) + + memory := &memoryGroup{} + stats, err := memory.Stats(helper.CgroupData) + if err != nil { + t.Fatal(err) + } + expectedStats := map[string]float64{"cache": 512.0, "rss": 1024.0, "usage_in_bytes": 2048.0, "max_usage_in_bytes": 4096.0} + expectStats(t, expectedStats, stats) +} + +func TestMemoryStatsNoStatFile(t *testing.T) { + helper := NewCgroupTestUtil("memory", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + "memory.usage_in_bytes": memoryUsageContents, + "memory.max_usage_in_bytes": memoryMaxUsageContents, + }) + + memory := &memoryGroup{} + _, err := memory.Stats(helper.CgroupData) + if err == nil { + t.Fatal("Expected failure") + } +} + +func TestMemoryStatsNoUsageFile(t *testing.T) { + helper := NewCgroupTestUtil("memory", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + "memory.stat": memoryStatContents, + "memory.max_usage_in_bytes": memoryMaxUsageContents, + }) + + memory := &memoryGroup{} + _, err := memory.Stats(helper.CgroupData) + if err == nil { + t.Fatal("Expected failure") + } +} + +func TestMemoryStatsNoMaxUsageFile(t *testing.T) { + helper := NewCgroupTestUtil("memory", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + "memory.stat": memoryStatContents, + "memory.usage_in_bytes": memoryUsageContents, + }) + + memory := &memoryGroup{} + _, err := memory.Stats(helper.CgroupData) + if err == nil { + t.Fatal("Expected failure") + } +} + +func TestMemoryStatsBadStatFile(t *testing.T) { + helper := NewCgroupTestUtil("memory", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + "memory.stat": "rss rss", + "memory.usage_in_bytes": memoryUsageContents, + "memory.max_usage_in_bytes": memoryMaxUsageContents, + }) + + memory := &memoryGroup{} + _, err := memory.Stats(helper.CgroupData) + if err == nil { + t.Fatal("Expected failure") + } +} + +func TestMemoryStatsBadUsageFile(t *testing.T) { + helper := NewCgroupTestUtil("memory", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + "memory.stat": memoryStatContents, + "memory.usage_in_bytes": "bad", + "memory.max_usage_in_bytes": memoryMaxUsageContents, + }) + + memory := &memoryGroup{} + _, err := memory.Stats(helper.CgroupData) + if err == nil { + t.Fatal("Expected failure") + } +} + +func TestMemoryStatsBadMaxUsageFile(t *testing.T) { + helper := NewCgroupTestUtil("memory", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + "memory.stat": memoryStatContents, + "memory.usage_in_bytes": memoryUsageContents, + "memory.max_usage_in_bytes": "bad", + }) + + memory := &memoryGroup{} + _, err := memory.Stats(helper.CgroupData) + if err == nil { + t.Fatal("Expected failure") + } +} diff --git a/pkg/cgroups/fs/perf_event.go b/pkg/cgroups/fs/perf_event.go new file mode 100644 index 0000000000..789b3e59ad --- /dev/null +++ b/pkg/cgroups/fs/perf_event.go @@ -0,0 +1,24 @@ +package fs + +import ( + "github.com/dotcloud/docker/pkg/cgroups" +) + +type perfEventGroup struct { +} + +func (s *perfEventGroup) Set(d *data) error { + // we just want to join this group even though we don't set anything + if _, err := d.join("perf_event"); err != nil && err != cgroups.ErrNotFound { + return err + } + return nil +} + +func (s *perfEventGroup) Remove(d *data) error { + return removePath(d.path("perf_event")) +} + +func (s *perfEventGroup) Stats(d *data) (map[string]float64, error) { + return nil, ErrNotSupportStat +} diff --git a/pkg/cgroups/fs/test_util.go b/pkg/cgroups/fs/test_util.go new file mode 100644 index 0000000000..11b90b21d6 --- /dev/null +++ b/pkg/cgroups/fs/test_util.go @@ -0,0 +1,75 @@ +/* +Utility for testing cgroup operations. + +Creates a mock of the cgroup filesystem for the duration of the test. +*/ +package fs + +import ( + "fmt" + "io/ioutil" + "log" + "os" + "testing" +) + +type cgroupTestUtil struct { + // data to use in tests. + CgroupData *data + + // Path to the mock cgroup directory. + CgroupPath string + + // Temporary directory to store mock cgroup filesystem. + tempDir string + t *testing.T +} + +// Creates a new test util for the specified subsystem +func NewCgroupTestUtil(subsystem string, t *testing.T) *cgroupTestUtil { + d := &data{} + tempDir, err := ioutil.TempDir("", fmt.Sprintf("%s_cgroup_test", subsystem)) + if err != nil { + t.Fatal(err) + } + d.root = tempDir + testCgroupPath, err := d.path(subsystem) + if err != nil { + t.Fatal(err) + } + + // Ensure the full mock cgroup path exists. + err = os.MkdirAll(testCgroupPath, 0755) + if err != nil { + t.Fatal(err) + } + return &cgroupTestUtil{CgroupData: d, CgroupPath: testCgroupPath, tempDir: tempDir, t: t} +} + +func (c *cgroupTestUtil) cleanup() { + os.RemoveAll(c.tempDir) +} + +// Write the specified contents on the mock of the specified cgroup files. +func (c *cgroupTestUtil) writeFileContents(fileContents map[string]string) { + for file, contents := range fileContents { + err := writeFile(c.CgroupPath, file, contents) + if err != nil { + c.t.Fatal(err) + } + } +} + +// Expect the specified stats. +func expectStats(t *testing.T, expected, actual map[string]float64) { + for stat, expectedValue := range expected { + actualValue, ok := actual[stat] + if !ok { + log.Printf("Expected stat %s to exist: %s", stat, actual) + t.Fail() + } else if actualValue != expectedValue { + log.Printf("Expected stats %s to have value %f but had %f instead", stat, expectedValue, actualValue) + t.Fail() + } + } +} diff --git a/pkg/cgroups/fs/utils.go b/pkg/cgroups/fs/utils.go new file mode 100644 index 0000000000..8be65c97ea --- /dev/null +++ b/pkg/cgroups/fs/utils.go @@ -0,0 +1,40 @@ +package fs + +import ( + "errors" + "fmt" + "io/ioutil" + "path/filepath" + "strconv" + "strings" +) + +var ( + ErrNotSupportStat = errors.New("stats are not supported for subsystem") + ErrNotValidFormat = errors.New("line is not a valid key value format") +) + +// Parses a cgroup param and returns as name, value +// i.e. "io_service_bytes 1234" will return as io_service_bytes, 1234 +func getCgroupParamKeyValue(t string) (string, float64, error) { + parts := strings.Fields(t) + switch len(parts) { + case 2: + value, err := strconv.ParseFloat(parts[1], 64) + if err != nil { + return "", 0.0, fmt.Errorf("Unable to convert param value to float: %s", err) + } + return parts[0], value, nil + default: + return "", 0.0, ErrNotValidFormat + } +} + +// Gets a single float64 value from the specified cgroup file. +func getCgroupParamFloat64(cgroupPath, cgroupFile string) (float64, error) { + contents, err := ioutil.ReadFile(filepath.Join(cgroupPath, cgroupFile)) + if err != nil { + return -1.0, err + } + return strconv.ParseFloat(strings.TrimSpace(string(contents)), 64) +} diff --git a/pkg/cgroups/fs/utils_test.go b/pkg/cgroups/fs/utils_test.go new file mode 100644 index 0000000000..c8f1b0172b --- /dev/null +++ b/pkg/cgroups/fs/utils_test.go @@ -0,0 +1,68 @@ +package fs + +import ( + "io/ioutil" + "os" + "path/filepath" + "testing" +) + +const ( + cgroupFile = "cgroup.file" + floatValue = 2048.0 + floatString = "2048" +) + +func TestGetCgroupParamsFloat64(t *testing.T) { + // Setup tempdir. + tempDir, err := ioutil.TempDir("", "cgroup_utils_test") + if err != nil { + t.Fatal(err) + } + defer os.RemoveAll(tempDir) + tempFile := filepath.Join(tempDir, cgroupFile) + + // Success. + err = ioutil.WriteFile(tempFile, []byte(floatString), 0755) + if err != nil { + t.Fatal(err) + } + value, err := getCgroupParamFloat64(tempDir, cgroupFile) + if err != nil { + t.Fatal(err) + } else if value != floatValue { + t.Fatalf("Expected %f to equal %f", value, floatValue) + } + + // Success with new line. + err = ioutil.WriteFile(tempFile, []byte(floatString+"\n"), 0755) + if err != nil { + t.Fatal(err) + } + value, err = getCgroupParamFloat64(tempDir, cgroupFile) + if err != nil { + t.Fatal(err) + } else if value != floatValue { + t.Fatalf("Expected %f to equal %f", value, floatValue) + } + + // Not a float. + err = ioutil.WriteFile(tempFile, []byte("not-a-float"), 0755) + if err != nil { + t.Fatal(err) + } + _, err = getCgroupParamFloat64(tempDir, cgroupFile) + if err == nil { + t.Fatal("Expecting error, got none") + } + + // Unknown file. + err = os.Remove(tempFile) + if err != nil { + t.Fatal(err) + } + _, err = getCgroupParamFloat64(tempDir, cgroupFile) + if err == nil { + t.Fatal("Expecting error, got none") + } +} diff --git a/pkg/cgroups/systemd/apply_nosystemd.go b/pkg/cgroups/systemd/apply_nosystemd.go new file mode 100644 index 0000000000..4faa749745 --- /dev/null +++ b/pkg/cgroups/systemd/apply_nosystemd.go @@ -0,0 +1,16 @@ +// +build !linux + +package systemd + +import ( + "fmt" + "github.com/dotcloud/docker/pkg/cgroups" +) + +func UseSystemd() bool { + return false +} + +func Apply(c *Cgroup, pid int) (cgroups.ActiveCgroup, error) { + return nil, fmt.Errorf("Systemd not supported") +} diff --git a/pkg/cgroups/systemd/apply_systemd.go b/pkg/cgroups/systemd/apply_systemd.go new file mode 100644 index 0000000000..c4b0937b63 --- /dev/null +++ b/pkg/cgroups/systemd/apply_systemd.go @@ -0,0 +1,296 @@ +// +build linux + +package systemd + +import ( + "io/ioutil" + "os" + "path/filepath" + "strconv" + "strings" + "sync" + + systemd1 "github.com/coreos/go-systemd/dbus" + "github.com/dotcloud/docker/pkg/cgroups" + "github.com/dotcloud/docker/pkg/systemd" + "github.com/godbus/dbus" +) + +type systemdCgroup struct { + cleanupDirs []string +} + +type DeviceAllow struct { + Node string + Permissions string +} + +var ( + connLock sync.Mutex + theConn *systemd1.Conn + hasStartTransientUnit bool +) + +func UseSystemd() bool { + if !systemd.SdBooted() { + return false + } + + connLock.Lock() + defer connLock.Unlock() + + if theConn == nil { + var err error + theConn, err = systemd1.New() + if err != nil { + return false + } + + // Assume we have StartTransientUnit + hasStartTransientUnit = true + + // But if we get UnknownMethod error we don't + if _, err := theConn.StartTransientUnit("test.scope", "invalid"); err != nil { + if dbusError, ok := err.(dbus.Error); ok { + if dbusError.Name == "org.freedesktop.DBus.Error.UnknownMethod" { + hasStartTransientUnit = false + } + } + } + } + return hasStartTransientUnit +} + +func getIfaceForUnit(unitName string) string { + if strings.HasSuffix(unitName, ".scope") { + return "Scope" + } + if strings.HasSuffix(unitName, ".service") { + return "Service" + } + return "Unit" +} + +type cgroupArg struct { + File string + Value string +} + +func Apply(c *cgroups.Cgroup, pid int) (cgroups.ActiveCgroup, error) { + var ( + unitName = c.Parent + "-" + c.Name + ".scope" + slice = "system.slice" + properties []systemd1.Property + cpuArgs []cgroupArg + cpusetArgs []cgroupArg + memoryArgs []cgroupArg + res systemdCgroup + ) + + // First set up things not supported by systemd + + // -1 disables memorySwap + if c.MemorySwap >= 0 && (c.Memory != 0 || c.MemorySwap > 0) { + memorySwap := c.MemorySwap + + if memorySwap == 0 { + // By default, MemorySwap is set to twice the size of RAM. + memorySwap = c.Memory * 2 + } + + memoryArgs = append(memoryArgs, cgroupArg{"memory.memsw.limit_in_bytes", strconv.FormatInt(memorySwap, 10)}) + } + + if c.CpusetCpus != "" { + cpusetArgs = append(cpusetArgs, cgroupArg{"cpuset.cpus", c.CpusetCpus}) + } + + if c.Slice != "" { + slice = c.Slice + } + + properties = append(properties, + systemd1.Property{"Slice", dbus.MakeVariant(slice)}, + systemd1.Property{"Description", dbus.MakeVariant("docker container " + c.Name)}, + systemd1.Property{"PIDs", dbus.MakeVariant([]uint32{uint32(pid)})}, + ) + + if !c.DeviceAccess { + properties = append(properties, + systemd1.Property{"DevicePolicy", dbus.MakeVariant("strict")}, + systemd1.Property{"DeviceAllow", dbus.MakeVariant([]DeviceAllow{ + {"/dev/null", "rwm"}, + {"/dev/zero", "rwm"}, + {"/dev/full", "rwm"}, + {"/dev/random", "rwm"}, + {"/dev/urandom", "rwm"}, + {"/dev/tty", "rwm"}, + {"/dev/console", "rwm"}, + {"/dev/tty0", "rwm"}, + {"/dev/tty1", "rwm"}, + {"/dev/pts/ptmx", "rwm"}, + // There is no way to add /dev/pts/* here atm, so we hack this manually below + // /dev/pts/* (how to add this?) + // Same with tuntap, which doesn't exist as a node most of the time + })}) + } + + // Always enable accounting, this gets us the same behaviour as the fs implementation, + // plus the kernel has some problems with joining the memory cgroup at a later time. + properties = append(properties, + systemd1.Property{"MemoryAccounting", dbus.MakeVariant(true)}, + systemd1.Property{"CPUAccounting", dbus.MakeVariant(true)}, + systemd1.Property{"BlockIOAccounting", dbus.MakeVariant(true)}) + + if c.Memory != 0 { + properties = append(properties, + systemd1.Property{"MemoryLimit", dbus.MakeVariant(uint64(c.Memory))}) + } + // TODO: MemoryReservation and MemorySwap not available in systemd + + if c.CpuShares != 0 { + properties = append(properties, + systemd1.Property{"CPUShares", dbus.MakeVariant(uint64(c.CpuShares))}) + } + + if _, err := theConn.StartTransientUnit(unitName, "replace", properties...); err != nil { + return nil, err + } + + // To work around the lack of /dev/pts/* support above we need to manually add these + // so, ask systemd for the cgroup used + props, err := theConn.GetUnitTypeProperties(unitName, getIfaceForUnit(unitName)) + if err != nil { + return nil, err + } + + cgroup := props["ControlGroup"].(string) + + if !c.DeviceAccess { + mountpoint, err := cgroups.FindCgroupMountpoint("devices") + if err != nil { + return nil, err + } + + path := filepath.Join(mountpoint, cgroup) + + // /dev/pts/* + if err := ioutil.WriteFile(filepath.Join(path, "devices.allow"), []byte("c 136:* rwm"), 0700); err != nil { + return nil, err + } + // tuntap + if err := ioutil.WriteFile(filepath.Join(path, "devices.allow"), []byte("c 10:200 rwm"), 0700); err != nil { + return nil, err + } + } + + if len(cpuArgs) != 0 { + mountpoint, err := cgroups.FindCgroupMountpoint("cpu") + if err != nil { + return nil, err + } + + path := filepath.Join(mountpoint, cgroup) + + for _, arg := range cpuArgs { + if err := ioutil.WriteFile(filepath.Join(path, arg.File), []byte(arg.Value), 0700); err != nil { + return nil, err + } + } + } + + if len(memoryArgs) != 0 { + mountpoint, err := cgroups.FindCgroupMountpoint("memory") + if err != nil { + return nil, err + } + + path := filepath.Join(mountpoint, cgroup) + + for _, arg := range memoryArgs { + if err := ioutil.WriteFile(filepath.Join(path, arg.File), []byte(arg.Value), 0700); err != nil { + return nil, err + } + } + } + + if len(cpusetArgs) != 0 { + // systemd does not atm set up the cpuset controller, so we must manually + // join it. Additionally that is a very finicky controller where each + // level must have a full setup as the default for a new directory is "no cpus", + // so we avoid using any hierarchies here, creating a toplevel directory. + mountpoint, err := cgroups.FindCgroupMountpoint("cpuset") + if err != nil { + return nil, err + } + initPath, err := cgroups.GetInitCgroupDir("cpuset") + if err != nil { + return nil, err + } + + rootPath := filepath.Join(mountpoint, initPath) + + path := filepath.Join(mountpoint, initPath, c.Parent+"-"+c.Name) + + res.cleanupDirs = append(res.cleanupDirs, path) + + if err := os.MkdirAll(path, 0755); err != nil && !os.IsExist(err) { + return nil, err + } + + foundCpus := false + foundMems := false + + for _, arg := range cpusetArgs { + if arg.File == "cpuset.cpus" { + foundCpus = true + } + if arg.File == "cpuset.mems" { + foundMems = true + } + if err := ioutil.WriteFile(filepath.Join(path, arg.File), []byte(arg.Value), 0700); err != nil { + return nil, err + } + } + + // These are required, if not specified inherit from parent + if !foundCpus { + s, err := ioutil.ReadFile(filepath.Join(rootPath, "cpuset.cpus")) + if err != nil { + return nil, err + } + + if err := ioutil.WriteFile(filepath.Join(path, "cpuset.cpus"), s, 0700); err != nil { + return nil, err + } + } + + // These are required, if not specified inherit from parent + if !foundMems { + s, err := ioutil.ReadFile(filepath.Join(rootPath, "cpuset.mems")) + if err != nil { + return nil, err + } + + if err := ioutil.WriteFile(filepath.Join(path, "cpuset.mems"), s, 0700); err != nil { + return nil, err + } + } + + if err := ioutil.WriteFile(filepath.Join(path, "cgroup.procs"), []byte(strconv.Itoa(pid)), 0700); err != nil { + return nil, err + } + } + + return &res, nil +} + +func (c *systemdCgroup) Cleanup() error { + // systemd cleans up, we don't need to do much + + for _, path := range c.cleanupDirs { + os.RemoveAll(path) + } + + return nil +} diff --git a/pkg/cgroups/utils.go b/pkg/cgroups/utils.go new file mode 100644 index 0000000000..02a7f357f6 --- /dev/null +++ b/pkg/cgroups/utils.go @@ -0,0 +1,67 @@ +package cgroups + +import ( + "bufio" + "io" + "os" + "strings" + + "github.com/dotcloud/docker/pkg/mount" +) + +// https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt +func FindCgroupMountpoint(subsystem string) (string, error) { + mounts, err := mount.GetMounts() + if err != nil { + return "", err + } + + for _, mount := range mounts { + if mount.Fstype == "cgroup" { + for _, opt := range strings.Split(mount.VfsOpts, ",") { + if opt == subsystem { + return mount.Mountpoint, nil + } + } + } + } + return "", ErrNotFound +} + +// Returns the relative path to the cgroup docker is running in. +func GetThisCgroupDir(subsystem string) (string, error) { + f, err := os.Open("/proc/self/cgroup") + if err != nil { + return "", err + } + defer f.Close() + + return parseCgroupFile(subsystem, f) +} + +func GetInitCgroupDir(subsystem string) (string, error) { + f, err := os.Open("/proc/1/cgroup") + if err != nil { + return "", err + } + defer f.Close() + + return parseCgroupFile(subsystem, f) +} + +func parseCgroupFile(subsystem string, r io.Reader) (string, error) { + s := bufio.NewScanner(r) + for s.Scan() { + if err := s.Err(); err != nil { + return "", err + } + text := s.Text() + parts := strings.Split(text, ":") + for _, subs := range strings.Split(parts[1], ",") { + if subs == subsystem { + return parts[2], nil + } + } + } + return "", ErrNotFound +} diff --git a/pkg/dockerscript/MAINTAINERS b/pkg/dockerscript/MAINTAINERS new file mode 100644 index 0000000000..aee10c8421 --- /dev/null +++ b/pkg/dockerscript/MAINTAINERS @@ -0,0 +1 @@ +Solomon Hykes (@shykes) diff --git a/pkg/dockerscript/dockerscript.go b/pkg/dockerscript/dockerscript.go new file mode 100644 index 0000000000..e7ec5d1286 --- /dev/null +++ b/pkg/dockerscript/dockerscript.go @@ -0,0 +1,121 @@ +package dockerscript + +import ( + "fmt" + "github.com/dotcloud/docker/pkg/dockerscript/scanner" + "io" + "strings" +) + +type Command struct { + Args []string + Children []*Command + Background bool +} + +type Scanner struct { + scanner.Scanner + commentLine bool +} + +func Parse(src io.Reader) ([]*Command, error) { + s := &Scanner{} + s.Init(src) + s.Whitespace = 1<<'\t' | 1<<' ' + s.Mode = scanner.ScanStrings | scanner.ScanRawStrings | scanner.ScanIdents + expr, err := parse(s, "") + if err != nil { + return nil, fmt.Errorf("line %d:%d: %v\n", s.Pos().Line, s.Pos().Column, err) + } + return expr, nil +} + +func (cmd *Command) subString(depth int) string { + var prefix string + for i := 0; i < depth; i++ { + prefix += " " + } + s := prefix + strings.Join(cmd.Args, ", ") + if len(cmd.Children) > 0 { + s += " {\n" + for _, subcmd := range cmd.Children { + s += subcmd.subString(depth + 1) + } + s += prefix + "}" + } + s += "\n" + return s +} + +func (cmd *Command) String() string { + return cmd.subString(0) +} + +func parseArgs(s *Scanner) ([]string, rune, error) { + var parseError error + // FIXME: we overwrite previously set error + s.Error = func(s *scanner.Scanner, msg string) { + parseError = fmt.Errorf(msg) + // parseError = fmt.Errorf("line %d:%d: %s\n", s.Pos().Line, s.Pos().Column, msg) + } + var args []string + tok := s.Scan() + for tok != scanner.EOF { + if parseError != nil { + return args, tok, parseError + } + text := s.TokenText() + // Toggle line comment + if strings.HasPrefix(text, "#") { + s.commentLine = true + } else if text == "\n" || text == "\r" { + s.commentLine = false + return args, tok, nil + } + if !s.commentLine { + if text == "{" || text == "}" || text == "\n" || text == "\r" || text == ";" || text == "&" { + return args, tok, nil + } + args = append(args, text) + } + tok = s.Scan() + } + return args, tok, nil +} + +func parse(s *Scanner, opener string) (expr []*Command, err error) { + /* + defer func() { + fmt.Printf("parse() returned %d commands:\n", len(expr)) + for _, c := range expr { + fmt.Printf("\t----> %s\n", c) + } + }() + */ + for { + args, tok, err := parseArgs(s) + if err != nil { + return nil, err + } + cmd := &Command{Args: args} + afterArgs := s.TokenText() + if afterArgs == "{" { + children, err := parse(s, "{") + if err != nil { + return nil, err + } + cmd.Children = children + } else if afterArgs == "}" && opener != "{" { + return nil, fmt.Errorf("unexpected end of block '}'") + } else if afterArgs == "&" { + cmd.Background = true + } + if len(cmd.Args) > 0 || len(cmd.Children) > 0 { + expr = append(expr, cmd) + } + if tok == scanner.EOF || afterArgs == "}" { + break + } + } + return expr, nil +} diff --git a/pkg/dockerscript/scanner/extra.go b/pkg/dockerscript/scanner/extra.go new file mode 100644 index 0000000000..05c17e247e --- /dev/null +++ b/pkg/dockerscript/scanner/extra.go @@ -0,0 +1,21 @@ +package scanner + +import ( + "strings" + "unicode" +) + +// extra functions used to hijack the upstream text/scanner + +func detectIdent(ch rune) bool { + if unicode.IsLetter(ch) { + return true + } + if unicode.IsDigit(ch) { + return true + } + if strings.ContainsRune("_:/+-@%^.!=", ch) { + return true + } + return false +} diff --git a/pkg/dockerscript/scanner/scanner.go b/pkg/dockerscript/scanner/scanner.go new file mode 100644 index 0000000000..b208fc7810 --- /dev/null +++ b/pkg/dockerscript/scanner/scanner.go @@ -0,0 +1,673 @@ +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package scanner provides a scanner and tokenizer for UTF-8-encoded text. +// It takes an io.Reader providing the source, which then can be tokenized +// through repeated calls to the Scan function. For compatibility with +// existing tools, the NUL character is not allowed. If the first character +// in the source is a UTF-8 encoded byte order mark (BOM), it is discarded. +// +// By default, a Scanner skips white space and Go comments and recognizes all +// literals as defined by the Go language specification. It may be +// customized to recognize only a subset of those literals and to recognize +// different white space characters. +// +// Basic usage pattern: +// +// var s scanner.Scanner +// s.Init(src) +// tok := s.Scan() +// for tok != scanner.EOF { +// // do something with tok +// tok = s.Scan() +// } +// +package scanner + +import ( + "bytes" + "fmt" + "io" + "os" + "unicode/utf8" +) + +// TODO(gri): Consider changing this to use the new (token) Position package. + +// A source position is represented by a Position value. +// A position is valid if Line > 0. +type Position struct { + Filename string // filename, if any + Offset int // byte offset, starting at 0 + Line int // line number, starting at 1 + Column int // column number, starting at 1 (character count per line) +} + +// IsValid returns true if the position is valid. +func (pos *Position) IsValid() bool { return pos.Line > 0 } + +func (pos Position) String() string { + s := pos.Filename + if pos.IsValid() { + if s != "" { + s += ":" + } + s += fmt.Sprintf("%d:%d", pos.Line, pos.Column) + } + if s == "" { + s = "???" + } + return s +} + +// Predefined mode bits to control recognition of tokens. For instance, +// to configure a Scanner such that it only recognizes (Go) identifiers, +// integers, and skips comments, set the Scanner's Mode field to: +// +// ScanIdents | ScanInts | SkipComments +// +const ( + ScanIdents = 1 << -Ident + ScanInts = 1 << -Int + ScanFloats = 1 << -Float // includes Ints + ScanChars = 1 << -Char + ScanStrings = 1 << -String + ScanRawStrings = 1 << -RawString + ScanComments = 1 << -Comment + SkipComments = 1 << -skipComment // if set with ScanComments, comments become white space + GoTokens = ScanIdents | ScanFloats | ScanChars | ScanStrings | ScanRawStrings | ScanComments | SkipComments +) + +// The result of Scan is one of the following tokens or a Unicode character. +const ( + EOF = -(iota + 1) + Ident + Int + Float + Char + String + RawString + Comment + skipComment +) + +var tokenString = map[rune]string{ + EOF: "EOF", + Ident: "Ident", + Int: "Int", + Float: "Float", + Char: "Char", + String: "String", + RawString: "RawString", + Comment: "Comment", +} + +// TokenString returns a printable string for a token or Unicode character. +func TokenString(tok rune) string { + if s, found := tokenString[tok]; found { + return s + } + return fmt.Sprintf("%q", string(tok)) +} + +// GoWhitespace is the default value for the Scanner's Whitespace field. +// Its value selects Go's white space characters. +const GoWhitespace = 1<<'\t' | 1<<'\n' | 1<<'\r' | 1<<' ' + +const bufLen = 1024 // at least utf8.UTFMax + +// A Scanner implements reading of Unicode characters and tokens from an io.Reader. +type Scanner struct { + // Input + src io.Reader + + // Source buffer + srcBuf [bufLen + 1]byte // +1 for sentinel for common case of s.next() + srcPos int // reading position (srcBuf index) + srcEnd int // source end (srcBuf index) + + // Source position + srcBufOffset int // byte offset of srcBuf[0] in source + line int // line count + column int // character count + lastLineLen int // length of last line in characters (for correct column reporting) + lastCharLen int // length of last character in bytes + + // Token text buffer + // Typically, token text is stored completely in srcBuf, but in general + // the token text's head may be buffered in tokBuf while the token text's + // tail is stored in srcBuf. + tokBuf bytes.Buffer // token text head that is not in srcBuf anymore + tokPos int // token text tail position (srcBuf index); valid if >= 0 + tokEnd int // token text tail end (srcBuf index) + + // One character look-ahead + ch rune // character before current srcPos + + // Error is called for each error encountered. If no Error + // function is set, the error is reported to os.Stderr. + Error func(s *Scanner, msg string) + + // ErrorCount is incremented by one for each error encountered. + ErrorCount int + + // The Mode field controls which tokens are recognized. For instance, + // to recognize Ints, set the ScanInts bit in Mode. The field may be + // changed at any time. + Mode uint + + // The Whitespace field controls which characters are recognized + // as white space. To recognize a character ch <= ' ' as white space, + // set the ch'th bit in Whitespace (the Scanner's behavior is undefined + // for values ch > ' '). The field may be changed at any time. + Whitespace uint64 + + // Start position of most recently scanned token; set by Scan. + // Calling Init or Next invalidates the position (Line == 0). + // The Filename field is always left untouched by the Scanner. + // If an error is reported (via Error) and Position is invalid, + // the scanner is not inside a token. Call Pos to obtain an error + // position in that case. + Position +} + +// Init initializes a Scanner with a new source and returns s. +// Error is set to nil, ErrorCount is set to 0, Mode is set to GoTokens, +// and Whitespace is set to GoWhitespace. +func (s *Scanner) Init(src io.Reader) *Scanner { + s.src = src + + // initialize source buffer + // (the first call to next() will fill it by calling src.Read) + s.srcBuf[0] = utf8.RuneSelf // sentinel + s.srcPos = 0 + s.srcEnd = 0 + + // initialize source position + s.srcBufOffset = 0 + s.line = 1 + s.column = 0 + s.lastLineLen = 0 + s.lastCharLen = 0 + + // initialize token text buffer + // (required for first call to next()). + s.tokPos = -1 + + // initialize one character look-ahead + s.ch = -1 // no char read yet + + // initialize public fields + s.Error = nil + s.ErrorCount = 0 + s.Mode = GoTokens + s.Whitespace = GoWhitespace + s.Line = 0 // invalidate token position + + return s +} + +// next reads and returns the next Unicode character. It is designed such +// that only a minimal amount of work needs to be done in the common ASCII +// case (one test to check for both ASCII and end-of-buffer, and one test +// to check for newlines). +func (s *Scanner) next() rune { + ch, width := rune(s.srcBuf[s.srcPos]), 1 + + if ch >= utf8.RuneSelf { + // uncommon case: not ASCII or not enough bytes + for s.srcPos+utf8.UTFMax > s.srcEnd && !utf8.FullRune(s.srcBuf[s.srcPos:s.srcEnd]) { + // not enough bytes: read some more, but first + // save away token text if any + if s.tokPos >= 0 { + s.tokBuf.Write(s.srcBuf[s.tokPos:s.srcPos]) + s.tokPos = 0 + // s.tokEnd is set by Scan() + } + // move unread bytes to beginning of buffer + copy(s.srcBuf[0:], s.srcBuf[s.srcPos:s.srcEnd]) + s.srcBufOffset += s.srcPos + // read more bytes + // (an io.Reader must return io.EOF when it reaches + // the end of what it is reading - simply returning + // n == 0 will make this loop retry forever; but the + // error is in the reader implementation in that case) + i := s.srcEnd - s.srcPos + n, err := s.src.Read(s.srcBuf[i:bufLen]) + s.srcPos = 0 + s.srcEnd = i + n + s.srcBuf[s.srcEnd] = utf8.RuneSelf // sentinel + if err != nil { + if s.srcEnd == 0 { + if s.lastCharLen > 0 { + // previous character was not EOF + s.column++ + } + s.lastCharLen = 0 + return EOF + } + if err != io.EOF { + s.error(err.Error()) + } + // If err == EOF, we won't be getting more + // bytes; break to avoid infinite loop. If + // err is something else, we don't know if + // we can get more bytes; thus also break. + break + } + } + // at least one byte + ch = rune(s.srcBuf[s.srcPos]) + if ch >= utf8.RuneSelf { + // uncommon case: not ASCII + ch, width = utf8.DecodeRune(s.srcBuf[s.srcPos:s.srcEnd]) + if ch == utf8.RuneError && width == 1 { + // advance for correct error position + s.srcPos += width + s.lastCharLen = width + s.column++ + s.error("illegal UTF-8 encoding") + return ch + } + } + } + + // advance + s.srcPos += width + s.lastCharLen = width + s.column++ + + // special situations + switch ch { + case 0: + // for compatibility with other tools + s.error("illegal character NUL") + case '\n': + s.line++ + s.lastLineLen = s.column + s.column = 0 + } + + return ch +} + +// Next reads and returns the next Unicode character. +// It returns EOF at the end of the source. It reports +// a read error by calling s.Error, if not nil; otherwise +// it prints an error message to os.Stderr. Next does not +// update the Scanner's Position field; use Pos() to +// get the current position. +func (s *Scanner) Next() rune { + s.tokPos = -1 // don't collect token text + s.Line = 0 // invalidate token position + ch := s.Peek() + s.ch = s.next() + return ch +} + +// Peek returns the next Unicode character in the source without advancing +// the scanner. It returns EOF if the scanner's position is at the last +// character of the source. +func (s *Scanner) Peek() rune { + if s.ch < 0 { + // this code is only run for the very first character + s.ch = s.next() + if s.ch == '\uFEFF' { + s.ch = s.next() // ignore BOM + } + } + return s.ch +} + +func (s *Scanner) error(msg string) { + s.ErrorCount++ + if s.Error != nil { + s.Error(s, msg) + return + } + pos := s.Position + if !pos.IsValid() { + pos = s.Pos() + } + fmt.Fprintf(os.Stderr, "%s: %s\n", pos, msg) +} + +func (s *Scanner) scanIdentifier() rune { + ch := s.next() // read character after first '_' or letter + for detectIdent(ch) { + ch = s.next() + } + return ch +} + +func digitVal(ch rune) int { + switch { + case '0' <= ch && ch <= '9': + return int(ch - '0') + case 'a' <= ch && ch <= 'f': + return int(ch - 'a' + 10) + case 'A' <= ch && ch <= 'F': + return int(ch - 'A' + 10) + } + return 16 // larger than any legal digit val +} + +func isDecimal(ch rune) bool { return '0' <= ch && ch <= '9' } + +func (s *Scanner) scanMantissa(ch rune) rune { + for isDecimal(ch) { + ch = s.next() + } + return ch +} + +func (s *Scanner) scanFraction(ch rune) rune { + if ch == '.' { + ch = s.scanMantissa(s.next()) + } + return ch +} + +func (s *Scanner) scanExponent(ch rune) rune { + if ch == 'e' || ch == 'E' { + ch = s.next() + if ch == '-' || ch == '+' { + ch = s.next() + } + ch = s.scanMantissa(ch) + } + return ch +} + +func (s *Scanner) scanNumber(ch rune) (rune, rune) { + // isDecimal(ch) + if ch == '0' { + // int or float + ch = s.next() + if ch == 'x' || ch == 'X' { + // hexadecimal int + ch = s.next() + hasMantissa := false + for digitVal(ch) < 16 { + ch = s.next() + hasMantissa = true + } + if !hasMantissa { + s.error("illegal hexadecimal number") + } + } else { + // octal int or float + has8or9 := false + for isDecimal(ch) { + if ch > '7' { + has8or9 = true + } + ch = s.next() + } + if s.Mode&ScanFloats != 0 && (ch == '.' || ch == 'e' || ch == 'E') { + // float + ch = s.scanFraction(ch) + ch = s.scanExponent(ch) + return Float, ch + } + // octal int + if has8or9 { + s.error("illegal octal number") + } + } + return Int, ch + } + // decimal int or float + ch = s.scanMantissa(ch) + if s.Mode&ScanFloats != 0 && (ch == '.' || ch == 'e' || ch == 'E') { + // float + ch = s.scanFraction(ch) + ch = s.scanExponent(ch) + return Float, ch + } + return Int, ch +} + +func (s *Scanner) scanDigits(ch rune, base, n int) rune { + for n > 0 && digitVal(ch) < base { + ch = s.next() + n-- + } + if n > 0 { + s.error("illegal char escape") + } + return ch +} + +func (s *Scanner) scanEscape(quote rune) rune { + ch := s.next() // read character after '/' + switch ch { + case 'a', 'b', 'f', 'n', 'r', 't', 'v', '\\', quote: + // nothing to do + ch = s.next() + case '0', '1', '2', '3', '4', '5', '6', '7': + ch = s.scanDigits(ch, 8, 3) + case 'x': + ch = s.scanDigits(s.next(), 16, 2) + case 'u': + ch = s.scanDigits(s.next(), 16, 4) + case 'U': + ch = s.scanDigits(s.next(), 16, 8) + default: + s.error("illegal char escape") + } + return ch +} + +func (s *Scanner) scanString(quote rune) (n int) { + ch := s.next() // read character after quote + for ch != quote { + if ch == '\n' || ch < 0 { + s.error("literal not terminated") + return + } + if ch == '\\' { + ch = s.scanEscape(quote) + } else { + ch = s.next() + } + n++ + } + return +} + +func (s *Scanner) scanRawString() { + ch := s.next() // read character after '`' + for ch != '`' { + if ch < 0 { + s.error("literal not terminated") + return + } + ch = s.next() + } +} + +func (s *Scanner) scanChar() { + if s.scanString('\'') != 1 { + s.error("illegal char literal") + } +} + +func (s *Scanner) scanComment(ch rune) rune { + // ch == '/' || ch == '*' + if ch == '/' { + // line comment + ch = s.next() // read character after "//" + for ch != '\n' && ch >= 0 { + ch = s.next() + } + return ch + } + + // general comment + ch = s.next() // read character after "/*" + for { + if ch < 0 { + s.error("comment not terminated") + break + } + ch0 := ch + ch = s.next() + if ch0 == '*' && ch == '/' { + ch = s.next() + break + } + } + return ch +} + +// Scan reads the next token or Unicode character from source and returns it. +// It only recognizes tokens t for which the respective Mode bit (1<<-t) is set. +// It returns EOF at the end of the source. It reports scanner errors (read and +// token errors) by calling s.Error, if not nil; otherwise it prints an error +// message to os.Stderr. +func (s *Scanner) Scan() rune { + ch := s.Peek() + + // reset token text position + s.tokPos = -1 + s.Line = 0 + +redo: + // skip white space + for s.Whitespace&(1< 0 { + // common case: last character was not a '\n' + s.Line = s.line + s.Column = s.column + } else { + // last character was a '\n' + // (we cannot be at the beginning of the source + // since we have called next() at least once) + s.Line = s.line - 1 + s.Column = s.lastLineLen + } + + // determine token value + tok := ch + switch { + case detectIdent(ch): + if s.Mode&ScanIdents != 0 { + tok = Ident + ch = s.scanIdentifier() + } else { + ch = s.next() + } + case isDecimal(ch): + if s.Mode&(ScanInts|ScanFloats) != 0 { + tok, ch = s.scanNumber(ch) + } else { + ch = s.next() + } + default: + switch ch { + case '"': + if s.Mode&ScanStrings != 0 { + s.scanString('"') + tok = String + } + ch = s.next() + case '\'': + if s.Mode&ScanChars != 0 { + s.scanChar() + tok = Char + } + ch = s.next() + case '.': + ch = s.next() + if isDecimal(ch) && s.Mode&ScanFloats != 0 { + tok = Float + ch = s.scanMantissa(ch) + ch = s.scanExponent(ch) + } + case '/': + ch = s.next() + if (ch == '/' || ch == '*') && s.Mode&ScanComments != 0 { + if s.Mode&SkipComments != 0 { + s.tokPos = -1 // don't collect token text + ch = s.scanComment(ch) + goto redo + } + ch = s.scanComment(ch) + tok = Comment + } + case '`': + if s.Mode&ScanRawStrings != 0 { + s.scanRawString() + tok = String + } + ch = s.next() + default: + ch = s.next() + } + } + + // end of token text + s.tokEnd = s.srcPos - s.lastCharLen + + s.ch = ch + return tok +} + +// Pos returns the position of the character immediately after +// the character or token returned by the last call to Next or Scan. +func (s *Scanner) Pos() (pos Position) { + pos.Filename = s.Filename + pos.Offset = s.srcBufOffset + s.srcPos - s.lastCharLen + switch { + case s.column > 0: + // common case: last character was not a '\n' + pos.Line = s.line + pos.Column = s.column + case s.lastLineLen > 0: + // last character was a '\n' + pos.Line = s.line - 1 + pos.Column = s.lastLineLen + default: + // at the beginning of the source + pos.Line = 1 + pos.Column = 1 + } + return +} + +// TokenText returns the string corresponding to the most recently scanned token. +// Valid after calling Scan(). +func (s *Scanner) TokenText() string { + if s.tokPos < 0 { + // no token text + return "" + } + + if s.tokEnd < 0 { + // if EOF was reached, s.tokEnd is set to -1 (s.srcPos == 0) + s.tokEnd = s.tokPos + } + + if s.tokBuf.Len() == 0 { + // common case: the entire token text is still in srcBuf + return string(s.srcBuf[s.tokPos:s.tokEnd]) + } + + // part of the token text was saved in tokBuf: save the rest in + // tokBuf as well and return its content + s.tokBuf.Write(s.srcBuf[s.tokPos:s.tokEnd]) + s.tokPos = s.tokEnd // ensure idempotency of TokenText() call + return s.tokBuf.String() +} diff --git a/pkg/graphdb/conn_linux.go b/pkg/graphdb/conn_sqlite3.go similarity index 96% rename from pkg/graphdb/conn_linux.go rename to pkg/graphdb/conn_sqlite3.go index 7a1ab8c92f..33355ae4dc 100644 --- a/pkg/graphdb/conn_linux.go +++ b/pkg/graphdb/conn_sqlite3.go @@ -1,4 +1,4 @@ -// +build amd64 +// +build cgo package graphdb diff --git a/pkg/graphdb/conn_unsupported.go b/pkg/graphdb/conn_unsupported.go index c2d602569f..3895051661 100644 --- a/pkg/graphdb/conn_unsupported.go +++ b/pkg/graphdb/conn_unsupported.go @@ -1,4 +1,4 @@ -// +build !linux !amd64 +// +build !cgo package graphdb diff --git a/pkg/iptables/iptables.go b/pkg/iptables/iptables.go index 1f25952bd9..4cdd67ef7c 100644 --- a/pkg/iptables/iptables.go +++ b/pkg/iptables/iptables.go @@ -66,6 +66,7 @@ func (c *Chain) Forward(action Action, ip net.IP, port int, proto, dest_addr str "-p", proto, "-d", daddr, "--dport", strconv.Itoa(port), + "!", "-i", c.Bridge, "-j", "DNAT", "--to-destination", net.JoinHostPort(dest_addr, strconv.Itoa(dest_port))); err != nil { return err diff --git a/pkg/label/label.go b/pkg/label/label.go index 38f026bc5a..434e1c5725 100644 --- a/pkg/label/label.go +++ b/pkg/label/label.go @@ -24,3 +24,7 @@ func GetPidCon(pid int) (string, error) { func Init() { } + +func ReserveLabel(label string) error { + return nil +} diff --git a/pkg/label/label_selinux.go b/pkg/label/label_selinux.go index 9f7463f79b..926f7fffa8 100644 --- a/pkg/label/label_selinux.go +++ b/pkg/label/label_selinux.go @@ -4,8 +4,9 @@ package label import ( "fmt" - "github.com/dotcloud/docker/pkg/selinux" "strings" + + "github.com/dotcloud/docker/pkg/selinux" ) func GenLabels(options string) (string, string, error) { @@ -32,13 +33,13 @@ func GenLabels(options string) (string, string, error) { return processLabel, mountLabel, err } -func FormatMountLabel(src string, mountLabel string) string { - if selinux.SelinuxEnabled() && mountLabel != "" { +func FormatMountLabel(src, mountLabel string) string { + if mountLabel != "" { switch src { case "": - src = fmt.Sprintf("%s,context=%s", src, mountLabel) + src = fmt.Sprintf("context=%q", mountLabel) default: - src = fmt.Sprintf("context=%s", mountLabel) + src = fmt.Sprintf("%s,context=%q", src, mountLabel) } } return src @@ -75,3 +76,8 @@ func GetPidCon(pid int) (string, error) { func Init() { selinux.SelinuxEnabled() } + +func ReserveLabel(label string) error { + selinux.ReserveLabel(label) + return nil +} diff --git a/pkg/libcontainer/MAINTAINERS b/pkg/libcontainer/MAINTAINERS index 1cb551364d..41f04602ee 100644 --- a/pkg/libcontainer/MAINTAINERS +++ b/pkg/libcontainer/MAINTAINERS @@ -1,2 +1,4 @@ Michael Crosby (@crosbymichael) Guillaume J. Charmes (@creack) +Rohit Jnagal (@rjnagal) +Victor Marmol (@vmarmol) diff --git a/pkg/libcontainer/README.md b/pkg/libcontainer/README.md index d6d0fbae44..8e89153bd7 100644 --- a/pkg/libcontainer/README.md +++ b/pkg/libcontainer/README.md @@ -13,87 +13,11 @@ a `container.json` file is placed with the runtime configuration for how the pro should be contained and ran. Environment, networking, and different capabilities for the process are specified in this file. The configuration is used for each process executed inside the container. -Sample `container.json` file: -```json -{ - "hostname" : "koye", - "networks" : [ - { - "gateway" : "172.17.42.1", - "context" : { - "bridge" : "docker0", - "prefix" : "veth" - }, - "address" : "172.17.0.2/16", - "type" : "veth", - "mtu" : 1500 - } - ], - "cgroups" : { - "parent" : "docker", - "name" : "11bb30683fb0bdd57fab4d3a8238877f1e4395a2cfc7320ea359f7a02c1a5620" - }, - "tty" : true, - "environment" : [ - "HOME=/", - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", - "HOSTNAME=11bb30683fb0", - "TERM=xterm" - ], - "capabilities_mask" : [ - "SETPCAP", - "SYS_MODULE", - "SYS_RAWIO", - "SYS_PACCT", - "SYS_ADMIN", - "SYS_NICE", - "SYS_RESOURCE", - "SYS_TIME", - "SYS_TTY_CONFIG", - "MKNOD", - "AUDIT_WRITE", - "AUDIT_CONTROL", - "MAC_OVERRIDE", - "MAC_ADMIN", - "NET_ADMIN" - ], - "context" : { - "apparmor_profile" : "docker-default" - }, - "mounts" : [ - { - "source" : "/var/lib/docker/containers/11bb30683fb0bdd57fab4d3a8238877f1e4395a2cfc7320ea359f7a02c1a5620/resolv.conf", - "writable" : false, - "destination" : "/etc/resolv.conf", - "private" : true - }, - { - "source" : "/var/lib/docker/containers/11bb30683fb0bdd57fab4d3a8238877f1e4395a2cfc7320ea359f7a02c1a5620/hostname", - "writable" : false, - "destination" : "/etc/hostname", - "private" : true - }, - { - "source" : "/var/lib/docker/containers/11bb30683fb0bdd57fab4d3a8238877f1e4395a2cfc7320ea359f7a02c1a5620/hosts", - "writable" : false, - "destination" : "/etc/hosts", - "private" : true - } - ], - "namespaces" : [ - "NEWNS", - "NEWUTS", - "NEWIPC", - "NEWPID", - "NEWNET" - ] -} -``` +See the `container.json` file for what the configuration should look like. Using this configuration and the current directory holding the rootfs for a process, one can use libcontainer to exec the container. Running the life of the namespace, a `pid` file is written to the current directory with the pid of the namespaced process to the external world. A client can use this pid to wait, kill, or perform other operation with the container. If a user tries to run a new process inside an existing container with a live namespace, the namespace will be joined by the new process. - You may also specify an alternate root place where the `container.json` file is read and where the `pid` file will be saved. #### nsinit diff --git a/pkg/libcontainer/apparmor/setup.go b/pkg/libcontainer/apparmor/setup.go deleted file mode 100644 index 548e72f550..0000000000 --- a/pkg/libcontainer/apparmor/setup.go +++ /dev/null @@ -1,128 +0,0 @@ -package apparmor - -import ( - "fmt" - "io" - "io/ioutil" - "os" - "os/exec" - "path" -) - -const ( - DefaultProfilePath = "/etc/apparmor.d/docker" -) - -const DefaultProfile = ` -# AppArmor profile from lxc for containers. - -#include -profile docker-default flags=(attach_disconnected,mediate_deleted) { - #include - network, - capability, - file, - umount, - - # ignore DENIED message on / remount - deny mount options=(ro, remount) -> /, - - # allow tmpfs mounts everywhere - mount fstype=tmpfs, - - # allow mqueue mounts everywhere - mount fstype=mqueue, - - # allow fuse mounts everywhere - mount fstype=fuse.*, - - # allow bind mount of /lib/init/fstab for lxcguest - mount options=(rw, bind) /lib/init/fstab.lxc/ -> /lib/init/fstab/, - - # deny writes in /proc/sys/fs but allow binfmt_misc to be mounted - mount fstype=binfmt_misc -> /proc/sys/fs/binfmt_misc/, - deny @{PROC}/sys/fs/** wklx, - - # allow efivars to be mounted, writing to it will be blocked though - mount fstype=efivarfs -> /sys/firmware/efi/efivars/, - - # block some other dangerous paths - deny @{PROC}/sysrq-trigger rwklx, - deny @{PROC}/mem rwklx, - deny @{PROC}/kmem rwklx, - deny @{PROC}/sys/kernel/[^s][^h][^m]* wklx, - deny @{PROC}/sys/kernel/*/** wklx, - - # deny writes in /sys except for /sys/fs/cgroup, also allow - # fusectl, securityfs and debugfs to be mounted there (read-only) - mount fstype=fusectl -> /sys/fs/fuse/connections/, - mount fstype=securityfs -> /sys/kernel/security/, - mount fstype=debugfs -> /sys/kernel/debug/, - deny mount fstype=debugfs -> /var/lib/ureadahead/debugfs/, - mount fstype=proc -> /proc/, - mount fstype=sysfs -> /sys/, - deny /sys/[^f]*/** wklx, - deny /sys/f[^s]*/** wklx, - deny /sys/fs/[^c]*/** wklx, - deny /sys/fs/c[^g]*/** wklx, - deny /sys/fs/cg[^r]*/** wklx, - deny /sys/firmware/efi/efivars/** rwklx, - deny /sys/kernel/security/** rwklx, - mount options=(move) /sys/fs/cgroup/cgmanager/ -> /sys/fs/cgroup/cgmanager.lower/, - - # the container may never be allowed to mount devpts. If it does, it - # will remount the host's devpts. We could allow it to do it with - # the newinstance option (but, right now, we don't). - deny mount fstype=devpts, -} -` - -func InstallDefaultProfile(backupPath string) error { - if !IsEnabled() { - return nil - } - - // If the profile already exists, check if we already have a backup - // if not, do the backup and override it. (docker 0.10 upgrade changed the apparmor profile) - // see gh#5049, apparmor blocks signals in ubuntu 14.04 - if _, err := os.Stat(DefaultProfilePath); err == nil { - if _, err := os.Stat(backupPath); err == nil { - // If both the profile and the backup are present, do nothing - return nil - } - // Make sure the directory exists - if err := os.MkdirAll(path.Dir(backupPath), 0755); err != nil { - return err - } - - // Create the backup file - f, err := os.Create(backupPath) - if err != nil { - return err - } - defer f.Close() - src, err := os.Open(DefaultProfilePath) - if err != nil { - return err - } - defer src.Close() - if _, err := io.Copy(f, src); err != nil { - return err - } - } - - // Make sure /etc/apparmor.d exists - if err := os.MkdirAll(path.Dir(DefaultProfilePath), 0755); err != nil { - return err - } - - if err := ioutil.WriteFile(DefaultProfilePath, []byte(DefaultProfile), 0644); err != nil { - return err - } - - output, err := exec.Command("/lib/init/apparmor-profile-load", "docker").CombinedOutput() - if err != nil { - return fmt.Errorf("Error loading docker profile: %s (%s)", err, output) - } - return nil -} diff --git a/pkg/libcontainer/console/console.go b/pkg/libcontainer/console/console.go new file mode 100644 index 0000000000..5f06aea225 --- /dev/null +++ b/pkg/libcontainer/console/console.go @@ -0,0 +1,61 @@ +// +build linux + +package console + +import ( + "fmt" + "os" + "path/filepath" + "syscall" + + "github.com/dotcloud/docker/pkg/label" + "github.com/dotcloud/docker/pkg/system" +) + +// Setup initializes the proper /dev/console inside the rootfs path +func Setup(rootfs, consolePath, mountLabel string) error { + oldMask := system.Umask(0000) + defer system.Umask(oldMask) + + stat, err := os.Stat(consolePath) + if err != nil { + return fmt.Errorf("stat console %s %s", consolePath, err) + } + var ( + st = stat.Sys().(*syscall.Stat_t) + dest = filepath.Join(rootfs, "dev/console") + ) + if err := os.Remove(dest); err != nil && !os.IsNotExist(err) { + return fmt.Errorf("remove %s %s", dest, err) + } + if err := os.Chmod(consolePath, 0600); err != nil { + return err + } + if err := os.Chown(consolePath, 0, 0); err != nil { + return err + } + if err := system.Mknod(dest, (st.Mode&^07777)|0600, int(st.Rdev)); err != nil { + return fmt.Errorf("mknod %s %s", dest, err) + } + if err := label.SetFileLabel(consolePath, mountLabel); err != nil { + return fmt.Errorf("set file label %s %s", dest, err) + } + if err := system.Mount(consolePath, dest, "bind", syscall.MS_BIND, ""); err != nil { + return fmt.Errorf("bind %s to %s %s", consolePath, dest, err) + } + return nil +} + +func OpenAndDup(consolePath string) error { + slave, err := system.OpenTerminal(consolePath, syscall.O_RDWR) + if err != nil { + return fmt.Errorf("open terminal %s", err) + } + if err := system.Dup2(slave.Fd(), 0); err != nil { + return err + } + if err := system.Dup2(slave.Fd(), 1); err != nil { + return err + } + return system.Dup2(slave.Fd(), 2) +} diff --git a/pkg/libcontainer/container.go b/pkg/libcontainer/container.go index c7cac35428..5acdff3d29 100644 --- a/pkg/libcontainer/container.go +++ b/pkg/libcontainer/container.go @@ -18,12 +18,12 @@ type Container struct { WorkingDir string `json:"working_dir,omitempty"` // current working directory Env []string `json:"environment,omitempty"` // environment to set Tty bool `json:"tty,omitempty"` // setup a proper tty or not - Namespaces Namespaces `json:"namespaces,omitempty"` // namespaces to apply - CapabilitiesMask Capabilities `json:"capabilities_mask,omitempty"` // capabilities to drop + Namespaces map[string]bool `json:"namespaces,omitempty"` // namespaces to apply + CapabilitiesMask map[string]bool `json:"capabilities_mask,omitempty"` // capabilities to drop Networks []*Network `json:"networks,omitempty"` // nil for host's network stack Cgroups *cgroups.Cgroup `json:"cgroups,omitempty"` // cgroups Context Context `json:"context,omitempty"` // generic context for specific options (apparmor, selinux) - Mounts []Mount `json:"mounts,omitempty"` + Mounts Mounts `json:"mounts,omitempty"` } // Network defines configuration for a container's networking stack @@ -37,12 +37,3 @@ type Network struct { Gateway string `json:"gateway,omitempty"` Mtu int `json:"mtu,omitempty"` } - -// Bind mounts from the host system to the container -// -type Mount struct { - Source string `json:"source"` // Source path, in the host namespace - Destination string `json:"destination"` // Destination path, in the container - Writable bool `json:"writable"` - Private bool `json:"private"` -} diff --git a/pkg/libcontainer/container.json b/pkg/libcontainer/container.json index f045315a41..33d79600d4 100644 --- a/pkg/libcontainer/container.json +++ b/pkg/libcontainer/container.json @@ -1,50 +1,62 @@ { - "hostname": "koye", - "tty": true, - "environment": [ - "HOME=/", - "PATH=PATH=$PATH:/bin:/usr/bin:/sbin:/usr/sbin", - "container=docker", - "TERM=xterm-256color" - ], - "namespaces": [ - "NEWIPC", - "NEWNS", - "NEWPID", - "NEWUTS", - "NEWNET" - ], - "capabilities_mask": [ - "SETPCAP", - "SYS_MODULE", - "SYS_RAWIO", - "SYS_PACCT", - "SYS_ADMIN", - "SYS_NICE", - "SYS_RESOURCE", - "SYS_TIME", - "SYS_TTY_CONFIG", - "MKNOD", - "AUDIT_WRITE", - "AUDIT_CONTROL", - "MAC_OVERRIDE", - "MAC_ADMIN", - "NET_ADMIN" - ], - "networks": [{ - "type": "veth", - "context": { - "bridge": "docker0", - "prefix": "dock" - }, - "address": "172.17.0.100/16", - "gateway": "172.17.42.1", - "mtu": 1500 - } - ], - "cgroups": { - "name": "docker-koye", - "parent": "docker", - "memory": 5248000 + "namespaces": { + "NEWNET": true, + "NEWPID": true, + "NEWIPC": true, + "NEWUTS": true, + "NEWNS": true + }, + "networks": [ + { + "gateway": "localhost", + "type": "loopback", + "address": "127.0.0.1/0", + "mtu": 1500 + }, + { + "gateway": "172.17.42.1", + "context": { + "prefix": "veth", + "bridge": "docker0" + }, + "type": "veth", + "address": "172.17.42.2/16", + "mtu": 1500 } + ], + "capabilities_mask": { + "SYSLOG": false, + "MKNOD": true, + "NET_ADMIN": false, + "MAC_ADMIN": false, + "MAC_OVERRIDE": false, + "AUDIT_CONTROL": false, + "AUDIT_WRITE": false, + "SYS_TTY_CONFIG": false, + "SETPCAP": false, + "SYS_MODULE": false, + "SYS_RAWIO": false, + "SYS_PACCT": false, + "SYS_ADMIN": false, + "SYS_NICE": false, + "SYS_RESOURCE": false, + "SYS_TIME": false + }, + "cgroups": { + "name": "docker-koye", + "parent": "docker" + }, + "hostname": "koye", + "environment": [ + "HOME=/", + "PATH=PATH=$PATH:/bin:/usr/bin:/sbin:/usr/sbin", + "container=docker", + "TERM=xterm-256color" + ], + "tty": true, + "mounts": [ + { + "type": "devtmpfs" + } + ] } diff --git a/pkg/libcontainer/container_test.go b/pkg/libcontainer/container_test.go new file mode 100644 index 0000000000..c02385af3f --- /dev/null +++ b/pkg/libcontainer/container_test.go @@ -0,0 +1,59 @@ +package libcontainer + +import ( + "encoding/json" + "os" + "testing" +) + +func TestContainerJsonFormat(t *testing.T) { + f, err := os.Open("container.json") + if err != nil { + t.Fatal("Unable to open container.json") + } + defer f.Close() + + var container *Container + if err := json.NewDecoder(f).Decode(&container); err != nil { + t.Fatalf("failed to decode container config: %s", err) + } + if container.Hostname != "koye" { + t.Log("hostname is not set") + t.Fail() + } + + if !container.Tty { + t.Log("tty should be set to true") + t.Fail() + } + + if !container.Namespaces["NEWNET"] { + t.Log("namespaces should contain NEWNET") + t.Fail() + } + + if container.Namespaces["NEWUSER"] { + t.Log("namespaces should not contain NEWUSER") + t.Fail() + } + + if _, exists := container.CapabilitiesMask["SYS_ADMIN"]; !exists { + t.Log("capabilities mask should contain SYS_ADMIN") + t.Fail() + } + + if container.CapabilitiesMask["SYS_ADMIN"] { + t.Log("SYS_ADMIN should not be enabled in capabilities mask") + t.Fail() + } + + if !container.CapabilitiesMask["MKNOD"] { + t.Log("MKNOD should be enabled in capabilities mask") + t.Fail() + } + + if container.CapabilitiesMask["SYS_CHROOT"] { + t.Log("capabilities mask should not contain SYS_CHROOT") + t.Fail() + } +} diff --git a/pkg/libcontainer/mount/init.go b/pkg/libcontainer/mount/init.go new file mode 100644 index 0000000000..cfe61d1532 --- /dev/null +++ b/pkg/libcontainer/mount/init.go @@ -0,0 +1,134 @@ +// +build linux + +package mount + +import ( + "fmt" + "os" + "path/filepath" + "syscall" + + "github.com/dotcloud/docker/pkg/label" + "github.com/dotcloud/docker/pkg/libcontainer" + "github.com/dotcloud/docker/pkg/libcontainer/mount/nodes" + "github.com/dotcloud/docker/pkg/system" +) + +// default mount point flags +const defaultMountFlags = syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NODEV + +type mount struct { + source string + path string + device string + flags int + data string +} + +// InitializeMountNamespace setups up the devices, mount points, and filesystems for use inside a +// new mount namepsace +func InitializeMountNamespace(rootfs, console string, container *libcontainer.Container) error { + var ( + err error + flag = syscall.MS_PRIVATE + ) + if container.NoPivotRoot { + flag = syscall.MS_SLAVE + } + if err := system.Mount("", "/", "", uintptr(flag|syscall.MS_REC), ""); err != nil { + return fmt.Errorf("mounting / as slave %s", err) + } + if err := system.Mount(rootfs, rootfs, "bind", syscall.MS_BIND|syscall.MS_REC, ""); err != nil { + return fmt.Errorf("mouting %s as bind %s", rootfs, err) + } + if err := mountSystem(rootfs, container); err != nil { + return fmt.Errorf("mount system %s", err) + } + if err := setupBindmounts(rootfs, container.Mounts); err != nil { + return fmt.Errorf("bind mounts %s", err) + } + if err := nodes.CopyN(rootfs, nodes.DefaultNodes); err != nil { + return fmt.Errorf("copy dev nodes %s", err) + } + if err := SetupPtmx(rootfs, console, container.Context["mount_label"]); err != nil { + return err + } + if err := system.Chdir(rootfs); err != nil { + return fmt.Errorf("chdir into %s %s", rootfs, err) + } + + if container.NoPivotRoot { + err = MsMoveRoot(rootfs) + } else { + err = PivotRoot(rootfs) + } + if err != nil { + return err + } + + if container.ReadonlyFs { + if err := SetReadonly(); err != nil { + return fmt.Errorf("set readonly %s", err) + } + } + + system.Umask(0022) + + return nil +} + +// mountSystem sets up linux specific system mounts like sys, proc, shm, and devpts +// inside the mount namespace +func mountSystem(rootfs string, container *libcontainer.Container) error { + for _, m := range newSystemMounts(rootfs, container.Context["mount_label"], container.Mounts) { + if err := os.MkdirAll(m.path, 0755); err != nil && !os.IsExist(err) { + return fmt.Errorf("mkdirall %s %s", m.path, err) + } + if err := system.Mount(m.source, m.path, m.device, uintptr(m.flags), m.data); err != nil { + return fmt.Errorf("mounting %s into %s %s", m.source, m.path, err) + } + } + return nil +} + +func setupBindmounts(rootfs string, bindMounts libcontainer.Mounts) error { + for _, m := range bindMounts.OfType("bind") { + var ( + flags = syscall.MS_BIND | syscall.MS_REC + dest = filepath.Join(rootfs, m.Destination) + ) + if !m.Writable { + flags = flags | syscall.MS_RDONLY + } + if err := system.Mount(m.Source, dest, "bind", uintptr(flags), ""); err != nil { + return fmt.Errorf("mounting %s into %s %s", m.Source, dest, err) + } + if !m.Writable { + if err := system.Mount(m.Source, dest, "bind", uintptr(flags|syscall.MS_REMOUNT), ""); err != nil { + return fmt.Errorf("remounting %s into %s %s", m.Source, dest, err) + } + } + if m.Private { + if err := system.Mount("", dest, "none", uintptr(syscall.MS_PRIVATE), ""); err != nil { + return fmt.Errorf("mounting %s private %s", dest, err) + } + } + } + return nil +} + +// TODO: this is crappy right now and should be cleaned up with a better way of handling system and +// standard bind mounts allowing them to be more dynamic +func newSystemMounts(rootfs, mountLabel string, mounts libcontainer.Mounts) []mount { + systemMounts := []mount{ + {source: "proc", path: filepath.Join(rootfs, "proc"), device: "proc", flags: defaultMountFlags}, + {source: "sysfs", path: filepath.Join(rootfs, "sys"), device: "sysfs", flags: defaultMountFlags}, + {source: "shm", path: filepath.Join(rootfs, "dev", "shm"), device: "tmpfs", flags: defaultMountFlags, data: label.FormatMountLabel("mode=1777,size=65536k", mountLabel)}, + {source: "devpts", path: filepath.Join(rootfs, "dev", "pts"), device: "devpts", flags: syscall.MS_NOSUID | syscall.MS_NOEXEC, data: label.FormatMountLabel("newinstance,ptmxmode=0666,mode=620,gid=5", mountLabel)}, + } + + if len(mounts.OfType("devtmpfs")) == 1 { + systemMounts = append([]mount{{source: "tmpfs", path: filepath.Join(rootfs, "dev"), device: "tmpfs", flags: syscall.MS_NOSUID | syscall.MS_STRICTATIME, data: label.FormatMountLabel("mode=755", mountLabel)}}, systemMounts...) + } + return systemMounts +} diff --git a/pkg/libcontainer/mount/msmoveroot.go b/pkg/libcontainer/mount/msmoveroot.go new file mode 100644 index 0000000000..b336c86495 --- /dev/null +++ b/pkg/libcontainer/mount/msmoveroot.go @@ -0,0 +1,19 @@ +// +build linux + +package mount + +import ( + "fmt" + "github.com/dotcloud/docker/pkg/system" + "syscall" +) + +func MsMoveRoot(rootfs string) error { + if err := system.Mount(rootfs, "/", "", syscall.MS_MOVE, ""); err != nil { + return fmt.Errorf("mount move %s into / %s", rootfs, err) + } + if err := system.Chroot("."); err != nil { + return fmt.Errorf("chroot . %s", err) + } + return system.Chdir("/") +} diff --git a/pkg/libcontainer/mount/nodes/nodes.go b/pkg/libcontainer/mount/nodes/nodes.go new file mode 100644 index 0000000000..5022f85b0b --- /dev/null +++ b/pkg/libcontainer/mount/nodes/nodes.go @@ -0,0 +1,49 @@ +// +build linux + +package nodes + +import ( + "fmt" + "github.com/dotcloud/docker/pkg/system" + "os" + "path/filepath" + "syscall" +) + +// Default list of device nodes to copy +var DefaultNodes = []string{ + "null", + "zero", + "full", + "random", + "urandom", + "tty", +} + +// CopyN copies the device node from the host into the rootfs +func CopyN(rootfs string, nodesToCopy []string) error { + oldMask := system.Umask(0000) + defer system.Umask(oldMask) + + for _, node := range nodesToCopy { + if err := Copy(rootfs, node); err != nil { + return err + } + } + return nil +} + +func Copy(rootfs, node string) error { + stat, err := os.Stat(filepath.Join("/dev", node)) + if err != nil { + return err + } + var ( + dest = filepath.Join(rootfs, "dev", node) + st = stat.Sys().(*syscall.Stat_t) + ) + if err := system.Mknod(dest, st.Mode, int(st.Rdev)); err != nil && !os.IsExist(err) { + return fmt.Errorf("copy %s %s", node, err) + } + return nil +} diff --git a/pkg/libcontainer/mount/pivotroot.go b/pkg/libcontainer/mount/pivotroot.go new file mode 100644 index 0000000000..447f5904b2 --- /dev/null +++ b/pkg/libcontainer/mount/pivotroot.go @@ -0,0 +1,31 @@ +// +build linux + +package mount + +import ( + "fmt" + "github.com/dotcloud/docker/pkg/system" + "io/ioutil" + "os" + "path/filepath" + "syscall" +) + +func PivotRoot(rootfs string) error { + pivotDir, err := ioutil.TempDir(rootfs, ".pivot_root") + if err != nil { + return fmt.Errorf("can't create pivot_root dir %s", pivotDir, err) + } + if err := system.Pivotroot(rootfs, pivotDir); err != nil { + return fmt.Errorf("pivot_root %s", err) + } + if err := system.Chdir("/"); err != nil { + return fmt.Errorf("chdir / %s", err) + } + // path to pivot dir now changed, update + pivotDir = filepath.Join("/", filepath.Base(pivotDir)) + if err := system.Unmount(pivotDir, syscall.MNT_DETACH); err != nil { + return fmt.Errorf("unmount pivot_root dir %s", err) + } + return os.Remove(pivotDir) +} diff --git a/pkg/libcontainer/mount/ptmx.go b/pkg/libcontainer/mount/ptmx.go new file mode 100644 index 0000000000..f6ca534637 --- /dev/null +++ b/pkg/libcontainer/mount/ptmx.go @@ -0,0 +1,26 @@ +// +build linux + +package mount + +import ( + "fmt" + "github.com/dotcloud/docker/pkg/libcontainer/console" + "os" + "path/filepath" +) + +func SetupPtmx(rootfs, consolePath, mountLabel string) error { + ptmx := filepath.Join(rootfs, "dev/ptmx") + if err := os.Remove(ptmx); err != nil && !os.IsNotExist(err) { + return err + } + if err := os.Symlink("pts/ptmx", ptmx); err != nil { + return fmt.Errorf("symlink dev ptmx %s", err) + } + if consolePath != "" { + if err := console.Setup(rootfs, consolePath, mountLabel); err != nil { + return err + } + } + return nil +} diff --git a/pkg/libcontainer/mount/readonly.go b/pkg/libcontainer/mount/readonly.go new file mode 100644 index 0000000000..0658358ad6 --- /dev/null +++ b/pkg/libcontainer/mount/readonly.go @@ -0,0 +1,12 @@ +// +build linux + +package mount + +import ( + "github.com/dotcloud/docker/pkg/system" + "syscall" +) + +func SetReadonly() error { + return system.Mount("/", "/", "bind", syscall.MS_BIND|syscall.MS_REMOUNT|syscall.MS_RDONLY|syscall.MS_REC, "") +} diff --git a/pkg/libcontainer/mount/remount.go b/pkg/libcontainer/mount/remount.go new file mode 100644 index 0000000000..3e00509ae0 --- /dev/null +++ b/pkg/libcontainer/mount/remount.go @@ -0,0 +1,31 @@ +// +build linux + +package mount + +import ( + "github.com/dotcloud/docker/pkg/system" + "syscall" +) + +func RemountProc() error { + if err := system.Unmount("/proc", syscall.MNT_DETACH); err != nil { + return err + } + if err := system.Mount("proc", "/proc", "proc", uintptr(defaultMountFlags), ""); err != nil { + return err + } + return nil +} + +func RemountSys() error { + if err := system.Unmount("/sys", syscall.MNT_DETACH); err != nil { + if err != syscall.EINVAL { + return err + } + } else { + if err := system.Mount("sysfs", "/sys", "sysfs", uintptr(defaultMountFlags), ""); err != nil { + return err + } + } + return nil +} diff --git a/pkg/libcontainer/network/network.go b/pkg/libcontainer/network/network.go index 8c7a4b618e..f8dee45278 100644 --- a/pkg/libcontainer/network/network.go +++ b/pkg/libcontainer/network/network.go @@ -50,7 +50,7 @@ func SetInterfaceMaster(name, master string) error { if err != nil { return err } - return netlink.NetworkSetMaster(iface, masterIface) + return netlink.AddToBridge(iface, masterIface) } func SetDefaultGateway(ip string) error { diff --git a/pkg/libcontainer/nsinit/command.go b/pkg/libcontainer/nsinit/command.go deleted file mode 100644 index 153a48ab59..0000000000 --- a/pkg/libcontainer/nsinit/command.go +++ /dev/null @@ -1,47 +0,0 @@ -package nsinit - -import ( - "github.com/dotcloud/docker/pkg/libcontainer" - "github.com/dotcloud/docker/pkg/system" - "os" - "os/exec" -) - -// CommandFactory takes the container's configuration and options passed by the -// parent processes and creates an *exec.Cmd that will be used to fork/exec the -// namespaced init process -type CommandFactory interface { - Create(container *libcontainer.Container, console string, syncFd *os.File, args []string) *exec.Cmd -} - -type DefaultCommandFactory struct { - Root string -} - -// Create will return an exec.Cmd with the Cloneflags set to the proper namespaces -// defined on the container's configuration and use the current binary as the init with the -// args provided -func (c *DefaultCommandFactory) Create(container *libcontainer.Container, console string, pipe *os.File, args []string) *exec.Cmd { - // get our binary name from arg0 so we can always reexec ourself - command := exec.Command(os.Args[0], append([]string{ - "-console", console, - "-pipe", "3", - "-root", c.Root, - "init"}, args...)...) - - system.SetCloneFlags(command, uintptr(GetNamespaceFlags(container.Namespaces))) - command.Env = container.Env - command.ExtraFiles = []*os.File{pipe} - return command -} - -// GetNamespaceFlags parses the container's Namespaces options to set the correct -// flags on clone, unshare, and setns -func GetNamespaceFlags(namespaces libcontainer.Namespaces) (flag int) { - for _, ns := range namespaces { - if ns.Enabled { - flag |= ns.Value - } - } - return flag -} diff --git a/pkg/libcontainer/nsinit/create.go b/pkg/libcontainer/nsinit/create.go new file mode 100644 index 0000000000..d5cba464d2 --- /dev/null +++ b/pkg/libcontainer/nsinit/create.go @@ -0,0 +1,10 @@ +package nsinit + +import ( + "os" + "os/exec" + + "github.com/dotcloud/docker/pkg/libcontainer" +) + +type CreateCommand func(container *libcontainer.Container, console, rootfs, dataPath, init string, childPipe *os.File, args []string) *exec.Cmd diff --git a/pkg/libcontainer/nsinit/exec.go b/pkg/libcontainer/nsinit/exec.go index c07c45de3c..5d0d772a0f 100644 --- a/pkg/libcontainer/nsinit/exec.go +++ b/pkg/libcontainer/nsinit/exec.go @@ -8,6 +8,8 @@ import ( "syscall" "github.com/dotcloud/docker/pkg/cgroups" + "github.com/dotcloud/docker/pkg/cgroups/fs" + "github.com/dotcloud/docker/pkg/cgroups/systemd" "github.com/dotcloud/docker/pkg/libcontainer" "github.com/dotcloud/docker/pkg/libcontainer/network" "github.com/dotcloud/docker/pkg/system" @@ -15,7 +17,7 @@ import ( // Exec performes setup outside of a namespace so that a container can be // executed. Exec is a high level function for working with container namespaces. -func (ns *linuxNs) Exec(container *libcontainer.Container, term Terminal, args []string) (int, error) { +func Exec(container *libcontainer.Container, term Terminal, rootfs, dataPath string, args []string, createCommand CreateCommand, startCallback func()) (int, error) { var ( master *os.File console string @@ -28,10 +30,8 @@ func (ns *linuxNs) Exec(container *libcontainer.Container, term Terminal, args [ if err != nil { return -1, err } - ns.logger.Printf("created sync pipe parent fd %d child fd %d\n", syncPipe.parent.Fd(), syncPipe.child.Fd()) if container.Tty { - ns.logger.Println("creating master and console") master, console, err = system.CreateMasterAndConsole() if err != nil { return -1, err @@ -39,14 +39,12 @@ func (ns *linuxNs) Exec(container *libcontainer.Container, term Terminal, args [ term.SetMaster(master) } - command := ns.commandFactory.Create(container, console, syncPipe.child, args) - ns.logger.Println("attach terminal to command") + command := createCommand(container, console, rootfs, dataPath, os.Args[0], syncPipe.child, args) if err := term.Attach(command); err != nil { return -1, err } defer term.Close() - ns.logger.Println("starting command") if err := command.Start(); err != nil { return -1, err } @@ -55,56 +53,97 @@ func (ns *linuxNs) Exec(container *libcontainer.Container, term Terminal, args [ if err != nil { return -1, err } - ns.logger.Printf("writting pid %d to file\n", command.Process.Pid) - if err := ns.stateWriter.WritePid(command.Process.Pid, started); err != nil { + if err := WritePid(dataPath, command.Process.Pid, started); err != nil { command.Process.Kill() return -1, err } - defer func() { - ns.logger.Println("removing pid file") - ns.stateWriter.DeletePid() - }() + defer DeletePid(dataPath) // Do this before syncing with child so that no children // can escape the cgroup - ns.logger.Println("setting cgroups") - activeCgroup, err := ns.SetupCgroups(container, command.Process.Pid) + cleaner, err := SetupCgroups(container, command.Process.Pid) if err != nil { command.Process.Kill() return -1, err } - if activeCgroup != nil { - defer activeCgroup.Cleanup() + if cleaner != nil { + defer cleaner.Cleanup() } - ns.logger.Println("setting up network") - if err := ns.InitializeNetworking(container, command.Process.Pid, syncPipe); err != nil { + if err := InitializeNetworking(container, command.Process.Pid, syncPipe); err != nil { command.Process.Kill() return -1, err } - ns.logger.Println("closing sync pipe with child") // Sync with child syncPipe.Close() + if startCallback != nil { + startCallback() + } + if err := command.Wait(); err != nil { if _, ok := err.(*exec.ExitError); !ok { return -1, err } } - status := command.ProcessState.Sys().(syscall.WaitStatus).ExitStatus() - ns.logger.Printf("process exited with status %d\n", status) - return status, err + return command.ProcessState.Sys().(syscall.WaitStatus).ExitStatus(), nil } -func (ns *linuxNs) SetupCgroups(container *libcontainer.Container, nspid int) (cgroups.ActiveCgroup, error) { +// DefaultCreateCommand will return an exec.Cmd with the Cloneflags set to the proper namespaces +// defined on the container's configuration and use the current binary as the init with the +// args provided +// +// console: the /dev/console to setup inside the container +// init: the progam executed inside the namespaces +// root: the path to the container json file and information +// pipe: sync pipe to syncronize the parent and child processes +// args: the arguemnts to pass to the container to run as the user's program +func DefaultCreateCommand(container *libcontainer.Container, console, rootfs, dataPath, init string, pipe *os.File, args []string) *exec.Cmd { + // get our binary name from arg0 so we can always reexec ourself + env := []string{ + "console=" + console, + "pipe=3", + "data_path=" + dataPath, + } + + /* + TODO: move user and wd into env + if user != "" { + env = append(env, "user="+user) + } + if workingDir != "" { + env = append(env, "wd="+workingDir) + } + */ + + command := exec.Command(init, append([]string{"init"}, args...)...) + // make sure the process is executed inside the context of the rootfs + command.Dir = rootfs + command.Env = append(os.Environ(), env...) + + system.SetCloneFlags(command, uintptr(GetNamespaceFlags(container.Namespaces))) + command.ExtraFiles = []*os.File{pipe} + + return command +} + +// SetupCgroups applies the cgroup restrictions to the process running in the contaienr based +// on the container's configuration +func SetupCgroups(container *libcontainer.Container, nspid int) (cgroups.ActiveCgroup, error) { if container.Cgroups != nil { - return container.Cgroups.Apply(nspid) + c := container.Cgroups + if systemd.UseSystemd() { + return systemd.Apply(c, nspid) + } + return fs.Apply(c, nspid) } return nil, nil } -func (ns *linuxNs) InitializeNetworking(container *libcontainer.Container, nspid int, pipe *SyncPipe) error { +// InitializeNetworking creates the container's network stack outside of the namespace and moves +// interfaces into the container's net namespaces if necessary +func InitializeNetworking(container *libcontainer.Container, nspid int, pipe *SyncPipe) error { context := libcontainer.Context{} for _, config := range container.Networks { strategy, err := network.GetStrategy(config.Type) @@ -117,3 +156,16 @@ func (ns *linuxNs) InitializeNetworking(container *libcontainer.Container, nspid } return pipe.SendToChild(context) } + +// GetNamespaceFlags parses the container's Namespaces options to set the correct +// flags on clone, unshare, and setns +func GetNamespaceFlags(namespaces map[string]bool) (flag int) { + for key, enabled := range namespaces { + if enabled { + if ns := libcontainer.GetNamespace(key); ns != nil { + flag |= ns.Value + } + } + } + return flag +} diff --git a/pkg/libcontainer/nsinit/execin.go b/pkg/libcontainer/nsinit/execin.go index 9017af06e9..40b95093dd 100644 --- a/pkg/libcontainer/nsinit/execin.go +++ b/pkg/libcontainer/nsinit/execin.go @@ -4,26 +4,36 @@ package nsinit import ( "fmt" - "github.com/dotcloud/docker/pkg/label" - "github.com/dotcloud/docker/pkg/libcontainer" - "github.com/dotcloud/docker/pkg/system" "os" "path/filepath" "strconv" "syscall" + + "github.com/dotcloud/docker/pkg/label" + "github.com/dotcloud/docker/pkg/libcontainer" + "github.com/dotcloud/docker/pkg/libcontainer/mount" + "github.com/dotcloud/docker/pkg/system" ) // ExecIn uses an existing pid and joins the pid's namespaces with the new command. -func (ns *linuxNs) ExecIn(container *libcontainer.Container, nspid int, args []string) (int, error) { - for _, nsv := range container.Namespaces { +func ExecIn(container *libcontainer.Container, nspid int, args []string) (int, error) { + // clear the current processes env and replace it with the environment + // defined on the container + if err := LoadContainerEnvironment(container); err != nil { + return -1, err + } + + for key, enabled := range container.Namespaces { // skip the PID namespace on unshare because it it not supported - if nsv.Key != "NEWPID" { - if err := system.Unshare(nsv.Value); err != nil { - return -1, err + if enabled && key != "NEWPID" { + if ns := libcontainer.GetNamespace(key); ns != nil { + if err := system.Unshare(ns.Value); err != nil { + return -1, err + } } } } - fds, err := ns.getNsFds(nspid, container) + fds, err := getNsFds(nspid, container) closeFds := func() { for _, f := range fds { system.Closefd(f) @@ -41,7 +51,6 @@ func (ns *linuxNs) ExecIn(container *libcontainer.Container, nspid int, args []s // foreach namespace fd, use setns to join an existing container's namespaces for _, fd := range fds { if fd > 0 { - ns.logger.Printf("setns on %d\n", fd) if err := system.Setns(fd, 0); err != nil { closeFds() return -1, fmt.Errorf("setns %s", err) @@ -52,8 +61,7 @@ func (ns *linuxNs) ExecIn(container *libcontainer.Container, nspid int, args []s // if the container has a new pid and mount namespace we need to // remount proc and sys to pick up the changes - if container.Namespaces.Contains("NEWNS") && container.Namespaces.Contains("NEWPID") { - ns.logger.Println("forking to remount /proc and /sys") + if container.Namespaces["NEWNS"] && container.Namespaces["NEWPID"] { pid, err := system.Fork() if err != nil { return -1, err @@ -63,10 +71,10 @@ func (ns *linuxNs) ExecIn(container *libcontainer.Container, nspid int, args []s if err := system.Unshare(syscall.CLONE_NEWNS); err != nil { return -1, err } - if err := remountProc(); err != nil { + if err := mount.RemountProc(); err != nil { return -1, fmt.Errorf("remount proc %s", err) } - if err := remountSys(); err != nil { + if err := mount.RemountSys(); err != nil { return -1, fmt.Errorf("remount sys %s", err) } goto dropAndExec @@ -82,7 +90,7 @@ func (ns *linuxNs) ExecIn(container *libcontainer.Container, nspid int, args []s os.Exit(state.Sys().(syscall.WaitStatus).ExitStatus()) } dropAndExec: - if err := finalizeNamespace(container); err != nil { + if err := FinalizeNamespace(container); err != nil { return -1, err } err = label.SetProcessLabel(processLabel) @@ -95,14 +103,19 @@ dropAndExec: panic("unreachable") } -func (ns *linuxNs) getNsFds(pid int, container *libcontainer.Container) ([]uintptr, error) { - fds := make([]uintptr, len(container.Namespaces)) - for i, ns := range container.Namespaces { - f, err := os.OpenFile(filepath.Join("/proc/", strconv.Itoa(pid), "ns", ns.File), os.O_RDONLY, 0) - if err != nil { - return fds, err +func getNsFds(pid int, container *libcontainer.Container) ([]uintptr, error) { + fds := []uintptr{} + + for key, enabled := range container.Namespaces { + if enabled { + if ns := libcontainer.GetNamespace(key); ns != nil { + f, err := os.OpenFile(filepath.Join("/proc/", strconv.Itoa(pid), "ns", ns.File), os.O_RDONLY, 0) + if err != nil { + return fds, err + } + fds = append(fds, f.Fd()) + } } - fds[i] = f.Fd() } return fds, nil } diff --git a/pkg/libcontainer/nsinit/init.go b/pkg/libcontainer/nsinit/init.go index b6c02eafd5..3bbcfcc654 100644 --- a/pkg/libcontainer/nsinit/init.go +++ b/pkg/libcontainer/nsinit/init.go @@ -6,13 +6,17 @@ import ( "fmt" "os" "runtime" + "strings" "syscall" + "github.com/dotcloud/docker/pkg/apparmor" "github.com/dotcloud/docker/pkg/label" "github.com/dotcloud/docker/pkg/libcontainer" - "github.com/dotcloud/docker/pkg/libcontainer/apparmor" - "github.com/dotcloud/docker/pkg/libcontainer/capabilities" + "github.com/dotcloud/docker/pkg/libcontainer/console" + "github.com/dotcloud/docker/pkg/libcontainer/mount" "github.com/dotcloud/docker/pkg/libcontainer/network" + "github.com/dotcloud/docker/pkg/libcontainer/security/capabilities" + "github.com/dotcloud/docker/pkg/libcontainer/security/restrict" "github.com/dotcloud/docker/pkg/libcontainer/utils" "github.com/dotcloud/docker/pkg/system" "github.com/dotcloud/docker/pkg/user" @@ -20,36 +24,35 @@ import ( // Init is the init process that first runs inside a new namespace to setup mounts, users, networking, // and other options required for the new container. -func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, console string, syncPipe *SyncPipe, args []string) error { +func Init(container *libcontainer.Container, uncleanRootfs, consolePath string, syncPipe *SyncPipe, args []string) error { rootfs, err := utils.ResolveRootfs(uncleanRootfs) if err != nil { return err } + // clear the current processes env and replace it with the environment + // defined on the container + if err := LoadContainerEnvironment(container); err != nil { + return err + } + // We always read this as it is a way to sync with the parent as well - ns.logger.Printf("reading from sync pipe fd %d\n", syncPipe.child.Fd()) context, err := syncPipe.ReadFromParent() if err != nil { syncPipe.Close() return err } - ns.logger.Println("received context from parent") syncPipe.Close() - if console != "" { - ns.logger.Printf("setting up %s as console\n", console) - slave, err := system.OpenTerminal(console, syscall.O_RDWR) - if err != nil { - return fmt.Errorf("open terminal %s", err) - } - if err := dupSlave(slave); err != nil { - return fmt.Errorf("dup2 slave %s", err) + if consolePath != "" { + if err := console.OpenAndDup(consolePath); err != nil { + return err } } if _, err := system.Setsid(); err != nil { return fmt.Errorf("setsid %s", err) } - if console != "" { + if consolePath != "" { if err := system.Setctty(); err != nil { return fmt.Errorf("setctty %s", err) } @@ -59,72 +62,49 @@ func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, consol } label.Init() - ns.logger.Println("setup mount namespace") - if err := setupNewMountNamespace(rootfs, container.Mounts, console, container.ReadonlyFs, container.NoPivotRoot, container.Context["mount_label"]); err != nil { + + if err := mount.InitializeMountNamespace(rootfs, consolePath, container); err != nil { return fmt.Errorf("setup mount namespace %s", err) } - if err := system.Sethostname(container.Hostname); err != nil { - return fmt.Errorf("sethostname %s", err) - } - if err := finalizeNamespace(container); err != nil { - return fmt.Errorf("finalize namespace %s", err) + if container.Hostname != "" { + if err := system.Sethostname(container.Hostname); err != nil { + return fmt.Errorf("sethostname %s", err) + } } - if profile := container.Context["apparmor_profile"]; profile != "" { - ns.logger.Printf("setting apparmor profile %s\n", profile) - if err := apparmor.ApplyProfile(os.Getpid(), profile); err != nil { + runtime.LockOSThread() + + if err := apparmor.ApplyProfile(container.Context["apparmor_profile"]); err != nil { + return fmt.Errorf("set apparmor profile %s: %s", container.Context["apparmor_profile"], err) + } + if err := label.SetProcessLabel(container.Context["process_label"]); err != nil { + return fmt.Errorf("set process label %s", err) + } + if container.Context["restrictions"] != "" { + if err := restrict.Restrict("proc", "sys"); err != nil { return err } } - runtime.LockOSThread() - if err := label.SetProcessLabel(container.Context["process_label"]); err != nil { - return fmt.Errorf("SetProcessLabel label %s", err) + if err := FinalizeNamespace(container); err != nil { + return fmt.Errorf("finalize namespace %s", err) } - ns.logger.Printf("execing %s\n", args[0]) return system.Execv(args[0], args[0:], container.Env) } -func setupUser(container *libcontainer.Container) error { - switch container.User { - case "root", "": - if err := system.Setgroups(nil); err != nil { - return err - } - if err := system.Setresgid(0, 0, 0); err != nil { - return err - } - if err := system.Setresuid(0, 0, 0); err != nil { - return err - } - default: - uid, gid, suppGids, err := user.GetUserGroupSupplementary(container.User, syscall.Getuid(), syscall.Getgid()) - if err != nil { - return err - } - if err := system.Setgroups(suppGids); err != nil { - return err - } - if err := system.Setgid(gid); err != nil { - return err - } - if err := system.Setuid(uid); err != nil { - return err - } +// SetupUser changes the groups, gid, and uid for the user inside the container +func SetupUser(u string) error { + uid, gid, suppGids, err := user.GetUserGroupSupplementary(u, syscall.Getuid(), syscall.Getgid()) + if err != nil { + return fmt.Errorf("get supplementary groups %s", err) } - return nil -} - -// dupSlave dup2 the pty slave's fd into stdout and stdin and ensures that -// the slave's fd is 0, or stdin -func dupSlave(slave *os.File) error { - if err := system.Dup2(slave.Fd(), 0); err != nil { - return err + if err := system.Setgroups(suppGids); err != nil { + return fmt.Errorf("setgroups %s", err) } - if err := system.Dup2(slave.Fd(), 1); err != nil { - return err + if err := system.Setgid(gid); err != nil { + return fmt.Errorf("setgid %s", err) } - if err := system.Dup2(slave.Fd(), 2); err != nil { - return err + if err := system.Setuid(uid); err != nil { + return fmt.Errorf("setuid %s", err) } return nil } @@ -147,13 +127,17 @@ func setupNetwork(container *libcontainer.Container, context libcontainer.Contex return nil } -// finalizeNamespace drops the caps and sets the correct user -// and working dir before execing the command inside the namespace -func finalizeNamespace(container *libcontainer.Container) error { +// FinalizeNamespace drops the caps, sets the correct user +// and working dir, and closes any leaky file descriptors +// before execing the command inside the namespace +func FinalizeNamespace(container *libcontainer.Container) error { if err := capabilities.DropCapabilities(container); err != nil { return fmt.Errorf("drop capabilities %s", err) } - if err := setupUser(container); err != nil { + if err := system.CloseFdsFrom(3); err != nil { + return fmt.Errorf("close open file descriptors %s", err) + } + if err := SetupUser(container.User); err != nil { return fmt.Errorf("setup user %s", err) } if container.WorkingDir != "" { @@ -163,3 +147,14 @@ func finalizeNamespace(container *libcontainer.Container) error { } return nil } + +func LoadContainerEnvironment(container *libcontainer.Container) error { + os.Clearenv() + for _, pair := range container.Env { + p := strings.SplitN(pair, "=", 2) + if err := os.Setenv(p[0], p[1]); err != nil { + return err + } + } + return nil +} diff --git a/pkg/libcontainer/nsinit/mount.go b/pkg/libcontainer/nsinit/mount.go deleted file mode 100644 index 3b0cf13bc9..0000000000 --- a/pkg/libcontainer/nsinit/mount.go +++ /dev/null @@ -1,265 +0,0 @@ -// +build linux - -package nsinit - -import ( - "fmt" - "github.com/dotcloud/docker/pkg/label" - "github.com/dotcloud/docker/pkg/libcontainer" - "github.com/dotcloud/docker/pkg/system" - "io/ioutil" - "os" - "path/filepath" - "syscall" -) - -// default mount point flags -const defaultMountFlags = syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NODEV - -// setupNewMountNamespace is used to initialize a new mount namespace for an new -// container in the rootfs that is specified. -// -// There is no need to unmount the new mounts because as soon as the mount namespace -// is no longer in use, the mounts will be removed automatically -func setupNewMountNamespace(rootfs string, bindMounts []libcontainer.Mount, console string, readonly, noPivotRoot bool, mountLabel string) error { - flag := syscall.MS_PRIVATE - if noPivotRoot { - flag = syscall.MS_SLAVE - } - if err := system.Mount("", "/", "", uintptr(flag|syscall.MS_REC), ""); err != nil { - return fmt.Errorf("mounting / as slave %s", err) - } - if err := system.Mount(rootfs, rootfs, "bind", syscall.MS_BIND|syscall.MS_REC, ""); err != nil { - return fmt.Errorf("mouting %s as bind %s", rootfs, err) - } - if err := mountSystem(rootfs, mountLabel); err != nil { - return fmt.Errorf("mount system %s", err) - } - - for _, m := range bindMounts { - var ( - flags = syscall.MS_BIND | syscall.MS_REC - dest = filepath.Join(rootfs, m.Destination) - ) - if !m.Writable { - flags = flags | syscall.MS_RDONLY - } - if err := system.Mount(m.Source, dest, "bind", uintptr(flags), ""); err != nil { - return fmt.Errorf("mounting %s into %s %s", m.Source, dest, err) - } - if !m.Writable { - if err := system.Mount(m.Source, dest, "bind", uintptr(flags|syscall.MS_REMOUNT), ""); err != nil { - return fmt.Errorf("remounting %s into %s %s", m.Source, dest, err) - } - } - if m.Private { - if err := system.Mount("", dest, "none", uintptr(syscall.MS_PRIVATE), ""); err != nil { - return fmt.Errorf("mounting %s private %s", dest, err) - } - } - } - - if err := copyDevNodes(rootfs); err != nil { - return fmt.Errorf("copy dev nodes %s", err) - } - if err := setupPtmx(rootfs, console, mountLabel); err != nil { - return err - } - if err := system.Chdir(rootfs); err != nil { - return fmt.Errorf("chdir into %s %s", rootfs, err) - } - - if noPivotRoot { - if err := rootMsMove(rootfs); err != nil { - return err - } - } else { - if err := rootPivot(rootfs); err != nil { - return err - } - } - - if readonly { - if err := system.Mount("/", "/", "bind", syscall.MS_BIND|syscall.MS_REMOUNT|syscall.MS_RDONLY|syscall.MS_REC, ""); err != nil { - return fmt.Errorf("mounting %s as readonly %s", rootfs, err) - } - } - - system.Umask(0022) - - return nil -} - -// use a pivot root to setup the rootfs -func rootPivot(rootfs string) error { - pivotDir, err := ioutil.TempDir(rootfs, ".pivot_root") - if err != nil { - return fmt.Errorf("can't create pivot_root dir %s", pivotDir, err) - } - if err := system.Pivotroot(rootfs, pivotDir); err != nil { - return fmt.Errorf("pivot_root %s", err) - } - if err := system.Chdir("/"); err != nil { - return fmt.Errorf("chdir / %s", err) - } - // path to pivot dir now changed, update - pivotDir = filepath.Join("/", filepath.Base(pivotDir)) - if err := system.Unmount(pivotDir, syscall.MNT_DETACH); err != nil { - return fmt.Errorf("unmount pivot_root dir %s", err) - } - if err := os.Remove(pivotDir); err != nil { - return fmt.Errorf("remove pivot_root dir %s", err) - } - return nil -} - -// use MS_MOVE and chroot to setup the rootfs -func rootMsMove(rootfs string) error { - if err := system.Mount(rootfs, "/", "", syscall.MS_MOVE, ""); err != nil { - return fmt.Errorf("mount move %s into / %s", rootfs, err) - } - if err := system.Chroot("."); err != nil { - return fmt.Errorf("chroot . %s", err) - } - if err := system.Chdir("/"); err != nil { - return fmt.Errorf("chdir / %s", err) - } - return nil -} - -// copyDevNodes mknods the hosts devices so the new container has access to them -func copyDevNodes(rootfs string) error { - oldMask := system.Umask(0000) - defer system.Umask(oldMask) - - for _, node := range []string{ - "null", - "zero", - "full", - "random", - "urandom", - "tty", - } { - if err := copyDevNode(rootfs, node); err != nil { - return err - } - } - return nil -} - -func copyDevNode(rootfs, node string) error { - stat, err := os.Stat(filepath.Join("/dev", node)) - if err != nil { - return err - } - var ( - dest = filepath.Join(rootfs, "dev", node) - st = stat.Sys().(*syscall.Stat_t) - ) - if err := system.Mknod(dest, st.Mode, int(st.Rdev)); err != nil && !os.IsExist(err) { - return fmt.Errorf("copy %s %s", node, err) - } - return nil -} - -// setupConsole ensures that the container has a proper /dev/console setup -func setupConsole(rootfs, console string, mountLabel string) error { - oldMask := system.Umask(0000) - defer system.Umask(oldMask) - - stat, err := os.Stat(console) - if err != nil { - return fmt.Errorf("stat console %s %s", console, err) - } - var ( - st = stat.Sys().(*syscall.Stat_t) - dest = filepath.Join(rootfs, "dev/console") - ) - if err := os.Remove(dest); err != nil && !os.IsNotExist(err) { - return fmt.Errorf("remove %s %s", dest, err) - } - if err := os.Chmod(console, 0600); err != nil { - return err - } - if err := os.Chown(console, 0, 0); err != nil { - return err - } - if err := system.Mknod(dest, (st.Mode&^07777)|0600, int(st.Rdev)); err != nil { - return fmt.Errorf("mknod %s %s", dest, err) - } - if err := label.SetFileLabel(console, mountLabel); err != nil { - return fmt.Errorf("SetFileLabel Failed %s %s", dest, err) - } - if err := system.Mount(console, dest, "bind", syscall.MS_BIND, ""); err != nil { - return fmt.Errorf("bind %s to %s %s", console, dest, err) - } - return nil -} - -// mountSystem sets up linux specific system mounts like sys, proc, shm, and devpts -// inside the mount namespace -func mountSystem(rootfs string, mountLabel string) error { - for _, m := range []struct { - source string - path string - device string - flags int - data string - }{ - {source: "proc", path: filepath.Join(rootfs, "proc"), device: "proc", flags: defaultMountFlags}, - {source: "sysfs", path: filepath.Join(rootfs, "sys"), device: "sysfs", flags: defaultMountFlags}, - {source: "shm", path: filepath.Join(rootfs, "dev", "shm"), device: "tmpfs", flags: defaultMountFlags, data: label.FormatMountLabel("mode=1755,size=65536k", mountLabel)}, - {source: "devpts", path: filepath.Join(rootfs, "dev", "pts"), device: "devpts", flags: syscall.MS_NOSUID | syscall.MS_NOEXEC, data: label.FormatMountLabel("newinstance,ptmxmode=0666,mode=620,gid=5", mountLabel)}, - } { - if err := os.MkdirAll(m.path, 0755); err != nil && !os.IsExist(err) { - return fmt.Errorf("mkdirall %s %s", m.path, err) - } - if err := system.Mount(m.source, m.path, m.device, uintptr(m.flags), m.data); err != nil { - return fmt.Errorf("mounting %s into %s %s", m.source, m.path, err) - } - } - return nil -} - -// setupPtmx adds a symlink to pts/ptmx for /dev/ptmx and -// finishes setting up /dev/console -func setupPtmx(rootfs, console string, mountLabel string) error { - ptmx := filepath.Join(rootfs, "dev/ptmx") - if err := os.Remove(ptmx); err != nil && !os.IsNotExist(err) { - return err - } - if err := os.Symlink("pts/ptmx", ptmx); err != nil { - return fmt.Errorf("symlink dev ptmx %s", err) - } - if console != "" { - if err := setupConsole(rootfs, console, mountLabel); err != nil { - return err - } - } - return nil -} - -// remountProc is used to detach and remount the proc filesystem -// commonly needed with running a new process inside an existing container -func remountProc() error { - if err := system.Unmount("/proc", syscall.MNT_DETACH); err != nil { - return err - } - if err := system.Mount("proc", "/proc", "proc", uintptr(defaultMountFlags), ""); err != nil { - return err - } - return nil -} - -func remountSys() error { - if err := system.Unmount("/sys", syscall.MNT_DETACH); err != nil { - if err != syscall.EINVAL { - return err - } - } else { - if err := system.Mount("sysfs", "/sys", "sysfs", uintptr(defaultMountFlags), ""); err != nil { - return err - } - } - return nil -} diff --git a/pkg/libcontainer/nsinit/nsinit.go b/pkg/libcontainer/nsinit/nsinit.go deleted file mode 100644 index c308692af6..0000000000 --- a/pkg/libcontainer/nsinit/nsinit.go +++ /dev/null @@ -1,29 +0,0 @@ -package nsinit - -import ( - "github.com/dotcloud/docker/pkg/libcontainer" - "log" -) - -// NsInit is an interface with the public facing methods to provide high level -// exec operations on a container -type NsInit interface { - Exec(container *libcontainer.Container, term Terminal, args []string) (int, error) - ExecIn(container *libcontainer.Container, nspid int, args []string) (int, error) - Init(container *libcontainer.Container, uncleanRootfs, console string, syncPipe *SyncPipe, args []string) error -} - -type linuxNs struct { - root string - commandFactory CommandFactory - stateWriter StateWriter - logger *log.Logger -} - -func NewNsInit(command CommandFactory, state StateWriter, logger *log.Logger) NsInit { - return &linuxNs{ - commandFactory: command, - stateWriter: state, - logger: logger, - } -} diff --git a/pkg/libcontainer/nsinit/nsinit/main.go b/pkg/libcontainer/nsinit/nsinit/main.go index 37aa784981..b5325d40b3 100644 --- a/pkg/libcontainer/nsinit/nsinit/main.go +++ b/pkg/libcontainer/nsinit/nsinit/main.go @@ -2,8 +2,6 @@ package main import ( "encoding/json" - "flag" - "io" "io/ioutil" "log" "os" @@ -15,80 +13,65 @@ import ( ) var ( - root, console, logs string - pipeFd int + dataPath = os.Getenv("data_path") + console = os.Getenv("console") + rawPipeFd = os.Getenv("pipe") ) -func registerFlags() { - flag.StringVar(&console, "console", "", "console (pty slave) path") - flag.IntVar(&pipeFd, "pipe", 0, "sync pipe fd") - flag.StringVar(&root, "root", ".", "root for storing configuration data") - flag.StringVar(&logs, "log", "none", "set stderr or a filepath to enable logging") - - flag.Parse() -} - func main() { - registerFlags() - - if flag.NArg() < 1 { - log.Fatalf("wrong number of argments %d", flag.NArg()) + if len(os.Args) < 2 { + log.Fatalf("invalid number of arguments %d", len(os.Args)) } + container, err := loadContainer() if err != nil { - log.Fatalf("Unable to load container: %s", err) - } - l, err := getLogger("[exec] ") - if err != nil { - log.Fatal(err) + log.Fatalf("unable to load container: %s", err) } - ns, err := newNsInit(l) - if err != nil { - log.Fatalf("Unable to initialize nsinit: %s", err) - } - - switch flag.Arg(0) { + switch os.Args[1] { case "exec": // this is executed outside of the namespace in the cwd - var exitCode int - nspid, err := readPid() - if err != nil { - if !os.IsNotExist(err) { - l.Fatalf("Unable to read pid: %s", err) - } + var nspid, exitCode int + if nspid, err = readPid(); err != nil && !os.IsNotExist(err) { + log.Fatalf("unable to read pid: %s", err) } + if nspid > 0 { - exitCode, err = ns.ExecIn(container, nspid, flag.Args()[1:]) + exitCode, err = nsinit.ExecIn(container, nspid, os.Args[2:]) } else { term := nsinit.NewTerminal(os.Stdin, os.Stdout, os.Stderr, container.Tty) - exitCode, err = ns.Exec(container, term, flag.Args()[1:]) + exitCode, err = nsinit.Exec(container, term, "", dataPath, os.Args[2:], nsinit.DefaultCreateCommand, nil) } + if err != nil { - l.Fatalf("Failed to exec: %s", err) + log.Fatalf("failed to exec: %s", err) } os.Exit(exitCode) case "init": // this is executed inside of the namespace to setup the container - cwd, err := os.Getwd() + // by default our current dir is always our rootfs + rootfs, err := os.Getwd() if err != nil { - l.Fatal(err) + log.Fatal(err) } - if flag.NArg() < 2 { - l.Fatalf("wrong number of argments %d", flag.NArg()) + + pipeFd, err := strconv.Atoi(rawPipeFd) + if err != nil { + log.Fatal(err) } syncPipe, err := nsinit.NewSyncPipeFromFd(0, uintptr(pipeFd)) if err != nil { - l.Fatalf("Unable to create sync pipe: %s", err) + log.Fatalf("unable to create sync pipe: %s", err) } - if err := ns.Init(container, cwd, console, syncPipe, flag.Args()[1:]); err != nil { - l.Fatalf("Unable to initialize for container: %s", err) + + if err := nsinit.Init(container, rootfs, console, syncPipe, os.Args[2:]); err != nil { + log.Fatalf("unable to initialize for container: %s", err) } default: - l.Fatalf("command not supported for nsinit %s", flag.Arg(0)) + log.Fatalf("command not supported for nsinit %s", os.Args[0]) } } func loadContainer() (*libcontainer.Container, error) { - f, err := os.Open(filepath.Join(root, "container.json")) + f, err := os.Open(filepath.Join(dataPath, "container.json")) if err != nil { return nil, err } @@ -102,7 +85,7 @@ func loadContainer() (*libcontainer.Container, error) { } func readPid() (int, error) { - data, err := ioutil.ReadFile(filepath.Join(root, "pid")) + data, err := ioutil.ReadFile(filepath.Join(dataPath, "pid")) if err != nil { return -1, err } @@ -112,24 +95,3 @@ func readPid() (int, error) { } return pid, nil } - -func newNsInit(l *log.Logger) (nsinit.NsInit, error) { - return nsinit.NewNsInit(&nsinit.DefaultCommandFactory{root}, &nsinit.DefaultStateWriter{root}, l), nil -} - -func getLogger(prefix string) (*log.Logger, error) { - var w io.Writer - switch logs { - case "", "none": - w = ioutil.Discard - case "stderr": - w = os.Stderr - default: // we have a filepath - f, err := os.OpenFile(logs, os.O_CREATE|os.O_RDWR|os.O_APPEND, 0755) - if err != nil { - return nil, err - } - w = f - } - return log.New(w, prefix, log.LstdFlags), nil -} diff --git a/pkg/libcontainer/nsinit/pid.go b/pkg/libcontainer/nsinit/pid.go new file mode 100644 index 0000000000..bba2f10e1b --- /dev/null +++ b/pkg/libcontainer/nsinit/pid.go @@ -0,0 +1,28 @@ +package nsinit + +import ( + "fmt" + "io/ioutil" + "os" + "path/filepath" +) + +// WritePid writes the namespaced processes pid to pid and it's start time +// to the path specified +func WritePid(path string, pid int, startTime string) error { + err := ioutil.WriteFile(filepath.Join(path, "pid"), []byte(fmt.Sprint(pid)), 0655) + if err != nil { + return err + } + return ioutil.WriteFile(filepath.Join(path, "start"), []byte(startTime), 0655) +} + +// DeletePid removes the pid and started file from disk when the container's process +// dies and the container is cleanly removed +func DeletePid(path string) error { + err := os.Remove(filepath.Join(path, "pid")) + if serr := os.Remove(filepath.Join(path, "start")); err == nil { + err = serr + } + return err +} diff --git a/pkg/libcontainer/nsinit/state.go b/pkg/libcontainer/nsinit/state.go deleted file mode 100644 index 26d7fa4230..0000000000 --- a/pkg/libcontainer/nsinit/state.go +++ /dev/null @@ -1,36 +0,0 @@ -package nsinit - -import ( - "fmt" - "io/ioutil" - "os" - "path/filepath" -) - -// StateWriter handles writing and deleting the pid file -// on disk -type StateWriter interface { - WritePid(pid int, startTime string) error - DeletePid() error -} - -type DefaultStateWriter struct { - Root string -} - -// writePidFile writes the namespaced processes pid to pid in the rootfs for the container -func (d *DefaultStateWriter) WritePid(pid int, startTime string) error { - err := ioutil.WriteFile(filepath.Join(d.Root, "pid"), []byte(fmt.Sprint(pid)), 0655) - if err != nil { - return err - } - return ioutil.WriteFile(filepath.Join(d.Root, "start"), []byte(startTime), 0655) -} - -func (d *DefaultStateWriter) DeletePid() error { - err := os.Remove(filepath.Join(d.Root, "pid")) - if serr := os.Remove(filepath.Join(d.Root, "start")); err == nil { - err = serr - } - return err -} diff --git a/pkg/libcontainer/nsinit/std_term.go b/pkg/libcontainer/nsinit/std_term.go new file mode 100644 index 0000000000..2b8201a71b --- /dev/null +++ b/pkg/libcontainer/nsinit/std_term.go @@ -0,0 +1,49 @@ +package nsinit + +import ( + "io" + "os" + "os/exec" +) + +type StdTerminal struct { + stdin io.Reader + stdout, stderr io.Writer +} + +func (s *StdTerminal) SetMaster(*os.File) { + // no need to set master on non tty +} + +func (s *StdTerminal) Close() error { + return nil +} + +func (s *StdTerminal) Resize(h, w int) error { + return nil +} + +func (s *StdTerminal) Attach(command *exec.Cmd) error { + inPipe, err := command.StdinPipe() + if err != nil { + return err + } + outPipe, err := command.StdoutPipe() + if err != nil { + return err + } + errPipe, err := command.StderrPipe() + if err != nil { + return err + } + + go func() { + defer inPipe.Close() + io.Copy(inPipe, s.stdin) + }() + + go io.Copy(s.stdout, outPipe) + go io.Copy(s.stderr, errPipe) + + return nil +} diff --git a/pkg/libcontainer/nsinit/sync_pipe.go b/pkg/libcontainer/nsinit/sync_pipe.go index f724f525f0..d0bfdda865 100644 --- a/pkg/libcontainer/nsinit/sync_pipe.go +++ b/pkg/libcontainer/nsinit/sync_pipe.go @@ -3,9 +3,10 @@ package nsinit import ( "encoding/json" "fmt" - "github.com/dotcloud/docker/pkg/libcontainer" "io/ioutil" "os" + + "github.com/dotcloud/docker/pkg/libcontainer" ) // SyncPipe allows communication to and from the child processes @@ -36,6 +37,14 @@ func NewSyncPipeFromFd(parendFd, childFd uintptr) (*SyncPipe, error) { return s, nil } +func (s *SyncPipe) Child() *os.File { + return s.child +} + +func (s *SyncPipe) Parent() *os.File { + return s.parent +} + func (s *SyncPipe) SendToChild(context libcontainer.Context) error { data, err := json.Marshal(context) if err != nil { diff --git a/pkg/libcontainer/nsinit/term.go b/pkg/libcontainer/nsinit/term.go index 58dccab2b8..5fc801ab53 100644 --- a/pkg/libcontainer/nsinit/term.go +++ b/pkg/libcontainer/nsinit/term.go @@ -1,7 +1,6 @@ package nsinit import ( - "github.com/dotcloud/docker/pkg/term" "io" "os" "os/exec" @@ -28,91 +27,3 @@ func NewTerminal(stdin io.Reader, stdout, stderr io.Writer, tty bool) Terminal { stderr: stderr, } } - -type TtyTerminal struct { - stdin io.Reader - stdout, stderr io.Writer - master *os.File - state *term.State -} - -func (t *TtyTerminal) Resize(h, w int) error { - return term.SetWinsize(t.master.Fd(), &term.Winsize{Height: uint16(h), Width: uint16(w)}) -} - -func (t *TtyTerminal) SetMaster(master *os.File) { - t.master = master -} - -func (t *TtyTerminal) Attach(command *exec.Cmd) error { - go io.Copy(t.stdout, t.master) - go io.Copy(t.master, t.stdin) - - state, err := t.setupWindow(t.master, os.Stdin) - if err != nil { - command.Process.Kill() - return err - } - t.state = state - return err -} - -// SetupWindow gets the parent window size and sets the master -// pty to the current size and set the parents mode to RAW -func (t *TtyTerminal) setupWindow(master, parent *os.File) (*term.State, error) { - ws, err := term.GetWinsize(parent.Fd()) - if err != nil { - return nil, err - } - if err := term.SetWinsize(master.Fd(), ws); err != nil { - return nil, err - } - return term.SetRawTerminal(parent.Fd()) -} - -func (t *TtyTerminal) Close() error { - term.RestoreTerminal(os.Stdin.Fd(), t.state) - return t.master.Close() -} - -type StdTerminal struct { - stdin io.Reader - stdout, stderr io.Writer -} - -func (s *StdTerminal) SetMaster(*os.File) { - // no need to set master on non tty -} - -func (s *StdTerminal) Close() error { - return nil -} - -func (s *StdTerminal) Resize(h, w int) error { - return nil -} - -func (s *StdTerminal) Attach(command *exec.Cmd) error { - inPipe, err := command.StdinPipe() - if err != nil { - return err - } - outPipe, err := command.StdoutPipe() - if err != nil { - return err - } - errPipe, err := command.StderrPipe() - if err != nil { - return err - } - - go func() { - defer inPipe.Close() - io.Copy(inPipe, s.stdin) - }() - - go io.Copy(s.stdout, outPipe) - go io.Copy(s.stderr, errPipe) - - return nil -} diff --git a/pkg/libcontainer/nsinit/tty_term.go b/pkg/libcontainer/nsinit/tty_term.go new file mode 100644 index 0000000000..fcbd085c82 --- /dev/null +++ b/pkg/libcontainer/nsinit/tty_term.go @@ -0,0 +1,55 @@ +package nsinit + +import ( + "io" + "os" + "os/exec" + + "github.com/dotcloud/docker/pkg/term" +) + +type TtyTerminal struct { + stdin io.Reader + stdout, stderr io.Writer + master *os.File + state *term.State +} + +func (t *TtyTerminal) Resize(h, w int) error { + return term.SetWinsize(t.master.Fd(), &term.Winsize{Height: uint16(h), Width: uint16(w)}) +} + +func (t *TtyTerminal) SetMaster(master *os.File) { + t.master = master +} + +func (t *TtyTerminal) Attach(command *exec.Cmd) error { + go io.Copy(t.stdout, t.master) + go io.Copy(t.master, t.stdin) + + state, err := t.setupWindow(t.master, os.Stdin) + if err != nil { + command.Process.Kill() + return err + } + t.state = state + return err +} + +// SetupWindow gets the parent window size and sets the master +// pty to the current size and set the parents mode to RAW +func (t *TtyTerminal) setupWindow(master, parent *os.File) (*term.State, error) { + ws, err := term.GetWinsize(parent.Fd()) + if err != nil { + return nil, err + } + if err := term.SetWinsize(master.Fd(), ws); err != nil { + return nil, err + } + return term.SetRawTerminal(parent.Fd()) +} + +func (t *TtyTerminal) Close() error { + term.RestoreTerminal(os.Stdin.Fd(), t.state) + return t.master.Close() +} diff --git a/pkg/libcontainer/nsinit/unsupported.go b/pkg/libcontainer/nsinit/unsupported.go index 2412223d28..929b3dba5b 100644 --- a/pkg/libcontainer/nsinit/unsupported.go +++ b/pkg/libcontainer/nsinit/unsupported.go @@ -3,17 +3,26 @@ package nsinit import ( + "github.com/dotcloud/docker/pkg/cgroups" "github.com/dotcloud/docker/pkg/libcontainer" ) -func (ns *linuxNs) Exec(container *libcontainer.Container, term Terminal, args []string) (int, error) { +func Exec(container *libcontainer.Container, term Terminal, rootfs, dataPath string, args []string, createCommand CreateCommand, startCallback func()) (int, error) { return -1, libcontainer.ErrUnsupported } -func (ns *linuxNs) ExecIn(container *libcontainer.Container, nspid int, args []string) (int, error) { - return -1, libcontainer.ErrUnsupported -} - -func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, console string, syncPipe *SyncPipe, args []string) error { +func Init(container *libcontainer.Container, uncleanRootfs, consolePath string, syncPipe *SyncPipe, args []string) error { return libcontainer.ErrUnsupported } + +func InitializeNetworking(container *libcontainer.Container, nspid int, pipe *SyncPipe) error { + return libcontainer.ErrUnsupported +} + +func SetupCgroups(container *libcontainer.Container, nspid int) (cgroups.ActiveCgroup, error) { + return nil, libcontainer.ErrUnsupported +} + +func GetNamespaceFlags(namespaces map[string]bool) (flag int) { + return 0 +} diff --git a/pkg/libcontainer/capabilities/capabilities.go b/pkg/libcontainer/security/capabilities/capabilities.go similarity index 83% rename from pkg/libcontainer/capabilities/capabilities.go rename to pkg/libcontainer/security/capabilities/capabilities.go index 4b81e708c7..ad13e672c7 100644 --- a/pkg/libcontainer/capabilities/capabilities.go +++ b/pkg/libcontainer/security/capabilities/capabilities.go @@ -1,9 +1,10 @@ package capabilities import ( + "os" + "github.com/dotcloud/docker/pkg/libcontainer" "github.com/syndtr/gocapability/capability" - "os" ) // DropCapabilities drops capabilities for the current process based @@ -26,9 +27,11 @@ func DropCapabilities(container *libcontainer.Container) error { // getCapabilitiesMask returns the specific cap mask values for the libcontainer types func getCapabilitiesMask(container *libcontainer.Container) []capability.Cap { drop := []capability.Cap{} - for _, c := range container.CapabilitiesMask { - if !c.Enabled { - drop = append(drop, c.Value) + for key, enabled := range container.CapabilitiesMask { + if !enabled { + if c := libcontainer.GetCapability(key); c != nil { + drop = append(drop, c.Value) + } } } return drop diff --git a/pkg/libcontainer/security/restrict/restrict.go b/pkg/libcontainer/security/restrict/restrict.go new file mode 100644 index 0000000000..e1296b1d7f --- /dev/null +++ b/pkg/libcontainer/security/restrict/restrict.go @@ -0,0 +1,25 @@ +// +build linux + +package restrict + +import ( + "fmt" + "syscall" + + "github.com/dotcloud/docker/pkg/system" +) + +// This has to be called while the container still has CAP_SYS_ADMIN (to be able to perform mounts). +// However, afterwards, CAP_SYS_ADMIN should be dropped (otherwise the user will be able to revert those changes). +func Restrict(mounts ...string) error { + // remount proc and sys as readonly + for _, dest := range mounts { + if err := system.Mount("", dest, "", syscall.MS_REMOUNT|syscall.MS_RDONLY, ""); err != nil { + return fmt.Errorf("unable to remount %s readonly: %s", dest, err) + } + } + if err := system.Mount("/dev/null", "/proc/kcore", "", syscall.MS_BIND, ""); err != nil { + return fmt.Errorf("unable to bind-mount /dev/null over /proc/kcore") + } + return nil +} diff --git a/pkg/libcontainer/security/restrict/unsupported.go b/pkg/libcontainer/security/restrict/unsupported.go new file mode 100644 index 0000000000..464e8d498d --- /dev/null +++ b/pkg/libcontainer/security/restrict/unsupported.go @@ -0,0 +1,9 @@ +// +build !linux + +package restrict + +import "fmt" + +func Restrict() error { + return fmt.Errorf("not supported") +} diff --git a/pkg/libcontainer/types.go b/pkg/libcontainer/types.go index ffeb55a022..8f056c817d 100644 --- a/pkg/libcontainer/types.go +++ b/pkg/libcontainer/types.go @@ -2,6 +2,7 @@ package libcontainer import ( "errors" + "github.com/syndtr/gocapability/capability" ) @@ -11,6 +12,26 @@ var ( ErrUnsupported = errors.New("Unsupported method") ) +type Mounts []Mount + +func (s Mounts) OfType(t string) Mounts { + out := Mounts{} + for _, m := range s { + if m.Type == t { + out = append(out, m) + } + } + return out +} + +type Mount struct { + Type string `json:"type,omitempty"` + Source string `json:"source,omitempty"` // Source path, in the host namespace + Destination string `json:"destination,omitempty"` // Destination path, in the container + Writable bool `json:"writable,omitempty"` + Private bool `json:"private,omitempty"` +} + // namespaceList is used to convert the libcontainer types // into the names of the files located in /proc//ns/* for // each namespace @@ -18,30 +39,30 @@ var ( namespaceList = Namespaces{} capabilityList = Capabilities{ - {Key: "SETPCAP", Value: capability.CAP_SETPCAP, Enabled: false}, - {Key: "SYS_MODULE", Value: capability.CAP_SYS_MODULE, Enabled: false}, - {Key: "SYS_RAWIO", Value: capability.CAP_SYS_RAWIO, Enabled: false}, - {Key: "SYS_PACCT", Value: capability.CAP_SYS_PACCT, Enabled: false}, - {Key: "SYS_ADMIN", Value: capability.CAP_SYS_ADMIN, Enabled: false}, - {Key: "SYS_NICE", Value: capability.CAP_SYS_NICE, Enabled: false}, - {Key: "SYS_RESOURCE", Value: capability.CAP_SYS_RESOURCE, Enabled: false}, - {Key: "SYS_TIME", Value: capability.CAP_SYS_TIME, Enabled: false}, - {Key: "SYS_TTY_CONFIG", Value: capability.CAP_SYS_TTY_CONFIG, Enabled: false}, - {Key: "MKNOD", Value: capability.CAP_MKNOD, Enabled: false}, - {Key: "AUDIT_WRITE", Value: capability.CAP_AUDIT_WRITE, Enabled: false}, - {Key: "AUDIT_CONTROL", Value: capability.CAP_AUDIT_CONTROL, Enabled: false}, - {Key: "MAC_OVERRIDE", Value: capability.CAP_MAC_OVERRIDE, Enabled: false}, - {Key: "MAC_ADMIN", Value: capability.CAP_MAC_ADMIN, Enabled: false}, - {Key: "NET_ADMIN", Value: capability.CAP_NET_ADMIN, Enabled: false}, + {Key: "SETPCAP", Value: capability.CAP_SETPCAP}, + {Key: "SYS_MODULE", Value: capability.CAP_SYS_MODULE}, + {Key: "SYS_RAWIO", Value: capability.CAP_SYS_RAWIO}, + {Key: "SYS_PACCT", Value: capability.CAP_SYS_PACCT}, + {Key: "SYS_ADMIN", Value: capability.CAP_SYS_ADMIN}, + {Key: "SYS_NICE", Value: capability.CAP_SYS_NICE}, + {Key: "SYS_RESOURCE", Value: capability.CAP_SYS_RESOURCE}, + {Key: "SYS_TIME", Value: capability.CAP_SYS_TIME}, + {Key: "SYS_TTY_CONFIG", Value: capability.CAP_SYS_TTY_CONFIG}, + {Key: "MKNOD", Value: capability.CAP_MKNOD}, + {Key: "AUDIT_WRITE", Value: capability.CAP_AUDIT_WRITE}, + {Key: "AUDIT_CONTROL", Value: capability.CAP_AUDIT_CONTROL}, + {Key: "MAC_OVERRIDE", Value: capability.CAP_MAC_OVERRIDE}, + {Key: "MAC_ADMIN", Value: capability.CAP_MAC_ADMIN}, + {Key: "NET_ADMIN", Value: capability.CAP_NET_ADMIN}, + {Key: "SYSLOG", Value: capability.CAP_SYSLOG}, } ) type ( Namespace struct { - Key string `json:"key,omitempty"` - Enabled bool `json:"enabled,omitempty"` - Value int `json:"value,omitempty"` - File string `json:"file,omitempty"` + Key string `json:"key,omitempty"` + Value int `json:"value,omitempty"` + File string `json:"file,omitempty"` } Namespaces []*Namespace ) @@ -68,7 +89,7 @@ func (n Namespaces) Contains(ns string) bool { func (n Namespaces) Get(ns string) *Namespace { for _, nsp := range n { - if nsp.Key == ns { + if nsp != nil && nsp.Key == ns { return nsp } } @@ -77,9 +98,8 @@ func (n Namespaces) Get(ns string) *Namespace { type ( Capability struct { - Key string `json:"key,omitempty"` - Enabled bool `json:"enabled"` - Value capability.Cap `json:"value,omitempty"` + Key string `json:"key,omitempty"` + Value capability.Cap `json:"value,omitempty"` } Capabilities []*Capability ) diff --git a/pkg/libcontainer/types_linux.go b/pkg/libcontainer/types_linux.go index 1f937e0c97..c14531df20 100644 --- a/pkg/libcontainer/types_linux.go +++ b/pkg/libcontainer/types_linux.go @@ -6,11 +6,11 @@ import ( func init() { namespaceList = Namespaces{ - {Key: "NEWNS", Value: syscall.CLONE_NEWNS, File: "mnt", Enabled: true}, - {Key: "NEWUTS", Value: syscall.CLONE_NEWUTS, File: "uts", Enabled: true}, - {Key: "NEWIPC", Value: syscall.CLONE_NEWIPC, File: "ipc", Enabled: true}, - {Key: "NEWUSER", Value: syscall.CLONE_NEWUSER, File: "user", Enabled: true}, - {Key: "NEWPID", Value: syscall.CLONE_NEWPID, File: "pid", Enabled: true}, - {Key: "NEWNET", Value: syscall.CLONE_NEWNET, File: "net", Enabled: true}, + {Key: "NEWNS", Value: syscall.CLONE_NEWNS, File: "mnt"}, + {Key: "NEWUTS", Value: syscall.CLONE_NEWUTS, File: "uts"}, + {Key: "NEWIPC", Value: syscall.CLONE_NEWIPC, File: "ipc"}, + {Key: "NEWUSER", Value: syscall.CLONE_NEWUSER, File: "user"}, + {Key: "NEWPID", Value: syscall.CLONE_NEWPID, File: "pid"}, + {Key: "NEWNET", Value: syscall.CLONE_NEWNET, File: "net"}, } } diff --git a/pkg/libcontainer/types_test.go b/pkg/libcontainer/types_test.go index 9735937b76..dd31298fdf 100644 --- a/pkg/libcontainer/types_test.go +++ b/pkg/libcontainer/types_test.go @@ -18,6 +18,15 @@ func TestNamespacesContains(t *testing.T) { if !ns.Contains("NEWPID") { t.Fatal("namespaces should contain NEWPID but does not") } + + withNil := Namespaces{ + GetNamespace("UNDEFINED"), // this element will be nil + GetNamespace("NEWPID"), + } + + if !withNil.Contains("NEWPID") { + t.Fatal("namespaces should contain NEWPID but does not") + } } func TestCapabilitiesContains(t *testing.T) { diff --git a/pkg/netlink/netlink_linux.go b/pkg/netlink/netlink_linux.go index f4aa92ed34..6de293d42a 100644 --- a/pkg/netlink/netlink_linux.go +++ b/pkg/netlink/netlink_linux.go @@ -19,6 +19,7 @@ const ( VETH_INFO_PEER = 1 IFLA_NET_NS_FD = 28 SIOC_BRADDBR = 0x89a0 + SIOC_BRADDIF = 0x89a2 ) var nextSeqNr int @@ -28,6 +29,11 @@ type ifreqHwaddr struct { IfruHwaddr syscall.RawSockaddr } +type ifreqIndex struct { + IfrnName [16]byte + IfruIndex int32 +} + func nativeEndian() binary.ByteOrder { var x uint32 = 0x01020304 if *(*byte)(unsafe.Pointer(&x)) == 0x01 { @@ -842,6 +848,30 @@ func CreateBridge(name string, setMacAddr bool) error { return nil } +// Add a slave to abridge device. This is more backward-compatible than +// netlink.NetworkSetMaster and works on RHEL 6. +func AddToBridge(iface, master *net.Interface) error { + s, err := syscall.Socket(syscall.AF_INET6, syscall.SOCK_STREAM, syscall.IPPROTO_IP) + if err != nil { + // ipv6 issue, creating with ipv4 + s, err = syscall.Socket(syscall.AF_INET, syscall.SOCK_STREAM, syscall.IPPROTO_IP) + if err != nil { + return err + } + } + defer syscall.Close(s) + + ifr := ifreqIndex{} + copy(ifr.IfrnName[:], master.Name) + ifr.IfruIndex = int32(iface.Index) + + if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, uintptr(s), SIOC_BRADDIF, uintptr(unsafe.Pointer(&ifr))); err != 0 { + return err + } + + return nil +} + func setBridgeMacAddress(s int, name string) error { ifr := ifreqHwaddr{} ifr.IfruHwaddr.Family = syscall.ARPHRD_ETHER diff --git a/pkg/netlink/netlink_unsupported.go b/pkg/netlink/netlink_unsupported.go index 00a3b3fae8..8a5531b9ef 100644 --- a/pkg/netlink/netlink_unsupported.go +++ b/pkg/netlink/netlink_unsupported.go @@ -63,3 +63,7 @@ func NetworkLinkDown(iface *net.Interface) error { func CreateBridge(name string, setMacAddr bool) error { return ErrNotImplemented } + +func AddToBridge(iface, master *net.Interface) error { + return ErrNotImplemented +} diff --git a/pkg/networkfs/MAINTAINERS b/pkg/networkfs/MAINTAINERS new file mode 100644 index 0000000000..ceeb0cfd18 --- /dev/null +++ b/pkg/networkfs/MAINTAINERS @@ -0,0 +1 @@ +Victor Vieux (@vieux) diff --git a/pkg/networkfs/etchosts/etchosts.go b/pkg/networkfs/etchosts/etchosts.go new file mode 100644 index 0000000000..144a039bff --- /dev/null +++ b/pkg/networkfs/etchosts/etchosts.go @@ -0,0 +1,43 @@ +package etchosts + +import ( + "bytes" + "fmt" + "io/ioutil" +) + +var defaultContent = map[string]string{ + "localhost": "127.0.0.1", + "localhost ip6-localhost ip6-loopback": "::1", + "ip6-localnet": "fe00::0", + "ip6-mcastprefix": "ff00::0", + "ip6-allnodes": "ff02::1", + "ip6-allrouters": "ff02::2", +} + +func Build(path, IP, hostname, domainname string, extraContent *map[string]string) error { + content := bytes.NewBuffer(nil) + if IP != "" { + if domainname != "" { + content.WriteString(fmt.Sprintf("%s\t%s.%s %s\n", IP, hostname, domainname, hostname)) + } else { + content.WriteString(fmt.Sprintf("%s\t%s\n", IP, hostname)) + } + } + + for hosts, ip := range defaultContent { + if _, err := content.WriteString(fmt.Sprintf("%s\t%s\n", ip, hosts)); err != nil { + return err + } + } + + if extraContent != nil { + for hosts, ip := range *extraContent { + if _, err := content.WriteString(fmt.Sprintf("%s\t%s\n", ip, hosts)); err != nil { + return err + } + } + } + + return ioutil.WriteFile(path, content.Bytes(), 0644) +} diff --git a/pkg/networkfs/etchosts/etchosts_test.go b/pkg/networkfs/etchosts/etchosts_test.go new file mode 100644 index 0000000000..44406c81b8 --- /dev/null +++ b/pkg/networkfs/etchosts/etchosts_test.go @@ -0,0 +1,74 @@ +package etchosts + +import ( + "bytes" + "io/ioutil" + "os" + "testing" +) + +func TestBuildHostnameDomainname(t *testing.T) { + file, err := ioutil.TempFile("", "") + if err != nil { + t.Fatal(err) + } + defer os.Remove(file.Name()) + + err = Build(file.Name(), "10.11.12.13", "testhostname", "testdomainname", nil) + if err != nil { + t.Fatal(err) + } + + content, err := ioutil.ReadFile(file.Name()) + if err != nil { + t.Fatal(err) + } + + if expected := "10.11.12.13\ttesthostname.testdomainname testhostname\n"; !bytes.Contains(content, []byte(expected)) { + t.Fatalf("Expected to find '%s' got '%s'", expected, content) + } +} + +func TestBuildHostname(t *testing.T) { + file, err := ioutil.TempFile("", "") + if err != nil { + t.Fatal(err) + } + defer os.Remove(file.Name()) + + err = Build(file.Name(), "10.11.12.13", "testhostname", "", nil) + if err != nil { + t.Fatal(err) + } + + content, err := ioutil.ReadFile(file.Name()) + if err != nil { + t.Fatal(err) + } + + if expected := "10.11.12.13\ttesthostname\n"; !bytes.Contains(content, []byte(expected)) { + t.Fatalf("Expected to find '%s' got '%s'", expected, content) + } +} + +func TestBuildNoIP(t *testing.T) { + file, err := ioutil.TempFile("", "") + if err != nil { + t.Fatal(err) + } + defer os.Remove(file.Name()) + + err = Build(file.Name(), "", "testhostname", "", nil) + if err != nil { + t.Fatal(err) + } + + content, err := ioutil.ReadFile(file.Name()) + if err != nil { + t.Fatal(err) + } + + if expected := ""; !bytes.Contains(content, []byte(expected)) { + t.Fatalf("Expected to find '%s' got '%s'", expected, content) + } +} diff --git a/pkg/networkfs/resolvconf/resolvconf.go b/pkg/networkfs/resolvconf/resolvconf.go new file mode 100644 index 0000000000..d6854fb3b1 --- /dev/null +++ b/pkg/networkfs/resolvconf/resolvconf.go @@ -0,0 +1,87 @@ +package resolvconf + +import ( + "bytes" + "io/ioutil" + "regexp" + "strings" +) + +func Get() ([]byte, error) { + resolv, err := ioutil.ReadFile("/etc/resolv.conf") + if err != nil { + return nil, err + } + return resolv, nil +} + +// getLines parses input into lines and strips away comments. +func getLines(input []byte, commentMarker []byte) [][]byte { + lines := bytes.Split(input, []byte("\n")) + var output [][]byte + for _, currentLine := range lines { + var commentIndex = bytes.Index(currentLine, commentMarker) + if commentIndex == -1 { + output = append(output, currentLine) + } else { + output = append(output, currentLine[:commentIndex]) + } + } + return output +} + +// GetNameservers returns nameservers (if any) listed in /etc/resolv.conf +func GetNameservers(resolvConf []byte) []string { + nameservers := []string{} + re := regexp.MustCompile(`^\s*nameserver\s*(([0-9]+\.){3}([0-9]+))\s*$`) + for _, line := range getLines(resolvConf, []byte("#")) { + var ns = re.FindSubmatch(line) + if len(ns) > 0 { + nameservers = append(nameservers, string(ns[1])) + } + } + return nameservers +} + +// GetNameserversAsCIDR returns nameservers (if any) listed in +// /etc/resolv.conf as CIDR blocks (e.g., "1.2.3.4/32") +// This function's output is intended for net.ParseCIDR +func GetNameserversAsCIDR(resolvConf []byte) []string { + nameservers := []string{} + for _, nameserver := range GetNameservers(resolvConf) { + nameservers = append(nameservers, nameserver+"/32") + } + return nameservers +} + +// GetSearchDomains returns search domains (if any) listed in /etc/resolv.conf +// If more than one search line is encountered, only the contents of the last +// one is returned. +func GetSearchDomains(resolvConf []byte) []string { + re := regexp.MustCompile(`^\s*search\s*(([^\s]+\s*)*)$`) + domains := []string{} + for _, line := range getLines(resolvConf, []byte("#")) { + match := re.FindSubmatch(line) + if match == nil { + continue + } + domains = strings.Fields(string(match[1])) + } + return domains +} + +func Build(path string, dns, dnsSearch []string) error { + content := bytes.NewBuffer(nil) + for _, dns := range dns { + if _, err := content.WriteString("nameserver " + dns + "\n"); err != nil { + return err + } + } + if len(dnsSearch) > 0 { + if _, err := content.WriteString("search " + strings.Join(dnsSearch, " ") + "\n"); err != nil { + return err + } + } + + return ioutil.WriteFile(path, content.Bytes(), 0644) +} diff --git a/pkg/networkfs/resolvconf/resolvconf_test.go b/pkg/networkfs/resolvconf/resolvconf_test.go new file mode 100644 index 0000000000..fd20712376 --- /dev/null +++ b/pkg/networkfs/resolvconf/resolvconf_test.go @@ -0,0 +1,133 @@ +package resolvconf + +import ( + "bytes" + "io/ioutil" + "os" + "testing" +) + +func TestGet(t *testing.T) { + resolvConfUtils, err := Get() + if err != nil { + t.Fatal(err) + } + resolvConfSystem, err := ioutil.ReadFile("/etc/resolv.conf") + if err != nil { + t.Fatal(err) + } + if string(resolvConfUtils) != string(resolvConfSystem) { + t.Fatalf("/etc/resolv.conf and GetResolvConf have different content.") + } +} + +func TestGetNameservers(t *testing.T) { + for resolv, result := range map[string][]string{` +nameserver 1.2.3.4 +nameserver 40.3.200.10 +search example.com`: {"1.2.3.4", "40.3.200.10"}, + `search example.com`: {}, + `nameserver 1.2.3.4 +search example.com +nameserver 4.30.20.100`: {"1.2.3.4", "4.30.20.100"}, + ``: {}, + ` nameserver 1.2.3.4 `: {"1.2.3.4"}, + `search example.com +nameserver 1.2.3.4 +#nameserver 4.3.2.1`: {"1.2.3.4"}, + `search example.com +nameserver 1.2.3.4 # not 4.3.2.1`: {"1.2.3.4"}, + } { + test := GetNameservers([]byte(resolv)) + if !strSlicesEqual(test, result) { + t.Fatalf("Wrong nameserver string {%s} should be %v. Input: %s", test, result, resolv) + } + } +} + +func TestGetNameserversAsCIDR(t *testing.T) { + for resolv, result := range map[string][]string{` +nameserver 1.2.3.4 +nameserver 40.3.200.10 +search example.com`: {"1.2.3.4/32", "40.3.200.10/32"}, + `search example.com`: {}, + `nameserver 1.2.3.4 +search example.com +nameserver 4.30.20.100`: {"1.2.3.4/32", "4.30.20.100/32"}, + ``: {}, + ` nameserver 1.2.3.4 `: {"1.2.3.4/32"}, + `search example.com +nameserver 1.2.3.4 +#nameserver 4.3.2.1`: {"1.2.3.4/32"}, + `search example.com +nameserver 1.2.3.4 # not 4.3.2.1`: {"1.2.3.4/32"}, + } { + test := GetNameserversAsCIDR([]byte(resolv)) + if !strSlicesEqual(test, result) { + t.Fatalf("Wrong nameserver string {%s} should be %v. Input: %s", test, result, resolv) + } + } +} + +func TestGetSearchDomains(t *testing.T) { + for resolv, result := range map[string][]string{ + `search example.com`: {"example.com"}, + `search example.com # ignored`: {"example.com"}, + ` search example.com `: {"example.com"}, + ` search example.com # ignored`: {"example.com"}, + `search foo.example.com example.com`: {"foo.example.com", "example.com"}, + ` search foo.example.com example.com `: {"foo.example.com", "example.com"}, + ` search foo.example.com example.com # ignored`: {"foo.example.com", "example.com"}, + ``: {}, + `# ignored`: {}, + `nameserver 1.2.3.4 +search foo.example.com example.com`: {"foo.example.com", "example.com"}, + `nameserver 1.2.3.4 +search dup1.example.com dup2.example.com +search foo.example.com example.com`: {"foo.example.com", "example.com"}, + `nameserver 1.2.3.4 +search foo.example.com example.com +nameserver 4.30.20.100`: {"foo.example.com", "example.com"}, + } { + test := GetSearchDomains([]byte(resolv)) + if !strSlicesEqual(test, result) { + t.Fatalf("Wrong search domain string {%s} should be %v. Input: %s", test, result, resolv) + } + } +} + +func strSlicesEqual(a, b []string) bool { + if len(a) != len(b) { + return false + } + + for i, v := range a { + if v != b[i] { + return false + } + } + + return true +} + +func TestBuild(t *testing.T) { + file, err := ioutil.TempFile("", "") + if err != nil { + t.Fatal(err) + } + defer os.Remove(file.Name()) + + err = Build(file.Name(), []string{"ns1", "ns2", "ns3"}, []string{"search1"}) + if err != nil { + t.Fatal(err) + } + + content, err := ioutil.ReadFile(file.Name()) + if err != nil { + t.Fatal(err) + } + + if expected := "nameserver ns1\nnameserver ns2\nnameserver ns3\nsearch search1\n"; !bytes.Contains(content, []byte(expected)) { + t.Fatalf("Expected to find '%s' got '%s'", expected, content) + } +} diff --git a/pkg/selinux/selinux.go b/pkg/selinux/selinux.go index edabc4f7dd..6cf7bd7104 100644 --- a/pkg/selinux/selinux.go +++ b/pkg/selinux/selinux.go @@ -146,15 +146,15 @@ func Setfilecon(path string, scon string) error { } func Setfscreatecon(scon string) error { - return writeCon("/proc/self/attr/fscreate", scon) + return writeCon(fmt.Sprintf("/proc/self/task/%d/attr/fscreate", system.Gettid()), scon) } func Getfscreatecon() (string, error) { - return readCon("/proc/self/attr/fscreate") + return readCon(fmt.Sprintf("/proc/self/task/%d/attr/fscreate", system.Gettid())) } func getcon() (string, error) { - return readCon("/proc/self/attr/current") + return readCon(fmt.Sprintf("/proc/self/task/%d/attr/current", system.Gettid())) } func Getpidcon(pid int) (string, error) { @@ -204,6 +204,13 @@ func NewContext(scon string) SELinuxContext { return c } +func ReserveLabel(scon string) { + if len(scon) != 0 { + con := strings.SplitN(scon, ":", 4) + mcsAdd(con[3]) + } +} + func SelinuxGetEnforce() int { var enforce int @@ -229,8 +236,12 @@ func SelinuxGetEnforceMode() int { return Disabled } -func mcsAdd(mcs string) { +func mcsAdd(mcs string) error { + if mcsList[mcs] { + return fmt.Errorf("MCS Label already exists") + } mcsList[mcs] = true + return nil } func mcsDelete(mcs string) { @@ -283,15 +294,21 @@ func uniqMcs(catRange uint32) string { } } mcs = fmt.Sprintf("s0:c%d,c%d", c1, c2) - if mcsExists(mcs) { + if err := mcsAdd(mcs); err != nil { continue } - mcsAdd(mcs) break } return mcs } +func FreeLxcContexts(scon string) { + if len(scon) != 0 { + con := strings.SplitN(scon, ":", 4) + mcsDelete(con[3]) + } +} + func GetLxcContexts() (processLabel string, fileLabel string) { var ( val, key string @@ -344,7 +361,8 @@ func GetLxcContexts() (processLabel string, fileLabel string) { } exit: - mcs := IntToMcs(os.Getpid(), 1024) + // mcs := IntToMcs(os.Getpid(), 1024) + mcs := uniqMcs(1024) scon := NewContext(processLabel) scon["level"] = mcs processLabel = scon.Get() @@ -373,6 +391,8 @@ func CopyLevel(src, dest string) (string, error) { } scon := NewContext(src) tcon := NewContext(dest) + mcsDelete(tcon["level"]) + mcsAdd(scon["level"]) tcon["level"] = scon["level"] return tcon.Get(), nil } diff --git a/pkg/selinux/selinux_test.go b/pkg/selinux/selinux_test.go index fde6ab147d..9a3a5525e4 100644 --- a/pkg/selinux/selinux_test.go +++ b/pkg/selinux/selinux_test.go @@ -31,9 +31,11 @@ func TestSELinux(t *testing.T) { plabel, flabel = selinux.GetLxcContexts() t.Log(plabel) t.Log(flabel) + selinux.FreeLxcContexts(plabel) plabel, flabel = selinux.GetLxcContexts() t.Log(plabel) t.Log(flabel) + selinux.FreeLxcContexts(plabel) t.Log("getenforce ", selinux.SelinuxGetEnforce()) t.Log("getenforcemode ", selinux.SelinuxGetEnforceMode()) pid := os.Getpid() diff --git a/pkg/signal/MAINTAINERS b/pkg/signal/MAINTAINERS index 3300331598..acf6f21b63 100644 --- a/pkg/signal/MAINTAINERS +++ b/pkg/signal/MAINTAINERS @@ -1,2 +1 @@ Guillaume J. Charmes (@creack) - diff --git a/pkg/system/MAINTAINERS b/pkg/system/MAINTAINERS new file mode 100644 index 0000000000..1cb551364d --- /dev/null +++ b/pkg/system/MAINTAINERS @@ -0,0 +1,2 @@ +Michael Crosby (@crosbymichael) +Guillaume J. Charmes (@creack) diff --git a/pkg/system/fds_linux.go b/pkg/system/fds_linux.go new file mode 100644 index 0000000000..53d2299d3e --- /dev/null +++ b/pkg/system/fds_linux.go @@ -0,0 +1,38 @@ +package system + +import ( + "io/ioutil" + "strconv" + "syscall" +) + +// Works similarly to OpenBSD's "closefrom(2)": +// The closefrom() call deletes all descriptors numbered fd and higher from +// the per-process file descriptor table. It is effectively the same as +// calling close(2) on each descriptor. +// http://www.openbsd.org/cgi-bin/man.cgi?query=closefrom&sektion=2 +// +// See also http://stackoverflow.com/a/918469/433558 +func CloseFdsFrom(minFd int) error { + fdList, err := ioutil.ReadDir("/proc/self/fd") + if err != nil { + return err + } + for _, fi := range fdList { + fd, err := strconv.Atoi(fi.Name()) + if err != nil { + // ignore non-numeric file names + continue + } + + if fd < minFd { + // ignore descriptors lower than our specified minimum + continue + } + + // intentionally ignore errors from syscall.Close + syscall.Close(fd) + // the cases where this might fail are basically file descriptors that have already been closed (including and especially the one that was created when ioutil.ReadDir did the "opendir" syscall) + } + return nil +} diff --git a/pkg/system/fds_unsupported.go b/pkg/system/fds_unsupported.go new file mode 100644 index 0000000000..c1e08e82d3 --- /dev/null +++ b/pkg/system/fds_unsupported.go @@ -0,0 +1,12 @@ +// +build !linux + +package system + +import ( + "fmt" + "runtime" +) + +func CloseFdsFrom(minFd int) error { + return fmt.Errorf("CloseFdsFrom is unsupported on this platform (%s/%s)", runtime.GOOS, runtime.GOARCH) +} diff --git a/pkg/system/sysconfig.go b/pkg/system/sysconfig.go new file mode 100644 index 0000000000..dcbe6c9cdd --- /dev/null +++ b/pkg/system/sysconfig.go @@ -0,0 +1,13 @@ +// +build linux,cgo + +package system + +/* +#include +int get_hz(void) { return sysconf(_SC_CLK_TCK); } +*/ +import "C" + +func GetClockTicks() int { + return int(C.get_hz()) +} diff --git a/pkg/system/sysconfig_nocgo.go b/pkg/system/sysconfig_nocgo.go new file mode 100644 index 0000000000..7ca3488154 --- /dev/null +++ b/pkg/system/sysconfig_nocgo.go @@ -0,0 +1,9 @@ +// +build linux,!cgo + +package system + +func GetClockTicks() int { + // when we cannot call out to C to get the sysconf it is fairly safe to + // just return 100 + return 100 +} diff --git a/pkg/system/unsupported.go b/pkg/system/unsupported.go index c52a1e5d00..96ebc858f5 100644 --- a/pkg/system/unsupported.go +++ b/pkg/system/unsupported.go @@ -3,6 +3,7 @@ package system import ( + "os" "os/exec" ) @@ -17,3 +18,13 @@ func UsetCloseOnExec(fd uintptr) error { func Gettid() int { return 0 } + +func GetClockTicks() int { + // when we cannot call out to C to get the sysconf it is fairly safe to + // just return 100 + return 100 +} + +func CreateMasterAndConsole() (*os.File, string, error) { + return nil, "", ErrNotSupportedPlatform +} diff --git a/pkg/system/utimes_freebsd.go b/pkg/system/utimes_freebsd.go new file mode 100644 index 0000000000..ceaa044c1c --- /dev/null +++ b/pkg/system/utimes_freebsd.go @@ -0,0 +1,24 @@ +package system + +import ( + "syscall" + "unsafe" +) + +func LUtimesNano(path string, ts []syscall.Timespec) error { + var _path *byte + _path, err := syscall.BytePtrFromString(path) + if err != nil { + return err + } + + if _, _, err := syscall.Syscall(syscall.SYS_LUTIMES, uintptr(unsafe.Pointer(_path)), uintptr(unsafe.Pointer(&ts[0])), 0); err != 0 && err != syscall.ENOSYS { + return err + } + + return nil +} + +func UtimesNano(path string, ts []syscall.Timespec) error { + return syscall.UtimesNano(path, ts) +} diff --git a/pkg/system/utimes_test.go b/pkg/system/utimes_test.go new file mode 100644 index 0000000000..38e4020cb5 --- /dev/null +++ b/pkg/system/utimes_test.go @@ -0,0 +1,64 @@ +package system + +import ( + "io/ioutil" + "os" + "path/filepath" + "syscall" + "testing" +) + +func prepareFiles(t *testing.T) (string, string, string) { + dir, err := ioutil.TempDir("", "docker-system-test") + if err != nil { + t.Fatal(err) + } + + file := filepath.Join(dir, "exist") + if err := ioutil.WriteFile(file, []byte("hello"), 0644); err != nil { + t.Fatal(err) + } + + invalid := filepath.Join(dir, "doesnt-exist") + + symlink := filepath.Join(dir, "symlink") + if err := os.Symlink(file, symlink); err != nil { + t.Fatal(err) + } + + return file, invalid, symlink +} + +func TestLUtimesNano(t *testing.T) { + file, invalid, symlink := prepareFiles(t) + + before, err := os.Stat(file) + if err != nil { + t.Fatal(err) + } + + ts := []syscall.Timespec{{0, 0}, {0, 0}} + if err := LUtimesNano(symlink, ts); err != nil { + t.Fatal(err) + } + + symlinkInfo, err := os.Lstat(symlink) + if err != nil { + t.Fatal(err) + } + if before.ModTime().Unix() == symlinkInfo.ModTime().Unix() { + t.Fatal("The modification time of the symlink should be different") + } + + fileInfo, err := os.Stat(file) + if err != nil { + t.Fatal(err) + } + if before.ModTime().Unix() != fileInfo.ModTime().Unix() { + t.Fatal("The modification time of the file should be same") + } + + if err := LUtimesNano(invalid, ts); err == nil { + t.Fatal("Doesn't return an error on a non-existing file") + } +} diff --git a/pkg/system/utimes_unsupported.go b/pkg/system/utimes_unsupported.go index d247ba283e..9a8cf9cd4a 100644 --- a/pkg/system/utimes_unsupported.go +++ b/pkg/system/utimes_unsupported.go @@ -1,4 +1,4 @@ -// +build !linux +// +build !linux,!freebsd package system diff --git a/registry/registry.go b/registry/registry.go index 817c08afa9..2e3e7e03a7 100644 --- a/registry/registry.go +++ b/registry/registry.go @@ -3,10 +3,10 @@ package registry import ( "bytes" "crypto/sha256" + _ "crypto/sha512" "encoding/json" "errors" "fmt" - "github.com/dotcloud/docker/utils" "io" "io/ioutil" "net" @@ -14,9 +14,13 @@ import ( "net/http/cookiejar" "net/url" "regexp" + "runtime" "strconv" "strings" "time" + + "github.com/dotcloud/docker/dockerversion" + "github.com/dotcloud/docker/utils" ) var ( @@ -25,11 +29,11 @@ var ( errLoginRequired = errors.New("Authentication is required.") ) -func pingRegistryEndpoint(endpoint string) (bool, error) { +func pingRegistryEndpoint(endpoint string) (RegistryInfo, error) { if endpoint == IndexServerAddress() { // Skip the check, we now this one is valid // (and we never want to fallback to http in case of error) - return false, nil + return RegistryInfo{Standalone: false}, nil } httpDial := func(proto string, addr string) (net.Conn, error) { // Set the connect timeout to 5 seconds @@ -48,26 +52,41 @@ func pingRegistryEndpoint(endpoint string) (bool, error) { client := &http.Client{Transport: httpTransport} resp, err := client.Get(endpoint + "_ping") if err != nil { - return false, err + return RegistryInfo{Standalone: false}, err } defer resp.Body.Close() - if resp.Header.Get("X-Docker-Registry-Version") == "" { - return false, errors.New("This does not look like a Registry server (\"X-Docker-Registry-Version\" header not found in the response)") + jsonString, err := ioutil.ReadAll(resp.Body) + if err != nil { + return RegistryInfo{Standalone: false}, fmt.Errorf("Error while reading the http response: %s", err) } + // If the header is absent, we assume true for compatibility with earlier + // versions of the registry. default to true + info := RegistryInfo{ + Standalone: true, + } + if err := json.Unmarshal(jsonString, &info); err != nil { + utils.Debugf("Error unmarshalling the _ping RegistryInfo: %s", err) + // don't stop here. Just assume sane defaults + } + if hdr := resp.Header.Get("X-Docker-Registry-Version"); hdr != "" { + utils.Debugf("Registry version header: '%s'", hdr) + info.Version = hdr + } + utils.Debugf("RegistryInfo.Version: %q", info.Version) + standalone := resp.Header.Get("X-Docker-Registry-Standalone") utils.Debugf("Registry standalone header: '%s'", standalone) - // If the header is absent, we assume true for compatibility with earlier - // versions of the registry - if standalone == "" { - return true, nil - // Accepted values are "true" (case-insensitive) and "1". - } else if strings.EqualFold(standalone, "true") || standalone == "1" { - return true, nil + // Accepted values are "true" (case-insensitive) and "1". + if strings.EqualFold(standalone, "true") || standalone == "1" { + info.Standalone = true + } else if len(standalone) > 0 { + // there is a header set, and it is not "true" or "1", so assume fails + info.Standalone = false } - // Otherwise, not standalone - return false, nil + utils.Debugf("RegistryInfo.Standalone: %q", info.Standalone) + return info, nil } func validateRepositoryName(repositoryName string) error { @@ -101,17 +120,12 @@ func ResolveRepositoryName(reposName string) (string, string, error) { return "", "", ErrInvalidRepositoryName } nameParts := strings.SplitN(reposName, "/", 2) - if !strings.Contains(nameParts[0], ".") && !strings.Contains(nameParts[0], ":") && - nameParts[0] != "localhost" { + if len(nameParts) == 1 || (!strings.Contains(nameParts[0], ".") && !strings.Contains(nameParts[0], ":") && + nameParts[0] != "localhost") { // This is a Docker Index repos (ex: samalba/hipache or ubuntu) err := validateRepositoryName(reposName) return IndexServerAddress(), reposName, err } - if len(nameParts) < 2 { - // There is a dot in repos name (and no registry address) - // Is it a Registry address without repos name? - return "", "", ErrInvalidRepositoryName - } hostname := nameParts[0] reposName = nameParts[1] if strings.Contains(hostname, "index.docker.io") { @@ -226,9 +240,13 @@ func (r *Registry) GetRemoteImageJSON(imgID, registry string, token []string) ([ return nil, -1, utils.NewHTTPRequestError(fmt.Sprintf("HTTP code %d", res.StatusCode), res) } - imageSize, err := strconv.Atoi(res.Header.Get("X-Docker-Size")) - if err != nil { - return nil, -1, err + // if the size header is not present, then set it to '-1' + imageSize := -1 + if hdr := res.Header.Get("X-Docker-Size"); hdr != "" { + imageSize, err = strconv.Atoi(hdr) + if err != nil { + return nil, -1, err + } } jsonString, err := ioutil.ReadAll(res.Body) @@ -297,6 +315,25 @@ func (r *Registry) GetRemoteTags(registries []string, repository string, token [ return nil, fmt.Errorf("Could not reach any registry endpoint") } +func buildEndpointsList(headers []string, indexEp string) ([]string, error) { + var endpoints []string + parsedUrl, err := url.Parse(indexEp) + if err != nil { + return nil, err + } + var urlScheme = parsedUrl.Scheme + // The Registry's URL scheme has to match the Index' + for _, ep := range headers { + epList := strings.Split(ep, ",") + for _, epListElement := range epList { + endpoints = append( + endpoints, + fmt.Sprintf("%s://%s/v1/", urlScheme, strings.TrimSpace(epListElement))) + } + } + return endpoints, nil +} + func (r *Registry) GetRepositoryData(remote string) (*RepositoryData, error) { indexEp := r.indexEndpoint repositoryTarget := fmt.Sprintf("%srepositories/%s/images", indexEp, remote) @@ -332,14 +369,18 @@ func (r *Registry) GetRepositoryData(remote string) (*RepositoryData, error) { } var endpoints []string - var urlScheme = indexEp[:strings.Index(indexEp, ":")] if res.Header.Get("X-Docker-Endpoints") != "" { - // The Registry's URL scheme has to match the Index' - for _, ep := range res.Header["X-Docker-Endpoints"] { - endpoints = append(endpoints, fmt.Sprintf("%s://%s/v1/", urlScheme, ep)) + endpoints, err = buildEndpointsList(res.Header["X-Docker-Endpoints"], indexEp) + if err != nil { + return nil, err } } else { - return nil, fmt.Errorf("Index response didn't contain any endpoints") + // Assume the endpoint is on the same host + u, err := url.Parse(indexEp) + if err != nil { + return nil, err + } + endpoints = append(endpoints, fmt.Sprintf("%s://%s/v1/", u.Scheme, req.URL.Host)) } checksumsJSON, err := ioutil.ReadAll(res.Body) @@ -565,7 +606,6 @@ func (r *Registry) PushImageJSONIndex(remote string, imgList []*ImgData, validat } var tokens, endpoints []string - var urlScheme = indexEp[:strings.Index(indexEp, ":")] if !validate { if res.StatusCode != 200 && res.StatusCode != 201 { errBody, err := ioutil.ReadAll(res.Body) @@ -582,9 +622,9 @@ func (r *Registry) PushImageJSONIndex(remote string, imgList []*ImgData, validat } if res.Header.Get("X-Docker-Endpoints") != "" { - // The Registry's URL scheme has to match the Index' - for _, ep := range res.Header["X-Docker-Endpoints"] { - endpoints = append(endpoints, fmt.Sprintf("%s://%s/v1/", urlScheme, ep)) + endpoints, err = buildEndpointsList(res.Header["X-Docker-Endpoints"], indexEp) + if err != nil { + return nil, err } } else { return nil, fmt.Errorf("Index response didn't contain any endpoints") @@ -673,6 +713,11 @@ type ImgData struct { Tag string `json:",omitempty"` } +type RegistryInfo struct { + Version string `json:"version"` + Standalone bool `json:"standalone"` +} + type Registry struct { client *http.Client authConfig *AuthConfig @@ -701,11 +746,11 @@ func NewRegistry(authConfig *AuthConfig, factory *utils.HTTPRequestFactory, inde // If we're working with a standalone private registry over HTTPS, send Basic Auth headers // alongside our requests. if indexEndpoint != IndexServerAddress() && strings.HasPrefix(indexEndpoint, "https://") { - standalone, err := pingRegistryEndpoint(indexEndpoint) + info, err := pingRegistryEndpoint(indexEndpoint) if err != nil { return nil, err } - if standalone { + if info.Standalone { utils.Debugf("Endpoint %s is eligible for private registry registry. Enabling decorator.", indexEndpoint) dec := utils.NewHTTPAuthDecorator(authConfig.Username, authConfig.Password) factory.AddDecorator(dec) @@ -715,3 +760,40 @@ func NewRegistry(authConfig *AuthConfig, factory *utils.HTTPRequestFactory, inde r.reqFactory = factory return r, nil } + +func HTTPRequestFactory(metaHeaders map[string][]string) *utils.HTTPRequestFactory { + // FIXME: this replicates the 'info' job. + httpVersion := make([]utils.VersionInfo, 0, 4) + httpVersion = append(httpVersion, &simpleVersionInfo{"docker", dockerversion.VERSION}) + httpVersion = append(httpVersion, &simpleVersionInfo{"go", runtime.Version()}) + httpVersion = append(httpVersion, &simpleVersionInfo{"git-commit", dockerversion.GITCOMMIT}) + if kernelVersion, err := utils.GetKernelVersion(); err == nil { + httpVersion = append(httpVersion, &simpleVersionInfo{"kernel", kernelVersion.String()}) + } + httpVersion = append(httpVersion, &simpleVersionInfo{"os", runtime.GOOS}) + httpVersion = append(httpVersion, &simpleVersionInfo{"arch", runtime.GOARCH}) + ud := utils.NewHTTPUserAgentDecorator(httpVersion...) + md := &utils.HTTPMetaHeadersDecorator{ + Headers: metaHeaders, + } + factory := utils.NewHTTPRequestFactory(ud, md) + return factory +} + +// simpleVersionInfo is a simple implementation of +// the interface VersionInfo, which is used +// to provide version information for some product, +// component, etc. It stores the product name and the version +// in string and returns them on calls to Name() and Version(). +type simpleVersionInfo struct { + name string + version string +} + +func (v *simpleVersionInfo) Name() string { + return v.name +} + +func (v *simpleVersionInfo) Version() string { + return v.version +} diff --git a/registry/registry_mock_test.go b/registry/registry_mock_test.go index dd5da6bd50..6b00751318 100644 --- a/registry/registry_mock_test.go +++ b/registry/registry_mock_test.go @@ -291,7 +291,7 @@ func handlerUsers(w http.ResponseWriter, r *http.Request) { func handlerImages(w http.ResponseWriter, r *http.Request) { u, _ := url.Parse(testHttpServer.URL) - w.Header().Add("X-Docker-Endpoints", u.Host) + w.Header().Add("X-Docker-Endpoints", fmt.Sprintf("%s , %s ", u.Host, "test.example.com")) w.Header().Add("X-Docker-Token", fmt.Sprintf("FAKE-SESSION-%d", time.Now().UnixNano())) if r.Method == "PUT" { if strings.HasSuffix(r.URL.Path, "images") { diff --git a/registry/registry_test.go b/registry/registry_test.go index c072da41c5..0a5be5e543 100644 --- a/registry/registry_test.go +++ b/registry/registry_test.go @@ -1,7 +1,9 @@ package registry import ( + "fmt" "github.com/dotcloud/docker/utils" + "net/url" "strings" "testing" ) @@ -22,11 +24,11 @@ func spawnTestRegistry(t *testing.T) *Registry { } func TestPingRegistryEndpoint(t *testing.T) { - standalone, err := pingRegistryEndpoint(makeURL("/v1/")) + regInfo, err := pingRegistryEndpoint(makeURL("/v1/")) if err != nil { t.Fatal(err) } - assertEqual(t, standalone, true, "Expected standalone to be true (default)") + assertEqual(t, regInfo.Standalone, true, "Expected standalone to be true (default)") } func TestGetRemoteHistory(t *testing.T) { @@ -99,12 +101,23 @@ func TestGetRemoteTags(t *testing.T) { func TestGetRepositoryData(t *testing.T) { r := spawnTestRegistry(t) + parsedUrl, err := url.Parse(makeURL("/v1/")) + if err != nil { + t.Fatal(err) + } + host := "http://" + parsedUrl.Host + "/v1/" data, err := r.GetRepositoryData("foo42/bar") if err != nil { t.Fatal(err) } assertEqual(t, len(data.ImgList), 2, "Expected 2 images in ImgList") - assertEqual(t, len(data.Endpoints), 1, "Expected one endpoint in Endpoints") + assertEqual(t, len(data.Endpoints), 2, + fmt.Sprintf("Expected 2 endpoints in Endpoints, found %d instead", len(data.Endpoints))) + assertEqual(t, data.Endpoints[0], host, + fmt.Sprintf("Expected first endpoint to be %s but found %s instead", host, data.Endpoints[0])) + assertEqual(t, data.Endpoints[1], "http://test.example.com/v1/", + fmt.Sprintf("Expected first endpoint to be http://test.example.com/v1/ but found %s instead", data.Endpoints[1])) + } func TestPushImageJSONRegistry(t *testing.T) { @@ -146,6 +159,13 @@ func TestResolveRepositoryName(t *testing.T) { } assertEqual(t, ep, u, "Expected endpoint to be "+u) assertEqual(t, repo, "private/moonbase", "Expected endpoint to be private/moonbase") + + ep, repo, err = ResolveRepositoryName("ubuntu-12.04-base") + if err != nil { + t.Fatal(err) + } + assertEqual(t, ep, IndexServerAddress(), "Expected endpoint to be "+IndexServerAddress()) + assertEqual(t, repo, "ubuntu-12.04-base", "Expected endpoint to be ubuntu-12.04-base") } func TestPushRegistryTag(t *testing.T) { diff --git a/registry/service.go b/registry/service.go new file mode 100644 index 0000000000..1c7a93deac --- /dev/null +++ b/registry/service.go @@ -0,0 +1,104 @@ +package registry + +import ( + "github.com/dotcloud/docker/engine" +) + +// Service exposes registry capabilities in the standard Engine +// interface. Once installed, it extends the engine with the +// following calls: +// +// 'auth': Authenticate against the public registry +// 'search': Search for images on the public registry +// 'pull': Download images from any registry (TODO) +// 'push': Upload images to any registry (TODO) +type Service struct { +} + +// NewService returns a new instance of Service ready to be +// installed no an engine. +func NewService() *Service { + return &Service{} +} + +// Install installs registry capabilities to eng. +func (s *Service) Install(eng *engine.Engine) error { + eng.Register("auth", s.Auth) + eng.Register("search", s.Search) + return nil +} + +// Auth contacts the public registry with the provided credentials, +// and returns OK if authentication was sucessful. +// It can be used to verify the validity of a client's credentials. +func (s *Service) Auth(job *engine.Job) engine.Status { + var ( + err error + authConfig = &AuthConfig{} + ) + + job.GetenvJson("authConfig", authConfig) + // TODO: this is only done here because auth and registry need to be merged into one pkg + if addr := authConfig.ServerAddress; addr != "" && addr != IndexServerAddress() { + addr, err = ExpandAndVerifyRegistryUrl(addr) + if err != nil { + return job.Error(err) + } + authConfig.ServerAddress = addr + } + status, err := Login(authConfig, HTTPRequestFactory(nil)) + if err != nil { + return job.Error(err) + } + job.Printf("%s\n", status) + return engine.StatusOK +} + +// Search queries the public registry for images matching the specified +// search terms, and returns the results. +// +// Argument syntax: search TERM +// +// Option environment: +// 'authConfig': json-encoded credentials to authenticate against the registry. +// The search extends to images only accessible via the credentials. +// +// 'metaHeaders': extra HTTP headers to include in the request to the registry. +// The headers should be passed as a json-encoded dictionary. +// +// Output: +// Results are sent as a collection of structured messages (using engine.Table). +// Each result is sent as a separate message. +// Results are ordered by number of stars on the public registry. +func (s *Service) Search(job *engine.Job) engine.Status { + if n := len(job.Args); n != 1 { + return job.Errorf("Usage: %s TERM", job.Name) + } + var ( + term = job.Args[0] + metaHeaders = map[string][]string{} + authConfig = &AuthConfig{} + ) + job.GetenvJson("authConfig", authConfig) + job.GetenvJson("metaHeaders", metaHeaders) + + r, err := NewRegistry(authConfig, HTTPRequestFactory(metaHeaders), IndexServerAddress()) + if err != nil { + return job.Error(err) + } + results, err := r.SearchRepositories(term) + if err != nil { + return job.Error(err) + } + outs := engine.NewTable("star_count", 0) + for _, result := range results.Results { + out := &engine.Env{} + out.Import(result) + outs.Add(out) + } + outs.ReverseSort() + if _, err := outs.WriteListTo(job.Stdout); err != nil { + return job.Error(err) + } + return engine.StatusOK +} diff --git a/runconfig/hostconfig.go b/runconfig/hostconfig.go index 3235bf1f4e..79ffad723b 100644 --- a/runconfig/hostconfig.go +++ b/runconfig/hostconfig.go @@ -1,11 +1,24 @@ package runconfig import ( + "strings" + "github.com/dotcloud/docker/engine" "github.com/dotcloud/docker/nat" "github.com/dotcloud/docker/utils" ) +type NetworkMode string + +func (n NetworkMode) IsHost() bool { + return n == "host" +} + +func (n NetworkMode) IsContainer() bool { + parts := strings.SplitN(string(n), ":", 2) + return len(parts) > 1 && parts[0] == "container" +} + type HostConfig struct { Binds []string ContainerIDFile string @@ -17,6 +30,7 @@ type HostConfig struct { Dns []string DnsSearch []string VolumesFrom []string + NetworkMode NetworkMode } func ContainerHostConfigFromJob(job *engine.Job) *HostConfig { @@ -24,6 +38,7 @@ func ContainerHostConfigFromJob(job *engine.Job) *HostConfig { ContainerIDFile: job.Getenv("ContainerIDFile"), Privileged: job.GetenvBool("Privileged"), PublishAllPorts: job.GetenvBool("PublishAllPorts"), + NetworkMode: NetworkMode(job.Getenv("NetworkMode")), } job.GetenvJson("LxcConf", &hostConfig.LxcConf) job.GetenvJson("PortBindings", &hostConfig.PortBindings) diff --git a/runconfig/parse.go b/runconfig/parse.go index d395b49e80..74b7801532 100644 --- a/runconfig/parse.go +++ b/runconfig/parse.go @@ -2,14 +2,15 @@ package runconfig import ( "fmt" + "io/ioutil" + "path" + "strings" + "github.com/dotcloud/docker/nat" "github.com/dotcloud/docker/opts" flag "github.com/dotcloud/docker/pkg/mflag" "github.com/dotcloud/docker/pkg/sysinfo" "github.com/dotcloud/docker/utils" - "io/ioutil" - "path" - "strings" ) var ( @@ -49,7 +50,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf flAutoRemove = cmd.Bool([]string{"#rm", "-rm"}, false, "Automatically remove the container when it exits (incompatible with -d)") flDetach = cmd.Bool([]string{"d", "-detach"}, false, "Detached mode: Run container in the background, print new container id") - flNetwork = cmd.Bool([]string{"n", "-networking"}, true, "Enable networking for this container") + flNetwork = cmd.Bool([]string{"#n", "#-networking"}, true, "Enable networking for this container") flPrivileged = cmd.Bool([]string{"#privileged", "-privileged"}, false, "Give extended privileges to this container") flPublishAll = cmd.Bool([]string{"P", "-publish-all"}, false, "Publish all exposed ports to the host interfaces") flStdin = cmd.Bool([]string{"i", "-interactive"}, false, "Keep stdin open even if not attached") @@ -61,7 +62,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf flUser = cmd.String([]string{"u", "-user"}, "", "Username or UID") flWorkingDir = cmd.String([]string{"w", "-workdir"}, "", "Working directory inside the container") flCpuShares = cmd.Int64([]string{"c", "-cpu-shares"}, 0, "CPU shares (relative weight)") - + flNetMode = cmd.String([]string{"-net"}, "bridge", "Set the Network mode for the container ('bridge': creates a new network stack for the container on the docker bridge, 'none': no networking for this container, 'container:': reuses another container network stack), 'host': use the host network stack inside the container") // For documentation purpose _ = cmd.Bool([]string{"#sig-proxy", "-sig-proxy"}, true, "Proxify all received signal to the process (even in non-tty mode)") _ = cmd.String([]string{"#name", "-name"}, "", "Assign a name to the container") @@ -197,6 +198,11 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf // boo, there's no debug output for docker run //utils.Debugf("Environment variables for the container: %#v", envVariables) + netMode, err := parseNetMode(*flNetMode) + if err != nil { + return nil, nil, cmd, fmt.Errorf("--net: invalid net mode: %v", err) + } + config := &Config{ Hostname: hostname, Domainname: domainname, @@ -230,6 +236,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf Dns: flDns.GetAll(), DnsSearch: flDnsSearch.GetAll(), VolumesFrom: flVolumesFrom.GetAll(), + NetworkMode: netMode, } if sysInfo != nil && flMemory > 0 && !sysInfo.SwapLimit { @@ -274,3 +281,17 @@ func parseKeyValueOpts(opts opts.ListOpts) ([]utils.KeyValuePair, error) { } return out, nil } + +func parseNetMode(netMode string) (NetworkMode, error) { + parts := strings.Split(netMode, ":") + switch mode := parts[0]; mode { + case "bridge", "none", "host": + case "container": + if len(parts) < 2 || parts[1] == "" { + return "", fmt.Errorf("invalid container format container:") + } + default: + return "", fmt.Errorf("invalid --net: %s", netMode) + } + return NetworkMode(netMode), nil +} diff --git a/runconfig/parse_test.go b/runconfig/parse_test.go index fd28c4593e..8ad40b9d2d 100644 --- a/runconfig/parse_test.go +++ b/runconfig/parse_test.go @@ -1,8 +1,9 @@ package runconfig import ( - "github.com/dotcloud/docker/utils" "testing" + + "github.com/dotcloud/docker/utils" ) func TestParseLxcConfOpt(t *testing.T) { diff --git a/runtime/execdriver/native/template/default_template.go b/runtime/execdriver/native/template/default_template.go deleted file mode 100644 index a1ecb04d76..0000000000 --- a/runtime/execdriver/native/template/default_template.go +++ /dev/null @@ -1,45 +0,0 @@ -package template - -import ( - "github.com/dotcloud/docker/pkg/cgroups" - "github.com/dotcloud/docker/pkg/libcontainer" -) - -// New returns the docker default configuration for libcontainer -func New() *libcontainer.Container { - container := &libcontainer.Container{ - CapabilitiesMask: libcontainer.Capabilities{ - libcontainer.GetCapability("SETPCAP"), - libcontainer.GetCapability("SYS_MODULE"), - libcontainer.GetCapability("SYS_RAWIO"), - libcontainer.GetCapability("SYS_PACCT"), - libcontainer.GetCapability("SYS_ADMIN"), - libcontainer.GetCapability("SYS_NICE"), - libcontainer.GetCapability("SYS_RESOURCE"), - libcontainer.GetCapability("SYS_TIME"), - libcontainer.GetCapability("SYS_TTY_CONFIG"), - libcontainer.GetCapability("AUDIT_WRITE"), - libcontainer.GetCapability("AUDIT_CONTROL"), - libcontainer.GetCapability("MAC_OVERRIDE"), - libcontainer.GetCapability("MAC_ADMIN"), - libcontainer.GetCapability("NET_ADMIN"), - libcontainer.GetCapability("MKNOD"), - }, - Namespaces: libcontainer.Namespaces{ - libcontainer.GetNamespace("NEWNS"), - libcontainer.GetNamespace("NEWUTS"), - libcontainer.GetNamespace("NEWIPC"), - libcontainer.GetNamespace("NEWPID"), - libcontainer.GetNamespace("NEWNET"), - }, - Cgroups: &cgroups.Cgroup{ - Parent: "docker", - DeviceAccess: false, - }, - Context: libcontainer.Context{ - "apparmor_profile": "docker-default", - }, - } - container.CapabilitiesMask.Get("MKNOD").Enabled = true - return container -} diff --git a/runtime/runtime_btrfs.go b/runtime/runtime_btrfs.go deleted file mode 100644 index c59b103ff9..0000000000 --- a/runtime/runtime_btrfs.go +++ /dev/null @@ -1,7 +0,0 @@ -// +build !exclude_graphdriver_btrfs - -package runtime - -import ( - _ "github.com/dotcloud/docker/runtime/graphdriver/btrfs" -) diff --git a/runtime/runtime_devicemapper.go b/runtime/runtime_devicemapper.go deleted file mode 100644 index 5b418b377a..0000000000 --- a/runtime/runtime_devicemapper.go +++ /dev/null @@ -1,7 +0,0 @@ -// +build !exclude_graphdriver_devicemapper - -package runtime - -import ( - _ "github.com/dotcloud/docker/runtime/graphdriver/devmapper" -) diff --git a/runtime/sorter.go b/runtime/sorter.go deleted file mode 100644 index c5af772dae..0000000000 --- a/runtime/sorter.go +++ /dev/null @@ -1,25 +0,0 @@ -package runtime - -import "sort" - -type containerSorter struct { - containers []*Container - by func(i, j *Container) bool -} - -func (s *containerSorter) Len() int { - return len(s.containers) -} - -func (s *containerSorter) Swap(i, j int) { - s.containers[i], s.containers[j] = s.containers[j], s.containers[i] -} - -func (s *containerSorter) Less(i, j int) bool { - return s.by(s.containers[i], s.containers[j]) -} - -func sortContainers(containers []*Container, predicate func(i, j *Container) bool) { - s := &containerSorter{containers, predicate} - sort.Sort(s) -} diff --git a/server/MAINTAINERS b/server/MAINTAINERS new file mode 100644 index 0000000000..aee10c8421 --- /dev/null +++ b/server/MAINTAINERS @@ -0,0 +1 @@ +Solomon Hykes (@shykes) diff --git a/server/buildfile.go b/server/buildfile.go index b4a860ad4d..24b0b58f25 100644 --- a/server/buildfile.go +++ b/server/buildfile.go @@ -6,12 +6,6 @@ import ( "encoding/json" "errors" "fmt" - "github.com/dotcloud/docker/archive" - "github.com/dotcloud/docker/nat" - "github.com/dotcloud/docker/registry" - "github.com/dotcloud/docker/runconfig" - "github.com/dotcloud/docker/runtime" - "github.com/dotcloud/docker/utils" "io" "io/ioutil" "net/url" @@ -22,6 +16,13 @@ import ( "regexp" "sort" "strings" + + "github.com/dotcloud/docker/archive" + "github.com/dotcloud/docker/daemon" + "github.com/dotcloud/docker/nat" + "github.com/dotcloud/docker/registry" + "github.com/dotcloud/docker/runconfig" + "github.com/dotcloud/docker/utils" ) var ( @@ -35,8 +36,8 @@ type BuildFile interface { } type buildFile struct { - runtime *runtime.Runtime - srv *Server + daemon *daemon.Daemon + srv *Server image string maintainer string @@ -49,7 +50,6 @@ type buildFile struct { utilizeCache bool rm bool - authConfig *registry.AuthConfig configFile *registry.ConfigFile tmpContainers map[string]struct{} @@ -65,39 +65,30 @@ type buildFile struct { func (b *buildFile) clearTmp(containers map[string]struct{}) { for c := range containers { - tmp := b.runtime.Get(c) - if err := b.runtime.Destroy(tmp); err != nil { + tmp := b.daemon.Get(c) + if err := b.daemon.Destroy(tmp); err != nil { fmt.Fprintf(b.outStream, "Error removing intermediate container %s: %s\n", utils.TruncateID(c), err.Error()) } else { + delete(containers, c) fmt.Fprintf(b.outStream, "Removing intermediate container %s\n", utils.TruncateID(c)) } } } func (b *buildFile) CmdFrom(name string) error { - image, err := b.runtime.Repositories().LookupImage(name) + image, err := b.daemon.Repositories().LookupImage(name) if err != nil { - if b.runtime.Graph().IsNotExist(err) { + if b.daemon.Graph().IsNotExist(err) { remote, tag := utils.ParseRepositoryTag(name) - pullRegistryAuth := b.authConfig - if len(b.configFile.Configs) > 0 { - // The request came with a full auth config file, we prefer to use that - endpoint, _, err := registry.ResolveRepositoryName(remote) - if err != nil { - return err - } - resolvedAuth := b.configFile.ResolveAuthConfig(endpoint) - pullRegistryAuth = &resolvedAuth - } job := b.srv.Eng.Job("pull", remote, tag) job.SetenvBool("json", b.sf.Json()) job.SetenvBool("parallel", true) - job.SetenvJson("authConfig", pullRegistryAuth) + job.SetenvJson("auth", b.configFile) job.Stdout.Add(b.outOld) if err := job.Run(); err != nil { return err } - image, err = b.runtime.Repositories().LookupImage(name) + image, err = b.daemon.Repositories().LookupImage(name) if err != nil { return err } @@ -111,7 +102,7 @@ func (b *buildFile) CmdFrom(name string) error { b.config = image.Config } if b.config.Env == nil || len(b.config.Env) == 0 { - b.config.Env = append(b.config.Env, "HOME=/", "PATH="+runtime.DefaultPathEnv) + b.config.Env = append(b.config.Env, "HOME=/", "PATH="+daemon.DefaultPathEnv) } // Process ONBUILD triggers if they exist if nTriggers := len(b.config.OnBuild); nTriggers != 0 { @@ -393,7 +384,7 @@ func (b *buildFile) checkPathForAddition(orig string) error { return nil } -func (b *buildFile) addContext(container *runtime.Container, orig, dest string, remote bool) error { +func (b *buildFile) addContext(container *daemon.Container, orig, dest string, remote bool) error { var ( err error origPath = path.Join(b.contextPath, orig) @@ -609,7 +600,7 @@ func (b *buildFile) CmdAdd(args string) error { } // Create the container and start it - container, _, err := b.runtime.Create(b.config, "") + container, _, err := b.daemon.Create(b.config, "") if err != nil { return err } @@ -631,14 +622,14 @@ func (b *buildFile) CmdAdd(args string) error { return nil } -func (b *buildFile) create() (*runtime.Container, error) { +func (b *buildFile) create() (*daemon.Container, error) { if b.image == "" { return nil, fmt.Errorf("Please provide a source image with `from` prior to run") } b.config.Image = b.image // Create the container and start it - c, _, err := b.runtime.Create(b.config, "") + c, _, err := b.daemon.Create(b.config, "") if err != nil { return nil, err } @@ -652,12 +643,11 @@ func (b *buildFile) create() (*runtime.Container, error) { return c, nil } -func (b *buildFile) run(c *runtime.Container) error { +func (b *buildFile) run(c *daemon.Container) error { var errCh chan error - if b.verbose { errCh = utils.Go(func() error { - return <-c.Attach(nil, nil, b.outStream, b.errStream) + return <-b.daemon.Attach(c, nil, nil, b.outStream, b.errStream) }) } @@ -703,7 +693,7 @@ func (b *buildFile) commit(id string, autoCmd []string, comment string) error { return nil } - container, warnings, err := b.runtime.Create(b.config, "") + container, warnings, err := b.daemon.Create(b.config, "") if err != nil { return err } @@ -719,7 +709,7 @@ func (b *buildFile) commit(id string, autoCmd []string, comment string) error { } defer container.Unmount() } - container := b.runtime.Get(id) + container := b.daemon.Get(id) if container == nil { return fmt.Errorf("An error occured while creating the container") } @@ -728,7 +718,7 @@ func (b *buildFile) commit(id string, autoCmd []string, comment string) error { autoConfig := *b.config autoConfig.Cmd = autoCmd // Commit the container - image, err := b.runtime.Commit(container, "", "", "", b.maintainer, &autoConfig) + image, err := b.daemon.Commit(container, "", "", "", b.maintainer, &autoConfig) if err != nil { return err } @@ -780,14 +770,13 @@ func (b *buildFile) Build(context io.Reader) (string, error) { } if err := b.BuildStep(fmt.Sprintf("%d", stepN), line); err != nil { return "", err + } else if b.rm { + b.clearTmp(b.tmpContainers) } stepN += 1 } if b.image != "" { fmt.Fprintf(b.outStream, "Successfully built %s\n", utils.TruncateID(b.image)) - if b.rm { - b.clearTmp(b.tmpContainers) - } return b.image, nil } return "", fmt.Errorf("No image was generated. This may be because the Dockerfile does not, like, do anything.\n") @@ -832,9 +821,9 @@ func stripComments(raw []byte) string { return strings.Join(out, "\n") } -func NewBuildFile(srv *Server, outStream, errStream io.Writer, verbose, utilizeCache, rm bool, outOld io.Writer, sf *utils.StreamFormatter, auth *registry.AuthConfig, authConfigFile *registry.ConfigFile) BuildFile { +func NewBuildFile(srv *Server, outStream, errStream io.Writer, verbose, utilizeCache, rm bool, outOld io.Writer, sf *utils.StreamFormatter, configFile *registry.ConfigFile) BuildFile { return &buildFile{ - runtime: srv.runtime, + daemon: srv.daemon, srv: srv, config: &runconfig.Config{}, outStream: outStream, @@ -845,8 +834,7 @@ func NewBuildFile(srv *Server, outStream, errStream io.Writer, verbose, utilizeC utilizeCache: utilizeCache, rm: rm, sf: sf, - authConfig: auth, - configFile: authConfigFile, + configFile: configFile, outOld: outOld, } } diff --git a/server/server.go b/server/server.go index 0feaff4eac..47565f0022 100644 --- a/server/server.go +++ b/server/server.go @@ -1,21 +1,29 @@ +// DEPRECATION NOTICE. PLEASE DO NOT ADD ANYTHING TO THIS FILE. +// +// server/server.go is deprecated. We are working on breaking it up into smaller, cleaner +// pieces which will be easier to find and test. This will help make the code less +// redundant and more readable. +// +// Contributors, please don't add anything to server/server.go, unless it has the explicit +// goal of helping the deprecation effort. +// +// Maintainers, please refuse patches which add code to server/server.go. +// +// Instead try the following files: +// * For code related to local image management, try graph/ +// * For code related to image downloading, uploading, remote search etc, try registry/ +// * For code related to the docker daemon, try daemon/ +// * For small utilities which could potentially be useful outside of Docker, try pkg/ +// * For miscalleneous "util" functions which are docker-specific, try encapsulating them +// inside one of the subsystems above. If you really think they should be more widely +// available, are you sure you can't remove the docker dependencies and move them to +// pkg? In last resort, you can add them to utils/ (but please try not to). + package server import ( "encoding/json" "fmt" - "github.com/dotcloud/docker/api" - "github.com/dotcloud/docker/archive" - "github.com/dotcloud/docker/daemonconfig" - "github.com/dotcloud/docker/dockerversion" - "github.com/dotcloud/docker/engine" - "github.com/dotcloud/docker/graph" - "github.com/dotcloud/docker/image" - "github.com/dotcloud/docker/pkg/graphdb" - "github.com/dotcloud/docker/pkg/signal" - "github.com/dotcloud/docker/registry" - "github.com/dotcloud/docker/runconfig" - "github.com/dotcloud/docker/runtime" - "github.com/dotcloud/docker/utils" "io" "io/ioutil" "log" @@ -32,6 +40,20 @@ import ( "sync" "syscall" "time" + + "github.com/dotcloud/docker/api" + "github.com/dotcloud/docker/archive" + "github.com/dotcloud/docker/daemon" + "github.com/dotcloud/docker/daemonconfig" + "github.com/dotcloud/docker/dockerversion" + "github.com/dotcloud/docker/engine" + "github.com/dotcloud/docker/graph" + "github.com/dotcloud/docker/image" + "github.com/dotcloud/docker/pkg/graphdb" + "github.com/dotcloud/docker/pkg/signal" + "github.com/dotcloud/docker/registry" + "github.com/dotcloud/docker/runconfig" + "github.com/dotcloud/docker/utils" ) // jobInitApi runs the remote api server `srv` as a daemon, @@ -43,9 +65,9 @@ func InitServer(job *engine.Job) engine.Status { if err != nil { return job.Error(err) } - if srv.runtime.Config().Pidfile != "" { + if srv.daemon.Config().Pidfile != "" { job.Logf("Creating pidfile") - if err := utils.CreatePidFile(srv.runtime.Config().Pidfile); err != nil { + if err := utils.CreatePidFile(srv.daemon.Config().Pidfile); err != nil { // FIXME: do we need fatal here instead of returning a job error? log.Fatal(err) } @@ -65,7 +87,7 @@ func InitServer(job *engine.Job) engine.Status { interruptCount++ // Initiate the cleanup only once if interruptCount == 1 { - utils.RemovePidFile(srv.runtime.Config().Pidfile) + utils.RemovePidFile(srv.daemon.Config().Pidfile) srv.Close() } else { return @@ -80,7 +102,7 @@ func InitServer(job *engine.Job) engine.Status { } }() job.Eng.Hack_SetGlobalVar("httpapi.server", srv) - job.Eng.Hack_SetGlobalVar("httpapi.runtime", srv.runtime) + job.Eng.Hack_SetGlobalVar("httpapi.daemon", srv.daemon) // FIXME: 'insert' is deprecated and should be removed in a future version. for name, handler := range map[string]engine.Handler{ @@ -103,7 +125,7 @@ func InitServer(job *engine.Job) engine.Status { "container_copy": srv.ContainerCopy, "insert": srv.ImageInsert, "attach": srv.ContainerAttach, - "search": srv.ImagesSearch, + "logs": srv.ContainerLogs, "changes": srv.ContainerChanges, "top": srv.ContainerTop, "version": srv.DockerVersion, @@ -116,7 +138,6 @@ func InitServer(job *engine.Job) engine.Status { "events": srv.Events, "push": srv.ImagePush, "containers": srv.Containers, - "auth": srv.Auth, } { if err := job.Eng.Register(name, handler); err != nil { return job.Error(err) @@ -125,24 +146,6 @@ func InitServer(job *engine.Job) engine.Status { return engine.StatusOK } -// simpleVersionInfo is a simple implementation of -// the interface VersionInfo, which is used -// to provide version information for some product, -// component, etc. It stores the product name and the version -// in string and returns them on calls to Name() and Version(). -type simpleVersionInfo struct { - name string - version string -} - -func (v *simpleVersionInfo) Name() string { - return v.name -} - -func (v *simpleVersionInfo) Version() string { - return v.version -} - // ContainerKill send signal to the container // If no signal is given (sig 0), then Kill with SIGKILL and wait // for the container to exit. @@ -172,13 +175,13 @@ func (srv *Server) ContainerKill(job *engine.Job) engine.Status { } } - if container := srv.runtime.Get(name); container != nil { + if container := srv.daemon.Get(name); container != nil { // If no signal is passed, or SIGKILL, perform regular Kill (SIGKILL + wait()) if sig == 0 || syscall.Signal(sig) == syscall.SIGKILL { if err := container.Kill(); err != nil { return job.Errorf("Cannot kill container %s: %s", name, err) } - srv.LogEvent("kill", container.ID, srv.runtime.Repositories().ImageName(container.Image)) + srv.LogEvent("kill", container.ID, srv.daemon.Repositories().ImageName(container.Image)) } else { // Otherwise, just send the requested signal if err := container.KillSig(int(sig)); err != nil { @@ -192,37 +195,16 @@ func (srv *Server) ContainerKill(job *engine.Job) engine.Status { return engine.StatusOK } -func (srv *Server) Auth(job *engine.Job) engine.Status { - var ( - err error - authConfig = ®istry.AuthConfig{} - ) - - job.GetenvJson("authConfig", authConfig) - // TODO: this is only done here because auth and registry need to be merged into one pkg - if addr := authConfig.ServerAddress; addr != "" && addr != registry.IndexServerAddress() { - addr, err = registry.ExpandAndVerifyRegistryUrl(addr) - if err != nil { - return job.Error(err) - } - authConfig.ServerAddress = addr - } - status, err := registry.Login(authConfig, srv.HTTPRequestFactory(nil)) - if err != nil { - return job.Error(err) - } - job.Printf("%s\n", status) - return engine.StatusOK -} - func (srv *Server) Events(job *engine.Job) engine.Status { if len(job.Args) != 1 { return job.Errorf("Usage: %s FROM", job.Name) } var ( - from = job.Args[0] - since = job.GetenvInt64("since") + from = job.Args[0] + since = job.GetenvInt64("since") + until = job.GetenvInt64("until") + timeout = time.NewTimer(time.Unix(until, 0).Sub(time.Now())) ) sendEvent := func(event *utils.JSONMessage) error { b, err := json.Marshal(event) @@ -251,9 +233,9 @@ func (srv *Server) Events(job *engine.Job) engine.Status { srv.Unlock() job.Stdout.Write(nil) // flush if since != 0 { - // If since, send previous events that happened after the timestamp + // If since, send previous events that happened after the timestamp and until timestamp for _, event := range srv.GetEvents() { - if event.Time >= since { + if event.Time >= since && (event.Time <= until || until == 0) { err := sendEvent(&event) if err != nil && err.Error() == "JSON error" { continue @@ -265,13 +247,23 @@ func (srv *Server) Events(job *engine.Job) engine.Status { } } } - for event := range listener { - err := sendEvent(&event) - if err != nil && err.Error() == "JSON error" { - continue - } - if err != nil { - return job.Error(err) + + // If no until, disable timeout + if until == 0 { + timeout.Stop() + } + for { + select { + case event := <-listener: + err := sendEvent(&event) + if err != nil && err.Error() == "JSON error" { + continue + } + if err != nil { + return job.Error(err) + } + case <-timeout.C: + return engine.StatusOK } } return engine.StatusOK @@ -282,7 +274,7 @@ func (srv *Server) ContainerExport(job *engine.Job) engine.Status { return job.Errorf("Usage: %s container_id", job.Name) } name := job.Args[0] - if container := srv.runtime.Get(name); container != nil { + if container := srv.daemon.Get(name); container != nil { data, err := container.Export() if err != nil { return job.Errorf("%s: %s", name, err) @@ -294,7 +286,7 @@ func (srv *Server) ContainerExport(job *engine.Job) engine.Status { return job.Errorf("%s: %s", name, err) } // FIXME: factor job-specific LogEvent to engine.Job.Run() - srv.LogEvent("export", container.ID, srv.runtime.Repositories().ImageName(container.Image)) + srv.LogEvent("export", container.ID, srv.daemon.Repositories().ImageName(container.Image)) return engine.StatusOK } return job.Errorf("No such container: %s", name) @@ -307,7 +299,7 @@ func (srv *Server) ContainerExport(job *engine.Job) engine.Status { // out is the writer where the images are written to. func (srv *Server) ImageExport(job *engine.Job) engine.Status { if len(job.Args) != 1 { - return job.Errorf("Usage: %s CONTAINER\n", job.Name) + return job.Errorf("Usage: %s IMAGE\n", job.Name) } name := job.Args[0] // get image json @@ -319,7 +311,7 @@ func (srv *Server) ImageExport(job *engine.Job) engine.Status { utils.Debugf("Serializing %s", name) - rootRepo, err := srv.runtime.Repositories().Get(name) + rootRepo, err := srv.daemon.Repositories().Get(name) if err != nil { return job.Error(err) } @@ -340,7 +332,7 @@ func (srv *Server) ImageExport(job *engine.Job) engine.Status { rootRepoMap[name] = rootRepo rootRepoJson, _ := json.Marshal(rootRepoMap) - if err := ioutil.WriteFile(path.Join(tempdir, "repositories"), rootRepoJson, os.ModeAppend); err != nil { + if err := ioutil.WriteFile(path.Join(tempdir, "repositories"), rootRepoJson, os.FileMode(0644)); err != nil { return job.Error(err) } } else { @@ -369,7 +361,7 @@ func (srv *Server) exportImage(img *image.Image, tempdir string) error { for i := img; i != nil; { // temporary directory tmpImageDir := path.Join(tempdir, i.ID) - if err := os.Mkdir(tmpImageDir, os.ModeDir); err != nil { + if err := os.Mkdir(tmpImageDir, os.FileMode(0755)); err != nil { if os.IsExist(err) { return nil } @@ -379,7 +371,7 @@ func (srv *Server) exportImage(img *image.Image, tempdir string) error { var version = "1.0" var versionBuf = []byte(version) - if err := ioutil.WriteFile(path.Join(tmpImageDir, "VERSION"), versionBuf, os.ModeAppend); err != nil { + if err := ioutil.WriteFile(path.Join(tmpImageDir, "VERSION"), versionBuf, os.FileMode(0644)); err != nil { return err } @@ -388,7 +380,7 @@ func (srv *Server) exportImage(img *image.Image, tempdir string) error { if err != nil { return err } - if err := ioutil.WriteFile(path.Join(tmpImageDir, "json"), b, os.ModeAppend); err != nil { + if err := ioutil.WriteFile(path.Join(tmpImageDir, "json"), b, os.FileMode(0644)); err != nil { return err } @@ -436,13 +428,11 @@ func (srv *Server) Build(job *engine.Job) engine.Status { suppressOutput = job.GetenvBool("q") noCache = job.GetenvBool("nocache") rm = job.GetenvBool("rm") - authConfig = ®istry.AuthConfig{} configFile = ®istry.ConfigFile{} tag string context io.ReadCloser ) - job.GetenvJson("authConfig", authConfig) - job.GetenvJson("configFile", configFile) + job.GetenvJson("auth", configFile) repoName, tag = utils.ParseRepositoryTag(repoName) if remoteURL == "" { @@ -494,13 +484,13 @@ func (srv *Server) Build(job *engine.Job) engine.Status { Writer: job.Stdout, StreamFormatter: sf, }, - !suppressOutput, !noCache, rm, job.Stdout, sf, authConfig, configFile) + !suppressOutput, !noCache, rm, job.Stdout, sf, configFile) id, err := b.Build(context) if err != nil { return job.Error(err) } if repoName != "" { - srv.runtime.Repositories().Set(repoName, tag, id, false) + srv.daemon.Repositories().Set(repoName, tag, id, false) } return engine.StatusOK } @@ -561,7 +551,7 @@ func (srv *Server) ImageLoad(job *engine.Job) engine.Status { for imageName, tagMap := range repositories { for tag, address := range tagMap { - if err := srv.runtime.Repositories().Set(imageName, tag, address, true); err != nil { + if err := srv.daemon.Repositories().Set(imageName, tag, address, true); err != nil { return job.Error(err) } } @@ -594,13 +584,13 @@ func (srv *Server) recursiveLoad(address, tmpImageDir string) error { return err } if img.Parent != "" { - if !srv.runtime.Graph().Exists(img.Parent) { + if !srv.daemon.Graph().Exists(img.Parent) { if err := srv.recursiveLoad(img.Parent, tmpImageDir); err != nil { return err } } } - if err := srv.runtime.Graph().Register(imageJson, layer, img); err != nil { + if err := srv.daemon.Graph().Register(imageJson, layer, img); err != nil { return err } } @@ -609,39 +599,6 @@ func (srv *Server) recursiveLoad(address, tmpImageDir string) error { return nil } -func (srv *Server) ImagesSearch(job *engine.Job) engine.Status { - if n := len(job.Args); n != 1 { - return job.Errorf("Usage: %s TERM", job.Name) - } - var ( - term = job.Args[0] - metaHeaders = map[string][]string{} - authConfig = ®istry.AuthConfig{} - ) - job.GetenvJson("authConfig", authConfig) - job.GetenvJson("metaHeaders", metaHeaders) - - r, err := registry.NewRegistry(authConfig, srv.HTTPRequestFactory(metaHeaders), registry.IndexServerAddress()) - if err != nil { - return job.Error(err) - } - results, err := r.SearchRepositories(term) - if err != nil { - return job.Error(err) - } - outs := engine.NewTable("star_count", 0) - for _, result := range results.Results { - out := &engine.Env{} - out.Import(result) - outs.Add(out) - } - outs.ReverseSort() - if _, err := outs.WriteListTo(job.Stdout); err != nil { - return job.Error(err) - } - return engine.StatusOK -} - // FIXME: 'insert' is deprecated and should be removed in a future version. func (srv *Server) ImageInsert(job *engine.Job) engine.Status { fmt.Fprintf(job.Stderr, "Warning: '%s' is deprecated and will be removed in a future version. Please use 'build' and 'ADD' instead.\n", job.Name) @@ -658,7 +615,7 @@ func (srv *Server) ImageInsert(job *engine.Job) engine.Status { sf := utils.NewStreamFormatter(job.GetenvBool("json")) out := utils.NewWriteFlusher(job.Stdout) - img, err := srv.runtime.Repositories().LookupImage(name) + img, err := srv.daemon.Repositories().LookupImage(name) if err != nil { return job.Error(err) } @@ -669,12 +626,12 @@ func (srv *Server) ImageInsert(job *engine.Job) engine.Status { } defer file.Body.Close() - config, _, _, err := runconfig.Parse([]string{img.ID, "echo", "insert", url, path}, srv.runtime.SystemConfig()) + config, _, _, err := runconfig.Parse([]string{img.ID, "echo", "insert", url, path}, srv.daemon.SystemConfig()) if err != nil { return job.Error(err) } - c, _, err := srv.runtime.Create(config, "") + c, _, err := srv.daemon.Create(config, "") if err != nil { return job.Error(err) } @@ -683,7 +640,7 @@ func (srv *Server) ImageInsert(job *engine.Job) engine.Status { return job.Error(err) } // FIXME: Handle custom repo, tag comment, author - img, err = srv.runtime.Commit(c, "", "", img.Comment, img.Author, nil) + img, err = srv.daemon.Commit(c, "", "", img.Comment, img.Author, nil) if err != nil { out.Write(sf.FormatError(err)) return engine.StatusErr @@ -693,7 +650,7 @@ func (srv *Server) ImageInsert(job *engine.Job) engine.Status { } func (srv *Server) ImagesViz(job *engine.Job) engine.Status { - images, _ := srv.runtime.Graph().Map() + images, _ := srv.daemon.Graph().Map() if images == nil { return engine.StatusOK } @@ -717,7 +674,7 @@ func (srv *Server) ImagesViz(job *engine.Job) engine.Status { reporefs := make(map[string][]string) - for name, repository := range srv.runtime.Repositories().Repositories { + for name, repository := range srv.daemon.Repositories().Repositories { for tag, id := range repository { reporefs[utils.TruncateID(id)] = append(reporefs[utils.TruncateID(id)], fmt.Sprintf("%s:%s", name, tag)) } @@ -736,22 +693,22 @@ func (srv *Server) Images(job *engine.Job) engine.Status { err error ) if job.GetenvBool("all") { - allImages, err = srv.runtime.Graph().Map() + allImages, err = srv.daemon.Graph().Map() } else { - allImages, err = srv.runtime.Graph().Heads() + allImages, err = srv.daemon.Graph().Heads() } if err != nil { return job.Error(err) } lookup := make(map[string]*engine.Env) - for name, repository := range srv.runtime.Repositories().Repositories { + for name, repository := range srv.daemon.Repositories().Repositories { if job.Getenv("filter") != "" { if match, _ := path.Match(job.Getenv("filter"), name); !match { continue } } for tag, id := range repository { - image, err := srv.runtime.Graph().Get(id) + image, err := srv.daemon.Graph().Get(id) if err != nil { log.Printf("Warning: couldn't load %s from %s/%s: %s", id, name, tag, err) continue @@ -801,7 +758,7 @@ func (srv *Server) Images(job *engine.Job) engine.Status { } func (srv *Server) DockerInfo(job *engine.Job) engine.Status { - images, _ := srv.runtime.Graph().Map() + images, _ := srv.daemon.Graph().Map() var imgcount int if images == nil { imgcount = 0 @@ -816,22 +773,22 @@ func (srv *Server) DockerInfo(job *engine.Job) engine.Status { // if we still have the original dockerinit binary from before we copied it locally, let's return the path to that, since that's more intuitive (the copied path is trivial to derive by hand given VERSION) initPath := utils.DockerInitPath("") if initPath == "" { - // if that fails, we'll just return the path from the runtime - initPath = srv.runtime.SystemInitPath() + // if that fails, we'll just return the path from the daemon + initPath = srv.daemon.SystemInitPath() } v := &engine.Env{} - v.SetInt("Containers", len(srv.runtime.List())) + v.SetInt("Containers", len(srv.daemon.List())) v.SetInt("Images", imgcount) - v.Set("Driver", srv.runtime.GraphDriver().String()) - v.SetJson("DriverStatus", srv.runtime.GraphDriver().Status()) - v.SetBool("MemoryLimit", srv.runtime.SystemConfig().MemoryLimit) - v.SetBool("SwapLimit", srv.runtime.SystemConfig().SwapLimit) - v.SetBool("IPv4Forwarding", !srv.runtime.SystemConfig().IPv4ForwardingDisabled) + v.Set("Driver", srv.daemon.GraphDriver().String()) + v.SetJson("DriverStatus", srv.daemon.GraphDriver().Status()) + v.SetBool("MemoryLimit", srv.daemon.SystemConfig().MemoryLimit) + v.SetBool("SwapLimit", srv.daemon.SystemConfig().SwapLimit) + v.SetBool("IPv4Forwarding", !srv.daemon.SystemConfig().IPv4ForwardingDisabled) v.SetBool("Debug", os.Getenv("DEBUG") != "") v.SetInt("NFd", utils.GetTotalUsedFds()) v.SetInt("NGoroutines", goruntime.NumGoroutine()) - v.Set("ExecutionDriver", srv.runtime.ExecutionDriver().Name()) + v.Set("ExecutionDriver", srv.daemon.ExecutionDriver().Name()) v.SetInt("NEventsListener", len(srv.listeners)) v.Set("KernelVersion", kernelVersion) v.Set("IndexServerAddress", registry.IndexServerAddress()) @@ -865,13 +822,13 @@ func (srv *Server) ImageHistory(job *engine.Job) engine.Status { return job.Errorf("Usage: %s IMAGE", job.Name) } name := job.Args[0] - foundImage, err := srv.runtime.Repositories().LookupImage(name) + foundImage, err := srv.daemon.Repositories().LookupImage(name) if err != nil { return job.Error(err) } lookupMap := make(map[string][]string) - for name, repository := range srv.runtime.Repositories().Repositories { + for name, repository := range srv.daemon.Repositories().Repositories { for tag, id := range repository { // If the ID already has a reverse lookup, do not update it unless for "latest" if _, exists := lookupMap[id]; !exists { @@ -912,11 +869,11 @@ func (srv *Server) ContainerTop(job *engine.Job) engine.Status { psArgs = job.Args[1] } - if container := srv.runtime.Get(name); container != nil { + if container := srv.daemon.Get(name); container != nil { if !container.State.IsRunning() { return job.Errorf("Container %s is not running", name) } - pids, err := srv.runtime.ExecutionDriver().GetPidsForContainer(container.ID) + pids, err := srv.daemon.ExecutionDriver().GetPidsForContainer(container.ID) if err != nil { return job.Error(err) } @@ -974,7 +931,7 @@ func (srv *Server) ContainerChanges(job *engine.Job) engine.Status { return job.Errorf("Usage: %s CONTAINER", job.Name) } name := job.Args[0] - if container := srv.runtime.Get(name); container != nil { + if container := srv.daemon.Get(name); container != nil { outs := engine.NewTable("", 0) changes, err := container.Changes() if err != nil { @@ -1009,27 +966,27 @@ func (srv *Server) Containers(job *engine.Job) engine.Status { outs := engine.NewTable("Created", 0) names := map[string][]string{} - srv.runtime.ContainerGraph().Walk("/", func(p string, e *graphdb.Entity) error { + srv.daemon.ContainerGraph().Walk("/", func(p string, e *graphdb.Entity) error { names[e.ID()] = append(names[e.ID()], p) return nil }, -1) - var beforeCont, sinceCont *runtime.Container + var beforeCont, sinceCont *daemon.Container if before != "" { - beforeCont = srv.runtime.Get(before) + beforeCont = srv.daemon.Get(before) if beforeCont == nil { return job.Error(fmt.Errorf("Could not find container with name or id %s", before)) } } if since != "" { - sinceCont = srv.runtime.Get(since) + sinceCont = srv.daemon.Get(since) if sinceCont == nil { return job.Error(fmt.Errorf("Could not find container with name or id %s", since)) } } - for _, container := range srv.runtime.List() { + for _, container := range srv.daemon.List() { if !container.State.IsRunning() && !all && n <= 0 && since == "" && before == "" { continue } @@ -1051,9 +1008,19 @@ func (srv *Server) Containers(job *engine.Job) engine.Status { out := &engine.Env{} out.Set("Id", container.ID) out.SetList("Names", names[container.ID]) - out.Set("Image", srv.runtime.Repositories().ImageName(container.Image)) + out.Set("Image", srv.daemon.Repositories().ImageName(container.Image)) if len(container.Args) > 0 { - out.Set("Command", fmt.Sprintf("\"%s %s\"", container.Path, container.ArgsAsString())) + args := []string{} + for _, arg := range container.Args { + if strings.Contains(arg, " ") { + args = append(args, fmt.Sprintf("'%s'", arg)) + } else { + args = append(args, arg) + } + } + argsAsString := strings.Join(args, " ") + + out.Set("Command", fmt.Sprintf("\"%s %s\"", container.Path, argsAsString)) } else { out.Set("Command", fmt.Sprintf("\"%s\"", container.Path)) } @@ -1084,7 +1051,7 @@ func (srv *Server) ContainerCommit(job *engine.Job) engine.Status { } name := job.Args[0] - container := srv.runtime.Get(name) + container := srv.daemon.Get(name) if container == nil { return job.Errorf("No such container: %s", name) } @@ -1098,7 +1065,7 @@ func (srv *Server) ContainerCommit(job *engine.Job) engine.Status { return job.Error(err) } - img, err := srv.runtime.Commit(container, job.Getenv("repo"), job.Getenv("tag"), job.Getenv("comment"), job.Getenv("author"), &newConfig) + img, err := srv.daemon.Commit(container, job.Getenv("repo"), job.Getenv("tag"), job.Getenv("comment"), job.Getenv("author"), &newConfig) if err != nil { return job.Error(err) } @@ -1114,7 +1081,7 @@ func (srv *Server) ImageTag(job *engine.Job) engine.Status { if len(job.Args) == 3 { tag = job.Args[2] } - if err := srv.runtime.Repositories().Set(job.Args[1], tag, job.Args[0], job.GetenvBool("force")); err != nil { + if err := srv.daemon.Repositories().Set(job.Args[1], tag, job.Args[0], job.GetenvBool("force")); err != nil { return job.Error(err) } return engine.StatusOK @@ -1139,7 +1106,7 @@ func (srv *Server) pullImage(r *registry.Registry, out io.Writer, imgID, endpoin } defer srv.poolRemove("pull", "layer:"+id) - if !srv.runtime.Graph().Exists(id) { + if !srv.daemon.Graph().Exists(id) { out.Write(sf.FormatProgress(utils.TruncateID(id), "Pulling metadata", nil)) var ( imgJSON []byte @@ -1177,7 +1144,7 @@ func (srv *Server) pullImage(r *registry.Registry, out io.Writer, imgID, endpoin return err } defer layer.Close() - if err := srv.runtime.Graph().Register(imgJSON, utils.ProgressReader(layer, imgSize, out, sf, false, utils.TruncateID(id), "Downloading"), img); err != nil { + if err := srv.daemon.Graph().Register(imgJSON, utils.ProgressReader(layer, imgSize, out, sf, false, utils.TruncateID(id), "Downloading"), img); err != nil { out.Write(sf.FormatProgress(utils.TruncateID(id), "Error downloading dependent layers", nil)) return err } @@ -1267,7 +1234,7 @@ func (srv *Server) pullRepository(r *registry.Registry, out io.Writer, localName for _, ep := range repoData.Endpoints { out.Write(sf.FormatProgress(utils.TruncateID(img.ID), fmt.Sprintf("Pulling image (%s) from %s, endpoint: %s", img.Tag, localName, ep), nil)) if err := srv.pullImage(r, out, img.ID, ep, repoData.Tokens, sf); err != nil { - // Its not ideal that only the last error is returned, it would be better to concatenate the errors. + // It's not ideal that only the last error is returned, it would be better to concatenate the errors. // As the error is also given to the output stream the user will see the error. lastErr = err out.Write(sf.FormatProgress(utils.TruncateID(img.ID), fmt.Sprintf("Error pulling image (%s) from %s, endpoint: %s, %s", img.Tag, localName, ep, err), nil)) @@ -1312,11 +1279,11 @@ func (srv *Server) pullRepository(r *registry.Registry, out io.Writer, localName if askedTag != "" && tag != askedTag { continue } - if err := srv.runtime.Repositories().Set(localName, tag, id, true); err != nil { + if err := srv.daemon.Repositories().Set(localName, tag, id, true); err != nil { return err } } - if err := srv.runtime.Repositories().Save(); err != nil { + if err := srv.daemon.Repositories().Save(); err != nil { return err } @@ -1374,16 +1341,23 @@ func (srv *Server) ImagePull(job *engine.Job) engine.Status { localName = job.Args[0] tag string sf = utils.NewStreamFormatter(job.GetenvBool("json")) - authConfig = ®istry.AuthConfig{} + authConfig registry.AuthConfig + configFile = ®istry.ConfigFile{} metaHeaders map[string][]string ) if len(job.Args) > 1 { tag = job.Args[1] } - job.GetenvJson("authConfig", authConfig) + job.GetenvJson("auth", configFile) job.GetenvJson("metaHeaders", metaHeaders) + endpoint, _, err := registry.ResolveRepositoryName(localName) + if err != nil { + return job.Error(err) + } + authConfig = configFile.ResolveAuthConfig(endpoint) + c, err := srv.poolAdd("pull", localName+":"+tag) if err != nil { if c != nil { @@ -1402,12 +1376,12 @@ func (srv *Server) ImagePull(job *engine.Job) engine.Status { return job.Error(err) } - endpoint, err := registry.ExpandAndVerifyRegistryUrl(hostname) + endpoint, err = registry.ExpandAndVerifyRegistryUrl(hostname) if err != nil { return job.Error(err) } - r, err := registry.NewRegistry(authConfig, srv.HTTPRequestFactory(metaHeaders), endpoint) + r, err := registry.NewRegistry(&authConfig, registry.HTTPRequestFactory(metaHeaders), endpoint) if err != nil { return job.Error(err) } @@ -1440,7 +1414,7 @@ func (srv *Server) getImageList(localRepo map[string]string, requestedTag string tagsByImage[id] = append(tagsByImage[id], tag) - for img, err := srv.runtime.Graph().Get(id); img != nil; img, err = img.GetParent() { + for img, err := srv.daemon.Graph().Get(id); img != nil; img, err = img.GetParent() { if err != nil { return nil, nil, err } @@ -1555,7 +1529,7 @@ func (srv *Server) pushRepository(r *registry.Registry, out io.Writer, localName func (srv *Server) pushImage(r *registry.Registry, out io.Writer, remote, imgID, ep string, token []string, sf *utils.StreamFormatter) (checksum string, err error) { out = utils.NewWriteFlusher(out) - jsonRaw, err := ioutil.ReadFile(path.Join(srv.runtime.Graph().Root, imgID, "json")) + jsonRaw, err := ioutil.ReadFile(path.Join(srv.daemon.Graph().Root, imgID, "json")) if err != nil { return "", fmt.Errorf("Cannot retrieve the path for {%s}: %s", imgID, err) } @@ -1574,7 +1548,7 @@ func (srv *Server) pushImage(r *registry.Registry, out io.Writer, remote, imgID, return "", err } - layerData, err := srv.runtime.Graph().TempLayerArchive(imgID, archive.Uncompressed, sf, out) + layerData, err := srv.daemon.Graph().TempLayerArchive(imgID, archive.Uncompressed, sf, out) if err != nil { return "", fmt.Errorf("Failed to generate layer archive: %s", err) } @@ -1629,8 +1603,8 @@ func (srv *Server) ImagePush(job *engine.Job) engine.Status { return job.Error(err) } - img, err := srv.runtime.Graph().Get(localName) - r, err2 := registry.NewRegistry(authConfig, srv.HTTPRequestFactory(metaHeaders), endpoint) + img, err := srv.daemon.Graph().Get(localName) + r, err2 := registry.NewRegistry(authConfig, registry.HTTPRequestFactory(metaHeaders), endpoint) if err2 != nil { return job.Error(err2) } @@ -1638,11 +1612,11 @@ func (srv *Server) ImagePush(job *engine.Job) engine.Status { if err != nil { reposLen := 1 if tag == "" { - reposLen = len(srv.runtime.Repositories().Repositories[localName]) + reposLen = len(srv.daemon.Repositories().Repositories[localName]) } job.Stdout.Write(sf.FormatStatus("", "The push refers to a repository [%s] (len: %d)", localName, reposLen)) // If it fails, try to get the repository - if localRepo, exists := srv.runtime.Repositories().Repositories[localName]; exists { + if localRepo, exists := srv.daemon.Repositories().Repositories[localName]; exists { if err := srv.pushRepository(r, job.Stdout, localName, remoteName, localRepo, tag, sf); err != nil { return job.Error(err) } @@ -1698,13 +1672,13 @@ func (srv *Server) ImageImport(job *engine.Job) engine.Status { defer progressReader.Close() archive = progressReader } - img, err := srv.runtime.Graph().Create(archive, "", "", "Imported from "+src, "", nil, nil) + img, err := srv.daemon.Graph().Create(archive, "", "", "Imported from "+src, "", nil, nil) if err != nil { return job.Error(err) } // Optionally register the image at REPO/TAG if repo != "" { - if err := srv.runtime.Repositories().Set(repo, tag, img.ID, true); err != nil { + if err := srv.daemon.Repositories().Set(repo, tag, img.ID, true); err != nil { return job.Error(err) } } @@ -1723,17 +1697,17 @@ func (srv *Server) ContainerCreate(job *engine.Job) engine.Status { if config.Memory != 0 && config.Memory < 524288 { return job.Errorf("Minimum memory limit allowed is 512k") } - if config.Memory > 0 && !srv.runtime.SystemConfig().MemoryLimit { + if config.Memory > 0 && !srv.daemon.SystemConfig().MemoryLimit { job.Errorf("Your kernel does not support memory limit capabilities. Limitation discarded.\n") config.Memory = 0 } - if config.Memory > 0 && !srv.runtime.SystemConfig().SwapLimit { + if config.Memory > 0 && !srv.daemon.SystemConfig().SwapLimit { job.Errorf("Your kernel does not support swap limit capabilities. Limitation discarded.\n") config.MemorySwap = -1 } - container, buildWarnings, err := srv.runtime.Create(config, name) + container, buildWarnings, err := srv.daemon.Create(config, name) if err != nil { - if srv.runtime.Graph().IsNotExist(err) { + if srv.daemon.Graph().IsNotExist(err) { _, tag := utils.ParseRepositoryTag(config.Image) if tag == "" { tag = graph.DEFAULTTAG @@ -1742,11 +1716,11 @@ func (srv *Server) ContainerCreate(job *engine.Job) engine.Status { } return job.Error(err) } - if !container.Config.NetworkDisabled && srv.runtime.SystemConfig().IPv4ForwardingDisabled { + if !container.Config.NetworkDisabled && srv.daemon.SystemConfig().IPv4ForwardingDisabled { job.Errorf("IPv4 forwarding is disabled.\n") } - srv.LogEvent("create", container.ID, srv.runtime.Repositories().ImageName(container.Image)) - // FIXME: this is necessary because runtime.Create might return a nil container + srv.LogEvent("create", container.ID, srv.daemon.Repositories().ImageName(container.Image)) + // FIXME: this is necessary because daemon.Create might return a nil container // with a non-nil error. This should not happen! Once it's fixed we // can remove this workaround. if container != nil { @@ -1769,11 +1743,11 @@ func (srv *Server) ContainerRestart(job *engine.Job) engine.Status { if job.EnvExists("t") { t = job.GetenvInt("t") } - if container := srv.runtime.Get(name); container != nil { + if container := srv.daemon.Get(name); container != nil { if err := container.Restart(int(t)); err != nil { return job.Errorf("Cannot restart container %s: %s\n", name, err) } - srv.LogEvent("restart", container.ID, srv.runtime.Repositories().ImageName(container.Image)) + srv.LogEvent("restart", container.ID, srv.daemon.Repositories().ImageName(container.Image)) } else { return job.Errorf("No such container: %s\n", name) } @@ -1789,13 +1763,13 @@ func (srv *Server) ContainerDestroy(job *engine.Job) engine.Status { removeLink := job.GetenvBool("removeLink") forceRemove := job.GetenvBool("forceRemove") - container := srv.runtime.Get(name) + container := srv.daemon.Get(name) if removeLink { if container == nil { return job.Errorf("No such link: %s", name) } - name, err := runtime.GetFullContainerName(name) + name, err := daemon.GetFullContainerName(name) if err != nil { job.Error(err) } @@ -1803,17 +1777,17 @@ func (srv *Server) ContainerDestroy(job *engine.Job) engine.Status { if parent == "/" { return job.Errorf("Conflict, cannot remove the default name of the container") } - pe := srv.runtime.ContainerGraph().Get(parent) + pe := srv.daemon.ContainerGraph().Get(parent) if pe == nil { return job.Errorf("Cannot get parent %s for name %s", parent, name) } - parentContainer := srv.runtime.Get(pe.ID()) + parentContainer := srv.daemon.Get(pe.ID()) if parentContainer != nil { parentContainer.DisableLink(n) } - if err := srv.runtime.ContainerGraph().Delete(name); err != nil { + if err := srv.daemon.ContainerGraph().Delete(name); err != nil { return job.Error(err) } return engine.StatusOK @@ -1829,16 +1803,16 @@ func (srv *Server) ContainerDestroy(job *engine.Job) engine.Status { return job.Errorf("Impossible to remove a running container, please stop it first or use -f") } } - if err := srv.runtime.Destroy(container); err != nil { + if err := srv.daemon.Destroy(container); err != nil { return job.Errorf("Cannot destroy container %s: %s", name, err) } - srv.LogEvent("destroy", container.ID, srv.runtime.Repositories().ImageName(container.Image)) + srv.LogEvent("destroy", container.ID, srv.daemon.Repositories().ImageName(container.Image)) if removeVolume { var ( volumes = make(map[string]struct{}) binds = make(map[string]struct{}) - usedVolumes = make(map[string]*runtime.Container) + usedVolumes = make(map[string]*daemon.Container) ) // the volume id is always the base of the path @@ -1850,13 +1824,16 @@ func (srv *Server) ContainerDestroy(job *engine.Job) engine.Status { for _, bind := range container.HostConfig().Binds { source := strings.Split(bind, ":")[0] // TODO: refactor all volume stuff, all of it - // this is very important that we eval the link - // or comparing the keys to container.Volumes will not work + // it is very important that we eval the link or comparing the keys to container.Volumes will not work + // + // eval symlink can fail, ref #5244 if we receive an is not exist error we can ignore it p, err := filepath.EvalSymlinks(source) - if err != nil { + if err != nil && !os.IsNotExist(err) { return job.Error(err) } - source = p + if p != "" { + source = p + } binds[source] = struct{}{} } @@ -1873,7 +1850,7 @@ func (srv *Server) ContainerDestroy(job *engine.Job) engine.Status { } // Retrieve all volumes from all remaining containers - for _, container := range srv.runtime.List() { + for _, container := range srv.daemon.List() { for _, containerVolumeId := range container.Volumes { containerVolumeId = getVolumeId(containerVolumeId) usedVolumes[containerVolumeId] = container @@ -1886,7 +1863,7 @@ func (srv *Server) ContainerDestroy(job *engine.Job) engine.Status { log.Printf("The volume %s is used by the container %s. Impossible to remove it. Skipping.\n", volumeId, c.ID) continue } - if err := srv.runtime.Volumes().Delete(volumeId); err != nil { + if err := srv.daemon.Volumes().Delete(volumeId); err != nil { return job.Errorf("Error calling volumes.Delete(%q): %v", volumeId, err) } } @@ -1901,6 +1878,7 @@ func (srv *Server) DeleteImage(name string, imgs *engine.Table, first, force, no var ( repoName, tag string tags = []string{} + tagDeleted bool ) repoName, tag = utils.ParseRepositoryTag(name) @@ -1908,9 +1886,9 @@ func (srv *Server) DeleteImage(name string, imgs *engine.Table, first, force, no tag = graph.DEFAULTTAG } - img, err := srv.runtime.Repositories().LookupImage(name) + img, err := srv.daemon.Repositories().LookupImage(name) if err != nil { - if r, _ := srv.runtime.Repositories().Get(repoName); r != nil { + if r, _ := srv.daemon.Repositories().Get(repoName); r != nil { return fmt.Errorf("No such image: %s:%s", repoName, tag) } return fmt.Errorf("No such image: %s", name) @@ -1921,14 +1899,14 @@ func (srv *Server) DeleteImage(name string, imgs *engine.Table, first, force, no tag = "" } - byParents, err := srv.runtime.Graph().ByParent() + byParents, err := srv.daemon.Graph().ByParent() if err != nil { return err } //If delete by id, see if the id belong only to one repository if repoName == "" { - for _, repoAndTag := range srv.runtime.Repositories().ByID()[img.ID] { + for _, repoAndTag := range srv.daemon.Repositories().ByID()[img.ID] { parsedRepo, parsedTag := utils.ParseRepositoryTag(repoAndTag) if repoName == "" || repoName == parsedRepo { repoName = parsedRepo @@ -1951,7 +1929,7 @@ func (srv *Server) DeleteImage(name string, imgs *engine.Table, first, force, no //Untag the current image for _, tag := range tags { - tagDeleted, err := srv.runtime.Repositories().Delete(repoName, tag) + tagDeleted, err = srv.daemon.Repositories().Delete(repoName, tag) if err != nil { return err } @@ -1962,16 +1940,16 @@ func (srv *Server) DeleteImage(name string, imgs *engine.Table, first, force, no srv.LogEvent("untag", img.ID, "") } } - tags = srv.runtime.Repositories().ByID()[img.ID] + tags = srv.daemon.Repositories().ByID()[img.ID] if (len(tags) <= 1 && repoName == "") || len(tags) == 0 { if len(byParents[img.ID]) == 0 { - if err := srv.canDeleteImage(img.ID); err != nil { + if err := srv.canDeleteImage(img.ID, force, tagDeleted); err != nil { return err } - if err := srv.runtime.Repositories().DeleteAll(img.ID); err != nil { + if err := srv.daemon.Repositories().DeleteAll(img.ID); err != nil { return err } - if err := srv.runtime.Graph().Delete(img.ID); err != nil { + if err := srv.daemon.Graph().Delete(img.ID); err != nil { return err } out := &engine.Env{} @@ -2008,16 +1986,27 @@ func (srv *Server) ImageDelete(job *engine.Job) engine.Status { return engine.StatusOK } -func (srv *Server) canDeleteImage(imgID string) error { - for _, container := range srv.runtime.List() { - parent, err := srv.runtime.Repositories().LookupImage(container.Image) +func (srv *Server) canDeleteImage(imgID string, force, untagged bool) error { + var message string + if untagged { + message = " (docker untagged the image)" + } + for _, container := range srv.daemon.List() { + parent, err := srv.daemon.Repositories().LookupImage(container.Image) if err != nil { return err } if err := parent.WalkHistory(func(p *image.Image) error { if imgID == p.ID { - return fmt.Errorf("Conflict, cannot delete %s because the container %s is using it", utils.TruncateID(imgID), utils.TruncateID(container.ID)) + if container.State.IsRunning() { + if force { + return fmt.Errorf("Conflict, cannot force delete %s because the running container %s is using it%s, stop it and retry", utils.TruncateID(imgID), utils.TruncateID(container.ID), message) + } + return fmt.Errorf("Conflict, cannot delete %s because the running container %s is using it%s, stop it and use -f to force", utils.TruncateID(imgID), utils.TruncateID(container.ID), message) + } else if !force { + return fmt.Errorf("Conflict, cannot delete %s because the container %s is using it%s, use -f to force", utils.TruncateID(imgID), utils.TruncateID(container.ID), message) + } } return nil }); err != nil { @@ -2029,7 +2018,7 @@ func (srv *Server) canDeleteImage(imgID string) error { func (srv *Server) ImageGetCached(imgID string, config *runconfig.Config) (*image.Image, error) { // Retrieve all images - images, err := srv.runtime.Graph().Map() + images, err := srv.daemon.Graph().Map() if err != nil { return nil, err } @@ -2046,7 +2035,7 @@ func (srv *Server) ImageGetCached(imgID string, config *runconfig.Config) (*imag // Loop on the children of the given image and check the config var match *image.Image for elem := range imageMap[imgID] { - img, err := srv.runtime.Graph().Get(elem) + img, err := srv.daemon.Graph().Get(elem) if err != nil { return nil, err } @@ -2059,8 +2048,8 @@ func (srv *Server) ImageGetCached(imgID string, config *runconfig.Config) (*imag return match, nil } -func (srv *Server) RegisterLinks(container *runtime.Container, hostConfig *runconfig.HostConfig) error { - runtime := srv.runtime +func (srv *Server) RegisterLinks(container *daemon.Container, hostConfig *runconfig.HostConfig) error { + daemon := srv.daemon if hostConfig != nil && hostConfig.Links != nil { for _, l := range hostConfig.Links { @@ -2068,19 +2057,19 @@ func (srv *Server) RegisterLinks(container *runtime.Container, hostConfig *runco if err != nil { return err } - child, err := srv.runtime.GetByName(parts["name"]) + child, err := srv.daemon.GetByName(parts["name"]) if err != nil { return err } if child == nil { return fmt.Errorf("Could not get container for %s", parts["name"]) } - if err := runtime.RegisterLink(container, child, parts["alias"]); err != nil { + if err := daemon.RegisterLink(container, child, parts["alias"]); err != nil { return err } } - // After we load all the links into the runtime + // After we load all the links into the daemon // set them to nil on the hostconfig hostConfig.Links = nil if err := container.WriteHostConfig(); err != nil { @@ -2096,8 +2085,8 @@ func (srv *Server) ContainerStart(job *engine.Job) engine.Status { } var ( name = job.Args[0] - runtime = srv.runtime - container = runtime.Get(name) + daemon = srv.daemon + container = daemon.Get(name) ) if container == nil { @@ -2139,7 +2128,7 @@ func (srv *Server) ContainerStart(job *engine.Job) engine.Status { if err := container.Start(); err != nil { return job.Errorf("Cannot start container %s: %s", name, err) } - srv.LogEvent("start", container.ID, runtime.Repositories().ImageName(container.Image)) + srv.LogEvent("start", container.ID, daemon.Repositories().ImageName(container.Image)) return engine.StatusOK } @@ -2155,11 +2144,11 @@ func (srv *Server) ContainerStop(job *engine.Job) engine.Status { if job.EnvExists("t") { t = job.GetenvInt("t") } - if container := srv.runtime.Get(name); container != nil { + if container := srv.daemon.Get(name); container != nil { if err := container.Stop(int(t)); err != nil { return job.Errorf("Cannot stop container %s: %s\n", name, err) } - srv.LogEvent("stop", container.ID, srv.runtime.Repositories().ImageName(container.Image)) + srv.LogEvent("stop", container.ID, srv.daemon.Repositories().ImageName(container.Image)) } else { return job.Errorf("No such container: %s\n", name) } @@ -2171,7 +2160,7 @@ func (srv *Server) ContainerWait(job *engine.Job) engine.Status { return job.Errorf("Usage: %s", job.Name) } name := job.Args[0] - if container := srv.runtime.Get(name); container != nil { + if container := srv.daemon.Get(name); container != nil { status := container.Wait() job.Printf("%d\n", status) return engine.StatusOK @@ -2192,7 +2181,7 @@ func (srv *Server) ContainerResize(job *engine.Job) engine.Status { if err != nil { return job.Error(err) } - if container := srv.runtime.Get(name); container != nil { + if container := srv.daemon.Get(name); container != nil { if err := container.Resize(height, width); err != nil { return job.Error(err) } @@ -2201,6 +2190,96 @@ func (srv *Server) ContainerResize(job *engine.Job) engine.Status { return job.Errorf("No such container: %s", name) } +func (srv *Server) ContainerLogs(job *engine.Job) engine.Status { + if len(job.Args) != 1 { + return job.Errorf("Usage: %s CONTAINER\n", job.Name) + } + + var ( + name = job.Args[0] + stdout = job.GetenvBool("stdout") + stderr = job.GetenvBool("stderr") + follow = job.GetenvBool("follow") + times = job.GetenvBool("timestamps") + format string + ) + if !(stdout || stderr) { + return job.Errorf("You must choose at least one stream") + } + if times { + format = time.StampMilli + } + container := srv.daemon.Get(name) + if container == nil { + return job.Errorf("No such container: %s", name) + } + cLog, err := container.ReadLog("json") + if err != nil && os.IsNotExist(err) { + // Legacy logs + utils.Debugf("Old logs format") + if stdout { + cLog, err := container.ReadLog("stdout") + if err != nil { + utils.Errorf("Error reading logs (stdout): %s", err) + } else if _, err := io.Copy(job.Stdout, cLog); err != nil { + utils.Errorf("Error streaming logs (stdout): %s", err) + } + } + if stderr { + cLog, err := container.ReadLog("stderr") + if err != nil { + utils.Errorf("Error reading logs (stderr): %s", err) + } else if _, err := io.Copy(job.Stderr, cLog); err != nil { + utils.Errorf("Error streaming logs (stderr): %s", err) + } + } + } else if err != nil { + utils.Errorf("Error reading logs (json): %s", err) + } else { + dec := json.NewDecoder(cLog) + for { + l := &utils.JSONLog{} + + if err := dec.Decode(l); err == io.EOF { + break + } else if err != nil { + utils.Errorf("Error streaming logs: %s", err) + break + } + logLine := l.Log + if times { + logLine = fmt.Sprintf("[%s] %s", l.Created.Format(format), logLine) + } + if l.Stream == "stdout" && stdout { + fmt.Fprintf(job.Stdout, "%s", logLine) + } + if l.Stream == "stderr" && stderr { + fmt.Fprintf(job.Stderr, "%s", logLine) + } + } + } + if follow { + errors := make(chan error, 2) + if stdout { + stdoutPipe := container.StdoutLogPipe() + go func() { + errors <- utils.WriteLog(stdoutPipe, job.Stdout, format) + }() + } + if stderr { + stderrPipe := container.StderrLogPipe() + go func() { + errors <- utils.WriteLog(stderrPipe, job.Stderr, format) + }() + } + err := <-errors + if err != nil { + utils.Errorf("%s", err) + } + } + return engine.StatusOK +} + func (srv *Server) ContainerAttach(job *engine.Job) engine.Status { if len(job.Args) != 1 { return job.Errorf("Usage: %s CONTAINER\n", job.Name) @@ -2215,7 +2294,7 @@ func (srv *Server) ContainerAttach(job *engine.Job) engine.Status { stderr = job.GetenvBool("stderr") ) - container := srv.runtime.Get(name) + container := srv.daemon.Get(name) if container == nil { return job.Errorf("No such container: %s", name) } @@ -2267,10 +2346,6 @@ func (srv *Server) ContainerAttach(job *engine.Job) engine.Status { //stream if stream { - if container.State.IsGhost() { - return job.Errorf("Impossible to attach to a ghost container") - } - var ( cStdin io.ReadCloser cStdout, cStderr io.Writer @@ -2294,7 +2369,7 @@ func (srv *Server) ContainerAttach(job *engine.Job) engine.Status { cStderr = job.Stderr } - <-container.Attach(cStdin, cStdinCloser, cStdout, cStderr) + <-srv.daemon.Attach(container, cStdin, cStdinCloser, cStdout, cStderr) // If we are in stdinonce mode, wait for the process to end // otherwise, simply return @@ -2305,15 +2380,15 @@ func (srv *Server) ContainerAttach(job *engine.Job) engine.Status { return engine.StatusOK } -func (srv *Server) ContainerInspect(name string) (*runtime.Container, error) { - if container := srv.runtime.Get(name); container != nil { +func (srv *Server) ContainerInspect(name string) (*daemon.Container, error) { + if container := srv.daemon.Get(name); container != nil { return container, nil } return nil, fmt.Errorf("No such container: %s", name) } func (srv *Server) ImageInspect(name string) (*image.Image, error) { - if image, err := srv.runtime.Repositories().LookupImage(name); err == nil && image != nil { + if image, err := srv.daemon.Repositories().LookupImage(name); err == nil && image != nil { return image, nil } return nil, fmt.Errorf("No such image: %s", name) @@ -2348,7 +2423,7 @@ func (srv *Server) JobInspect(job *engine.Job) engine.Status { return job.Error(errContainer) } object = &struct { - *runtime.Container + *daemon.Container HostConfig *runconfig.HostConfig }{container, container.HostConfig()} default: @@ -2373,7 +2448,7 @@ func (srv *Server) ContainerCopy(job *engine.Job) engine.Status { resource = job.Args[1] ) - if container := srv.runtime.Get(name); container != nil { + if container := srv.daemon.Get(name); container != nil { data, err := container.Copy(resource) if err != nil { @@ -2390,41 +2465,23 @@ func (srv *Server) ContainerCopy(job *engine.Job) engine.Status { } func NewServer(eng *engine.Engine, config *daemonconfig.Config) (*Server, error) { - runtime, err := runtime.NewRuntime(config, eng) + daemon, err := daemon.NewDaemon(config, eng) if err != nil { return nil, err } srv := &Server{ Eng: eng, - runtime: runtime, + daemon: daemon, pullingPool: make(map[string]chan struct{}), pushingPool: make(map[string]chan struct{}), events: make([]utils.JSONMessage, 0, 64), //only keeps the 64 last events listeners: make(map[string]chan utils.JSONMessage), running: true, } - runtime.SetServer(srv) + daemon.SetServer(srv) return srv, nil } -func (srv *Server) HTTPRequestFactory(metaHeaders map[string][]string) *utils.HTTPRequestFactory { - httpVersion := make([]utils.VersionInfo, 0, 4) - httpVersion = append(httpVersion, &simpleVersionInfo{"docker", dockerversion.VERSION}) - httpVersion = append(httpVersion, &simpleVersionInfo{"go", goruntime.Version()}) - httpVersion = append(httpVersion, &simpleVersionInfo{"git-commit", dockerversion.GITCOMMIT}) - if kernelVersion, err := utils.GetKernelVersion(); err == nil { - httpVersion = append(httpVersion, &simpleVersionInfo{"kernel", kernelVersion.String()}) - } - httpVersion = append(httpVersion, &simpleVersionInfo{"os", goruntime.GOOS}) - httpVersion = append(httpVersion, &simpleVersionInfo{"arch", goruntime.GOARCH}) - ud := utils.NewHTTPUserAgentDecorator(httpVersion...) - md := &utils.HTTPMetaHeadersDecorator{ - Headers: metaHeaders, - } - factory := utils.NewHTTPRequestFactory(ud, md) - return factory -} - func (srv *Server) LogEvent(action, id, from string) *utils.JSONMessage { now := time.Now().UTC().Unix() jm := utils.JSONMessage{Status: action, ID: id, From: from, Time: now} @@ -2468,15 +2525,15 @@ func (srv *Server) Close() error { return nil } srv.SetRunning(false) - if srv.runtime == nil { + if srv.daemon == nil { return nil } - return srv.runtime.Close() + return srv.daemon.Close() } type Server struct { sync.RWMutex - runtime *runtime.Runtime + daemon *daemon.Daemon pullingPool map[string]chan struct{} pushingPool map[string]chan struct{} events []utils.JSONMessage diff --git a/sysinit/sysinit.go b/sysinit/sysinit.go index 50c858296f..62e89ce9e7 100644 --- a/sysinit/sysinit.go +++ b/sysinit/sysinit.go @@ -3,9 +3,9 @@ package sysinit import ( "flag" "fmt" - "github.com/dotcloud/docker/runtime/execdriver" - _ "github.com/dotcloud/docker/runtime/execdriver/lxc" - _ "github.com/dotcloud/docker/runtime/execdriver/native" + "github.com/dotcloud/docker/daemon/execdriver" + _ "github.com/dotcloud/docker/daemon/execdriver/lxc" + _ "github.com/dotcloud/docker/daemon/execdriver/native" "log" "os" ) diff --git a/utils/fs.go b/utils/fs.go index 92864e5e16..e07ced75d7 100644 --- a/utils/fs.go +++ b/utils/fs.go @@ -10,7 +10,7 @@ import ( // TreeSize walks a directory tree and returns its total size in bytes. func TreeSize(dir string) (size int64, err error) { - data := make(map[uint64]bool) + data := make(map[uint64]struct{}) err = filepath.Walk(dir, func(d string, fileInfo os.FileInfo, e error) error { // Ignore directory sizes if fileInfo == nil { @@ -29,7 +29,7 @@ func TreeSize(dir string) (size int64, err error) { return nil } // inode is not a uint64 on all platforms. Cast it to avoid issues. - data[uint64(inode)] = false + data[uint64(inode)] = struct{}{} size += s @@ -62,6 +62,15 @@ func FollowSymlinkInScope(link, root string) (string, error) { prev = filepath.Clean(prev) for { + if !strings.HasPrefix(prev, root) { + // Don't resolve symlinks outside of root. For example, + // we don't have to check /home in the below. + // + // /home -> usr/home + // FollowSymlinkInScope("/home/bob/foo/bar", "/home/bob/foo") + break + } + stat, err := os.Lstat(prev) if err != nil { if os.IsNotExist(err) { diff --git a/utils/fs_test.go b/utils/fs_test.go index dd5d97be40..9affc00e91 100644 --- a/utils/fs_test.go +++ b/utils/fs_test.go @@ -1,6 +1,8 @@ package utils import ( + "io/ioutil" + "os" "path/filepath" "testing" ) @@ -26,6 +28,29 @@ func TestFollowSymLinkNormal(t *testing.T) { } } +func TestFollowSymLinkUnderLinkedDir(t *testing.T) { + dir, err := ioutil.TempDir("", "docker-fs-test") + if err != nil { + t.Fatal(err) + } + + os.Mkdir(filepath.Join(dir, "realdir"), 0700) + os.Symlink("realdir", filepath.Join(dir, "linkdir")) + + linkDir := filepath.Join(dir, "linkdir", "foo") + dirUnderLinkDir := filepath.Join(dir, "linkdir", "foo", "bar") + os.MkdirAll(dirUnderLinkDir, 0700) + + rewrite, err := FollowSymlinkInScope(dirUnderLinkDir, linkDir) + if err != nil { + t.Fatal(err) + } + + if rewrite != dirUnderLinkDir { + t.Fatalf("Expected %s got %s", dirUnderLinkDir, rewrite) + } +} + func TestFollowSymLinkRandomString(t *testing.T) { if _, err := FollowSymlinkInScope("toto", "testdata"); err == nil { t.Fatal("Random string should fail but didn't") diff --git a/utils/utils.go b/utils/utils.go index 1fe2e87b4f..4ef44b5617 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -9,7 +9,6 @@ import ( "encoding/json" "errors" "fmt" - "github.com/dotcloud/docker/dockerversion" "index/suffixarray" "io" "io/ioutil" @@ -23,6 +22,8 @@ import ( "strings" "sync" "time" + + "github.com/dotcloud/docker/dockerversion" ) type KeyValuePair struct { @@ -341,18 +342,15 @@ func (r *bufReader) Close() error { type WriteBroadcaster struct { sync.Mutex buf *bytes.Buffer - writers map[StreamWriter]bool -} - -type StreamWriter struct { - wc io.WriteCloser - stream string + streams map[string](map[io.WriteCloser]struct{}) } func (w *WriteBroadcaster) AddWriter(writer io.WriteCloser, stream string) { w.Lock() - sw := StreamWriter{wc: writer, stream: stream} - w.writers[sw] = true + if _, ok := w.streams[stream]; !ok { + w.streams[stream] = make(map[io.WriteCloser]struct{}) + } + w.streams[stream][writer] = struct{}{} w.Unlock() } @@ -362,33 +360,83 @@ type JSONLog struct { Created time.Time `json:"time"` } +func (jl *JSONLog) Format(format string) (string, error) { + if format == "" { + return jl.Log, nil + } + if format == "json" { + m, err := json.Marshal(jl) + return string(m), err + } + return fmt.Sprintf("[%s] %s", jl.Created.Format(format), jl.Log), nil +} + +func WriteLog(src io.Reader, dst io.WriteCloser, format string) error { + dec := json.NewDecoder(src) + for { + l := &JSONLog{} + + if err := dec.Decode(l); err == io.EOF { + return nil + } else if err != nil { + Errorf("Error streaming logs: %s", err) + return err + } + line, err := l.Format(format) + if err != nil { + return err + } + fmt.Fprintf(dst, "%s", line) + } +} + +type LogFormatter struct { + wc io.WriteCloser + timeFormat string +} + func (w *WriteBroadcaster) Write(p []byte) (n int, err error) { + created := time.Now().UTC() w.Lock() defer w.Unlock() + if writers, ok := w.streams[""]; ok { + for sw := range writers { + if n, err := sw.Write(p); err != nil || n != len(p) { + // On error, evict the writer + delete(writers, sw) + } + } + } w.buf.Write(p) - for sw := range w.writers { - lp := p - if sw.stream != "" { - lp = nil - for { - line, err := w.buf.ReadString('\n') + lines := []string{} + for { + line, err := w.buf.ReadString('\n') + if err != nil { + w.buf.Write([]byte(line)) + break + } + lines = append(lines, line) + } + + if len(lines) != 0 { + for stream, writers := range w.streams { + if stream == "" { + continue + } + var lp []byte + for _, line := range lines { + b, err := json.Marshal(&JSONLog{Log: line, Stream: stream, Created: created}) if err != nil { - w.buf.Write([]byte(line)) - break - } - b, err := json.Marshal(&JSONLog{Log: line, Stream: sw.stream, Created: time.Now().UTC()}) - if err != nil { - // On error, evict the writer - delete(w.writers, sw) - continue + Errorf("Error making JSON log line: %s", err) } lp = append(lp, b...) lp = append(lp, '\n') } - } - if n, err := sw.wc.Write(lp); err != nil || n != len(lp) { - // On error, evict the writer - delete(w.writers, sw) + for sw := range writers { + if _, err := sw.Write(lp); err != nil { + delete(writers, sw) + } + } } } return len(p), nil @@ -397,15 +445,20 @@ func (w *WriteBroadcaster) Write(p []byte) (n int, err error) { func (w *WriteBroadcaster) CloseWriters() error { w.Lock() defer w.Unlock() - for sw := range w.writers { - sw.wc.Close() + for _, writers := range w.streams { + for w := range writers { + w.Close() + } } - w.writers = make(map[StreamWriter]bool) + w.streams = make(map[string](map[io.WriteCloser]struct{})) return nil } func NewWriteBroadcaster() *WriteBroadcaster { - return &WriteBroadcaster{writers: make(map[StreamWriter]bool), buf: bytes.NewBuffer(nil)} + return &WriteBroadcaster{ + streams: make(map[string](map[io.WriteCloser]struct{})), + buf: bytes.NewBuffer(nil), + } } func GetTotalUsedFds() int { @@ -426,12 +479,17 @@ type TruncIndex struct { bytes []byte } -func NewTruncIndex() *TruncIndex { - return &TruncIndex{ - index: suffixarray.New([]byte{' '}), +func NewTruncIndex(ids []string) (idx *TruncIndex) { + idx = &TruncIndex{ ids: make(map[string]bool), bytes: []byte{' '}, } + for _, id := range ids { + idx.ids[id] = true + idx.bytes = append(idx.bytes, []byte(id+" ")...) + } + idx.index = suffixarray.New(idx.bytes) + return } func (idx *TruncIndex) Add(id string) error { @@ -722,17 +780,6 @@ func IsGIT(str string) bool { return strings.HasPrefix(str, "git://") || strings.HasPrefix(str, "github.com/") || strings.HasPrefix(str, "git@github.com:") || (strings.HasSuffix(str, ".git") && IsURL(str)) } -// GetResolvConf opens and read the content of /etc/resolv.conf. -// It returns it as byte slice. -func GetResolvConf() ([]byte, error) { - resolv, err := ioutil.ReadFile("/etc/resolv.conf") - if err != nil { - Errorf("Error openning resolv.conf: %s", err) - return nil, err - } - return resolv, nil -} - // CheckLocalDns looks into the /etc/resolv.conf, // it returns true if there is a local nameserver or if there is no nameserver. func CheckLocalDns(resolvConf []byte) bool { @@ -768,46 +815,6 @@ func GetLines(input []byte, commentMarker []byte) [][]byte { return output } -// GetNameservers returns nameservers (if any) listed in /etc/resolv.conf -func GetNameservers(resolvConf []byte) []string { - nameservers := []string{} - re := regexp.MustCompile(`^\s*nameserver\s*(([0-9]+\.){3}([0-9]+))\s*$`) - for _, line := range GetLines(resolvConf, []byte("#")) { - var ns = re.FindSubmatch(line) - if len(ns) > 0 { - nameservers = append(nameservers, string(ns[1])) - } - } - return nameservers -} - -// GetNameserversAsCIDR returns nameservers (if any) listed in -// /etc/resolv.conf as CIDR blocks (e.g., "1.2.3.4/32") -// This function's output is intended for net.ParseCIDR -func GetNameserversAsCIDR(resolvConf []byte) []string { - nameservers := []string{} - for _, nameserver := range GetNameservers(resolvConf) { - nameservers = append(nameservers, nameserver+"/32") - } - return nameservers -} - -// GetSearchDomains returns search domains (if any) listed in /etc/resolv.conf -// If more than one search line is encountered, only the contents of the last -// one is returned. -func GetSearchDomains(resolvConf []byte) []string { - re := regexp.MustCompile(`^\s*search\s*(([^\s]+\s*)*)$`) - domains := []string{} - for _, line := range GetLines(resolvConf, []byte("#")) { - match := re.FindSubmatch(line) - if match == nil { - continue - } - domains = strings.Fields(string(match[1])) - } - return domains -} - // FIXME: Change this not to receive default value as parameter func ParseHost(defaultHost string, defaultUnix, addr string) (string, error) { var ( diff --git a/utils/utils_test.go b/utils/utils_test.go index 177d3667e1..ccd212202c 100644 --- a/utils/utils_test.go +++ b/utils/utils_test.go @@ -138,7 +138,8 @@ func TestRaceWriteBroadcaster(t *testing.T) { // Test the behavior of TruncIndex, an index for querying IDs from a non-conflicting prefix. func TestTruncIndex(t *testing.T) { - index := NewTruncIndex() + ids := []string{} + index := NewTruncIndex(ids) // Get on an empty index if _, err := index.Get("foobar"); err == nil { t.Fatal("Get on an empty index should return an error") @@ -218,6 +219,25 @@ func assertIndexGet(t *testing.T, index *TruncIndex, input, expectedResult strin } } +func BenchmarkTruncIndexAdd(b *testing.B) { + ids := []string{"banana", "bananaa", "bananab"} + b.ResetTimer() + for i := 0; i < b.N; i++ { + index := NewTruncIndex([]string{}) + for _, id := range ids { + index.Add(id) + } + } +} + +func BenchmarkTruncIndexNew(b *testing.B) { + ids := []string{"banana", "bananaa", "bananab"} + b.ResetTimer() + for i := 0; i < b.N; i++ { + NewTruncIndex(ids) + } +} + func assertKernelVersion(t *testing.T, a, b *KernelVersionInfo, result int) { if r := CompareKernelVersion(a, b); r != result { t.Fatalf("Unexpected kernel version comparison result. Found %d, expected %d", r, result) @@ -357,20 +377,6 @@ func TestParseRepositoryTag(t *testing.T) { } } -func TestGetResolvConf(t *testing.T) { - resolvConfUtils, err := GetResolvConf() - if err != nil { - t.Fatal(err) - } - resolvConfSystem, err := ioutil.ReadFile("/etc/resolv.conf") - if err != nil { - t.Fatal(err) - } - if string(resolvConfUtils) != string(resolvConfSystem) { - t.Fatalf("/etc/resolv.conf and GetResolvConf have different content.") - } -} - func TestCheckLocalDns(t *testing.T) { for resolv, result := range map[string]bool{`# Dynamic nameserver 10.0.2.3 @@ -444,95 +450,6 @@ func TestParsePortMapping(t *testing.T) { } } -func TestGetNameservers(t *testing.T) { - for resolv, result := range map[string][]string{` -nameserver 1.2.3.4 -nameserver 40.3.200.10 -search example.com`: {"1.2.3.4", "40.3.200.10"}, - `search example.com`: {}, - `nameserver 1.2.3.4 -search example.com -nameserver 4.30.20.100`: {"1.2.3.4", "4.30.20.100"}, - ``: {}, - ` nameserver 1.2.3.4 `: {"1.2.3.4"}, - `search example.com -nameserver 1.2.3.4 -#nameserver 4.3.2.1`: {"1.2.3.4"}, - `search example.com -nameserver 1.2.3.4 # not 4.3.2.1`: {"1.2.3.4"}, - } { - test := GetNameservers([]byte(resolv)) - if !StrSlicesEqual(test, result) { - t.Fatalf("Wrong nameserver string {%s} should be %v. Input: %s", test, result, resolv) - } - } -} - -func TestGetNameserversAsCIDR(t *testing.T) { - for resolv, result := range map[string][]string{` -nameserver 1.2.3.4 -nameserver 40.3.200.10 -search example.com`: {"1.2.3.4/32", "40.3.200.10/32"}, - `search example.com`: {}, - `nameserver 1.2.3.4 -search example.com -nameserver 4.30.20.100`: {"1.2.3.4/32", "4.30.20.100/32"}, - ``: {}, - ` nameserver 1.2.3.4 `: {"1.2.3.4/32"}, - `search example.com -nameserver 1.2.3.4 -#nameserver 4.3.2.1`: {"1.2.3.4/32"}, - `search example.com -nameserver 1.2.3.4 # not 4.3.2.1`: {"1.2.3.4/32"}, - } { - test := GetNameserversAsCIDR([]byte(resolv)) - if !StrSlicesEqual(test, result) { - t.Fatalf("Wrong nameserver string {%s} should be %v. Input: %s", test, result, resolv) - } - } -} - -func TestGetSearchDomains(t *testing.T) { - for resolv, result := range map[string][]string{ - `search example.com`: {"example.com"}, - `search example.com # ignored`: {"example.com"}, - ` search example.com `: {"example.com"}, - ` search example.com # ignored`: {"example.com"}, - `search foo.example.com example.com`: {"foo.example.com", "example.com"}, - ` search foo.example.com example.com `: {"foo.example.com", "example.com"}, - ` search foo.example.com example.com # ignored`: {"foo.example.com", "example.com"}, - ``: {}, - `# ignored`: {}, - `nameserver 1.2.3.4 -search foo.example.com example.com`: {"foo.example.com", "example.com"}, - `nameserver 1.2.3.4 -search dup1.example.com dup2.example.com -search foo.example.com example.com`: {"foo.example.com", "example.com"}, - `nameserver 1.2.3.4 -search foo.example.com example.com -nameserver 4.30.20.100`: {"foo.example.com", "example.com"}, - } { - test := GetSearchDomains([]byte(resolv)) - if !StrSlicesEqual(test, result) { - t.Fatalf("Wrong search domain string {%s} should be %v. Input: %s", test, result, resolv) - } - } -} - -func StrSlicesEqual(a, b []string) bool { - if len(a) != len(b) { - return false - } - - for i, v := range a { - if v != b[i] { - return false - } - } - - return true -} - func TestReplaceAndAppendEnvVars(t *testing.T) { var ( d = []string{"HOME=/"} diff --git a/vendor/src/github.com/coreos/go-systemd/dbus/methods_test.go b/vendor/src/github.com/coreos/go-systemd/dbus/methods_test.go index 9e2f22323f..d943e7ebfc 100644 --- a/vendor/src/github.com/coreos/go-systemd/dbus/methods_test.go +++ b/vendor/src/github.com/coreos/go-systemd/dbus/methods_test.go @@ -18,12 +18,13 @@ package dbus import ( "fmt" - "github.com/guelfey/go.dbus" "math/rand" "os" "path/filepath" "reflect" "testing" + + "github.com/godbus/dbus" ) func setupConn(t *testing.T) *Conn { diff --git a/vendor/src/github.com/coreos/go-systemd/dbus/set.go b/vendor/src/github.com/coreos/go-systemd/dbus/set.go index 88378b29a1..45ad1fb399 100644 --- a/vendor/src/github.com/coreos/go-systemd/dbus/set.go +++ b/vendor/src/github.com/coreos/go-systemd/dbus/set.go @@ -21,6 +21,13 @@ func (s *set) Length() (int) { return len(s.data) } +func (s *set) Values() (values []string) { + for val, _ := range s.data { + values = append(values, val) + } + return +} + func newSet() (*set) { return &set{make(map[string] bool)} } diff --git a/vendor/src/github.com/coreos/go-systemd/dbus/set_test.go b/vendor/src/github.com/coreos/go-systemd/dbus/set_test.go index d8d174d0c4..c4435f8800 100644 --- a/vendor/src/github.com/coreos/go-systemd/dbus/set_test.go +++ b/vendor/src/github.com/coreos/go-systemd/dbus/set_test.go @@ -18,9 +18,22 @@ func TestBasicSetActions(t *testing.T) { t.Fatal("set should contain 'foo'") } + v := s.Values() + if len(v) != 1 { + t.Fatal("set.Values did not report correct number of values") + } + if v[0] != "foo" { + t.Fatal("set.Values did not report value") + } + s.Remove("foo") if s.Contains("foo") { t.Fatal("set should not contain 'foo'") } + + v = s.Values() + if len(v) != 0 { + t.Fatal("set.Values did not report correct number of values") + } } diff --git a/vendor/src/github.com/coreos/go-systemd/fixtures/enable-disable.service b/vendor/src/github.com/coreos/go-systemd/fixtures/enable-disable.service new file mode 100644 index 0000000000..74c9459088 --- /dev/null +++ b/vendor/src/github.com/coreos/go-systemd/fixtures/enable-disable.service @@ -0,0 +1,5 @@ +[Unit] +Description=enable disable test + +[Service] +ExecStart=/bin/sleep 400