diff --git a/.gitignore b/.gitignore index 0087b47302..4f8f09c775 100644 --- a/.gitignore +++ b/.gitignore @@ -23,3 +23,6 @@ bundles/ vendor/pkg/ pyenv Vagrantfile +docs/AWS_S3_BUCKET +docs/GIT_BRANCH +docs/VERSION diff --git a/.travis.yml b/.travis.yml index 832a8dd477..ae03d6cde5 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,11 +10,9 @@ install: true before_script: - env | sort - - sudo pip install -r docs/requirements.txt script: - hack/make.sh validate-dco - hack/make.sh validate-gofmt - - make -sC docs SPHINXOPTS=-qW docs man # vim:set sw=2 ts=2: diff --git a/AUTHORS b/AUTHORS index 6e34065266..adfcfaa851 100644 --- a/AUTHORS +++ b/AUTHORS @@ -20,6 +20,7 @@ Andrew Munsell Andrews Medina Andy Chambers andy diller +Andy Goldstein Andy Rothfusz Andy Smith Anthony Bishopric @@ -44,6 +45,7 @@ Brian Olsen Brian Shumate Briehan Lombaard Bruno Bigras +Bryan Matsuo Caleb Spare Calen Pennington Carl X. Su diff --git a/CHANGELOG.md b/CHANGELOG.md index 8743d3a7db..bd6dc6026e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,17 @@ # Changelog +## 0.11.0 (2014-05-07) + +#### Notable features since 0.10.0 + +* SELinux support for mount and process labels +* Linked containers can be accessed by hostname +* Use the net `--net` flag to allow advanced network configuration such as host networking so that containers can use the host's network interfaces +* Add a ping endpoint to the Remote API to do healthchecks of your docker daemon +* Logs can now be returned with an optional timestamp +* Docker now works with registries that support SHA-512 +* Multiple registry endpoints are supported to allow registry mirrors + ## 0.10.0 (2014-04-08) #### Builder diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 0e8b98122f..d77afbc443 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -82,7 +82,7 @@ editors have plugins that do this automatically, and there's also a git pre-commit hook: ``` -curl -o .git/hooks/pre-commit https://raw.github.com/edsrzf/gofmt-git-hook/master/fmt-check && chmod +x .git/hooks/pre-commit +curl -o .git/hooks/pre-commit https://raw.githubusercontent.com/edsrzf/gofmt-git-hook/master/fmt-check && chmod +x .git/hooks/pre-commit ``` Pull requests descriptions should be as clear as possible and include a @@ -90,6 +90,10 @@ reference to all the issues that they address. Pull requests must not contain commits from other users or branches. +Commit messages must start with a capitalized and short summary (max. 50 +chars) written in the imperative, followed by an optional, more detailed +explanatory text which is separated from the summary by an empty line. + Code review comments may be added to your pull request. Discuss, then make the suggested modifications and push additional commits to your feature branch. Be sure to post a comment after pushing. The new commits will show up in the pull diff --git a/Makefile b/Makefile index d358678223..a4c8658e08 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -.PHONY: all binary build cross default docs docs-build docs-shell shell test test-integration test-integration-cli validate +.PHONY: all binary build cross default docs docs-build docs-shell shell test test-unit test-integration test-integration-cli validate # to allow `make BINDDIR=. shell` or `make BINDDIR= test` BINDDIR := bundles @@ -10,7 +10,7 @@ DOCKER_IMAGE := docker$(if $(GIT_BRANCH),:$(GIT_BRANCH)) DOCKER_DOCS_IMAGE := docker-docs$(if $(GIT_BRANCH),:$(GIT_BRANCH)) DOCKER_MOUNT := $(if $(BINDDIR),-v "$(CURDIR)/$(BINDDIR):/go/src/github.com/dotcloud/docker/$(BINDDIR)") -DOCKER_RUN_DOCKER := docker run --rm -it --privileged -e TESTFLAGS -e DOCKER_GRAPHDRIVER -e DOCKER_EXECDRIVER $(DOCKER_MOUNT) "$(DOCKER_IMAGE)" +DOCKER_RUN_DOCKER := docker run --rm -it --privileged -e TESTFLAGS -e TESTDIRS -e DOCKER_GRAPHDRIVER -e DOCKER_EXECDRIVER $(DOCKER_MOUNT) "$(DOCKER_IMAGE)" # to allow `make DOCSDIR=docs docs-shell` DOCKER_RUN_DOCS := docker run --rm -it $(if $(DOCSDIR),-v $(CURDIR)/$(DOCSDIR):/$(DOCSDIR)) -e AWS_S3_BUCKET @@ -35,7 +35,10 @@ docs-release: docs-build $(DOCKER_RUN_DOCS) "$(DOCKER_DOCS_IMAGE)" ./release.sh test: build - $(DOCKER_RUN_DOCKER) hack/make.sh binary test test-integration test-integration-cli + $(DOCKER_RUN_DOCKER) hack/make.sh binary test-unit test-integration test-integration-cli + +test-unit: build + $(DOCKER_RUN_DOCKER) hack/make.sh test-unit test-integration: build $(DOCKER_RUN_DOCKER) hack/make.sh test-integration @@ -53,6 +56,9 @@ build: bundles docker build -t "$(DOCKER_IMAGE)" . docs-build: + cp ./VERSION docs/VERSION + echo "$(GIT_BRANCH)" > docs/GIT_BRANCH + echo "$(AWS_S3_BUCKET)" > docs/AWS_S3_BUCKET docker build -t "$(DOCKER_DOCS_IMAGE)" docs bundles: diff --git a/README.md b/README.md index 1922be5d8a..fae1bb916b 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ It benefits directly from the experience accumulated over several years of large-scale operation and support of hundreds of thousands of applications and databases. -![Docker L](docs/theme/docker/static/img/dockerlogo-h.png "Docker") +![Docker L](docs/theme/mkdocs/img/logo_compressed.png "Docker") ## Better than VMs diff --git a/VERSION b/VERSION index 29b2d3ea50..eb1336c84d 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.10.0-dev +0.11.0-dev diff --git a/api/client/cli.go b/api/client/cli.go index b58d3c3c75..49fb3c978f 100644 --- a/api/client/cli.go +++ b/api/client/cli.go @@ -65,8 +65,13 @@ func NewDockerCli(in io.ReadCloser, out, err io.Writer, proto, addr string, tlsC var ( isTerminal = false terminalFd uintptr + scheme = "http" ) + if tlsConfig != nil { + scheme = "https" + } + if in != nil { if file, ok := in.(*os.File); ok { terminalFd = file.Fd() @@ -86,6 +91,7 @@ func NewDockerCli(in io.ReadCloser, out, err io.Writer, proto, addr string, tlsC isTerminal: isTerminal, terminalFd: terminalFd, tlsConfig: tlsConfig, + scheme: scheme, } } @@ -99,4 +105,5 @@ type DockerCli struct { isTerminal bool terminalFd uintptr tlsConfig *tls.Config + scheme string } diff --git a/api/client/commands.go b/api/client/commands.go index 415bddaac4..89f9b0a4c4 100644 --- a/api/client/commands.go +++ b/api/client/commands.go @@ -1583,6 +1583,7 @@ func (cli *DockerCli) CmdDiff(args ...string) error { func (cli *DockerCli) CmdLogs(args ...string) error { cmd := cli.Subcmd("logs", "CONTAINER", "Fetch the logs of a container") follow := cmd.Bool([]string{"f", "-follow"}, false, "Follow log output") + times := cmd.Bool([]string{"t", "-timestamps"}, false, "Show timestamps") if err := cmd.Parse(args); err != nil { return nil } @@ -1603,14 +1604,16 @@ func (cli *DockerCli) CmdLogs(args ...string) error { } v := url.Values{} - v.Set("logs", "1") v.Set("stdout", "1") v.Set("stderr", "1") + if *times { + v.Set("timestamps", "1") + } if *follow && container.State.Running { - v.Set("stream", "1") + v.Set("follow", "1") } - if err := cli.hijack("POST", "/containers/"+name+"/attach?"+v.Encode(), container.Config.Tty, nil, cli.out, cli.err, nil); err != nil { + if err := cli.streamHelper("GET", "/containers/"+name+"/logs?"+v.Encode(), container.Config.Tty, nil, cli.out, cli.err, nil); err != nil { return err } return nil diff --git a/api/client/hijack.go b/api/client/hijack.go new file mode 100644 index 0000000000..0a9d5d8ef2 --- /dev/null +++ b/api/client/hijack.go @@ -0,0 +1,133 @@ +package client + +import ( + "crypto/tls" + "fmt" + "io" + "net" + "net/http" + "net/http/httputil" + "os" + "runtime" + "strings" + + "github.com/dotcloud/docker/api" + "github.com/dotcloud/docker/dockerversion" + "github.com/dotcloud/docker/pkg/term" + "github.com/dotcloud/docker/utils" +) + +func (cli *DockerCli) dial() (net.Conn, error) { + if cli.tlsConfig != nil && cli.proto != "unix" { + return tls.Dial(cli.proto, cli.addr, cli.tlsConfig) + } + return net.Dial(cli.proto, cli.addr) +} + +func (cli *DockerCli) hijack(method, path string, setRawTerminal bool, in io.ReadCloser, stdout, stderr io.Writer, started chan io.Closer) error { + defer func() { + if started != nil { + close(started) + } + }() + + req, err := http.NewRequest(method, fmt.Sprintf("/v%s%s", api.APIVERSION, path), nil) + if err != nil { + return err + } + req.Header.Set("User-Agent", "Docker-Client/"+dockerversion.VERSION) + req.Header.Set("Content-Type", "plain/text") + req.Host = cli.addr + + dial, err := cli.dial() + if err != nil { + if strings.Contains(err.Error(), "connection refused") { + return fmt.Errorf("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?") + } + return err + } + clientconn := httputil.NewClientConn(dial, nil) + defer clientconn.Close() + + // Server hijacks the connection, error 'connection closed' expected + clientconn.Do(req) + + rwc, br := clientconn.Hijack() + defer rwc.Close() + + if started != nil { + started <- rwc + } + + var receiveStdout chan error + + var oldState *term.State + + if in != nil && setRawTerminal && cli.isTerminal && os.Getenv("NORAW") == "" { + oldState, err = term.SetRawTerminal(cli.terminalFd) + if err != nil { + return err + } + defer term.RestoreTerminal(cli.terminalFd, oldState) + } + + if stdout != nil || stderr != nil { + receiveStdout = utils.Go(func() (err error) { + defer func() { + if in != nil { + if setRawTerminal && cli.isTerminal { + term.RestoreTerminal(cli.terminalFd, oldState) + } + // For some reason this Close call blocks on darwin.. + // As the client exists right after, simply discard the close + // until we find a better solution. + if runtime.GOOS != "darwin" { + in.Close() + } + } + }() + + // When TTY is ON, use regular copy + if setRawTerminal { + _, err = io.Copy(stdout, br) + } else { + _, err = utils.StdCopy(stdout, stderr, br) + } + utils.Debugf("[hijack] End of stdout") + return err + }) + } + + sendStdin := utils.Go(func() error { + if in != nil { + io.Copy(rwc, in) + utils.Debugf("[hijack] End of stdin") + } + if tcpc, ok := rwc.(*net.TCPConn); ok { + if err := tcpc.CloseWrite(); err != nil { + utils.Debugf("Couldn't send EOF: %s\n", err) + } + } else if unixc, ok := rwc.(*net.UnixConn); ok { + if err := unixc.CloseWrite(); err != nil { + utils.Debugf("Couldn't send EOF: %s\n", err) + } + } + // Discard errors due to pipe interruption + return nil + }) + + if stdout != nil || stderr != nil { + if err := <-receiveStdout; err != nil { + utils.Debugf("Error receiveStdout: %s", err) + return err + } + } + + if !cli.isTerminal { + if err := <-sendStdin; err != nil { + utils.Debugf("Error sendStdin: %s", err) + return err + } + } + return nil +} diff --git a/api/client/utils.go b/api/client/utils.go index 4ef09ba783..8f303dcd98 100644 --- a/api/client/utils.go +++ b/api/client/utils.go @@ -2,7 +2,6 @@ package client import ( "bytes" - "crypto/tls" "encoding/base64" "encoding/json" "errors" @@ -11,12 +10,9 @@ import ( "io/ioutil" "net" "net/http" - "net/http/httputil" "net/url" "os" gosignal "os/signal" - "regexp" - goruntime "runtime" "strconv" "strings" "syscall" @@ -33,11 +29,14 @@ var ( ErrConnectionRefused = errors.New("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?") ) -func (cli *DockerCli) dial() (net.Conn, error) { - if cli.tlsConfig != nil && cli.proto != "unix" { - return tls.Dial(cli.proto, cli.addr, cli.tlsConfig) +func (cli *DockerCli) HTTPClient() *http.Client { + tr := &http.Transport{ + TLSClientConfig: cli.tlsConfig, + Dial: func(network, addr string) (net.Conn, error) { + return net.Dial(cli.proto, cli.addr) + }, } - return net.Dial(cli.proto, cli.addr) + return &http.Client{Transport: tr} } func (cli *DockerCli) call(method, path string, data interface{}, passAuthInfo bool) (io.ReadCloser, int, error) { @@ -57,9 +56,6 @@ func (cli *DockerCli) call(method, path string, data interface{}, passAuthInfo b } } } - // fixme: refactor client to support redirect - re := regexp.MustCompile("/+") - path = re.ReplaceAllString(path, "/") req, err := http.NewRequest(method, fmt.Sprintf("/v%s%s", api.APIVERSION, path), params) if err != nil { @@ -86,28 +82,20 @@ func (cli *DockerCli) call(method, path string, data interface{}, passAuthInfo b } } req.Header.Set("User-Agent", "Docker-Client/"+dockerversion.VERSION) - req.Host = cli.addr + req.URL.Host = cli.addr + req.URL.Scheme = cli.scheme if data != nil { req.Header.Set("Content-Type", "application/json") } else if method == "POST" { req.Header.Set("Content-Type", "plain/text") } - dial, err := cli.dial() + resp, err := cli.HTTPClient().Do(req) if err != nil { if strings.Contains(err.Error(), "connection refused") { return nil, -1, ErrConnectionRefused } return nil, -1, err } - clientconn := httputil.NewClientConn(dial, nil) - resp, err := clientconn.Do(req) - if err != nil { - clientconn.Close() - if strings.Contains(err.Error(), "connection refused") { - return nil, -1, ErrConnectionRefused - } - return nil, -1, err - } if resp.StatusCode < 200 || resp.StatusCode >= 400 { body, err := ioutil.ReadAll(resp.Body) @@ -119,31 +107,25 @@ func (cli *DockerCli) call(method, path string, data interface{}, passAuthInfo b } return nil, resp.StatusCode, fmt.Errorf("Error: %s", bytes.TrimSpace(body)) } - - wrapper := utils.NewReadCloserWrapper(resp.Body, func() error { - if resp != nil && resp.Body != nil { - resp.Body.Close() - } - return clientconn.Close() - }) - return wrapper, resp.StatusCode, nil + return resp.Body, resp.StatusCode, nil } func (cli *DockerCli) stream(method, path string, in io.Reader, out io.Writer, headers map[string][]string) error { + return cli.streamHelper(method, path, true, in, out, nil, headers) +} + +func (cli *DockerCli) streamHelper(method, path string, setRawTerminal bool, in io.Reader, stdout, stderr io.Writer, headers map[string][]string) error { if (method == "POST" || method == "PUT") && in == nil { in = bytes.NewReader([]byte{}) } - // fixme: refactor client to support redirect - re := regexp.MustCompile("/+") - path = re.ReplaceAllString(path, "/") - - req, err := http.NewRequest(method, fmt.Sprintf("/v%s%s", api.APIVERSION, path), in) + req, err := http.NewRequest(method, fmt.Sprintf("http://v%s%s", api.APIVERSION, path), in) if err != nil { return err } req.Header.Set("User-Agent", "Docker-Client/"+dockerversion.VERSION) - req.Host = cli.addr + req.URL.Host = cli.addr + req.URL.Scheme = cli.scheme if method == "POST" { req.Header.Set("Content-Type", "plain/text") } @@ -153,17 +135,7 @@ func (cli *DockerCli) stream(method, path string, in io.Reader, out io.Writer, h req.Header[k] = v } } - - dial, err := cli.dial() - if err != nil { - if strings.Contains(err.Error(), "connection refused") { - return fmt.Errorf("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?") - } - return err - } - clientconn := httputil.NewClientConn(dial, nil) - resp, err := clientconn.Do(req) - defer clientconn.Close() + resp, err := cli.HTTPClient().Do(req) if err != nil { if strings.Contains(err.Error(), "connection refused") { return fmt.Errorf("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?") @@ -184,126 +156,21 @@ func (cli *DockerCli) stream(method, path string, in io.Reader, out io.Writer, h } if api.MatchesContentType(resp.Header.Get("Content-Type"), "application/json") { - return utils.DisplayJSONMessagesStream(resp.Body, out, cli.terminalFd, cli.isTerminal) + return utils.DisplayJSONMessagesStream(resp.Body, stdout, cli.terminalFd, cli.isTerminal) } - if _, err := io.Copy(out, resp.Body); err != nil { + if stdout != nil || stderr != nil { + // When TTY is ON, use regular copy + if setRawTerminal { + _, err = io.Copy(stdout, resp.Body) + } else { + _, err = utils.StdCopy(stdout, stderr, resp.Body) + } + utils.Debugf("[stream] End of stdout") return err } return nil } -func (cli *DockerCli) hijack(method, path string, setRawTerminal bool, in io.ReadCloser, stdout, stderr io.Writer, started chan io.Closer) error { - defer func() { - if started != nil { - close(started) - } - }() - // fixme: refactor client to support redirect - re := regexp.MustCompile("/+") - path = re.ReplaceAllString(path, "/") - - req, err := http.NewRequest(method, fmt.Sprintf("/v%s%s", api.APIVERSION, path), nil) - if err != nil { - return err - } - req.Header.Set("User-Agent", "Docker-Client/"+dockerversion.VERSION) - req.Header.Set("Content-Type", "plain/text") - req.Host = cli.addr - - dial, err := cli.dial() - if err != nil { - if strings.Contains(err.Error(), "connection refused") { - return fmt.Errorf("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?") - } - return err - } - clientconn := httputil.NewClientConn(dial, nil) - defer clientconn.Close() - - // Server hijacks the connection, error 'connection closed' expected - clientconn.Do(req) - - rwc, br := clientconn.Hijack() - defer rwc.Close() - - if started != nil { - started <- rwc - } - - var receiveStdout chan error - - var oldState *term.State - - if in != nil && setRawTerminal && cli.isTerminal && os.Getenv("NORAW") == "" { - oldState, err = term.SetRawTerminal(cli.terminalFd) - if err != nil { - return err - } - defer term.RestoreTerminal(cli.terminalFd, oldState) - } - - if stdout != nil || stderr != nil { - receiveStdout = utils.Go(func() (err error) { - defer func() { - if in != nil { - if setRawTerminal && cli.isTerminal { - term.RestoreTerminal(cli.terminalFd, oldState) - } - // For some reason this Close call blocks on darwin.. - // As the client exists right after, simply discard the close - // until we find a better solution. - if goruntime.GOOS != "darwin" { - in.Close() - } - } - }() - - // When TTY is ON, use regular copy - if setRawTerminal { - _, err = io.Copy(stdout, br) - } else { - _, err = utils.StdCopy(stdout, stderr, br) - } - utils.Debugf("[hijack] End of stdout") - return err - }) - } - - sendStdin := utils.Go(func() error { - if in != nil { - io.Copy(rwc, in) - utils.Debugf("[hijack] End of stdin") - } - if tcpc, ok := rwc.(*net.TCPConn); ok { - if err := tcpc.CloseWrite(); err != nil { - utils.Debugf("Couldn't send EOF: %s\n", err) - } - } else if unixc, ok := rwc.(*net.UnixConn); ok { - if err := unixc.CloseWrite(); err != nil { - utils.Debugf("Couldn't send EOF: %s\n", err) - } - } - // Discard errors due to pipe interruption - return nil - }) - - if stdout != nil || stderr != nil { - if err := <-receiveStdout; err != nil { - utils.Debugf("Error receiveStdout: %s", err) - return err - } - } - - if !cli.isTerminal { - if err := <-sendStdin; err != nil { - utils.Debugf("Error sendStdin: %s", err) - return err - } - } - return nil - -} - func (cli *DockerCli) resizeTty(id string) { height, width := cli.getTtySize() if height == 0 && width == 0 { diff --git a/api/server/server.go b/api/server/server.go index 279d297965..05d5e60690 100644 --- a/api/server/server.go +++ b/api/server/server.go @@ -3,7 +3,6 @@ package server import ( "bufio" "bytes" - "code.google.com/p/go.net/websocket" "crypto/tls" "crypto/x509" "encoding/base64" @@ -21,6 +20,8 @@ import ( "strings" "syscall" + "code.google.com/p/go.net/websocket" + "github.com/dotcloud/docker/api" "github.com/dotcloud/docker/engine" "github.com/dotcloud/docker/pkg/listenbuffer" @@ -328,6 +329,48 @@ func getContainersJSON(eng *engine.Engine, version version.Version, w http.Respo return nil } +func getContainersLogs(eng *engine.Engine, version version.Version, w http.ResponseWriter, r *http.Request, vars map[string]string) error { + if err := parseForm(r); err != nil { + return err + } + if vars == nil { + return fmt.Errorf("Missing parameter") + } + + var ( + job = eng.Job("inspect", vars["name"], "container") + c, err = job.Stdout.AddEnv() + ) + if err != nil { + return err + } + if err = job.Run(); err != nil { + return err + } + + var outStream, errStream io.Writer + outStream = utils.NewWriteFlusher(w) + + if c.GetSubEnv("Config") != nil && !c.GetSubEnv("Config").GetBool("Tty") && version.GreaterThanOrEqualTo("1.6") { + errStream = utils.NewStdWriter(outStream, utils.Stderr) + outStream = utils.NewStdWriter(outStream, utils.Stdout) + } else { + errStream = outStream + } + + job = eng.Job("logs", vars["name"]) + job.Setenv("follow", r.Form.Get("follow")) + job.Setenv("stdout", r.Form.Get("stdout")) + job.Setenv("stderr", r.Form.Get("stderr")) + job.Setenv("timestamps", r.Form.Get("timestamps")) + job.Stdout.Add(outStream) + job.Stderr.Set(errStream) + if err := job.Run(); err != nil { + fmt.Fprintf(outStream, "Error: %s\n", err) + } + return nil +} + func postImagesTag(eng *engine.Engine, version version.Version, w http.ResponseWriter, r *http.Request, vars map[string]string) error { if err := parseForm(r); err != nil { return err @@ -934,6 +977,11 @@ func writeCorsHeaders(w http.ResponseWriter, r *http.Request) { w.Header().Add("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS") } +func ping(eng *engine.Engine, version version.Version, w http.ResponseWriter, r *http.Request, vars map[string]string) error { + _, err := w.Write([]byte{'O', 'K'}) + return err +} + func makeHttpHandler(eng *engine.Engine, logging bool, localMethod string, localRoute string, handlerFunc HttpApiFunc, enableCors bool, dockerVersion version.Version) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { // log the request @@ -1002,6 +1050,7 @@ func createRouter(eng *engine.Engine, logging, enableCors bool, dockerVersion st } m := map[string]map[string]HttpApiFunc{ "GET": { + "/_ping": ping, "/events": getEvents, "/info": getInfo, "/version": getVersion, @@ -1017,6 +1066,7 @@ func createRouter(eng *engine.Engine, logging, enableCors bool, dockerVersion st "/containers/{name:.*}/changes": getContainersChanges, "/containers/{name:.*}/json": getContainersByName, "/containers/{name:.*}/top": getContainersTop, + "/containers/{name:.*}/logs": getContainersLogs, "/containers/{name:.*}/attach/ws": wsContainersAttach, }, "POST": { @@ -1224,6 +1274,9 @@ func ListenAndServe(proto, addr string, job *engine.Job) error { // ServeApi loops through all of the protocols sent in to docker and spawns // off a go routine to setup a serving http.Server for each. func ServeApi(job *engine.Job) engine.Status { + if len(job.Args) == 0 { + return job.Errorf("usage: %s PROTO://ADDR [PROTO://ADDR ...]", job.Name) + } var ( protoAddrs = job.Args chErrors = make(chan error, len(protoAddrs)) @@ -1236,6 +1289,9 @@ func ServeApi(job *engine.Job) engine.Status { for _, protoAddr := range protoAddrs { protoAddrParts := strings.SplitN(protoAddr, "://", 2) + if len(protoAddrParts) != 2 { + return job.Errorf("usage: %s PROTO://ADDR [PROTO://ADDR ...]", job.Name) + } go func() { log.Printf("Listening for HTTP on %s (%s)\n", protoAddrParts[0], protoAddrParts[1]) chErrors <- ListenAndServe(protoAddrParts[0], protoAddrParts[1], job) diff --git a/api/server/server_unit_test.go b/api/server/server_unit_test.go index 561f47d343..8ab34127ac 100644 --- a/api/server/server_unit_test.go +++ b/api/server/server_unit_test.go @@ -6,11 +6,9 @@ import ( "fmt" "github.com/dotcloud/docker/api" "github.com/dotcloud/docker/engine" - "github.com/dotcloud/docker/utils" "io" "net/http" "net/http/httptest" - "os" "testing" ) @@ -59,8 +57,7 @@ func TesthttpError(t *testing.T) { } func TestGetVersion(t *testing.T) { - eng := tmpEngine(t) - defer rmEngine(eng) + eng := engine.New() var called bool eng.Register("version", func(job *engine.Job) engine.Status { called = true @@ -89,8 +86,7 @@ func TestGetVersion(t *testing.T) { } func TestGetInfo(t *testing.T) { - eng := tmpEngine(t) - defer rmEngine(eng) + eng := engine.New() var called bool eng.Register("info", func(job *engine.Job) engine.Status { called = true @@ -130,22 +126,6 @@ func serveRequest(method, target string, body io.Reader, eng *engine.Engine, t * return r } -func tmpEngine(t *testing.T) *engine.Engine { - tmp, err := utils.TestDirectory("") - if err != nil { - t.Fatal(err) - } - eng, err := engine.New(tmp) - if err != nil { - t.Fatal(err) - } - return eng -} - -func rmEngine(eng *engine.Engine) { - os.RemoveAll(eng.Root()) -} - func readEnv(src io.Reader, t *testing.T) *engine.Env { out := engine.NewOutput() v, err := out.AddEnv() diff --git a/builtins/builtins.go b/builtins/builtins.go index 374bd48701..40d421f154 100644 --- a/builtins/builtins.go +++ b/builtins/builtins.go @@ -4,17 +4,23 @@ import ( api "github.com/dotcloud/docker/api/server" "github.com/dotcloud/docker/daemon/networkdriver/bridge" "github.com/dotcloud/docker/engine" + "github.com/dotcloud/docker/registry" "github.com/dotcloud/docker/server" ) -func Register(eng *engine.Engine) { - daemon(eng) - remote(eng) +func Register(eng *engine.Engine) error { + if err := daemon(eng); err != nil { + return err + } + if err := remote(eng); err != nil { + return err + } + return registry.NewService().Install(eng) } // remote: a RESTful api for cross-docker communication -func remote(eng *engine.Engine) { - eng.Register("serveapi", api.ServeApi) +func remote(eng *engine.Engine) error { + return eng.Register("serveapi", api.ServeApi) } // daemon: a default execution and storage backend for Docker on Linux, @@ -32,7 +38,9 @@ func remote(eng *engine.Engine) { // // These components should be broken off into plugins of their own. // -func daemon(eng *engine.Engine) { - eng.Register("initserver", server.InitServer) - eng.Register("init_networkdriver", bridge.InitDriver) +func daemon(eng *engine.Engine) error { + if err := eng.Register("initserver", server.InitServer); err != nil { + return err + } + return eng.Register("init_networkdriver", bridge.InitDriver) } diff --git a/contrib/check-config.sh b/contrib/check-config.sh index cbdb90bcce..498ede8af3 100755 --- a/contrib/check-config.sh +++ b/contrib/check-config.sh @@ -4,7 +4,13 @@ set -e # bits of this were adapted from lxc-checkconfig # see also https://github.com/lxc/lxc/blob/lxc-1.0.2/src/lxc/lxc-checkconfig.in -: ${CONFIG:=/proc/config.gz} +possibleConfigs=( + '/proc/config.gz' + "/boot/config-$(uname -r)" + "/usr/src/linux-$(uname -r)/.config" + '/usr/src/linux/.config' +) +: ${CONFIG:="${possibleConfigs[0]}"} if ! command -v zgrep &> /dev/null; then zgrep() { @@ -74,11 +80,7 @@ check_flags() { if [ ! -e "$CONFIG" ]; then wrap_warning "warning: $CONFIG does not exist, searching other paths for kernel config..." - for tryConfig in \ - '/proc/config.gz' \ - "/boot/config-$(uname -r)" \ - '/usr/src/linux/.config' \ - ; do + for tryConfig in "${possibleConfigs[@]}"; do if [ -e "$tryConfig" ]; then CONFIG="$tryConfig" break diff --git a/contrib/man/md/docker-build.1.md b/contrib/man/md/docker-build.1.md index 679dc577c4..b3e9a2842e 100644 --- a/contrib/man/md/docker-build.1.md +++ b/contrib/man/md/docker-build.1.md @@ -5,8 +5,8 @@ docker-build - Build a container image from a Dockerfile source at PATH # SYNOPSIS -**docker build** [**--no-cache**[=*false*] [**-q**|**--quiet**[=*false*] - [**-rm**] [**-t**|**--tag**=*tag*] PATH | URL | - +**docker build** [**--no-cache**[=*false*]] [**-q**|**--quiet**[=*false*]] + [**--rm**] [**-t**|**--tag**=TAG] PATH | URL | - # DESCRIPTION This will read the Dockerfile from the directory specified in **PATH**. diff --git a/contrib/man/md/docker.1.md b/contrib/man/md/docker.1.md index 02c541262b..d1ddf192b5 100644 --- a/contrib/man/md/docker.1.md +++ b/contrib/man/md/docker.1.md @@ -23,7 +23,7 @@ its own man page which explain usage and arguements. To see the man page for a command run **man docker **. # OPTIONS -**-D**=*ture*|*false* +**-D**=*true*|*false* Enable debug mode. Default is false. **-H**, **--host**=[unix:///var/run/docker.sock]: tcp://[host[:port]] to bind or @@ -73,6 +73,9 @@ port=[4243] or path =[/var/run/docker.sock] is omitted, default values are used. **-v**=*true*|*false* Print version information and quit. Default is false. +**--selinux-enabled=*true*|*false* + Enable selinux support. Default is false. + # COMMANDS **docker-attach(1)** Attach to a running container diff --git a/contrib/mkimage-debootstrap.sh b/contrib/mkimage-debootstrap.sh index 33ba7b07cb..613066e16b 100755 --- a/contrib/mkimage-debootstrap.sh +++ b/contrib/mkimage-debootstrap.sh @@ -43,7 +43,7 @@ usage() { debianStable=wheezy debianUnstable=sid # this should match the name found at http://releases.ubuntu.com/ -ubuntuLatestLTS=precise +ubuntuLatestLTS=trusty # this should match the name found at http://releases.tanglu.org/ tangluLatest=aequorea diff --git a/contrib/zfs/MAINTAINERS b/contrib/zfs/MAINTAINERS deleted file mode 100644 index 90bc6e3d60..0000000000 --- a/contrib/zfs/MAINTAINERS +++ /dev/null @@ -1 +0,0 @@ -Gurjeet Singh (gurjeet.singh.im) diff --git a/contrib/zfs/README.md b/contrib/zfs/README.md deleted file mode 100644 index 84f6296e10..0000000000 --- a/contrib/zfs/README.md +++ /dev/null @@ -1,23 +0,0 @@ -# ZFS Storage Driver - -This is a placeholder to declare the presence and status of ZFS storage driver -for containers. - -The current development is done in Gurjeet Singh's fork of Docker, under the -branch named [zfs_driver]. - -[zfs_driver]: https://github.com/gurjeet/docker/tree/zfs_driver - - -# Status - -Alpha: The code is now capable of creating, running and destroying containers -and images. - -The code is under development. Contributions in the form of suggestions, -code-reviews, and patches are welcome. - -Please send the communication to gurjeet@singh.im and CC at least one Docker -mailing list. - - diff --git a/daemon/attach.go b/daemon/attach.go new file mode 100644 index 0000000000..0e3b8b8a9d --- /dev/null +++ b/daemon/attach.go @@ -0,0 +1,153 @@ +package daemon + +import ( + "io" + + "github.com/dotcloud/docker/utils" +) + +func (daemon *Daemon) Attach(container *Container, stdin io.ReadCloser, stdinCloser io.Closer, stdout io.Writer, stderr io.Writer) chan error { + var ( + cStdout, cStderr io.ReadCloser + nJobs int + errors = make(chan error, 3) + ) + + if stdin != nil && container.Config.OpenStdin { + nJobs += 1 + if cStdin, err := container.StdinPipe(); err != nil { + errors <- err + } else { + go func() { + utils.Debugf("attach: stdin: begin") + defer utils.Debugf("attach: stdin: end") + // No matter what, when stdin is closed (io.Copy unblock), close stdout and stderr + if container.Config.StdinOnce && !container.Config.Tty { + defer cStdin.Close() + } else { + defer func() { + if cStdout != nil { + cStdout.Close() + } + if cStderr != nil { + cStderr.Close() + } + }() + } + if container.Config.Tty { + _, err = utils.CopyEscapable(cStdin, stdin) + } else { + _, err = io.Copy(cStdin, stdin) + } + if err == io.ErrClosedPipe { + err = nil + } + if err != nil { + utils.Errorf("attach: stdin: %s", err) + } + errors <- err + }() + } + } + if stdout != nil { + nJobs += 1 + if p, err := container.StdoutPipe(); err != nil { + errors <- err + } else { + cStdout = p + go func() { + utils.Debugf("attach: stdout: begin") + defer utils.Debugf("attach: stdout: end") + // If we are in StdinOnce mode, then close stdin + if container.Config.StdinOnce && stdin != nil { + defer stdin.Close() + } + if stdinCloser != nil { + defer stdinCloser.Close() + } + _, err := io.Copy(stdout, cStdout) + if err == io.ErrClosedPipe { + err = nil + } + if err != nil { + utils.Errorf("attach: stdout: %s", err) + } + errors <- err + }() + } + } else { + go func() { + if stdinCloser != nil { + defer stdinCloser.Close() + } + if cStdout, err := container.StdoutPipe(); err != nil { + utils.Errorf("attach: stdout pipe: %s", err) + } else { + io.Copy(&utils.NopWriter{}, cStdout) + } + }() + } + if stderr != nil { + nJobs += 1 + if p, err := container.StderrPipe(); err != nil { + errors <- err + } else { + cStderr = p + go func() { + utils.Debugf("attach: stderr: begin") + defer utils.Debugf("attach: stderr: end") + // If we are in StdinOnce mode, then close stdin + if container.Config.StdinOnce && stdin != nil { + defer stdin.Close() + } + if stdinCloser != nil { + defer stdinCloser.Close() + } + _, err := io.Copy(stderr, cStderr) + if err == io.ErrClosedPipe { + err = nil + } + if err != nil { + utils.Errorf("attach: stderr: %s", err) + } + errors <- err + }() + } + } else { + go func() { + if stdinCloser != nil { + defer stdinCloser.Close() + } + + if cStderr, err := container.StderrPipe(); err != nil { + utils.Errorf("attach: stdout pipe: %s", err) + } else { + io.Copy(&utils.NopWriter{}, cStderr) + } + }() + } + + return utils.Go(func() error { + defer func() { + if cStdout != nil { + cStdout.Close() + } + if cStderr != nil { + cStderr.Close() + } + }() + + // FIXME: how to clean up the stdin goroutine without the unwanted side effect + // of closing the passed stdin? Add an intermediary io.Pipe? + for i := 0; i < nJobs; i += 1 { + utils.Debugf("attach: waiting for job %d/%d", i+1, nJobs) + if err := <-errors; err != nil { + utils.Errorf("attach: job %d returned error %s, aborting all jobs", i+1, err) + return err + } + utils.Debugf("attach: job %d completed successfully", i+1) + } + utils.Debugf("attach: all jobs completed successfully") + return nil + }) +} diff --git a/daemon/container.go b/daemon/container.go index 6f63d565f2..7b6b65494e 100644 --- a/daemon/container.go +++ b/daemon/container.go @@ -4,15 +4,6 @@ import ( "encoding/json" "errors" "fmt" - "github.com/dotcloud/docker/archive" - "github.com/dotcloud/docker/daemon/execdriver" - "github.com/dotcloud/docker/daemon/graphdriver" - "github.com/dotcloud/docker/engine" - "github.com/dotcloud/docker/image" - "github.com/dotcloud/docker/links" - "github.com/dotcloud/docker/nat" - "github.com/dotcloud/docker/runconfig" - "github.com/dotcloud/docker/utils" "io" "io/ioutil" "log" @@ -22,6 +13,19 @@ import ( "sync" "syscall" "time" + + "github.com/dotcloud/docker/archive" + "github.com/dotcloud/docker/daemon/execdriver" + "github.com/dotcloud/docker/daemon/graphdriver" + "github.com/dotcloud/docker/engine" + "github.com/dotcloud/docker/image" + "github.com/dotcloud/docker/links" + "github.com/dotcloud/docker/nat" + "github.com/dotcloud/docker/pkg/label" + "github.com/dotcloud/docker/pkg/networkfs/etchosts" + "github.com/dotcloud/docker/pkg/networkfs/resolvconf" + "github.com/dotcloud/docker/runconfig" + "github.com/dotcloud/docker/utils" ) const DefaultPathEnv = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" @@ -64,7 +68,8 @@ type Container struct { stdin io.ReadCloser stdinPipe io.WriteCloser - daemon *Daemon + daemon *Daemon + MountLabel, ProcessLabel string waitLock chan struct{} Volumes map[string]string @@ -122,6 +127,10 @@ func (container *Container) FromDisk() error { if err := json.Unmarshal(data, container); err != nil && !strings.Contains(err.Error(), "docker.PortMapping") { return err } + + if err := label.ReserveLabel(container.ProcessLabel); err != nil { + return err + } return container.readHostConfig() } @@ -161,186 +170,46 @@ func (container *Container) WriteHostConfig() (err error) { return ioutil.WriteFile(container.hostConfigPath(), data, 0666) } -func (container *Container) generateEnvConfig(env []string) error { - data, err := json.Marshal(env) - if err != nil { - return err - } - p, err := container.EnvConfigPath() - if err != nil { - return err - } - ioutil.WriteFile(p, data, 0600) - return nil -} - -func (container *Container) Attach(stdin io.ReadCloser, stdinCloser io.Closer, stdout io.Writer, stderr io.Writer) chan error { - var cStdout, cStderr io.ReadCloser - - var nJobs int - errors := make(chan error, 3) - if stdin != nil && container.Config.OpenStdin { - nJobs += 1 - if cStdin, err := container.StdinPipe(); err != nil { - errors <- err - } else { - go func() { - utils.Debugf("attach: stdin: begin") - defer utils.Debugf("attach: stdin: end") - // No matter what, when stdin is closed (io.Copy unblock), close stdout and stderr - if container.Config.StdinOnce && !container.Config.Tty { - defer cStdin.Close() - } else { - defer func() { - if cStdout != nil { - cStdout.Close() - } - if cStderr != nil { - cStderr.Close() - } - }() - } - if container.Config.Tty { - _, err = utils.CopyEscapable(cStdin, stdin) - } else { - _, err = io.Copy(cStdin, stdin) - } - if err == io.ErrClosedPipe { - err = nil - } - if err != nil { - utils.Errorf("attach: stdin: %s", err) - } - errors <- err - }() - } - } - if stdout != nil { - nJobs += 1 - if p, err := container.StdoutPipe(); err != nil { - errors <- err - } else { - cStdout = p - go func() { - utils.Debugf("attach: stdout: begin") - defer utils.Debugf("attach: stdout: end") - // If we are in StdinOnce mode, then close stdin - if container.Config.StdinOnce && stdin != nil { - defer stdin.Close() - } - if stdinCloser != nil { - defer stdinCloser.Close() - } - _, err := io.Copy(stdout, cStdout) - if err == io.ErrClosedPipe { - err = nil - } - if err != nil { - utils.Errorf("attach: stdout: %s", err) - } - errors <- err - }() - } - } else { - go func() { - if stdinCloser != nil { - defer stdinCloser.Close() - } - if cStdout, err := container.StdoutPipe(); err != nil { - utils.Errorf("attach: stdout pipe: %s", err) - } else { - io.Copy(&utils.NopWriter{}, cStdout) - } - }() - } - if stderr != nil { - nJobs += 1 - if p, err := container.StderrPipe(); err != nil { - errors <- err - } else { - cStderr = p - go func() { - utils.Debugf("attach: stderr: begin") - defer utils.Debugf("attach: stderr: end") - // If we are in StdinOnce mode, then close stdin - if container.Config.StdinOnce && stdin != nil { - defer stdin.Close() - } - if stdinCloser != nil { - defer stdinCloser.Close() - } - _, err := io.Copy(stderr, cStderr) - if err == io.ErrClosedPipe { - err = nil - } - if err != nil { - utils.Errorf("attach: stderr: %s", err) - } - errors <- err - }() - } - } else { - go func() { - if stdinCloser != nil { - defer stdinCloser.Close() - } - - if cStderr, err := container.StderrPipe(); err != nil { - utils.Errorf("attach: stdout pipe: %s", err) - } else { - io.Copy(&utils.NopWriter{}, cStderr) - } - }() - } - - return utils.Go(func() error { - defer func() { - if cStdout != nil { - cStdout.Close() - } - if cStderr != nil { - cStderr.Close() - } - }() - - // FIXME: how to clean up the stdin goroutine without the unwanted side effect - // of closing the passed stdin? Add an intermediary io.Pipe? - for i := 0; i < nJobs; i += 1 { - utils.Debugf("attach: waiting for job %d/%d", i+1, nJobs) - if err := <-errors; err != nil { - utils.Errorf("attach: job %d returned error %s, aborting all jobs", i+1, err) - return err - } - utils.Debugf("attach: job %d completed successfully", i+1) - } - utils.Debugf("attach: all jobs completed successfully") - return nil - }) -} - -func populateCommand(c *Container, env []string) { +func populateCommand(c *Container, env []string) error { var ( - en *execdriver.Network - driverConfig = make(map[string][]string) + en *execdriver.Network + context = make(map[string][]string) ) + context["process_label"] = []string{c.GetProcessLabel()} + context["mount_label"] = []string{c.GetMountLabel()} en = &execdriver.Network{ Mtu: c.daemon.config.Mtu, Interface: nil, } - if !c.Config.NetworkDisabled { - network := c.NetworkSettings - en.Interface = &execdriver.NetworkInterface{ - Gateway: network.Gateway, - Bridge: network.Bridge, - IPAddress: network.IPAddress, - IPPrefixLen: network.IPPrefixLen, + parts := strings.SplitN(string(c.hostConfig.NetworkMode), ":", 2) + switch parts[0] { + case "none": + case "host": + en.HostNetworking = true + case "bridge", "": // empty string to support existing containers + if !c.Config.NetworkDisabled { + network := c.NetworkSettings + en.Interface = &execdriver.NetworkInterface{ + Gateway: network.Gateway, + Bridge: network.Bridge, + IPAddress: network.IPAddress, + IPPrefixLen: network.IPPrefixLen, + } } + case "container": + nc, err := c.getNetworkedContainer() + if err != nil { + return err + } + en.ContainerID = nc.ID + default: + return fmt.Errorf("invalid network mode: %s", c.hostConfig.NetworkMode) } // TODO: this can be removed after lxc-conf is fully deprecated - mergeLxcConfIntoOptions(c.hostConfig, driverConfig) + mergeLxcConfIntoOptions(c.hostConfig, context) resources := &execdriver.Resources{ Memory: c.Config.Memory, @@ -358,11 +227,12 @@ func populateCommand(c *Container, env []string) { Network: en, Tty: c.Config.Tty, User: c.Config.User, - Config: driverConfig, + Config: context, Resources: resources, } c.command.SysProcAttr = &syscall.SysProcAttr{Setsid: true} c.command.Env = env + return nil } func (container *Container) Start() (err error) { @@ -397,16 +267,13 @@ func (container *Container) Start() (err error) { if err != nil { return err } - env := container.createDaemonEnvironment(linkedEnv) - // TODO: This is only needed for lxc so we should look for a way to - // remove this dep - if err := container.generateEnvConfig(env); err != nil { - return err - } if err := container.setupWorkingDirectory(); err != nil { return err } - populateCommand(container, env) + env := container.createDaemonEnvironment(linkedEnv) + if err := populateCommand(container, env); err != nil { + return err + } if err := setupMountsForContainer(container); err != nil { return err } @@ -464,32 +331,51 @@ func (container *Container) StderrPipe() (io.ReadCloser, error) { return utils.NewBufReader(reader), nil } -func (container *Container) buildHostnameAndHostsFiles(IP string) { - container.HostnamePath = path.Join(container.root, "hostname") - ioutil.WriteFile(container.HostnamePath, []byte(container.Config.Hostname+"\n"), 0644) +func (container *Container) StdoutLogPipe() io.ReadCloser { + reader, writer := io.Pipe() + container.stdout.AddWriter(writer, "stdout") + return utils.NewBufReader(reader) +} - hostsContent := []byte(` -127.0.0.1 localhost -::1 localhost ip6-localhost ip6-loopback -fe00::0 ip6-localnet -ff00::0 ip6-mcastprefix -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters -`) +func (container *Container) StderrLogPipe() io.ReadCloser { + reader, writer := io.Pipe() + container.stderr.AddWriter(writer, "stderr") + return utils.NewBufReader(reader) +} + +func (container *Container) buildHostnameFile() error { + container.HostnamePath = path.Join(container.root, "hostname") + if container.Config.Domainname != "" { + return ioutil.WriteFile(container.HostnamePath, []byte(fmt.Sprintf("%s.%s\n", container.Config.Hostname, container.Config.Domainname)), 0644) + } + return ioutil.WriteFile(container.HostnamePath, []byte(container.Config.Hostname+"\n"), 0644) +} + +func (container *Container) buildHostnameAndHostsFiles(IP string) error { + if err := container.buildHostnameFile(); err != nil { + return err + } container.HostsPath = path.Join(container.root, "hosts") - if container.Config.Domainname != "" { - hostsContent = append([]byte(fmt.Sprintf("%s\t%s.%s %s\n", IP, container.Config.Hostname, container.Config.Domainname, container.Config.Hostname)), hostsContent...) - } else if !container.Config.NetworkDisabled { - hostsContent = append([]byte(fmt.Sprintf("%s\t%s\n", IP, container.Config.Hostname)), hostsContent...) + extraContent := make(map[string]string) + + children, err := container.daemon.Children(container.Name) + if err != nil { + return err } - ioutil.WriteFile(container.HostsPath, hostsContent, 0644) + for linkAlias, child := range children { + _, alias := path.Split(linkAlias) + extraContent[alias] = child.NetworkSettings.IPAddress + } + + return etchosts.Build(container.HostsPath, IP, container.Config.Hostname, container.Config.Domainname, &extraContent) } func (container *Container) allocateNetwork() error { - if container.Config.NetworkDisabled { + mode := container.hostConfig.NetworkMode + if container.Config.NetworkDisabled || mode.IsContainer() || mode.IsHost() { return nil } @@ -654,9 +540,12 @@ func (container *Container) Kill() error { // 2. Wait for the process to die, in last resort, try to kill the process directly if err := container.WaitTimeout(10 * time.Second); err != nil { - log.Printf("Container %s failed to exit within 10 seconds of kill - trying direct SIGKILL", utils.TruncateID(container.ID)) - if err := syscall.Kill(container.State.Pid, 9); err != nil { - return err + // Ensure that we don't kill ourselves + if pid := container.State.Pid; pid != 0 { + log.Printf("Container %s failed to exit within 10 seconds of kill - trying direct SIGKILL", utils.TruncateID(container.ID)) + if err := syscall.Kill(pid, 9); err != nil { + return err + } } } @@ -800,22 +689,6 @@ func (container *Container) jsonPath() string { return path.Join(container.root, "config.json") } -func (container *Container) EnvConfigPath() (string, error) { - p := path.Join(container.root, "config.env") - if _, err := os.Stat(p); err != nil { - if os.IsNotExist(err) { - f, err := os.Create(p) - if err != nil { - return "", err - } - f.Close() - } else { - return "", err - } - } - return p, nil -} - // This method must be exported to be used from the lxc template // This directory is only usable when the container is running func (container *Container) RootfsPath() string { @@ -939,19 +812,27 @@ func (container *Container) setupContainerDns() error { if container.ResolvConfPath != "" { return nil } + var ( config = container.hostConfig daemon = container.daemon ) - resolvConf, err := utils.GetResolvConf() + + if config.NetworkMode == "host" { + container.ResolvConfPath = "/etc/resolv.conf" + return nil + } + + resolvConf, err := resolvconf.Get() if err != nil { return err } + // If custom dns exists, then create a resolv.conf for the container if len(config.Dns) > 0 || len(daemon.config.Dns) > 0 || len(config.DnsSearch) > 0 || len(daemon.config.DnsSearch) > 0 { var ( - dns = utils.GetNameservers(resolvConf) - dnsSearch = utils.GetSearchDomains(resolvConf) + dns = resolvconf.GetNameservers(resolvConf) + dnsSearch = resolvconf.GetSearchDomains(resolvConf) ) if len(config.Dns) > 0 { dns = config.Dns @@ -964,21 +845,7 @@ func (container *Container) setupContainerDns() error { dnsSearch = daemon.config.DnsSearch } container.ResolvConfPath = path.Join(container.root, "resolv.conf") - f, err := os.Create(container.ResolvConfPath) - if err != nil { - return err - } - defer f.Close() - for _, dns := range dns { - if _, err := f.Write([]byte("nameserver " + dns + "\n")); err != nil { - return err - } - } - if len(dnsSearch) > 0 { - if _, err := f.Write([]byte("search " + strings.Join(dnsSearch, " ") + "\n")); err != nil { - return err - } - } + return resolvconf.Build(container.ResolvConfPath, dns, dnsSearch) } else { container.ResolvConfPath = "/etc/resolv.conf" } @@ -986,14 +853,39 @@ func (container *Container) setupContainerDns() error { } func (container *Container) initializeNetworking() error { - if container.daemon.config.DisableNetwork { + var err error + if container.hostConfig.NetworkMode.IsHost() { + container.Config.Hostname, err = os.Hostname() + if err != nil { + return err + } + + parts := strings.SplitN(container.Config.Hostname, ".", 2) + if len(parts) > 1 { + container.Config.Hostname = parts[0] + container.Config.Domainname = parts[1] + } + container.HostsPath = "/etc/hosts" + + return container.buildHostnameFile() + } else if container.hostConfig.NetworkMode.IsContainer() { + // we need to get the hosts files from the container to join + nc, err := container.getNetworkedContainer() + if err != nil { + return err + } + container.HostsPath = nc.HostsPath + container.ResolvConfPath = nc.ResolvConfPath + container.Config.Hostname = nc.Config.Hostname + container.Config.Domainname = nc.Config.Domainname + } else if container.daemon.config.DisableNetwork { container.Config.NetworkDisabled = true - container.buildHostnameAndHostsFiles("127.0.1.1") + return container.buildHostnameAndHostsFiles("127.0.1.1") } else { if err := container.allocateNetwork(); err != nil { return err } - container.buildHostnameAndHostsFiles(container.NetworkSettings.IPAddress) + return container.buildHostnameAndHostsFiles(container.NetworkSettings.IPAddress) } return nil } @@ -1179,3 +1071,36 @@ func (container *Container) allocatePort(eng *engine.Engine, port nat.Port, bind bindings[port] = binding return nil } + +func (container *Container) GetProcessLabel() string { + // even if we have a process label return "" if we are running + // in privileged mode + if container.hostConfig.Privileged { + return "" + } + return container.ProcessLabel +} + +func (container *Container) GetMountLabel() string { + if container.hostConfig.Privileged { + return "" + } + return container.MountLabel +} + +func (container *Container) getNetworkedContainer() (*Container, error) { + parts := strings.SplitN(string(container.hostConfig.NetworkMode), ":", 2) + switch parts[0] { + case "container": + nc := container.daemon.Get(parts[1]) + if nc == nil { + return nil, fmt.Errorf("no such container to join network: %s", parts[1]) + } + if !nc.State.IsRunning() { + return nil, fmt.Errorf("cannot join network of a non running container: %s", parts[1]) + } + return nc, nil + default: + return nil, fmt.Errorf("network mode not set to container") + } +} diff --git a/daemon/daemon.go b/daemon/daemon.go index 5ed1ea3c16..00b6d9eee2 100644 --- a/daemon/daemon.go +++ b/daemon/daemon.go @@ -3,6 +3,16 @@ package daemon import ( "container/list" "fmt" + "io" + "io/ioutil" + "log" + "os" + "path" + "regexp" + "strings" + "sync" + "time" + "github.com/dotcloud/docker/archive" "github.com/dotcloud/docker/daemon/execdriver" "github.com/dotcloud/docker/daemon/execdriver/execdrivers" @@ -17,20 +27,13 @@ import ( "github.com/dotcloud/docker/graph" "github.com/dotcloud/docker/image" "github.com/dotcloud/docker/pkg/graphdb" + "github.com/dotcloud/docker/pkg/label" "github.com/dotcloud/docker/pkg/mount" + "github.com/dotcloud/docker/pkg/networkfs/resolvconf" "github.com/dotcloud/docker/pkg/selinux" "github.com/dotcloud/docker/pkg/sysinfo" "github.com/dotcloud/docker/runconfig" "github.com/dotcloud/docker/utils" - "io" - "io/ioutil" - "log" - "os" - "path" - "regexp" - "strings" - "sync" - "time" ) // Set the max depth to the aufs default that most @@ -134,9 +137,6 @@ func (daemon *Daemon) load(id string) (*Container, error) { if container.ID != id { return container, fmt.Errorf("Container %s is stored at %s", container.ID, id) } - if container.State.IsRunning() { - container.State.SetGhost(true) - } return container, nil } @@ -171,35 +171,32 @@ func (daemon *Daemon) Register(container *Container) error { // if so, then we need to restart monitor and init a new lock // If the container is supposed to be running, make sure of it if container.State.IsRunning() { - if container.State.IsGhost() { - utils.Debugf("killing ghost %s", container.ID) + utils.Debugf("killing old running container %s", container.ID) - existingPid := container.State.Pid - container.State.SetGhost(false) - container.State.SetStopped(0) + existingPid := container.State.Pid + container.State.SetStopped(0) - // We only have to handle this for lxc because the other drivers will ensure that - // no ghost processes are left when docker dies - if container.ExecDriver == "" || strings.Contains(container.ExecDriver, "lxc") { - lxc.KillLxc(container.ID, 9) - } else { - // use the current driver and ensure that the container is dead x.x - cmd := &execdriver.Command{ - ID: container.ID, - } - var err error - cmd.Process, err = os.FindProcess(existingPid) - if err != nil { - utils.Debugf("cannot find existing process for %d", existingPid) - } - daemon.execDriver.Terminate(cmd) + // We only have to handle this for lxc because the other drivers will ensure that + // no processes are left when docker dies + if container.ExecDriver == "" || strings.Contains(container.ExecDriver, "lxc") { + lxc.KillLxc(container.ID, 9) + } else { + // use the current driver and ensure that the container is dead x.x + cmd := &execdriver.Command{ + ID: container.ID, } - if err := container.Unmount(); err != nil { - utils.Debugf("ghost unmount error %s", err) - } - if err := container.ToDisk(); err != nil { - utils.Debugf("saving ghost state to disk %s", err) + var err error + cmd.Process, err = os.FindProcess(existingPid) + if err != nil { + utils.Debugf("cannot find existing process for %d", existingPid) } + daemon.execDriver.Terminate(cmd) + } + if err := container.Unmount(); err != nil { + utils.Debugf("unmount error %s", err) + } + if err := container.ToDisk(); err != nil { + utils.Debugf("saving stopped state to disk %s", err) } info := daemon.execDriver.Info(container.ID) @@ -211,8 +208,6 @@ func (daemon *Daemon) Register(container *Container) error { utils.Debugf("restart unmount error %s", err) } - container.State.SetGhost(false) - container.State.SetStopped(0) if err := container.Start(); err != nil { return err } @@ -278,6 +273,10 @@ func (daemon *Daemon) Destroy(container *Container) error { return err } + // Deregister the container before removing its directory, to avoid race conditions + daemon.idIndex.Delete(container.ID) + daemon.containers.Remove(element) + if err := daemon.driver.Remove(container.ID); err != nil { return fmt.Errorf("Driver %s failed to remove root filesystem %s: %s", daemon.driver, container.ID, err) } @@ -291,12 +290,11 @@ func (daemon *Daemon) Destroy(container *Container) error { utils.Debugf("Unable to remove container from link graph: %s", err) } - // Deregister the container before removing its directory, to avoid race conditions - daemon.idIndex.Delete(container.ID) - daemon.containers.Remove(element) if err := os.RemoveAll(container.root); err != nil { return fmt.Errorf("Unable to remove filesystem for %v: %v", container.ID, err) } + selinux.FreeLxcContexts(container.ProcessLabel) + return nil } @@ -541,6 +539,10 @@ func (daemon *Daemon) newContainer(name string, config *runconfig.Config, img *i ExecDriver: daemon.execDriver.Name(), } container.root = daemon.containerRoot(container.ID) + + if container.ProcessLabel, container.MountLabel, err = label.GenLabels(""); err != nil { + return nil, err + } return container, nil } @@ -551,10 +553,10 @@ func (daemon *Daemon) createRootfs(container *Container, img *image.Image) error return err } initID := fmt.Sprintf("%s-init", container.ID) - if err := daemon.driver.Create(initID, img.ID, ""); err != nil { + if err := daemon.driver.Create(initID, img.ID); err != nil { return err } - initPath, err := daemon.driver.Get(initID) + initPath, err := daemon.driver.Get(initID, "") if err != nil { return err } @@ -564,7 +566,7 @@ func (daemon *Daemon) createRootfs(container *Container, img *image.Image) error return err } - if err := daemon.driver.Create(container.ID, initID, ""); err != nil { + if err := daemon.driver.Create(container.ID, initID); err != nil { return err } return nil @@ -678,7 +680,6 @@ func NewDaemonFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*D if !config.EnableSelinuxSupport { selinux.SetDisabled() } - // Set the default driver graphdriver.DefaultDriver = config.GraphDriver @@ -848,7 +849,7 @@ func (daemon *Daemon) Close() error { } func (daemon *Daemon) Mount(container *Container) error { - dir, err := daemon.driver.Get(container.ID) + dir, err := daemon.driver.Get(container.ID, container.GetMountLabel()) if err != nil { return fmt.Errorf("Error getting container %s from driver %s: %s", container.ID, daemon.driver, err) } @@ -870,12 +871,12 @@ func (daemon *Daemon) Changes(container *Container) ([]archive.Change, error) { if differ, ok := daemon.driver.(graphdriver.Differ); ok { return differ.Changes(container.ID) } - cDir, err := daemon.driver.Get(container.ID) + cDir, err := daemon.driver.Get(container.ID, "") if err != nil { return nil, fmt.Errorf("Error getting container rootfs %s from driver %s: %s", container.ID, container.daemon.driver, err) } defer daemon.driver.Put(container.ID) - initDir, err := daemon.driver.Get(container.ID + "-init") + initDir, err := daemon.driver.Get(container.ID+"-init", "") if err != nil { return nil, fmt.Errorf("Error getting container init rootfs %s from driver %s: %s", container.ID, container.daemon.driver, err) } @@ -893,7 +894,7 @@ func (daemon *Daemon) Diff(container *Container) (archive.Archive, error) { return nil, err } - cDir, err := daemon.driver.Get(container.ID) + cDir, err := daemon.driver.Get(container.ID, "") if err != nil { return nil, fmt.Errorf("Error getting container rootfs %s from driver %s: %s", container.ID, container.daemon.driver, err) } @@ -981,7 +982,7 @@ func (daemon *Daemon) SetServer(server Server) { } func (daemon *Daemon) checkLocaldns() error { - resolvConf, err := utils.GetResolvConf() + resolvConf, err := resolvconf.Get() if err != nil { return err } diff --git a/daemon/execdriver/driver.go b/daemon/execdriver/driver.go index 27a575cb3a..4837a398ea 100644 --- a/daemon/execdriver/driver.go +++ b/daemon/execdriver/driver.go @@ -89,8 +89,10 @@ type Driver interface { // Network settings of the container type Network struct { - Interface *NetworkInterface `json:"interface"` // if interface is nil then networking is disabled - Mtu int `json:"mtu"` + Interface *NetworkInterface `json:"interface"` // if interface is nil then networking is disabled + Mtu int `json:"mtu"` + ContainerID string `json:"container_id"` // id of the container to join network. + HostNetworking bool `json:"host_networking"` } type NetworkInterface struct { diff --git a/daemon/execdriver/lxc/driver.go b/daemon/execdriver/lxc/driver.go index 1ebb73e807..d787d8d873 100644 --- a/daemon/execdriver/lxc/driver.go +++ b/daemon/execdriver/lxc/driver.go @@ -1,11 +1,8 @@ package lxc import ( + "encoding/json" "fmt" - "github.com/dotcloud/docker/daemon/execdriver" - "github.com/dotcloud/docker/pkg/cgroups" - "github.com/dotcloud/docker/pkg/label" - "github.com/dotcloud/docker/utils" "io/ioutil" "log" "os" @@ -16,6 +13,12 @@ import ( "strings" "syscall" "time" + + "github.com/dotcloud/docker/daemon/execdriver" + "github.com/dotcloud/docker/pkg/cgroups" + "github.com/dotcloud/docker/pkg/label" + "github.com/dotcloud/docker/pkg/system" + "github.com/dotcloud/docker/utils" ) const DriverName = "lxc" @@ -25,23 +28,21 @@ func init() { if err := setupEnv(args); err != nil { return err } - if err := setupHostname(args); err != nil { return err } - if err := setupNetworking(args); err != nil { return err } - if err := setupCapabilities(args); err != nil { return err } - if err := setupWorkingDirectory(args); err != nil { return err } - + if err := system.CloseFdsFrom(3); err != nil { + return err + } if err := changeUser(args); err != nil { return err } @@ -85,6 +86,9 @@ func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallba if err := execdriver.SetTerminal(c, pipes); err != nil { return -1, err } + if err := d.generateEnvConfig(c); err != nil { + return -1, err + } configPath, err := d.generateLXCConfig(c) if err != nil { return -1, err @@ -416,3 +420,14 @@ func (d *driver) generateLXCConfig(c *execdriver.Command) (string, error) { } return root, nil } + +func (d *driver) generateEnvConfig(c *execdriver.Command) error { + data, err := json.Marshal(c.Env) + if err != nil { + return err + } + p := path.Join(d.root, "containers", c.ID, "config.env") + c.Mounts = append(c.Mounts, execdriver.Mount{p, "/.dockerenv", false, true}) + + return ioutil.WriteFile(p, data, 0600) +} diff --git a/daemon/execdriver/lxc/init.go b/daemon/execdriver/lxc/init.go index 324bd5eff7..e21e717645 100644 --- a/daemon/execdriver/lxc/init.go +++ b/daemon/execdriver/lxc/init.go @@ -3,15 +3,16 @@ package lxc import ( "encoding/json" "fmt" - "github.com/dotcloud/docker/daemon/execdriver" - "github.com/dotcloud/docker/pkg/netlink" - "github.com/dotcloud/docker/pkg/user" - "github.com/syndtr/gocapability/capability" "io/ioutil" "net" "os" "strings" "syscall" + + "github.com/dotcloud/docker/daemon/execdriver" + "github.com/dotcloud/docker/pkg/netlink" + "github.com/dotcloud/docker/pkg/user" + "github.com/syndtr/gocapability/capability" ) // Clear environment pollution introduced by lxc-start @@ -149,6 +150,7 @@ func setupCapabilities(args *execdriver.InitArgs) error { capability.CAP_MAC_OVERRIDE, capability.CAP_MAC_ADMIN, capability.CAP_NET_ADMIN, + capability.CAP_SYSLOG, } c, err := capability.NewPid(os.Getpid()) diff --git a/daemon/execdriver/lxc/lxc_template.go b/daemon/execdriver/lxc/lxc_template.go index f4cb3d19eb..7fdc5ce92b 100644 --- a/daemon/execdriver/lxc/lxc_template.go +++ b/daemon/execdriver/lxc/lxc_template.go @@ -1,10 +1,11 @@ package lxc import ( - "github.com/dotcloud/docker/daemon/execdriver" - "github.com/dotcloud/docker/pkg/label" "strings" "text/template" + + "github.com/dotcloud/docker/daemon/execdriver" + "github.com/dotcloud/docker/pkg/label" ) const LxcTemplate = ` @@ -13,12 +14,13 @@ const LxcTemplate = ` lxc.network.type = veth lxc.network.link = {{.Network.Interface.Bridge}} lxc.network.name = eth0 -{{else}} +lxc.network.mtu = {{.Network.Mtu}} +{{else if not .Network.HostNetworking}} # network is disabled (-n=false) lxc.network.type = empty lxc.network.flags = up -{{end}} lxc.network.mtu = {{.Network.Mtu}} +{{end}} # root filesystem {{$ROOTFS := .Rootfs}} @@ -82,12 +84,11 @@ lxc.pivotdir = lxc_putold # NOTICE: These mounts must be applied within the namespace -# WARNING: procfs is a known attack vector and should probably be disabled -# if your userspace allows it. eg. see http://blog.zx2c4.com/749 +# WARNING: mounting procfs and/or sysfs read-write is a known attack vector. +# See e.g. http://blog.zx2c4.com/749 and http://bit.ly/T9CkqJ +# We mount them read-write here, but later, dockerinit will call the Restrict() function to remount them read-only. +# We cannot mount them directly read-only, because that would prevent loading AppArmor profiles. lxc.mount.entry = proc {{escapeFstabSpaces $ROOTFS}}/proc proc nosuid,nodev,noexec 0 0 - -# WARNING: sysfs is a known attack vector and should probably be disabled -# if your userspace allows it. eg. see http://bit.ly/T9CkqJ lxc.mount.entry = sysfs {{escapeFstabSpaces $ROOTFS}}/sys sysfs nosuid,nodev,noexec 0 0 {{if .Tty}} @@ -109,7 +110,7 @@ lxc.mount.entry = {{$value.Source}} {{escapeFstabSpaces $ROOTFS}}/{{escapeFstabS {{if .AppArmor}} lxc.aa_profile = unconfined {{else}} -#lxc.aa_profile = unconfined +# Let AppArmor normal confinement take place (i.e., not unconfined) {{end}} {{end}} diff --git a/daemon/execdriver/native/configuration/parse.go b/daemon/execdriver/native/configuration/parse.go index 6d6c643919..22fe4b0e66 100644 --- a/daemon/execdriver/native/configuration/parse.go +++ b/daemon/execdriver/native/configuration/parse.go @@ -2,12 +2,13 @@ package configuration import ( "fmt" - "github.com/dotcloud/docker/pkg/libcontainer" - "github.com/dotcloud/docker/utils" "os/exec" "path/filepath" "strconv" "strings" + + "github.com/dotcloud/docker/pkg/libcontainer" + "github.com/dotcloud/docker/utils" ) type Action func(*libcontainer.Container, interface{}, string) error @@ -21,10 +22,13 @@ var actions = map[string]Action{ "net.join": joinNetNamespace, // join another containers net namespace - "cgroups.cpu_shares": cpuShares, // set the cpu shares - "cgroups.memory": memory, // set the memory limit - "cgroups.memory_swap": memorySwap, // set the memory swap limit - "cgroups.cpuset.cpus": cpusetCpus, // set the cpus used + "cgroups.cpu_shares": cpuShares, // set the cpu shares + "cgroups.memory": memory, // set the memory limit + "cgroups.memory_reservation": memoryReservation, // set the memory reservation + "cgroups.memory_swap": memorySwap, // set the memory swap limit + "cgroups.cpuset.cpus": cpusetCpus, // set the cpus used + + "systemd.slice": systemdSlice, // set parent Slice used for systemd unit "apparmor_profile": apparmorProfile, // set the apparmor profile to apply @@ -40,6 +44,15 @@ func cpusetCpus(container *libcontainer.Container, context interface{}, value st return nil } +func systemdSlice(container *libcontainer.Container, context interface{}, value string) error { + if container.Cgroups == nil { + return fmt.Errorf("cannot set slice when cgroups are disabled") + } + container.Cgroups.Slice = value + + return nil +} + func apparmorProfile(container *libcontainer.Container, context interface{}, value string) error { container.Context["apparmor_profile"] = value return nil @@ -70,6 +83,19 @@ func memory(container *libcontainer.Container, context interface{}, value string return nil } +func memoryReservation(container *libcontainer.Container, context interface{}, value string) error { + if container.Cgroups == nil { + return fmt.Errorf("cannot set cgroups when they are disabled") + } + + v, err := utils.RAMInBytes(value) + if err != nil { + return err + } + container.Cgroups.MemoryReservation = v + return nil +} + func memorySwap(container *libcontainer.Container, context interface{}, value string) error { if container.Cgroups == nil { return fmt.Errorf("cannot set cgroups when they are disabled") @@ -83,38 +109,22 @@ func memorySwap(container *libcontainer.Container, context interface{}, value st } func addCap(container *libcontainer.Container, context interface{}, value string) error { - c := container.CapabilitiesMask.Get(value) - if c == nil { - return fmt.Errorf("%s is not a valid capability", value) - } - c.Enabled = true + container.CapabilitiesMask[value] = true return nil } func dropCap(container *libcontainer.Container, context interface{}, value string) error { - c := container.CapabilitiesMask.Get(value) - if c == nil { - return fmt.Errorf("%s is not a valid capability", value) - } - c.Enabled = false + container.CapabilitiesMask[value] = false return nil } func addNamespace(container *libcontainer.Container, context interface{}, value string) error { - ns := container.Namespaces.Get(value) - if ns == nil { - return fmt.Errorf("%s is not a valid namespace", value[1:]) - } - ns.Enabled = true + container.Namespaces[value] = true return nil } func dropNamespace(container *libcontainer.Container, context interface{}, value string) error { - ns := container.Namespaces.Get(value) - if ns == nil { - return fmt.Errorf("%s is not a valid namespace", value[1:]) - } - ns.Enabled = false + container.Namespaces[value] = false return nil } diff --git a/daemon/execdriver/native/configuration/parse_test.go b/daemon/execdriver/native/configuration/parse_test.go index 9034867b7b..1b0316b688 100644 --- a/daemon/execdriver/native/configuration/parse_test.go +++ b/daemon/execdriver/native/configuration/parse_test.go @@ -1,8 +1,9 @@ package configuration import ( - "github.com/dotcloud/docker/daemon/execdriver/native/template" "testing" + + "github.com/dotcloud/docker/daemon/execdriver/native/template" ) func TestSetReadonlyRootFs(t *testing.T) { @@ -38,10 +39,10 @@ func TestConfigurationsDoNotConflict(t *testing.T) { t.Fatal(err) } - if !container1.CapabilitiesMask.Get("NET_ADMIN").Enabled { + if !container1.CapabilitiesMask["NET_ADMIN"] { t.Fatal("container one should have NET_ADMIN enabled") } - if container2.CapabilitiesMask.Get("NET_ADMIN").Enabled { + if container2.CapabilitiesMask["NET_ADMIN"] { t.Fatal("container two should not have NET_ADMIN enabled") } } @@ -93,7 +94,7 @@ func TestCpuShares(t *testing.T) { } } -func TestCgroupMemory(t *testing.T) { +func TestMemory(t *testing.T) { var ( container = template.New() opts = []string{ @@ -109,6 +110,22 @@ func TestCgroupMemory(t *testing.T) { } } +func TestMemoryReservation(t *testing.T) { + var ( + container = template.New() + opts = []string{ + "cgroups.memory_reservation=500m", + } + ) + if err := ParseConfiguration(container, nil, opts); err != nil { + t.Fatal(err) + } + + if expected := int64(500 * 1024 * 1024); container.Cgroups.MemoryReservation != expected { + t.Fatalf("expected memory reservation %d got %d", expected, container.Cgroups.MemoryReservation) + } +} + func TestAddCap(t *testing.T) { var ( container = template.New() @@ -121,10 +138,10 @@ func TestAddCap(t *testing.T) { t.Fatal(err) } - if !container.CapabilitiesMask.Get("MKNOD").Enabled { + if !container.CapabilitiesMask["MKNOD"] { t.Fatal("container should have MKNOD enabled") } - if !container.CapabilitiesMask.Get("SYS_ADMIN").Enabled { + if !container.CapabilitiesMask["SYS_ADMIN"] { t.Fatal("container should have SYS_ADMIN enabled") } } @@ -137,14 +154,14 @@ func TestDropCap(t *testing.T) { } ) // enabled all caps like in privileged mode - for _, c := range container.CapabilitiesMask { - c.Enabled = true + for key := range container.CapabilitiesMask { + container.CapabilitiesMask[key] = true } if err := ParseConfiguration(container, nil, opts); err != nil { t.Fatal(err) } - if container.CapabilitiesMask.Get("MKNOD").Enabled { + if container.CapabilitiesMask["MKNOD"] { t.Fatal("container should not have MKNOD enabled") } } @@ -160,7 +177,7 @@ func TestDropNamespace(t *testing.T) { t.Fatal(err) } - if container.Namespaces.Get("NEWNET").Enabled { + if container.Namespaces["NEWNET"] { t.Fatal("container should not have NEWNET enabled") } } diff --git a/daemon/execdriver/native/create.go b/daemon/execdriver/native/create.go index ef17ce7042..a7b3d9a107 100644 --- a/daemon/execdriver/native/create.go +++ b/daemon/execdriver/native/create.go @@ -3,12 +3,12 @@ package native import ( "fmt" "os" + "path/filepath" "github.com/dotcloud/docker/daemon/execdriver" "github.com/dotcloud/docker/daemon/execdriver/native/configuration" "github.com/dotcloud/docker/daemon/execdriver/native/template" "github.com/dotcloud/docker/pkg/apparmor" - "github.com/dotcloud/docker/pkg/label" "github.com/dotcloud/docker/pkg/libcontainer" ) @@ -25,6 +25,7 @@ func (d *driver) createContainer(c *execdriver.Command) (*libcontainer.Container container.Cgroups.Name = c.ID // check to see if we are running in ramdisk to disable pivot root container.NoPivotRoot = os.Getenv("DOCKER_RAMDISK") != "" + container.Context["restrictions"] = "true" if err := d.createNetwork(container, c); err != nil { return nil, err @@ -33,6 +34,8 @@ func (d *driver) createContainer(c *execdriver.Command) (*libcontainer.Container if err := d.setPrivileged(container); err != nil { return nil, err } + } else { + container.Mounts = append(container.Mounts, libcontainer.Mount{Type: "devtmpfs"}) } if err := d.setupCgroups(container, c); err != nil { return nil, err @@ -50,6 +53,10 @@ func (d *driver) createContainer(c *execdriver.Command) (*libcontainer.Container } func (d *driver) createNetwork(container *libcontainer.Container, c *execdriver.Command) error { + if c.Network.HostNetworking { + container.Namespaces["NEWNET"] = false + return nil + } container.Networks = []*libcontainer.Network{ { Mtu: c.Network.Mtu, @@ -73,14 +80,31 @@ func (d *driver) createNetwork(container *libcontainer.Container, c *execdriver. } container.Networks = append(container.Networks, &vethNetwork) } + + if c.Network.ContainerID != "" { + cmd := d.activeContainers[c.Network.ContainerID] + if cmd == nil || cmd.Process == nil { + return fmt.Errorf("%s is not a valid running container to join", c.Network.ContainerID) + } + nspath := filepath.Join("/proc", fmt.Sprint(cmd.Process.Pid), "ns", "net") + container.Networks = append(container.Networks, &libcontainer.Network{ + Type: "netns", + Context: libcontainer.Context{ + "nspath": nspath, + }, + }) + } return nil } func (d *driver) setPrivileged(container *libcontainer.Container) error { - for _, c := range container.CapabilitiesMask { - c.Enabled = true + for key := range container.CapabilitiesMask { + container.CapabilitiesMask[key] = true } container.Cgroups.DeviceAccess = true + + delete(container.Context, "restrictions") + if apparmor.IsEnabled() { container.Context["apparmor_profile"] = "unconfined" } @@ -91,6 +115,7 @@ func (d *driver) setupCgroups(container *libcontainer.Container, c *execdriver.C if c.Resources != nil { container.Cgroups.CpuShares = c.Resources.CpuShares container.Cgroups.Memory = c.Resources.Memory + container.Cgroups.MemoryReservation = c.Resources.Memory container.Cgroups.MemorySwap = c.Resources.MemorySwap } return nil @@ -98,20 +123,19 @@ func (d *driver) setupCgroups(container *libcontainer.Container, c *execdriver.C func (d *driver) setupMounts(container *libcontainer.Container, c *execdriver.Command) error { for _, m := range c.Mounts { - container.Mounts = append(container.Mounts, libcontainer.Mount{m.Source, m.Destination, m.Writable, m.Private}) + container.Mounts = append(container.Mounts, libcontainer.Mount{ + Type: "bind", + Source: m.Source, + Destination: m.Destination, + Writable: m.Writable, + Private: m.Private, + }) } return nil } func (d *driver) setupLabels(container *libcontainer.Container, c *execdriver.Command) error { - labels := c.Config["label"] - if len(labels) > 0 { - process, mount, err := label.GenLabels(labels[0]) - if err != nil { - return err - } - container.Context["mount_label"] = mount - container.Context["process_label"] = process - } + container.Context["process_label"] = c.Config["process_label"][0] + container.Context["mount_label"] = c.Config["mount_label"][0] return nil } diff --git a/daemon/execdriver/native/driver.go b/daemon/execdriver/native/driver.go index ab82cdcc65..2e57729d4b 100644 --- a/daemon/execdriver/native/driver.go +++ b/daemon/execdriver/native/driver.go @@ -3,9 +3,7 @@ package native import ( "encoding/json" "fmt" - "io" "io/ioutil" - "log" "os" "os/exec" "path/filepath" @@ -23,16 +21,13 @@ import ( const ( DriverName = "native" - Version = "0.1" + Version = "0.2" BackupApparmorProfilePath = "apparmor/docker.back" // relative to docker root ) func init() { execdriver.RegisterInitFunc(DriverName, func(args *execdriver.InitArgs) error { - var ( - container *libcontainer.Container - ns = nsinit.NewNsInit(&nsinit.DefaultCommandFactory{}, &nsinit.DefaultStateWriter{args.Root}, createLogger("")) - ) + var container *libcontainer.Container f, err := os.Open(filepath.Join(args.Root, "container.json")) if err != nil { return err @@ -43,7 +38,7 @@ func init() { } f.Close() - cwd, err := os.Getwd() + rootfs, err := os.Getwd() if err != nil { return err } @@ -51,7 +46,7 @@ func init() { if err != nil { return err } - if err := ns.Init(container, cwd, args.Console, syncPipe, args.Args); err != nil { + if err := nsinit.Init(container, rootfs, args.Console, syncPipe, args.Args); err != nil { return err } return nil @@ -88,35 +83,49 @@ func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallba d.activeContainers[c.ID] = &c.Cmd var ( - term nsinit.Terminal - factory = &dockerCommandFactory{c: c, driver: d} - stateWriter = &dockerStateWriter{ - callback: startCallback, - c: c, - dsw: &nsinit.DefaultStateWriter{filepath.Join(d.root, c.ID)}, - } - ns = nsinit.NewNsInit(factory, stateWriter, createLogger(os.Getenv("DEBUG"))) - args = append([]string{c.Entrypoint}, c.Arguments...) + dataPath = filepath.Join(d.root, c.ID) + args = append([]string{c.Entrypoint}, c.Arguments...) ) if err := d.createContainerRoot(c.ID); err != nil { return -1, err } defer d.removeContainerRoot(c.ID) - if c.Tty { - term = &dockerTtyTerm{ - pipes: pipes, - } - } else { - term = &dockerStdTerm{ - pipes: pipes, - } - } - c.Terminal = term if err := d.writeContainerFile(container, c.ID); err != nil { return -1, err } - return ns.Exec(container, term, args) + + term := getTerminal(c, pipes) + + return nsinit.Exec(container, term, c.Rootfs, dataPath, args, func(container *libcontainer.Container, console, rootfs, dataPath, init string, child *os.File, args []string) *exec.Cmd { + // we need to join the rootfs because nsinit will setup the rootfs and chroot + initPath := filepath.Join(c.Rootfs, c.InitPath) + + c.Path = d.initPath + c.Args = append([]string{ + initPath, + "-driver", DriverName, + "-console", console, + "-pipe", "3", + "-root", filepath.Join(d.root, c.ID), + "--", + }, args...) + + // set this to nil so that when we set the clone flags anything else is reset + c.SysProcAttr = nil + system.SetCloneFlags(&c.Cmd, uintptr(nsinit.GetNamespaceFlags(container.Namespaces))) + c.ExtraFiles = []*os.File{child} + + c.Env = container.Env + c.Dir = c.Rootfs + + return &c.Cmd + }, func() { + if startCallback != nil { + c.ContainerPid = c.Process.Pid + startCallback(c) + } + }) } func (d *driver) Kill(p *execdriver.Command, sig int) error { @@ -229,65 +238,17 @@ func getEnv(key string, env []string) string { return "" } -type dockerCommandFactory struct { - c *execdriver.Command - driver *driver -} - -// createCommand will return an exec.Cmd with the Cloneflags set to the proper namespaces -// defined on the container's configuration and use the current binary as the init with the -// args provided -func (d *dockerCommandFactory) Create(container *libcontainer.Container, console string, syncFile *os.File, args []string) *exec.Cmd { - // we need to join the rootfs because nsinit will setup the rootfs and chroot - initPath := filepath.Join(d.c.Rootfs, d.c.InitPath) - - d.c.Path = d.driver.initPath - d.c.Args = append([]string{ - initPath, - "-driver", DriverName, - "-console", console, - "-pipe", "3", - "-root", filepath.Join(d.driver.root, d.c.ID), - "--", - }, args...) - - // set this to nil so that when we set the clone flags anything else is reset - d.c.SysProcAttr = nil - system.SetCloneFlags(&d.c.Cmd, uintptr(nsinit.GetNamespaceFlags(container.Namespaces))) - d.c.ExtraFiles = []*os.File{syncFile} - - d.c.Env = container.Env - d.c.Dir = d.c.Rootfs - - return &d.c.Cmd -} - -type dockerStateWriter struct { - dsw nsinit.StateWriter - c *execdriver.Command - callback execdriver.StartCallback -} - -func (d *dockerStateWriter) WritePid(pid int, started string) error { - d.c.ContainerPid = pid - err := d.dsw.WritePid(pid, started) - if d.callback != nil { - d.callback(d.c) - } - return err -} - -func (d *dockerStateWriter) DeletePid() error { - return d.dsw.DeletePid() -} - -func createLogger(debug string) *log.Logger { - var w io.Writer - // if we are in debug mode set the logger to stderr - if debug != "" { - w = os.Stderr +func getTerminal(c *execdriver.Command, pipes *execdriver.Pipes) nsinit.Terminal { + var term nsinit.Terminal + if c.Tty { + term = &dockerTtyTerm{ + pipes: pipes, + } } else { - w = ioutil.Discard + term = &dockerStdTerm{ + pipes: pipes, + } } - return log.New(w, "[libcontainer] ", log.LstdFlags) + c.Terminal = term + return term } diff --git a/daemon/execdriver/native/template/default_template.go b/daemon/execdriver/native/template/default_template.go index c354637fcb..249c5d5fe8 100644 --- a/daemon/execdriver/native/template/default_template.go +++ b/daemon/execdriver/native/template/default_template.go @@ -9,29 +9,30 @@ import ( // New returns the docker default configuration for libcontainer func New() *libcontainer.Container { container := &libcontainer.Container{ - CapabilitiesMask: libcontainer.Capabilities{ - libcontainer.GetCapability("SETPCAP"), - libcontainer.GetCapability("SYS_MODULE"), - libcontainer.GetCapability("SYS_RAWIO"), - libcontainer.GetCapability("SYS_PACCT"), - libcontainer.GetCapability("SYS_ADMIN"), - libcontainer.GetCapability("SYS_NICE"), - libcontainer.GetCapability("SYS_RESOURCE"), - libcontainer.GetCapability("SYS_TIME"), - libcontainer.GetCapability("SYS_TTY_CONFIG"), - libcontainer.GetCapability("AUDIT_WRITE"), - libcontainer.GetCapability("AUDIT_CONTROL"), - libcontainer.GetCapability("MAC_OVERRIDE"), - libcontainer.GetCapability("MAC_ADMIN"), - libcontainer.GetCapability("NET_ADMIN"), - libcontainer.GetCapability("MKNOD"), + CapabilitiesMask: map[string]bool{ + "SETPCAP": false, + "SYS_MODULE": false, + "SYS_RAWIO": false, + "SYS_PACCT": false, + "SYS_ADMIN": false, + "SYS_NICE": false, + "SYS_RESOURCE": false, + "SYS_TIME": false, + "SYS_TTY_CONFIG": false, + "AUDIT_WRITE": false, + "AUDIT_CONTROL": false, + "MAC_OVERRIDE": false, + "MAC_ADMIN": false, + "NET_ADMIN": false, + "MKNOD": true, + "SYSLOG": false, }, - Namespaces: libcontainer.Namespaces{ - libcontainer.GetNamespace("NEWNS"), - libcontainer.GetNamespace("NEWUTS"), - libcontainer.GetNamespace("NEWIPC"), - libcontainer.GetNamespace("NEWPID"), - libcontainer.GetNamespace("NEWNET"), + Namespaces: map[string]bool{ + "NEWNS": true, + "NEWUTS": true, + "NEWIPC": true, + "NEWPID": true, + "NEWNET": true, }, Cgroups: &cgroups.Cgroup{ Parent: "docker", @@ -39,7 +40,6 @@ func New() *libcontainer.Container { }, Context: libcontainer.Context{}, } - container.CapabilitiesMask.Get("MKNOD").Enabled = true if apparmor.IsEnabled() { container.Context["apparmor_profile"] = "docker-default" } diff --git a/daemon/graphdriver/aufs/aufs.go b/daemon/graphdriver/aufs/aufs.go index 8363c24a5e..12b7a77fb3 100644 --- a/daemon/graphdriver/aufs/aufs.go +++ b/daemon/graphdriver/aufs/aufs.go @@ -25,6 +25,7 @@ import ( "fmt" "github.com/dotcloud/docker/archive" "github.com/dotcloud/docker/daemon/graphdriver" + "github.com/dotcloud/docker/pkg/label" mountpk "github.com/dotcloud/docker/pkg/mount" "github.com/dotcloud/docker/utils" "os" @@ -134,7 +135,7 @@ func (a Driver) Exists(id string) bool { // Three folders are created for each id // mnt, layers, and diff -func (a *Driver) Create(id, parent string, mountLabel string) error { +func (a *Driver) Create(id, parent string) error { if err := a.createDirsFor(id); err != nil { return err } @@ -218,7 +219,7 @@ func (a *Driver) Remove(id string) error { // Return the rootfs path for the id // This will mount the dir at it's given path -func (a *Driver) Get(id string) (string, error) { +func (a *Driver) Get(id, mountLabel string) (string, error) { ids, err := getParentIds(a.rootPath(), id) if err != nil { if !os.IsNotExist(err) { @@ -240,7 +241,7 @@ func (a *Driver) Get(id string) (string, error) { out = path.Join(a.rootPath(), "mnt", id) if count == 0 { - if err := a.mount(id); err != nil { + if err := a.mount(id, mountLabel); err != nil { return "", err } } @@ -309,7 +310,7 @@ func (a *Driver) getParentLayerPaths(id string) ([]string, error) { return layers, nil } -func (a *Driver) mount(id string) error { +func (a *Driver) mount(id, mountLabel string) error { // If the id is mounted or we get an error return if mounted, err := a.mounted(id); err != nil || mounted { return err @@ -325,7 +326,7 @@ func (a *Driver) mount(id string) error { return err } - if err := a.aufsMount(layers, rw, target); err != nil { + if err := a.aufsMount(layers, rw, target, mountLabel); err != nil { return err } return nil @@ -358,21 +359,21 @@ func (a *Driver) Cleanup() error { return nil } -func (a *Driver) aufsMount(ro []string, rw, target string) (err error) { +func (a *Driver) aufsMount(ro []string, rw, target, mountLabel string) (err error) { defer func() { if err != nil { Unmount(target) } }() - if err = a.tryMount(ro, rw, target); err != nil { - if err = a.mountRw(rw, target); err != nil { + if err = a.tryMount(ro, rw, target, mountLabel); err != nil { + if err = a.mountRw(rw, target, mountLabel); err != nil { return } for _, layer := range ro { - branch := fmt.Sprintf("append:%s=ro+wh", layer) - if err = mount("none", target, "aufs", MsRemount, branch); err != nil { + data := label.FormatMountLabel(fmt.Sprintf("append:%s=ro+wh", layer), mountLabel) + if err = mount("none", target, "aufs", MsRemount, data); err != nil { return } } @@ -382,16 +383,18 @@ func (a *Driver) aufsMount(ro []string, rw, target string) (err error) { // Try to mount using the aufs fast path, if this fails then // append ro layers. -func (a *Driver) tryMount(ro []string, rw, target string) (err error) { +func (a *Driver) tryMount(ro []string, rw, target, mountLabel string) (err error) { var ( rwBranch = fmt.Sprintf("%s=rw", rw) roBranches = fmt.Sprintf("%s=ro+wh:", strings.Join(ro, "=ro+wh:")) + data = label.FormatMountLabel(fmt.Sprintf("br:%v:%v,xino=/dev/shm/aufs.xino", rwBranch, roBranches), mountLabel) ) - return mount("none", target, "aufs", 0, fmt.Sprintf("br:%v:%v,xino=/dev/shm/aufs.xino", rwBranch, roBranches)) + return mount("none", target, "aufs", 0, data) } -func (a *Driver) mountRw(rw, target string) error { - return mount("none", target, "aufs", 0, fmt.Sprintf("br:%s,xino=/dev/shm/aufs.xino", rw)) +func (a *Driver) mountRw(rw, target, mountLabel string) error { + data := label.FormatMountLabel(fmt.Sprintf("br:%s,xino=/dev/shm/aufs.xino", rw), mountLabel) + return mount("none", target, "aufs", 0, data) } func rollbackMount(target string, err error) { diff --git a/daemon/graphdriver/aufs/aufs_test.go b/daemon/graphdriver/aufs/aufs_test.go index 9e01a945aa..1ffa264aa1 100644 --- a/daemon/graphdriver/aufs/aufs_test.go +++ b/daemon/graphdriver/aufs/aufs_test.go @@ -90,7 +90,7 @@ func TestCreateNewDir(t *testing.T) { d := newDriver(t) defer os.RemoveAll(tmp) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } } @@ -99,7 +99,7 @@ func TestCreateNewDirStructure(t *testing.T) { d := newDriver(t) defer os.RemoveAll(tmp) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } @@ -120,7 +120,7 @@ func TestRemoveImage(t *testing.T) { d := newDriver(t) defer os.RemoveAll(tmp) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } @@ -145,11 +145,11 @@ func TestGetWithoutParent(t *testing.T) { d := newDriver(t) defer os.RemoveAll(tmp) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } - diffPath, err := d.Get("1") + diffPath, err := d.Get("1", "") if err != nil { t.Fatal(err) } @@ -172,7 +172,7 @@ func TestCleanupWithDir(t *testing.T) { d := newDriver(t) defer os.RemoveAll(tmp) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } @@ -185,7 +185,7 @@ func TestMountedFalseResponse(t *testing.T) { d := newDriver(t) defer os.RemoveAll(tmp) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } @@ -204,14 +204,14 @@ func TestMountedTrueReponse(t *testing.T) { defer os.RemoveAll(tmp) defer d.Cleanup() - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } - if err := d.Create("2", "1", ""); err != nil { + if err := d.Create("2", "1"); err != nil { t.Fatal(err) } - _, err := d.Get("2") + _, err := d.Get("2", "") if err != nil { t.Fatal(err) } @@ -230,10 +230,10 @@ func TestMountWithParent(t *testing.T) { d := newDriver(t) defer os.RemoveAll(tmp) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } - if err := d.Create("2", "1", ""); err != nil { + if err := d.Create("2", "1"); err != nil { t.Fatal(err) } @@ -243,7 +243,7 @@ func TestMountWithParent(t *testing.T) { } }() - mntPath, err := d.Get("2") + mntPath, err := d.Get("2", "") if err != nil { t.Fatal(err) } @@ -261,10 +261,10 @@ func TestRemoveMountedDir(t *testing.T) { d := newDriver(t) defer os.RemoveAll(tmp) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } - if err := d.Create("2", "1", ""); err != nil { + if err := d.Create("2", "1"); err != nil { t.Fatal(err) } @@ -274,7 +274,7 @@ func TestRemoveMountedDir(t *testing.T) { } }() - mntPath, err := d.Get("2") + mntPath, err := d.Get("2", "") if err != nil { t.Fatal(err) } @@ -300,7 +300,7 @@ func TestCreateWithInvalidParent(t *testing.T) { d := newDriver(t) defer os.RemoveAll(tmp) - if err := d.Create("1", "docker", ""); err == nil { + if err := d.Create("1", "docker"); err == nil { t.Fatalf("Error should not be nil with parent does not exist") } } @@ -309,11 +309,11 @@ func TestGetDiff(t *testing.T) { d := newDriver(t) defer os.RemoveAll(tmp) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } - diffPath, err := d.Get("1") + diffPath, err := d.Get("1", "") if err != nil { t.Fatal(err) } @@ -343,10 +343,10 @@ func TestChanges(t *testing.T) { d := newDriver(t) defer os.RemoveAll(tmp) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } - if err := d.Create("2", "1", ""); err != nil { + if err := d.Create("2", "1"); err != nil { t.Fatal(err) } @@ -356,7 +356,7 @@ func TestChanges(t *testing.T) { } }() - mntPoint, err := d.Get("2") + mntPoint, err := d.Get("2", "") if err != nil { t.Fatal(err) } @@ -392,10 +392,10 @@ func TestChanges(t *testing.T) { t.Fatalf("Change kind should be ChangeAdd got %s", change.Kind) } - if err := d.Create("3", "2", ""); err != nil { + if err := d.Create("3", "2"); err != nil { t.Fatal(err) } - mntPoint, err = d.Get("3") + mntPoint, err = d.Get("3", "") if err != nil { t.Fatal(err) } @@ -437,11 +437,11 @@ func TestDiffSize(t *testing.T) { d := newDriver(t) defer os.RemoveAll(tmp) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } - diffPath, err := d.Get("1") + diffPath, err := d.Get("1", "") if err != nil { t.Fatal(err) } @@ -479,11 +479,11 @@ func TestChildDiffSize(t *testing.T) { defer os.RemoveAll(tmp) defer d.Cleanup() - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } - diffPath, err := d.Get("1") + diffPath, err := d.Get("1", "") if err != nil { t.Fatal(err) } @@ -515,7 +515,7 @@ func TestChildDiffSize(t *testing.T) { t.Fatalf("Expected size to be %d got %d", size, diffSize) } - if err := d.Create("2", "1", ""); err != nil { + if err := d.Create("2", "1"); err != nil { t.Fatal(err) } @@ -534,7 +534,7 @@ func TestExists(t *testing.T) { defer os.RemoveAll(tmp) defer d.Cleanup() - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } @@ -552,7 +552,7 @@ func TestStatus(t *testing.T) { defer os.RemoveAll(tmp) defer d.Cleanup() - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } @@ -581,11 +581,11 @@ func TestApplyDiff(t *testing.T) { defer os.RemoveAll(tmp) defer d.Cleanup() - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } - diffPath, err := d.Get("1") + diffPath, err := d.Get("1", "") if err != nil { t.Fatal(err) } @@ -607,10 +607,10 @@ func TestApplyDiff(t *testing.T) { t.Fatal(err) } - if err := d.Create("2", "", ""); err != nil { + if err := d.Create("2", ""); err != nil { t.Fatal(err) } - if err := d.Create("3", "2", ""); err != nil { + if err := d.Create("3", "2"); err != nil { t.Fatal(err) } @@ -620,7 +620,7 @@ func TestApplyDiff(t *testing.T) { // Ensure that the file is in the mount point for id 3 - mountPoint, err := d.Get("3") + mountPoint, err := d.Get("3", "") if err != nil { t.Fatal(err) } @@ -656,11 +656,11 @@ func TestMountMoreThan42Layers(t *testing.T) { } current = hash(current) - if err := d.Create(current, parent, ""); err != nil { + if err := d.Create(current, parent); err != nil { t.Logf("Current layer %d", i) t.Fatal(err) } - point, err := d.Get(current) + point, err := d.Get(current, "") if err != nil { t.Logf("Current layer %d", i) t.Fatal(err) @@ -683,7 +683,7 @@ func TestMountMoreThan42Layers(t *testing.T) { } // Perform the actual mount for the top most image - point, err := d.Get(last) + point, err := d.Get(last, "") if err != nil { t.Fatal(err) } diff --git a/daemon/graphdriver/aufs/migrate.go b/daemon/graphdriver/aufs/migrate.go index 400e260797..dda7cb7390 100644 --- a/daemon/graphdriver/aufs/migrate.go +++ b/daemon/graphdriver/aufs/migrate.go @@ -77,11 +77,11 @@ func (a *Driver) migrateContainers(pth string, setupInit func(p string) error) e } initID := fmt.Sprintf("%s-init", id) - if err := a.Create(initID, metadata.Image, ""); err != nil { + if err := a.Create(initID, metadata.Image); err != nil { return err } - initPath, err := a.Get(initID) + initPath, err := a.Get(initID, "") if err != nil { return err } @@ -90,7 +90,7 @@ func (a *Driver) migrateContainers(pth string, setupInit func(p string) error) e return err } - if err := a.Create(id, initID, ""); err != nil { + if err := a.Create(id, initID); err != nil { return err } } @@ -144,7 +144,7 @@ func (a *Driver) migrateImage(m *metadata, pth string, migrated map[string]bool) return err } if !a.Exists(m.ID) { - if err := a.Create(m.ID, m.ParentID, ""); err != nil { + if err := a.Create(m.ID, m.ParentID); err != nil { return err } } diff --git a/daemon/graphdriver/btrfs/MAINTAINERS b/daemon/graphdriver/btrfs/MAINTAINERS new file mode 100644 index 0000000000..9e629d5fcc --- /dev/null +++ b/daemon/graphdriver/btrfs/MAINTAINERS @@ -0,0 +1 @@ +Alexander Larsson (@alexlarsson) diff --git a/daemon/graphdriver/btrfs/btrfs.go b/daemon/graphdriver/btrfs/btrfs.go index 494a375817..4d195537eb 100644 --- a/daemon/graphdriver/btrfs/btrfs.go +++ b/daemon/graphdriver/btrfs/btrfs.go @@ -80,7 +80,7 @@ func getDirFd(dir *C.DIR) uintptr { return uintptr(C.dirfd(dir)) } -func subvolCreate(path, name string, mountLabel string) error { +func subvolCreate(path, name string) error { dir, err := openDir(path) if err != nil { return err @@ -155,17 +155,17 @@ func (d *Driver) subvolumesDirId(id string) string { return path.Join(d.subvolumesDir(), id) } -func (d *Driver) Create(id string, parent string, mountLabel string) error { +func (d *Driver) Create(id string, parent string) error { subvolumes := path.Join(d.home, "subvolumes") if err := os.MkdirAll(subvolumes, 0700); err != nil { return err } if parent == "" { - if err := subvolCreate(subvolumes, id, mountLabel); err != nil { + if err := subvolCreate(subvolumes, id); err != nil { return err } } else { - parentDir, err := d.Get(parent) + parentDir, err := d.Get(parent, "") if err != nil { return err } @@ -187,7 +187,7 @@ func (d *Driver) Remove(id string) error { return os.RemoveAll(dir) } -func (d *Driver) Get(id string) (string, error) { +func (d *Driver) Get(id, mountLabel string) (string, error) { dir := d.subvolumesDirId(id) st, err := os.Stat(dir) if err != nil { diff --git a/daemon/graphdriver/devmapper/MAINTAINERS b/daemon/graphdriver/devmapper/MAINTAINERS new file mode 100644 index 0000000000..9e629d5fcc --- /dev/null +++ b/daemon/graphdriver/devmapper/MAINTAINERS @@ -0,0 +1 @@ +Alexander Larsson (@alexlarsson) diff --git a/daemon/graphdriver/devmapper/deviceset.go b/daemon/graphdriver/devmapper/deviceset.go index 97d670a3d9..a96331d812 100644 --- a/daemon/graphdriver/devmapper/deviceset.go +++ b/daemon/graphdriver/devmapper/deviceset.go @@ -6,8 +6,6 @@ import ( "encoding/json" "errors" "fmt" - "github.com/dotcloud/docker/pkg/label" - "github.com/dotcloud/docker/utils" "io" "io/ioutil" "path" @@ -17,6 +15,9 @@ import ( "sync" "syscall" "time" + + "github.com/dotcloud/docker/pkg/label" + "github.com/dotcloud/docker/utils" ) var ( @@ -35,12 +36,6 @@ type DevInfo struct { mountCount int `json:"-"` mountPath string `json:"-"` - // A floating mount means one reference is not owned and - // will be stolen by the next mount. This allows us to - // avoid unmounting directly after creation before the - // first get (since we need to mount to set up the device - // a bit first). - floating bool `json:"-"` // The global DeviceSet lock guarantees that we serialize all // the calls to libdevmapper (which is not threadsafe), but we @@ -94,14 +89,6 @@ type DevStatus struct { HighestMappedSector uint64 } -type UnmountMode int - -const ( - UnmountRegular UnmountMode = iota - UnmountFloat - UnmountSink -) - func getDevName(name string) string { return "/dev/mapper/" + name } @@ -859,7 +846,7 @@ func (devices *DeviceSet) Shutdown() error { return nil } -func (devices *DeviceSet) MountDevice(hash, path string, mountLabel string) error { +func (devices *DeviceSet) MountDevice(hash, path, mountLabel string) error { info, err := devices.lookupDevice(hash) if err != nil { return err @@ -876,12 +863,7 @@ func (devices *DeviceSet) MountDevice(hash, path string, mountLabel string) erro return fmt.Errorf("Trying to mount devmapper device in multple places (%s, %s)", info.mountPath, path) } - if info.floating { - // Steal floating ref - info.floating = false - } else { - info.mountCount++ - } + info.mountCount++ return nil } @@ -894,7 +876,7 @@ func (devices *DeviceSet) MountDevice(hash, path string, mountLabel string) erro mountOptions := label.FormatMountLabel("discard", mountLabel) err = sysMount(info.DevName(), path, "ext4", flags, mountOptions) if err != nil && err == sysEInval { - mountOptions = label.FormatMountLabel(mountLabel, "") + mountOptions = label.FormatMountLabel("", mountLabel) err = sysMount(info.DevName(), path, "ext4", flags, mountOptions) } if err != nil { @@ -903,13 +885,12 @@ func (devices *DeviceSet) MountDevice(hash, path string, mountLabel string) erro info.mountCount = 1 info.mountPath = path - info.floating = false return devices.setInitialized(info) } -func (devices *DeviceSet) UnmountDevice(hash string, mode UnmountMode) error { - utils.Debugf("[devmapper] UnmountDevice(hash=%s, mode=%d)", hash, mode) +func (devices *DeviceSet) UnmountDevice(hash string) error { + utils.Debugf("[devmapper] UnmountDevice(hash=%s)", hash) defer utils.Debugf("[devmapper] UnmountDevice END") info, err := devices.lookupDevice(hash) @@ -923,24 +904,6 @@ func (devices *DeviceSet) UnmountDevice(hash string, mode UnmountMode) error { devices.Lock() defer devices.Unlock() - if mode == UnmountFloat { - if info.floating { - return fmt.Errorf("UnmountDevice: can't float floating reference %s\n", hash) - } - - // Leave this reference floating - info.floating = true - return nil - } - - if mode == UnmountSink { - if !info.floating { - // Someone already sunk this - return nil - } - // Otherwise, treat this as a regular unmount - } - if info.mountCount == 0 { return fmt.Errorf("UnmountDevice: device not-mounted id %s\n", hash) } diff --git a/daemon/graphdriver/devmapper/driver.go b/daemon/graphdriver/devmapper/driver.go index e958ef3e59..9f240d96e0 100644 --- a/daemon/graphdriver/devmapper/driver.go +++ b/daemon/graphdriver/devmapper/driver.go @@ -4,11 +4,12 @@ package devmapper import ( "fmt" - "github.com/dotcloud/docker/daemon/graphdriver" - "github.com/dotcloud/docker/utils" "io/ioutil" "os" "path" + + "github.com/dotcloud/docker/daemon/graphdriver" + "github.com/dotcloud/docker/utils" ) func init() { @@ -60,30 +61,10 @@ func (d *Driver) Cleanup() error { return d.DeviceSet.Shutdown() } -func (d *Driver) Create(id, parent string, mountLabel string) error { +func (d *Driver) Create(id, parent string) error { if err := d.DeviceSet.AddDevice(id, parent); err != nil { return err } - mp := path.Join(d.home, "mnt", id) - if err := d.mount(id, mp); err != nil { - return err - } - - if err := osMkdirAll(path.Join(mp, "rootfs"), 0755); err != nil && !osIsExist(err) { - return err - } - - // Create an "id" file with the container/image id in it to help reconscruct this in case - // of later problems - if err := ioutil.WriteFile(path.Join(mp, "id"), []byte(id), 0600); err != nil { - return err - } - - // We float this reference so that the next Get call can - // steal it, so we don't have to unmount - if err := d.DeviceSet.UnmountDevice(id, UnmountFloat); err != nil { - return err - } return nil } @@ -96,10 +77,6 @@ func (d *Driver) Remove(id string) error { return nil } - // Sink the float from create in case no Get() call was made - if err := d.DeviceSet.UnmountDevice(id, UnmountSink); err != nil { - return err - } // This assumes the device has been properly Get/Put:ed and thus is unmounted if err := d.DeviceSet.DeleteDevice(id); err != nil { return err @@ -113,30 +90,44 @@ func (d *Driver) Remove(id string) error { return nil } -func (d *Driver) Get(id string) (string, error) { +func (d *Driver) Get(id, mountLabel string) (string, error) { mp := path.Join(d.home, "mnt", id) - if err := d.mount(id, mp); err != nil { + + // Create the target directories if they don't exist + if err := osMkdirAll(mp, 0755); err != nil && !osIsExist(err) { return "", err } - return path.Join(mp, "rootfs"), nil + // Mount the device + if err := d.DeviceSet.MountDevice(id, mp, mountLabel); err != nil { + return "", err + } + + rootFs := path.Join(mp, "rootfs") + if err := osMkdirAll(rootFs, 0755); err != nil && !osIsExist(err) { + d.DeviceSet.UnmountDevice(id) + return "", err + } + + idFile := path.Join(mp, "id") + if _, err := osStat(idFile); err != nil && osIsNotExist(err) { + // Create an "id" file with the container/image id in it to help reconscruct this in case + // of later problems + if err := ioutil.WriteFile(idFile, []byte(id), 0600); err != nil { + d.DeviceSet.UnmountDevice(id) + return "", err + } + } + + return rootFs, nil } func (d *Driver) Put(id string) { - if err := d.DeviceSet.UnmountDevice(id, UnmountRegular); err != nil { + if err := d.DeviceSet.UnmountDevice(id); err != nil { utils.Errorf("Warning: error unmounting device %s: %s\n", id, err) } } -func (d *Driver) mount(id, mountPoint string) error { - // Create the target directories if they don't exist - if err := osMkdirAll(mountPoint, 0755); err != nil && !osIsExist(err) { - return err - } - // Mount the device - return d.DeviceSet.MountDevice(id, mountPoint, "") -} - func (d *Driver) Exists(id string) bool { - return d.Devices[id] != nil + return d.DeviceSet.HasDevice(id) } diff --git a/daemon/graphdriver/devmapper/driver_test.go b/daemon/graphdriver/devmapper/driver_test.go index d431f942aa..913add7c8b 100644 --- a/daemon/graphdriver/devmapper/driver_test.go +++ b/daemon/graphdriver/devmapper/driver_test.go @@ -436,6 +436,12 @@ func TestDriverCreate(t *testing.T) { return nil } + sysUnmount = func(target string, flag int) error { + //calls["sysUnmount"] = true + + return nil + } + Mounted = func(mnt string) (bool, error) { calls["Mounted"] = true if !strings.HasPrefix(mnt, "/tmp/docker-test-devmapper-") || !strings.HasSuffix(mnt, "/mnt/1") { @@ -494,21 +500,16 @@ func TestDriverCreate(t *testing.T) { "?ioctl.loopctlgetfree", ) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } calls.Assert(t, "DmTaskCreate", "DmTaskGetInfo", - "sysMount", "DmTaskRun", - "DmTaskSetTarget", "DmTaskSetSector", - "DmTaskSetCookie", - "DmUdevWait", "DmTaskSetName", "DmTaskSetMessage", - "DmTaskSetAddNode", ) }() @@ -547,7 +548,6 @@ func TestDriverRemove(t *testing.T) { return nil } sysUnmount = func(target string, flags int) (err error) { - calls["sysUnmount"] = true // FIXME: compare the exact source and target strings (inodes + devname) if expectedTarget := "/tmp/docker-test-devmapper-"; !strings.HasPrefix(target, expectedTarget) { t.Fatalf("Wrong syscall call\nExpected: Mount(%v)\nReceived: Mount(%v)\n", expectedTarget, target) @@ -612,22 +612,17 @@ func TestDriverRemove(t *testing.T) { "?ioctl.loopctlgetfree", ) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } calls.Assert(t, "DmTaskCreate", "DmTaskGetInfo", - "sysMount", "DmTaskRun", - "DmTaskSetTarget", "DmTaskSetSector", - "DmTaskSetCookie", - "DmUdevWait", "DmTaskSetName", "DmTaskSetMessage", - "DmTaskSetAddNode", ) Mounted = func(mnt string) (bool, error) { @@ -650,7 +645,6 @@ func TestDriverRemove(t *testing.T) { "DmTaskSetTarget", "DmTaskSetAddNode", "DmUdevWait", - "sysUnmount", ) }() runtime.GC() @@ -668,21 +662,21 @@ func TestCleanup(t *testing.T) { mountPoints := make([]string, 2) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } // Mount the id - p, err := d.Get("1") + p, err := d.Get("1", "") if err != nil { t.Fatal(err) } mountPoints[0] = p - if err := d.Create("2", "1", ""); err != nil { + if err := d.Create("2", "1"); err != nil { t.Fatal(err) } - p, err = d.Get("2") + p, err = d.Get("2", "") if err != nil { t.Fatal(err) } @@ -731,7 +725,7 @@ func TestNotMounted(t *testing.T) { d := newDriver(t) defer cleanup(d) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } @@ -749,10 +743,10 @@ func TestMounted(t *testing.T) { d := newDriver(t) defer cleanup(d) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } - if _, err := d.Get("1"); err != nil { + if _, err := d.Get("1", ""); err != nil { t.Fatal(err) } @@ -769,10 +763,10 @@ func TestInitCleanedDriver(t *testing.T) { t.Skip("FIXME: not a unit test") d := newDriver(t) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } - if _, err := d.Get("1"); err != nil { + if _, err := d.Get("1", ""); err != nil { t.Fatal(err) } @@ -787,7 +781,7 @@ func TestInitCleanedDriver(t *testing.T) { d = driver.(*Driver) defer cleanup(d) - if _, err := d.Get("1"); err != nil { + if _, err := d.Get("1", ""); err != nil { t.Fatal(err) } } @@ -797,16 +791,16 @@ func TestMountMountedDriver(t *testing.T) { d := newDriver(t) defer cleanup(d) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } // Perform get on same id to ensure that it will // not be mounted twice - if _, err := d.Get("1"); err != nil { + if _, err := d.Get("1", ""); err != nil { t.Fatal(err) } - if _, err := d.Get("1"); err != nil { + if _, err := d.Get("1", ""); err != nil { t.Fatal(err) } } @@ -816,7 +810,7 @@ func TestGetReturnsValidDevice(t *testing.T) { d := newDriver(t) defer cleanup(d) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } @@ -824,7 +818,7 @@ func TestGetReturnsValidDevice(t *testing.T) { t.Fatalf("Expected id 1 to be in device set") } - if _, err := d.Get("1"); err != nil { + if _, err := d.Get("1", ""); err != nil { t.Fatal(err) } @@ -844,11 +838,11 @@ func TestDriverGetSize(t *testing.T) { d := newDriver(t) defer cleanup(d) - if err := d.Create("1", "", ""); err != nil { + if err := d.Create("1", ""); err != nil { t.Fatal(err) } - mountPoint, err := d.Get("1") + mountPoint, err := d.Get("1", "") if err != nil { t.Fatal(err) } diff --git a/daemon/graphdriver/driver.go b/daemon/graphdriver/driver.go index bd4c2faaca..80bf8a0143 100644 --- a/daemon/graphdriver/driver.go +++ b/daemon/graphdriver/driver.go @@ -13,10 +13,10 @@ type InitFunc func(root string) (Driver, error) type Driver interface { String() string - Create(id, parent string, mountLabel string) error + Create(id, parent string) error Remove(id string) error - Get(id string) (dir string, err error) + Get(id, mountLabel string) (dir string, err error) Put(id string) Exists(id string) bool diff --git a/daemon/graphdriver/vfs/driver.go b/daemon/graphdriver/vfs/driver.go index 40acde7b75..765b21cded 100644 --- a/daemon/graphdriver/vfs/driver.go +++ b/daemon/graphdriver/vfs/driver.go @@ -42,7 +42,7 @@ func copyDir(src, dst string) error { return nil } -func (d *Driver) Create(id string, parent string, mountLabel string) error { +func (d *Driver) Create(id, parent string) error { dir := d.dir(id) if err := os.MkdirAll(path.Dir(dir), 0700); err != nil { return err @@ -53,7 +53,7 @@ func (d *Driver) Create(id string, parent string, mountLabel string) error { if parent == "" { return nil } - parentDir, err := d.Get(parent) + parentDir, err := d.Get(parent, "") if err != nil { return fmt.Errorf("%s: %s", parent, err) } @@ -74,7 +74,7 @@ func (d *Driver) Remove(id string) error { return os.RemoveAll(d.dir(id)) } -func (d *Driver) Get(id string) (string, error) { +func (d *Driver) Get(id, mountLabel string) (string, error) { dir := d.dir(id) if st, err := os.Stat(dir); err != nil { return "", err diff --git a/daemon/networkdriver/bridge/driver.go b/daemon/networkdriver/bridge/driver.go index 90782a5824..c64aa423d1 100644 --- a/daemon/networkdriver/bridge/driver.go +++ b/daemon/networkdriver/bridge/driver.go @@ -2,6 +2,11 @@ package bridge import ( "fmt" + "io/ioutil" + "log" + "net" + "strings" + "github.com/dotcloud/docker/daemon/networkdriver" "github.com/dotcloud/docker/daemon/networkdriver/ipallocator" "github.com/dotcloud/docker/daemon/networkdriver/portallocator" @@ -9,11 +14,8 @@ import ( "github.com/dotcloud/docker/engine" "github.com/dotcloud/docker/pkg/iptables" "github.com/dotcloud/docker/pkg/netlink" + "github.com/dotcloud/docker/pkg/networkfs/resolvconf" "github.com/dotcloud/docker/utils" - "io/ioutil" - "log" - "net" - "strings" ) const ( @@ -97,8 +99,12 @@ func InitDriver(job *engine.Job) engine.Status { network = addr.(*net.IPNet) // validate that the bridge ip matches the ip specified by BridgeIP if bridgeIP != "" { - if !network.IP.Equal(net.ParseIP(bridgeIP)) { - return job.Errorf("bridge ip (%s) does not match existing bridge configuration %s", network.IP, bridgeIP) + bip, _, err := net.ParseCIDR(bridgeIP) + if err != nil { + return job.Error(err) + } + if !network.IP.Equal(bip) { + return job.Errorf("bridge ip (%s) does not match existing bridge configuration %s", network.IP, bip) } } } @@ -218,13 +224,13 @@ func setupIPTables(addr net.Addr, icc bool) error { // If it can't find an address which doesn't conflict, it will return an error. func createBridge(bridgeIP string) error { nameservers := []string{} - resolvConf, _ := utils.GetResolvConf() + resolvConf, _ := resolvconf.Get() // we don't check for an error here, because we don't really care // if we can't read /etc/resolv.conf. So instead we skip the append // if resolvConf is nil. It either doesn't exist, or we can't read it // for some reason. if resolvConf != nil { - nameservers = append(nameservers, utils.GetNameserversAsCIDR(resolvConf)...) + nameservers = append(nameservers, resolvconf.GetNameserversAsCIDR(resolvConf)...) } var ifaceAddr string diff --git a/daemon/sorter.go b/daemon/sorter.go deleted file mode 100644 index c1525aa350..0000000000 --- a/daemon/sorter.go +++ /dev/null @@ -1,25 +0,0 @@ -package daemon - -import "sort" - -type containerSorter struct { - containers []*Container - by func(i, j *Container) bool -} - -func (s *containerSorter) Len() int { - return len(s.containers) -} - -func (s *containerSorter) Swap(i, j int) { - s.containers[i], s.containers[j] = s.containers[j], s.containers[i] -} - -func (s *containerSorter) Less(i, j int) bool { - return s.by(s.containers[i], s.containers[j]) -} - -func sortContainers(containers []*Container, predicate func(i, j *Container) bool) { - s := &containerSorter{containers, predicate} - sort.Sort(s) -} diff --git a/daemon/state.go b/daemon/state.go index aabb5e43ba..562929c87a 100644 --- a/daemon/state.go +++ b/daemon/state.go @@ -14,7 +14,6 @@ type State struct { ExitCode int StartedAt time.Time FinishedAt time.Time - Ghost bool } // String returns a human-readable description of the state @@ -23,9 +22,6 @@ func (s *State) String() string { defer s.RUnlock() if s.Running { - if s.Ghost { - return fmt.Sprintf("Ghost") - } return fmt.Sprintf("Up %s", utils.HumanDuration(time.Now().UTC().Sub(s.StartedAt))) } if s.FinishedAt.IsZero() { @@ -41,13 +37,6 @@ func (s *State) IsRunning() bool { return s.Running } -func (s *State) IsGhost() bool { - s.RLock() - defer s.RUnlock() - - return s.Ghost -} - func (s *State) GetExitCode() int { s.RLock() defer s.RUnlock() @@ -55,19 +44,11 @@ func (s *State) GetExitCode() int { return s.ExitCode } -func (s *State) SetGhost(val bool) { - s.Lock() - defer s.Unlock() - - s.Ghost = val -} - func (s *State) SetRunning(pid int) { s.Lock() defer s.Unlock() s.Running = true - s.Ghost = false s.ExitCode = 0 s.Pid = pid s.StartedAt = time.Now().UTC() diff --git a/daemon/volumes.go b/daemon/volumes.go index 4a5c4475b7..a15e3084b2 100644 --- a/daemon/volumes.go +++ b/daemon/volumes.go @@ -2,14 +2,15 @@ package daemon import ( "fmt" - "github.com/dotcloud/docker/archive" - "github.com/dotcloud/docker/daemon/execdriver" - "github.com/dotcloud/docker/utils" "io/ioutil" "os" "path/filepath" "strings" "syscall" + + "github.com/dotcloud/docker/archive" + "github.com/dotcloud/docker/daemon/execdriver" + "github.com/dotcloud/docker/utils" ) type BindMap struct { @@ -34,14 +35,8 @@ func prepareVolumesForContainer(container *Container) error { } func setupMountsForContainer(container *Container) error { - envPath, err := container.EnvConfigPath() - if err != nil { - return err - } - mounts := []execdriver.Mount{ {container.daemon.sysInitPath, "/.dockerinit", false, true}, - {envPath, "/.dockerenv", false, true}, {container.ResolvConfPath, "/etc/resolv.conf", false, true}, } @@ -204,7 +199,7 @@ func createVolumes(container *Container) error { if err != nil { return err } - srcPath, err = volumesDriver.Get(c.ID) + srcPath, err = volumesDriver.Get(c.ID, "") if err != nil { return fmt.Errorf("Driver %s failed to get volume rootfs %s: %s", volumesDriver, c.ID, err) } @@ -217,15 +212,26 @@ func createVolumes(container *Container) error { srcPath = p } - container.Volumes[volPath] = srcPath - container.VolumesRW[volPath] = srcRW - // Create the mountpoint - volPath = filepath.Join(container.basefs, volPath) - rootVolPath, err := utils.FollowSymlinkInScope(volPath, container.basefs) + rootVolPath, err := utils.FollowSymlinkInScope(filepath.Join(container.basefs, volPath), container.basefs) if err != nil { return err } + + newVolPath, err := filepath.Rel(container.basefs, rootVolPath) + if err != nil { + return err + } + newVolPath = "/" + newVolPath + + if volPath != newVolPath { + delete(container.Volumes, volPath) + delete(container.VolumesRW, volPath) + } + + container.Volumes[newVolPath] = srcPath + container.VolumesRW[newVolPath] = srcRW + if err := createIfNotExists(rootVolPath, volIsDir); err != nil { return err } @@ -246,22 +252,22 @@ func createVolumes(container *Container) error { if err := archive.CopyWithTar(rootVolPath, srcPath); err != nil { return err } + } + } - var stat syscall.Stat_t - if err := syscall.Stat(rootVolPath, &stat); err != nil { - return err - } - var srcStat syscall.Stat_t - if err := syscall.Stat(srcPath, &srcStat); err != nil { - return err - } - // Change the source volume's ownership if it differs from the root - // files that were just copied - if stat.Uid != srcStat.Uid || stat.Gid != srcStat.Gid { - if err := os.Chown(srcPath, int(stat.Uid), int(stat.Gid)); err != nil { - return err - } - } + var stat syscall.Stat_t + if err := syscall.Stat(rootVolPath, &stat); err != nil { + return err + } + var srcStat syscall.Stat_t + if err := syscall.Stat(srcPath, &srcStat); err != nil { + return err + } + // Change the source volume's ownership if it differs from the root + // files that were just copied + if stat.Uid != srcStat.Uid || stat.Gid != srcStat.Gid { + if err := os.Chown(srcPath, int(stat.Uid), int(stat.Gid)); err != nil { + return err } } } diff --git a/daemonconfig/config.go b/daemonconfig/config.go index 2803f827f4..619bfe582f 100644 --- a/daemonconfig/config.go +++ b/daemonconfig/config.go @@ -29,6 +29,7 @@ type Config struct { Mtu int DisableNetwork bool EnableSelinuxSupport bool + Context map[string][]string } // ConfigFromJob creates and returns a new DaemonConfig object @@ -46,7 +47,7 @@ func ConfigFromJob(job *engine.Job) *Config { InterContainerCommunication: job.GetenvBool("InterContainerCommunication"), GraphDriver: job.Getenv("GraphDriver"), ExecDriver: job.Getenv("ExecDriver"), - EnableSelinuxSupport: false, // FIXME: hardcoded default to disable selinux for .10 release + EnableSelinuxSupport: job.GetenvBool("EnableSelinuxSupport"), } if dns := job.GetenvList("Dns"); dns != nil { config.Dns = dns diff --git a/docker/docker.go b/docker/docker.go index a4cbe8d865..60f34a1f14 100644 --- a/docker/docker.go +++ b/docker/docker.go @@ -7,6 +7,7 @@ import ( "io/ioutil" "log" "os" + "runtime" "strings" "github.com/dotcloud/docker/api" @@ -42,11 +43,11 @@ func main() { flDaemon = flag.Bool([]string{"d", "-daemon"}, false, "Enable daemon mode") flDebug = flag.Bool([]string{"D", "-debug"}, false, "Enable debug mode") flAutoRestart = flag.Bool([]string{"r", "-restart"}, true, "Restart previously running containers") - bridgeName = flag.String([]string{"b", "-bridge"}, "", "Attach containers to a pre-existing network bridge; use 'none' to disable container networking") + bridgeName = flag.String([]string{"b", "-bridge"}, "", "Attach containers to a pre-existing network bridge\nuse 'none' to disable container networking") bridgeIp = flag.String([]string{"#bip", "-bip"}, "", "Use this CIDR notation address for the network bridge's IP, not compatible with -b") pidfile = flag.String([]string{"p", "-pidfile"}, "/var/run/docker.pid", "Path to use for daemon PID file") flRoot = flag.String([]string{"g", "-graph"}, "/var/lib/docker", "Path to use as the root of the docker runtime") - flSocketGroup = flag.String([]string{"G", "-group"}, "docker", "Group to assign the unix socket specified by -H when running in daemon mode; use '' (the empty string) to disable setting of a group") + flSocketGroup = flag.String([]string{"G", "-group"}, "docker", "Group to assign the unix socket specified by -H when running in daemon mode\nuse '' (the empty string) to disable setting of a group") flEnableCors = flag.Bool([]string{"#api-enable-cors", "-api-enable-cors"}, false, "Enable CORS headers in the remote API") flDns = opts.NewListOpts(opts.ValidateIp4Address) flDnsSearch = opts.NewListOpts(opts.ValidateDomain) @@ -57,16 +58,17 @@ func main() { flGraphDriver = flag.String([]string{"s", "-storage-driver"}, "", "Force the docker runtime to use a specific storage driver") flExecDriver = flag.String([]string{"e", "-exec-driver"}, "native", "Force the docker runtime to use a specific exec driver") flHosts = opts.NewListOpts(api.ValidateHost) - flMtu = flag.Int([]string{"#mtu", "-mtu"}, 0, "Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available") + flMtu = flag.Int([]string{"#mtu", "-mtu"}, 0, "Set the containers network MTU\nif no value is provided: default to the default route MTU or 1500 if no default route is available") flTls = flag.Bool([]string{"-tls"}, false, "Use TLS; implied by tls-verify flags") flTlsVerify = flag.Bool([]string{"-tlsverify"}, false, "Use TLS and verify the remote (daemon: verify client, client: verify daemon)") flCa = flag.String([]string{"-tlscacert"}, dockerConfDir+defaultCaFile, "Trust only remotes providing a certificate signed by the CA given here") flCert = flag.String([]string{"-tlscert"}, dockerConfDir+defaultCertFile, "Path to TLS certificate file") flKey = flag.String([]string{"-tlskey"}, dockerConfDir+defaultKeyFile, "Path to TLS key file") + flSelinuxEnabled = flag.Bool([]string{"-selinux-enabled"}, false, "Enable selinux support") ) flag.Var(&flDns, []string{"#dns", "-dns"}, "Force docker to use specific DNS servers") flag.Var(&flDnsSearch, []string{"-dns-search"}, "Force Docker to use specific DNS search domains") - flag.Var(&flHosts, []string{"H", "-host"}, "tcp://host:port, unix://path/to/socket, fd://* or fd://socketfd to use in daemon mode. Multiple sockets can be specified") + flag.Var(&flHosts, []string{"H", "-host"}, "The socket(s) to bind to in daemon mode\nspecified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd.") flag.Parse() @@ -96,6 +98,10 @@ func main() { } if *flDaemon { + if os.Geteuid() != 0 { + log.Fatalf("The Docker daemon needs to be run as root") + } + if flag.NArg() != 0 { flag.Usage() return @@ -120,13 +126,15 @@ func main() { log.Fatalf("Unable to get the full path to root (%s): %s", root, err) } } - - eng, err := engine.New(realRoot) - if err != nil { + if err := checkKernelAndArch(); err != nil { log.Fatal(err) } + + eng := engine.New() // Load builtins - builtins.Register(eng) + if err := builtins.Register(eng); err != nil { + log.Fatal(err) + } // load the daemon in the background so we can immediately start // the http api so that connections don't fail while the daemon // is booting @@ -147,6 +155,7 @@ func main() { job.Setenv("GraphDriver", *flGraphDriver) job.Setenv("ExecDriver", *flExecDriver) job.SetenvInt("Mtu", *flMtu) + job.SetenvBool("EnableSelinuxSupport", *flSelinuxEnabled) if err := job.Run(); err != nil { log.Fatal(err) } @@ -239,3 +248,27 @@ func main() { func showVersion() { fmt.Printf("Docker version %s, build %s\n", dockerversion.VERSION, dockerversion.GITCOMMIT) } + +func checkKernelAndArch() error { + // Check for unsupported architectures + if runtime.GOARCH != "amd64" { + return fmt.Errorf("The docker runtime currently only supports amd64 (not %s). This will change in the future. Aborting.", runtime.GOARCH) + } + // Check for unsupported kernel versions + // FIXME: it would be cleaner to not test for specific versions, but rather + // test for specific functionalities. + // Unfortunately we can't test for the feature "does not cause a kernel panic" + // without actually causing a kernel panic, so we need this workaround until + // the circumstances of pre-3.8 crashes are clearer. + // For details see http://github.com/dotcloud/docker/issues/407 + if k, err := utils.GetKernelVersion(); err != nil { + log.Printf("WARNING: %s\n", err) + } else { + if utils.CompareKernelVersion(k, &utils.KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0}) < 0 { + if os.Getenv("DOCKER_NOWARN_KERNEL_VERSION") == "" { + log.Printf("WARNING: You are running linux kernel version %s, which might be unstable running docker. Please upgrade your kernel to 3.8.0.", k.String()) + } + } + } + return nil +} diff --git a/docs/Dockerfile b/docs/Dockerfile index d832dcb798..a907072ddf 100644 --- a/docs/Dockerfile +++ b/docs/Dockerfile @@ -8,11 +8,6 @@ RUN apt-get update && apt-get install -yq make python-pip python-setuptools vim RUN pip install mkdocs -# installing sphinx for the rst->md conversion only - will be removed after May release -# pip installs from docs/requirements.txt, but here to increase cacheability -RUN pip install Sphinx==1.2.1 -RUN pip install sphinxcontrib-httpdomain==1.2.0 - # add MarkdownTools to get transclusion # (future development) #RUN easy_install -U setuptools @@ -33,11 +28,10 @@ ADD . /docs ADD MAINTAINERS /docs/sources/humans.txt WORKDIR /docs -#build the sphinx html -#RUN make -C /docs clean docs - -#convert to markdown -#RUN ./convert.sh +RUN VERSION=$(cat /docs/VERSION) &&\ + GIT_BRANCH=$(cat /docs/GIT_BRANCH) &&\ + AWS_S3_BUCKET=$(cat /docs/AWS_S3_BUCKET) &&\ + echo "{% set docker_version = \"${VERSION}\" %}{% set docker_branch = \"${GIT_BRANCH}\" %}{% set aws_bucket = \"${AWS_S3_BUCKET}\" %}{% include \"beta_warning.html\" %}" > /docs/theme/mkdocs/version.html # note, EXPOSE is only last because of https://github.com/dotcloud/docker/issues/3525 EXPOSE 8000 diff --git a/docs/Makefile b/docs/Makefile deleted file mode 100644 index a4efbf2102..0000000000 --- a/docs/Makefile +++ /dev/null @@ -1,185 +0,0 @@ -# Makefile for Sphinx documentation -# - -# You can set these variables from the command line. -SPHINXOPTS = -SPHINXBUILD = sphinx-build -PAPER = -BUILDDIR = _build -PYTHON = python - -# Internal variables. -PAPEROPT_a4 = -D latex_paper_size=a4 -PAPEROPT_letter = -D latex_paper_size=letter -ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) sources -# the i18n builder cannot share the environment and doctrees with the others -I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . - -.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext - -help: - @echo "Please use \`make ' where is one of" -# @echo " html to make standalone HTML files" -# @echo " dirhtml to make HTML files named index.html in directories" -# @echo " singlehtml to make a single large HTML file" -# @echo " pickle to make pickle files" -# @echo " json to make JSON files" -# @echo " htmlhelp to make HTML files and a HTML help project" -# @echo " qthelp to make HTML files and a qthelp project" -# @echo " devhelp to make HTML files and a Devhelp project" -# @echo " epub to make an epub" -# @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" -# @echo " latexpdf to make LaTeX files and run them through pdflatex" -# @echo " text to make text files" - @echo " man to make a manual page" -# @echo " texinfo to make Texinfo files" -# @echo " info to make Texinfo files and run them through makeinfo" -# @echo " gettext to make PO message catalogs" -# @echo " changes to make an overview of all changed/added/deprecated items" -# @echo " linkcheck to check all external links for integrity" -# @echo " doctest to run all doctests embedded in the documentation (if enabled)" - @echo " docs to build the docs and copy the static files to the outputdir" - @echo " server to serve the docs in your browser under \`http://localhost:8000\`" - @echo " publish to publish the app to dotcloud" - -clean: - -rm -rf $(BUILDDIR)/* - -docs: - $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/html - @echo - @echo "Build finished. The documentation pages are now in $(BUILDDIR)/html." - -server: docs - @cd $(BUILDDIR)/html; $(PYTHON) -m SimpleHTTPServer 8000 - -site: - cp -r website $(BUILDDIR)/ - cp -r theme/docker/static/ $(BUILDDIR)/website/ - @echo - @echo "The Website pages are in $(BUILDDIR)/site." - -connect: - @echo connecting dotcloud to www.docker.io website, make sure to use user 1 - @echo or create your own "dockerwebsite" app - @cd $(BUILDDIR)/website/ ; \ - dotcloud connect dockerwebsite ; \ - dotcloud list - -push: - @cd $(BUILDDIR)/website/ ; \ - dotcloud push - -$(VERSIONS): - @echo "Hello world" - -html: - $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html - @echo - @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." - -dirhtml: - $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml - @echo - @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." - -singlehtml: - $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml - @echo - @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." - -pickle: - $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle - @echo - @echo "Build finished; now you can process the pickle files." - -json: - $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json - @echo - @echo "Build finished; now you can process the JSON files." - -htmlhelp: - $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp - @echo - @echo "Build finished; now you can run HTML Help Workshop with the" \ - ".hhp project file in $(BUILDDIR)/htmlhelp." - -qthelp: - $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp - @echo - @echo "Build finished; now you can run "qcollectiongenerator" with the" \ - ".qhcp project file in $(BUILDDIR)/qthelp, like this:" - @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/Docker.qhcp" - @echo "To view the help file:" - @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/Docker.qhc" - -devhelp: - $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp - @echo - @echo "Build finished." - @echo "To view the help file:" - @echo "# mkdir -p $$HOME/.local/share/devhelp/Docker" - @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/Docker" - @echo "# devhelp" - -epub: - $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub - @echo - @echo "Build finished. The epub file is in $(BUILDDIR)/epub." - -latex: - $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex - @echo - @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." - @echo "Run \`make' in that directory to run these through (pdf)latex" \ - "(use \`make latexpdf' here to do that automatically)." - -latexpdf: - $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex - @echo "Running LaTeX files through pdflatex..." - $(MAKE) -C $(BUILDDIR)/latex all-pdf - @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." - -text: - $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text - @echo - @echo "Build finished. The text files are in $(BUILDDIR)/text." - -man: - $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man - @echo - @echo "Build finished. The manual pages are in $(BUILDDIR)/man." - -texinfo: - $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo - @echo - @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." - @echo "Run \`make' in that directory to run these through makeinfo" \ - "(use \`make info' here to do that automatically)." - -info: - $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo - @echo "Running Texinfo files through makeinfo..." - make -C $(BUILDDIR)/texinfo info - @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." - -gettext: - $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale - @echo - @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." - -changes: - $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes - @echo - @echo "The overview file is in $(BUILDDIR)/changes." - -linkcheck: - $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck - @echo - @echo "Link check complete; look for any errors in the above output " \ - "or in $(BUILDDIR)/linkcheck/output.txt." - -doctest: - $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest - @echo "Testing of doctests in the sources finished, look at the " \ - "results in $(BUILDDIR)/doctest/output.txt." diff --git a/docs/README.md b/docs/README.md index a113cb9edd..47b390bda4 100755 --- a/docs/README.md +++ b/docs/README.md @@ -1,104 +1,99 @@ -Docker Documentation -==================== +# Docker Documentation -Overview --------- - -The source for Docker documentation is here under ``sources/`` and uses +The source for Docker documentation is here under `sources/` and uses extended Markdown, as implemented by [mkdocs](http://mkdocs.org). -The HTML files are built and hosted on https://docs.docker.io, and update -automatically after each change to the master or release branch of the -[docker files on GitHub](https://github.com/dotcloud/docker) thanks to -post-commit hooks. The "release" branch maps to the "latest" -documentation and the "master" (unreleased development) branch maps to the "master" -documentation. +The HTML files are built and hosted on `https://docs.docker.io`, and +update automatically after each change to the master or release branch +of [Docker on GitHub](https://github.com/dotcloud/docker) +thanks to post-commit hooks. The "docs" branch maps to the "latest" +documentation and the "master" (unreleased development) branch maps to +the "master" documentation. ## Branches -**There are two branches related to editing docs**: ``master`` and a -``docs`` branch. You should always edit -docs on a local branch of the ``master`` branch, and send a PR against ``master``. -That way your fixes -will automatically get included in later releases, and docs maintainers -can easily cherry-pick your changes into the ``docs`` release branch. -In the rare case where your change is not forward-compatible, -you may need to base your changes on the ``docs`` branch. +**There are two branches related to editing docs**: `master` and a +`docs` branch. You should always edit documentation on a local branch +of the `master` branch, and send a PR against `master`. -Now that we have a ``docs`` branch, we can keep the [http://docs.docker.io](http://docs.docker.io) docs -up to date with any bugs found between ``docker`` code releases. +That way your fixes will automatically get included in later releases, +and docs maintainers can easily cherry-pick your changes into the +`docs` release branch. In the rare case where your change is not +forward-compatible, you may need to base your changes on the `docs` +branch. -**Warning**: When *reading* the docs, the [http://beta-docs.docker.io](http://beta-docs.docker.io) documentation may -include features not yet part of any official docker -release. The ``beta-docs`` site should be used only for understanding -bleeding-edge development and ``docs.docker.io`` (which points to the ``docs`` -branch``) should be used for the latest official release. +Also, now that we have a `docs` branch, we can keep the +[http://docs.docker.io](http://docs.docker.io) docs up to date with any +bugs found between `docker` code releases. -Getting Started ---------------- +**Warning**: When *reading* the docs, the +[http://beta-docs.docker.io](http://beta-docs.docker.io) documentation +may include features not yet part of any official docker release. The +`beta-docs` site should be used only for understanding bleeding-edge +development and `docs.docker.io` (which points to the `docs` +branch`) should be used for the latest official release. -Docker documentation builds are done in a docker container, which installs all -the required tools, adds the local ``docs/`` directory and builds the HTML -docs. It then starts a HTTP server on port 8000 so that you can connect -and see your changes. +## Contributing -In the ``docker`` source directory, run: - ```make docs``` +- Follow the contribution guidelines ([see + `../CONTRIBUTING.md`](../CONTRIBUTING.md)). +- [Remember to sign your work!](../CONTRIBUTING.md#sign-your-work) -If you have any issues you need to debug, you can use ``make docs-shell`` and -then run ``mkdocs serve`` +## Getting Started -# Contributing +Docker documentation builds are done in a Docker container, which +installs all the required tools, adds the local `docs/` directory and +builds the HTML docs. It then starts a HTTP server on port 8000 so that +you can connect and see your changes. -## Normal Case: +In the root of the `docker` source directory: -* Follow the contribution guidelines ([see - ``../CONTRIBUTING.md``](../CONTRIBUTING.md)). -* [Remember to sign your work!](../CONTRIBUTING.md#sign-your-work) -* Work in your own fork of the code, we accept pull requests. -* Change the ``.md`` files with your favorite editor -- try to keep the - lines short (80 chars) and respect Markdown conventions. -* Run ``make clean docs`` to clean up old files and generate new ones, - or just ``make docs`` to update after small changes. -* Your static website can now be found in the ``_build`` directory. -* To preview what you have generated run ``make server`` and open - http://localhost:8000/ in your favorite browser. + make docs -``make clean docs`` must complete without any warnings or errors. +If you have any issues you need to debug, you can use `make docs-shell` and +then run `mkdocs serve` -Working using GitHub's file editor ----------------------------------- +### Examples + +When writing examples give the user hints by making them resemble what +they see in their shell: + +- Indent shell examples by 4 spaces so they get rendered as code. +- Start typed commands with `$ ` (dollar space), so that they are easily +differentiated from program output. +- Program output has no prefix. +- Comments begin with `# ` (hash space). +- In-container shell commands begin with `$$ ` (dollar dollar space). + +### Images + +When you need to add images, try to make them as small as possible +(e.g. as gifs). Usually images should go in the same directory as the +`.md` file which references them, or in a subdirectory if one already +exists. + +## Working using GitHub's file editor Alternatively, for small changes and typos you might want to use GitHub's built in file editor. It allows you to preview your changes -right online (though there can be some differences between GitHub -Markdown and mkdocs Markdown). Just be careful not to create many commits. -And you must still [sign your work!](../CONTRIBUTING.md#sign-your-work) +right on-line (though there can be some differences between GitHub +Markdown and [MkDocs Markdown](http://www.mkdocs.org/user-guide/writing-your-docs/)). +Just be careful not to create many commits. And you must still +[sign your work!](../CONTRIBUTING.md#sign-your-work) -Images ------- +## Publishing Documentation -When you need to add images, try to make them as small as possible -(e.g. as gif). Usually images should go in the same directory as the -.md file which references them, or in a subdirectory if one already -exists. - -Publishing Documentation ------------------------- - -To publish a copy of the documentation you need a ``docs/awsconfig`` -file containing AWS settings to deploy to. The release script will +To publish a copy of the documentation you need a `docs/awsconfig` +file containing AWS settings to deploy to. The release script will create an s3 if needed, and will then push the files to it. -``` -[profile dowideit-docs] -aws_access_key_id = IHOIUAHSIDH234rwf.... -aws_secret_access_key = OIUYSADJHLKUHQWIUHE...... -region = ap-southeast-2 -``` + [profile dowideit-docs] + aws_access_key_id = IHOIUAHSIDH234rwf.... + aws_secret_access_key = OIUYSADJHLKUHQWIUHE...... + region = ap-southeast-2 -The ``profile`` name must be the same as the name of the bucket you are -deploying to - which you call from the docker directory: +The `profile` name must be the same as the name of the bucket you are +deploying to - which you call from the `docker` directory: -``make AWS_S3_BUCKET=dowideit-docs docs-release`` + make AWS_S3_BUCKET=dowideit-docs docs-release diff --git a/docs/asciinema.patch b/docs/asciinema.patch deleted file mode 100644 index 297c535815..0000000000 --- a/docs/asciinema.patch +++ /dev/null @@ -1,86 +0,0 @@ -diff --git a/docs/sources/examples/hello_world.md b/docs/sources/examples/hello_world.md -index 6e072f6..5a4537d 100644 ---- a/docs/sources/examples/hello_world.md -+++ b/docs/sources/examples/hello_world.md -@@ -59,6 +59,9 @@ standard out. - - See the example in action - -+ -+ -+ - ## Hello World Daemon - - Note -@@ -142,6 +145,8 @@ Make sure it is really stopped. - - See the example in action - -+ -+ - The next example in the series is a [*Node.js Web - App*](../nodejs_web_app/#nodejs-web-app) example, or you could skip to - any of the other examples: -diff --git a/docs/asciinema.patch b/docs/asciinema.patch -index e240bf3..e69de29 100644 ---- a/docs/asciinema.patch -+++ b/docs/asciinema.patch -@@ -1,23 +0,0 @@ --diff --git a/docs/sources/examples/hello_world.md b/docs/sources/examples/hello_world.md --index 6e072f6..5a4537d 100644 ----- a/docs/sources/examples/hello_world.md --+++ b/docs/sources/examples/hello_world.md --@@ -59,6 +59,9 @@ standard out. -- -- See the example in action -- --+ --+ --+ -- ## Hello World Daemon -- -- Note --@@ -142,6 +145,8 @@ Make sure it is really stopped. -- -- See the example in action -- --+ --+ -- The next example in the series is a [*Node.js Web -- App*](../nodejs_web_app/#nodejs-web-app) example, or you could skip to -- any of the other examples: -diff --git a/docs/sources/examples/hello_world.md b/docs/sources/examples/hello_world.md -index 6e072f6..c277f38 100644 ---- a/docs/sources/examples/hello_world.md -+++ b/docs/sources/examples/hello_world.md -@@ -59,6 +59,8 @@ standard out. - - See the example in action - -+ -+ - ## Hello World Daemon - - Note -@@ -142,6 +144,8 @@ Make sure it is really stopped. - - See the example in action - -+ -+ - The next example in the series is a [*Node.js Web - App*](../nodejs_web_app/#nodejs-web-app) example, or you could skip to - any of the other examples: -diff --git a/docs/sources/use/workingwithrepository.md b/docs/sources/use/workingwithrepository.md -index 2122b8d..49edbc8 100644 ---- a/docs/sources/use/workingwithrepository.md -+++ b/docs/sources/use/workingwithrepository.md -@@ -199,6 +199,8 @@ searchable (or indexed at all) in the Central Index, and there will be - no user name checking performed. Your registry will function completely - independently from the Central Index. - -+ -+ - See also - - [Docker Blog: How to use your own diff --git a/docs/convert.sh b/docs/convert.sh deleted file mode 100755 index 2316923f6d..0000000000 --- a/docs/convert.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/sh - -cd / - -#run the sphinx build first -make -C /docs clean docs - -cd /docs - -#find sources -name '*.md*' -exec rm '{}' \; - -# convert from rst to md for mkdocs.org -# TODO: we're using a sphinx specific rst thing to do between docs links, which we then need to convert to mkdocs specific markup (and pandoc loses it when converting to html / md) -HTML_FILES=$(find _build -name '*.html' | sed 's/_build\/html\/\(.*\)\/index.html/\1/') - -for name in ${HTML_FILES} -do - echo $name - # lets not use gratuitious unicode quotes that cause terrible copy and paste issues - sed -i 's/“/"/g' _build/html/${name}/index.html - sed -i 's/”/"/g' _build/html/${name}/index.html - pandoc -f html -t markdown --atx-headers -o sources/${name}.md1 _build/html/${name}/index.html - - #add the meta-data from the rst - egrep ':(title|description|keywords):' sources/${name}.rst | sed 's/^:/page_/' > sources/${name}.md - echo >> sources/${name}.md - #cat sources/${name}.md1 >> sources/${name}.md - # remove the paragraph links from the source - cat sources/${name}.md1 | sed 's/\[..\](#.*)//' >> sources/${name}.md - - rm sources/${name}.md1 - - sed -i 's/{.docutils .literal}//g' sources/${name}.md - sed -i 's/{.docutils$//g' sources/${name}.md - sed -i 's/^.literal} //g' sources/${name}.md - sed -i 's/`{.descname}`//g' sources/${name}.md - sed -i 's/{.descname}//g' sources/${name}.md - sed -i 's/{.xref}//g' sources/${name}.md - sed -i 's/{.xref .doc .docutils .literal}//g' sources/${name}.md - sed -i 's/{.xref .http .http-post .docutils$//g' sources/${name}.md - sed -i 's/^ .literal}//g' sources/${name}.md - - sed -i 's/\\\$container\\_id/\$container_id/' sources/examples/hello_world.md - sed -i 's/\\\$TESTFLAGS/\$TESTFLAGS/' sources/contributing/devenvironment.md - sed -i 's/\\\$MYVAR1/\$MYVAR1/g' sources/reference/commandline/cli.md - - # git it all so we can test -# git add ${name}.md -done - -#annoyingly, there are lots of failures -patch --fuzz 50 -t -p2 < pr4923.patch || true -patch --fuzz 50 -t -p2 < asciinema.patch || true diff --git a/docs/convert_with_sphinx.patch b/docs/convert_with_sphinx.patch deleted file mode 100644 index 995c9afeca..0000000000 --- a/docs/convert_with_sphinx.patch +++ /dev/null @@ -1,197 +0,0 @@ -diff --git a/docs/Dockerfile b/docs/Dockerfile -index bc2b73b..b9808b2 100644 ---- a/docs/Dockerfile -+++ b/docs/Dockerfile -@@ -4,14 +4,24 @@ MAINTAINER SvenDowideit@docker.com - # docker build -t docker:docs . && docker run -p 8000:8000 docker:docs - # - --RUN apt-get update && apt-get install -yq make python-pip python-setuptools -- -+RUN apt-get update && apt-get install -yq make python-pip python-setuptools - RUN pip install mkdocs - -+RUN apt-get install -yq vim-tiny git pandoc -+ -+# pip installs from docs/requirements.txt, but here to increase cacheability -+RUN pip install Sphinx==1.2.1 -+RUN pip install sphinxcontrib-httpdomain==1.2.0 -+ - ADD . /docs -+ -+#build the sphinx html -+RUN make -C /docs clean docs -+ - WORKDIR /docs - --CMD ["mkdocs", "serve"] -+#CMD ["mkdocs", "serve"] -+CMD bash - - # note, EXPOSE is only last because of https://github.com/dotcloud/docker/issues/3525 - EXPOSE 8000 -diff --git a/docs/theme/docker/layout.html b/docs/theme/docker/layout.html -index 7d78fb9..0dac9e0 100755 ---- a/docs/theme/docker/layout.html -+++ b/docs/theme/docker/layout.html -@@ -63,48 +63,6 @@ - - - --
--
--
--
-- --
-- --
-- -- --
--
--
-- --
-- -- --
-- --
--
--

DOCUMENTATION

--
-- -- {{ toctree(collapse=False, maxdepth=3) }} --
-- --
--
--
-- - -
- -@@ -114,111 +72,7 @@ - {% block body %}{% endblock %} - - --
Edit this article on GitHub
-
--
--
-- -- --
-- -- -- -- -- -- -- -- -- -- -- -- -- - - - diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index 38cec6ac14..c16436e892 100755 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -82,15 +82,16 @@ pages: # - ['user-guide/configuration.md', 'User Guide', 'Configuration'] # ./faq.md -# Docker Index docs: -- ['index/index.md', '**HIDDEN**'] +# Docker.io docs: +- ['docker-io/index.md', '**HIDDEN**'] # - ['index/home.md', 'Docker Index', 'Help'] -- ['index/accounts.md', 'Docker Index', 'Accounts'] -- ['index/repos.md', 'Docker Index', 'Repositories'] -- ['index/builds.md', 'Docker Index', 'Trusted Builds'] +- ['docker-io/accounts.md', 'Docker.io', 'Accounts'] +- ['docker-io/repos.md', 'Docker.io', 'Repositories'] +- ['docker-io/builds.md', 'Docker.io', 'Trusted Builds'] # Reference - ['reference/index.md', '**HIDDEN**'] +- ['reference/commandline/index.md', '**HIDDEN**'] - ['reference/commandline/cli.md', 'Reference', 'Command line'] - ['reference/builder.md', 'Reference', 'Dockerfile'] - ['reference/run.md', 'Reference', 'Run Reference'] @@ -99,28 +100,43 @@ pages: - ['articles/security.md', 'Reference', 'Security'] - ['articles/baseimages.md', 'Reference', 'Creating a Base Image'] - ['use/networking.md', 'Reference', 'Advanced networking'] -- ['reference/api/index_api.md', 'Reference', 'Docker Index API'] +- ['reference/api/index.md', '**HIDDEN**'] +- ['reference/api/docker-io_api.md', 'Reference', 'Docker.io API'] - ['reference/api/registry_api.md', 'Reference', 'Docker Registry API'] - ['reference/api/registry_index_spec.md', 'Reference', 'Registry & Index Spec'] - ['reference/api/docker_remote_api.md', 'Reference', 'Docker Remote API'] +- ['reference/api/docker_remote_api_v1.11.md', 'Reference', 'Docker Remote API v1.11'] - ['reference/api/docker_remote_api_v1.10.md', 'Reference', 'Docker Remote API v1.10'] -- ['reference/api/docker_remote_api_v1.9.md', 'Reference', 'Docker Remote API v1.9'] +- ['reference/api/docker_remote_api_v1.9.md', '**HIDDEN**'] +- ['reference/api/docker_remote_api_v1.8.md', '**HIDDEN**'] +- ['reference/api/docker_remote_api_v1.7.md', '**HIDDEN**'] +- ['reference/api/docker_remote_api_v1.6.md', '**HIDDEN**'] +- ['reference/api/docker_remote_api_v1.5.md', '**HIDDEN**'] +- ['reference/api/docker_remote_api_v1.4.md', '**HIDDEN**'] +- ['reference/api/docker_remote_api_v1.3.md', '**HIDDEN**'] +- ['reference/api/docker_remote_api_v1.2.md', '**HIDDEN**'] +- ['reference/api/docker_remote_api_v1.1.md', '**HIDDEN**'] +- ['reference/api/docker_remote_api_v1.0.md', '**HIDDEN**'] - ['reference/api/remote_api_client_libraries.md', 'Reference', 'Docker Remote API Client Libraries'] +- ['reference/api/docker_io_oauth_api.md', 'Reference', 'Docker IO OAuth API'] +- ['reference/api/docker_io_accounts_api.md', 'Reference', 'Docker IO Accounts API'] + +- ['jsearch.md', '**HIDDEN**'] + +# - ['static_files/README.md', 'static_files', 'README'] +- ['terms/index.md', '**HIDDEN**'] +- ['terms/layer.md', '**HIDDEN**'] +- ['terms/index.md', '**HIDDEN**'] +- ['terms/registry.md', '**HIDDEN**'] +- ['terms/container.md', '**HIDDEN**'] +- ['terms/repository.md', '**HIDDEN**'] +- ['terms/filesystem.md', '**HIDDEN**'] +- ['terms/image.md', '**HIDDEN**'] + +# TODO: our theme adds a dropdown even for sections that have no subsections. + #- ['faq.md', 'FAQ'] # Contribute: - ['contributing/index.md', '**HIDDEN**'] - ['contributing/contributing.md', 'Contribute', 'Contributing'] - ['contributing/devenvironment.md', 'Contribute', 'Development environment'] -# - ['about/license.md', 'About', 'License'] - -- ['jsearch.md', '**HIDDEN**'] - -# - ['static_files/README.md', 'static_files', 'README'] -#- ['terms/index.md', '**HIDDEN**'] -# - ['terms/layer.md', 'terms', 'layer'] -# - ['terms/index.md', 'terms', 'Home'] -# - ['terms/registry.md', 'terms', 'registry'] -# - ['terms/container.md', 'terms', 'container'] -# - ['terms/repository.md', 'terms', 'repository'] -# - ['terms/filesystem.md', 'terms', 'filesystem'] -# - ['terms/image.md', 'terms', 'image'] diff --git a/docs/pr4923.patch b/docs/pr4923.patch deleted file mode 100644 index ef420520f7..0000000000 --- a/docs/pr4923.patch +++ /dev/null @@ -1,12836 +0,0 @@ -diff --git a/docs/sources/articles.md b/docs/sources/articles.md -index da5a2d2..48654b0 100644 ---- a/docs/sources/articles.md -+++ b/docs/sources/articles.md -@@ -1,8 +1,7 @@ --# Articles - --## Contents: -+# Articles - --- [Docker Security](security/) --- [Create a Base Image](baseimages/) --- [Runtime Metrics](runmetrics/) -+- [Docker Security](security/) -+- [Create a Base Image](baseimages/) -+- [Runtime Metrics](runmetrics/) - -diff --git a/docs/sources/articles/runmetrics.md b/docs/sources/articles/runmetrics.md -index 1a832d1..2372282 100644 ---- a/docs/sources/articles/runmetrics.md -+++ b/docs/sources/articles/runmetrics.md -@@ -56,7 +56,7 @@ ID or long ID of the container. If a container shows up as ae836c95b4c3 - in `docker ps`, its long ID might be something like - `ae836c95b4c3c9e9179e0e91015512da89fdec91612f63cebae57df9a5444c79`{.docutils - .literal}. You can look it up with `docker inspect` --or `docker ps -notrunc`. -+or `docker ps --no-trunc`. - - Putting everything together to look at the memory metrics for a Docker - container, take a look at -diff --git a/docs/sources/articles/security.md b/docs/sources/articles/security.md -index 23d595f..13917f0 100644 ---- a/docs/sources/articles/security.md -+++ b/docs/sources/articles/security.md -@@ -5,7 +5,7 @@ page_keywords: Docker, Docker documentation, security - # Docker Security - - > *Adapted from* [Containers & Docker: How Secure are --> They?](blogsecurity) -+> They?](http://blog.docker.io/2013/08/containers-docker-how-secure-are-they/) - - There are three major areas to consider when reviewing Docker security: - -@@ -255,4 +255,4 @@ with Docker, since everything is provided by the kernel anyway. - - For more context and especially for comparisons with VMs and other - container systems, please also see the [original blog --post](blogsecurity). -+post](http://blog.docker.io/2013/08/containers-docker-how-secure-are-they/). -diff --git a/docs/sources/contributing.md b/docs/sources/contributing.md -index b311d13..0a31cb2 100644 ---- a/docs/sources/contributing.md -+++ b/docs/sources/contributing.md -@@ -1,7 +1,6 @@ --# Contributing - --## Contents: -+# Contributing - --- [Contributing to Docker](contributing/) --- [Setting Up a Dev Environment](devenvironment/) -+- [Contributing to Docker](contributing/) -+- [Setting Up a Dev Environment](devenvironment/) - -diff --git a/docs/sources/contributing/devenvironment.md b/docs/sources/contributing/devenvironment.md -index 3b77acf..76df680 100644 ---- a/docs/sources/contributing/devenvironment.md -+++ b/docs/sources/contributing/devenvironment.md -@@ -10,7 +10,7 @@ used for all tests, builds and releases. The standard development - environment defines all build dependencies: system libraries and - binaries, go environment, go dependencies, etc. - --## Install Docker -+## Step 1: Install Docker - - Docker’s build environment itself is a Docker container, so the first - step is to install Docker on your system. -@@ -20,7 +20,7 @@ system](https://docs.docker.io/en/latest/installation/). Make sure you - have a working, up-to-date docker installation, then continue to the - next step. - --## Install tools used for this tutorial -+## Step 2: Install tools used for this tutorial - - Install `git`; honest, it’s very good. You can use - other ways to get the Docker source, but they’re not anywhere near as -@@ -30,7 +30,7 @@ Install `make`. This tutorial uses our base Makefile - to kick off the docker containers in a repeatable and consistent way. - Again, you can do it in other ways but you need to do more work. - --## Check out the Source -+## Step 3: Check out the Source - - git clone http://git@github.com/dotcloud/docker - cd docker -@@ -38,7 +38,7 @@ Again, you can do it in other ways but you need to do more work. - To checkout a different revision just use `git checkout`{.docutils - .literal} with the name of branch or revision number. - --## Build the Environment -+## Step 4: Build the Environment - - This following command will build a development environment using the - Dockerfile in the current directory. Essentially, it will install all -@@ -50,7 +50,7 @@ This command will take some time to complete when you first execute it. - If the build is successful, congratulations! You have produced a clean - build of docker, neatly encapsulated in a standard build environment. - --## Build the Docker Binary -+## Step 5: Build the Docker Binary - - To create the Docker binary, run this command: - -@@ -73,7 +73,7 @@ Note - Its safer to run the tests below before swapping your hosts docker - binary. - --## Run the Tests -+## Step 5: Run the Tests - - To execute the test cases, run this command: - -@@ -114,7 +114,7 @@ eg. - - > TESTFLAGS=’-run \^TestBuild\$’ make test - --## Use Docker -+## Step 6: Use Docker - - You can run an interactive session in the newly built container: - -@@ -122,7 +122,7 @@ You can run an interactive session in the newly built container: - - # type 'exit' or Ctrl-D to exit - --## Build And View The Documentation -+## Extra Step: Build and view the Documentation - - If you want to read the documentation from a local website, or are - making changes to it, you can build the documentation and then serve it -diff --git a/docs/sources/examples.md b/docs/sources/examples.md -index 98b3d25..81ad1de 100644 ---- a/docs/sources/examples.md -+++ b/docs/sources/examples.md -@@ -1,25 +1,23 @@ - - # Examples - --## Introduction: -- - Here are some examples of how to use Docker to create running processes, - starting from a very simple *Hello World* and progressing to more - substantial services like those which you might find in production. - --## Contents: -- --- [Check your Docker install](hello_world/) --- [Hello World](hello_world/#hello-world) --- [Hello World Daemon](hello_world/#hello-world-daemon) --- [Node.js Web App](nodejs_web_app/) --- [Redis Service](running_redis_service/) --- [SSH Daemon Service](running_ssh_service/) --- [CouchDB Service](couchdb_data_volumes/) --- [PostgreSQL Service](postgresql_service/) --- [Building an Image with MongoDB](mongodb/) --- [Riak Service](running_riak_service/) --- [Using Supervisor with Docker](using_supervisord/) --- [Process Management with CFEngine](cfengine_process_management/) --- [Python Web App](python_web_app/) -+- [Check your Docker install](hello_world/) -+- [Hello World](hello_world/#hello-world) -+- [Hello World Daemon](hello_world/#hello-world-daemon) -+- [Node.js Web App](nodejs_web_app/) -+- [Redis Service](running_redis_service/) -+- [SSH Daemon Service](running_ssh_service/) -+- [CouchDB Service](couchdb_data_volumes/) -+- [PostgreSQL Service](postgresql_service/) -+- [Building an Image with MongoDB](mongodb/) -+- [Riak Service](running_riak_service/) -+- [Using Supervisor with Docker](using_supervisord/) -+- [Process Management with CFEngine](cfengine_process_management/) -+- [Python Web App](python_web_app/) -+- [Apt-Cacher-ng Service](apt-cacher-ng/) -+- [Running Docker with https](https/) - -diff --git a/docs/sources/examples/couchdb_data_volumes.md b/docs/sources/examples/couchdb_data_volumes.md -index c4d478e..9665bb0 100644 ---- a/docs/sources/examples/couchdb_data_volumes.md -+++ b/docs/sources/examples/couchdb_data_volumes.md -@@ -11,6 +11,8 @@ Note - install*](../hello_world/#running-examples). - - **If you don’t like sudo** then see [*Giving non-root - access*](../../installation/binaries/#dockergroup) -+- **If you’re using OS X or docker via TCP** then you shouldn’t use -+ sudo - - Here’s an example of using data volumes to share the same data between - two CouchDB containers. This could be used for hot upgrades, testing -diff --git a/docs/sources/examples/hello_world.md b/docs/sources/examples/hello_world.md -index 8f2ae58..a9b0d7d 100644 ---- a/docs/sources/examples/hello_world.md -+++ b/docs/sources/examples/hello_world.md -@@ -2,7 +2,7 @@ page_title: Hello world example - page_description: A simple hello world example with Docker - page_keywords: docker, example, hello world - --# Check your Docker installation -+# Check your Docker install - - This guide assumes you have a working installation of Docker. To check - your Docker install, run the following command: -@@ -18,7 +18,7 @@ privileges to access docker on your machine. - Please refer to [*Installation*](../../installation/#installation-list) - for installation instructions. - --## Hello World -+# Hello World - - Note - -@@ -27,6 +27,8 @@ Note - install*](#running-examples). - - **If you don’t like sudo** then see [*Giving non-root - access*](../../installation/binaries/#dockergroup) -+- **If you’re using OS X or docker via TCP** then you shouldn’t use -+ sudo - - This is the most basic example available for using Docker. - -@@ -59,7 +61,9 @@ standard out. - - See the example in action - --## Hello World Daemon -+* * * * * -+ -+# Hello World Daemon - - Note - -@@ -68,6 +72,8 @@ Note - install*](#running-examples). - - **If you don’t like sudo** then see [*Giving non-root - access*](../../installation/binaries/#dockergroup) -+- **If you’re using OS X or docker via TCP** then you shouldn’t use -+ sudo - - And now for the most boring daemon ever written! - -@@ -77,7 +83,7 @@ continue to do this until we stop it. - - **Steps:** - -- CONTAINER_ID=$(sudo docker run -d ubuntu /bin/sh -c "while true; do echo hello world; sleep 1; done") -+ container_id=$(sudo docker run -d ubuntu /bin/sh -c "while true; do echo hello world; sleep 1; done") - - We are going to run a simple hello world daemon in a new container made - from the `ubuntu` image. -@@ -89,31 +95,31 @@ from the `ubuntu` image. - - **“while true; do echo hello world; sleep 1; done”** is the mini - script we want to run, that will just print hello world once a - second until we stop it. --- **\$CONTAINER\_ID** the output of the run command will return a -+- **\$container\_id** the output of the run command will return a - container id, we can use in future commands to see what is going on - with this process. - - - -- sudo docker logs $CONTAINER_ID -+ sudo docker logs $container_id - - Check the logs make sure it is working correctly. - - - **“docker logs**” This will return the logs for a container --- **\$CONTAINER\_ID** The Id of the container we want the logs for. -+- **\$container\_id** The Id of the container we want the logs for. - - - -- sudo docker attach -sig-proxy=false $CONTAINER_ID -+ sudo docker attach --sig-proxy=false $container_id - - Attach to the container to see the results in real-time. - - - **“docker attach**” This will allow us to attach to a background - process to see what is going on. --- **“-sig-proxy=false”** Do not forward signals to the container; -+- **“–sig-proxy=false”** Do not forward signals to the container; - allows us to exit the attachment using Control-C without stopping - the container. --- **\$CONTAINER\_ID** The Id of the container we want to attach too. -+- **\$container\_id** The Id of the container we want to attach too. - - Exit from the container attachment by pressing Control-C. - -@@ -125,12 +131,12 @@ Check the process list to make sure it is running. - - - -- sudo docker stop $CONTAINER_ID -+ sudo docker stop $container_id - - Stop the container, since we don’t need it anymore. - - - **“docker stop”** This stops a container --- **\$CONTAINER\_ID** The Id of the container we want to stop. -+- **\$container\_id** The Id of the container we want to stop. - - - -diff --git a/docs/sources/examples/mongodb.md b/docs/sources/examples/mongodb.md -index 6612bf3..3708c18 100644 ---- a/docs/sources/examples/mongodb.md -+++ b/docs/sources/examples/mongodb.md -@@ -11,6 +11,8 @@ Note - install*](../hello_world/#running-examples). - - **If you don’t like sudo** then see [*Giving non-root - access*](../../installation/binaries/#dockergroup) -+- **If you’re using OS X or docker via TCP** then you shouldn’t use -+ sudo - - The goal of this example is to show how you can build your own Docker - images with MongoDB pre-installed. We will do that by constructing a -@@ -43,7 +45,7 @@ we’ll divert `/sbin/initctl` to - - # Hack for initctl not being available in Ubuntu - RUN dpkg-divert --local --rename --add /sbin/initctl -- RUN ln -s /bin/true /sbin/initctl -+ RUN ln -sf /bin/true /sbin/initctl - - Afterwards we’ll be able to update our apt repositories and install - MongoDB -@@ -75,10 +77,10 @@ Now you should be able to run `mongod` as a daemon - and be able to connect on the local port! - - # Regular style -- MONGO_ID=$(sudo docker run -d /mongodb) -+ MONGO_ID=$(sudo docker run -P -d /mongodb) - - # Lean and mean -- MONGO_ID=$(sudo docker run -d /mongodb --noprealloc --smallfiles) -+ MONGO_ID=$(sudo docker run -P -d /mongodb --noprealloc --smallfiles) - - # Check the logs out - sudo docker logs $MONGO_ID -diff --git a/docs/sources/examples/nodejs_web_app.md b/docs/sources/examples/nodejs_web_app.md -index 8d692d8..59e6c77 100644 ---- a/docs/sources/examples/nodejs_web_app.md -+++ b/docs/sources/examples/nodejs_web_app.md -@@ -11,6 +11,8 @@ Note - install*](../hello_world/#running-examples). - - **If you don’t like sudo** then see [*Giving non-root - access*](../../installation/binaries/#dockergroup) -+- **If you’re using OS X or docker via TCP** then you shouldn’t use -+ sudo - - The goal of this example is to show you how you can build your own - Docker images from a parent image using a `Dockerfile`{.docutils -@@ -82,7 +84,7 @@ CentOS, we’ll use the instructions from the [Node.js - wiki](https://github.com/joyent/node/wiki/Installing-Node.js-via-package-manager#rhelcentosscientific-linux-6): - - # Enable EPEL for Node.js -- RUN rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm -+ RUN rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm - # Install Node.js and npm - RUN yum install -y npm - -diff --git a/docs/sources/examples/postgresql_service.md b/docs/sources/examples/postgresql_service.md -index 211dcb2..b87d121 100644 ---- a/docs/sources/examples/postgresql_service.md -+++ b/docs/sources/examples/postgresql_service.md -@@ -11,6 +11,8 @@ Note - install*](../hello_world/#running-examples). - - **If you don’t like sudo** then see [*Giving non-root - access*](../../installation/binaries/#dockergroup) -+- **If you’re using OS X or docker via TCP** then you shouldn’t use -+ sudo - - ## Installing PostgreSQL on Docker - -@@ -34,7 +36,7 @@ suitably secure. - - # Add the PostgreSQL PGP key to verify their Debian packages. - # It should be the same key as https://www.postgresql.org/media/keys/ACCC4CF8.asc -- RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8 -+ RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8 - - # Add PostgreSQL's repository. It contains the most recent stable release - # of PostgreSQL, ``9.3``. -@@ -85,7 +87,7 @@ Build an image from the Dockerfile assign it a name. - - And run the PostgreSQL server container (in the foreground): - -- $ sudo docker run -rm -P -name pg_test eg_postgresql -+ $ sudo docker run --rm -P --name pg_test eg_postgresql - - There are 2 ways to connect to the PostgreSQL server. We can use [*Link - Containers*](../../use/working_with_links_names/#working-with-links-names), -@@ -93,17 +95,17 @@ or we can access it from our host (or the network). - - Note - --The `-rm` removes the container and its image when -+The `--rm` removes the container and its image when - the container exists successfully. - - ### Using container linking - - Containers can be linked to another container’s ports directly using --`-link remote_name:local_alias` in the client’s -+`--link remote_name:local_alias` in the client’s - `docker run`. This will set a number of environment - variables that can then be used to connect: - -- $ sudo docker run -rm -t -i -link pg_test:pg eg_postgresql bash -+ $ sudo docker run --rm -t -i --link pg_test:pg eg_postgresql bash - - postgres@7ef98b1b7243:/$ psql -h $PG_PORT_5432_TCP_ADDR -p $PG_PORT_5432_TCP_PORT -d docker -U docker --password - -@@ -145,7 +147,7 @@ prompt, you can create a table and populate it. - You can use the defined volumes to inspect the PostgreSQL log files and - to backup your configuration and data: - -- docker run -rm --volumes-from pg_test -t -i busybox sh -+ docker run --rm --volumes-from pg_test -t -i busybox sh - - / # ls - bin etc lib linuxrc mnt proc run sys usr -diff --git a/docs/sources/examples/python_web_app.md b/docs/sources/examples/python_web_app.md -index b5854a4..8c0d783 100644 ---- a/docs/sources/examples/python_web_app.md -+++ b/docs/sources/examples/python_web_app.md -@@ -11,6 +11,8 @@ Note - install*](../hello_world/#running-examples). - - **If you don’t like sudo** then see [*Giving non-root - access*](../../installation/binaries/#dockergroup) -+- **If you’re using OS X or docker via TCP** then you shouldn’t use -+ sudo - - While using Dockerfiles is the preferred way to create maintainable and - repeatable images, its useful to know how you can try things out and -@@ -52,7 +54,7 @@ the `$URL` variable. The container is given a name - While this example is simple, you could run any number of interactive - commands, try things out, and then exit when you’re done. - -- $ sudo docker run -i -t -name pybuilder_run shykes/pybuilder bash -+ $ sudo docker run -i -t --name pybuilder_run shykes/pybuilder bash - - $$ URL=http://github.com/shykes/helloflask/archive/master.tar.gz - $$ /usr/local/bin/buildapp $URL -diff --git a/docs/sources/examples/running_redis_service.md b/docs/sources/examples/running_redis_service.md -index 81114e6..c0511a9 100644 ---- a/docs/sources/examples/running_redis_service.md -+++ b/docs/sources/examples/running_redis_service.md -@@ -11,6 +11,8 @@ Note - install*](../hello_world/#running-examples). - - **If you don’t like sudo** then see [*Giving non-root - access*](../../installation/binaries/#dockergroup) -+- **If you’re using OS X or docker via TCP** then you shouldn’t use -+ sudo - - Very simple, no frills, Redis service attached to a web application - using a link. -@@ -20,11 +22,11 @@ using a link. - Firstly, we create a `Dockerfile` for our new Redis - image. - -- FROM ubuntu:12.10 -- RUN apt-get update -- RUN apt-get -y install redis-server -+ FROM debian:jessie -+ RUN apt-get update && apt-get install -y redis-server - EXPOSE 6379 - ENTRYPOINT ["/usr/bin/redis-server"] -+ CMD ["--bind", "0.0.0.0"] - - Next we build an image from our `Dockerfile`. - Replace `` with your own user name. -@@ -48,7 +50,7 @@ database. - ## Create your web application container - - Next we can create a container for our application. We’re going to use --the `-link` flag to create a link to the -+the `--link` flag to create a link to the - `redis` container we’ve just created with an alias - of `db`. This will create a secure tunnel to the - `redis` container and expose the Redis instance -diff --git a/docs/sources/examples/running_riak_service.md b/docs/sources/examples/running_riak_service.md -index e7171d8..c1b95e7 100644 ---- a/docs/sources/examples/running_riak_service.md -+++ b/docs/sources/examples/running_riak_service.md -@@ -11,6 +11,8 @@ Note - install*](../hello_world/#running-examples). - - **If you don’t like sudo** then see [*Giving non-root - access*](../../installation/binaries/#dockergroup) -+- **If you’re using OS X or docker via TCP** then you shouldn’t use -+ sudo - - The goal of this example is to show you how to build a Docker image with - Riak pre-installed. -@@ -85,7 +87,7 @@ Almost there. Next, we add a hack to get us by the lack of - # Hack for initctl - # See: https://github.com/dotcloud/docker/issues/1024 - RUN dpkg-divert --local --rename --add /sbin/initctl -- RUN ln -s /bin/true /sbin/initctl -+ RUN ln -sf /bin/true /sbin/initctl - - Then, we expose the Riak Protocol Buffers and HTTP interfaces, along - with SSH: -diff --git a/docs/sources/examples/running_ssh_service.md b/docs/sources/examples/running_ssh_service.md -index 112b9fa..2a0acfa 100644 ---- a/docs/sources/examples/running_ssh_service.md -+++ b/docs/sources/examples/running_ssh_service.md -@@ -4,12 +4,15 @@ page_keywords: docker, example, package installation, networking - - # SSH Daemon Service - --> **Note:** --> - This example assumes you have Docker running in daemon mode. For --> more information please see [*Check your Docker --> install*](../hello_world/#running-examples). --> - **If you don’t like sudo** then see [*Giving non-root --> access*](../../installation/binaries/#dockergroup) -+Note -+ -+- This example assumes you have Docker running in daemon mode. For -+ more information please see [*Check your Docker -+ install*](../hello_world/#running-examples). -+- **If you don’t like sudo** then see [*Giving non-root -+ access*](../../installation/binaries/#dockergroup) -+- **If you’re using OS X or docker via TCP** then you shouldn’t use -+ sudo - - The following Dockerfile sets up an sshd service in a container that you - can use to connect to and inspect other container’s volumes, or to get -@@ -35,12 +38,12 @@ quick access to a test container. - - Build the image using: - -- $ sudo docker build -rm -t eg_sshd . -+ $ sudo docker build -t eg_sshd . - - Then run it. You can then use `docker port` to find - out what host port the container’s port 22 is mapped to: - -- $ sudo docker run -d -P -name test_sshd eg_sshd -+ $ sudo docker run -d -P --name test_sshd eg_sshd - $ sudo docker port test_sshd 22 - 0.0.0.0:49154 - -diff --git a/docs/sources/examples/using_supervisord.md b/docs/sources/examples/using_supervisord.md -index d64b300..8d6e796 100644 ---- a/docs/sources/examples/using_supervisord.md -+++ b/docs/sources/examples/using_supervisord.md -@@ -11,6 +11,8 @@ Note - install*](../hello_world/#running-examples). - - **If you don’t like sudo** then see [*Giving non-root - access*](../../installation/binaries/#dockergroup) -+- **If you’re using OS X or docker via TCP** then you shouldn’t use -+ sudo - - Traditionally a Docker container runs a single process when it is - launched, for example an Apache daemon or a SSH server daemon. Often -diff --git a/docs/sources/faq.md b/docs/sources/faq.md -index 06da238..4977f73 100644 ---- a/docs/sources/faq.md -+++ b/docs/sources/faq.md -@@ -1,122 +1,128 @@ -+page_title: FAQ -+page_description: Most frequently asked questions. -+page_keywords: faq, questions, documentation, docker -+ - # FAQ - - ## Most frequently asked questions. - - ### How much does Docker cost? - --Docker is 100% free, it is open source, so you can use it without --paying. -+> Docker is 100% free, it is open source, so you can use it without -+> paying. - - ### What open source license are you using? - --We are using the Apache License Version 2.0. --You can see it [here](https://github.com/dotcloud/docker/blob/master/LICENSE). -+> We are using the Apache License Version 2.0, see it here: -+> [https://github.com/dotcloud/docker/blob/master/LICENSE](https://github.com/dotcloud/docker/blob/master/LICENSE) - - ### Does Docker run on Mac OS X or Windows? - --Not at this time, Docker currently only runs on Linux, but you can use --VirtualBox to run Docker in a virtual machine on your box, and get the --best of both worlds. Check out the [*Mac OSX*](../installation/mac/#macosx) and --[*Windows*](../installation/windows/#windows) installation guides. The --small Linux distribution *boot2docker* can be run inside virtual --machines on these two operating systems. -+> Not at this time, Docker currently only runs on Linux, but you can use -+> VirtualBox to run Docker in a virtual machine on your box, and get the -+> best of both worlds. Check out the [*Mac OS -+> X*](../installation/mac/#macosx) and [*Microsoft -+> Windows*](../installation/windows/#windows) installation guides. The -+> small Linux distribution boot2docker can be run inside virtual -+> machines on these two operating systems. - - ### How do containers compare to virtual machines? - --They are complementary. VMs are best used to allocate chunks of --hardware resources. Containers operate at the process level, which --makes them very lightweight and perfect as a unit of software --delivery. -+> They are complementary. VMs are best used to allocate chunks of -+> hardware resources. Containers operate at the process level, which -+> makes them very lightweight and perfect as a unit of software -+> delivery. - - ### What does Docker add to just plain LXC? - --Docker is not a replacement for LXC. “LXC” refers to capabilities of --the Linux kernel (specifically namespaces and control groups) which --allow sandboxing processes from one another, and controlling their --resource allocations. On top of this low-level foundation of kernel --features, Docker offers a high-level tool with several powerful --functionalities: -- -- - **Portable deployment across machines:** -- Docker defines a format for bundling an application and all -- its dependencies into a single object which can be transferred -- to any Docker-enabled machine, and executed there with the -- guarantee that the execution environment exposed to the -- application will be the same. LXC implements process -- sandboxing, which is an important pre-requisite for portable -- deployment, but that alone is not enough for portable -- deployment. If you sent me a copy of your application -- installed in a custom LXC configuration, it would almost -- certainly not run on my machine the way it does on yours, -- because it is tied to your machine’s specific configuration: -- networking, storage, logging, distro, etc. Docker defines an -- abstraction for these machine-specific settings, so that the -- exact same Docker container can run - unchanged - on many -- different machines, with many different configurations. -- -- - **Application-centric:** -- Docker is optimized for the deployment of applications, as -- opposed to machines. This is reflected in its API, user -- interface, design philosophy and documentation. By contrast, -- the `lxc` helper scripts focus on -- containers as lightweight machines - basically servers that -- boot faster and need less RAM. We think there’s more to -- containers than just that. -- -- - **Automatic build:** -- Docker includes [*a tool for developers to automatically -- assemble a container from their source -- code*](../reference/builder/#dockerbuilder), with full control -- over application dependencies, build tools, packaging etc. -- They are free to use -- `make, maven, chef, puppet, salt,` Debian -- packages, RPMs, source tarballs, or any combination of the -- above, regardless of the configuration of the machines. -- -- - **Versioning:** -- Docker includes git-like capabilities for tracking successive -- versions of a container, inspecting the diff between versions, -- committing new versions, rolling back etc. The history also -- includes how a container was assembled and by whom, so you get -- full traceability from the production server all the way back -- to the upstream developer. Docker also implements incremental -- uploads and downloads, similar to `git pull`{.docutils -- .literal}, so new versions of a container can be transferred -- by only sending diffs. -- -- - **Component re-use:** -- Any container can be used as a [*“base -- image”*](../terms/image/#base-image-def) to create more -- specialized components. This can be done manually or as part -- of an automated build. For example you can prepare the ideal -- Python environment, and use it as a base for 10 different -- applications. Your ideal Postgresql setup can be re-used for -- all your future projects. And so on. -- -- - **Sharing:** -- Docker has access to a [public registry](http://index.docker.io) -- where thousands of people have uploaded useful containers: anything -- from Redis, CouchDB, Postgres to IRC bouncers to Rails app servers to -- Hadoop to base images for various Linux distros. The -- [*registry*](../reference/api/registry_index_spec/#registryindexspec) -- also includes an official “standard library” of useful -- containers maintained by the Docker team. The registry itself -- is open-source, so anyone can deploy their own registry to -- store and transfer private containers, for internal server -- deployments for example. -- -- - **Tool ecosystem:** -- Docker defines an API for automating and customizing the -- creation and deployment of containers. There are a huge number -- of tools integrating with Docker to extend its capabilities. -- PaaS-like deployment (Dokku, Deis, Flynn), multi-node -- orchestration (Maestro, Salt, Mesos, Openstack Nova), -- management dashboards (docker-ui, Openstack Horizon, -- Shipyard), configuration management (Chef, Puppet), continuous -- integration (Jenkins, Strider, Travis), etc. Docker is rapidly -- establishing itself as the standard for container-based -- tooling. -- -+> Docker is not a replacement for LXC. “LXC” refers to capabilities of -+> the Linux kernel (specifically namespaces and control groups) which -+> allow sandboxing processes from one another, and controlling their -+> resource allocations. On top of this low-level foundation of kernel -+> features, Docker offers a high-level tool with several powerful -+> functionalities: -+> -+> - *Portable deployment across machines.* -+> : Docker defines a format for bundling an application and all -+> its dependencies into a single object which can be transferred -+> to any Docker-enabled machine, and executed there with the -+> guarantee that the execution environment exposed to the -+> application will be the same. LXC implements process -+> sandboxing, which is an important pre-requisite for portable -+> deployment, but that alone is not enough for portable -+> deployment. If you sent me a copy of your application -+> installed in a custom LXC configuration, it would almost -+> certainly not run on my machine the way it does on yours, -+> because it is tied to your machine’s specific configuration: -+> networking, storage, logging, distro, etc. Docker defines an -+> abstraction for these machine-specific settings, so that the -+> exact same Docker container can run - unchanged - on many -+> different machines, with many different configurations. -+> -+> - *Application-centric.* -+> : Docker is optimized for the deployment of applications, as -+> opposed to machines. This is reflected in its API, user -+> interface, design philosophy and documentation. By contrast, -+> the `lxc` helper scripts focus on -+> containers as lightweight machines - basically servers that -+> boot faster and need less RAM. We think there’s more to -+> containers than just that. -+> -+> - *Automatic build.* -+> : Docker includes [*a tool for developers to automatically -+> assemble a container from their source -+> code*](../reference/builder/#dockerbuilder), with full control -+> over application dependencies, build tools, packaging etc. -+> They are free to use -+> `make, maven, chef, puppet, salt,` Debian -+> packages, RPMs, source tarballs, or any combination of the -+> above, regardless of the configuration of the machines. -+> -+> - *Versioning.* -+> : Docker includes git-like capabilities for tracking successive -+> versions of a container, inspecting the diff between versions, -+> committing new versions, rolling back etc. The history also -+> includes how a container was assembled and by whom, so you get -+> full traceability from the production server all the way back -+> to the upstream developer. Docker also implements incremental -+> uploads and downloads, similar to `git pull`{.docutils -+> .literal}, so new versions of a container can be transferred -+> by only sending diffs. -+> -+> - *Component re-use.* -+> : Any container can be used as a [*“base -+> image”*](../terms/image/#base-image-def) to create more -+> specialized components. This can be done manually or as part -+> of an automated build. For example you can prepare the ideal -+> Python environment, and use it as a base for 10 different -+> applications. Your ideal Postgresql setup can be re-used for -+> all your future projects. And so on. -+> -+> - *Sharing.* -+> : Docker has access to a [public -+> registry](http://index.docker.io) where thousands of people -+> have uploaded useful containers: anything from Redis, CouchDB, -+> Postgres to IRC bouncers to Rails app servers to Hadoop to -+> base images for various Linux distros. The -+> [*registry*](../reference/api/registry_index_spec/#registryindexspec) -+> also includes an official “standard library” of useful -+> containers maintained by the Docker team. The registry itself -+> is open-source, so anyone can deploy their own registry to -+> store and transfer private containers, for internal server -+> deployments for example. -+> -+> - *Tool ecosystem.* -+> : Docker defines an API for automating and customizing the -+> creation and deployment of containers. There are a huge number -+> of tools integrating with Docker to extend its capabilities. -+> PaaS-like deployment (Dokku, Deis, Flynn), multi-node -+> orchestration (Maestro, Salt, Mesos, Openstack Nova), -+> management dashboards (docker-ui, Openstack Horizon, -+> Shipyard), configuration management (Chef, Puppet), continuous -+> integration (Jenkins, Strider, Travis), etc. Docker is rapidly -+> establishing itself as the standard for container-based -+> tooling. -+> - ### What is different between a Docker container and a VM? - - There’s a great StackOverflow answer [showing the -@@ -159,22 +165,22 @@ here](http://docs.docker.io/en/latest/examples/using_supervisord/). - - ### What platforms does Docker run on? - --**Linux:** -+Linux: - --- Ubuntu 12.04, 13.04 et al --- Fedora 19/20+ --- RHEL 6.5+ --- Centos 6+ --- Gentoo --- ArchLinux --- openSUSE 12.3+ --- CRUX 3.0+ -+- Ubuntu 12.04, 13.04 et al -+- Fedora 19/20+ -+- RHEL 6.5+ -+- Centos 6+ -+- Gentoo -+- ArchLinux -+- openSUSE 12.3+ -+- CRUX 3.0+ - --**Cloud:** -+Cloud: - --- Amazon EC2 --- Google Compute Engine --- Rackspace -+- Amazon EC2 -+- Google Compute Engine -+- Rackspace - - ### How do I report a security issue with Docker? - -@@ -196,14 +202,17 @@ sources. - - ### Where can I find more answers? - --You can find more answers on: -- --- [Docker user mailinglist](https://groups.google.com/d/forum/docker-user) --- [Docker developer mailinglist](https://groups.google.com/d/forum/docker-dev) --- [IRC, docker on freenode](irc://chat.freenode.net#docker) --- [GitHub](http://www.github.com/dotcloud/docker) --- [Ask questions on Stackoverflow](http://stackoverflow.com/search?q=docker) --- [Join the conversation on Twitter](http://twitter.com/docker) -+> You can find more answers on: -+> -+> - [Docker user -+> mailinglist](https://groups.google.com/d/forum/docker-user) -+> - [Docker developer -+> mailinglist](https://groups.google.com/d/forum/docker-dev) -+> - [IRC, docker on freenode](irc://chat.freenode.net#docker) -+> - [GitHub](http://www.github.com/dotcloud/docker) -+> - [Ask questions on -+> Stackoverflow](http://stackoverflow.com/search?q=docker) -+> - [Join the conversation on Twitter](http://twitter.com/docker) - - Looking for something else to read? Checkout the [*Hello - World*](../examples/hello_world/#hello-world) example. -diff --git a/docs/sources/genindex.md b/docs/sources/genindex.md -index 8b013d6..e9bcd34 100644 ---- a/docs/sources/genindex.md -+++ b/docs/sources/genindex.md -@@ -1 +1,2 @@ -+ - # Index -diff --git a/docs/sources/http-routingtable.md b/docs/sources/http-routingtable.md -index 2a06fdb..4ca4116 100644 ---- a/docs/sources/http-routingtable.md -+++ b/docs/sources/http-routingtable.md -@@ -1,3 +1,4 @@ -+ - # HTTP Routing Table - - [**/api**](#cap-/api) | [**/auth**](#cap-/auth) | -diff --git a/docs/sources/index.md b/docs/sources/index.md -index c5a5b6f..dd9e272 100644 ---- a/docs/sources/index.md -+++ b/docs/sources/index.md -@@ -1,3 +1 @@ --# Docker Documentation -- --## Introduction -\ No newline at end of file -+# Docker documentation -diff --git a/docs/sources/installation.md b/docs/sources/installation.md -index 0ee7b2f..4fdd102 100644 ---- a/docs/sources/installation.md -+++ b/docs/sources/installation.md -@@ -1,25 +1,26 @@ --# Installation - --## Introduction -+# Installation - - There are a number of ways to install Docker, depending on where you - want to run the daemon. The [*Ubuntu*](ubuntulinux/#ubuntu-linux) - installation is the officially-tested version. The community adds more - techniques for installing Docker all the time. - --## Contents: -+Contents: -+ -+- [Ubuntu](ubuntulinux/) -+- [Red Hat Enterprise Linux](rhel/) -+- [Fedora](fedora/) -+- [Arch Linux](archlinux/) -+- [CRUX Linux](cruxlinux/) -+- [Gentoo](gentoolinux/) -+- [openSUSE](openSUSE/) -+- [FrugalWare](frugalware/) -+- [Mac OS X](mac/) -+- [Microsoft Windows](windows/) -+- [Amazon EC2](amazon/) -+- [Rackspace Cloud](rackspace/) -+- [Google Cloud Platform](google/) -+- [IBM SoftLayer](softlayer/) -+- [Binaries](binaries/) - --- [Ubuntu](ubuntulinux/) --- [Red Hat Enterprise Linux](rhel/) --- [Fedora](fedora/) --- [Arch Linux](archlinux/) --- [CRUX Linux](cruxlinux/) --- [Gentoo](gentoolinux/) --- [openSUSE](openSUSE/) --- [FrugalWare](frugalware/) --- [Mac OS X](mac/) --- [Windows](windows/) --- [Amazon EC2](amazon/) --- [Rackspace Cloud](rackspace/) --- [Google Cloud Platform](google/) --- [Binaries](binaries/) -\ No newline at end of file -diff --git a/docs/sources/installation/binaries.md b/docs/sources/installation/binaries.md -index 5d761de..0aa22ca 100644 ---- a/docs/sources/installation/binaries.md -+++ b/docs/sources/installation/binaries.md -@@ -23,14 +23,15 @@ packages for many distributions, and more keep showing up all the time! - To run properly, docker needs the following software to be installed at - runtime: - --- iproute2 version 3.5 or later (build after 2012-05-21), and -- specifically the “ip” utility - - iptables version 1.4 or later --- The LXC utility scripts -- ([http://lxc.sourceforge.net](http://lxc.sourceforge.net)) version -- 0.8 or later - - Git version 1.7 or later - - XZ Utils 4.9 or later -+- a [properly -+ mounted](https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount) -+ cgroupfs hierarchy (having a single, all-encompassing “cgroup” mount -+ point [is](https://github.com/dotcloud/docker/issues/2683) -+ [not](https://github.com/dotcloud/docker/issues/3485) -+ [sufficient](https://github.com/dotcloud/docker/issues/4568)) - - ## Check kernel dependencies - -@@ -38,7 +39,7 @@ Docker in daemon mode has specific kernel requirements. For details, - check your distribution in [*Installation*](../#installation-list). - - Note that Docker also has a client mode, which can run on virtually any --linux kernel (it even builds on OSX!). -+Linux kernel (it even builds on OSX!). - - ## Get the docker binary: - -@@ -69,7 +70,9 @@ all the client commands. - - Warning - --The *docker* group is root-equivalent. -+The *docker* group (or the group specified with `-G`{.docutils -+.literal}) is root-equivalent; see [*Docker Daemon Attack -+Surface*](../../articles/security/#dockersecurity-daemon) details. - - ## Upgrades - -diff --git a/docs/sources/installation/fedora.md b/docs/sources/installation/fedora.md -index 545e523..32f4fd2 100644 ---- a/docs/sources/installation/fedora.md -+++ b/docs/sources/installation/fedora.md -@@ -31,13 +31,14 @@ installed already, it will conflict with `docker-io`{.docutils - .literal}. There’s a [bug - report](https://bugzilla.redhat.com/show_bug.cgi?id=1043676) filed for - it. To proceed with `docker-io` installation on --Fedora 19, please remove `docker` first. -+Fedora 19 or Fedora 20, please remove `docker` -+first. - - sudo yum -y remove docker - --For Fedora 20 and later, the `wmdocker` package will --provide the same functionality as `docker` and will --also not conflict with `docker-io`. -+For Fedora 21 and later, the `wmdocker` package will -+provide the same functionality as the old `docker` -+and will also not conflict with `docker-io`. - - sudo yum -y install wmdocker - sudo yum -y remove docker -diff --git a/docs/sources/installation/ubuntulinux.md b/docs/sources/installation/ubuntulinux.md -index 8c83e87..b6e9889 100644 ---- a/docs/sources/installation/ubuntulinux.md -+++ b/docs/sources/installation/ubuntulinux.md -@@ -56,13 +56,13 @@ These instructions have changed for 0.6. If you are upgrading from an - earlier version, you will need to follow them again. - - Docker is available as a Debian package, which makes installation easy. --**See the :ref:\`installmirrors\` section below if you are not in the --United States.** Other sources of the Debian packages may be faster for --you to install. -+**See the** [*Docker and local DNS server warnings*](#installmirrors) -+**section below if you are not in the United States.** Other sources of -+the Debian packages may be faster for you to install. - - First add the Docker repository key to your local keychain. - -- sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9 -+ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9 - - Add the Docker repository to your apt sources list, update and install - the `lxc-docker` package. -@@ -121,7 +121,7 @@ upgrading from an earlier version, you will need to follow them again. - - First add the Docker repository key to your local keychain. - -- sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9 -+ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9 - - Add the Docker repository to your apt sources list, update and install - the `lxc-docker` package. -@@ -156,11 +156,15 @@ socket read/writable by the *docker* group when the daemon starts. The - `docker` daemon must always run as the root user, - but if you run the `docker` client as a user in the - *docker* group then you don’t need to add `sudo` to --all the client commands. -+all the client commands. As of 0.9.0, you can specify that a group other -+than `docker` should own the Unix socket with the -+`-G` option. - - Warning - --The *docker* group is root-equivalent. -+The *docker* group (or the group specified with `-G`{.docutils -+.literal}) is root-equivalent; see [*Docker Daemon Attack -+Surface*](../../articles/security/#dockersecurity-daemon) details. - - **Example:** - -@@ -259,9 +263,9 @@ Docker daemon for the containers: - sudo nano /etc/default/docker - --- - # Add: -- DOCKER_OPTS="-dns 8.8.8.8" -+ DOCKER_OPTS="--dns 8.8.8.8" - # 8.8.8.8 could be replaced with a local DNS server, such as 192.168.1.1 -- # multiple DNS servers can be specified: -dns 8.8.8.8 -dns 192.168.1.1 -+ # multiple DNS servers can be specified: --dns 8.8.8.8 --dns 192.168.1.1 - - The Docker daemon has to be restarted: - -diff --git a/docs/sources/installation/windows.md b/docs/sources/installation/windows.md -index ec3e706..ad367d9 100644 ---- a/docs/sources/installation/windows.md -+++ b/docs/sources/installation/windows.md -@@ -2,7 +2,7 @@ page_title: Installation on Windows - page_description: Please note this project is currently under heavy development. It should not be used in production. - page_keywords: Docker, Docker documentation, Windows, requirements, virtualbox, boot2docker - --# Windows -+# Microsoft Windows - - Docker can run on Windows using a virtualization platform like - VirtualBox. A Linux distribution is run inside a virtual machine and -@@ -17,7 +17,7 @@ production yet, but we’re getting closer with each release. Please see - our blog post, [“Getting to Docker - 1.0”](http://blog.docker.io/2013/08/getting-to-docker-1-0/) - --1. Install virtualbox from -+1. Install VirtualBox from - [https://www.virtualbox.org](https://www.virtualbox.org) - or follow - this - [tutorial](http://www.slideshare.net/julienbarbier42/install-virtualbox-on-windows-7). -diff --git a/docs/sources/reference.md b/docs/sources/reference.md -index 3cd720c..1c4022e 100644 ---- a/docs/sources/reference.md -+++ b/docs/sources/reference.md -@@ -1,9 +1,10 @@ -+ - # Reference Manual - --## Contents: -+Contents: - --- [Commands](commandline/) --- [Dockerfile Reference](builder/) --- [Docker Run Reference](run/) --- [APIs](api/) -+- [Commands](commandline/) -+- [Dockerfile Reference](builder/) -+- [Docker Run Reference](run/) -+- [APIs](api/) - -diff --git a/docs/sources/reference/api.md b/docs/sources/reference/api.md -index ae55e6a..ce571bc 100644 ---- a/docs/sources/reference/api.md -+++ b/docs/sources/reference/api.md -@@ -1,3 +1,4 @@ -+ - # APIs - - Your programs and scripts can access Docker’s functionality via these -@@ -8,34 +9,28 @@ interfaces: - - [1.1 Index](registry_index_spec/#index) - - [1.2 Registry](registry_index_spec/#registry) - - [1.3 Docker](registry_index_spec/#docker) -- - - [2. Workflow](registry_index_spec/#workflow) - - [2.1 Pull](registry_index_spec/#pull) - - [2.2 Push](registry_index_spec/#push) - - [2.3 Delete](registry_index_spec/#delete) -- - - [3. How to use the Registry in standalone - mode](registry_index_spec/#how-to-use-the-registry-in-standalone-mode) - - [3.1 Without an - Index](registry_index_spec/#without-an-index) - - [3.2 With an Index](registry_index_spec/#with-an-index) -- - - [4. The API](registry_index_spec/#the-api) - - [4.1 Images](registry_index_spec/#images) - - [4.2 Users](registry_index_spec/#users) - - [4.3 Tags (Registry)](registry_index_spec/#tags-registry) - - [4.4 Images (Index)](registry_index_spec/#images-index) - - [4.5 Repositories](registry_index_spec/#repositories) -- - - [5. Chaining - Registries](registry_index_spec/#chaining-registries) - - [6. Authentication & - Authorization](registry_index_spec/#authentication-authorization) - - [6.1 On the Index](registry_index_spec/#on-the-index) - - [6.2 On the Registry](registry_index_spec/#on-the-registry) -- - - [7 Document Version](registry_index_spec/#document-version) -- - - [Docker Registry API](registry_api/) - - [1. Brief introduction](registry_api/#brief-introduction) - - [2. Endpoints](registry_api/#endpoints) -@@ -43,16 +38,13 @@ interfaces: - - [2.2 Tags](registry_api/#tags) - - [2.3 Repositories](registry_api/#repositories) - - [2.4 Status](registry_api/#status) -- - - [3 Authorization](registry_api/#authorization) -- - - [Docker Index API](index_api/) - - [1. Brief introduction](index_api/#brief-introduction) - - [2. Endpoints](index_api/#endpoints) - - [2.1 Repository](index_api/#repository) - - [2.2 Users](index_api/#users) - - [2.3 Search](index_api/#search) -- - - [Docker Remote API](docker_remote_api/) - - [1. Brief introduction](docker_remote_api/#brief-introduction) - - [2. Versions](docker_remote_api/#versions) -@@ -67,7 +59,6 @@ interfaces: - - [v1.2](docker_remote_api/#v1-2) - - [v1.1](docker_remote_api/#v1-1) - - [v1.0](docker_remote_api/#v1-0) -- - - [Docker Remote API Client Libraries](remote_api_client_libraries/) - - [docker.io OAuth API](docker_io_oauth_api/) - - [1. Brief introduction](docker_io_oauth_api/#brief-introduction) -@@ -79,10 +70,8 @@ interfaces: - - [3.2 Get an Access - Token](docker_io_oauth_api/#get-an-access-token) - - [3.3 Refresh a Token](docker_io_oauth_api/#refresh-a-token) -- - - [4. Use an Access Token with the - API](docker_io_oauth_api/#use-an-access-token-with-the-api) -- - - [docker.io Accounts API](docker_io_accounts_api/) - - [1. Endpoints](docker_io_accounts_api/#endpoints) - - [1.1 Get a single -@@ -96,4 +85,5 @@ interfaces: - - [1.5 Update an email address for a - user](docker_io_accounts_api/#update-an-email-address-for-a-user) - - [1.6 Delete email address for a -- user](docker_io_accounts_api/#delete-email-address-for-a-user) -\ No newline at end of file -+ user](docker_io_accounts_api/#delete-email-address-for-a-user) -+ -diff --git a/docs/sources/reference/api/docker_io_accounts_api.md b/docs/sources/reference/api/docker_io_accounts_api.md -index 6ad5361..dc78076 100644 ---- a/docs/sources/reference/api/docker_io_accounts_api.md -+++ b/docs/sources/reference/api/docker_io_accounts_api.md -@@ -2,35 +2,50 @@ page_title: docker.io Accounts API - page_description: API Documentation for docker.io accounts. - page_keywords: API, Docker, accounts, REST, documentation - --# Docker IO Accounts API -+# [docker.io Accounts API](#id1) - --## Endpoints -+Table of Contents - --### Get A Single User -+- [docker.io Accounts API](#docker-io-accounts-api) -+ - [1. Endpoints](#endpoints) -+ - [1.1 Get a single user](#get-a-single-user) -+ - [1.2 Update a single user](#update-a-single-user) -+ - [1.3 List email addresses for a -+ user](#list-email-addresses-for-a-user) -+ - [1.4 Add email address for a -+ user](#add-email-address-for-a-user) -+ - [1.5 Update an email address for a -+ user](#update-an-email-address-for-a-user) -+ - [1.6 Delete email address for a -+ user](#delete-email-address-for-a-user) -+ -+## [1. Endpoints](#id2) -+ -+### [1.1 Get a single user](#id3) - - `GET `{.descname}`/api/v1.1/users/:username/`{.descname} - : Get profile info for the specified user. - - Parameters: - -- - **username** – username of the user whose profile info is being -+ - **username** – username of the user whose profile info is being - requested. - - Request Headers: - -   - -- - **Authorization** – required authentication credentials of -+ - **Authorization** – required authentication credentials of - either type HTTP Basic or OAuth Bearer Token. - - Status Codes: - -- - **200** – success, user data returned. -- - **401** – authentication error. -- - **403** – permission error, authenticated user must be the user -+ - **200** – success, user data returned. -+ - **401** – authentication error. -+ - **403** – permission error, authenticated user must be the user - whose data is being requested, OAuth access tokens must have - `profile_read` scope. -- - **404** – the specified username does not exist. -+ - **404** – the specified username does not exist. - - **Example request**: - -@@ -59,45 +74,45 @@ page_keywords: API, Docker, accounts, REST, documentation - "is_active": true - } - --### Update A Single User -+### [1.2 Update a single user](#id4) - - `PATCH `{.descname}`/api/v1.1/users/:username/`{.descname} - : Update profile info for the specified user. - - Parameters: - -- - **username** – username of the user whose profile info is being -+ - **username** – username of the user whose profile info is being - updated. - - Json Parameters: - -   - -- - **full\_name** (*string*) – (optional) the new name of the user. -- - **location** (*string*) – (optional) the new location. -- - **company** (*string*) – (optional) the new company of the user. -- - **profile\_url** (*string*) – (optional) the new profile url. -- - **gravatar\_email** (*string*) – (optional) the new Gravatar -+ - **full\_name** (*string*) – (optional) the new name of the user. -+ - **location** (*string*) – (optional) the new location. -+ - **company** (*string*) – (optional) the new company of the user. -+ - **profile\_url** (*string*) – (optional) the new profile url. -+ - **gravatar\_email** (*string*) – (optional) the new Gravatar - email address. - - Request Headers: - -   - -- - **Authorization** – required authentication credentials of -+ - **Authorization** – required authentication credentials of - either type HTTP Basic or OAuth Bearer Token. -- - **Content-Type** – MIME Type of post data. JSON, url-encoded -+ - **Content-Type** – MIME Type of post data. JSON, url-encoded - form data, etc. - - Status Codes: - -- - **200** – success, user data updated. -- - **400** – post data validation error. -- - **401** – authentication error. -- - **403** – permission error, authenticated user must be the user -+ - **200** – success, user data updated. -+ - **400** – post data validation error. -+ - **401** – authentication error. -+ - **403** – permission error, authenticated user must be the user - whose data is being updated, OAuth access tokens must have - `profile_write` scope. -- - **404** – the specified username does not exist. -+ - **404** – the specified username does not exist. - - **Example request**: - -@@ -132,31 +147,31 @@ page_keywords: API, Docker, accounts, REST, documentation - "is_active": true - } - --### List Email Addresses For A User -+### [1.3 List email addresses for a user](#id5) - - `GET `{.descname}`/api/v1.1/users/:username/emails/`{.descname} - : List email info for the specified user. - - Parameters: - -- - **username** – username of the user whose profile info is being -+ - **username** – username of the user whose profile info is being - updated. - - Request Headers: - -   - -- - **Authorization** – required authentication credentials of -+ - **Authorization** – required authentication credentials of - either type HTTP Basic or OAuth Bearer Token - - Status Codes: - -- - **200** – success, user data updated. -- - **401** – authentication error. -- - **403** – permission error, authenticated user must be the user -+ - **200** – success, user data updated. -+ - **401** – authentication error. -+ - **403** – permission error, authenticated user must be the user - whose data is being requested, OAuth access tokens must have - `email_read` scope. -- - **404** – the specified username does not exist. -+ - **404** – the specified username does not exist. - - **Example request**: - -@@ -170,7 +185,7 @@ page_keywords: API, Docker, accounts, REST, documentation - HTTP/1.1 200 OK - Content-Type: application/json - -- -+ [ - { - "email": "jane.doe@example.com", - "verified": true, -@@ -178,7 +193,7 @@ page_keywords: API, Docker, accounts, REST, documentation - } - ] - --### Add Email Address For A User -+### [1.4 Add email address for a user](#id6) - - `POST `{.descname}`/api/v1.1/users/:username/emails/`{.descname} - : Add a new email address to the specified user’s account. The email -@@ -189,26 +204,26 @@ page_keywords: API, Docker, accounts, REST, documentation - -   - -- - **email** (*string*) – email address to be added. -+ - **email** (*string*) – email address to be added. - - Request Headers: - -   - -- - **Authorization** – required authentication credentials of -+ - **Authorization** – required authentication credentials of - either type HTTP Basic or OAuth Bearer Token. -- - **Content-Type** – MIME Type of post data. JSON, url-encoded -+ - **Content-Type** – MIME Type of post data. JSON, url-encoded - form data, etc. - - Status Codes: - -- - **201** – success, new email added. -- - **400** – data validation error. -- - **401** – authentication error. -- - **403** – permission error, authenticated user must be the user -+ - **201** – success, new email added. -+ - **400** – data validation error. -+ - **401** – authentication error. -+ - **403** – permission error, authenticated user must be the user - whose data is being requested, OAuth access tokens must have - `email_write` scope. -- - **404** – the specified username does not exist. -+ - **404** – the specified username does not exist. - - **Example request**: - -@@ -233,7 +248,7 @@ page_keywords: API, Docker, accounts, REST, documentation - "primary": false - } - --### Update An Email Address For A User -+### [1.5 Update an email address for a user](#id7) - - `PATCH `{.descname}`/api/v1.1/users/:username/emails/`{.descname} - : Update an email address for the specified user to either verify an -@@ -244,17 +259,17 @@ page_keywords: API, Docker, accounts, REST, documentation - - Parameters: - -- - **username** – username of the user whose email info is being -+ - **username** – username of the user whose email info is being - updated. - - Json Parameters: - -   - -- - **email** (*string*) – the email address to be updated. -- - **verified** (*boolean*) – (optional) whether the email address -+ - **email** (*string*) – the email address to be updated. -+ - **verified** (*boolean*) – (optional) whether the email address - is verified, must be `true` or absent. -- - **primary** (*boolean*) – (optional) whether to set the email -+ - **primary** (*boolean*) – (optional) whether to set the email - address as the primary email, must be `true` - or absent. - -@@ -262,20 +277,20 @@ page_keywords: API, Docker, accounts, REST, documentation - -   - -- - **Authorization** – required authentication credentials of -+ - **Authorization** – required authentication credentials of - either type HTTP Basic or OAuth Bearer Token. -- - **Content-Type** – MIME Type of post data. JSON, url-encoded -+ - **Content-Type** – MIME Type of post data. JSON, url-encoded - form data, etc. - - Status Codes: - -- - **200** – success, user’s email updated. -- - **400** – data validation error. -- - **401** – authentication error. -- - **403** – permission error, authenticated user must be the user -+ - **200** – success, user’s email updated. -+ - **400** – data validation error. -+ - **401** – authentication error. -+ - **403** – permission error, authenticated user must be the user - whose data is being updated, OAuth access tokens must have - `email_write` scope. -- - **404** – the specified username or email address does not -+ - **404** – the specified username or email address does not - exist. - - **Example request**: -@@ -303,7 +318,7 @@ page_keywords: API, Docker, accounts, REST, documentation - "primary": false - } - --### Delete Email Address For A User -+### [1.6 Delete email address for a user](#id8) - - `DELETE `{.descname}`/api/v1.1/users/:username/emails/`{.descname} - : Delete an email address from the specified user’s account. You -@@ -313,26 +328,26 @@ page_keywords: API, Docker, accounts, REST, documentation - -   - -- - **email** (*string*) – email address to be deleted. -+ - **email** (*string*) – email address to be deleted. - - Request Headers: - -   - -- - **Authorization** – required authentication credentials of -+ - **Authorization** – required authentication credentials of - either type HTTP Basic or OAuth Bearer Token. -- - **Content-Type** – MIME Type of post data. JSON, url-encoded -+ - **Content-Type** – MIME Type of post data. JSON, url-encoded - form data, etc. - - Status Codes: - -- - **204** – success, email address removed. -- - **400** – validation error. -- - **401** – authentication error. -- - **403** – permission error, authenticated user must be the user -+ - **204** – success, email address removed. -+ - **400** – validation error. -+ - **401** – authentication error. -+ - **403** – permission error, authenticated user must be the user - whose data is being requested, OAuth access tokens must have - `email_write` scope. -- - **404** – the specified username or email address does not -+ - **404** – the specified username or email address does not - exist. - - **Example request**: -@@ -350,4 +365,6 @@ page_keywords: API, Docker, accounts, REST, documentation - **Example response**: - - HTTP/1.1 204 NO CONTENT -- Content-Length: 0 -\ No newline at end of file -+ Content-Length: 0 -+ -+ -diff --git a/docs/sources/reference/api/docker_io_oauth_api.md b/docs/sources/reference/api/docker_io_oauth_api.md -index 85f3a22..c39ab56 100644 ---- a/docs/sources/reference/api/docker_io_oauth_api.md -+++ b/docs/sources/reference/api/docker_io_oauth_api.md -@@ -2,9 +2,21 @@ page_title: docker.io OAuth API - page_description: API Documentation for docker.io's OAuth flow. - page_keywords: API, Docker, oauth, REST, documentation - --# Docker IO OAuth API -+# [docker.io OAuth API](#id1) - --## Introduction -+Table of Contents -+ -+- [docker.io OAuth API](#docker-io-oauth-api) -+ - [1. Brief introduction](#brief-introduction) -+ - [2. Register Your Application](#register-your-application) -+ - [3. Endpoints](#endpoints) -+ - [3.1 Get an Authorization Code](#get-an-authorization-code) -+ - [3.2 Get an Access Token](#get-an-access-token) -+ - [3.3 Refresh a Token](#refresh-a-token) -+ - [4. Use an Access Token with the -+ API](#use-an-access-token-with-the-api) -+ -+## [1. Brief introduction](#id2) - - Some docker.io API requests will require an access token to - authenticate. To get an access token for a user, that user must first -@@ -12,13 +24,13 @@ grant your application access to their docker.io account. In order for - them to grant your application access you must first register your - application. - --Before continuing, we encourage you to familiarize yourself with The --OAuth 2.0 Authorization Framework](http://tools.ietf.org/c6749). -+Before continuing, we encourage you to familiarize yourself with [The -+OAuth 2.0 Authorization Framework](http://tools.ietf.org/html/rfc6749). - - *Also note that all OAuth interactions must take place over https - connections* - --## Registering Your Application -+## [2. Register Your Application](#id3) - - You will need to register your application with docker.io before users - will be able to grant your application access to their account -@@ -27,10 +39,10 @@ request registration of your application send an email to - [support-accounts@docker.com](mailto:support-accounts%40docker.com) with - the following information: - --- The name of your application --- A description of your application and the service it will provide to -+- The name of your application -+- A description of your application and the service it will provide to - docker.io users. --- A callback URI that we will use for redirecting authorization -+- A callback URI that we will use for redirecting authorization - requests to your application. These are used in the step of getting - an Authorization Code. The domain name of the callback URI will be - visible to the user when they are requested to authorize your -@@ -41,9 +53,9 @@ docker.io team with your `client_id` and - `client_secret` which your application will use in - the steps of getting an Authorization Code and getting an Access Token. - --## Endpoints -+## [3. Endpoints](#id4) - --### Get an Authorization Code -+### [3.1 Get an Authorization Code](#id5) - - Once You have registered you are ready to start integrating docker.io - accounts into your application! The process is usually started by a user -@@ -61,24 +73,24 @@ following a link in your application to an OAuth Authorization endpoint. - -   - -- - **client\_id** – The `client_id` given to -+ - **client\_id** – The `client_id` given to - your application at registration. -- - **response\_type** – MUST be set to `code`. -+ - **response\_type** – MUST be set to `code`. - This specifies that you would like an Authorization Code - returned. -- - **redirect\_uri** – The URI to redirect back to after the user -+ - **redirect\_uri** – The URI to redirect back to after the user - has authorized your application. If omitted, the first of your - registered `response_uris` is used. If - included, it must be one of the URIs which were submitted when - registering your application. -- - **scope** – The extent of access permissions you are requesting. -+ - **scope** – The extent of access permissions you are requesting. - Currently, the scope options are `profile_read`{.docutils - .literal}, `profile_write`, - `email_read`, and `email_write`{.docutils - .literal}. Scopes must be separated by a space. If omitted, the - default scopes `profile_read email_read` are - used. -- - **state** – (Recommended) Used by your application to maintain -+ - **state** – (Recommended) Used by your application to maintain - state between the authorization request and callback to protect - against CSRF attacks. - -@@ -115,7 +127,7 @@ following a link in your application to an OAuth Authorization endpoint. - : An error message in the event of the user denying the - authorization or some other kind of error with the request. - --### Get an Access Token -+### [3.2 Get an Access Token](#id6) - - Once the user has authorized your application, a request will be made to - your application’s specified `redirect_uri` which -@@ -131,7 +143,7 @@ to get an Access Token. - -   - -- - **Authorization** – HTTP basic authentication using your -+ - **Authorization** – HTTP basic authentication using your - application’s `client_id` and - `client_secret` - -@@ -139,11 +151,11 @@ to get an Access Token. - -   - -- - **grant\_type** – MUST be set to `authorization_code`{.docutils -+ - **grant\_type** – MUST be set to `authorization_code`{.docutils - .literal} -- - **code** – The authorization code received from the user’s -+ - **code** – The authorization code received from the user’s - redirect request. -- - **redirect\_uri** – The same `redirect_uri` -+ - **redirect\_uri** – The same `redirect_uri` - used in the authentication request. - - **Example Request** -@@ -180,7 +192,7 @@ to get an Access Token. - In the case of an error, there will be a non-200 HTTP Status and and - data detailing the error. - --### Refresh a Token -+### [3.3 Refresh a Token](#id7) - - Once the Access Token expires you can use your `refresh_token`{.docutils - .literal} to have docker.io issue your application a new Access Token, -@@ -195,7 +207,7 @@ if the user has not revoked access from your application. - -   - -- - **Authorization** – HTTP basic authentication using your -+ - **Authorization** – HTTP basic authentication using your - application’s `client_id` and - `client_secret` - -@@ -203,11 +215,11 @@ if the user has not revoked access from your application. - -   - -- - **grant\_type** – MUST be set to `refresh_token`{.docutils -+ - **grant\_type** – MUST be set to `refresh_token`{.docutils - .literal} -- - **refresh\_token** – The `refresh_token` -+ - **refresh\_token** – The `refresh_token` - which was issued to your application. -- - **scope** – (optional) The scope of the access token to be -+ - **scope** – (optional) The scope of the access token to be - returned. Must not include any scope not originally granted by - the user and if omitted is treated as equal to the scope - originally granted. -@@ -245,7 +257,7 @@ if the user has not revoked access from your application. - In the case of an error, there will be a non-200 HTTP Status and and - data detailing the error. - --## Use an Access Token with the API -+## [4. Use an Access Token with the API](#id8) - - Many of the docker.io API requests will require a Authorization request - header field. Simply ensure you add this header with “Bearer -diff --git a/docs/sources/reference/api/docker_remote_api.md b/docs/sources/reference/api/docker_remote_api.md -index 35dd858..8a2e456 100644 ---- a/docs/sources/reference/api/docker_remote_api.md -+++ b/docs/sources/reference/api/docker_remote_api.md -@@ -4,21 +4,21 @@ page_keywords: API, Docker, rcli, REST, documentation - - # Docker Remote API - --## Introduction -- --- The Remote API is replacing rcli --- By default the Docker daemon listens on unix:///var/run/docker.sock -- and the client must have root access to interact with the daemon --- If a group named *docker* exists on your system, docker will apply -- ownership of the socket to the group --- The API tends to be REST, but for some complex commands, like attach -- or pull, the HTTP connection is hijacked to transport stdout stdin -- and stderr --- Since API version 1.2, the auth configuration is now handled client -- side, so the client has to send the authConfig as POST in -- `/images/(name)/push`. -- --## Docker Remote API Versions -+## 1. Brief introduction -+ -+- The Remote API is replacing rcli -+- By default the Docker daemon listens on unix:///var/run/docker.sock -+ and the client must have root access to interact with the daemon -+- If a group named *docker* exists on your system, docker will apply -+ ownership of the socket to the group -+- The API tends to be REST, but for some complex commands, like attach -+ or pull, the HTTP connection is hijacked to transport stdout stdin -+ and stderr -+- Since API version 1.2, the auth configuration is now handled client -+ side, so the client has to send the authConfig as POST in -+ /images/(name)/push -+ -+## 2. Versions - - The current version of the API is 1.10 - -@@ -28,25 +28,31 @@ Calling /images/\/insert is the same as calling - You can still call an old version of the api using - /v1.0/images/\/insert - --## Docker Remote API v1.10 -+### v1.10 - --### Full Documentation -+#### Full Documentation - - [*Docker Remote API v1.10*](../docker_remote_api_v1.10/) - --### What’s new -+#### What’s new - - `DELETE `{.descname}`/images/`{.descname}(*name*) - : **New!** You can now use the force parameter to force delete of an -- image, even if it’s tagged in multiple repositories. -+ image, even if it’s tagged in multiple repositories. **New!** You -+ can now use the noprune parameter to prevent the deletion of parent -+ images - --## Docker Remote API v1.9 -+ `DELETE `{.descname}`/containers/`{.descname}(*id*) -+: **New!** You can now use the force paramter to force delete a -+ container, even if it is currently running - --### Full Documentation -+### v1.9 -+ -+#### Full Documentation - - [*Docker Remote API v1.9*](../docker_remote_api_v1.9/) - --### What’s New -+#### What’s new - - `POST `{.descname}`/build`{.descname} - : **New!** This endpoint now takes a serialized ConfigFile which it -@@ -54,13 +60,13 @@ You can still call an old version of the api using - base image. Clients which previously implemented the version - accepting an AuthConfig object must be updated. - --## Docker Remote API v1.8 -+### v1.8 - --### Full Documentation -+#### Full Documentation - - [*Docker Remote API v1.8*](../docker_remote_api_v1.8/) - --### What’s New -+#### What’s new - - `POST `{.descname}`/build`{.descname} - : **New!** This endpoint now returns build status as json stream. In -@@ -82,13 +88,13 @@ You can still call an old version of the api using - possible to get the current value and the total of the progress - without having to parse the string. - --## Docker Remote API v1.7 -+### v1.7 - --### Full Documentation -+#### Full Documentation - - [*Docker Remote API v1.7*](../docker_remote_api_v1.7/) - --### What’s New -+#### What’s new - - `GET `{.descname}`/images/json`{.descname} - : The format of the json returned from this uri changed. Instead of an -@@ -175,17 +181,17 @@ You can still call an old version of the api using - ] - - `GET `{.descname}`/images/viz`{.descname} --: This URI no longer exists. The `images -viz` -+: This URI no longer exists. The `images --viz` - output is now generated in the client, using the - `/images/json` data. - --## Docker Remote API v1.6 -+### v1.6 - --### Full Documentation -+#### Full Documentation - - [*Docker Remote API v1.6*](../docker_remote_api_v1.6/) - --### What’s New -+#### What’s new - - `POST `{.descname}`/containers/`{.descname}(*id*)`/attach`{.descname} - : **New!** You can now split stderr from stdout. This is done by -@@ -195,13 +201,13 @@ You can still call an old version of the api using - The WebSocket attach is unchanged. Note that attach calls on the - previous API version didn’t change. Stdout and stderr are merged. - --## Docker Remote API v1.5 -+### v1.5 - --### Full Documentation -+#### Full Documentation - - [*Docker Remote API v1.5*](../docker_remote_api_v1.5/) - --### What’s New -+#### What’s new - - `POST `{.descname}`/images/create`{.descname} - : **New!** You can now pass registry credentials (via an AuthConfig -@@ -216,13 +222,13 @@ You can still call an old version of the api using - dicts each containing PublicPort, PrivatePort and Type describing a - port mapping. - --## Docker Remote API v1.4 -+### v1.4 - --### Full Documentation -+#### Full Documentation - - [*Docker Remote API v1.4*](../docker_remote_api_v1.4/) - --### What’s New -+#### What’s new - - `POST `{.descname}`/images/create`{.descname} - : **New!** When pulling a repo, all images are now downloaded in -@@ -235,16 +241,16 @@ You can still call an old version of the api using - `GET `{.descname}`/events:`{.descname} - : **New!** Image’s name added in the events - --## Docker Remote API v1.3 -+### v1.3 - - docker v0.5.0 - [51f6c4a](https://github.com/dotcloud/docker/commit/51f6c4a7372450d164c61e0054daf0223ddbd909) - --### Full Documentation -+#### Full Documentation - - [*Docker Remote API v1.3*](../docker_remote_api_v1.3/) - --### What’s New -+#### What’s new - - `GET `{.descname}`/containers/`{.descname}(*id*)`/top`{.descname} - : List the processes running inside a container. -@@ -254,10 +260,10 @@ docker v0.5.0 - - Builder (/build): - --- Simplify the upload of the build context --- Simply stream a tarball instead of multipart upload with 4 -- intermediary buffers --- Simpler, less memory usage, less disk usage and faster -+- Simplify the upload of the build context -+- Simply stream a tarball instead of multipart upload with 4 -+ intermediary buffers -+- Simpler, less memory usage, less disk usage and faster - - Warning - -@@ -266,23 +272,23 @@ break on /build. - - List containers (/containers/json): - --- You can use size=1 to get the size of the containers -+- You can use size=1 to get the size of the containers - - Start containers (/containers/\/start): - --- You can now pass host-specific configuration (e.g. bind mounts) in -- the POST body for start calls -+- You can now pass host-specific configuration (e.g. bind mounts) in -+ the POST body for start calls - --## Docker Remote API v1.2 -+### v1.2 - - docker v0.4.2 - [2e7649b](https://github.com/dotcloud/docker/commit/2e7649beda7c820793bd46766cbc2cfeace7b168) - --### Full Documentation -+#### Full Documentation - - [*Docker Remote API v1.2*](../docker_remote_api_v1.2/) - --### What’s New -+#### What’s new - - The auth configuration is now handled by the client. - -@@ -302,16 +308,16 @@ The client should send it’s authConfig as POST on each call of - : Now returns a JSON structure with the list of images - deleted/untagged. - --## Docker Remote API v1.1 -+### v1.1 - - docker v0.4.0 - [a8ae398](https://github.com/dotcloud/docker/commit/a8ae398bf52e97148ee7bd0d5868de2e15bd297f) - --### Full Documentation -+#### Full Documentation - - [*Docker Remote API v1.1*](../docker_remote_api_v1.1/) - --### What’s New -+#### What’s new - - `POST `{.descname}`/images/create`{.descname} - : -@@ -330,15 +336,15 @@ docker v0.4.0 - > {"error":"Invalid..."} - > ... - --## Docker Remote API v1.0 -+### v1.0 - - docker v0.3.4 - [8d73740](https://github.com/dotcloud/docker/commit/8d73740343778651c09160cde9661f5f387b36f4) - --### Full Documentation -+#### Full Documentation - - [*Docker Remote API v1.0*](../docker_remote_api_v1.0/) - --### What’s New -+#### What’s new - - Initial version -diff --git a/docs/sources/reference/api/docker_remote_api_v1.0.md b/docs/sources/reference/api/docker_remote_api_v1.0.md -index 6bb0fcb..30b1718 100644 ---- a/docs/sources/reference/api/docker_remote_api_v1.0.md -+++ b/docs/sources/reference/api/docker_remote_api_v1.0.md -@@ -2,21 +2,70 @@ page_title: Remote API v1.0 - page_description: API Documentation for Docker - page_keywords: API, Docker, rcli, REST, documentation - --# Docker Remote API v1.0 -- --## Introduction -- --- The Remote API is replacing rcli --- Default port in the docker daemon is 4243 --- The API tends to be REST, but for some complex commands, like attach -+# [Docker Remote API v1.0](#id1) -+ -+Table of Contents -+ -+- [Docker Remote API v1.0](#docker-remote-api-v1-0) -+ - [1. Brief introduction](#brief-introduction) -+ - [2. Endpoints](#endpoints) -+ - [2.1 Containers](#containers) -+ - [List containers](#list-containers) -+ - [Create a container](#create-a-container) -+ - [Inspect a container](#inspect-a-container) -+ - [Inspect changes on a container’s -+ filesystem](#inspect-changes-on-a-container-s-filesystem) -+ - [Export a container](#export-a-container) -+ - [Start a container](#start-a-container) -+ - [Stop a container](#stop-a-container) -+ - [Restart a container](#restart-a-container) -+ - [Kill a container](#kill-a-container) -+ - [Attach to a container](#attach-to-a-container) -+ - [Wait a container](#wait-a-container) -+ - [Remove a container](#remove-a-container) -+ - [2.2 Images](#images) -+ - [List Images](#list-images) -+ - [Create an image](#create-an-image) -+ - [Insert a file in an image](#insert-a-file-in-an-image) -+ - [Inspect an image](#inspect-an-image) -+ - [Get the history of an -+ image](#get-the-history-of-an-image) -+ - [Push an image on the -+ registry](#push-an-image-on-the-registry) -+ - [Tag an image into a -+ repository](#tag-an-image-into-a-repository) -+ - [Remove an image](#remove-an-image) -+ - [Search images](#search-images) -+ - [2.3 Misc](#misc) -+ - [Build an image from Dockerfile via -+ stdin](#build-an-image-from-dockerfile-via-stdin) -+ - [Get default username and -+ email](#get-default-username-and-email) -+ - [Check auth configuration and store -+ it](#check-auth-configuration-and-store-it) -+ - [Display system-wide -+ information](#display-system-wide-information) -+ - [Show the docker version -+ information](#show-the-docker-version-information) -+ - [Create a new image from a container’s -+ changes](#create-a-new-image-from-a-container-s-changes) -+ - [3. Going further](#going-further) -+ - [3.1 Inside ‘docker run’](#inside-docker-run) -+ - [3.2 Hijacking](#hijacking) -+ -+## [1. Brief introduction](#id2) -+ -+- The Remote API is replacing rcli -+- Default port in the docker daemon is 4243 -+- The API tends to be REST, but for some complex commands, like attach - or pull, the HTTP connection is hijacked to transport stdout stdin - and stderr - --## Endpoints -+## [2. Endpoints](#id3) - --### Containers -+### [2.1 Containers](#id4) - --### List containers: -+#### [List containers](#id5) - - `GET `{.descname}`/containers/json`{.descname} - : List containers -@@ -65,22 +114,22 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **all** – 1/True/true or 0/False/false, Show all containers. -+ - **all** – 1/True/true or 0/False/false, Show all containers. - Only running containers are shown by default -- - **limit** – Show `limit` last created -+ - **limit** – Show `limit` last created - containers, include non-running ones. -- - **since** – Show only containers created since Id, include -+ - **since** – Show only containers created since Id, include - non-running ones. -- - **before** – Show only containers created before Id, include -+ - **before** – Show only containers created before Id, include - non-running ones. - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **500** – server error - --### Create a container: -+#### [Create a container](#id6) - - `POST `{.descname}`/containers/create`{.descname} - : Create a container -@@ -126,16 +175,16 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **config** – the container’s configuration -+ - **config** – the container’s configuration - - Status Codes: - -- - **201** – no error -- - **404** – no such container -- - **406** – impossible to attach (container not running) -- - **500** – server error -+ - **201** – no error -+ - **404** – no such container -+ - **406** – impossible to attach (container not running) -+ - **500** – server error - --### Inspect a container: -+#### [Inspect a container](#id7) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/json`{.descname} - : Return low-level information on the container `id`{.docutils -@@ -198,11 +247,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Inspect changes on a container’s filesystem:] -+#### [Inspect changes on a container’s filesystem](#id8) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/changes`{.descname} - : Inspect changes on container `id` ‘s filesystem -@@ -233,11 +282,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Export a container: -+#### [Export a container](#id9) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/export`{.descname} - : Export the contents of container `id` -@@ -255,11 +304,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Start a container: -+#### [Start a container](#id10) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/start`{.descname} - : Start the container `id` -@@ -274,11 +323,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Stop a container: -+#### [Stop a container](#id11) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/stop`{.descname} - : Stop the container `id` -@@ -295,15 +344,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – number of seconds to wait before killing the container -+ - **t** – number of seconds to wait before killing the container - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Restart a container: -+#### [Restart a container](#id12) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/restart`{.descname} - : Restart the container `id` -@@ -320,15 +369,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – number of seconds to wait before killing the container -+ - **t** – number of seconds to wait before killing the container - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Kill a container: -+#### [Kill a container](#id13) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/kill`{.descname} - : Kill the container `id` -@@ -343,11 +392,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Attach to a container: -+#### [Attach to a container](#id14) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/attach`{.descname} - : Attach to the container `id` -@@ -367,25 +416,25 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **logs** – 1/True/true or 0/False/false, return logs. Default -+ - **logs** – 1/True/true or 0/False/false, return logs. Default - false -- - **stream** – 1/True/true or 0/False/false, return stream. -+ - **stream** – 1/True/true or 0/False/false, return stream. - Default false -- - **stdin** – 1/True/true or 0/False/false, if stream=true, attach -+ - **stdin** – 1/True/true or 0/False/false, if stream=true, attach - to stdin. Default false -- - **stdout** – 1/True/true or 0/False/false, if logs=true, return -+ - **stdout** – 1/True/true or 0/False/false, if logs=true, return - stdout log, if stream=true, attach to stdout. Default false -- - **stderr** – 1/True/true or 0/False/false, if logs=true, return -+ - **stderr** – 1/True/true or 0/False/false, if logs=true, return - stderr log, if stream=true, attach to stderr. Default false - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **404** – no such container -+ - **500** – server error - --### Wait a container: -+#### [Wait a container](#id15) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/wait`{.descname} - : Block until container `id` stops, then returns -@@ -404,11 +453,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Remove a container: -+#### [Remove a container](#id16) - - `DELETE `{.descname}`/containers/`{.descname}(*id*) - : Remove the container `id` from the filesystem -@@ -425,19 +474,19 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **v** – 1/True/true or 0/False/false, Remove the volumes -+ - **v** – 1/True/true or 0/False/false, Remove the volumes - associated to the container. Default false - - Status Codes: - -- - **204** – no error -- - **400** – bad parameter -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **400** – bad parameter -+ - **404** – no such container -+ - **500** – server error - --## Images -+### [2.2 Images](#id17) - --### List images: -+#### [List Images](#id18) - - `GET `{.descname}`/images/`{.descname}(*format*) - : List images `format` could be json or viz (json -@@ -498,16 +547,16 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **all** – 1/True/true or 0/False/false, Show all containers. -+ - **all** – 1/True/true or 0/False/false, Show all containers. - Only running containers are shown by default - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **500** – server error - --### Create an image: -+#### [Create an image](#id19) - - `POST `{.descname}`/images/create`{.descname} - : Create an image, either by pull it from the registry or by importing -@@ -528,18 +577,18 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **fromImage** – name of the image to pull -- - **fromSrc** – source to import, - means stdin -- - **repo** – repository -- - **tag** – tag -- - **registry** – the registry to pull from -+ - **fromImage** – name of the image to pull -+ - **fromSrc** – source to import, - means stdin -+ - **repo** – repository -+ - **tag** – tag -+ - **registry** – the registry to pull from - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Insert a file in an image: -+#### [Insert a file in an image](#id20) - - `POST `{.descname}`/images/`{.descname}(*name*)`/insert`{.descname} - : Insert a file from `url` in the image -@@ -557,10 +606,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Inspect an image: -+#### [Inspect an image](#id21) - - `GET `{.descname}`/images/`{.descname}(*name*)`/json`{.descname} - : Return low-level information on the image `name` -@@ -603,11 +652,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Get the history of an image: -+#### [Get the history of an image](#id22) - - `GET `{.descname}`/images/`{.descname}(*name*)`/history`{.descname} - : Return the history of the image `name` -@@ -636,11 +685,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Push an image on the registry: -+#### [Push an image on the registry](#id23) - - `POST `{.descname}`/images/`{.descname}(*name*)`/push`{.descname} - : Push the image `name` on the registry -@@ -660,15 +709,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **registry** – the registry you wan to push, optional -+ - **registry** – the registry you wan to push, optional - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Tag an image into a repository: -+#### [Tag an image into a repository](#id24) - - `POST `{.descname}`/images/`{.descname}(*name*)`/tag`{.descname} - : Tag the image `name` into a repository -@@ -685,17 +734,17 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **repo** – The repository to tag in -- - **force** – 1/True/true or 0/False/false, default false -+ - **repo** – The repository to tag in -+ - **force** – 1/True/true or 0/False/false, default false - - Status Codes: - -- - **201** – no error -- - **400** – bad parameter -- - **404** – no such image -- - **500** – server error -+ - **201** – no error -+ - **400** – bad parameter -+ - **404** – no such image -+ - **500** – server error - --### Remove an image: -+#### [Remove an image](#id25) - - `DELETE `{.descname}`/images/`{.descname}(*name*) - : Remove the image `name` from the filesystem -@@ -710,11 +759,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **204** – no error -- - **404** – no such image -- - **500** – server error -+ - **204** – no error -+ - **404** – no such image -+ - **500** – server error - --### Search images: -+#### [Search images](#id26) - - `GET `{.descname}`/images/search`{.descname} - : Search for an image in the docker index -@@ -747,9 +796,9 @@ page_keywords: API, Docker, rcli, REST, documentation - :statuscode 200: no error - :statuscode 500: server error - --## Misc -+### [2.3 Misc](#id27) - --### Build an image from Dockerfile via stdin: -+#### [Build an image from Dockerfile via stdin](#id28) - - `POST `{.descname}`/build`{.descname} - : Build an image from Dockerfile via stdin -@@ -770,15 +819,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – repository name to be applied to the resulting image in -+ - **t** – repository name to be applied to the resulting image in - case of success - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --#### [Get default username and email -+#### [Get default username and email](#id29) - - `GET `{.descname}`/auth`{.descname} - : Get the default username and email -@@ -799,10 +848,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Check auth configuration: and store it -+#### [Check auth configuration and store it](#id30) - - `POST `{.descname}`/auth`{.descname} - : Get the default username and email -@@ -824,11 +873,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **204** – no error -- - **500** – server error -+ - **200** – no error -+ - **204** – no error -+ - **500** – server error - --### Display system-wide information: -+#### [Display system-wide information](#id31) - - `GET `{.descname}`/info`{.descname} - : Display system-wide information -@@ -854,10 +903,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Show the docker version information: -+#### [Show the docker version information](#id32) - - `GET `{.descname}`/version`{.descname} - : Show the docker version information -@@ -879,10 +928,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Create a new image from a container’s changes: -+#### [Create a new image from a container’s changes](#id33) - - `POST `{.descname}`/commit`{.descname} - : Create a new image from a container’s changes -@@ -908,41 +957,41 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **container** – source container -- - **repo** – repository -- - **tag** – tag -- - **m** – commit message -- - **author** – author (eg. “John Hannibal Smith -+ - **container** – source container -+ - **repo** – repository -+ - **tag** – tag -+ - **m** – commit message -+ - **author** – author (eg. “John Hannibal Smith - \<[hannibal@a-team.com](mailto:hannibal%40a-team.com)\>”) - - Status Codes: - -- - **201** – no error -- - **404** – no such container -- - **500** – server error -+ - **201** – no error -+ - **404** – no such container -+ - **500** – server error - --## Going Further -+## [3. Going further](#id34) - --### Inside ‘docker run’ -+### [3.1 Inside ‘docker run’](#id35) - - Here are the steps of ‘docker run’ : - --- Create the container -+- Create the container - --- If the status code is 404, it means the image doesn’t exists: -- : - Try to pull it -- - Then retry to create the container -+- If the status code is 404, it means the image doesn’t exists: -+ : - Try to pull it -+ - Then retry to create the container - --- Start the container -+- Start the container - --- If you are not in detached mode: -- : - Attach to the container, using logs=1 (to have stdout and -+- If you are not in detached mode: -+ : - Attach to the container, using logs=1 (to have stdout and - stderr from the container’s start) and stream=1 - --- If in detached mode or only stdin is attached: -- : - Display the container’s id -+- If in detached mode or only stdin is attached: -+ : - Display the container’s id - --### Hijacking -+### [3.2 Hijacking](#id36) - - In this first version of the API, some of the endpoints, like /attach, - /pull or /push uses hijacking to transport stdin, stdout and stderr on -diff --git a/docs/sources/reference/api/docker_remote_api_v1.1.md b/docs/sources/reference/api/docker_remote_api_v1.1.md -index 476b942..2d510f4 100644 ---- a/docs/sources/reference/api/docker_remote_api_v1.1.md -+++ b/docs/sources/reference/api/docker_remote_api_v1.1.md -@@ -2,21 +2,70 @@ page_title: Remote API v1.1 - page_description: API Documentation for Docker - page_keywords: API, Docker, rcli, REST, documentation - --# Docker Remote API v1.1 -- --## Introduction -- --- The Remote API is replacing rcli --- Default port in the docker daemon is 4243 --- The API tends to be REST, but for some complex commands, like attach -+# [Docker Remote API v1.1](#id1) -+ -+Table of Contents -+ -+- [Docker Remote API v1.1](#docker-remote-api-v1-1) -+ - [1. Brief introduction](#brief-introduction) -+ - [2. Endpoints](#endpoints) -+ - [2.1 Containers](#containers) -+ - [List containers](#list-containers) -+ - [Create a container](#create-a-container) -+ - [Inspect a container](#inspect-a-container) -+ - [Inspect changes on a container’s -+ filesystem](#inspect-changes-on-a-container-s-filesystem) -+ - [Export a container](#export-a-container) -+ - [Start a container](#start-a-container) -+ - [Stop a container](#stop-a-container) -+ - [Restart a container](#restart-a-container) -+ - [Kill a container](#kill-a-container) -+ - [Attach to a container](#attach-to-a-container) -+ - [Wait a container](#wait-a-container) -+ - [Remove a container](#remove-a-container) -+ - [2.2 Images](#images) -+ - [List Images](#list-images) -+ - [Create an image](#create-an-image) -+ - [Insert a file in an image](#insert-a-file-in-an-image) -+ - [Inspect an image](#inspect-an-image) -+ - [Get the history of an -+ image](#get-the-history-of-an-image) -+ - [Push an image on the -+ registry](#push-an-image-on-the-registry) -+ - [Tag an image into a -+ repository](#tag-an-image-into-a-repository) -+ - [Remove an image](#remove-an-image) -+ - [Search images](#search-images) -+ - [2.3 Misc](#misc) -+ - [Build an image from Dockerfile via -+ stdin](#build-an-image-from-dockerfile-via-stdin) -+ - [Get default username and -+ email](#get-default-username-and-email) -+ - [Check auth configuration and store -+ it](#check-auth-configuration-and-store-it) -+ - [Display system-wide -+ information](#display-system-wide-information) -+ - [Show the docker version -+ information](#show-the-docker-version-information) -+ - [Create a new image from a container’s -+ changes](#create-a-new-image-from-a-container-s-changes) -+ - [3. Going further](#going-further) -+ - [3.1 Inside ‘docker run’](#inside-docker-run) -+ - [3.2 Hijacking](#hijacking) -+ -+## [1. Brief introduction](#id2) -+ -+- The Remote API is replacing rcli -+- Default port in the docker daemon is 4243 -+- The API tends to be REST, but for some complex commands, like attach - or pull, the HTTP connection is hijacked to transport stdout stdin - and stderr - --## Endpoints -+## [2. Endpoints](#id3) - --### Containers -+### [2.1 Containers](#id4) - --### List containers: -+#### [List containers](#id5) - - `GET `{.descname}`/containers/json`{.descname} - : List containers -@@ -65,22 +114,22 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **all** – 1/True/true or 0/False/false, Show all containers. -+ - **all** – 1/True/true or 0/False/false, Show all containers. - Only running containers are shown by default -- - **limit** – Show `limit` last created -+ - **limit** – Show `limit` last created - containers, include non-running ones. -- - **since** – Show only containers created since Id, include -+ - **since** – Show only containers created since Id, include - non-running ones. -- - **before** – Show only containers created before Id, include -+ - **before** – Show only containers created before Id, include - non-running ones. - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **500** – server error - --### Create a container: -+#### [Create a container](#id6) - - `POST `{.descname}`/containers/create`{.descname} - : Create a container -@@ -126,16 +175,16 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **config** – the container’s configuration -+ - **config** – the container’s configuration - - Status Codes: - -- - **201** – no error -- - **404** – no such container -- - **406** – impossible to attach (container not running) -- - **500** – server error -+ - **201** – no error -+ - **404** – no such container -+ - **406** – impossible to attach (container not running) -+ - **500** – server error - --### Inspect a container: -+#### [Inspect a container](#id7) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/json`{.descname} - : Return low-level information on the container `id`{.docutils -@@ -198,11 +247,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Inspect changes on a container’s filesystem:] -+#### [Inspect changes on a container’s filesystem](#id8) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/changes`{.descname} - : Inspect changes on container `id` ‘s filesystem -@@ -233,11 +282,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Export a container: -+#### [Export a container](#id9) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/export`{.descname} - : Export the contents of container `id` -@@ -255,11 +304,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Start a container: -+#### [Start a container](#id10) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/start`{.descname} - : Start the container `id` -@@ -274,11 +323,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Stop a container: -+#### [Stop a container](#id11) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/stop`{.descname} - : Stop the container `id` -@@ -295,15 +344,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – number of seconds to wait before killing the container -+ - **t** – number of seconds to wait before killing the container - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Restart a container: -+#### [Restart a container](#id12) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/restart`{.descname} - : Restart the container `id` -@@ -320,15 +369,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – number of seconds to wait before killing the container -+ - **t** – number of seconds to wait before killing the container - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Kill a container: -+#### [Kill a container](#id13) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/kill`{.descname} - : Kill the container `id` -@@ -343,11 +392,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Attach to a container: -+#### [Attach to a container](#id14) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/attach`{.descname} - : Attach to the container `id` -@@ -367,25 +416,25 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **logs** – 1/True/true or 0/False/false, return logs. Default -+ - **logs** – 1/True/true or 0/False/false, return logs. Default - false -- - **stream** – 1/True/true or 0/False/false, return stream. -+ - **stream** – 1/True/true or 0/False/false, return stream. - Default false -- - **stdin** – 1/True/true or 0/False/false, if stream=true, attach -+ - **stdin** – 1/True/true or 0/False/false, if stream=true, attach - to stdin. Default false -- - **stdout** – 1/True/true or 0/False/false, if logs=true, return -+ - **stdout** – 1/True/true or 0/False/false, if logs=true, return - stdout log, if stream=true, attach to stdout. Default false -- - **stderr** – 1/True/true or 0/False/false, if logs=true, return -+ - **stderr** – 1/True/true or 0/False/false, if logs=true, return - stderr log, if stream=true, attach to stderr. Default false - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **404** – no such container -+ - **500** – server error - --### Wait a container: -+#### [Wait a container](#id15) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/wait`{.descname} - : Block until container `id` stops, then returns -@@ -404,11 +453,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Remove a container: -+#### [Remove a container](#id16) - - `DELETE `{.descname}`/containers/`{.descname}(*id*) - : Remove the container `id` from the filesystem -@@ -425,19 +474,19 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **v** – 1/True/true or 0/False/false, Remove the volumes -+ - **v** – 1/True/true or 0/False/false, Remove the volumes - associated to the container. Default false - - Status Codes: - -- - **204** – no error -- - **400** – bad parameter -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **400** – bad parameter -+ - **404** – no such container -+ - **500** – server error - --## Images -+### [2.2 Images](#id17) - --### List images: -+#### [List Images](#id18) - - `GET `{.descname}`/images/`{.descname}(*format*) - : List images `format` could be json or viz (json -@@ -498,16 +547,16 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **all** – 1/True/true or 0/False/false, Show all containers. -+ - **all** – 1/True/true or 0/False/false, Show all containers. - Only running containers are shown by default - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **500** – server error - --### Create an image: -+#### [Create an image](#id19) - - `POST `{.descname}`/images/create`{.descname} - : Create an image, either by pull it from the registry or by importing -@@ -531,18 +580,18 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **fromImage** – name of the image to pull -- - **fromSrc** – source to import, - means stdin -- - **repo** – repository -- - **tag** – tag -- - **registry** – the registry to pull from -+ - **fromImage** – name of the image to pull -+ - **fromSrc** – source to import, - means stdin -+ - **repo** – repository -+ - **tag** – tag -+ - **registry** – the registry to pull from - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Insert a file in an image: -+#### [Insert a file in an image](#id20) - - `POST `{.descname}`/images/`{.descname}(*name*)`/insert`{.descname} - : Insert a file from `url` in the image -@@ -564,10 +613,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Inspect an image: -+#### [Inspect an image](#id21) - - `GET `{.descname}`/images/`{.descname}(*name*)`/json`{.descname} - : Return low-level information on the image `name` -@@ -610,11 +659,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Get the history of an image: -+#### [Get the history of an image](#id22) - - `GET `{.descname}`/images/`{.descname}(*name*)`/history`{.descname} - : Return the history of the image `name` -@@ -643,11 +692,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Push an image on the registry: -+#### [Push an image on the registry](#id23) - - `POST `{.descname}`/images/`{.descname}(*name*)`/push`{.descname} - : Push the image `name` on the registry -@@ -670,15 +719,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **registry** – the registry you wan to push, optional -+ - **registry** – the registry you wan to push, optional - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Tag an image into a repository: -+#### [Tag an image into a repository](#id24) - - `POST `{.descname}`/images/`{.descname}(*name*)`/tag`{.descname} - : Tag the image `name` into a repository -@@ -695,18 +744,18 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **repo** – The repository to tag in -- - **force** – 1/True/true or 0/False/false, default false -+ - **repo** – The repository to tag in -+ - **force** – 1/True/true or 0/False/false, default false - - Status Codes: - -- - **201** – no error -- - **400** – bad parameter -- - **404** – no such image -- - **409** – conflict -- - **500** – server error -+ - **201** – no error -+ - **400** – bad parameter -+ - **404** – no such image -+ - **409** – conflict -+ - **500** – server error - --### Remove an image: -+#### [Remove an image](#id25) - - `DELETE `{.descname}`/images/`{.descname}(*name*) - : Remove the image `name` from the filesystem -@@ -721,11 +770,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **204** – no error -- - **404** – no such image -- - **500** – server error -+ - **204** – no error -+ - **404** – no such image -+ - **500** – server error - --### Search images: -+#### [Search images](#id26) - - `GET `{.descname}`/images/search`{.descname} - : Search for an image in the docker index -@@ -758,9 +807,9 @@ page_keywords: API, Docker, rcli, REST, documentation - :statuscode 200: no error - :statuscode 500: server error - --## Misc -+### [2.3 Misc](#id27) - --### Build an image from Dockerfile via stdin: -+#### [Build an image from Dockerfile via stdin](#id28) - - `POST `{.descname}`/build`{.descname} - : Build an image from Dockerfile via stdin -@@ -781,15 +830,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – tag to be applied to the resulting image in case of -+ - **t** – tag to be applied to the resulting image in case of - success - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --#### [Get default username and email -+#### [Get default username and email](#id29) - - `GET `{.descname}`/auth`{.descname} - : Get the default username and email -@@ -810,10 +859,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Check auth configuration: and store it -+#### [Check auth configuration and store it](#id30) - - `POST `{.descname}`/auth`{.descname} - : Get the default username and email -@@ -835,11 +884,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **204** – no error -- - **500** – server error -+ - **200** – no error -+ - **204** – no error -+ - **500** – server error - --### Display system-wide information: -+#### [Display system-wide information](#id31) - - `GET `{.descname}`/info`{.descname} - : Display system-wide information -@@ -865,10 +914,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Show the docker version information: -+#### [Show the docker version information](#id32) - - `GET `{.descname}`/version`{.descname} - : Show the docker version information -@@ -890,10 +939,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Create a new image from a container’s changes: -+#### [Create a new image from a container’s changes](#id33) - - `POST `{.descname}`/commit`{.descname} - : Create a new image from a container’s changes -@@ -919,41 +968,41 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **container** – source container -- - **repo** – repository -- - **tag** – tag -- - **m** – commit message -- - **author** – author (eg. “John Hannibal Smith -+ - **container** – source container -+ - **repo** – repository -+ - **tag** – tag -+ - **m** – commit message -+ - **author** – author (eg. “John Hannibal Smith - \<[hannibal@a-team.com](mailto:hannibal%40a-team.com)\>”) - - Status Codes: - -- - **201** – no error -- - **404** – no such container -- - **500** – server error -+ - **201** – no error -+ - **404** – no such container -+ - **500** – server error - --## Going Further -+## [3. Going further](#id34) - --### Inside ‘docker run’ -+### [3.1 Inside ‘docker run’](#id35) - - Here are the steps of ‘docker run’ : - --- Create the container -+- Create the container - --- If the status code is 404, it means the image doesn’t exists: -- : - Try to pull it -- - Then retry to create the container -+- If the status code is 404, it means the image doesn’t exists: -+ : - Try to pull it -+ - Then retry to create the container - --- Start the container -+- Start the container - --- If you are not in detached mode: -- : - Attach to the container, using logs=1 (to have stdout and -+- If you are not in detached mode: -+ : - Attach to the container, using logs=1 (to have stdout and - stderr from the container’s start) and stream=1 - --- If in detached mode or only stdin is attached: -- : - Display the container’s id -+- If in detached mode or only stdin is attached: -+ : - Display the container’s id - --### Hijacking -+### [3.2 Hijacking](#id36) - - In this version of the API, /attach uses hijacking to transport stdin, - stdout and stderr on the same socket. This might change in the future. -diff --git a/docs/sources/reference/api/docker_remote_api_v1.10.md b/docs/sources/reference/api/docker_remote_api_v1.10.md -index b6aa5bc..2a99f72 100644 ---- a/docs/sources/reference/api/docker_remote_api_v1.10.md -+++ b/docs/sources/reference/api/docker_remote_api_v1.10.md -@@ -2,24 +2,80 @@ page_title: Remote API v1.10 - page_description: API Documentation for Docker - page_keywords: API, Docker, rcli, REST, documentation - --# Docker Remote API v1.10 -- --## Introduction -- --- The Remote API has replaced rcli --- The daemon listens on `unix:///var/run/docker.sock`{.docutils -+# [Docker Remote API v1.10](#id1) -+ -+Table of Contents -+ -+- [Docker Remote API v1.10](#docker-remote-api-v1-10) -+ - [1. Brief introduction](#brief-introduction) -+ - [2. Endpoints](#endpoints) -+ - [2.1 Containers](#containers) -+ - [List containers](#list-containers) -+ - [Create a container](#create-a-container) -+ - [Inspect a container](#inspect-a-container) -+ - [List processes running inside a -+ container](#list-processes-running-inside-a-container) -+ - [Inspect changes on a container’s -+ filesystem](#inspect-changes-on-a-container-s-filesystem) -+ - [Export a container](#export-a-container) -+ - [Start a container](#start-a-container) -+ - [Stop a container](#stop-a-container) -+ - [Restart a container](#restart-a-container) -+ - [Kill a container](#kill-a-container) -+ - [Attach to a container](#attach-to-a-container) -+ - [Wait a container](#wait-a-container) -+ - [Remove a container](#remove-a-container) -+ - [Copy files or folders from a -+ container](#copy-files-or-folders-from-a-container) -+ - [2.2 Images](#images) -+ - [List Images](#list-images) -+ - [Create an image](#create-an-image) -+ - [Insert a file in an image](#insert-a-file-in-an-image) -+ - [Inspect an image](#inspect-an-image) -+ - [Get the history of an -+ image](#get-the-history-of-an-image) -+ - [Push an image on the -+ registry](#push-an-image-on-the-registry) -+ - [Tag an image into a -+ repository](#tag-an-image-into-a-repository) -+ - [Remove an image](#remove-an-image) -+ - [Search images](#search-images) -+ - [2.3 Misc](#misc) -+ - [Build an image from Dockerfile via -+ stdin](#build-an-image-from-dockerfile-via-stdin) -+ - [Check auth configuration](#check-auth-configuration) -+ - [Display system-wide -+ information](#display-system-wide-information) -+ - [Show the docker version -+ information](#show-the-docker-version-information) -+ - [Create a new image from a container’s -+ changes](#create-a-new-image-from-a-container-s-changes) -+ - [Monitor Docker’s events](#monitor-docker-s-events) -+ - [Get a tarball containing all images and tags in a -+ repository](#get-a-tarball-containing-all-images-and-tags-in-a-repository) -+ - [Load a tarball with a set of images and tags into -+ docker](#load-a-tarball-with-a-set-of-images-and-tags-into-docker) -+ - [3. Going further](#going-further) -+ - [3.1 Inside ‘docker run’](#inside-docker-run) -+ - [3.2 Hijacking](#hijacking) -+ - [3.3 CORS Requests](#cors-requests) -+ -+## [1. Brief introduction](#id2) -+ -+- The Remote API has replaced rcli -+- The daemon listens on `unix:///var/run/docker.sock`{.docutils - .literal}, but you can [*Bind Docker to another host/port or a Unix - socket*](../../../use/basics/#bind-docker). --- The API tends to be REST, but for some complex commands, like -+- The API tends to be REST, but for some complex commands, like - `attach` or `pull`{.docutils .literal}, the HTTP - connection is hijacked to transport `stdout, stdin`{.docutils - .literal} and `stderr` - --## Endpoints -+## [2. Endpoints](#id3) - --### Containers -+### [2.1 Containers](#id4) - --### List containers: -+#### [List containers](#id5) - - `GET `{.descname}`/containers/json`{.descname} - : List containers -@@ -80,24 +136,24 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **all** – 1/True/true or 0/False/false, Show all containers. -+ - **all** – 1/True/true or 0/False/false, Show all containers. - Only running containers are shown by default -- - **limit** – Show `limit` last created -+ - **limit** – Show `limit` last created - containers, include non-running ones. -- - **since** – Show only containers created since Id, include -+ - **since** – Show only containers created since Id, include - non-running ones. -- - **before** – Show only containers created before Id, include -+ - **before** – Show only containers created before Id, include - non-running ones. -- - **size** – 1/True/true or 0/False/false, Show the containers -+ - **size** – 1/True/true or 0/False/false, Show the containers - sizes - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **500** – server error - --### Create a container: -+#### [Create a container](#id6) - - `POST `{.descname}`/containers/create`{.descname} - : Create a container -@@ -130,6 +186,7 @@ page_keywords: API, Docker, rcli, REST, documentation - }, - "VolumesFrom":"", - "WorkingDir":"", -+ "DisableNetwork": false, - "ExposedPorts":{ - "22/tcp": {} - } -@@ -149,23 +206,23 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **config** – the container’s configuration -+ - **config** – the container’s configuration - - Query Parameters: - -   - -- - **name** – Assign the specified name to the container. Must -+ - **name** – Assign the specified name to the container. Must - match `/?[a-zA-Z0-9_-]+`. - - Status Codes: - -- - **201** – no error -- - **404** – no such container -- - **406** – impossible to attach (container not running) -- - **500** – server error -+ - **201** – no error -+ - **404** – no such container -+ - **406** – impossible to attach (container not running) -+ - **500** – server error - --### Inspect a container: -+#### [Inspect a container](#id7) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/json`{.descname} - : Return low-level information on the container `id`{.docutils -@@ -246,11 +303,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### List processes running inside a container: -+#### [List processes running inside a container](#id8) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/top`{.descname} - : List processes running inside the container `id` -@@ -288,15 +345,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **ps\_args** – ps arguments to use (eg. aux) -+ - **ps\_args** – ps arguments to use (eg. aux) - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Inspect changes on a container’s filesystem: -+#### [Inspect changes on a container’s filesystem](#id9) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/changes`{.descname} - : Inspect changes on container `id` ‘s filesystem -@@ -327,11 +384,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Export a container: -+#### [Export a container](#id10) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/export`{.descname} - : Export the contents of container `id` -@@ -349,11 +406,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Start a container: -+#### [Start a container](#id11) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/start`{.descname} - : Start the container `id` -@@ -380,15 +437,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **hostConfig** – the container’s host configuration (optional) -+ - **hostConfig** – the container’s host configuration (optional) - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Stop a container: -+#### [Stop a container](#id12) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/stop`{.descname} - : Stop the container `id` -@@ -405,15 +462,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – number of seconds to wait before killing the container -+ - **t** – number of seconds to wait before killing the container - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Restart a container: -+#### [Restart a container](#id13) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/restart`{.descname} - : Restart the container `id` -@@ -430,15 +487,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – number of seconds to wait before killing the container -+ - **t** – number of seconds to wait before killing the container - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Kill a container: -+#### [Kill a container](#id14) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/kill`{.descname} - : Kill the container `id` -@@ -453,11 +510,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Attach to a container: -+#### [Attach to a container](#id15) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/attach`{.descname} - : Attach to the container `id` -@@ -477,23 +534,23 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **logs** – 1/True/true or 0/False/false, return logs. Default -+ - **logs** – 1/True/true or 0/False/false, return logs. Default - false -- - **stream** – 1/True/true or 0/False/false, return stream. -+ - **stream** – 1/True/true or 0/False/false, return stream. - Default false -- - **stdin** – 1/True/true or 0/False/false, if stream=true, attach -+ - **stdin** – 1/True/true or 0/False/false, if stream=true, attach - to stdin. Default false -- - **stdout** – 1/True/true or 0/False/false, if logs=true, return -+ - **stdout** – 1/True/true or 0/False/false, if logs=true, return - stdout log, if stream=true, attach to stdout. Default false -- - **stderr** – 1/True/true or 0/False/false, if logs=true, return -+ - **stderr** – 1/True/true or 0/False/false, if logs=true, return - stderr log, if stream=true, attach to stderr. Default false - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **404** – no such container -+ - **500** – server error - - **Stream details**: - -@@ -518,9 +575,9 @@ page_keywords: API, Docker, rcli, REST, documentation - - `STREAM_TYPE` can be: - -- - 0: stdin (will be writen on stdout) -- - 1: stdout -- - 2: stderr -+ - 0: stdin (will be writen on stdout) -+ - 1: stdout -+ - 2: stderr - - `SIZE1, SIZE2, SIZE3, SIZE4` are the 4 bytes of - the uint32 size encoded as big endian. -@@ -539,7 +596,7 @@ page_keywords: API, Docker, rcli, REST, documentation - 4. Read the extracted size and output it on the correct output - 5. Goto 1) - --### Wait a container: -+#### [Wait a container](#id16) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/wait`{.descname} - : Block until container `id` stops, then returns -@@ -558,11 +615,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Remove a container: -+#### [Remove a container](#id17) - - `DELETE `{.descname}`/containers/`{.descname}(*id*) - : Remove the container `id` from the filesystem -@@ -579,17 +636,19 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **v** – 1/True/true or 0/False/false, Remove the volumes -+ - **v** – 1/True/true or 0/False/false, Remove the volumes - associated to the container. Default false -+ - **force** – 1/True/true or 0/False/false, Removes the container -+ even if it was running. Default false - - Status Codes: - -- - **204** – no error -- - **400** – bad parameter -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **400** – bad parameter -+ - **404** – no such container -+ - **500** – server error - --### Copy files or folders from a container: -+#### [Copy files or folders from a container](#id18) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/copy`{.descname} - : Copy files or folders of container `id` -@@ -612,13 +671,13 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --## Images -+### [2.2 Images](#id19) - --### List images: -+#### [List Images](#id20) - - `GET `{.descname}`/images/json`{.descname} - : **Example request**: -@@ -655,7 +714,7 @@ page_keywords: API, Docker, rcli, REST, documentation - } - ] - --### Create an image: -+#### [Create an image](#id21) - - `POST `{.descname}`/images/create`{.descname} - : Create an image, either by pull it from the registry or by importing -@@ -683,24 +742,24 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **fromImage** – name of the image to pull -- - **fromSrc** – source to import, - means stdin -- - **repo** – repository -- - **tag** – tag -- - **registry** – the registry to pull from -+ - **fromImage** – name of the image to pull -+ - **fromSrc** – source to import, - means stdin -+ - **repo** – repository -+ - **tag** – tag -+ - **registry** – the registry to pull from - - Request Headers: - -   - -- - **X-Registry-Auth** – base64-encoded AuthConfig object -+ - **X-Registry-Auth** – base64-encoded AuthConfig object - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Insert a file in an image: -+#### [Insert a file in an image](#id22) - - `POST `{.descname}`/images/`{.descname}(*name*)`/insert`{.descname} - : Insert a file from `url` in the image -@@ -722,10 +781,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Inspect an image: -+#### [Inspect an image](#id23) - - `GET `{.descname}`/images/`{.descname}(*name*)`/json`{.descname} - : Return low-level information on the image `name` -@@ -770,11 +829,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Get the history of an image: -+#### [Get the history of an image](#id24) - - `GET `{.descname}`/images/`{.descname}(*name*)`/history`{.descname} - : Return the history of the image `name` -@@ -803,11 +862,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Push an image on the registry: -+#### [Push an image on the registry](#id25) - - `POST `{.descname}`/images/`{.descname}(*name*)`/push`{.descname} - : Push the image `name` on the registry -@@ -830,22 +889,22 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **registry** – the registry you wan to push, optional -+ - **registry** – the registry you wan to push, optional - - Request Headers: - -   - -- - **X-Registry-Auth** – include a base64-encoded AuthConfig -+ - **X-Registry-Auth** – include a base64-encoded AuthConfig - object. - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Tag an image into a repository: -+#### [Tag an image into a repository](#id26) - - `POST `{.descname}`/images/`{.descname}(*name*)`/tag`{.descname} - : Tag the image `name` into a repository -@@ -862,18 +921,18 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **repo** – The repository to tag in -- - **force** – 1/True/true or 0/False/false, default false -+ - **repo** – The repository to tag in -+ - **force** – 1/True/true or 0/False/false, default false - - Status Codes: - -- - **201** – no error -- - **400** – bad parameter -- - **404** – no such image -- - **409** – conflict -- - **500** – server error -+ - **201** – no error -+ - **400** – bad parameter -+ - **404** – no such image -+ - **409** – conflict -+ - **500** – server error - --### Remove an image: -+#### [Remove an image](#id27) - - `DELETE `{.descname}`/images/`{.descname}(*name*) - : Remove the image `name` from the filesystem -@@ -897,16 +956,17 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **force** – 1/True/true or 0/False/false, default false -+ - **force** – 1/True/true or 0/False/false, default false -+ - **noprune** – 1/True/true or 0/False/false, default false - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **409** – conflict -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **409** – conflict -+ - **500** – server error - --### Search images: -+#### [Search images](#id28) - - `GET `{.descname}`/images/search`{.descname} - : Search for an image in the docker index. -@@ -954,16 +1014,16 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **term** – term to search -+ - **term** – term to search - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --## Misc -+### [2.3 Misc](#id29) - --### Build an image from Dockerfile via stdin: -+#### [Build an image from Dockerfile via stdin](#id30) - - `POST `{.descname}`/build`{.descname} - : Build an image from Dockerfile via stdin -@@ -995,25 +1055,25 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – repository name (and optionally a tag) to be applied to -+ - **t** – repository name (and optionally a tag) to be applied to - the resulting image in case of success -- - **q** – suppress verbose build output -- - **nocache** – do not use the cache when building the image -+ - **q** – suppress verbose build output -+ - **nocache** – do not use the cache when building the image - - Request Headers: - -   - -- - **Content-type** – should be set to -+ - **Content-type** – should be set to - `"application/tar"`. -- - **X-Registry-Config** – base64-encoded ConfigFile object -+ - **X-Registry-Config** – base64-encoded ConfigFile object - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Check auth configuration: -+#### [Check auth configuration](#id31) - - `POST `{.descname}`/auth`{.descname} - : Get the default username and email -@@ -1036,11 +1096,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **204** – no error -- - **500** – server error -+ - **200** – no error -+ - **204** – no error -+ - **500** – server error - --### Display system-wide information: -+#### [Display system-wide information](#id32) - - `GET `{.descname}`/info`{.descname} - : Display system-wide information -@@ -1067,10 +1127,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Show the docker version information: -+#### [Show the docker version information](#id33) - - `GET `{.descname}`/version`{.descname} - : Show the docker version information -@@ -1092,10 +1152,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Create a new image from a container’s changes: -+#### [Create a new image from a container’s changes](#id34) - - `POST `{.descname}`/commit`{.descname} - : Create a new image from a container’s changes -@@ -1115,22 +1175,22 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **container** – source container -- - **repo** – repository -- - **tag** – tag -- - **m** – commit message -- - **author** – author (eg. “John Hannibal Smith -+ - **container** – source container -+ - **repo** – repository -+ - **tag** – tag -+ - **m** – commit message -+ - **author** – author (eg. “John Hannibal Smith - \<[hannibal@a-team.com](mailto:hannibal%40a-team.com)\>”) -- - **run** – config automatically applied when the image is run. -+ - **run** – config automatically applied when the image is run. - (ex: {“Cmd”: [“cat”, “/world”], “PortSpecs”:[“22”]}) - - Status Codes: - -- - **201** – no error -- - **404** – no such container -- - **500** – server error -+ - **201** – no error -+ - **404** – no such container -+ - **500** – server error - --### Monitor Docker’s events: -+#### [Monitor Docker’s events](#id35) - - `GET `{.descname}`/events`{.descname} - : Get events from docker, either in real time via streaming, or via -@@ -1154,14 +1214,14 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **since** – timestamp used for polling -+ - **since** – timestamp used for polling - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Get a tarball containing all images and tags in a repository: -+#### [Get a tarball containing all images and tags in a repository](#id36) - - `GET `{.descname}`/images/`{.descname}(*name*)`/get`{.descname} - : Get a tarball containing all images and metadata for the repository -@@ -1180,10 +1240,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Load a tarball with a set of images and tags into docker: -+#### [Load a tarball with a set of images and tags into docker](#id37) - - `POST `{.descname}`/images/load`{.descname} - : Load a set of images and tags into the docker repository. -@@ -1200,38 +1260,38 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --## Going Further -+## [3. Going further](#id38) - --### Inside ‘docker run’ -+### [3.1 Inside ‘docker run’](#id39) - - Here are the steps of ‘docker run’ : - --- Create the container -+- Create the container - --- If the status code is 404, it means the image doesn’t exists: -- : - Try to pull it -- - Then retry to create the container -+- If the status code is 404, it means the image doesn’t exists: -+ : - Try to pull it -+ - Then retry to create the container - --- Start the container -+- Start the container - --- If you are not in detached mode: -- : - Attach to the container, using logs=1 (to have stdout and -+- If you are not in detached mode: -+ : - Attach to the container, using logs=1 (to have stdout and - stderr from the container’s start) and stream=1 - --- If in detached mode or only stdin is attached: -- : - Display the container’s id -+- If in detached mode or only stdin is attached: -+ : - Display the container’s id - --### Hijacking -+### [3.2 Hijacking](#id40) - - In this version of the API, /attach, uses hijacking to transport stdin, - stdout and stderr on the same socket. This might change in the future. - --### CORS Requests -+### [3.3 CORS Requests](#id41) - - To enable cross origin requests to the remote api add the flag --“-api-enable-cors” when running docker in daemon mode. -+“–api-enable-cors” when running docker in daemon mode. - -- docker -d -H="192.168.1.9:4243" -api-enable-cors -+ docker -d -H="192.168.1.9:4243" --api-enable-cors -diff --git a/docs/sources/reference/api/docker_remote_api_v1.2.md b/docs/sources/reference/api/docker_remote_api_v1.2.md -index 5a70c94..b11bce6 100644 ---- a/docs/sources/reference/api/docker_remote_api_v1.2.md -+++ b/docs/sources/reference/api/docker_remote_api_v1.2.md -@@ -2,21 +2,68 @@ page_title: Remote API v1.2 - page_description: API Documentation for Docker - page_keywords: API, Docker, rcli, REST, documentation - --# Docker Remote API v1.2 -- --## Introduction -- --- The Remote API is replacing rcli --- Default port in the docker daemon is 4243 --- The API tends to be REST, but for some complex commands, like attach -+# [Docker Remote API v1.2](#id1) -+ -+Table of Contents -+ -+- [Docker Remote API v1.2](#docker-remote-api-v1-2) -+ - [1. Brief introduction](#brief-introduction) -+ - [2. Endpoints](#endpoints) -+ - [2.1 Containers](#containers) -+ - [List containers](#list-containers) -+ - [Create a container](#create-a-container) -+ - [Inspect a container](#inspect-a-container) -+ - [Inspect changes on a container’s -+ filesystem](#inspect-changes-on-a-container-s-filesystem) -+ - [Export a container](#export-a-container) -+ - [Start a container](#start-a-container) -+ - [Stop a container](#stop-a-container) -+ - [Restart a container](#restart-a-container) -+ - [Kill a container](#kill-a-container) -+ - [Attach to a container](#attach-to-a-container) -+ - [Wait a container](#wait-a-container) -+ - [Remove a container](#remove-a-container) -+ - [2.2 Images](#images) -+ - [List Images](#list-images) -+ - [Create an image](#create-an-image) -+ - [Insert a file in an image](#insert-a-file-in-an-image) -+ - [Inspect an image](#inspect-an-image) -+ - [Get the history of an -+ image](#get-the-history-of-an-image) -+ - [Push an image on the -+ registry](#push-an-image-on-the-registry) -+ - [Tag an image into a -+ repository](#tag-an-image-into-a-repository) -+ - [Remove an image](#remove-an-image) -+ - [Search images](#search-images) -+ - [2.3 Misc](#misc) -+ - [Build an image from Dockerfile via -+ stdin](#build-an-image-from-dockerfile-via-stdin) -+ - [Check auth configuration](#check-auth-configuration) -+ - [Display system-wide -+ information](#display-system-wide-information) -+ - [Show the docker version -+ information](#show-the-docker-version-information) -+ - [Create a new image from a container’s -+ changes](#create-a-new-image-from-a-container-s-changes) -+ - [3. Going further](#going-further) -+ - [3.1 Inside ‘docker run’](#inside-docker-run) -+ - [3.2 Hijacking](#hijacking) -+ - [3.3 CORS Requests](#cors-requests) -+ -+## [1. Brief introduction](#id2) -+ -+- The Remote API is replacing rcli -+- Default port in the docker daemon is 4243 -+- The API tends to be REST, but for some complex commands, like attach - or pull, the HTTP connection is hijacked to transport stdout stdin - and stderr - --## Endpoints -+## [2. Endpoints](#id3) - --### Containers -+### [2.1 Containers](#id4) - --### List containers: -+#### [List containers](#id5) - - `GET `{.descname}`/containers/json`{.descname} - : List containers -@@ -77,22 +124,22 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **all** – 1/True/true or 0/False/false, Show all containers. -+ - **all** – 1/True/true or 0/False/false, Show all containers. - Only running containers are shown by default -- - **limit** – Show `limit` last created -+ - **limit** – Show `limit` last created - containers, include non-running ones. -- - **since** – Show only containers created since Id, include -+ - **since** – Show only containers created since Id, include - non-running ones. -- - **before** – Show only containers created before Id, include -+ - **before** – Show only containers created before Id, include - non-running ones. - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **500** – server error - --### Create a container: -+#### [Create a container](#id6) - - `POST `{.descname}`/containers/create`{.descname} - : Create a container -@@ -138,16 +185,16 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **config** – the container’s configuration -+ - **config** – the container’s configuration - - Status Codes: - -- - **201** – no error -- - **404** – no such container -- - **406** – impossible to attach (container not running) -- - **500** – server error -+ - **201** – no error -+ - **404** – no such container -+ - **406** – impossible to attach (container not running) -+ - **500** – server error - --### Inspect a container: -+#### [Inspect a container](#id7) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/json`{.descname} - : Return low-level information on the container `id`{.docutils -@@ -210,11 +257,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Inspect changes on a container’s filesystem:] -+#### [Inspect changes on a container’s filesystem](#id8) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/changes`{.descname} - : Inspect changes on container `id` ‘s filesystem -@@ -245,11 +292,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Export a container: -+#### [Export a container](#id9) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/export`{.descname} - : Export the contents of container `id` -@@ -267,11 +314,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Start a container: -+#### [Start a container](#id10) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/start`{.descname} - : Start the container `id` -@@ -286,11 +333,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Stop a container: -+#### [Stop a container](#id11) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/stop`{.descname} - : Stop the container `id` -@@ -307,15 +354,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – number of seconds to wait before killing the container -+ - **t** – number of seconds to wait before killing the container - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Restart a container: -+#### [Restart a container](#id12) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/restart`{.descname} - : Restart the container `id` -@@ -332,15 +379,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – number of seconds to wait before killing the container -+ - **t** – number of seconds to wait before killing the container - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Kill a container: -+#### [Kill a container](#id13) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/kill`{.descname} - : Kill the container `id` -@@ -355,11 +402,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Attach to a container: -+#### [Attach to a container](#id14) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/attach`{.descname} - : Attach to the container `id` -@@ -379,25 +426,25 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **logs** – 1/True/true or 0/False/false, return logs. Default -+ - **logs** – 1/True/true or 0/False/false, return logs. Default - false -- - **stream** – 1/True/true or 0/False/false, return stream. -+ - **stream** – 1/True/true or 0/False/false, return stream. - Default false -- - **stdin** – 1/True/true or 0/False/false, if stream=true, attach -+ - **stdin** – 1/True/true or 0/False/false, if stream=true, attach - to stdin. Default false -- - **stdout** – 1/True/true or 0/False/false, if logs=true, return -+ - **stdout** – 1/True/true or 0/False/false, if logs=true, return - stdout log, if stream=true, attach to stdout. Default false -- - **stderr** – 1/True/true or 0/False/false, if logs=true, return -+ - **stderr** – 1/True/true or 0/False/false, if logs=true, return - stderr log, if stream=true, attach to stderr. Default false - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **404** – no such container -+ - **500** – server error - --### Wait a container: -+#### [Wait a container](#id15) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/wait`{.descname} - : Block until container `id` stops, then returns -@@ -416,11 +463,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Remove a container: -+#### [Remove a container](#id16) - - `DELETE `{.descname}`/containers/`{.descname}(*id*) - : Remove the container `id` from the filesystem -@@ -437,19 +484,19 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **v** – 1/True/true or 0/False/false, Remove the volumes -+ - **v** – 1/True/true or 0/False/false, Remove the volumes - associated to the container. Default false - - Status Codes: - -- - **204** – no error -- - **400** – bad parameter -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **400** – bad parameter -+ - **404** – no such container -+ - **500** – server error - --## Images -+### [2.2 Images](#id17) - --### List images: -+#### [List Images](#id18) - - `GET `{.descname}`/images/`{.descname}(*format*) - : List images `format` could be json or viz (json -@@ -514,16 +561,16 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **all** – 1/True/true or 0/False/false, Show all containers. -+ - **all** – 1/True/true or 0/False/false, Show all containers. - Only running containers are shown by default - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **500** – server error - --### Create an image: -+#### [Create an image](#id19) - - `POST `{.descname}`/images/create`{.descname} - : Create an image, either by pull it from the registry or by importing -@@ -547,18 +594,18 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **fromImage** – name of the image to pull -- - **fromSrc** – source to import, - means stdin -- - **repo** – repository -- - **tag** – tag -- - **registry** – the registry to pull from -+ - **fromImage** – name of the image to pull -+ - **fromSrc** – source to import, - means stdin -+ - **repo** – repository -+ - **tag** – tag -+ - **registry** – the registry to pull from - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Insert a file in an image: -+#### [Insert a file in an image](#id20) - - `POST `{.descname}`/images/`{.descname}(*name*)`/insert`{.descname} - : Insert a file from `url` in the image -@@ -580,10 +627,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Inspect an image: -+#### [Inspect an image](#id21) - - `GET `{.descname}`/images/`{.descname}(*name*)`/json`{.descname} - : Return low-level information on the image `name` -@@ -627,11 +674,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Get the history of an image: -+#### [Get the history of an image](#id22) - - `GET `{.descname}`/images/`{.descname}(*name*)`/history`{.descname} - : Return the history of the image `name` -@@ -661,11 +708,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Push an image on the registry: -+#### [Push an image on the registry](#id23) - - `POST `{.descname}`/images/`{.descname}(*name*)`/push`{.descname} - : Push the image `name` on the registry -@@ -689,15 +736,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **registry** – the registry you wan to push, optional -+ - **registry** – the registry you wan to push, optional - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Tag an image into a repository: -+#### [Tag an image into a repository](#id24) - - `POST `{.descname}`/images/`{.descname}(*name*)`/tag`{.descname} - : Tag the image `name` into a repository -@@ -714,18 +761,18 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **repo** – The repository to tag in -- - **force** – 1/True/true or 0/False/false, default false -+ - **repo** – The repository to tag in -+ - **force** – 1/True/true or 0/False/false, default false - - Status Codes: - -- - **201** – no error -- - **400** – bad parameter -- - **404** – no such image -- - **409** – conflict -- - **500** – server error -+ - **201** – no error -+ - **400** – bad parameter -+ - **404** – no such image -+ - **409** – conflict -+ - **500** – server error - --### Remove an image: -+#### [Remove an image](#id25) - - `DELETE `{.descname}`/images/`{.descname}(*name*) - : Remove the image `name` from the filesystem -@@ -747,12 +794,12 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **204** – no error -- - **404** – no such image -- - **409** – conflict -- - **500** – server error -+ - **204** – no error -+ - **404** – no such image -+ - **409** – conflict -+ - **500** – server error - --### Search images: -+#### [Search images](#id26) - - `GET `{.descname}`/images/search`{.descname} - : Search for an image in the docker index -@@ -785,9 +832,9 @@ page_keywords: API, Docker, rcli, REST, documentation - :statuscode 200: no error - :statuscode 500: server error - --## Misc -+### [2.3 Misc](#id27) - --### Build an image from Dockerfile via stdin: -+#### [Build an image from Dockerfile via stdin](#id28) - - `POST `{.descname}`/build`{.descname} - : Build an image from Dockerfile -@@ -808,19 +855,19 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – repository name to be applied to the resulting image in -+ - **t** – repository name to be applied to the resulting image in - case of success -- - **remote** – resource to fetch, as URI -+ - **remote** – resource to fetch, as URI - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - - {{ STREAM }} is the raw text output of the build command. It uses the - HTTP Hijack method in order to stream. - --### Check auth configuration: -+#### [Check auth configuration](#id29) - - `POST `{.descname}`/auth`{.descname} - : Get the default username and email -@@ -847,13 +894,13 @@ HTTP Hijack method in order to stream. - - Status Codes: - -- - **200** – no error -- - **204** – no error -- - **401** – unauthorized -- - **403** – forbidden -- - **500** – server error -+ - **200** – no error -+ - **204** – no error -+ - **401** – unauthorized -+ - **403** – forbidden -+ - **500** – server error - --### Display system-wide information: -+#### [Display system-wide information](#id30) - - `GET `{.descname}`/info`{.descname} - : Display system-wide information -@@ -879,10 +926,10 @@ HTTP Hijack method in order to stream. - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Show the docker version information: -+#### [Show the docker version information](#id31) - - `GET `{.descname}`/version`{.descname} - : Show the docker version information -@@ -904,10 +951,10 @@ HTTP Hijack method in order to stream. - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Create a new image from a container’s changes: -+#### [Create a new image from a container’s changes](#id32) - - `POST `{.descname}`/commit`{.descname} - : Create a new image from a container’s changes -@@ -933,49 +980,49 @@ HTTP Hijack method in order to stream. - -   - -- - **container** – source container -- - **repo** – repository -- - **tag** – tag -- - **m** – commit message -- - **author** – author (eg. “John Hannibal Smith -+ - **container** – source container -+ - **repo** – repository -+ - **tag** – tag -+ - **m** – commit message -+ - **author** – author (eg. “John Hannibal Smith - \<[hannibal@a-team.com](mailto:hannibal%40a-team.com)\>”) - - Status Codes: - -- - **201** – no error -- - **404** – no such container -- - **500** – server error -+ - **201** – no error -+ - **404** – no such container -+ - **500** – server error - --## Going Further -+## [3. Going further](#id33) - --### Inside ‘docker run’ -+### [3.1 Inside ‘docker run’](#id34) - - Here are the steps of ‘docker run’ : - --- Create the container -+- Create the container - --- If the status code is 404, it means the image doesn’t exists: -- : - Try to pull it -- - Then retry to create the container -+- If the status code is 404, it means the image doesn’t exists: -+ : - Try to pull it -+ - Then retry to create the container - --- Start the container -+- Start the container - --- If you are not in detached mode: -- : - Attach to the container, using logs=1 (to have stdout and -+- If you are not in detached mode: -+ : - Attach to the container, using logs=1 (to have stdout and - stderr from the container’s start) and stream=1 - --- If in detached mode or only stdin is attached: -- : - Display the container’s id -+- If in detached mode or only stdin is attached: -+ : - Display the container’s id - --### Hijacking -+### [3.2 Hijacking](#id35) - - In this version of the API, /attach, uses hijacking to transport stdin, - stdout and stderr on the same socket. This might change in the future. - --### CORS Requests -+### [3.3 CORS Requests](#id36) - - To enable cross origin requests to the remote api add the flag --“-api-enable-cors” when running docker in daemon mode. -+“–api-enable-cors” when running docker in daemon mode. - - > docker -d -H=”[tcp://192.168.1.9:4243](tcp://192.168.1.9:4243)” --> -api-enable-cors -+> –api-enable-cors -diff --git a/docs/sources/reference/api/docker_remote_api_v1.3.md b/docs/sources/reference/api/docker_remote_api_v1.3.md -index 7e0e6bd..4203699 100644 ---- a/docs/sources/reference/api/docker_remote_api_v1.3.md -+++ b/docs/sources/reference/api/docker_remote_api_v1.3.md -@@ -2,74 +2,71 @@ page_title: Remote API v1.3 - page_description: API Documentation for Docker - page_keywords: API, Docker, rcli, REST, documentation - --# Docker Remote API v1.3 -+# [Docker Remote API v1.3](#id1) - - Table of Contents - --- [Docker Remote API v1.3](#docker-remote-api-v1-3) -- - [1. Brief introduction](#brief-introduction) -- - [2. Endpoints](#endpoints) -- - [2.1 Containers](#containers) -- - [List containers](#list-containers) -- - [Create a container](#create-a-container) -- - [Inspect a container](#inspect-a-container) -- - [List processes running inside a -+- [Docker Remote API v1.3](#docker-remote-api-v1-3) -+ - [1. Brief introduction](#brief-introduction) -+ - [2. Endpoints](#endpoints) -+ - [2.1 Containers](#containers) -+ - [List containers](#list-containers) -+ - [Create a container](#create-a-container) -+ - [Inspect a container](#inspect-a-container) -+ - [List processes running inside a - container](#list-processes-running-inside-a-container) -- - [Inspect changes on a container’s -+ - [Inspect changes on a container’s - filesystem](#inspect-changes-on-a-container-s-filesystem) -- - [Export a container](#export-a-container) -- - [Start a container](#start-a-container) -- - [Stop a container](#stop-a-container) -- - [Restart a container](#restart-a-container) -- - [Kill a container](#kill-a-container) -- - [Attach to a container](#attach-to-a-container) -- - [Wait a container](#wait-a-container) -- - [Remove a container](#remove-a-container) -- -- - [2.2 Images](#images) -- - [List Images](#list-images) -- - [Create an image](#create-an-image) -- - [Insert a file in an image](#insert-a-file-in-an-image) -- - [Inspect an image](#inspect-an-image) -- - [Get the history of an -+ - [Export a container](#export-a-container) -+ - [Start a container](#start-a-container) -+ - [Stop a container](#stop-a-container) -+ - [Restart a container](#restart-a-container) -+ - [Kill a container](#kill-a-container) -+ - [Attach to a container](#attach-to-a-container) -+ - [Wait a container](#wait-a-container) -+ - [Remove a container](#remove-a-container) -+ - [2.2 Images](#images) -+ - [List Images](#list-images) -+ - [Create an image](#create-an-image) -+ - [Insert a file in an image](#insert-a-file-in-an-image) -+ - [Inspect an image](#inspect-an-image) -+ - [Get the history of an - image](#get-the-history-of-an-image) -- - [Push an image on the -+ - [Push an image on the - registry](#push-an-image-on-the-registry) -- - [Tag an image into a -+ - [Tag an image into a - repository](#tag-an-image-into-a-repository) -- - [Remove an image](#remove-an-image) -- - [Search images](#search-images) -- -- - [2.3 Misc](#misc) -- - [Build an image from Dockerfile via -+ - [Remove an image](#remove-an-image) -+ - [Search images](#search-images) -+ - [2.3 Misc](#misc) -+ - [Build an image from Dockerfile via - stdin](#build-an-image-from-dockerfile-via-stdin) -- - [Check auth configuration](#check-auth-configuration) -- - [Display system-wide -+ - [Check auth configuration](#check-auth-configuration) -+ - [Display system-wide - information](#display-system-wide-information) -- - [Show the docker version -+ - [Show the docker version - information](#show-the-docker-version-information) -- - [Create a new image from a container’s -+ - [Create a new image from a container’s - changes](#create-a-new-image-from-a-container-s-changes) -- - [Monitor Docker’s events](#monitor-docker-s-events) -- -- - [3. Going further](#going-further) -- - [3.1 Inside ‘docker run’](#inside-docker-run) -- - [3.2 Hijacking](#hijacking) -- - [3.3 CORS Requests](#cors-requests) -+ - [Monitor Docker’s events](#monitor-docker-s-events) -+ - [3. Going further](#going-further) -+ - [3.1 Inside ‘docker run’](#inside-docker-run) -+ - [3.2 Hijacking](#hijacking) -+ - [3.3 CORS Requests](#cors-requests) - --## Introduction -+## [1. Brief introduction](#id2) - --- The Remote API is replacing rcli --- Default port in the docker daemon is 4243 --- The API tends to be REST, but for some complex commands, like attach -+- The Remote API is replacing rcli -+- Default port in the docker daemon is 4243 -+- The API tends to be REST, but for some complex commands, like attach - or pull, the HTTP connection is hijacked to transport stdout stdin - and stderr - --## Endpoints -+## [2. Endpoints](#id3) - --### Containers -+### [2.1 Containers](#id4) - --### List containers: -+#### [List containers](#id5) - - `GET `{.descname}`/containers/json`{.descname} - : List containers -@@ -130,24 +127,24 @@ Table of Contents - -   - -- - **all** – 1/True/true or 0/False/false, Show all containers. -+ - **all** – 1/True/true or 0/False/false, Show all containers. - Only running containers are shown by default -- - **limit** – Show `limit` last created -+ - **limit** – Show `limit` last created - containers, include non-running ones. -- - **since** – Show only containers created since Id, include -+ - **since** – Show only containers created since Id, include - non-running ones. -- - **before** – Show only containers created before Id, include -+ - **before** – Show only containers created before Id, include - non-running ones. -- - **size** – 1/True/true or 0/False/false, Show the containers -+ - **size** – 1/True/true or 0/False/false, Show the containers - sizes - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **500** – server error - --### Create a container: -+#### [Create a container](#id6) - - `POST `{.descname}`/containers/create`{.descname} - : Create a container -@@ -193,16 +190,16 @@ Table of Contents - -   - -- - **config** – the container’s configuration -+ - **config** – the container’s configuration - - Status Codes: - -- - **201** – no error -- - **404** – no such container -- - **406** – impossible to attach (container not running) -- - **500** – server error -+ - **201** – no error -+ - **404** – no such container -+ - **406** – impossible to attach (container not running) -+ - **500** – server error - --### Inspect a container: -+#### [Inspect a container](#id7) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/json`{.descname} - : Return low-level information on the container `id`{.docutils -@@ -265,11 +262,11 @@ Table of Contents - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### List processes running inside a container: -+#### [List processes running inside a container](#id8) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/top`{.descname} - : List processes running inside the container `id` -@@ -300,11 +297,11 @@ Table of Contents - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Inspect changes on a container’s filesystem: -+#### [Inspect changes on a container’s filesystem](#id9) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/changes`{.descname} - : Inspect changes on container `id` ‘s filesystem -@@ -335,11 +332,11 @@ Table of Contents - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Export a container: -+#### [Export a container](#id10) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/export`{.descname} - : Export the contents of container `id` -@@ -357,11 +354,11 @@ Table of Contents - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Start a container: -+#### [Start a container](#id11) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/start`{.descname} - : Start the container `id` -@@ -384,15 +381,15 @@ Table of Contents - -   - -- - **hostConfig** – the container’s host configuration (optional) -+ - **hostConfig** – the container’s host configuration (optional) - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Stop a container: -+#### [Stop a container](#id12) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/stop`{.descname} - : Stop the container `id` -@@ -409,15 +406,15 @@ Table of Contents - -   - -- - **t** – number of seconds to wait before killing the container -+ - **t** – number of seconds to wait before killing the container - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Restart a container: -+#### [Restart a container](#id13) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/restart`{.descname} - : Restart the container `id` -@@ -434,15 +431,15 @@ Table of Contents - -   - -- - **t** – number of seconds to wait before killing the container -+ - **t** – number of seconds to wait before killing the container - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Kill a container: -+#### [Kill a container](#id14) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/kill`{.descname} - : Kill the container `id` -@@ -457,11 +454,11 @@ Table of Contents - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Attach to a container: -+#### [Attach to a container](#id15) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/attach`{.descname} - : Attach to the container `id` -@@ -481,25 +478,25 @@ Table of Contents - -   - -- - **logs** – 1/True/true or 0/False/false, return logs. Default -+ - **logs** – 1/True/true or 0/False/false, return logs. Default - false -- - **stream** – 1/True/true or 0/False/false, return stream. -+ - **stream** – 1/True/true or 0/False/false, return stream. - Default false -- - **stdin** – 1/True/true or 0/False/false, if stream=true, attach -+ - **stdin** – 1/True/true or 0/False/false, if stream=true, attach - to stdin. Default false -- - **stdout** – 1/True/true or 0/False/false, if logs=true, return -+ - **stdout** – 1/True/true or 0/False/false, if logs=true, return - stdout log, if stream=true, attach to stdout. Default false -- - **stderr** – 1/True/true or 0/False/false, if logs=true, return -+ - **stderr** – 1/True/true or 0/False/false, if logs=true, return - stderr log, if stream=true, attach to stderr. Default false - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **404** – no such container -+ - **500** – server error - --### Wait a container: -+#### [Wait a container](#id16) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/wait`{.descname} - : Block until container `id` stops, then returns -@@ -518,11 +515,11 @@ Table of Contents - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Remove a container: -+#### [Remove a container](#id17) - - `DELETE `{.descname}`/containers/`{.descname}(*id*) - : Remove the container `id` from the filesystem -@@ -539,19 +536,19 @@ Table of Contents - -   - -- - **v** – 1/True/true or 0/False/false, Remove the volumes -+ - **v** – 1/True/true or 0/False/false, Remove the volumes - associated to the container. Default false - - Status Codes: - -- - **204** – no error -- - **400** – bad parameter -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **400** – bad parameter -+ - **404** – no such container -+ - **500** – server error - --## Images -+### [2.2 Images](#id18) - --### List images: -+#### [List Images](#id19) - - `GET `{.descname}`/images/`{.descname}(*format*) - : List images `format` could be json or viz (json -@@ -616,16 +613,16 @@ Table of Contents - -   - -- - **all** – 1/True/true or 0/False/false, Show all containers. -+ - **all** – 1/True/true or 0/False/false, Show all containers. - Only running containers are shown by default - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **500** – server error - --### Create an image: -+#### [Create an image](#id20) - - `POST `{.descname}`/images/create`{.descname} - : Create an image, either by pull it from the registry or by importing -@@ -649,18 +646,18 @@ Table of Contents - -   - -- - **fromImage** – name of the image to pull -- - **fromSrc** – source to import, - means stdin -- - **repo** – repository -- - **tag** – tag -- - **registry** – the registry to pull from -+ - **fromImage** – name of the image to pull -+ - **fromSrc** – source to import, - means stdin -+ - **repo** – repository -+ - **tag** – tag -+ - **registry** – the registry to pull from - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Insert a file in an image: -+#### [Insert a file in an image](#id21) - - `POST `{.descname}`/images/`{.descname}(*name*)`/insert`{.descname} - : Insert a file from `url` in the image -@@ -682,10 +679,10 @@ Table of Contents - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Inspect an image: -+#### [Inspect an image](#id22) - - `GET `{.descname}`/images/`{.descname}(*name*)`/json`{.descname} - : Return low-level information on the image `name` -@@ -729,11 +726,11 @@ Table of Contents - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Get the history of an image: -+#### [Get the history of an image](#id23) - - `GET `{.descname}`/images/`{.descname}(*name*)`/history`{.descname} - : Return the history of the image `name` -@@ -762,11 +759,11 @@ Table of Contents - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Push an image on the registry: -+#### [Push an image on the registry](#id24) - - `POST `{.descname}`/images/`{.descname}(*name*)`/push`{.descname} - : Push the image `name` on the registry -@@ -790,15 +787,15 @@ Table of Contents - -   - -- - **registry** – the registry you wan to push, optional -+ - **registry** – the registry you wan to push, optional - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Tag an image into a repository: -+#### [Tag an image into a repository](#id25) - - `POST `{.descname}`/images/`{.descname}(*name*)`/tag`{.descname} - : Tag the image `name` into a repository -@@ -815,18 +812,18 @@ Table of Contents - -   - -- - **repo** – The repository to tag in -- - **force** – 1/True/true or 0/False/false, default false -+ - **repo** – The repository to tag in -+ - **force** – 1/True/true or 0/False/false, default false - - Status Codes: - -- - **201** – no error -- - **400** – bad parameter -- - **404** – no such image -- - **409** – conflict -- - **500** – server error -+ - **201** – no error -+ - **400** – bad parameter -+ - **404** – no such image -+ - **409** – conflict -+ - **500** – server error - --### Remove an image: -+#### [Remove an image](#id26) - - `DELETE `{.descname}`/images/`{.descname}(*name*) - : Remove the image `name` from the filesystem -@@ -848,12 +845,12 @@ Table of Contents - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **409** – conflict -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **409** – conflict -+ - **500** – server error - --### Search images: -+#### [Search images](#id27) - - `GET `{.descname}`/images/search`{.descname} - : Search for an image in the docker index -@@ -886,9 +883,9 @@ Table of Contents - :statuscode 200: no error - :statuscode 500: server error - --## Misc -+### [2.3 Misc](#id28) - --### Build an image from Dockerfile via stdin: -+#### [Build an image from Dockerfile via stdin](#id29) - - `POST `{.descname}`/build`{.descname} - : Build an image from Dockerfile via stdin -@@ -917,16 +914,16 @@ Table of Contents - -   - -- - **t** – repository name (and optionally a tag) to be applied to -+ - **t** – repository name (and optionally a tag) to be applied to - the resulting image in case of success -- - **q** – suppress verbose build output -+ - **q** – suppress verbose build output - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Check auth configuration: -+#### [Check auth configuration](#id30) - - `POST `{.descname}`/auth`{.descname} - : Get the default username and email -@@ -948,11 +945,11 @@ Table of Contents - - Status Codes: - -- - **200** – no error -- - **204** – no error -- - **500** – server error -+ - **200** – no error -+ - **204** – no error -+ - **500** – server error - --### Display system-wide information: -+#### [Display system-wide information](#id31) - - `GET `{.descname}`/info`{.descname} - : Display system-wide information -@@ -981,10 +978,10 @@ Table of Contents - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Show the docker version information: -+#### [Show the docker version information](#id32) - - `GET `{.descname}`/version`{.descname} - : Show the docker version information -@@ -1006,10 +1003,10 @@ Table of Contents - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Create a new image from a container’s changes: -+#### [Create a new image from a container’s changes](#id33) - - `POST `{.descname}`/commit`{.descname} - : Create a new image from a container’s changes -@@ -1035,20 +1032,20 @@ Table of Contents - -   - -- - **container** – source container -- - **repo** – repository -- - **tag** – tag -- - **m** – commit message -- - **author** – author (eg. “John Hannibal Smith -+ - **container** – source container -+ - **repo** – repository -+ - **tag** – tag -+ - **m** – commit message -+ - **author** – author (eg. “John Hannibal Smith - \<[hannibal@a-team.com](mailto:hannibal%40a-team.com)\>”) - - Status Codes: - -- - **201** – no error -- - **404** – no such container -- - **500** – server error -+ - **201** – no error -+ - **404** – no such container -+ - **500** – server error - --### Monitor Docker’s events: -+#### [Monitor Docker’s events](#id34) - - `GET `{.descname}`/events`{.descname} - : Get events from docker, either in real time via streaming, or via -@@ -1072,42 +1069,42 @@ Table of Contents - -   - -- - **since** – timestamp used for polling -+ - **since** – timestamp used for polling - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --## Going Further -+## [3. Going further](#id35) - --### Inside ‘docker run’ -+### [3.1 Inside ‘docker run’](#id36) - - Here are the steps of ‘docker run’ : - --- Create the container -+- Create the container - --- If the status code is 404, it means the image doesn’t exists: -- : - Try to pull it -- - Then retry to create the container -+- If the status code is 404, it means the image doesn’t exists: -+ : - Try to pull it -+ - Then retry to create the container - --- Start the container -+- Start the container - --- If you are not in detached mode: -- : - Attach to the container, using logs=1 (to have stdout and -+- If you are not in detached mode: -+ : - Attach to the container, using logs=1 (to have stdout and - stderr from the container’s start) and stream=1 - --- If in detached mode or only stdin is attached: -- : - Display the container’s id -+- If in detached mode or only stdin is attached: -+ : - Display the container’s id - --### Hijacking -+### [3.2 Hijacking](#id37) - - In this version of the API, /attach, uses hijacking to transport stdin, - stdout and stderr on the same socket. This might change in the future. - --### CORS Requests -+### [3.3 CORS Requests](#id38) - - To enable cross origin requests to the remote api add the flag --“-api-enable-cors” when running docker in daemon mode. -+“–api-enable-cors” when running docker in daemon mode. - --> docker -d -H=”192.168.1.9:4243” -api-enable-cors -+> docker -d -H=”192.168.1.9:4243” –api-enable-cors -diff --git a/docs/sources/reference/api/docker_remote_api_v1.4.md b/docs/sources/reference/api/docker_remote_api_v1.4.md -index f665b1e..4eca2a6 100644 ---- a/docs/sources/reference/api/docker_remote_api_v1.4.md -+++ b/docs/sources/reference/api/docker_remote_api_v1.4.md -@@ -2,21 +2,73 @@ page_title: Remote API v1.4 - page_description: API Documentation for Docker - page_keywords: API, Docker, rcli, REST, documentation - --# Docker Remote API v1.4 -- --## Introduction -- --- The Remote API is replacing rcli --- Default port in the docker daemon is 4243 --- The API tends to be REST, but for some complex commands, like attach -+# [Docker Remote API v1.4](#id1) -+ -+Table of Contents -+ -+- [Docker Remote API v1.4](#docker-remote-api-v1-4) -+ - [1. Brief introduction](#brief-introduction) -+ - [2. Endpoints](#endpoints) -+ - [2.1 Containers](#containers) -+ - [List containers](#list-containers) -+ - [Create a container](#create-a-container) -+ - [Inspect a container](#inspect-a-container) -+ - [List processes running inside a -+ container](#list-processes-running-inside-a-container) -+ - [Inspect changes on a container’s -+ filesystem](#inspect-changes-on-a-container-s-filesystem) -+ - [Export a container](#export-a-container) -+ - [Start a container](#start-a-container) -+ - [Stop a container](#stop-a-container) -+ - [Restart a container](#restart-a-container) -+ - [Kill a container](#kill-a-container) -+ - [Attach to a container](#attach-to-a-container) -+ - [Wait a container](#wait-a-container) -+ - [Remove a container](#remove-a-container) -+ - [Copy files or folders from a -+ container](#copy-files-or-folders-from-a-container) -+ - [2.2 Images](#images) -+ - [List Images](#list-images) -+ - [Create an image](#create-an-image) -+ - [Insert a file in an image](#insert-a-file-in-an-image) -+ - [Inspect an image](#inspect-an-image) -+ - [Get the history of an -+ image](#get-the-history-of-an-image) -+ - [Push an image on the -+ registry](#push-an-image-on-the-registry) -+ - [Tag an image into a -+ repository](#tag-an-image-into-a-repository) -+ - [Remove an image](#remove-an-image) -+ - [Search images](#search-images) -+ - [2.3 Misc](#misc) -+ - [Build an image from Dockerfile via -+ stdin](#build-an-image-from-dockerfile-via-stdin) -+ - [Check auth configuration](#check-auth-configuration) -+ - [Display system-wide -+ information](#display-system-wide-information) -+ - [Show the docker version -+ information](#show-the-docker-version-information) -+ - [Create a new image from a container’s -+ changes](#create-a-new-image-from-a-container-s-changes) -+ - [Monitor Docker’s events](#monitor-docker-s-events) -+ - [3. Going further](#going-further) -+ - [3.1 Inside ‘docker run’](#inside-docker-run) -+ - [3.2 Hijacking](#hijacking) -+ - [3.3 CORS Requests](#cors-requests) -+ -+## [1. Brief introduction](#id2) -+ -+- The Remote API is replacing rcli -+- Default port in the docker daemon is 4243 -+- The API tends to be REST, but for some complex commands, like attach - or pull, the HTTP connection is hijacked to transport stdout stdin - and stderr - --## Endpoints -+## [2. Endpoints](#id3) - --### Containers -+### [2.1 Containers](#id4) - --### List containers: -+#### [List containers](#id5) - - `GET `{.descname}`/containers/json`{.descname} - : List containers -@@ -77,24 +129,24 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **all** – 1/True/true or 0/False/false, Show all containers. -+ - **all** – 1/True/true or 0/False/false, Show all containers. - Only running containers are shown by default -- - **limit** – Show `limit` last created -+ - **limit** – Show `limit` last created - containers, include non-running ones. -- - **since** – Show only containers created since Id, include -+ - **since** – Show only containers created since Id, include - non-running ones. -- - **before** – Show only containers created before Id, include -+ - **before** – Show only containers created before Id, include - non-running ones. -- - **size** – 1/True/true or 0/False/false, Show the containers -+ - **size** – 1/True/true or 0/False/false, Show the containers - sizes - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **500** – server error - --### Create a container: -+#### [Create a container](#id6) - - `POST `{.descname}`/containers/create`{.descname} - : Create a container -@@ -143,16 +195,16 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **config** – the container’s configuration -+ - **config** – the container’s configuration - - Status Codes: - -- - **201** – no error -- - **404** – no such container -- - **406** – impossible to attach (container not running) -- - **500** – server error -+ - **201** – no error -+ - **404** – no such container -+ - **406** – impossible to attach (container not running) -+ - **500** – server error - --### Inspect a container: -+#### [Inspect a container](#id7) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/json`{.descname} - : Return low-level information on the container `id`{.docutils -@@ -217,12 +269,12 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **409** – conflict between containers and images -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **409** – conflict between containers and images -+ - **500** – server error - --### List processes running inside a container: -+#### [List processes running inside a container](#id8) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/top`{.descname} - : List processes running inside the container `id` -@@ -260,15 +312,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **ps\_args** – ps arguments to use (eg. aux) -+ - **ps\_args** – ps arguments to use (eg. aux) - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Inspect changes on a container’s filesystem: -+#### [Inspect changes on a container’s filesystem](#id9) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/changes`{.descname} - : Inspect changes on container `id` ‘s filesystem -@@ -299,11 +351,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Export a container: -+#### [Export a container](#id10) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/export`{.descname} - : Export the contents of container `id` -@@ -321,11 +373,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Start a container: -+#### [Start a container](#id11) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/start`{.descname} - : Start the container `id` -@@ -349,15 +401,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **hostConfig** – the container’s host configuration (optional) -+ - **hostConfig** – the container’s host configuration (optional) - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Stop a container: -+#### [Stop a container](#id12) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/stop`{.descname} - : Stop the container `id` -@@ -374,15 +426,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – number of seconds to wait before killing the container -+ - **t** – number of seconds to wait before killing the container - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Restart a container: -+#### [Restart a container](#id13) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/restart`{.descname} - : Restart the container `id` -@@ -399,15 +451,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – number of seconds to wait before killing the container -+ - **t** – number of seconds to wait before killing the container - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Kill a container: -+#### [Kill a container](#id14) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/kill`{.descname} - : Kill the container `id` -@@ -422,11 +474,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Attach to a container: -+#### [Attach to a container](#id15) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/attach`{.descname} - : Attach to the container `id` -@@ -446,25 +498,25 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **logs** – 1/True/true or 0/False/false, return logs. Default -+ - **logs** – 1/True/true or 0/False/false, return logs. Default - false -- - **stream** – 1/True/true or 0/False/false, return stream. -+ - **stream** – 1/True/true or 0/False/false, return stream. - Default false -- - **stdin** – 1/True/true or 0/False/false, if stream=true, attach -+ - **stdin** – 1/True/true or 0/False/false, if stream=true, attach - to stdin. Default false -- - **stdout** – 1/True/true or 0/False/false, if logs=true, return -+ - **stdout** – 1/True/true or 0/False/false, if logs=true, return - stdout log, if stream=true, attach to stdout. Default false -- - **stderr** – 1/True/true or 0/False/false, if logs=true, return -+ - **stderr** – 1/True/true or 0/False/false, if logs=true, return - stderr log, if stream=true, attach to stderr. Default false - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **404** – no such container -+ - **500** – server error - --### Wait a container: -+#### [Wait a container](#id16) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/wait`{.descname} - : Block until container `id` stops, then returns -@@ -483,11 +535,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Remove a container: -+#### [Remove a container](#id17) - - `DELETE `{.descname}`/containers/`{.descname}(*id*) - : Remove the container `id` from the filesystem -@@ -504,17 +556,17 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **v** – 1/True/true or 0/False/false, Remove the volumes -+ - **v** – 1/True/true or 0/False/false, Remove the volumes - associated to the container. Default false - - Status Codes: - -- - **204** – no error -- - **400** – bad parameter -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **400** – bad parameter -+ - **404** – no such container -+ - **500** – server error - --### Copy files or folders from a container: -+#### [Copy files or folders from a container](#id18) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/copy`{.descname} - : Copy files or folders of container `id` -@@ -537,13 +589,13 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --## Images -+### [2.2 Images](#id19) - --### List images: -+#### [List Images](#id20) - - `GET `{.descname}`/images/`{.descname}(*format*) - : List images `format` could be json or viz (json -@@ -608,16 +660,16 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **all** – 1/True/true or 0/False/false, Show all containers. -+ - **all** – 1/True/true or 0/False/false, Show all containers. - Only running containers are shown by default - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **500** – server error - --### Create an image: -+#### [Create an image](#id21) - - `POST `{.descname}`/images/create`{.descname} - : Create an image, either by pull it from the registry or by importing -@@ -641,18 +693,18 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **fromImage** – name of the image to pull -- - **fromSrc** – source to import, - means stdin -- - **repo** – repository -- - **tag** – tag -- - **registry** – the registry to pull from -+ - **fromImage** – name of the image to pull -+ - **fromSrc** – source to import, - means stdin -+ - **repo** – repository -+ - **tag** – tag -+ - **registry** – the registry to pull from - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Insert a file in an image: -+#### [Insert a file in an image](#id22) - - `POST `{.descname}`/images/`{.descname}(*name*)`/insert`{.descname} - : Insert a file from `url` in the image -@@ -674,10 +726,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Inspect an image: -+#### [Inspect an image](#id23) - - `GET `{.descname}`/images/`{.descname}(*name*)`/json`{.descname} - : Return low-level information on the image `name` -@@ -722,12 +774,12 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **409** – conflict between containers and images -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **409** – conflict between containers and images -+ - **500** – server error - --### Get the history of an image: -+#### [Get the history of an image](#id24) - - `GET `{.descname}`/images/`{.descname}(*name*)`/history`{.descname} - : Return the history of the image `name` -@@ -756,11 +808,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Push an image on the registry: -+#### [Push an image on the registry](#id25) - - `POST `{.descname}`/images/`{.descname}(*name*)`/push`{.descname} - : Push the image `name` on the registry -@@ -782,14 +834,14 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **registry** – the registry you wan to push, optional -+ - **registry** – the registry you wan to push, optional - - Status Codes: - -- - **200** – no error :statuscode 404: no such image :statuscode -+ - **200** – no error :statuscode 404: no such image :statuscode - 500: server error - --### Tag an image into a repository: -+#### [Tag an image into a repository](#id26) - - `POST `{.descname}`/images/`{.descname}(*name*)`/tag`{.descname} - : Tag the image `name` into a repository -@@ -806,18 +858,18 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **repo** – The repository to tag in -- - **force** – 1/True/true or 0/False/false, default false -+ - **repo** – The repository to tag in -+ - **force** – 1/True/true or 0/False/false, default false - - Status Codes: - -- - **201** – no error -- - **400** – bad parameter -- - **404** – no such image -- - **409** – conflict -- - **500** – server error -+ - **201** – no error -+ - **400** – bad parameter -+ - **404** – no such image -+ - **409** – conflict -+ - **500** – server error - --### Remove an image: -+#### [Remove an image](#id27) - - `DELETE `{.descname}`/images/`{.descname}(*name*) - : Remove the image `name` from the filesystem -@@ -839,12 +891,12 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **409** – conflict -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **409** – conflict -+ - **500** – server error - --### Search images: -+#### [Search images](#id28) - - `GET `{.descname}`/images/search`{.descname} - : Search for an image in the docker index -@@ -877,9 +929,9 @@ page_keywords: API, Docker, rcli, REST, documentation - :statuscode 200: no error - :statuscode 500: server error - --## Misc -+### [2.3 Misc](#id29) - --### Build an image from Dockerfile via stdin: -+#### [Build an image from Dockerfile via stdin](#id30) - - `POST `{.descname}`/build`{.descname} - : Build an image from Dockerfile via stdin -@@ -908,17 +960,17 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – repository name (and optionally a tag) to be applied to -+ - **t** – repository name (and optionally a tag) to be applied to - the resulting image in case of success -- - **q** – suppress verbose build output -- - **nocache** – do not use the cache when building the image -+ - **q** – suppress verbose build output -+ - **nocache** – do not use the cache when building the image - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Check auth configuration: -+#### [Check auth configuration](#id31) - - `POST `{.descname}`/auth`{.descname} - : Get the default username and email -@@ -941,11 +993,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **204** – no error -- - **500** – server error -+ - **200** – no error -+ - **204** – no error -+ - **500** – server error - --### Display system-wide information: -+#### [Display system-wide information](#id32) - - `GET `{.descname}`/info`{.descname} - : Display system-wide information -@@ -972,10 +1024,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Show the docker version information: -+#### [Show the docker version information](#id33) - - `GET `{.descname}`/version`{.descname} - : Show the docker version information -@@ -997,10 +1049,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Create a new image from a container’s changes: -+#### [Create a new image from a container’s changes](#id34) - - `POST `{.descname}`/commit`{.descname} - : Create a new image from a container’s changes -@@ -1026,20 +1078,20 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **container** – source container -- - **repo** – repository -- - **tag** – tag -- - **m** – commit message -- - **author** – author (eg. “John Hannibal Smith -+ - **container** – source container -+ - **repo** – repository -+ - **tag** – tag -+ - **m** – commit message -+ - **author** – author (eg. “John Hannibal Smith - \<[hannibal@a-team.com](mailto:hannibal%40a-team.com)\>”) - - Status Codes: - -- - **201** – no error -- - **404** – no such container -- - **500** – server error -+ - **201** – no error -+ - **404** – no such container -+ - **500** – server error - --### Monitor Docker’s events: -+#### [Monitor Docker’s events](#id35) - - `GET `{.descname}`/events`{.descname} - : Get events from docker, either in real time via streaming, or via -@@ -1063,42 +1115,42 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **since** – timestamp used for polling -+ - **since** – timestamp used for polling - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --## Going Further -+## [3. Going further](#id36) - --### Inside ‘docker run’ -+### [3.1 Inside ‘docker run’](#id37) - - Here are the steps of ‘docker run’ : - --- Create the container -+- Create the container - --- If the status code is 404, it means the image doesn’t exists: -- : - Try to pull it -- - Then retry to create the container -+- If the status code is 404, it means the image doesn’t exists: -+ : - Try to pull it -+ - Then retry to create the container - --- Start the container -+- Start the container - --- If you are not in detached mode: -- : - Attach to the container, using logs=1 (to have stdout and -+- If you are not in detached mode: -+ : - Attach to the container, using logs=1 (to have stdout and - stderr from the container’s start) and stream=1 - --- If in detached mode or only stdin is attached: -- : - Display the container’s id -+- If in detached mode or only stdin is attached: -+ : - Display the container’s id - --### Hijacking -+### [3.2 Hijacking](#id38) - - In this version of the API, /attach, uses hijacking to transport stdin, - stdout and stderr on the same socket. This might change in the future. - --### CORS Requests -+### [3.3 CORS Requests](#id39) - - To enable cross origin requests to the remote api add the flag --“-api-enable-cors” when running docker in daemon mode. -+“–api-enable-cors” when running docker in daemon mode. - -- docker -d -H="192.168.1.9:4243" -api-enable-cors -+ docker -d -H="192.168.1.9:4243" --api-enable-cors -diff --git a/docs/sources/reference/api/docker_remote_api_v1.5.md b/docs/sources/reference/api/docker_remote_api_v1.5.md -index d9c3542..ff11cd1 100644 ---- a/docs/sources/reference/api/docker_remote_api_v1.5.md -+++ b/docs/sources/reference/api/docker_remote_api_v1.5.md -@@ -2,21 +2,73 @@ page_title: Remote API v1.5 - page_description: API Documentation for Docker - page_keywords: API, Docker, rcli, REST, documentation - --# Docker Remote API v1.5 -- --## Introduction -- --- The Remote API is replacing rcli --- Default port in the docker daemon is 4243 --- The API tends to be REST, but for some complex commands, like attach -+# [Docker Remote API v1.5](#id1) -+ -+Table of Contents -+ -+- [Docker Remote API v1.5](#docker-remote-api-v1-5) -+ - [1. Brief introduction](#brief-introduction) -+ - [2. Endpoints](#endpoints) -+ - [2.1 Containers](#containers) -+ - [List containers](#list-containers) -+ - [Create a container](#create-a-container) -+ - [Inspect a container](#inspect-a-container) -+ - [List processes running inside a -+ container](#list-processes-running-inside-a-container) -+ - [Inspect changes on a container’s -+ filesystem](#inspect-changes-on-a-container-s-filesystem) -+ - [Export a container](#export-a-container) -+ - [Start a container](#start-a-container) -+ - [Stop a container](#stop-a-container) -+ - [Restart a container](#restart-a-container) -+ - [Kill a container](#kill-a-container) -+ - [Attach to a container](#attach-to-a-container) -+ - [Wait a container](#wait-a-container) -+ - [Remove a container](#remove-a-container) -+ - [Copy files or folders from a -+ container](#copy-files-or-folders-from-a-container) -+ - [2.2 Images](#images) -+ - [List Images](#list-images) -+ - [Create an image](#create-an-image) -+ - [Insert a file in an image](#insert-a-file-in-an-image) -+ - [Inspect an image](#inspect-an-image) -+ - [Get the history of an -+ image](#get-the-history-of-an-image) -+ - [Push an image on the -+ registry](#push-an-image-on-the-registry) -+ - [Tag an image into a -+ repository](#tag-an-image-into-a-repository) -+ - [Remove an image](#remove-an-image) -+ - [Search images](#search-images) -+ - [2.3 Misc](#misc) -+ - [Build an image from Dockerfile via -+ stdin](#build-an-image-from-dockerfile-via-stdin) -+ - [Check auth configuration](#check-auth-configuration) -+ - [Display system-wide -+ information](#display-system-wide-information) -+ - [Show the docker version -+ information](#show-the-docker-version-information) -+ - [Create a new image from a container’s -+ changes](#create-a-new-image-from-a-container-s-changes) -+ - [Monitor Docker’s events](#monitor-docker-s-events) -+ - [3. Going further](#going-further) -+ - [3.1 Inside ‘docker run’](#inside-docker-run) -+ - [3.2 Hijacking](#hijacking) -+ - [3.3 CORS Requests](#cors-requests) -+ -+## [1. Brief introduction](#id2) -+ -+- The Remote API is replacing rcli -+- Default port in the docker daemon is 4243 -+- The API tends to be REST, but for some complex commands, like attach - or pull, the HTTP connection is hijacked to transport stdout stdin - and stderr - --## Endpoints -+## [2. Endpoints](#id3) - --### Containers -+### [2.1 Containers](#id4) - --### List containers: -+#### [List containers](#id5) - - `GET `{.descname}`/containers/json`{.descname} - : List containers -@@ -77,24 +129,24 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **all** – 1/True/true or 0/False/false, Show all containers. -+ - **all** – 1/True/true or 0/False/false, Show all containers. - Only running containers are shown by default -- - **limit** – Show `limit` last created -+ - **limit** – Show `limit` last created - containers, include non-running ones. -- - **since** – Show only containers created since Id, include -+ - **since** – Show only containers created since Id, include - non-running ones. -- - **before** – Show only containers created before Id, include -+ - **before** – Show only containers created before Id, include - non-running ones. -- - **size** – 1/True/true or 0/False/false, Show the containers -+ - **size** – 1/True/true or 0/False/false, Show the containers - sizes - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **500** – server error - --### Create a container: -+#### [Create a container](#id6) - - `POST `{.descname}`/containers/create`{.descname} - : Create a container -@@ -142,16 +194,16 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **config** – the container’s configuration -+ - **config** – the container’s configuration - - Status Codes: - -- - **201** – no error -- - **404** – no such container -- - **406** – impossible to attach (container not running) -- - **500** – server error -+ - **201** – no error -+ - **404** – no such container -+ - **406** – impossible to attach (container not running) -+ - **500** – server error - --### Inspect a container: -+#### [Inspect a container](#id7) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/json`{.descname} - : Return low-level information on the container `id`{.docutils -@@ -215,11 +267,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### List processes running inside a container: -+#### [List processes running inside a container](#id8) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/top`{.descname} - : List processes running inside the container `id` -@@ -257,15 +309,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **ps\_args** – ps arguments to use (eg. aux) -+ - **ps\_args** – ps arguments to use (eg. aux) - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Inspect changes on a container’s filesystem: -+#### [Inspect changes on a container’s filesystem](#id9) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/changes`{.descname} - : Inspect changes on container `id` ‘s filesystem -@@ -296,11 +348,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Export a container: -+#### [Export a container](#id10) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/export`{.descname} - : Export the contents of container `id` -@@ -318,11 +370,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Start a container: -+#### [Start a container](#id11) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/start`{.descname} - : Start the container `id` -@@ -346,15 +398,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **hostConfig** – the container’s host configuration (optional) -+ - **hostConfig** – the container’s host configuration (optional) - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Stop a container: -+#### [Stop a container](#id12) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/stop`{.descname} - : Stop the container `id` -@@ -371,15 +423,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – number of seconds to wait before killing the container -+ - **t** – number of seconds to wait before killing the container - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Restart a container: -+#### [Restart a container](#id13) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/restart`{.descname} - : Restart the container `id` -@@ -396,15 +448,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – number of seconds to wait before killing the container -+ - **t** – number of seconds to wait before killing the container - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Kill a container: -+#### [Kill a container](#id14) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/kill`{.descname} - : Kill the container `id` -@@ -419,11 +471,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Attach to a container: -+#### [Attach to a container](#id15) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/attach`{.descname} - : Attach to the container `id` -@@ -443,25 +495,25 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **logs** – 1/True/true or 0/False/false, return logs. Default -+ - **logs** – 1/True/true or 0/False/false, return logs. Default - false -- - **stream** – 1/True/true or 0/False/false, return stream. -+ - **stream** – 1/True/true or 0/False/false, return stream. - Default false -- - **stdin** – 1/True/true or 0/False/false, if stream=true, attach -+ - **stdin** – 1/True/true or 0/False/false, if stream=true, attach - to stdin. Default false -- - **stdout** – 1/True/true or 0/False/false, if logs=true, return -+ - **stdout** – 1/True/true or 0/False/false, if logs=true, return - stdout log, if stream=true, attach to stdout. Default false -- - **stderr** – 1/True/true or 0/False/false, if logs=true, return -+ - **stderr** – 1/True/true or 0/False/false, if logs=true, return - stderr log, if stream=true, attach to stderr. Default false - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **404** – no such container -+ - **500** – server error - --### Wait a container: -+#### [Wait a container](#id16) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/wait`{.descname} - : Block until container `id` stops, then returns -@@ -480,11 +532,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Remove a container: -+#### [Remove a container](#id17) - - `DELETE `{.descname}`/containers/`{.descname}(*id*) - : Remove the container `id` from the filesystem -@@ -501,17 +553,17 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **v** – 1/True/true or 0/False/false, Remove the volumes -+ - **v** – 1/True/true or 0/False/false, Remove the volumes - associated to the container. Default false - - Status Codes: - -- - **204** – no error -- - **400** – bad parameter -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **400** – bad parameter -+ - **404** – no such container -+ - **500** – server error - --### Copy files or folders from a container: -+#### [Copy files or folders from a container](#id18) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/copy`{.descname} - : Copy files or folders of container `id` -@@ -534,13 +586,13 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --## Images -+### [2.2 Images](#id19) - --### List images: -+#### [List Images](#id20) - - `GET `{.descname}`/images/`{.descname}(*format*) - : List images `format` could be json or viz (json -@@ -605,16 +657,16 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **all** – 1/True/true or 0/False/false, Show all containers. -+ - **all** – 1/True/true or 0/False/false, Show all containers. - Only running containers are shown by default - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **500** – server error - --### Create an image: -+#### [Create an image](#id21) - - `POST `{.descname}`/images/create`{.descname} - : Create an image, either by pull it from the registry or by importing -@@ -642,18 +694,18 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **fromImage** – name of the image to pull -- - **fromSrc** – source to import, - means stdin -- - **repo** – repository -- - **tag** – tag -- - **registry** – the registry to pull from -+ - **fromImage** – name of the image to pull -+ - **fromSrc** – source to import, - means stdin -+ - **repo** – repository -+ - **tag** – tag -+ - **registry** – the registry to pull from - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Insert a file in an image: -+#### [Insert a file in an image](#id22) - - `POST `{.descname}`/images/`{.descname}(*name*)`/insert`{.descname} - : Insert a file from `url` in the image -@@ -675,10 +727,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Inspect an image: -+#### [Inspect an image](#id23) - - `GET `{.descname}`/images/`{.descname}(*name*)`/json`{.descname} - : Return low-level information on the image `name` -@@ -723,11 +775,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Get the history of an image: -+#### [Get the history of an image](#id24) - - `GET `{.descname}`/images/`{.descname}(*name*)`/history`{.descname} - : Return the history of the image `name` -@@ -756,11 +808,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Push an image on the registry: -+#### [Push an image on the registry](#id25) - - `POST `{.descname}`/images/`{.descname}(*name*)`/push`{.descname} - : Push the image `name` on the registry -@@ -786,15 +838,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **registry** – the registry you wan to push, optional -+ - **registry** – the registry you wan to push, optional - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Tag an image into a repository: -+#### [Tag an image into a repository](#id26) - - `POST `{.descname}`/images/`{.descname}(*name*)`/tag`{.descname} - : Tag the image `name` into a repository -@@ -811,18 +863,18 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **repo** – The repository to tag in -- - **force** – 1/True/true or 0/False/false, default false -+ - **repo** – The repository to tag in -+ - **force** – 1/True/true or 0/False/false, default false - - Status Codes: - -- - **201** – no error -- - **400** – bad parameter -- - **404** – no such image -- - **409** – conflict -- - **500** – server error -+ - **201** – no error -+ - **400** – bad parameter -+ - **404** – no such image -+ - **409** – conflict -+ - **500** – server error - --### Remove an image: -+#### [Remove an image](#id27) - - `DELETE `{.descname}`/images/`{.descname}(*name*) - : Remove the image `name` from the filesystem -@@ -844,12 +896,12 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **409** – conflict -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **409** – conflict -+ - **500** – server error - --### Search images: -+#### [Search images](#id28) - - `GET `{.descname}`/images/search`{.descname} - : Search for an image in the docker index -@@ -882,16 +934,16 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **term** – term to search -+ - **term** – term to search - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --## Misc -+### [2.3 Misc](#id29) - --### Build an image from Dockerfile via stdin: -+#### [Build an image from Dockerfile via stdin](#id30) - - `POST `{.descname}`/build`{.descname} - : Build an image from Dockerfile via stdin -@@ -920,18 +972,18 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – repository name (and optionally a tag) to be applied to -+ - **t** – repository name (and optionally a tag) to be applied to - the resulting image in case of success -- - **q** – suppress verbose build output -- - **nocache** – do not use the cache when building the image -- - **rm** – remove intermediate containers after a successful build -+ - **q** – suppress verbose build output -+ - **nocache** – do not use the cache when building the image -+ - **rm** – remove intermediate containers after a successful build - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Check auth configuration: -+#### [Check auth configuration](#id31) - - `POST `{.descname}`/auth`{.descname} - : Get the default username and email -@@ -954,11 +1006,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **204** – no error -- - **500** – server error -+ - **200** – no error -+ - **204** – no error -+ - **500** – server error - --### Display system-wide information: -+#### [Display system-wide information](#id32) - - `GET `{.descname}`/info`{.descname} - : Display system-wide information -@@ -985,10 +1037,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Show the docker version information: -+#### [Show the docker version information](#id33) - - `GET `{.descname}`/version`{.descname} - : Show the docker version information -@@ -1010,10 +1062,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Create a new image from a container’s changes: -+#### [Create a new image from a container’s changes](#id34) - - `POST `{.descname}`/commit`{.descname} - : Create a new image from a container’s changes -@@ -1039,20 +1091,20 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **container** – source container -- - **repo** – repository -- - **tag** – tag -- - **m** – commit message -- - **author** – author (eg. “John Hannibal Smith -+ - **container** – source container -+ - **repo** – repository -+ - **tag** – tag -+ - **m** – commit message -+ - **author** – author (eg. “John Hannibal Smith - \<[hannibal@a-team.com](mailto:hannibal%40a-team.com)\>”) - - Status Codes: - -- - **201** – no error -- - **404** – no such container -- - **500** – server error -+ - **201** – no error -+ - **404** – no such container -+ - **500** – server error - --### Monitor Docker’s events: -+#### [Monitor Docker’s events](#id35) - - `GET `{.descname}`/events`{.descname} - : Get events from docker, either in real time via streaming, or via -@@ -1076,37 +1128,37 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **since** – timestamp used for polling -+ - **since** – timestamp used for polling - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --## Going Further -+## [3. Going further](#id36) - --### Inside ‘docker run’ -+### [3.1 Inside ‘docker run’](#id37) - - Here are the steps of ‘docker run’ : - --- Create the container --- If the status code is 404, it means the image doesn’t exists: \* Try -+- Create the container -+- If the status code is 404, it means the image doesn’t exists: \* Try - to pull it \* Then retry to create the container --- Start the container --- If you are not in detached mode: \* Attach to the container, using -+- Start the container -+- If you are not in detached mode: \* Attach to the container, using - logs=1 (to have stdout and stderr from the container’s start) and - stream=1 --- If in detached mode or only stdin is attached: \* Display the -+- If in detached mode or only stdin is attached: \* Display the - container’s id - --### Hijacking -+### [3.2 Hijacking](#id38) - - In this version of the API, /attach, uses hijacking to transport stdin, - stdout and stderr on the same socket. This might change in the future. - --### CORS Requests -+### [3.3 CORS Requests](#id39) - - To enable cross origin requests to the remote api add the flag --“-api-enable-cors” when running docker in daemon mode. -+“–api-enable-cors” when running docker in daemon mode. - -- docker -d -H="192.168.1.9:4243" -api-enable-cors -+ docker -d -H="192.168.1.9:4243" --api-enable-cors -diff --git a/docs/sources/reference/api/docker_remote_api_v1.6.md b/docs/sources/reference/api/docker_remote_api_v1.6.md -index 4455608..fd6a650 100644 ---- a/docs/sources/reference/api/docker_remote_api_v1.6.md -+++ b/docs/sources/reference/api/docker_remote_api_v1.6.md -@@ -2,24 +2,76 @@ page_title: Remote API v1.6 - page_description: API Documentation for Docker - page_keywords: API, Docker, rcli, REST, documentation - --# Docker Remote API v1.6 -- --## Introduction -- --- The Remote API has replaced rcli --- The daemon listens on `unix:///var/run/docker.sock`{.docutils -+# [Docker Remote API v1.6](#id1) -+ -+Table of Contents -+ -+- [Docker Remote API v1.6](#docker-remote-api-v1-6) -+ - [1. Brief introduction](#brief-introduction) -+ - [2. Endpoints](#endpoints) -+ - [2.1 Containers](#containers) -+ - [List containers](#list-containers) -+ - [Create a container](#create-a-container) -+ - [Inspect a container](#inspect-a-container) -+ - [List processes running inside a -+ container](#list-processes-running-inside-a-container) -+ - [Inspect changes on a container’s -+ filesystem](#inspect-changes-on-a-container-s-filesystem) -+ - [Export a container](#export-a-container) -+ - [Start a container](#start-a-container) -+ - [Stop a container](#stop-a-container) -+ - [Restart a container](#restart-a-container) -+ - [Kill a container](#kill-a-container) -+ - [Attach to a container](#attach-to-a-container) -+ - [Wait a container](#wait-a-container) -+ - [Remove a container](#remove-a-container) -+ - [Copy files or folders from a -+ container](#copy-files-or-folders-from-a-container) -+ - [2.2 Images](#images) -+ - [List Images](#list-images) -+ - [Create an image](#create-an-image) -+ - [Insert a file in an image](#insert-a-file-in-an-image) -+ - [Inspect an image](#inspect-an-image) -+ - [Get the history of an -+ image](#get-the-history-of-an-image) -+ - [Push an image on the -+ registry](#push-an-image-on-the-registry) -+ - [Tag an image into a -+ repository](#tag-an-image-into-a-repository) -+ - [Remove an image](#remove-an-image) -+ - [Search images](#search-images) -+ - [2.3 Misc](#misc) -+ - [Build an image from Dockerfile via -+ stdin](#build-an-image-from-dockerfile-via-stdin) -+ - [Check auth configuration](#check-auth-configuration) -+ - [Display system-wide -+ information](#display-system-wide-information) -+ - [Show the docker version -+ information](#show-the-docker-version-information) -+ - [Create a new image from a container’s -+ changes](#create-a-new-image-from-a-container-s-changes) -+ - [Monitor Docker’s events](#monitor-docker-s-events) -+ - [3. Going further](#going-further) -+ - [3.1 Inside ‘docker run’](#inside-docker-run) -+ - [3.2 Hijacking](#hijacking) -+ - [3.3 CORS Requests](#cors-requests) -+ -+## [1. Brief introduction](#id2) -+ -+- The Remote API has replaced rcli -+- The daemon listens on `unix:///var/run/docker.sock`{.docutils - .literal}, but you can [*Bind Docker to another host/port or a Unix - socket*](../../../use/basics/#bind-docker). --- The API tends to be REST, but for some complex commands, like -+- The API tends to be REST, but for some complex commands, like - `attach` or `pull`{.docutils .literal}, the HTTP - connection is hijacked to transport `stdout, stdin`{.docutils - .literal} and `stderr` - --## Endpoints -+## [2. Endpoints](#id3) - --### Containers -+### [2.1 Containers](#id4) - --### List containers: -+#### [List containers](#id5) - - `GET `{.descname}`/containers/json`{.descname} - : List containers -@@ -80,24 +132,24 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **all** – 1/True/true or 0/False/false, Show all containers. -+ - **all** – 1/True/true or 0/False/false, Show all containers. - Only running containers are shown by default -- - **limit** – Show `limit` last created -+ - **limit** – Show `limit` last created - containers, include non-running ones. -- - **since** – Show only containers created since Id, include -+ - **since** – Show only containers created since Id, include - non-running ones. -- - **before** – Show only containers created before Id, include -+ - **before** – Show only containers created before Id, include - non-running ones. -- - **size** – 1/True/true or 0/False/false, Show the containers -+ - **size** – 1/True/true or 0/False/false, Show the containers - sizes - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **500** – server error - --### Create a container: -+#### [Create a container](#id6) - - `POST `{.descname}`/containers/create`{.descname} - : Create a container -@@ -144,20 +196,20 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **config** – the container’s configuration -+ - **config** – the container’s configuration - - Query Parameters: - -   - -- - **name** – container name to use -+ - **name** – container name to use - - Status Codes: - -- - **201** – no error -- - **404** – no such container -- - **406** – impossible to attach (container not running) -- - **500** – server error -+ - **201** – no error -+ - **404** – no such container -+ - **406** – impossible to attach (container not running) -+ - **500** – server error - - **More Complex Example request, in 2 steps.** **First, use create to - expose a Private Port, which can be bound back to a Public Port at -@@ -202,7 +254,7 @@ page_keywords: API, Docker, rcli, REST, documentation - - **Now you can ssh into your new container on port 11022.** - --### Inspect a container: -+#### [Inspect a container](#id7) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/json`{.descname} - : Return low-level information on the container `id`{.docutils -@@ -267,11 +319,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### List processes running inside a container: -+#### [List processes running inside a container](#id8) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/top`{.descname} - : List processes running inside the container `id` -@@ -309,15 +361,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **ps\_args** – ps arguments to use (eg. aux) -+ - **ps\_args** – ps arguments to use (eg. aux) - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Inspect changes on a container’s filesystem: -+#### [Inspect changes on a container’s filesystem](#id9) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/changes`{.descname} - : Inspect changes on container `id` ‘s filesystem -@@ -348,11 +400,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Export a container: -+#### [Export a container](#id10) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/export`{.descname} - : Export the contents of container `id` -@@ -370,11 +422,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Start a container: -+#### [Start a container](#id11) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/start`{.descname} - : Start the container `id` -@@ -403,15 +455,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **hostConfig** – the container’s host configuration (optional) -+ - **hostConfig** – the container’s host configuration (optional) - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Stop a container: -+#### [Stop a container](#id12) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/stop`{.descname} - : Stop the container `id` -@@ -428,15 +480,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – number of seconds to wait before killing the container -+ - **t** – number of seconds to wait before killing the container - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Restart a container: -+#### [Restart a container](#id13) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/restart`{.descname} - : Restart the container `id` -@@ -453,15 +505,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – number of seconds to wait before killing the container -+ - **t** – number of seconds to wait before killing the container - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Kill a container: -+#### [Kill a container](#id14) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/kill`{.descname} - : Kill the container `id` -@@ -478,17 +530,17 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **signal** – Signal to send to the container (integer). When not -+ - **signal** – Signal to send to the container (integer). When not - set, SIGKILL is assumed and the call will waits for the - container to exit. - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Attach to a container: -+#### [Attach to a container](#id15) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/attach`{.descname} - : Attach to the container `id` -@@ -508,23 +560,23 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **logs** – 1/True/true or 0/False/false, return logs. Default -+ - **logs** – 1/True/true or 0/False/false, return logs. Default - false -- - **stream** – 1/True/true or 0/False/false, return stream. -+ - **stream** – 1/True/true or 0/False/false, return stream. - Default false -- - **stdin** – 1/True/true or 0/False/false, if stream=true, attach -+ - **stdin** – 1/True/true or 0/False/false, if stream=true, attach - to stdin. Default false -- - **stdout** – 1/True/true or 0/False/false, if logs=true, return -+ - **stdout** – 1/True/true or 0/False/false, if logs=true, return - stdout log, if stream=true, attach to stdout. Default false -- - **stderr** – 1/True/true or 0/False/false, if logs=true, return -+ - **stderr** – 1/True/true or 0/False/false, if logs=true, return - stderr log, if stream=true, attach to stderr. Default false - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **404** – no such container -+ - **500** – server error - - **Stream details**: - -@@ -549,9 +601,9 @@ page_keywords: API, Docker, rcli, REST, documentation - - `STREAM_TYPE` can be: - -- - 0: stdin (will be writen on stdout) -- - 1: stdout -- - 2: stderr -+ - 0: stdin (will be writen on stdout) -+ - 1: stdout -+ - 2: stderr - - `SIZE1, SIZE2, SIZE3, SIZE4` are the 4 bytes of - the uint32 size encoded as big endian. -@@ -570,7 +622,7 @@ page_keywords: API, Docker, rcli, REST, documentation - 4. Read the extracted size and output it on the correct output - 5. Goto 1) - --### Wait a container: -+#### [Wait a container](#id16) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/wait`{.descname} - : Block until container `id` stops, then returns -@@ -589,11 +641,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Remove a container: -+#### [Remove a container](#id17) - - `DELETE `{.descname}`/containers/`{.descname}(*id*) - : Remove the container `id` from the filesystem -@@ -610,17 +662,17 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **v** – 1/True/true or 0/False/false, Remove the volumes -+ - **v** – 1/True/true or 0/False/false, Remove the volumes - associated to the container. Default false - - Status Codes: - -- - **204** – no error -- - **400** – bad parameter -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **400** – bad parameter -+ - **404** – no such container -+ - **500** – server error - --### Copy files or folders from a container: -+#### [Copy files or folders from a container](#id18) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/copy`{.descname} - : Copy files or folders of container `id` -@@ -643,13 +695,13 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --## Images -+### [2.2 Images](#id19) - --### List images: -+#### [List Images](#id20) - - `GET `{.descname}`/images/`{.descname}(*format*) - : List images `format` could be json or viz (json -@@ -714,16 +766,16 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **all** – 1/True/true or 0/False/false, Show all containers. -+ - **all** – 1/True/true or 0/False/false, Show all containers. - Only running containers are shown by default - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **500** – server error - --### Create an image: -+#### [Create an image](#id21) - - `POST `{.descname}`/images/create`{.descname} - : Create an image, either by pull it from the registry or by importing -@@ -751,18 +803,18 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **fromImage** – name of the image to pull -- - **fromSrc** – source to import, - means stdin -- - **repo** – repository -- - **tag** – tag -- - **registry** – the registry to pull from -+ - **fromImage** – name of the image to pull -+ - **fromSrc** – source to import, - means stdin -+ - **repo** – repository -+ - **tag** – tag -+ - **registry** – the registry to pull from - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Insert a file in an image: -+#### [Insert a file in an image](#id22) - - `POST `{.descname}`/images/`{.descname}(*name*)`/insert`{.descname} - : Insert a file from `url` in the image -@@ -784,10 +836,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Inspect an image: -+#### [Inspect an image](#id23) - - `GET `{.descname}`/images/`{.descname}(*name*)`/json`{.descname} - : Return low-level information on the image `name` -@@ -832,11 +884,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Get the history of an image: -+#### [Get the history of an image](#id24) - - `GET `{.descname}`/images/`{.descname}(*name*)`/history`{.descname} - : Return the history of the image `name` -@@ -865,11 +917,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Push an image on the registry: -+#### [Push an image on the registry](#id25) - - `POST `{.descname}`/images/`{.descname}(*name*)`/push`{.descname} - : Push the image `name` on the registry -@@ -893,14 +945,14 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **registry** – the registry you wan to push, optional -+ - **registry** – the registry you wan to push, optional - - Status Codes: - -- - **200** – no error :statuscode 404: no such image :statuscode -+ - **200** – no error :statuscode 404: no such image :statuscode - 500: server error - --### Tag an image into a repository: -+#### [Tag an image into a repository](#id26) - - `POST `{.descname}`/images/`{.descname}(*name*)`/tag`{.descname} - : Tag the image `name` into a repository -@@ -917,18 +969,18 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **repo** – The repository to tag in -- - **force** – 1/True/true or 0/False/false, default false -+ - **repo** – The repository to tag in -+ - **force** – 1/True/true or 0/False/false, default false - - Status Codes: - -- - **201** – no error -- - **400** – bad parameter -- - **404** – no such image -- - **409** – conflict -- - **500** – server error -+ - **201** – no error -+ - **400** – bad parameter -+ - **404** – no such image -+ - **409** – conflict -+ - **500** – server error - --### Remove an image: -+#### [Remove an image](#id27) - - `DELETE `{.descname}`/images/`{.descname}(*name*) - : Remove the image `name` from the filesystem -@@ -950,12 +1002,12 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **409** – conflict -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **409** – conflict -+ - **500** – server error - --### Search images: -+#### [Search images](#id28) - - `GET `{.descname}`/images/search`{.descname} - : Search for an image in the docker index -@@ -988,9 +1040,9 @@ page_keywords: API, Docker, rcli, REST, documentation - :statuscode 200: no error - :statuscode 500: server error - --## Misc -+### [2.3 Misc](#id29) - --### Build an image from Dockerfile via stdin: -+#### [Build an image from Dockerfile via stdin](#id30) - - `POST `{.descname}`/build`{.descname} - : Build an image from Dockerfile via stdin -@@ -1019,17 +1071,17 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – repository name (and optionally a tag) to be applied to -+ - **t** – repository name (and optionally a tag) to be applied to - the resulting image in case of success -- - **q** – suppress verbose build output -- - **nocache** – do not use the cache when building the image -+ - **q** – suppress verbose build output -+ - **nocache** – do not use the cache when building the image - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Check auth configuration: -+#### [Check auth configuration](#id31) - - `POST `{.descname}`/auth`{.descname} - : Get the default username and email -@@ -1052,11 +1104,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **204** – no error -- - **500** – server error -+ - **200** – no error -+ - **204** – no error -+ - **500** – server error - --### Display system-wide information: -+#### [Display system-wide information](#id32) - - `GET `{.descname}`/info`{.descname} - : Display system-wide information -@@ -1083,10 +1135,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Show the docker version information: -+#### [Show the docker version information](#id33) - - `GET `{.descname}`/version`{.descname} - : Show the docker version information -@@ -1108,10 +1160,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Create a new image from a container’s changes: -+#### [Create a new image from a container’s changes](#id34) - - `POST `{.descname}`/commit`{.descname} - : Create a new image from a container’s changes -@@ -1137,20 +1189,20 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **container** – source container -- - **repo** – repository -- - **tag** – tag -- - **m** – commit message -- - **author** – author (eg. “John Hannibal Smith -+ - **container** – source container -+ - **repo** – repository -+ - **tag** – tag -+ - **m** – commit message -+ - **author** – author (eg. “John Hannibal Smith - \<[hannibal@a-team.com](mailto:hannibal%40a-team.com)\>”) - - Status Codes: - -- - **201** – no error -- - **404** – no such container -- - **500** – server error -+ - **201** – no error -+ - **404** – no such container -+ - **500** – server error - --### Monitor Docker’s events: -+#### [Monitor Docker’s events](#id35) - - `GET `{.descname}`/events`{.descname} - : Get events from docker, either in real time via streaming, or via -@@ -1174,42 +1226,42 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **since** – timestamp used for polling -+ - **since** – timestamp used for polling - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --## Going Further -+## [3. Going further](#id36) - --### Inside ‘docker run’ -+### [3.1 Inside ‘docker run’](#id37) - - Here are the steps of ‘docker run’ : - --- Create the container -+- Create the container - --- If the status code is 404, it means the image doesn’t exists: -- : - Try to pull it -- - Then retry to create the container -+- If the status code is 404, it means the image doesn’t exists: -+ : - Try to pull it -+ - Then retry to create the container - --- Start the container -+- Start the container - --- If you are not in detached mode: -- : - Attach to the container, using logs=1 (to have stdout and -+- If you are not in detached mode: -+ : - Attach to the container, using logs=1 (to have stdout and - stderr from the container’s start) and stream=1 - --- If in detached mode or only stdin is attached: -- : - Display the container’s id -+- If in detached mode or only stdin is attached: -+ : - Display the container’s id - --### Hijacking -+### [3.2 Hijacking](#id38) - - In this version of the API, /attach, uses hijacking to transport stdin, - stdout and stderr on the same socket. This might change in the future. - --### CORS Requests -+### [3.3 CORS Requests](#id39) - - To enable cross origin requests to the remote api add the flag --“-api-enable-cors” when running docker in daemon mode. -+“–api-enable-cors” when running docker in daemon mode. - -- docker -d -H="192.168.1.9:4243" -api-enable-cors -+ docker -d -H="192.168.1.9:4243" --api-enable-cors -diff --git a/docs/sources/reference/api/docker_remote_api_v1.7.md b/docs/sources/reference/api/docker_remote_api_v1.7.md -index 1d1bd27..0c8c962 100644 ---- a/docs/sources/reference/api/docker_remote_api_v1.7.md -+++ b/docs/sources/reference/api/docker_remote_api_v1.7.md -@@ -2,24 +2,80 @@ page_title: Remote API v1.7 - page_description: API Documentation for Docker - page_keywords: API, Docker, rcli, REST, documentation - --# Docker Remote API v1.7 -- --## Introduction -- --- The Remote API has replaced rcli --- The daemon listens on `unix:///var/run/docker.sock`{.docutils -+# [Docker Remote API v1.7](#id1) -+ -+Table of Contents -+ -+- [Docker Remote API v1.7](#docker-remote-api-v1-7) -+ - [1. Brief introduction](#brief-introduction) -+ - [2. Endpoints](#endpoints) -+ - [2.1 Containers](#containers) -+ - [List containers](#list-containers) -+ - [Create a container](#create-a-container) -+ - [Inspect a container](#inspect-a-container) -+ - [List processes running inside a -+ container](#list-processes-running-inside-a-container) -+ - [Inspect changes on a container’s -+ filesystem](#inspect-changes-on-a-container-s-filesystem) -+ - [Export a container](#export-a-container) -+ - [Start a container](#start-a-container) -+ - [Stop a container](#stop-a-container) -+ - [Restart a container](#restart-a-container) -+ - [Kill a container](#kill-a-container) -+ - [Attach to a container](#attach-to-a-container) -+ - [Wait a container](#wait-a-container) -+ - [Remove a container](#remove-a-container) -+ - [Copy files or folders from a -+ container](#copy-files-or-folders-from-a-container) -+ - [2.2 Images](#images) -+ - [List Images](#list-images) -+ - [Create an image](#create-an-image) -+ - [Insert a file in an image](#insert-a-file-in-an-image) -+ - [Inspect an image](#inspect-an-image) -+ - [Get the history of an -+ image](#get-the-history-of-an-image) -+ - [Push an image on the -+ registry](#push-an-image-on-the-registry) -+ - [Tag an image into a -+ repository](#tag-an-image-into-a-repository) -+ - [Remove an image](#remove-an-image) -+ - [Search images](#search-images) -+ - [2.3 Misc](#misc) -+ - [Build an image from Dockerfile via -+ stdin](#build-an-image-from-dockerfile-via-stdin) -+ - [Check auth configuration](#check-auth-configuration) -+ - [Display system-wide -+ information](#display-system-wide-information) -+ - [Show the docker version -+ information](#show-the-docker-version-information) -+ - [Create a new image from a container’s -+ changes](#create-a-new-image-from-a-container-s-changes) -+ - [Monitor Docker’s events](#monitor-docker-s-events) -+ - [Get a tarball containing all images and tags in a -+ repository](#get-a-tarball-containing-all-images-and-tags-in-a-repository) -+ - [Load a tarball with a set of images and tags into -+ docker](#load-a-tarball-with-a-set-of-images-and-tags-into-docker) -+ - [3. Going further](#going-further) -+ - [3.1 Inside ‘docker run’](#inside-docker-run) -+ - [3.2 Hijacking](#hijacking) -+ - [3.3 CORS Requests](#cors-requests) -+ -+## [1. Brief introduction](#id2) -+ -+- The Remote API has replaced rcli -+- The daemon listens on `unix:///var/run/docker.sock`{.docutils - .literal}, but you can [*Bind Docker to another host/port or a Unix - socket*](../../../use/basics/#bind-docker). --- The API tends to be REST, but for some complex commands, like -+- The API tends to be REST, but for some complex commands, like - `attach` or `pull`{.docutils .literal}, the HTTP - connection is hijacked to transport `stdout, stdin`{.docutils - .literal} and `stderr` - --## Endpoints -+## [2. Endpoints](#id3) - --### Containers -+### [2.1 Containers](#id4) - --### List containers: -+#### [List containers](#id5) - - `GET `{.descname}`/containers/json`{.descname} - : List containers -@@ -80,24 +136,24 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **all** – 1/True/true or 0/False/false, Show all containers. -+ - **all** – 1/True/true or 0/False/false, Show all containers. - Only running containers are shown by default -- - **limit** – Show `limit` last created -+ - **limit** – Show `limit` last created - containers, include non-running ones. -- - **since** – Show only containers created since Id, include -+ - **since** – Show only containers created since Id, include - non-running ones. -- - **before** – Show only containers created before Id, include -+ - **before** – Show only containers created before Id, include - non-running ones. -- - **size** – 1/True/true or 0/False/false, Show the containers -+ - **size** – 1/True/true or 0/False/false, Show the containers - sizes - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **500** – server error - --### Create a container: -+#### [Create a container](#id6) - - `POST `{.descname}`/containers/create`{.descname} - : Create a container -@@ -149,16 +205,16 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **config** – the container’s configuration -+ - **config** – the container’s configuration - - Status Codes: - -- - **201** – no error -- - **404** – no such container -- - **406** – impossible to attach (container not running) -- - **500** – server error -+ - **201** – no error -+ - **404** – no such container -+ - **406** – impossible to attach (container not running) -+ - **500** – server error - --### Inspect a container: -+#### [Inspect a container](#id7) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/json`{.descname} - : Return low-level information on the container `id`{.docutils -@@ -223,11 +279,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### List processes running inside a container: -+#### [List processes running inside a container](#id8) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/top`{.descname} - : List processes running inside the container `id` -@@ -265,15 +321,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **ps\_args** – ps arguments to use (eg. aux) -+ - **ps\_args** – ps arguments to use (eg. aux) - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Inspect changes on a container’s filesystem: -+#### [Inspect changes on a container’s filesystem](#id9) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/changes`{.descname} - : Inspect changes on container `id` ‘s filesystem -@@ -304,11 +360,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Export a container: -+#### [Export a container](#id10) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/export`{.descname} - : Export the contents of container `id` -@@ -326,11 +382,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Start a container: -+#### [Start a container](#id11) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/start`{.descname} - : Start the container `id` -@@ -360,15 +416,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **hostConfig** – the container’s host configuration (optional) -+ - **hostConfig** – the container’s host configuration (optional) - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Stop a container: -+#### [Stop a container](#id12) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/stop`{.descname} - : Stop the container `id` -@@ -385,15 +441,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – number of seconds to wait before killing the container -+ - **t** – number of seconds to wait before killing the container - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Restart a container: -+#### [Restart a container](#id13) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/restart`{.descname} - : Restart the container `id` -@@ -410,15 +466,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – number of seconds to wait before killing the container -+ - **t** – number of seconds to wait before killing the container - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Kill a container: -+#### [Kill a container](#id14) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/kill`{.descname} - : Kill the container `id` -@@ -433,11 +489,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Attach to a container: -+#### [Attach to a container](#id15) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/attach`{.descname} - : Attach to the container `id` -@@ -457,23 +513,23 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **logs** – 1/True/true or 0/False/false, return logs. Default -+ - **logs** – 1/True/true or 0/False/false, return logs. Default - false -- - **stream** – 1/True/true or 0/False/false, return stream. -+ - **stream** – 1/True/true or 0/False/false, return stream. - Default false -- - **stdin** – 1/True/true or 0/False/false, if stream=true, attach -+ - **stdin** – 1/True/true or 0/False/false, if stream=true, attach - to stdin. Default false -- - **stdout** – 1/True/true or 0/False/false, if logs=true, return -+ - **stdout** – 1/True/true or 0/False/false, if logs=true, return - stdout log, if stream=true, attach to stdout. Default false -- - **stderr** – 1/True/true or 0/False/false, if logs=true, return -+ - **stderr** – 1/True/true or 0/False/false, if logs=true, return - stderr log, if stream=true, attach to stderr. Default false - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **404** – no such container -+ - **500** – server error - - **Stream details**: - -@@ -498,9 +554,9 @@ page_keywords: API, Docker, rcli, REST, documentation - - `STREAM_TYPE` can be: - -- - 0: stdin (will be writen on stdout) -- - 1: stdout -- - 2: stderr -+ - 0: stdin (will be writen on stdout) -+ - 1: stdout -+ - 2: stderr - - `SIZE1, SIZE2, SIZE3, SIZE4` are the 4 bytes of - the uint32 size encoded as big endian. -@@ -519,7 +575,7 @@ page_keywords: API, Docker, rcli, REST, documentation - 4. Read the extracted size and output it on the correct output - 5. Goto 1) - --### Wait a container: -+#### [Wait a container](#id16) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/wait`{.descname} - : Block until container `id` stops, then returns -@@ -538,11 +594,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Remove a container: -+#### [Remove a container](#id17) - - `DELETE `{.descname}`/containers/`{.descname}(*id*) - : Remove the container `id` from the filesystem -@@ -559,17 +615,17 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **v** – 1/True/true or 0/False/false, Remove the volumes -+ - **v** – 1/True/true or 0/False/false, Remove the volumes - associated to the container. Default false - - Status Codes: - -- - **204** – no error -- - **400** – bad parameter -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **400** – bad parameter -+ - **404** – no such container -+ - **500** – server error - --### Copy files or folders from a container: -+#### [Copy files or folders from a container](#id18) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/copy`{.descname} - : Copy files or folders of container `id` -@@ -592,13 +648,13 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --## Images -+### [2.2 Images](#id19) - --### List images: -+#### [List Images](#id20) - - `GET `{.descname}`/images/json`{.descname} - : **Example request**: -@@ -635,7 +691,7 @@ page_keywords: API, Docker, rcli, REST, documentation - } - ] - --### Create an image: -+#### [Create an image](#id21) - - `POST `{.descname}`/images/create`{.descname} - : Create an image, either by pull it from the registry or by importing -@@ -663,24 +719,24 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **fromImage** – name of the image to pull -- - **fromSrc** – source to import, - means stdin -- - **repo** – repository -- - **tag** – tag -- - **registry** – the registry to pull from -+ - **fromImage** – name of the image to pull -+ - **fromSrc** – source to import, - means stdin -+ - **repo** – repository -+ - **tag** – tag -+ - **registry** – the registry to pull from - - Request Headers: - -   - -- - **X-Registry-Auth** – base64-encoded AuthConfig object -+ - **X-Registry-Auth** – base64-encoded AuthConfig object - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Insert a file in an image: -+#### [Insert a file in an image](#id22) - - `POST `{.descname}`/images/`{.descname}(*name*)`/insert`{.descname} - : Insert a file from `url` in the image -@@ -702,10 +758,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Inspect an image: -+#### [Inspect an image](#id23) - - `GET `{.descname}`/images/`{.descname}(*name*)`/json`{.descname} - : Return low-level information on the image `name` -@@ -750,11 +806,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Get the history of an image: -+#### [Get the history of an image](#id24) - - `GET `{.descname}`/images/`{.descname}(*name*)`/history`{.descname} - : Return the history of the image `name` -@@ -783,11 +839,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Push an image on the registry: -+#### [Push an image on the registry](#id25) - - `POST `{.descname}`/images/`{.descname}(*name*)`/push`{.descname} - : Push the image `name` on the registry -@@ -810,22 +866,22 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **registry** – the registry you wan to push, optional -+ - **registry** – the registry you wan to push, optional - - Request Headers: - -   - -- - **X-Registry-Auth** – include a base64-encoded AuthConfig -+ - **X-Registry-Auth** – include a base64-encoded AuthConfig - object. - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Tag an image into a repository: -+#### [Tag an image into a repository](#id26) - - `POST `{.descname}`/images/`{.descname}(*name*)`/tag`{.descname} - : Tag the image `name` into a repository -@@ -842,18 +898,18 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **repo** – The repository to tag in -- - **force** – 1/True/true or 0/False/false, default false -+ - **repo** – The repository to tag in -+ - **force** – 1/True/true or 0/False/false, default false - - Status Codes: - -- - **201** – no error -- - **400** – bad parameter -- - **404** – no such image -- - **409** – conflict -- - **500** – server error -+ - **201** – no error -+ - **400** – bad parameter -+ - **404** – no such image -+ - **409** – conflict -+ - **500** – server error - --### Remove an image: -+#### [Remove an image](#id27) - - `DELETE `{.descname}`/images/`{.descname}(*name*) - : Remove the image `name` from the filesystem -@@ -875,12 +931,12 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **409** – conflict -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **409** – conflict -+ - **500** – server error - --### Search images: -+#### [Search images](#id28) - - `GET `{.descname}`/images/search`{.descname} - : Search for an image in the docker index. -@@ -928,16 +984,16 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **term** – term to search -+ - **term** – term to search - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --## Misc -+### [2.3 Misc](#id29) - --### Build an image from Dockerfile via stdin: -+#### [Build an image from Dockerfile via stdin](#id30) - - `POST `{.descname}`/build`{.descname} - : Build an image from Dockerfile via stdin -@@ -967,24 +1023,24 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – repository name (and optionally a tag) to be applied to -+ - **t** – repository name (and optionally a tag) to be applied to - the resulting image in case of success -- - **q** – suppress verbose build output -- - **nocache** – do not use the cache when building the image -+ - **q** – suppress verbose build output -+ - **nocache** – do not use the cache when building the image - - Request Headers: - -   - -- - **Content-type** – should be set to -+ - **Content-type** – should be set to - `"application/tar"`. - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Check auth configuration: -+#### [Check auth configuration](#id31) - - `POST `{.descname}`/auth`{.descname} - : Get the default username and email -@@ -1007,11 +1063,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **204** – no error -- - **500** – server error -+ - **200** – no error -+ - **204** – no error -+ - **500** – server error - --### Display system-wide information: -+#### [Display system-wide information](#id32) - - `GET `{.descname}`/info`{.descname} - : Display system-wide information -@@ -1038,10 +1094,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Show the docker version information: -+#### [Show the docker version information](#id33) - - `GET `{.descname}`/version`{.descname} - : Show the docker version information -@@ -1063,10 +1119,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Create a new image from a container’s changes: -+#### [Create a new image from a container’s changes](#id34) - - `POST `{.descname}`/commit`{.descname} - : Create a new image from a container’s changes -@@ -1086,22 +1142,22 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **container** – source container -- - **repo** – repository -- - **tag** – tag -- - **m** – commit message -- - **author** – author (eg. “John Hannibal Smith -+ - **container** – source container -+ - **repo** – repository -+ - **tag** – tag -+ - **m** – commit message -+ - **author** – author (eg. “John Hannibal Smith - \<[hannibal@a-team.com](mailto:hannibal%40a-team.com)\>”) -- - **run** – config automatically applied when the image is run. -+ - **run** – config automatically applied when the image is run. - (ex: {“Cmd”: [“cat”, “/world”], “PortSpecs”:[“22”]}) - - Status Codes: - -- - **201** – no error -- - **404** – no such container -- - **500** – server error -+ - **201** – no error -+ - **404** – no such container -+ - **500** – server error - --### Monitor Docker’s events: -+#### [Monitor Docker’s events](#id35) - - `GET `{.descname}`/events`{.descname} - : Get events from docker, either in real time via streaming, or via -@@ -1125,14 +1181,14 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **since** – timestamp used for polling -+ - **since** – timestamp used for polling - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Get a tarball containing all images and tags in a repository: -+#### [Get a tarball containing all images and tags in a repository](#id36) - - `GET `{.descname}`/images/`{.descname}(*name*)`/get`{.descname} - : Get a tarball containing all images and metadata for the repository -@@ -1153,7 +1209,7 @@ page_keywords: API, Docker, rcli, REST, documentation - :statuscode 200: no error - :statuscode 500: server error - --### Load a tarball with a set of images and tags into docker: -+#### [Load a tarball with a set of images and tags into docker](#id37) - - `POST `{.descname}`/images/load`{.descname} - : Load a set of images and tags into the docker repository. -@@ -1173,35 +1229,35 @@ page_keywords: API, Docker, rcli, REST, documentation - :statuscode 200: no error - :statuscode 500: server error - --## Going Further -+## [3. Going further](#id38) - --### Inside ‘docker run’ -+### [3.1 Inside ‘docker run’](#id39) - - Here are the steps of ‘docker run’ : - --- Create the container -+- Create the container - --- If the status code is 404, it means the image doesn’t exists: -- : - Try to pull it -- - Then retry to create the container -+- If the status code is 404, it means the image doesn’t exists: -+ : - Try to pull it -+ - Then retry to create the container - --- Start the container -+- Start the container - --- If you are not in detached mode: -- : - Attach to the container, using logs=1 (to have stdout and -+- If you are not in detached mode: -+ : - Attach to the container, using logs=1 (to have stdout and - stderr from the container’s start) and stream=1 - --- If in detached mode or only stdin is attached: -- : - Display the container’s id -+- If in detached mode or only stdin is attached: -+ : - Display the container’s id - --### Hijacking -+### [3.2 Hijacking](#id40) - - In this version of the API, /attach, uses hijacking to transport stdin, - stdout and stderr on the same socket. This might change in the future. - --### CORS Requests -+### [3.3 CORS Requests](#id41) - - To enable cross origin requests to the remote api add the flag --“-api-enable-cors” when running docker in daemon mode. -+“–api-enable-cors” when running docker in daemon mode. - -- docker -d -H="192.168.1.9:4243" -api-enable-cors -+ docker -d -H="192.168.1.9:4243" --api-enable-cors -diff --git a/docs/sources/reference/api/docker_remote_api_v1.8.md b/docs/sources/reference/api/docker_remote_api_v1.8.md -index 49c8fb6..115cabc 100644 ---- a/docs/sources/reference/api/docker_remote_api_v1.8.md -+++ b/docs/sources/reference/api/docker_remote_api_v1.8.md -@@ -2,24 +2,80 @@ page_title: Remote API v1.8 - page_description: API Documentation for Docker - page_keywords: API, Docker, rcli, REST, documentation - --# Docker Remote API v1.8 -- --## Introduction -- --- The Remote API has replaced rcli --- The daemon listens on `unix:///var/run/docker.sock`{.docutils -- .literal}, but you can [*Bind Docker to another host/port or a Unix -- socket*](../../../use/basics/#bind-docker). --- The API tends to be REST, but for some complex commands, like -- `attach` or `pull`{.docutils .literal}, the HTTP -- connection is hijacked to transport `stdout, stdin`{.docutils -- .literal} and `stderr` -- --## Endpoints -- --### Containers -- --### List containers: -+# [Docker Remote API v1.8](#id1) -+ -+Table of Contents -+ -+- [Docker Remote API v1.8](#docker-remote-api-v1-8) -+ - [1. Brief introduction](#brief-introduction) -+ - [2. Endpoints](#endpoints) -+ - [2.1 Containers](#containers) -+ - [List containers](#list-containers) -+ - [Create a container](#create-a-container) -+ - [Inspect a container](#inspect-a-container) -+ - [List processes running inside a -+ container](#list-processes-running-inside-a-container) -+ - [Inspect changes on a container’s -+ filesystem](#inspect-changes-on-a-container-s-filesystem) -+ - [Export a container](#export-a-container) -+ - [Start a container](#start-a-container) -+ - [Stop a container](#stop-a-container) -+ - [Restart a container](#restart-a-container) -+ - [Kill a container](#kill-a-container) -+ - [Attach to a container](#attach-to-a-container) -+ - [Wait a container](#wait-a-container) -+ - [Remove a container](#remove-a-container) -+ - [Copy files or folders from a -+ container](#copy-files-or-folders-from-a-container) -+ - [2.2 Images](#images) -+ - [List Images](#list-images) -+ - [Create an image](#create-an-image) -+ - [Insert a file in an image](#insert-a-file-in-an-image) -+ - [Inspect an image](#inspect-an-image) -+ - [Get the history of an -+ image](#get-the-history-of-an-image) -+ - [Push an image on the -+ registry](#push-an-image-on-the-registry) -+ - [Tag an image into a -+ repository](#tag-an-image-into-a-repository) -+ - [Remove an image](#remove-an-image) -+ - [Search images](#search-images) -+ - [2.3 Misc](#misc) -+ - [Build an image from Dockerfile via -+ stdin](#build-an-image-from-dockerfile-via-stdin) -+ - [Check auth configuration](#check-auth-configuration) -+ - [Display system-wide -+ information](#display-system-wide-information) -+ - [Show the docker version -+ information](#show-the-docker-version-information) -+ - [Create a new image from a container’s -+ changes](#create-a-new-image-from-a-container-s-changes) -+ - [Monitor Docker’s events](#monitor-docker-s-events) -+ - [Get a tarball containing all images and tags in a -+ repository](#get-a-tarball-containing-all-images-and-tags-in-a-repository) -+ - [Load a tarball with a set of images and tags into -+ docker](#load-a-tarball-with-a-set-of-images-and-tags-into-docker) -+ - [3. Going further](#going-further) -+ - [3.1 Inside ‘docker run’](#inside-docker-run) -+ - [3.2 Hijacking](#hijacking) -+ - [3.3 CORS Requests](#cors-requests) -+ -+## [1. Brief introduction](#id2) -+ -+- The Remote API has replaced rcli -+- The daemon listens on `unix:///var/run/docker.sock`{.docutils -+ .literal}, but you can [*Bind Docker to another host/port or a Unix -+ socket*](../../../use/basics/#bind-docker). -+- The API tends to be REST, but for some complex commands, like -+ `attach` or `pull`{.docutils .literal}, the HTTP -+ connection is hijacked to transport `stdout, stdin`{.docutils -+ .literal} and `stderr` -+ -+## [2. Endpoints](#id3) -+ -+### [2.1 Containers](#id4) -+ -+#### [List containers](#id5) - - `GET `{.descname}`/containers/json`{.descname} - : List containers -@@ -80,24 +136,24 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **all** – 1/True/true or 0/False/false, Show all containers. -+ - **all** – 1/True/true or 0/False/false, Show all containers. - Only running containers are shown by default -- - **limit** – Show `limit` last created -+ - **limit** – Show `limit` last created - containers, include non-running ones. -- - **since** – Show only containers created since Id, include -+ - **since** – Show only containers created since Id, include - non-running ones. -- - **before** – Show only containers created before Id, include -+ - **before** – Show only containers created before Id, include - non-running ones. -- - **size** – 1/True/true or 0/False/false, Show the containers -+ - **size** – 1/True/true or 0/False/false, Show the containers - sizes - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **500** – server error - --### Create a container: -+#### [Create a container](#id6) - - `POST `{.descname}`/containers/create`{.descname} - : Create a container -@@ -150,36 +206,36 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **Hostname** – Container host name -- - **User** – Username or UID -- - **Memory** – Memory Limit in bytes -- - **CpuShares** – CPU shares (relative weight -- - **AttachStdin** – 1/True/true or 0/False/false, attach to -+ - **Hostname** – Container host name -+ - **User** – Username or UID -+ - **Memory** – Memory Limit in bytes -+ - **CpuShares** – CPU shares (relative weight) -+ - **AttachStdin** – 1/True/true or 0/False/false, attach to - standard input. Default false -- - **AttachStdout** – 1/True/true or 0/False/false, attach to -+ - **AttachStdout** – 1/True/true or 0/False/false, attach to - standard output. Default false -- - **AttachStderr** – 1/True/true or 0/False/false, attach to -+ - **AttachStderr** – 1/True/true or 0/False/false, attach to - standard error. Default false -- - **Tty** – 1/True/true or 0/False/false, allocate a pseudo-tty. -+ - **Tty** – 1/True/true or 0/False/false, allocate a pseudo-tty. - Default false -- - **OpenStdin** – 1/True/true or 0/False/false, keep stdin open -+ - **OpenStdin** – 1/True/true or 0/False/false, keep stdin open - even if not attached. Default false - - Query Parameters: - -   - -- - **name** – Assign the specified name to the container. Must -+ - **name** – Assign the specified name to the container. Must - match `/?[a-zA-Z0-9_-]+`. - - Status Codes: - -- - **201** – no error -- - **404** – no such container -- - **406** – impossible to attach (container not running -- - **500** – server error -+ - **201** – no error -+ - **404** – no such container -+ - **406** – impossible to attach (container not running) -+ - **500** – server error - --### Inspect a container: -+#### [Inspect a container](#id7) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/json`{.descname} - : Return low-level information on the container `id`{.docutils -@@ -260,11 +316,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### List processes running inside a container: -+#### [List processes running inside a container](#id8) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/top`{.descname} - : List processes running inside the container `id` -@@ -302,15 +358,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **ps\_args** – ps arguments to use (eg. aux -+ - **ps\_args** – ps arguments to use (eg. aux) - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Inspect changes on a container’s filesystem: -+#### [Inspect changes on a container’s filesystem](#id9) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/changes`{.descname} - : Inspect changes on container `id` ‘s filesystem -@@ -341,11 +397,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Export a container: -+#### [Export a container](#id10) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/export`{.descname} - : Export the contents of container `id` -@@ -363,11 +419,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Start a container: -+#### [Start a container](#id11) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/start`{.descname} - : Start the container `id` -@@ -394,24 +450,24 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **Binds** – Create a bind mount to a directory or file with -+ - **Binds** – Create a bind mount to a directory or file with - [host-path]:[container-path]:[rw|ro]. If a directory - “container-path” is missing, then docker creates a new volume. -- - **LxcConf** – Map of custom lxc options -- - **PortBindings** – Expose ports from the container, optionally -+ - **LxcConf** – Map of custom lxc options -+ - **PortBindings** – Expose ports from the container, optionally - publishing them via the HostPort flag -- - **PublishAllPorts** – 1/True/true or 0/False/false, publish all -+ - **PublishAllPorts** – 1/True/true or 0/False/false, publish all - exposed ports to the host interfaces. Default false -- - **Privileged** – 1/True/true or 0/False/false, give extended -+ - **Privileged** – 1/True/true or 0/False/false, give extended - privileges to this container. Default false - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Stop a container: -+#### [Stop a container](#id12) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/stop`{.descname} - : Stop the container `id` -@@ -428,15 +484,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – number of seconds to wait before killing the container -+ - **t** – number of seconds to wait before killing the container - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Restart a container: -+#### [Restart a container](#id13) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/restart`{.descname} - : Restart the container `id` -@@ -453,15 +509,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – number of seconds to wait before killing the container -+ - **t** – number of seconds to wait before killing the container - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Kill a container: -+#### [Kill a container](#id14) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/kill`{.descname} - : Kill the container `id` -@@ -476,11 +532,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - --### Attach to a container: -+#### [Attach to a container](#id15) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/attach`{.descname} - : Attach to the container `id` -@@ -500,23 +556,23 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **logs** – 1/True/true or 0/False/false, return logs. Default -+ - **logs** – 1/True/true or 0/False/false, return logs. Default - false -- - **stream** – 1/True/true or 0/False/false, return stream. -+ - **stream** – 1/True/true or 0/False/false, return stream. - Default false -- - **stdin** – 1/True/true or 0/False/false, if stream=true, attach -+ - **stdin** – 1/True/true or 0/False/false, if stream=true, attach - to stdin. Default false -- - **stdout** – 1/True/true or 0/False/false, if logs=true, return -+ - **stdout** – 1/True/true or 0/False/false, if logs=true, return - stdout log, if stream=true, attach to stdout. Default false -- - **stderr** – 1/True/true or 0/False/false, if logs=true, return -+ - **stderr** – 1/True/true or 0/False/false, if logs=true, return - stderr log, if stream=true, attach to stderr. Default false - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **404** – no such container -+ - **500** – server error - - **Stream details**: - -@@ -541,9 +597,9 @@ page_keywords: API, Docker, rcli, REST, documentation - - `STREAM_TYPE` can be: - -- - 0: stdin (will be writen on stdout -- - 1: stdout -- - 2: stderr -+ - 0: stdin (will be writen on stdout) -+ - 1: stdout -+ - 2: stderr - - `SIZE1, SIZE2, SIZE3, SIZE4` are the 4 bytes of - the uint32 size encoded as big endian. -@@ -560,9 +616,9 @@ page_keywords: API, Docker, rcli, REST, documentation - 2. chose stdout or stderr depending on the first byte - 3. Extract the frame size from the last 4 byets - 4. Read the extracted size and output it on the correct output -- 5. Goto 1 -+ 5. Goto 1) - --### Wait a container: -+#### [Wait a container](#id16) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/wait`{.descname} - : Block until container `id` stops, then returns -@@ -581,13 +637,13 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Remove a container: -+#### [Remove a container](#id17) - -- `DELETE `{.descname}`/containers/`{.descname}(*id* -+ `DELETE `{.descname}`/containers/`{.descname}(*id*) - : Remove the container `id` from the filesystem - - **Example request**: -@@ -602,17 +658,17 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **v** – 1/True/true or 0/False/false, Remove the volumes -+ - **v** – 1/True/true or 0/False/false, Remove the volumes - associated to the container. Default false - - Status Codes: - -- - **204** – no error -- - **400** – bad parameter -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **400** – bad parameter -+ - **404** – no such container -+ - **500** – server error - --### Copy files or folders from a container: -+#### [Copy files or folders from a container](#id18) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/copy`{.descname} - : Copy files or folders of container `id` -@@ -635,13 +691,13 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Images -+### [2.2 Images](#id19) - --### List Images: -+#### [List Images](#id20) - - `GET `{.descname}`/images/json`{.descname} - : **Example request**: -@@ -678,7 +734,7 @@ page_keywords: API, Docker, rcli, REST, documentation - } - ] - --### Create an image: -+#### [Create an image](#id21) - - `POST `{.descname}`/images/create`{.descname} - : Create an image, either by pull it from the registry or by importing -@@ -706,24 +762,24 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **fromImage** – name of the image to pull -- - **fromSrc** – source to import, - means stdin -- - **repo** – repository -- - **tag** – tag -- - **registry** – the registry to pull from -+ - **fromImage** – name of the image to pull -+ - **fromSrc** – source to import, - means stdin -+ - **repo** – repository -+ - **tag** – tag -+ - **registry** – the registry to pull from - - Request Headers: - -   - -- - **X-Registry-Auth** – base64-encoded AuthConfig object -+ - **X-Registry-Auth** – base64-encoded AuthConfig object - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Insert a file in an image: -+#### [Insert a file in an image](#id22) - - `POST `{.descname}`/images/`{.descname}(*name*)`/insert`{.descname} - : Insert a file from `url` in the image -@@ -745,10 +801,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Inspect an image: -+#### [Inspect an image](#id23) - - `GET `{.descname}`/images/`{.descname}(*name*)`/json`{.descname} - : Return low-level information on the image `name` -@@ -793,11 +849,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Get the history of an image: -+#### [Get the history of an image](#id24) - - `GET `{.descname}`/images/`{.descname}(*name*)`/history`{.descname} - : Return the history of the image `name` -@@ -826,11 +882,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Push an image on the registry: -+#### [Push an image on the registry](#id25) - - `POST `{.descname}`/images/`{.descname}(*name*)`/push`{.descname} - : Push the image `name` on the registry -@@ -853,22 +909,22 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **registry** – the registry you wan to push, optional -+ - **registry** – the registry you wan to push, optional - - Request Headers: - -   - -- - **X-Registry-Auth** – include a base64-encoded AuthConfig -+ - **X-Registry-Auth** – include a base64-encoded AuthConfig - object. - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Tag an image into a repository: -+#### [Tag an image into a repository](#id26) - - `POST `{.descname}`/images/`{.descname}(*name*)`/tag`{.descname} - : Tag the image `name` into a repository -@@ -885,20 +941,20 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **repo** – The repository to tag in -- - **force** – 1/True/true or 0/False/false, default false -+ - **repo** – The repository to tag in -+ - **force** – 1/True/true or 0/False/false, default false - - Status Codes: - -- - **201** – no error -- - **400** – bad parameter -- - **404** – no such image -- - **409** – conflict -- - **500** – server error -+ - **201** – no error -+ - **400** – bad parameter -+ - **404** – no such image -+ - **409** – conflict -+ - **500** – server error - --### Remove an image: -+#### [Remove an image](#id27) - -- `DELETE `{.descname}`/images/`{.descname}(*name* -+ `DELETE `{.descname}`/images/`{.descname}(*name*) - : Remove the image `name` from the filesystem - - **Example request**: -@@ -918,12 +974,12 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **409** – conflict -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **409** – conflict -+ - **500** – server error - --### Search images: -+#### [Search images](#id28) - - `GET `{.descname}`/images/search`{.descname} - : Search for an image in the docker index. -@@ -971,16 +1027,16 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **term** – term to search -+ - **term** – term to search - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Misc -+### [2.3 Misc](#id29) - --### Build an image from Dockerfile via stdin: -+#### [Build an image from Dockerfile via stdin](#id30) - - `POST `{.descname}`/build`{.descname} - : Build an image from Dockerfile via stdin -@@ -1012,25 +1068,25 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – repository name (and optionally a tag) to be applied to -+ - **t** – repository name (and optionally a tag) to be applied to - the resulting image in case of success -- - **q** – suppress verbose build output -- - **nocache** – do not use the cache when building the image -+ - **q** – suppress verbose build output -+ - **nocache** – do not use the cache when building the image - - Request Headers: - -   - -- - **Content-type** – should be set to -+ - **Content-type** – should be set to - `"application/tar"`. -- - **X-Registry-Auth** – base64-encoded AuthConfig object -+ - **X-Registry-Auth** – base64-encoded AuthConfig object - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Check auth configuration: -+#### [Check auth configuration](#id31) - - `POST `{.descname}`/auth`{.descname} - : Get the default username and email -@@ -1053,11 +1109,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **204** – no error -- - **500** – server error -+ - **200** – no error -+ - **204** – no error -+ - **500** – server error - --### Display system-wide information: -+#### [Display system-wide information](#id32) - - `GET `{.descname}`/info`{.descname} - : Display system-wide information -@@ -1084,10 +1140,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Show the docker version information: -+#### [Show the docker version information](#id33) - - `GET `{.descname}`/version`{.descname} - : Show the docker version information -@@ -1109,10 +1165,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Create a new image from a container’s changes: -+#### [Create a new image from a container’s changes](#id34) - - `POST `{.descname}`/commit`{.descname} - : Create a new image from a container’s changes -@@ -1132,26 +1188,26 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **container** – source container -- - **repo** – repository -- - **tag** – tag -- - **m** – commit message -- - **author** – author (eg. “John Hannibal Smith -- \<[hannibal@a-team.com](mailto:hannibal%40a-team.com)\>” -- - **run** – config automatically applied when the image is run. -- (ex: {“Cmd”: [“cat”, “/world”], “PortSpecs”:[“22”]} -+ - **container** – source container -+ - **repo** – repository -+ - **tag** – tag -+ - **m** – commit message -+ - **author** – author (eg. “John Hannibal Smith -+ \<[hannibal@a-team.com](mailto:hannibal%40a-team.com)\>”) -+ - **run** – config automatically applied when the image is run. -+ (ex: {“Cmd”: [“cat”, “/world”], “PortSpecs”:[“22”]}) - - Status Codes: - -- - **201** – no error -- - **404** – no such container -- - **500** – server error -+ - **201** – no error -+ - **404** – no such container -+ - **500** – server error - --### Monitor Docker’s events: -+#### [Monitor Docker’s events](#id35) - - `GET `{.descname}`/events`{.descname} - : Get events from docker, either in real time via streaming, or via -- polling (using since -+ polling (using since) - - **Example request**: - -@@ -1171,14 +1227,14 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **since** – timestamp used for polling -+ - **since** – timestamp used for polling - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Get a tarball containing all images and tags in a repository: -+#### [Get a tarball containing all images and tags in a repository](#id36) - - `GET `{.descname}`/images/`{.descname}(*name*)`/get`{.descname} - : Get a tarball containing all images and metadata for the repository -@@ -1197,10 +1253,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Load a tarball with a set of images and tags into docker: -+#### [Load a tarball with a set of images and tags into docker](#id37) - - `POST `{.descname}`/images/load`{.descname} - : Load a set of images and tags into the docker repository. -@@ -1217,38 +1273,38 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --## Going Further -+## [3. Going further](#id38) - --### Inside ‘docker run’ -+### [3.1 Inside ‘docker run’](#id39) - - Here are the steps of ‘docker run’ : - --- Create the container -+- Create the container - --- If the status code is 404, it means the image doesn’t exists: -- : - Try to pull it -- - Then retry to create the container -+- If the status code is 404, it means the image doesn’t exists: -+ : - Try to pull it -+ - Then retry to create the container - --- Start the container -+- Start the container - --- If you are not in detached mode: -- : - Attach to the container, using logs=1 (to have stdout and -+- If you are not in detached mode: -+ : - Attach to the container, using logs=1 (to have stdout and - stderr from the container’s start) and stream=1 - --- If in detached mode or only stdin is attached: -- : - Display the container’s id -+- If in detached mode or only stdin is attached: -+ : - Display the container’s id - --### Hijacking -+### [3.2 Hijacking](#id40) - - In this version of the API, /attach, uses hijacking to transport stdin, - stdout and stderr on the same socket. This might change in the future. - --### CORS Requests -+### [3.3 CORS Requests](#id41) - - To enable cross origin requests to the remote api add the flag --“-api-enable-cors” when running docker in daemon mode. -+“–api-enable-cors” when running docker in daemon mode. - -- docker -d -H="192.168.1.9:4243" -api-enable-cors -+ docker -d -H="192.168.1.9:4243" --api-enable-cors -diff --git a/docs/sources/reference/api/docker_remote_api_v1.9.md b/docs/sources/reference/api/docker_remote_api_v1.9.md -index 658835c..c25f837 100644 ---- a/docs/sources/reference/api/docker_remote_api_v1.9.md -+++ b/docs/sources/reference/api/docker_remote_api_v1.9.md -@@ -2,24 +2,80 @@ page_title: Remote API v1.9 - page_description: API Documentation for Docker - page_keywords: API, Docker, rcli, REST, documentation - --# Docker Remote API v1.9 -- --## Introduction -- --- The Remote API has replaced rcli --- The daemon listens on `unix:///var/run/docker.sock`{.docutils -- .literal}, but you can [*Bind Docker to another host/port or a Unix -- socket*](../../../use/basics/#bind-docker). --- The API tends to be REST, but for some complex commands, like -- `attach` or `pull`{.docutils .literal}, the HTTP -- connection is hijacked to transport `stdout, stdin`{.docutils -- .literal} and `stderr` -- --## Endpoints -- --## Containers -- --### List containers: -+# [Docker Remote API v1.9](#id1) -+ -+Table of Contents -+ -+- [Docker Remote API v1.9](#docker-remote-api-v1-9) -+ - [1. Brief introduction](#brief-introduction) -+ - [2. Endpoints](#endpoints) -+ - [2.1 Containers](#containers) -+ - [List containers](#list-containers) -+ - [Create a container](#create-a-container) -+ - [Inspect a container](#inspect-a-container) -+ - [List processes running inside a -+ container](#list-processes-running-inside-a-container) -+ - [Inspect changes on a container’s -+ filesystem](#inspect-changes-on-a-container-s-filesystem) -+ - [Export a container](#export-a-container) -+ - [Start a container](#start-a-container) -+ - [Stop a container](#stop-a-container) -+ - [Restart a container](#restart-a-container) -+ - [Kill a container](#kill-a-container) -+ - [Attach to a container](#attach-to-a-container) -+ - [Wait a container](#wait-a-container) -+ - [Remove a container](#remove-a-container) -+ - [Copy files or folders from a -+ container](#copy-files-or-folders-from-a-container) -+ - [2.2 Images](#images) -+ - [List Images](#list-images) -+ - [Create an image](#create-an-image) -+ - [Insert a file in an image](#insert-a-file-in-an-image) -+ - [Inspect an image](#inspect-an-image) -+ - [Get the history of an -+ image](#get-the-history-of-an-image) -+ - [Push an image on the -+ registry](#push-an-image-on-the-registry) -+ - [Tag an image into a -+ repository](#tag-an-image-into-a-repository) -+ - [Remove an image](#remove-an-image) -+ - [Search images](#search-images) -+ - [2.3 Misc](#misc) -+ - [Build an image from -+ Dockerfile](#build-an-image-from-dockerfile) -+ - [Check auth configuration](#check-auth-configuration) -+ - [Display system-wide -+ information](#display-system-wide-information) -+ - [Show the docker version -+ information](#show-the-docker-version-information) -+ - [Create a new image from a container’s -+ changes](#create-a-new-image-from-a-container-s-changes) -+ - [Monitor Docker’s events](#monitor-docker-s-events) -+ - [Get a tarball containing all images and tags in a -+ repository](#get-a-tarball-containing-all-images-and-tags-in-a-repository) -+ - [Load a tarball with a set of images and tags into -+ docker](#load-a-tarball-with-a-set-of-images-and-tags-into-docker) -+ - [3. Going further](#going-further) -+ - [3.1 Inside ‘docker run’](#inside-docker-run) -+ - [3.2 Hijacking](#hijacking) -+ - [3.3 CORS Requests](#cors-requests) -+ -+## [1. Brief introduction](#id2) -+ -+- The Remote API has replaced rcli -+- The daemon listens on `unix:///var/run/docker.sock`{.docutils -+ .literal}, but you can [*Bind Docker to another host/port or a Unix -+ socket*](../../../use/basics/#bind-docker). -+- The API tends to be REST, but for some complex commands, like -+ `attach` or `pull`{.docutils .literal}, the HTTP -+ connection is hijacked to transport `stdout, stdin`{.docutils -+ .literal} and `stderr` -+ -+## [2. Endpoints](#id3) -+ -+### [2.1 Containers](#id4) -+ -+#### [List containers](#id5) - - `GET `{.descname}`/containers/json`{.descname} - : List containers -@@ -80,24 +136,24 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **all** – 1/True/true or 0/False/false, Show all containers. -+ - **all** – 1/True/true or 0/False/false, Show all containers. - Only running containers are shown by default -- - **limit** – Show `limit` last created -+ - **limit** – Show `limit` last created - containers, include non-running ones. -- - **since** – Show only containers created since Id, include -+ - **since** – Show only containers created since Id, include - non-running ones. -- - **before** – Show only containers created before Id, include -+ - **before** – Show only containers created before Id, include - non-running ones. -- - **size** – 1/True/true or 0/False/false, Show the containers -+ - **size** – 1/True/true or 0/False/false, Show the containers - sizes - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **500** – server error - --### Create a container: -+#### [Create a container](#id6) - - `POST `{.descname}`/containers/create`{.descname} - : Create a container -@@ -150,36 +206,36 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **Hostname** – Container host name -- - **User** – Username or UID -- - **Memory** – Memory Limit in bytes -- - **CpuShares** – CPU shares (relative weight) -- - **AttachStdin** – 1/True/true or 0/False/false, attach to -+ - **Hostname** – Container host name -+ - **User** – Username or UID -+ - **Memory** – Memory Limit in bytes -+ - **CpuShares** – CPU shares (relative weight) -+ - **AttachStdin** – 1/True/true or 0/False/false, attach to - standard input. Default false -- - **AttachStdout** – 1/True/true or 0/False/false, attach to -+ - **AttachStdout** – 1/True/true or 0/False/false, attach to - standard output. Default false -- - **AttachStderr** – 1/True/true or 0/False/false, attach to -+ - **AttachStderr** – 1/True/true or 0/False/false, attach to - standard error. Default false -- - **Tty** – 1/True/true or 0/False/false, allocate a pseudo-tty. -+ - **Tty** – 1/True/true or 0/False/false, allocate a pseudo-tty. - Default false -- - **OpenStdin** – 1/True/true or 0/False/false, keep stdin open -+ - **OpenStdin** – 1/True/true or 0/False/false, keep stdin open - even if not attached. Default false - - Query Parameters: - -   - -- - **name** – Assign the specified name to the container. Must -+ - **name** – Assign the specified name to the container. Must - match `/?[a-zA-Z0-9_-]+`. - - Status Codes: - -- - **201** – no error -- - **404** – no such container -- - **406** – impossible to attach (container not running) -- - **500** – server error -+ - **201** – no error -+ - **404** – no such container -+ - **406** – impossible to attach (container not running) -+ - **500** – server error - --### Inspect a container: -+#### [Inspect a container](#id7) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/json`{.descname} - : Return low-level information on the container `id`{.docutils -@@ -260,11 +316,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### List processes running inside a container: -+#### [List processes running inside a container](#id8) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/top`{.descname} - : List processes running inside the container `id` -@@ -302,15 +358,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **ps\_args** – ps arguments to use (eg. aux) -+ - **ps\_args** – ps arguments to use (eg. aux) - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Inspect changes on a container’s filesystem: -+#### [Inspect changes on a container’s filesystem](#id9) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/changes`{.descname} - : Inspect changes on container `id` ‘s filesystem -@@ -341,12 +397,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -- --### Export a container: -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - -+#### [Export a container](#id10) - - `GET `{.descname}`/containers/`{.descname}(*id*)`/export`{.descname} - : Export the contents of container `id` -@@ -364,12 +419,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -- --### Start a container: -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - -+#### [Start a container](#id11) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/start`{.descname} - : Start the container `id` -@@ -396,25 +450,24 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **Binds** – Create a bind mount to a directory or file with -+ - **Binds** – Create a bind mount to a directory or file with - [host-path]:[container-path]:[rw|ro]. If a directory - “container-path” is missing, then docker creates a new volume. -- - **LxcConf** – Map of custom lxc options -- - **PortBindings** – Expose ports from the container, optionally -+ - **LxcConf** – Map of custom lxc options -+ - **PortBindings** – Expose ports from the container, optionally - publishing them via the HostPort flag -- - **PublishAllPorts** – 1/True/true or 0/False/false, publish all -+ - **PublishAllPorts** – 1/True/true or 0/False/false, publish all - exposed ports to the host interfaces. Default false -- - **Privileged** – 1/True/true or 0/False/false, give extended -+ - **Privileged** – 1/True/true or 0/False/false, give extended - privileges to this container. Default false - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -- --### Stop a container: -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - -+#### [Stop a container](#id12) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/stop`{.descname} - : Stop the container `id` -@@ -431,16 +484,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – number of seconds to wait before killing the container -+ - **t** – number of seconds to wait before killing the container - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -- --### Restart a container: -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - -+#### [Restart a container](#id13) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/restart`{.descname} - : Restart the container `id` -@@ -457,16 +509,15 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – number of seconds to wait before killing the container -+ - **t** – number of seconds to wait before killing the container - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -- --### Kill a container: -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - -+#### [Kill a container](#id14) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/kill`{.descname} - : Kill the container `id` -@@ -481,12 +532,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **204** – no error -- - **404** – no such container -- - **500** – server error -- --### Attach to a container: -+ - **204** – no error -+ - **404** – no such container -+ - **500** – server error - -+#### [Attach to a container](#id15) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/attach`{.descname} - : Attach to the container `id` -@@ -506,23 +556,23 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **logs** – 1/True/true or 0/False/false, return logs. Default -+ - **logs** – 1/True/true or 0/False/false, return logs. Default - false -- - **stream** – 1/True/true or 0/False/false, return stream. -+ - **stream** – 1/True/true or 0/False/false, return stream. - Default false -- - **stdin** – 1/True/true or 0/False/false, if stream=true, attach -+ - **stdin** – 1/True/true or 0/False/false, if stream=true, attach - to stdin. Default false -- - **stdout** – 1/True/true or 0/False/false, if logs=true, return -+ - **stdout** – 1/True/true or 0/False/false, if logs=true, return - stdout log, if stream=true, attach to stdout. Default false -- - **stderr** – 1/True/true or 0/False/false, if logs=true, return -+ - **stderr** – 1/True/true or 0/False/false, if logs=true, return - stderr log, if stream=true, attach to stderr. Default false - - Status Codes: - -- - **200** – no error -- - **400** – bad parameter -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **400** – bad parameter -+ - **404** – no such container -+ - **500** – server error - - **Stream details**: - -@@ -547,9 +597,9 @@ page_keywords: API, Docker, rcli, REST, documentation - - `STREAM_TYPE` can be: - -- - 0: stdin (will be writen on stdout) -- - 1: stdout -- - 2: stderr -+ - 0: stdin (will be writen on stdout) -+ - 1: stdout -+ - 2: stderr - - `SIZE1, SIZE2, SIZE3, SIZE4` are the 4 bytes of - the uint32 size encoded as big endian. -@@ -568,7 +618,7 @@ page_keywords: API, Docker, rcli, REST, documentation - 4. Read the extracted size and output it on the correct output - 5. Goto 1) - --### Wait a container: -+#### [Wait a container](#id16) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/wait`{.descname} - : Block until container `id` stops, then returns -@@ -587,11 +637,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --### Remove a container: -+#### [Remove a container](#id17) - - `DELETE `{.descname}`/containers/`{.descname}(*id*) - : Remove the container `id` from the filesystem -@@ -608,17 +658,17 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **v** – 1/True/true or 0/False/false, Remove the volumes -+ - **v** – 1/True/true or 0/False/false, Remove the volumes - associated to the container. Default false - - Status Codes: - -- - **204** – no error -- - **400** – bad parameter -- - **404** – no such container -- - **500** – server error -+ - **204** – no error -+ - **400** – bad parameter -+ - **404** – no such container -+ - **500** – server error - --### Copy files or folders from a container: -+#### [Copy files or folders from a container](#id18) - - `POST `{.descname}`/containers/`{.descname}(*id*)`/copy`{.descname} - : Copy files or folders of container `id` -@@ -641,13 +691,13 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such container -- - **500** – server error -+ - **200** – no error -+ - **404** – no such container -+ - **500** – server error - --## Images -+### [2.2 Images](#id19) - --### List Images: -+#### [List Images](#id20) - - `GET `{.descname}`/images/json`{.descname} - : **Example request**: -@@ -684,7 +734,7 @@ page_keywords: API, Docker, rcli, REST, documentation - } - ] - --### Create an image: -+#### [Create an image](#id21) - - `POST `{.descname}`/images/create`{.descname} - : Create an image, either by pull it from the registry or by importing -@@ -712,25 +762,24 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **fromImage** – name of the image to pull -- - **fromSrc** – source to import, - means stdin -- - **repo** – repository -- - **tag** – tag -- - **registry** – the registry to pull from -+ - **fromImage** – name of the image to pull -+ - **fromSrc** – source to import, - means stdin -+ - **repo** – repository -+ - **tag** – tag -+ - **registry** – the registry to pull from - - Request Headers: - -   - -- - **X-Registry-Auth** – base64-encoded AuthConfig object -+ - **X-Registry-Auth** – base64-encoded AuthConfig object - - Status Codes: - -- - **200** – no error -- - **500** – server error -- --### Insert a file in an image: -+ - **200** – no error -+ - **500** – server error - -+#### [Insert a file in an image](#id22) - - `POST `{.descname}`/images/`{.descname}(*name*)`/insert`{.descname} - : Insert a file from `url` in the image -@@ -752,10 +801,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Inspect an image: -+#### [Inspect an image](#id23) - - `GET `{.descname}`/images/`{.descname}(*name*)`/json`{.descname} - : Return low-level information on the image `name` -@@ -800,11 +849,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Get the history of an image: -+#### [Get the history of an image](#id24) - - `GET `{.descname}`/images/`{.descname}(*name*)`/history`{.descname} - : Return the history of the image `name` -@@ -833,12 +882,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -- --### Push an image on the registry: -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - -+#### [Push an image on the registry](#id25) - - `POST `{.descname}`/images/`{.descname}(*name*)`/push`{.descname} - : Push the image `name` on the registry -@@ -861,22 +909,22 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **registry** – the registry you wan to push, optional -+ - **registry** – the registry you wan to push, optional - - Request Headers: - -   - -- - **X-Registry-Auth** – include a base64-encoded AuthConfig -+ - **X-Registry-Auth** – include a base64-encoded AuthConfig - object. - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **500** – server error - --### Tag an image into a repository: -+#### [Tag an image into a repository](#id26) - - `POST `{.descname}`/images/`{.descname}(*name*)`/tag`{.descname} - : Tag the image `name` into a repository -@@ -893,18 +941,18 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **repo** – The repository to tag in -- - **force** – 1/True/true or 0/False/false, default false -+ - **repo** – The repository to tag in -+ - **force** – 1/True/true or 0/False/false, default false - - Status Codes: - -- - **201** – no error -- - **400** – bad parameter -- - **404** – no such image -- - **409** – conflict -- - **500** – server error -+ - **201** – no error -+ - **400** – bad parameter -+ - **404** – no such image -+ - **409** – conflict -+ - **500** – server error - --### Remove an image: -+#### [Remove an image](#id27) - - `DELETE `{.descname}`/images/`{.descname}(*name*) - : Remove the image `name` from the filesystem -@@ -926,12 +974,12 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **404** – no such image -- - **409** – conflict -- - **500** – server error -+ - **200** – no error -+ - **404** – no such image -+ - **409** – conflict -+ - **500** – server error - --### Search images: -+#### [Search images](#id28) - - `GET `{.descname}`/images/search`{.descname} - : Search for an image in the docker index. -@@ -979,16 +1027,16 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **term** – term to search -+ - **term** – term to search - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --## Misc -+### [2.3 Misc](#id29) - --### Build an image from Dockerfile: -+#### [Build an image from Dockerfile](#id30) - - `POST `{.descname}`/build`{.descname} - : Build an image from Dockerfile using a POST body. -@@ -1020,26 +1068,26 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **t** – repository name (and optionally a tag) to be applied to -+ - **t** – repository name (and optionally a tag) to be applied to - the resulting image in case of success -- - **q** – suppress verbose build output -- - **nocache** – do not use the cache when building the image -- - **rm** – Remove intermediate containers after a successful build -+ - **q** – suppress verbose build output -+ - **nocache** – do not use the cache when building the image -+ - **rm** – Remove intermediate containers after a successful build - - Request Headers: - -   - -- - **Content-type** – should be set to -+ - **Content-type** – should be set to - `"application/tar"`. -- - **X-Registry-Config** – base64-encoded ConfigFile object -+ - **X-Registry-Config** – base64-encoded ConfigFile object - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Check auth configuration: -+#### [Check auth configuration](#id31) - - `POST `{.descname}`/auth`{.descname} - : Get the default username and email -@@ -1062,11 +1110,11 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **204** – no error -- - **500** – server error -+ - **200** – no error -+ - **204** – no error -+ - **500** – server error - --### Display system-wide information: -+#### [Display system-wide information](#id32) - - `GET `{.descname}`/info`{.descname} - : Display system-wide information -@@ -1093,10 +1141,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Show the docker version information: -+#### [Show the docker version information](#id33) - - `GET `{.descname}`/version`{.descname} - : Show the docker version information -@@ -1118,10 +1166,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Create a new image from a container’s changes: -+#### [Create a new image from a container’s changes](#id34) - - `POST `{.descname}`/commit`{.descname} - : Create a new image from a container’s changes -@@ -1141,22 +1189,22 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **container** – source container -- - **repo** – repository -- - **tag** – tag -- - **m** – commit message -- - **author** – author (eg. “John Hannibal Smith -+ - **container** – source container -+ - **repo** – repository -+ - **tag** – tag -+ - **m** – commit message -+ - **author** – author (eg. “John Hannibal Smith - \<[hannibal@a-team.com](mailto:hannibal%40a-team.com)\>”) -- - **run** – config automatically applied when the image is run. -+ - **run** – config automatically applied when the image is run. - (ex: {“Cmd”: [“cat”, “/world”], “PortSpecs”:[“22”]}) - - Status Codes: - -- - **201** – no error -- - **404** – no such container -- - **500** – server error -+ - **201** – no error -+ - **404** – no such container -+ - **500** – server error - --### Monitor Docker’s events: -+#### [Monitor Docker’s events](#id35) - - `GET `{.descname}`/events`{.descname} - : Get events from docker, either in real time via streaming, or via -@@ -1180,14 +1228,14 @@ page_keywords: API, Docker, rcli, REST, documentation - -   - -- - **since** – timestamp used for polling -+ - **since** – timestamp used for polling - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Get a tarball containing all images and tags in a repository: -+#### [Get a tarball containing all images and tags in a repository](#id36) - - `GET `{.descname}`/images/`{.descname}(*name*)`/get`{.descname} - : Get a tarball containing all images and metadata for the repository -@@ -1206,10 +1254,10 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --### Load a tarball with a set of images and tags into docker: -+#### [Load a tarball with a set of images and tags into docker](#id37) - - `POST `{.descname}`/images/load`{.descname} - : Load a set of images and tags into the docker repository. -@@ -1226,38 +1274,38 @@ page_keywords: API, Docker, rcli, REST, documentation - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - --## Going Further -+## [3. Going further](#id38) - --### Inside ‘docker run’ -+### [3.1 Inside ‘docker run’](#id39) - - Here are the steps of ‘docker run’ : - --- Create the container -+- Create the container - --- If the status code is 404, it means the image doesn’t exists: -- : - Try to pull it -- - Then retry to create the container -+- If the status code is 404, it means the image doesn’t exists: -+ : - Try to pull it -+ - Then retry to create the container - --- Start the container -+- Start the container - --- If you are not in detached mode: -- : - Attach to the container, using logs=1 (to have stdout and -+- If you are not in detached mode: -+ : - Attach to the container, using logs=1 (to have stdout and - stderr from the container’s start) and stream=1 - --- If in detached mode or only stdin is attached: -- : - Display the container’s id -+- If in detached mode or only stdin is attached: -+ : - Display the container’s id - --### Hijacking -+### [3.2 Hijacking](#id40) - - In this version of the API, /attach, uses hijacking to transport stdin, - stdout and stderr on the same socket. This might change in the future. - --### CORS Requests -+### [3.3 CORS Requests](#id41) - - To enable cross origin requests to the remote api add the flag --“-api-enable-cors” when running docker in daemon mode. -+“–api-enable-cors” when running docker in daemon mode. - -- docker -d -H="192.168.1.9:4243" -api-enable-cors -+ docker -d -H="192.168.1.9:4243" --api-enable-cors -diff --git a/docs/sources/reference/api/index_api.md b/docs/sources/reference/api/index_api.md -index 83cf36b..e9bcc2b 100644 ---- a/docs/sources/reference/api/index_api.md -+++ b/docs/sources/reference/api/index_api.md -@@ -4,17 +4,19 @@ page_keywords: API, Docker, index, REST, documentation - - # Docker Index API - --## Introduction -+## 1. Brief introduction - --- This is the REST API for the Docker index --- Authorization is done with basic auth over SSL --- Not all commands require authentication, only those noted as such. -+- This is the REST API for the Docker index -+- Authorization is done with basic auth over SSL -+- Not all commands require authentication, only those noted as such. - --## Repository -+## 2. Endpoints - --### Repositories -+### 2.1 Repository - --### User Repo -+#### Repositories -+ -+##### User Repo - - `PUT `{.descname}`/v1/repositories/`{.descname}(*namespace*)`/`{.descname}(*repo\_name*)`/`{.descname} - : Create a user repository with the given `namespace`{.docutils -@@ -33,8 +35,8 @@ page_keywords: API, Docker, index, REST, documentation - - Parameters: - -- - **namespace** – the namespace for the repo -- - **repo\_name** – the name for the repo -+ - **namespace** – the namespace for the repo -+ - **repo\_name** – the name for the repo - - **Example Response**: - -@@ -49,10 +51,10 @@ page_keywords: API, Docker, index, REST, documentation - - Status Codes: - -- - **200** – Created -- - **400** – Errors (invalid json, missing or invalid fields, etc) -- - **401** – Unauthorized -- - **403** – Account is not Active -+ - **200** – Created -+ - **400** – Errors (invalid json, missing or invalid fields, etc) -+ - **401** – Unauthorized -+ - **403** – Account is not Active - - `DELETE `{.descname}`/v1/repositories/`{.descname}(*namespace*)`/`{.descname}(*repo\_name*)`/`{.descname} - : Delete a user repository with the given `namespace`{.docutils -@@ -71,8 +73,8 @@ page_keywords: API, Docker, index, REST, documentation - - Parameters: - -- - **namespace** – the namespace for the repo -- - **repo\_name** – the name for the repo -+ - **namespace** – the namespace for the repo -+ - **repo\_name** – the name for the repo - - **Example Response**: - -@@ -87,13 +89,13 @@ page_keywords: API, Docker, index, REST, documentation - - Status Codes: - -- - **200** – Deleted -- - **202** – Accepted -- - **400** – Errors (invalid json, missing or invalid fields, etc) -- - **401** – Unauthorized -- - **403** – Account is not Active -+ - **200** – Deleted -+ - **202** – Accepted -+ - **400** – Errors (invalid json, missing or invalid fields, etc) -+ - **401** – Unauthorized -+ - **403** – Account is not Active - --### Library Repo -+##### Library Repo - - `PUT `{.descname}`/v1/repositories/`{.descname}(*repo\_name*)`/`{.descname} - : Create a library repository with the given `repo_name`{.docutils -@@ -116,7 +118,7 @@ page_keywords: API, Docker, index, REST, documentation - - Parameters: - -- - **repo\_name** – the library name for the repo -+ - **repo\_name** – the library name for the repo - - **Example Response**: - -@@ -131,10 +133,10 @@ page_keywords: API, Docker, index, REST, documentation - - Status Codes: - -- - **200** – Created -- - **400** – Errors (invalid json, missing or invalid fields, etc) -- - **401** – Unauthorized -- - **403** – Account is not Active -+ - **200** – Created -+ - **400** – Errors (invalid json, missing or invalid fields, etc) -+ - **401** – Unauthorized -+ - **403** – Account is not Active - - `DELETE `{.descname}`/v1/repositories/`{.descname}(*repo\_name*)`/`{.descname} - : Delete a library repository with the given `repo_name`{.docutils -@@ -157,7 +159,7 @@ page_keywords: API, Docker, index, REST, documentation - - Parameters: - -- - **repo\_name** – the library name for the repo -+ - **repo\_name** – the library name for the repo - - **Example Response**: - -@@ -172,15 +174,15 @@ page_keywords: API, Docker, index, REST, documentation - - Status Codes: - -- - **200** – Deleted -- - **202** – Accepted -- - **400** – Errors (invalid json, missing or invalid fields, etc) -- - **401** – Unauthorized -- - **403** – Account is not Active -+ - **200** – Deleted -+ - **202** – Accepted -+ - **400** – Errors (invalid json, missing or invalid fields, etc) -+ - **401** – Unauthorized -+ - **403** – Account is not Active - --### Repository Images -+#### Repository Images - --### User Repo Images -+##### User Repo Images - - `PUT `{.descname}`/v1/repositories/`{.descname}(*namespace*)`/`{.descname}(*repo\_name*)`/images`{.descname} - : Update the images for a user repo. -@@ -198,8 +200,8 @@ page_keywords: API, Docker, index, REST, documentation - - Parameters: - -- - **namespace** – the namespace for the repo -- - **repo\_name** – the name for the repo -+ - **namespace** – the namespace for the repo -+ - **repo\_name** – the name for the repo - - **Example Response**: - -@@ -211,10 +213,10 @@ page_keywords: API, Docker, index, REST, documentation - - Status Codes: - -- - **204** – Created -- - **400** – Errors (invalid json, missing or invalid fields, etc) -- - **401** – Unauthorized -- - **403** – Account is not Active or permission denied -+ - **204** – Created -+ - **400** – Errors (invalid json, missing or invalid fields, etc) -+ - **401** – Unauthorized -+ - **403** – Account is not Active or permission denied - - `GET `{.descname}`/v1/repositories/`{.descname}(*namespace*)`/`{.descname}(*repo\_name*)`/images`{.descname} - : get the images for a user repo. -@@ -227,8 +229,8 @@ page_keywords: API, Docker, index, REST, documentation - - Parameters: - -- - **namespace** – the namespace for the repo -- - **repo\_name** – the name for the repo -+ - **namespace** – the namespace for the repo -+ - **repo\_name** – the name for the repo - - **Example Response**: - -@@ -243,10 +245,10 @@ page_keywords: API, Docker, index, REST, documentation - - Status Codes: - -- - **200** – OK -- - **404** – Not found -+ - **200** – OK -+ - **404** – Not found - --### Library Repo Images -+##### Library Repo Images - - `PUT `{.descname}`/v1/repositories/`{.descname}(*repo\_name*)`/images`{.descname} - : Update the images for a library repo. -@@ -264,7 +266,7 @@ page_keywords: API, Docker, index, REST, documentation - - Parameters: - -- - **repo\_name** – the library name for the repo -+ - **repo\_name** – the library name for the repo - - **Example Response**: - -@@ -276,10 +278,10 @@ page_keywords: API, Docker, index, REST, documentation - - Status Codes: - -- - **204** – Created -- - **400** – Errors (invalid json, missing or invalid fields, etc) -- - **401** – Unauthorized -- - **403** – Account is not Active or permission denied -+ - **204** – Created -+ - **400** – Errors (invalid json, missing or invalid fields, etc) -+ - **401** – Unauthorized -+ - **403** – Account is not Active or permission denied - - `GET `{.descname}`/v1/repositories/`{.descname}(*repo\_name*)`/images`{.descname} - : get the images for a library repo. -@@ -292,7 +294,7 @@ page_keywords: API, Docker, index, REST, documentation - - Parameters: - -- - **repo\_name** – the library name for the repo -+ - **repo\_name** – the library name for the repo - - **Example Response**: - -@@ -307,12 +309,12 @@ page_keywords: API, Docker, index, REST, documentation - - Status Codes: - -- - **200** – OK -- - **404** – Not found -+ - **200** – OK -+ - **404** – Not found - --### Repository Authorization -+#### Repository Authorization - --### Library Repo -+##### Library Repo - - `PUT `{.descname}`/v1/repositories/`{.descname}(*repo\_name*)`/auth`{.descname} - : authorize a token for a library repo -@@ -326,7 +328,7 @@ page_keywords: API, Docker, index, REST, documentation - - Parameters: - -- - **repo\_name** – the library name for the repo -+ - **repo\_name** – the library name for the repo - - **Example Response**: - -@@ -338,11 +340,11 @@ page_keywords: API, Docker, index, REST, documentation - - Status Codes: - -- - **200** – OK -- - **403** – Permission denied -- - **404** – Not found -+ - **200** – OK -+ - **403** – Permission denied -+ - **404** – Not found - --### User Repo -+##### User Repo - - `PUT `{.descname}`/v1/repositories/`{.descname}(*namespace*)`/`{.descname}(*repo\_name*)`/auth`{.descname} - : authorize a token for a user repo -@@ -356,8 +358,8 @@ page_keywords: API, Docker, index, REST, documentation - - Parameters: - -- - **namespace** – the namespace for the repo -- - **repo\_name** – the name for the repo -+ - **namespace** – the namespace for the repo -+ - **repo\_name** – the name for the repo - - **Example Response**: - -@@ -369,13 +371,13 @@ page_keywords: API, Docker, index, REST, documentation - - Status Codes: - -- - **200** – OK -- - **403** – Permission denied -- - **404** – Not found -+ - **200** – OK -+ - **403** – Permission denied -+ - **404** – Not found - --### Users -+### 2.2 Users - --### User Login -+#### User Login - - `GET `{.descname}`/v1/users`{.descname} - : If you want to check your login, you can try this endpoint -@@ -397,11 +399,11 @@ page_keywords: API, Docker, index, REST, documentation - - Status Codes: - -- - **200** – no error -- - **401** – Unauthorized -- - **403** – Account is not Active -+ - **200** – no error -+ - **401** – Unauthorized -+ - **403** – Account is not Active - --### User Register -+#### User Register - - `POST `{.descname}`/v1/users`{.descname} - : Registering a new account. -@@ -421,10 +423,10 @@ page_keywords: API, Docker, index, REST, documentation - -   - -- - **email** – valid email address, that needs to be confirmed -- - **username** – min 4 character, max 30 characters, must match -+ - **email** – valid email address, that needs to be confirmed -+ - **username** – min 4 character, max 30 characters, must match - the regular expression [a-z0-9\_]. -- - **password** – min 5 characters -+ - **password** – min 5 characters - - **Example Response**: - -@@ -436,10 +438,10 @@ page_keywords: API, Docker, index, REST, documentation - - Status Codes: - -- - **201** – User Created -- - **400** – Errors (invalid json, missing or invalid fields, etc) -+ - **201** – User Created -+ - **400** – Errors (invalid json, missing or invalid fields, etc) - --### Update User -+#### Update User - - `PUT `{.descname}`/v1/users/`{.descname}(*username*)`/`{.descname} - : Change a password or email address for given user. If you pass in an -@@ -463,7 +465,7 @@ page_keywords: API, Docker, index, REST, documentation - - Parameters: - -- - **username** – username for the person you want to update -+ - **username** – username for the person you want to update - - **Example Response**: - -@@ -475,17 +477,17 @@ page_keywords: API, Docker, index, REST, documentation - - Status Codes: - -- - **204** – User Updated -- - **400** – Errors (invalid json, missing or invalid fields, etc) -- - **401** – Unauthorized -- - **403** – Account is not Active -- - **404** – User not found -+ - **204** – User Updated -+ - **400** – Errors (invalid json, missing or invalid fields, etc) -+ - **401** – Unauthorized -+ - **403** – Account is not Active -+ - **404** – User not found - --## Search -+### 2.3 Search - - If you need to search the index, this is the endpoint you would use. - --### Search -+#### Search - - `GET `{.descname}`/v1/search`{.descname} - : Search the Index given a search term. It accepts -@@ -515,11 +517,13 @@ If you need to search the index, this is the endpoint you would use. - - Query Parameters: - -- - **q** – what you want to search for -+   -+ -+ - **q** – what you want to search for - - Status Codes: - -- - **200** – no error -- - **500** – server error -+ - **200** – no error -+ - **500** – server error - - -diff --git a/docs/sources/reference/api/registry_api.md b/docs/sources/reference/api/registry_api.md -index e067586..f251169 100644 ---- a/docs/sources/reference/api/registry_api.md -+++ b/docs/sources/reference/api/registry_api.md -@@ -4,34 +4,34 @@ page_keywords: API, Docker, index, registry, REST, documentation - - # Docker Registry API - --## Introduction -+## 1. Brief introduction - --- This is the REST API for the Docker Registry --- It stores the images and the graph for a set of repositories --- It does not have user accounts data --- It has no notion of user accounts or authorization --- It delegates authentication and authorization to the Index Auth -+- This is the REST API for the Docker Registry -+- It stores the images and the graph for a set of repositories -+- It does not have user accounts data -+- It has no notion of user accounts or authorization -+- It delegates authentication and authorization to the Index Auth - service using tokens --- It supports different storage backends (S3, cloud files, local FS) --- It doesn’t have a local database --- It will be open-sourced at some point -+- It supports different storage backends (S3, cloud files, local FS) -+- It doesn’t have a local database -+- It will be open-sourced at some point - - We expect that there will be multiple registries out there. To help to - grasp the context, here are some examples of registries: - --- **sponsor registry**: such a registry is provided by a third-party -+- **sponsor registry**: such a registry is provided by a third-party - hosting infrastructure as a convenience for their customers and the - docker community as a whole. Its costs are supported by the third - party, but the management and operation of the registry are - supported by dotCloud. It features read/write access, and delegates - authentication and authorization to the Index. --- **mirror registry**: such a registry is provided by a third-party -+- **mirror registry**: such a registry is provided by a third-party - hosting infrastructure but is targeted at their customers only. Some - mechanism (unspecified to date) ensures that public images are - pulled from a sponsor registry to the mirror registry, to make sure - that the customers of the third-party provider can “docker pull” - those images locally. --- **vendor registry**: such a registry is provided by a software -+- **vendor registry**: such a registry is provided by a software - vendor, who wants to distribute docker images. It would be operated - and managed by the vendor. Only users authorized by the vendor would - be able to get write access. Some images would be public (accessible -@@ -41,7 +41,7 @@ grasp the context, here are some examples of registries: - basho/riak1.3” and automatically push from the vendor registry - (instead of a sponsor registry); i.e. get all the convenience of a - sponsor registry, while retaining control on the asset distribution. --- **private registry**: such a registry is located behind a firewall, -+- **private registry**: such a registry is located behind a firewall, - or protected by an additional security layer (HTTP authorization, - SSL client-side certificates, IP address authorization...). The - registry is operated by a private entity, outside of dotCloud’s -@@ -58,9 +58,9 @@ can be powered by a simple static HTTP server. - Note - - The latter implies that while HTTP is the protocol of choice for a registry, multiple schemes are possible (and in some cases, trivial): --: - HTTP with GET (and PUT for read-write registries); -- - local mount point; -- - remote docker addressed through SSH. -+: - HTTP with GET (and PUT for read-write registries); -+ - local mount point; -+ - remote docker addressed through SSH. - - The latter would only require two new commands in docker, e.g. - `registryget` and `registryput`{.docutils .literal}, -@@ -68,11 +68,11 @@ wrapping access to the local filesystem (and optionally doing - consistency checks). Authentication and authorization are then delegated - to SSH (e.g. with public keys). - --## Endpoints -+## 2. Endpoints - --### Images -+### 2.1 Images - --### Layer -+#### Layer - - `GET `{.descname}`/v1/images/`{.descname}(*image\_id*)`/layer`{.descname} - : get image layer for a given `image_id` -@@ -87,7 +87,7 @@ to SSH (e.g. with public keys). - - Parameters: - -- - **image\_id** – the id for the layer you want to get -+ - **image\_id** – the id for the layer you want to get - - **Example Response**: - -@@ -100,9 +100,9 @@ to SSH (e.g. with public keys). - - Status Codes: - -- - **200** – OK -- - **401** – Requires authorization -- - **404** – Image not found -+ - **200** – OK -+ - **401** – Requires authorization -+ - **404** – Image not found - - `PUT `{.descname}`/v1/images/`{.descname}(*image\_id*)`/layer`{.descname} - : put image layer for a given `image_id` -@@ -118,7 +118,7 @@ to SSH (e.g. with public keys). - - Parameters: - -- - **image\_id** – the id for the layer you want to get -+ - **image\_id** – the id for the layer you want to get - - **Example Response**: - -@@ -131,11 +131,11 @@ to SSH (e.g. with public keys). - - Status Codes: - -- - **200** – OK -- - **401** – Requires authorization -- - **404** – Image not found -+ - **200** – OK -+ - **401** – Requires authorization -+ - **404** – Image not found - --### Image -+#### Image - - `PUT `{.descname}`/v1/images/`{.descname}(*image\_id*)`/json`{.descname} - : put image for a given `image_id` -@@ -181,7 +181,7 @@ to SSH (e.g. with public keys). - - Parameters: - -- - **image\_id** – the id for the layer you want to get -+ - **image\_id** – the id for the layer you want to get - - **Example Response**: - -@@ -194,8 +194,8 @@ to SSH (e.g. with public keys). - - Status Codes: - -- - **200** – OK -- - **401** – Requires authorization -+ - **200** – OK -+ - **401** – Requires authorization - - `GET `{.descname}`/v1/images/`{.descname}(*image\_id*)`/json`{.descname} - : get image for a given `image_id` -@@ -210,7 +210,7 @@ to SSH (e.g. with public keys). - - Parameters: - -- - **image\_id** – the id for the layer you want to get -+ - **image\_id** – the id for the layer you want to get - - **Example Response**: - -@@ -254,11 +254,11 @@ to SSH (e.g. with public keys). - - Status Codes: - -- - **200** – OK -- - **401** – Requires authorization -- - **404** – Image not found -+ - **200** – OK -+ - **401** – Requires authorization -+ - **404** – Image not found - --### Ancestry -+#### Ancestry - - `GET `{.descname}`/v1/images/`{.descname}(*image\_id*)`/ancestry`{.descname} - : get ancestry for an image given an `image_id` -@@ -273,7 +273,7 @@ to SSH (e.g. with public keys). - - Parameters: - -- - **image\_id** – the id for the layer you want to get -+ - **image\_id** – the id for the layer you want to get - - **Example Response**: - -@@ -289,11 +289,11 @@ to SSH (e.g. with public keys). - - Status Codes: - -- - **200** – OK -- - **401** – Requires authorization -- - **404** – Image not found -+ - **200** – OK -+ - **401** – Requires authorization -+ - **404** – Image not found - --### Tags -+### 2.2 Tags - - `GET `{.descname}`/v1/repositories/`{.descname}(*namespace*)`/`{.descname}(*repository*)`/tags`{.descname} - : get all of the tags for the given repo. -@@ -309,8 +309,8 @@ to SSH (e.g. with public keys). - - Parameters: - -- - **namespace** – namespace for the repo -- - **repository** – name for the repo -+ - **namespace** – namespace for the repo -+ - **repository** – name for the repo - - **Example Response**: - -@@ -326,9 +326,9 @@ to SSH (e.g. with public keys). - - Status Codes: - -- - **200** – OK -- - **401** – Requires authorization -- - **404** – Repository not found -+ - **200** – OK -+ - **401** – Requires authorization -+ - **404** – Repository not found - - `GET `{.descname}`/v1/repositories/`{.descname}(*namespace*)`/`{.descname}(*repository*)`/tags/`{.descname}(*tag*) - : get a tag for the given repo. -@@ -344,9 +344,9 @@ to SSH (e.g. with public keys). - - Parameters: - -- - **namespace** – namespace for the repo -- - **repository** – name for the repo -- - **tag** – name of tag you want to get -+ - **namespace** – namespace for the repo -+ - **repository** – name for the repo -+ - **tag** – name of tag you want to get - - **Example Response**: - -@@ -359,9 +359,9 @@ to SSH (e.g. with public keys). - - Status Codes: - -- - **200** – OK -- - **401** – Requires authorization -- - **404** – Tag not found -+ - **200** – OK -+ - **401** – Requires authorization -+ - **404** – Tag not found - - `DELETE `{.descname}`/v1/repositories/`{.descname}(*namespace*)`/`{.descname}(*repository*)`/tags/`{.descname}(*tag*) - : delete the tag for the repo -@@ -376,9 +376,9 @@ to SSH (e.g. with public keys). - - Parameters: - -- - **namespace** – namespace for the repo -- - **repository** – name for the repo -- - **tag** – name of tag you want to delete -+ - **namespace** – namespace for the repo -+ - **repository** – name for the repo -+ - **tag** – name of tag you want to delete - - **Example Response**: - -@@ -391,9 +391,9 @@ to SSH (e.g. with public keys). - - Status Codes: - -- - **200** – OK -- - **401** – Requires authorization -- - **404** – Tag not found -+ - **200** – OK -+ - **401** – Requires authorization -+ - **404** – Tag not found - - `PUT `{.descname}`/v1/repositories/`{.descname}(*namespace*)`/`{.descname}(*repository*)`/tags/`{.descname}(*tag*) - : put a tag for the given repo. -@@ -410,9 +410,9 @@ to SSH (e.g. with public keys). - - Parameters: - -- - **namespace** – namespace for the repo -- - **repository** – name for the repo -- - **tag** – name of tag you want to add -+ - **namespace** – namespace for the repo -+ - **repository** – name for the repo -+ - **tag** – name of tag you want to add - - **Example Response**: - -@@ -425,12 +425,12 @@ to SSH (e.g. with public keys). - - Status Codes: - -- - **200** – OK -- - **400** – Invalid data -- - **401** – Requires authorization -- - **404** – Image not found -+ - **200** – OK -+ - **400** – Invalid data -+ - **401** – Requires authorization -+ - **404** – Image not found - --### Repositories -+### 2.3 Repositories - - `DELETE `{.descname}`/v1/repositories/`{.descname}(*namespace*)`/`{.descname}(*repository*)`/`{.descname} - : delete a repository -@@ -447,8 +447,8 @@ to SSH (e.g. with public keys). - - Parameters: - -- - **namespace** – namespace for the repo -- - **repository** – name for the repo -+ - **namespace** – namespace for the repo -+ - **repository** – name for the repo - - **Example Response**: - -@@ -461,11 +461,11 @@ to SSH (e.g. with public keys). - - Status Codes: - -- - **200** – OK -- - **401** – Requires authorization -- - **404** – Repository not found -+ - **200** – OK -+ - **401** – Requires authorization -+ - **404** – Repository not found - --### Status -+### 2.4 Status - - `GET `{.descname}`/v1/_ping`{.descname} - : Check status of the registry. This endpoint is also used to -@@ -491,9 +491,9 @@ to SSH (e.g. with public keys). - - Status Codes: - -- - **200** – OK -+ - **200** – OK - --## Authorization -+## 3 Authorization - - This is where we describe the authorization process, including the - tokens and cookies. -diff --git a/docs/sources/reference/api/registry_index_spec.md b/docs/sources/reference/api/registry_index_spec.md -index dc0dd80..281fe07 100644 ---- a/docs/sources/reference/api/registry_index_spec.md -+++ b/docs/sources/reference/api/registry_index_spec.md -@@ -4,55 +4,55 @@ page_keywords: docker, registry, api, index - - # Registry & Index Spec - --## The 3 roles -+## 1. The 3 roles - --### Index -+### 1.1 Index - - The Index is responsible for centralizing information about: - --- User accounts --- Checksums of the images --- Public namespaces -+- User accounts -+- Checksums of the images -+- Public namespaces - - The Index has different components: - --- Web UI --- Meta-data store (comments, stars, list public repositories) --- Authentication service --- Tokenization -+- Web UI -+- Meta-data store (comments, stars, list public repositories) -+- Authentication service -+- Tokenization - - The index is authoritative for those information. - - We expect that there will be only one instance of the index, run and - managed by Docker Inc. - --### Registry -+### 1.2 Registry - --- It stores the images and the graph for a set of repositories --- It does not have user accounts data --- It has no notion of user accounts or authorization --- It delegates authentication and authorization to the Index Auth -+- It stores the images and the graph for a set of repositories -+- It does not have user accounts data -+- It has no notion of user accounts or authorization -+- It delegates authentication and authorization to the Index Auth - service using tokens --- It supports different storage backends (S3, cloud files, local FS) --- It doesn’t have a local database --- [Source Code](https://github.com/dotcloud/docker-registry) -+- It supports different storage backends (S3, cloud files, local FS) -+- It doesn’t have a local database -+- [Source Code](https://github.com/dotcloud/docker-registry) - - We expect that there will be multiple registries out there. To help to - grasp the context, here are some examples of registries: - --- **sponsor registry**: such a registry is provided by a third-party -+- **sponsor registry**: such a registry is provided by a third-party - hosting infrastructure as a convenience for their customers and the - docker community as a whole. Its costs are supported by the third - party, but the management and operation of the registry are - supported by dotCloud. It features read/write access, and delegates - authentication and authorization to the Index. --- **mirror registry**: such a registry is provided by a third-party -+- **mirror registry**: such a registry is provided by a third-party - hosting infrastructure but is targeted at their customers only. Some - mechanism (unspecified to date) ensures that public images are - pulled from a sponsor registry to the mirror registry, to make sure - that the customers of the third-party provider can “docker pull” - those images locally. --- **vendor registry**: such a registry is provided by a software -+- **vendor registry**: such a registry is provided by a software - vendor, who wants to distribute docker images. It would be operated - and managed by the vendor. Only users authorized by the vendor would - be able to get write access. Some images would be public (accessible -@@ -62,20 +62,19 @@ grasp the context, here are some examples of registries: - basho/riak1.3” and automatically push from the vendor registry - (instead of a sponsor registry); i.e. get all the convenience of a - sponsor registry, while retaining control on the asset distribution. --- **private registry**: such a registry is located behind a firewall, -+- **private registry**: such a registry is located behind a firewall, - or protected by an additional security layer (HTTP authorization, - SSL client-side certificates, IP address authorization...). The - registry is operated by a private entity, outside of dotCloud’s - control. It can optionally delegate additional authorization to the - Index, but it is not mandatory. - --> **Note:** The latter implies that while HTTP is the protocol --> of choice for a registry, multiple schemes are possible (and --> in some cases, trivial): --> --> - HTTP with GET (and PUT for read-write registries); --> - local mount point; --> - remote docker addressed through SSH. -+Note -+ -+The latter implies that while HTTP is the protocol of choice for a registry, multiple schemes are possible (and in some cases, trivial): -+: - HTTP with GET (and PUT for read-write registries); -+ - local mount point; -+ - remote docker addressed through SSH. - - The latter would only require two new commands in docker, e.g. - `registryget` and `registryput`{.docutils .literal}, -@@ -83,17 +82,17 @@ wrapping access to the local filesystem (and optionally doing - consistency checks). Authentication and authorization are then delegated - to SSH (e.g. with public keys). - --### Docker -+### 1.3 Docker - - On top of being a runtime for LXC, Docker is the Registry client. It - supports: - --- Push / Pull on the registry --- Client authentication on the Index -+- Push / Pull on the registry -+- Client authentication on the Index - --## Workflow -+## 2. Workflow - --### Pull -+### 2.1 Pull - - ![](../../../_images/docker_pull_chart.png) - -@@ -147,9 +146,9 @@ and for an active account. - 2. (Index -\> Docker) HTTP 200 OK - - > **Headers**: -- > : - Authorization: Token -+ > : - Authorization: Token - > signature=123abc,repository=”foo/bar”,access=write -- > - X-Docker-Endpoints: registry.docker.io [, -+ > - X-Docker-Endpoints: registry.docker.io [, - > registry2.docker.io] - > - > **Body**: -@@ -188,7 +187,7 @@ Note - If someone makes a second request, then we will always give a new token, - never reuse tokens. - --### Push -+### 2.2 Push - - ![](../../../_images/docker_push_chart.png) - -@@ -204,15 +203,17 @@ never reuse tokens. - pushed by docker and store the repository (with its images) - 6. docker contacts the index to give checksums for upload images - --> **Note:** --> **It’s possible not to use the Index at all!** In this case, a deployed --> version of the Registry is deployed to store and serve images. Those --> images are not authenticated and the security is not guaranteed. -+Note -+ -+**It’s possible not to use the Index at all!** In this case, a deployed -+version of the Registry is deployed to store and serve images. Those -+images are not authenticated and the security is not guaranteed. -+ -+Note - --> **Note:** --> **Index can be replaced!** For a private Registry deployed, a custom --> Index can be used to serve and validate token according to different --> policies. -+**Index can be replaced!** For a private Registry deployed, a custom -+Index can be used to serve and validate token according to different -+policies. - - Docker computes the checksums and submit them to the Index at the end of - the push. When a repository name does not have checksums on the Index, -@@ -227,7 +228,7 @@ the end). - true - - **Action**:: -- : - in index, we allocated a new repository, and set to -+ : - in index, we allocated a new repository, and set to - initialized - - **Body**:: -@@ -239,9 +240,9 @@ the end). - - 2. (Index -\> Docker) 200 Created - : **Headers**: -- : - WWW-Authenticate: Token -+ : - WWW-Authenticate: Token - signature=123abc,repository=”foo/bar”,access=write -- - X-Docker-Endpoints: registry.docker.io [, -+ - X-Docker-Endpoints: registry.docker.io [, - registry2.docker.io] - - 3. (Docker -\> Registry) PUT /v1/images/98765432\_parent/json -@@ -255,18 +256,18 @@ the end). - signature=123abc,repository=”foo/bar”,access=write - - **Action**:: -- : - Index: -+ : - Index: - : will invalidate the token. - -- - Registry: -+ - Registry: - : grants a session (if token is approved) and fetches - the images id - - 5. (Docker -\> Registry) PUT /v1/images/98765432\_parent/json - : **Headers**:: -- : - Authorization: Token -+ : - Authorization: Token - signature=123abc,repository=”foo/bar”,access=write -- - Cookie: (Cookie provided by the Registry) -+ - Cookie: (Cookie provided by the Registry) - - 6. (Docker -\> Registry) PUT /v1/images/98765432/json - : **Headers**: -@@ -303,17 +304,19 @@ the end). - - **Return** HTTP 204 - --> **Note:** If push fails and they need to start again, what happens in the index, --> there will already be a record for the namespace/name, but it will be --> initialized. Should we allow it, or mark as name already used? One edge --> case could be if someone pushes the same thing at the same time with two --> different shells. -+Note -+ -+If push fails and they need to start again, what happens in the index, -+there will already be a record for the namespace/name, but it will be -+initialized. Should we allow it, or mark as name already used? One edge -+case could be if someone pushes the same thing at the same time with two -+different shells. - - If it’s a retry on the Registry, Docker has a cookie (provided by the - registry after token validation). So the Index won’t have to provide a - new token. - --### Delete -+### 2.3 Delete - - If you need to delete something from the index or registry, we need a - nice clean way to do that. Here is the workflow. -@@ -333,9 +336,11 @@ nice clean way to do that. Here is the workflow. - 6. docker contacts the index to let it know it was removed from the - registry, the index removes all records from the database. - --> **Note:** The Docker client should present an “Are you sure?” prompt to confirm --> the deletion before starting the process. Once it starts it can’t be --> undone. -+Note -+ -+The Docker client should present an “Are you sure?” prompt to confirm -+the deletion before starting the process. Once it starts it can’t be -+undone. - - #### API (deleting repository foo/bar): - -@@ -345,7 +350,7 @@ nice clean way to do that. Here is the workflow. - true - - **Action**:: -- : - in index, we make sure it is a valid repository, and set -+ : - in index, we make sure it is a valid repository, and set - to deleted (logically) - - **Body**:: -@@ -353,9 +358,9 @@ nice clean way to do that. Here is the workflow. - - 2. (Index -\> Docker) 202 Accepted - : **Headers**: -- : - WWW-Authenticate: Token -+ : - WWW-Authenticate: Token - signature=123abc,repository=”foo/bar”,access=delete -- - X-Docker-Endpoints: registry.docker.io [, -+ - X-Docker-Endpoints: registry.docker.io [, - registry2.docker.io] \# list of endpoints where this - repo lives. - -@@ -370,10 +375,10 @@ nice clean way to do that. Here is the workflow. - signature=123abc,repository=”foo/bar”,access=delete - - **Action**:: -- : - Index: -+ : - Index: - : will invalidate the token. - -- - Registry: -+ - Registry: - : deletes the repository (if token is approved) - - 5. (Registry -\> Docker) 200 OK -@@ -391,20 +396,20 @@ nice clean way to do that. Here is the workflow. - > - > **Return** HTTP 200 - --## How to use the Registry in standalone mode -+## 3. How to use the Registry in standalone mode - - The Index has two main purposes (along with its fancy social features): - --- Resolve short names (to avoid passing absolute URLs all the time) -- : - username/projectname -\> -+- Resolve short names (to avoid passing absolute URLs all the time) -+ : - username/projectname -\> - https://registry.docker.io/users/\/repositories/\/ -- - team/projectname -\> -+ - team/projectname -\> - https://registry.docker.io/team/\/repositories/\/ - --- Authenticate a user as a repos owner (for a central referenced -+- Authenticate a user as a repos owner (for a central referenced - repository) - --### Without an Index -+### 3.1 Without an Index - - Using the Registry without the Index can be useful to store the images - on a private network without having to rely on an external entity -@@ -425,12 +430,12 @@ As hinted previously, a standalone registry can also be implemented by - any HTTP server handling GET/PUT requests (or even only GET requests if - no write access is necessary). - --### With an Index -+### 3.2 With an Index - - The Index data needed by the Registry are simple: - --- Serve the checksums --- Provide and authorize a Token -+- Serve the checksums -+- Provide and authorize a Token - - In the scenario of a Registry running on a private network with the need - of centralizing and authorizing, it’s easy to use a custom Index. -@@ -441,12 +446,12 @@ specific Index, it’ll be the private entity responsibility (basically - the organization who uses Docker in a private environment) to maintain - the Index and the Docker’s configuration among its consumers. - --## The API -+## 4. The API - - The first version of the api is available here: - [https://github.com/jpetazzo/docker/blob/acd51ecea8f5d3c02b00a08176171c59442df8b3/docs/images-repositories-push-pull.md](https://github.com/jpetazzo/docker/blob/acd51ecea8f5d3c02b00a08176171c59442df8b3/docs/images-repositories-push-pull.md) - --### Images -+### 4.1 Images - - The format returned in the images is not defined here (for layer and - JSON), basically because Registry stores exactly the same kind of -@@ -464,9 +469,9 @@ file is empty. - GET /v1/images//ancestry - PUT /v1/images//ancestry - --### Users -+### 4.2 Users - --### Create a user (Index) -+#### 4.2.1 Create a user (Index) - - POST /v1/users - -@@ -474,9 +479,9 @@ POST /v1/users - : {“email”: “[sam@dotcloud.com](mailto:sam%40dotcloud.com)”, - “password”: “toto42”, “username”: “foobar”’} - **Validation**: --: - **username**: min 4 character, max 30 characters, must match the -+: - **username**: min 4 character, max 30 characters, must match the - regular expression [a-z0-9\_]. -- - **password**: min 5 characters -+ - **password**: min 5 characters - - **Valid**: return HTTP 200 - -@@ -489,7 +494,7 @@ Note - A user account will be valid only if the email has been validated (a - validation link is sent to the email address). - --### Update a user (Index) -+#### 4.2.2 Update a user (Index) - - PUT /v1/users/\ - -@@ -501,7 +506,7 @@ Note - We can also update email address, if they do, they will need to reverify - their new email address. - --### Login (Index) -+#### 4.2.3 Login (Index) - - Does nothing else but asking for a user authentication. Can be used to - validate credentials. HTTP Basic Auth for now, maybe change in future. -@@ -509,11 +514,11 @@ validate credentials. HTTP Basic Auth for now, maybe change in future. - GET /v1/users - - **Return**: --: - Valid: HTTP 200 -- - Invalid login: HTTP 401 -- - Account inactive: HTTP 403 Account is not Active -+: - Valid: HTTP 200 -+ - Invalid login: HTTP 401 -+ - Account inactive: HTTP 403 Account is not Active - --### Tags (Registry) -+### 4.3 Tags (Registry) - - The Registry does not know anything about users. Even though - repositories are under usernames, it’s just a namespace for the -@@ -522,11 +527,11 @@ per user later, without modifying the Registry’s API. - - The following naming restrictions apply: - --- Namespaces must match the same regular expression as usernames (See -+- Namespaces must match the same regular expression as usernames (See - 4.2.1.) --- Repository names must match the regular expression [a-zA-Z0-9-\_.] -+- Repository names must match the regular expression [a-zA-Z0-9-\_.] - --### Get all tags: -+#### 4.3.1 Get all tags - - GET /v1/repositories/\/\/tags - -@@ -536,25 +541,25 @@ GET /v1/repositories/\/\/tags - “0.1.1”: - “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087” } - --### Read the content of a tag (resolve the image id): -+#### 4.3.2 Read the content of a tag (resolve the image id) - - GET /v1/repositories/\/\/tags/\ - - **Return**: - : “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f” - --### Delete a tag (registry): -+#### 4.3.3 Delete a tag (registry) - - DELETE /v1/repositories/\/\/tags/\ - --## Images (Index) -+### 4.4 Images (Index) - - For the Index to “resolve” the repository name to a Registry location, - it uses the X-Docker-Endpoints header. In other terms, this requests - always add a `X-Docker-Endpoints` to indicate the - location of the registry which hosts this repository. - --### Get the images: -+#### 4.4.1 Get the images - - GET /v1/repositories/\/\/images - -@@ -562,9 +567,9 @@ GET /v1/repositories/\/\/images - : [{“id”: - “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”, - “checksum”: -- “[md5:b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087](md5:b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087)”}] -+ “”}] - --### Add/update the images: -+#### 4.4.2 Add/update the images - - You always add images, you never remove them. - -@@ -579,15 +584,15 @@ PUT /v1/repositories/\/\/images - - **Return** 204 - --### Repositories -+### 4.5 Repositories - --### Remove a Repository (Registry) -+#### 4.5.1 Remove a Repository (Registry) - - DELETE /v1/repositories/\/\ - - Return 200 OK - --### Remove a Repository (Index) -+#### 4.5.2 Remove a Repository (Index) - - This starts the delete process. see 2.3 for more details. - -@@ -595,12 +600,12 @@ DELETE /v1/repositories/\/\ - - Return 202 OK - --## Chaining Registries -+## 5. Chaining Registries - - It’s possible to chain Registries server for several reasons: - --- Load balancing --- Delegate the next request to another server -+- Load balancing -+- Delegate the next request to another server - - When a Registry is a reference for a repository, it should host the - entire images chain in order to avoid breaking the chain during the -@@ -618,9 +623,9 @@ On every request, a special header can be returned: - On the next request, the client will always pick a server from this - list. - --## Authentication & Authorization -+## 6. Authentication & Authorization - --### On the Index -+### 6.1 On the Index - - The Index supports both “Basic” and “Token” challenges. Usually when - there is a `401 Unauthorized`, the Index replies -@@ -634,16 +639,16 @@ You have 3 options: - 1. Provide user credentials and ask for a token - - > **Header**: -- > : - Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== -- > - X-Docker-Token: true -+ > : - Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== -+ > - X-Docker-Token: true - > - > In this case, along with the 200 response, you’ll get a new token - > (if user auth is ok): If authorization isn’t correct you get a 401 - > response. If account isn’t active you will get a 403 response. - > - > **Response**: -- > : - 200 OK -- > - X-Docker-Token: Token -+ > : - 200 OK -+ > - X-Docker-Token: Token - > signature=123abc,repository=”foo/bar”,access=read - > - 2. Provide user credentials only -@@ -681,9 +686,9 @@ Next request: - GET /(...) - Cookie: session="wD/J7LqL5ctqw8haL10vgfhrb2Q=?foo=UydiYXInCnAxCi4=×tamp=RjEzNjYzMTQ5NDcuNDc0NjQzCi4=" - --## Document Version -+## 7 Document Version - --- 1.0 : May 6th 2013 : initial release --- 1.1 : June 1st 2013 : Added Delete Repository and way to handle new -+- 1.0 : May 6th 2013 : initial release -+- 1.1 : June 1st 2013 : Added Delete Repository and way to handle new - source namespace. - -diff --git a/docs/sources/reference/api/remote_api_client_libraries.md b/docs/sources/reference/api/remote_api_client_libraries.md -index 0392da3..4991924 100644 ---- a/docs/sources/reference/api/remote_api_client_libraries.md -+++ b/docs/sources/reference/api/remote_api_client_libraries.md -@@ -4,115 +4,82 @@ page_keywords: API, Docker, index, registry, REST, documentation, clients, Pytho - - # Docker Remote API Client Libraries - --## Introduction -- - These libraries have not been tested by the Docker Maintainers for - compatibility. Please file issues with the library owners. If you find - more library implementations, please list them in Docker doc bugs and we - will add the libraries here. - --Language/Framework -- --Name -- --Repository -- --Status -- --Python -- --docker-py -- --[https://github.com/dotcloud/docker-py](https://github.com/dotcloud/docker-py) -- --Active -- --Ruby -- --docker-client -- --[https://github.com/geku/docker-client](https://github.com/geku/docker-client) -- --Outdated -- --Ruby -- --docker-api -- --[https://github.com/swipely/docker-api](https://github.com/swipely/docker-api) -- --Active -- --JavaScript (NodeJS) -- --dockerode -- --[https://github.com/apocas/dockerode](https://github.com/apocas/dockerode) --Install via NPM: npm install dockerode -- --Active -- --JavaScript (NodeJS) -- --docker.io -- --[https://github.com/appersonlabs/docker.io](https://github.com/appersonlabs/docker.io) --Install via NPM: npm install docker.io -- --Active -- --JavaScript -- --docker-js -- --[https://github.com/dgoujard/docker-js](https://github.com/dgoujard/docker-js) -- --Active -- --JavaScript (Angular) **WebUI** -- --docker-cp -- --[https://github.com/13W/docker-cp](https://github.com/13W/docker-cp) -- --Active -- --JavaScript (Angular) **WebUI** -- --dockerui -- --[https://github.com/crosbymichael/dockerui](https://github.com/crosbymichael/dockerui) -+ ------------------------------------------------------------------------- -+ Language/Framewor Name Repository Status -+ k -+ ----------------- ------------ ---------------------------------- ------- -+ Python docker-py [https://github.com/dotcloud/docke Active -+ r-py](https://github.com/dotcloud/ -+ docker-py) - --Active -+ Ruby docker-clien [https://github.com/geku/docker-cl Outdate -+ t ient](https://github.com/geku/dock d -+ er-client) - --Java -+ Ruby docker-api [https://github.com/swipely/docker Active -+ -api](https://github.com/swipely/d -+ ocker-api) - --docker-java -+ JavaScript dockerode [https://github.com/apocas/dockero Active -+ (NodeJS) de](https://github.com/apocas/dock -+ erode) -+ Install via NPM: npm install -+ dockerode - --[https://github.com/kpelykh/docker-java](https://github.com/kpelykh/docker-java) -+ JavaScript docker.io [https://github.com/appersonlabs/d Active -+ (NodeJS) ocker.io](https://github.com/apper -+ sonlabs/docker.io) -+ Install via NPM: npm install -+ docker.io - --Active -+ JavaScript docker-js [https://github.com/dgoujard/docke Outdate -+ r-js](https://github.com/dgoujard/ d -+ docker-js) - --Erlang -+ JavaScript docker-cp [https://github.com/13W/docker-cp] Active -+ (Angular) (https://github.com/13W/docker-cp) -+ **WebUI** - --erldocker -+ JavaScript dockerui [https://github.com/crosbymichael/ Active -+ (Angular) dockerui](https://github.com/crosb -+ **WebUI** ymichael/dockerui) - --[https://github.com/proger/erldocker](https://github.com/proger/erldocker) -+ Java docker-java [https://github.com/kpelykh/docker Active -+ -java](https://github.com/kpelykh/ -+ docker-java) - --Active -+ Erlang erldocker [https://github.com/proger/erldock Active -+ er](https://github.com/proger/erld -+ ocker) - --Go -+ Go go-dockercli [https://github.com/fsouza/go-dock Active -+ ent erclient](https://github.com/fsouz -+ a/go-dockerclient) - --go-dockerclient -+ Go dockerclient [https://github.com/samalba/docker Active -+ client](https://github.com/samalba -+ /dockerclient) - --[https://github.com/fsouza/go-dockerclient](https://github.com/fsouza/go-dockerclient) -+ PHP Alvine [http://pear.alvine.io/](http://pe Active -+ ar.alvine.io/) -+ (alpha) - --Active -+ PHP Docker-PHP [http://stage1.github.io/docker-ph Active -+ p/](http://stage1.github.io/docker -+ -php/) - --PHP -+ Perl Net::Docker [https://metacpan.org/pod/Net::Doc Active -+ ker](https://metacpan.org/pod/Net: -+ :Docker) - --Alvine -+ Perl Eixo::Docker [https://github.com/alambike/eixo- Active -+ docker](https://github.com/alambik -+ e/eixo-docker) -+ ------------------------------------------------------------------------- - --[http://pear.alvine.io/](http://pear.alvine.io/) (alpha) - --Active -diff --git a/docs/sources/reference/commandline.md b/docs/sources/reference/commandline.md -index 6f7a779..b2fb7e0 100644 ---- a/docs/sources/reference/commandline.md -+++ b/docs/sources/reference/commandline.md -@@ -1,7 +1,7 @@ - - # Commands - --## Contents: -+Contents: - - - [Command Line Help](cli/) - - [Options](cli/#options) -diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md -index 9d825ce..3deac40 100644 ---- a/docs/sources/reference/run.md -+++ b/docs/sources/reference/run.md -@@ -2,7 +2,7 @@ page_title: Docker Run Reference - page_description: Configure containers at runtime - page_keywords: docker, run, configure, runtime - --# Docker Run Reference -+# [Docker Run Reference](#id2) - - **Docker runs processes in isolated containers**. When an operator - executes `docker run`, she starts a process with its -@@ -25,7 +25,7 @@ Table of Contents - - [Overriding `Dockerfile` Image - Defaults](#overriding-dockerfile-image-defaults) - --## General Form -+## [General Form](#id3) - - As you’ve seen in the [*Examples*](../../examples/#example-list), the - basic run command takes this form: -@@ -52,7 +52,7 @@ control over runtime behavior to the operator, allowing them to override - all defaults set by the developer during `docker build`{.docutils - .literal} and nearly all the defaults set by the Docker runtime itself. - --## Operator Exclusive Options -+## [Operator Exclusive Options](#id4) - - Only the operator (the person executing `docker run`{.docutils - .literal}) can set the following options. -@@ -60,19 +60,17 @@ Only the operator (the person executing `docker run`{.docutils - - [Detached vs Foreground](#detached-vs-foreground) - - [Detached (-d)](#detached-d) - - [Foreground](#foreground) -- - - [Container Identification](#container-identification) -- - [Name (-name)](#name-name) -+ - [Name (–name)](#name-name) - - [PID Equivalent](#pid-equivalent) -- - - [Network Settings](#network-settings) --- [Clean Up (-rm)](#clean-up-rm) -+- [Clean Up (–rm)](#clean-up-rm) - - [Runtime Constraints on CPU and - Memory](#runtime-constraints-on-cpu-and-memory) - - [Runtime Privilege and LXC - Configuration](#runtime-privilege-and-lxc-configuration) - --### Detached vs Foreground -+### [Detached vs Foreground](#id6) - - When starting a Docker container, you must first decide if you want to - run the container in the background in a “detached” mode or in the -@@ -80,7 +78,7 @@ default foreground mode: - - -d=false: Detached mode: Run container in the background, print new container id - --**Detached (-d)** -+#### [Detached (-d)](#id7) - - In detached mode (`-d=true` or just `-d`{.docutils - .literal}), all I/O should be done through network connections or shared -@@ -88,10 +86,10 @@ volumes because the container is no longer listening to the commandline - where you executed `docker run`. You can reattach to - a detached container with `docker` - [*attach*](../commandline/cli/#cli-attach). If you choose to run a --container in the detached mode, then you cannot use the `-rm`{.docutils -+container in the detached mode, then you cannot use the `--rm`{.docutils - .literal} option. - --**Foreground** -+#### [Foreground](#id8) - - In foreground mode (the default when `-d` is not - specified), `docker run` can start the process in -@@ -100,10 +98,10 @@ output, and standard error. It can even pretend to be a TTY (this is - what most commandline executables expect) and pass along signals. All of - that is configurable: - -- -a=[] : Attach to ``stdin``, ``stdout`` and/or ``stderr`` -- -t=false : Allocate a pseudo-tty -- -sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) -- -i=false : Keep STDIN open even if not attached -+ -a=[] : Attach to ``stdin``, ``stdout`` and/or ``stderr`` -+ -t=false : Allocate a pseudo-tty -+ --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) -+ -i=false : Keep STDIN open even if not attached - - If you do not specify `-a` then Docker will [attach - everything -@@ -119,9 +117,9 @@ as well as persistent standard input (`stdin`), so - you’ll use `-i -t` together in most interactive - cases. - --### Container Identification -+### [Container Identification](#id9) - --**Name (-name)** -+#### [Name (–name)](#id10) - - The operator can identify a container in three ways: - -@@ -131,27 +129,27 @@ The operator can identify a container in three ways: - - Name (“evil\_ptolemy”) - - The UUID identifiers come from the Docker daemon, and if you do not --assign a name to the container with `-name` then the --daemon will also generate a random string name too. The name can become --a handy way to add meaning to a container since you can use this name --when defining -+assign a name to the container with `--name` then -+the daemon will also generate a random string name too. The name can -+become a handy way to add meaning to a container since you can use this -+name when defining - [*links*](../../use/working_with_links_names/#working-with-links-names) - (or any other place you need to identify a container). This works for - both background and foreground Docker containers. - --**PID Equivalent** -+#### [PID Equivalent](#id11) - - And finally, to help with automation, you can have Docker write the - container ID out to a file of your choosing. This is similar to how some - programs might write out their process ID to a file (you’ve seen them as - PID files): - -- -cidfile="": Write the container ID to the file -+ --cidfile="": Write the container ID to the file - --### Network Settings -+### [Network Settings](#id12) - - -n=true : Enable networking for this container -- -dns=[] : Set custom dns servers for the container -+ --dns=[] : Set custom dns servers for the container - - By default, all containers have networking enabled and they can make any - outgoing connections. The operator can completely disable networking -@@ -160,9 +158,9 @@ outgoing networking. In cases like this, you would perform I/O through - files or STDIN/STDOUT only. - - Your container will use the same DNS servers as the host by default, but --you can override this with `-dns`. -+you can override this with `--dns`. - --### Clean Up (-rm) -+### [Clean Up (–rm)](#id13) - - By default a container’s file system persists even after the container - exits. This makes debugging a lot easier (since you can inspect the -@@ -170,11 +168,11 @@ final state) and you retain all your data by default. But if you are - running short-term **foreground** processes, these container file - systems can really pile up. If instead you’d like Docker to - **automatically clean up the container and remove the file system when --the container exits**, you can add the `-rm` flag: -+the container exits**, you can add the `--rm` flag: - -- -rm=false: Automatically remove the container when it exits (incompatible with -d) -+ --rm=false: Automatically remove the container when it exits (incompatible with -d) - --### Runtime Constraints on CPU and Memory -+### [Runtime Constraints on CPU and Memory](#id14) - - The operator can also adjust the performance parameters of the - container: -@@ -193,10 +191,10 @@ the same priority and get the same proportion of CPU cycles, but you can - tell the kernel to give more shares of CPU time to one or more - containers when you start them via Docker. - --### Runtime Privilege and LXC Configuration -+### [Runtime Privilege and LXC Configuration](#id15) - -- -privileged=false: Give extended privileges to this container -- -lxc-conf=[]: Add custom lxc options -lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" -+ --privileged=false: Give extended privileges to this container -+ --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" - - By default, Docker containers are “unprivileged” and cannot, for - example, run a Docker daemon inside a Docker container. This is because -@@ -206,23 +204,26 @@ by default a container is not allowed to access any devices, but a - and documentation on [cgroups - devices](https://www.kernel.org/doc/Documentation/cgroups/devices.txt)). - --When the operator executes `docker run -privileged`, --Docker will enable to access to all devices on the host as well as set --some configuration in AppArmor to allow the container nearly all the --same access to the host as processes running outside containers on the --host. Additional information about running with `-privileged`{.docutils --.literal} is available on the [Docker -+When the operator executes `docker run --privileged`{.docutils -+.literal}, Docker will enable to access to all devices on the host as -+well as set some configuration in AppArmor to allow the container nearly -+all the same access to the host as processes running outside containers -+on the host. Additional information about running with -+`--privileged` is available on the [Docker - Blog](http://blog.docker.io/2013/09/docker-can-now-run-within-docker/). - --An operator can also specify LXC options using one or more --`-lxc-conf` parameters. These can be new parameters -+If the Docker daemon was started using the `lxc` -+exec-driver (`docker -d --exec-driver=lxc`) then the -+operator can also specify LXC options using one or more -+`--lxc-conf` parameters. These can be new parameters - or override existing parameters from the - [lxc-template.go](https://github.com/dotcloud/docker/blob/master/execdriver/lxc/lxc_template.go). - Note that in the future, a given host’s Docker daemon may not use LXC, - so this is an implementation-specific configuration meant for operators - already familiar with using LXC directly. - --## Overriding `Dockerfile` Image Defaults -+## [Overriding `Dockerfile` Image Defaults](#id5) -+ - When a developer builds an image from a - [*Dockerfile*](../builder/#dockerbuilder) or when she commits it, the - developer can set a number of default parameters that take effect when -@@ -244,7 +245,7 @@ how the operator can override that setting. - - [USER](#user) - - [WORKDIR](#workdir) - --### CMD (Default Command or Options) -+### [CMD (Default Command or Options)](#id16) - - Recall the optional `COMMAND` in the Docker - commandline: -@@ -262,9 +263,9 @@ If the image also specifies an `ENTRYPOINT` then the - `CMD` or `COMMAND`{.docutils .literal} get appended - as arguments to the `ENTRYPOINT`. - --### ENTRYPOINT (Default Command to Execute at Runtime -+### [ENTRYPOINT (Default Command to Execute at Runtime](#id17) - -- -entrypoint="": Overwrite the default entrypoint set by the image -+ --entrypoint="": Overwrite the default entrypoint set by the image - - The ENTRYPOINT of an image is similar to a `COMMAND` - because it specifies what executable to run when the container starts, -@@ -280,14 +281,14 @@ the new `ENTRYPOINT`. Here is an example of how to - run a shell in a container that has been set up to automatically run - something else (like `/usr/bin/redis-server`): - -- docker run -i -t -entrypoint /bin/bash example/redis -+ docker run -i -t --entrypoint /bin/bash example/redis - - or two examples of how to pass more parameters to that ENTRYPOINT: - -- docker run -i -t -entrypoint /bin/bash example/redis -c ls -l -- docker run -i -t -entrypoint /usr/bin/redis-cli example/redis --help -+ docker run -i -t --entrypoint /bin/bash example/redis -c ls -l -+ docker run -i -t --entrypoint /usr/bin/redis-cli example/redis --help - --### EXPOSE (Incoming Ports) -+### [EXPOSE (Incoming Ports)](#id18) - - The `Dockerfile` doesn’t give much control over - networking, only providing the `EXPOSE` instruction -@@ -295,17 +296,17 @@ to give a hint to the operator about what incoming ports might provide - services. The following options work with or override the - `Dockerfile`‘s exposed defaults: - -- -expose=[]: Expose a port from the container -+ --expose=[]: Expose a port from the container - without publishing it to your host -- -P=false : Publish all exposed ports to the host interfaces -- -p=[] : Publish a container's port to the host (format: -- ip:hostPort:containerPort | ip::containerPort | -- hostPort:containerPort) -- (use 'docker port' to see the actual mapping) -- -link="" : Add link to another container (name:alias) -+ -P=false : Publish all exposed ports to the host interfaces -+ -p=[] : Publish a container's port to the host (format: -+ ip:hostPort:containerPort | ip::containerPort | -+ hostPort:containerPort) -+ (use 'docker port' to see the actual mapping) -+ --link="" : Add link to another container (name:alias) - - As mentioned previously, `EXPOSE` (and --`-expose`) make a port available **in** a container -+`--expose`) make a port available **in** a container - for incoming connections. The port number on the inside of the container - (where the service listens) does not need to be the same number as the - port exposed on the outside of the container (where clients connect), so -@@ -315,11 +316,11 @@ inside the container you might have an HTTP service listening on port 80 - might be 42800. - - To help a new client container reach the server container’s internal --port operator `-expose`‘d by the operator or -+port operator `--expose`‘d by the operator or - `EXPOSE`‘d by the developer, the operator has three - choices: start the server container with `-P` or - `-p,` or start the client container with --`-link`. -+`--link`. - - If the operator uses `-P` or `-p`{.docutils - .literal} then Docker will make the exposed port accessible on the host -@@ -327,20 +328,20 @@ and the ports will be available to any client that can reach the host. - To find the map between the host ports and the exposed ports, use - `docker port`) - --If the operator uses `-link` when starting the new -+If the operator uses `--link` when starting the new - client container, then the client container can access the exposed port - via a private networking interface. Docker will set some environment - variables in the client container to help indicate which interface and - port to use. - --### ENV (Environment Variables) -+### [ENV (Environment Variables)](#id19) - - The operator can **set any environment variable** in the container by - using one or more `-e` flags, even overriding those - already defined by the developer with a Dockefile `ENV`{.docutils - .literal}: - -- $ docker run -e "deep=purple" -rm ubuntu /bin/bash -c export -+ $ docker run -e "deep=purple" --rm ubuntu /bin/bash -c export - declare -x HOME="/" - declare -x HOSTNAME="85bc26a0e200" - declare -x OLDPWD -@@ -353,13 +354,13 @@ already defined by the developer with a Dockefile `ENV`{.docutils - Similarly the operator can set the **hostname** with `-h`{.docutils - .literal}. - --`-link name:alias` also sets environment variables, -+`--link name:alias` also sets environment variables, - using the *alias* string to define environment variables within the - container that give the IP and PORT information for connecting to the - service container. Let’s imagine we have a container running Redis: - - # Start the service container, named redis-name -- $ docker run -d -name redis-name dockerfiles/redis -+ $ docker run -d --name redis-name dockerfiles/redis - 4241164edf6f5aca5b0e9e4c9eccd899b0b8080c64c0cd26efe02166c73208f3 - - # The redis-name container exposed port 6379 -@@ -372,10 +373,10 @@ service container. Let’s imagine we have a container running Redis: - 2014/01/25 00:55:38 Error: No public port '6379' published for 4241164edf6f - - Yet we can get information about the Redis container’s exposed ports --with `-link`. Choose an alias that will form a valid --environment variable! -+with `--link`. Choose an alias that will form a -+valid environment variable! - -- $ docker run -rm -link redis-name:redis_alias -entrypoint /bin/bash dockerfiles/redis -c export -+ $ docker run --rm --link redis-name:redis_alias --entrypoint /bin/bash dockerfiles/redis -c export - declare -x HOME="/" - declare -x HOSTNAME="acda7f7b1cdc" - declare -x OLDPWD -@@ -393,14 +394,14 @@ environment variable! - And we can use that information to connect from another container as a - client: - -- $ docker run -i -t -rm -link redis-name:redis_alias -entrypoint /bin/bash dockerfiles/redis -c '/redis-stable/src/redis-cli -h $REDIS_ALIAS_PORT_6379_TCP_ADDR -p $REDIS_ALIAS_PORT_6379_TCP_PORT' -+ $ docker run -i -t --rm --link redis-name:redis_alias --entrypoint /bin/bash dockerfiles/redis -c '/redis-stable/src/redis-cli -h $REDIS_ALIAS_PORT_6379_TCP_ADDR -p $REDIS_ALIAS_PORT_6379_TCP_PORT' - 172.17.0.32:6379> - --### VOLUME (Shared Filesystems) -+### [VOLUME (Shared Filesystems)](#id20) - - -v=[]: Create a bind mount with: [host-dir]:[container-dir]:[rw|ro]. - If "container-dir" is missing, then docker creates a new volume. -- -volumes-from="": Mount all volumes from the given container(s) -+ --volumes-from="": Mount all volumes from the given container(s) - - The volumes commands are complex enough to have their own documentation - in section [*Share Directories via -@@ -409,7 +410,7 @@ define one or more `VOLUME`s associated with an - image, but only the operator can give access from one container to - another (or from a container to a volume mounted on the host). - --### USER -+### [USER](#id21) - - The default user within a container is `root` (id = - 0), but if the developer created additional users, those are accessible -@@ -419,7 +420,7 @@ override it - - -u="": Username or UID - --### WORKDIR -+### [WORKDIR](#id22) - - The default working directory for running binaries within a container is - the root directory (`/`), but the developer can set -diff --git a/docs/sources/search.md b/docs/sources/search.md -index 0e2e13f..0296d50 100644 ---- a/docs/sources/search.md -+++ b/docs/sources/search.md -@@ -1,8 +1,7 @@ --# Search - --*Please activate JavaScript to enable the search functionality.* -+# Search {#search-documentation} - --## How To Search -+Please activate JavaScript to enable the search functionality. - - From here you can search these documents. Enter your search words into - the box below and click "search". Note that the search function will -diff --git a/docs/sources/terms.md b/docs/sources/terms.md -index 59579d9..5152876 100644 ---- a/docs/sources/terms.md -+++ b/docs/sources/terms.md -@@ -1,13 +1,14 @@ -+ - # Glossary - --*Definitions of terms used in Docker documentation.* -+Definitions of terms used in Docker documentation. - --## Contents: -+Contents: - --- [File System](filesystem/) --- [Layers](layer/) --- [Image](image/) --- [Container](container/) --- [Registry](registry/) --- [Repository](repository/) -+- [File System](filesystem/) -+- [Layers](layer/) -+- [Image](image/) -+- [Container](container/) -+- [Registry](registry/) -+- [Repository](repository/) - -diff --git a/docs/sources/terms/container.md b/docs/sources/terms/container.md -index bc493d4..6fbf952 100644 ---- a/docs/sources/terms/container.md -+++ b/docs/sources/terms/container.md -@@ -4,8 +4,6 @@ page_keywords: containers, lxc, concepts, explanation, image, container - - # Container - --## Introduction -- - ![](../../_images/docker-filesystems-busyboxrw.png) - - Once you start a process in Docker from an -diff --git a/docs/sources/terms/filesystem.md b/docs/sources/terms/filesystem.md -index 2038d00..8fbd977 100644 ---- a/docs/sources/terms/filesystem.md -+++ b/docs/sources/terms/filesystem.md -@@ -4,8 +4,6 @@ page_keywords: containers, files, linux - - # File System - --## Introduction -- - ![](../../_images/docker-filesystems-generic.png) - - In order for a Linux system to run, it typically needs two [file -diff --git a/docs/sources/terms/image.md b/docs/sources/terms/image.md -index 721d4c9..98914dd 100644 ---- a/docs/sources/terms/image.md -+++ b/docs/sources/terms/image.md -@@ -4,8 +4,6 @@ page_keywords: containers, lxc, concepts, explanation, image, container - - # Image - --## Introduction -- - ![](../../_images/docker-filesystems-debian.png) - - In Docker terminology, a read-only [*Layer*](../layer/#layer-def) is -diff --git a/docs/sources/terms/layer.md b/docs/sources/terms/layer.md -index 7665467..6949d5c 100644 ---- a/docs/sources/terms/layer.md -+++ b/docs/sources/terms/layer.md -@@ -4,8 +4,6 @@ page_keywords: containers, lxc, concepts, explanation, image, container - - # Layers - --## Introduction -- - In a traditional Linux boot, the kernel first mounts the root [*File - System*](../filesystem/#filesystem-def) as read-only, checks its - integrity, and then switches the whole rootfs volume to read-write mode. -diff --git a/docs/sources/terms/registry.md b/docs/sources/terms/registry.md -index 0d5af2c..53c0a24 100644 ---- a/docs/sources/terms/registry.md -+++ b/docs/sources/terms/registry.md -@@ -4,8 +4,6 @@ page_keywords: containers, lxc, concepts, explanation, image, repository, contai - - # Registry - --## Introduction -- - A Registry is a hosted service containing - [*repositories*](../repository/#repository-def) of - [*images*](../image/#image-def) which responds to the Registry API. -@@ -14,7 +12,5 @@ The default registry can be accessed using a browser at - [http://images.docker.io](http://images.docker.io) or using the - `sudo docker search` command. - --## Further Reading -- - For more information see [*Working with - Repositories*](../../use/workingwithrepository/#working-with-the-repository) -diff --git a/docs/sources/terms/repository.md b/docs/sources/terms/repository.md -index e3332e4..8868440 100644 ---- a/docs/sources/terms/repository.md -+++ b/docs/sources/terms/repository.md -@@ -4,8 +4,6 @@ page_keywords: containers, lxc, concepts, explanation, image, repository, contai - - # Repository - --## Introduction -- - A repository is a set of images either on your local Docker server, or - shared, by pushing it to a [*Registry*](../registry/#registry-def) - server. -diff --git a/docs/sources/toctree.md b/docs/sources/toctree.md -index 259a231..b268e90 100644 ---- a/docs/sources/toctree.md -+++ b/docs/sources/toctree.md -@@ -1,14 +1,18 @@ -+page_title: Documentation -+page_description: -- todo: change me -+page_keywords: todo, docker, documentation, installation, usage, examples, contributing, faq, command line, concepts -+ - # Documentation - --## This documentation has the following resources: -- --- [Introduction](../) --- [Installation](../installation/) --- [Use](../use/) --- [Examples](../examples/) --- [Reference Manual](../reference/) --- [Contributing](../contributing/) --- [Glossary](../terms/) --- [Articles](../articles/) --- [FAQ](../faq/) -+This documentation has the following resources: -+ -+- [Introduction](../) -+- [Installation](../installation/) -+- [Use](../use/) -+- [Examples](../examples/) -+- [Reference Manual](../reference/) -+- [Contributing](../contributing/) -+- [Glossary](../terms/) -+- [Articles](../articles/) -+- [FAQ](../faq/) - -diff --git a/docs/sources/use.md b/docs/sources/use.md -index ce4a510..00077a5 100644 ---- a/docs/sources/use.md -+++ b/docs/sources/use.md -@@ -1,13 +1,16 @@ -+ - # Use - --## Contents: -- --- [First steps with Docker](basics/) --- [Share Images via Repositories](workingwithrepository/) --- [Redirect Ports](port_redirection/) --- [Configure Networking](networking/) --- [Automatically Start Containers](host_integration/) --- [Share Directories via Volumes](working_with_volumes/) --- [Link Containers](working_with_links_names/) --- [Link via an Ambassador Container](ambassador_pattern_linking/) --- [Using Puppet](puppet/) -\ No newline at end of file -+Contents: -+ -+- [First steps with Docker](basics/) -+- [Share Images via Repositories](workingwithrepository/) -+- [Redirect Ports](port_redirection/) -+- [Configure Networking](networking/) -+- [Automatically Start Containers](host_integration/) -+- [Share Directories via Volumes](working_with_volumes/) -+- [Link Containers](working_with_links_names/) -+- [Link via an Ambassador Container](ambassador_pattern_linking/) -+- [Using Chef](chef/) -+- [Using Puppet](puppet/) -+ -diff --git a/docs/sources/use/ambassador_pattern_linking.md b/docs/sources/use/ambassador_pattern_linking.md -index b5df7f8..f7704a5 100644 ---- a/docs/sources/use/ambassador_pattern_linking.md -+++ b/docs/sources/use/ambassador_pattern_linking.md -@@ -4,8 +4,6 @@ page_keywords: Examples, Usage, links, docker, documentation, examples, names, n - - # Link via an Ambassador Container - --## Introduction -- - Rather than hardcoding network links between a service consumer and - provider, Docker encourages service portability. - -@@ -38,24 +36,24 @@ link wiring is controlled entirely from the `docker run`{.docutils - - Start actual redis server on one Docker host - -- big-server $ docker run -d -name redis crosbymichael/redis -+ big-server $ docker run -d --name redis crosbymichael/redis - - Then add an ambassador linked to the redis server, mapping a port to the - outside world - -- big-server $ docker run -d -link redis:redis -name redis_ambassador -p 6379:6379 svendowideit/ambassador -+ big-server $ docker run -d --link redis:redis --name redis_ambassador -p 6379:6379 svendowideit/ambassador - - On the other host, you can set up another ambassador setting environment - variables for each remote port we want to proxy to the - `big-server` - -- client-server $ docker run -d -name redis_ambassador -expose 6379 -e REDIS_PORT_6379_TCP=tcp://192.168.1.52:6379 svendowideit/ambassador -+ client-server $ docker run -d --name redis_ambassador --expose 6379 -e REDIS_PORT_6379_TCP=tcp://192.168.1.52:6379 svendowideit/ambassador - - Then on the `client-server` host, you can use a - redis client container to talk to the remote redis server, just by - linking to the local redis ambassador. - -- client-server $ docker run -i -t -rm -link redis_ambassador:redis relateiq/redis-cli -+ client-server $ docker run -i -t --rm --link redis_ambassador:redis relateiq/redis-cli - redis 172.17.0.160:6379> ping - PONG - -@@ -68,19 +66,19 @@ The following example shows what the `svendowideit/ambassador`{.docutils - On the docker host (192.168.1.52) that redis will run on: - - # start actual redis server -- $ docker run -d -name redis crosbymichael/redis -+ $ docker run -d --name redis crosbymichael/redis - - # get a redis-cli container for connection testing - $ docker pull relateiq/redis-cli - - # test the redis server by talking to it directly -- $ docker run -t -i -rm -link redis:redis relateiq/redis-cli -+ $ docker run -t -i --rm --link redis:redis relateiq/redis-cli - redis 172.17.0.136:6379> ping - PONG - ^D - - # add redis ambassador -- $ docker run -t -i -link redis:redis -name redis_ambassador -p 6379:6379 busybox sh -+ $ docker run -t -i --link redis:redis --name redis_ambassador -p 6379:6379 busybox sh - - in the redis\_ambassador container, you can see the linked redis - containers’s env -@@ -104,7 +102,7 @@ to the world (via the -p 6379:6379 port mapping) - - $ docker rm redis_ambassador - $ sudo ./contrib/mkimage-unittest.sh -- $ docker run -t -i -link redis:redis -name redis_ambassador -p 6379:6379 docker-ut sh -+ $ docker run -t -i --link redis:redis --name redis_ambassador -p 6379:6379 docker-ut sh - - $ socat TCP4-LISTEN:6379,fork,reuseaddr TCP4:172.17.0.136:6379 - -@@ -113,14 +111,14 @@ then ping the redis server via the ambassador - Now goto a different server - - $ sudo ./contrib/mkimage-unittest.sh -- $ docker run -t -i -expose 6379 -name redis_ambassador docker-ut sh -+ $ docker run -t -i --expose 6379 --name redis_ambassador docker-ut sh - - $ socat TCP4-LISTEN:6379,fork,reuseaddr TCP4:192.168.1.52:6379 - - and get the redis-cli image so we can talk over the ambassador bridge - - $ docker pull relateiq/redis-cli -- $ docker run -i -t -rm -link redis_ambassador:redis relateiq/redis-cli -+ $ docker run -i -t --rm --link redis_ambassador:redis relateiq/redis-cli - redis 172.17.0.160:6379> ping - PONG - -@@ -133,7 +131,7 @@ out the (possibly multiple) link environment variables to set up the - port forwarding. On the remote host, you need to set the variable using - the `-e` command line option. - --`-expose 1234 -e REDIS_PORT_1234_TCP=tcp://192.168.1.52:6379`{.docutils -+`--expose 1234 -e REDIS_PORT_1234_TCP=tcp://192.168.1.52:6379`{.docutils - .literal} will forward the local `1234` port to the - remote IP and port - in this case `192.168.1.52:6379`{.docutils - .literal}. -@@ -146,12 +144,12 @@ remote IP and port - in this case `192.168.1.52:6379`{.docutils - # docker build -t SvenDowideit/ambassador . - # docker tag SvenDowideit/ambassador ambassador - # then to run it (on the host that has the real backend on it) -- # docker run -t -i -link redis:redis -name redis_ambassador -p 6379:6379 ambassador -+ # docker run -t -i --link redis:redis --name redis_ambassador -p 6379:6379 ambassador - # on the remote host, you can set up another ambassador -- # docker run -t -i -name redis_ambassador -expose 6379 sh -+ # docker run -t -i --name redis_ambassador --expose 6379 sh - - FROM docker-ut - MAINTAINER SvenDowideit@home.org.au - - -- CMD env | grep _TCP= | sed 's/.*_PORT_\([0-9]*\)_TCP=tcp:\/\/\(.*\):\(.*\)/socat TCP4-LISTEN:\1,fork,reuseaddr TCP4:\2:\3 \&/' | sh && top -\ No newline at end of file -+ CMD env | grep _TCP= | sed 's/.*_PORT_\([0-9]*\)_TCP=tcp:\/\/\(.*\):\(.*\)/socat TCP4-LISTEN:\1,fork,reuseaddr TCP4:\2:\3 \&/' | sh && top -diff --git a/docs/sources/use/basics.md b/docs/sources/use/basics.md -index 1b10335..0abc8e7 100644 ---- a/docs/sources/use/basics.md -+++ b/docs/sources/use/basics.md -@@ -37,7 +37,10 @@ hash `539c0211cd76: Download complete` which is the - short form of the image ID. These short image IDs are the first 12 - characters of the full image ID - which can be found using - `docker inspect` or --`docker images -notrunc=true` -+`docker images --no-trunc=true` -+ -+**If you’re using OS X** then you shouldn’t use `sudo`{.docutils -+.literal} - - ## Running an interactive shell - -diff --git a/docs/sources/use/host_integration.md b/docs/sources/use/host_integration.md -index 50eae8b..a7dba9b 100644 ---- a/docs/sources/use/host_integration.md -+++ b/docs/sources/use/host_integration.md -@@ -5,7 +5,8 @@ page_keywords: systemd, upstart, supervisor, docker, documentation, host integra - # Automatically Start Containers - - You can use your Docker containers with process managers like --`upstart`, `systemd`{.docutils .literal} and `supervisor`. -+`upstart`, `systemd`{.docutils .literal} and -+`supervisor`. - - ## Introduction - -@@ -15,21 +16,22 @@ docker will not automatically restart your containers when the host is - restarted. - - When you have finished setting up your image and are happy with your --running container, you may want to use a process manager to manage it. -+running container, you can then attach a process manager to manage it. - When your run `docker start -a` docker will --automatically attach to the process and forward all signals so that the --process manager can detect when a container stops and correctly restart --it. -+automatically attach to the running container, or start it if needed and -+forward all signals so that the process manager can detect when a -+container stops and correctly restart it. - - Here are a few sample scripts for systemd and upstart to integrate with - docker. - - ## Sample Upstart Script - --In this example we’ve already created a container to run Redis with an --id of 0a7e070b698b. To create an upstart script for our container, we --create a file named `/etc/init/redis.conf` and place --the following into it: -+In this example we’ve already created a container to run Redis with -+`--name redis_server`. To create an upstart script -+for our container, we create a file named -+`/etc/init/redis.conf` and place the following into -+it: - - description "Redis container" - author "Me" -@@ -42,7 +44,7 @@ the following into it: - while [ ! -e $FILE ] ; do - inotifywait -t 2 -e create $(dirname $FILE) - done -- /usr/bin/docker start -a 0a7e070b698b -+ /usr/bin/docker start -a redis_server - end script - - Next, we have to configure docker so that it’s run with the option -@@ -59,8 +61,8 @@ Next, we have to configure docker so that it’s run with the option - - [Service] - Restart=always -- ExecStart=/usr/bin/docker start -a 0a7e070b698b -- ExecStop=/usr/bin/docker stop -t 2 0a7e070b698b -+ ExecStart=/usr/bin/docker start -a redis_server -+ ExecStop=/usr/bin/docker stop -t 2 redis_server - - [Install] - WantedBy=local.target -diff --git a/docs/sources/use/networking.md b/docs/sources/use/networking.md -index e4cc5c5..56a9885 100644 ---- a/docs/sources/use/networking.md -+++ b/docs/sources/use/networking.md -@@ -4,16 +4,15 @@ page_keywords: network, networking, bridge, docker, documentation - - # Configure Networking - --## Introduction -- - Docker uses Linux bridge capabilities to provide network connectivity to - containers. The `docker0` bridge interface is - managed by Docker for this purpose. When the Docker daemon starts it : - --- creates the `docker0` bridge if not present --- searches for an IP address range which doesn’t overlap with an existing route --- picks an IP in the selected range --- assigns this IP to the `docker0` bridge -+- creates the `docker0` bridge if not present -+- searches for an IP address range which doesn’t overlap with an -+ existing route -+- picks an IP in the selected range -+- assigns this IP to the `docker0` bridge - - - -@@ -113,9 +112,9 @@ The value of the Docker daemon’s `icc` parameter - determines whether containers can communicate with each other over the - bridge network. - --- The default, `-icc=true` allows containers to -+- The default, `--icc=true` allows containers to - communicate with each other. --- `-icc=false` means containers are isolated from -+- `--icc=false` means containers are isolated from - each other. - - Docker uses `iptables` under the hood to either -@@ -137,6 +136,6 @@ ip link command) and the namespaces infrastructure. - - ## I want more - --Jérôme Petazzoni has create `pipework` to connect -+Jérôme Petazzoni has created `pipework` to connect - together containers in arbitrarily complex scenarios : - [https://github.com/jpetazzo/pipework](https://github.com/jpetazzo/pipework) -diff --git a/docs/sources/use/port_redirection.md b/docs/sources/use/port_redirection.md -index 6970d0d..1c1b676 100644 ---- a/docs/sources/use/port_redirection.md -+++ b/docs/sources/use/port_redirection.md -@@ -4,8 +4,6 @@ page_keywords: Usage, basic port, docker, documentation, examples - - # Redirect Ports - --## Introduction -- - Interacting with a service is commonly done through a connection to a - port. When this service runs inside a container, one can connect to the - port after finding the IP address of the container as follows: -@@ -74,7 +72,7 @@ port on the host machine bound to a given container port. It is useful - when using dynamically allocated ports: - - # Bind to a dynamically allocated port -- docker run -p 127.0.0.1::8080 -name dyn-bound -+ docker run -p 127.0.0.1::8080 --name dyn-bound - - # Lookup the actual port - docker port dyn-bound 8080 -@@ -105,18 +103,18 @@ started. - - Here is a full example. On `server`, the port of - interest is exposed. The exposure is done either through the --`-expose` parameter to the `docker run`{.docutils -+`--expose` parameter to the `docker run`{.docutils - .literal} command, or the `EXPOSE` build command in - a Dockerfile: - - # Expose port 80 -- docker run -expose 80 -name server -+ docker run --expose 80 --name server - - The `client` then links to the `server`{.docutils - .literal}: - - # Link -- docker run -name client -link server:linked-server -+ docker run --name client --link server:linked-server - - `client` locally refers to `server`{.docutils - .literal} as `linked-server`. The following -@@ -137,4 +135,4 @@ port 80 of `server` and that `server`{.docutils - .literal} is accessible at the IP address 172.17.0.8 - - Note: Using the `-p` parameter also exposes the --port.. -+port. -diff --git a/docs/sources/use/puppet.md b/docs/sources/use/puppet.md -index 55f16dd..b00346c 100644 ---- a/docs/sources/use/puppet.md -+++ b/docs/sources/use/puppet.md -@@ -4,10 +4,12 @@ page_keywords: puppet, installation, usage, docker, documentation - - # Using Puppet - --> *Note:* Please note this is a community contributed installation path. The only --> ‘official’ installation is using the --> [*Ubuntu*](../../installation/ubuntulinux/#ubuntu-linux) installation --> path. This version may sometimes be out of date. -+Note -+ -+Please note this is a community contributed installation path. The only -+‘official’ installation is using the -+[*Ubuntu*](../../installation/ubuntulinux/#ubuntu-linux) installation -+path. This version may sometimes be out of date. - - ## Requirements - -diff --git a/docs/sources/use/working_with_links_names.md b/docs/sources/use/working_with_links_names.md -index 3a12284..b41be0d 100644 ---- a/docs/sources/use/working_with_links_names.md -+++ b/docs/sources/use/working_with_links_names.md -@@ -4,8 +4,6 @@ page_keywords: Examples, Usage, links, linking, docker, documentation, examples, - - # Link Containers - --## Introduction -- - From version 0.6.5 you are now able to `name` a - container and `link` it to another container by - referring to its name. This will create a parent -\> child relationship -@@ -15,12 +13,13 @@ where the parent container can see selected information about its child. - - New in version v0.6.5. - --You can now name your container by using the `-name` --flag. If no name is provided, Docker will automatically generate a name. --You can see this name using the `docker ps` command. -+You can now name your container by using the `--name`{.docutils -+.literal} flag. If no name is provided, Docker will automatically -+generate a name. You can see this name using the `docker ps`{.docutils -+.literal} command. - -- # format is "sudo docker run -name " -- $ sudo docker run -name test ubuntu /bin/bash -+ # format is "sudo docker run --name " -+ $ sudo docker run --name test ubuntu /bin/bash - - # the flag "-a" Show all containers. Only running containers are shown by default. - $ sudo docker ps -a -@@ -32,9 +31,9 @@ You can see this name using the `docker ps` command. - New in version v0.6.5. - - Links allow containers to discover and securely communicate with each --other by using the flag `-link name:alias`. -+other by using the flag `--link name:alias`. - Inter-container communication can be disabled with the daemon flag --`-icc=false`. With this flag set to -+`--icc=false`. With this flag set to - `false`, Container A cannot access Container B - unless explicitly allowed via a link. This is a huge win for securing - your containers. When two containers are linked together Docker creates -@@ -52,9 +51,9 @@ communication is set to false. - For example, there is an image called `crosbymichael/redis`{.docutils - .literal} that exposes the port 6379 and starts the Redis server. Let’s - name the container as `redis` based on that image --and run it as daemon. -+and run it as a daemon. - -- $ sudo docker run -d -name redis crosbymichael/redis -+ $ sudo docker run -d --name redis crosbymichael/redis - - We can issue all the commands that you would expect using the name - `redis`; start, stop, attach, using the name for our -@@ -67,9 +66,9 @@ our Redis server we did not use the `-p` flag to - publish the Redis port to the host system. Redis exposed port 6379 and - this is all we need to establish a link. - -- $ sudo docker run -t -i -link redis:db -name webapp ubuntu bash -+ $ sudo docker run -t -i --link redis:db --name webapp ubuntu bash - --When you specified `-link redis:db` you are telling -+When you specified `--link redis:db` you are telling - Docker to link the container named `redis` into this - new container with the alias `db`. Environment - variables are prefixed with the alias so that the parent container can -@@ -101,8 +100,18 @@ Accessing the network information along with the environment of the - child container allows us to easily connect to the Redis service on the - specific IP and port in the environment. - -+Note -+ -+These Environment variables are only set for the first process in the -+container. Similarly, some daemons (such as `sshd`) -+will scrub them when spawning shells for connection. -+ -+You can work around this by storing the initial `env`{.docutils -+.literal} in a file, or looking at `/proc/1/environ`{.docutils -+.literal}. -+ - Running `docker ps` shows the 2 containers, and the --`webapp/db` alias name for the redis container. -+`webapp/db` alias name for the Redis container. - - $ docker ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -diff --git a/docs/sources/use/working_with_volumes.md b/docs/sources/use/working_with_volumes.md -index 6cf57ee..542c715 100644 ---- a/docs/sources/use/working_with_volumes.md -+++ b/docs/sources/use/working_with_volumes.md -@@ -4,27 +4,24 @@ page_keywords: Examples, Usage, volume, docker, documentation, examples - - # Share Directories via Volumes - --## Introduction -- - A *data volume* is a specially-designated directory within one or more - containers that bypasses the [*Union File - System*](../../terms/layer/#ufs-def) to provide several useful features - for persistent or shared data: - --- **Data volumes can be shared and reused between containers:** -- This is the feature that makes data volumes so powerful. You can -- use it for anything from hot database upgrades to custom backup or -- replication tools. See the example below. --- **Changes to a data volume are made directly:** -- Without the overhead of a copy-on-write mechanism. This is good for -- very large files. --- **Changes to a data volume will not be included at the next commit:** -- Because they are not recorded as regular filesystem changes in the -- top layer of the [*Union File System*](../../terms/layer/#ufs-def) --- **Volumes persist until no containers use them:** -- As they are a reference counted resource. The container does not need to be -- running to share its volumes, but running it can help protect it -- against accidental removal via `docker rm`. -+- **Data volumes can be shared and reused between containers.** This -+ is the feature that makes data volumes so powerful. You can use it -+ for anything from hot database upgrades to custom backup or -+ replication tools. See the example below. -+- **Changes to a data volume are made directly**, without the overhead -+ of a copy-on-write mechanism. This is good for very large files. -+- **Changes to a data volume will not be included at the next commit** -+ because they are not recorded as regular filesystem changes in the -+ top layer of the [*Union File System*](../../terms/layer/#ufs-def) -+- **Volumes persist until no containers use them** as they are a -+ reference counted resource. The container does not need to be -+ running to share its volumes, but running it can help protect it -+ against accidental removal via `docker rm`. - - Each container can have zero or more data volumes. - -@@ -43,7 +40,7 @@ container with two new volumes: - This command will create the new container with two new volumes that - exits instantly (`true` is pretty much the smallest, - simplest program that you can run). Once created you can mount its --volumes in any other container using the `-volumes-from`{.docutils -+volumes in any other container using the `--volumes-from`{.docutils - .literal} option; irrespective of whether the container is running or - not. - -@@ -51,7 +48,7 @@ Or, you can use the VOLUME instruction in a Dockerfile to add one or - more new volumes to any container created from that image: - - # BUILD-USING: docker build -t data . -- # RUN-USING: docker run -name DATA data -+ # RUN-USING: docker run --name DATA data - FROM busybox - VOLUME ["/var/volume1", "/var/volume2"] - CMD ["/bin/true"] -@@ -66,20 +63,20 @@ it. - Create a named container with volumes to share (`/var/volume1`{.docutils - .literal} and `/var/volume2`): - -- $ docker run -v /var/volume1 -v /var/volume2 -name DATA busybox true -+ $ docker run -v /var/volume1 -v /var/volume2 --name DATA busybox true - - Then mount those data volumes into your application containers: - -- $ docker run -t -i -rm -volumes-from DATA -name client1 ubuntu bash -+ $ docker run -t -i --rm --volumes-from DATA --name client1 ubuntu bash - --You can use multiple `-volumes-from` parameters to -+You can use multiple `--volumes-from` parameters to - bring together multiple data volumes from multiple containers. - - Interestingly, you can mount the volumes that came from the - `DATA` container in yet another container via the - `client1` middleman container: - -- $ docker run -t -i -rm -volumes-from client1 -name client2 ubuntu bash -+ $ docker run -t -i --rm --volumes-from client1 --name client2 ubuntu bash - - This allows you to abstract the actual data source from users of that - data, similar to -@@ -136,9 +133,9 @@ because they are external to images. Instead you can use - `--volumes-from` to start a new container that can - access the data-container’s volume. For example: - -- $ sudo docker run -rm --volumes-from DATA -v $(pwd):/backup busybox tar cvf /backup/backup.tar /data -+ $ sudo docker run --rm --volumes-from DATA -v $(pwd):/backup busybox tar cvf /backup/backup.tar /data - --- `-rm` - remove the container when it exits -+- `--rm` - remove the container when it exits - - `--volumes-from DATA` - attach to the volumes - shared by the `DATA` container - - `-v $(pwd):/backup` - bind mount the current -@@ -153,13 +150,13 @@ Then to restore to the same container, or another that you’ve made - elsewhere: - - # create a new data container -- $ sudo docker run -v /data -name DATA2 busybox true -+ $ sudo docker run -v /data --name DATA2 busybox true - # untar the backup files into the new container's data volume -- $ sudo docker run -rm --volumes-from DATA2 -v $(pwd):/backup busybox tar xvf /backup/backup.tar -+ $ sudo docker run --rm --volumes-from DATA2 -v $(pwd):/backup busybox tar xvf /backup/backup.tar - data/ - data/sven.txt - # compare to the original container -- $ sudo docker run -rm --volumes-from DATA -v `pwd`:/backup busybox ls /data -+ $ sudo docker run --rm --volumes-from DATA -v `pwd`:/backup busybox ls /data - sven.txt - - You can use the basic techniques above to automate backup, migration and -diff --git a/docs/sources/use/workingwithrepository.md b/docs/sources/use/workingwithrepository.md -index bd0e274..1cfec63 100644 ---- a/docs/sources/use/workingwithrepository.md -+++ b/docs/sources/use/workingwithrepository.md -@@ -4,8 +4,6 @@ page_keywords: repo, repositories, usage, pull image, push image, image, documen - - # Share Images via Repositories - --## Introduction -- - A *repository* is a shareable collection of tagged - [*images*](../../terms/image/#image-def) that together create the file - systems for containers. The repository’s name is a label that indicates -@@ -27,14 +25,12 @@ repositories. You can host your own Registry too! Docker acts as a - client for these services via `docker search, pull, login`{.docutils - .literal} and `push`. - --## Repositories -- --### Local Repositories -+## Local Repositories - - Docker images which have been created and labeled on your local Docker - server need to be pushed to a Public or Private registry to be shared. - --### Public Repositories -+## Public Repositories - - There are two types of public repositories: *top-level* repositories - which are controlled by the Docker team, and *user* repositories created -@@ -67,7 +63,7 @@ user name or description: - - Search the docker index for images - -- -notrunc=false: Don't truncate output -+ --no-trunc=false: Don't truncate output - $ sudo docker search centos - Found 25 results matching your query ("centos") - NAME DESCRIPTION -@@ -204,7 +200,7 @@ See also - [Docker Blog: How to use your own - registry](http://blog.docker.io/2013/07/how-to-use-your-own-registry/) - --## Authentication File -+## Authentication file - - The authentication is stored in a json file, `.dockercfg`{.docutils - .literal} located in your home directory. It supports multiple registry diff --git a/docs/requirements.txt b/docs/requirements.txt deleted file mode 100644 index 6f41142a84..0000000000 --- a/docs/requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -Sphinx==1.2.1 -sphinxcontrib-httpdomain==1.2.0 diff --git a/docs/s3_website.json b/docs/s3_website.json index bb68b6652c..fb14628ce6 100644 --- a/docs/s3_website.json +++ b/docs/s3_website.json @@ -9,7 +9,9 @@ { "Condition": { "KeyPrefixEquals": "en/latest/" }, "Redirect": { "ReplaceKeyPrefixWith": "" } }, { "Condition": { "KeyPrefixEquals": "en/master/" }, "Redirect": { "ReplaceKeyPrefixWith": "" } }, { "Condition": { "KeyPrefixEquals": "en/v0.6.3/" }, "Redirect": { "ReplaceKeyPrefixWith": "" } }, - { "Condition": { "KeyPrefixEquals": "jsearch/index.html" }, "Redirect": { "ReplaceKeyPrefixWith": "jsearch/" } } + { "Condition": { "KeyPrefixEquals": "jsearch/index.html" }, "Redirect": { "ReplaceKeyPrefixWith": "jsearch/" } }, + { "Condition": { "KeyPrefixEquals": "index/" }, "Redirect": { "ReplaceKeyPrefixWith": "docker-io/" } }, + { "Condition": { "KeyPrefixEquals": "reference/api/index_api/" }, "Redirect": { "ReplaceKeyPrefixWith": "reference/api/docker-io_api/" } } ] } diff --git a/docs/sources/articles.md b/docs/sources/articles.md index da5a2d255f..54c067d0cc 100644 --- a/docs/sources/articles.md +++ b/docs/sources/articles.md @@ -2,7 +2,7 @@ ## Contents: -- [Docker Security](security/) -- [Create a Base Image](baseimages/) -- [Runtime Metrics](runmetrics/) + - [Docker Security](security/) + - [Create a Base Image](baseimages/) + - [Runtime Metrics](runmetrics/) diff --git a/docs/sources/articles/baseimages.md b/docs/sources/articles/baseimages.md index d2d6336a6c..c795b7a0a7 100644 --- a/docs/sources/articles/baseimages.md +++ b/docs/sources/articles/baseimages.md @@ -4,8 +4,8 @@ page_keywords: Examples, Usage, base image, docker, documentation, examples # Create a Base Image -So you want to create your own [*Base -Image*](../../terms/image/#base-image-def)? Great! +So you want to create your own [*Base Image*]( +/terms/image/#base-image-def)? Great! The specific process will depend heavily on the Linux distribution you want to package. We have some examples below, and you are encouraged to @@ -13,9 +13,9 @@ submit pull requests to contribute new ones. ## Create a full image using tar -In general, you’ll want to start with a working machine that is running -the distribution you’d like to package as a base image, though that is -not required for some tools like Debian’s +In general, you'll want to start with a working machine that is running +the distribution you'd like to package as a base image, though that is +not required for some tools like Debian's [Debootstrap](https://wiki.debian.org/Debootstrap), which you can also use to build Ubuntu images. @@ -33,19 +33,18 @@ It can be as simple as this to create an Ubuntu base image: There are more example scripts for creating base images in the Docker GitHub Repo: -- [BusyBox](https://github.com/dotcloud/docker/blob/master/contrib/mkimage-busybox.sh) -- CentOS / Scientific Linux CERN (SLC) [on - Debian/Ubuntu](https://github.com/dotcloud/docker/blob/master/contrib/mkimage-rinse.sh) - or [on - CentOS/RHEL/SLC/etc.](https://github.com/dotcloud/docker/blob/master/contrib/mkimage-yum.sh) -- [Debian / - Ubuntu](https://github.com/dotcloud/docker/blob/master/contrib/mkimage-debootstrap.sh) + - [BusyBox](https://github.com/dotcloud/docker/blob/master/contrib/mkimage-busybox.sh) + - CentOS / Scientific Linux CERN (SLC) [on Debian/Ubuntu]( + https://github.com/dotcloud/docker/blob/master/contrib/mkimage-rinse.sh) or + [on CentOS/RHEL/SLC/etc.]( + https://github.com/dotcloud/docker/blob/master/contrib/mkimage-yum.sh) + - [Debian / Ubuntu]( + https://github.com/dotcloud/docker/blob/master/contrib/mkimage-debootstrap.sh) ## Creating a simple base image using `scratch` -There is a special repository in the Docker registry called -`scratch`, which was created using an empty tar -file: +There is a special repository in the Docker registry called `scratch`, which +was created using an empty tar file: $ tar cv --files-from /dev/null | docker import - scratch @@ -56,5 +55,5 @@ image to base your new minimal containers `FROM`: ADD true-asm /true CMD ["/true"] -The Dockerfile above is from extremely minimal image - -[tianon/true](https://github.com/tianon/dockerfiles/tree/master/true). +The Dockerfile above is from extremely minimal image - [tianon/true]( +https://github.com/tianon/dockerfiles/tree/master/true). diff --git a/docs/sources/articles/baseimages.rst b/docs/sources/articles/baseimages.rst deleted file mode 100644 index 61c8f7d9c5..0000000000 --- a/docs/sources/articles/baseimages.rst +++ /dev/null @@ -1,65 +0,0 @@ -:title: Create a Base Image -:description: How to create base images -:keywords: Examples, Usage, base image, docker, documentation, examples - -.. _base_image_creation: - -Create a Base Image -=================== - -So you want to create your own :ref:`base_image_def`? Great! - -The specific process will depend heavily on the Linux distribution you -want to package. We have some examples below, and you are encouraged -to submit pull requests to contribute new ones. - -Create a full image using tar -............................. - -In general, you'll want to start with a working machine that is -running the distribution you'd like to package as a base image, though -that is not required for some tools like Debian's `Debootstrap -`_, which you can also use to -build Ubuntu images. - -It can be as simple as this to create an Ubuntu base image:: - - $ sudo debootstrap raring raring > /dev/null - $ sudo tar -C raring -c . | sudo docker import - raring - a29c15f1bf7a - $ sudo docker run raring cat /etc/lsb-release - DISTRIB_ID=Ubuntu - DISTRIB_RELEASE=13.04 - DISTRIB_CODENAME=raring - DISTRIB_DESCRIPTION="Ubuntu 13.04" - -There are more example scripts for creating base images in the -Docker GitHub Repo: - -* `BusyBox `_ -* CentOS / Scientific Linux CERN (SLC) `on Debian/Ubuntu - `_ - or - `on CentOS/RHEL/SLC/etc. - `_ -* `Debian / Ubuntu - `_ - - -Creating a simple base image using ``scratch`` -.............................................. - -There is a special repository in the Docker registry called ``scratch``, which -was created using an empty tar file:: - - $ tar cv --files-from /dev/null | docker import - scratch - -which you can ``docker pull``. You can then use that image to base your new -minimal containers ``FROM``:: - - FROM scratch - ADD true-asm /true - CMD ["/true"] - -The Dockerfile above is from extremely minimal image - -`tianon/true `_. diff --git a/docs/sources/articles/index.rst b/docs/sources/articles/index.rst deleted file mode 100644 index 75c0cd3fa9..0000000000 --- a/docs/sources/articles/index.rst +++ /dev/null @@ -1,15 +0,0 @@ -:title: Docker articles -:description: various articles related to Docker -:keywords: docker, articles - -.. _articles_list: - -Articles -======== - -.. toctree:: - :maxdepth: 1 - - security - baseimages - runmetrics diff --git a/docs/sources/articles/runmetrics.md b/docs/sources/articles/runmetrics.md index 30e204c892..50d46047c0 100644 --- a/docs/sources/articles/runmetrics.md +++ b/docs/sources/articles/runmetrics.md @@ -4,8 +4,8 @@ page_keywords: docker, metrics, CPU, memory, disk, IO, run, runtime # Runtime Metrics -Linux Containers rely on [control -groups](https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt) +Linux Containers rely on [control groups]( +https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt) which not only track groups of processes, but also expose metrics about CPU, memory, and block I/O usage. You can access those metrics and obtain network usage metrics as well. This is relevant for "pure" LXC @@ -14,34 +14,30 @@ containers, as well as for Docker containers. ## Control Groups Control groups are exposed through a pseudo-filesystem. In recent -distros, you should find this filesystem under -`/sys/fs/cgroup`. Under that directory, you will see -multiple sub-directories, called devices, freezer, blkio, etc.; each -sub-directory actually corresponds to a different cgroup hierarchy. +distros, you should find this filesystem under `/sys/fs/cgroup`. Under +that directory, you will see multiple sub-directories, called devices, +freezer, blkio, etc.; each sub-directory actually corresponds to a different +cgroup hierarchy. -On older systems, the control groups might be mounted on -`/cgroup`, without distinct hierarchies. In that -case, instead of seeing the sub-directories, you will see a bunch of -files in that directory, and possibly some directories corresponding to -existing containers. +On older systems, the control groups might be mounted on `/cgroup`, without +distinct hierarchies. In that case, instead of seeing the sub-directories, +you will see a bunch of files in that directory, and possibly some directories +corresponding to existing containers. To figure out where your control groups are mounted, you can run: - grep cgroup /proc/mounts + $ grep cgroup /proc/mounts ## Enumerating Cgroups -You can look into `/proc/cgroups` to see the -different control group subsystems known to the system, the hierarchy -they belong to, and how many groups they contain. +You can look into `/proc/cgroups` to see the different control group subsystems +known to the system, the hierarchy they belong to, and how many groups they contain. -You can also look at `/proc//cgroup` to see -which control groups a process belongs to. The control group will be -shown as a path relative to the root of the hierarchy mountpoint; e.g. -`/` means “this process has not been assigned into a -particular group”, while `/lxc/pumpkin` means that -the process is likely to be a member of a container named -`pumpkin`. +You can also look at `/proc//cgroup` to see which control groups a process +belongs to. The control group will be shown as a path relative to the root of +the hierarchy mountpoint; e.g. `/` means “this process has not been assigned into +a particular group”, while `/lxc/pumpkin` means that the process is likely to be +a member of a container named `pumpkin`. ## Finding the Cgroup for a Given Container @@ -53,12 +49,11 @@ of the LXC tools, the cgroup will be `lxc/.` For Docker containers using cgroups, the container name will be the full ID or long ID of the container. If a container shows up as ae836c95b4c3 in `docker ps`, its long ID might be something like -`ae836c95b4c3c9e9179e0e91015512da89fdec91612f63cebae57df9a5444c79`. You can look it up with `docker inspect` -or `docker ps -notrunc`. +`ae836c95b4c3c9e9179e0e91015512da89fdec91612f63cebae57df9a5444c79`. You can +look it up with `docker inspect` or `docker ps -notrunc`. Putting everything together to look at the memory metrics for a Docker -container, take a look at -`/sys/fs/cgroup/memory/lxc//`. +container, take a look at `/sys/fs/cgroup/memory/lxc//`. ## Metrics from Cgroups: Memory, CPU, Block IO @@ -106,10 +101,9 @@ Here is what it will look like: total_active_file 4489052160 total_unevictable 32768 -The first half (without the `total_` prefix) -contains statistics relevant to the processes within the cgroup, -excluding sub-cgroups. The second half (with the `total_` -prefix) includes sub-cgroups as well. +The first half (without the `total_` prefix) contains statistics relevant +to the processes within the cgroup, excluding sub-cgroups. The second half +(with the `total_` prefix) includes sub-cgroups as well. Some metrics are "gauges", i.e. values that can increase or decrease (e.g. swap, the amount of swap space used by the members of the cgroup). @@ -118,95 +112,104 @@ they represent occurrences of a specific event (e.g. pgfault, which indicates the number of page faults which happened since the creation of the cgroup; this number can never decrease). -cache -: the amount of memory used by the processes of this control group - that can be associated precisely with a block on a block device. - When you read from and write to files on disk, this amount will - increase. This will be the case if you use "conventional" I/O - (`open`, `read`, - `write` syscalls) as well as mapped files (with - `mmap`). It also accounts for the memory used by - `tmpfs` mounts, though the reasons are unclear. -rss -: the amount of memory that *doesn’t* correspond to anything on disk: - stacks, heaps, and anonymous memory maps. -mapped\_file -: indicates the amount of memory mapped by the processes in the - control group. It doesn’t give you information about *how much* - memory is used; it rather tells you *how* it is used. -pgfault and pgmajfault -: indicate the number of times that a process of the cgroup triggered - a "page fault" and a "major fault", respectively. A page fault - happens when a process accesses a part of its virtual memory space - which is nonexistent or protected. The former can happen if the - process is buggy and tries to access an invalid address (it will - then be sent a `SIGSEGV` signal, typically - killing it with the famous `Segmentation fault` - message). The latter can happen when the process reads from a memory - zone which has been swapped out, or which corresponds to a mapped - file: in that case, the kernel will load the page from disk, and let - the CPU complete the memory access. It can also happen when the - process writes to a copy-on-write memory zone: likewise, the kernel - will preempt the process, duplicate the memory page, and resume the - write operation on the process’ own copy of the page. "Major" faults - happen when the kernel actually has to read the data from disk. When - it just has to duplicate an existing page, or allocate an empty - page, it’s a regular (or "minor") fault. -swap -: the amount of swap currently used by the processes in this cgroup. -active\_anon and inactive\_anon -: the amount of *anonymous* memory that has been identified has - respectively *active* and *inactive* by the kernel. "Anonymous" - memory is the memory that is *not* linked to disk pages. In other - words, that’s the equivalent of the rss counter described above. In - fact, the very definition of the rss counter is **active\_anon** + - **inactive\_anon** - **tmpfs** (where tmpfs is the amount of memory - used up by `tmpfs` filesystems mounted by this - control group). Now, what’s the difference between "active" and - "inactive"? Pages are initially "active"; and at regular intervals, - the kernel sweeps over the memory, and tags some pages as - "inactive". Whenever they are accessed again, they are immediately - retagged "active". When the kernel is almost out of memory, and time - comes to swap out to disk, the kernel will swap "inactive" pages. -active\_file and inactive\_file -: cache memory, with *active* and *inactive* similar to the *anon* - memory above. The exact formula is cache = **active\_file** + - **inactive\_file** + **tmpfs**. The exact rules used by the kernel - to move memory pages between active and inactive sets are different - from the ones used for anonymous memory, but the general principle - is the same. Note that when the kernel needs to reclaim memory, it - is cheaper to reclaim a clean (=non modified) page from this pool, - since it can be reclaimed immediately (while anonymous pages and - dirty/modified pages have to be written to disk first). -unevictable -: the amount of memory that cannot be reclaimed; generally, it will - account for memory that has been "locked" with `mlock` -. It is often used by crypto frameworks to make sure that - secret keys and other sensitive material never gets swapped out to - disk. -memory and memsw limits -: These are not really metrics, but a reminder of the limits applied - to this cgroup. The first one indicates the maximum amount of - physical memory that can be used by the processes of this control - group; the second one indicates the maximum amount of RAM+swap. + + - **cache:** + the amount of memory used by the processes of this control group + that can be associated precisely with a block on a block device. + When you read from and write to files on disk, this amount will + increase. This will be the case if you use "conventional" I/O + (`open`, `read`, + `write` syscalls) as well as mapped files (with + `mmap`). It also accounts for the memory used by + `tmpfs` mounts, though the reasons are unclear. + + - **rss:** + the amount of memory that *doesn't* correspond to anything on disk: + stacks, heaps, and anonymous memory maps. + + - **mapped_file:** + indicates the amount of memory mapped by the processes in the + control group. It doesn't give you information about *how much* + memory is used; it rather tells you *how* it is used. + + - **pgfault and pgmajfault:** + indicate the number of times that a process of the cgroup triggered + a "page fault" and a "major fault", respectively. A page fault + happens when a process accesses a part of its virtual memory space + which is nonexistent or protected. The former can happen if the + process is buggy and tries to access an invalid address (it will + then be sent a `SIGSEGV` signal, typically + killing it with the famous `Segmentation fault` + message). The latter can happen when the process reads from a memory + zone which has been swapped out, or which corresponds to a mapped + file: in that case, the kernel will load the page from disk, and let + the CPU complete the memory access. It can also happen when the + process writes to a copy-on-write memory zone: likewise, the kernel + will preempt the process, duplicate the memory page, and resume the + write operation on the process` own copy of the page. "Major" faults + happen when the kernel actually has to read the data from disk. When + it just has to duplicate an existing page, or allocate an empty + page, it's a regular (or "minor") fault. + + - **swap:** + the amount of swap currently used by the processes in this cgroup. + + - **active_anon and inactive_anon:** + the amount of *anonymous* memory that has been identified has + respectively *active* and *inactive* by the kernel. "Anonymous" + memory is the memory that is *not* linked to disk pages. In other + words, that's the equivalent of the rss counter described above. In + fact, the very definition of the rss counter is **active_anon** + + **inactive_anon** - **tmpfs** (where tmpfs is the amount of memory + used up by `tmpfs` filesystems mounted by this + control group). Now, what's the difference between "active" and + "inactive"? Pages are initially "active"; and at regular intervals, + the kernel sweeps over the memory, and tags some pages as + "inactive". Whenever they are accessed again, they are immediately + retagged "active". When the kernel is almost out of memory, and time + comes to swap out to disk, the kernel will swap "inactive" pages. + + - **active_file and inactive_file:** + cache memory, with *active* and *inactive* similar to the *anon* + memory above. The exact formula is cache = **active_file** + + **inactive_file** + **tmpfs**. The exact rules used by the kernel + to move memory pages between active and inactive sets are different + from the ones used for anonymous memory, but the general principle + is the same. Note that when the kernel needs to reclaim memory, it + is cheaper to reclaim a clean (=non modified) page from this pool, + since it can be reclaimed immediately (while anonymous pages and + dirty/modified pages have to be written to disk first). + + - **unevictable:** + the amount of memory that cannot be reclaimed; generally, it will + account for memory that has been "locked" with `mlock`. + It is often used by crypto frameworks to make sure that + secret keys and other sensitive material never gets swapped out to + disk. + + - **memory and memsw limits:** + These are not really metrics, but a reminder of the limits applied + to this cgroup. The first one indicates the maximum amount of + physical memory that can be used by the processes of this control + group; the second one indicates the maximum amount of RAM+swap. Accounting for memory in the page cache is very complex. If two processes in different control groups both read the same file (ultimately relying on the same blocks on disk), the corresponding -memory charge will be split between the control groups. It’s nice, but +memory charge will be split between the control groups. It's nice, but it also means that when a cgroup is terminated, it could increase the memory usage of another cgroup, because they are not splitting the cost anymore for those memory pages. ### CPU metrics: `cpuacct.stat` -Now that we’ve covered memory metrics, everything else will look very +Now that we've covered memory metrics, everything else will look very simple in comparison. CPU metrics will be found in the `cpuacct` controller. For each container, you will find a pseudo-file `cpuacct.stat`, containing the CPU usage accumulated by the processes of the container, -broken down between `user` and `system` time. If you’re not familiar +broken down between `user` and `system` time. If you're not familiar with the distinction, `user` is the time during which the processes were in direct control of the CPU (i.e. executing process code), and `system` is the time during which the CPU was executing system calls on behalf of @@ -217,43 +220,47 @@ they are expressed in "user jiffies". There are `USER_HZ` *"jiffies"* per second, and on x86 systems, `USER_HZ` is 100. This used to map exactly to the number of scheduler "ticks" per second; but with the advent of higher -frequency scheduling, as well as [tickless -kernels](http://lwn.net/Articles/549580/), the number of kernel ticks -wasn’t relevant anymore. It stuck around anyway, mainly for legacy and +frequency scheduling, as well as [tickless kernels]( +http://lwn.net/Articles/549580/), the number of kernel ticks +wasn't relevant anymore. It stuck around anyway, mainly for legacy and compatibility reasons. ### Block I/O metrics Block I/O is accounted in the `blkio` controller. Different metrics are scattered across different files. While you can -find in-depth details in the -[blkio-controller](https://www.kernel.org/doc/Documentation/cgroups/blkio-controller.txt) +find in-depth details in the [blkio-controller]( +https://www.kernel.org/doc/Documentation/cgroups/blkio-controller.txt) file in the kernel documentation, here is a short list of the most relevant ones: -blkio.sectors -: contain the number of 512-bytes sectors read and written by the - processes member of the cgroup, device by device. Reads and writes - are merged in a single counter. -blkio.io\_service\_bytes -: indicates the number of bytes read and written by the cgroup. It has - 4 counters per device, because for each device, it differentiates - between synchronous vs. asynchronous I/O, and reads vs. writes. -blkio.io\_serviced -: the number of I/O operations performed, regardless of their size. It - also has 4 counters per device. -blkio.io\_queued -: indicates the number of I/O operations currently queued for this - cgroup. In other words, if the cgroup isn’t doing any I/O, this will - be zero. Note that the opposite is not true. In other words, if - there is no I/O queued, it does not mean that the cgroup is idle - (I/O-wise). It could be doing purely synchronous reads on an - otherwise quiescent device, which is therefore able to handle them - immediately, without queuing. Also, while it is helpful to figure - out which cgroup is putting stress on the I/O subsystem, keep in - mind that is is a relative quantity. Even if a process group does - not perform more I/O, its queue size can increase just because the - device load increases because of other devices. + + - **blkio.sectors:** + contain the number of 512-bytes sectors read and written by the + processes member of the cgroup, device by device. Reads and writes + are merged in a single counter. + + - **blkio.io_service_bytes:** + indicates the number of bytes read and written by the cgroup. It has + 4 counters per device, because for each device, it differentiates + between synchronous vs. asynchronous I/O, and reads vs. writes. + + - **blkio.io_serviced:** + the number of I/O operations performed, regardless of their size. It + also has 4 counters per device. + + - **blkio.io_queued:** + indicates the number of I/O operations currently queued for this + cgroup. In other words, if the cgroup isn't doing any I/O, this will + be zero. Note that the opposite is not true. In other words, if + there is no I/O queued, it does not mean that the cgroup is idle + (I/O-wise). It could be doing purely synchronous reads on an + otherwise quiescent device, which is therefore able to handle them + immediately, without queuing. Also, while it is helpful to figure + out which cgroup is putting stress on the I/O subsystem, keep in + mind that is is a relative quantity. Even if a process group does + not perform more I/O, its queue size can increase just because the + device load increases because of other devices. ## Network Metrics @@ -261,9 +268,9 @@ Network metrics are not exposed directly by control groups. There is a good explanation for that: network interfaces exist within the context of *network namespaces*. The kernel could probably accumulate metrics about packets and bytes sent and received by a group of processes, but -those metrics wouldn’t be very useful. You want per-interface metrics +those metrics wouldn't be very useful. You want per-interface metrics (because traffic happening on the local `lo` -interface doesn’t really count). But since processes in a single cgroup +interface doesn't really count). But since processes in a single cgroup can belong to multiple network namespaces, those metrics would be harder to interpret: multiple network namespaces means multiple `lo` interfaces, potentially multiple `eth0` @@ -280,7 +287,7 @@ an interface) can do some serious accounting. For instance, you can setup a rule to account for the outbound HTTP traffic on a web server: - iptables -I OUTPUT -p tcp --sport 80 + $ iptables -I OUTPUT -p tcp --sport 80 There is no `-j` or `-g` flag, so the rule will just count matched packets and go to the following @@ -288,7 +295,7 @@ rule. Later, you can check the values of the counters, with: - iptables -nxvL OUTPUT + $ iptables -nxvL OUTPUT Technically, `-n` is not required, but it will prevent iptables from doing DNS reverse lookups, which are probably @@ -324,17 +331,17 @@ The `ip-netns exec` command will let you execute any program (present in the host system) within any network namespace visible to the current process. This means that your host will be able to enter the network namespace of your containers, but your containers -won’t be able to access the host, nor their sibling containers. +won't be able to access the host, nor their sibling containers. Containers will be able to “see” and affect their sub-containers, though. The exact format of the command is: - ip netns exec + $ ip netns exec For example: - ip netns exec mycontainer netstat -i + $ ip netns exec mycontainer netstat -i `ip netns` finds the "mycontainer" container by using namespaces pseudo-files. Each process belongs to one network @@ -351,11 +358,9 @@ those pseudo-files. (Symlinks are accepted.) In other words, to execute a command within the network namespace of a container, we need to: -- Find out the PID of any process within the container that we want to - investigate; -- Create a symlink from `/var/run/netns/` - to `/proc//ns/net` -- Execute `ip netns exec ....` +- Find out the PID of any process within the container that we want to investigate; +- Create a symlink from `/var/run/netns/` to `/proc//ns/net` +- Execute `ip netns exec ....` Please review [*Enumerating Cgroups*](#enumerating-cgroups) to learn how to find the cgroup of a pprocess running in the container of which you want to @@ -364,14 +369,13 @@ measure network usage. From there, you can examine the pseudo-file named control group (i.e. in the container). Pick any one of them. Putting everything together, if the "short ID" of a container is held in -the environment variable `$CID`, then you can do -this: +the environment variable `$CID`, then you can do this: - TASKS=/sys/fs/cgroup/devices/$CID*/tasks - PID=$(head -n 1 $TASKS) - mkdir -p /var/run/netns - ln -sf /proc/$PID/ns/net /var/run/netns/$CID - ip netns exec $CID netstat -i + $ TASKS=/sys/fs/cgroup/devices/$CID*/tasks + $ PID=$(head -n 1 $TASKS) + $ mkdir -p /var/run/netns + $ ln -sf /proc/$PID/ns/net /var/run/netns/$CID + $ ip netns exec $CID netstat -i ## Tips for high-performance metric collection @@ -386,7 +390,7 @@ write your metric collector in C (or any language that lets you do low-level system calls). You need to use a special system call, `setns()`, which lets the current process enter any arbitrary namespace. It requires, however, an open file descriptor to -the namespace pseudo-file (remember: that’s the pseudo-file in +the namespace pseudo-file (remember: that's the pseudo-file in `/proc//ns/net`). However, there is a catch: you must not keep this file descriptor open. @@ -409,26 +413,26 @@ carefully cleans up after itself, but it is still possible. It is usually easier to collect metrics at regular intervals (e.g. every minute, with the collectd LXC plugin) and rely on that instead. -But, if you’d still like to gather the stats when a container stops, +But, if you'd still like to gather the stats when a container stops, here is how: For each container, start a collection process, and move it to the control groups that you want to monitor by writing its PID to the tasks file of the cgroup. The collection process should periodically re-read -the tasks file to check if it’s the last process of the control group. +the tasks file to check if it's the last process of the control group. (If you also want to collect network statistics as explained in the previous section, you should also move the process to the appropriate network namespace.) When the container exits, `lxc-start` will try to delete the control groups. It will fail, since the control group is -still in use; but that’s fine. You process should now detect that it is +still in use; but that's fine. You process should now detect that it is the only one remaining in the group. Now is the right time to collect all the metrics you need! Finally, your process should move itself back to the root control group, and remove the container control group. To remove a control group, just -`rmdir` its directory. It’s counter-intuitive to +`rmdir` its directory. It's counter-intuitive to `rmdir` a directory as it still contains files; but -remember that this is a pseudo-filesystem, so usual rules don’t apply. +remember that this is a pseudo-filesystem, so usual rules don't apply. After the cleanup is done, the collection process can exit safely. diff --git a/docs/sources/articles/runmetrics.rst b/docs/sources/articles/runmetrics.rst deleted file mode 100644 index 6b705fb737..0000000000 --- a/docs/sources/articles/runmetrics.rst +++ /dev/null @@ -1,463 +0,0 @@ -:title: Runtime Metrics -:description: Measure the behavior of running containers -:keywords: docker, metrics, CPU, memory, disk, IO, run, runtime - -.. _run_metrics: - - -Runtime Metrics -=============== - -Linux Containers rely on `control groups -`_ which -not only track groups of processes, but also expose metrics about CPU, -memory, and block I/O usage. You can access those metrics and obtain -network usage metrics as well. This is relevant for "pure" LXC -containers, as well as for Docker containers. - -Control Groups --------------- - -Control groups are exposed through a pseudo-filesystem. In recent -distros, you should find this filesystem under -``/sys/fs/cgroup``. Under that directory, you will see multiple -sub-directories, called devices, freezer, blkio, etc.; each -sub-directory actually corresponds to a different cgroup hierarchy. - -On older systems, the control groups might be mounted on ``/cgroup``, -without distinct hierarchies. In that case, instead of seeing the -sub-directories, you will see a bunch of files in that directory, and -possibly some directories corresponding to existing containers. - -To figure out where your control groups are mounted, you can run: - -:: - - grep cgroup /proc/mounts - -.. _run_findpid: - -Enumerating Cgroups -------------------- - -You can look into ``/proc/cgroups`` to see the different control group -subsystems known to the system, the hierarchy they belong to, and how -many groups they contain. - -You can also look at ``/proc//cgroup`` to see which control -groups a process belongs to. The control group will be shown as a path -relative to the root of the hierarchy mountpoint; e.g. ``/`` means -“this process has not been assigned into a particular group”, while -``/lxc/pumpkin`` means that the process is likely to be a member of a -container named ``pumpkin``. - -Finding the Cgroup for a Given Container ----------------------------------------- - -For each container, one cgroup will be created in each hierarchy. On -older systems with older versions of the LXC userland tools, the name -of the cgroup will be the name of the container. With more recent -versions of the LXC tools, the cgroup will be ``lxc/.`` - -For Docker containers using cgroups, the container name will be the -full ID or long ID of the container. If a container shows up as -ae836c95b4c3 in ``docker ps``, its long ID might be something like -``ae836c95b4c3c9e9179e0e91015512da89fdec91612f63cebae57df9a5444c79``. You -can look it up with ``docker inspect`` or ``docker ps --no-trunc``. - -Putting everything together to look at the memory metrics for a Docker -container, take a look at ``/sys/fs/cgroup/memory/lxc//``. - -Metrics from Cgroups: Memory, CPU, Block IO -------------------------------------------- - -For each subsystem (memory, CPU, and block I/O), you will find one or -more pseudo-files containing statistics. - -Memory Metrics: ``memory.stat`` -............................... - -Memory metrics are found in the "memory" cgroup. Note that the memory -control group adds a little overhead, because it does very -fine-grained accounting of the memory usage on your host. Therefore, -many distros chose to not enable it by default. Generally, to enable -it, all you have to do is to add some kernel command-line parameters: -``cgroup_enable=memory swapaccount=1``. - -The metrics are in the pseudo-file ``memory.stat``. Here is what it -will look like: - -:: - - cache 11492564992 - rss 1930993664 - mapped_file 306728960 - pgpgin 406632648 - pgpgout 403355412 - swap 0 - pgfault 728281223 - pgmajfault 1724 - inactive_anon 46608384 - active_anon 1884520448 - inactive_file 7003344896 - active_file 4489052160 - unevictable 32768 - hierarchical_memory_limit 9223372036854775807 - hierarchical_memsw_limit 9223372036854775807 - total_cache 11492564992 - total_rss 1930993664 - total_mapped_file 306728960 - total_pgpgin 406632648 - total_pgpgout 403355412 - total_swap 0 - total_pgfault 728281223 - total_pgmajfault 1724 - total_inactive_anon 46608384 - total_active_anon 1884520448 - total_inactive_file 7003344896 - total_active_file 4489052160 - total_unevictable 32768 - -The first half (without the ``total_`` prefix) contains statistics -relevant to the processes within the cgroup, excluding -sub-cgroups. The second half (with the ``total_`` prefix) includes -sub-cgroups as well. - -Some metrics are "gauges", i.e. values that can increase or decrease -(e.g. swap, the amount of swap space used by the members of the -cgroup). Some others are "counters", i.e. values that can only go up, -because they represent occurrences of a specific event (e.g. pgfault, -which indicates the number of page faults which happened since the -creation of the cgroup; this number can never decrease). - -cache - the amount of memory used by the processes of this control group - that can be associated precisely with a block on a block - device. When you read from and write to files on disk, this amount - will increase. This will be the case if you use "conventional" I/O - (``open``, ``read``, ``write`` syscalls) as well as mapped files - (with ``mmap``). It also accounts for the memory used by ``tmpfs`` - mounts, though the reasons are unclear. - -rss - the amount of memory that *doesn't* correspond to anything on - disk: stacks, heaps, and anonymous memory maps. - -mapped_file - indicates the amount of memory mapped by the processes in the - control group. It doesn't give you information about *how much* - memory is used; it rather tells you *how* it is used. - -pgfault and pgmajfault - indicate the number of times that a process of the cgroup triggered - a "page fault" and a "major fault", respectively. A page fault - happens when a process accesses a part of its virtual memory space - which is nonexistent or protected. The former can happen if the - process is buggy and tries to access an invalid address (it will - then be sent a ``SIGSEGV`` signal, typically killing it with the - famous ``Segmentation fault`` message). The latter can happen when - the process reads from a memory zone which has been swapped out, or - which corresponds to a mapped file: in that case, the kernel will - load the page from disk, and let the CPU complete the memory - access. It can also happen when the process writes to a - copy-on-write memory zone: likewise, the kernel will preempt the - process, duplicate the memory page, and resume the write operation - on the process' own copy of the page. "Major" faults happen when the - kernel actually has to read the data from disk. When it just has to - duplicate an existing page, or allocate an empty page, it's a - regular (or "minor") fault. - -swap - the amount of swap currently used by the processes in this cgroup. - -active_anon and inactive_anon - the amount of *anonymous* memory that has been identified has - respectively *active* and *inactive* by the kernel. "Anonymous" - memory is the memory that is *not* linked to disk pages. In other - words, that's the equivalent of the rss counter described above. In - fact, the very definition of the rss counter is **active_anon** + - **inactive_anon** - **tmpfs** (where tmpfs is the amount of memory - used up by ``tmpfs`` filesystems mounted by this control - group). Now, what's the difference between "active" and "inactive"? - Pages are initially "active"; and at regular intervals, the kernel - sweeps over the memory, and tags some pages as "inactive". Whenever - they are accessed again, they are immediately retagged - "active". When the kernel is almost out of memory, and time comes to - swap out to disk, the kernel will swap "inactive" pages. - -active_file and inactive_file - cache memory, with *active* and *inactive* similar to the *anon* - memory above. The exact formula is cache = **active_file** + - **inactive_file** + **tmpfs**. The exact rules used by the kernel to - move memory pages between active and inactive sets are different - from the ones used for anonymous memory, but the general principle - is the same. Note that when the kernel needs to reclaim memory, it - is cheaper to reclaim a clean (=non modified) page from this pool, - since it can be reclaimed immediately (while anonymous pages and - dirty/modified pages have to be written to disk first). - -unevictable - the amount of memory that cannot be reclaimed; generally, it will - account for memory that has been "locked" with ``mlock``. It is - often used by crypto frameworks to make sure that secret keys and - other sensitive material never gets swapped out to disk. - -memory and memsw limits - These are not really metrics, but a reminder of the limits applied - to this cgroup. The first one indicates the maximum amount of - physical memory that can be used by the processes of this control - group; the second one indicates the maximum amount of RAM+swap. - -Accounting for memory in the page cache is very complex. If two -processes in different control groups both read the same file -(ultimately relying on the same blocks on disk), the corresponding -memory charge will be split between the control groups. It's nice, but -it also means that when a cgroup is terminated, it could increase the -memory usage of another cgroup, because they are not splitting the -cost anymore for those memory pages. - -CPU metrics: ``cpuacct.stat`` -............................. - -Now that we've covered memory metrics, everything else will look very -simple in comparison. CPU metrics will be found in the ``cpuacct`` -controller. - -For each container, you will find a pseudo-file ``cpuacct.stat``, -containing the CPU usage accumulated by the processes of the -container, broken down between ``user`` and ``system`` time. If you're -not familiar with the distinction, ``user`` is the time during which -the processes were in direct control of the CPU (i.e. executing -process code), and ``system`` is the time during which the CPU was -executing system calls on behalf of those processes. - -Those times are expressed in ticks of 1/100th of a second. Actually, -they are expressed in "user jiffies". There are ``USER_HZ`` -*"jiffies"* per second, and on x86 systems, ``USER_HZ`` is 100. This -used to map exactly to the number of scheduler "ticks" per second; but -with the advent of higher frequency scheduling, as well as `tickless -kernels `_, the number of kernel -ticks wasn't relevant anymore. It stuck around anyway, mainly for -legacy and compatibility reasons. - -Block I/O metrics -................. - -Block I/O is accounted in the ``blkio`` controller. Different metrics -are scattered across different files. While you can find in-depth -details in the `blkio-controller -`_ -file in the kernel documentation, here is a short list of the most -relevant ones: - -blkio.sectors - contain the number of 512-bytes sectors read and written by the - processes member of the cgroup, device by device. Reads and writes - are merged in a single counter. - -blkio.io_service_bytes - indicates the number of bytes read and written by the cgroup. It has - 4 counters per device, because for each device, it differentiates - between synchronous vs. asynchronous I/O, and reads vs. writes. - -blkio.io_serviced - the number of I/O operations performed, regardless of their size. It - also has 4 counters per device. - -blkio.io_queued - indicates the number of I/O operations currently queued for this - cgroup. In other words, if the cgroup isn't doing any I/O, this will - be zero. Note that the opposite is not true. In other words, if - there is no I/O queued, it does not mean that the cgroup is idle - (I/O-wise). It could be doing purely synchronous reads on an - otherwise quiescent device, which is therefore able to handle them - immediately, without queuing. Also, while it is helpful to figure - out which cgroup is putting stress on the I/O subsystem, keep in - mind that is is a relative quantity. Even if a process group does - not perform more I/O, its queue size can increase just because the - device load increases because of other devices. - -Network Metrics ---------------- - -Network metrics are not exposed directly by control groups. There is a -good explanation for that: network interfaces exist within the context -of *network namespaces*. The kernel could probably accumulate metrics -about packets and bytes sent and received by a group of processes, but -those metrics wouldn't be very useful. You want per-interface metrics -(because traffic happening on the local ``lo`` interface doesn't -really count). But since processes in a single cgroup can belong to -multiple network namespaces, those metrics would be harder to -interpret: multiple network namespaces means multiple ``lo`` -interfaces, potentially multiple ``eth0`` interfaces, etc.; so this is -why there is no easy way to gather network metrics with control -groups. - -Instead we can gather network metrics from other sources: - -IPtables -........ - -IPtables (or rather, the netfilter framework for which iptables is -just an interface) can do some serious accounting. - -For instance, you can setup a rule to account for the outbound HTTP -traffic on a web server: - -:: - - iptables -I OUTPUT -p tcp --sport 80 - - -There is no ``-j`` or ``-g`` flag, so the rule will just count matched -packets and go to the following rule. - -Later, you can check the values of the counters, with: - -:: - - iptables -nxvL OUTPUT - -Technically, ``-n`` is not required, but it will prevent iptables from -doing DNS reverse lookups, which are probably useless in this -scenario. - -Counters include packets and bytes. If you want to setup metrics for -container traffic like this, you could execute a ``for`` loop to add -two ``iptables`` rules per container IP address (one in each -direction), in the ``FORWARD`` chain. This will only meter traffic -going through the NAT layer; you will also have to add traffic going -through the userland proxy. - -Then, you will need to check those counters on a regular basis. If you -happen to use ``collectd``, there is a nice plugin to automate -iptables counters collection. - -Interface-level counters -........................ - -Since each container has a virtual Ethernet interface, you might want -to check directly the TX and RX counters of this interface. You will -notice that each container is associated to a virtual Ethernet -interface in your host, with a name like ``vethKk8Zqi``. Figuring out -which interface corresponds to which container is, unfortunately, -difficult. - -But for now, the best way is to check the metrics *from within the -containers*. To accomplish this, you can run an executable from the -host environment within the network namespace of a container using -**ip-netns magic**. - -The ``ip-netns exec`` command will let you execute any program -(present in the host system) within any network namespace visible to -the current process. This means that your host will be able to enter -the network namespace of your containers, but your containers won't be -able to access the host, nor their sibling containers. Containers will -be able to “see” and affect their sub-containers, though. - -The exact format of the command is:: - - ip netns exec - -For example:: - - ip netns exec mycontainer netstat -i - -``ip netns`` finds the "mycontainer" container by using namespaces -pseudo-files. Each process belongs to one network namespace, one PID -namespace, one ``mnt`` namespace, etc., and those namespaces are -materialized under ``/proc//ns/``. For example, the network -namespace of PID 42 is materialized by the pseudo-file -``/proc/42/ns/net``. - -When you run ``ip netns exec mycontainer ...``, it expects -``/var/run/netns/mycontainer`` to be one of those -pseudo-files. (Symlinks are accepted.) - -In other words, to execute a command within the network namespace of a -container, we need to: - -* Find out the PID of any process within the container that we want to - investigate; -* Create a symlink from ``/var/run/netns/`` to - ``/proc//ns/net`` -* Execute ``ip netns exec ....`` - -Please review :ref:`run_findpid` to learn how to find the cgroup of a -pprocess running in the container of which you want to measure network -usage. From there, you can examine the pseudo-file named ``tasks``, -which containes the PIDs that are in the control group (i.e. in the -container). Pick any one of them. - -Putting everything together, if the "short ID" of a container is held -in the environment variable ``$CID``, then you can do this:: - - TASKS=/sys/fs/cgroup/devices/$CID*/tasks - PID=$(head -n 1 $TASKS) - mkdir -p /var/run/netns - ln -sf /proc/$PID/ns/net /var/run/netns/$CID - ip netns exec $CID netstat -i - - -Tips for high-performance metric collection -------------------------------------------- - -Note that running a new process each time you want to update metrics -is (relatively) expensive. If you want to collect metrics at high -resolutions, and/or over a large number of containers (think 1000 -containers on a single host), you do not want to fork a new process -each time. - -Here is how to collect metrics from a single process. You will have to -write your metric collector in C (or any language that lets you do -low-level system calls). You need to use a special system call, -``setns()``, which lets the current process enter any arbitrary -namespace. It requires, however, an open file descriptor to the -namespace pseudo-file (remember: that’s the pseudo-file in -``/proc//ns/net``). - -However, there is a catch: you must not keep this file descriptor -open. If you do, when the last process of the control group exits, the -namespace will not be destroyed, and its network resources (like the -virtual interface of the container) will stay around for ever (or -until you close that file descriptor). - -The right approach would be to keep track of the first PID of each -container, and re-open the namespace pseudo-file each time. - -Collecting metrics when a container exits ------------------------------------------ - -Sometimes, you do not care about real time metric collection, but when -a container exits, you want to know how much CPU, memory, etc. it has -used. - -Docker makes this difficult because it relies on ``lxc-start``, which -carefully cleans up after itself, but it is still possible. It is -usually easier to collect metrics at regular intervals (e.g. every -minute, with the collectd LXC plugin) and rely on that instead. - -But, if you'd still like to gather the stats when a container stops, -here is how: - -For each container, start a collection process, and move it to the -control groups that you want to monitor by writing its PID to the -tasks file of the cgroup. The collection process should periodically -re-read the tasks file to check if it's the last process of the -control group. (If you also want to collect network statistics as -explained in the previous section, you should also move the process to -the appropriate network namespace.) - -When the container exits, ``lxc-start`` will try to delete the control -groups. It will fail, since the control group is still in use; but -that’s fine. You process should now detect that it is the only one -remaining in the group. Now is the right time to collect all the -metrics you need! - -Finally, your process should move itself back to the root control -group, and remove the container control group. To remove a control -group, just ``rmdir`` its directory. It's counter-intuitive to -``rmdir`` a directory as it still contains files; but remember that -this is a pseudo-filesystem, so usual rules don't apply. After the -cleanup is done, the collection process can exit safely. - diff --git a/docs/sources/articles/security.md b/docs/sources/articles/security.md index 1a438295e7..69284db836 100644 --- a/docs/sources/articles/security.md +++ b/docs/sources/articles/security.md @@ -9,11 +9,11 @@ page_keywords: Docker, Docker documentation, security There are three major areas to consider when reviewing Docker security: -- the intrinsic security of containers, as implemented by kernel - namespaces and cgroups; -- the attack surface of the Docker daemon itself; -- the "hardening" security features of the kernel and how they - interact with containers. + - the intrinsic security of containers, as implemented by kernel + namespaces and cgroups; + - the attack surface of the Docker daemon itself; + - the "hardening" security features of the kernel and how they + interact with containers. ## Kernel Namespaces @@ -33,12 +33,12 @@ less affect, processes running in another container, or in the host system. **Each container also gets its own network stack**, meaning that a -container doesn’t get a privileged access to the sockets or interfaces +container doesn't get a privileged access to the sockets or interfaces of another container. Of course, if the host system is setup accordingly, containers can interact with each other through their respective network interfaces — just like they can interact with external hosts. When you specify public ports for your containers or use -[*links*](../../use/working_with_links_names/#working-with-links-names) +[*links*](/use/working_with_links_names/#working-with-links-names) then IP traffic is allowed between containers. They can ping each other, send/receive UDP packets, and establish TCP connections, but that can be restricted if necessary. From a network architecture point of view, all @@ -54,8 +54,8 @@ This means that since July 2008 (date of the 2.6.26 release, now 5 years ago), namespace code has been exercised and scrutinized on a large number of production systems. And there is more: the design and inspiration for the namespaces code are even older. Namespaces are -actually an effort to reimplement the features of -[OpenVZ](http://en.wikipedia.org/wiki/OpenVZ) in such a way that they +actually an effort to reimplement the features of [OpenVZ]( +http://en.wikipedia.org/wiki/OpenVZ) in such a way that they could be merged within the mainstream kernel. And OpenVZ was initially released in 2005, so both the design and the implementation are pretty mature. @@ -90,11 +90,10 @@ Docker daemon**. This is a direct consequence of some powerful Docker features. Specifically, Docker allows you to share a directory between the Docker host and a guest container; and it allows you to do so without limiting the access rights of the container. This means that you -can start a container where the `/host` directory -will be the `/` directory on your host; and the -container will be able to alter your host filesystem without any -restriction. This sounds crazy? Well, you have to know that **all -virtualization systems allowing filesystem resource sharing behave the +can start a container where the `/host` directory will be the `/` directory +on your host; and the container will be able to alter your host filesystem +without any restriction. This sounds crazy? Well, you have to know that +**all virtualization systems allowing filesystem resource sharing behave the same way**. Nothing prevents you from sharing your root filesystem (or even your root block device) with a virtual machine. @@ -120,8 +119,8 @@ and client SSL certificates. Recent improvements in Linux namespaces will soon allow to run full-featured containers without root privileges, thanks to the new user -namespace. This is covered in detail -[here](http://s3hh.wordpress.com/2013/07/19/creating-and-using-containers-without-privilege/). +namespace. This is covered in detail [here]( +http://s3hh.wordpress.com/2013/07/19/creating-and-using-containers-without-privilege/). Moreover, this will solve the problem caused by sharing filesystems between host and guest, since the user namespace allows users within containers (including the root user) to be mapped to other users in the @@ -130,13 +129,13 @@ host system. The end goal for Docker is therefore to implement two additional security improvements: -- map the root user of a container to a non-root user of the Docker - host, to mitigate the effects of a container-to-host privilege - escalation; -- allow the Docker daemon to run without root privileges, and delegate - operations requiring those privileges to well-audited sub-processes, - each with its own (very limited) scope: virtual network setup, - filesystem management, etc. + - map the root user of a container to a non-root user of the Docker + host, to mitigate the effects of a container-to-host privilege + escalation; + - allow the Docker daemon to run without root privileges, and delegate + operations requiring those privileges to well-audited sub-processes, + each with its own (very limited) scope: virtual network setup, + filesystem management, etc. Finally, if you run Docker on a server, it is recommended to run exclusively Docker in the server, and move all other services within @@ -152,11 +151,11 @@ capabilities. What does that mean? Capabilities turn the binary "root/non-root" dichotomy into a fine-grained access control system. Processes (like web servers) that just need to bind on a port below 1024 do not have to run as root: they -can just be granted the `net_bind_service` -capability instead. And there are many other capabilities, for almost -all the specific areas where root privileges are usually needed. +can just be granted the `net_bind_service` capability instead. And there +are many other capabilities, for almost all the specific areas where root +privileges are usually needed. -This means a lot for container security; let’s see why! +This means a lot for container security; let's see why! Your average server (bare metal or virtual machine) needs to run a bunch of processes as root. Those typically include SSH, cron, syslogd; @@ -165,41 +164,41 @@ tools (to handle e.g. DHCP, WPA, or VPNs), and much more. A container is very different, because almost all of those tasks are handled by the infrastructure around the container: -- SSH access will typically be managed by a single server running in - the Docker host; -- `cron`, when necessary, should run as a user - process, dedicated and tailored for the app that needs its - scheduling service, rather than as a platform-wide facility; -- log management will also typically be handed to Docker, or by - third-party services like Loggly or Splunk; -- hardware management is irrelevant, meaning that you never need to - run `udevd` or equivalent daemons within - containers; -- network management happens outside of the containers, enforcing - separation of concerns as much as possible, meaning that a container - should never need to perform `ifconfig`, - `route`, or ip commands (except when a container - is specifically engineered to behave like a router or firewall, of - course). + - SSH access will typically be managed by a single server running in + the Docker host; + - `cron`, when necessary, should run as a user + process, dedicated and tailored for the app that needs its + scheduling service, rather than as a platform-wide facility; + - log management will also typically be handed to Docker, or by + third-party services like Loggly or Splunk; + - hardware management is irrelevant, meaning that you never need to + run `udevd` or equivalent daemons within + containers; + - network management happens outside of the containers, enforcing + separation of concerns as much as possible, meaning that a container + should never need to perform `ifconfig`, + `route`, or ip commands (except when a container + is specifically engineered to behave like a router or firewall, of + course). This means that in most cases, containers will not need "real" root privileges *at all*. And therefore, containers can run with a reduced capability set; meaning that "root" within a container has much less privileges than the real "root". For instance, it is possible to: -- deny all "mount" operations; -- deny access to raw sockets (to prevent packet spoofing); -- deny access to some filesystem operations, like creating new device - nodes, changing the owner of files, or altering attributes - (including the immutable flag); -- deny module loading; -- and many others. + - deny all "mount" operations; + - deny access to raw sockets (to prevent packet spoofing); + - deny access to some filesystem operations, like creating new device + nodes, changing the owner of files, or altering attributes (including + the immutable flag); + - deny module loading; + - and many others. This means that even if an intruder manages to escalate to root within a container, it will be much harder to do serious damage, or to escalate to the host. -This won’t affect regular web apps; but malicious users will find that +This won't affect regular web apps; but malicious users will find that the arsenal at their disposal has shrunk considerably! You can see [the list of dropped capabilities in the Docker code](https://github.com/dotcloud/docker/blob/v0.5.0/lxc_template.go#L97), @@ -217,28 +216,28 @@ modern Linux kernels. It is also possible to leverage existing, well-known systems like TOMOYO, AppArmor, SELinux, GRSEC, etc. with Docker. -While Docker currently only enables capabilities, it doesn’t interfere +While Docker currently only enables capabilities, it doesn't interfere with the other systems. This means that there are many different ways to harden a Docker host. Here are a few examples. -- You can run a kernel with GRSEC and PAX. This will add many safety - checks, both at compile-time and run-time; it will also defeat many - exploits, thanks to techniques like address randomization. It - doesn’t require Docker-specific configuration, since those security - features apply system-wide, independently of containers. -- If your distribution comes with security model templates for LXC - containers, you can use them out of the box. For instance, Ubuntu - comes with AppArmor templates for LXC, and those templates provide - an extra safety net (even though it overlaps greatly with - capabilities). -- You can define your own policies using your favorite access control - mechanism. Since Docker containers are standard LXC containers, - there is nothing “magic” or specific to Docker. + - You can run a kernel with GRSEC and PAX. This will add many safety + checks, both at compile-time and run-time; it will also defeat many + exploits, thanks to techniques like address randomization. It + doesn't require Docker-specific configuration, since those security + features apply system-wide, independently of containers. + - If your distribution comes with security model templates for LXC + containers, you can use them out of the box. For instance, Ubuntu + comes with AppArmor templates for LXC, and those templates provide + an extra safety net (even though it overlaps greatly with + capabilities). + - You can define your own policies using your favorite access control + mechanism. Since Docker containers are standard LXC containers, + there is nothing “magic” or specific to Docker. Just like there are many third-party tools to augment Docker containers with e.g. special network topologies or shared filesystems, you can expect to see tools to harden existing Docker containers without -affecting Docker’s core. +affecting Docker's core. ## Conclusions @@ -254,5 +253,5 @@ containerization systems, you will be able to implement them as well with Docker, since everything is provided by the kernel anyway. For more context and especially for comparisons with VMs and other -container systems, please also see the [original blog -post](http://blog.docker.io/2013/08/containers-docker-how-secure-are-they/). +container systems, please also see the [original blog post]( +http://blog.docker.io/2013/08/containers-docker-how-secure-are-they/). diff --git a/docs/sources/articles/security.rst b/docs/sources/articles/security.rst deleted file mode 100644 index ec2ab9bffd..0000000000 --- a/docs/sources/articles/security.rst +++ /dev/null @@ -1,269 +0,0 @@ -:title: Docker Security -:description: Review of the Docker Daemon attack surface -:keywords: Docker, Docker documentation, security - -.. _dockersecurity: - -Docker Security -=============== - - *Adapted from* `Containers & Docker: How Secure are They? `_ - -There are three major areas to consider when reviewing Docker security: - -* the intrinsic security of containers, as implemented by kernel - namespaces and cgroups; -* the attack surface of the Docker daemon itself; -* the "hardening" security features of the kernel and how they - interact with containers. - -Kernel Namespaces ------------------ - -Docker containers are essentially LXC containers, and they come with -the same security features. When you start a container with ``docker -run``, behind the scenes Docker uses ``lxc-start`` to execute the -Docker container. This creates a set of namespaces and control groups -for the container. Those namespaces and control groups are not created -by Docker itself, but by ``lxc-start``. This means that as the LXC -userland tools evolve (and provide additional namespaces and isolation -features), Docker will automatically make use of them. - -**Namespaces provide the first and most straightforward form of -isolation**: processes running within a container cannot see, and even -less affect, processes running in another container, or in the host -system. - -**Each container also gets its own network stack**, meaning that a -container doesn’t get a privileged access to the sockets or interfaces -of another container. Of course, if the host system is setup -accordingly, containers can interact with each other through their -respective network interfaces — just like they can interact with -external hosts. When you specify public ports for your containers or -use :ref:`links ` then IP traffic is allowed -between containers. They can ping each other, send/receive UDP -packets, and establish TCP connections, but that can be restricted if -necessary. From a network architecture point of view, all containers -on a given Docker host are sitting on bridge interfaces. This means -that they are just like physical machines connected through a common -Ethernet switch; no more, no less. - -How mature is the code providing kernel namespaces and private -networking? Kernel namespaces were introduced `between kernel version -2.6.15 and 2.6.26 -`_. This -means that since July 2008 (date of the 2.6.26 release, now 5 years -ago), namespace code has been exercised and scrutinized on a large -number of production systems. And there is more: the design and -inspiration for the namespaces code are even older. Namespaces are -actually an effort to reimplement the features of `OpenVZ -`_ in such a way that they could -be merged within the mainstream kernel. And OpenVZ was initially -released in 2005, so both the design and the implementation are -pretty mature. - -Control Groups --------------- - -Control Groups are the other key component of Linux Containers. They -implement resource accounting and limiting. They provide a lot of very -useful metrics, but they also help to ensure that each container gets -its fair share of memory, CPU, disk I/O; and, more importantly, that a -single container cannot bring the system down by exhausting one of -those resources. - -So while they do not play a role in preventing one container from -accessing or affecting the data and processes of another container, -they are essential to fend off some denial-of-service attacks. They -are particularly important on multi-tenant platforms, like public and -private PaaS, to guarantee a consistent uptime (and performance) even -when some applications start to misbehave. - -Control Groups have been around for a while as well: the code was -started in 2006, and initially merged in kernel 2.6.24. - -.. _dockersecurity_daemon: - -Docker Daemon Attack Surface ----------------------------- - -Running containers (and applications) with Docker implies running the -Docker daemon. This daemon currently requires root privileges, and you -should therefore be aware of some important details. - -First of all, **only trusted users should be allowed to control your -Docker daemon**. This is a direct consequence of some powerful Docker -features. Specifically, Docker allows you to share a directory between -the Docker host and a guest container; and it allows you to do so -without limiting the access rights of the container. This means that -you can start a container where the ``/host`` directory will be the -``/`` directory on your host; and the container will be able to alter -your host filesystem without any restriction. This sounds crazy? Well, -you have to know that **all virtualization systems allowing filesystem -resource sharing behave the same way**. Nothing prevents you from -sharing your root filesystem (or even your root block device) with a -virtual machine. - -This has a strong security implication: if you instrument Docker from -e.g. a web server to provision containers through an API, you should -be even more careful than usual with parameter checking, to make sure -that a malicious user cannot pass crafted parameters causing Docker to -create arbitrary containers. - -For this reason, the REST API endpoint (used by the Docker CLI to -communicate with the Docker daemon) changed in Docker 0.5.2, and now -uses a UNIX socket instead of a TCP socket bound on 127.0.0.1 (the -latter being prone to cross-site-scripting attacks if you happen to -run Docker directly on your local machine, outside of a VM). You can -then use traditional UNIX permission checks to limit access to the -control socket. - -You can also expose the REST API over HTTP if you explicitly decide -so. However, if you do that, being aware of the abovementioned -security implication, you should ensure that it will be reachable -only from a trusted network or VPN; or protected with e.g. ``stunnel`` -and client SSL certificates. - -Recent improvements in Linux namespaces will soon allow to run -full-featured containers without root privileges, thanks to the new -user namespace. This is covered in detail `here -`_. Moreover, -this will solve the problem caused by sharing filesystems between host -and guest, since the user namespace allows users within containers -(including the root user) to be mapped to other users in the host -system. - -The end goal for Docker is therefore to implement two additional -security improvements: - -* map the root user of a container to a non-root user of the Docker - host, to mitigate the effects of a container-to-host privilege - escalation; -* allow the Docker daemon to run without root privileges, and delegate - operations requiring those privileges to well-audited sub-processes, - each with its own (very limited) scope: virtual network setup, - filesystem management, etc. - -Finally, if you run Docker on a server, it is recommended to run -exclusively Docker in the server, and move all other services within -containers controlled by Docker. Of course, it is fine to keep your -favorite admin tools (probably at least an SSH server), as well as -existing monitoring/supervision processes (e.g. NRPE, collectd, etc). - -Linux Kernel Capabilities -------------------------- - -By default, Docker starts containers with a very restricted set of -capabilities. What does that mean? - -Capabilities turn the binary "root/non-root" dichotomy into a -fine-grained access control system. Processes (like web servers) that -just need to bind on a port below 1024 do not have to run as root: -they can just be granted the ``net_bind_service`` capability -instead. And there are many other capabilities, for almost all the -specific areas where root privileges are usually needed. - -This means a lot for container security; let’s see why! - -Your average server (bare metal or virtual machine) needs to run a -bunch of processes as root. Those typically include SSH, cron, -syslogd; hardware management tools (to e.g. load modules), network -configuration tools (to handle e.g. DHCP, WPA, or VPNs), and much -more. A container is very different, because almost all of those tasks -are handled by the infrastructure around the container: - -* SSH access will typically be managed by a single server running in - the Docker host; -* ``cron``, when necessary, should run as a user process, dedicated - and tailored for the app that needs its scheduling service, rather - than as a platform-wide facility; -* log management will also typically be handed to Docker, or by - third-party services like Loggly or Splunk; -* hardware management is irrelevant, meaning that you never need to - run ``udevd`` or equivalent daemons within containers; -* network management happens outside of the containers, enforcing - separation of concerns as much as possible, meaning that a container - should never need to perform ``ifconfig``, ``route``, or ip commands - (except when a container is specifically engineered to behave like a - router or firewall, of course). - -This means that in most cases, containers will not need "real" root -privileges *at all*. And therefore, containers can run with a reduced -capability set; meaning that "root" within a container has much less -privileges than the real "root". For instance, it is possible to: - -* deny all "mount" operations; -* deny access to raw sockets (to prevent packet spoofing); -* deny access to some filesystem operations, like creating new device - nodes, changing the owner of files, or altering attributes - (including the immutable flag); -* deny module loading; -* and many others. - -This means that even if an intruder manages to escalate to root within -a container, it will be much harder to do serious damage, or to -escalate to the host. - -This won't affect regular web apps; but malicious users will find that -the arsenal at their disposal has shrunk considerably! You can see -`the list of dropped capabilities in the Docker code -`_, -and a full list of available capabilities in `Linux manpages -`_. - -Of course, you can always enable extra capabilities if you really need -them (for instance, if you want to use a FUSE-based filesystem), but -by default, Docker containers will be locked down to ensure maximum -safety. - -Other Kernel Security Features ------------------------------- - -Capabilities are just one of the many security features provided by -modern Linux kernels. It is also possible to leverage existing, -well-known systems like TOMOYO, AppArmor, SELinux, GRSEC, etc. with -Docker. - -While Docker currently only enables capabilities, it doesn't interfere -with the other systems. This means that there are many different ways -to harden a Docker host. Here are a few examples. - -* You can run a kernel with GRSEC and PAX. This will add many safety - checks, both at compile-time and run-time; it will also defeat many - exploits, thanks to techniques like address randomization. It - doesn’t require Docker-specific configuration, since those security - features apply system-wide, independently of containers. -* If your distribution comes with security model templates for LXC - containers, you can use them out of the box. For instance, Ubuntu - comes with AppArmor templates for LXC, and those templates provide - an extra safety net (even though it overlaps greatly with - capabilities). -* You can define your own policies using your favorite access control - mechanism. Since Docker containers are standard LXC containers, - there is nothing “magic” or specific to Docker. - -Just like there are many third-party tools to augment Docker -containers with e.g. special network topologies or shared filesystems, -you can expect to see tools to harden existing Docker containers -without affecting Docker’s core. - -Conclusions ------------ - -Docker containers are, by default, quite secure; especially if you -take care of running your processes inside the containers as -non-privileged users (i.e. non root). - -You can add an extra layer of safety by enabling Apparmor, SELinux, -GRSEC, or your favorite hardening solution. - -Last but not least, if you see interesting security features in other -containerization systems, you will be able to implement them as well -with Docker, since everything is provided by the kernel anyway. - -For more context and especially for comparisons with VMs and other -container systems, please also see the `original blog post -`_. - -.. _blogsecurity: http://blog.docker.io/2013/08/containers-docker-how-secure-are-they/ - diff --git a/docs/sources/conf.py b/docs/sources/conf.py deleted file mode 100644 index 12f5b57841..0000000000 --- a/docs/sources/conf.py +++ /dev/null @@ -1,266 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Docker documentation build configuration file, created by -# sphinx-quickstart on Tue Mar 19 12:34:07 2013. -# -# This file is execfile()d with the current directory set to its containing dir. -# -# Note that not all possible configuration values are present in this -# autogenerated file. -# -# All configuration values have a default; values that are commented out -# serve to show the default. - -import sys, os - -# If extensions (or modules to document with autodoc) are in another directory, -# add these directories to sys.path here. If the directory is relative to the -# documentation root, use os.path.abspath to make it absolute, like shown here. -#sys.path.insert(0, os.path.abspath('.')) - -# -- General configuration ----------------------------------------------------- - - - -# Additional templates that should be rendered to pages, maps page names to -# template names. -# the 'redirect_home.html' page redirects using a http meta refresh which, according -# to official sources is more or less equivalent of a 301. - -html_additional_pages = { - 'concepts/containers': 'redirect_home.html', - 'concepts/introduction': 'redirect_home.html', - 'builder/basics': 'redirect_build.html', - } - - - -# If your documentation needs a minimal Sphinx version, state it here. -#needs_sphinx = '1.0' - -# Add any Sphinx extension module names here, as strings. They can be extensions -# coming with Sphinx (named 'sphinx.ext.*') or your custom ones. -extensions = ['sphinxcontrib.httpdomain', 'sphinx.ext.extlinks'] - -# Configure extlinks -extlinks = { 'issue': ('https://github.com/dotcloud/docker/issues/%s', - 'Issue ') } - -# Add any paths that contain templates here, relative to this directory. -templates_path = ['_templates'] - -# The suffix of source filenames. -source_suffix = '.rst' - -# The encoding of source files. -#source_encoding = 'utf-8-sig' - -html_add_permalinks = u'¶' - -# The master toctree document. -master_doc = 'toctree' - -# General information about the project. -project = u'Docker' -copyright = u'2014 Docker, Inc.' - -# The version info for the project you're documenting, acts as replacement for -# |version| and |release|, also used in various other places throughout the -# built documents. -# -# The short X.Y version. -version = '0.1' -# The full version, including alpha/beta/rc tags. -release = '0' - -# The language for content autogenerated by Sphinx. Refer to documentation -# for a list of supported languages. -#language = None - -# There are two options for replacing |today|: either, you set today to some -# non-false value, then it is used: -#today = '' -# Else, today_fmt is used as the format for a strftime call. -#today_fmt = '%B %d, %Y' - -# List of patterns, relative to source directory, that match files and -# directories to ignore when looking for source files. -exclude_patterns = ['_build'] - -# The reST default role (used for this markup: `text`) to use for all documents. -#default_role = None - -# If true, '()' will be appended to :func: etc. cross-reference text. -#add_function_parentheses = True - -# If true, the current module name will be prepended to all description -# unit titles (such as .. function::). -#add_module_names = True - -# If true, sectionauthor and moduleauthor directives will be shown in the -# output. They are ignored by default. -#show_authors = False - -# The name of the Pygments (syntax highlighting) style to use. -pygments_style = 'sphinx' - -# A list of ignored prefixes for module index sorting. -#modindex_common_prefix = [] - - -# -- Options for HTML output --------------------------------------------------- - -# The theme to use for HTML and HTML Help pages. See the documentation for -# a list of builtin themes. -html_theme = 'docker' - -# Theme options are theme-specific and customize the look and feel of a theme -# further. For a list of options available for each theme, see the -# documentation. -#html_theme_options = {} - -# Add any paths that contain custom themes here, relative to this directory. -#html_theme_path = [] -html_theme_path = ['../theme'] - -# The name for this set of Sphinx documents. If None, it defaults to -# " v documentation". -#html_title = None - -# A shorter title for the navigation bar. Default is the same as html_title. -#html_short_title = None - -# The name of an image file (relative to this directory) to place at the top -# of the sidebar. -#html_logo = None - -# The name of an image file (within the static path) to use as favicon of the -# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 -# pixels large. - -# We use a png favicon. This is not compatible with internet explorer, but looks -# much better on all other browsers. However, sphynx doesn't like it (it likes -# .ico better) so we have just put it in the template rather than used this setting -# html_favicon = 'favicon.png' - -# Add any paths that contain custom static files (such as style sheets) here, -# relative to this directory. They are copied after the builtin static files, -# so a file named "default.css" will overwrite the builtin "default.css". -html_static_path = ['static_files'] - -# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, -# using the given strftime format. -#html_last_updated_fmt = '%b %d, %Y' - -# If true, SmartyPants will be used to convert quotes and dashes to -# typographically correct entities. -#html_use_smartypants = True - -# Custom sidebar templates, maps document names to template names. -#html_sidebars = {} - -# If false, no module index is generated. -#html_domain_indices = True - -# If false, no index is generated. -#html_use_index = True - -# If true, the index is split into individual pages for each letter. -#html_split_index = False - -# If true, links to the reST sources are added to the pages. -html_show_sourcelink = False - -# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. -#html_show_sphinx = True - -# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. -html_show_copyright = True - -# If true, an OpenSearch description file will be output, and all pages will -# contain a tag referring to it. The value of this option must be the -# base URL from which the finished HTML is served. -#html_use_opensearch = '' - -# This is the file name suffix for HTML files (e.g. ".xhtml"). -#html_file_suffix = None - -# Output file base name for HTML help builder. -htmlhelp_basename = 'Dockerdoc' - - -# -- Options for LaTeX output -------------------------------------------------- - -latex_elements = { -# The paper size ('letterpaper' or 'a4paper'). -#'papersize': 'letterpaper', - -# The font size ('10pt', '11pt' or '12pt'). -#'pointsize': '10pt', - -# Additional stuff for the LaTeX preamble. -#'preamble': '', -} - -# Grouping the document tree into LaTeX files. List of tuples -# (source start file, target name, title, author, documentclass [howto/manual]). -latex_documents = [ - ('toctree', 'Docker.tex', u'Docker Documentation', - u'Team Docker', 'manual'), -] - -# The name of an image file (relative to this directory) to place at the top of -# the title page. -#latex_logo = None - -# For "manual" documents, if this is true, then toplevel headings are parts, -# not chapters. -#latex_use_parts = False - -# If true, show page references after internal links. -#latex_show_pagerefs = False - -# If true, show URL addresses after external links. -#latex_show_urls = False - -# Documents to append as an appendix to all manuals. -#latex_appendices = [] - -# If false, no module index is generated. -#latex_domain_indices = True - - -# -- Options for manual page output -------------------------------------------- - -# One entry per manual page. List of tuples -# (source start file, name, description, authors, manual section). -man_pages = [ - ('reference/commandline/cli', 'docker', u'Docker CLI Documentation', - [u'Team Docker'], 1), - ('reference/builder', 'Dockerfile', u'Dockerfile Documentation', - [u'Team Docker'], 5), -] - -# If true, show URL addresses after external links. -#man_show_urls = False - - -# -- Options for Texinfo output ------------------------------------------------ - -# Grouping the document tree into Texinfo files. List of tuples -# (source start file, target name, title, author, -# dir menu entry, description, category) -texinfo_documents = [ - ('toctree', 'Docker', u'Docker Documentation', - u'Team Docker', 'Docker', 'One line description of project.', - 'Miscellaneous'), -] - -# Documents to append as an appendix to all manuals. -#texinfo_appendices = [] - -# If false, no module index is generated. -#texinfo_domain_indices = True - -# How to display URL addresses: 'footnote', 'no', or 'inline'. -#texinfo_show_urls = 'footnote' diff --git a/docs/sources/contributing.md b/docs/sources/contributing.md index b311d13f8c..0a1e4fd282 100644 --- a/docs/sources/contributing.md +++ b/docs/sources/contributing.md @@ -2,6 +2,6 @@ ## Contents: -- [Contributing to Docker](contributing/) -- [Setting Up a Dev Environment](devenvironment/) + - [Contributing to Docker](contributing/) + - [Setting Up a Dev Environment](devenvironment/) diff --git a/docs/sources/contributing/contributing.md b/docs/sources/contributing/contributing.md index 9e2ad19073..dd764eb855 100644 --- a/docs/sources/contributing/contributing.md +++ b/docs/sources/contributing/contributing.md @@ -6,19 +6,19 @@ page_keywords: contributing, docker, documentation, help, guideline Want to hack on Docker? Awesome! -The repository includes [all the instructions you need to get -started](https://github.com/dotcloud/docker/blob/master/CONTRIBUTING.md). +The repository includes [all the instructions you need to get started]( +https://github.com/dotcloud/docker/blob/master/CONTRIBUTING.md). -The [developer environment -Dockerfile](https://github.com/dotcloud/docker/blob/master/Dockerfile) +The [developer environment Dockerfile]( +https://github.com/dotcloud/docker/blob/master/Dockerfile) specifies the tools and versions used to test and build Docker. -If you’re making changes to the documentation, see the -[README.md](https://github.com/dotcloud/docker/blob/master/docs/README.md). +If you're making changes to the documentation, see the [README.md]( +https://github.com/dotcloud/docker/blob/master/docs/README.md). -The [documentation environment -Dockerfile](https://github.com/dotcloud/docker/blob/master/docs/Dockerfile) +The [documentation environment Dockerfile]( +https://github.com/dotcloud/docker/blob/master/docs/Dockerfile) specifies the tools and versions used to build the Documentation. -Further interesting details can be found in the [Packaging -hints](https://github.com/dotcloud/docker/blob/master/hack/PACKAGERS.md). +Further interesting details can be found in the [Packaging hints]( +https://github.com/dotcloud/docker/blob/master/hack/PACKAGERS.md). diff --git a/docs/sources/contributing/contributing.rst b/docs/sources/contributing/contributing.rst deleted file mode 100644 index 3b3b3f8f88..0000000000 --- a/docs/sources/contributing/contributing.rst +++ /dev/null @@ -1,25 +0,0 @@ -:title: Contribution Guidelines -:description: Contribution guidelines: create issues, conventions, pull requests -:keywords: contributing, docker, documentation, help, guideline - -Contributing to Docker -====================== - -Want to hack on Docker? Awesome! - -The repository includes `all the instructions you need to get -started `_. - -The `developer environment Dockerfile -`_ -specifies the tools and versions used to test and build Docker. - -If you're making changes to the documentation, see the -`README.md `_. - -The `documentation environment Dockerfile -`_ -specifies the tools and versions used to build the Documentation. - -Further interesting details can be found in the `Packaging hints -`_. diff --git a/docs/sources/contributing/devenvironment.md b/docs/sources/contributing/devenvironment.md index 6551d9fbac..24e250dbb0 100644 --- a/docs/sources/contributing/devenvironment.md +++ b/docs/sources/contributing/devenvironment.md @@ -12,18 +12,18 @@ binaries, go environment, go dependencies, etc. ## Install Docker -Docker’s build environment itself is a Docker container, so the first +Docker's build environment itself is a Docker container, so the first step is to install Docker on your system. You can follow the [install instructions most relevant to your -system](https://docs.docker.io/en/latest/installation/). Make sure you +system](https://docs.docker.io/installation/). Make sure you have a working, up-to-date docker installation, then continue to the next step. ## Install tools used for this tutorial -Install `git`; honest, it’s very good. You can use -other ways to get the Docker source, but they’re not anywhere near as +Install `git`; honest, it's very good. You can use +other ways to get the Docker source, but they're not anywhere near as easy. Install `make`. This tutorial uses our base Makefile @@ -32,8 +32,8 @@ Again, you can do it in other ways but you need to do more work. ## Check out the Source - git clone http://git@github.com/dotcloud/docker - cd docker + $ git clone https://git@github.com/dotcloud/docker + $ cd docker To checkout a different revision just use `git checkout` with the name of branch or revision number. @@ -45,7 +45,7 @@ Dockerfile in the current directory. Essentially, it will install all the build and runtime dependencies necessary to build and test Docker. This command will take some time to complete when you first execute it. - sudo make build + $ sudo make build If the build is successful, congratulations! You have produced a clean build of docker, neatly encapsulated in a standard build environment. @@ -54,10 +54,9 @@ build of docker, neatly encapsulated in a standard build environment. To create the Docker binary, run this command: - sudo make binary + $ sudo make binary -This will create the Docker binary in -`./bundles/-dev/binary/` +This will create the Docker binary in `./bundles/-dev/binary/` ### Using your built Docker binary @@ -66,7 +65,7 @@ The binary is available outside the container in the directory host docker executable with this binary for live testing - for example, on ubuntu: - sudo service docker stop ; sudo cp $(which docker) $(which docker)_ ; sudo cp ./bundles/-dev/binary/docker--dev $(which docker);sudo service docker start + $ sudo service docker stop ; sudo cp $(which docker) $(which docker)_ ; sudo cp ./bundles/-dev/binary/docker--dev $(which docker);sudo service docker start > **Note**: > Its safer to run the tests below before swapping your hosts docker binary. @@ -75,7 +74,7 @@ on ubuntu: To execute the test cases, run this command: - sudo make test + $ sudo make test If the test are successful then the tail of the output should look something like this @@ -106,11 +105,10 @@ something like this PASS ok github.com/dotcloud/docker/utils 0.017s -If $TESTFLAGS is set in the environment, it is passed as extra -arguments to ‘go test’. You can use this to select certain tests to run, -eg. +If $TESTFLAGS is set in the environment, it is passed as extra arguments +to `go test`. You can use this to select certain tests to run, e.g. -> TESTFLAGS=’-run \^TestBuild\$’ make test + $ TESTFLAGS=`-run \^TestBuild\$` make test If the output indicates "FAIL" and you see errors like this: @@ -118,14 +116,14 @@ If the output indicates "FAIL" and you see errors like this: utils_test.go:179: Error copy: exit status 1 (cp: writing '/tmp/docker-testd5c9-[...]': No space left on device -Then you likely don’t have enough memory available the test suite. 2GB +Then you likely don't have enough memory available the test suite. 2GB is recommended. ## Use Docker You can run an interactive session in the newly built container: - sudo make shell + $ sudo make shell # type 'exit' or Ctrl-D to exit @@ -135,13 +133,14 @@ If you want to read the documentation from a local website, or are making changes to it, you can build the documentation and then serve it by: - sudo make docs + $ sudo make docs + # when its done, you can point your browser to http://yourdockerhost:8000 - # type Ctrl-C to exit + # type Ctrl-C to exit **Need More Help?** -If you need more help then hop on to the [\#docker-dev IRC +If you need more help then hop on to the [#docker-dev IRC channel](irc://chat.freenode.net#docker-dev) or post a message on the [Docker developer mailing list](https://groups.google.com/d/forum/docker-dev). diff --git a/docs/sources/contributing/devenvironment.rst b/docs/sources/contributing/devenvironment.rst deleted file mode 100644 index fbd47cbed7..0000000000 --- a/docs/sources/contributing/devenvironment.rst +++ /dev/null @@ -1,167 +0,0 @@ -:title: Setting Up a Dev Environment -:description: Guides on how to contribute to docker -:keywords: Docker, documentation, developers, contributing, dev environment - -Setting Up a Dev Environment -^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -To make it easier to contribute to Docker, we provide a standard -development environment. It is important that the same environment be -used for all tests, builds and releases. The standard development -environment defines all build dependencies: system libraries and -binaries, go environment, go dependencies, etc. - - -Step 1: Install Docker ----------------------- - -Docker's build environment itself is a Docker container, so the first -step is to install Docker on your system. - -You can follow the `install instructions most relevant to your system -`_. Make sure you have -a working, up-to-date docker installation, then continue to the next -step. - - -Step 2: Install tools used for this tutorial --------------------------------------------- - -Install ``git``; honest, it's very good. You can use other ways to get the Docker -source, but they're not anywhere near as easy. - -Install ``make``. This tutorial uses our base Makefile to kick off the docker -containers in a repeatable and consistent way. Again, you can do it in other ways -but you need to do more work. - -Step 3: Check out the Source ----------------------------- - -.. code-block:: bash - - git clone http://git@github.com/dotcloud/docker - cd docker - -To checkout a different revision just use ``git checkout`` with the name of branch or revision number. - - -Step 4: Build the Environment ------------------------------ - -This following command will build a development environment using the Dockerfile in the current directory. Essentially, it will install all the build and runtime dependencies necessary to build and test Docker. This command will take some time to complete when you first execute it. - -.. code-block:: bash - - sudo make build - -If the build is successful, congratulations! You have produced a clean build of -docker, neatly encapsulated in a standard build environment. - - -Step 5: Build the Docker Binary -------------------------------- - -To create the Docker binary, run this command: - -.. code-block:: bash - - sudo make binary - -This will create the Docker binary in ``./bundles/-dev/binary/`` - -Using your built Docker binary -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The binary is available outside the container in the directory -``./bundles/-dev/binary/``. You can swap your host docker executable -with this binary for live testing - for example, on ubuntu: - -.. code-block:: bash - - sudo service docker stop ; sudo cp $(which docker) $(which docker)_ ; sudo cp ./bundles/-dev/binary/docker--dev $(which docker);sudo service docker start - -.. note:: Its safer to run the tests below before swapping your hosts docker binary. - - -Step 5: Run the Tests ---------------------- - -To execute the test cases, run this command: - -.. code-block:: bash - - sudo make test - -If the test are successful then the tail of the output should look something like this - -.. code-block:: bash - - --- PASS: TestWriteBroadcaster (0.00 seconds) - === RUN TestRaceWriteBroadcaster - --- PASS: TestRaceWriteBroadcaster (0.00 seconds) - === RUN TestTruncIndex - --- PASS: TestTruncIndex (0.00 seconds) - === RUN TestCompareKernelVersion - --- PASS: TestCompareKernelVersion (0.00 seconds) - === RUN TestHumanSize - --- PASS: TestHumanSize (0.00 seconds) - === RUN TestParseHost - --- PASS: TestParseHost (0.00 seconds) - === RUN TestParseRepositoryTag - --- PASS: TestParseRepositoryTag (0.00 seconds) - === RUN TestGetResolvConf - --- PASS: TestGetResolvConf (0.00 seconds) - === RUN TestCheckLocalDns - --- PASS: TestCheckLocalDns (0.00 seconds) - === RUN TestParseRelease - --- PASS: TestParseRelease (0.00 seconds) - === RUN TestDependencyGraphCircular - --- PASS: TestDependencyGraphCircular (0.00 seconds) - === RUN TestDependencyGraph - --- PASS: TestDependencyGraph (0.00 seconds) - PASS - ok github.com/dotcloud/docker/utils 0.017s - -If $TESTFLAGS is set in the environment, it is passed as extra arguments to 'go test'. -You can use this to select certain tests to run, eg. - - TESTFLAGS='-run ^TestBuild$' make test - -If the output indicates "FAIL" and you see errors like this: - -.. code-block:: text - - server.go:1302 Error: Insertion failed because database is full: database or disk is full - - utils_test.go:179: Error copy: exit status 1 (cp: writing '/tmp/docker-testd5c9-[...]': No space left on device - -Then you likely don't have enough memory available the test suite. 2GB is recommended. - -Step 6: Use Docker -------------------- - -You can run an interactive session in the newly built container: - -.. code-block:: bash - - sudo make shell - - # type 'exit' or Ctrl-D to exit - - -Extra Step: Build and view the Documentation --------------------------------------------- - -If you want to read the documentation from a local website, or are making changes -to it, you can build the documentation and then serve it by: - -.. code-block:: bash - - sudo make docs - # when its done, you can point your browser to http://yourdockerhost:8000 - # type Ctrl-C to exit - - -**Need More Help?** - -If you need more help then hop on to the `#docker-dev IRC channel `_ or post a message on the `Docker developer mailing list `_. diff --git a/docs/sources/contributing/index.rst b/docs/sources/contributing/index.rst deleted file mode 100644 index 3669807a14..0000000000 --- a/docs/sources/contributing/index.rst +++ /dev/null @@ -1,14 +0,0 @@ -:title: Contributing to Docker -:description: Guides on how to contribute to docker -:keywords: Docker, documentation, developers, contributing, dev environment - - - -Contributing -============ - -.. toctree:: - :maxdepth: 1 - - contributing - devenvironment diff --git a/docs/sources/docker-io/accounts.md b/docs/sources/docker-io/accounts.md new file mode 100644 index 0000000000..cfbcd9512c --- /dev/null +++ b/docs/sources/docker-io/accounts.md @@ -0,0 +1,32 @@ +page_title: Accounts on Docker.io +page_description: Docker.io accounts +page_keywords: Docker, docker, registry, accounts, plans, Dockerfile, Docker.io, docs, documentation + +# Accounts on Docker.io + +## Docker.io Accounts + +You can `search` for Docker images and `pull` them from [Docker.io](https://index.docker.io) +without signing in or even having an account. However, in order to `push` images, +leave comments or to *star* a repository, you are going to need a [Docker.io]( +https://www.docker.io) account. + +### Registration for a Docker.io Account + +You can get a [Docker.io](https://index.docker.io) account by +[signing up for one here](https://www.docker.io/account/signup/). A valid +email address is required to register, which you will need to verify for +account activation. + +### Email activation process + +You need to have at least one verified email address to be able to use your +[Docker.io](https://index.docker.io) account. If you can't find the validation email, +you can request another by visiting the [Resend Email Confirmation]( +https://www.docker.io/account/resend-email-confirmation/) page. + +### Password reset process + +If you can't access your account for some reason, you can reset your password +from the [*Password Reset*](https://www.docker.io/account/forgot-password/) +page. \ No newline at end of file diff --git a/docs/sources/index/builds.md b/docs/sources/docker-io/builds.md similarity index 84% rename from docs/sources/index/builds.md rename to docs/sources/docker-io/builds.md index 899971c201..0ca058663a 100644 --- a/docs/sources/index/builds.md +++ b/docs/sources/docker-io/builds.md @@ -1,15 +1,15 @@ -page_title: Trusted Builds in the Docker Index -page_description: Docker Index Trusted Builds -page_keywords: Docker, docker, index, accounts, plans, Dockerfile, Docker.io, docs, documentation, trusted, builds, trusted builds +page_title: Trusted Builds on Docker.io +page_description: Docker.io Trusted Builds +page_keywords: Docker, docker, registry, accounts, plans, Dockerfile, Docker.io, docs, documentation, trusted, builds, trusted builds -# Trusted Builds in the Docker Index +# Trusted Builds on Docker.io ## Trusted Builds *Trusted Builds* is a special feature allowing you to specify a source repository with a *Dockerfile* to be built by the Docker build clusters. The system will clone your repository and build the Dockerfile using the repository -as the context. The resulting image will then be uploaded to the index and +as the context. The resulting image will then be uploaded to the registry and marked as a `Trusted Build`. Trusted Builds have a number of advantages. For example, users of *your* Trusted @@ -17,18 +17,18 @@ Build can be certain that the resulting image was built exactly how it claims to be. Furthermore, the Dockerfile will be available to anyone browsing your repository -on the Index. Another advantage of the Trusted Builds feature is the automated +on the registry. Another advantage of the Trusted Builds feature is the automated builds. This makes sure that your repository is always up to date. ### Linking with a GitHub account -In order to setup a Trusted Build, you need to first link your Docker Index -account with a GitHub one. This will allow the Docker Index to see your -repositories. +In order to setup a Trusted Build, you need to first link your [Docker.io]( +https://index.docker.io) account with a GitHub one. This will allow the registry +to see your repositories. -> *Note:* We currently request access for *read* and *write* since the Index -> needs to setup a GitHub service hook. Although nothing else is done with -> your account, this is how GitHub manages permissions, sorry! +> *Note:* We currently request access for *read* and *write* since [Docker.io]( +> https://index.docker.io) needs to setup a GitHub service hook. Although nothing +> else is done with your account, this is how GitHub manages permissions, sorry! ### Creating a Trusted Build @@ -77,8 +77,8 @@ Trusted Build: ### The Dockerfile and Trusted Builds During the build process, we copy the contents of your Dockerfile. We also -add it to the Docker Index for the Docker community to see on the repository -page. +add it to the [Docker.io](https://index.docker.io) for the Docker community +to see on the repository page. ### README.md diff --git a/docs/sources/docker-io/home.md b/docs/sources/docker-io/home.md new file mode 100644 index 0000000000..d29de76fbf --- /dev/null +++ b/docs/sources/docker-io/home.md @@ -0,0 +1,13 @@ +page_title: The Docker.io Registry Help +page_description: The Docker Registry help documentation home +page_keywords: Docker, docker, registry, accounts, plans, Dockerfile, Docker.io, docs, documentation + +# The Docker.io Registry Help + +## Introduction + +For your questions about the [Docker.io](https://index.docker.io) registry you +can use [this documentation](docs.md). + +If you can not find something you are looking for, please feel free to +[contact us](https://index.docker.io/help/support/). \ No newline at end of file diff --git a/docs/sources/index/repos.md b/docs/sources/docker-io/repos.md similarity index 75% rename from docs/sources/index/repos.md rename to docs/sources/docker-io/repos.md index 40b270a0b8..a9bdabd89b 100644 --- a/docs/sources/index/repos.md +++ b/docs/sources/docker-io/repos.md @@ -1,15 +1,16 @@ -page_title: Repositories and Images in the Docker Index -page_description: Docker Index repositories -page_keywords: Docker, docker, index, accounts, plans, Dockerfile, Docker.io, docs, documentation +page_title: Repositories and Images on Docker.io +page_description: Repositories and Images on Docker.io +page_keywords: Docker, docker, registry, accounts, plans, Dockerfile, Docker.io, docs, documentation -# Repositories and Images in the Docker Index +# Repositories and Images on Docker.io ## Searching for repositories and images You can `search` for all the publicly available repositories and images using Docker. If a repository is not public (i.e., private), it won't be listed on -the Index search results. To see repository statuses, you can look at your -[profile page](https://index.docker.io/account/). +the repository search results. To see repository statuses, you can look at your +[profile page](https://index.docker.io/account/) on [Docker.io]( +https://index.docker.io). ## Repositories @@ -22,20 +23,20 @@ of bookmark your favorites. You can interact with other members of the Docker community and maintainers by leaving comments on repositories. If you find any comments that are not -appropriate, you can flag them for the Index admins' review. +appropriate, you can flag them for the admins' review. ### Private Docker Repositories -To work with a private repository on the Docker Index, you will need to add one -via the [Add Repository](https://index.docker.io/account/repositories/add) link. -Once the private repository is created, you can `push` and `pull` images to and -from it using Docker. +To work with a private repository on [Docker.io](https://index.docker.io), you +will need to add one via the [Add Repository](https://index.docker.io/account/repositories/add) +link. Once the private repository is created, you can `push` and `pull` images +to and from it using Docker. > *Note:* You need to be signed in and have access to work with a private > repository. Private repositories are just like public ones. However, it isn't possible to -browse them or search their content on the public index. They do not get cached +browse them or search their content on the public registry. They do not get cached the same way as a public repository either. It is possible to give access to a private repository to those whom you @@ -44,7 +45,7 @@ designate (i.e., collaborators) from its settings page. From there, you can also switch repository status (*public* to *private*, or viceversa). You will need to have an available private repository slot open before you can do such a switch. If you don't have any, you can always upgrade -your [Docker Index plan](https://index.docker.io/plans/). +your [Docker.io](https://index.docker.io/plans/) plan. ### Collaborators and their role diff --git a/docs/sources/examples.md b/docs/sources/examples.md index 98b3d25893..f1d1567f52 100644 --- a/docs/sources/examples.md +++ b/docs/sources/examples.md @@ -9,17 +9,17 @@ substantial services like those which you might find in production. ## Contents: -- [Check your Docker install](hello_world/) -- [Hello World](hello_world/#hello-world) -- [Hello World Daemon](hello_world/#hello-world-daemon) -- [Node.js Web App](nodejs_web_app/) -- [Redis Service](running_redis_service/) -- [SSH Daemon Service](running_ssh_service/) -- [CouchDB Service](couchdb_data_volumes/) -- [PostgreSQL Service](postgresql_service/) -- [Building an Image with MongoDB](mongodb/) -- [Riak Service](running_riak_service/) -- [Using Supervisor with Docker](using_supervisord/) -- [Process Management with CFEngine](cfengine_process_management/) -- [Python Web App](python_web_app/) + - [Check your Docker install](hello_world/) + - [Hello World](hello_world/#hello-world) + - [Hello World Daemon](hello_world/#hello-world-daemon) + - [Node.js Web App](nodejs_web_app/) + - [Redis Service](running_redis_service/) + - [SSH Daemon Service](running_ssh_service/) + - [CouchDB Service](couchdb_data_volumes/) + - [PostgreSQL Service](postgresql_service/) + - [Building an Image with MongoDB](mongodb/) + - [Riak Service](running_riak_service/) + - [Using Supervisor with Docker](using_supervisord/) + - [Process Management with CFEngine](cfengine_process_management/) + - [Python Web App](python_web_app/) diff --git a/docs/sources/examples/apt-cacher-ng.md b/docs/sources/examples/apt-cacher-ng.md index c7fee5542a..0293ac5d0b 100644 --- a/docs/sources/examples/apt-cacher-ng.md +++ b/docs/sources/examples/apt-cacher-ng.md @@ -9,13 +9,13 @@ page_keywords: docker, example, package installation, networking, debian, ubuntu > - This example assumes you have Docker running in daemon mode. For > more information please see [*Check your Docker > install*](../hello_world/#running-examples). -> - **If you don’t like sudo** then see [*Giving non-root -> access*](../../installation/binaries/#dockergroup). -> - **If you’re using OS X or docker via TCP** then you shouldn’t use +> - **If you don't like sudo** then see [*Giving non-root +> access*](/installation/binaries/#dockergroup). +> - **If you're using OS X or docker via TCP** then you shouldn't use > sudo. When you have multiple Docker servers, or build unrelated Docker -containers which can’t make use of the Docker build cache, it can be +containers which can't make use of the Docker build cache, it can be useful to have a caching proxy for your packages. This container makes the second download of any package almost instant. @@ -45,7 +45,7 @@ Then run it, mapping the exposed port to one on the host $ sudo docker run -d -p 3142:3142 --name test_apt_cacher_ng eg_apt_cacher_ng -To see the logfiles that are ‘tailed’ in the default command, you can +To see the logfiles that are `tailed` in the default command, you can use: $ sudo docker logs -f test_apt_cacher_ng @@ -53,13 +53,12 @@ use: To get your Debian-based containers to use the proxy, you can do one of three things -1. Add an apt Proxy setting - `echo 'Acquire::http { Proxy "http://dockerhost:3142"; };' >> /etc/apt/conf.d/01proxy` - -2. Set an environment variable: - `http_proxy=http://dockerhost:3142/` -3. Change your `sources.list` entries to start with - `http://dockerhost:3142/` +1. Add an apt Proxy setting + `echo 'Acquire::http { Proxy "http://dockerhost:3142"; };' >> /etc/apt/conf.d/01proxy` +2. Set an environment variable: + `http_proxy=http://dockerhost:3142/` +3. Change your `sources.list` entries to start with + `http://dockerhost:3142/` **Option 1** injects the settings safely into your apt configuration in a local version of a common base: diff --git a/docs/sources/examples/apt-cacher-ng.rst b/docs/sources/examples/apt-cacher-ng.rst deleted file mode 100644 index dd844d4ef1..0000000000 --- a/docs/sources/examples/apt-cacher-ng.rst +++ /dev/null @@ -1,102 +0,0 @@ -:title: Running an apt-cacher-ng service -:description: Installing and running an apt-cacher-ng service -:keywords: docker, example, package installation, networking, debian, ubuntu - -.. _running_apt-cacher-ng_service: - -Apt-Cacher-ng Service -===================== - -.. include:: example_header.inc - - -When you have multiple Docker servers, or build unrelated Docker containers -which can't make use of the Docker build cache, it can be useful to have a -caching proxy for your packages. This container makes the second download of -any package almost instant. - -Use the following Dockerfile: - -.. literalinclude:: apt-cacher-ng.Dockerfile - -To build the image using: - -.. code-block:: bash - - $ sudo docker build -t eg_apt_cacher_ng . - -Then run it, mapping the exposed port to one on the host - -.. code-block:: bash - - $ sudo docker run -d -p 3142:3142 --name test_apt_cacher_ng eg_apt_cacher_ng - -To see the logfiles that are 'tailed' in the default command, you can use: - -.. code-block:: bash - - $ sudo docker logs -f test_apt_cacher_ng - -To get your Debian-based containers to use the proxy, you can do one of three things - -1. Add an apt Proxy setting ``echo 'Acquire::http { Proxy "http://dockerhost:3142"; };' >> /etc/apt/conf.d/01proxy`` -2. Set an environment variable: ``http_proxy=http://dockerhost:3142/`` -3. Change your ``sources.list`` entries to start with ``http://dockerhost:3142/`` - -**Option 1** injects the settings safely into your apt configuration in a local -version of a common base: - -.. code-block:: bash - - FROM ubuntu - RUN echo 'Acquire::http { Proxy "http://dockerhost:3142"; };' >> /etc/apt/apt.conf.d/01proxy - RUN apt-get update ; apt-get install vim git - - # docker build -t my_ubuntu . - -**Option 2** is good for testing, but will -break other HTTP clients which obey ``http_proxy``, such as ``curl``, ``wget`` and others: - -.. code-block:: bash - - $ sudo docker run --rm -t -i -e http_proxy=http://dockerhost:3142/ debian bash - -**Option 3** is the least portable, but there will be times when you might need to -do it and you can do it from your ``Dockerfile`` too. - -Apt-cacher-ng has some tools that allow you to manage the repository, and they -can be used by leveraging the ``VOLUME`` instruction, and the image we built to run the -service: - -.. code-block:: bash - - $ sudo docker run --rm -t -i --volumes-from test_apt_cacher_ng eg_apt_cacher_ng bash - - $$ /usr/lib/apt-cacher-ng/distkill.pl - Scanning /var/cache/apt-cacher-ng, please wait... - Found distributions: - bla, taggedcount: 0 - 1. precise-security (36 index files) - 2. wheezy (25 index files) - 3. precise-updates (36 index files) - 4. precise (36 index files) - 5. wheezy-updates (18 index files) - - Found architectures: - 6. amd64 (36 index files) - 7. i386 (24 index files) - - WARNING: The removal action may wipe out whole directories containing - index files. Select d to see detailed list. - - (Number nn: tag distribution or architecture nn; 0: exit; d: show details; r: remove tagged; q: quit): q - - -Finally, clean up after your test by stopping and removing the container, and -then removing the image. - -.. code-block:: bash - - $ sudo docker stop test_apt_cacher_ng - $ sudo docker rm test_apt_cacher_ng - $ sudo docker rmi eg_apt_cacher_ng diff --git a/docs/sources/examples/cfengine_process_management.md b/docs/sources/examples/cfengine_process_management.md index 45d6edcec4..0c7b6a8a1f 100644 --- a/docs/sources/examples/cfengine_process_management.md +++ b/docs/sources/examples/cfengine_process_management.md @@ -10,14 +10,14 @@ Docker monitors one process in each running container and the container lives or dies with that process. By introducing CFEngine inside Docker containers, we can alleviate a few of the issues that may arise: -- It is possible to easily start multiple processes within a - container, all of which will be managed automatically, with the - normal `docker run` command. -- If a managed process dies or crashes, CFEngine will start it again - within 1 minute. -- The container itself will live as long as the CFEngine scheduling - daemon (cf-execd) lives. With CFEngine, we are able to decouple the - life of the container from the uptime of the service it provides. + - It is possible to easily start multiple processes within a + container, all of which will be managed automatically, with the + normal `docker run` command. + - If a managed process dies or crashes, CFEngine will start it again + within 1 minute. + - The container itself will live as long as the CFEngine scheduling + daemon (cf-execd) lives. With CFEngine, we are able to decouple the + life of the container from the uptime of the service it provides. ## How it works @@ -25,23 +25,20 @@ CFEngine, together with the cfe-docker integration policies, are installed as part of the Dockerfile. This builds CFEngine into our Docker image. -The Dockerfile’s `ENTRYPOINT` takes an arbitrary +The Dockerfile's `ENTRYPOINT` takes an arbitrary amount of commands (with any desired arguments) as parameters. When we run the Docker container these parameters get written to CFEngine policies and CFEngine takes over to ensure that the desired processes are running in the container. -CFEngine scans the process table for the `basename` -of the commands given to the `ENTRYPOINT` and runs -the command to start the process if the `basename` +CFEngine scans the process table for the `basename` of the commands given +to the `ENTRYPOINT` and runs the command to start the process if the `basename` is not found. For example, if we start the container with -`docker run "/path/to/my/application parameters"`, -CFEngine will look for a process named `application` -and run the command. If an entry for `application` -is not found in the process table at any point in time, CFEngine will -execute `/path/to/my/application parameters` to -start the application once again. The check on the process table happens -every minute. +`docker run "/path/to/my/application parameters"`, CFEngine will look for a +process named `application` and run the command. If an entry for `application` +is not found in the process table at any point in time, CFEngine will execute +`/path/to/my/application parameters` to start the application once again. The +check on the process table happens every minute. Note that it is therefore important that the command to start your application leaves a process with the basename of the command. This can @@ -56,11 +53,10 @@ in a single container. There are three steps: -1. Install CFEngine into the container. -2. Copy the CFEngine Docker process management policy into the - containerized CFEngine installation. -3. Start your application processes as part of the - `docker run` command. +1. Install CFEngine into the container. +2. Copy the CFEngine Docker process management policy into the + containerized CFEngine installation. +3. Start your application processes as part of the `docker run` command. ### Building the container image @@ -90,25 +86,22 @@ The first two steps can be done as part of a Dockerfile, as follows. ENTRYPOINT ["/var/cfengine/bin/docker_processes_run.sh"] -By saving this file as `Dockerfile` to a working -directory, you can then build your container with the docker build -command, e.g. `docker build -t managed_image`. +By saving this file as Dockerfile to a working directory, you can then build +your container with the docker build command, e.g. +`docker build -t managed_image`. ### Testing the container -Start the container with `apache2` and -`sshd` running and managed, forwarding a port to our -SSH instance: +Start the container with `apache2` and `sshd` running and managed, forwarding +a port to our SSH instance: - docker run -p 127.0.0.1:222:22 -d managed_image "/usr/sbin/sshd" "/etc/init.d/apache2 start" + $ docker run -p 127.0.0.1:222:22 -d managed_image "/usr/sbin/sshd" "/etc/init.d/apache2 start" We now clearly see one of the benefits of the cfe-docker integration: it -allows to start several processes as part of a normal -`docker run` command. +allows to start several processes as part of a normal `docker run` command. -We can now log in to our new container and see that both -`apache2` and `sshd` are -running. We have set the root password to "password" in the Dockerfile +We can now log in to our new container and see that both `apache2` and `sshd` +are running. We have set the root password to "password" in the Dockerfile above and can use that to log in with ssh: ssh -p222 root@127.0.0.1 @@ -144,9 +137,8 @@ CFEngine. To make sure your applications get managed in the same manner, there are just two things you need to adjust from the above example: -- In the Dockerfile used above, install your applications instead of - `apache2` and `sshd`. -- When you start the container with `docker run`, - specify the command line arguments to your applications rather than - `apache2` and `sshd`. - + - In the Dockerfile used above, install your applications instead of + `apache2` and `sshd`. + - When you start the container with `docker run`, + specify the command line arguments to your applications rather than + `apache2` and `sshd`. diff --git a/docs/sources/examples/cfengine_process_management.rst b/docs/sources/examples/cfengine_process_management.rst deleted file mode 100644 index 7ca2c35498..0000000000 --- a/docs/sources/examples/cfengine_process_management.rst +++ /dev/null @@ -1,137 +0,0 @@ -:title: Process Management with CFEngine -:description: Managing containerized processes with CFEngine -:keywords: cfengine, process, management, usage, docker, documentation - -Process Management with CFEngine -================================ - -Create Docker containers with managed processes. - -Docker monitors one process in each running container and the container lives or dies with that process. -By introducing CFEngine inside Docker containers, we can alleviate a few of the issues that may arise: - -* It is possible to easily start multiple processes within a container, all of which will be managed automatically, with the normal ``docker run`` command. -* If a managed process dies or crashes, CFEngine will start it again within 1 minute. -* The container itself will live as long as the CFEngine scheduling daemon (cf-execd) lives. With CFEngine, we are able to decouple the life of the container from the uptime of the service it provides. - - -How it works ------------- - -CFEngine, together with the cfe-docker integration policies, are installed as part of the Dockerfile. This builds CFEngine into our Docker image. - -The Dockerfile's ``ENTRYPOINT`` takes an arbitrary amount of commands (with any desired arguments) as parameters. -When we run the Docker container these parameters get written to CFEngine policies and CFEngine takes over to ensure that the desired processes are running in the container. - -CFEngine scans the process table for the ``basename`` of the commands given to the ``ENTRYPOINT`` and runs the command to start the process if the ``basename`` is not found. -For example, if we start the container with ``docker run "/path/to/my/application parameters"``, CFEngine will look for a process named ``application`` and run the command. -If an entry for ``application`` is not found in the process table at any point in time, CFEngine will execute ``/path/to/my/application parameters`` to start the application once again. -The check on the process table happens every minute. - -Note that it is therefore important that the command to start your application leaves a process with the basename of the command. -This can be made more flexible by making some minor adjustments to the CFEngine policies, if desired. - - -Usage ------ - -This example assumes you have Docker installed and working. -We will install and manage ``apache2`` and ``sshd`` in a single container. - -There are three steps: - -1. Install CFEngine into the container. -2. Copy the CFEngine Docker process management policy into the containerized CFEngine installation. -3. Start your application processes as part of the ``docker run`` command. - - -Building the container image -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The first two steps can be done as part of a Dockerfile, as follows. - -.. code-block:: bash - - FROM ubuntu - MAINTAINER Eystein Måløy Stenberg - - RUN apt-get -y install wget lsb-release unzip ca-certificates - - # install latest CFEngine - RUN wget -qO- http://cfengine.com/pub/gpg.key | apt-key add - - RUN echo "deb http://cfengine.com/pub/apt $(lsb_release -cs) main" > /etc/apt/sources.list.d/cfengine-community.list - RUN apt-get update - RUN apt-get install cfengine-community - - # install cfe-docker process management policy - RUN wget https://github.com/estenberg/cfe-docker/archive/master.zip -P /tmp/ && unzip /tmp/master.zip -d /tmp/ - RUN cp /tmp/cfe-docker-master/cfengine/bin/* /var/cfengine/bin/ - RUN cp /tmp/cfe-docker-master/cfengine/inputs/* /var/cfengine/inputs/ - RUN rm -rf /tmp/cfe-docker-master /tmp/master.zip - - # apache2 and openssh are just for testing purposes, install your own apps here - RUN apt-get -y install openssh-server apache2 - RUN mkdir -p /var/run/sshd - RUN echo "root:password" | chpasswd # need a password for ssh - - ENTRYPOINT ["/var/cfengine/bin/docker_processes_run.sh"] - - -By saving this file as ``Dockerfile`` to a working directory, you can then build your container with the docker build command, -e.g. ``docker build -t managed_image``. - -Testing the container -~~~~~~~~~~~~~~~~~~~~~ - -Start the container with ``apache2`` and ``sshd`` running and managed, forwarding a port to our SSH instance: - -.. code-block:: bash - - docker run -p 127.0.0.1:222:22 -d managed_image "/usr/sbin/sshd" "/etc/init.d/apache2 start" - -We now clearly see one of the benefits of the cfe-docker integration: it allows to start several processes -as part of a normal ``docker run`` command. - -We can now log in to our new container and see that both ``apache2`` and ``sshd`` are running. We have set the root password to -"password" in the Dockerfile above and can use that to log in with ssh: - -.. code-block:: bash - - ssh -p222 root@127.0.0.1 - - ps -ef - UID PID PPID C STIME TTY TIME CMD - root 1 0 0 07:48 ? 00:00:00 /bin/bash /var/cfengine/bin/docker_processes_run.sh /usr/sbin/sshd /etc/init.d/apache2 start - root 18 1 0 07:48 ? 00:00:00 /var/cfengine/bin/cf-execd -F - root 20 1 0 07:48 ? 00:00:00 /usr/sbin/sshd - root 32 1 0 07:48 ? 00:00:00 /usr/sbin/apache2 -k start - www-data 34 32 0 07:48 ? 00:00:00 /usr/sbin/apache2 -k start - www-data 35 32 0 07:48 ? 00:00:00 /usr/sbin/apache2 -k start - www-data 36 32 0 07:48 ? 00:00:00 /usr/sbin/apache2 -k start - root 93 20 0 07:48 ? 00:00:00 sshd: root@pts/0 - root 105 93 0 07:48 pts/0 00:00:00 -bash - root 112 105 0 07:49 pts/0 00:00:00 ps -ef - - -If we stop apache2, it will be started again within a minute by CFEngine. - -.. code-block:: bash - - service apache2 status - Apache2 is running (pid 32). - service apache2 stop - * Stopping web server apache2 ... waiting [ OK ] - service apache2 status - Apache2 is NOT running. - # ... wait up to 1 minute... - service apache2 status - Apache2 is running (pid 173). - - -Adapting to your applications ------------------------------ - -To make sure your applications get managed in the same manner, there are just two things you need to adjust from the above example: - -* In the Dockerfile used above, install your applications instead of ``apache2`` and ``sshd``. -* When you start the container with ``docker run``, specify the command line arguments to your applications rather than ``apache2`` and ``sshd``. diff --git a/docs/sources/examples/couchdb_data_volumes.md b/docs/sources/examples/couchdb_data_volumes.md index 1b18cf0aa7..17490487aa 100644 --- a/docs/sources/examples/couchdb_data_volumes.md +++ b/docs/sources/examples/couchdb_data_volumes.md @@ -9,40 +9,39 @@ page_keywords: docker, example, package installation, networking, couchdb, data > - This example assumes you have Docker running in daemon mode. For > more information please see [*Check your Docker > install*](../hello_world/#running-examples). -> - **If you don’t like sudo** then see [*Giving non-root -> access*](../../installation/binaries/#dockergroup) +> - **If you don't like sudo** then see [*Giving non-root +> access*](/installation/binaries/#dockergroup) -Here’s an example of using data volumes to share the same data between +Here's an example of using data volumes to share the same data between two CouchDB containers. This could be used for hot upgrades, testing different versions of CouchDB on the same data, etc. ## Create first database -Note that we’re marking `/var/lib/couchdb` as a data -volume. +Note that we're marking `/var/lib/couchdb` as a data volume. - COUCH1=$(sudo docker run -d -p 5984 -v /var/lib/couchdb shykes/couchdb:2013-05-03) + $ COUCH1=$(sudo docker run -d -p 5984 -v /var/lib/couchdb shykes/couchdb:2013-05-03) ## Add data to the first database -We’re assuming your Docker host is reachable at `localhost`. If not, +We're assuming your Docker host is reachable at `localhost`. If not, replace `localhost` with the public IP of your Docker host. - HOST=localhost - URL="http://$HOST:$(sudo docker port $COUCH1 5984 | grep -Po '\d+$')/_utils/" - echo "Navigate to $URL in your browser, and use the couch interface to add data" + $ HOST=localhost + $ URL="http://$HOST:$(sudo docker port $COUCH1 5984 | grep -Po '\d+$')/_utils/" + $ echo "Navigate to $URL in your browser, and use the couch interface to add data" ## Create second database -This time, we’re requesting shared access to `$COUCH1`'s volumes. +This time, we're requesting shared access to `$COUCH1`'s volumes. - COUCH2=$(sudo docker run -d -p 5984 --volumes-from $COUCH1 shykes/couchdb:2013-05-03) + $ COUCH2=$(sudo docker run -d -p 5984 --volumes-from $COUCH1 shykes/couchdb:2013-05-03) ## Browse data on the second database - HOST=localhost - URL="http://$HOST:$(sudo docker port $COUCH2 5984 | grep -Po '\d+$')/_utils/" - echo "Navigate to $URL in your browser. You should see the same data as in the first database"'!' + $ HOST=localhost + $ URL="http://$HOST:$(sudo docker port $COUCH2 5984 | grep -Po '\d+$')/_utils/" + $ echo "Navigate to $URL in your browser. You should see the same data as in the first database"'!' Congratulations, you are now running two Couchdb containers, completely isolated from each other *except* for their data. diff --git a/docs/sources/examples/couchdb_data_volumes.rst b/docs/sources/examples/couchdb_data_volumes.rst deleted file mode 100644 index 6cf3fab68c..0000000000 --- a/docs/sources/examples/couchdb_data_volumes.rst +++ /dev/null @@ -1,56 +0,0 @@ -:title: Sharing data between 2 couchdb databases -:description: Sharing data between 2 couchdb databases -:keywords: docker, example, package installation, networking, couchdb, data volumes - -.. _running_couchdb_service: - -CouchDB Service -=============== - -.. include:: example_header.inc - -Here's an example of using data volumes to share the same data between -two CouchDB containers. This could be used for hot upgrades, testing -different versions of CouchDB on the same data, etc. - -Create first database ---------------------- - -Note that we're marking ``/var/lib/couchdb`` as a data volume. - -.. code-block:: bash - - COUCH1=$(sudo docker run -d -p 5984 -v /var/lib/couchdb shykes/couchdb:2013-05-03) - -Add data to the first database ------------------------------- - -We're assuming your Docker host is reachable at ``localhost``. If not, -replace ``localhost`` with the public IP of your Docker host. - -.. code-block:: bash - - HOST=localhost - URL="http://$HOST:$(sudo docker port $COUCH1 5984 | grep -Po '\d+$')/_utils/" - echo "Navigate to $URL in your browser, and use the couch interface to add data" - -Create second database ----------------------- - -This time, we're requesting shared access to ``$COUCH1``'s volumes. - -.. code-block:: bash - - COUCH2=$(sudo docker run -d -p 5984 --volumes-from $COUCH1 shykes/couchdb:2013-05-03) - -Browse data on the second database ----------------------------------- - -.. code-block:: bash - - HOST=localhost - URL="http://$HOST:$(sudo docker port $COUCH2 5984 | grep -Po '\d+$')/_utils/" - echo "Navigate to $URL in your browser. You should see the same data as in the first database"'!' - -Congratulations, you are now running two Couchdb containers, completely -isolated from each other *except* for their data. diff --git a/docs/sources/examples/hello_world.md b/docs/sources/examples/hello_world.md index 062d5d37b3..177857816c 100644 --- a/docs/sources/examples/hello_world.md +++ b/docs/sources/examples/hello_world.md @@ -15,7 +15,7 @@ like `/var/lib/docker/repositories: permission denied` you may have an incomplete Docker installation or insufficient privileges to access docker on your machine. -Please refer to [*Installation*](../../installation/) +Please refer to [*Installation*](/installation/) for installation instructions. ## Hello World @@ -25,8 +25,8 @@ for installation instructions. > - This example assumes you have Docker running in daemon mode. For > more information please see [*Check your Docker > install*](#check-your-docker-installation). -> - **If you don’t like sudo** then see [*Giving non-root -> access*](../../installation/binaries/#dockergroup) +> - **If you don't like sudo** then see [*Giving non-root +> access*](/installation/binaries/#dockergroup) This is the most basic example available for using Docker. @@ -35,11 +35,10 @@ Download the small base image named `busybox`: # Download a busybox image $ sudo docker pull busybox -The `busybox` image is a minimal Linux system. You -can do the same with any number of other images, such as -`debian`, `ubuntu` or -`centos`. The images can be found and retrieved -using the [Docker index](http://index.docker.io). +The `busybox` image is a minimal Linux system. You can do the same with +any number of other images, such as `debian`, `ubuntu` or `centos`. The +images can be found and retrieved using the +[Docker.io](http://index.docker.io) registry. $ sudo docker run busybox /bin/echo hello world @@ -61,7 +60,6 @@ See the example in action - ## Hello World Daemon @@ -71,8 +69,8 @@ See the example in action > - This example assumes you have Docker running in daemon mode. For > more information please see [*Check your Docker > install*](#check-your-docker-installation). -> - **If you don’t like sudo** then see [*Giving non-root -> access*](../../installation/binaries/#dockergroup) +> - **If you don't like sudo** then see [*Giving non-root +> access*](/installation/binaries/#dockergroup) And now for the most boring daemon ever written! @@ -82,64 +80,64 @@ continue to do this until we stop it. **Steps:** - CONTAINER_ID=$(sudo docker run -d ubuntu /bin/sh -c "while true; do echo hello world; sleep 1; done") + $ container_id=$(sudo docker run -d ubuntu /bin/sh -c "while true; do echo hello world; sleep 1; done") We are going to run a simple hello world daemon in a new container made from the `ubuntu` image. -- **"sudo docker run -d "** run a command in a new container. We pass - "-d" so it runs as a daemon. -- **"ubuntu"** is the image we want to run the command inside of. -- **"/bin/sh -c"** is the command we want to run in the container -- **"while true; do echo hello world; sleep 1; done"** is the mini - script we want to run, that will just print hello world once a - second until we stop it. -- **$container_id** the output of the run command will return a - container id, we can use in future commands to see what is going on - with this process. + - **"sudo docker run -d "** run a command in a new container. We pass + "-d" so it runs as a daemon. + - **"ubuntu"** is the image we want to run the command inside of. + - **"/bin/sh -c"** is the command we want to run in the container + - **"while true; do echo hello world; sleep 1; done"** is the mini + script we want to run, that will just print hello world once a + second until we stop it. + - **$container_id** the output of the run command will return a + container id, we can use in future commands to see what is going on + with this process. - sudo docker logs $container_id + $ sudo docker logs $container_id Check the logs make sure it is working correctly. -- **"docker logs**" This will return the logs for a container -- **$container_id** The Id of the container we want the logs for. + - **"docker logs**" This will return the logs for a container + - **$container_id** The Id of the container we want the logs for. - sudo docker attach --sig-proxy=false $container_id + $ sudo docker attach --sig-proxy=false $container_id Attach to the container to see the results in real-time. -- **"docker attach**" This will allow us to attach to a background - process to see what is going on. -- **"–sig-proxy=false"** Do not forward signals to the container; - allows us to exit the attachment using Control-C without stopping - the container. -- **$container_id** The Id of the container we want to attach to. + - **"docker attach**" This will allow us to attach to a background + process to see what is going on. + - **"–sig-proxy=false"** Do not forward signals to the container; + allows us to exit the attachment using Control-C without stopping + the container. + - **$container_id** The Id of the container we want to attach to. Exit from the container attachment by pressing Control-C. - sudo docker ps + $ sudo docker ps Check the process list to make sure it is running. -- **"docker ps"** this shows all running process managed by docker + - **"docker ps"** this shows all running process managed by docker - sudo docker stop $container_id + $ sudo docker stop $container_id -Stop the container, since we don’t need it anymore. +Stop the container, since we don't need it anymore. -- **"docker stop"** This stops a container -- **$container_id** The Id of the container we want to stop. + - **"docker stop"** This stops a container + - **$container_id** The Id of the container we want to stop. - sudo docker ps + $ sudo docker ps Make sure it is really stopped. @@ -151,16 +149,14 @@ See the example in action -The next example in the series is a [*Node.js Web -App*](../nodejs_web_app/#nodejs-web-app) example, or you could skip to -any of the other examples: - -- [*Node.js Web App*](../nodejs_web_app/#nodejs-web-app) -- [*Redis Service*](../running_redis_service/#running-redis-service) -- [*SSH Daemon Service*](../running_ssh_service/#running-ssh-service) -- [*CouchDB - Service*](../couchdb_data_volumes/#running-couchdb-service) -- [*PostgreSQL Service*](../postgresql_service/#postgresql-service) -- [*Building an Image with MongoDB*](../mongodb/#mongodb-image) -- [*Python Web App*](../python_web_app/#python-web-app) +The next example in the series is a [*Node.js Web App*]( +../nodejs_web_app/#nodejs-web-app) example, or you could skip to any of the +other examples: + - [*Node.js Web App*](../nodejs_web_app/#nodejs-web-app) + - [*Redis Service*](../running_redis_service/#running-redis-service) + - [*SSH Daemon Service*](../running_ssh_service/#running-ssh-service) + - [*CouchDB Service*](../couchdb_data_volumes/#running-couchdb-service) + - [*PostgreSQL Service*](../postgresql_service/#postgresql-service) + - [*Building an Image with MongoDB*](../mongodb/#mongodb-image) + - [*Python Web App*](../python_web_app/#python-web-app) diff --git a/docs/sources/examples/hello_world.rst b/docs/sources/examples/hello_world.rst deleted file mode 100644 index 39d7abea2c..0000000000 --- a/docs/sources/examples/hello_world.rst +++ /dev/null @@ -1,181 +0,0 @@ -:title: Hello world example -:description: A simple hello world example with Docker -:keywords: docker, example, hello world - -.. _running_examples: - -Check your Docker install -------------------------- - -This guide assumes you have a working installation of Docker. To check -your Docker install, run the following command: - -.. code-block:: bash - - # Check that you have a working install - $ sudo docker info - -If you get ``docker: command not found`` or something like -``/var/lib/docker/repositories: permission denied`` you may have an incomplete -Docker installation or insufficient privileges to access docker on your machine. - -Please refer to :ref:`installation_list` for installation instructions. - - -.. _hello_world: - -Hello World ------------ - -.. include:: example_header.inc - -This is the most basic example available for using Docker. - -Download the small base image named ``busybox``: - -.. code-block:: bash - - # Download a busybox image - $ sudo docker pull busybox - -The ``busybox`` image is a minimal Linux system. You can do the same -with any number of other images, such as ``debian``, ``ubuntu`` or ``centos``. -The images can be found and retrieved using the `Docker index`_. - -.. _Docker index: http://index.docker.io - -.. code-block:: bash - - $ sudo docker run busybox /bin/echo hello world - -This command will run a simple ``echo`` command, that will echo ``hello world`` back to the console over standard out. - -**Explanation:** - -- **"sudo"** execute the following commands as user *root* -- **"docker run"** run a command in a new container -- **"busybox"** is the image we are running the command in. -- **"/bin/echo"** is the command we want to run in the container -- **"hello world"** is the input for the echo command - - - -**Video:** - -See the example in action - -.. raw:: html - - - ----- - -.. _hello_world_daemon: - -Hello World Daemon ------------------- - -.. include:: example_header.inc - -And now for the most boring daemon ever written! - -We will use the Ubuntu image to run a simple hello world daemon that will just print hello -world to standard out every second. It will continue to do this until -we stop it. - -**Steps:** - -.. code-block:: bash - - container_id=$(sudo docker run -d ubuntu /bin/sh -c "while true; do echo hello world; sleep 1; done") - -We are going to run a simple hello world daemon in a new container -made from the ``ubuntu`` image. - -- **"sudo docker run -d "** run a command in a new container. We pass "-d" - so it runs as a daemon. -- **"ubuntu"** is the image we want to run the command inside of. -- **"/bin/sh -c"** is the command we want to run in the container -- **"while true; do echo hello world; sleep 1; done"** is the mini - script we want to run, that will just print hello world once a - second until we stop it. -- **$container_id** the output of the run command will return a - container id, we can use in future commands to see what is going on - with this process. - -.. code-block:: bash - - sudo docker logs $container_id - -Check the logs make sure it is working correctly. - -- **"docker logs**" This will return the logs for a container -- **$container_id** The Id of the container we want the logs for. - -.. code-block:: bash - - sudo docker attach --sig-proxy=false $container_id - -Attach to the container to see the results in real-time. - -- **"docker attach**" This will allow us to attach to a background - process to see what is going on. -- **"--sig-proxy=false"** Do not forward signals to the container; allows - us to exit the attachment using Control-C without stopping the container. -- **$container_id** The Id of the container we want to attach to. - -Exit from the container attachment by pressing Control-C. - -.. code-block:: bash - - sudo docker ps - -Check the process list to make sure it is running. - -- **"docker ps"** this shows all running process managed by docker - -.. code-block:: bash - - sudo docker stop $container_id - -Stop the container, since we don't need it anymore. - -- **"docker stop"** This stops a container -- **$container_id** The Id of the container we want to stop. - -.. code-block:: bash - - sudo docker ps - -Make sure it is really stopped. - - -**Video:** - -See the example in action - -.. raw:: html - - - -The next example in the series is a :ref:`nodejs_web_app` example, or -you could skip to any of the other examples: - - -* :ref:`nodejs_web_app` -* :ref:`running_redis_service` -* :ref:`running_ssh_service` -* :ref:`running_couchdb_service` -* :ref:`postgresql_service` -* :ref:`mongodb_image` -* :ref:`python_web_app` diff --git a/docs/sources/examples/https.md b/docs/sources/examples/https.md index 153a6c0cf9..c46cf6b88c 100644 --- a/docs/sources/examples/https.md +++ b/docs/sources/examples/https.md @@ -8,7 +8,7 @@ By default, Docker runs via a non-networked Unix socket. It can also optionally communicate using a HTTP socket. If you need Docker reachable via the network in a safe manner, you can -enable TLS by specifying the tlsverify flag and pointing Docker’s +enable TLS by specifying the tlsverify flag and pointing Docker's tlscacert flag to a trusted CA certificate. In daemon mode, it will only allow connections from clients @@ -31,12 +31,12 @@ keys: Now that we have a CA, you can create a server key and certificate signing request. Make sure that "Common Name (e.g. server FQDN or YOUR name)" matches the hostname you will use to connect to Docker or just -use ‘\*’ for a certificate valid for any hostname: +use `\*` for a certificate valid for any hostname: $ openssl genrsa -des3 -out server-key.pem $ openssl req -new -key server-key.pem -out server.csr -Next we’re going to sign the key with our CA: +Next we're going to sign the key with our CA: $ openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem \ -out server-cert.pem @@ -76,7 +76,7 @@ need to provide your client keys, certificates and trusted CA: -H=dns-name-of-docker-host:4243 > **Warning**: -> As shown in the example above, you don’t have to run the +> As shown in the example above, you don't have to run the > `docker` client with `sudo` or > the `docker` group when you use certificate > authentication. That means anyone with the keys can give any @@ -86,22 +86,22 @@ need to provide your client keys, certificates and trusted CA: ## Other modes -If you don’t want to have complete two-way authentication, you can run +If you don't want to have complete two-way authentication, you can run Docker in various other modes by mixing the flags. ### Daemon modes -- tlsverify, tlscacert, tlscert, tlskey set: Authenticate clients -- tls, tlscert, tlskey: Do not authenticate clients + - tlsverify, tlscacert, tlscert, tlskey set: Authenticate clients + - tls, tlscert, tlskey: Do not authenticate clients ### Client modes -- tls: Authenticate server based on public/default CA pool -- tlsverify, tlscacert: Authenticate server based on given CA -- tls, tlscert, tlskey: Authenticate with client certificate, do not - authenticate server based on given CA -- tlsverify, tlscacert, tlscert, tlskey: Authenticate with client - certificate, authenticate server based on given CA + - tls: Authenticate server based on public/default CA pool + - tlsverify, tlscacert: Authenticate server based on given CA + - tls, tlscert, tlskey: Authenticate with client certificate, do not + authenticate server based on given CA + - tlsverify, tlscacert, tlscert, tlskey: Authenticate with client + certificate, authenticate server based on given CA The client will send its client certificate if found, so you just need -to drop your keys into \~/.docker/\.pem +to drop your keys into ~/.docker/.pem diff --git a/docs/sources/examples/https.rst b/docs/sources/examples/https.rst deleted file mode 100644 index 7a221ed951..0000000000 --- a/docs/sources/examples/https.rst +++ /dev/null @@ -1,126 +0,0 @@ -:title: Docker HTTPS Setup -:description: How to setup docker with https -:keywords: docker, example, https, daemon - -.. _running_docker_https: - -Running Docker with https -========================= - -By default, Docker runs via a non-networked Unix socket. It can also optionally -communicate using a HTTP socket. - -If you need Docker reachable via the network in a safe manner, you can enable -TLS by specifying the `tlsverify` flag and pointing Docker's `tlscacert` flag to a -trusted CA certificate. - -In daemon mode, it will only allow connections from clients authenticated by a -certificate signed by that CA. In client mode, it will only connect to servers -with a certificate signed by that CA. - -.. warning:: - - Using TLS and managing a CA is an advanced topic. Please make you self familiar - with openssl, x509 and tls before using it in production. - -Create a CA, server and client keys with OpenSSL ------------------------------------------------- - -First, initialize the CA serial file and generate CA private and public keys: - -.. code-block:: bash - - $ echo 01 > ca.srl - $ openssl genrsa -des3 -out ca-key.pem - $ openssl req -new -x509 -days 365 -key ca-key.pem -out ca.pem - -Now that we have a CA, you can create a server key and certificate signing request. -Make sure that `"Common Name (e.g. server FQDN or YOUR name)"` matches the hostname you will use -to connect to Docker or just use '*' for a certificate valid for any hostname: - -.. code-block:: bash - - $ openssl genrsa -des3 -out server-key.pem - $ openssl req -new -key server-key.pem -out server.csr - -Next we're going to sign the key with our CA: - -.. code-block:: bash - - $ openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem \ - -out server-cert.pem - -For client authentication, create a client key and certificate signing request: - -.. code-block:: bash - - $ openssl genrsa -des3 -out client-key.pem - $ openssl req -new -key client-key.pem -out client.csr - - -To make the key suitable for client authentication, create a extensions config file: - -.. code-block:: bash - - $ echo extendedKeyUsage = clientAuth > extfile.cnf - -Now sign the key: - -.. code-block:: bash - - $ openssl x509 -req -days 365 -in client.csr -CA ca.pem -CAkey ca-key.pem \ - -out client-cert.pem -extfile extfile.cnf - -Finally you need to remove the passphrase from the client and server key: - -.. code-block:: bash - - $ openssl rsa -in server-key.pem -out server-key.pem - $ openssl rsa -in client-key.pem -out client-key.pem - -Now you can make the Docker daemon only accept connections from clients providing -a certificate trusted by our CA: - -.. code-block:: bash - - $ sudo docker -d --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem \ - -H=0.0.0.0:4243 - -To be able to connect to Docker and validate its certificate, you now need to provide your client keys, -certificates and trusted CA: - -.. code-block:: bash - - $ docker --tlsverify --tlscacert=ca.pem --tlscert=client-cert.pem --tlskey=client-key.pem \ - -H=dns-name-of-docker-host:4243 - -.. warning:: - - As shown in the example above, you don't have to run the ``docker`` - client with ``sudo`` or the ``docker`` group when you use - certificate authentication. That means anyone with the keys can - give any instructions to your Docker daemon, giving them root - access to the machine hosting the daemon. Guard these keys as you - would a root password! - -Other modes ------------ -If you don't want to have complete two-way authentication, you can run Docker in -various other modes by mixing the flags. - -Daemon modes -~~~~~~~~~~~~ -- tlsverify, tlscacert, tlscert, tlskey set: Authenticate clients -- tls, tlscert, tlskey: Do not authenticate clients - -Client modes -~~~~~~~~~~~~ -- tls: Authenticate server based on public/default CA pool -- tlsverify, tlscacert: Authenticate server based on given CA -- tls, tlscert, tlskey: Authenticate with client certificate, do not authenticate - server based on given CA -- tlsverify, tlscacert, tlscert, tlskey: Authenticate with client certificate, - authenticate server based on given CA - -The client will send its client certificate if found, so you just need to drop -your keys into `~/.docker/.pem` diff --git a/docs/sources/examples/index.rst b/docs/sources/examples/index.rst deleted file mode 100644 index 94e2d917bb..0000000000 --- a/docs/sources/examples/index.rst +++ /dev/null @@ -1,30 +0,0 @@ -:title: Docker Examples -:description: Examples on how to use Docker -:keywords: docker, hello world, node, nodejs, python, couch, couchdb, redis, ssh, sshd, examples, postgresql, link - - -.. _example_list: - -Examples -======== - -Here are some examples of how to use Docker to create running -processes, starting from a very simple *Hello World* and progressing -to more substantial services like those which you might find in production. - -.. toctree:: - :maxdepth: 1 - - hello_world - nodejs_web_app - running_redis_service - running_ssh_service - couchdb_data_volumes - postgresql_service - mongodb - running_riak_service - using_supervisord - cfengine_process_management - python_web_app - apt-cacher-ng - https diff --git a/docs/sources/examples/mongodb.md b/docs/sources/examples/mongodb.md index c9078419d6..4b5f95d023 100644 --- a/docs/sources/examples/mongodb.md +++ b/docs/sources/examples/mongodb.md @@ -9,57 +9,57 @@ page_keywords: docker, example, package installation, networking, mongodb > - This example assumes you have Docker running in daemon mode. For > more information please see [*Check your Docker > install*](../hello_world/#running-examples). -> - **If you don’t like sudo** then see [*Giving non-root -> access*](../../installation/binaries/#dockergroup) +> - **If you don't like sudo** then see [*Giving non-root +> access*](/installation/binaries/#dockergroup) The goal of this example is to show how you can build your own Docker images with MongoDB pre-installed. We will do that by constructing a -`Dockerfile` that downloads a base image, adds an +Dockerfile that downloads a base image, adds an apt source and installs the database software on Ubuntu. -## Creating a `Dockerfile` +## Creating a Dockerfile -Create an empty file called `Dockerfile`: +Create an empty file called Dockerfile: - touch Dockerfile + $ touch Dockerfile Next, define the parent image you want to use to build your own image on -top of. Here, we’ll use [Ubuntu](https://index.docker.io/_/ubuntu/) +top of. Here, we'll use [Ubuntu](https://index.docker.io/_/ubuntu/) (tag: `latest`) available on the [docker index](http://index.docker.io): FROM ubuntu:latest -Since we want to be running the latest version of MongoDB we’ll need to +Since we want to be running the latest version of MongoDB we'll need to add the 10gen repo to our apt sources list. # Add 10gen official apt source to the sources list RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10 RUN echo 'deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen' | tee /etc/apt/sources.list.d/10gen.list -Then, we don’t want Ubuntu to complain about init not being available so -we’ll divert `/sbin/initctl` to +Then, we don't want Ubuntu to complain about init not being available so +we'll divert `/sbin/initctl` to `/bin/true` so it thinks everything is working. # Hack for initctl not being available in Ubuntu RUN dpkg-divert --local --rename --add /sbin/initctl RUN ln -s /bin/true /sbin/initctl -Afterwards we’ll be able to update our apt repositories and install +Afterwards we'll be able to update our apt repositories and install MongoDB # Install MongoDB RUN apt-get update RUN apt-get install mongodb-10gen -To run MongoDB we’ll have to create the default data directory (because +To run MongoDB we'll have to create the default data directory (because we want it to run without needing to provide a special configuration file) # Create the MongoDB data directory RUN mkdir -p /data/db -Finally, we’ll expose the standard port that MongoDB runs on, 27107, as +Finally, we'll expose the standard port that MongoDB runs on, 27107, as well as define an `ENTRYPOINT` instruction for the container. @@ -67,23 +67,23 @@ container. ENTRYPOINT ["usr/bin/mongod"] Now, lets build the image which will go through the -`Dockerfile` we made and run all of the commands. +Dockerfile we made and run all of the commands. - sudo docker build -t /mongodb . + $ sudo docker build -t /mongodb . Now you should be able to run `mongod` as a daemon and be able to connect on the local port! # Regular style - MONGO_ID=$(sudo docker run -d /mongodb) + $ MONGO_ID=$(sudo docker run -d /mongodb) # Lean and mean - MONGO_ID=$(sudo docker run -d /mongodb --noprealloc --smallfiles) + $ MONGO_ID=$(sudo docker run -d /mongodb --noprealloc --smallfiles) # Check the logs out - sudo docker logs $MONGO_ID + $ sudo docker logs $MONGO_ID # Connect and play around - mongo --port + $ mongo --port Sweet! diff --git a/docs/sources/examples/mongodb.rst b/docs/sources/examples/mongodb.rst deleted file mode 100644 index 913dc2699a..0000000000 --- a/docs/sources/examples/mongodb.rst +++ /dev/null @@ -1,100 +0,0 @@ -:title: Building a Docker Image with MongoDB -:description: How to build a Docker image with MongoDB pre-installed -:keywords: docker, example, package installation, networking, mongodb - -.. _mongodb_image: - -Building an Image with MongoDB -============================== - -.. include:: example_header.inc - -The goal of this example is to show how you can build your own -Docker images with MongoDB pre-installed. We will do that by -constructing a ``Dockerfile`` that downloads a base image, adds an -apt source and installs the database software on Ubuntu. - -Creating a ``Dockerfile`` -+++++++++++++++++++++++++ - -Create an empty file called ``Dockerfile``: - -.. code-block:: bash - - touch Dockerfile - -Next, define the parent image you want to use to build your own image on top of. -Here, we’ll use `Ubuntu `_ (tag: ``latest``) -available on the `docker index `_: - -.. code-block:: bash - - FROM ubuntu:latest - -Since we want to be running the latest version of MongoDB we'll need to add the -10gen repo to our apt sources list. - -.. code-block:: bash - - # Add 10gen official apt source to the sources list - RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10 - RUN echo 'deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen' | tee /etc/apt/sources.list.d/10gen.list - -Then, we don't want Ubuntu to complain about init not being available so we'll -divert ``/sbin/initctl`` to ``/bin/true`` so it thinks everything is working. - -.. code-block:: bash - - # Hack for initctl not being available in Ubuntu - RUN dpkg-divert --local --rename --add /sbin/initctl - RUN ln -sf /bin/true /sbin/initctl - -Afterwards we'll be able to update our apt repositories and install MongoDB - -.. code-block:: bash - - # Install MongoDB - RUN apt-get update - RUN apt-get install mongodb-10gen - -To run MongoDB we'll have to create the default data directory (because we want it to -run without needing to provide a special configuration file) - -.. code-block:: bash - - # Create the MongoDB data directory - RUN mkdir -p /data/db - -Finally, we'll expose the standard port that MongoDB runs on, 27107, as well as -define an ``ENTRYPOINT`` instruction for the container. - -.. code-block:: bash - - EXPOSE 27017 - ENTRYPOINT ["usr/bin/mongod"] - -Now, lets build the image which will go through the ``Dockerfile`` we made and -run all of the commands. - -.. code-block:: bash - - sudo docker build -t /mongodb . - -Now you should be able to run ``mongod`` as a daemon and be able to connect on -the local port! - -.. code-block:: bash - - # Regular style - MONGO_ID=$(sudo docker run -P -d /mongodb) - - # Lean and mean - MONGO_ID=$(sudo docker run -P -d /mongodb --noprealloc --smallfiles) - - # Check the logs out - sudo docker logs $MONGO_ID - - # Connect and play around - mongo --port - -Sweet! diff --git a/docs/sources/examples/nodejs_web_app.md b/docs/sources/examples/nodejs_web_app.md index 77d75047b6..bc0e908d2d 100644 --- a/docs/sources/examples/nodejs_web_app.md +++ b/docs/sources/examples/nodejs_web_app.md @@ -9,8 +9,8 @@ page_keywords: docker, example, package installation, node, centos > - This example assumes you have Docker running in daemon mode. For > more information please see [*Check your Docker > install*](../hello_world/#running-examples). -> - **If you don’t like sudo** then see [*Giving non-root -> access*](../../installation/binaries/#dockergroup) +> - **If you don't like sudo** then see [*Giving non-root +> access*](/installation/binaries/#dockergroup) The goal of this example is to show you how you can build your own Docker images from a parent image using a `Dockerfile` @@ -52,11 +52,11 @@ app using the [Express.js](http://expressjs.com/) framework: app.listen(PORT); console.log('Running on http://localhost:' + PORT); -In the next steps, we’ll look at how you can run this app inside a -CentOS container using Docker. First, you’ll need to build a Docker +In the next steps, we'll look at how you can run this app inside a +CentOS container using Docker. First, you'll need to build a Docker image of your app. -## Creating a `Dockerfile` +## Creating a Dockerfile Create an empty file called `Dockerfile`: @@ -69,47 +69,44 @@ requires to build (this example uses Docker 0.3.4): # DOCKER-VERSION 0.3.4 Next, define the parent image you want to use to build your own image on -top of. Here, we’ll use [CentOS](https://index.docker.io/_/centos/) +top of. Here, we'll use [CentOS](https://index.docker.io/_/centos/) (tag: `6.4`) available on the [Docker index](https://index.docker.io/): FROM centos:6.4 -Since we’re building a Node.js app, you’ll have to install Node.js as +Since we're building a Node.js app, you'll have to install Node.js as well as npm on your CentOS image. Node.js is required to run your app -and npm to install your app’s dependencies defined in +and npm to install your app's dependencies defined in `package.json`. To install the right package for -CentOS, we’ll use the instructions from the [Node.js -wiki](https://github.com/joyent/node/wiki/Installing-Node.js-via-package-manager#rhelcentosscientific-linux-6): +CentOS, we'll use the instructions from the [Node.js wiki]( +https://github.com/joyent/node/wiki/Installing-Node.js- +via-package-manager#rhelcentosscientific-linux-6): # Enable EPEL for Node.js RUN rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm # Install Node.js and npm RUN yum install -y npm -To bundle your app’s source code inside the Docker image, use the -`ADD` instruction: +To bundle your app's source code inside the Docker image, use the `ADD` +instruction: # Bundle app source ADD . /src -Install your app dependencies using the `npm` -binary: +Install your app dependencies using the `npm` binary: # Install app dependencies RUN cd /src; npm install -Your app binds to port `8080` so you’ll use the -`EXPOSE` instruction to have it mapped by the -`docker` daemon: +Your app binds to port `8080` so you'll use the` EXPOSE` instruction to have +it mapped by the `docker` daemon: EXPOSE 8080 -Last but not least, define the command to run your app using -`CMD` which defines your runtime, i.e. -`node`, and the path to our app, i.e. -`src/index.js` (see the step where we added the -source to the container): +Last but not least, define the command to run your app using `CMD` which +defines your runtime, i.e. `node`, and the path to our app, i.e. `src/index.js` +(see the step where we added the source to the container): CMD ["node", "/src/index.js"] @@ -133,72 +130,68 @@ Your `Dockerfile` should now look like this: ## Building your image -Go to the directory that has your `Dockerfile` and -run the following command to build a Docker image. The `-t` -flag let’s you tag your image so it’s easier to find later -using the `docker images` command: +Go to the directory that has your `Dockerfile` and run the following command +to build a Docker image. The `-t` flag let's you tag your image so it's easier +to find later using the `docker images` command: - sudo docker build -t /centos-node-hello . + $ sudo docker build -t /centos-node-hello . Your image will now be listed by Docker: - sudo docker images + $ sudo docker images - > # Example - > REPOSITORY TAG ID CREATED - > centos 6.4 539c0211cd76 8 weeks ago - > gasi/centos-node-hello latest d64d3505b0d2 2 hours ago + # Example + REPOSITORY TAG ID CREATED + centos 6.4 539c0211cd76 8 weeks ago + gasi/centos-node-hello latest d64d3505b0d2 2 hours ago ## Run the image -Running your image with `-d` runs the container in -detached mode, leaving the container running in the background. The -`-p` flag redirects a public port to a private port -in the container. Run the image you previously built: +Running your image with `-d` runs the container in detached mode, leaving the +container running in the background. The `-p` flag redirects a public port to +a private port in the container. Run the image you previously built: - sudo docker run -p 49160:8080 -d /centos-node-hello + $ sudo docker run -p 49160:8080 -d /centos-node-hello Print the output of your app: # Get container ID - sudo docker ps + $ sudo docker ps # Print app output - sudo docker logs + $ sudo docker logs - > # Example - > Running on http://localhost:8080 + # Example + Running on http://localhost:8080 ## Test To test your app, get the the port of your app that Docker mapped: - sudo docker ps + $ sudo docker ps - > # Example - > ID IMAGE COMMAND ... PORTS - > ecce33b30ebf gasi/centos-node-hello:latest node /src/index.js 49160->8080 + # Example + ID IMAGE COMMAND ... PORTS + ecce33b30ebf gasi/centos-node-hello:latest node /src/index.js 49160->8080 -In the example above, Docker mapped the `8080` port -of the container to `49160`. +In the example above, Docker mapped the `8080` port of the container to `49160`. -Now you can call your app using `curl` (install if -needed via: `sudo apt-get install curl`): +Now you can call your app using `curl` (install if needed via: +`sudo apt-get install curl`): - curl -i localhost:49160 + $ curl -i localhost:49160 - > HTTP/1.1 200 OK - > X-Powered-By: Express - > Content-Type: text/html; charset=utf-8 - > Content-Length: 12 - > Date: Sun, 02 Jun 2013 03:53:22 GMT - > Connection: keep-alive - > - > Hello World + HTTP/1.1 200 OK + X-Powered-By: Express + Content-Type: text/html; charset=utf-8 + Content-Length: 12 + Date: Sun, 02 Jun 2013 03:53:22 GMT + Connection: keep-alive + + Hello World We hope this tutorial helped you get up and running with Node.js and CentOS on Docker. You can get the full source code at [https://github.com/gasi/docker-node-hello](https://github.com/gasi/docker-node-hello). -Continue to [*Redis -Service*](../running_redis_service/#running-redis-service). +Continue to [*Redis Service*](../running_redis_service/#running-redis-service). diff --git a/docs/sources/examples/nodejs_web_app.rst b/docs/sources/examples/nodejs_web_app.rst deleted file mode 100644 index 55bd76db89..0000000000 --- a/docs/sources/examples/nodejs_web_app.rst +++ /dev/null @@ -1,239 +0,0 @@ -:title: Running a Node.js app on CentOS -:description: Installing and running a Node.js app on CentOS -:keywords: docker, example, package installation, node, centos - -.. _nodejs_web_app: - -Node.js Web App -=============== - -.. include:: example_header.inc - -The goal of this example is to show you how you can build your own -Docker images from a parent image using a ``Dockerfile`` . We will do -that by making a simple Node.js hello world web application running on -CentOS. You can get the full source code at -https://github.com/gasi/docker-node-hello. - -Create Node.js app -++++++++++++++++++ - -First, create a directory ``src`` where all the files would live. Then create a ``package.json`` file that describes your app and its -dependencies: - -.. code-block:: json - - { - "name": "docker-centos-hello", - "private": true, - "version": "0.0.1", - "description": "Node.js Hello World app on CentOS using docker", - "author": "Daniel Gasienica ", - "dependencies": { - "express": "3.2.4" - } - } - -Then, create an ``index.js`` file that defines a web app using the -`Express.js `_ framework: - -.. code-block:: javascript - - var express = require('express'); - - // Constants - var PORT = 8080; - - // App - var app = express(); - app.get('/', function (req, res) { - res.send('Hello World\n'); - }); - - app.listen(PORT); - console.log('Running on http://localhost:' + PORT); - - -In the next steps, we’ll look at how you can run this app inside a CentOS -container using Docker. First, you’ll need to build a Docker image of your app. - -Creating a ``Dockerfile`` -+++++++++++++++++++++++++ - -Create an empty file called ``Dockerfile``: - -.. code-block:: bash - - touch Dockerfile - -Open the ``Dockerfile`` in your favorite text editor and add the following line -that defines the version of Docker the image requires to build -(this example uses Docker 0.3.4): - -.. code-block:: bash - - # DOCKER-VERSION 0.3.4 - -Next, define the parent image you want to use to build your own image on top of. -Here, we’ll use `CentOS `_ (tag: ``6.4``) -available on the `Docker index`_: - -.. code-block:: bash - - FROM centos:6.4 - -Since we’re building a Node.js app, you’ll have to install Node.js as well as -npm on your CentOS image. Node.js is required to run your app and npm to install -your app’s dependencies defined in ``package.json``. -To install the right package for CentOS, we’ll use the instructions from the -`Node.js wiki`_: - -.. code-block:: bash - - # Enable EPEL for Node.js - RUN rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm - # Install Node.js and npm - RUN yum install -y npm - -To bundle your app’s source code inside the Docker image, use the ``ADD`` -instruction: - -.. code-block:: bash - - # Bundle app source - ADD . /src - -Install your app dependencies using the ``npm`` binary: - -.. code-block:: bash - - # Install app dependencies - RUN cd /src; npm install - -Your app binds to port ``8080`` so you’ll use the ``EXPOSE`` instruction -to have it mapped by the ``docker`` daemon: - -.. code-block:: bash - - EXPOSE 8080 - -Last but not least, define the command to run your app using ``CMD`` -which defines your runtime, i.e. ``node``, and the path to our app, -i.e. ``src/index.js`` (see the step where we added the source to the -container): - -.. code-block:: bash - - CMD ["node", "/src/index.js"] - -Your ``Dockerfile`` should now look like this: - -.. code-block:: bash - - - # DOCKER-VERSION 0.3.4 - FROM centos:6.4 - - # Enable EPEL for Node.js - RUN rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm - # Install Node.js and npm - RUN yum install -y npm - - # Bundle app source - ADD . /src - # Install app dependencies - RUN cd /src; npm install - - EXPOSE 8080 - CMD ["node", "/src/index.js"] - - -Building your image -+++++++++++++++++++ - -Go to the directory that has your ``Dockerfile`` and run the following -command to build a Docker image. The ``-t`` flag let’s you tag your -image so it’s easier to find later using the ``docker images`` -command: - -.. code-block:: bash - - sudo docker build -t /centos-node-hello . - -Your image will now be listed by Docker: - -.. code-block:: bash - - sudo docker images - - > # Example - > REPOSITORY TAG ID CREATED - > centos 6.4 539c0211cd76 8 weeks ago - > gasi/centos-node-hello latest d64d3505b0d2 2 hours ago - - -Run the image -+++++++++++++ - -Running your image with ``-d`` runs the container in detached mode, leaving the -container running in the background. The ``-p`` flag redirects a public port to a private port in the container. Run the image you previously built: - -.. code-block:: bash - - sudo docker run -p 49160:8080 -d /centos-node-hello - -Print the output of your app: - -.. code-block:: bash - - # Get container ID - sudo docker ps - - # Print app output - sudo docker logs - - > # Example - > Running on http://localhost:8080 - - -Test -++++ - -To test your app, get the the port of your app that Docker mapped: - -.. code-block:: bash - - sudo docker ps - - > # Example - > ID IMAGE COMMAND ... PORTS - > ecce33b30ebf gasi/centos-node-hello:latest node /src/index.js 49160->8080 - -In the example above, Docker mapped the ``8080`` port of the container to -``49160``. - -Now you can call your app using ``curl`` (install if needed via: -``sudo apt-get install curl``): - -.. code-block:: bash - - curl -i localhost:49160 - - > HTTP/1.1 200 OK - > X-Powered-By: Express - > Content-Type: text/html; charset=utf-8 - > Content-Length: 12 - > Date: Sun, 02 Jun 2013 03:53:22 GMT - > Connection: keep-alive - > - > Hello World - -We hope this tutorial helped you get up and running with Node.js and -CentOS on Docker. You can get the full source code at -https://github.com/gasi/docker-node-hello. - -Continue to :ref:`running_redis_service`. - - -.. _Node.js wiki: https://github.com/joyent/node/wiki/Installing-Node.js-via-package-manager#rhelcentosscientific-linux-6 -.. _docker index: https://index.docker.io/ diff --git a/docs/sources/examples/postgresql_service.md b/docs/sources/examples/postgresql_service.md index 053bf410c0..14d9e647a3 100644 --- a/docs/sources/examples/postgresql_service.md +++ b/docs/sources/examples/postgresql_service.md @@ -9,13 +9,13 @@ page_keywords: docker, example, package installation, postgresql > - This example assumes you have Docker running in daemon mode. For > more information please see [*Check your Docker > install*](../hello_world/#running-examples). -> - **If you don’t like sudo** then see [*Giving non-root -> access*](../../installation/binaries/#dockergroup) +> - **If you don't like sudo** then see [*Giving non-root +> access*](/installation/binaries/#dockergroup) ## Installing PostgreSQL on Docker -Assuming there is no Docker image that suits your needs in [the -index](http://index.docker.io), you can create one yourself. +Assuming there is no Docker image that suits your needs in [the index]( +http://index.docker.io), you can create one yourself. Start by creating a new Dockerfile: @@ -25,7 +25,7 @@ Start by creating a new Dockerfile: > suitably secure. # - # example Dockerfile for http://docs.docker.io/en/latest/examples/postgresql_service/ + # example Dockerfile for http://docs.docker.io/examples/postgresql_service/ # FROM ubuntu @@ -87,7 +87,7 @@ And run the PostgreSQL server container (in the foreground): $ sudo docker run -rm -P -name pg_test eg_postgresql There are 2 ways to connect to the PostgreSQL server. We can use [*Link -Containers*](../../use/working_with_links_names/#working-with-links-names), +Containers*](/use/working_with_links_names/#working-with-links-names), or we can access it from our host (or the network). > **Note**: @@ -96,8 +96,8 @@ or we can access it from our host (or the network). ### Using container linking -Containers can be linked to another container’s ports directly using -`-link remote_name:local_alias` in the client’s +Containers can be linked to another container's ports directly using +`-link remote_name:local_alias` in the client's `docker run`. This will set a number of environment variables that can then be used to connect: @@ -125,14 +125,14 @@ prompt, you can create a table and populate it. psql (9.3.1) Type "help" for help. - docker=# CREATE TABLE cities ( + $ docker=# CREATE TABLE cities ( docker(# name varchar(80), docker(# location point docker(# ); CREATE TABLE - docker=# INSERT INTO cities VALUES ('San Francisco', '(-194.0, 53.0)'); + $ docker=# INSERT INTO cities VALUES ('San Francisco', '(-194.0, 53.0)'); INSERT 0 1 - docker=# select * from cities; + $ docker=# select * from cities; name | location ---------------+----------- San Francisco | (-194,53) @@ -143,7 +143,7 @@ prompt, you can create a table and populate it. You can use the defined volumes to inspect the PostgreSQL log files and to backup your configuration and data: - docker run -rm --volumes-from pg_test -t -i busybox sh + $ docker run -rm --volumes-from pg_test -t -i busybox sh / # ls bin etc lib linuxrc mnt proc run sys usr diff --git a/docs/sources/examples/postgresql_service.rst b/docs/sources/examples/postgresql_service.rst deleted file mode 100644 index 488e1530b2..0000000000 --- a/docs/sources/examples/postgresql_service.rst +++ /dev/null @@ -1,117 +0,0 @@ -:title: PostgreSQL service How-To -:description: Running and installing a PostgreSQL service -:keywords: docker, example, package installation, postgresql - -.. _postgresql_service: - -PostgreSQL Service -================== - -.. include:: example_header.inc - -Installing PostgreSQL on Docker -------------------------------- - -Assuming there is no Docker image that suits your needs in `the index`_, you -can create one yourself. - -.. _the index: http://index.docker.io - -Start by creating a new Dockerfile: - -.. note:: - - This PostgreSQL setup is for development only purposes. Refer - to the PostgreSQL documentation to fine-tune these settings so that it - is suitably secure. - -.. literalinclude:: postgresql_service.Dockerfile - -Build an image from the Dockerfile assign it a name. - -.. code-block:: bash - - $ sudo docker build -t eg_postgresql . - -And run the PostgreSQL server container (in the foreground): - -.. code-block:: bash - - $ sudo docker run --rm -P --name pg_test eg_postgresql - -There are 2 ways to connect to the PostgreSQL server. We can use -:ref:`working_with_links_names`, or we can access it from our host (or the network). - -.. note:: The ``--rm`` removes the container and its image when the container - exists successfully. - -Using container linking -^^^^^^^^^^^^^^^^^^^^^^^ - -Containers can be linked to another container's ports directly using -``--link remote_name:local_alias`` in the client's ``docker run``. This will -set a number of environment variables that can then be used to connect: - -.. code-block:: bash - - $ sudo docker run --rm -t -i --link pg_test:pg eg_postgresql bash - - postgres@7ef98b1b7243:/$ psql -h $PG_PORT_5432_TCP_ADDR -p $PG_PORT_5432_TCP_PORT -d docker -U docker --password - -Connecting from your host system -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Assuming you have the postgresql-client installed, you can use the host-mapped port -to test as well. You need to use ``docker ps`` to find out what local host port the -container is mapped to first: - -.. code-block:: bash - - $ docker ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 5e24362f27f6 eg_postgresql:latest /usr/lib/postgresql/ About an hour ago Up About an hour 0.0.0.0:49153->5432/tcp pg_test - $ psql -h localhost -p 49153 -d docker -U docker --password - -Testing the database -^^^^^^^^^^^^^^^^^^^^ - -Once you have authenticated and have a ``docker =#`` prompt, you can -create a table and populate it. - -.. code-block:: bash - - psql (9.3.1) - Type "help" for help. - - docker=# CREATE TABLE cities ( - docker(# name varchar(80), - docker(# location point - docker(# ); - CREATE TABLE - docker=# INSERT INTO cities VALUES ('San Francisco', '(-194.0, 53.0)'); - INSERT 0 1 - docker=# select * from cities; - name | location - ---------------+----------- - San Francisco | (-194,53) - (1 row) - -Using the container volumes -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -You can use the defined volumes to inspect the PostgreSQL log files and to backup your -configuration and data: - -.. code-block:: bash - - docker run --rm --volumes-from pg_test -t -i busybox sh - - / # ls - bin etc lib linuxrc mnt proc run sys usr - dev home lib64 media opt root sbin tmp var - / # ls /etc/postgresql/9.3/main/ - environment pg_hba.conf postgresql.conf - pg_ctl.conf pg_ident.conf start.conf - /tmp # ls /var/log - ldconfig postgresql - diff --git a/docs/sources/examples/python_web_app.md b/docs/sources/examples/python_web_app.md index 2212f97139..e761003a9e 100644 --- a/docs/sources/examples/python_web_app.md +++ b/docs/sources/examples/python_web_app.md @@ -9,8 +9,8 @@ page_keywords: docker, example, python, web app > - This example assumes you have Docker running in daemon mode. For > more information please see [*Check your Docker > install*](../hello_world/#running-examples). -> - **If you don’t like sudo** then see [*Giving non-root -> access*](../../installation/binaries/#dockergroup) +> - **If you don't like sudo** then see [*Giving non-root +> access*](/installation/binaries/#dockergroup) While using Dockerfiles is the preferred way to create maintainable and repeatable images, its useful to know how you can try things out and @@ -18,13 +18,13 @@ then commit your live changes to an image. The goal of this example is to show you how you can modify your own Docker images by making changes to a running container, and then saving -the results as a new image. We will do that by making a simple ‘hello -world’ Flask web application image. +the results as a new image. We will do that by making a simple `hello +world` Flask web application image. ## Download the initial image -Download the `shykes/pybuilder` Docker image from -the `http://index.docker.io` registry. +Download the `shykes/pybuilder` Docker image from the `http://index.docker.io` +registry. This image contains a `buildapp` script to download the web app and then `pip install` any required @@ -36,7 +36,7 @@ modules, and a `runapp` script that finds the > **Note**: > This container was built with a very old version of docker (May 2013 - > see [shykes/pybuilder](https://github.com/shykes/pybuilder) ), when the -> `Dockerfile` format was different, but the image can +> Dockerfile format was different, but the image can > still be used now. ## Interactively make some modifications @@ -49,7 +49,7 @@ the `$URL` variable. The container is given a name `pybuilder_run` which we will use in the next steps. While this example is simple, you could run any number of interactive -commands, try things out, and then exit when you’re done. +commands, try things out, and then exit when you're done. $ sudo docker run -i -t -name pybuilder_run shykes/pybuilder bash @@ -76,11 +76,11 @@ mapped to a local port $ sudo docker run -d -p 5000 --name web_worker /builds/github.com/shykes/helloflask/master /usr/local/bin/runapp -- **"docker run -d "** run a command in a new container. We pass "-d" - so it runs as a daemon. -- **"-p 5000"** the web app is going to listen on this port, so it - must be mapped from the container to the host system. -- **/usr/local/bin/runapp** is the command which starts the web app. + - **"docker run -d "** run a command in a new container. We pass "-d" + so it runs as a daemon. + - **"-p 5000"** the web app is going to listen on this port, so it + must be mapped from the container to the host system. + - **/usr/local/bin/runapp** is the command which starts the web app. ## View the container logs @@ -93,7 +93,7 @@ another terminal and continue with the example while watching the result in the logs. $ sudo docker logs -f web_worker - * Running on http://0.0.0.0:5000/ + * Running on http://0.0.0.0:5000/ ## See the webapp output @@ -117,7 +117,7 @@ everything worked as planned you should see the line List `--all` the Docker containers. If this container had already finished running, it will still be listed here -with a status of ‘Exit 0’. +with a status of `Exit 0`. $ sudo docker stop web_worker $ sudo docker rm web_worker pybuilder_run diff --git a/docs/sources/examples/python_web_app.rst b/docs/sources/examples/python_web_app.rst deleted file mode 100644 index 33c038f9ab..0000000000 --- a/docs/sources/examples/python_web_app.rst +++ /dev/null @@ -1,145 +0,0 @@ -:title: Python Web app example -:description: Building your own python web app using docker -:keywords: docker, example, python, web app - -.. _python_web_app: - -Python Web App -============== - -.. include:: example_header.inc - -While using Dockerfiles is the preferred way to create maintainable -and repeatable images, its useful to know how you can try things out -and then commit your live changes to an image. - -The goal of this example is to show you how you can modify your own -Docker images by making changes to a running -container, and then saving the results as a new image. We will do -that by making a simple 'hello world' Flask web application image. - -Download the initial image --------------------------- - -Download the ``shykes/pybuilder`` Docker image from the ``http://index.docker.io`` -registry. - -This image contains a ``buildapp`` script to download the web app and then ``pip install`` -any required modules, and a ``runapp`` script that finds the ``app.py`` and runs it. - -.. _`shykes/pybuilder`: https://github.com/shykes/pybuilder - -.. code-block:: bash - - $ sudo docker pull shykes/pybuilder - -.. note:: This container was built with a very old version of docker - (May 2013 - see `shykes/pybuilder`_ ), when the ``Dockerfile`` format was different, - but the image can still be used now. - -Interactively make some modifications -------------------------------------- - -We then start a new container running interactively using the image. -First, we set a ``URL`` variable that points to a tarball of a simple -helloflask web app, and then we run a command contained in the image called -``buildapp``, passing it the ``$URL`` variable. The container is -given a name ``pybuilder_run`` which we will use in the next steps. - -While this example is simple, you could run any number of interactive commands, -try things out, and then exit when you're done. - -.. code-block:: bash - - $ sudo docker run -i -t --name pybuilder_run shykes/pybuilder bash - - $$ URL=http://github.com/shykes/helloflask/archive/master.tar.gz - $$ /usr/local/bin/buildapp $URL - [...] - $$ exit - -Commit the container to create a new image ------------------------------------------- - -Save the changes we just made in the container to a new image called -``/builds/github.com/shykes/helloflask/master``. You now have 3 different -ways to refer to the container: name ``pybuilder_run``, short-id ``c8b2e8228f11``, or -long-id ``c8b2e8228f11b8b3e492cbf9a49923ae66496230056d61e07880dc74c5f495f9``. - -.. code-block:: bash - - $ sudo docker commit pybuilder_run /builds/github.com/shykes/helloflask/master - c8b2e8228f11b8b3e492cbf9a49923ae66496230056d61e07880dc74c5f495f9 - - -Run the new image to start the web worker ------------------------------------------ - -Use the new image to create a new container with -network port 5000 mapped to a local port - -.. code-block:: bash - - $ sudo docker run -d -p 5000 --name web_worker /builds/github.com/shykes/helloflask/master /usr/local/bin/runapp - - -- **"docker run -d "** run a command in a new container. We pass "-d" - so it runs as a daemon. -- **"-p 5000"** the web app is going to listen on this port, so it - must be mapped from the container to the host system. -- **/usr/local/bin/runapp** is the command which starts the web app. - - -View the container logs ------------------------ - -View the logs for the new ``web_worker`` container and -if everything worked as planned you should see the line ``Running on -http://0.0.0.0:5000/`` in the log output. - -To exit the view without stopping the container, hit Ctrl-C, or open another -terminal and continue with the example while watching the result in the logs. - -.. code-block:: bash - - $ sudo docker logs -f web_worker - * Running on http://0.0.0.0:5000/ - - -See the webapp output ---------------------- - -Look up the public-facing port which is NAT-ed. Find the private port -used by the container and store it inside of the ``WEB_PORT`` variable. - -Access the web app using the ``curl`` binary. If everything worked as planned you -should see the line ``Hello world!`` inside of your console. - -.. code-block:: bash - - $ WEB_PORT=$(sudo docker port web_worker 5000 | awk -F: '{ print $2 }') - - # install curl if necessary, then ... - $ curl http://127.0.0.1:$WEB_PORT - Hello world! - - -Clean up example containers and images --------------------------------------- - -.. code-block:: bash - - $ sudo docker ps --all - -List ``--all`` the Docker containers. If this container had already finished -running, it will still be listed here with a status of 'Exit 0'. - -.. code-block:: bash - - $ sudo docker stop web_worker - $ sudo docker rm web_worker pybuilder_run - $ sudo docker rmi /builds/github.com/shykes/helloflask/master shykes/pybuilder:latest - -And now stop the running web worker, and delete the containers, so that we can -then delete the images that we used. - diff --git a/docs/sources/examples/running_redis_service.md b/docs/sources/examples/running_redis_service.md index b67937fab5..ca67048625 100644 --- a/docs/sources/examples/running_redis_service.md +++ b/docs/sources/examples/running_redis_service.md @@ -9,8 +9,8 @@ page_keywords: docker, example, package installation, networking, redis > - This example assumes you have Docker running in daemon mode. For > more information please see [*Check your Docker > install*](../hello_world/#running-examples). -> - **If you don’t like sudo** then see [*Giving non-root -> access*](../../installation/binaries/#dockergroup) +> - **If you don't like sudo** then see [*Giving non-root +> access*](/installation/binaries/#dockergroup) Very simple, no frills, Redis service attached to a web application using a link. @@ -29,44 +29,42 @@ image. Next we build an image from our `Dockerfile`. Replace `` with your own user name. - sudo docker build -t /redis . + $ sudo docker build -t /redis . ## Run the service -Use the image we’ve just created and name your container -`redis`. +Use the image we've just created and name your container `redis`. -Running the service with `-d` runs the container in -detached mode, leaving the container running in the background. +Running the service with `-d` runs the container in detached mode, leaving +the container running in the background. -Importantly, we’re not exposing any ports on our container. Instead -we’re going to use a container link to provide access to our Redis +Importantly, we're not exposing any ports on our container. Instead +we're going to use a container link to provide access to our Redis database. - sudo docker run --name redis -d /redis + $ sudo docker run --name redis -d /redis ## Create your web application container -Next we can create a container for our application. We’re going to use -the `-link` flag to create a link to the -`redis` container we’ve just created with an alias -of `db`. This will create a secure tunnel to the -`redis` container and expose the Redis instance -running inside that container to only this container. +Next we can create a container for our application. We're going to use +the `-link` flag to create a link to the `redis` container we've just +created with an alias of `db`. This will create a secure tunnel to the +`redis` container and expose the Redis instance running inside that +container to only this container. - sudo docker run --link redis:db -i -t ubuntu:12.10 /bin/bash + $ sudo docker run --link redis:db -i -t ubuntu:12.10 /bin/bash Once inside our freshly created container we need to install Redis to get the `redis-cli` binary to test our connection. - apt-get update - apt-get -y install redis-server - service redis-server stop + $ apt-get update + $ apt-get -y install redis-server + $ service redis-server stop -As we’ve used the `--link redis:db` option, Docker +As we've used the `--link redis:db` option, Docker has created some environment variables in our web application container. - env | grep DB_ + $ env | grep DB_ # Should return something similar to this with your values DB_NAME=/violet_wolf/db @@ -76,19 +74,18 @@ has created some environment variables in our web application container. DB_PORT_6379_TCP_ADDR=172.17.0.33 DB_PORT_6379_TCP_PROTO=tcp -We can see that we’ve got a small list of environment variables prefixed -with `DB`. The `DB` comes from -the link alias specified when we launched the container. Let’s use the -`DB_PORT_6379_TCP_ADDR` variable to connect to our -Redis container. +We can see that we've got a small list of environment variables prefixed +with `DB`. The `DB` comes from the link alias specified when we launched +the container. Let's use the `DB_PORT_6379_TCP_ADDR` variable to connect to +our Redis container. - redis-cli -h $DB_PORT_6379_TCP_ADDR - redis 172.17.0.33:6379> - redis 172.17.0.33:6379> set docker awesome + $ redis-cli -h $DB_PORT_6379_TCP_ADDR + $ redis 172.17.0.33:6379> + $ redis 172.17.0.33:6379> set docker awesome OK - redis 172.17.0.33:6379> get docker + $ redis 172.17.0.33:6379> get docker "awesome" - redis 172.17.0.33:6379> exit + $ redis 172.17.0.33:6379> exit We could easily use this or other environment variables in our web application to make a connection to our `redis` diff --git a/docs/sources/examples/running_redis_service.rst b/docs/sources/examples/running_redis_service.rst deleted file mode 100644 index 5a5a1b003f..0000000000 --- a/docs/sources/examples/running_redis_service.rst +++ /dev/null @@ -1,101 +0,0 @@ -:title: Running a Redis service -:description: Installing and running an redis service -:keywords: docker, example, package installation, networking, redis - -.. _running_redis_service: - -Redis Service -============= - -.. include:: example_header.inc - -Very simple, no frills, Redis service attached to a web application using a link. - -Create a docker container for Redis ------------------------------------ - -Firstly, we create a ``Dockerfile`` for our new Redis image. - -.. code-block:: bash - - FROM debian:jessie - RUN apt-get update && apt-get install -y redis-server - EXPOSE 6379 - ENTRYPOINT ["/usr/bin/redis-server"] - CMD ["--bind", "0.0.0.0"] - -Next we build an image from our ``Dockerfile``. Replace ```` -with your own user name. - -.. code-block:: bash - - sudo docker build -t /redis . - -Run the service ---------------- - -Use the image we've just created and name your container ``redis``. - -Running the service with ``-d`` runs the container in detached mode, leaving the -container running in the background. - -Importantly, we're not exposing any ports on our container. Instead we're going to -use a container link to provide access to our Redis database. - -.. code-block:: bash - - sudo docker run --name redis -d /redis - -Create your web application container -------------------------------------- - -Next we can create a container for our application. We're going to use the ``--link`` -flag to create a link to the ``redis`` container we've just created with an alias of -``db``. This will create a secure tunnel to the ``redis`` container and expose the -Redis instance running inside that container to only this container. - -.. code-block:: bash - - sudo docker run --link redis:db -i -t ubuntu:12.10 /bin/bash - -Once inside our freshly created container we need to install Redis to get the -``redis-cli`` binary to test our connection. - -.. code-block:: bash - - apt-get update - apt-get -y install redis-server - service redis-server stop - -As we've used the ``--link redis:db`` option, Docker has created some environment -variables in our web application container. - -.. code-block:: bash - - env | grep DB_ - - # Should return something similar to this with your values - DB_NAME=/violet_wolf/db - DB_PORT_6379_TCP_PORT=6379 - DB_PORT=tcp://172.17.0.33:6379 - DB_PORT_6379_TCP=tcp://172.17.0.33:6379 - DB_PORT_6379_TCP_ADDR=172.17.0.33 - DB_PORT_6379_TCP_PROTO=tcp - -We can see that we've got a small list of environment variables prefixed with ``DB``. -The ``DB`` comes from the link alias specified when we launched the container. Let's use -the ``DB_PORT_6379_TCP_ADDR`` variable to connect to our Redis container. - -.. code-block:: bash - - redis-cli -h $DB_PORT_6379_TCP_ADDR - redis 172.17.0.33:6379> - redis 172.17.0.33:6379> set docker awesome - OK - redis 172.17.0.33:6379> get docker - "awesome" - redis 172.17.0.33:6379> exit - -We could easily use this or other environment variables in our web application to make a -connection to our ``redis`` container. - diff --git a/docs/sources/examples/running_riak_service.md b/docs/sources/examples/running_riak_service.md index ad0b20a628..852035f9a4 100644 --- a/docs/sources/examples/running_riak_service.md +++ b/docs/sources/examples/running_riak_service.md @@ -9,20 +9,20 @@ page_keywords: docker, example, package installation, networking, riak > - This example assumes you have Docker running in daemon mode. For > more information please see [*Check your Docker > install*](../hello_world/#running-examples). -> - **If you don’t like sudo** then see [*Giving non-root -> access*](../../installation/binaries/#dockergroup) +> - **If you don't like sudo** then see [*Giving non-root +> access*](/installation/binaries/#dockergroup) The goal of this example is to show you how to build a Docker image with Riak pre-installed. -## Creating a `Dockerfile` +## Creating a Dockerfile -Create an empty file called `Dockerfile`: +Create an empty file called Dockerfile: - touch Dockerfile + $ touch Dockerfile Next, define the parent image you want to use to build your image on top -of. We’ll use [Ubuntu](https://index.docker.io/_/ubuntu/) (tag: +of. We'll use [Ubuntu](https://index.docker.io/_/ubuntu/) (tag: `latest`), which is available on the [docker index](http://index.docker.io): @@ -43,13 +43,13 @@ Next, we update the APT cache and apply any updates: After that, we install and setup a few dependencies: -- `curl` is used to download Basho’s APT + - `curl` is used to download Basho's APT repository key -- `lsb-release` helps us derive the Ubuntu release + - `lsb-release` helps us derive the Ubuntu release codename -- `openssh-server` allows us to login to + - `openssh-server` allows us to login to containers remotely and join Riak nodes to form a cluster -- `supervisor` is used manage the OpenSSH and Riak + - `supervisor` is used manage the OpenSSH and Riak processes @@ -66,7 +66,7 @@ After that, we install and setup a few dependencies: RUN echo 'root:basho' | chpasswd -Next, we add Basho’s APT repository: +Next, we add Basho's APT repository: RUN curl -s http://apt.basho.com/gpg/basho.apt.key | apt-key add -- RUN echo "deb http://apt.basho.com $(lsb_release -cs) main" > /etc/apt/sources.list.d/basho.list @@ -98,10 +98,10 @@ are started: CMD ["/usr/bin/supervisord"] -## Create a `supervisord` configuration file +## Create a supervisord configuration file Create an empty file called `supervisord.conf`. Make -sure it’s at the same directory level as your `Dockerfile`: +sure it's at the same directory level as your Dockerfile: touch supervisord.conf @@ -126,12 +126,12 @@ Populate it with the following program definitions: Now you should be able to build a Docker image for Riak: - docker build -t "/riak" . + $ docker build -t "/riak" . ## Next steps Riak is a distributed database. Many production deployments consist of -[at least five -nodes](http://basho.com/why-your-riak-cluster-should-have-at-least-five-nodes/). +[at least five nodes]( +http://basho.com/why-your-riak-cluster-should-have-at-least-five-nodes/). See the [docker-riak](https://github.com/hectcastro/docker-riak) project details on how to deploy a Riak cluster using Docker and Pipework. diff --git a/docs/sources/examples/running_riak_service.rst b/docs/sources/examples/running_riak_service.rst deleted file mode 100644 index 55e5e405c9..0000000000 --- a/docs/sources/examples/running_riak_service.rst +++ /dev/null @@ -1,151 +0,0 @@ -:title: Running a Riak service -:description: Build a Docker image with Riak pre-installed -:keywords: docker, example, package installation, networking, riak - -Riak Service -============================== - -.. include:: example_header.inc - -The goal of this example is to show you how to build a Docker image with Riak -pre-installed. - -Creating a ``Dockerfile`` -+++++++++++++++++++++++++ - -Create an empty file called ``Dockerfile``: - -.. code-block:: bash - - touch Dockerfile - -Next, define the parent image you want to use to build your image on top of. -We’ll use `Ubuntu `_ (tag: ``latest``), -which is available on the `docker index `_: - -.. code-block:: bash - - # Riak - # - # VERSION 0.1.0 - - # Use the Ubuntu base image provided by dotCloud - FROM ubuntu:latest - MAINTAINER Hector Castro hector@basho.com - -Next, we update the APT cache and apply any updates: - -.. code-block:: bash - - # Update the APT cache - RUN sed -i.bak 's/main$/main universe/' /etc/apt/sources.list - RUN apt-get update - RUN apt-get upgrade -y - -After that, we install and setup a few dependencies: - -- ``curl`` is used to download Basho's APT repository key -- ``lsb-release`` helps us derive the Ubuntu release codename -- ``openssh-server`` allows us to login to containers remotely and join Riak - nodes to form a cluster -- ``supervisor`` is used manage the OpenSSH and Riak processes - -.. code-block:: bash - - # Install and setup project dependencies - RUN apt-get install -y curl lsb-release supervisor openssh-server - - RUN mkdir -p /var/run/sshd - RUN mkdir -p /var/log/supervisor - - RUN locale-gen en_US en_US.UTF-8 - - ADD supervisord.conf /etc/supervisor/conf.d/supervisord.conf - - RUN echo 'root:basho' | chpasswd - -Next, we add Basho's APT repository: - -.. code-block:: bash - - RUN curl -s http://apt.basho.com/gpg/basho.apt.key | apt-key add -- - RUN echo "deb http://apt.basho.com $(lsb_release -cs) main" > /etc/apt/sources.list.d/basho.list - RUN apt-get update - -After that, we install Riak and alter a few defaults: - -.. code-block:: bash - - # Install Riak and prepare it to run - RUN apt-get install -y riak - RUN sed -i.bak 's/127.0.0.1/0.0.0.0/' /etc/riak/app.config - RUN echo "ulimit -n 4096" >> /etc/default/riak - -Almost there. Next, we add a hack to get us by the lack of ``initctl``: - -.. code-block:: bash - - # Hack for initctl - # See: https://github.com/dotcloud/docker/issues/1024 - RUN dpkg-divert --local --rename --add /sbin/initctl - RUN ln -sf /bin/true /sbin/initctl - -Then, we expose the Riak Protocol Buffers and HTTP interfaces, along with SSH: - -.. code-block:: bash - - # Expose Riak Protocol Buffers and HTTP interfaces, along with SSH - EXPOSE 8087 8098 22 - -Finally, run ``supervisord`` so that Riak and OpenSSH are started: - -.. code-block:: bash - - CMD ["/usr/bin/supervisord"] - -Create a ``supervisord`` configuration file -+++++++++++++++++++++++++++++++++++++++++++ - -Create an empty file called ``supervisord.conf``. Make sure it's at the same -directory level as your ``Dockerfile``: - -.. code-block:: bash - - touch supervisord.conf - -Populate it with the following program definitions: - -.. code-block:: bash - - [supervisord] - nodaemon=true - - [program:sshd] - command=/usr/sbin/sshd -D - stdout_logfile=/var/log/supervisor/%(program_name)s.log - stderr_logfile=/var/log/supervisor/%(program_name)s.log - autorestart=true - - [program:riak] - command=bash -c ". /etc/default/riak && /usr/sbin/riak console" - pidfile=/var/log/riak/riak.pid - stdout_logfile=/var/log/supervisor/%(program_name)s.log - stderr_logfile=/var/log/supervisor/%(program_name)s.log - -Build the Docker image for Riak -+++++++++++++++++++++++++++++++ - -Now you should be able to build a Docker image for Riak: - -.. code-block:: bash - - docker build -t "/riak" . - -Next steps -++++++++++ - -Riak is a distributed database. Many production deployments consist of `at -least five nodes `_. See the `docker-riak `_ project details on how to deploy a Riak cluster using Docker and -Pipework. diff --git a/docs/sources/examples/running_ssh_service.md b/docs/sources/examples/running_ssh_service.md index 112b9fa441..864d10c726 100644 --- a/docs/sources/examples/running_ssh_service.md +++ b/docs/sources/examples/running_ssh_service.md @@ -8,11 +8,11 @@ page_keywords: docker, example, package installation, networking > - This example assumes you have Docker running in daemon mode. For > more information please see [*Check your Docker > install*](../hello_world/#running-examples). -> - **If you don’t like sudo** then see [*Giving non-root -> access*](../../installation/binaries/#dockergroup) +> - **If you don't like sudo** then see [*Giving non-root +> access*](/installation/binaries/#dockergroup) The following Dockerfile sets up an sshd service in a container that you -can use to connect to and inspect other container’s volumes, or to get +can use to connect to and inspect other container's volumes, or to get quick access to a test container. # sshd @@ -38,14 +38,14 @@ Build the image using: $ sudo docker build -rm -t eg_sshd . Then run it. You can then use `docker port` to find -out what host port the container’s port 22 is mapped to: +out what host port the container's port 22 is mapped to: $ sudo docker run -d -P -name test_sshd eg_sshd $ sudo docker port test_sshd 22 0.0.0.0:49154 And now you can ssh to port `49154` on the Docker -daemon’s host IP address (`ip address` or +daemon's host IP address (`ip address` or `ifconfig` can tell you that): $ ssh root@192.168.1.2 -p 49154 diff --git a/docs/sources/examples/running_ssh_service.rst b/docs/sources/examples/running_ssh_service.rst deleted file mode 100644 index 4161275019..0000000000 --- a/docs/sources/examples/running_ssh_service.rst +++ /dev/null @@ -1,49 +0,0 @@ -:title: Running an SSH service -:description: Installing and running an sshd service -:keywords: docker, example, package installation, networking - -.. _running_ssh_service: - -SSH Daemon Service -================== - -.. include:: example_header.inc - -The following Dockerfile sets up an sshd service in a container that you can use -to connect to and inspect other container's volumes, or to get quick access to a -test container. - -.. literalinclude:: running_ssh_service.Dockerfile - -Build the image using: - -.. code-block:: bash - - $ sudo docker build -t eg_sshd . - -Then run it. You can then use ``docker port`` to find out what host port the container's -port 22 is mapped to: - -.. code-block:: bash - - $ sudo docker run -d -P --name test_sshd eg_sshd - $ sudo docker port test_sshd 22 - 0.0.0.0:49154 - -And now you can ssh to port ``49154`` on the Docker daemon's host IP address -(``ip address`` or ``ifconfig`` can tell you that): - -.. code-block:: bash - - $ ssh root@192.168.1.2 -p 49154 - # The password is ``screencast``. - $$ - -Finally, clean up after your test by stopping and removing the container, and -then removing the image. - -.. code-block:: bash - - $ sudo docker stop test_sshd - $ sudo docker rm test_sshd - $ sudo docker rmi eg_sshd diff --git a/docs/sources/examples/using_supervisord.md b/docs/sources/examples/using_supervisord.md index 3a0793710f..29d2fa4525 100644 --- a/docs/sources/examples/using_supervisord.md +++ b/docs/sources/examples/using_supervisord.md @@ -9,25 +9,25 @@ page_keywords: docker, supervisor, process management > - This example assumes you have Docker running in daemon mode. For > more information please see [*Check your Docker > install*](../hello_world/#running-examples). -> - **If you don’t like sudo** then see [*Giving non-root -> access*](../../installation/binaries/#dockergroup) +> - **If you don't like sudo** then see [*Giving non-root +> access*](/installation/binaries/#dockergroup) Traditionally a Docker container runs a single process when it is launched, for example an Apache daemon or a SSH server daemon. Often though you want to run more than one process in a container. There are a number of ways you can achieve this ranging from using a simple Bash -script as the value of your container’s `CMD` +script as the value of your container's `CMD` instruction to installing a process management tool. -In this example we’re going to make use of the process management tool, +In this example we're going to make use of the process management tool, [Supervisor](http://supervisord.org/), to manage multiple processes in our container. Using Supervisor allows us to better control, manage, and -restart the processes we want to run. To demonstrate this we’re going to +restart the processes we want to run. To demonstrate this we're going to install and manage both an SSH daemon and an Apache daemon. ## Creating a Dockerfile -Let’s start by creating a basic `Dockerfile` for our +Let's start by creating a basic `Dockerfile` for our new image. FROM ubuntu:latest @@ -45,20 +45,20 @@ our container. RUN mkdir -p /var/run/sshd RUN mkdir -p /var/log/supervisor -Here we’re installing the `openssh-server`, +Here we're installing the `openssh-server`, `apache2` and `supervisor` -(which provides the Supervisor daemon) packages. We’re also creating two +(which provides the Supervisor daemon) packages. We're also creating two new directories that are needed to run our SSH daemon and Supervisor. -## Adding Supervisor’s configuration file +## Adding Supervisor's configuration file -Now let’s add a configuration file for Supervisor. The default file is +Now let's add a configuration file for Supervisor. The default file is called `supervisord.conf` and is located in `/etc/supervisor/conf.d/`. ADD supervisord.conf /etc/supervisor/conf.d/supervisord.conf -Let’s see what is inside our `supervisord.conf` +Let's see what is inside our `supervisord.conf` file. [supervisord] @@ -73,7 +73,7 @@ file. The `supervisord.conf` configuration file contains directives that configure Supervisor and the processes it manages. The first block `[supervisord]` provides configuration -for Supervisor itself. We’re using one directive, `nodaemon` +for Supervisor itself. We're using one directive, `nodaemon` which tells Supervisor to run interactively rather than daemonize. @@ -84,14 +84,14 @@ start each process. ## Exposing ports and running Supervisor -Now let’s finish our `Dockerfile` by exposing some +Now let's finish our `Dockerfile` by exposing some required ports and specifying the `CMD` instruction to start Supervisor when our container launches. EXPOSE 22 80 CMD ["/usr/bin/supervisord"] -Here we’ve exposed ports 22 and 80 on the container and we’re running +Here We've exposed ports 22 and 80 on the container and we're running the `/usr/bin/supervisord` binary when the container launches. @@ -99,13 +99,13 @@ launches. We can now build our new container. - sudo docker build -t /supervisord . + $ sudo docker build -t /supervisord . ## Running our Supervisor container -Once we’ve got a built image we can launch a container from it. +Once We've got a built image we can launch a container from it. - sudo docker run -p 22 -p 80 -t -i /supervisord + $ sudo docker run -p 22 -p 80 -t -i /supervisord 2013-11-25 18:53:22,312 CRIT Supervisor running as root (no user in config file) 2013-11-25 18:53:22,312 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing 2013-11-25 18:53:22,342 INFO supervisord started with pid 1 @@ -113,9 +113,8 @@ Once we’ve got a built image we can launch a container from it. 2013-11-25 18:53:23,349 INFO spawned: 'apache2' with pid 7 . . . -We’ve launched a new container interactively using the -`docker run` command. That container has run -Supervisor and launched the SSH and Apache daemons with it. We’ve -specified the `-p` flag to expose ports 22 and 80. -From here we can now identify the exposed ports and connect to one or -both of the SSH and Apache daemons. +We've launched a new container interactively using the `docker run` command. +That container has run Supervisor and launched the SSH and Apache daemons with +it. We've specified the `-p` flag to expose ports 22 and 80. From here we can +now identify the exposed ports and connect to one or both of the SSH and Apache +daemons. diff --git a/docs/sources/examples/using_supervisord.rst b/docs/sources/examples/using_supervisord.rst deleted file mode 100644 index 750b6c2334..0000000000 --- a/docs/sources/examples/using_supervisord.rst +++ /dev/null @@ -1,128 +0,0 @@ -:title: Using Supervisor with Docker -:description: How to use Supervisor process management with Docker -:keywords: docker, supervisor, process management - -.. _using_supervisord: - -Using Supervisor with Docker -============================ - -.. include:: example_header.inc - -Traditionally a Docker container runs a single process when it is launched, for -example an Apache daemon or a SSH server daemon. Often though you want to run -more than one process in a container. There are a number of ways you can -achieve this ranging from using a simple Bash script as the value of your -container's ``CMD`` instruction to installing a process management tool. - -In this example we're going to make use of the process management tool, -`Supervisor `_, to manage multiple processes in our -container. Using Supervisor allows us to better control, manage, and restart the -processes we want to run. To demonstrate this we're going to install and manage both an -SSH daemon and an Apache daemon. - -Creating a Dockerfile ---------------------- - -Let's start by creating a basic ``Dockerfile`` for our new image. - -.. code-block:: bash - - FROM ubuntu:latest - MAINTAINER examples@docker.io - RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list - RUN apt-get update - RUN apt-get upgrade -y - -Installing Supervisor ---------------------- - -We can now install our SSH and Apache daemons as well as Supervisor in our container. - -.. code-block:: bash - - RUN apt-get install -y openssh-server apache2 supervisor - RUN mkdir -p /var/run/sshd - RUN mkdir -p /var/log/supervisor - -Here we're installing the ``openssh-server``, ``apache2`` and ``supervisor`` -(which provides the Supervisor daemon) packages. We're also creating two new -directories that are needed to run our SSH daemon and Supervisor. - -Adding Supervisor's configuration file --------------------------------------- - -Now let's add a configuration file for Supervisor. The default file is called -``supervisord.conf`` and is located in ``/etc/supervisor/conf.d/``. - -.. code-block:: bash - - ADD supervisord.conf /etc/supervisor/conf.d/supervisord.conf - -Let's see what is inside our ``supervisord.conf`` file. - -.. code-block:: bash - - [supervisord] - nodaemon=true - - [program:sshd] - command=/usr/sbin/sshd -D - - [program:apache2] - command=/bin/bash -c "source /etc/apache2/envvars && exec /usr/sbin/apache2 -DFOREGROUND" - -The ``supervisord.conf`` configuration file contains directives that configure -Supervisor and the processes it manages. The first block ``[supervisord]`` -provides configuration for Supervisor itself. We're using one directive, -``nodaemon`` which tells Supervisor to run interactively rather than daemonize. - -The next two blocks manage the services we wish to control. Each block controls -a separate process. The blocks contain a single directive, ``command``, which -specifies what command to run to start each process. - -Exposing ports and running Supervisor -------------------------------------- - -Now let's finish our ``Dockerfile`` by exposing some required ports and -specifying the ``CMD`` instruction to start Supervisor when our container -launches. - -.. code-block:: bash - - EXPOSE 22 80 - CMD ["/usr/bin/supervisord"] - -Here we've exposed ports 22 and 80 on the container and we're running the -``/usr/bin/supervisord`` binary when the container launches. - -Building our container ----------------------- - -We can now build our new container. - -.. code-block:: bash - - sudo docker build -t /supervisord . - -Running our Supervisor container --------------------------------- - -Once we've got a built image we can launch a container from it. - -.. code-block:: bash - - sudo docker run -p 22 -p 80 -t -i /supervisord - 2013-11-25 18:53:22,312 CRIT Supervisor running as root (no user in config file) - 2013-11-25 18:53:22,312 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing - 2013-11-25 18:53:22,342 INFO supervisord started with pid 1 - 2013-11-25 18:53:23,346 INFO spawned: 'sshd' with pid 6 - 2013-11-25 18:53:23,349 INFO spawned: 'apache2' with pid 7 - . . . - -We've launched a new container interactively using the ``docker run`` command. -That container has run Supervisor and launched the SSH and Apache daemons with -it. We've specified the ``-p`` flag to expose ports 22 and 80. From here we can -now identify the exposed ports and connect to one or both of the SSH and Apache -daemons. - diff --git a/docs/sources/faq.md b/docs/sources/faq.md index 563e07a1c7..2494f33e9c 100644 --- a/docs/sources/faq.md +++ b/docs/sources/faq.md @@ -4,129 +4,126 @@ page_keywords: faq, questions, documentation, docker # FAQ -## Most frequently asked questions. +## Most frequently asked questions ### How much does Docker cost? -> Docker is 100% free, it is open source, so you can use it without -> paying. +Docker is 100% free, it is open source, so you can use it without +paying. ### What open source license are you using? -> We are using the Apache License Version 2.0, see it here: -> [https://github.com/dotcloud/docker/blob/master/LICENSE](https://github.com/dotcloud/docker/blob/master/LICENSE) +We are using the Apache License Version 2.0, see it here: +[https://github.com/dotcloud/docker/blob/master/LICENSE]( +https://github.com/dotcloud/docker/blob/master/LICENSE) ### Does Docker run on Mac OS X or Windows? -> Not at this time, Docker currently only runs on Linux, but you can use -> VirtualBox to run Docker in a virtual machine on your box, and get the -> best of both worlds. Check out the [*Mac OS -> X*](../installation/mac/#macosx) and [*Microsoft -> Windows*](../installation/windows/#windows) installation guides. The -> small Linux distribution boot2docker can be run inside virtual -> machines on these two operating systems. +Not at this time, Docker currently only runs on Linux, but you can use +VirtualBox to run Docker in a virtual machine on your box, and get the +best of both worlds. Check out the [*Mac OS X*](../installation/mac/#macosx) +and [*Microsoft Windows*](../installation/windows/#windows) installation +guides. The small Linux distribution boot2docker can be run inside virtual +machines on these two operating systems. ### How do containers compare to virtual machines? -> They are complementary. VMs are best used to allocate chunks of -> hardware resources. Containers operate at the process level, which -> makes them very lightweight and perfect as a unit of software -> delivery. +They are complementary. VMs are best used to allocate chunks of +hardware resources. Containers operate at the process level, which +makes them very lightweight and perfect as a unit of software +delivery. ### What does Docker add to just plain LXC? -> Docker is not a replacement for LXC. "LXC" refers to capabilities of -> the Linux kernel (specifically namespaces and control groups) which -> allow sandboxing processes from one another, and controlling their -> resource allocations. On top of this low-level foundation of kernel -> features, Docker offers a high-level tool with several powerful -> functionalities: -> -> - *Portable deployment across machines.* -> : Docker defines a format for bundling an application and all -> its dependencies into a single object which can be transferred -> to any Docker-enabled machine, and executed there with the -> guarantee that the execution environment exposed to the -> application will be the same. LXC implements process -> sandboxing, which is an important pre-requisite for portable -> deployment, but that alone is not enough for portable -> deployment. If you sent me a copy of your application -> installed in a custom LXC configuration, it would almost -> certainly not run on my machine the way it does on yours, -> because it is tied to your machine’s specific configuration: -> networking, storage, logging, distro, etc. Docker defines an -> abstraction for these machine-specific settings, so that the -> exact same Docker container can run - unchanged - on many -> different machines, with many different configurations. -> -> - *Application-centric.* -> : Docker is optimized for the deployment of applications, as -> opposed to machines. This is reflected in its API, user -> interface, design philosophy and documentation. By contrast, -> the `lxc` helper scripts focus on -> containers as lightweight machines - basically servers that -> boot faster and need less RAM. We think there’s more to -> containers than just that. -> -> - *Automatic build.* -> : Docker includes [*a tool for developers to automatically -> assemble a container from their source -> code*](../reference/builder/#dockerbuilder), with full control -> over application dependencies, build tools, packaging etc. -> They are free to use -> `make, maven, chef, puppet, salt,` Debian -> packages, RPMs, source tarballs, or any combination of the -> above, regardless of the configuration of the machines. -> -> - *Versioning.* -> : Docker includes git-like capabilities for tracking successive -> versions of a container, inspecting the diff between versions, -> committing new versions, rolling back etc. The history also -> includes how a container was assembled and by whom, so you get -> full traceability from the production server all the way back -> to the upstream developer. Docker also implements incremental -> uploads and downloads, similar to `git pull` -> , so new versions of a container can be transferred -> by only sending diffs. -> -> - *Component re-use.* -> : Any container can be used as a [*"base -> image"*](../terms/image/#base-image-def) to create more -> specialized components. This can be done manually or as part -> of an automated build. For example you can prepare the ideal -> Python environment, and use it as a base for 10 different -> applications. Your ideal Postgresql setup can be re-used for -> all your future projects. And so on. -> -> - *Sharing.* -> : Docker has access to a [public -> registry](http://index.docker.io) where thousands of people -> have uploaded useful containers: anything from Redis, CouchDB, -> Postgres to IRC bouncers to Rails app servers to Hadoop to -> base images for various Linux distros. The -> [*registry*](../reference/api/registry_index_spec/#registryindexspec) -> also includes an official "standard library" of useful -> containers maintained by the Docker team. The registry itself -> is open-source, so anyone can deploy their own registry to -> store and transfer private containers, for internal server -> deployments for example. -> -> - *Tool ecosystem.* -> : Docker defines an API for automating and customizing the -> creation and deployment of containers. There are a huge number -> of tools integrating with Docker to extend its capabilities. -> PaaS-like deployment (Dokku, Deis, Flynn), multi-node -> orchestration (Maestro, Salt, Mesos, Openstack Nova), -> management dashboards (docker-ui, Openstack Horizon, -> Shipyard), configuration management (Chef, Puppet), continuous -> integration (Jenkins, Strider, Travis), etc. Docker is rapidly -> establishing itself as the standard for container-based -> tooling. -> +Docker is not a replacement for LXC. "LXC" refers to capabilities of +the Linux kernel (specifically namespaces and control groups) which +allow sandboxing processes from one another, and controlling their +resource allocations. On top of this low-level foundation of kernel +features, Docker offers a high-level tool with several powerful +functionalities: + + - *Portable deployment across machines.* + Docker defines a format for bundling an application and all + its dependencies into a single object which can be transferred + to any Docker-enabled machine, and executed there with the + guarantee that the execution environment exposed to the + application will be the same. LXC implements process + sandboxing, which is an important pre-requisite for portable + deployment, but that alone is not enough for portable + deployment. If you sent me a copy of your application + installed in a custom LXC configuration, it would almost + certainly not run on my machine the way it does on yours, + because it is tied to your machine's specific configuration: + networking, storage, logging, distro, etc. Docker defines an + abstraction for these machine-specific settings, so that the + exact same Docker container can run - unchanged - on many + different machines, with many different configurations. + + - *Application-centric.* + Docker is optimized for the deployment of applications, as + opposed to machines. This is reflected in its API, user + interface, design philosophy and documentation. By contrast, + the `lxc` helper scripts focus on + containers as lightweight machines - basically servers that + boot faster and need less RAM. We think there's more to + containers than just that. + + - *Automatic build.* + Docker includes [*a tool for developers to automatically + assemble a container from their source + code*](../reference/builder/#dockerbuilder), with full control + over application dependencies, build tools, packaging etc. + They are free to use `make`, `maven`, `chef`, `puppet`, `salt,` + Debian packages, RPMs, source tarballs, or any combination of the + above, regardless of the configuration of the machines. + + - *Versioning.* + Docker includes git-like capabilities for tracking successive + versions of a container, inspecting the diff between versions, + committing new versions, rolling back etc. The history also + includes how a container was assembled and by whom, so you get + full traceability from the production server all the way back + to the upstream developer. Docker also implements incremental + uploads and downloads, similar to `git pull`, so new versions + of a container can be transferred by only sending diffs. + + - *Component re-use.* + Any container can be used as a [*"base image"*]( + ../terms/image/#base-image-def) to create more specialized components. + This can be done manually or as part of an automated build. For example + you can prepare the ideal Python environment, and use it as a base for + 10 different applications. Your ideal Postgresql setup can be re-used for + all your future projects. And so on. + + - *Sharing.* + Docker has access to a [public registry](http://index.docker.io) where + thousands of people have uploaded useful containers: anything from Redis, + CouchDB, Postgres to IRC bouncers to Rails app servers to Hadoop to + base images for various Linux distros. The + [*registry*](../reference/api/registry_index_spec/#registryindexspec) + also includes an official "standard library" of useful + containers maintained by the Docker team. The registry itself + is open-source, so anyone can deploy their own registry to + store and transfer private containers, for internal server + deployments for example. + + - *Tool ecosystem.* + Docker defines an API for automating and customizing the + creation and deployment of containers. There are a huge number + of tools integrating with Docker to extend its capabilities. + PaaS-like deployment (Dokku, Deis, Flynn), multi-node + orchestration (Maestro, Salt, Mesos, Openstack Nova), + management dashboards (docker-ui, Openstack Horizon, + Shipyard), configuration management (Chef, Puppet), continuous + integration (Jenkins, Strider, Travis), etc. Docker is rapidly + establishing itself as the standard for container-based + tooling. + ### What is different between a Docker container and a VM? -There’s a great StackOverflow answer [showing the -differences](http://stackoverflow.com/questions/16047306/how-is-docker-io-different-from-a-normal-virtual-machine). +There's a great StackOverflow answer [showing the differences]( +http://stackoverflow.com/questions/16047306/ +how-is-docker-io-different-from-a-normal-virtual-machine). ### Do I lose my data when the container exits? @@ -145,74 +142,70 @@ running in parallel. ### How do I connect Docker containers? Currently the recommended way to link containers is via the link -primitive. You can see details of how to [work with links -here](http://docs.docker.io/en/latest/use/working_with_links_names/). +primitive. You can see details of how to [work with links here]( +http://docs.docker.io/use/working_with_links_names/). Also of useful when enabling more flexible service portability is the -[Ambassador linking -pattern](http://docs.docker.io/en/latest/use/ambassador_pattern_linking/). +[Ambassador linking pattern]( +http://docs.docker.io/use/ambassador_pattern_linking/). ### How do I run more than one process in a Docker container? -Any capable process supervisor such as -[http://supervisord.org/](http://supervisord.org/), runit, s6, or -daemontools can do the trick. Docker will start up the process -management daemon which will then fork to run additional processes. As -long as the processor manager daemon continues to run, the container -will continue to as well. You can see a more substantial example [that -uses supervisord -here](http://docs.docker.io/en/latest/examples/using_supervisord/). +Any capable process supervisor such as [http://supervisord.org/]( +http://supervisord.org/), runit, s6, or daemontools can do the trick. +Docker will start up the process management daemon which will then fork +to run additional processes. As long as the processor manager daemon continues +to run, the container will continue to as well. You can see a more substantial +example [that uses supervisord here]( +http://docs.docker.io/examples/using_supervisord/). ### What platforms does Docker run on? Linux: -- Ubuntu 12.04, 13.04 et al -- Fedora 19/20+ -- RHEL 6.5+ -- Centos 6+ -- Gentoo -- ArchLinux -- openSUSE 12.3+ -- CRUX 3.0+ + - Ubuntu 12.04, 13.04 et al + - Fedora 19/20+ + - RHEL 6.5+ + - Centos 6+ + - Gentoo + - ArchLinux + - openSUSE 12.3+ + - CRUX 3.0+ Cloud: -- Amazon EC2 -- Google Compute Engine -- Rackspace + - Amazon EC2 + - Google Compute Engine + - Rackspace ### How do I report a security issue with Docker? -You can learn about the project’s security policy -[here](http://www.docker.io/security/) and report security issues to -this [mailbox](mailto:security%40docker.com). +You can learn about the project's security policy +[here](https://www.docker.io/security/) and report security issues to +this [mailbox](mailto:security@docker.com). ### Why do I need to sign my commits to Docker with the DCO? -Please read [our blog -post](http://blog.docker.io/2014/01/docker-code-contributions-require-developer-certificate-of-origin/) +Please read [our blog post]( +http://blog.docker.io/2014/01/ +docker-code-contributions-require-developer-certificate-of-origin/) on the introduction of the DCO. ### Can I help by adding some questions and answers? -Definitely! You can fork [the -repo](http://www.github.com/dotcloud/docker) and edit the documentation -sources. +Definitely! You can fork [the repo](https://github.com/dotcloud/docker) and +edit the documentation sources. ### Where can I find more answers? You can find more answers on: -- [Docker user - mailinglist](https://groups.google.com/d/forum/docker-user) -- [Docker developer - mailinglist](https://groups.google.com/d/forum/docker-dev) +- [Docker user mailinglist](https://groups.google.com/d/forum/docker-user) +- [Docker developer mailinglist](https://groups.google.com/d/forum/docker-dev) - [IRC, docker on freenode](irc://chat.freenode.net#docker) -- [GitHub](http://www.github.com/dotcloud/docker) -- [Ask questions on - Stackoverflow](http://stackoverflow.com/search?q=docker) +- [GitHub](https://github.com/dotcloud/docker) +- [Ask questions on Stackoverflow](http://stackoverflow.com/search?q=docker) - [Join the conversation on Twitter](http://twitter.com/docker) -Looking for something else to read? Checkout the [*Hello -World*](../examples/hello_world/#hello-world) example. +Looking for something else to read? Checkout the [*Hello World*]( +../examples/hello_world/#hello-world) example. diff --git a/docs/sources/faq.rst b/docs/sources/faq.rst deleted file mode 100644 index 07055941bd..0000000000 --- a/docs/sources/faq.rst +++ /dev/null @@ -1,224 +0,0 @@ -:title: FAQ -:description: Most frequently asked questions. -:keywords: faq, questions, documentation, docker - -FAQ -=== - - -Most frequently asked questions. --------------------------------- - -How much does Docker cost? -.......................... - - Docker is 100% free, it is open source, so you can use it without paying. - -What open source license are you using? -....................................... - - We are using the Apache License Version 2.0, see it here: - https://github.com/dotcloud/docker/blob/master/LICENSE - -Does Docker run on Mac OS X or Windows? -....................................... - - Not at this time, Docker currently only runs on Linux, but you can - use VirtualBox to run Docker in a virtual machine on your box, and - get the best of both worlds. Check out the :ref:`macosx` and - :ref:`windows` installation guides. The small Linux distribution boot2docker - can be run inside virtual machines on these two operating systems. - -How do containers compare to virtual machines? -.............................................. - - They are complementary. VMs are best used to allocate chunks of - hardware resources. Containers operate at the process level, which - makes them very lightweight and perfect as a unit of software - delivery. - -What does Docker add to just plain LXC? -....................................... - - Docker is not a replacement for LXC. "LXC" refers to capabilities - of the Linux kernel (specifically namespaces and control groups) - which allow sandboxing processes from one another, and controlling - their resource allocations. On top of this low-level foundation of - kernel features, Docker offers a high-level tool with several - powerful functionalities: - - * *Portable deployment across machines.* - Docker defines a format for bundling an application and all its - dependencies into a single object which can be transferred to - any Docker-enabled machine, and executed there with the - guarantee that the execution environment exposed to the - application will be the same. LXC implements process sandboxing, - which is an important pre-requisite for portable deployment, but - that alone is not enough for portable deployment. If you sent me - a copy of your application installed in a custom LXC - configuration, it would almost certainly not run on my machine - the way it does on yours, because it is tied to your machine's - specific configuration: networking, storage, logging, distro, - etc. Docker defines an abstraction for these machine-specific - settings, so that the exact same Docker container can run - - unchanged - on many different machines, with many different - configurations. - - * *Application-centric.* - Docker is optimized for the deployment of applications, as - opposed to machines. This is reflected in its API, user - interface, design philosophy and documentation. By contrast, the - ``lxc`` helper scripts focus on containers as lightweight - machines - basically servers that boot faster and need less - RAM. We think there's more to containers than just that. - - * *Automatic build.* - Docker includes :ref:`a tool for developers to automatically - assemble a container from their source code `, - with full control over application dependencies, build tools, - packaging etc. They are free to use ``make, maven, chef, puppet, - salt,`` Debian packages, RPMs, source tarballs, or any - combination of the above, regardless of the configuration of the - machines. - - * *Versioning.* - Docker includes git-like capabilities for tracking successive - versions of a container, inspecting the diff between versions, - committing new versions, rolling back etc. The history also - includes how a container was assembled and by whom, so you get - full traceability from the production server all the way back to - the upstream developer. Docker also implements incremental - uploads and downloads, similar to ``git pull``, so new versions - of a container can be transferred by only sending diffs. - - * *Component re-use.* - Any container can be used as a :ref:`"base image" - ` to create more specialized components. This - can be done manually or as part of an automated build. For - example you can prepare the ideal Python environment, and use it - as a base for 10 different applications. Your ideal Postgresql - setup can be re-used for all your future projects. And so on. - - * *Sharing.* - Docker has access to a `public registry - `_ where thousands of people have - uploaded useful containers: anything from Redis, CouchDB, - Postgres to IRC bouncers to Rails app servers to Hadoop to base - images for various Linux distros. The :ref:`registry - ` also includes an official "standard - library" of useful containers maintained by the Docker team. The - registry itself is open-source, so anyone can deploy their own - registry to store and transfer private containers, for internal - server deployments for example. - - * *Tool ecosystem.* - Docker defines an API for automating and customizing the - creation and deployment of containers. There are a huge number - of tools integrating with Docker to extend its - capabilities. PaaS-like deployment (Dokku, Deis, Flynn), - multi-node orchestration (Maestro, Salt, Mesos, Openstack Nova), - management dashboards (docker-ui, Openstack Horizon, Shipyard), - configuration management (Chef, Puppet), continuous integration - (Jenkins, Strider, Travis), etc. Docker is rapidly establishing - itself as the standard for container-based tooling. - -What is different between a Docker container and a VM? -...................................................... - -There's a great StackOverflow answer `showing the differences `_. - -Do I lose my data when the container exits? -........................................... - -Not at all! Any data that your application writes to disk gets preserved -in its container until you explicitly delete the container. The file -system for the container persists even after the container halts. - -How far do Docker containers scale? -................................... - -Some of the largest server farms in the world today are based on containers. -Large web deployments like Google and Twitter, and platform providers such as -Heroku and dotCloud all run on container technology, at a scale of hundreds of -thousands or even millions of containers running in parallel. - -How do I connect Docker containers? -................................... - -Currently the recommended way to link containers is via the `link` primitive. -You can see details of how to `work with links here -`_. - -Also of useful when enabling more flexible service portability is the -`Ambassador linking pattern -`_. - -How do I run more than one process in a Docker container? -......................................................... - -Any capable process supervisor such as http://supervisord.org/, runit, s6, or -daemontools can do the trick. Docker will start up the process management -daemon which will then fork to run additional processes. As long as the -processor manager daemon continues to run, the container will continue to as -well. You can see a more substantial example `that uses supervisord here -`_. - -What platforms does Docker run on? -.................................. - -Linux: - -- Ubuntu 12.04, 13.04 et al -- Fedora 19/20+ -- RHEL 6.5+ -- Centos 6+ -- Gentoo -- ArchLinux -- openSUSE 12.3+ -- CRUX 3.0+ - -Cloud: - -- Amazon EC2 -- Google Compute Engine -- Rackspace - -How do I report a security issue with Docker? -............................................. - -You can learn about the project's security policy `here `_ -and report security issues to this `mailbox `_. - -Why do I need to sign my commits to Docker with the DCO? -........................................................ - -Please read `our blog post `_ on the introduction of the DCO. - -Can I help by adding some questions and answers? -................................................ - -Definitely! You can fork `the repo`_ and edit the documentation sources. - - -Where can I find more answers? -.............................. - - You can find more answers on: - - * `Docker user mailinglist`_ - * `Docker developer mailinglist`_ - * `IRC, docker on freenode`_ - * `GitHub`_ - * `Ask questions on Stackoverflow`_ - * `Join the conversation on Twitter`_ - - - .. _Docker user mailinglist: https://groups.google.com/d/forum/docker-user - .. _Docker developer mailinglist: https://groups.google.com/d/forum/docker-dev - .. _the repo: http://www.github.com/dotcloud/docker - .. _IRC, docker on freenode: irc://chat.freenode.net#docker - .. _Github: http://www.github.com/dotcloud/docker - .. _Ask questions on Stackoverflow: http://stackoverflow.com/search?q=docker - .. _Join the conversation on Twitter: http://twitter.com/docker - -Looking for something else to read? Checkout the :ref:`hello_world` example. diff --git a/docs/sources/index.md b/docs/sources/index.md index 42f3286352..d582321563 100644 --- a/docs/sources/index.md +++ b/docs/sources/index.md @@ -8,7 +8,7 @@ page_keywords: docker, introduction, documentation, about, technology, understan ## Introduction -[**Docker**](http://www.docker.io) is a container based virtualization +[**Docker**](https://www.docker.io) is a container based virtualization framework. Unlike traditional virtualization Docker is fast, lightweight and easy to use. Docker allows you to create containers holding all the dependencies for an application. Each container is kept isolated diff --git a/docs/sources/index/accounts.md b/docs/sources/index/accounts.md deleted file mode 100644 index 216b0c17ee..0000000000 --- a/docs/sources/index/accounts.md +++ /dev/null @@ -1,31 +0,0 @@ -page_title: Accounts in the Docker Index -page_description: Docker Index accounts -page_keywords: Docker, docker, index, accounts, plans, Dockerfile, Docker.io, docs, documentation - -# Accounts in the Docker Index - -## Docker IO and Docker Index Accounts - -You can `search` for Docker images and `pull` them from the [Docker Index] -(https://index.docker.io) without signing in or even having an account. However, -in order to `push` images, leave comments or to *star* a repository, you are going -to need a [Docker IO](https://www.docker.io) account. - -### Registration for a Docker IO Account - -You can get a Docker IO account by [signing up for one here] -(https://index.docker.io/account/signup/). A valid email address is required to -register, which you will need to verify for account activation. - -### Email activation process - -You need to have at least one verified email address to be able to use your -Docker IO account. If you can't find the validation email, you can request -another by visiting the [Resend Email Confirmation] -(https://index.docker.io/account/resend-email-confirmation/) page. - -### Password reset process - -If you can't access your account for some reason, you can reset your password -from the [*Password Reset*](https://www.docker.io/account/forgot-password/) -page. \ No newline at end of file diff --git a/docs/sources/index/home.md b/docs/sources/index/home.md deleted file mode 100644 index 1b03df4ab7..0000000000 --- a/docs/sources/index/home.md +++ /dev/null @@ -1,13 +0,0 @@ -page_title: The Docker Index Help -page_description: The Docker Index help documentation home -page_keywords: Docker, docker, index, accounts, plans, Dockerfile, Docker.io, docs, documentation - -# The Docker Index Help - -## Introduction - -For your questions about the [Docker Index](https://index.docker.io) you can -use [this documentation](docs.md). - -If you can not find something you are looking for, please feel free to -[contact us](https://index.docker.io/help/support/). \ No newline at end of file diff --git a/docs/sources/index/index.md b/docs/sources/index/index.md deleted file mode 100644 index 747b4ee491..0000000000 --- a/docs/sources/index/index.md +++ /dev/null @@ -1,15 +0,0 @@ -title -: Documentation - -description -: -- todo: change me - -keywords -: todo, docker, documentation, basic, builder - -Use -=== - -Contents: - -{{ site_name }} diff --git a/docs/sources/installation.md b/docs/sources/installation.md index 0ee7b2f903..66b28b2b3c 100644 --- a/docs/sources/installation.md +++ b/docs/sources/installation.md @@ -9,17 +9,17 @@ techniques for installing Docker all the time. ## Contents: -- [Ubuntu](ubuntulinux/) -- [Red Hat Enterprise Linux](rhel/) -- [Fedora](fedora/) -- [Arch Linux](archlinux/) -- [CRUX Linux](cruxlinux/) -- [Gentoo](gentoolinux/) -- [openSUSE](openSUSE/) -- [FrugalWare](frugalware/) -- [Mac OS X](mac/) -- [Windows](windows/) -- [Amazon EC2](amazon/) -- [Rackspace Cloud](rackspace/) -- [Google Cloud Platform](google/) -- [Binaries](binaries/) \ No newline at end of file + - [Ubuntu](ubuntulinux/) + - [Red Hat Enterprise Linux](rhel/) + - [Fedora](fedora/) + - [Arch Linux](archlinux/) + - [CRUX Linux](cruxlinux/) + - [Gentoo](gentoolinux/) + - [openSUSE](openSUSE/) + - [FrugalWare](frugalware/) + - [Mac OS X](mac/) + - [Windows](windows/) + - [Amazon EC2](amazon/) + - [Rackspace Cloud](rackspace/) + - [Google Cloud Platform](google/) + - [Binaries](binaries/) \ No newline at end of file diff --git a/docs/sources/installation/amazon.md b/docs/sources/installation/amazon.md index f97c8fde9e..61a12d6b43 100644 --- a/docs/sources/installation/amazon.md +++ b/docs/sources/installation/amazon.md @@ -5,47 +5,47 @@ page_keywords: amazon ec2, virtualization, cloud, docker, documentation, install # Amazon EC2 > **Note**: -> Docker is still under heavy development! We don’t recommend using it in -> production yet, but we’re getting closer with each release. Please see +> Docker is still under heavy development! We don't recommend using it in +> production yet, but we're getting closer with each release. Please see > our blog post, [Getting to Docker 1.0]( > http://blog.docker.io/2013/08/getting-to-docker-1-0/) There are several ways to install Docker on AWS EC2: -- [*Amazon QuickStart (Release Candidate - March - 2014)*](#amazon-quickstart-release-candidate-march-2014) or -- [*Amazon QuickStart*](#amazon-quickstart) or -- [*Standard Ubuntu Installation*](#standard-ubuntu-installation) + - [*Amazon QuickStart (Release Candidate - March 2014)*]( + #amazon-quickstart-release-candidate-march-2014) or + - [*Amazon QuickStart*](#amazon-quickstart) or + - [*Standard Ubuntu Installation*](#standard-ubuntu-installation) -**You’ll need an** [AWS account](http://aws.amazon.com/) **first, of +**You'll need an** [AWS account](http://aws.amazon.com/) **first, of course.** ## Amazon QuickStart -1. **Choose an image:** - - Launch the [Create Instance - Wizard](https://console.aws.amazon.com/ec2/v2/home?#LaunchInstanceWizard:) - menu on your AWS Console. - - Click the `Select` button for a 64Bit Ubuntu - image. For example: Ubuntu Server 12.04.3 LTS - - For testing you can use the default (possibly free) - `t1.micro` instance (more info on - [pricing](http://aws.amazon.com/en/ec2/pricing/)). - - Click the `Next: Configure Instance Details` - button at the bottom right. +1. **Choose an image:** + - Launch the [Create Instance + Wizard](https://console.aws.amazon.com/ec2/v2/home?#LaunchInstanceWizard:) + menu on your AWS Console. + - Click the `Select` button for a 64Bit Ubuntu + image. For example: Ubuntu Server 12.04.3 LTS + - For testing you can use the default (possibly free) + `t1.micro` instance (more info on + [pricing](http://aws.amazon.com/ec2/pricing/)). + - Click the `Next: Configure Instance Details` + button at the bottom right. -2. **Tell CloudInit to install Docker:** - - When you’re on the "Configure Instance Details" step, expand the - "Advanced Details" section. - - Under "User data", select "As text". - - Enter `#include https://get.docker.io` into - the instance *User Data*. - [CloudInit](https://help.ubuntu.com/community/CloudInit) is part - of the Ubuntu image you chose; it will bootstrap Docker by - running the shell script located at this URL. +2. **Tell CloudInit to install Docker:** + - When you're on the "Configure Instance Details" step, expand the + "Advanced Details" section. + - Under "User data", select "As text". + - Enter `#include https://get.docker.io` into + the instance *User Data*. + [CloudInit](https://help.ubuntu.com/community/CloudInit) is part + of the Ubuntu image you chose; it will bootstrap Docker by + running the shell script located at this URL. -3. After a few more standard choices where defaults are probably ok, - your AWS Ubuntu instance with Docker should be running! +3. After a few more standard choices where defaults are probably ok, + your AWS Ubuntu instance with Docker should be running! **If this is your first AWS instance, you may need to set up your Security Group to allow SSH.** By default all incoming ports to your new @@ -55,39 +55,39 @@ get timeouts when you try to connect. Installing with `get.docker.io` (as above) will create a service named `lxc-docker`. It will also set up a [*docker group*](../binaries/#dockergroup) and you may want to -add the *ubuntu* user to it so that you don’t have to use +add the *ubuntu* user to it so that you don't have to use `sudo` for every Docker command. -Once you’ve got Docker installed, you’re ready to try it out – head on -over to the [*First steps with Docker*](../../use/basics/) or -[*Examples*](../../examples/) section. +Once you`ve got Docker installed, you're ready to try it out – head on +over to the [*First steps with Docker*](/use/basics/) or +[*Examples*](/examples/) section. ## Amazon QuickStart (Release Candidate - March 2014) Amazon just published new Docker-ready AMIs (2014.03 Release Candidate). -Docker packages can now be installed from Amazon’s provided Software +Docker packages can now be installed from Amazon's provided Software Repository. -1. **Choose an image:** - - Launch the [Create Instance - Wizard](https://console.aws.amazon.com/ec2/v2/home?#LaunchInstanceWizard:) - menu on your AWS Console. - - Click the `Community AMI` menu option on the - left side - - Search for ‘2014.03’ and select one of the Amazon provided AMI, - for example `amzn-ami-pv-2014.03.rc-0.x86_64-ebs` - - For testing you can use the default (possibly free) - `t1.micro` instance (more info on - [pricing](http://aws.amazon.com/en/ec2/pricing/)). - - Click the `Next: Configure Instance Details` - button at the bottom right. +1. **Choose an image:** + - Launch the [Create Instance + Wizard](https://console.aws.amazon.com/ec2/v2/home?#LaunchInstanceWizard:) + menu on your AWS Console. + - Click the `Community AMI` menu option on the + left side + - Search for `2014.03` and select one of the Amazon provided AMI, + for example `amzn-ami-pv-2014.03.rc-0.x86_64-ebs` + - For testing you can use the default (possibly free) + `t1.micro` instance (more info on + [pricing](http://aws.amazon.com/ec2/pricing/)). + - Click the `Next: Configure Instance Details` + button at the bottom right. -2. After a few more standard choices where defaults are probably ok, - your Amazon Linux instance should be running! -3. SSH to your instance to install Docker : - `ssh -i ec2-user@` +2. After a few more standard choices where defaults are probably ok, + your Amazon Linux instance should be running! +3. SSH to your instance to install Docker : + `ssh -i ec2-user@` -4. Once connected to the instance, type +4. Once connected to the instance, type `sudo yum install -y docker ; sudo service docker start` to install and start Docker @@ -100,5 +100,4 @@ QuickStart*](#amazon-quickstart) to pick an image (or use one of your own) and skip the step with the *User Data*. Then continue with the [*Ubuntu*](../ubuntulinux/#ubuntu-linux) instructions. -Continue with the [*Hello -World*](../../examples/hello_world/#hello-world) example. +Continue with the [*Hello World*](/examples/hello_world/#hello-world) example. diff --git a/docs/sources/installation/amazon.rst b/docs/sources/installation/amazon.rst deleted file mode 100644 index b062a15e1e..0000000000 --- a/docs/sources/installation/amazon.rst +++ /dev/null @@ -1,107 +0,0 @@ -:title: Installation on Amazon EC2 -:description: Please note this project is currently under heavy development. It should not be used in production. -:keywords: amazon ec2, virtualization, cloud, docker, documentation, installation - -Amazon EC2 -========== - -.. include:: install_header.inc - -There are several ways to install Docker on AWS EC2: - -* :ref:`amazonquickstart_new` or -* :ref:`amazonquickstart` or -* :ref:`amazonstandard` - -**You'll need an** `AWS account `_ **first, of course.** - -.. _amazonquickstart: - -Amazon QuickStart ------------------ - -1. **Choose an image:** - - * Launch the `Create Instance Wizard - `_ menu - on your AWS Console. - - * Click the ``Select`` button for a 64Bit Ubuntu image. For example: Ubuntu Server 12.04.3 LTS - - * For testing you can use the default (possibly free) - ``t1.micro`` instance (more info on `pricing - `_). - - * Click the ``Next: Configure Instance Details`` button at the bottom right. - -2. **Tell CloudInit to install Docker:** - - * When you're on the "Configure Instance Details" step, expand the "Advanced - Details" section. - - * Under "User data", select "As text". - - * Enter ``#include https://get.docker.io`` into the instance *User Data*. - `CloudInit `_ is part of the - Ubuntu image you chose; it will bootstrap Docker by running the shell - script located at this URL. - -3. After a few more standard choices where defaults are probably ok, your AWS - Ubuntu instance with Docker should be running! - -**If this is your first AWS instance, you may need to set up your -Security Group to allow SSH.** By default all incoming ports to your -new instance will be blocked by the AWS Security Group, so you might -just get timeouts when you try to connect. - -Installing with ``get.docker.io`` (as above) will create a service named -``lxc-docker``. It will also set up a :ref:`docker group ` and you -may want to add the *ubuntu* user to it so that you don't have to use ``sudo`` -for every Docker command. - -Once you've got Docker installed, you're ready to try it out -- head -on over to the :doc:`../use/basics` or :doc:`../examples/index` section. - -.. _amazonquickstart_new: - -Amazon QuickStart (Release Candidate - March 2014) --------------------------------------------------- - -Amazon just published new Docker-ready AMIs (2014.03 Release Candidate). Docker packages -can now be installed from Amazon's provided Software Repository. - -1. **Choose an image:** - - * Launch the `Create Instance Wizard - `_ menu - on your AWS Console. - - * Click the ``Community AMI`` menu option on the left side - - * Search for '2014.03' and select one of the Amazon provided AMI, for example ``amzn-ami-pv-2014.03.rc-0.x86_64-ebs`` - - * For testing you can use the default (possibly free) - ``t1.micro`` instance (more info on `pricing - `_). - - * Click the ``Next: Configure Instance Details`` button at the bottom right. - -2. After a few more standard choices where defaults are probably ok, your Amazon - Linux instance should be running! - -3. SSH to your instance to install Docker : ``ssh -i ec2-user@`` - -4. Once connected to the instance, type ``sudo yum install -y docker ; sudo service docker start`` to install and start Docker - -.. _amazonstandard: - -Standard Ubuntu Installation ----------------------------- - -If you want a more hands-on installation, then you can follow the -:ref:`ubuntu_linux` instructions installing Docker on any EC2 instance -running Ubuntu. Just follow Step 1 from :ref:`amazonquickstart` to -pick an image (or use one of your own) and skip the step with the -*User Data*. Then continue with the :ref:`ubuntu_linux` instructions. - -Continue with the :ref:`hello_world` example. diff --git a/docs/sources/installation/archlinux.md b/docs/sources/installation/archlinux.md index 3eebdecdc8..c6d4f73fb8 100644 --- a/docs/sources/installation/archlinux.md +++ b/docs/sources/installation/archlinux.md @@ -5,24 +5,24 @@ page_keywords: arch linux, virtualization, docker, documentation, installation # Arch Linux > **Note**: -> Docker is still under heavy development! We don’t recommend using it in -> production yet, but we’re getting closer with each release. Please see +> Docker is still under heavy development! We don't recommend using it in +> production yet, but we're getting closer with each release. Please see > our blog post, [Getting to Docker 1.0]( > http://blog.docker.io/2013/08/getting-to-docker-1-0/) > **Note**: -> This is a community contributed installation path. The only ‘official’ +> This is a community contributed installation path. The only `official` > installation is using the [*Ubuntu*](../ubuntulinux/#ubuntu-linux) > installation path. This version may be out of date because it depends on > some binaries to be updated and published Installing on Arch Linux can be handled via the package in community: -- [docker](https://www.archlinux.org/packages/community/x86_64/docker/) + - [docker](https://www.archlinux.org/packages/community/x86_64/docker/) or the following AUR package: -- [docker-git](https://aur.archlinux.org/packages/docker-git/) + - [docker-git](https://aur.archlinux.org/packages/docker-git/) The docker package will install the latest tagged version of docker. The docker-git package will build from the current master branch. @@ -32,11 +32,11 @@ docker-git package will build from the current master branch. Docker depends on several packages which are specified as dependencies in the packages. The core dependencies are: -- bridge-utils -- device-mapper -- iproute2 -- lxc -- sqlite + - bridge-utils + - device-mapper + - iproute2 + - lxc + - sqlite ## Installation @@ -60,8 +60,8 @@ have not done so before. There is a systemd service unit created for docker. To start the docker service: - sudo systemctl start docker + $ sudo systemctl start docker To start on system boot: - sudo systemctl enable docker + $ sudo systemctl enable docker diff --git a/docs/sources/installation/archlinux.rst b/docs/sources/installation/archlinux.rst deleted file mode 100644 index c9b4c1d2c5..0000000000 --- a/docs/sources/installation/archlinux.rst +++ /dev/null @@ -1,73 +0,0 @@ -:title: Installation on Arch Linux -:description: Please note this project is currently under heavy development. It should not be used in production. -:keywords: arch linux, virtualization, docker, documentation, installation - -.. _arch_linux: - -Arch Linux -========== - -.. include:: install_header.inc - -.. include:: install_unofficial.inc - -Installing on Arch Linux can be handled via the package in community: - -* `docker `_ - -or the following AUR package: - -* `docker-git `_ - -The docker package will install the latest tagged version of docker. -The docker-git package will build from the current master branch. - -Dependencies ------------- - -Docker depends on several packages which are specified as dependencies in -the packages. The core dependencies are: - -* bridge-utils -* device-mapper -* iproute2 -* lxc -* sqlite - - -Installation ------------- - -For the normal package a simple -:: - - pacman -S docker - -is all that is needed. - -For the AUR package execute: -:: - - yaourt -S docker-git - -The instructions here assume **yaourt** is installed. See -`Arch User Repository `_ -for information on building and installing packages from the AUR if you have not -done so before. - - -Starting Docker ---------------- - -There is a systemd service unit created for docker. To start the docker service: - -:: - - sudo systemctl start docker - - -To start on system boot: - -:: - - sudo systemctl enable docker diff --git a/docs/sources/installation/binaries.md b/docs/sources/installation/binaries.md index b62e2d071b..36aa0ae249 100644 --- a/docs/sources/installation/binaries.md +++ b/docs/sources/installation/binaries.md @@ -5,8 +5,8 @@ page_keywords: binaries, installation, docker, documentation, linux # Binaries > **Note**: -> Docker is still under heavy development! We don’t recommend using it in -> production yet, but we’re getting closer with each release. Please see +> Docker is still under heavy development! We don't recommend using it in +> production yet, but we're getting closer with each release. Please see > our blog post, [Getting to Docker 1.0]( > http://blog.docker.io/2013/08/getting-to-docker-1-0/) @@ -22,16 +22,16 @@ packages for many distributions, and more keep showing up all the time! To run properly, docker needs the following software to be installed at runtime: -- iptables version 1.4 or later -- Git version 1.7 or later -- procps (or similar provider of a "ps" executable) -- XZ Utils 4.9 or later -- a [properly - mounted](https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount) - cgroupfs hierarchy (having a single, all-encompassing "cgroup" mount - point [is](https://github.com/dotcloud/docker/issues/2683) - [not](https://github.com/dotcloud/docker/issues/3485) - [sufficient](https://github.com/dotcloud/docker/issues/4568)) + - iptables version 1.4 or later + - Git version 1.7 or later + - procps (or similar provider of a "ps" executable) + - XZ Utils 4.9 or later + - a [properly mounted]( + https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount) + cgroupfs hierarchy (having a single, all-encompassing "cgroup" mount + point [is](https://github.com/dotcloud/docker/issues/2683) + [not](https://github.com/dotcloud/docker/issues/3485) + [sufficient](https://github.com/dotcloud/docker/issues/4568)) ## Check kernel dependencies @@ -46,19 +46,19 @@ Linux kernel (it even builds on OSX!). ## Get the docker binary: - wget https://get.docker.io/builds/Linux/x86_64/docker-latest -O docker - chmod +x docker + $ wget https://get.docker.io/builds/Linux/x86_64/docker-latest -O docker + $ chmod +x docker > **Note**: > If you have trouble downloading the binary, you can also get the smaller > compressed release file: -> [https://get.docker.io/builds/Linux/x86\_64/docker-latest.tgz]( +> [https://get.docker.io/builds/Linux/x86_64/docker-latest.tgz]( > https://get.docker.io/builds/Linux/x86_64/docker-latest.tgz) ## Run the docker daemon # start the docker in daemon mode from the directory you unpacked - sudo ./docker -d & + $ sudo ./docker -d & ## Giving non-root access @@ -74,30 +74,29 @@ Unix group called *docker* and add users to it, then the socket read/writable by the *docker* group when the daemon starts. The `docker` daemon must always run as the root user, but if you run the `docker` client as a user in the -*docker* group then you don’t need to add `sudo` to +*docker* group then you don't need to add `sudo` to all the client commands. > **Warning**: > The *docker* group (or the group specified with `-G`) is root-equivalent; > see [*Docker Daemon Attack Surface*]( -> ../../articles/security/#dockersecurity-daemon) details. +> /articles/security/#dockersecurity-daemon) details. ## Upgrades To upgrade your manual installation of Docker, first kill the docker daemon: - killall docker + $ killall docker Then follow the regular installation steps. ## Run your first container! # check your docker version - sudo ./docker version + $ sudo ./docker version # run a container and open an interactive shell in the container - sudo ./docker run -i -t ubuntu /bin/bash + $ sudo ./docker run -i -t ubuntu /bin/bash -Continue with the [*Hello -World*](../../examples/hello_world/#hello-world) example. +Continue with the [*Hello World*](/examples/hello_world/#hello-world) example. diff --git a/docs/sources/installation/binaries.rst b/docs/sources/installation/binaries.rst deleted file mode 100644 index 9fa880b364..0000000000 --- a/docs/sources/installation/binaries.rst +++ /dev/null @@ -1,123 +0,0 @@ -:title: Installation from Binaries -:description: This instruction set is meant for hackers who want to try out Docker on a variety of environments. -:keywords: binaries, installation, docker, documentation, linux - -.. _binaries: - -Binaries -======== - -.. include:: install_header.inc - -**This instruction set is meant for hackers who want to try out Docker -on a variety of environments.** - -Before following these directions, you should really check if a -packaged version of Docker is already available for your distribution. -We have packages for many distributions, and more keep showing up all -the time! - - -Check runtime dependencies --------------------------- - -.. DOC COMMENT: this should be kept in sync with - https://github.com/dotcloud/docker/blob/master/hack/PACKAGERS.md#runtime-dependencies - -To run properly, docker needs the following software to be installed at runtime: - -- iptables version 1.4 or later -- Git version 1.7 or later -- procps (or similar provider of a "ps" executable) -- XZ Utils 4.9 or later -- a `properly mounted - `_ - cgroupfs hierarchy (having a single, all-encompassing "cgroup" mount point `is - `_ `not - `_ `sufficient - `_) - - -Check kernel dependencies -------------------------- - -Docker in daemon mode has specific kernel requirements. For details, -check your distribution in :ref:`installation_list`. - -In general, a 3.8 Linux kernel (or higher) is preferred, as some of the -prior versions have known issues that are triggered by Docker. - -Note that Docker also has a client mode, which can run on virtually -any Linux kernel (it even builds on OSX!). - - -Get the docker binary: ----------------------- - -.. code-block:: bash - - wget https://get.docker.io/builds/Linux/x86_64/docker-latest -O docker - chmod +x docker - -.. note:: - If you have trouble downloading the binary, you can also get the smaller - compressed release file: https://get.docker.io/builds/Linux/x86_64/docker-latest.tgz - -Run the docker daemon ---------------------- - -.. code-block:: bash - - # start the docker in daemon mode from the directory you unpacked - sudo ./docker -d & - - -.. _dockergroup: - -Giving non-root access ----------------------- - -The ``docker`` daemon always runs as the root user, and since Docker -version 0.5.2, the ``docker`` daemon binds to a Unix socket instead of -a TCP port. By default that Unix socket is owned by the user *root*, -and so, by default, you can access it with ``sudo``. - -Starting in version 0.5.3, if you (or your Docker installer) create a -Unix group called *docker* and add users to it, then the ``docker`` -daemon will make the ownership of the Unix socket read/writable by the -*docker* group when the daemon starts. The ``docker`` daemon must -always run as the root user, but if you run the ``docker`` client as a -user in the *docker* group then you don't need to add ``sudo`` to all -the client commands. - -.. warning:: The *docker* group (or the group specified with ``-G``) is - root-equivalent; see :ref:`dockersecurity_daemon` details. - - -Upgrades --------- - -To upgrade your manual installation of Docker, first kill the docker -daemon: - -.. code-block:: bash - - killall docker - -Then follow the regular installation steps. - - -Run your first container! -------------------------- - -.. code-block:: bash - - # check your docker version - sudo ./docker version - - # run a container and open an interactive shell in the container - sudo ./docker run -i -t ubuntu /bin/bash - - - -Continue with the :ref:`hello_world` example. diff --git a/docs/sources/installation/cruxlinux.md b/docs/sources/installation/cruxlinux.md index 9bb336a6f5..d1a4de7367 100644 --- a/docs/sources/installation/cruxlinux.md +++ b/docs/sources/installation/cruxlinux.md @@ -5,13 +5,13 @@ page_keywords: crux linux, virtualization, Docker, documentation, installation # CRUX Linux > **Note**: -> Docker is still under heavy development! We don’t recommend using it in -> production yet, but we’re getting closer with each release. Please see +> Docker is still under heavy development! We don't recommend using it in +> production yet, but we're getting closer with each release. Please see > our blog post, [Getting to Docker 1.0]( > http://blog.docker.io/2013/08/getting-to-docker-1-0/) > **Note**: -> This is a community contributed installation path. The only ‘official’ +> This is a community contributed installation path. The only `official` > installation is using the [*Ubuntu*](../ubuntulinux/#ubuntu-linux) > installation path. This version may be out of date because it depends on > some binaries to be updated and published. @@ -19,9 +19,9 @@ page_keywords: crux linux, virtualization, Docker, documentation, installation Installing on CRUX Linux can be handled via the ports from [James Mills](http://prologic.shortcircuit.net.au/): -- [docker](https://bitbucket.org/prologic/ports/src/tip/docker/) -- [docker-bin](https://bitbucket.org/prologic/ports/src/tip/docker-bin/) -- [docker-git](https://bitbucket.org/prologic/ports/src/tip/docker-git/) +- [docker](https://bitbucket.org/prologic/ports/src/tip/docker/) +- [docker-bin](https://bitbucket.org/prologic/ports/src/tip/docker-bin/) +- [docker-git](https://bitbucket.org/prologic/ports/src/tip/docker-git/) The `docker` port will install the latest tagged version of Docker. The `docker-bin` port will @@ -33,30 +33,30 @@ master branch. For the time being (*until the CRUX Docker port(s) get into the official contrib repository*) you will need to install [James -Mills’](https://bitbucket.org/prologic/ports) ports repository. You can +Mills`](https://bitbucket.org/prologic/ports) ports repository. You can do so via: Download the `httpup` file to `/etc/ports/`: - curl -q -o - http://crux.nu/portdb/?a=getup&q=prologic > /etc/ports/prologic.httpup + $ curl -q -o - http://crux.nu/portdb/?a=getup&q=prologic > /etc/ports/prologic.httpup Add `prtdir /usr/ports/prologic` to `/etc/prt-get.conf`: - vim /etc/prt-get.conf + $ vim /etc/prt-get.conf # or: - echo "prtdir /usr/ports/prologic" >> /etc/prt-get.conf + $ echo "prtdir /usr/ports/prologic" >> /etc/prt-get.conf Update ports and prt-get cache: - ports -u - prt-get cache + $ ports -u + $ prt-get cache To install (*and its dependencies*): - prt-get depinst docker + $ prt-get depinst docker Use `docker-bin` for the upstream binary or `docker-git` to build and install from the master @@ -70,24 +70,22 @@ and Docker Daemon to work properly. Please read the `README.rst`: - prt-get readme docker + $ prt-get readme docker There is a `test_kernel_config.sh` script in the above ports which you can use to test your Kernel configuration: - cd /usr/ports/prologic/docker - ./test_kernel_config.sh /usr/src/linux/.config + $ cd /usr/ports/prologic/docker + $ ./test_kernel_config.sh /usr/src/linux/.config ## Starting Docker There is a rc script created for Docker. To start the Docker service: - sudo su - - /etc/rc.d/docker start + $ sudo su - + $ /etc/rc.d/docker start To start on system boot: -- Edit `/etc/rc.conf` -- Put `docker` into the `SERVICES=(...)` - array after `net`. - + - Edit `/etc/rc.conf` + - Put `docker` into the `SERVICES=(...)` array after `net`. diff --git a/docs/sources/installation/cruxlinux.rst b/docs/sources/installation/cruxlinux.rst deleted file mode 100644 index d1970cd1bf..0000000000 --- a/docs/sources/installation/cruxlinux.rst +++ /dev/null @@ -1,98 +0,0 @@ -:title: Installation on CRUX Linux -:description: Docker installation on CRUX Linux. -:keywords: crux linux, virtualization, Docker, documentation, installation - -.. _crux_linux: - - -CRUX Linux -========== - -.. include:: install_header.inc - -.. include:: install_unofficial.inc - -Installing on CRUX Linux can be handled via the ports from `James Mills `_: - -* `docker `_ - -* `docker-bin `_ - -* `docker-git `_ - -The ``docker`` port will install the latest tagged version of Docker. -The ``docker-bin`` port will install the latest tagged versin of Docker from upstream built binaries. -The ``docker-git`` package will build from the current master branch. - - -Installation ------------- - -For the time being (*until the CRUX Docker port(s) get into the official contrib repository*) you will need to install -`James Mills' `_ ports repository. You can do so via: - -Download the ``httpup`` file to ``/etc/ports/``: -:: - - curl -q -o - http://crux.nu/portdb/?a=getup&q=prologic > /etc/ports/prologic.httpup - - -Add ``prtdir /usr/ports/prologic`` to ``/etc/prt-get.conf``: -:: - - vim /etc/prt-get.conf - - # or: - echo "prtdir /usr/ports/prologic" >> /etc/prt-get.conf - - -Update ports and prt-get cache: -:: - - ports -u - prt-get cache - - -To install (*and its dependencies*): -:: - - prt-get depinst docker - - -Use ``docker-bin`` for the upstream binary or ``docker-git`` to build and install from the master branch from git. - - -Kernel Requirements -------------------- - -To have a working **CRUX+Docker** Host you must ensure your Kernel -has the necessary modules enabled for LXC containers to function -correctly and Docker Daemon to work properly. - -Please read the ``README.rst``: -:: - - prt-get readme docker - -There is a ``test_kernel_config.sh`` script in the above ports which you can use to test your Kernel configuration: - -:: - - cd /usr/ports/prologic/docker - ./test_kernel_config.sh /usr/src/linux/.config - - -Starting Docker ---------------- - -There is a rc script created for Docker. To start the Docker service: - -:: - - sudo su - - /etc/rc.d/docker start - -To start on system boot: - -- Edit ``/etc/rc.conf`` -- Put ``docker`` into the ``SERVICES=(...)`` array after ``net``. diff --git a/docs/sources/installation/fedora.md b/docs/sources/installation/fedora.md index 0718df032c..93b5b05b13 100644 --- a/docs/sources/installation/fedora.md +++ b/docs/sources/installation/fedora.md @@ -5,13 +5,13 @@ page_keywords: Docker, Docker documentation, Fedora, requirements, virtualbox, v # Fedora > **Note**: -> Docker is still under heavy development! We don’t recommend using it in -> production yet, but we’re getting closer with each release. Please see +> Docker is still under heavy development! We don't recommend using it in +> production yet, but we're getting closer with each release. Please see > our blog post, [Getting to Docker 1.0]( > http://blog.docker.io/2013/08/getting-to-docker-1-0/) > **Note**: -> This is a community contributed installation path. The only ‘official’ +> This is a community contributed installation path. The only `official` > installation is using the [*Ubuntu*](../ubuntulinux/#ubuntu-linux) > installation path. This version may be out of date because it depends on > some binaries to be updated and published. @@ -25,40 +25,40 @@ bit** architecture. The `docker-io` package provides Docker on Fedora. If you have the (unrelated) `docker` package installed already, it will -conflict with `docker-io`. There’s a [bug +conflict with `docker-io`. There's a [bug report](https://bugzilla.redhat.com/show_bug.cgi?id=1043676) filed for it. To proceed with `docker-io` installation on Fedora 19, please remove `docker` first. - sudo yum -y remove docker + $ sudo yum -y remove docker For Fedora 20 and later, the `wmdocker` package will provide the same functionality as `docker` and will also not conflict with `docker-io`. - sudo yum -y install wmdocker - sudo yum -y remove docker + $ sudo yum -y install wmdocker + $ sudo yum -y remove docker Install the `docker-io` package which will install Docker on our host. - sudo yum -y install docker-io + $ sudo yum -y install docker-io To update the `docker-io` package: - sudo yum -y update docker-io + $ sudo yum -y update docker-io -Now that it’s installed, let’s start the Docker daemon. +Now that it's installed, let's start the Docker daemon. - sudo systemctl start docker + $ sudo systemctl start docker If we want Docker to start at boot, we should also: - sudo systemctl enable docker + $ sudo systemctl enable docker -Now let’s verify that Docker is working. +Now let's verify that Docker is working. - sudo docker run -i -t fedora /bin/bash + $ sudo docker run -i -t fedora /bin/bash **Done!**, now continue with the [*Hello -World*](../../examples/hello_world/#hello-world) example. +World*](/examples/hello_world/#hello-world) example. diff --git a/docs/sources/installation/fedora.rst b/docs/sources/installation/fedora.rst deleted file mode 100644 index 3b95f04f7f..0000000000 --- a/docs/sources/installation/fedora.rst +++ /dev/null @@ -1,75 +0,0 @@ -:title: Installation on Fedora -:description: Please note this project is currently under heavy development. It should not be used in production. -:keywords: Docker, Docker documentation, Fedora, requirements, virtualbox, vagrant, git, ssh, putty, cygwin, linux - -.. _fedora: - -Fedora -====== - -.. include:: install_header.inc - -.. include:: install_unofficial.inc - -Docker is available in **Fedora 19 and later**. Please note that due to the -current Docker limitations Docker is able to run only on the **64 bit** -architecture. - -Installation ------------- - -The ``docker-io`` package provides Docker on Fedora. - - -If you have the (unrelated) ``docker`` package installed already, it will -conflict with ``docker-io``. There's a `bug report`_ filed for it. -To proceed with ``docker-io`` installation on Fedora 19 or Fedora 20, please -remove ``docker`` first. - -.. code-block:: bash - - sudo yum -y remove docker - -For Fedora 21 and later, the ``wmdocker`` package will provide the same -functionality as the old ``docker`` and will also not conflict with ``docker-io``. - -.. code-block:: bash - - sudo yum -y install wmdocker - sudo yum -y remove docker - -Install the ``docker-io`` package which will install Docker on our host. - -.. code-block:: bash - - sudo yum -y install docker-io - - -To update the ``docker-io`` package: - -.. code-block:: bash - - sudo yum -y update docker-io - -Now that it's installed, let's start the Docker daemon. - -.. code-block:: bash - - sudo systemctl start docker - -If we want Docker to start at boot, we should also: - -.. code-block:: bash - - sudo systemctl enable docker - -Now let's verify that Docker is working. - -.. code-block:: bash - - sudo docker run -i -t fedora /bin/bash - -**Done!**, now continue with the :ref:`hello_world` example. - -.. _bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1043676 - diff --git a/docs/sources/installation/frugalware.md b/docs/sources/installation/frugalware.md index 0e9f9c9f1b..eb409d8d39 100644 --- a/docs/sources/installation/frugalware.md +++ b/docs/sources/installation/frugalware.md @@ -5,21 +5,21 @@ page_keywords: frugalware linux, virtualization, docker, documentation, installa # FrugalWare > **Note**: -> Docker is still under heavy development! We don’t recommend using it in -> production yet, but we’re getting closer with each release. Please see +> Docker is still under heavy development! We don't recommend using it in +> production yet, but we're getting closer with each release. Please see > our blog post, [Getting to Docker 1.0]( > http://blog.docker.io/2013/08/getting-to-docker-1-0/) > **Note**: -> This is a community contributed installation path. The only ‘official’ +> This is a community contributed installation path. The only `official` > installation is using the [*Ubuntu*](../ubuntulinux/#ubuntu-linux) > installation path. This version may be out of date because it depends on > some binaries to be updated and published Installing on FrugalWare is handled via the official packages: -- [lxc-docker i686](http://www.frugalware.org/packages/200141) -- [lxc-docker x86\_64](http://www.frugalware.org/packages/200130) + - [lxc-docker i686](http://www.frugalware.org/packages/200141) + - [lxc-docker x86_64](http://www.frugalware.org/packages/200130) The lxc-docker package will install the latest tagged version of Docker. @@ -28,13 +28,13 @@ The lxc-docker package will install the latest tagged version of Docker. Docker depends on several packages which are specified as dependencies in the packages. The core dependencies are: -- systemd -- lvm2 -- sqlite3 -- libguestfs -- lxc -- iproute2 -- bridge-utils + - systemd + - lvm2 + - sqlite3 + - libguestfs + - lxc + - iproute2 + - bridge-utils ## Installation @@ -49,8 +49,8 @@ is all that is needed. There is a systemd service unit created for Docker. To start Docker as service: - sudo systemctl start lxc-docker + $ sudo systemctl start lxc-docker To start on system boot: - sudo systemctl enable lxc-docker + $ sudo systemctl enable lxc-docker diff --git a/docs/sources/installation/frugalware.rst b/docs/sources/installation/frugalware.rst deleted file mode 100644 index ed9bb2bfaa..0000000000 --- a/docs/sources/installation/frugalware.rst +++ /dev/null @@ -1,62 +0,0 @@ -:title: Installation on FrugalWare -:description: Please note this project is currently under heavy development. It should not be used in production. -:keywords: frugalware linux, virtualization, docker, documentation, installation - -.. _frugalware: - -FrugalWare -========== - -.. include:: install_header.inc - -.. include:: install_unofficial.inc - -Installing on FrugalWare is handled via the official packages: - -* `lxc-docker i686 `_ - -* `lxc-docker x86_64 `_ - -The `lxc-docker` package will install the latest tagged version of Docker. - -Dependencies ------------- - -Docker depends on several packages which are specified as dependencies in -the packages. The core dependencies are: - -* systemd -* lvm2 -* sqlite3 -* libguestfs -* lxc -* iproute2 -* bridge-utils - - -Installation ------------- - -A simple -:: - - pacman -S lxc-docker - -is all that is needed. - - -Starting Docker ---------------- - -There is a systemd service unit created for Docker. To start Docker as service: - -:: - - sudo systemctl start lxc-docker - - -To start on system boot: - -:: - - sudo systemctl enable lxc-docker diff --git a/docs/sources/installation/gentoolinux.md b/docs/sources/installation/gentoolinux.md index 87e1c78e84..92329dca90 100644 --- a/docs/sources/installation/gentoolinux.md +++ b/docs/sources/installation/gentoolinux.md @@ -5,23 +5,23 @@ page_keywords: gentoo linux, virtualization, docker, documentation, installation # Gentoo > **Note**: -> Docker is still under heavy development! We don’t recommend using it in -> production yet, but we’re getting closer with each release. Please see +> Docker is still under heavy development! We don't recommend using it in +> production yet, but we're getting closer with each release. Please see > our blog post, [Getting to Docker 1.0]( > http://blog.docker.io/2013/08/getting-to-docker-1-0/) > **Note**: -> This is a community contributed installation path. The only ‘official’ +> This is a community contributed installation path. The only `official` > installation is using the [*Ubuntu*](../ubuntulinux/#ubuntu-linux) > installation path. This version may be out of date because it depends on > some binaries to be updated and published Installing Docker on Gentoo Linux can be accomplished using one of two -methods. The first and best way if you’re looking for a stable +methods. The first and best way if you're looking for a stable experience is to use the official app-emulation/docker package directly in the portage tree. -If you’re looking for a `-bin` ebuild, a live +If you're looking for a `-bin` ebuild, a live ebuild, or bleeding edge ebuild changes/fixes, the second installation method is to use the overlay provided at [https://github.com/tianon/docker-overlay](https://github.com/tianon/docker-overlay) @@ -31,8 +31,8 @@ using the overlay can be found in [the overlay README](https://github.com/tianon/docker-overlay/blob/master/README.md#using-this-overlay). Note that sometimes there is a disparity between the latest version and -what’s in the overlay, and between the latest version in the overlay and -what’s in the portage tree. Please be patient, and the latest version +what's in the overlay, and between the latest version in the overlay and +what's in the portage tree. Please be patient, and the latest version should propagate shortly. ## Installation @@ -43,36 +43,36 @@ use flags to pull in the proper dependencies of the major storage drivers, with the "device-mapper" use flag being enabled by default, since that is the simplest installation path. - sudo emerge -av app-emulation/docker + $ sudo emerge -av app-emulation/docker If any issues arise from this ebuild or the resulting binary, including and especially missing kernel configuration flags and/or dependencies, -[open an issue on the docker-overlay -repository](https://github.com/tianon/docker-overlay/issues) or ping -tianon directly in the \#docker IRC channel on the freenode network. +[open an issue on the docker-overlay repository]( +https://github.com/tianon/docker-overlay/issues) or ping +tianon directly in the #docker IRC channel on the freenode network. ## Starting Docker Ensure that you are running a kernel that includes all the necessary modules and/or configuration for LXC (and optionally for device-mapper -and/or AUFS, depending on the storage driver you’ve decided to use). +and/or AUFS, depending on the storage driver you`ve decided to use). ### OpenRC To start the docker daemon: - sudo /etc/init.d/docker start + $ sudo /etc/init.d/docker start To start on system boot: - sudo rc-update add docker default + $ sudo rc-update add docker default ### systemd To start the docker daemon: - sudo systemctl start docker.service + $ sudo systemctl start docker.service To start on system boot: - sudo systemctl enable docker.service + $ sudo systemctl enable docker.service diff --git a/docs/sources/installation/gentoolinux.rst b/docs/sources/installation/gentoolinux.rst deleted file mode 100644 index 5abfddeb91..0000000000 --- a/docs/sources/installation/gentoolinux.rst +++ /dev/null @@ -1,84 +0,0 @@ -:title: Installation on Gentoo -:description: Please note this project is currently under heavy development. It should not be used in production. -:keywords: gentoo linux, virtualization, docker, documentation, installation - -.. _gentoo_linux: - -Gentoo -====== - -.. include:: install_header.inc - -.. include:: install_unofficial.inc - -Installing Docker on Gentoo Linux can be accomplished using one of two methods. -The first and best way if you're looking for a stable experience is to use the -official `app-emulation/docker` package directly in the portage tree. - -If you're looking for a ``-bin`` ebuild, a live ebuild, or bleeding edge -ebuild changes/fixes, the second installation method is to use the overlay -provided at https://github.com/tianon/docker-overlay which can be added using -``app-portage/layman``. The most accurate and up-to-date documentation for -properly installing and using the overlay can be found in `the overlay README -`_. - -Note that sometimes there is a disparity between the latest version and what's -in the overlay, and between the latest version in the overlay and what's in the -portage tree. Please be patient, and the latest version should propagate -shortly. - -Installation -^^^^^^^^^^^^ - -The package should properly pull in all the necessary dependencies and prompt -for all necessary kernel options. The ebuilds for 0.7+ include use flags to -pull in the proper dependencies of the major storage drivers, with the -"device-mapper" use flag being enabled by default, since that is the simplest -installation path. - -.. code-block:: bash - - sudo emerge -av app-emulation/docker - -If any issues arise from this ebuild or the resulting binary, including and -especially missing kernel configuration flags and/or dependencies, `open an -issue on the docker-overlay repository -`_ or ping tianon directly in -the #docker IRC channel on the freenode network. - -Starting Docker -^^^^^^^^^^^^^^^ - -Ensure that you are running a kernel that includes all the necessary modules -and/or configuration for LXC (and optionally for device-mapper and/or AUFS, -depending on the storage driver you've decided to use). - -OpenRC ------- - -To start the docker daemon: - -.. code-block:: bash - - sudo /etc/init.d/docker start - -To start on system boot: - -.. code-block:: bash - - sudo rc-update add docker default - -systemd -------- - -To start the docker daemon: - -.. code-block:: bash - - sudo systemctl start docker.service - -To start on system boot: - -.. code-block:: bash - - sudo systemctl enable docker.service diff --git a/docs/sources/installation/google.md b/docs/sources/installation/google.md index 611e9bb7bc..4c22808dcb 100644 --- a/docs/sources/installation/google.md +++ b/docs/sources/installation/google.md @@ -2,22 +2,22 @@ page_title: Installation on Google Cloud Platform page_description: Please note this project is currently under heavy development. It should not be used in production. page_keywords: Docker, Docker documentation, installation, google, Google Compute Engine, Google Cloud Platform -# [Google Cloud Platform](https://cloud.google.com/) +# Google Cloud Platform > **Note**: -> Docker is still under heavy development! We don’t recommend using it in -> production yet, but we’re getting closer with each release. Please see +> Docker is still under heavy development! We don't recommend using it in +> production yet, but we're getting closer with each release. Please see > our blog post, [Getting to Docker 1.0]( > http://blog.docker.io/2013/08/getting-to-docker-1-0/) -## [Compute Engine](https://developers.google.com/compute) QuickStart for [Debian](https://www.debian.org) +## Compute Engine QuickStart for Debian -1. Go to [Google Cloud Console](https://cloud.google.com/console) and - create a new Cloud Project with [Compute Engine - enabled](https://developers.google.com/compute/docs/signup). -2. Download and configure the [Google Cloud - SDK](https://developers.google.com/cloud/sdk/) to use your project - with the following commands: +1. Go to [Google Cloud Console](https://cloud.google.com/console) and + create a new Cloud Project with [Compute Engine + enabled](https://developers.google.com/compute/docs/signup). +2. Download and configure the [Google Cloud SDK]( + https://developers.google.com/cloud/sdk/) to use your project + with the following commands: @@ -45,19 +45,19 @@ page_keywords: Docker, Docker documentation, installation, google, Google Comput $ gcutil ssh docker-playground - docker-playground:~$ + $ docker-playground:~$ 5. Install the latest Docker release and configure it to start when the instance boots: - docker-playground:~$ curl get.docker.io | bash - docker-playground:~$ sudo update-rc.d docker defaults + $ docker-playground:~$ curl get.docker.io | bash + $ docker-playground:~$ sudo update-rc.d docker defaults 6. Start a new container: - docker-playground:~$ sudo docker run busybox echo 'docker on GCE \o/' - docker on GCE \o/ + $ docker-playground:~$ sudo docker run busybox echo 'docker on GCE \o/' + $ docker on GCE \o/ diff --git a/docs/sources/installation/google.rst b/docs/sources/installation/google.rst deleted file mode 100644 index cc1df5da24..0000000000 --- a/docs/sources/installation/google.rst +++ /dev/null @@ -1,58 +0,0 @@ -:title: Installation on Google Cloud Platform -:description: Please note this project is currently under heavy development. It should not be used in production. -:keywords: Docker, Docker documentation, installation, google, Google Compute Engine, Google Cloud Platform - -`Google Cloud Platform `_ -==================================================== - -.. include:: install_header.inc - -.. _googlequickstart: - -`Compute Engine `_ QuickStart for `Debian `_ ------------------------------------------------------------------------------------------------------------ - -1. Go to `Google Cloud Console `_ and create a new Cloud Project with `Compute Engine enabled `_. - -2. Download and configure the `Google Cloud SDK `_ to use your project with the following commands: - -.. code-block:: bash - - $ curl https://dl.google.com/dl/cloudsdk/release/install_google_cloud_sdk.bash | bash - $ gcloud auth login - Enter a cloud project id (or leave blank to not set): - -3. Start a new instance, select a zone close to you and the desired instance size: - -.. code-block:: bash - - $ gcutil addinstance docker-playground --image=backports-debian-7 - 1: europe-west1-a - ... - 4: us-central1-b - >>> - 1: machineTypes/n1-standard-1 - ... - 12: machineTypes/g1-small - >>> - -4. Connect to the instance using SSH: - -.. code-block:: bash - - $ gcutil ssh docker-playground - docker-playground:~$ - -5. Install the latest Docker release and configure it to start when the instance boots: - -.. code-block:: bash - - docker-playground:~$ curl get.docker.io | bash - docker-playground:~$ sudo update-rc.d docker defaults - -6. Start a new container: - -.. code-block:: bash - - docker-playground:~$ sudo docker run busybox echo 'docker on GCE \o/' - docker on GCE \o/ diff --git a/docs/sources/installation/index.rst b/docs/sources/installation/index.rst deleted file mode 100644 index ae0e9196fa..0000000000 --- a/docs/sources/installation/index.rst +++ /dev/null @@ -1,34 +0,0 @@ -:title: Docker Installation -:description: many ways to install Docker -:keywords: docker, installation - -.. _installation_list: - -Installation -============ - -There are a number of ways to install Docker, depending on where you -want to run the daemon. The :ref:`ubuntu_linux` installation is the -officially-tested version. The community adds more techniques for -installing Docker all the time. - -Contents: - -.. toctree:: - :maxdepth: 1 - - ubuntulinux - rhel - fedora - archlinux - cruxlinux - gentoolinux - openSUSE - frugalware - mac - windows - amazon - rackspace - google - softlayer - binaries diff --git a/docs/sources/installation/mac.md b/docs/sources/installation/mac.md index 4b70ef8371..c30e0b6440 100644 --- a/docs/sources/installation/mac.md +++ b/docs/sources/installation/mac.md @@ -1,179 +1,186 @@ -page_title: Installation on Mac OS X 10.6 Snow Leopard -page_description: Please note this project is currently under heavy development. It should not be used in production. -page_keywords: Docker, Docker documentation, requirements, virtualbox, ssh, linux, os x, osx, mac +page_title: Installation on Mac OS X +page_description: Instructions for installing Docker on OS X using boot2docker. +page_keywords: Docker, Docker documentation, requirements, boot2docker, VirtualBox, SSH, Linux, OSX, OS X, Mac -# Mac OS X +# Installing Docker on Mac OS X > **Note**: -> These instructions are available with the new release of Docker (version -> 0.8). However, they are subject to change. - -> **Note**: -> Docker is still under heavy development! We don’t recommend using it in -> production yet, but we’re getting closer with each release. Please see +> Docker is still under heavy development! We don't recommend using it in +> production yet, but we're getting closer with each release. Please see > our blog post, [Getting to Docker 1.0]( > http://blog.docker.io/2013/08/getting-to-docker-1-0/) -Docker is supported on Mac OS X 10.6 "Snow Leopard" or newer. +> **Note:** +> Docker is supported on Mac OS X 10.6 "Snow Leopard" or newer. -## How To Install Docker On Mac OS X +Docker has two key components: the Docker daemon and the `docker` binary +which acts as a client. The client passes instructions to the daemon +which builds, runs and manages your Docker containers. As Docker uses +some Linux-specific kernel features you can't use it directly on OS X. +Instead we run the Docker daemon inside a lightweight virtual machine on your local +OS X host. We can then use a native client `docker` binary to communicate +with the Docker daemon inside our virtual machine. To make this process +easier we've designed a helper application called +[boot2docker](https://github.com/boot2docker/boot2docker) to install +that virtual machine and run our Docker daemon. -### VirtualBox +[boot2docker](https://github.com/boot2docker/boot2docker) uses +VirtualBox to create the virtual machine so we'll need to install that +first. + +## Installing VirtualBox Docker on OS X needs VirtualBox to run. To begin with, head over to [VirtualBox Download Page](https://www.virtualbox.org/wiki/Downloads) and get the tool for `OS X hosts x86/amd64`. -Once the download is complete, open the disk image, run the set up file -(i.e. `VirtualBox.pkg`) and install VirtualBox. Do -not simply copy the package without running the installer. +Once the download is complete, open the disk image, run `VirtualBox.pkg` +and install VirtualBox. -### boot2docker +> **Note**: +> Do not simply copy the package without running the +> installer. + +## Installing boot2docker + +### Installing manually [boot2docker](https://github.com/boot2docker/boot2docker) provides a -handy script to easily manage the VM running the `docker` -daemon. It also takes care of the installation for the OS -image that is used for the job. +handy script to manage the VM running the Docker daemon. It also takes +care of the installation of that VM. -#### With Homebrew +Open up a new terminal window and run the following commands to get +boot2docker: + + # Enter the installation directory + $ mkdir -p ~/bin + $ cd ~/bin + + # Get the file + $ curl https://raw.githubusercontent.com/boot2docker/boot2docker/master/boot2docker > boot2docker + + # Mark it executable + $ chmod +x boot2docker + +### Installing the Docker OS X Client + +The Docker daemon is accessed using the `docker` binary. + +Run the following commands to get it downloaded and set up: + + # Get the docker binary + $ DIR=$(mktemp -d ${TMPDIR:-/tmp}/dockerdl.XXXXXXX) && \ + curl -f -o $DIR/ld.tgz https://get.docker.io/builds/Darwin/x86_64/docker-latest.tgz && \ + gunzip $DIR/ld.tgz && \ + tar xvf $DIR/ld.tar -C $DIR/ && \ + cp $DIR/usr/local/bin/docker ./docker + + # Copy the executable file + $ sudo mkdir -p /usr/local/bin + $ sudo cp docker /usr/local/bin/ + +### Configure the Docker OS X Client + +The Docker client, `docker`, uses an environment variable `DOCKER_HOST` +to specify the location of the Docker daemon to connect to. Specify your +local boot2docker virtual machine as the value of that variable. + + $ export DOCKER_HOST=tcp://127.0.0.1:4243 + +## Installing boot2docker with Homebrew If you are using Homebrew on your machine, simply run the following command to install `boot2docker`: - brew install boot2docker + $ brew install boot2docker -#### Manual installation +Run the following command to install the Docker client: -Open up a new terminal window, if you have not already. + $ brew install docker -Run the following commands to get boot2docker: +And that's it! Let's check out how to use it. - # Enter the installation directory - cd ~/bin +# How To Use Docker On Mac OS X - # Get the file - curl https://raw.github.com/boot2docker/boot2docker/master/boot2docker > boot2docker +## Running the Docker daemon via boot2docker - # Mark it executable - chmod +x boot2docker +Firstly we need to initialize our boot2docker virtual machine. Run the +`boot2docker` command. -### Docker OS X Client + $ boot2docker init -The `docker` daemon is accessed using the -`docker` client. +This will setup our initial virtual machine. -#### With Homebrew +Next we need to start the Docker daemon. -Run the following command to install the `docker` -client: + $ boot2docker up - brew install docker +There are a variety of others commands available using the `boot2docker` +script. You can see these like so: -#### Manual installation + $ boot2docker + Usage ./boot2docker {init|start|up|pause|stop|restart|status|info|delete|ssh|download} -Run the following commands to get it downloaded and set up: +## The Docker client - # Get the docker client file - DIR=$(mktemp -d ${TMPDIR:-/tmp}/dockerdl.XXXXXXX) && \ - curl -f -o $DIR/ld.tgz https://get.docker.io/builds/Darwin/x86_64/docker-latest.tgz && \ - gunzip $DIR/ld.tgz && \ - tar xvf $DIR/ld.tar -C $DIR/ && \ - cp $DIR/usr/local/bin/docker ./docker +Once the virtual machine with the Docker daemon is up, you can use the `docker` +binary just like any other application. - # Set the environment variable for the docker daemon - export DOCKER_HOST=tcp://127.0.0.1:4243 + $ docker version + Client version: 0.10.0 + Client API version: 1.10 + Server version: 0.10.0 + Server API version: 1.10 + Last stable version: 0.10.0 - # Copy the executable file - sudo mkdir -p /usr/local/bin - sudo cp docker /usr/local/bin/ +## Using Docker port forwarding with boot2docker -And that’s it! Let’s check out how to use it. +In order to forward network ports from Docker with boot2docker we need to +manually forward the port range Docker uses inside VirtualBox. To do +this we take the port range that Docker uses by default with the `-P` +option, ports 49000-49900, and run the following command. -## How To Use Docker On Mac OS X +> **Note:** +> The boot2docker virtual machine must be powered off for this +> to work. -### The `docker` daemon (via boot2docker) - -Inside the `~/bin` directory, run the following -commands: - - # Initiate the VM - ./boot2docker init - - # Run the VM (the docker daemon) - ./boot2docker up - - # To see all available commands: - ./boot2docker - - # Usage ./boot2docker {init|start|up|pause|stop|restart|status|info|delete|ssh|download} - -### The `docker` client - -Once the VM with the `docker` daemon is up, you can -use the `docker` client just like any other -application. - - docker version - # Client version: 0.7.6 - # Go version (client): go1.2 - # Git commit (client): bc3b2ec - # Server version: 0.7.5 - # Git commit (server): c348c04 - # Go version (server): go1.2 - -### Forwarding VM Port Range to Host - -If we take the port range that docker uses by default with the -P option -(49000-49900), and forward same range from host to vm, we’ll be able to -interact with our containers as if they were running locally: - - # vm must be powered off for i in {49000..49900}; do VBoxManage modifyvm "boot2docker-vm" --natpf1 "tcp-port$i,tcp,,$i,,$i"; VBoxManage modifyvm "boot2docker-vm" --natpf1 "udp-port$i,udp,,$i,,$i"; done -### SSH-ing The VM +## Connecting to the VM via SSH If you feel the need to connect to the VM, you can simply run: - ./boot2docker ssh + $ ./boot2docker ssh # User: docker # Pwd: tcuser -You can now continue with the [*Hello -World*](../../examples/hello_world/#hello-world) example. +If SSH complains about keys then run: -## Learn More + $ ssh-keygen -R '[localhost]:2022' -### boot2docker: +## Upgrading to a newer release of boot2docker + +To upgrade an initialized boot2docker virtual machine, you can use the +following 3 commands. Your virtual machine's disk will not be changed, +so you won't lose your images and containers: + + $ boot2docker stop + $ boot2docker download + $ boot2docker start + +# Learn More + +## boot2docker See the GitHub page for [boot2docker](https://github.com/boot2docker/boot2docker). -### If SSH complains about keys: +# Next steps - ssh-keygen -R '[localhost]:2022' +You can now continue with the [*Hello +World*](/examples/hello_world/#hello-world) example. -### Upgrading to a newer release of boot2docker - -To upgrade an initialised VM, you can use the following 3 commands. Your -persistence disk will not be changed, so you won’t lose your images and -containers: - - ./boot2docker stop - ./boot2docker download - ./boot2docker start - -### About the way Docker works on Mac OS X: - -Docker has two key components: the `docker` daemon -and the `docker` client. The tool works by client -commanding the daemon. In order to work and do its magic, the daemon -makes use of some Linux Kernel features (e.g. LXC, name spaces etc.), -which are not supported by OS X. Therefore, the solution of getting -Docker to run on OS X consists of running it inside a lightweight -virtual machine. In order to simplify things, Docker comes with a bash -script to make this whole process as easy as possible (i.e. -boot2docker). diff --git a/docs/sources/installation/mac.rst b/docs/sources/installation/mac.rst deleted file mode 100644 index d5243625a7..0000000000 --- a/docs/sources/installation/mac.rst +++ /dev/null @@ -1,212 +0,0 @@ -:title: Installation on Mac OS X 10.6 Snow Leopard -:description: Please note this project is currently under heavy development. It should not be used in production. -:keywords: Docker, Docker documentation, requirements, virtualbox, ssh, linux, os x, osx, mac - -.. _macosx: - -======== -Mac OS X -======== - -.. note:: - - These instructions are available with the new release of Docker - (version 0.8). However, they are subject to change. - -.. include:: install_header.inc - -Docker is supported on Mac OS X 10.6 "Snow Leopard" or newer. - -How To Install Docker On Mac OS X -================================= - -VirtualBox ----------- - -Docker on OS X needs VirtualBox to run. To begin with, head over to -`VirtualBox Download Page`_ and get the tool for ``OS X hosts x86/amd64``. - -.. _VirtualBox Download Page: https://www.virtualbox.org/wiki/Downloads - -Once the download is complete, open the disk image, run the set up file -(i.e. ``VirtualBox.pkg``) and install VirtualBox. Do not simply copy the -package without running the installer. - -boot2docker ------------ - -`boot2docker`_ provides a handy script to easily manage the VM running the -``docker`` daemon. It also takes care of the installation for the OS image -that is used for the job. - -.. _GitHub page: https://github.com/boot2docker/boot2docker - -With Homebrew -~~~~~~~~~~~~~ - -If you are using Homebrew on your machine, simply run the following command to install ``boot2docker``: - -.. code-block:: bash - - brew install boot2docker - -Manual installation -~~~~~~~~~~~~~~~~~~~ - -Open up a new terminal window, if you have not already. - -Run the following commands to get boot2docker: - -.. code-block:: bash - - # Enter the installation directory - cd ~/bin - - # Get the file - curl https://raw.github.com/boot2docker/boot2docker/master/boot2docker > boot2docker - - # Mark it executable - chmod +x boot2docker - -Docker OS X Client ------------------- - -The ``docker`` daemon is accessed using the ``docker`` client. - -With Homebrew -~~~~~~~~~~~~~ - -Run the following command to install the ``docker`` client: - -.. code-block:: bash - - brew install docker - -Manual installation -~~~~~~~~~~~~~~~~~~~ - -Run the following commands to get it downloaded and set up: - -.. code-block:: bash - - # Get the docker client file - DIR=$(mktemp -d ${TMPDIR:-/tmp}/dockerdl.XXXXXXX) && \ - curl -f -o $DIR/ld.tgz https://get.docker.io/builds/Darwin/x86_64/docker-latest.tgz && \ - gunzip $DIR/ld.tgz && \ - tar xvf $DIR/ld.tar -C $DIR/ && \ - cp $DIR/usr/local/bin/docker ./docker - - # Set the environment variable for the docker daemon - export DOCKER_HOST=tcp://127.0.0.1:4243 - - # Copy the executable file - sudo cp docker /usr/local/bin/ - -And that’s it! Let’s check out how to use it. - -How To Use Docker On Mac OS X -============================= - -The ``docker`` daemon (via boot2docker) ---------------------------------------- - -Inside the ``~/bin`` directory, run the following commands: - -.. code-block:: bash - - # Initiate the VM - ./boot2docker init - - # Run the VM (the docker daemon) - ./boot2docker up - - # To see all available commands: - ./boot2docker - - # Usage ./boot2docker {init|start|up|pause|stop|restart|status|info|delete|ssh|download} - -The ``docker`` client ---------------------- - -Once the VM with the ``docker`` daemon is up, you can use the ``docker`` -client just like any other application. - -.. code-block:: bash - - docker version - # Client version: 0.7.6 - # Go version (client): go1.2 - # Git commit (client): bc3b2ec - # Server version: 0.7.5 - # Git commit (server): c348c04 - # Go version (server): go1.2 - -Forwarding VM Port Range to Host --------------------------------- - -If we take the port range that docker uses by default with the -P option -(49000-49900), and forward same range from host to vm, we'll be able to interact -with our containers as if they were running locally: - -.. code-block:: bash - - # vm must be powered off - for i in {49000..49900}; do - VBoxManage modifyvm "boot2docker-vm" --natpf1 "tcp-port$i,tcp,,$i,,$i"; - VBoxManage modifyvm "boot2docker-vm" --natpf1 "udp-port$i,udp,,$i,,$i"; - done - -SSH-ing The VM --------------- - -If you feel the need to connect to the VM, you can simply run: - -.. code-block:: bash - - ./boot2docker ssh - - # User: docker - # Pwd: tcuser - -You can now continue with the :ref:`hello_world` example. - -Learn More -========== - -boot2docker: ------------- - -See the GitHub page for `boot2docker`_. - -.. _boot2docker: https://github.com/boot2docker/boot2docker - -If SSH complains about keys: ----------------------------- - -.. code-block:: bash - - ssh-keygen -R '[localhost]:2022' - -Upgrading to a newer release of boot2docker -------------------------------------------- - -To upgrade an initialised VM, you can use the following 3 commands. Your persistence -disk will not be changed, so you won't lose your images and containers: - -.. code-block:: bash - - ./boot2docker stop - ./boot2docker download - ./boot2docker start - -About the way Docker works on Mac OS X: ---------------------------------------- - -Docker has two key components: the ``docker`` daemon and the ``docker`` -client. The tool works by client commanding the daemon. In order to -work and do its magic, the daemon makes use of some Linux Kernel -features (e.g. LXC, name spaces etc.), which are not supported by OS X. -Therefore, the solution of getting Docker to run on OS X consists of -running it inside a lightweight virtual machine. In order to simplify -things, Docker comes with a bash script to make this whole process as -easy as possible (i.e. boot2docker). diff --git a/docs/sources/installation/openSUSE.md b/docs/sources/installation/openSUSE.md index ebd8ea6f6e..07f2ca43d2 100644 --- a/docs/sources/installation/openSUSE.md +++ b/docs/sources/installation/openSUSE.md @@ -5,13 +5,13 @@ page_keywords: openSUSE, virtualbox, docker, documentation, installation # openSUSE > **Note**: -> Docker is still under heavy development! We don’t recommend using it in -> production yet, but we’re getting closer with each release. Please see +> Docker is still under heavy development! We don't recommend using it in +> production yet, but we're getting closer with each release. Please see > our blog post, [Getting to Docker 1.0]( > http://blog.docker.io/2013/08/getting-to-docker-1-0/) > **Note**: -> This is a community contributed installation path. The only ‘official’ +> This is a community contributed installation path. The only `official` > installation is using the [*Ubuntu*](../ubuntulinux/#ubuntu-linux) > installation path. This version may be out of date because it depends on > some binaries to be updated and published @@ -30,34 +30,35 @@ To proceed with Docker installation please add the right Virtualization repository. # openSUSE 12.3 - sudo zypper ar -f http://download.opensuse.org/repositories/Virtualization/openSUSE_12.3/ Virtualization + $ sudo zypper ar -f http://download.opensuse.org/repositories/Virtualization/openSUSE_12.3/ Virtualization # openSUSE 13.1 - sudo zypper ar -f http://download.opensuse.org/repositories/Virtualization/openSUSE_13.1/ Virtualization + $ sudo zypper ar -f http://download.opensuse.org/repositories/Virtualization/openSUSE_13.1/ Virtualization Install the Docker package. - sudo zypper in docker + $ sudo zypper in docker -It’s also possible to install Docker using openSUSE’s 1-click install. +It's also possible to install Docker using openSUSE's1-click install. Just visit [this](http://software.opensuse.org/package/docker) page, select your openSUSE version and click on the installation link. This will add the right repository to your system and it will also install the docker package. -Now that it’s installed, let’s start the Docker daemon. +Now that it's installed, let's start the Docker daemon. - sudo systemctl start docker + $ sudo systemctl start docker If we want Docker to start at boot, we should also: - sudo systemctl enable docker + $ sudo systemctl enable docker The docker package creates a new group named docker. Users, other than root user, need to be part of this group in order to interact with the Docker daemon. - sudo usermod -G docker + $ sudo usermod -G docker -**Done!**, now continue with the [*Hello -World*](../../examples/hello_world/#hello-world) example. +**Done!** +Now continue with the [*Hello World*]( +/examples/hello_world/#hello-world) example. diff --git a/docs/sources/installation/openSUSE.rst b/docs/sources/installation/openSUSE.rst deleted file mode 100644 index c791beacbf..0000000000 --- a/docs/sources/installation/openSUSE.rst +++ /dev/null @@ -1,73 +0,0 @@ -:title: Installation on openSUSE -:description: Please note this project is currently under heavy development. It should not be used in production. -:keywords: openSUSE, virtualbox, docker, documentation, installation - -.. _openSUSE: - -openSUSE -======== - -.. include:: install_header.inc - -.. include:: install_unofficial.inc - -Docker is available in **openSUSE 12.3 and later**. Please note that due to the -current Docker limitations Docker is able to run only on the **64 bit** -architecture. - -Installation ------------- - -The ``docker`` package from the `Virtualization project`_ on `OBS`_ provides -Docker on openSUSE. - - -To proceed with Docker installation please add the right Virtualization -repository. - -.. code-block:: bash - - # openSUSE 12.3 - sudo zypper ar -f http://download.opensuse.org/repositories/Virtualization/openSUSE_12.3/ Virtualization - - # openSUSE 13.1 - sudo zypper ar -f http://download.opensuse.org/repositories/Virtualization/openSUSE_13.1/ Virtualization - - -Install the Docker package. - -.. code-block:: bash - - sudo zypper in docker - -It's also possible to install Docker using openSUSE's 1-click install. Just -visit `this`_ page, select your openSUSE version and click on the installation -link. This will add the right repository to your system and it will -also install the `docker` package. - -Now that it's installed, let's start the Docker daemon. - -.. code-block:: bash - - sudo systemctl start docker - -If we want Docker to start at boot, we should also: - -.. code-block:: bash - - sudo systemctl enable docker - -The `docker` package creates a new group named `docker`. Users, other than -`root` user, need to be part of this group in order to interact with the -Docker daemon. - -.. code-block:: bash - - sudo usermod -G docker - - -**Done!**, now continue with the :ref:`hello_world` example. - -.. _Virtualization project: https://build.opensuse.org/project/show/Virtualization -.. _OBS: https://build.opensuse.org/ -.. _this: http://software.opensuse.org/package/docker diff --git a/docs/sources/installation/rackspace.md b/docs/sources/installation/rackspace.md index 2d213a7fc9..c93af388ed 100644 --- a/docs/sources/installation/rackspace.md +++ b/docs/sources/installation/rackspace.md @@ -5,7 +5,7 @@ page_keywords: Rackspace Cloud, installation, docker, linux, ubuntu # Rackspace Cloud > **Note**: -> This is a community contributed installation path. The only ‘official’ +> This is a community contributed installation path. The only `official` > installation is using the [*Ubuntu*](../ubuntulinux/#ubuntu-linux) > installation path. This version may be out of date because it depends on > some binaries to be updated and published @@ -20,8 +20,8 @@ If you are using any Linux not already shipping with the 3.8 kernel you will need to install it. And this is a little more difficult on Rackspace. -Rackspace boots their servers using grub’s `menu.lst` -and does not like non ‘virtual’ packages (e.g. Xen compatible) +Rackspace boots their servers using grub's `menu.lst` +and does not like non `virtual` packages (e.g. Xen compatible) kernels there, although they do work. This results in `update-grub` not having the expected result, and you will need to set the kernel manually. @@ -29,16 +29,16 @@ you will need to set the kernel manually. **Do not attempt this on a production machine!** # update apt - apt-get update + $ apt-get update # install the new kernel - apt-get install linux-generic-lts-raring + $ apt-get install linux-generic-lts-raring Great, now you have the kernel installed in `/boot/`, next you need to make it boot next time. # find the exact names - find /boot/ -name '*3.8*' + $ find /boot/ -name '*3.8*' # this should return some results @@ -51,7 +51,7 @@ the right files. Take special care to double check the kernel and initrd entries. # now edit /boot/grub/menu.lst - vi /boot/grub/menu.lst + $ vi /boot/grub/menu.lst It will probably look something like this: @@ -78,7 +78,7 @@ Reboot the server (either via command line or console) Verify the kernel was updated - uname -a + $ uname -a # Linux docker-12-04 3.8.0-19-generic #30~precise1-Ubuntu SMP Wed May 1 22:26:36 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux # nice! 3.8. diff --git a/docs/sources/installation/rackspace.rst b/docs/sources/installation/rackspace.rst deleted file mode 100644 index 687131a413..0000000000 --- a/docs/sources/installation/rackspace.rst +++ /dev/null @@ -1,97 +0,0 @@ -:title: Installation on Rackspace Cloud -:description: Please note this project is currently under heavy development. It should not be used in production. -:keywords: Rackspace Cloud, installation, docker, linux, ubuntu - -Rackspace Cloud -=============== - -.. include:: install_unofficial.inc - -Installing Docker on Ubuntu provided by Rackspace is pretty -straightforward, and you should mostly be able to follow the -:ref:`ubuntu_linux` installation guide. - -**However, there is one caveat:** - -If you are using any Linux not already shipping with the 3.8 kernel -you will need to install it. And this is a little more difficult on -Rackspace. - -Rackspace boots their servers using grub's ``menu.lst`` and does not -like non 'virtual' packages (e.g. Xen compatible) kernels there, -although they do work. This results in ``update-grub`` not having the -expected result, and you will need to set the kernel manually. - -**Do not attempt this on a production machine!** - -.. code-block:: bash - - # update apt - apt-get update - - # install the new kernel - apt-get install linux-generic-lts-raring - - -Great, now you have the kernel installed in ``/boot/``, next you need to make it -boot next time. - -.. code-block:: bash - - # find the exact names - find /boot/ -name '*3.8*' - - # this should return some results - - -Now you need to manually edit ``/boot/grub/menu.lst``, you will find a -section at the bottom with the existing options. Copy the top one and -substitute the new kernel into that. Make sure the new kernel is on -top, and double check the kernel and initrd lines point to the right files. - -Take special care to double check the kernel and initrd entries. - -.. code-block:: bash - - # now edit /boot/grub/menu.lst - vi /boot/grub/menu.lst - -It will probably look something like this: - -:: - - ## ## End Default Options ## - - title Ubuntu 12.04.2 LTS, kernel 3.8.x generic - root (hd0) - kernel /boot/vmlinuz-3.8.0-19-generic root=/dev/xvda1 ro quiet splash console=hvc0 - initrd /boot/initrd.img-3.8.0-19-generic - - title Ubuntu 12.04.2 LTS, kernel 3.2.0-38-virtual - root (hd0) - kernel /boot/vmlinuz-3.2.0-38-virtual root=/dev/xvda1 ro quiet splash console=hvc0 - initrd /boot/initrd.img-3.2.0-38-virtual - - title Ubuntu 12.04.2 LTS, kernel 3.2.0-38-virtual (recovery mode) - root (hd0) - kernel /boot/vmlinuz-3.2.0-38-virtual root=/dev/xvda1 ro quiet splash single - initrd /boot/initrd.img-3.2.0-38-virtual - - -Reboot the server (either via command line or console) - -.. code-block:: bash - - # reboot - -Verify the kernel was updated - -.. code-block:: bash - - uname -a - # Linux docker-12-04 3.8.0-19-generic #30~precise1-Ubuntu SMP Wed May 1 22:26:36 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux - - # nice! 3.8. - - -Now you can finish with the :ref:`ubuntu_linux` instructions. diff --git a/docs/sources/installation/rhel.md b/docs/sources/installation/rhel.md index d7df63920d..632743a2b9 100644 --- a/docs/sources/installation/rhel.md +++ b/docs/sources/installation/rhel.md @@ -5,20 +5,20 @@ page_keywords: Docker, Docker documentation, requirements, linux, rhel, centos # Red Hat Enterprise Linux > **Note**: -> Docker is still under heavy development! We don’t recommend using it in -> production yet, but we’re getting closer with each release. Please see +> Docker is still under heavy development! We don't recommend using it in +> production yet, but we're getting closer with each release. Please see > our blog post, [Getting to Docker 1.0]( > http://blog.docker.io/2013/08/getting-to-docker-1-0/) > **Note**: -> This is a community contributed installation path. The only ‘official’ +> This is a community contributed installation path. The only `official` > installation is using the [*Ubuntu*](../ubuntulinux/#ubuntu-linux) > installation path. This version may be out of date because it depends on > some binaries to be updated and published Docker is available for **RHEL** on EPEL. These instructions should work for both RHEL and CentOS. They will likely work for other binary -compatible EL6 distributions as well, but they haven’t been tested. +compatible EL6 distributions as well, but they haven't been tested. Please note that this package is part of [Extra Packages for Enterprise Linux (EPEL)](https://fedoraproject.org/wiki/EPEL), a community effort @@ -42,37 +42,36 @@ The `docker-io` package provides Docker on EPEL. If you already have the (unrelated) `docker` package installed, it will conflict with `docker-io`. -There’s a [bug -report](https://bugzilla.redhat.com/show_bug.cgi?id=1043676) filed for -it. To proceed with `docker-io` installation, please -remove `docker` first. +There's a [bug report]( +https://bugzilla.redhat.com/show_bug.cgi?id=1043676) filed for it. +To proceed with `docker-io` installation, please remove `docker` first. -Next, let’s install the `docker-io` package which +Next, let's install the `docker-io` package which will install Docker on our host. - sudo yum -y install docker-io + $ sudo yum -y install docker-io To update the `docker-io` package - sudo yum -y update docker-io + $ sudo yum -y update docker-io -Now that it’s installed, let’s start the Docker daemon. +Now that it's installed, let's start the Docker daemon. - sudo service docker start + $ sudo service docker start If we want Docker to start at boot, we should also: - sudo chkconfig docker on + $ sudo chkconfig docker on -Now let’s verify that Docker is working. +Now let's verify that Docker is working. - sudo docker run -i -t fedora /bin/bash + $ sudo docker run -i -t fedora /bin/bash -**Done!**, now continue with the [*Hello -World*](../../examples/hello_world/#hello-world) example. +**Done!** +Now continue with the [*Hello World*](/examples/hello_world/#hello-world) example. ## Issues? -If you have any issues - please report them directly in the [Red Hat -Bugzilla for docker-io -component](https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=docker-io). +If you have any issues - please report them directly in the +[Red Hat Bugzilla for docker-io component]( +https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=docker-io). diff --git a/docs/sources/installation/rhel.rst b/docs/sources/installation/rhel.rst deleted file mode 100644 index 151fba6f1f..0000000000 --- a/docs/sources/installation/rhel.rst +++ /dev/null @@ -1,85 +0,0 @@ -:title: Installation on Red Hat Enterprise Linux -:description: Please note this project is currently under heavy development. It should not be used in production. -:keywords: Docker, Docker documentation, requirements, linux, rhel, centos - -.. _rhel: - -Red Hat Enterprise Linux -======================== - -.. include:: install_header.inc - -.. include:: install_unofficial.inc - -Docker is available for **RHEL** on EPEL. These instructions should work for -both RHEL and CentOS. They will likely work for other binary compatible EL6 -distributions as well, but they haven't been tested. - -Please note that this package is part of `Extra Packages for Enterprise -Linux (EPEL)`_, a community effort to create and maintain additional packages -for the RHEL distribution. - -Also note that due to the current Docker limitations, Docker is able to run -only on the **64 bit** architecture. - -You will need `RHEL 6.5`_ or higher, with a RHEL 6 kernel version 2.6.32-431 or higher -as this has specific kernel fixes to allow Docker to work. - -Installation ------------- - -Firstly, you need to install the EPEL repository. Please follow the `EPEL installation instructions`_. - - -The ``docker-io`` package provides Docker on EPEL. - - -If you already have the (unrelated) ``docker`` package installed, it will -conflict with ``docker-io``. There's a `bug report`_ filed for it. -To proceed with ``docker-io`` installation, please remove -``docker`` first. - - -Next, let's install the ``docker-io`` package which will install Docker on our host. - -.. code-block:: bash - - sudo yum -y install docker-io - -To update the ``docker-io`` package - -.. code-block:: bash - - sudo yum -y update docker-io - -Now that it's installed, let's start the Docker daemon. - -.. code-block:: bash - - sudo service docker start - -If we want Docker to start at boot, we should also: - -.. code-block:: bash - - sudo chkconfig docker on - -Now let's verify that Docker is working. - -.. code-block:: bash - - sudo docker run -i -t fedora /bin/bash - -**Done!**, now continue with the :ref:`hello_world` example. - -Issues? -------- - -If you have any issues - please report them directly in the `Red Hat Bugzilla for docker-io component`_. - -.. _Extra Packages for Enterprise Linux (EPEL): https://fedoraproject.org/wiki/EPEL -.. _EPEL installation instructions: https://fedoraproject.org/wiki/EPEL#How_can_I_use_these_extra_packages.3F -.. _Red Hat Bugzilla for docker-io component : https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=docker-io -.. _bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1043676 -.. _RHEL 6.5: https://access.redhat.com/site/articles/3078#RHEL6 - diff --git a/docs/sources/installation/softlayer.md b/docs/sources/installation/softlayer.md index 0b14ac567d..11a192c61a 100644 --- a/docs/sources/installation/softlayer.md +++ b/docs/sources/installation/softlayer.md @@ -5,32 +5,32 @@ page_keywords: IBM SoftLayer, virtualization, cloud, docker, documentation, inst # IBM SoftLayer > **Note**: -> Docker is still under heavy development! We don’t recommend using it in -> production yet, but we’re getting closer with each release. Please see +> Docker is still under heavy development! We don't recommend using it in +> production yet, but we're getting closer with each release. Please see > our blog post, [Getting to Docker 1.0]( > http://blog.docker.io/2013/08/getting-to-docker-1-0/) ## IBM SoftLayer QuickStart -1. Create an [IBM SoftLayer - account](https://www.softlayer.com/cloudlayer/). -2. Log in to the [SoftLayer - Console](https://control.softlayer.com/devices/). -3. Go to [Order Hourly Computing Instance - Wizard](https://manage.softlayer.com/Sales/orderHourlyComputingInstance) - on your SoftLayer Console. -4. Create a new *CloudLayer Computing Instance* (CCI) using the default - values for all the fields and choose: +1. Create an [IBM SoftLayer account]( + https://www.softlayer.com/cloud-servers/). +2. Log in to the [SoftLayer Console]( + https://control.softlayer.com/devices/). +3. Go to [Order Hourly Computing Instance Wizard]( + https://manage.softlayer.com/Sales/orderHourlyComputingInstance) + on your SoftLayer Console. +4. Create a new *CloudLayer Computing Instance* (CCI) using the default + values for all the fields and choose: -- *First Available* as `Datacenter` and -- *Ubuntu Linux 12.04 LTS Precise Pangolin - Minimal Install (64 bit)* - as `Operating System`. + - *First Available* as `Datacenter` and + - *Ubuntu Linux 12.04 LTS Precise Pangolin - Minimal Install (64 bit)* + as `Operating System`. -5. Click the *Continue Your Order* button at the bottom right and - select *Go to checkout*. -6. Insert the required *User Metadata* and place the order. -7. Then continue with the [*Ubuntu*](../ubuntulinux/#ubuntu-linux) - instructions. +5. Click the *Continue Your Order* button at the bottom right and + select *Go to checkout*. +6. Insert the required *User Metadata* and place the order. +7. Then continue with the [*Ubuntu*](../ubuntulinux/#ubuntu-linux) + instructions. -Continue with the [*Hello -World*](../../examples/hello_world/#hello-world) example. +Continue with the [*Hello World*]( +/examples/hello_world/#hello-world) example. diff --git a/docs/sources/installation/softlayer.rst b/docs/sources/installation/softlayer.rst deleted file mode 100644 index 0fe3d6df5a..0000000000 --- a/docs/sources/installation/softlayer.rst +++ /dev/null @@ -1,25 +0,0 @@ -:title: Installation on IBM SoftLayer -:description: Please note this project is currently under heavy development. It should not be used in production. -:keywords: IBM SoftLayer, virtualization, cloud, docker, documentation, installation - -IBM SoftLayer -============= - -.. include:: install_header.inc - -IBM SoftLayer QuickStart -------------------------- - -1. Create an `IBM SoftLayer account `_. -2. Log in to the `SoftLayer Console `_. -3. Go to `Order Hourly Computing Instance Wizard `_ on your SoftLayer Console. -4. Create a new *CloudLayer Computing Instance* (CCI) using the default values for all the fields and choose: - -- *First Available* as ``Datacenter`` and -- *Ubuntu Linux 12.04 LTS Precise Pangolin - Minimal Install (64 bit)* as ``Operating System``. - -5. Click the *Continue Your Order* button at the bottom right and select *Go to checkout*. -6. Insert the required *User Metadata* and place the order. -7. Then continue with the :ref:`ubuntu_linux` instructions. - -Continue with the :ref:`hello_world` example. \ No newline at end of file diff --git a/docs/sources/installation/ubuntulinux.md b/docs/sources/installation/ubuntulinux.md index 07d6072b5d..d40e17b646 100644 --- a/docs/sources/installation/ubuntulinux.md +++ b/docs/sources/installation/ubuntulinux.md @@ -4,25 +4,46 @@ page_keywords: Docker, Docker documentation, requirements, virtualbox, vagrant, # Ubuntu -> **Warning**: -> These instructions have changed for 0.6. If you are upgrading from an -> earlier version, you will need to follow them again. - > **Note**: -> Docker is still under heavy development! We don’t recommend using it in -> production yet, but we’re getting closer with each release. Please see +> Docker is still under heavy development! We don't recommend using it in +> production yet, but we're getting closer with each release. Please see > our blog post, [Getting to Docker 1.0]( > http://blog.docker.io/2013/08/getting-to-docker-1-0/) Docker is supported on the following versions of Ubuntu: -- [*Ubuntu Precise 12.04 (LTS) (64-bit)*](#ubuntu-precise-1204-lts-64-bit) -- [*Ubuntu Raring 13.04 and Saucy 13.10 (64 - bit)*](#ubuntu-raring-1304-and-saucy-1310-64-bit) + - [*Ubuntu Trusty 14.04 (LTS) (64-bit)*](#ubuntu-trusty-1404-lts-64-bit) + - [*Ubuntu Precise 12.04 (LTS) (64-bit)*](#ubuntu-precise-1204-lts-64-bit) + - [*Ubuntu Raring 13.04 and Saucy 13.10 (64 + bit)*](#ubuntu-raring-1304-and-saucy-1310-64-bit) Please read [*Docker and UFW*](#docker-and-ufw), if you plan to use [UFW (Uncomplicated Firewall)](https://help.ubuntu.com/community/UFW) +## Ubuntu Trusty 14.04 (LTS) (64-bit) + +Ubuntu Trusty comes with a 3.13.0 Linux kernel, and a `docker.io` package which +installs all its prerequisites from Ubuntu's repository. + +> **Note**: +> Ubuntu (and Debian) contain a much older KDE3/GNOME2 package called ``docker``, so the +> package and the executable are called ``docker.io``. + +### Installation + +To install the latest Ubuntu package (may not be the latest Docker release): + + $ sudo apt-get update + $ sudo apt-get install docker.io + $ sudo ln -sf /usr/bin/docker.io /usr/local/bin/docker + +To verify that everything has worked as expected: + + $ sudo docker run -i -t ubuntu /bin/bash + +Which should download the `ubuntu` image, and then start `bash` in a container. + + ## Ubuntu Precise 12.04 (LTS) (64-bit) This installation path should work at all times. @@ -32,19 +53,19 @@ This installation path should work at all times. **Linux kernel 3.8** Due to a bug in LXC, Docker works best on the 3.8 kernel. Precise comes -with a 3.2 kernel, so we need to upgrade it. The kernel you’ll install +with a 3.2 kernel, so we need to upgrade it. The kernel you'll install when following these steps comes with AUFS built in. We also include the generic headers to enable packages that depend on them, like ZFS and the -VirtualBox guest additions. If you didn’t install the headers for your +VirtualBox guest additions. If you didn't install the headers for your "precise" kernel, then you can skip these headers for the "raring" -kernel. But it is safer to include them if you’re not sure. +kernel. But it is safer to include them if you're not sure. # install the backported kernel - sudo apt-get update - sudo apt-get install linux-image-generic-lts-raring linux-headers-generic-lts-raring + $ sudo apt-get update + $ sudo apt-get install linux-image-generic-lts-raring linux-headers-generic-lts-raring # reboot - sudo reboot + $ sudo reboot ### Installation @@ -59,7 +80,7 @@ faster for you to install. First, check that your APT system can deal with `https` URLs: the file `/usr/lib/apt/methods/https` -should exist. If it doesn’t, you need to install the package +should exist. If it doesn't, you need to install the package `apt-transport-https`. [ -e /usr/lib/apt/methods/https ] || { @@ -69,34 +90,34 @@ should exist. If it doesn’t, you need to install the package Then, add the Docker repository key to your local keychain. - sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9 + $ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9 Add the Docker repository to your apt sources list, update and install the `lxc-docker` package. -*You may receive a warning that the package isn’t trusted. Answer yes to +*You may receive a warning that the package isn't trusted. Answer yes to continue installation.* - sudo sh -c "echo deb https://get.docker.io/ubuntu docker main\ + $ sudo sh -c "echo deb https://get.docker.io/ubuntu docker main\ > /etc/apt/sources.list.d/docker.list" - sudo apt-get update - sudo apt-get install lxc-docker + $ sudo apt-get update + $ sudo apt-get install lxc-docker > **Note**: > > There is also a simple `curl` script available to help with this process. > -> curl -s https://get.docker.io/ubuntu/ | sudo sh +> $ curl -s https://get.docker.io/ubuntu/ | sudo sh Now verify that the installation has worked by downloading the `ubuntu` image and launching a container. - sudo docker run -i -t ubuntu /bin/bash + $ sudo docker run -i -t ubuntu /bin/bash Type `exit` to exit **Done!**, now continue with the [*Hello -World*](../../examples/hello_world/#hello-world) example. +World*](/examples/hello_world/#hello-world) example. ## Ubuntu Raring 13.04 and Saucy 13.10 (64 bit) @@ -106,15 +127,15 @@ These instructions cover both Ubuntu Raring 13.04 and Saucy 13.10. **Optional AUFS filesystem support** -Ubuntu Raring already comes with the 3.8 kernel, so we don’t need to +Ubuntu Raring already comes with the 3.8 kernel, so we don't need to install it. However, not all systems have AUFS filesystem support -enabled. AUFS support is optional as of version 0.7, but it’s still +enabled. AUFS support is optional as of version 0.7, but it's still available as a driver and we recommend using it if you can. To make sure AUFS is installed, run the following commands: - sudo apt-get update - sudo apt-get install linux-image-extra-`uname -r` + $ sudo apt-get update + $ sudo apt-get install linux-image-extra-`uname -r` ### Installation @@ -126,25 +147,25 @@ Docker is available as a Debian package, which makes installation easy. First add the Docker repository key to your local keychain. - sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9 + $ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9 Add the Docker repository to your apt sources list, update and install the `lxc-docker` package. - sudo sh -c "echo deb http://get.docker.io/ubuntu docker main\ + $ sudo sh -c "echo deb http://get.docker.io/ubuntu docker main\ > /etc/apt/sources.list.d/docker.list" - sudo apt-get update - sudo apt-get install lxc-docker + $ sudo apt-get update + $ sudo apt-get install lxc-docker Now verify that the installation has worked by downloading the `ubuntu` image and launching a container. - sudo docker run -i -t ubuntu /bin/bash + $ sudo docker run -i -t ubuntu /bin/bash Type `exit` to exit **Done!**, now continue with the [*Hello -World*](../../examples/hello_world/#hello-world) example. +World*](/examples/hello_world/#hello-world) example. ### Giving non-root access @@ -160,7 +181,7 @@ Unix group called *docker* and add users to it, then the socket read/writable by the *docker* group when the daemon starts. The `docker` daemon must always run as the root user, but if you run the `docker` client as a user in the -*docker* group then you don’t need to add `sudo` to +*docker* group then you don't need to add `sudo` to all the client commands. As of 0.9.0, you can specify that a group other than `docker` should own the Unix socket with the `-G` option. @@ -168,21 +189,21 @@ than `docker` should own the Unix socket with the > **Warning**: > The *docker* group (or the group specified with `-G`) is > root-equivalent; see [*Docker Daemon Attack Surface*]( -> ../../articles/security/#dockersecurity-daemon) details. +> /articles/security/#dockersecurity-daemon) details. **Example:** # Add the docker group if it doesn't already exist. - sudo groupadd docker + $ sudo groupadd docker # Add the connected user "${USER}" to the docker group. # Change the user name to match your preferred user. # You may have to logout and log back in again for # this to take effect. - sudo gpasswd -a ${USER} docker + $ sudo gpasswd -a ${USER} docker # Restart the Docker daemon. - sudo service docker restart + $ sudo service docker restart ### Upgrade @@ -190,28 +211,28 @@ To install the latest version of docker, use the standard `apt-get` method: # update your sources list - sudo apt-get update + $ sudo apt-get update # install the latest - sudo apt-get install lxc-docker + $ sudo apt-get install lxc-docker ## Memory and Swap Accounting If you want to enable memory and swap accounting, you must add the following command-line parameters to your kernel: - cgroup_enable=memory swapaccount=1 + $ cgroup_enable=memory swapaccount=1 On systems using GRUB (which is the default for Ubuntu), you can add those parameters by editing `/etc/default/grub` and extending `GRUB_CMDLINE_LINUX`. Look for the following line: - GRUB_CMDLINE_LINUX="" + $ GRUB_CMDLINE_LINUX="" And replace it by the following one: - GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1" + $ GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1" Then run `sudo update-grub`, and reboot. @@ -226,7 +247,7 @@ On Linux Mint, the `cgroup-lite` package is not installed by default. Before Docker will work correctly, you will need to install this via: - sudo apt-get update && sudo apt-get install cgroup-lite + $ sudo apt-get update && sudo apt-get install cgroup-lite ## Docker and UFW @@ -234,22 +255,22 @@ Docker uses a bridge to manage container networking. By default, UFW drops all forwarding traffic. As a result you will need to enable UFW forwarding: - sudo nano /etc/default/ufw - ---- + $ sudo nano /etc/default/ufw + # Change: # DEFAULT_FORWARD_POLICY="DROP" # to - DEFAULT_FORWARD_POLICY="ACCEPT" + $ DEFAULT_FORWARD_POLICY="ACCEPT" Then reload UFW: - sudo ufw reload + $ sudo ufw reload -UFW’s default set of rules denies all incoming traffic. If you want to +UFW's default set of rules denies all incoming traffic. If you want to be able to reach your containers from another host then you should allow incoming connections on the Docker port (default 4243): - sudo ufw allow 4243/tcp + $ sudo ufw allow 4243/tcp ## Docker and local DNS server warnings @@ -263,31 +284,31 @@ warning: WARNING: Local (127.0.0.1) DNS resolver found in resolv.conf and containers can't use it. Using default external servers : [8.8.8.8 8.8.4.4] -This warning is shown because the containers can’t use the local DNS +This warning is shown because the containers can't use the local DNS nameserver and Docker will default to using an external nameserver. This can be worked around by specifying a DNS server to be used by the Docker daemon for the containers: - sudo nano /etc/default/docker + $ sudo nano /etc/default/docker --- # Add: - DOCKER_OPTS="--dns 8.8.8.8" + $ docker_OPTS="--dns 8.8.8.8" # 8.8.8.8 could be replaced with a local DNS server, such as 192.168.1.1 # multiple DNS servers can be specified: --dns 8.8.8.8 --dns 192.168.1.1 The Docker daemon has to be restarted: - sudo restart docker + $ sudo restart docker > **Warning**: -> If you’re doing this on a laptop which connects to various networks, +> If you're doing this on a laptop which connects to various networks, > make sure to choose a public DNS server. An alternative solution involves disabling dnsmasq in NetworkManager by following these steps: - sudo nano /etc/NetworkManager/NetworkManager.conf + $ sudo nano /etc/NetworkManager/NetworkManager.conf ---- # Change: dns=dnsmasq @@ -296,8 +317,8 @@ following these steps: NetworkManager and Docker need to be restarted afterwards: - sudo restart network-manager - sudo restart docker + $ sudo restart network-manager + $ sudo restart docker > **Warning**: This might make DNS resolution slower on some networks. @@ -310,12 +331,12 @@ you. ### Yandex [Yandex](http://yandex.ru/) in Russia is mirroring the Docker Debian -packages, updating every 6 hours. Substitute -`http://mirror.yandex.ru/mirrors/docker/` for -`http://get.docker.io/ubuntu` in the instructions -above. For example: +packages, updating every 6 hours. +Substitute `http://mirror.yandex.ru/mirrors/docker/` for +`http://get.docker.io/ubuntu` in the instructions above. +For example: - sudo sh -c "echo deb http://mirror.yandex.ru/mirrors/docker/ docker main\ + $ sudo sh -c "echo deb http://mirror.yandex.ru/mirrors/docker/ docker main\ > /etc/apt/sources.list.d/docker.list" - sudo apt-get update - sudo apt-get install lxc-docker + $ sudo apt-get update + $ sudo apt-get install lxc-docker diff --git a/docs/sources/installation/ubuntulinux.rst b/docs/sources/installation/ubuntulinux.rst deleted file mode 100644 index 3e4b2a9855..0000000000 --- a/docs/sources/installation/ubuntulinux.rst +++ /dev/null @@ -1,380 +0,0 @@ -:title: Installation on Ubuntu -:description: Please note this project is currently under heavy development. It should not be used in production. -:keywords: Docker, Docker documentation, requirements, virtualbox, vagrant, git, ssh, putty, cygwin, linux - -.. _ubuntu_linux: - -Ubuntu -====== - -.. warning:: - - These instructions have changed for 0.6. If you are upgrading from - an earlier version, you will need to follow them again. - -.. include:: install_header.inc - -Docker is supported on the following versions of Ubuntu: - -- :ref:`ubuntu_precise` -- :ref:`ubuntu_raring_saucy` - -Please read :ref:`ufw`, if you plan to use `UFW (Uncomplicated -Firewall) `_ - -.. _ubuntu_precise: - -Ubuntu Precise 12.04 (LTS) (64-bit) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -This installation path should work at all times. - - -Dependencies ------------- - -**Linux kernel 3.8** - -Due to a bug in LXC, Docker works best on the 3.8 kernel. Precise -comes with a 3.2 kernel, so we need to upgrade it. The kernel you'll -install when following these steps comes with AUFS built in. We also -include the generic headers to enable packages that depend on them, -like ZFS and the VirtualBox guest additions. If you didn't install the -headers for your "precise" kernel, then you can skip these headers for -the "raring" kernel. But it is safer to include them if you're not -sure. - - -.. code-block:: bash - - # install the backported kernel - sudo apt-get update - sudo apt-get install linux-image-generic-lts-raring linux-headers-generic-lts-raring - - # reboot - sudo reboot - - -Installation ------------- - -.. warning:: - - These instructions have changed for 0.6. If you are upgrading from - an earlier version, you will need to follow them again. - -Docker is available as a Debian package, which makes installation -easy. **See the** :ref:`installmirrors` **section below if you are not in -the United States.** Other sources of the Debian packages may be -faster for you to install. - -First, check that your APT system can deal with ``https`` URLs: -the file ``/usr/lib/apt/methods/https`` should exist. If it doesn't, -you need to install the package ``apt-transport-https``. - -.. code-block:: bash - - [ -e /usr/lib/apt/methods/https ] || { - apt-get update - apt-get install apt-transport-https - } - -Then, add the Docker repository key to your local keychain. - -.. code-block:: bash - - sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9 - -Add the Docker repository to your apt sources list, update and install the -``lxc-docker`` package. - -*You may receive a warning that the package isn't trusted. Answer yes to -continue installation.* - -.. code-block:: bash - - sudo sh -c "echo deb https://get.docker.io/ubuntu docker main\ - > /etc/apt/sources.list.d/docker.list" - sudo apt-get update - sudo apt-get install lxc-docker - -.. note:: - - There is also a simple ``curl`` script available to help with this process. - - .. code-block:: bash - - curl -s https://get.docker.io/ubuntu/ | sudo sh - -Now verify that the installation has worked by downloading the ``ubuntu`` image -and launching a container. - -.. code-block:: bash - - sudo docker run -i -t ubuntu /bin/bash - -Type ``exit`` to exit - -**Done!**, now continue with the :ref:`hello_world` example. - -.. _ubuntu_raring_saucy: - -Ubuntu Raring 13.04 and Saucy 13.10 (64 bit) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -These instructions cover both Ubuntu Raring 13.04 and Saucy 13.10. - -Dependencies ------------- - -**Optional AUFS filesystem support** - -Ubuntu Raring already comes with the 3.8 kernel, so we don't need to install it. However, not all systems -have AUFS filesystem support enabled. AUFS support is optional as of version 0.7, but it's still available as -a driver and we recommend using it if you can. - -To make sure AUFS is installed, run the following commands: - -.. code-block:: bash - - sudo apt-get update - sudo apt-get install linux-image-extra-`uname -r` - - -Installation ------------- - -Docker is available as a Debian package, which makes installation easy. - -.. warning:: - - Please note that these instructions have changed for 0.6. If you are upgrading from an earlier version, you will need - to follow them again. - -First add the Docker repository key to your local keychain. - -.. code-block:: bash - - sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9 - -Add the Docker repository to your apt sources list, update and install the -``lxc-docker`` package. - -.. code-block:: bash - - sudo sh -c "echo deb http://get.docker.io/ubuntu docker main\ - > /etc/apt/sources.list.d/docker.list" - sudo apt-get update - sudo apt-get install lxc-docker - -Now verify that the installation has worked by downloading the ``ubuntu`` image -and launching a container. - -.. code-block:: bash - - sudo docker run -i -t ubuntu /bin/bash - -Type ``exit`` to exit - -**Done!**, now continue with the :ref:`hello_world` example. - - -Giving non-root access ----------------------- - -The ``docker`` daemon always runs as the root user, and since Docker version -0.5.2, the ``docker`` daemon binds to a Unix socket instead of a TCP port. By -default that Unix socket is owned by the user *root*, and so, by default, you -can access it with ``sudo``. - -Starting in version 0.5.3, if you (or your Docker installer) create a -Unix group called *docker* and add users to it, then the ``docker`` -daemon will make the ownership of the Unix socket read/writable by the -*docker* group when the daemon starts. The ``docker`` daemon must -always run as the root user, but if you run the ``docker`` client as a user in -the *docker* group then you don't need to add ``sudo`` to all the -client commands. As of 0.9.0, you can specify that a group other than ``docker`` -should own the Unix socket with the ``-G`` option. - -.. warning:: The *docker* group (or the group specified with ``-G``) is - root-equivalent; see :ref:`dockersecurity_daemon` details. - - -**Example:** - -.. code-block:: bash - - # Add the docker group if it doesn't already exist. - sudo groupadd docker - - # Add the connected user "${USER}" to the docker group. - # Change the user name to match your preferred user. - # You may have to logout and log back in again for - # this to take effect. - sudo gpasswd -a ${USER} docker - - # Restart the Docker daemon. - sudo service docker restart - - -Upgrade --------- - -To install the latest version of docker, use the standard ``apt-get`` method: - - -.. code-block:: bash - - # update your sources list - sudo apt-get update - - # install the latest - sudo apt-get install lxc-docker - -Memory and Swap Accounting -^^^^^^^^^^^^^^^^^^^^^^^^^^ - -If you want to enable memory and swap accounting, you must add the following -command-line parameters to your kernel:: - - cgroup_enable=memory swapaccount=1 - -On systems using GRUB (which is the default for Ubuntu), you can add those -parameters by editing ``/etc/default/grub`` and extending -``GRUB_CMDLINE_LINUX``. Look for the following line:: - - GRUB_CMDLINE_LINUX="" - -And replace it by the following one:: - - GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1" - -Then run ``sudo update-grub``, and reboot. - -These parameters will help you get rid of the following warnings:: - - WARNING: Your kernel does not support cgroup swap limit. - WARNING: Your kernel does not support swap limit capabilities. Limitation discarded. - -Troubleshooting -^^^^^^^^^^^^^^^ - -On Linux Mint, the ``cgroup-lite`` package is not installed by default. -Before Docker will work correctly, you will need to install this via: - -.. code-block:: bash - - sudo apt-get update && sudo apt-get install cgroup-lite - -.. _ufw: - -Docker and UFW -^^^^^^^^^^^^^^ - -Docker uses a bridge to manage container networking. By default, UFW drops all -`forwarding` traffic. As a result you will need to enable UFW forwarding: - -.. code-block:: bash - - sudo nano /etc/default/ufw - ---- - # Change: - # DEFAULT_FORWARD_POLICY="DROP" - # to - DEFAULT_FORWARD_POLICY="ACCEPT" - -Then reload UFW: - -.. code-block:: bash - - sudo ufw reload - - -UFW's default set of rules denies all `incoming` traffic. If you want to be -able to reach your containers from another host then you should allow -incoming connections on the Docker port (default 4243): - -.. code-block:: bash - - sudo ufw allow 4243/tcp - -Docker and local DNS server warnings -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Systems which are running Ubuntu or an Ubuntu derivative on the desktop will -use `127.0.0.1` as the default nameserver in `/etc/resolv.conf`. NetworkManager -sets up dnsmasq to use the real DNS servers of the connection and sets up -`nameserver 127.0.0.1` in `/etc/resolv.conf`. - -When starting containers on these desktop machines, users will see a warning: - -.. code-block:: bash - - WARNING: Local (127.0.0.1) DNS resolver found in resolv.conf and containers can't use it. Using default external servers : [8.8.8.8 8.8.4.4] - -This warning is shown because the containers can't use the local DNS nameserver -and Docker will default to using an external nameserver. - -This can be worked around by specifying a DNS server to be used by the Docker -daemon for the containers: - -.. code-block:: bash - - sudo nano /etc/default/docker - --- - # Add: - DOCKER_OPTS="--dns 8.8.8.8" - # 8.8.8.8 could be replaced with a local DNS server, such as 192.168.1.1 - # multiple DNS servers can be specified: --dns 8.8.8.8 --dns 192.168.1.1 - -The Docker daemon has to be restarted: - -.. code-block:: bash - - sudo restart docker - -.. warning:: If you're doing this on a laptop which connects to various networks, make sure to choose a public DNS server. - -An alternative solution involves disabling dnsmasq in NetworkManager by -following these steps: - -.. code-block:: bash - - sudo nano /etc/NetworkManager/NetworkManager.conf - ---- - # Change: - dns=dnsmasq - # to - #dns=dnsmasq - -NetworkManager and Docker need to be restarted afterwards: - -.. code-block:: bash - - sudo restart network-manager - sudo restart docker - -.. warning:: This might make DNS resolution slower on some networks. - -.. _installmirrors: - -Mirrors -^^^^^^^ - -You should ``ping get.docker.io`` and compare the latency to the -following mirrors, and pick whichever one is best for you. - -Yandex ------- - -`Yandex `_ in Russia is mirroring the Docker Debian -packages, updating every 6 hours. Substitute -``http://mirror.yandex.ru/mirrors/docker/`` for -``http://get.docker.io/ubuntu`` in the instructions above. For example: - -.. code-block:: bash - - sudo sh -c "echo deb http://mirror.yandex.ru/mirrors/docker/ docker main\ - > /etc/apt/sources.list.d/docker.list" - sudo apt-get update - sudo apt-get install lxc-docker diff --git a/docs/sources/installation/windows.md b/docs/sources/installation/windows.md index cadecdaddb..ec633508c4 100644 --- a/docs/sources/installation/windows.md +++ b/docs/sources/installation/windows.md @@ -6,59 +6,56 @@ page_keywords: Docker, Docker documentation, Windows, requirements, virtualbox, Docker can run on Windows using a virtualization platform like VirtualBox. A Linux distribution is run inside a virtual machine and -that’s where Docker will run. +that's where Docker will run. ## Installation > **Note**: -> Docker is still under heavy development! We don’t recommend using it in -> production yet, but we’re getting closer with each release. Please see +> Docker is still under heavy development! We don't recommend using it in +> production yet, but we're getting closer with each release. Please see > our blog post, [Getting to Docker 1.0]( > http://blog.docker.io/2013/08/getting-to-docker-1-0/) -1. Install virtualbox from - [https://www.virtualbox.org](https://www.virtualbox.org) - or follow - this - [tutorial](http://www.slideshare.net/julienbarbier42/install-virtualbox-on-windows-7). -2. Download the latest boot2docker.iso from - [https://github.com/boot2docker/boot2docker/releases](https://github.com/boot2docker/boot2docker/releases). -3. Start VirtualBox. -4. Create a new Virtual machine with the following settings: +1. Install virtualbox from [https://www.virtualbox.org]( + https://www.virtualbox.org) - or follow this [tutorial]( + http://www.slideshare.net/julienbarbier42/install-virtualbox-on-windows-7). +2. Download the latest boot2docker.iso from + [https://github.com/boot2docker/boot2docker/releases]( + https://github.com/boot2docker/boot2docker/releases). +3. Start VirtualBox. +4. Create a new Virtual machine with the following settings: -> - Name: boot2docker -> - Type: Linux -> - Version: Linux 2.6 (64 bit) -> - Memory size: 1024 MB -> - Hard drive: Do not add a virtual hard drive + - Name: boot2docker + - Type: Linux + - Version: Linux 2.6 (64 bit) + - Memory size: 1024 MB + - Hard drive: Do not add a virtual hard drive -5. Open the settings of the virtual machine: +5. Open the settings of the virtual machine: 5.1. go to Storage - 5.2. click the empty slot below Controller: IDE - 5.3. click the disc icon on the right of IDE Secondary Master - 5.4. click Choose a virtual CD/DVD disk file -6. Browse to the path where you’ve saved the boot2docker.iso, select - the boot2docker.iso and click open. +6. Browse to the path where you`ve saved the boot2docker.iso, select + the boot2docker.iso and click open. -7. Click OK on the Settings dialog to save the changes and close the - window. +7. Click OK on the Settings dialog to save the changes and close the + window. -8. Start the virtual machine by clicking the green start button. +8. Start the virtual machine by clicking the green start button. -9. The boot2docker virtual machine should boot now. +9. The boot2docker virtual machine should boot now. ## Running Docker boot2docker will log you in automatically so you can start using Docker right away. -Let’s try the “hello world” example. Run +Let's try the “hello world” example. Run - docker run busybox echo hello world + $ docker run busybox echo hello world This will download the small busybox image and print hello world. diff --git a/docs/sources/installation/windows.rst b/docs/sources/installation/windows.rst deleted file mode 100755 index ceb29c8853..0000000000 --- a/docs/sources/installation/windows.rst +++ /dev/null @@ -1,72 +0,0 @@ -:title: Installation on Windows -:description: Please note this project is currently under heavy development. It should not be used in production. -:keywords: Docker, Docker documentation, Windows, requirements, virtualbox, boot2docker - -.. _windows: - -Microsoft Windows -================= - -Docker can run on Windows using a virtualization platform like VirtualBox. A Linux -distribution is run inside a virtual machine and that's where Docker will run. - -Installation ------------- - -.. include:: install_header.inc - -1. Install VirtualBox from https://www.virtualbox.org - or follow this `tutorial `_. - -2. Download the latest boot2docker.iso from https://github.com/boot2docker/boot2docker/releases. - -3. Start VirtualBox. - -4. Create a new Virtual machine with the following settings: - - - `Name: boot2docker` - - `Type: Linux` - - `Version: Linux 2.6 (64 bit)` - - `Memory size: 1024 MB` - - `Hard drive: Do not add a virtual hard drive` - -5. Open the settings of the virtual machine: - - 5.1. go to Storage - - 5.2. click the empty slot below `Controller: IDE` - - 5.3. click the disc icon on the right of `IDE Secondary Master` - - 5.4. click `Choose a virtual CD/DVD disk file` - -6. Browse to the path where you've saved the `boot2docker.iso`, select the `boot2docker.iso` and click open. - -7. Click OK on the Settings dialog to save the changes and close the window. - -8. Start the virtual machine by clicking the green start button. - -9. The boot2docker virtual machine should boot now. - -Running Docker --------------- - -boot2docker will log you in automatically so you can start using Docker right -away. - -Let's try the “hello world” example. Run - -.. code-block:: bash - - docker run busybox echo hello world - -This will download the small busybox image and print hello world. - - -Observations ------------- - -Persistent storage -`````````````````` - -The virtual machine created above lacks any persistent data storage. All images -and containers will be lost when shutting down or rebooting the VM. diff --git a/docs/sources/introduction/technology.md b/docs/sources/introduction/technology.md index 6ae7445595..a724e4aae6 100644 --- a/docs/sources/introduction/technology.md +++ b/docs/sources/introduction/technology.md @@ -43,7 +43,7 @@ Docker's main components are: - Docker *daemon*; - Docker *client*, and; - - The Docker Index. + - [Docker.io](https://index.docker.io) registry. ### The Docker daemon @@ -57,9 +57,9 @@ The Docker client is the primary user interface to Docker. It is tasked with accepting commands from the user and communicating back and forth with a Docker daemon to manage the container lifecycle on any host. -### Docker Index, the central Docker registry +### Docker.io registry -The [Docker Index](http://index.docker.io) is the global archive (and +[Docker.io](https://index.docker.io) is the global archive (and directory) of user supplied Docker container images. It currently hosts a large – in fact, rapidly growing – number of projects where you can find almost any popular application or deployment stack readily @@ -70,28 +70,29 @@ tools for everyone to grow with other *Dockers*. By issuing a single command through the Docker client you can start sharing your own creations with the rest of the world. -However, knowing that not everything can be shared the Docker Index also -offers private repositories. In order to see the available plans, you -can click [here](https://index.docker.io/plans). +However, knowing that not everything can be shared the [Docker.io]( +https://index.docker.io) also offers private repositories. In order to see +the available plans, you can click [here](https://index.docker.io/plans). -Using the [Docker Registry](https://github.com/dotcloud/docker-registry), it is +Using [*docker-registry*](https://github.com/dotcloud/docker-registry), it is also possible to run your own private Docker image registry service on your own servers. -> **Note:** To learn more about the [*Docker Image Index*]( -> http://index.docker.io) (public *and* private), check out the [Registry & -> Index Spec](http://docs.docker.io/en/latest/api/registry_index_spec/). +> **Note:** To learn more about the [*Docker.io*](http://index.docker.io) +> registry (for public *and* private repositories), check out the [Registry & +> Index Spec](http://docs.docker.io/api/registry_index_spec/). ### Summary - **When you install Docker, you get all the components:** - The daemon, the client and access to the public image registry: the [Docker Index](http://index.docker.io). + The daemon, the client and access to the [Docker.io](http://index.docker.io) registry. - **You can run these components together or distributed:** Servers with the Docker daemon running, controlled by the Docker client. - **You can benefit form the public registry:** Download and build upon images created by the community. - **You can start a private repository for proprietary use.** - Sign up for a [plan](https://index.docker.io/plans) or host your own [Docker registry](https://github.com/dotcloud/docker-registry). + Sign up for a [plan](https://index.docker.io/plans) or host your own [docker-registry]( +https://github.com/dotcloud/docker-registry). ## Elements of Docker @@ -198,7 +199,7 @@ Docker begins with: - **Pulling the `ubuntu` image:** Docker checks for the presence of the `ubuntu` image and if it doesn't - exist locally on the host, then Docker downloads it from the [Docker Index](https://index.docker.io) + exist locally on the host, then Docker downloads it from [Docker.io](https://index.docker.io) - **Creates a new container:** Once Docker has the image it creates a container from it. - **Allocates a filesystem and mounts a read-write _layer_:** @@ -226,28 +227,27 @@ UnionFS technology we saw earlier. Every image starts from a base image, for example `ubuntu` a base Ubuntu image or `fedora` a base Fedora image. Docker builds and provides these -base images via the [Docker Index](http://index.docker.io). +base images via [Docker.io](http://index.docker.io). ### How does a Docker registry work? The Docker registry is a store for your Docker images. Once you build a -Docker image you can *push* it to the [Docker -Index](http://index.docker.io) or to a private registry you run behind -your firewall. +Docker image you can *push* it to a public or private repository on [Docker.io]( +http://index.docker.io) or to your own registry running behind your firewall. Using the Docker client, you can search for already published images and then pull them down to your Docker host to build containers from them (or even build on these images). -The [Docker Index](http://index.docker.io) provides both public and +[Docker.io](http://index.docker.io) provides both public and private storage for images. Public storage is searchable and can be downloaded by anyone. Private repositories are excluded from search results and only you and your users can pull them down and use them to build containers. You can [sign up for a plan here](https://index.docker.io/plans). -To learn more, check out the [Working With Repositories]( -http://docs.docker.io/en/latest/use/workingwithrepository) section of our -[User's Manual](http://docs.docker.io). +To learn more, check out the [Working with Repositories]( +http://docs.docker.io/use/workingwithrepository) section from the +[Docker documentation](http://docs.docker.io). ## Where to go from here diff --git a/docs/sources/introduction/understanding-docker.md b/docs/sources/introduction/understanding-docker.md index 1c979d5810..53f5e43179 100644 --- a/docs/sources/introduction/understanding-docker.md +++ b/docs/sources/introduction/understanding-docker.md @@ -87,14 +87,14 @@ to you. *Docker is made for humans.* It's easy to get started and easy to build and deploy applications with -Docker: or as we say "*dockerise*" them! As much of Docker as possible +Docker: or as we say "*dockerize*" them! As much of Docker as possible uses plain English for commands and tries to be as lightweight and transparent as possible. We want to get out of the way so you can build and deploy your applications. ### Docker is Portable -*Dockerise And Go!* +*Dockerize And Go!* Docker containers are highly portable. Docker provides a standard container format to hold your applications: @@ -179,10 +179,10 @@ Without dealing with complicated commands or third party applications. Docker allows you to share the images you've built with the world. And lots of people have already shared their own images. -To facilitate this sharing Docker comes with a public registry and index -called the [Docker Index](http://index.docker.io). If you don't want -your images to be public you can also use private images on the Index or -even run your own registry behind your firewall. +To facilitate this sharing Docker comes with a public registry called +[Docker.io](http://index.docker.io). If you don't want your images to be +public you can also use private images on [Docker.io](https://index.docker.io) +or even run your own registry behind your firewall. **This translates to:** diff --git a/docs/sources/introduction/working-with-docker.md b/docs/sources/introduction/working-with-docker.md index f395723d60..8d946e6846 100644 --- a/docs/sources/introduction/working-with-docker.md +++ b/docs/sources/introduction/working-with-docker.md @@ -10,7 +10,7 @@ page_keywords: docker, introduction, documentation, about, technology, understan > If you prefer a summary and would like to see how a specific command > works, check out the glossary of all available client > commands on our [User's Manual: Commands Reference]( -> http://docs.docker.io/en/latest/reference/commandline/cli). +> http://docs.docker.io/reference/commandline/cli). ## Introduction @@ -54,13 +54,13 @@ accessed by running the `docker` binary. > **Tip:** The below instructions can be considered a summary of our > *interactive tutorial*. If you prefer a more hands-on approach without > installing anything, why not give that a shot and check out the -> [Docker Interactive Tutorial](http://www.docker.io/interactivetutorial). +> [Docker Interactive Tutorial](https://www.docker.io/gettingstarted). The `docker` client usage consists of passing a chain of arguments: # Usage: [sudo] docker [option] [command] [arguments] .. # Example: - docker run -i -t ubuntu /bin/bash + $ docker run -i -t ubuntu /bin/bash ### Our first Docker command @@ -70,7 +70,7 @@ version` command. # Usage: [sudo] docker version # Example: - docker version + $ docker version This command will not only provide you the version of Docker client you are using, but also the version of Go (the programming language powering @@ -97,7 +97,7 @@ binary: # Usage: [sudo] docker # Example: - docker + $ docker You will get an output with all currently available commands. @@ -116,12 +116,12 @@ Try typing Docker followed with a `[command]` to see the instructions: # Usage: [sudo] docker [command] [--help] # Example: - docker attach + $ docker attach Help outputs . . . Or you can pass the `--help` flag to the `docker` binary. - docker images --help + $ docker images --help You will get an output with all available options: @@ -156,16 +156,16 @@ image is constructed. # Usage: [sudo] docker search [image name] # Example: - docker search nginx + $ docker search nginx NAME DESCRIPTION STARS OFFICIAL TRUSTED - dockerfile/nginx Trusted Nginx (http://nginx.org/) Build 6 [OK] + $ dockerfile/nginx Trusted Nginx (http://nginx.org/) Build 6 [OK] paintedfox/nginx-php5 A docker image for running Nginx with PHP5. 3 [OK] - dockerfiles/django-uwsgi-nginx Dockerfile and configuration files to buil... 2 [OK] + $ dockerfiles/django-uwsgi-nginx dockerfile and configuration files to buil... 2 [OK] . . . -> **Note:** To learn more about trusted builds, check out [this] -(http://blog.docker.io/2013/11/introducing-trusted-builds) blog post. +> **Note:** To learn more about trusted builds, check out [this]( +http://blog.docker.io/2013/11/introducing-trusted-builds) blog post. ### Downloading an image @@ -174,7 +174,7 @@ Downloading a Docker image is called *pulling*. To do this we hence use the # Usage: [sudo] docker pull [image name] # Example: - docker pull dockerfile/nginx + $ docker pull dockerfile/nginx Pulling repository dockerfile/nginx 0ade68db1d05: Pulling dependent layers @@ -193,12 +193,12 @@ In order to get a full list of available images, you can use the # Usage: [sudo] docker images # Example: - docker images + $ docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE myUserName/nginx latest a0d6c70867d2 41 seconds ago 578.8 MB nginx latest 173c2dd28ab2 3 minutes ago 578.8 MB - dockerfile/nginx latest 0ade68db1d05 3 weeks ago 578.8 MB + $ dockerfile/nginx latest 0ade68db1d05 3 weeks ago 578.8 MB ## Working with containers @@ -215,7 +215,7 @@ The easiest way to create a new container is to *run* one from an image. # Usage: [sudo] docker run [arguments] .. # Example: - docker run -d --name nginx_web nginx /usr/sbin/nginx + $ docker run -d --name nginx_web nginx /usr/sbin/nginx This will create a new container from an image called `nginx` which will launch the command `/usr/sbin/nginx` when the container is run. We've @@ -236,16 +236,16 @@ the container will also stop. ### Listing containers We can see a list of all the containers on our host using the `docker -ps` command. By default the `docker ps` commands only shows running +ps` command. By default the `docker ps` command only shows running containers. But we can also add the `-a` flag to show *all* containers - both running and stopped. # Usage: [sudo] docker ps [-a] # Example: - docker ps + $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 842a50a13032 dockerfile/nginx:latest nginx 35 minutes ago Up 30 minutes 0.0.0.0:80->80/tcp nginx_web + 842a50a13032 $ dockerfile/nginx:latest nginx 35 minutes ago Up 30 minutes 0.0.0.0:80->80/tcp nginx_web ### Stopping a container @@ -254,7 +254,7 @@ end the active process. # Usage: [sudo] docker stop [container ID] # Example: - docker stop nginx_web + $ docker stop nginx_web nginx_web If the `docker stop` command succeeds it will return the name of @@ -266,7 +266,7 @@ Stopped containers can be started again. # Usage: [sudo] docker start [container ID] # Example: - docker start nginx_web + $ docker start nginx_web nginx_web If the `docker start` command succeeds it will return the name of the @@ -279,7 +279,7 @@ The `Dockerfile` holds the set of instructions Docker uses to build a Docker ima > **Tip:** Below is a short summary of our full Dockerfile tutorial. In > order to get a better-grasp of how to work with these automation > scripts, check out the [Dockerfile step-by-step -> tutorial](http://www.docker.io/learn/dockerfile). +> tutorial](https://www.docker.io/learn/dockerfile). A `Dockerfile` contains instructions written in the following format: @@ -293,8 +293,8 @@ A `#` sign is used to provide a comment: > **Tip:** The `Dockerfile` is very flexible and provides a powerful set > of instructions for building applications. To learn more about the -> `Dockerfile` and it's instructions see the [Dockerfile -> Reference](http://docs.docker.io/en/latest/reference/builder). +> `Dockerfile` and its instructions see the [Dockerfile +> Reference](http://docs.docker.io/reference/builder/). ### First steps with the Dockerfile @@ -358,7 +358,7 @@ Docker uses the `Dockerfile` to build images. The build process is initiated by # Use the Dockerfile at the current location # Usage: [sudo] docker build . # Example: - docker build -t="my_nginx_image" . + $ docker build -t="my_nginx_image" . Uploading context 25.09 kB Uploading context @@ -385,7 +385,7 @@ image, here `my_nginx_image`. We can see our new image using the `docker images` command. - docker images + $ docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE my_nginx_img latest 626e92c5fab1 57 seconds ago 337.6 MB diff --git a/docs/sources/reference.md b/docs/sources/reference.md index 3cd720c551..6c1ab462d4 100644 --- a/docs/sources/reference.md +++ b/docs/sources/reference.md @@ -2,8 +2,8 @@ ## Contents: -- [Commands](commandline/) -- [Dockerfile Reference](builder/) -- [Docker Run Reference](run/) -- [APIs](api/) + - [Commands](commandline/) + - [Dockerfile Reference](builder/) + - [Docker Run Reference](run/) + - [APIs](api/) diff --git a/docs/sources/reference/api.md b/docs/sources/reference/api.md index 7afa5250b3..9f185a0e37 100644 --- a/docs/sources/reference/api.md +++ b/docs/sources/reference/api.md @@ -1,100 +1,86 @@ # APIs -Your programs and scripts can access Docker’s functionality via these +Your programs and scripts can access Docker's functionality via these interfaces: -- [Registry & Index Spec](registry_index_spec/) - - [1. The 3 roles](registry_index_spec/#the-3-roles) - - [1.1 Index](registry_index_spec/#index) - - [1.2 Registry](registry_index_spec/#registry) - - [1.3 Docker](registry_index_spec/#docker) + - [Registry & Index Spec](registry_index_spec/) + - [1. The 3 roles](registry_index_spec/#the-3-roles) + - [1.1 Index](registry_index_spec/#index) + - [1.2 Registry](registry_index_spec/#registry) + - [1.3 Docker](registry_index_spec/#docker) - - [2. Workflow](registry_index_spec/#workflow) - - [2.1 Pull](registry_index_spec/#pull) - - [2.2 Push](registry_index_spec/#push) - - [2.3 Delete](registry_index_spec/#delete) + - [2. Workflow](registry_index_spec/#workflow) + - [2.1 Pull](registry_index_spec/#pull) + - [2.2 Push](registry_index_spec/#push) + - [2.3 Delete](registry_index_spec/#delete) - - [3. How to use the Registry in standalone - mode](registry_index_spec/#how-to-use-the-registry-in-standalone-mode) - - [3.1 Without an - Index](registry_index_spec/#without-an-index) - - [3.2 With an Index](registry_index_spec/#with-an-index) + - [3. How to use the Registry in standalone mode](registry_index_spec/#how-to-use-the-registry-in-standalone-mode) + - [3.1 Without an Index](registry_index_spec/#without-an-index) + - [3.2 With an Index](registry_index_spec/#with-an-index) - - [4. The API](registry_index_spec/#the-api) - - [4.1 Images](registry_index_spec/#images) - - [4.2 Users](registry_index_spec/#users) - - [4.3 Tags (Registry)](registry_index_spec/#tags-registry) - - [4.4 Images (Index)](registry_index_spec/#images-index) - - [4.5 Repositories](registry_index_spec/#repositories) + - [4. The API](registry_index_spec/#the-api) + - [4.1 Images](registry_index_spec/#images) + - [4.2 Users](registry_index_spec/#users) + - [4.3 Tags (Registry)](registry_index_spec/#tags-registry) + - [4.4 Images (Index)](registry_index_spec/#images-index) + - [4.5 Repositories](registry_index_spec/#repositories) - - [5. Chaining - Registries](registry_index_spec/#chaining-registries) - - [6. Authentication & - Authorization](registry_index_spec/#authentication-authorization) - - [6.1 On the Index](registry_index_spec/#on-the-index) - - [6.2 On the Registry](registry_index_spec/#on-the-registry) + - [5. Chaining Registries](registry_index_spec/#chaining-registries) + - [6. Authentication & Authorization](registry_index_spec/#authentication-authorization) + - [6.1 On the Index](registry_index_spec/#on-the-index) + - [6.2 On the Registry](registry_index_spec/#on-the-registry) - - [7 Document Version](registry_index_spec/#document-version) + - [7 Document Version](registry_index_spec/#document-version) -- [Docker Registry API](registry_api/) - - [1. Brief introduction](registry_api/#brief-introduction) - - [2. Endpoints](registry_api/#endpoints) - - [2.1 Images](registry_api/#images) - - [2.2 Tags](registry_api/#tags) - - [2.3 Repositories](registry_api/#repositories) - - [2.4 Status](registry_api/#status) + - [Docker Registry API](registry_api/) + - [1. Brief introduction](registry_api/#brief-introduction) + - [2. Endpoints](registry_api/#endpoints) + - [2.1 Images](registry_api/#images) + - [2.2 Tags](registry_api/#tags) + - [2.3 Repositories](registry_api/#repositories) + - [2.4 Status](registry_api/#status) - - [3 Authorization](registry_api/#authorization) + - [3 Authorization](registry_api/#authorization) -- [Docker Index API](index_api/) - - [1. Brief introduction](index_api/#brief-introduction) - - [2. Endpoints](index_api/#endpoints) - - [2.1 Repository](index_api/#repository) - - [2.2 Users](index_api/#users) - - [2.3 Search](index_api/#search) + - [Docker.io API](index_api/) + - [1. Brief introduction](index_api/#brief-introduction) + - [2. Endpoints](index_api/#endpoints) + - [2.1 Repository](index_api/#repository) + - [2.2 Users](index_api/#users) + - [2.3 Search](index_api/#search) -- [Docker Remote API](docker_remote_api/) - - [1. Brief introduction](docker_remote_api/#brief-introduction) - - [2. Versions](docker_remote_api/#versions) - - [v1.11](docker_remote_api/#v1-11) - - [v1.10](docker_remote_api/#v1-10) - - [v1.9](docker_remote_api/#v1-9) - - [v1.8](docker_remote_api/#v1-8) - - [v1.7](docker_remote_api/#v1-7) - - [v1.6](docker_remote_api/#v1-6) - - [v1.5](docker_remote_api/#v1-5) - - [v1.4](docker_remote_api/#v1-4) - - [v1.3](docker_remote_api/#v1-3) - - [v1.2](docker_remote_api/#v1-2) - - [v1.1](docker_remote_api/#v1-1) - - [v1.0](docker_remote_api/#v1-0) + - [Docker Remote API](docker_remote_api/) + - [1. Brief introduction](docker_remote_api/#brief-introduction) + - [2. Versions](docker_remote_api/#versions) + - [v1.11](docker_remote_api/#v1-11) + - [v1.10](docker_remote_api/#v1-10) + - [v1.9](docker_remote_api/#v1-9) + - [v1.8](docker_remote_api/#v1-8) + - [v1.7](docker_remote_api/#v1-7) + - [v1.6](docker_remote_api/#v1-6) + - [v1.5](docker_remote_api/#v1-5) + - [v1.4](docker_remote_api/#v1-4) + - [v1.3](docker_remote_api/#v1-3) + - [v1.2](docker_remote_api/#v1-2) + - [v1.1](docker_remote_api/#v1-1) + - [v1.0](docker_remote_api/#v1-0) -- [Docker Remote API Client Libraries](remote_api_client_libraries/) -- [docker.io OAuth API](docker_io_oauth_api/) - - [1. Brief introduction](docker_io_oauth_api/#brief-introduction) - - [2. Register Your - Application](docker_io_oauth_api/#register-your-application) - - [3. Endpoints](docker_io_oauth_api/#endpoints) - - [3.1 Get an Authorization - Code](docker_io_oauth_api/#get-an-authorization-code) - - [3.2 Get an Access - Token](docker_io_oauth_api/#get-an-access-token) - - [3.3 Refresh a Token](docker_io_oauth_api/#refresh-a-token) + - [Docker Remote API Client Libraries](remote_api_client_libraries/) + - [docker.io OAuth API](docker_io_oauth_api/) + - [1. Brief introduction](docker_io_oauth_api/#brief-introduction) + - [2. Register Your Application](docker_io_oauth_api/#register-your-application) + - [3. Endpoints](docker_io_oauth_api/#endpoints) + - [3.1 Get an Authorization Code](docker_io_oauth_api/#get-an-authorization-code) + - [3.2 Get an Access Token](docker_io_oauth_api/#get-an-access-token) + - [3.3 Refresh a Token](docker_io_oauth_api/#refresh-a-token) - - [4. Use an Access Token with the - API](docker_io_oauth_api/#use-an-access-token-with-the-api) + - [4. Use an Access Token with the API](docker_io_oauth_api/#use-an-access-token-with-the-api) -- [docker.io Accounts API](docker_io_accounts_api/) - - [1. Endpoints](docker_io_accounts_api/#endpoints) - - [1.1 Get a single - user](docker_io_accounts_api/#get-a-single-user) - - [1.2 Update a single - user](docker_io_accounts_api/#update-a-single-user) - - [1.3 List email addresses for a - user](docker_io_accounts_api/#list-email-addresses-for-a-user) - - [1.4 Add email address for a - user](docker_io_accounts_api/#add-email-address-for-a-user) - - [1.5 Update an email address for a - user](docker_io_accounts_api/#update-an-email-address-for-a-user) - - [1.6 Delete email address for a - user](docker_io_accounts_api/#delete-email-address-for-a-user) \ No newline at end of file + - [docker.io Accounts API](docker_io_accounts_api/) + - [1. Endpoints](docker_io_accounts_api/#endpoints) + - [1.1 Get a single user](docker_io_accounts_api/#get-a-single-user) + - [1.2 Update a single user](docker_io_accounts_api/#update-a-single-user) + - [1.3 List email addresses for a user](docker_io_accounts_api/#list-email-addresses-for-a-user) + - [1.4 Add email address for a user](docker_io_accounts_api/#add-email-address-for-a-user) + - [1.5 Update an email address for a user](docker_io_accounts_api/#update-an-email-address-for-a-user) + - [1.6 Delete email address for a user](docker_io_accounts_api/#delete-email-address-for-a-user) \ No newline at end of file diff --git a/docs/sources/reference/api/README.md b/docs/sources/reference/api/README.md index ec42b89733..a7b8ae1b44 100644 --- a/docs/sources/reference/api/README.md +++ b/docs/sources/reference/api/README.md @@ -1,6 +1,9 @@ This directory holds the authoritative specifications of APIs defined and implemented by Docker. Currently this includes: -* The remote API by which a docker node can be queried over HTTP -* The registry API by which a docker node can download and upload container images for storage and sharing -* The index search API by which a docker node can search the public index for images to download -* The docker.io OAuth and accounts API which 3rd party services can use to access account information + * The remote API by which a docker node can be queried over HTTP + * The registry API by which a docker node can download and upload + container images for storage and sharing + * The index search API by which a docker node can search the public + index for images to download + * The docker.io OAuth and accounts API which 3rd party services can + use to access account information diff --git a/docs/sources/reference/api/archive/docker_remote_api_v1.0.rst b/docs/sources/reference/api/archive/docker_remote_api_v1.0.rst deleted file mode 100644 index fa4b969758..0000000000 --- a/docs/sources/reference/api/archive/docker_remote_api_v1.0.rst +++ /dev/null @@ -1,1025 +0,0 @@ -.. use orphan to suppress "WARNING: document isn't included in any toctree" -.. per http://sphinx-doc.org/markup/misc.html#file-wide-metadata - -:orphan: - -:title: Remote API v1.0 -:description: API Documentation for Docker -:keywords: API, Docker, rcli, REST, documentation - -====================== -Docker Remote API v1.0 -====================== - -.. contents:: Table of Contents - -1. Brief introduction -===================== - -- The Remote API is replacing rcli -- Default port in the docker daemon is 4243 -- The API tends to be REST, but for some complex commands, like attach or pull, the HTTP connection is hijacked to transport stdout stdin and stderr - -2. Endpoints -============ - -2.1 Containers --------------- - -List containers -*************** - -.. http:get:: /containers/json - - List containers - - **Example request**: - - .. sourcecode:: http - - GET /containers/json?all=1&before=8dfafdbc3a40 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id": "8dfafdbc3a40", - "Image": "ubuntu:latest", - "Command": "echo 1", - "Created": 1367854155, - "Status": "Exit 0" - }, - { - "Id": "9cd87474be90", - "Image": "ubuntu:latest", - "Command": "echo 222222", - "Created": 1367854155, - "Status": "Exit 0" - }, - { - "Id": "3176a2479c92", - "Image": "centos:latest", - "Command": "echo 3333333333333333", - "Created": 1367854154, - "Status": "Exit 0" - }, - { - "Id": "4cb07b47f9fb", - "Image": "fedora:latest", - "Command": "echo 444444444444444444444444444444444", - "Created": 1367854152, - "Status": "Exit 0" - } - ] - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :query limit: Show ``limit`` last created containers, include non-running ones. - :query since: Show only containers created since Id, include non-running ones. - :query before: Show only containers created before Id, include non-running ones. - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create a container -****************** - -.. http:post:: /containers/create - - Create a container - - **Example request**: - - .. sourcecode:: http - - POST /containers/create HTTP/1.1 - Content-Type: application/json - - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":true, - "AttachStderr":true, - "PortSpecs":null, - "Tty":false, - "OpenStdin":false, - "StdinOnce":false, - "Env":null, - "Cmd":[ - "date" - ], - "Dns":null, - "Image":"ubuntu", - "Volumes":{}, - "VolumesFrom":"" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/json - - { - "Id":"e90e34656806" - "Warnings":[] - } - - :jsonparam config: the container's configuration - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 406: impossible to attach (container not running) - :statuscode 500: server error - - -Inspect a container -******************* - -.. http:get:: /containers/(id)/json - - Return low-level information on the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", - "Created": "2013-05-07T14:51:42.041847+02:00", - "Path": "date", - "Args": [], - "Config": { - "Hostname": "4fa6e0f0c678", - "User": "", - "Memory": 0, - "MemorySwap": 0, - "AttachStdin": false, - "AttachStdout": true, - "AttachStderr": true, - "PortSpecs": null, - "Tty": false, - "OpenStdin": false, - "StdinOnce": false, - "Env": null, - "Cmd": [ - "date" - ], - "Dns": null, - "Image": "ubuntu", - "Volumes": {}, - "VolumesFrom": "" - }, - "State": { - "Running": false, - "Pid": 0, - "ExitCode": 0, - "StartedAt": "2013-05-07T14:51:42.087658+02:01360", - "Ghost": false - }, - "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "NetworkSettings": { - "IpAddress": "", - "IpPrefixLen": 0, - "Gateway": "", - "Bridge": "", - "PortMapping": null - }, - "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", - "ResolvConfPath": "/etc/resolv.conf", - "Volumes": {} - } - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Inspect changes on a container's filesystem -******************************************* - -.. http:get:: /containers/(id)/changes - - Inspect changes on container ``id`` 's filesystem - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/changes HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Path":"/dev", - "Kind":0 - }, - { - "Path":"/dev/kmsg", - "Kind":1 - }, - { - "Path":"/test", - "Kind":1 - } - ] - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Export a container -****************** - -.. http:get:: /containers/(id)/export - - Export the contents of container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/export HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Start a container -***************** - -.. http:post:: /containers/(id)/start - - Start the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/start HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Stop a container -**************** - -.. http:post:: /containers/(id)/stop - - Stop the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/stop?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Restart a container -******************* - -.. http:post:: /containers/(id)/restart - - Restart the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/restart?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Kill a container -**************** - -.. http:post:: /containers/(id)/kill - - Kill the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/kill HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Attach to a container -********************* - -.. http:post:: /containers/(id)/attach - - Attach to the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/vnd.docker.raw-stream - - {{ STREAM }} - - :query logs: 1/True/true or 0/False/false, return logs. Default false - :query stream: 1/True/true or 0/False/false, return stream. Default false - :query stdin: 1/True/true or 0/False/false, if stream=true, attach to stdin. Default false - :query stdout: 1/True/true or 0/False/false, if logs=true, return stdout log, if stream=true, attach to stdout. Default false - :query stderr: 1/True/true or 0/False/false, if logs=true, return stderr log, if stream=true, attach to stderr. Default false - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -Wait a container -**************** - -.. http:post:: /containers/(id)/wait - - Block until container ``id`` stops, then returns the exit code - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/wait HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"StatusCode":0} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Remove a container -******************* - -.. http:delete:: /containers/(id) - - Remove the container ``id`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /containers/16253994b7c4?v=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query v: 1/True/true or 0/False/false, Remove the volumes associated to the container. Default false - :statuscode 204: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -2.2 Images ----------- - -List Images -*********** - -.. http:get:: /images/(format) - - List images ``format`` could be json or viz (json default) - - **Example request**: - - .. sourcecode:: http - - GET /images/json?all=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Repository":"ubuntu", - "Tag":"precise", - "Id":"b750fe79269d", - "Created":1364102658 - }, - { - "Repository":"ubuntu", - "Tag":"12.04", - "Id":"b750fe79269d", - "Created":1364102658 - } - ] - - - **Example request**: - - .. sourcecode:: http - - GET /images/viz HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: text/plain - - digraph docker { - "d82cbacda43a" -> "074be284591f" - "1496068ca813" -> "08306dc45919" - "08306dc45919" -> "0e7893146ac2" - "b750fe79269d" -> "1496068ca813" - base -> "27cf78414709" [style=invis] - "f71189fff3de" -> "9a33b36209ed" - "27cf78414709" -> "b750fe79269d" - "0e7893146ac2" -> "d6434d954665" - "d6434d954665" -> "d82cbacda43a" - base -> "e9aa60c60128" [style=invis] - "074be284591f" -> "f71189fff3de" - "b750fe79269d" [label="b750fe79269d\nubuntu",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - "e9aa60c60128" [label="e9aa60c60128\ncentos",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - "9a33b36209ed" [label="9a33b36209ed\nfedora",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - base [style=invisible] - } - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create an image -*************** - -.. http:post:: /images/create - - Create an image, either by pull it from the registry or by importing it - - **Example request**: - - .. sourcecode:: http - - POST /images/create?fromImage=ubuntu HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/vnd.docker.raw-stream - - {{ STREAM }} - - :query fromImage: name of the image to pull - :query fromSrc: source to import, - means stdin - :query repo: repository - :query tag: tag - :query registry: the registry to pull from - :statuscode 200: no error - :statuscode 500: server error - - -Insert a file in an image -************************* - -.. http:post:: /images/(name)/insert - - Insert a file from ``url`` in the image ``name`` at ``path`` - - **Example request**: - - .. sourcecode:: http - - POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 500: server error - - -Inspect an image -**************** - -.. http:get:: /images/(name)/json - - Return low-level information on the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/centos/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "parent":"27cf784147099545", - "created":"2013-03-23T22:24:18.818426-07:00", - "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", - "container_config": - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":false, - "AttachStderr":false, - "PortSpecs":null, - "Tty":true, - "OpenStdin":true, - "StdinOnce":false, - "Env":null, - "Cmd": ["/bin/bash"] - ,"Dns":null, - "Image":"centos", - "Volumes":null, - "VolumesFrom":"" - } - } - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Get the history of an image -*************************** - -.. http:get:: /images/(name)/history - - Return the history of the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/fedora/history HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id":"b750fe79269d", - "Created":1364102658, - "CreatedBy":"/bin/bash" - }, - { - "Id":"27cf78414709", - "Created":1364068391, - "CreatedBy":"" - } - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Push an image on the registry -***************************** - -.. http:post:: /images/(name)/push - - Push the image ``name`` on the registry - - **Example request**: - - .. sourcecode:: http - - POST /images/test/push HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/vnd.docker.raw-stream - - {{ STREAM }} - - :query registry: the registry you wan to push, optional - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Tag an image into a repository -****************************** - -.. http:post:: /images/(name)/tag - - Tag the image ``name`` into a repository - - **Example request**: - - .. sourcecode:: http - - POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - - :query repo: The repository to tag in - :query force: 1/True/true or 0/False/false, default false - :statuscode 201: no error - :statuscode 400: bad parameter - :statuscode 404: no such image - :statuscode 500: server error - - -Remove an image -*************** - -.. http:delete:: /images/(name) - - Remove the image ``name`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /images/test HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :statuscode 204: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Search images -************* - -.. http:get:: /images/search - - Search for an image in the docker index - - **Example request**: - - .. sourcecode:: http - - GET /images/search?term=sshd HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Name":"cespare/sshd", - "Description":"" - }, - { - "Name":"johnfuller/sshd", - "Description":"" - }, - { - "Name":"dhrp/mongodb-sshd", - "Description":"" - } - ] - - :query term: term to search - :statuscode 200: no error - :statuscode 500: server error - - -2.3 Misc --------- - -Build an image from Dockerfile via stdin -**************************************** - -.. http:post:: /build - - Build an image from Dockerfile via stdin - - **Example request**: - - .. sourcecode:: http - - POST /build HTTP/1.1 - - {{ STREAM }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - {{ STREAM }} - - :query t: repository name to be applied to the resulting image in case of success - :statuscode 200: no error - :statuscode 500: server error - - -Get default username and email -****************************** - -.. http:get:: /auth - - Get the default username and email - - **Example request**: - - .. sourcecode:: http - - GET /auth HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "username":"hannibal", - "email":"hannibal@a-team.com" - } - - :statuscode 200: no error - :statuscode 500: server error - - -Check auth configuration and store it -************************************* - -.. http:post:: /auth - - Get the default username and email - - **Example request**: - - .. sourcecode:: http - - POST /auth HTTP/1.1 - Content-Type: application/json - - { - "username":"hannibal", - "password:"xxxx", - "email":"hannibal@a-team.com" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 204: no error - :statuscode 500: server error - - -Display system-wide information -******************************* - -.. http:get:: /info - - Display system-wide information - - **Example request**: - - .. sourcecode:: http - - GET /info HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Containers":11, - "Images":16, - "Debug":false, - "NFd": 11, - "NGoroutines":21, - "MemoryLimit":true, - "SwapLimit":false - } - - :statuscode 200: no error - :statuscode 500: server error - - -Show the docker version information -*********************************** - -.. http:get:: /version - - Show the docker version information - - **Example request**: - - .. sourcecode:: http - - GET /version HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Version":"0.2.2", - "GitCommit":"5a2a5cc+CHANGES", - "GoVersion":"go1.0.3" - } - - :statuscode 200: no error - :statuscode 500: server error - - -Create a new image from a container's changes -********************************************* - -.. http:post:: /commit - - Create a new image from a container's changes - - **Example request**: - - .. sourcecode:: http - - POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 - Content-Type: application/json - - { - "Cmd": ["cat", "/world"], - "PortSpecs":["22"] - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/vnd.docker.raw-stream - - {"Id":"596069db4bf5"} - - :query container: source container - :query repo: repository - :query tag: tag - :query m: commit message - :query author: author (eg. "John Hannibal Smith ") - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 500: server error - - -3. Going further -================ - -3.1 Inside 'docker run' ------------------------ - -Here are the steps of 'docker run' : - -* Create the container -* If the status code is 404, it means the image doesn't exists: - * Try to pull it - * Then retry to create the container -* Start the container -* If you are not in detached mode: - * Attach to the container, using logs=1 (to have stdout and stderr from the container's start) and stream=1 -* If in detached mode or only stdin is attached: - * Display the container's id - - -3.2 Hijacking -------------- - -In this first version of the API, some of the endpoints, like /attach, /pull or /push uses hijacking to transport stdin, -stdout and stderr on the same socket. This might change in the future. diff --git a/docs/sources/reference/api/archive/docker_remote_api_v1.1.rst b/docs/sources/reference/api/archive/docker_remote_api_v1.1.rst deleted file mode 100644 index 92b5039aa6..0000000000 --- a/docs/sources/reference/api/archive/docker_remote_api_v1.1.rst +++ /dev/null @@ -1,1035 +0,0 @@ -.. use orphan to suppress "WARNING: document isn't included in any toctree" -.. per http://sphinx-doc.org/markup/misc.html#file-wide-metadata - -:orphan: - -:title: Remote API v1.1 -:description: API Documentation for Docker -:keywords: API, Docker, rcli, REST, documentation - -====================== -Docker Remote API v1.1 -====================== - -.. contents:: Table of Contents - -1. Brief introduction -===================== - -- The Remote API is replacing rcli -- Default port in the docker daemon is 4243 -- The API tends to be REST, but for some complex commands, like attach or pull, the HTTP connection is hijacked to transport stdout stdin and stderr - -2. Endpoints -============ - -2.1 Containers --------------- - -List containers -*************** - -.. http:get:: /containers/json - - List containers - - **Example request**: - - .. sourcecode:: http - - GET /containers/json?all=1&before=8dfafdbc3a40 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id": "8dfafdbc3a40", - "Image": "ubuntu:latest", - "Command": "echo 1", - "Created": 1367854155, - "Status": "Exit 0" - }, - { - "Id": "9cd87474be90", - "Image": "ubuntu:latest", - "Command": "echo 222222", - "Created": 1367854155, - "Status": "Exit 0" - }, - { - "Id": "3176a2479c92", - "Image": "centos:latest", - "Command": "echo 3333333333333333", - "Created": 1367854154, - "Status": "Exit 0" - }, - { - "Id": "4cb07b47f9fb", - "Image": "fedora:latest", - "Command": "echo 444444444444444444444444444444444", - "Created": 1367854152, - "Status": "Exit 0" - } - ] - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :query limit: Show ``limit`` last created containers, include non-running ones. - :query since: Show only containers created since Id, include non-running ones. - :query before: Show only containers created before Id, include non-running ones. - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create a container -****************** - -.. http:post:: /containers/create - - Create a container - - **Example request**: - - .. sourcecode:: http - - POST /containers/create HTTP/1.1 - Content-Type: application/json - - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":true, - "AttachStderr":true, - "PortSpecs":null, - "Tty":false, - "OpenStdin":false, - "StdinOnce":false, - "Env":null, - "Cmd":[ - "date" - ], - "Dns":null, - "Image":"ubuntu", - "Volumes":{}, - "VolumesFrom":"" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/json - - { - "Id":"e90e34656806" - "Warnings":[] - } - - :jsonparam config: the container's configuration - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 406: impossible to attach (container not running) - :statuscode 500: server error - - -Inspect a container -******************* - -.. http:get:: /containers/(id)/json - - Return low-level information on the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", - "Created": "2013-05-07T14:51:42.041847+02:00", - "Path": "date", - "Args": [], - "Config": { - "Hostname": "4fa6e0f0c678", - "User": "", - "Memory": 0, - "MemorySwap": 0, - "AttachStdin": false, - "AttachStdout": true, - "AttachStderr": true, - "PortSpecs": null, - "Tty": false, - "OpenStdin": false, - "StdinOnce": false, - "Env": null, - "Cmd": [ - "date" - ], - "Dns": null, - "Image": "ubuntu", - "Volumes": {}, - "VolumesFrom": "" - }, - "State": { - "Running": false, - "Pid": 0, - "ExitCode": 0, - "StartedAt": "2013-05-07T14:51:42.087658+02:01360", - "Ghost": false - }, - "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "NetworkSettings": { - "IpAddress": "", - "IpPrefixLen": 0, - "Gateway": "", - "Bridge": "", - "PortMapping": null - }, - "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", - "ResolvConfPath": "/etc/resolv.conf", - "Volumes": {} - } - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Inspect changes on a container's filesystem -******************************************* - -.. http:get:: /containers/(id)/changes - - Inspect changes on container ``id`` 's filesystem - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/changes HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Path":"/dev", - "Kind":0 - }, - { - "Path":"/dev/kmsg", - "Kind":1 - }, - { - "Path":"/test", - "Kind":1 - } - ] - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Export a container -****************** - -.. http:get:: /containers/(id)/export - - Export the contents of container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/export HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Start a container -***************** - -.. http:post:: /containers/(id)/start - - Start the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/start HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Stop a container -**************** - -.. http:post:: /containers/(id)/stop - - Stop the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/stop?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Restart a container -******************* - -.. http:post:: /containers/(id)/restart - - Restart the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/restart?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Kill a container -**************** - -.. http:post:: /containers/(id)/kill - - Kill the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/kill HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Attach to a container -********************* - -.. http:post:: /containers/(id)/attach - - Attach to the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/vnd.docker.raw-stream - - {{ STREAM }} - - :query logs: 1/True/true or 0/False/false, return logs. Default false - :query stream: 1/True/true or 0/False/false, return stream. Default false - :query stdin: 1/True/true or 0/False/false, if stream=true, attach to stdin. Default false - :query stdout: 1/True/true or 0/False/false, if logs=true, return stdout log, if stream=true, attach to stdout. Default false - :query stderr: 1/True/true or 0/False/false, if logs=true, return stderr log, if stream=true, attach to stderr. Default false - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -Wait a container -**************** - -.. http:post:: /containers/(id)/wait - - Block until container ``id`` stops, then returns the exit code - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/wait HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"StatusCode":0} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Remove a container -******************* - -.. http:delete:: /containers/(id) - - Remove the container ``id`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /containers/16253994b7c4?v=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query v: 1/True/true or 0/False/false, Remove the volumes associated to the container. Default false - :statuscode 204: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -2.2 Images ----------- - -List Images -*********** - -.. http:get:: /images/(format) - - List images ``format`` could be json or viz (json default) - - **Example request**: - - .. sourcecode:: http - - GET /images/json?all=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Repository":"ubuntu", - "Tag":"precise", - "Id":"b750fe79269d", - "Created":1364102658 - }, - { - "Repository":"ubuntu", - "Tag":"12.04", - "Id":"b750fe79269d", - "Created":1364102658 - } - ] - - - **Example request**: - - .. sourcecode:: http - - GET /images/viz HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: text/plain - - digraph docker { - "d82cbacda43a" -> "074be284591f" - "1496068ca813" -> "08306dc45919" - "08306dc45919" -> "0e7893146ac2" - "b750fe79269d" -> "1496068ca813" - base -> "27cf78414709" [style=invis] - "f71189fff3de" -> "9a33b36209ed" - "27cf78414709" -> "b750fe79269d" - "0e7893146ac2" -> "d6434d954665" - "d6434d954665" -> "d82cbacda43a" - base -> "e9aa60c60128" [style=invis] - "074be284591f" -> "f71189fff3de" - "b750fe79269d" [label="b750fe79269d\nubuntu",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - "e9aa60c60128" [label="e9aa60c60128\ncentos",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - "9a33b36209ed" [label="9a33b36209ed\nfedora",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - base [style=invisible] - } - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create an image -*************** - -.. http:post:: /images/create - - Create an image, either by pull it from the registry or by importing it - - **Example request**: - - .. sourcecode:: http - - POST /images/create?fromImage=ubuntu HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pulling..."} - {"status":"Pulling", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :query fromImage: name of the image to pull - :query fromSrc: source to import, - means stdin - :query repo: repository - :query tag: tag - :query registry: the registry to pull from - :statuscode 200: no error - :statuscode 500: server error - - -Insert a file in an image -************************* - -.. http:post:: /images/(name)/insert - - Insert a file from ``url`` in the image ``name`` at ``path`` - - **Example request**: - - .. sourcecode:: http - - POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Inserting..."} - {"status":"Inserting", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :statuscode 200: no error - :statuscode 500: server error - - -Inspect an image -**************** - -.. http:get:: /images/(name)/json - - Return low-level information on the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/centos/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "parent":"27cf784147099545", - "created":"2013-03-23T22:24:18.818426-07:00", - "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", - "container_config": - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":false, - "AttachStderr":false, - "PortSpecs":null, - "Tty":true, - "OpenStdin":true, - "StdinOnce":false, - "Env":null, - "Cmd": ["/bin/bash"] - ,"Dns":null, - "Image":"centos", - "Volumes":null, - "VolumesFrom":"" - } - } - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Get the history of an image -*************************** - -.. http:get:: /images/(name)/history - - Return the history of the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/fedora/history HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id":"b750fe79269d", - "Created":1364102658, - "CreatedBy":"/bin/bash" - }, - { - "Id":"27cf78414709", - "Created":1364068391, - "CreatedBy":"" - } - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Push an image on the registry -***************************** - -.. http:post:: /images/(name)/push - - Push the image ``name`` on the registry - - **Example request**: - - .. sourcecode:: http - - POST /images/test/push HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pushing..."} - {"status":"Pushing", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :query registry: the registry you wan to push, optional - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Tag an image into a repository -****************************** - -.. http:post:: /images/(name)/tag - - Tag the image ``name`` into a repository - - **Example request**: - - .. sourcecode:: http - - POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - - :query repo: The repository to tag in - :query force: 1/True/true or 0/False/false, default false - :statuscode 201: no error - :statuscode 400: bad parameter - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Remove an image -*************** - -.. http:delete:: /images/(name) - - Remove the image ``name`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /images/test HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :statuscode 204: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Search images -************* - -.. http:get:: /images/search - - Search for an image in the docker index - - **Example request**: - - .. sourcecode:: http - - GET /images/search?term=sshd HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Name":"cespare/sshd", - "Description":"" - }, - { - "Name":"johnfuller/sshd", - "Description":"" - }, - { - "Name":"dhrp/mongodb-sshd", - "Description":"" - } - ] - - :query term: term to search - :statuscode 200: no error - :statuscode 500: server error - - -2.3 Misc --------- - -Build an image from Dockerfile via stdin -**************************************** - -.. http:post:: /build - - Build an image from Dockerfile via stdin - - **Example request**: - - .. sourcecode:: http - - POST /build HTTP/1.1 - - {{ STREAM }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - {{ STREAM }} - - :query t: tag to be applied to the resulting image in case of success - :statuscode 200: no error - :statuscode 500: server error - - -Get default username and email -****************************** - -.. http:get:: /auth - - Get the default username and email - - **Example request**: - - .. sourcecode:: http - - GET /auth HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "username":"hannibal", - "email":"hannibal@a-team.com" - } - - :statuscode 200: no error - :statuscode 500: server error - - -Check auth configuration and store it -************************************* - -.. http:post:: /auth - - Get the default username and email - - **Example request**: - - .. sourcecode:: http - - POST /auth HTTP/1.1 - Content-Type: application/json - - { - "username":"hannibal", - "password:"xxxx", - "email":"hannibal@a-team.com" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 204: no error - :statuscode 500: server error - - -Display system-wide information -******************************* - -.. http:get:: /info - - Display system-wide information - - **Example request**: - - .. sourcecode:: http - - GET /info HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Containers":11, - "Images":16, - "Debug":false, - "NFd": 11, - "NGoroutines":21, - "MemoryLimit":true, - "SwapLimit":false - } - - :statuscode 200: no error - :statuscode 500: server error - - -Show the docker version information -*********************************** - -.. http:get:: /version - - Show the docker version information - - **Example request**: - - .. sourcecode:: http - - GET /version HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Version":"0.2.2", - "GitCommit":"5a2a5cc+CHANGES", - "GoVersion":"go1.0.3" - } - - :statuscode 200: no error - :statuscode 500: server error - - -Create a new image from a container's changes -********************************************* - -.. http:post:: /commit - - Create a new image from a container's changes - - **Example request**: - - .. sourcecode:: http - - POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 - Content-Type: application/json - - { - "Cmd": ["cat", "/world"], - "PortSpecs":["22"] - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/vnd.docker.raw-stream - - {"Id":"596069db4bf5"} - - :query container: source container - :query repo: repository - :query tag: tag - :query m: commit message - :query author: author (eg. "John Hannibal Smith ") - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 500: server error - - -3. Going further -================ - -3.1 Inside 'docker run' ------------------------ - -Here are the steps of 'docker run' : - -* Create the container -* If the status code is 404, it means the image doesn't exists: - * Try to pull it - * Then retry to create the container -* Start the container -* If you are not in detached mode: - * Attach to the container, using logs=1 (to have stdout and stderr from the container's start) and stream=1 -* If in detached mode or only stdin is attached: - * Display the container's id - - -3.2 Hijacking -------------- - -In this version of the API, /attach uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. diff --git a/docs/sources/reference/api/archive/docker_remote_api_v1.2.rst b/docs/sources/reference/api/archive/docker_remote_api_v1.2.rst deleted file mode 100644 index 80f76a3de9..0000000000 --- a/docs/sources/reference/api/archive/docker_remote_api_v1.2.rst +++ /dev/null @@ -1,1051 +0,0 @@ -.. use orphan to suppress "WARNING: document isn't included in any toctree" -.. per http://sphinx-doc.org/markup/misc.html#file-wide-metadata - -:orphan: - -:title: Remote API v1.2 -:description: API Documentation for Docker -:keywords: API, Docker, rcli, REST, documentation - -====================== -Docker Remote API v1.2 -====================== - -.. contents:: Table of Contents - -1. Brief introduction -===================== - -- The Remote API is replacing rcli -- Default port in the docker daemon is 4243 -- The API tends to be REST, but for some complex commands, like attach or pull, the HTTP connection is hijacked to transport stdout stdin and stderr - -2. Endpoints -============ - -2.1 Containers --------------- - -List containers -*************** - -.. http:get:: /containers/json - - List containers - - **Example request**: - - .. sourcecode:: http - - GET /containers/json?all=1&before=8dfafdbc3a40 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id": "8dfafdbc3a40", - "Image": "ubuntu:latest", - "Command": "echo 1", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":"", - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "9cd87474be90", - "Image": "ubuntu:latest", - "Command": "echo 222222", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":"", - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "3176a2479c92", - "Image": "centos:latest", - "Command": "echo 3333333333333333", - "Created": 1367854154, - "Status": "Exit 0", - "Ports":"", - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "4cb07b47f9fb", - "Image": "fedora:latest", - "Command": "echo 444444444444444444444444444444444", - "Created": 1367854152, - "Status": "Exit 0", - "Ports":"", - "SizeRw":12288, - "SizeRootFs":0 - } - ] - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :query limit: Show ``limit`` last created containers, include non-running ones. - :query since: Show only containers created since Id, include non-running ones. - :query before: Show only containers created before Id, include non-running ones. - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create a container -****************** - -.. http:post:: /containers/create - - Create a container - - **Example request**: - - .. sourcecode:: http - - POST /containers/create HTTP/1.1 - Content-Type: application/json - - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":true, - "AttachStderr":true, - "PortSpecs":null, - "Tty":false, - "OpenStdin":false, - "StdinOnce":false, - "Env":null, - "Cmd":[ - "date" - ], - "Dns":null, - "Image":"ubuntu", - "Volumes":{}, - "VolumesFrom":"" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/json - - { - "Id":"e90e34656806" - "Warnings":[] - } - - :jsonparam config: the container's configuration - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 406: impossible to attach (container not running) - :statuscode 500: server error - - -Inspect a container -******************* - -.. http:get:: /containers/(id)/json - - Return low-level information on the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", - "Created": "2013-05-07T14:51:42.041847+02:00", - "Path": "date", - "Args": [], - "Config": { - "Hostname": "4fa6e0f0c678", - "User": "", - "Memory": 0, - "MemorySwap": 0, - "AttachStdin": false, - "AttachStdout": true, - "AttachStderr": true, - "PortSpecs": null, - "Tty": false, - "OpenStdin": false, - "StdinOnce": false, - "Env": null, - "Cmd": [ - "date" - ], - "Dns": null, - "Image": "ubuntu", - "Volumes": {}, - "VolumesFrom": "" - }, - "State": { - "Running": false, - "Pid": 0, - "ExitCode": 0, - "StartedAt": "2013-05-07T14:51:42.087658+02:01360", - "Ghost": false - }, - "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "NetworkSettings": { - "IpAddress": "", - "IpPrefixLen": 0, - "Gateway": "", - "Bridge": "", - "PortMapping": null - }, - "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", - "ResolvConfPath": "/etc/resolv.conf", - "Volumes": {} - } - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Inspect changes on a container's filesystem -******************************************* - -.. http:get:: /containers/(id)/changes - - Inspect changes on container ``id`` 's filesystem - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/changes HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Path":"/dev", - "Kind":0 - }, - { - "Path":"/dev/kmsg", - "Kind":1 - }, - { - "Path":"/test", - "Kind":1 - } - ] - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Export a container -****************** - -.. http:get:: /containers/(id)/export - - Export the contents of container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/export HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Start a container -***************** - -.. http:post:: /containers/(id)/start - - Start the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/start HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Stop a container -**************** - -.. http:post:: /containers/(id)/stop - - Stop the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/stop?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Restart a container -******************* - -.. http:post:: /containers/(id)/restart - - Restart the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/restart?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Kill a container -**************** - -.. http:post:: /containers/(id)/kill - - Kill the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/kill HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Attach to a container -********************* - -.. http:post:: /containers/(id)/attach - - Attach to the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/vnd.docker.raw-stream - - {{ STREAM }} - - :query logs: 1/True/true or 0/False/false, return logs. Default false - :query stream: 1/True/true or 0/False/false, return stream. Default false - :query stdin: 1/True/true or 0/False/false, if stream=true, attach to stdin. Default false - :query stdout: 1/True/true or 0/False/false, if logs=true, return stdout log, if stream=true, attach to stdout. Default false - :query stderr: 1/True/true or 0/False/false, if logs=true, return stderr log, if stream=true, attach to stderr. Default false - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -Wait a container -**************** - -.. http:post:: /containers/(id)/wait - - Block until container ``id`` stops, then returns the exit code - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/wait HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"StatusCode":0} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Remove a container -******************* - -.. http:delete:: /containers/(id) - - Remove the container ``id`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /containers/16253994b7c4?v=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query v: 1/True/true or 0/False/false, Remove the volumes associated to the container. Default false - :statuscode 204: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -2.2 Images ----------- - -List Images -*********** - -.. http:get:: /images/(format) - - List images ``format`` could be json or viz (json default) - - **Example request**: - - .. sourcecode:: http - - GET /images/json?all=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Repository":"ubuntu", - "Tag":"precise", - "Id":"b750fe79269d", - "Created":1364102658, - "Size":24653, - "VirtualSize":180116135 - }, - { - "Repository":"ubuntu", - "Tag":"12.04", - "Id":"b750fe79269d", - "Created":1364102658, - "Size":24653, - "VirtualSize":180116135 - } - ] - - - **Example request**: - - .. sourcecode:: http - - GET /images/viz HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: text/plain - - digraph docker { - "d82cbacda43a" -> "074be284591f" - "1496068ca813" -> "08306dc45919" - "08306dc45919" -> "0e7893146ac2" - "b750fe79269d" -> "1496068ca813" - base -> "27cf78414709" [style=invis] - "f71189fff3de" -> "9a33b36209ed" - "27cf78414709" -> "b750fe79269d" - "0e7893146ac2" -> "d6434d954665" - "d6434d954665" -> "d82cbacda43a" - base -> "e9aa60c60128" [style=invis] - "074be284591f" -> "f71189fff3de" - "b750fe79269d" [label="b750fe79269d\nubuntu",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - "e9aa60c60128" [label="e9aa60c60128\ncentos",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - "9a33b36209ed" [label="9a33b36209ed\nfedora",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - base [style=invisible] - } - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create an image -*************** - -.. http:post:: /images/create - - Create an image, either by pull it from the registry or by importing it - - **Example request**: - - .. sourcecode:: http - - POST /images/create?fromImage=ubuntu HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pulling..."} - {"status":"Pulling", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :query fromImage: name of the image to pull - :query fromSrc: source to import, - means stdin - :query repo: repository - :query tag: tag - :query registry: the registry to pull from - :statuscode 200: no error - :statuscode 500: server error - - -Insert a file in an image -************************* - -.. http:post:: /images/(name)/insert - - Insert a file from ``url`` in the image ``name`` at ``path`` - - **Example request**: - - .. sourcecode:: http - - POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Inserting..."} - {"status":"Inserting", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :statuscode 200: no error - :statuscode 500: server error - - -Inspect an image -**************** - -.. http:get:: /images/(name)/json - - Return low-level information on the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/centos/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "parent":"27cf784147099545", - "created":"2013-03-23T22:24:18.818426-07:00", - "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", - "container_config": - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":false, - "AttachStderr":false, - "PortSpecs":null, - "Tty":true, - "OpenStdin":true, - "StdinOnce":false, - "Env":null, - "Cmd": ["/bin/bash"] - ,"Dns":null, - "Image":"centos", - "Volumes":null, - "VolumesFrom":"" - }, - "Size": 6824592 - } - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Get the history of an image -*************************** - -.. http:get:: /images/(name)/history - - Return the history of the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/fedora/history HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id":"b750fe79269d", - "Tag":["ubuntu:latest"], - "Created":1364102658, - "CreatedBy":"/bin/bash" - }, - { - "Id":"27cf78414709", - "Created":1364068391, - "CreatedBy":"" - } - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Push an image on the registry -***************************** - -.. http:post:: /images/(name)/push - - Push the image ``name`` on the registry - - **Example request**: - - .. sourcecode:: http - - POST /images/test/push HTTP/1.1 - {{ authConfig }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pushing..."} - {"status":"Pushing", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :query registry: the registry you wan to push, optional - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Tag an image into a repository -****************************** - -.. http:post:: /images/(name)/tag - - Tag the image ``name`` into a repository - - **Example request**: - - .. sourcecode:: http - - POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - - :query repo: The repository to tag in - :query force: 1/True/true or 0/False/false, default false - :statuscode 201: no error - :statuscode 400: bad parameter - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Remove an image -*************** - -.. http:delete:: /images/(name) - - Remove the image ``name`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /images/test HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-type: application/json - - [ - {"Untagged":"3e2f21a89f"}, - {"Deleted":"3e2f21a89f"}, - {"Deleted":"53b4f83ac9"} - ] - - :statuscode 204: no error - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Search images -************* - -.. http:get:: /images/search - - Search for an image in the docker index - - **Example request**: - - .. sourcecode:: http - - GET /images/search?term=sshd HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Name":"cespare/sshd", - "Description":"" - }, - { - "Name":"johnfuller/sshd", - "Description":"" - }, - { - "Name":"dhrp/mongodb-sshd", - "Description":"" - } - ] - - :query term: term to search - :statuscode 200: no error - :statuscode 500: server error - - -2.3 Misc --------- - -Build an image from Dockerfile via stdin -**************************************** - -.. http:post:: /build - - Build an image from Dockerfile - - **Example request**: - - .. sourcecode:: http - - POST /build HTTP/1.1 - - {{ STREAM }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - {{ STREAM }} - - :query t: repository name to be applied to the resulting image in case of success - :query remote: resource to fetch, as URI - :statuscode 200: no error - :statuscode 500: server error - -{{ STREAM }} is the raw text output of the build command. It uses the HTTP Hijack method in order to stream. - - -Check auth configuration -************************ - -.. http:post:: /auth - - Get the default username and email - - **Example request**: - - .. sourcecode:: http - - POST /auth HTTP/1.1 - Content-Type: application/json - - { - "username":"hannibal", - "password:"xxxx", - "email":"hannibal@a-team.com" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Status": "Login Succeeded" - } - - :statuscode 200: no error - :statuscode 204: no error - :statuscode 401: unauthorized - :statuscode 403: forbidden - :statuscode 500: server error - - -Display system-wide information -******************************* - -.. http:get:: /info - - Display system-wide information - - **Example request**: - - .. sourcecode:: http - - GET /info HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Containers":11, - "Images":16, - "Debug":false, - "NFd": 11, - "NGoroutines":21, - "MemoryLimit":true, - "SwapLimit":false - } - - :statuscode 200: no error - :statuscode 500: server error - - -Show the docker version information -*********************************** - -.. http:get:: /version - - Show the docker version information - - **Example request**: - - .. sourcecode:: http - - GET /version HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Version":"0.2.2", - "GitCommit":"5a2a5cc+CHANGES", - "GoVersion":"go1.0.3" - } - - :statuscode 200: no error - :statuscode 500: server error - - -Create a new image from a container's changes -********************************************* - -.. http:post:: /commit - - Create a new image from a container's changes - - **Example request**: - - .. sourcecode:: http - - POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 - Content-Type: application/json - - { - "Cmd": ["cat", "/world"], - "PortSpecs":["22"] - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/vnd.docker.raw-stream - - {"Id":"596069db4bf5"} - - :query container: source container - :query repo: repository - :query tag: tag - :query m: commit message - :query author: author (eg. "John Hannibal Smith ") - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 500: server error - - -3. Going further -================ - -3.1 Inside 'docker run' ------------------------ - -Here are the steps of 'docker run' : - -* Create the container -* If the status code is 404, it means the image doesn't exists: - * Try to pull it - * Then retry to create the container -* Start the container -* If you are not in detached mode: - * Attach to the container, using logs=1 (to have stdout and stderr from the container's start) and stream=1 -* If in detached mode or only stdin is attached: - * Display the container's id - - -3.2 Hijacking -------------- - -In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. - -3.3 CORS Requests ------------------ - -To enable cross origin requests to the remote api add the flag "--api-enable-cors" when running docker in daemon mode. - - docker -d -H="tcp://192.168.1.9:4243" --api-enable-cors - diff --git a/docs/sources/reference/api/archive/docker_remote_api_v1.3.rst b/docs/sources/reference/api/archive/docker_remote_api_v1.3.rst deleted file mode 100644 index 2b17a37a4d..0000000000 --- a/docs/sources/reference/api/archive/docker_remote_api_v1.3.rst +++ /dev/null @@ -1,1130 +0,0 @@ -.. use orphan to suppress "WARNING: document isn't included in any toctree" -.. per http://sphinx-doc.org/markup/misc.html#file-wide-metadata - -:orphan: - -:title: Remote API v1.3 -:description: API Documentation for Docker -:keywords: API, Docker, rcli, REST, documentation - -====================== -Docker Remote API v1.3 -====================== - -.. contents:: Table of Contents - -1. Brief introduction -===================== - -- The Remote API is replacing rcli -- Default port in the docker daemon is 4243 -- The API tends to be REST, but for some complex commands, like attach or pull, the HTTP connection is hijacked to transport stdout stdin and stderr - -2. Endpoints -============ - -2.1 Containers --------------- - -List containers -*************** - -.. http:get:: /containers/json - - List containers - - **Example request**: - - .. sourcecode:: http - - GET /containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id": "8dfafdbc3a40", - "Image": "ubuntu:latest", - "Command": "echo 1", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":"", - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "9cd87474be90", - "Image": "ubuntu:latest", - "Command": "echo 222222", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":"", - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "3176a2479c92", - "Image": "centos:latest", - "Command": "echo 3333333333333333", - "Created": 1367854154, - "Status": "Exit 0", - "Ports":"", - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "4cb07b47f9fb", - "Image": "fedora:latest", - "Command": "echo 444444444444444444444444444444444", - "Created": 1367854152, - "Status": "Exit 0", - "Ports":"", - "SizeRw":12288, - "SizeRootFs":0 - } - ] - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :query limit: Show ``limit`` last created containers, include non-running ones. - :query since: Show only containers created since Id, include non-running ones. - :query before: Show only containers created before Id, include non-running ones. - :query size: 1/True/true or 0/False/false, Show the containers sizes - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create a container -****************** - -.. http:post:: /containers/create - - Create a container - - **Example request**: - - .. sourcecode:: http - - POST /containers/create HTTP/1.1 - Content-Type: application/json - - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":true, - "AttachStderr":true, - "PortSpecs":null, - "Tty":false, - "OpenStdin":false, - "StdinOnce":false, - "Env":null, - "Cmd":[ - "date" - ], - "Dns":null, - "Image":"ubuntu", - "Volumes":{}, - "VolumesFrom":"" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/json - - { - "Id":"e90e34656806" - "Warnings":[] - } - - :jsonparam config: the container's configuration - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 406: impossible to attach (container not running) - :statuscode 500: server error - - -Inspect a container -******************* - -.. http:get:: /containers/(id)/json - - Return low-level information on the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", - "Created": "2013-05-07T14:51:42.041847+02:00", - "Path": "date", - "Args": [], - "Config": { - "Hostname": "4fa6e0f0c678", - "User": "", - "Memory": 0, - "MemorySwap": 0, - "AttachStdin": false, - "AttachStdout": true, - "AttachStderr": true, - "PortSpecs": null, - "Tty": false, - "OpenStdin": false, - "StdinOnce": false, - "Env": null, - "Cmd": [ - "date" - ], - "Dns": null, - "Image": "ubuntu", - "Volumes": {}, - "VolumesFrom": "" - }, - "State": { - "Running": false, - "Pid": 0, - "ExitCode": 0, - "StartedAt": "2013-05-07T14:51:42.087658+02:01360", - "Ghost": false - }, - "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "NetworkSettings": { - "IpAddress": "", - "IpPrefixLen": 0, - "Gateway": "", - "Bridge": "", - "PortMapping": null - }, - "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", - "ResolvConfPath": "/etc/resolv.conf", - "Volumes": {} - } - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -List processes running inside a container -***************************************** - -.. http:get:: /containers/(id)/top - - List processes running inside the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/top HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "PID":"11935", - "Tty":"pts/2", - "Time":"00:00:00", - "Cmd":"sh" - }, - { - "PID":"12140", - "Tty":"pts/2", - "Time":"00:00:00", - "Cmd":"sleep" - } - ] - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Inspect changes on a container's filesystem -******************************************* - -.. http:get:: /containers/(id)/changes - - Inspect changes on container ``id`` 's filesystem - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/changes HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Path":"/dev", - "Kind":0 - }, - { - "Path":"/dev/kmsg", - "Kind":1 - }, - { - "Path":"/test", - "Kind":1 - } - ] - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Export a container -****************** - -.. http:get:: /containers/(id)/export - - Export the contents of container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/export HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Start a container -***************** - -.. http:post:: /containers/(id)/start - - Start the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/(id)/start HTTP/1.1 - Content-Type: application/json - - { - "Binds":["/tmp:/tmp"] - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 No Content - Content-Type: text/plain - - :jsonparam hostConfig: the container's host configuration (optional) - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Stop a container -**************** - -.. http:post:: /containers/(id)/stop - - Stop the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/stop?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Restart a container -******************* - -.. http:post:: /containers/(id)/restart - - Restart the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/restart?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Kill a container -**************** - -.. http:post:: /containers/(id)/kill - - Kill the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/kill HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Attach to a container -********************* - -.. http:post:: /containers/(id)/attach - - Attach to the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/vnd.docker.raw-stream - - {{ STREAM }} - - :query logs: 1/True/true or 0/False/false, return logs. Default false - :query stream: 1/True/true or 0/False/false, return stream. Default false - :query stdin: 1/True/true or 0/False/false, if stream=true, attach to stdin. Default false - :query stdout: 1/True/true or 0/False/false, if logs=true, return stdout log, if stream=true, attach to stdout. Default false - :query stderr: 1/True/true or 0/False/false, if logs=true, return stderr log, if stream=true, attach to stderr. Default false - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -Wait a container -**************** - -.. http:post:: /containers/(id)/wait - - Block until container ``id`` stops, then returns the exit code - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/wait HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"StatusCode":0} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Remove a container -******************* - -.. http:delete:: /containers/(id) - - Remove the container ``id`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /containers/16253994b7c4?v=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query v: 1/True/true or 0/False/false, Remove the volumes associated to the container. Default false - :statuscode 204: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -2.2 Images ----------- - -List Images -*********** - -.. http:get:: /images/(format) - - List images ``format`` could be json or viz (json default) - - **Example request**: - - .. sourcecode:: http - - GET /images/json?all=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Repository":"ubuntu", - "Tag":"precise", - "Id":"b750fe79269d", - "Created":1364102658, - "Size":24653, - "VirtualSize":180116135 - }, - { - "Repository":"ubuntu", - "Tag":"12.04", - "Id":"b750fe79269d", - "Created":1364102658, - "Size":24653, - "VirtualSize":180116135 - } - ] - - - **Example request**: - - .. sourcecode:: http - - GET /images/viz HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: text/plain - - digraph docker { - "d82cbacda43a" -> "074be284591f" - "1496068ca813" -> "08306dc45919" - "08306dc45919" -> "0e7893146ac2" - "b750fe79269d" -> "1496068ca813" - base -> "27cf78414709" [style=invis] - "f71189fff3de" -> "9a33b36209ed" - "27cf78414709" -> "b750fe79269d" - "0e7893146ac2" -> "d6434d954665" - "d6434d954665" -> "d82cbacda43a" - base -> "e9aa60c60128" [style=invis] - "074be284591f" -> "f71189fff3de" - "b750fe79269d" [label="b750fe79269d\nubuntu",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - "e9aa60c60128" [label="e9aa60c60128\ncentos",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - "9a33b36209ed" [label="9a33b36209ed\nfedora",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - base [style=invisible] - } - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create an image -*************** - -.. http:post:: /images/create - - Create an image, either by pull it from the registry or by importing it - - **Example request**: - - .. sourcecode:: http - - POST /images/create?fromImage=ubuntu HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pulling..."} - {"status":"Pulling", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :query fromImage: name of the image to pull - :query fromSrc: source to import, - means stdin - :query repo: repository - :query tag: tag - :query registry: the registry to pull from - :statuscode 200: no error - :statuscode 500: server error - - -Insert a file in an image -************************* - -.. http:post:: /images/(name)/insert - - Insert a file from ``url`` in the image ``name`` at ``path`` - - **Example request**: - - .. sourcecode:: http - - POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Inserting..."} - {"status":"Inserting", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :statuscode 200: no error - :statuscode 500: server error - - -Inspect an image -**************** - -.. http:get:: /images/(name)/json - - Return low-level information on the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/centos/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "parent":"27cf784147099545", - "created":"2013-03-23T22:24:18.818426-07:00", - "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", - "container_config": - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":false, - "AttachStderr":false, - "PortSpecs":null, - "Tty":true, - "OpenStdin":true, - "StdinOnce":false, - "Env":null, - "Cmd": ["/bin/bash"] - ,"Dns":null, - "Image":"centos", - "Volumes":null, - "VolumesFrom":"" - }, - "Size": 6824592 - } - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Get the history of an image -*************************** - -.. http:get:: /images/(name)/history - - Return the history of the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/fedora/history HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id":"b750fe79269d", - "Created":1364102658, - "CreatedBy":"/bin/bash" - }, - { - "Id":"27cf78414709", - "Created":1364068391, - "CreatedBy":"" - } - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Push an image on the registry -***************************** - -.. http:post:: /images/(name)/push - - Push the image ``name`` on the registry - - **Example request**: - - .. sourcecode:: http - - POST /images/test/push HTTP/1.1 - {{ authConfig }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pushing..."} - {"status":"Pushing", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :query registry: the registry you wan to push, optional - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Tag an image into a repository -****************************** - -.. http:post:: /images/(name)/tag - - Tag the image ``name`` into a repository - - **Example request**: - - .. sourcecode:: http - - POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - - :query repo: The repository to tag in - :query force: 1/True/true or 0/False/false, default false - :statuscode 201: no error - :statuscode 400: bad parameter - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Remove an image -*************** - -.. http:delete:: /images/(name) - - Remove the image ``name`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /images/test HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-type: application/json - - [ - {"Untagged":"3e2f21a89f"}, - {"Deleted":"3e2f21a89f"}, - {"Deleted":"53b4f83ac9"} - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Search images -************* - -.. http:get:: /images/search - - Search for an image in the docker index - - **Example request**: - - .. sourcecode:: http - - GET /images/search?term=sshd HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Name":"cespare/sshd", - "Description":"" - }, - { - "Name":"johnfuller/sshd", - "Description":"" - }, - { - "Name":"dhrp/mongodb-sshd", - "Description":"" - } - ] - - :query term: term to search - :statuscode 200: no error - :statuscode 500: server error - - -2.3 Misc --------- - -Build an image from Dockerfile via stdin -**************************************** - -.. http:post:: /build - - Build an image from Dockerfile via stdin - - **Example request**: - - .. sourcecode:: http - - POST /build HTTP/1.1 - - {{ STREAM }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - {{ STREAM }} - - - The stream must be a tar archive compressed with one of the following algorithms: - identity (no compression), gzip, bzip2, xz. The archive must include a file called - `Dockerfile` at its root. It may include any number of other files, which will be - accessible in the build context (See the ADD build command). - - The Content-type header should be set to "application/tar". - - :query t: repository name (and optionally a tag) to be applied to the resulting image in case of success - :query q: suppress verbose build output - :statuscode 200: no error - :statuscode 500: server error - - -Check auth configuration -************************ - -.. http:post:: /auth - - Get the default username and email - - **Example request**: - - .. sourcecode:: http - - POST /auth HTTP/1.1 - Content-Type: application/json - - { - "username":"hannibal", - "password:"xxxx", - "email":"hannibal@a-team.com" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 204: no error - :statuscode 500: server error - - -Display system-wide information -******************************* - -.. http:get:: /info - - Display system-wide information - - **Example request**: - - .. sourcecode:: http - - GET /info HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Containers":11, - "Images":16, - "Debug":false, - "NFd": 11, - "NGoroutines":21, - "MemoryLimit":true, - "SwapLimit":false, - "EventsListeners":"0", - "LXCVersion":"0.7.5", - "KernelVersion":"3.8.0-19-generic" - } - - :statuscode 200: no error - :statuscode 500: server error - - -Show the docker version information -*********************************** - -.. http:get:: /version - - Show the docker version information - - **Example request**: - - .. sourcecode:: http - - GET /version HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Version":"0.2.2", - "GitCommit":"5a2a5cc+CHANGES", - "GoVersion":"go1.0.3" - } - - :statuscode 200: no error - :statuscode 500: server error - - -Create a new image from a container's changes -********************************************* - -.. http:post:: /commit - - Create a new image from a container's changes - - **Example request**: - - .. sourcecode:: http - - POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 - Content-Type: application/json - - { - "Cmd": ["cat", "/world"], - "PortSpecs":["22"] - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/vnd.docker.raw-stream - - {"Id":"596069db4bf5"} - - :query container: source container - :query repo: repository - :query tag: tag - :query m: commit message - :query author: author (eg. "John Hannibal Smith ") - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Monitor Docker's events -*********************** - -.. http:get:: /events - - Get events from docker, either in real time via streaming, or via polling (using `since`) - - **Example request**: - - .. sourcecode:: http - - GET /events?since=1374067924 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"create","id":"dfdf82bd3881","time":1374067924} - {"status":"start","id":"dfdf82bd3881","time":1374067924} - {"status":"stop","id":"dfdf82bd3881","time":1374067966} - {"status":"destroy","id":"dfdf82bd3881","time":1374067970} - - :query since: timestamp used for polling - :statuscode 200: no error - :statuscode 500: server error - - -3. Going further -================ - -3.1 Inside 'docker run' ------------------------ - -Here are the steps of 'docker run' : - -* Create the container -* If the status code is 404, it means the image doesn't exists: - * Try to pull it - * Then retry to create the container -* Start the container -* If you are not in detached mode: - * Attach to the container, using logs=1 (to have stdout and stderr from the container's start) and stream=1 -* If in detached mode or only stdin is attached: - * Display the container's id - - -3.2 Hijacking -------------- - -In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. - -3.3 CORS Requests ------------------ - -To enable cross origin requests to the remote api add the flag "--api-enable-cors" when running docker in daemon mode. - - docker -d -H="192.168.1.9:4243" --api-enable-cors - diff --git a/docs/sources/reference/api/archive/docker_remote_api_v1.4.rst b/docs/sources/reference/api/archive/docker_remote_api_v1.4.rst deleted file mode 100644 index ff5aaa7a74..0000000000 --- a/docs/sources/reference/api/archive/docker_remote_api_v1.4.rst +++ /dev/null @@ -1,1176 +0,0 @@ -:title: Remote API v1.4 -:description: API Documentation for Docker -:keywords: API, Docker, rcli, REST, documentation - -:orphan: - -====================== -Docker Remote API v1.4 -====================== - -.. contents:: Table of Contents - -1. Brief introduction -===================== - -- The Remote API is replacing rcli -- Default port in the docker daemon is 4243 -- The API tends to be REST, but for some complex commands, like attach or pull, the HTTP connection is hijacked to transport stdout stdin and stderr - -2. Endpoints -============ - -2.1 Containers --------------- - -List containers -*************** - -.. http:get:: /containers/json - - List containers - - **Example request**: - - .. sourcecode:: http - - GET /containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id": "8dfafdbc3a40", - "Image": "ubuntu:latest", - "Command": "echo 1", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":"", - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "9cd87474be90", - "Image": "ubuntu:latest", - "Command": "echo 222222", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":"", - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "3176a2479c92", - "Image": "centos:latest", - "Command": "echo 3333333333333333", - "Created": 1367854154, - "Status": "Exit 0", - "Ports":"", - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "4cb07b47f9fb", - "Image": "fedora:latest", - "Command": "echo 444444444444444444444444444444444", - "Created": 1367854152, - "Status": "Exit 0", - "Ports":"", - "SizeRw":12288, - "SizeRootFs":0 - } - ] - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :query limit: Show ``limit`` last created containers, include non-running ones. - :query since: Show only containers created since Id, include non-running ones. - :query before: Show only containers created before Id, include non-running ones. - :query size: 1/True/true or 0/False/false, Show the containers sizes - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create a container -****************** - -.. http:post:: /containers/create - - Create a container - - **Example request**: - - .. sourcecode:: http - - POST /containers/create HTTP/1.1 - Content-Type: application/json - - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":true, - "AttachStderr":true, - "PortSpecs":null, - "Privileged": false, - "Tty":false, - "OpenStdin":false, - "StdinOnce":false, - "Env":null, - "Cmd":[ - "date" - ], - "Dns":null, - "Image":"ubuntu", - "Volumes":{}, - "VolumesFrom":"", - "WorkingDir":"" - - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/json - - { - "Id":"e90e34656806" - "Warnings":[] - } - - :jsonparam config: the container's configuration - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 406: impossible to attach (container not running) - :statuscode 500: server error - - -Inspect a container -******************* - -.. http:get:: /containers/(id)/json - - Return low-level information on the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", - "Created": "2013-05-07T14:51:42.041847+02:00", - "Path": "date", - "Args": [], - "Config": { - "Hostname": "4fa6e0f0c678", - "User": "", - "Memory": 0, - "MemorySwap": 0, - "AttachStdin": false, - "AttachStdout": true, - "AttachStderr": true, - "PortSpecs": null, - "Tty": false, - "OpenStdin": false, - "StdinOnce": false, - "Env": null, - "Cmd": [ - "date" - ], - "Dns": null, - "Image": "ubuntu", - "Volumes": {}, - "VolumesFrom": "", - "WorkingDir":"" - - }, - "State": { - "Running": false, - "Pid": 0, - "ExitCode": 0, - "StartedAt": "2013-05-07T14:51:42.087658+02:01360", - "Ghost": false - }, - "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "NetworkSettings": { - "IpAddress": "", - "IpPrefixLen": 0, - "Gateway": "", - "Bridge": "", - "PortMapping": null - }, - "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", - "ResolvConfPath": "/etc/resolv.conf", - "Volumes": {} - } - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 409: conflict between containers and images - :statuscode 500: server error - - -List processes running inside a container -***************************************** - -.. http:get:: /containers/(id)/top - - List processes running inside the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/top HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Titles":[ - "USER", - "PID", - "%CPU", - "%MEM", - "VSZ", - "RSS", - "TTY", - "STAT", - "START", - "TIME", - "COMMAND" - ], - "Processes":[ - ["root","20147","0.0","0.1","18060","1864","pts/4","S","10:06","0:00","bash"], - ["root","20271","0.0","0.0","4312","352","pts/4","S+","10:07","0:00","sleep","10"] - ] - } - - :query ps_args: ps arguments to use (eg. aux) - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Inspect changes on a container's filesystem -******************************************* - -.. http:get:: /containers/(id)/changes - - Inspect changes on container ``id`` 's filesystem - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/changes HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Path":"/dev", - "Kind":0 - }, - { - "Path":"/dev/kmsg", - "Kind":1 - }, - { - "Path":"/test", - "Kind":1 - } - ] - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Export a container -****************** - -.. http:get:: /containers/(id)/export - - Export the contents of container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/export HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Start a container -***************** - -.. http:post:: /containers/(id)/start - - Start the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/(id)/start HTTP/1.1 - Content-Type: application/json - - { - "Binds":["/tmp:/tmp"], - "LxcConf":[{"Key":"lxc.utsname","Value":"docker"}] - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 No Content - Content-Type: text/plain - - :jsonparam hostConfig: the container's host configuration (optional) - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Stop a container -**************** - -.. http:post:: /containers/(id)/stop - - Stop the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/stop?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Restart a container -******************* - -.. http:post:: /containers/(id)/restart - - Restart the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/restart?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Kill a container -**************** - -.. http:post:: /containers/(id)/kill - - Kill the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/kill HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Attach to a container -********************* - -.. http:post:: /containers/(id)/attach - - Attach to the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/vnd.docker.raw-stream - - {{ STREAM }} - - :query logs: 1/True/true or 0/False/false, return logs. Default false - :query stream: 1/True/true or 0/False/false, return stream. Default false - :query stdin: 1/True/true or 0/False/false, if stream=true, attach to stdin. Default false - :query stdout: 1/True/true or 0/False/false, if logs=true, return stdout log, if stream=true, attach to stdout. Default false - :query stderr: 1/True/true or 0/False/false, if logs=true, return stderr log, if stream=true, attach to stderr. Default false - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -Wait a container -**************** - -.. http:post:: /containers/(id)/wait - - Block until container ``id`` stops, then returns the exit code - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/wait HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"StatusCode":0} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Remove a container -******************* - -.. http:delete:: /containers/(id) - - Remove the container ``id`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /containers/16253994b7c4?v=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query v: 1/True/true or 0/False/false, Remove the volumes associated to the container. Default false - :statuscode 204: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -Copy files or folders from a container -************************************** - -.. http:post:: /containers/(id)/copy - - Copy files or folders of container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/4fa6e0f0c678/copy HTTP/1.1 - Content-Type: application/json - - { - "Resource":"test.txt" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -2.2 Images ----------- - -List Images -*********** - -.. http:get:: /images/(format) - - List images ``format`` could be json or viz (json default) - - **Example request**: - - .. sourcecode:: http - - GET /images/json?all=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Repository":"ubuntu", - "Tag":"precise", - "Id":"b750fe79269d", - "Created":1364102658, - "Size":24653, - "VirtualSize":180116135 - }, - { - "Repository":"ubuntu", - "Tag":"12.04", - "Id":"b750fe79269d", - "Created":1364102658, - "Size":24653, - "VirtualSize":180116135 - } - ] - - - **Example request**: - - .. sourcecode:: http - - GET /images/viz HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: text/plain - - digraph docker { - "d82cbacda43a" -> "074be284591f" - "1496068ca813" -> "08306dc45919" - "08306dc45919" -> "0e7893146ac2" - "b750fe79269d" -> "1496068ca813" - base -> "27cf78414709" [style=invis] - "f71189fff3de" -> "9a33b36209ed" - "27cf78414709" -> "b750fe79269d" - "0e7893146ac2" -> "d6434d954665" - "d6434d954665" -> "d82cbacda43a" - base -> "e9aa60c60128" [style=invis] - "074be284591f" -> "f71189fff3de" - "b750fe79269d" [label="b750fe79269d\nubuntu",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - "e9aa60c60128" [label="e9aa60c60128\ncentos",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - "9a33b36209ed" [label="9a33b36209ed\nfedora",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - base [style=invisible] - } - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create an image -*************** - -.. http:post:: /images/create - - Create an image, either by pull it from the registry or by importing it - - **Example request**: - - .. sourcecode:: http - - POST /images/create?fromImage=ubuntu HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pulling..."} - {"status":"Pulling", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :query fromImage: name of the image to pull - :query fromSrc: source to import, - means stdin - :query repo: repository - :query tag: tag - :query registry: the registry to pull from - :statuscode 200: no error - :statuscode 500: server error - - -Insert a file in an image -************************* - -.. http:post:: /images/(name)/insert - - Insert a file from ``url`` in the image ``name`` at ``path`` - - **Example request**: - - .. sourcecode:: http - - POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Inserting..."} - {"status":"Inserting", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :statuscode 200: no error - :statuscode 500: server error - - -Inspect an image -**************** - -.. http:get:: /images/(name)/json - - Return low-level information on the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/centos/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "parent":"27cf784147099545", - "created":"2013-03-23T22:24:18.818426-07:00", - "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", - "container_config": - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":false, - "AttachStderr":false, - "PortSpecs":null, - "Tty":true, - "OpenStdin":true, - "StdinOnce":false, - "Env":null, - "Cmd": ["/bin/bash"] - ,"Dns":null, - "Image":"centos", - "Volumes":null, - "VolumesFrom":"", - "WorkingDir":"" - }, - "Size": 6824592 - } - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 409: conflict between containers and images - :statuscode 500: server error - - -Get the history of an image -*************************** - -.. http:get:: /images/(name)/history - - Return the history of the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/fedora/history HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id":"b750fe79269d", - "Created":1364102658, - "CreatedBy":"/bin/bash" - }, - { - "Id":"27cf78414709", - "Created":1364068391, - "CreatedBy":"" - } - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Push an image on the registry -***************************** - -.. http:post:: /images/(name)/push - - Push the image ``name`` on the registry - - **Example request**: - - .. sourcecode:: http - - POST /images/test/push HTTP/1.1 - {{ authConfig }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pushing..."} - {"status":"Pushing", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :query registry: the registry you wan to push, optional - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Tag an image into a repository -****************************** - -.. http:post:: /images/(name)/tag - - Tag the image ``name`` into a repository - - **Example request**: - - .. sourcecode:: http - - POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - - :query repo: The repository to tag in - :query force: 1/True/true or 0/False/false, default false - :statuscode 201: no error - :statuscode 400: bad parameter - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Remove an image -*************** - -.. http:delete:: /images/(name) - - Remove the image ``name`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /images/test HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-type: application/json - - [ - {"Untagged":"3e2f21a89f"}, - {"Deleted":"3e2f21a89f"}, - {"Deleted":"53b4f83ac9"} - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Search images -************* - -.. http:get:: /images/search - - Search for an image in the docker index - - **Example request**: - - .. sourcecode:: http - - GET /images/search?term=sshd HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Name":"cespare/sshd", - "Description":"" - }, - { - "Name":"johnfuller/sshd", - "Description":"" - }, - { - "Name":"dhrp/mongodb-sshd", - "Description":"" - } - ] - - :query term: term to search - :statuscode 200: no error - :statuscode 500: server error - - -2.3 Misc --------- - -Build an image from Dockerfile via stdin -**************************************** - -.. http:post:: /build - - Build an image from Dockerfile via stdin - - **Example request**: - - .. sourcecode:: http - - POST /build HTTP/1.1 - - {{ STREAM }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - {{ STREAM }} - - - The stream must be a tar archive compressed with one of the following algorithms: - identity (no compression), gzip, bzip2, xz. The archive must include a file called - `Dockerfile` at its root. It may include any number of other files, which will be - accessible in the build context (See the ADD build command). - - The Content-type header should be set to "application/tar". - - :query t: repository name (and optionally a tag) to be applied to the resulting image in case of success - :query q: suppress verbose build output - :query nocache: do not use the cache when building the image - :statuscode 200: no error - :statuscode 500: server error - - -Check auth configuration -************************ - -.. http:post:: /auth - - Get the default username and email - - **Example request**: - - .. sourcecode:: http - - POST /auth HTTP/1.1 - Content-Type: application/json - - { - "username":"hannibal", - "password:"xxxx", - "email":"hannibal@a-team.com", - "serveraddress":"https://index.docker.io/v1/" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 204: no error - :statuscode 500: server error - - -Display system-wide information -******************************* - -.. http:get:: /info - - Display system-wide information - - **Example request**: - - .. sourcecode:: http - - GET /info HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Containers":11, - "Images":16, - "Debug":false, - "NFd": 11, - "NGoroutines":21, - "MemoryLimit":true, - "SwapLimit":false, - "IPv4Forwarding":true - } - - :statuscode 200: no error - :statuscode 500: server error - - -Show the docker version information -*********************************** - -.. http:get:: /version - - Show the docker version information - - **Example request**: - - .. sourcecode:: http - - GET /version HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Version":"0.2.2", - "GitCommit":"5a2a5cc+CHANGES", - "GoVersion":"go1.0.3" - } - - :statuscode 200: no error - :statuscode 500: server error - - -Create a new image from a container's changes -********************************************* - -.. http:post:: /commit - - Create a new image from a container's changes - - **Example request**: - - .. sourcecode:: http - - POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 - Content-Type: application/json - - { - "Cmd": ["cat", "/world"], - "PortSpecs":["22"] - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/vnd.docker.raw-stream - - {"Id":"596069db4bf5"} - - :query container: source container - :query repo: repository - :query tag: tag - :query m: commit message - :query author: author (eg. "John Hannibal Smith ") - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Monitor Docker's events -*********************** - -.. http:get:: /events - - Get events from docker, either in real time via streaming, or via polling (using `since`) - - **Example request**: - - .. sourcecode:: http - - GET /events?since=1374067924 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"create","id":"dfdf82bd3881","from":"ubuntu:latest","time":1374067924} - {"status":"start","id":"dfdf82bd3881","from":"ubuntu:latest","time":1374067924} - {"status":"stop","id":"dfdf82bd3881","from":"ubuntu:latest","time":1374067966} - {"status":"destroy","id":"dfdf82bd3881","from":"ubuntu:latest","time":1374067970} - - :query since: timestamp used for polling - :statuscode 200: no error - :statuscode 500: server error - - -3. Going further -================ - -3.1 Inside 'docker run' ------------------------ - -Here are the steps of 'docker run' : - -* Create the container -* If the status code is 404, it means the image doesn't exists: - * Try to pull it - * Then retry to create the container -* Start the container -* If you are not in detached mode: - * Attach to the container, using logs=1 (to have stdout and stderr from the container's start) and stream=1 -* If in detached mode or only stdin is attached: - * Display the container's id - - -3.2 Hijacking -------------- - -In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. - -3.3 CORS Requests ------------------ - -To enable cross origin requests to the remote api add the flag "--api-enable-cors" when running docker in daemon mode. - -.. code-block:: bash - - docker -d -H="192.168.1.9:4243" --api-enable-cors - diff --git a/docs/sources/reference/api/archive/docker_remote_api_v1.5.rst b/docs/sources/reference/api/archive/docker_remote_api_v1.5.rst deleted file mode 100644 index d4440e4423..0000000000 --- a/docs/sources/reference/api/archive/docker_remote_api_v1.5.rst +++ /dev/null @@ -1,1144 +0,0 @@ -:title: Remote API v1.5 -:description: API Documentation for Docker -:keywords: API, Docker, rcli, REST, documentation - -:orphan: - -====================== -Docker Remote API v1.5 -====================== - -.. contents:: Table of Contents - -1. Brief introduction -===================== - -- The Remote API is replacing rcli -- Default port in the docker daemon is 4243 -- The API tends to be REST, but for some complex commands, like attach or pull, the HTTP connection is hijacked to transport stdout stdin and stderr - -2. Endpoints -============ - -2.1 Containers --------------- - -List containers -*************** - -.. http:get:: /containers/json - - List containers - - **Example request**: - - .. sourcecode:: http - - GET /containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id": "8dfafdbc3a40", - "Image": "ubuntu:latest", - "Command": "echo 1", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":[{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "9cd87474be90", - "Image": "ubuntu:latest", - "Command": "echo 222222", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "3176a2479c92", - "Image": "centos:latest", - "Command": "echo 3333333333333333", - "Created": 1367854154, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "4cb07b47f9fb", - "Image": "fedora:latest", - "Command": "echo 444444444444444444444444444444444", - "Created": 1367854152, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - } - ] - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :query limit: Show ``limit`` last created containers, include non-running ones. - :query since: Show only containers created since Id, include non-running ones. - :query before: Show only containers created before Id, include non-running ones. - :query size: 1/True/true or 0/False/false, Show the containers sizes - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - -Create a container -****************** - -.. http:post:: /containers/create - - Create a container - - **Example request**: - - .. sourcecode:: http - - POST /containers/create HTTP/1.1 - Content-Type: application/json - - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":true, - "AttachStderr":true, - "PortSpecs":null, - "Privileged": false, - "Tty":false, - "OpenStdin":false, - "StdinOnce":false, - "Env":null, - "Cmd":[ - "date" - ], - "Dns":null, - "Image":"ubuntu", - "Volumes":{}, - "VolumesFrom":"", - "WorkingDir":"" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/json - - { - "Id":"e90e34656806" - "Warnings":[] - } - - :jsonparam config: the container's configuration - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 406: impossible to attach (container not running) - :statuscode 500: server error - -Inspect a container -******************* - -.. http:get:: /containers/(id)/json - - Return low-level information on the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", - "Created": "2013-05-07T14:51:42.041847+02:00", - "Path": "date", - "Args": [], - "Config": { - "Hostname": "4fa6e0f0c678", - "User": "", - "Memory": 0, - "MemorySwap": 0, - "AttachStdin": false, - "AttachStdout": true, - "AttachStderr": true, - "PortSpecs": null, - "Tty": false, - "OpenStdin": false, - "StdinOnce": false, - "Env": null, - "Cmd": [ - "date" - ], - "Dns": null, - "Image": "ubuntu", - "Volumes": {}, - "VolumesFrom": "", - "WorkingDir":"" - }, - "State": { - "Running": false, - "Pid": 0, - "ExitCode": 0, - "StartedAt": "2013-05-07T14:51:42.087658+02:01360", - "Ghost": false - }, - "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "NetworkSettings": { - "IpAddress": "", - "IpPrefixLen": 0, - "Gateway": "", - "Bridge": "", - "PortMapping": null - }, - "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", - "ResolvConfPath": "/etc/resolv.conf", - "Volumes": {} - } - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - -List processes running inside a container -***************************************** - -.. http:get:: /containers/(id)/top - - List processes running inside the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/top HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Titles":[ - "USER", - "PID", - "%CPU", - "%MEM", - "VSZ", - "RSS", - "TTY", - "STAT", - "START", - "TIME", - "COMMAND" - ], - "Processes":[ - ["root","20147","0.0","0.1","18060","1864","pts/4","S","10:06","0:00","bash"], - ["root","20271","0.0","0.0","4312","352","pts/4","S+","10:07","0:00","sleep","10"] - ] - } - - :query ps_args: ps arguments to use (eg. aux) - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - -Inspect changes on a container's filesystem -******************************************* - -.. http:get:: /containers/(id)/changes - - Inspect changes on container ``id`` 's filesystem - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/changes HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Path":"/dev", - "Kind":0 - }, - { - "Path":"/dev/kmsg", - "Kind":1 - }, - { - "Path":"/test", - "Kind":1 - } - ] - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - -Export a container -****************** - -.. http:get:: /containers/(id)/export - - Export the contents of container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/export HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - -Start a container -***************** - -.. http:post:: /containers/(id)/start - - Start the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/(id)/start HTTP/1.1 - Content-Type: application/json - - { - "Binds":["/tmp:/tmp"], - "LxcConf":[{"Key":"lxc.utsname","Value":"docker"}] - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 No Content - Content-Type: text/plain - - :jsonparam hostConfig: the container's host configuration (optional) - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - -Stop a container -**************** - -.. http:post:: /containers/(id)/stop - - Stop the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/stop?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - -Restart a container -******************* - -.. http:post:: /containers/(id)/restart - - Restart the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/restart?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - -Kill a container -**************** - -.. http:post:: /containers/(id)/kill - - Kill the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/kill HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - -Attach to a container -********************* - -.. http:post:: /containers/(id)/attach - - Attach to the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/vnd.docker.raw-stream - - {{ STREAM }} - - :query logs: 1/True/true or 0/False/false, return logs. Default false - :query stream: 1/True/true or 0/False/false, return stream. Default false - :query stdin: 1/True/true or 0/False/false, if stream=true, attach to stdin. Default false - :query stdout: 1/True/true or 0/False/false, if logs=true, return stdout log, if stream=true, attach to stdout. Default false - :query stderr: 1/True/true or 0/False/false, if logs=true, return stderr log, if stream=true, attach to stderr. Default false - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - -Wait a container -**************** - -.. http:post:: /containers/(id)/wait - - Block until container ``id`` stops, then returns the exit code - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/wait HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"StatusCode":0} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - -Remove a container -******************* - -.. http:delete:: /containers/(id) - - Remove the container ``id`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /containers/16253994b7c4?v=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query v: 1/True/true or 0/False/false, Remove the volumes associated to the container. Default false - :statuscode 204: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - -Copy files or folders from a container -************************************** - -.. http:post:: /containers/(id)/copy - - Copy files or folders of container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/4fa6e0f0c678/copy HTTP/1.1 - Content-Type: application/json - - { - "Resource":"test.txt" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - -2.2 Images ----------- - -List Images -*********** - -.. http:get:: /images/(format) - - List images ``format`` could be json or viz (json default) - - **Example request**: - - .. sourcecode:: http - - GET /images/json?all=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Repository":"ubuntu", - "Tag":"precise", - "Id":"b750fe79269d", - "Created":1364102658, - "Size":24653, - "VirtualSize":180116135 - }, - { - "Repository":"ubuntu", - "Tag":"12.04", - "Id":"b750fe79269d", - "Created":1364102658, - "Size":24653, - "VirtualSize":180116135 - } - ] - - **Example request**: - - .. sourcecode:: http - - GET /images/viz HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: text/plain - - digraph docker { - "d82cbacda43a" -> "074be284591f" - "1496068ca813" -> "08306dc45919" - "08306dc45919" -> "0e7893146ac2" - "b750fe79269d" -> "1496068ca813" - base -> "27cf78414709" [style=invis] - "f71189fff3de" -> "9a33b36209ed" - "27cf78414709" -> "b750fe79269d" - "0e7893146ac2" -> "d6434d954665" - "d6434d954665" -> "d82cbacda43a" - base -> "e9aa60c60128" [style=invis] - "074be284591f" -> "f71189fff3de" - "b750fe79269d" [label="b750fe79269d\nubuntu",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - "e9aa60c60128" [label="e9aa60c60128\ncentos",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - "9a33b36209ed" [label="9a33b36209ed\nfedora",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - base [style=invisible] - } - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - -Create an image -*************** - -.. http:post:: /images/create - - Create an image, either by pull it from the registry or by importing it - - **Example request**: - - .. sourcecode:: http - - POST /images/create?fromImage=ubuntu HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pulling..."} - {"status":"Pulling", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - When using this endpoint to pull an image from the registry, - the ``X-Registry-Auth`` header can be used to include a - base64-encoded AuthConfig object. - - :query fromImage: name of the image to pull - :query fromSrc: source to import, - means stdin - :query repo: repository - :query tag: tag - :query registry: the registry to pull from - :statuscode 200: no error - :statuscode 500: server error - -Insert a file in an image -************************* - -.. http:post:: /images/(name)/insert - - Insert a file from ``url`` in the image ``name`` at ``path`` - - **Example request**: - - .. sourcecode:: http - - POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Inserting..."} - {"status":"Inserting", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :statuscode 200: no error - :statuscode 500: server error - -Inspect an image -**************** - -.. http:get:: /images/(name)/json - - Return low-level information on the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/centos/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "parent":"27cf784147099545", - "created":"2013-03-23T22:24:18.818426-07:00", - "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", - "container_config": - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":false, - "AttachStderr":false, - "PortSpecs":null, - "Tty":true, - "OpenStdin":true, - "StdinOnce":false, - "Env":null, - "Cmd": ["/bin/bash"] - ,"Dns":null, - "Image":"centos", - "Volumes":null, - "VolumesFrom":"", - "WorkingDir":"" - }, - "Size": 6824592 - } - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - -Get the history of an image -*************************** - -.. http:get:: /images/(name)/history - - Return the history of the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/fedora/history HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id":"b750fe79269d", - "Created":1364102658, - "CreatedBy":"/bin/bash" - }, - { - "Id":"27cf78414709", - "Created":1364068391, - "CreatedBy":"" - } - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - -Push an image on the registry -***************************** - -.. http:post:: /images/(name)/push - - Push the image ``name`` on the registry - - **Example request**: - - .. sourcecode:: http - - POST /images/test/push HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pushing..."} - {"status":"Pushing", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - The ``X-Registry-Auth`` header can be used to include a - base64-encoded AuthConfig object. - - :query registry: the registry you wan to push, optional - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - -Tag an image into a repository -****************************** - -.. http:post:: /images/(name)/tag - - Tag the image ``name`` into a repository - - **Example request**: - - .. sourcecode:: http - - POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - - :query repo: The repository to tag in - :query force: 1/True/true or 0/False/false, default false - :statuscode 201: no error - :statuscode 400: bad parameter - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - -Remove an image -*************** - -.. http:delete:: /images/(name) - - Remove the image ``name`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /images/test HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-type: application/json - - [ - {"Untagged":"3e2f21a89f"}, - {"Deleted":"3e2f21a89f"}, - {"Deleted":"53b4f83ac9"} - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - -Search images -************* - -.. http:get:: /images/search - - Search for an image in the docker index - - **Example request**: - - .. sourcecode:: http - - GET /images/search?term=sshd HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Name":"cespare/sshd", - "Description":"" - }, - { - "Name":"johnfuller/sshd", - "Description":"" - }, - { - "Name":"dhrp/mongodb-sshd", - "Description":"" - } - ] - - :query term: term to search - :statuscode 200: no error - :statuscode 500: server error - -2.3 Misc --------- - -Build an image from Dockerfile via stdin -**************************************** - -.. http:post:: /build - - Build an image from Dockerfile via stdin - - **Example request**: - - .. sourcecode:: http - - POST /build HTTP/1.1 - - {{ STREAM }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - {{ STREAM }} - - The stream must be a tar archive compressed with one of the following algorithms: - identity (no compression), gzip, bzip2, xz. The archive must include a file called - `Dockerfile` at its root. It may include any number of other files, which will be - accessible in the build context (See the ADD build command). - - The Content-type header should be set to "application/tar". - - :query t: repository name (and optionally a tag) to be applied to the resulting image in case of success - :query q: suppress verbose build output - :query nocache: do not use the cache when building the image - :query rm: remove intermediate containers after a successful build - :statuscode 200: no error - :statuscode 500: server error - -Check auth configuration -************************ - -.. http:post:: /auth - - Get the default username and email - - **Example request**: - - .. sourcecode:: http - - POST /auth HTTP/1.1 - Content-Type: application/json - - { - "username":"hannibal", - "password:"xxxx", - "email":"hannibal@a-team.com", - "serveraddress":"https://index.docker.io/v1/" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 204: no error - :statuscode 500: server error - -Display system-wide information -******************************* - -.. http:get:: /info - - Display system-wide information - - **Example request**: - - .. sourcecode:: http - - GET /info HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Containers":11, - "Images":16, - "Debug":false, - "NFd": 11, - "NGoroutines":21, - "MemoryLimit":true, - "SwapLimit":false, - "IPv4Forwarding":true - } - - :statuscode 200: no error - :statuscode 500: server error - -Show the docker version information -*********************************** - -.. http:get:: /version - - Show the docker version information - - **Example request**: - - .. sourcecode:: http - - GET /version HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Version":"0.2.2", - "GitCommit":"5a2a5cc+CHANGES", - "GoVersion":"go1.0.3" - } - - :statuscode 200: no error - :statuscode 500: server error - -Create a new image from a container's changes -********************************************* - -.. http:post:: /commit - - Create a new image from a container's changes - - **Example request**: - - .. sourcecode:: http - - POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 - Content-Type: application/json - - { - "Cmd": ["cat", "/world"], - "PortSpecs":["22"] - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/vnd.docker.raw-stream - - {"Id":"596069db4bf5"} - - :query container: source container - :query repo: repository - :query tag: tag - :query m: commit message - :query author: author (eg. "John Hannibal Smith ") - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 500: server error - -Monitor Docker's events -*********************** - -.. http:get:: /events - - Get events from docker, either in real time via streaming, or via polling (using `since`) - - **Example request**: - - .. sourcecode:: http - - GET /events?since=1374067924 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"create","id":"dfdf82bd3881","from":"ubuntu:latest","time":1374067924} - {"status":"start","id":"dfdf82bd3881","from":"ubuntu:latest","time":1374067924} - {"status":"stop","id":"dfdf82bd3881","from":"ubuntu:latest","time":1374067966} - {"status":"destroy","id":"dfdf82bd3881","from":"ubuntu:latest","time":1374067970} - - :query since: timestamp used for polling - :statuscode 200: no error - :statuscode 500: server error - -3. Going further -================ - -3.1 Inside 'docker run' ------------------------ - -Here are the steps of 'docker run' : - -* Create the container -* If the status code is 404, it means the image doesn't exists: - * Try to pull it - * Then retry to create the container -* Start the container -* If you are not in detached mode: - * Attach to the container, using logs=1 (to have stdout and stderr from the container's start) and stream=1 -* If in detached mode or only stdin is attached: - * Display the container's id - -3.2 Hijacking -------------- - -In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. - -3.3 CORS Requests ------------------ - -To enable cross origin requests to the remote api add the flag "--api-enable-cors" when running docker in daemon mode. - -.. code-block:: bash - - docker -d -H="192.168.1.9:4243" --api-enable-cors diff --git a/docs/sources/reference/api/archive/docker_remote_api_v1.6.rst b/docs/sources/reference/api/archive/docker_remote_api_v1.6.rst deleted file mode 100644 index cfc37084b8..0000000000 --- a/docs/sources/reference/api/archive/docker_remote_api_v1.6.rst +++ /dev/null @@ -1,1282 +0,0 @@ -:title: Remote API v1.6 -:description: API Documentation for Docker -:keywords: API, Docker, rcli, REST, documentation - -:orphan: - -====================== -Docker Remote API v1.6 -====================== - -.. contents:: Table of Contents - -1. Brief introduction -===================== - -- The Remote API has replaced rcli -- The daemon listens on ``unix:///var/run/docker.sock``, but you can - :ref:`bind_docker`. -- The API tends to be REST, but for some complex commands, like - ``attach`` or ``pull``, the HTTP connection is hijacked to transport - ``stdout, stdin`` and ``stderr`` - -2. Endpoints -============ - -2.1 Containers --------------- - -List containers -*************** - -.. http:get:: /containers/json - - List containers - - **Example request**: - - .. sourcecode:: http - - GET /containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id": "8dfafdbc3a40", - "Image": "base:latest", - "Command": "echo 1", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":[{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "9cd87474be90", - "Image": "base:latest", - "Command": "echo 222222", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "3176a2479c92", - "Image": "base:latest", - "Command": "echo 3333333333333333", - "Created": 1367854154, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "4cb07b47f9fb", - "Image": "base:latest", - "Command": "echo 444444444444444444444444444444444", - "Created": 1367854152, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - } - ] - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :query limit: Show ``limit`` last created containers, include non-running ones. - :query since: Show only containers created since Id, include non-running ones. - :query before: Show only containers created before Id, include non-running ones. - :query size: 1/True/true or 0/False/false, Show the containers sizes - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create a container -****************** - -.. http:post:: /containers/create - - Create a container - - **Example request**: - - .. sourcecode:: http - - POST /containers/create HTTP/1.1 - Content-Type: application/json - - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":true, - "AttachStderr":true, - "ExposedPorts":{}, - "Tty":false, - "OpenStdin":false, - "StdinOnce":false, - "Env":null, - "Cmd":[ - "date" - ], - "Dns":null, - "Image":"base", - "Volumes":{}, - "VolumesFrom":"", - "WorkingDir":"" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/json - - { - "Id":"e90e34656806" - "Warnings":[] - } - - :jsonparam config: the container's configuration - :query name: container name to use - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 406: impossible to attach (container not running) - :statuscode 500: server error - - **More Complex Example request, in 2 steps.** - **First, use create to expose a Private Port, which can be bound back to a Public Port at startup**: - - .. sourcecode:: http - - POST /containers/create HTTP/1.1 - Content-Type: application/json - - { - "Cmd":[ - "/usr/sbin/sshd","-D" - ], - "Image":"image-with-sshd", - "ExposedPorts":{"22/tcp":{}} - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/json - - { - "Id":"e90e34656806" - "Warnings":[] - } - - **Second, start (using the ID returned above) the image we just created, mapping the ssh port 22 to something on the host**: - - .. sourcecode:: http - - POST /containers/e90e34656806/start HTTP/1.1 - Content-Type: application/json - - { - "PortBindings": { "22/tcp": [{ "HostPort": "11022" }]} - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 No Content - Content-Type: text/plain; charset=utf-8 - Content-Length: 0 - - **Now you can ssh into your new container on port 11022.** - - - - -Inspect a container -******************* - -.. http:get:: /containers/(id)/json - - Return low-level information on the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", - "Created": "2013-05-07T14:51:42.041847+02:00", - "Path": "date", - "Args": [], - "Config": { - "Hostname": "4fa6e0f0c678", - "User": "", - "Memory": 0, - "MemorySwap": 0, - "AttachStdin": false, - "AttachStdout": true, - "AttachStderr": true, - "ExposedPorts": {}, - "Tty": false, - "OpenStdin": false, - "StdinOnce": false, - "Env": null, - "Cmd": [ - "date" - ], - "Dns": null, - "Image": "base", - "Volumes": {}, - "VolumesFrom": "", - "WorkingDir":"" - - }, - "State": { - "Running": false, - "Pid": 0, - "ExitCode": 0, - "StartedAt": "2013-05-07T14:51:42.087658+02:01360", - "Ghost": false - }, - "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "NetworkSettings": { - "IpAddress": "", - "IpPrefixLen": 0, - "Gateway": "", - "Bridge": "", - "PortMapping": null - }, - "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", - "ResolvConfPath": "/etc/resolv.conf", - "Volumes": {} - } - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -List processes running inside a container -***************************************** - -.. http:get:: /containers/(id)/top - - List processes running inside the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/top HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Titles":[ - "USER", - "PID", - "%CPU", - "%MEM", - "VSZ", - "RSS", - "TTY", - "STAT", - "START", - "TIME", - "COMMAND" - ], - "Processes":[ - ["root","20147","0.0","0.1","18060","1864","pts/4","S","10:06","0:00","bash"], - ["root","20271","0.0","0.0","4312","352","pts/4","S+","10:07","0:00","sleep","10"] - ] - } - - :query ps_args: ps arguments to use (eg. aux) - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Inspect changes on a container's filesystem -******************************************* - -.. http:get:: /containers/(id)/changes - - Inspect changes on container ``id`` 's filesystem - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/changes HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Path":"/dev", - "Kind":0 - }, - { - "Path":"/dev/kmsg", - "Kind":1 - }, - { - "Path":"/test", - "Kind":1 - } - ] - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Export a container -****************** - -.. http:get:: /containers/(id)/export - - Export the contents of container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/export HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Start a container -***************** - -.. http:post:: /containers/(id)/start - - Start the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/(id)/start HTTP/1.1 - Content-Type: application/json - - { - "Binds":["/tmp:/tmp"], - "LxcConf":{"lxc.utsname":"docker"}, - "ContainerIDFile": "", - "Privileged": false, - "PortBindings": {"22/tcp": [{HostIp:"", HostPort:""}]}, - "Links": [], - "PublishAllPorts": false - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 No Content - Content-Type: text/plain - - :jsonparam hostConfig: the container's host configuration (optional) - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Stop a container -**************** - -.. http:post:: /containers/(id)/stop - - Stop the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/stop?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Restart a container -******************* - -.. http:post:: /containers/(id)/restart - - Restart the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/restart?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Kill a container -**************** - -.. http:post:: /containers/(id)/kill - - Kill the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/kill HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query signal: Signal to send to the container (integer). When not set, SIGKILL is assumed and the call will waits for the container to exit. - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Attach to a container -********************* - -.. http:post:: /containers/(id)/attach - - Attach to the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/vnd.docker.raw-stream - - {{ STREAM }} - - :query logs: 1/True/true or 0/False/false, return logs. Default false - :query stream: 1/True/true or 0/False/false, return stream. Default false - :query stdin: 1/True/true or 0/False/false, if stream=true, attach to stdin. Default false - :query stdout: 1/True/true or 0/False/false, if logs=true, return stdout log, if stream=true, attach to stdout. Default false - :query stderr: 1/True/true or 0/False/false, if logs=true, return stderr log, if stream=true, attach to stderr. Default false - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - **Stream details**: - - When using the TTY setting is enabled in - :http:post:`/containers/create`, the stream is the raw data - from the process PTY and client's stdin. When the TTY is - disabled, then the stream is multiplexed to separate stdout - and stderr. - - The format is a **Header** and a **Payload** (frame). - - **HEADER** - - The header will contain the information on which stream write - the stream (stdout or stderr). It also contain the size of - the associated frame encoded on the last 4 bytes (uint32). - - It is encoded on the first 8 bytes like this:: - - header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4} - - ``STREAM_TYPE`` can be: - - - 0: stdin (will be writen on stdout) - - 1: stdout - - 2: stderr - - ``SIZE1, SIZE2, SIZE3, SIZE4`` are the 4 bytes of the uint32 size encoded as big endian. - - **PAYLOAD** - - The payload is the raw stream. - - **IMPLEMENTATION** - - The simplest way to implement the Attach protocol is the following: - - 1) Read 8 bytes - 2) chose stdout or stderr depending on the first byte - 3) Extract the frame size from the last 4 byets - 4) Read the extracted size and output it on the correct output - 5) Goto 1) - - - -Wait a container -**************** - -.. http:post:: /containers/(id)/wait - - Block until container ``id`` stops, then returns the exit code - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/wait HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"StatusCode":0} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Remove a container -******************* - -.. http:delete:: /containers/(id) - - Remove the container ``id`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /containers/16253994b7c4?v=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query v: 1/True/true or 0/False/false, Remove the volumes associated to the container. Default false - :statuscode 204: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -Copy files or folders from a container -************************************** - -.. http:post:: /containers/(id)/copy - - Copy files or folders of container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/4fa6e0f0c678/copy HTTP/1.1 - Content-Type: application/json - - { - "Resource":"test.txt" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -2.2 Images ----------- - -List Images -*********** - -.. http:get:: /images/(format) - - List images ``format`` could be json or viz (json default) - - **Example request**: - - .. sourcecode:: http - - GET /images/json?all=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Repository":"base", - "Tag":"ubuntu-12.10", - "Id":"b750fe79269d", - "Created":1364102658, - "Size":24653, - "VirtualSize":180116135 - }, - { - "Repository":"base", - "Tag":"ubuntu-quantal", - "Id":"b750fe79269d", - "Created":1364102658, - "Size":24653, - "VirtualSize":180116135 - } - ] - - - **Example request**: - - .. sourcecode:: http - - GET /images/viz HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: text/plain - - digraph docker { - "d82cbacda43a" -> "074be284591f" - "1496068ca813" -> "08306dc45919" - "08306dc45919" -> "0e7893146ac2" - "b750fe79269d" -> "1496068ca813" - base -> "27cf78414709" [style=invis] - "f71189fff3de" -> "9a33b36209ed" - "27cf78414709" -> "b750fe79269d" - "0e7893146ac2" -> "d6434d954665" - "d6434d954665" -> "d82cbacda43a" - base -> "e9aa60c60128" [style=invis] - "074be284591f" -> "f71189fff3de" - "b750fe79269d" [label="b750fe79269d\nbase",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - "e9aa60c60128" [label="e9aa60c60128\nbase2",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - "9a33b36209ed" [label="9a33b36209ed\ntest",shape=box,fillcolor="paleturquoise",style="filled,rounded"]; - base [style=invisible] - } - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create an image -*************** - -.. http:post:: /images/create - - Create an image, either by pull it from the registry or by importing it - - **Example request**: - - .. sourcecode:: http - - POST /images/create?fromImage=base HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pulling..."} - {"status":"Pulling", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - When using this endpoint to pull an image from the registry, - the ``X-Registry-Auth`` header can be used to include a - base64-encoded AuthConfig object. - - :query fromImage: name of the image to pull - :query fromSrc: source to import, - means stdin - :query repo: repository - :query tag: tag - :query registry: the registry to pull from - :statuscode 200: no error - :statuscode 500: server error - - -Insert a file in an image -************************* - -.. http:post:: /images/(name)/insert - - Insert a file from ``url`` in the image ``name`` at ``path`` - - **Example request**: - - .. sourcecode:: http - - POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Inserting..."} - {"status":"Inserting", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :statuscode 200: no error - :statuscode 500: server error - - -Inspect an image -**************** - -.. http:get:: /images/(name)/json - - Return low-level information on the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/base/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "parent":"27cf784147099545", - "created":"2013-03-23T22:24:18.818426-07:00", - "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", - "container_config": - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":false, - "AttachStderr":false, - "ExposedPorts":{}, - "Tty":true, - "OpenStdin":true, - "StdinOnce":false, - "Env":null, - "Cmd": ["/bin/bash"] - ,"Dns":null, - "Image":"base", - "Volumes":null, - "VolumesFrom":"", - "WorkingDir":"" - }, - "Size": 6824592 - } - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Get the history of an image -*************************** - -.. http:get:: /images/(name)/history - - Return the history of the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/base/history HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id":"b750fe79269d", - "Created":1364102658, - "CreatedBy":"/bin/bash" - }, - { - "Id":"27cf78414709", - "Created":1364068391, - "CreatedBy":"" - } - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Push an image on the registry -***************************** - -.. http:post:: /images/(name)/push - - Push the image ``name`` on the registry - - **Example request**: - - .. sourcecode:: http - - POST /images/test/push HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pushing..."} - {"status":"Pushing", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - The ``X-Registry-Auth`` header can be used to include a - base64-encoded AuthConfig object. - - :query registry: the registry you wan to push, optional - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Tag an image into a repository -****************************** - -.. http:post:: /images/(name)/tag - - Tag the image ``name`` into a repository - - **Example request**: - - .. sourcecode:: http - - POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - - :query repo: The repository to tag in - :query force: 1/True/true or 0/False/false, default false - :statuscode 201: no error - :statuscode 400: bad parameter - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Remove an image -*************** - -.. http:delete:: /images/(name) - - Remove the image ``name`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /images/test HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-type: application/json - - [ - {"Untagged":"3e2f21a89f"}, - {"Deleted":"3e2f21a89f"}, - {"Deleted":"53b4f83ac9"} - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Search images -************* - -.. http:get:: /images/search - - Search for an image in the docker index - - **Example request**: - - .. sourcecode:: http - - GET /images/search?term=sshd HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Name":"cespare/sshd", - "Description":"" - }, - { - "Name":"johnfuller/sshd", - "Description":"" - }, - { - "Name":"dhrp/mongodb-sshd", - "Description":"" - } - ] - - :query term: term to search - :statuscode 200: no error - :statuscode 500: server error - - -2.3 Misc --------- - -Build an image from Dockerfile via stdin -**************************************** - -.. http:post:: /build - - Build an image from Dockerfile via stdin - - **Example request**: - - .. sourcecode:: http - - POST /build HTTP/1.1 - - {{ STREAM }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - {{ STREAM }} - - - The stream must be a tar archive compressed with one of the following algorithms: - identity (no compression), gzip, bzip2, xz. The archive must include a file called - `Dockerfile` at its root. It may include any number of other files, which will be - accessible in the build context (See the ADD build command). - - The Content-type header should be set to "application/tar". - - :query t: repository name (and optionally a tag) to be applied to the resulting image in case of success - :query q: suppress verbose build output - :query nocache: do not use the cache when building the image - :statuscode 200: no error - :statuscode 500: server error - - -Check auth configuration -************************ - -.. http:post:: /auth - - Get the default username and email - - **Example request**: - - .. sourcecode:: http - - POST /auth HTTP/1.1 - Content-Type: application/json - - { - "username":"hannibal", - "password:"xxxx", - "email":"hannibal@a-team.com", - "serveraddress":"https://index.docker.io/v1/" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 204: no error - :statuscode 500: server error - - -Display system-wide information -******************************* - -.. http:get:: /info - - Display system-wide information - - **Example request**: - - .. sourcecode:: http - - GET /info HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Containers":11, - "Images":16, - "Debug":false, - "NFd": 11, - "NGoroutines":21, - "MemoryLimit":true, - "SwapLimit":false, - "IPv4Forwarding":true - } - - :statuscode 200: no error - :statuscode 500: server error - - -Show the docker version information -*********************************** - -.. http:get:: /version - - Show the docker version information - - **Example request**: - - .. sourcecode:: http - - GET /version HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Version":"0.2.2", - "GitCommit":"5a2a5cc+CHANGES", - "GoVersion":"go1.0.3" - } - - :statuscode 200: no error - :statuscode 500: server error - - -Create a new image from a container's changes -********************************************* - -.. http:post:: /commit - - Create a new image from a container's changes - - **Example request**: - - .. sourcecode:: http - - POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 - Content-Type: application/json - - { - "Cmd": ["cat", "/world"], - "ExposedPorts":{"22/tcp":{}} - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/vnd.docker.raw-stream - - {"Id":"596069db4bf5"} - - :query container: source container - :query repo: repository - :query tag: tag - :query m: commit message - :query author: author (eg. "John Hannibal Smith ") - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Monitor Docker's events -*********************** - -.. http:get:: /events - - Get events from docker, either in real time via streaming, or via polling (using `since`) - - **Example request**: - - .. sourcecode:: http - - GET /events?since=1374067924 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"create","id":"dfdf82bd3881","from":"base:latest","time":1374067924} - {"status":"start","id":"dfdf82bd3881","from":"base:latest","time":1374067924} - {"status":"stop","id":"dfdf82bd3881","from":"base:latest","time":1374067966} - {"status":"destroy","id":"dfdf82bd3881","from":"base:latest","time":1374067970} - - :query since: timestamp used for polling - :statuscode 200: no error - :statuscode 500: server error - - -3. Going further -================ - -3.1 Inside 'docker run' ------------------------ - -Here are the steps of 'docker run' : - -* Create the container -* If the status code is 404, it means the image doesn't exists: - * Try to pull it - * Then retry to create the container -* Start the container -* If you are not in detached mode: - * Attach to the container, using logs=1 (to have stdout and stderr from the container's start) and stream=1 -* If in detached mode or only stdin is attached: - * Display the container's id - - -3.2 Hijacking -------------- - -In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. - -3.3 CORS Requests ------------------ - -To enable cross origin requests to the remote api add the flag "--api-enable-cors" when running docker in daemon mode. - -.. code-block:: bash - - docker -d -H="192.168.1.9:4243" --api-enable-cors - diff --git a/docs/sources/reference/api/archive/docker_remote_api_v1.7.rst b/docs/sources/reference/api/archive/docker_remote_api_v1.7.rst deleted file mode 100644 index 1bafaddfc5..0000000000 --- a/docs/sources/reference/api/archive/docker_remote_api_v1.7.rst +++ /dev/null @@ -1,1262 +0,0 @@ -:title: Remote API v1.7 -:description: API Documentation for Docker -:keywords: API, Docker, rcli, REST, documentation - -:orphan: - -====================== -Docker Remote API v1.7 -====================== - -.. contents:: Table of Contents - -1. Brief introduction -===================== - -- The Remote API has replaced rcli -- The daemon listens on ``unix:///var/run/docker.sock``, but you can - :ref:`bind_docker`. -- The API tends to be REST, but for some complex commands, like - ``attach`` or ``pull``, the HTTP connection is hijacked to transport - ``stdout, stdin`` and ``stderr`` - -2. Endpoints -============ - -2.1 Containers --------------- - -List containers -*************** - -.. http:get:: /containers/json - - List containers - - **Example request**: - - .. sourcecode:: http - - GET /containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id": "8dfafdbc3a40", - "Image": "base:latest", - "Command": "echo 1", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":[{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "9cd87474be90", - "Image": "base:latest", - "Command": "echo 222222", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "3176a2479c92", - "Image": "base:latest", - "Command": "echo 3333333333333333", - "Created": 1367854154, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "4cb07b47f9fb", - "Image": "base:latest", - "Command": "echo 444444444444444444444444444444444", - "Created": 1367854152, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - } - ] - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :query limit: Show ``limit`` last created containers, include non-running ones. - :query since: Show only containers created since Id, include non-running ones. - :query before: Show only containers created before Id, include non-running ones. - :query size: 1/True/true or 0/False/false, Show the containers sizes - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create a container -****************** - -.. http:post:: /containers/create - - Create a container - - **Example request**: - - .. sourcecode:: http - - POST /containers/create HTTP/1.1 - Content-Type: application/json - - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":true, - "AttachStderr":true, - "PortSpecs":null, - "Tty":false, - "OpenStdin":false, - "StdinOnce":false, - "Env":null, - "Cmd":[ - "date" - ], - "Dns":null, - "Image":"base", - "Volumes":{ - "/tmp": {} - }, - "VolumesFrom":"", - "WorkingDir":"", - "ExposedPorts":{ - "22/tcp": {} - } - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/json - - { - "Id":"e90e34656806" - "Warnings":[] - } - - :jsonparam config: the container's configuration - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 406: impossible to attach (container not running) - :statuscode 500: server error - - -Inspect a container -******************* - -.. http:get:: /containers/(id)/json - - Return low-level information on the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", - "Created": "2013-05-07T14:51:42.041847+02:00", - "Path": "date", - "Args": [], - "Config": { - "Hostname": "4fa6e0f0c678", - "User": "", - "Memory": 0, - "MemorySwap": 0, - "AttachStdin": false, - "AttachStdout": true, - "AttachStderr": true, - "PortSpecs": null, - "Tty": false, - "OpenStdin": false, - "StdinOnce": false, - "Env": null, - "Cmd": [ - "date" - ], - "Dns": null, - "Image": "base", - "Volumes": {}, - "VolumesFrom": "", - "WorkingDir":"" - - }, - "State": { - "Running": false, - "Pid": 0, - "ExitCode": 0, - "StartedAt": "2013-05-07T14:51:42.087658+02:01360", - "Ghost": false - }, - "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "NetworkSettings": { - "IpAddress": "", - "IpPrefixLen": 0, - "Gateway": "", - "Bridge": "", - "PortMapping": null - }, - "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", - "ResolvConfPath": "/etc/resolv.conf", - "Volumes": {} - } - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -List processes running inside a container -***************************************** - -.. http:get:: /containers/(id)/top - - List processes running inside the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/top HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Titles":[ - "USER", - "PID", - "%CPU", - "%MEM", - "VSZ", - "RSS", - "TTY", - "STAT", - "START", - "TIME", - "COMMAND" - ], - "Processes":[ - ["root","20147","0.0","0.1","18060","1864","pts/4","S","10:06","0:00","bash"], - ["root","20271","0.0","0.0","4312","352","pts/4","S+","10:07","0:00","sleep","10"] - ] - } - - :query ps_args: ps arguments to use (eg. aux) - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Inspect changes on a container's filesystem -******************************************* - -.. http:get:: /containers/(id)/changes - - Inspect changes on container ``id`` 's filesystem - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/changes HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Path":"/dev", - "Kind":0 - }, - { - "Path":"/dev/kmsg", - "Kind":1 - }, - { - "Path":"/test", - "Kind":1 - } - ] - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Export a container -****************** - -.. http:get:: /containers/(id)/export - - Export the contents of container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/export HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Start a container -***************** - -.. http:post:: /containers/(id)/start - - Start the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/(id)/start HTTP/1.1 - Content-Type: application/json - - { - "Binds":["/tmp:/tmp"], - "LxcConf":{"lxc.utsname":"docker"}, - "PortBindings":{ "22/tcp": [{ "HostPort": "11022" }] }, - "Privileged":false, - "PublishAllPorts":false - } - - Binds need to reference Volumes that were defined during container creation. - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 No Content - Content-Type: text/plain - - :jsonparam hostConfig: the container's host configuration (optional) - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Stop a container -**************** - -.. http:post:: /containers/(id)/stop - - Stop the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/stop?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Restart a container -******************* - -.. http:post:: /containers/(id)/restart - - Restart the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/restart?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Kill a container -**************** - -.. http:post:: /containers/(id)/kill - - Kill the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/kill HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Attach to a container -********************* - -.. http:post:: /containers/(id)/attach - - Attach to the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/vnd.docker.raw-stream - - {{ STREAM }} - - :query logs: 1/True/true or 0/False/false, return logs. Default false - :query stream: 1/True/true or 0/False/false, return stream. Default false - :query stdin: 1/True/true or 0/False/false, if stream=true, attach to stdin. Default false - :query stdout: 1/True/true or 0/False/false, if logs=true, return stdout log, if stream=true, attach to stdout. Default false - :query stderr: 1/True/true or 0/False/false, if logs=true, return stderr log, if stream=true, attach to stderr. Default false - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - **Stream details**: - - When using the TTY setting is enabled in - :http:post:`/containers/create`, the stream is the raw data - from the process PTY and client's stdin. When the TTY is - disabled, then the stream is multiplexed to separate stdout - and stderr. - - The format is a **Header** and a **Payload** (frame). - - **HEADER** - - The header will contain the information on which stream write - the stream (stdout or stderr). It also contain the size of - the associated frame encoded on the last 4 bytes (uint32). - - It is encoded on the first 8 bytes like this:: - - header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4} - - ``STREAM_TYPE`` can be: - - - 0: stdin (will be writen on stdout) - - 1: stdout - - 2: stderr - - ``SIZE1, SIZE2, SIZE3, SIZE4`` are the 4 bytes of the uint32 size encoded as big endian. - - **PAYLOAD** - - The payload is the raw stream. - - **IMPLEMENTATION** - - The simplest way to implement the Attach protocol is the following: - - 1) Read 8 bytes - 2) chose stdout or stderr depending on the first byte - 3) Extract the frame size from the last 4 byets - 4) Read the extracted size and output it on the correct output - 5) Goto 1) - - - -Wait a container -**************** - -.. http:post:: /containers/(id)/wait - - Block until container ``id`` stops, then returns the exit code - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/wait HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"StatusCode":0} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Remove a container -******************* - -.. http:delete:: /containers/(id) - - Remove the container ``id`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /containers/16253994b7c4?v=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query v: 1/True/true or 0/False/false, Remove the volumes associated to the container. Default false - :statuscode 204: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -Copy files or folders from a container -************************************** - -.. http:post:: /containers/(id)/copy - - Copy files or folders of container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/4fa6e0f0c678/copy HTTP/1.1 - Content-Type: application/json - - { - "Resource":"test.txt" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -2.2 Images ----------- - -List Images -*********** - -.. http:get:: /images/json - - **Example request**: - - .. sourcecode:: http - - GET /images/json?all=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "RepoTags": [ - "ubuntu:12.04", - "ubuntu:precise", - "ubuntu:latest" - ], - "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", - "Created": 1365714795, - "Size": 131506275, - "VirtualSize": 131506275 - }, - { - "RepoTags": [ - "ubuntu:12.10", - "ubuntu:quantal" - ], - "ParentId": "27cf784147099545", - "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "Created": 1364102658, - "Size": 24653, - "VirtualSize": 180116135 - } - ] - - -Create an image -*************** - -.. http:post:: /images/create - - Create an image, either by pull it from the registry or by importing it - - **Example request**: - - .. sourcecode:: http - - POST /images/create?fromImage=base HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pulling..."} - {"status":"Pulling", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - When using this endpoint to pull an image from the registry, - the ``X-Registry-Auth`` header can be used to include a - base64-encoded AuthConfig object. - - :query fromImage: name of the image to pull - :query fromSrc: source to import, - means stdin - :query repo: repository - :query tag: tag - :query registry: the registry to pull from - :reqheader X-Registry-Auth: base64-encoded AuthConfig object - :statuscode 200: no error - :statuscode 500: server error - - - -Insert a file in an image -************************* - -.. http:post:: /images/(name)/insert - - Insert a file from ``url`` in the image ``name`` at ``path`` - - **Example request**: - - .. sourcecode:: http - - POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Inserting..."} - {"status":"Inserting", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :statuscode 200: no error - :statuscode 500: server error - - -Inspect an image -**************** - -.. http:get:: /images/(name)/json - - Return low-level information on the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/base/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "parent":"27cf784147099545", - "created":"2013-03-23T22:24:18.818426-07:00", - "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", - "container_config": - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":false, - "AttachStderr":false, - "PortSpecs":null, - "Tty":true, - "OpenStdin":true, - "StdinOnce":false, - "Env":null, - "Cmd": ["/bin/bash"] - ,"Dns":null, - "Image":"base", - "Volumes":null, - "VolumesFrom":"", - "WorkingDir":"" - }, - "Size": 6824592 - } - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Get the history of an image -*************************** - -.. http:get:: /images/(name)/history - - Return the history of the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/base/history HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id":"b750fe79269d", - "Created":1364102658, - "CreatedBy":"/bin/bash" - }, - { - "Id":"27cf78414709", - "Created":1364068391, - "CreatedBy":"" - } - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Push an image on the registry -***************************** - -.. http:post:: /images/(name)/push - - Push the image ``name`` on the registry - - **Example request**: - - .. sourcecode:: http - - POST /images/test/push HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pushing..."} - {"status":"Pushing", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - - :query registry: the registry you wan to push, optional - :reqheader X-Registry-Auth: include a base64-encoded AuthConfig object. - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Tag an image into a repository -****************************** - -.. http:post:: /images/(name)/tag - - Tag the image ``name`` into a repository - - **Example request**: - - .. sourcecode:: http - - POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - - :query repo: The repository to tag in - :query force: 1/True/true or 0/False/false, default false - :statuscode 201: no error - :statuscode 400: bad parameter - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Remove an image -*************** - -.. http:delete:: /images/(name) - - Remove the image ``name`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /images/test HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-type: application/json - - [ - {"Untagged":"3e2f21a89f"}, - {"Deleted":"3e2f21a89f"}, - {"Deleted":"53b4f83ac9"} - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Search images -************* - -.. http:get:: /images/search - - Search for an image in the docker index. - - .. note:: - - The response keys have changed from API v1.6 to reflect the JSON - sent by the registry server to the docker daemon's request. - - **Example request**: - - .. sourcecode:: http - - GET /images/search?term=sshd HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "description": "", - "is_official": false, - "is_trusted": false, - "name": "wma55/u1210sshd", - "star_count": 0 - }, - { - "description": "", - "is_official": false, - "is_trusted": false, - "name": "jdswinbank/sshd", - "star_count": 0 - }, - { - "description": "", - "is_official": false, - "is_trusted": false, - "name": "vgauthier/sshd", - "star_count": 0 - } - ... - ] - - :query term: term to search - :statuscode 200: no error - :statuscode 500: server error - - -2.3 Misc --------- - -Build an image from Dockerfile via stdin -**************************************** - -.. http:post:: /build - - Build an image from Dockerfile via stdin - - **Example request**: - - .. sourcecode:: http - - POST /build HTTP/1.1 - - {{ STREAM }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {{ STREAM }} - - The stream must be a tar archive compressed with one of the - following algorithms: identity (no compression), gzip, bzip2, - xz. - - The archive must include a file called ``Dockerfile`` at its - root. It may include any number of other files, which will be - accessible in the build context (See the :ref:`ADD build command - `). - - :query t: repository name (and optionally a tag) to be applied to the resulting image in case of success - :query q: suppress verbose build output - :query nocache: do not use the cache when building the image - :reqheader Content-type: should be set to ``"application/tar"``. - :statuscode 200: no error - :statuscode 500: server error - - - -Check auth configuration -************************ - -.. http:post:: /auth - - Get the default username and email - - **Example request**: - - .. sourcecode:: http - - POST /auth HTTP/1.1 - Content-Type: application/json - - { - "username":"hannibal", - "password:"xxxx", - "email":"hannibal@a-team.com", - "serveraddress":"https://index.docker.io/v1/" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 204: no error - :statuscode 500: server error - - -Display system-wide information -******************************* - -.. http:get:: /info - - Display system-wide information - - **Example request**: - - .. sourcecode:: http - - GET /info HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Containers":11, - "Images":16, - "Debug":false, - "NFd": 11, - "NGoroutines":21, - "MemoryLimit":true, - "SwapLimit":false, - "IPv4Forwarding":true - } - - :statuscode 200: no error - :statuscode 500: server error - - -Show the docker version information -*********************************** - -.. http:get:: /version - - Show the docker version information - - **Example request**: - - .. sourcecode:: http - - GET /version HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Version":"0.2.2", - "GitCommit":"5a2a5cc+CHANGES", - "GoVersion":"go1.0.3" - } - - :statuscode 200: no error - :statuscode 500: server error - - -Create a new image from a container's changes -********************************************* - -.. http:post:: /commit - - Create a new image from a container's changes - - **Example request**: - - .. sourcecode:: http - - POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/vnd.docker.raw-stream - - {"Id":"596069db4bf5"} - - :query container: source container - :query repo: repository - :query tag: tag - :query m: commit message - :query author: author (eg. "John Hannibal Smith ") - :query run: config automatically applied when the image is run. (ex: {"Cmd": ["cat", "/world"], "PortSpecs":["22"]}) - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Monitor Docker's events -*********************** - -.. http:get:: /events - - Get events from docker, either in real time via streaming, or via polling (using `since`) - - **Example request**: - - .. sourcecode:: http - - GET /events?since=1374067924 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"create","id":"dfdf82bd3881","from":"base:latest","time":1374067924} - {"status":"start","id":"dfdf82bd3881","from":"base:latest","time":1374067924} - {"status":"stop","id":"dfdf82bd3881","from":"base:latest","time":1374067966} - {"status":"destroy","id":"dfdf82bd3881","from":"base:latest","time":1374067970} - - :query since: timestamp used for polling - :statuscode 200: no error - :statuscode 500: server error - -Get a tarball containing all images and tags in a repository -************************************************************ - -.. http:get:: /images/(name)/get - - Get a tarball containing all images and metadata for the repository specified by ``name``. - - **Example request** - - .. sourcecode:: http - - GET /images/ubuntu/get - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/x-tar - - Binary data stream - :statuscode 200: no error - :statuscode 500: server error - -Load a tarball with a set of images and tags into docker -******************************************************** - -.. http:post:: /images/load - - Load a set of images and tags into the docker repository. - - **Example request** - - .. sourcecode:: http - - POST /images/load - - Tarball in body - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 500: server error - -3. Going further -================ - -3.1 Inside 'docker run' ------------------------ - -Here are the steps of 'docker run' : - -* Create the container -* If the status code is 404, it means the image doesn't exists: - * Try to pull it - * Then retry to create the container -* Start the container -* If you are not in detached mode: - * Attach to the container, using logs=1 (to have stdout and stderr from the container's start) and stream=1 -* If in detached mode or only stdin is attached: - * Display the container's id - - -3.2 Hijacking -------------- - -In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. - -3.3 CORS Requests ------------------ - -To enable cross origin requests to the remote api add the flag "--api-enable-cors" when running docker in daemon mode. - -.. code-block:: bash - - docker -d -H="192.168.1.9:4243" --api-enable-cors - diff --git a/docs/sources/reference/api/archive/docker_remote_api_v1.8.rst b/docs/sources/reference/api/archive/docker_remote_api_v1.8.rst deleted file mode 100644 index 16492dde76..0000000000 --- a/docs/sources/reference/api/archive/docker_remote_api_v1.8.rst +++ /dev/null @@ -1,1294 +0,0 @@ -:title: Remote API v1.8 -:description: API Documentation for Docker -:keywords: API, Docker, rcli, REST, documentation - -:orphan: - -====================== -Docker Remote API v1.8 -====================== - -.. contents:: Table of Contents - -1. Brief introduction -===================== - -- The Remote API has replaced rcli -- The daemon listens on ``unix:///var/run/docker.sock``, but you can - :ref:`bind_docker`. -- The API tends to be REST, but for some complex commands, like - ``attach`` or ``pull``, the HTTP connection is hijacked to transport - ``stdout, stdin`` and ``stderr`` - -2. Endpoints -============ - -2.1 Containers --------------- - -List containers -*************** - -.. http:get:: /containers/json - - List containers - - **Example request**: - - .. sourcecode:: http - - GET /containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id": "8dfafdbc3a40", - "Image": "base:latest", - "Command": "echo 1", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":[{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "9cd87474be90", - "Image": "base:latest", - "Command": "echo 222222", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "3176a2479c92", - "Image": "base:latest", - "Command": "echo 3333333333333333", - "Created": 1367854154, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "4cb07b47f9fb", - "Image": "base:latest", - "Command": "echo 444444444444444444444444444444444", - "Created": 1367854152, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - } - ] - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :query limit: Show ``limit`` last created containers, include non-running ones. - :query since: Show only containers created since Id, include non-running ones. - :query before: Show only containers created before Id, include non-running ones. - :query size: 1/True/true or 0/False/false, Show the containers sizes - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create a container -****************** - -.. http:post:: /containers/create - - Create a container - - **Example request**: - - .. sourcecode:: http - - POST /containers/create HTTP/1.1 - Content-Type: application/json - - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "CpuShares":0, - "AttachStdin":false, - "AttachStdout":true, - "AttachStderr":true, - "PortSpecs":null, - "Tty":false, - "OpenStdin":false, - "StdinOnce":false, - "Env":null, - "Cmd":[ - "date" - ], - "Dns":null, - "Image":"base", - "Volumes":{ - "/tmp": {} - }, - "VolumesFrom":"", - "WorkingDir":"", - "ExposedPorts":{ - "22/tcp": {} - } - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/json - - { - "Id":"e90e34656806" - "Warnings":[] - } - - :jsonparam Hostname: Container host name - :jsonparam User: Username or UID - :jsonparam Memory: Memory Limit in bytes - :jsonparam CpuShares: CPU shares (relative weight) - :jsonparam AttachStdin: 1/True/true or 0/False/false, attach to standard input. Default false - :jsonparam AttachStdout: 1/True/true or 0/False/false, attach to standard output. Default false - :jsonparam AttachStderr: 1/True/true or 0/False/false, attach to standard error. Default false - :jsonparam Tty: 1/True/true or 0/False/false, allocate a pseudo-tty. Default false - :jsonparam OpenStdin: 1/True/true or 0/False/false, keep stdin open even if not attached. Default false - :query name: Assign the specified name to the container. Must match ``/?[a-zA-Z0-9_-]+``. - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 406: impossible to attach (container not running) - :statuscode 500: server error - - -Inspect a container -******************* - -.. http:get:: /containers/(id)/json - - Return low-level information on the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", - "Created": "2013-05-07T14:51:42.041847+02:00", - "Path": "date", - "Args": [], - "Config": { - "Hostname": "4fa6e0f0c678", - "User": "", - "Memory": 0, - "MemorySwap": 0, - "AttachStdin": false, - "AttachStdout": true, - "AttachStderr": true, - "PortSpecs": null, - "Tty": false, - "OpenStdin": false, - "StdinOnce": false, - "Env": null, - "Cmd": [ - "date" - ], - "Dns": null, - "Image": "base", - "Volumes": {}, - "VolumesFrom": "", - "WorkingDir":"" - - }, - "State": { - "Running": false, - "Pid": 0, - "ExitCode": 0, - "StartedAt": "2013-05-07T14:51:42.087658+02:01360", - "Ghost": false - }, - "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "NetworkSettings": { - "IpAddress": "", - "IpPrefixLen": 0, - "Gateway": "", - "Bridge": "", - "PortMapping": null - }, - "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", - "ResolvConfPath": "/etc/resolv.conf", - "Volumes": {}, - "HostConfig": { - "Binds": null, - "ContainerIDFile": "", - "LxcConf": [], - "Privileged": false, - "PortBindings": { - "80/tcp": [ - { - "HostIp": "0.0.0.0", - "HostPort": "49153" - } - ] - }, - "Links": null, - "PublishAllPorts": false - } - } - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -List processes running inside a container -***************************************** - -.. http:get:: /containers/(id)/top - - List processes running inside the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/top HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Titles":[ - "USER", - "PID", - "%CPU", - "%MEM", - "VSZ", - "RSS", - "TTY", - "STAT", - "START", - "TIME", - "COMMAND" - ], - "Processes":[ - ["root","20147","0.0","0.1","18060","1864","pts/4","S","10:06","0:00","bash"], - ["root","20271","0.0","0.0","4312","352","pts/4","S+","10:07","0:00","sleep","10"] - ] - } - - :query ps_args: ps arguments to use (eg. aux) - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Inspect changes on a container's filesystem -******************************************* - -.. http:get:: /containers/(id)/changes - - Inspect changes on container ``id`` 's filesystem - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/changes HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Path":"/dev", - "Kind":0 - }, - { - "Path":"/dev/kmsg", - "Kind":1 - }, - { - "Path":"/test", - "Kind":1 - } - ] - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Export a container -****************** - -.. http:get:: /containers/(id)/export - - Export the contents of container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/export HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Start a container -***************** - -.. http:post:: /containers/(id)/start - - Start the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/(id)/start HTTP/1.1 - Content-Type: application/json - - { - "Binds":["/tmp:/tmp"], - "LxcConf":{"lxc.utsname":"docker"}, - "PortBindings":{ "22/tcp": [{ "HostPort": "11022" }] }, - "PublishAllPorts":false, - "Privileged":false - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 No Content - Content-Type: text/plain - - :jsonparam Binds: Create a bind mount to a directory or file with [host-path]:[container-path]:[rw|ro]. If a directory "container-path" is missing, then docker creates a new volume. - :jsonparam LxcConf: Map of custom lxc options - :jsonparam PortBindings: Expose ports from the container, optionally publishing them via the HostPort flag - :jsonparam PublishAllPorts: 1/True/true or 0/False/false, publish all exposed ports to the host interfaces. Default false - :jsonparam Privileged: 1/True/true or 0/False/false, give extended privileges to this container. Default false - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Stop a container -**************** - -.. http:post:: /containers/(id)/stop - - Stop the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/stop?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Restart a container -******************* - -.. http:post:: /containers/(id)/restart - - Restart the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/restart?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Kill a container -**************** - -.. http:post:: /containers/(id)/kill - - Kill the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/kill HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Attach to a container -********************* - -.. http:post:: /containers/(id)/attach - - Attach to the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/vnd.docker.raw-stream - - {{ STREAM }} - - :query logs: 1/True/true or 0/False/false, return logs. Default false - :query stream: 1/True/true or 0/False/false, return stream. Default false - :query stdin: 1/True/true or 0/False/false, if stream=true, attach to stdin. Default false - :query stdout: 1/True/true or 0/False/false, if logs=true, return stdout log, if stream=true, attach to stdout. Default false - :query stderr: 1/True/true or 0/False/false, if logs=true, return stderr log, if stream=true, attach to stderr. Default false - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - **Stream details**: - - When using the TTY setting is enabled in - :http:post:`/containers/create`, the stream is the raw data - from the process PTY and client's stdin. When the TTY is - disabled, then the stream is multiplexed to separate stdout - and stderr. - - The format is a **Header** and a **Payload** (frame). - - **HEADER** - - The header will contain the information on which stream write - the stream (stdout or stderr). It also contain the size of - the associated frame encoded on the last 4 bytes (uint32). - - It is encoded on the first 8 bytes like this:: - - header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4} - - ``STREAM_TYPE`` can be: - - - 0: stdin (will be writen on stdout) - - 1: stdout - - 2: stderr - - ``SIZE1, SIZE2, SIZE3, SIZE4`` are the 4 bytes of the uint32 size encoded as big endian. - - **PAYLOAD** - - The payload is the raw stream. - - **IMPLEMENTATION** - - The simplest way to implement the Attach protocol is the following: - - 1) Read 8 bytes - 2) chose stdout or stderr depending on the first byte - 3) Extract the frame size from the last 4 byets - 4) Read the extracted size and output it on the correct output - 5) Goto 1) - - - -Wait a container -**************** - -.. http:post:: /containers/(id)/wait - - Block until container ``id`` stops, then returns the exit code - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/wait HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"StatusCode":0} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Remove a container -******************* - -.. http:delete:: /containers/(id) - - Remove the container ``id`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /containers/16253994b7c4?v=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query v: 1/True/true or 0/False/false, Remove the volumes associated to the container. Default false - :statuscode 204: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -Copy files or folders from a container -************************************** - -.. http:post:: /containers/(id)/copy - - Copy files or folders of container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/4fa6e0f0c678/copy HTTP/1.1 - Content-Type: application/json - - { - "Resource":"test.txt" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -2.2 Images ----------- - -List Images -*********** - -.. http:get:: /images/json - - **Example request**: - - .. sourcecode:: http - - GET /images/json?all=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "RepoTags": [ - "ubuntu:12.04", - "ubuntu:precise", - "ubuntu:latest" - ], - "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", - "Created": 1365714795, - "Size": 131506275, - "VirtualSize": 131506275 - }, - { - "RepoTags": [ - "ubuntu:12.10", - "ubuntu:quantal" - ], - "ParentId": "27cf784147099545", - "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "Created": 1364102658, - "Size": 24653, - "VirtualSize": 180116135 - } - ] - - -Create an image -*************** - -.. http:post:: /images/create - - Create an image, either by pull it from the registry or by importing it - - **Example request**: - - .. sourcecode:: http - - POST /images/create?fromImage=base HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pulling..."} - {"status":"Pulling", "progress":"1 B/ 100 B", "progressDetail":{"current":1, "total":100}} - {"error":"Invalid..."} - ... - - When using this endpoint to pull an image from the registry, - the ``X-Registry-Auth`` header can be used to include a - base64-encoded AuthConfig object. - - :query fromImage: name of the image to pull - :query fromSrc: source to import, - means stdin - :query repo: repository - :query tag: tag - :query registry: the registry to pull from - :reqheader X-Registry-Auth: base64-encoded AuthConfig object - :statuscode 200: no error - :statuscode 500: server error - - - -Insert a file in an image -************************* - -.. http:post:: /images/(name)/insert - - Insert a file from ``url`` in the image ``name`` at ``path`` - - **Example request**: - - .. sourcecode:: http - - POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Inserting..."} - {"status":"Inserting", "progress":"1/? (n/a)", "progressDetail":{"current":1}} - {"error":"Invalid..."} - ... - - :statuscode 200: no error - :statuscode 500: server error - - -Inspect an image -**************** - -.. http:get:: /images/(name)/json - - Return low-level information on the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/base/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "parent":"27cf784147099545", - "created":"2013-03-23T22:24:18.818426-07:00", - "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", - "container_config": - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":false, - "AttachStderr":false, - "PortSpecs":null, - "Tty":true, - "OpenStdin":true, - "StdinOnce":false, - "Env":null, - "Cmd": ["/bin/bash"] - ,"Dns":null, - "Image":"base", - "Volumes":null, - "VolumesFrom":"", - "WorkingDir":"" - }, - "Size": 6824592 - } - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Get the history of an image -*************************** - -.. http:get:: /images/(name)/history - - Return the history of the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/base/history HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id":"b750fe79269d", - "Created":1364102658, - "CreatedBy":"/bin/bash" - }, - { - "Id":"27cf78414709", - "Created":1364068391, - "CreatedBy":"" - } - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Push an image on the registry -***************************** - -.. http:post:: /images/(name)/push - - Push the image ``name`` on the registry - - **Example request**: - - .. sourcecode:: http - - POST /images/test/push HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pushing..."} - {"status":"Pushing", "progress":"1/? (n/a)", "progressDetail":{"current":1}}} - {"error":"Invalid..."} - ... - - :query registry: the registry you wan to push, optional - :reqheader X-Registry-Auth: include a base64-encoded AuthConfig object. - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Tag an image into a repository -****************************** - -.. http:post:: /images/(name)/tag - - Tag the image ``name`` into a repository - - **Example request**: - - .. sourcecode:: http - - POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - - :query repo: The repository to tag in - :query force: 1/True/true or 0/False/false, default false - :statuscode 201: no error - :statuscode 400: bad parameter - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Remove an image -*************** - -.. http:delete:: /images/(name) - - Remove the image ``name`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /images/test HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-type: application/json - - [ - {"Untagged":"3e2f21a89f"}, - {"Deleted":"3e2f21a89f"}, - {"Deleted":"53b4f83ac9"} - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Search images -************* - -.. http:get:: /images/search - - Search for an image in the docker index. - - .. note:: - - The response keys have changed from API v1.6 to reflect the JSON - sent by the registry server to the docker daemon's request. - - **Example request**: - - .. sourcecode:: http - - GET /images/search?term=sshd HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "description": "", - "is_official": false, - "is_trusted": false, - "name": "wma55/u1210sshd", - "star_count": 0 - }, - { - "description": "", - "is_official": false, - "is_trusted": false, - "name": "jdswinbank/sshd", - "star_count": 0 - }, - { - "description": "", - "is_official": false, - "is_trusted": false, - "name": "vgauthier/sshd", - "star_count": 0 - } - ... - ] - - :query term: term to search - :statuscode 200: no error - :statuscode 500: server error - - -2.3 Misc --------- - -Build an image from Dockerfile via stdin -**************************************** - -.. http:post:: /build - - Build an image from Dockerfile via stdin - - **Example request**: - - .. sourcecode:: http - - POST /build HTTP/1.1 - - {{ STREAM }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"stream":"Step 1..."} - {"stream":"..."} - {"error":"Error...", "errorDetail":{"code": 123, "message": "Error..."}} - - - The stream must be a tar archive compressed with one of the - following algorithms: identity (no compression), gzip, bzip2, - xz. - - The archive must include a file called ``Dockerfile`` at its - root. It may include any number of other files, which will be - accessible in the build context (See the :ref:`ADD build command - `). - - :query t: repository name (and optionally a tag) to be applied to the resulting image in case of success - :query q: suppress verbose build output - :query nocache: do not use the cache when building the image - :reqheader Content-type: should be set to ``"application/tar"``. - :reqheader X-Registry-Auth: base64-encoded AuthConfig object - :statuscode 200: no error - :statuscode 500: server error - - - -Check auth configuration -************************ - -.. http:post:: /auth - - Get the default username and email - - **Example request**: - - .. sourcecode:: http - - POST /auth HTTP/1.1 - Content-Type: application/json - - { - "username":"hannibal", - "password:"xxxx", - "email":"hannibal@a-team.com", - "serveraddress":"https://index.docker.io/v1/" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 204: no error - :statuscode 500: server error - - -Display system-wide information -******************************* - -.. http:get:: /info - - Display system-wide information - - **Example request**: - - .. sourcecode:: http - - GET /info HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Containers":11, - "Images":16, - "Debug":false, - "NFd": 11, - "NGoroutines":21, - "MemoryLimit":true, - "SwapLimit":false, - "IPv4Forwarding":true - } - - :statuscode 200: no error - :statuscode 500: server error - - -Show the docker version information -*********************************** - -.. http:get:: /version - - Show the docker version information - - **Example request**: - - .. sourcecode:: http - - GET /version HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Version":"0.2.2", - "GitCommit":"5a2a5cc+CHANGES", - "GoVersion":"go1.0.3" - } - - :statuscode 200: no error - :statuscode 500: server error - - -Create a new image from a container's changes -********************************************* - -.. http:post:: /commit - - Create a new image from a container's changes - - **Example request**: - - .. sourcecode:: http - - POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/vnd.docker.raw-stream - - {"Id":"596069db4bf5"} - - :query container: source container - :query repo: repository - :query tag: tag - :query m: commit message - :query author: author (eg. "John Hannibal Smith ") - :query run: config automatically applied when the image is run. (ex: {"Cmd": ["cat", "/world"], "PortSpecs":["22"]}) - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Monitor Docker's events -*********************** - -.. http:get:: /events - - Get events from docker, either in real time via streaming, or via polling (using `since`) - - **Example request**: - - .. sourcecode:: http - - GET /events?since=1374067924 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"create","id":"dfdf82bd3881","from":"base:latest","time":1374067924} - {"status":"start","id":"dfdf82bd3881","from":"base:latest","time":1374067924} - {"status":"stop","id":"dfdf82bd3881","from":"base:latest","time":1374067966} - {"status":"destroy","id":"dfdf82bd3881","from":"base:latest","time":1374067970} - - :query since: timestamp used for polling - :statuscode 200: no error - :statuscode 500: server error - -Get a tarball containing all images and tags in a repository -************************************************************ - -.. http:get:: /images/(name)/get - - Get a tarball containing all images and metadata for the repository specified by ``name``. - - **Example request** - - .. sourcecode:: http - - GET /images/ubuntu/get - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/x-tar - - Binary data stream - - :statuscode 200: no error - :statuscode 500: server error - -Load a tarball with a set of images and tags into docker -******************************************************** - -.. http:post:: /images/load - - Load a set of images and tags into the docker repository. - - **Example request** - - .. sourcecode:: http - - POST /images/load - - Tarball in body - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 500: server error - -3. Going further -================ - -3.1 Inside 'docker run' ------------------------ - -Here are the steps of 'docker run' : - -* Create the container -* If the status code is 404, it means the image doesn't exists: - * Try to pull it - * Then retry to create the container -* Start the container -* If you are not in detached mode: - * Attach to the container, using logs=1 (to have stdout and stderr from the container's start) and stream=1 -* If in detached mode or only stdin is attached: - * Display the container's id - - -3.2 Hijacking -------------- - -In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. - -3.3 CORS Requests ------------------ - -To enable cross origin requests to the remote api add the flag "--api-enable-cors" when running docker in daemon mode. - -.. code-block:: bash - - docker -d -H="192.168.1.9:4243" --api-enable-cors diff --git a/docs/sources/reference/api/index_api.md b/docs/sources/reference/api/docker-io_api.md similarity index 82% rename from docs/sources/reference/api/index_api.md rename to docs/sources/reference/api/docker-io_api.md index 8f98513cf5..66cf311b41 100644 --- a/docs/sources/reference/api/index_api.md +++ b/docs/sources/reference/api/docker-io_api.md @@ -1,12 +1,12 @@ -page_title: Index API -page_description: API Documentation for Docker Index -page_keywords: API, Docker, index, REST, documentation +page_title: Docker.io API +page_description: API Documentation for the Docker.io API +page_keywords: API, Docker, index, REST, documentation, Docker.io, registry -# Docker Index API +# Docker.io API ## Introduction -- This is the REST API for the Docker index +- This is the REST API for [Docker.io](http://index.docker.io). - Authorization is done with basic auth over SSL - Not all commands require authentication, only those noted as such. @@ -14,11 +14,11 @@ page_keywords: API, Docker, index, REST, documentation ### Repositories -### User Repo +#### User Repo - `PUT /v1/repositories/`(*namespace*)`/`(*repo\_name*)`/` -: Create a user repository with the given `namespace` - and `repo_name`. +`PUT /v1/repositories/(namespace)/(repo_name)/` + +Create a user repository with the given `namespace` and `repo_name`. **Example Request**: @@ -34,7 +34,7 @@ page_keywords: API, Docker, index, REST, documentation Parameters: - **namespace** – the namespace for the repo - - **repo\_name** – the name for the repo + - **repo_name** – the name for the repo **Example Response**: @@ -54,9 +54,9 @@ page_keywords: API, Docker, index, REST, documentation - **401** – Unauthorized - **403** – Account is not Active - `DELETE /v1/repositories/`(*namespace*)`/`(*repo\_name*)`/` -: Delete a user repository with the given `namespace` - and `repo_name`. +`DELETE /v1/repositories/(namespace)/(repo_name)/` + +Delete a user repository with the given `namespace` and `repo_name`. **Example Request**: @@ -72,7 +72,7 @@ page_keywords: API, Docker, index, REST, documentation Parameters: - **namespace** – the namespace for the repo - - **repo\_name** – the name for the repo + - **repo_name** – the name for the repo **Example Response**: @@ -93,12 +93,12 @@ page_keywords: API, Docker, index, REST, documentation - **401** – Unauthorized - **403** – Account is not Active -### Library Repo +#### Library Repo - `PUT /v1/repositories/`(*repo\_name*)`/` -: Create a library repository with the given `repo_name` -. This is a restricted feature only available to docker - admins. +`PUT /v1/repositories/(repo_name)/` + +Create a library repository with the given `repo_name`. +This is a restricted feature only available to docker admins. When namespace is missing, it is assumed to be `library` @@ -116,7 +116,7 @@ page_keywords: API, Docker, index, REST, documentation Parameters: - - **repo\_name** – the library name for the repo + - **repo_name** – the library name for the repo **Example Response**: @@ -136,10 +136,10 @@ page_keywords: API, Docker, index, REST, documentation - **401** – Unauthorized - **403** – Account is not Active - `DELETE /v1/repositories/`(*repo\_name*)`/` -: Delete a library repository with the given `repo_name` -. This is a restricted feature only available to docker - admins. +`DELETE /v1/repositories/(repo_name)/` + +Delete a library repository with the given `repo_name`. +This is a restricted feature only available to docker admins. When namespace is missing, it is assumed to be `library` @@ -157,7 +157,7 @@ page_keywords: API, Docker, index, REST, documentation Parameters: - - **repo\_name** – the library name for the repo + - **repo_name** – the library name for the repo **Example Response**: @@ -180,10 +180,11 @@ page_keywords: API, Docker, index, REST, documentation ### Repository Images -### User Repo Images +#### User Repo Images - `PUT /v1/repositories/`(*namespace*)`/`(*repo\_name*)`/images` -: Update the images for a user repo. +`PUT /v1/repositories/(namespace)/(repo_name)/images` + +Update the images for a user repo. **Example Request**: @@ -199,7 +200,7 @@ page_keywords: API, Docker, index, REST, documentation Parameters: - **namespace** – the namespace for the repo - - **repo\_name** – the name for the repo + - **repo_name** – the name for the repo **Example Response**: @@ -216,8 +217,9 @@ page_keywords: API, Docker, index, REST, documentation - **401** – Unauthorized - **403** – Account is not Active or permission denied - `GET /v1/repositories/`(*namespace*)`/`(*repo\_name*)`/images` -: get the images for a user repo. +`GET /v1/repositories/(namespace)/(repo_name)/images` + +Get the images for a user repo. **Example Request**: @@ -228,7 +230,7 @@ page_keywords: API, Docker, index, REST, documentation Parameters: - **namespace** – the namespace for the repo - - **repo\_name** – the name for the repo + - **repo_name** – the name for the repo **Example Response**: @@ -246,10 +248,11 @@ page_keywords: API, Docker, index, REST, documentation - **200** – OK - **404** – Not found -### Library Repo Images +#### Library Repo Images - `PUT /v1/repositories/`(*repo\_name*)`/images` -: Update the images for a library repo. +`PUT /v1/repositories/(repo_name)/images` + +Update the images for a library repo. **Example Request**: @@ -264,7 +267,7 @@ page_keywords: API, Docker, index, REST, documentation Parameters: - - **repo\_name** – the library name for the repo + - **repo_name** – the library name for the repo **Example Response**: @@ -281,8 +284,9 @@ page_keywords: API, Docker, index, REST, documentation - **401** – Unauthorized - **403** – Account is not Active or permission denied - `GET /v1/repositories/`(*repo\_name*)`/images` -: get the images for a library repo. +`GET /v1/repositories/(repo_name)/images` + +Get the images for a library repo. **Example Request**: @@ -292,7 +296,7 @@ page_keywords: API, Docker, index, REST, documentation Parameters: - - **repo\_name** – the library name for the repo + - **repo_name** – the library name for the repo **Example Response**: @@ -312,10 +316,11 @@ page_keywords: API, Docker, index, REST, documentation ### Repository Authorization -### Library Repo +#### Library Repo - `PUT /v1/repositories/`(*repo\_name*)`/auth` -: authorize a token for a library repo +`PUT /v1/repositories/(repo_name)/auth` + +Authorize a token for a library repo **Example Request**: @@ -326,7 +331,7 @@ page_keywords: API, Docker, index, REST, documentation Parameters: - - **repo\_name** – the library name for the repo + - **repo_name** – the library name for the repo **Example Response**: @@ -342,10 +347,11 @@ page_keywords: API, Docker, index, REST, documentation - **403** – Permission denied - **404** – Not found -### User Repo +#### User Repo - `PUT /v1/repositories/`(*namespace*)`/`(*repo\_name*)`/auth` -: authorize a token for a user repo +`PUT /v1/repositories/(namespace)/(repo_name)/auth` + +Authorize a token for a user repo **Example Request**: @@ -357,7 +363,7 @@ page_keywords: API, Docker, index, REST, documentation Parameters: - **namespace** – the namespace for the repo - - **repo\_name** – the name for the repo + - **repo_name** – the name for the repo **Example Response**: @@ -375,10 +381,11 @@ page_keywords: API, Docker, index, REST, documentation ### Users -### User Login +#### User Login - `GET /v1/users` -: If you want to check your login, you can try this endpoint +`GET /v1/users` + +If you want to check your login, you can try this endpoint **Example Request**: @@ -401,10 +408,11 @@ page_keywords: API, Docker, index, REST, documentation - **401** – Unauthorized - **403** – Account is not Active -### User Register +#### User Register - `POST /v1/users` -: Registering a new account. +`POST /v1/users` + +Registering a new account. **Example request**: @@ -423,7 +431,7 @@ page_keywords: API, Docker, index, REST, documentation - **email** – valid email address, that needs to be confirmed - **username** – min 4 character, max 30 characters, must match - the regular expression [a-z0-9\_]. + the regular expression [a-z0-9_]. - **password** – min 5 characters **Example Response**: @@ -439,10 +447,12 @@ page_keywords: API, Docker, index, REST, documentation - **201** – User Created - **400** – Errors (invalid json, missing or invalid fields, etc) -### Update User +#### Update User + +`PUT /v1/users/(username)/` + +Change a password or email address for given user. If you pass in an - `PUT /v1/users/`(*username*)`/` -: Change a password or email address for given user. If you pass in an email, it will add it to your account, it will not remove the old one. Passwords will be updated. @@ -487,8 +497,10 @@ If you need to search the index, this is the endpoint you would use. ### Search - `GET /v1/search` -: Search the Index given a search term. It accepts +`GET /v1/search` + +Search the Index given a search term. It accepts + [GET](http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.3) only. @@ -521,5 +533,3 @@ If you need to search the index, this is the endpoint you would use. - **200** – no error - **500** – server error - - diff --git a/docs/sources/reference/api/docker_io_accounts_api.md b/docs/sources/reference/api/docker_io_accounts_api.md index e5e77dc421..b9f76ba92c 100644 --- a/docs/sources/reference/api/docker_io_accounts_api.md +++ b/docs/sources/reference/api/docker_io_accounts_api.md @@ -8,8 +8,9 @@ page_keywords: API, Docker, accounts, REST, documentation ### 1.1 Get a single user - `GET /api/v1.1/users/:username/` -: Get profile info for the specified user. +`GET /api/v1.1/users/:username/` + +Get profile info for the specified user. Parameters: @@ -61,8 +62,9 @@ page_keywords: API, Docker, accounts, REST, documentation ### 1.2 Update a single user - `PATCH /api/v1.1/users/:username/` -: Update profile info for the specified user. +`PATCH /api/v1.1/users/:username/` + +Update profile info for the specified user. Parameters: @@ -73,11 +75,11 @@ page_keywords: API, Docker, accounts, REST, documentation   - - **full\_name** (*string*) – (optional) the new name of the user. + - **full_name** (*string*) – (optional) the new name of the user. - **location** (*string*) – (optional) the new location. - **company** (*string*) – (optional) the new company of the user. - - **profile\_url** (*string*) – (optional) the new profile url. - - **gravatar\_email** (*string*) – (optional) the new Gravatar + - **profile_url** (*string*) – (optional) the new profile url. + - **gravatar_email** (*string*) – (optional) the new Gravatar email address. Request Headers: @@ -134,8 +136,9 @@ page_keywords: API, Docker, accounts, REST, documentation ### 1.3 List email addresses for a user - `GET /api/v1.1/users/:username/emails/` -: List email info for the specified user. +`GET /api/v1.1/users/:username/emails/` + +List email info for the specified user. Parameters: @@ -180,10 +183,11 @@ page_keywords: API, Docker, accounts, REST, documentation ### 1.4 Add email address for a user - `POST /api/v1.1/users/:username/emails/` -: Add a new email address to the specified user’s account. The email - address must be verified separately, a confirmation email is not - automatically sent. +`POST /api/v1.1/users/:username/emails/` + +Add a new email address to the specified user's account. The email +address must be verified separately, a confirmation email is not +automatically sent. Json Parameters: @@ -233,81 +237,12 @@ page_keywords: API, Docker, accounts, REST, documentation "primary": false } -### 1.5 Update an email address for a user +### 1.5 Delete email address for a user - `PATCH /api/v1.1/users/:username/emails/` -: Update an email address for the specified user to either verify an - email address or set it as the primary email for the user. You - cannot use this endpoint to un-verify an email address. You cannot - use this endpoint to unset the primary email, only set another as - the primary. +`DELETE /api/v1.1/users/:username/emails/` - Parameters: - - - **username** – username of the user whose email info is being - updated. - - Json Parameters: - -   - - - **email** (*string*) – the email address to be updated. - - **verified** (*boolean*) – (optional) whether the email address - is verified, must be `true` or absent. - - **primary** (*boolean*) – (optional) whether to set the email - address as the primary email, must be `true` - or absent. - - Request Headers: - -   - - - **Authorization** – required authentication credentials of - either type HTTP Basic or OAuth Bearer Token. - - **Content-Type** – MIME Type of post data. JSON, url-encoded - form data, etc. - - Status Codes: - - - **200** – success, user’s email updated. - - **400** – data validation error. - - **401** – authentication error. - - **403** – permission error, authenticated user must be the user - whose data is being updated, OAuth access tokens must have - `email_write` scope. - - **404** – the specified username or email address does not - exist. - - **Example request**: - - Once you have independently verified an email address. - - PATCH /api/v1.1/users/janedoe/emails/ HTTP/1.1 - Host: www.docker.io - Accept: application/json - Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ= - - { - "email": "jane.doe+other@example.com", - "verified": true, - } - - **Example response**: - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "email": "jane.doe+other@example.com", - "verified": true, - "primary": false - } - -### 1.6 Delete email address for a user - - `DELETE /api/v1.1/users/:username/emails/` -: Delete an email address from the specified user’s account. You - cannot delete a user’s primary email address. +Delete an email address from the specified user's account. You +cannot delete a user's primary email address. Json Parameters: @@ -351,5 +286,3 @@ page_keywords: API, Docker, accounts, REST, documentation HTTP/1.1 204 NO CONTENT Content-Length: 0 - - diff --git a/docs/sources/reference/api/docker_io_accounts_api.rst b/docs/sources/reference/api/docker_io_accounts_api.rst deleted file mode 100644 index 1ce75ca738..0000000000 --- a/docs/sources/reference/api/docker_io_accounts_api.rst +++ /dev/null @@ -1,306 +0,0 @@ -:title: docker.io Accounts API -:description: API Documentation for docker.io accounts. -:keywords: API, Docker, accounts, REST, documentation - - -====================== -docker.io Accounts API -====================== - - -1. Endpoints -============ - - -1.1 Get a single user -^^^^^^^^^^^^^^^^^^^^^ - -.. http:get:: /api/v1.1/users/:username/ - - Get profile info for the specified user. - - :param username: username of the user whose profile info is being requested. - - :reqheader Authorization: required authentication credentials of either type HTTP Basic or OAuth Bearer Token. - - :statuscode 200: success, user data returned. - :statuscode 401: authentication error. - :statuscode 403: permission error, authenticated user must be the user whose data is being requested, OAuth access tokens must have ``profile_read`` scope. - :statuscode 404: the specified username does not exist. - - **Example request**: - - .. sourcecode:: http - - GET /api/v1.1/users/janedoe/ HTTP/1.1 - Host: www.docker.io - Accept: application/json - Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ= - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "id": 2, - "username": "janedoe", - "url": "https://www.docker.io/api/v1.1/users/janedoe/", - "date_joined": "2014-02-12T17:58:01.431312Z", - "type": "User", - "full_name": "Jane Doe", - "location": "San Francisco, CA", - "company": "Success, Inc.", - "profile_url": "https://docker.io/", - "gravatar_url": "https://secure.gravatar.com/avatar/0212b397124be4acd4e7dea9aa357.jpg?s=80&r=g&d=mm" - "email": "jane.doe@example.com", - "is_active": true - } - - -1.2 Update a single user -^^^^^^^^^^^^^^^^^^^^^^^^ - -.. http:patch:: /api/v1.1/users/:username/ - - Update profile info for the specified user. - - :param username: username of the user whose profile info is being updated. - - :jsonparam string full_name: (optional) the new name of the user. - :jsonparam string location: (optional) the new location. - :jsonparam string company: (optional) the new company of the user. - :jsonparam string profile_url: (optional) the new profile url. - :jsonparam string gravatar_email: (optional) the new Gravatar email address. - - :reqheader Authorization: required authentication credentials of either type HTTP Basic or OAuth Bearer Token. - :reqheader Content-Type: MIME Type of post data. JSON, url-encoded form data, etc. - - :statuscode 200: success, user data updated. - :statuscode 400: post data validation error. - :statuscode 401: authentication error. - :statuscode 403: permission error, authenticated user must be the user whose data is being updated, OAuth access tokens must have ``profile_write`` scope. - :statuscode 404: the specified username does not exist. - - **Example request**: - - .. sourcecode:: http - - PATCH /api/v1.1/users/janedoe/ HTTP/1.1 - Host: www.docker.io - Accept: application/json - Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ= - - { - "location": "Private Island", - "profile_url": "http://janedoe.com/", - "company": "Retired", - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "id": 2, - "username": "janedoe", - "url": "https://www.docker.io/api/v1.1/users/janedoe/", - "date_joined": "2014-02-12T17:58:01.431312Z", - "type": "User", - "full_name": "Jane Doe", - "location": "Private Island", - "company": "Retired", - "profile_url": "http://janedoe.com/", - "gravatar_url": "https://secure.gravatar.com/avatar/0212b397124be4acd4e7dea9aa357.jpg?s=80&r=g&d=mm" - "email": "jane.doe@example.com", - "is_active": true - } - - -1.3 List email addresses for a user -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -.. http:get:: /api/v1.1/users/:username/emails/ - - List email info for the specified user. - - :param username: username of the user whose profile info is being updated. - - :reqheader Authorization: required authentication credentials of either type HTTP Basic or OAuth Bearer Token - - :statuscode 200: success, user data updated. - :statuscode 401: authentication error. - :statuscode 403: permission error, authenticated user must be the user whose data is being requested, OAuth access tokens must have ``email_read`` scope. - :statuscode 404: the specified username does not exist. - - **Example request**: - - .. sourcecode:: http - - GET /api/v1.1/users/janedoe/emails/ HTTP/1.1 - Host: www.docker.io - Accept: application/json - Authorization: Bearer zAy0BxC1wDv2EuF3tGs4HrI6qJp6KoL7nM - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "email": "jane.doe@example.com", - "verified": true, - "primary": true - } - ] - - -1.4 Add email address for a user -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -.. http:post:: /api/v1.1/users/:username/emails/ - - Add a new email address to the specified user's account. The email address - must be verified separately, a confirmation email is not automatically sent. - - :jsonparam string email: email address to be added. - - :reqheader Authorization: required authentication credentials of either type HTTP Basic or OAuth Bearer Token. - :reqheader Content-Type: MIME Type of post data. JSON, url-encoded form data, etc. - - :statuscode 201: success, new email added. - :statuscode 400: data validation error. - :statuscode 401: authentication error. - :statuscode 403: permission error, authenticated user must be the user whose data is being requested, OAuth access tokens must have ``email_write`` scope. - :statuscode 404: the specified username does not exist. - - **Example request**: - - .. sourcecode:: http - - POST /api/v1.1/users/janedoe/emails/ HTTP/1.1 - Host: www.docker.io - Accept: application/json - Content-Type: application/json - Authorization: Bearer zAy0BxC1wDv2EuF3tGs4HrI6qJp6KoL7nM - - { - "email": "jane.doe+other@example.com" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 Created - Content-Type: application/json - - { - "email": "jane.doe+other@example.com", - "verified": false, - "primary": false - } - - -1.5 Update an email address for a user -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -.. http:patch:: /api/v1.1/users/:username/emails/ - - Update an email address for the specified user to either verify an email - address or set it as the primary email for the user. You cannot use this - endpoint to un-verify an email address. You cannot use this endpoint to - unset the primary email, only set another as the primary. - - :param username: username of the user whose email info is being updated. - - :jsonparam string email: the email address to be updated. - :jsonparam boolean verified: (optional) whether the email address is verified, must be ``true`` or absent. - :jsonparam boolean primary: (optional) whether to set the email address as the primary email, must be ``true`` or absent. - - :reqheader Authorization: required authentication credentials of either type HTTP Basic or OAuth Bearer Token. - :reqheader Content-Type: MIME Type of post data. JSON, url-encoded form data, etc. - - :statuscode 200: success, user's email updated. - :statuscode 400: data validation error. - :statuscode 401: authentication error. - :statuscode 403: permission error, authenticated user must be the user whose data is being updated, OAuth access tokens must have ``email_write`` scope. - :statuscode 404: the specified username or email address does not exist. - - **Example request**: - - Once you have independently verified an email address. - - .. sourcecode:: http - - PATCH /api/v1.1/users/janedoe/emails/ HTTP/1.1 - Host: www.docker.io - Accept: application/json - Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ= - - { - "email": "jane.doe+other@example.com", - "verified": true, - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "email": "jane.doe+other@example.com", - "verified": true, - "primary": false - } - - -1.6 Delete email address for a user -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -.. http:delete:: /api/v1.1/users/:username/emails/ - - Delete an email address from the specified user's account. You cannot - delete a user's primary email address. - - :jsonparam string email: email address to be deleted. - - :reqheader Authorization: required authentication credentials of either type HTTP Basic or OAuth Bearer Token. - :reqheader Content-Type: MIME Type of post data. JSON, url-encoded form data, etc. - - :statuscode 204: success, email address removed. - :statuscode 400: validation error. - :statuscode 401: authentication error. - :statuscode 403: permission error, authenticated user must be the user whose data is being requested, OAuth access tokens must have ``email_write`` scope. - :statuscode 404: the specified username or email address does not exist. - - **Example request**: - - .. sourcecode:: http - - DELETE /api/v1.1/users/janedoe/emails/ HTTP/1.1 - Host: www.docker.io - Accept: application/json - Content-Type: application/json - Authorization: Bearer zAy0BxC1wDv2EuF3tGs4HrI6qJp6KoL7nM - - { - "email": "jane.doe+other@example.com" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 NO CONTENT - Content-Length: 0 diff --git a/docs/sources/reference/api/docker_io_oauth_api.md b/docs/sources/reference/api/docker_io_oauth_api.md index 3009f08e20..dd2f6d75ec 100644 --- a/docs/sources/reference/api/docker_io_oauth_api.md +++ b/docs/sources/reference/api/docker_io_oauth_api.md @@ -27,46 +27,47 @@ request registration of your application send an email to [support-accounts@docker.com](mailto:support-accounts%40docker.com) with the following information: -- The name of your application -- A description of your application and the service it will provide to - docker.io users. -- A callback URI that we will use for redirecting authorization - requests to your application. These are used in the step of getting - an Authorization Code. The domain name of the callback URI will be - visible to the user when they are requested to authorize your - application. + - The name of your application + - A description of your application and the service it will provide to + docker.io users. + - A callback URI that we will use for redirecting authorization + requests to your application. These are used in the step of getting + an Authorization Code. The domain name of the callback URI will be + visible to the user when they are requested to authorize your + application. When your application is approved you will receive a response from the docker.io team with your `client_id` and `client_secret` which your application will use in the steps of getting an Authorization Code and getting an Access Token. -## 3. Endpoints +# 3. Endpoints -### 3.1 Get an Authorization Code +## 3.1 Get an Authorization Code Once You have registered you are ready to start integrating docker.io accounts into your application! The process is usually started by a user following a link in your application to an OAuth Authorization endpoint. - `GET /api/v1.1/o/authorize/` -: Request that a docker.io user authorize your application. If the - user is not already logged in, they will be prompted to login. The - user is then presented with a form to authorize your application for - the requested access scope. On submission, the user will be - redirected to the specified `redirect_uri` with - an Authorization Code. +`GET /api/v1.1/o/authorize/` + +Request that a docker.io user authorize your application. If the +user is not already logged in, they will be prompted to login. The +user is then presented with a form to authorize your application for +the requested access scope. On submission, the user will be +redirected to the specified `redirect_uri` with +an Authorization Code. Query Parameters:   - - **client\_id** – The `client_id` given to + - **client_id** – The `client_id` given to your application at registration. - - **response\_type** – MUST be set to `code`. + - **response_type** – MUST be set to `code`. This specifies that you would like an Authorization Code returned. - - **redirect\_uri** – The URI to redirect back to after the user + - **redirect_uri** – The URI to redirect back to after the user has authorized your application. If omitted, the first of your registered `response_uris` is used. If included, it must be one of the URIs which were submitted when @@ -95,7 +96,7 @@ following a link in your application to an OAuth Authorization endpoint. prompt which asks the user to authorize your application with a description of the requested scopes. - ![](../../../_images/io_oauth_authorization_page.png) + ![](/reference/api/_static/io_oauth_authorization_page.png) Once the user allows or denies your Authorization Request the user will be redirected back to your application. Included in that @@ -113,34 +114,35 @@ following a link in your application to an OAuth Authorization endpoint. : An error message in the event of the user denying the authorization or some other kind of error with the request. -### 3.2 Get an Access Token +## 3.2 Get an Access Token Once the user has authorized your application, a request will be made to -your application’s specified `redirect_uri` which +your application'sspecified `redirect_uri` which includes a `code` parameter that you must then use to get an Access Token. - `POST /api/v1.1/o/token/` -: Submit your newly granted Authorization Code and your application’s - credentials to receive an Access Token and Refresh Token. The code - is valid for 60 seconds and cannot be used more than once. +`POST /api/v1.1/o/token/` + +Submit your newly granted Authorization Code and your application's +credentials to receive an Access Token and Refresh Token. The code +is valid for 60 seconds and cannot be used more than once. Request Headers:   - **Authorization** – HTTP basic authentication using your - application’s `client_id` and + application's `client_id` and `client_secret` Form Parameters:   - - **grant\_type** – MUST be set to `authorization_code` - - **code** – The authorization code received from the user’s + - **grant_type** – MUST be set to `authorization_code` + - **code** – The authorization code received from the user's redirect request. - - **redirect\_uri** – The same `redirect_uri` + - **redirect_uri** – The same `redirect_uri` used in the authentication request. **Example Request** @@ -177,31 +179,32 @@ to get an Access Token. In the case of an error, there will be a non-200 HTTP Status and and data detailing the error. -### 3.3 Refresh a Token +## 3.3 Refresh a Token Once the Access Token expires you can use your `refresh_token` to have docker.io issue your application a new Access Token, if the user has not revoked access from your application. - `POST /api/v1.1/o/token/` -: Submit your `refresh_token` and application’s - credentials to receive a new Access Token and Refresh Token. The - `refresh_token` can be used only once. +`POST /api/v1.1/o/token/` + +Submit your `refresh_token` and application's +credentials to receive a new Access Token and Refresh Token. The +`refresh_token` can be used only once. Request Headers:   - **Authorization** – HTTP basic authentication using your - application’s `client_id` and + application's `client_id` and `client_secret` Form Parameters:   - - **grant\_type** – MUST be set to `refresh_token` - - **refresh\_token** – The `refresh_token` + - **grant_type** – MUST be set to `refresh_token` + - **refresh_token** – The `refresh_token` which was issued to your application. - **scope** – (optional) The scope of the access token to be returned. Must not include any scope not originally granted by @@ -241,11 +244,10 @@ if the user has not revoked access from your application. In the case of an error, there will be a non-200 HTTP Status and and data detailing the error. -## 4. Use an Access Token with the API +# 4. Use an Access Token with the API Many of the docker.io API requests will require a Authorization request -header field. Simply ensure you add this header with "Bearer -\<`access_token`\>": +header field. Simply ensure you add this header with "Bearer <`access_token`>": GET /api/v1.1/resource HTTP/1.1 Host: docker.io diff --git a/docs/sources/reference/api/docker_io_oauth_api.rst b/docs/sources/reference/api/docker_io_oauth_api.rst deleted file mode 100644 index 24d2af3adb..0000000000 --- a/docs/sources/reference/api/docker_io_oauth_api.rst +++ /dev/null @@ -1,251 +0,0 @@ -:title: docker.io OAuth API -:description: API Documentation for docker.io's OAuth flow. -:keywords: API, Docker, oauth, REST, documentation - - -=================== -docker.io OAuth API -=================== - - -1. Brief introduction -===================== - -Some docker.io API requests will require an access token to authenticate. To -get an access token for a user, that user must first grant your application -access to their docker.io account. In order for them to grant your application -access you must first register your application. - -Before continuing, we encourage you to familiarize yourself with -`The OAuth 2.0 Authorization Framework `_. - -*Also note that all OAuth interactions must take place over https connections* - - -2. Register Your Application -============================ - -You will need to register your application with docker.io before users will -be able to grant your application access to their account information. We -are currently only allowing applications selectively. To request registration -of your application send an email to support-accounts@docker.com with the -following information: - -- The name of your application -- A description of your application and the service it will provide - to docker.io users. -- A callback URI that we will use for redirecting authorization requests to - your application. These are used in the step of getting an Authorization - Code. The domain name of the callback URI will be visible to the user when - they are requested to authorize your application. - -When your application is approved you will receive a response from the -docker.io team with your ``client_id`` and ``client_secret`` which your -application will use in the steps of getting an Authorization Code and getting -an Access Token. - - -3. Endpoints -============ - -3.1 Get an Authorization Code -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Once You have registered you are ready to start integrating docker.io accounts -into your application! The process is usually started by a user following a -link in your application to an OAuth Authorization endpoint. - -.. http:get:: /api/v1.1/o/authorize/ - - Request that a docker.io user authorize your application. If the user is - not already logged in, they will be prompted to login. The user is then - presented with a form to authorize your application for the requested - access scope. On submission, the user will be redirected to the specified - ``redirect_uri`` with an Authorization Code. - - :query client_id: The ``client_id`` given to your application at - registration. - :query response_type: MUST be set to ``code``. This specifies that you - would like an Authorization Code returned. - :query redirect_uri: The URI to redirect back to after the user has - authorized your application. If omitted, the first of your registered - ``response_uris`` is used. If included, it must be one of the URIs - which were submitted when registering your application. - :query scope: The extent of access permissions you are requesting. - Currently, the scope options are ``profile_read``, ``profile_write``, - ``email_read``, and ``email_write``. Scopes must be separated by a - space. If omitted, the default scopes ``profile_read email_read`` are - used. - :query state: (Recommended) Used by your application to maintain state - between the authorization request and callback to protect against CSRF - attacks. - - **Example Request** - - Asking the user for authorization. - - .. sourcecode:: http - - GET /api/v1.1/o/authorize/?client_id=TestClientID&response_type=code&redirect_uri=https%3A//my.app/auth_complete/&scope=profile_read%20email_read&state=abc123 HTTP/1.1 - Host: www.docker.io - - **Authorization Page** - - When the user follows a link, making the above GET request, they will be - asked to login to their docker.io account if they are not already and then - be presented with the following authorization prompt which asks the user - to authorize your application with a description of the requested scopes. - - .. image:: _static/io_oauth_authorization_page.png - - Once the user allows or denies your Authorization Request the user will be - redirected back to your application. Included in that request will be the - following query parameters: - - ``code`` - The Authorization code generated by the docker.io authorization server. - Present it again to request an Access Token. This code expires in 60 - seconds. - - ``state`` - If the ``state`` parameter was present in the authorization request this - will be the exact value received from that request. - - ``error`` - An error message in the event of the user denying the authorization or - some other kind of error with the request. - - -3.2 Get an Access Token -^^^^^^^^^^^^^^^^^^^^^^^ - -Once the user has authorized your application, a request will be made to your -application's specified ``redirect_uri`` which includes a ``code`` parameter -that you must then use to get an Access Token. - -.. http:post:: /api/v1.1/o/token/ - - Submit your newly granted Authorization Code and your application's - credentials to receive an Access Token and Refresh Token. The code is valid - for 60 seconds and cannot be used more than once. - - :reqheader Authorization: HTTP basic authentication using your - application's ``client_id`` and ``client_secret`` - - :form grant_type: MUST be set to ``authorization_code`` - :form code: The authorization code received from the user's redirect - request. - :form redirect_uri: The same ``redirect_uri`` used in the authentication - request. - - **Example Request** - - Using an authorization code to get an access token. - - .. sourcecode:: http - - POST /api/v1.1/o/token/ HTTP/1.1 - Host: www.docker.io - Authorization: Basic VGVzdENsaWVudElEOlRlc3RDbGllbnRTZWNyZXQ= - Accept: application/json - Content-Type: application/json - - { - "grant_type": "code", - "code": "YXV0aG9yaXphdGlvbl9jb2Rl", - "redirect_uri": "https://my.app/auth_complete/" - } - - **Example Response** - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json;charset=UTF-8 - - { - "username": "janedoe", - "user_id": 42, - "access_token": "t6k2BqgRw59hphQBsbBoPPWLqu6FmS", - "expires_in": 15552000, - "token_type": "Bearer", - "scope": "profile_read email_read", - "refresh_token": "hJDhLH3cfsUrQlT4MxA6s8xAFEqdgc" - } - - In the case of an error, there will be a non-200 HTTP Status and and data - detailing the error. - - -3.3 Refresh a Token -^^^^^^^^^^^^^^^^^^^ - -Once the Access Token expires you can use your ``refresh_token`` to have -docker.io issue your application a new Access Token, if the user has not -revoked access from your application. - -.. http:post:: /api/v1.1/o/token/ - - Submit your ``refresh_token`` and application's credentials to receive a - new Access Token and Refresh Token. The ``refresh_token`` can be used - only once. - - :reqheader Authorization: HTTP basic authentication using your - application's ``client_id`` and ``client_secret`` - - :form grant_type: MUST be set to ``refresh_token`` - :form refresh_token: The ``refresh_token`` which was issued to your - application. - :form scope: (optional) The scope of the access token to be returned. - Must not include any scope not originally granted by the user and if - omitted is treated as equal to the scope originally granted. - - **Example Request** - - Refreshing an access token. - - .. sourcecode:: http - - POST /api/v1.1/o/token/ HTTP/1.1 - Host: www.docker.io - Authorization: Basic VGVzdENsaWVudElEOlRlc3RDbGllbnRTZWNyZXQ= - Accept: application/json - Content-Type: application/json - - { - "grant_type": "refresh_token", - "refresh_token": "hJDhLH3cfsUrQlT4MxA6s8xAFEqdgc", - } - - **Example Response** - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json;charset=UTF-8 - - { - "username": "janedoe", - "user_id": 42, - "access_token": "t6k2BqgRw59hphQBsbBoPPWLqu6FmS", - "expires_in": 15552000, - "token_type": "Bearer", - "scope": "profile_read email_read", - "refresh_token": "hJDhLH3cfsUrQlT4MxA6s8xAFEqdgc" - } - - In the case of an error, there will be a non-200 HTTP Status and and data - detailing the error. - - -4. Use an Access Token with the API -=================================== - -Many of the docker.io API requests will require a Authorization request header -field. Simply ensure you add this header with "Bearer <``access_token``>": - -.. sourcecode:: http - - GET /api/v1.1/resource HTTP/1.1 - Host: docker.io - Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA diff --git a/docs/sources/reference/api/docker_remote_api.md b/docs/sources/reference/api/docker_remote_api.md index 5df7d8938c..47f4724b1a 100644 --- a/docs/sources/reference/api/docker_remote_api.md +++ b/docs/sources/reference/api/docker_remote_api.md @@ -4,270 +4,318 @@ page_keywords: API, Docker, rcli, REST, documentation # Docker Remote API -## 1. Brief introduction - -- The Remote API is replacing rcli -- By default the Docker daemon listens on unix:///var/run/docker.sock - and the client must have root access to interact with the daemon -- If a group named *docker* exists on your system, docker will apply - ownership of the socket to the group -- The API tends to be REST, but for some complex commands, like attach - or pull, the HTTP connection is hijacked to transport stdout stdin - and stderr -- Since API version 1.2, the auth configuration is now handled client - side, so the client has to send the authConfig as POST in - /images/(name)/push -- authConfig, set as the `X-Registry-Auth` header, - is currently a Base64 encoded (json) string with credentials: - `{'username': string, 'password': string, 'email': string, 'serveraddress' : string}` + - The Remote API is replacing rcli + - By default the Docker daemon listens on unix:///var/run/docker.sock + and the client must have root access to interact with the daemon + - If a group named *docker* exists on your system, docker will apply + ownership of the socket to the group + - The API tends to be REST, but for some complex commands, like attach + or pull, the HTTP connection is hijacked to transport stdout stdin + and stderr + - Since API version 1.2, the auth configuration is now handled client + side, so the client has to send the authConfig as POST in /images/(name)/push + - authConfig, set as the `X-Registry-Auth` header, is currently a Base64 + encoded (json) string with credentials: + `{'username': string, 'password': string, 'email': string, 'serveraddress' : string}` -## 2. Versions -The current version of the API is 1.11 +The current version of the API is v1.11 -Calling /images/\/insert is the same as calling -/v1.11/images/\/insert +Calling /images//insert is the same as calling +/v1.11/images//insert You can still call an old version of the api using -/v1.11/images/\/insert +/v1.11/images//insert -### v1.11 +## v1.11 -#### Full Documentation +### Full Documentation -[*Docker Remote API v1.11*](../docker_remote_api_v1.11/) +[*Docker Remote API v1.11*](/reference/api/docker_remote_api_v1.11/) -#### What’s new +### What's new - `GET /events` -: **New!** You can now use the `-until` parameter - to close connection after timestamp. +`GET /_ping` -### v1.10 +**New!** +You can now ping the server via the `_ping` endpoint. -#### Full Documentation +`GET /events` -[*Docker Remote API v1.10*](../docker_remote_api_v1.10/) +**New!** +You can now use the `-until` parameter to close connection +after timestamp. -#### What’s new +`GET /containers/(id)/logs` - `DELETE /images/`(*name*) -: **New!** You can now use the force parameter to force delete of an - image, even if it’s tagged in multiple repositories. **New!** You +This url is prefered method for getting container logs now. + +## v1.10 + +### Full Documentation + +[*Docker Remote API v1.10*](/reference/api/docker_remote_api_v1.10/) + +### What's new + +`DELETE /images/(name)` + +**New!** +You can now use the force parameter to force delete of an + image, even if it's tagged in multiple repositories. **New!** + You can now use the noprune parameter to prevent the deletion of parent images - `DELETE /containers/`(*id*) -: **New!** You can now use the force paramter to force delete a +`DELETE /containers/(id)` + +**New!** +You can now use the force paramter to force delete a container, even if it is currently running -### v1.9 +## v1.9 -#### Full Documentation +### Full Documentation -[*Docker Remote API v1.9*](../docker_remote_api_v1.9/) +[*Docker Remote API v1.9*](/reference/api/docker_remote_api_v1.9/) -#### What’s new +### What's new - `POST /build` -: **New!** This endpoint now takes a serialized ConfigFile which it - uses to resolve the proper registry auth credentials for pulling the - base image. Clients which previously implemented the version - accepting an AuthConfig object must be updated. +`POST /build` -### v1.8 +**New!** +This endpoint now takes a serialized ConfigFile which it +uses to resolve the proper registry auth credentials for pulling the +base image. Clients which previously implemented the version +accepting an AuthConfig object must be updated. -#### Full Documentation +## v1.8 -#### What’s new +### Full Documentation - `POST /build` -: **New!** This endpoint now returns build status as json stream. In - case of a build error, it returns the exit status of the failed - command. +[*Docker Remote API v1.8*](/reference/api/docker_remote_api_v1.8/) - `GET /containers/`(*id*)`/json` -: **New!** This endpoint now returns the host config for the - container. +### What's new - `POST /images/create` -: +`POST /build` - `POST /images/`(*name*)`/insert` -: +**New!** +This endpoint now returns build status as json stream. In +case of a build error, it returns the exit status of the failed +command. - `POST /images/`(*name*)`/push` -: **New!** progressDetail object was added in the JSON. It’s now - possible to get the current value and the total of the progress - without having to parse the string. +`GET /containers/(id)/json` -### v1.7 +**New!** +This endpoint now returns the host config for the +container. -#### Full Documentation +`POST /images/create` -#### What’s new +`POST /images/(name)/insert` - `GET /images/json` -: The format of the json returned from this uri changed. Instead of an - entry for each repo/tag on an image, each image is only represented - once, with a nested attribute indicating the repo/tags that apply to - that image. +`POST /images/(name)/push` - Instead of: +**New!** +progressDetail object was added in the JSON. It's now +possible to get the current value and the total of the progress +without having to parse the string. - HTTP/1.1 200 OK - Content-Type: application/json +## v1.7 - [ - { - "VirtualSize": 131506275, - "Size": 131506275, - "Created": 1365714795, - "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", - "Tag": "12.04", - "Repository": "ubuntu" - }, - { - "VirtualSize": 131506275, - "Size": 131506275, - "Created": 1365714795, - "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", - "Tag": "latest", - "Repository": "ubuntu" - }, - { - "VirtualSize": 131506275, - "Size": 131506275, - "Created": 1365714795, - "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", - "Tag": "precise", - "Repository": "ubuntu" - }, - { - "VirtualSize": 180116135, - "Size": 24653, - "Created": 1364102658, - "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "Tag": "12.10", - "Repository": "ubuntu" - }, - { - "VirtualSize": 180116135, - "Size": 24653, - "Created": 1364102658, - "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "Tag": "quantal", - "Repository": "ubuntu" - } - ] +### Full Documentation - The returned json looks like this: +[*Docker Remote API v1.7*](/reference/api/docker_remote_api_v1.7/) - HTTP/1.1 200 OK - Content-Type: application/json +### What's new - [ - { - "RepoTags": [ - "ubuntu:12.04", - "ubuntu:precise", - "ubuntu:latest" - ], - "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", - "Created": 1365714795, - "Size": 131506275, - "VirtualSize": 131506275 - }, - { - "RepoTags": [ - "ubuntu:12.10", - "ubuntu:quantal" - ], - "ParentId": "27cf784147099545", - "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "Created": 1364102658, - "Size": 24653, - "VirtualSize": 180116135 - } - ] +`GET /images/json` - `GET /images/viz` -: This URI no longer exists. The `images --viz` - output is now generated in the client, using the - `/images/json` data. +The format of the json returned from this uri changed. Instead of an +entry for each repo/tag on an image, each image is only represented +once, with a nested attribute indicating the repo/tags that apply to +that image. -### v1.6 +Instead of: -#### Full Documentation + HTTP/1.1 200 OK + Content-Type: application/json -#### What’s new + [ + { + "VirtualSize": 131506275, + "Size": 131506275, + "Created": 1365714795, + "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", + "Tag": "12.04", + "Repository": "ubuntu" + }, + { + "VirtualSize": 131506275, + "Size": 131506275, + "Created": 1365714795, + "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", + "Tag": "latest", + "Repository": "ubuntu" + }, + { + "VirtualSize": 131506275, + "Size": 131506275, + "Created": 1365714795, + "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", + "Tag": "precise", + "Repository": "ubuntu" + }, + { + "VirtualSize": 180116135, + "Size": 24653, + "Created": 1364102658, + "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "Tag": "12.10", + "Repository": "ubuntu" + }, + { + "VirtualSize": 180116135, + "Size": 24653, + "Created": 1364102658, + "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "Tag": "quantal", + "Repository": "ubuntu" + } + ] - `POST /containers/`(*id*)`/attach` -: **New!** You can now split stderr from stdout. This is done by - prefixing a header to each transmition. See - [`POST /containers/(id)/attach` -](../docker_remote_api_v1.9/#post--containers-(id)-attach "POST /containers/(id)/attach"). - The WebSocket attach is unchanged. Note that attach calls on the - previous API version didn’t change. Stdout and stderr are merged. +The returned json looks like this: -### v1.5 + HTTP/1.1 200 OK + Content-Type: application/json -#### Full Documentation + [ + { + "RepoTags": [ + "ubuntu:12.04", + "ubuntu:precise", + "ubuntu:latest" + ], + "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", + "Created": 1365714795, + "Size": 131506275, + "VirtualSize": 131506275 + }, + { + "RepoTags": [ + "ubuntu:12.10", + "ubuntu:quantal" + ], + "ParentId": "27cf784147099545", + "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "Created": 1364102658, + "Size": 24653, + "VirtualSize": 180116135 + } + ] -#### What’s new +`GET /images/viz` - `POST /images/create` -: **New!** You can now pass registry credentials (via an AuthConfig +This URI no longer exists. The `images --viz` +output is now generated in the client, using the +`/images/json` data. + +## v1.6 + +### Full Documentation + +[*Docker Remote API v1.6*](/reference/api/docker_remote_api_v1.6/) + +### What's new + +`POST /containers/(id)/attach` + +**New!** +You can now split stderr from stdout. This is done by +prefixing a header to each transmition. See +[`POST /containers/(id)/attach`]( +/reference/api/docker_remote_api_v1.9/#post--containers-(id)-attach "POST /containers/(id)/attach"). +The WebSocket attach is unchanged. Note that attach calls on the +previous API version didn't change. Stdout and stderr are merged. + +## v1.5 + +### Full Documentation + +[*Docker Remote API v1.5*](/reference/api/docker_remote_api_v1.5/) + +### What's new + +`POST /images/create` + +**New!** +You can now pass registry credentials (via an AuthConfig object) through the X-Registry-Auth header - `POST /images/`(*name*)`/push` -: **New!** The AuthConfig object now needs to be passed through the +`POST /images/(name)/push` + +**New!** +The AuthConfig object now needs to be passed through the X-Registry-Auth header - `GET /containers/json` -: **New!** The format of the Ports entry has been changed to a list of - dicts each containing PublicPort, PrivatePort and Type describing a - port mapping. +`GET /containers/json` -### v1.4 +**New!** +The format of the Ports entry has been changed to a list of +dicts each containing PublicPort, PrivatePort and Type describing a +port mapping. -#### Full Documentation +## v1.4 -#### What’s new +### Full Documentation - `POST /images/create` -: **New!** When pulling a repo, all images are now downloaded in - parallel. +[*Docker Remote API v1.4*](/reference/api/docker_remote_api_v1.4/) - `GET /containers/`(*id*)`/top` -: **New!** You can now use ps args with docker top, like docker top - \ aux +### What's new - `GET /events:` -: **New!** Image’s name added in the events +`POST /images/create` -### v1.3 +**New!** +When pulling a repo, all images are now downloaded in parallel. + +`GET /containers/(id)/top` + +**New!** +You can now use ps args with docker top, like docker top + aux + +`GET /events` + +**New!** +Image's name added in the events + +## v1.3 docker v0.5.0 [51f6c4a](https://github.com/dotcloud/docker/commit/51f6c4a7372450d164c61e0054daf0223ddbd909) -#### Full Documentation +### Full Documentation -#### What’s new +[*Docker Remote API v1.3*](/reference/api/docker_remote_api_v1.3/) - `GET /containers/`(*id*)`/top` -: List the processes running inside a container. +### What's new - `GET /events:` -: **New!** Monitor docker’s events via streaming or via polling +`GET /containers/(id)/top` + +List the processes running inside a container. + +`GET /events` + +**New!** +Monitor docker's events via streaming or via polling Builder (/build): -- Simplify the upload of the build context -- Simply stream a tarball instead of multipart upload with 4 - intermediary buffers -- Simpler, less memory usage, less disk usage and faster + - Simplify the upload of the build context + - Simply stream a tarball instead of multipart upload with 4 + intermediary buffers + - Simpler, less memory usage, less disk usage and faster > **Warning**: > The /build improvements are not reverse-compatible. Pre 1.3 clients will @@ -275,73 +323,81 @@ Builder (/build): List containers (/containers/json): -- You can use size=1 to get the size of the containers + - You can use size=1 to get the size of the containers -Start containers (/containers/\/start): +Start containers (/containers//start): -- You can now pass host-specific configuration (e.g. bind mounts) in - the POST body for start calls + - You can now pass host-specific configuration (e.g. bind mounts) in + the POST body for start calls -### v1.2 +## v1.2 docker v0.4.2 [2e7649b](https://github.com/dotcloud/docker/commit/2e7649beda7c820793bd46766cbc2cfeace7b168) -#### Full Documentation +### Full Documentation -#### What’s new +[*Docker Remote API v1.2*](/reference/api/docker_remote_api_v1.2/) + +### What's new The auth configuration is now handled by the client. -The client should send it’s authConfig as POST on each call of -/images/(name)/push +The client should send it's authConfig as POST on each call of +`/images/(name)/push` - `GET /auth` -: **Deprecated.** +`GET /auth` - `POST /auth` -: Only checks the configuration but doesn’t store it on the server +**Deprecated.** + +`POST /auth` + +Only checks the configuration but doesn't store it on the server Deleting an image is now improved, will only untag the image if it has children and remove all the untagged parents if has any. - `POST /images//delete` -: Now returns a JSON structure with the list of images - deleted/untagged. +`POST /images//delete` -### v1.1 +Now returns a JSON structure with the list of images +deleted/untagged. + +## v1.1 docker v0.4.0 [a8ae398](https://github.com/dotcloud/docker/commit/a8ae398bf52e97148ee7bd0d5868de2e15bd297f) -#### Full Documentation +### Full Documentation -#### What’s new +[*Docker Remote API v1.1*](/reference/api/docker_remote_api_v1.1/) - `POST /images/create` -: +### What's new - `POST /images/`(*name*)`/insert` -: +`POST /images/create` - `POST /images/`(*name*)`/push` -: Uses json stream instead of HTML hijack, it looks like this: +`POST /images/(name)/insert` - > HTTP/1.1 200 OK - > Content-Type: application/json - > - > {"status":"Pushing..."} - > {"status":"Pushing", "progress":"1/? (n/a)"} - > {"error":"Invalid..."} - > ... +`POST /images/(name)/push` -### v1.0 +Uses json stream instead of HTML hijack, it looks like this: + + HTTP/1.1 200 OK + Content-Type: application/json + + {"status":"Pushing..."} + {"status":"Pushing", "progress":"1/? (n/a)"} + {"error":"Invalid..."} + ... + +## v1.0 docker v0.3.4 [8d73740](https://github.com/dotcloud/docker/commit/8d73740343778651c09160cde9661f5f387b36f4) -#### Full Documentation +### Full Documentation -#### What’s new +[*Docker Remote API v1.0*](/reference/api/docker_remote_api_v1.0/) + +### What's new Initial version diff --git a/docs/sources/reference/api/docker_remote_api.rst b/docs/sources/reference/api/docker_remote_api.rst deleted file mode 100644 index 1e90b1bbe3..0000000000 --- a/docs/sources/reference/api/docker_remote_api.rst +++ /dev/null @@ -1,404 +0,0 @@ -:title: Remote API -:description: API Documentation for Docker -:keywords: API, Docker, rcli, REST, documentation - -.. COMMENT use https://pythonhosted.org/sphinxcontrib-httpdomain/ to -.. document the REST API. - -================= -Docker Remote API -================= - - -1. Brief introduction -===================== - -- The Remote API is replacing rcli -- By default the Docker daemon listens on unix:///var/run/docker.sock and the client must have root access to interact with the daemon -- If a group named *docker* exists on your system, docker will apply ownership of the socket to the group -- The API tends to be REST, but for some complex commands, like attach - or pull, the HTTP connection is hijacked to transport stdout stdin - and stderr -- Since API version 1.2, the auth configuration is now handled client - side, so the client has to send the authConfig as POST in - /images/(name)/push -- authConfig, set as the ``X-Registry-Auth`` header, is currently a Base64 encoded (json) string with credentials: - ``{'username': string, 'password': string, 'email': string, 'serveraddress' : string}`` - -2. Versions -=========== - -The current version of the API is 1.11 - -Calling /images//insert is the same as calling -/v1.11/images//insert - -You can still call an old version of the api using -/v1.11/images//insert - - -v1.11 -***** - -Full Documentation ------------------- - -:doc:`docker_remote_api_v1.11` - -What's new ----------- - -.. http:get:: /events - - **New!** You can now use the ``-until`` parameter to close connection after timestamp. - -v1.10 -***** - -Full Documentation ------------------- - -:doc:`docker_remote_api_v1.10` - -What's new ----------- - -.. http:delete:: /images/(name) - - **New!** You can now use the force parameter to force delete of an image, even if it's - tagged in multiple repositories. - **New!** You can now use the noprune parameter to prevent the deletion of parent images - -.. http:delete:: /containers/(id) - - **New!** You can now use the force paramter to force delete a container, even if - it is currently running - -v1.9 -**** - -Full Documentation ------------------- - -:doc:`docker_remote_api_v1.9` - -What's new ----------- - -.. http:post:: /build - - **New!** This endpoint now takes a serialized ConfigFile which it uses to - resolve the proper registry auth credentials for pulling the base image. - Clients which previously implemented the version accepting an AuthConfig - object must be updated. - -v1.8 -**** - -Full Documentation ------------------- - -What's new ----------- - -.. http:post:: /build - - **New!** This endpoint now returns build status as json stream. In case - of a build error, it returns the exit status of the failed command. - -.. http:get:: /containers/(id)/json - - **New!** This endpoint now returns the host config for the container. - -.. http:post:: /images/create -.. http:post:: /images/(name)/insert -.. http:post:: /images/(name)/push - - **New!** progressDetail object was added in the JSON. It's now possible - to get the current value and the total of the progress without having to - parse the string. - -v1.7 -**** - -Full Documentation ------------------- - -What's new ----------- - -.. http:get:: /images/json - - The format of the json returned from this uri changed. Instead of an entry - for each repo/tag on an image, each image is only represented once, with a - nested attribute indicating the repo/tags that apply to that image. - - Instead of: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "VirtualSize": 131506275, - "Size": 131506275, - "Created": 1365714795, - "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", - "Tag": "12.04", - "Repository": "ubuntu" - }, - { - "VirtualSize": 131506275, - "Size": 131506275, - "Created": 1365714795, - "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", - "Tag": "latest", - "Repository": "ubuntu" - }, - { - "VirtualSize": 131506275, - "Size": 131506275, - "Created": 1365714795, - "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", - "Tag": "precise", - "Repository": "ubuntu" - }, - { - "VirtualSize": 180116135, - "Size": 24653, - "Created": 1364102658, - "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "Tag": "12.10", - "Repository": "ubuntu" - }, - { - "VirtualSize": 180116135, - "Size": 24653, - "Created": 1364102658, - "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "Tag": "quantal", - "Repository": "ubuntu" - } - ] - - The returned json looks like this: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "RepoTags": [ - "ubuntu:12.04", - "ubuntu:precise", - "ubuntu:latest" - ], - "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", - "Created": 1365714795, - "Size": 131506275, - "VirtualSize": 131506275 - }, - { - "RepoTags": [ - "ubuntu:12.10", - "ubuntu:quantal" - ], - "ParentId": "27cf784147099545", - "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "Created": 1364102658, - "Size": 24653, - "VirtualSize": 180116135 - } - ] - -.. http:get:: /images/viz - - This URI no longer exists. The ``images --viz`` output is now generated in - the client, using the ``/images/json`` data. - -v1.6 -**** - -Full Documentation ------------------- - -What's new ----------- - -.. http:post:: /containers/(id)/attach - - **New!** You can now split stderr from stdout. This is done by prefixing - a header to each transmition. See :http:post:`/containers/(id)/attach`. - The WebSocket attach is unchanged. - Note that attach calls on the previous API version didn't change. Stdout and - stderr are merged. - - -v1.5 -**** - -Full Documentation ------------------- - -What's new ----------- - -.. http:post:: /images/create - - **New!** You can now pass registry credentials (via an AuthConfig object) - through the `X-Registry-Auth` header - -.. http:post:: /images/(name)/push - - **New!** The AuthConfig object now needs to be passed through - the `X-Registry-Auth` header - -.. http:get:: /containers/json - - **New!** The format of the `Ports` entry has been changed to a list of - dicts each containing `PublicPort`, `PrivatePort` and `Type` describing a - port mapping. - -v1.4 -**** - -Full Documentation ------------------- - -What's new ----------- - -.. http:post:: /images/create - - **New!** When pulling a repo, all images are now downloaded in parallel. - -.. http:get:: /containers/(id)/top - - **New!** You can now use ps args with docker top, like `docker top aux` - -.. http:get:: /events: - - **New!** Image's name added in the events - -v1.3 -**** - -docker v0.5.0 51f6c4a_ - -Full Documentation ------------------- - -What's new ----------- - -.. http:get:: /containers/(id)/top - - List the processes running inside a container. - -.. http:get:: /events: - - **New!** Monitor docker's events via streaming or via polling - -Builder (/build): - -- Simplify the upload of the build context -- Simply stream a tarball instead of multipart upload with 4 - intermediary buffers -- Simpler, less memory usage, less disk usage and faster - -.. Warning:: - - The /build improvements are not reverse-compatible. Pre 1.3 clients - will break on /build. - -List containers (/containers/json): - -- You can use size=1 to get the size of the containers - -Start containers (/containers//start): - -- You can now pass host-specific configuration (e.g. bind mounts) in - the POST body for start calls - -v1.2 -**** - -docker v0.4.2 2e7649b_ - -Full Documentation ------------------- - -What's new ----------- - -The auth configuration is now handled by the client. - -The client should send it's authConfig as POST on each call of -/images/(name)/push - -.. http:get:: /auth - - **Deprecated.** - -.. http:post:: /auth - - Only checks the configuration but doesn't store it on the server - - Deleting an image is now improved, will only untag the image if it - has children and remove all the untagged parents if has any. - -.. http:post:: /images//delete - - Now returns a JSON structure with the list of images - deleted/untagged. - - -v1.1 -**** - -docker v0.4.0 a8ae398_ - -Full Documentation ------------------- - -What's new ----------- - -.. http:post:: /images/create -.. http:post:: /images/(name)/insert -.. http:post:: /images/(name)/push - - Uses json stream instead of HTML hijack, it looks like this: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pushing..."} - {"status":"Pushing", "progress":"1/? (n/a)"} - {"error":"Invalid..."} - ... - -v1.0 -**** - -docker v0.3.4 8d73740_ - -Full Documentation ------------------- - -What's new ----------- - -Initial version - - -.. _a8ae398: https://github.com/dotcloud/docker/commit/a8ae398bf52e97148ee7bd0d5868de2e15bd297f -.. _8d73740: https://github.com/dotcloud/docker/commit/8d73740343778651c09160cde9661f5f387b36f4 -.. _2e7649b: https://github.com/dotcloud/docker/commit/2e7649beda7c820793bd46766cbc2cfeace7b168 -.. _51f6c4a: https://github.com/dotcloud/docker/commit/51f6c4a7372450d164c61e0054daf0223ddbd909 diff --git a/docs/sources/reference/api/archive/docker_remote_api_v1.0.md b/docs/sources/reference/api/docker_remote_api_v1.0.md similarity index 83% rename from docs/sources/reference/api/archive/docker_remote_api_v1.0.md rename to docs/sources/reference/api/docker_remote_api_v1.0.md index 8f94733584..d719ca27e8 100644 --- a/docs/sources/reference/api/archive/docker_remote_api_v1.0.md +++ b/docs/sources/reference/api/docker_remote_api_v1.0.md @@ -2,9 +2,9 @@ page_title: Remote API v1.0 page_description: API Documentation for Docker page_keywords: API, Docker, rcli, REST, documentation -# [Docker Remote API v1.0](#id1) +# Docker Remote API v1.0 -## [1. Brief introduction](#id2) +# 1. Brief introduction - The Remote API is replacing rcli - Default port in the docker daemon is 4243 @@ -12,14 +12,15 @@ page_keywords: API, Docker, rcli, REST, documentation or pull, the HTTP connection is hijacked to transport stdout stdin and stderr -## [2. Endpoints](#id3) +# 2. Endpoints -### [2.1 Containers](#id4) +## 2.1 Containers -#### [List containers](#id5) +### List containers - `GET /containers/json` -: List containers +`GET /containers/json` + +List containers **Example request**: @@ -80,10 +81,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **400** – bad parameter - **500** – server error -#### [Create a container](#id6) +### Create a container - `POST /containers/create` -: Create a container +`POST /containers/create` + +Create a container **Example request**: @@ -126,7 +128,7 @@ page_keywords: API, Docker, rcli, REST, documentation   - - **config** – the container’s configuration + - **config** – the container's configuration Status Codes: @@ -135,10 +137,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **406** – impossible to attach (container not running) - **500** – server error -#### [Inspect a container](#id7) +### Inspect a container - `GET /containers/`(*id*)`/json` -: Return low-level information on the container `id` +`GET /containers/(id)/json` + +Return low-level information on the container `id` **Example request**: @@ -202,10 +205,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Inspect changes on a container’s filesystem](#id8) +### Inspect changes on a container's filesystem - `GET /containers/`(*id*)`/changes` -: Inspect changes on container `id` ‘s filesystem +`GET /containers/(id)/changes` + +Inspect changes on container `id`'s filesystem **Example request**: @@ -237,10 +241,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Export a container](#id9) +### Export a container - `GET /containers/`(*id*)`/export` -: Export the contents of container `id` +`GET /containers/(id)/export` + +Export the contents of container `id` **Example request**: @@ -259,10 +264,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Start a container](#id10) +### Start a container - `POST /containers/`(*id*)`/start` -: Start the container `id` +`POST /containers/(id)/start` + +Start the container `id` **Example request**: @@ -278,10 +284,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Stop a container](#id11) +### Stop a container - `POST /containers/`(*id*)`/stop` -: Stop the container `id` +`POST /containers/(id)/stop` + +Stop the container `id` **Example request**: @@ -303,10 +310,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Restart a container](#id12) +### Restart a container - `POST /containers/`(*id*)`/restart` -: Restart the container `id` +`POST /containers/(id)/restart` + +Restart the container `id` **Example request**: @@ -328,10 +336,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Kill a container](#id13) +### Kill a container - `POST /containers/`(*id*)`/kill` -: Kill the container `id` +`POST /containers/(id)/kill` + +Kill the container `id` **Example request**: @@ -347,10 +356,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Attach to a container](#id14) +### Attach to a container - `POST /containers/`(*id*)`/attach` -: Attach to the container `id` +`POST /containers/(id)/attach` + +Attach to the container `id` **Example request**: @@ -385,11 +395,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Wait a container](#id15) +### Wait a container - `POST /containers/`(*id*)`/wait` -: Block until container `id` stops, then returns - the exit code +`POST /containers/(id)/wait` + +Block until container `id` stops, then returns the exit code **Example request**: @@ -408,10 +418,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Remove a container](#id16) +### Remove a container - `DELETE /containers/`(*id*) -: Remove the container `id` from the filesystem +`DELETE /containers/(id)` + +Remove the container `id` from the filesystem **Example request**: @@ -435,13 +446,13 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -### [2.2 Images](#id17) +## 2.2 Images -#### [List Images](#id18) +### List Images - `GET /images/`(*format*) -: List images `format` could be json or viz (json - default) +`GET /images/(format)` + +List images `format` could be json or viz (json default) **Example request**: @@ -507,11 +518,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **400** – bad parameter - **500** – server error -#### [Create an image](#id19) +### Create an image - `POST /images/create` -: Create an image, either by pull it from the registry or by importing - it +`POST /images/create` + +Create an image, either by pull it from the registry or by importing it **Example request**: @@ -539,11 +550,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Insert a file in an image](#id20) +### Insert a file in an image - `POST /images/`(*name*)`/insert` -: Insert a file from `url` in the image - `name` at `path` +`POST /images/(name)/insert` + +Insert a file from `url` in the image `name` at `path` **Example request**: @@ -560,10 +571,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Inspect an image](#id21) +### Inspect an image - `GET /images/`(*name*)`/json` -: Return low-level information on the image `name` +`GET /images/(name)/json` + +Return low-level information on the image `name` **Example request**: @@ -607,10 +619,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### [Get the history of an image](#id22) +### Get the history of an image - `GET /images/`(*name*)`/history` -: Return the history of the image `name` +`GET /images/(name)/history` + +Return the history of the image `name` **Example request**: @@ -640,10 +653,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### [Push an image on the registry](#id23) +### Push an image on the registry - `POST /images/`(*name*)`/push` -: Push the image `name` on the registry +`POST /images/(name)/push` + +Push the image `name` on the registry > **Example request**: > @@ -668,10 +682,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### [Tag an image into a repository](#id24) +### Tag an image into a repository - `POST /images/`(*name*)`/tag` -: Tag the image `name` into a repository +`POST /images/(name)/tag` + +Tag the image `name` into a repository **Example request**: @@ -695,10 +710,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### [Remove an image](#id25) +### Remove an image - `DELETE /images/`(*name*) -: Remove the image `name` from the filesystem +`DELETE /images/(name)` + +Remove the image `name` from the filesystem **Example request**: @@ -714,10 +730,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### [Search images](#id26) +### Search images - `GET /images/search` -: Search for an image in the docker index +`GET /images/search` + +Search for an image on [Docker.io](https://index.docker.io) **Example request**: @@ -747,12 +764,13 @@ page_keywords: API, Docker, rcli, REST, documentation :statuscode 200: no error :statuscode 500: server error -### [2.3 Misc](#id27) +## 2.3 Misc -#### [Build an image from Dockerfile via stdin](#id28) +### Build an image from Dockerfile via stdin - `POST /build` -: Build an image from Dockerfile via stdin +`POST /build` + +Build an image from Dockerfile via stdin **Example request**: @@ -778,10 +796,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Get default username and email](#id29) +### Get default username and email - `GET /auth` -: Get the default username and email +`GET /auth` + +Get the default username and email **Example request**: @@ -802,10 +821,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Check auth configuration and store it](#id30) +### Check auth configuration and store it - `POST /auth` -: Get the default username and email +`POST /auth` + +Get the default username and email **Example request**: @@ -828,10 +848,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **204** – no error - **500** – server error -#### [Display system-wide information](#id31) +### Display system-wide information - `GET /info` -: Display system-wide information +`GET /info` + +Display system-wide information **Example request**: @@ -857,10 +878,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Show the docker version information](#id32) +### Show the docker version information - `GET /version` -: Show the docker version information +`GET /version` + +Show the docker version information **Example request**: @@ -882,10 +904,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Create a new image from a container’s changes](#id33) +### Create a new image from a container's changes - `POST /commit` -: Create a new image from a container’s changes +`POST /commit` + +Create a new image from a container's changes > > **Example request**: @@ -913,7 +936,7 @@ page_keywords: API, Docker, rcli, REST, documentation - **tag** – tag - **m** – commit message - **author** – author (eg. "John Hannibal Smith - \<[hannibal@a-team.com](mailto:hannibal%40a-team.com)\>") + <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>") Status Codes: @@ -921,28 +944,28 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -## [3. Going further](#id34) +# 3. Going further -### [3.1 Inside ‘docker run’](#id35) +## 3.1 Inside `docker run` -Here are the steps of ‘docker run’ : +Here are the steps of `docker run` : -- Create the container + - Create the container -- If the status code is 404, it means the image doesn’t exists: - : - Try to pull it - - Then retry to create the container + - If the status code is 404, it means the image doesn't exists: + - Try to pull it + - Then retry to create the container -- Start the container + - Start the container -- If you are not in detached mode: - : - Attach to the container, using logs=1 (to have stdout and - stderr from the container’s start) and stream=1 + - If you are not in detached mode: + - Attach to the container, using logs=1 (to have stdout and + stderr from the container's start) and stream=1 -- If in detached mode or only stdin is attached: - : - Display the container’s id + - If in detached mode or only stdin is attached: + - Display the container's -### [3.2 Hijacking](#id36) +## 3.2 Hijacking In this first version of the API, some of the endpoints, like /attach, /pull or /push uses hijacking to transport stdin, stdout and stderr on diff --git a/docs/sources/reference/api/archive/docker_remote_api_v1.1.md b/docs/sources/reference/api/docker_remote_api_v1.1.md similarity index 83% rename from docs/sources/reference/api/archive/docker_remote_api_v1.1.md rename to docs/sources/reference/api/docker_remote_api_v1.1.md index 71d2f91d37..21997e5488 100644 --- a/docs/sources/reference/api/archive/docker_remote_api_v1.1.md +++ b/docs/sources/reference/api/docker_remote_api_v1.1.md @@ -2,9 +2,9 @@ page_title: Remote API v1.1 page_description: API Documentation for Docker page_keywords: API, Docker, rcli, REST, documentation -# [Docker Remote API v1.1](#id1) +# Docker Remote API v1.1 -## [1. Brief introduction](#id2) +# 1. Brief introduction - The Remote API is replacing rcli - Default port in the docker daemon is 4243 @@ -12,14 +12,15 @@ page_keywords: API, Docker, rcli, REST, documentation or pull, the HTTP connection is hijacked to transport stdout stdin and stderr -## [2. Endpoints](#id3) +# 2. Endpoints -### [2.1 Containers](#id4) +## 2.1 Containers -#### [List containers](#id5) +### List containers - `GET /containers/json` -: List containers +`GET /containers/json` + +List containers **Example request**: @@ -80,10 +81,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **400** – bad parameter - **500** – server error -#### [Create a container](#id6) +### Create a container - `POST /containers/create` -: Create a container +`POST /containers/create` + +Create a container **Example request**: @@ -126,7 +128,7 @@ page_keywords: API, Docker, rcli, REST, documentation   - - **config** – the container’s configuration + - **config** – the container's configuration Status Codes: @@ -135,10 +137,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **406** – impossible to attach (container not running) - **500** – server error -#### [Inspect a container](#id7) +### Inspect a container - `GET /containers/`(*id*)`/json` -: Return low-level information on the container `id` +`GET /containers/(id)/json` + +Return low-level information on the container `id` **Example request**: @@ -202,10 +205,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Inspect changes on a container’s filesystem](#id8) +### Inspect changes on a container's filesystem - `GET /containers/`(*id*)`/changes` -: Inspect changes on container `id` ‘s filesystem +`GET /containers/(id)/changes` + +Inspect changes on container `id`'s filesystem **Example request**: @@ -237,10 +241,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Export a container](#id9) +### Export a container - `GET /containers/`(*id*)`/export` -: Export the contents of container `id` +`GET /containers/(id)/export` + +Export the contents of container `id` **Example request**: @@ -259,10 +264,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Start a container](#id10) +### Start a container - `POST /containers/`(*id*)`/start` -: Start the container `id` +`POST /containers/(id)/start` + +Start the container `id` **Example request**: @@ -278,10 +284,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Stop a container](#id11) +### Stop a container - `POST /containers/`(*id*)`/stop` -: Stop the container `id` +`POST /containers/(id)/stop` + +Stop the container `id` **Example request**: @@ -303,10 +310,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Restart a container](#id12) +### Restart a container - `POST /containers/`(*id*)`/restart` -: Restart the container `id` +`POST /containers/(id)/restart` + +Restart the container `id` **Example request**: @@ -328,10 +336,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Kill a container](#id13) +### Kill a container - `POST /containers/`(*id*)`/kill` -: Kill the container `id` +`POST /containers/(id)/kill` + +Kill the container `id` **Example request**: @@ -347,10 +356,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Attach to a container](#id14) +### Attach to a container - `POST /containers/`(*id*)`/attach` -: Attach to the container `id` +`POST /containers/(id)/attach` + +Attach to the container `id` **Example request**: @@ -385,11 +395,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Wait a container](#id15) +### Wait a container - `POST /containers/`(*id*)`/wait` -: Block until container `id` stops, then returns - the exit code +`POST /containers/(id)/wait` + +Block until container `id` stops, then returns the exit code **Example request**: @@ -408,10 +418,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Remove a container](#id16) +### Remove a container - `DELETE /containers/`(*id*) -: Remove the container `id` from the filesystem +`DELETE /containers/(id)` + +Remove the container `id` from the filesystem **Example request**: @@ -435,13 +446,13 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -### [2.2 Images](#id17) +## 2.2 Images -#### [List Images](#id18) +### List Images - `GET /images/`(*format*) -: List images `format` could be json or viz (json - default) +`GET /images/(format)` + +List images `format` could be json or viz (json default) **Example request**: @@ -507,11 +518,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **400** – bad parameter - **500** – server error -#### [Create an image](#id19) +### Create an image - `POST /images/create` -: Create an image, either by pull it from the registry or by importing - it +`POST /images/create` + +Create an image, either by pull it from the registry or by importing it **Example request**: @@ -542,11 +553,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Insert a file in an image](#id20) +### Insert a file in an image - `POST /images/`(*name*)`/insert` -: Insert a file from `url` in the image - `name` at `path` +`POST /images/(name)/insert` + +Insert a file from `url` in the image `name` at `path` **Example request**: @@ -567,10 +578,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Inspect an image](#id21) +### Inspect an image - `GET /images/`(*name*)`/json` -: Return low-level information on the image `name` +`GET /images/(name)/json` + +Return low-level information on the image `name` **Example request**: @@ -614,10 +626,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### [Get the history of an image](#id22) +### Get the history of an image - `GET /images/`(*name*)`/history` -: Return the history of the image `name` +`GET /images/(name)/history` + +Return the history of the image `name` **Example request**: @@ -647,10 +660,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### [Push an image on the registry](#id23) +### Push an image on the registry - `POST /images/`(*name*)`/push` -: Push the image `name` on the registry +`POST /images/(name)/push` + +Push the image `name` on the registry > **Example request**: > @@ -678,10 +692,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### [Tag an image into a repository](#id24) +### Tag an image into a repository - `POST /images/`(*name*)`/tag` -: Tag the image `name` into a repository +`POST /images/(name)/tag` + +Tag the image `name` into a repository **Example request**: @@ -706,10 +721,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **409** – conflict - **500** – server error -#### [Remove an image](#id25) +### Remove an image - `DELETE /images/`(*name*) -: Remove the image `name` from the filesystem +`DELETE /images/(name)` + +Remove the image `name` from the filesystem **Example request**: @@ -725,10 +741,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### [Search images](#id26) +### Search images - `GET /images/search` -: Search for an image in the docker index +`GET /images/search` + +Search for an image on [Docker.io](https://index.docker.io) **Example request**: @@ -758,12 +775,13 @@ page_keywords: API, Docker, rcli, REST, documentation :statuscode 200: no error :statuscode 500: server error -### [2.3 Misc](#id27) +## 2.3 Misc -#### [Build an image from Dockerfile via stdin](#id28) +### Build an image from Dockerfile via stdin - `POST /build` -: Build an image from Dockerfile via stdin +`POST /build` + +Build an image from Dockerfile via stdin **Example request**: @@ -789,10 +807,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Get default username and email](#id29) +### Get default username and email - `GET /auth` -: Get the default username and email +`GET /auth` + +Get the default username and email **Example request**: @@ -813,10 +832,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Check auth configuration and store it](#id30) +### Check auth configuration and store it - `POST /auth` -: Get the default username and email +`POST /auth` + +Get the default username and email **Example request**: @@ -839,10 +859,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **204** – no error - **500** – server error -#### [Display system-wide information](#id31) +### Display system-wide information - `GET /info` -: Display system-wide information +`GET /info` + +Display system-wide information **Example request**: @@ -868,10 +889,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Show the docker version information](#id32) +### Show the docker version information - `GET /version` -: Show the docker version information +`GET /version` + +Show the docker version information **Example request**: @@ -893,10 +915,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Create a new image from a container’s changes](#id33) +### Create a new image from a container's changes - `POST /commit` -: Create a new image from a container’s changes +`POST /commit` + +Create a new image from a container's changes **Example request**: @@ -924,7 +947,7 @@ page_keywords: API, Docker, rcli, REST, documentation - **tag** – tag - **m** – commit message - **author** – author (eg. "John Hannibal Smith - \<[hannibal@a-team.com](mailto:hannibal%40a-team.com)\>") + <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>") Status Codes: @@ -932,28 +955,28 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -## [3. Going further](#id34) +# 3. Going further -### [3.1 Inside ‘docker run’](#id35) +## 3.1 Inside `docker run` -Here are the steps of ‘docker run’ : +Here are the steps of `docker run` : -- Create the container + - Create the container -- If the status code is 404, it means the image doesn’t exists: - : - Try to pull it - - Then retry to create the container + - If the status code is 404, it means the image doesn't exists: + - Try to pull it + - Then retry to create the container -- Start the container + - Start the container -- If you are not in detached mode: - : - Attach to the container, using logs=1 (to have stdout and - stderr from the container’s start) and stream=1 + - If you are not in detached mode: + - Attach to the container, using logs=1 (to have stdout and + stderr from the container's start) and stream=1 -- If in detached mode or only stdin is attached: - : - Display the container’s id + - If in detached mode or only stdin is attached: + - Display the container's -### [3.2 Hijacking](#id36) +## 3.2 Hijacking In this version of the API, /attach uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. diff --git a/docs/sources/reference/api/docker_remote_api_v1.10.md b/docs/sources/reference/api/docker_remote_api_v1.10.md index 02d13403ef..721244b49e 100644 --- a/docs/sources/reference/api/docker_remote_api_v1.10.md +++ b/docs/sources/reference/api/docker_remote_api_v1.10.md @@ -6,23 +6,23 @@ page_keywords: API, Docker, rcli, REST, documentation ## 1. Brief introduction -- The Remote API has replaced rcli -- The daemon listens on `unix:///var/run/docker.sock` -, but you can [*Bind Docker to another host/port or a Unix - socket*](../../../use/basics/#bind-docker). -- The API tends to be REST, but for some complex commands, like - `attach` or `pull`, the HTTP - connection is hijacked to transport `stdout, stdin` - and `stderr` + - The Remote API has replaced rcli + - The daemon listens on `unix:///var/run/docker.sock` but you can + [*Bind Docker to another host/port or a Unix socket*]( + /use/basics/#bind-docker). + - The API tends to be REST, but for some complex commands, like `attach` + or `pull`, the HTTP connection is hijacked to transport `stdout, stdin` + and `stderr` -## 2. Endpoints +# 2. Endpoints -### 2.1 Containers +## 2.1 Containers -#### List containers +### List containers - `GET /containers/json` -: List containers +`GET /containers/json` + +List containers **Example request**: @@ -97,10 +97,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **400** – bad parameter - **500** – server error -#### Create a container +### Create a container - `POST /containers/create` -: Create a container +`POST /containers/create` + +Create a container **Example request**: @@ -128,9 +129,8 @@ page_keywords: API, Docker, rcli, REST, documentation "/tmp": {} }, "WorkingDir":"", - "DisableNetwork": false, + "NetworkDisabled": false, "ExposedPorts":{ - "DisableNetwork": false, "22/tcp": {} } } @@ -149,7 +149,7 @@ page_keywords: API, Docker, rcli, REST, documentation   - - **config** – the container’s configuration + - **config** – the container's configuration Query Parameters: @@ -165,11 +165,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **406** – impossible to attach (container not running) - **500** – server error -#### Inspect a container +### Inspect a container - `GET /containers/`(*id*)`/json` -: Return low-level information on the container `id` +`GET /containers/(id)/json` +Return low-level information on the container `id` **Example request**: @@ -248,10 +248,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### List processes running inside a container +### List processes running inside a container - `GET /containers/`(*id*)`/top` -: List processes running inside the container `id` +`GET /containers/(id)/top` + +List processes running inside the container `id` **Example request**: @@ -294,10 +295,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### Inspect changes on a container’s filesystem +### Inspect changes on a container's filesystem - `GET /containers/`(*id*)`/changes` -: Inspect changes on container `id` ‘s filesystem +`GET /containers/(id)/changes` + +Inspect changes on container `id` 's filesystem **Example request**: @@ -329,10 +331,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### Export a container +### Export a container - `GET /containers/`(*id*)`/export` -: Export the contents of container `id` +`GET /containers/(id)/export` + +Export the contents of container `id` **Example request**: @@ -351,10 +354,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### Start a container +### Start a container - `POST /containers/`(*id*)`/start` -: Start the container `id` +`POST /containers/(id)/start` + +Start the container `id` **Example request**: @@ -380,7 +384,7 @@ page_keywords: API, Docker, rcli, REST, documentation   - - **hostConfig** – the container’s host configuration (optional) + - **hostConfig** – the container's host configuration (optional) Status Codes: @@ -388,10 +392,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### Stop a container +### Stop a container - `POST /containers/`(*id*)`/stop` -: Stop the container `id` +`POST /containers/(id)/stop` + +Stop the container `id` **Example request**: @@ -413,10 +418,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### Restart a container +### Restart a container - `POST /containers/`(*id*)`/restart` -: Restart the container `id` +`POST /containers/(id)/restart` + +Restart the container `id` **Example request**: @@ -438,10 +444,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### Kill a container +### Kill a container - `POST /containers/`(*id*)`/kill` -: Kill the container `id` +`POST /containers/(id)/kill` + +Kill the container `id` **Example request**: @@ -451,16 +458,22 @@ page_keywords: API, Docker, rcli, REST, documentation HTTP/1.1 204 OK + Query Parameters + + - **signal** - Signal to send to the container: integer or string like "SIGINT". + When not set, SIGKILL is assumed and the call will waits for the container to exit. + Status Codes: - **204** – no error - **404** – no such container - **500** – server error -#### Attach to a container +### Attach to a container - `POST /containers/`(*id*)`/attach` -: Attach to the container `id` +`POST /containers/(id)/attach` + +Attach to the container `id` **Example request**: @@ -500,7 +513,7 @@ page_keywords: API, Docker, rcli, REST, documentation When using the TTY setting is enabled in [`POST /containers/create` ](../docker_remote_api_v1.9/#post--containers-create "POST /containers/create"), - the stream is the raw data from the process PTY and client’s stdin. + the stream is the raw data from the process PTY and client's stdin. When the TTY is disabled, then the stream is multiplexed to separate stdout and stderr. @@ -539,10 +552,11 @@ page_keywords: API, Docker, rcli, REST, documentation 4. Read the extracted size and output it on the correct output 5. Goto 1) -#### Wait a container +### Wait a container - `POST /containers/`(*id*)`/wait` -: Block until container `id` stops, then returns +`POST /containers/(id)/wait` + +Block until container `id` stops, then returns the exit code **Example request**: @@ -562,9 +576,9 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### Remove a container +### Remove a container - `DELETE /containers/`(*id*) + `DELETE /containers/(id*) : Remove the container `id` from the filesystem **Example request**: @@ -591,10 +605,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### Copy files or folders from a container +### Copy files or folders from a container - `POST /containers/`(*id*)`/copy` -: Copy files or folders of container `id` +`POST /containers/(id)/copy` + +Copy files or folders of container `id` **Example request**: @@ -620,10 +635,11 @@ page_keywords: API, Docker, rcli, REST, documentation ### 2.2 Images -#### List Images +### List Images - `GET /images/json` -: **Example request**: +`GET /images/json` + +**Example request**: GET /images/json?all=0 HTTP/1.1 @@ -657,10 +673,11 @@ page_keywords: API, Docker, rcli, REST, documentation } ] -#### Create an image +### Create an image - `POST /images/create` -: Create an image, either by pull it from the registry or by importing +`POST /images/create` + +Create an image, either by pull it from the registry or by importing it **Example request**: @@ -702,10 +719,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### Insert a file in an image +### Insert a file in an image - `POST /images/`(*name*)`/insert` -: Insert a file from `url` in the image +`POST /images/(name)/insert` + +Insert a file from `url` in the image `name` at `path` **Example request**: @@ -727,10 +745,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### Inspect an image +### Inspect an image - `GET /images/`(*name*)`/json` -: Return low-level information on the image `name` +`GET /images/(name)/json` + +Return low-level information on the image `name` **Example request**: @@ -774,10 +793,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### Get the history of an image +### Get the history of an image - `GET /images/`(*name*)`/history` -: Return the history of the image `name` +`GET /images/(name)/history` + +Return the history of the image `name` **Example request**: @@ -807,10 +827,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### Push an image on the registry +### Push an image on the registry - `POST /images/`(*name*)`/push` -: Push the image `name` on the registry +`POST /images/(name)/push` + +Push the image `name` on the registry **Example request**: @@ -845,10 +866,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### Tag an image into a repository +### Tag an image into a repository - `POST /images/`(*name*)`/tag` -: Tag the image `name` into a repository +`POST /images/(name)/tag` + +Tag the image `name` into a repository **Example request**: @@ -873,9 +895,9 @@ page_keywords: API, Docker, rcli, REST, documentation - **409** – conflict - **500** – server error -#### Remove an image +### Remove an image - `DELETE /images/`(*name*) + `DELETE /images/(name*) : Remove the image `name` from the filesystem **Example request**: @@ -907,14 +929,15 @@ page_keywords: API, Docker, rcli, REST, documentation - **409** – conflict - **500** – server error -#### Search images +### Search images - `GET /images/search` -: Search for an image in the docker index. +`GET /images/search` + +Search for an image on [Docker.io](https://index.docker.io). > **Note**: > The response keys have changed from API v1.6 to reflect the JSON -> sent by the registry server to the docker daemon’s request. +> sent by the registry server to the docker daemon's request. **Example request**: @@ -963,10 +986,11 @@ page_keywords: API, Docker, rcli, REST, documentation ### 2.3 Misc -#### Build an image from Dockerfile via stdin +### Build an image from Dockerfile via stdin - `POST /build` -: Build an image from Dockerfile via stdin +`POST /build` + +Build an image from Dockerfile via stdin **Example request**: @@ -989,7 +1013,7 @@ page_keywords: API, Docker, rcli, REST, documentation The archive must include a file called `Dockerfile` at its root. It may include any number of other files, which will be accessible in the build context (See the [*ADD build - command*](../../builder/#dockerbuilder)). + command*](/reference/builder/#dockerbuilder)). Query Parameters: @@ -1013,10 +1037,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### Check auth configuration +### Check auth configuration - `POST /auth` -: Get the default username and email +`POST /auth` + +Get the default username and email **Example request**: @@ -1040,10 +1065,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **204** – no error - **500** – server error -#### Display system-wide information +### Display system-wide information - `GET /info` -: Display system-wide information +`GET /info` + +Display system-wide information **Example request**: @@ -1070,10 +1096,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### Show the docker version information +### Show the docker version information - `GET /version` -: Show the docker version information +`GET /version` + +Show the docker version information **Example request**: @@ -1095,14 +1122,42 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### Create a new image from a container’s changes +### Create a new image from a container's changes - `POST /commit` -: Create a new image from a container’s changes +`POST /commit` + +Create a new image from a container's changes **Example request**: POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 + Content-Type: application/json + + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "AttachStdin":false, + "AttachStdout":true, + "AttachStderr":true, + "PortSpecs":null, + "Tty":false, + "OpenStdin":false, + "StdinOnce":false, + "Env":null, + "Cmd":[ + "date" + ], + "Volumes":{ + "/tmp": {} + }, + "WorkingDir":"", + "NetworkDisabled": false, + "ExposedPorts":{ + "22/tcp": {} + } + } **Example response**: @@ -1111,6 +1166,13 @@ page_keywords: API, Docker, rcli, REST, documentation {"Id":"596069db4bf5"} + + Json Parameters: + + + + - **config** - the container's configuration + Query Parameters:   @@ -1120,9 +1182,7 @@ page_keywords: API, Docker, rcli, REST, documentation - **tag** – tag - **m** – commit message - **author** – author (eg. "John Hannibal Smith - \<[hannibal@a-team.com](mailto:hannibal%40a-team.com)\>") - - **run** – config automatically applied when the image is run. - (ex: {"Cmd": ["cat", "/world"], "PortSpecs":["22"]}) + <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>") Status Codes: @@ -1130,10 +1190,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### Monitor Docker’s events +### Monitor Docker's events - `GET /events` -: Get events from docker, either in real time via streaming, or via +`GET /events` + +Get events from docker, either in real time via streaming, or via polling (using since) **Example request**: @@ -1161,10 +1222,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### Get a tarball containing all images and tags in a repository +### Get a tarball containing all images and tags in a repository - `GET /images/`(*name*)`/get` -: Get a tarball containing all images and metadata for the repository +`GET /images/(name)/get` + +Get a tarball containing all images and metadata for the repository specified by `name`. **Example request** @@ -1183,10 +1245,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### Load a tarball with a set of images and tags into docker +### Load a tarball with a set of images and tags into docker - `POST /images/load` -: Load a set of images and tags into the docker repository. +`POST /images/load` + +Load a set of images and tags into the docker repository. **Example request** @@ -1203,35 +1266,35 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -## 3. Going further +# 3. Going further -### 3.1 Inside ‘docker run’ +## 3.1 Inside `docker run` -Here are the steps of ‘docker run’ : +Here are the steps of `docker run` : -- Create the container + - Create the container -- If the status code is 404, it means the image doesn’t exists: - : - Try to pull it - - Then retry to create the container + - If the status code is 404, it means the image doesn't exists: + - Try to pull it + - Then retry to create the container -- Start the container + - Start the container -- If you are not in detached mode: - : - Attach to the container, using logs=1 (to have stdout and - stderr from the container’s start) and stream=1 + - If you are not in detached mode: + - Attach to the container, using logs=1 (to have stdout and + stderr from the container's start) and stream=1 -- If in detached mode or only stdin is attached: - : - Display the container’s id + - If in detached mode or only stdin is attached: + - Display the container's id -### 3.2 Hijacking +## 3.2 Hijacking In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. -### 3.3 CORS Requests +## 3.3 CORS Requests To enable cross origin requests to the remote api add the flag "–api-enable-cors" when running docker in daemon mode. - docker -d -H="192.168.1.9:4243" --api-enable-cors + $ docker -d -H="192.168.1.9:4243" --api-enable-cors diff --git a/docs/sources/reference/api/docker_remote_api_v1.10.rst b/docs/sources/reference/api/docker_remote_api_v1.10.rst deleted file mode 100644 index 83e2c3c15b..0000000000 --- a/docs/sources/reference/api/docker_remote_api_v1.10.rst +++ /dev/null @@ -1,1279 +0,0 @@ -:title: Remote API v1.10 -:description: API Documentation for Docker -:keywords: API, Docker, rcli, REST, documentation - -:orphan: - -======================= -Docker Remote API v1.10 -======================= - -1. Brief introduction -===================== - -- The Remote API has replaced rcli -- The daemon listens on ``unix:///var/run/docker.sock``, but you can - :ref:`bind_docker`. -- The API tends to be REST, but for some complex commands, like - ``attach`` or ``pull``, the HTTP connection is hijacked to transport - ``stdout, stdin`` and ``stderr`` - -2. Endpoints -============ - -2.1 Containers --------------- - -List containers -*************** - -.. http:get:: /containers/json - - List containers - - **Example request**: - - .. sourcecode:: http - - GET /containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id": "8dfafdbc3a40", - "Image": "base:latest", - "Command": "echo 1", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":[{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "9cd87474be90", - "Image": "base:latest", - "Command": "echo 222222", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "3176a2479c92", - "Image": "base:latest", - "Command": "echo 3333333333333333", - "Created": 1367854154, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "4cb07b47f9fb", - "Image": "base:latest", - "Command": "echo 444444444444444444444444444444444", - "Created": 1367854152, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - } - ] - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :query limit: Show ``limit`` last created containers, include non-running ones. - :query since: Show only containers created since Id, include non-running ones. - :query before: Show only containers created before Id, include non-running ones. - :query size: 1/True/true or 0/False/false, Show the containers sizes - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create a container -****************** - -.. http:post:: /containers/create - - Create a container - - **Example request**: - - .. sourcecode:: http - - POST /containers/create HTTP/1.1 - Content-Type: application/json - - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":true, - "AttachStderr":true, - "PortSpecs":null, - "Tty":false, - "OpenStdin":false, - "StdinOnce":false, - "Env":null, - "Cmd":[ - "date" - ], - "Image":"base", - "Volumes":{ - "/tmp": {} - }, - "WorkingDir":"", - "DisableNetwork": false, - "ExposedPorts":{ - "22/tcp": {} - } - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/json - - { - "Id":"e90e34656806" - "Warnings":[] - } - - :jsonparam config: the container's configuration - :query name: Assign the specified name to the container. Must match ``/?[a-zA-Z0-9_-]+``. - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 406: impossible to attach (container not running) - :statuscode 500: server error - - -Inspect a container -******************* - -.. http:get:: /containers/(id)/json - - Return low-level information on the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", - "Created": "2013-05-07T14:51:42.041847+02:00", - "Path": "date", - "Args": [], - "Config": { - "Hostname": "4fa6e0f0c678", - "User": "", - "Memory": 0, - "MemorySwap": 0, - "AttachStdin": false, - "AttachStdout": true, - "AttachStderr": true, - "PortSpecs": null, - "Tty": false, - "OpenStdin": false, - "StdinOnce": false, - "Env": null, - "Cmd": [ - "date" - ], - "Image": "base", - "Volumes": {}, - "WorkingDir":"" - - }, - "State": { - "Running": false, - "Pid": 0, - "ExitCode": 0, - "StartedAt": "2013-05-07T14:51:42.087658+02:01360", - "Ghost": false - }, - "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "NetworkSettings": { - "IpAddress": "", - "IpPrefixLen": 0, - "Gateway": "", - "Bridge": "", - "PortMapping": null - }, - "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", - "ResolvConfPath": "/etc/resolv.conf", - "Volumes": {}, - "HostConfig": { - "Binds": null, - "ContainerIDFile": "", - "LxcConf": [], - "Privileged": false, - "PortBindings": { - "80/tcp": [ - { - "HostIp": "0.0.0.0", - "HostPort": "49153" - } - ] - }, - "Links": null, - "PublishAllPorts": false - } - } - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -List processes running inside a container -***************************************** - -.. http:get:: /containers/(id)/top - - List processes running inside the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/top HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Titles":[ - "USER", - "PID", - "%CPU", - "%MEM", - "VSZ", - "RSS", - "TTY", - "STAT", - "START", - "TIME", - "COMMAND" - ], - "Processes":[ - ["root","20147","0.0","0.1","18060","1864","pts/4","S","10:06","0:00","bash"], - ["root","20271","0.0","0.0","4312","352","pts/4","S+","10:07","0:00","sleep","10"] - ] - } - - :query ps_args: ps arguments to use (eg. aux) - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Inspect changes on a container's filesystem -******************************************* - -.. http:get:: /containers/(id)/changes - - Inspect changes on container ``id`` 's filesystem - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/changes HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Path":"/dev", - "Kind":0 - }, - { - "Path":"/dev/kmsg", - "Kind":1 - }, - { - "Path":"/test", - "Kind":1 - } - ] - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Export a container -****************** - -.. http:get:: /containers/(id)/export - - Export the contents of container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/export HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Start a container -***************** - -.. http:post:: /containers/(id)/start - - Start the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/(id)/start HTTP/1.1 - Content-Type: application/json - - { - "Binds":["/tmp:/tmp"], - "LxcConf":{"lxc.utsname":"docker"}, - "PortBindings":{ "22/tcp": [{ "HostPort": "11022" }] }, - "PublishAllPorts":false, - "Privileged":false - "Dns": ["8.8.8.8"], - "VolumesFrom: ["parent", "other:ro"] - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 No Content - Content-Type: text/plain - - :jsonparam hostConfig: the container's host configuration (optional) - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Stop a container -**************** - -.. http:post:: /containers/(id)/stop - - Stop the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/stop?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Restart a container -******************* - -.. http:post:: /containers/(id)/restart - - Restart the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/restart?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Kill a container -**************** - -.. http:post:: /containers/(id)/kill - - Kill the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/kill HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Attach to a container -********************* - -.. http:post:: /containers/(id)/attach - - Attach to the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/vnd.docker.raw-stream - - {{ STREAM }} - - :query logs: 1/True/true or 0/False/false, return logs. Default false - :query stream: 1/True/true or 0/False/false, return stream. Default false - :query stdin: 1/True/true or 0/False/false, if stream=true, attach to stdin. Default false - :query stdout: 1/True/true or 0/False/false, if logs=true, return stdout log, if stream=true, attach to stdout. Default false - :query stderr: 1/True/true or 0/False/false, if logs=true, return stderr log, if stream=true, attach to stderr. Default false - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - **Stream details**: - - When using the TTY setting is enabled in - :http:post:`/containers/create`, the stream is the raw data - from the process PTY and client's stdin. When the TTY is - disabled, then the stream is multiplexed to separate stdout - and stderr. - - The format is a **Header** and a **Payload** (frame). - - **HEADER** - - The header will contain the information on which stream write - the stream (stdout or stderr). It also contain the size of - the associated frame encoded on the last 4 bytes (uint32). - - It is encoded on the first 8 bytes like this:: - - header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4} - - ``STREAM_TYPE`` can be: - - - 0: stdin (will be writen on stdout) - - 1: stdout - - 2: stderr - - ``SIZE1, SIZE2, SIZE3, SIZE4`` are the 4 bytes of the uint32 size encoded as big endian. - - **PAYLOAD** - - The payload is the raw stream. - - **IMPLEMENTATION** - - The simplest way to implement the Attach protocol is the following: - - 1) Read 8 bytes - 2) chose stdout or stderr depending on the first byte - 3) Extract the frame size from the last 4 byets - 4) Read the extracted size and output it on the correct output - 5) Goto 1) - - - -Wait a container -**************** - -.. http:post:: /containers/(id)/wait - - Block until container ``id`` stops, then returns the exit code - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/wait HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"StatusCode":0} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Remove a container -******************* - -.. http:delete:: /containers/(id) - - Remove the container ``id`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /containers/16253994b7c4?v=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query v: 1/True/true or 0/False/false, Remove the volumes associated to the container. Default false - :query force: 1/True/true or 0/False/false, Removes the container even if it was running. Default false - :statuscode 204: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -Copy files or folders from a container -************************************** - -.. http:post:: /containers/(id)/copy - - Copy files or folders of container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/4fa6e0f0c678/copy HTTP/1.1 - Content-Type: application/json - - { - "Resource":"test.txt" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -2.2 Images ----------- - -List Images -*********** - -.. http:get:: /images/json - - **Example request**: - - .. sourcecode:: http - - GET /images/json?all=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "RepoTags": [ - "ubuntu:12.04", - "ubuntu:precise", - "ubuntu:latest" - ], - "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", - "Created": 1365714795, - "Size": 131506275, - "VirtualSize": 131506275 - }, - { - "RepoTags": [ - "ubuntu:12.10", - "ubuntu:quantal" - ], - "ParentId": "27cf784147099545", - "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "Created": 1364102658, - "Size": 24653, - "VirtualSize": 180116135 - } - ] - - -Create an image -*************** - -.. http:post:: /images/create - - Create an image, either by pull it from the registry or by importing it - - **Example request**: - - .. sourcecode:: http - - POST /images/create?fromImage=base HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pulling..."} - {"status":"Pulling", "progress":"1 B/ 100 B", "progressDetail":{"current":1, "total":100}} - {"error":"Invalid..."} - ... - - When using this endpoint to pull an image from the registry, - the ``X-Registry-Auth`` header can be used to include a - base64-encoded AuthConfig object. - - :query fromImage: name of the image to pull - :query fromSrc: source to import, - means stdin - :query repo: repository - :query tag: tag - :query registry: the registry to pull from - :reqheader X-Registry-Auth: base64-encoded AuthConfig object - :statuscode 200: no error - :statuscode 500: server error - - - -Insert a file in an image -************************* - -.. http:post:: /images/(name)/insert - - Insert a file from ``url`` in the image ``name`` at ``path`` - - **Example request**: - - .. sourcecode:: http - - POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Inserting..."} - {"status":"Inserting", "progress":"1/? (n/a)", "progressDetail":{"current":1}} - {"error":"Invalid..."} - ... - - :statuscode 200: no error - :statuscode 500: server error - - -Inspect an image -**************** - -.. http:get:: /images/(name)/json - - Return low-level information on the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/base/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "parent":"27cf784147099545", - "created":"2013-03-23T22:24:18.818426-07:00", - "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", - "container_config": - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":false, - "AttachStderr":false, - "PortSpecs":null, - "Tty":true, - "OpenStdin":true, - "StdinOnce":false, - "Env":null, - "Cmd": ["/bin/bash"] - "Image":"base", - "Volumes":null, - "WorkingDir":"" - }, - "Size": 6824592 - } - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Get the history of an image -*************************** - -.. http:get:: /images/(name)/history - - Return the history of the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/base/history HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id":"b750fe79269d", - "Created":1364102658, - "CreatedBy":"/bin/bash" - }, - { - "Id":"27cf78414709", - "Created":1364068391, - "CreatedBy":"" - } - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Push an image on the registry -***************************** - -.. http:post:: /images/(name)/push - - Push the image ``name`` on the registry - - **Example request**: - - .. sourcecode:: http - - POST /images/test/push HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pushing..."} - {"status":"Pushing", "progress":"1/? (n/a)", "progressDetail":{"current":1}}} - {"error":"Invalid..."} - ... - - :query registry: the registry you wan to push, optional - :reqheader X-Registry-Auth: include a base64-encoded AuthConfig object. - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Tag an image into a repository -****************************** - -.. http:post:: /images/(name)/tag - - Tag the image ``name`` into a repository - - **Example request**: - - .. sourcecode:: http - - POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - - :query repo: The repository to tag in - :query force: 1/True/true or 0/False/false, default false - :statuscode 201: no error - :statuscode 400: bad parameter - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Remove an image -*************** - -.. http:delete:: /images/(name) - - Remove the image ``name`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /images/test HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-type: application/json - - [ - {"Untagged":"3e2f21a89f"}, - {"Deleted":"3e2f21a89f"}, - {"Deleted":"53b4f83ac9"} - ] - - :query force: 1/True/true or 0/False/false, default false - :query noprune: 1/True/true or 0/False/false, default false - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Search images -************* - -.. http:get:: /images/search - - Search for an image in the docker index. - - .. note:: - - The response keys have changed from API v1.6 to reflect the JSON - sent by the registry server to the docker daemon's request. - - **Example request**: - - .. sourcecode:: http - - GET /images/search?term=sshd HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "description": "", - "is_official": false, - "is_trusted": false, - "name": "wma55/u1210sshd", - "star_count": 0 - }, - { - "description": "", - "is_official": false, - "is_trusted": false, - "name": "jdswinbank/sshd", - "star_count": 0 - }, - { - "description": "", - "is_official": false, - "is_trusted": false, - "name": "vgauthier/sshd", - "star_count": 0 - } - ... - ] - - :query term: term to search - :statuscode 200: no error - :statuscode 500: server error - - -2.3 Misc --------- - -Build an image from Dockerfile via stdin -**************************************** - -.. http:post:: /build - - Build an image from Dockerfile via stdin - - **Example request**: - - .. sourcecode:: http - - POST /build HTTP/1.1 - - {{ STREAM }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"stream":"Step 1..."} - {"stream":"..."} - {"error":"Error...", "errorDetail":{"code": 123, "message": "Error..."}} - - - The stream must be a tar archive compressed with one of the - following algorithms: identity (no compression), gzip, bzip2, - xz. - - The archive must include a file called ``Dockerfile`` at its - root. It may include any number of other files, which will be - accessible in the build context (See the :ref:`ADD build command - `). - - :query t: repository name (and optionally a tag) to be applied to the resulting image in case of success - :query q: suppress verbose build output - :query nocache: do not use the cache when building the image - :reqheader Content-type: should be set to ``"application/tar"``. - :reqheader X-Registry-Config: base64-encoded ConfigFile object - :statuscode 200: no error - :statuscode 500: server error - - - -Check auth configuration -************************ - -.. http:post:: /auth - - Get the default username and email - - **Example request**: - - .. sourcecode:: http - - POST /auth HTTP/1.1 - Content-Type: application/json - - { - "username":"hannibal", - "password:"xxxx", - "email":"hannibal@a-team.com", - "serveraddress":"https://index.docker.io/v1/" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 204: no error - :statuscode 500: server error - - -Display system-wide information -******************************* - -.. http:get:: /info - - Display system-wide information - - **Example request**: - - .. sourcecode:: http - - GET /info HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Containers":11, - "Images":16, - "Debug":false, - "NFd": 11, - "NGoroutines":21, - "MemoryLimit":true, - "SwapLimit":false, - "IPv4Forwarding":true - } - - :statuscode 200: no error - :statuscode 500: server error - - -Show the docker version information -*********************************** - -.. http:get:: /version - - Show the docker version information - - **Example request**: - - .. sourcecode:: http - - GET /version HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Version":"0.2.2", - "GitCommit":"5a2a5cc+CHANGES", - "GoVersion":"go1.0.3" - } - - :statuscode 200: no error - :statuscode 500: server error - - -Create a new image from a container's changes -********************************************* - -.. http:post:: /commit - - Create a new image from a container's changes - - **Example request**: - - .. sourcecode:: http - - POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/vnd.docker.raw-stream - - {"Id":"596069db4bf5"} - - :query container: source container - :query repo: repository - :query tag: tag - :query m: commit message - :query author: author (eg. "John Hannibal Smith ") - :query run: config automatically applied when the image is run. (ex: {"Cmd": ["cat", "/world"], "PortSpecs":["22"]}) - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Monitor Docker's events -*********************** - -.. http:get:: /events - - Get events from docker, either in real time via streaming, or via polling (using `since`) - - **Example request**: - - .. sourcecode:: http - - GET /events?since=1374067924 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"create","id":"dfdf82bd3881","from":"base:latest","time":1374067924} - {"status":"start","id":"dfdf82bd3881","from":"base:latest","time":1374067924} - {"status":"stop","id":"dfdf82bd3881","from":"base:latest","time":1374067966} - {"status":"destroy","id":"dfdf82bd3881","from":"base:latest","time":1374067970} - - :query since: timestamp used for polling - :statuscode 200: no error - :statuscode 500: server error - -Get a tarball containing all images and tags in a repository -************************************************************ - -.. http:get:: /images/(name)/get - - Get a tarball containing all images and metadata for the repository specified by ``name``. - - **Example request** - - .. sourcecode:: http - - GET /images/ubuntu/get - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/x-tar - - Binary data stream - - :statuscode 200: no error - :statuscode 500: server error - -Load a tarball with a set of images and tags into docker -******************************************************** - -.. http:post:: /images/load - - Load a set of images and tags into the docker repository. - - **Example request** - - .. sourcecode:: http - - POST /images/load - - Tarball in body - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 500: server error - -3. Going further -================ - -3.1 Inside 'docker run' ------------------------ - -Here are the steps of 'docker run' : - -* Create the container -* If the status code is 404, it means the image doesn't exists: - * Try to pull it - * Then retry to create the container -* Start the container -* If you are not in detached mode: - * Attach to the container, using logs=1 (to have stdout and stderr from the container's start) and stream=1 -* If in detached mode or only stdin is attached: - * Display the container's id - - -3.2 Hijacking -------------- - -In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. - -3.3 CORS Requests ------------------ - -To enable cross origin requests to the remote api add the flag "--api-enable-cors" when running docker in daemon mode. - -.. code-block:: bash - - docker -d -H="192.168.1.9:4243" --api-enable-cors diff --git a/docs/sources/reference/api/docker_remote_api_v1.11.md b/docs/sources/reference/api/docker_remote_api_v1.11.md index 6e038acd82..53e07b380c 100644 --- a/docs/sources/reference/api/docker_remote_api_v1.11.md +++ b/docs/sources/reference/api/docker_remote_api_v1.11.md @@ -6,23 +6,23 @@ page_keywords: API, Docker, rcli, REST, documentation ## 1. Brief introduction -- The Remote API has replaced rcli -- The daemon listens on `unix:///var/run/docker.sock` -, but you can [*Bind Docker to another host/port or a Unix - socket*](../../../use/basics/#bind-docker). -- The API tends to be REST, but for some complex commands, like - `attach` or `pull`, the HTTP - connection is hijacked to transport `stdout, stdin` - and `stderr` + - The Remote API has replaced rcli + - The daemon listens on `unix:///var/run/docker.sock` but you can + [*Bind Docker to another host/port or a Unix socket*]( + /use/basics/#bind-docker). + - The API tends to be REST, but for some complex commands, like `attach` + or `pull`, the HTTP connection is hijacked to transport `stdout, stdin` + and `stderr` -## 2. Endpoints +# 2. Endpoints -### 2.1 Containers +## 2.1 Containers -#### List containers +### List containers - `GET /containers/json` -: List containers +`GET /containers/json` + +List containers **Example request**: @@ -97,10 +97,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **400** – bad parameter - **500** – server error -#### Create a container +### Create a container - `POST /containers/create` -: Create a container +`POST /containers/create` + +Create a container **Example request**: @@ -150,7 +151,7 @@ page_keywords: API, Docker, rcli, REST, documentation   - - **config** – the container’s configuration + - **config** – the container's configuration Query Parameters: @@ -166,10 +167,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **406** – impossible to attach (container not running) - **500** – server error -#### Inspect a container +### Inspect a container - `GET /containers/`(*id*)`/json` -: Return low-level information on the container `id` +`GET /containers/(id)/json` + +Return low-level information on the container `id` **Example request**: @@ -251,10 +253,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### List processes running inside a container +### List processes running inside a container - `GET /containers/`(*id*)`/top` -: List processes running inside the container `id` +`GET /containers/(id)/top` + +List processes running inside the container `id` **Example request**: @@ -289,7 +292,7 @@ page_keywords: API, Docker, rcli, REST, documentation   - - **ps\_args** – ps arguments to use (eg. aux) + - **ps_args** – ps arguments to use (eg. aux) Status Codes: @@ -297,10 +300,47 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### Inspect changes on a container’s filesystem +### Get container logs - `GET /containers/`(*id*)`/changes` -: Inspect changes on container `id` ‘s filesystem +`GET /containers/(id)/logs` + +Get stdout and stderr logs from the container ``id`` + + **Example request**: + + GET /containers/4fa6e0f0c678/logs?stderr=1&stdout=1×tamps=1&follow=1 HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/vnd.docker.raw-stream + + {{ STREAM }} + + Query Parameters: + +   + + - **follow** – 1/True/true or 0/False/false, return stream. + Default false + - **stdout** – 1/True/true or 0/False/false, if logs=true, return + stdout log. Default false + - **stderr** – 1/True/true or 0/False/false, if logs=true, return + stderr log. Default false + - **timestamps** – 1/True/true or 0/False/false, if logs=true, print + timestamps for every log line. Default false + + Status Codes: + + - **200** – no error + - **404** – no such container + - **500** – server error + +### Inspect changes on a container's filesystem + +`GET /containers/(id)/changes` + +Inspect changes on container `id`'s filesystem **Example request**: @@ -332,10 +372,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### Export a container +### Export a container - `GET /containers/`(*id*)`/export` -: Export the contents of container `id` +`GET /containers/(id)/export` + +Export the contents of container `id` **Example request**: @@ -354,10 +395,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### Start a container +### Start a container - `POST /containers/`(*id*)`/start` -: Start the container `id` +`POST /containers/(id)/start` + +Start the container `id` **Example request**: @@ -381,7 +423,7 @@ page_keywords: API, Docker, rcli, REST, documentation   - - **hostConfig** – the container’s host configuration (optional) + - **hostConfig** – the container's host configuration (optional) Status Codes: @@ -389,10 +431,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### Stop a container +### Stop a container - `POST /containers/`(*id*)`/stop` -: Stop the container `id` +`POST /containers/(id)/stop` + +Stop the container `id` **Example request**: @@ -414,10 +457,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### Restart a container +### Restart a container - `POST /containers/`(*id*)`/restart` -: Restart the container `id` +`POST /containers/(id)/restart` + +Restart the container `id` **Example request**: @@ -439,10 +483,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### Kill a container +### Kill a container - `POST /containers/`(*id*)`/kill` -: Kill the container `id` +`POST /containers/(id)/kill` + +Kill the container `id` **Example request**: @@ -452,16 +497,22 @@ page_keywords: API, Docker, rcli, REST, documentation HTTP/1.1 204 OK + Query Parameters + + - **signal** - Signal to send to the container: integer or string like "SIGINT". + When not set, SIGKILL is assumed and the call will waits for the container to exit. + Status Codes: - **204** – no error - **404** – no such container - **500** – server error -#### Attach to a container +### Attach to a container - `POST /containers/`(*id*)`/attach` -: Attach to the container `id` +`POST /containers/(id)/attach` + +Attach to the container `id` **Example request**: @@ -500,8 +551,8 @@ page_keywords: API, Docker, rcli, REST, documentation When using the TTY setting is enabled in [`POST /containers/create` -](../docker_remote_api_v1.9/#post--containers-create "POST /containers/create"), - the stream is the raw data from the process PTY and client’s stdin. + ](../docker_remote_api_v1.9/#post--containers-create "POST /containers/create"), + the stream is the raw data from the process PTY and client's stdin. When the TTY is disabled, then the stream is multiplexed to separate stdout and stderr. @@ -540,11 +591,11 @@ page_keywords: API, Docker, rcli, REST, documentation 4. Read the extracted size and output it on the correct output 5. Goto 1) -#### Wait a container +### Wait a container - `POST /containers/`(*id*)`/wait` -: Block until container `id` stops, then returns - the exit code +`POST /containers/(id)/wait` + +Block until container `id` stops, then returns the exit code **Example request**: @@ -563,10 +614,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### Remove a container +### Remove a container - `DELETE /containers/`(*id*) -: Remove the container `id` from the filesystem +`DELETE /containers/(id)` + +Remove the container `id` from the filesystem **Example request**: @@ -592,10 +644,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### Copy files or folders from a container +### Copy files or folders from a container - `POST /containers/`(*id*)`/copy` -: Copy files or folders of container `id` +`POST /containers/(id)/copy` + +Copy files or folders of container `id` **Example request**: @@ -619,12 +672,13 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -### 2.2 Images +## 2.2 Images -#### List Images +### List Images - `GET /images/json` -: **Example request**: +`GET /images/json` + +**Example request**: GET /images/json?all=0 HTTP/1.1 @@ -658,11 +712,11 @@ page_keywords: API, Docker, rcli, REST, documentation } ] -#### Create an image +### Create an image - `POST /images/create` -: Create an image, either by pull it from the registry or by importing - it +`POST /images/create` + +Create an image, either by pull it from the registry or by importing it **Example request**: @@ -703,11 +757,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### Insert a file in an image +### Insert a file in an image - `POST /images/`(*name*)`/insert` -: Insert a file from `url` in the image - `name` at `path` +`POST /images/(name)/insert` + +Insert a file from `url` in the image `name` at `path` **Example request**: @@ -728,10 +782,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### Inspect an image +### Inspect an image - `GET /images/`(*name*)`/json` -: Return low-level information on the image `name` +`GET /images/(name)/json` + +Return low-level information on the image `name` **Example request**: @@ -777,10 +832,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### Get the history of an image +### Get the history of an image - `GET /images/`(*name*)`/history` -: Return the history of the image `name` +`GET /images/(name)/history` + +Return the history of the image `name` **Example request**: @@ -810,10 +866,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### Push an image on the registry +### Push an image on the registry - `POST /images/`(*name*)`/push` -: Push the image `name` on the registry +`POST /images/(name)/push` + +Push the image `name` on the registry **Example request**: @@ -848,10 +905,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### Tag an image into a repository +### Tag an image into a repository - `POST /images/`(*name*)`/tag` -: Tag the image `name` into a repository +`POST /images/(name)/tag` + +Tag the image `name` into a repository **Example request**: @@ -876,10 +934,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **409** – conflict - **500** – server error -#### Remove an image +### Remove an image - `DELETE /images/`(*name*) -: Remove the image `name` from the filesystem +`DELETE /images/(name)` + +Remove the image `name` from the filesystem **Example request**: @@ -910,14 +969,15 @@ page_keywords: API, Docker, rcli, REST, documentation - **409** – conflict - **500** – server error -#### Search images +### Search images - `GET /images/search` -: Search for an image in the docker index. +`GET /images/search` + +Search for an image on [Docker.io](https://index.docker.io). > **Note**: > The response keys have changed from API v1.6 to reflect the JSON -> sent by the registry server to the docker daemon’s request. +> sent by the registry server to the docker daemon's request. **Example request**: @@ -964,12 +1024,13 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -### 2.3 Misc +## 2.3 Misc -#### Build an image from Dockerfile via stdin +### Build an image from Dockerfile via stdin - `POST /build` -: Build an image from Dockerfile via stdin +`POST /build` + +Build an image from Dockerfile via stdin **Example request**: @@ -990,9 +1051,9 @@ page_keywords: API, Docker, rcli, REST, documentation following algorithms: identity (no compression), gzip, bzip2, xz. The archive must include a file called `Dockerfile` - at its root. It may include any number of other files, + at its root. It may include any number of other files, which will be accessible in the build context (See the [*ADD build - command*](../../builder/#dockerbuilder)). + command*](/reference/builder/#dockerbuilder)). Query Parameters: @@ -1016,10 +1077,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### Check auth configuration +### Check auth configuration - `POST /auth` -: Get the default username and email +`POST /auth` + +Get the default username and email **Example request**: @@ -1043,10 +1105,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **204** – no error - **500** – server error -#### Display system-wide information +### Display system-wide information - `GET /info` -: Display system-wide information +`GET /info` + +Display system-wide information **Example request**: @@ -1073,10 +1136,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### Show the docker version information +### Show the docker version information - `GET /version` -: Show the docker version information +`GET /version` + +Show the docker version information **Example request**: @@ -1098,14 +1162,63 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### Create a new image from a container’s changes +### Ping the docker server - `POST /commit` -: Create a new image from a container’s changes +`GET /_ping` + +Ping the docker server + + **Example request**: + + GET /_ping HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + + OK + + Status Codes: + + - **200** - no error + - **500** - server error + +### Create a new image from a container's changes + +`POST /commit` + +Create a new image from a container's changes **Example request**: POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 + Content-Type: application/json + + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "AttachStdin":false, + "AttachStdout":true, + "AttachStderr":true, + "PortSpecs":null, + "Tty":false, + "OpenStdin":false, + "StdinOnce":false, + "Env":null, + "Cmd":[ + "date" + ], + "Volumes":{ + "/tmp": {} + }, + "WorkingDir":"", + "DisableNetwork": false, + "ExposedPorts":{ + "22/tcp": {} + } + } **Example response**: @@ -1114,6 +1227,12 @@ page_keywords: API, Docker, rcli, REST, documentation {"Id":"596069db4bf5"} + Json Parameters: + + + + - **config** - the container's configuration + Query Parameters:   @@ -1123,9 +1242,7 @@ page_keywords: API, Docker, rcli, REST, documentation - **tag** – tag - **m** – commit message - **author** – author (eg. "John Hannibal Smith - \<[hannibal@a-team.com](mailto:hannibal%40a-team.com)\>") - - **run** – config automatically applied when the image is run. - (ex: {"Cmd": ["cat", "/world"], "PortSpecs":["22"]}) + <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>") Status Codes: @@ -1133,11 +1250,12 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### Monitor Docker’s events +### Monitor Docker's events - `GET /events` -: Get events from docker, either in real time via streaming, or via - polling (using since) +`GET /events` + +Get events from docker, either in real time via streaming, or +via polling (using since) **Example request**: @@ -1165,11 +1283,12 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### Get a tarball containing all images and tags in a repository +### Get a tarball containing all images and tags in a repository - `GET /images/`(*name*)`/get` -: Get a tarball containing all images and metadata for the repository - specified by `name`. +`GET /images/(name)/get` + +Get a tarball containing all images and metadata for the repository +specified by `name`. **Example request** @@ -1187,10 +1306,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### Load a tarball with a set of images and tags into docker +### Load a tarball with a set of images and tags into docker - `POST /images/load` -: Load a set of images and tags into the docker repository. +`POST /images/load` + +Load a set of images and tags into the docker repository. **Example request** @@ -1207,35 +1327,35 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -## 3. Going further +# 3. Going further -### 3.1 Inside ‘docker run’ +## 3.1 Inside `docker run` -Here are the steps of ‘docker run’ : +Here are the steps of `docker run`: -- Create the container +- Create the container -- If the status code is 404, it means the image doesn’t exists: - : - Try to pull it - - Then retry to create the container +- If the status code is 404, it means the image doesn't exists: + - Try to pull it + - Then retry to create the container -- Start the container +- Start the container -- If you are not in detached mode: - : - Attach to the container, using logs=1 (to have stdout and - stderr from the container’s start) and stream=1 +- If you are not in detached mode: + - Attach to the container, using logs=1 (to have stdout and + stderr from the container's start) and stream=1 -- If in detached mode or only stdin is attached: - : - Display the container’s id +- If in detached mode or only stdin is attached: + - Display the container's id -### 3.2 Hijacking +## 3.2 Hijacking In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. -### 3.3 CORS Requests +## 3.3 CORS Requests To enable cross origin requests to the remote api add the flag "–api-enable-cors" when running docker in daemon mode. - docker -d -H="192.168.1.9:4243" --api-enable-cors + $ docker -d -H="192.168.1.9:4243" --api-enable-cors diff --git a/docs/sources/reference/api/docker_remote_api_v1.11.rst b/docs/sources/reference/api/docker_remote_api_v1.11.rst deleted file mode 100644 index 556491c49a..0000000000 --- a/docs/sources/reference/api/docker_remote_api_v1.11.rst +++ /dev/null @@ -1,1284 +0,0 @@ -:title: Remote API v1.11 -:description: API Documentation for Docker -:keywords: API, Docker, rcli, REST, documentation - -:orphan: - -======================= -Docker Remote API v1.11 -======================= - -1. Brief introduction -===================== - -- The Remote API has replaced rcli -- The daemon listens on ``unix:///var/run/docker.sock``, but you can - :ref:`bind_docker`. -- The API tends to be REST, but for some complex commands, like - ``attach`` or ``pull``, the HTTP connection is hijacked to transport - ``stdout, stdin`` and ``stderr`` - -2. Endpoints -============ - -2.1 Containers --------------- - -List containers -*************** - -.. http:get:: /containers/json - - List containers - - **Example request**: - - .. sourcecode:: http - - GET /containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id": "8dfafdbc3a40", - "Image": "base:latest", - "Command": "echo 1", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":[{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "9cd87474be90", - "Image": "base:latest", - "Command": "echo 222222", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "3176a2479c92", - "Image": "base:latest", - "Command": "echo 3333333333333333", - "Created": 1367854154, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "4cb07b47f9fb", - "Image": "base:latest", - "Command": "echo 444444444444444444444444444444444", - "Created": 1367854152, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - } - ] - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :query limit: Show ``limit`` last created containers, include non-running ones. - :query since: Show only containers created since Id, include non-running ones. - :query before: Show only containers created before Id, include non-running ones. - :query size: 1/True/true or 0/False/false, Show the containers sizes - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create a container -****************** - -.. http:post:: /containers/create - - Create a container - - **Example request**: - - .. sourcecode:: http - - POST /containers/create HTTP/1.1 - Content-Type: application/json - - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":true, - "AttachStderr":true, - "PortSpecs":null, - "Tty":false, - "OpenStdin":false, - "StdinOnce":false, - "Env":null, - "Cmd":[ - "date" - ], - "Dns":null, - "Image":"base", - "Volumes":{ - "/tmp": {} - }, - "VolumesFrom":"", - "WorkingDir":"", - "DisableNetwork": false, - "ExposedPorts":{ - "22/tcp": {} - } - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/json - - { - "Id":"e90e34656806" - "Warnings":[] - } - - :jsonparam config: the container's configuration - :query name: Assign the specified name to the container. Must match ``/?[a-zA-Z0-9_-]+``. - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 406: impossible to attach (container not running) - :statuscode 500: server error - - -Inspect a container -******************* - -.. http:get:: /containers/(id)/json - - Return low-level information on the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", - "Created": "2013-05-07T14:51:42.041847+02:00", - "Path": "date", - "Args": [], - "Config": { - "Hostname": "4fa6e0f0c678", - "User": "", - "Memory": 0, - "MemorySwap": 0, - "AttachStdin": false, - "AttachStdout": true, - "AttachStderr": true, - "PortSpecs": null, - "Tty": false, - "OpenStdin": false, - "StdinOnce": false, - "Env": null, - "Cmd": [ - "date" - ], - "Dns": null, - "Image": "base", - "Volumes": {}, - "VolumesFrom": "", - "WorkingDir":"" - - }, - "State": { - "Running": false, - "Pid": 0, - "ExitCode": 0, - "StartedAt": "2013-05-07T14:51:42.087658+02:01360", - "Ghost": false - }, - "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "NetworkSettings": { - "IpAddress": "", - "IpPrefixLen": 0, - "Gateway": "", - "Bridge": "", - "PortMapping": null - }, - "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", - "ResolvConfPath": "/etc/resolv.conf", - "Volumes": {}, - "HostConfig": { - "Binds": null, - "ContainerIDFile": "", - "LxcConf": [], - "Privileged": false, - "PortBindings": { - "80/tcp": [ - { - "HostIp": "0.0.0.0", - "HostPort": "49153" - } - ] - }, - "Links": null, - "PublishAllPorts": false - } - } - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -List processes running inside a container -***************************************** - -.. http:get:: /containers/(id)/top - - List processes running inside the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/top HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Titles":[ - "USER", - "PID", - "%CPU", - "%MEM", - "VSZ", - "RSS", - "TTY", - "STAT", - "START", - "TIME", - "COMMAND" - ], - "Processes":[ - ["root","20147","0.0","0.1","18060","1864","pts/4","S","10:06","0:00","bash"], - ["root","20271","0.0","0.0","4312","352","pts/4","S+","10:07","0:00","sleep","10"] - ] - } - - :query ps_args: ps arguments to use (eg. aux) - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Inspect changes on a container's filesystem -******************************************* - -.. http:get:: /containers/(id)/changes - - Inspect changes on container ``id`` 's filesystem - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/changes HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Path":"/dev", - "Kind":0 - }, - { - "Path":"/dev/kmsg", - "Kind":1 - }, - { - "Path":"/test", - "Kind":1 - } - ] - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Export a container -****************** - -.. http:get:: /containers/(id)/export - - Export the contents of container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/export HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Start a container -***************** - -.. http:post:: /containers/(id)/start - - Start the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/(id)/start HTTP/1.1 - Content-Type: application/json - - { - "Binds":["/tmp:/tmp"], - "LxcConf":{"lxc.utsname":"docker"}, - "PortBindings":{ "22/tcp": [{ "HostPort": "11022" }] }, - "PublishAllPorts":false, - "Privileged":false - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 No Content - Content-Type: text/plain - - :jsonparam hostConfig: the container's host configuration (optional) - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Stop a container -**************** - -.. http:post:: /containers/(id)/stop - - Stop the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/stop?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Restart a container -******************* - -.. http:post:: /containers/(id)/restart - - Restart the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/restart?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Kill a container -**************** - -.. http:post:: /containers/(id)/kill - - Kill the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/kill HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Attach to a container -********************* - -.. http:post:: /containers/(id)/attach - - Attach to the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/vnd.docker.raw-stream - - {{ STREAM }} - - :query logs: 1/True/true or 0/False/false, return logs. Default false - :query stream: 1/True/true or 0/False/false, return stream. Default false - :query stdin: 1/True/true or 0/False/false, if stream=true, attach to stdin. Default false - :query stdout: 1/True/true or 0/False/false, if logs=true, return stdout log, if stream=true, attach to stdout. Default false - :query stderr: 1/True/true or 0/False/false, if logs=true, return stderr log, if stream=true, attach to stderr. Default false - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - **Stream details**: - - When using the TTY setting is enabled in - :http:post:`/containers/create`, the stream is the raw data - from the process PTY and client's stdin. When the TTY is - disabled, then the stream is multiplexed to separate stdout - and stderr. - - The format is a **Header** and a **Payload** (frame). - - **HEADER** - - The header will contain the information on which stream write - the stream (stdout or stderr). It also contain the size of - the associated frame encoded on the last 4 bytes (uint32). - - It is encoded on the first 8 bytes like this:: - - header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4} - - ``STREAM_TYPE`` can be: - - - 0: stdin (will be writen on stdout) - - 1: stdout - - 2: stderr - - ``SIZE1, SIZE2, SIZE3, SIZE4`` are the 4 bytes of the uint32 size encoded as big endian. - - **PAYLOAD** - - The payload is the raw stream. - - **IMPLEMENTATION** - - The simplest way to implement the Attach protocol is the following: - - 1) Read 8 bytes - 2) chose stdout or stderr depending on the first byte - 3) Extract the frame size from the last 4 byets - 4) Read the extracted size and output it on the correct output - 5) Goto 1) - - - -Wait a container -**************** - -.. http:post:: /containers/(id)/wait - - Block until container ``id`` stops, then returns the exit code - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/wait HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"StatusCode":0} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Remove a container -******************* - -.. http:delete:: /containers/(id) - - Remove the container ``id`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /containers/16253994b7c4?v=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query v: 1/True/true or 0/False/false, Remove the volumes associated to the container. Default false - :query force: 1/True/true or 0/False/false, Removes the container even if it was running. Default false - :statuscode 204: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -Copy files or folders from a container -************************************** - -.. http:post:: /containers/(id)/copy - - Copy files or folders of container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/4fa6e0f0c678/copy HTTP/1.1 - Content-Type: application/json - - { - "Resource":"test.txt" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -2.2 Images ----------- - -List Images -*********** - -.. http:get:: /images/json - - **Example request**: - - .. sourcecode:: http - - GET /images/json?all=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "RepoTags": [ - "ubuntu:12.04", - "ubuntu:precise", - "ubuntu:latest" - ], - "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", - "Created": 1365714795, - "Size": 131506275, - "VirtualSize": 131506275 - }, - { - "RepoTags": [ - "ubuntu:12.10", - "ubuntu:quantal" - ], - "ParentId": "27cf784147099545", - "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "Created": 1364102658, - "Size": 24653, - "VirtualSize": 180116135 - } - ] - - -Create an image -*************** - -.. http:post:: /images/create - - Create an image, either by pull it from the registry or by importing it - - **Example request**: - - .. sourcecode:: http - - POST /images/create?fromImage=base HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pulling..."} - {"status":"Pulling", "progress":"1 B/ 100 B", "progressDetail":{"current":1, "total":100}} - {"error":"Invalid..."} - ... - - When using this endpoint to pull an image from the registry, - the ``X-Registry-Auth`` header can be used to include a - base64-encoded AuthConfig object. - - :query fromImage: name of the image to pull - :query fromSrc: source to import, - means stdin - :query repo: repository - :query tag: tag - :query registry: the registry to pull from - :reqheader X-Registry-Auth: base64-encoded AuthConfig object - :statuscode 200: no error - :statuscode 500: server error - - - -Insert a file in an image -************************* - -.. http:post:: /images/(name)/insert - - Insert a file from ``url`` in the image ``name`` at ``path`` - - **Example request**: - - .. sourcecode:: http - - POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Inserting..."} - {"status":"Inserting", "progress":"1/? (n/a)", "progressDetail":{"current":1}} - {"error":"Invalid..."} - ... - - :statuscode 200: no error - :statuscode 500: server error - - -Inspect an image -**************** - -.. http:get:: /images/(name)/json - - Return low-level information on the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/base/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "parent":"27cf784147099545", - "created":"2013-03-23T22:24:18.818426-07:00", - "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", - "container_config": - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":false, - "AttachStderr":false, - "PortSpecs":null, - "Tty":true, - "OpenStdin":true, - "StdinOnce":false, - "Env":null, - "Cmd": ["/bin/bash"] - ,"Dns":null, - "Image":"base", - "Volumes":null, - "VolumesFrom":"", - "WorkingDir":"" - }, - "Size": 6824592 - } - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Get the history of an image -*************************** - -.. http:get:: /images/(name)/history - - Return the history of the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/base/history HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id":"b750fe79269d", - "Created":1364102658, - "CreatedBy":"/bin/bash" - }, - { - "Id":"27cf78414709", - "Created":1364068391, - "CreatedBy":"" - } - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Push an image on the registry -***************************** - -.. http:post:: /images/(name)/push - - Push the image ``name`` on the registry - - **Example request**: - - .. sourcecode:: http - - POST /images/test/push HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pushing..."} - {"status":"Pushing", "progress":"1/? (n/a)", "progressDetail":{"current":1}}} - {"error":"Invalid..."} - ... - - :query registry: the registry you wan to push, optional - :reqheader X-Registry-Auth: include a base64-encoded AuthConfig object. - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Tag an image into a repository -****************************** - -.. http:post:: /images/(name)/tag - - Tag the image ``name`` into a repository - - **Example request**: - - .. sourcecode:: http - - POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - - :query repo: The repository to tag in - :query force: 1/True/true or 0/False/false, default false - :statuscode 201: no error - :statuscode 400: bad parameter - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Remove an image -*************** - -.. http:delete:: /images/(name) - - Remove the image ``name`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /images/test HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-type: application/json - - [ - {"Untagged":"3e2f21a89f"}, - {"Deleted":"3e2f21a89f"}, - {"Deleted":"53b4f83ac9"} - ] - - :query force: 1/True/true or 0/False/false, default false - :query noprune: 1/True/true or 0/False/false, default false - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Search images -************* - -.. http:get:: /images/search - - Search for an image in the docker index. - - .. note:: - - The response keys have changed from API v1.6 to reflect the JSON - sent by the registry server to the docker daemon's request. - - **Example request**: - - .. sourcecode:: http - - GET /images/search?term=sshd HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "description": "", - "is_official": false, - "is_trusted": false, - "name": "wma55/u1210sshd", - "star_count": 0 - }, - { - "description": "", - "is_official": false, - "is_trusted": false, - "name": "jdswinbank/sshd", - "star_count": 0 - }, - { - "description": "", - "is_official": false, - "is_trusted": false, - "name": "vgauthier/sshd", - "star_count": 0 - } - ... - ] - - :query term: term to search - :statuscode 200: no error - :statuscode 500: server error - - -2.3 Misc --------- - -Build an image from Dockerfile via stdin -**************************************** - -.. http:post:: /build - - Build an image from Dockerfile via stdin - - **Example request**: - - .. sourcecode:: http - - POST /build HTTP/1.1 - - {{ STREAM }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"stream":"Step 1..."} - {"stream":"..."} - {"error":"Error...", "errorDetail":{"code": 123, "message": "Error..."}} - - - The stream must be a tar archive compressed with one of the - following algorithms: identity (no compression), gzip, bzip2, - xz. - - The archive must include a file called ``Dockerfile`` at its - root. It may include any number of other files, which will be - accessible in the build context (See the :ref:`ADD build command - `). - - :query t: repository name (and optionally a tag) to be applied to the resulting image in case of success - :query q: suppress verbose build output - :query nocache: do not use the cache when building the image - :reqheader Content-type: should be set to ``"application/tar"``. - :reqheader X-Registry-Config: base64-encoded ConfigFile object - :statuscode 200: no error - :statuscode 500: server error - - - -Check auth configuration -************************ - -.. http:post:: /auth - - Get the default username and email - - **Example request**: - - .. sourcecode:: http - - POST /auth HTTP/1.1 - Content-Type: application/json - - { - "username":"hannibal", - "password:"xxxx", - "email":"hannibal@a-team.com", - "serveraddress":"https://index.docker.io/v1/" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 204: no error - :statuscode 500: server error - - -Display system-wide information -******************************* - -.. http:get:: /info - - Display system-wide information - - **Example request**: - - .. sourcecode:: http - - GET /info HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Containers":11, - "Images":16, - "Debug":false, - "NFd": 11, - "NGoroutines":21, - "MemoryLimit":true, - "SwapLimit":false, - "IPv4Forwarding":true - } - - :statuscode 200: no error - :statuscode 500: server error - - -Show the docker version information -*********************************** - -.. http:get:: /version - - Show the docker version information - - **Example request**: - - .. sourcecode:: http - - GET /version HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Version":"0.2.2", - "GitCommit":"5a2a5cc+CHANGES", - "GoVersion":"go1.0.3" - } - - :statuscode 200: no error - :statuscode 500: server error - - -Create a new image from a container's changes -********************************************* - -.. http:post:: /commit - - Create a new image from a container's changes - - **Example request**: - - .. sourcecode:: http - - POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/vnd.docker.raw-stream - - {"Id":"596069db4bf5"} - - :query container: source container - :query repo: repository - :query tag: tag - :query m: commit message - :query author: author (eg. "John Hannibal Smith ") - :query run: config automatically applied when the image is run. (ex: {"Cmd": ["cat", "/world"], "PortSpecs":["22"]}) - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Monitor Docker's events -*********************** - -.. http:get:: /events - - Get events from docker, either in real time via streaming, or via polling (using `since`) - - **Example request**: - - .. sourcecode:: http - - GET /events?since=1374067924 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"create","id":"dfdf82bd3881","from":"base:latest","time":1374067924} - {"status":"start","id":"dfdf82bd3881","from":"base:latest","time":1374067924} - {"status":"stop","id":"dfdf82bd3881","from":"base:latest","time":1374067966} - {"status":"destroy","id":"dfdf82bd3881","from":"base:latest","time":1374067970} - - :query since: timestamp used for polling - :query until: timestamp used for polling - :statuscode 200: no error - :statuscode 500: server error - -Get a tarball containing all images and tags in a repository -************************************************************ - -.. http:get:: /images/(name)/get - - Get a tarball containing all images and metadata for the repository specified by ``name``. - - **Example request** - - .. sourcecode:: http - - GET /images/ubuntu/get - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/x-tar - - Binary data stream - - :statuscode 200: no error - :statuscode 500: server error - -Load a tarball with a set of images and tags into docker -******************************************************** - -.. http:post:: /images/load - - Load a set of images and tags into the docker repository. - - **Example request** - - .. sourcecode:: http - - POST /images/load - - Tarball in body - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 500: server error - -3. Going further -================ - -3.1 Inside 'docker run' ------------------------ - -Here are the steps of 'docker run' : - -* Create the container -* If the status code is 404, it means the image doesn't exists: - * Try to pull it - * Then retry to create the container -* Start the container -* If you are not in detached mode: - * Attach to the container, using logs=1 (to have stdout and stderr from the container's start) and stream=1 -* If in detached mode or only stdin is attached: - * Display the container's id - - -3.2 Hijacking -------------- - -In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. - -3.3 CORS Requests ------------------ - -To enable cross origin requests to the remote api add the flag "--api-enable-cors" when running docker in daemon mode. - -.. code-block:: bash - - docker -d -H="192.168.1.9:4243" --api-enable-cors diff --git a/docs/sources/reference/api/archive/docker_remote_api_v1.2.md b/docs/sources/reference/api/docker_remote_api_v1.2.md similarity index 83% rename from docs/sources/reference/api/archive/docker_remote_api_v1.2.md rename to docs/sources/reference/api/docker_remote_api_v1.2.md index 0239de6681..17967eab3d 100644 --- a/docs/sources/reference/api/archive/docker_remote_api_v1.2.md +++ b/docs/sources/reference/api/docker_remote_api_v1.2.md @@ -2,24 +2,25 @@ page_title: Remote API v1.2 page_description: API Documentation for Docker page_keywords: API, Docker, rcli, REST, documentation -# [Docker Remote API v1.2](#id1) +# Docker Remote API v1.2 -## [1. Brief introduction](#id2) +# 1. Brief introduction -- The Remote API is replacing rcli -- Default port in the docker daemon is 4243 -- The API tends to be REST, but for some complex commands, like attach - or pull, the HTTP connection is hijacked to transport stdout stdin - and stderr +- The Remote API is replacing rcli +- Default port in the docker daemon is 4243 +- The API tends to be REST, but for some complex commands, like attach + or pull, the HTTP connection is hijacked to transport stdout stdin + and stderr -## [2. Endpoints](#id3) +# 2. Endpoints -### [2.1 Containers](#id4) +## 2.1 Containers -#### [List containers](#id5) +### List containers - `GET /containers/json` -: List containers +`GET /containers/json` + +List containers **Example request**: @@ -92,10 +93,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **400** – bad parameter - **500** – server error -#### [Create a container](#id6) +### Create a container - `POST /containers/create` -: Create a container +`POST /containers/create` + +Create a container **Example request**: @@ -138,7 +140,7 @@ page_keywords: API, Docker, rcli, REST, documentation   - - **config** – the container’s configuration + - **config** – the container's configuration Status Codes: @@ -147,10 +149,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **406** – impossible to attach (container not running) - **500** – server error -#### [Inspect a container](#id7) +### Inspect a container - `GET /containers/`(*id*)`/json` -: Return low-level information on the container `id` +`GET /containers/(id)/json` + +Return low-level information on the container `id` **Example request**: @@ -214,10 +217,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Inspect changes on a container’s filesystem](#id8) +### Inspect changes on a container's filesystem - `GET /containers/`(*id*)`/changes` -: Inspect changes on container `id` ‘s filesystem +`GET /containers/(id)/changes` + +Inspect changes on container `id`'s filesystem **Example request**: @@ -249,10 +253,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Export a container](#id9) +### Export a container - `GET /containers/`(*id*)`/export` -: Export the contents of container `id` +`GET /containers/(id)/export` + +Export the contents of container `id` **Example request**: @@ -271,10 +276,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Start a container](#id10) +### Start a container - `POST /containers/`(*id*)`/start` -: Start the container `id` +`POST /containers/(id)/start` + +Start the container `id` **Example request**: @@ -290,10 +296,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Stop a container](#id11) +### Stop a container - `POST /containers/`(*id*)`/stop` -: Stop the container `id` +`POST /containers/(id)/stop` + +Stop the container `id` **Example request**: @@ -315,10 +322,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Restart a container](#id12) +### Restart a container - `POST /containers/`(*id*)`/restart` -: Restart the container `id` +`POST /containers/(id)/restart` + +Restart the container `id` **Example request**: @@ -340,10 +348,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Kill a container](#id13) +### Kill a container - `POST /containers/`(*id*)`/kill` -: Kill the container `id` +`POST /containers/(id)/kill` + +Kill the container `id` **Example request**: @@ -359,10 +368,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Attach to a container](#id14) +### Attach to a container - `POST /containers/`(*id*)`/attach` -: Attach to the container `id` +`POST /containers/(id)/attach` + +Attach to the container `id` **Example request**: @@ -397,11 +407,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Wait a container](#id15) +### Wait a container - `POST /containers/`(*id*)`/wait` -: Block until container `id` stops, then returns - the exit code +`POST /containers/(id)/wait` + +Block until container `id` stops, then returns the exit code **Example request**: @@ -420,10 +430,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Remove a container](#id16) +### Remove a container - `DELETE /containers/`(*id*) -: Remove the container `id` from the filesystem +`DELETE /containers/(id)` + +Remove the container `id` from the filesystem **Example request**: @@ -447,13 +458,13 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -### [2.2 Images](#id17) +## 2.2 Images -#### [List Images](#id18) +### List Images - `GET /images/`(*format*) -: List images `format` could be json or viz (json - default) +`GET /images/(format)` + +List images `format` could be json or viz (json default) **Example request**: @@ -523,11 +534,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **400** – bad parameter - **500** – server error -#### [Create an image](#id19) +### Create an image - `POST /images/create` -: Create an image, either by pull it from the registry or by importing - it +`POST /images/create` + +Create an image, either by pull it from the registry or by importing it **Example request**: @@ -558,11 +569,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Insert a file in an image](#id20) +### Insert a file in an image - `POST /images/`(*name*)`/insert` -: Insert a file from `url` in the image - `name` at `path` +`POST /images/(name)/insert` + +Insert a file from `url` in the image `name` at `path` **Example request**: @@ -583,10 +594,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Inspect an image](#id21) +### Inspect an image - `GET /images/`(*name*)`/json` -: Return low-level information on the image `name` +`GET /images/(name)/json` + +Return low-level information on the image `name` **Example request**: @@ -631,10 +643,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### [Get the history of an image](#id22) +### Get the history of an image - `GET /images/`(*name*)`/history` -: Return the history of the image `name` +`GET /images/(name)/history` + +Return the history of the image `name` **Example request**: @@ -665,10 +678,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### [Push an image on the registry](#id23) +### Push an image on the registry - `POST /images/`(*name*)`/push` -: Push the image `name` on the registry +`POST /images/(name)/push` + +Push the image `name` on the registry > **Example request**: > @@ -697,10 +711,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### [Tag an image into a repository](#id24) +### Tag an image into a repository - `POST /images/`(*name*)`/tag` -: Tag the image `name` into a repository +`POST /images/(name)/tag` + +Tag the image `name` into a repository **Example request**: @@ -725,10 +740,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **409** – conflict - **500** – server error -#### [Remove an image](#id25) +### Remove an image - `DELETE /images/`(*name*) -: Remove the image `name` from the filesystem +`DELETE /images/(name)` + +Remove the image `name` from the filesystem **Example request**: @@ -752,10 +768,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **409** – conflict - **500** – server error -#### [Search images](#id26) +### Search images - `GET /images/search` -: Search for an image in the docker index +`GET /images/search` + +Search for an image on [Docker.io](https://index.docker.io) **Example request**: @@ -785,12 +802,13 @@ page_keywords: API, Docker, rcli, REST, documentation :statuscode 200: no error :statuscode 500: server error -### [2.3 Misc](#id27) +## 2.3 Misc -#### [Build an image from Dockerfile via stdin](#id28) +### Build an image from Dockerfile via stdin - `POST /build` -: Build an image from Dockerfile +`POST /build` + +Build an image from Dockerfile **Example request**: @@ -820,10 +838,11 @@ page_keywords: API, Docker, rcli, REST, documentation {{ STREAM }} is the raw text output of the build command. It uses the HTTP Hijack method in order to stream. -#### [Check auth configuration](#id29) +### Check auth configuration - `POST /auth` -: Get the default username and email +`POST /auth` + +Get the default username and email **Example request**: @@ -853,10 +872,11 @@ HTTP Hijack method in order to stream. - **403** – forbidden - **500** – server error -#### [Display system-wide information](#id30) +### Display system-wide information - `GET /info` -: Display system-wide information +`GET /info` + +Display system-wide information **Example request**: @@ -882,10 +902,11 @@ HTTP Hijack method in order to stream. - **200** – no error - **500** – server error -#### [Show the docker version information](#id31) +### Show the docker version information - `GET /version` -: Show the docker version information +`GET /version` + +Show the docker version information **Example request**: @@ -907,10 +928,11 @@ HTTP Hijack method in order to stream. - **200** – no error - **500** – server error -#### [Create a new image from a container’s changes](#id32) +### Create a new image from a container's changes - `POST /commit` -: Create a new image from a container’s changes +`POST /commit` + +Create a new image from a container's changes **Example request**: @@ -938,7 +960,7 @@ HTTP Hijack method in order to stream. - **tag** – tag - **m** – commit message - **author** – author (eg. "John Hannibal Smith - \<[hannibal@a-team.com](mailto:hannibal%40a-team.com)\>") + <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>") Status Codes: @@ -946,33 +968,33 @@ HTTP Hijack method in order to stream. - **404** – no such container - **500** – server error -## [3. Going further](#id33) +# 3. Going further -### [3.1 Inside ‘docker run’](#id34) +## 3.1 Inside `docker run` -Here are the steps of ‘docker run’ : +Here are the steps of `docker run` : -- Create the container + - Create the container -- If the status code is 404, it means the image doesn’t exists: - : - Try to pull it - - Then retry to create the container + - If the status code is 404, it means the image doesn't exists: + - Try to pull it + - Then retry to create the container -- Start the container + - Start the container -- If you are not in detached mode: - : - Attach to the container, using logs=1 (to have stdout and - stderr from the container’s start) and stream=1 + - If you are not in detached mode: + - Attach to the container, using logs=1 (to have stdout and + stderr from the container's start) and stream=1 -- If in detached mode or only stdin is attached: - : - Display the container’s id + - If in detached mode or only stdin is attached: + - Display the container's -### [3.2 Hijacking](#id35) +## 3.2 Hijacking In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. -### [3.3 CORS Requests](#id36) +## 3.3 CORS Requests To enable cross origin requests to the remote api add the flag "–api-enable-cors" when running docker in daemon mode. diff --git a/docs/sources/reference/api/archive/docker_remote_api_v1.3.md b/docs/sources/reference/api/docker_remote_api_v1.3.md similarity index 83% rename from docs/sources/reference/api/archive/docker_remote_api_v1.3.md rename to docs/sources/reference/api/docker_remote_api_v1.3.md index d83b9d85b1..9f7bd22e32 100644 --- a/docs/sources/reference/api/archive/docker_remote_api_v1.3.md +++ b/docs/sources/reference/api/docker_remote_api_v1.3.md @@ -2,24 +2,25 @@ page_title: Remote API v1.3 page_description: API Documentation for Docker page_keywords: API, Docker, rcli, REST, documentation -# [Docker Remote API v1.3](#id1) +# Docker Remote API v1.3 -## [1. Brief introduction](#id2) +# 1. Brief introduction -- The Remote API is replacing rcli -- Default port in the docker daemon is 4243 -- The API tends to be REST, but for some complex commands, like attach - or pull, the HTTP connection is hijacked to transport stdout stdin - and stderr +- The Remote API is replacing rcli +- Default port in the docker daemon is 4243 +- The API tends to be REST, but for some complex commands, like attach + or pull, the HTTP connection is hijacked to transport stdout stdin + and stderr -## [2. Endpoints](#id3) +# 2. Endpoints -### [2.1 Containers](#id4) +## 2.1 Containers -#### [List containers](#id5) +### List containers - `GET /containers/json` -: List containers +`GET /containers/json` + +List containers **Example request**: @@ -94,10 +95,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **400** – bad parameter - **500** – server error -#### [Create a container](#id6) +### Create a container - `POST /containers/create` -: Create a container +`POST /containers/create` + +Create a container **Example request**: @@ -140,7 +142,7 @@ page_keywords: API, Docker, rcli, REST, documentation   - - **config** – the container’s configuration + - **config** – the container's configuration Status Codes: @@ -149,10 +151,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **406** – impossible to attach (container not running) - **500** – server error -#### [Inspect a container](#id7) +### Inspect a container - `GET /containers/`(*id*)`/json` -: Return low-level information on the container `id` +`GET /containers/(id)/json` + +Return low-level information on the container `id` **Example request**: @@ -216,10 +219,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [List processes running inside a container](#id8) +### List processes running inside a container - `GET /containers/`(*id*)`/top` -: List processes running inside the container `id` +`GET /containers/(id)/top` + +List processes running inside the container `id` **Example request**: @@ -251,10 +255,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Inspect changes on a container’s filesystem](#id9) +### Inspect changes on a container's filesystem - `GET /containers/`(*id*)`/changes` -: Inspect changes on container `id` ‘s filesystem +`GET /containers/(id)/changes` + +Inspect changes on container `id`'s filesystem **Example request**: @@ -286,10 +291,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Export a container](#id10) +### Export a container - `GET /containers/`(*id*)`/export` -: Export the contents of container `id` +`GET /containers/(id)/export` + +Export the contents of container `id` **Example request**: @@ -308,10 +314,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Start a container](#id11) +### Start a container - `POST /containers/`(*id*)`/start` -: Start the container `id` +`POST /containers/(id)/start` + +Start the container `id` **Example request**: @@ -331,7 +338,7 @@ page_keywords: API, Docker, rcli, REST, documentation   - - **hostConfig** – the container’s host configuration (optional) + - **hostConfig** – the container's host configuration (optional) Status Codes: @@ -339,10 +346,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Stop a container](#id12) +### Stop a container - `POST /containers/`(*id*)`/stop` -: Stop the container `id` +`POST /containers/(id)/stop` + +Stop the container `id` **Example request**: @@ -364,10 +372,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Restart a container](#id13) +### Restart a container - `POST /containers/`(*id*)`/restart` -: Restart the container `id` +`POST /containers/(id)/restart` + +Restart the container `id` **Example request**: @@ -389,10 +398,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Kill a container](#id14) +### Kill a container - `POST /containers/`(*id*)`/kill` -: Kill the container `id` +`POST /containers/(id)/kill` + +Kill the container `id` **Example request**: @@ -408,10 +418,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Attach to a container](#id15) +### Attach to a container - `POST /containers/`(*id*)`/attach` -: Attach to the container `id` +`POST /containers/(id)/attach` + +Attach to the container `id` **Example request**: @@ -446,11 +457,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Wait a container](#id16) +### Wait a container - `POST /containers/`(*id*)`/wait` -: Block until container `id` stops, then returns - the exit code +`POST /containers/(id)/wait` + +Block until container `id` stops, then returns the exit code **Example request**: @@ -469,10 +480,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Remove a container](#id17) +### Remove a container - `DELETE /containers/`(*id*) -: Remove the container `id` from the filesystem +`DELETE /containers/(id)` + +Remove the container `id` from the filesystem **Example request**: @@ -496,13 +508,13 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -### [2.2 Images](#id18) +## 2.2 Images -#### [List Images](#id19) +### List Images - `GET /images/`(*format*) -: List images `format` could be json or viz (json - default) +`GET /images/(format)` + +List images `format` could be json or viz (json default) **Example request**: @@ -572,11 +584,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **400** – bad parameter - **500** – server error -#### [Create an image](#id20) +### Create an image - `POST /images/create` -: Create an image, either by pull it from the registry or by importing - it +`POST /images/create` + +Create an image, either by pull it from the registry or by importing it **Example request**: @@ -607,11 +619,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Insert a file in an image](#id21) +### Insert a file in an image - `POST /images/`(*name*)`/insert` -: Insert a file from `url` in the image - `name` at `path` +`POST /images/(name)/insert` + +Insert a file from `url` in the image `name` at `path` **Example request**: @@ -632,10 +644,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Inspect an image](#id22) +### Inspect an image - `GET /images/`(*name*)`/json` -: Return low-level information on the image `name` +`GET /images/(name)/json` + +Return low-level information on the image `name` **Example request**: @@ -680,10 +693,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### [Get the history of an image](#id23) +### Get the history of an image - `GET /images/`(*name*)`/history` -: Return the history of the image `name` +`GET /images/(name)/history` + +Return the history of the image `name` **Example request**: @@ -713,10 +727,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### [Push an image on the registry](#id24) +### Push an image on the registry - `POST /images/`(*name*)`/push` -: Push the image `name` on the registry +`POST /images/(name)/push` + +Push the image `name` on the registry > **Example request**: > @@ -745,10 +760,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### [Tag an image into a repository](#id25) +### Tag an image into a repository - `POST /images/`(*name*)`/tag` -: Tag the image `name` into a repository +`POST /images/(name)/tag` + +Tag the image `name` into a repository **Example request**: @@ -773,10 +789,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **409** – conflict - **500** – server error -#### [Remove an image](#id26) +### Remove an image - `DELETE /images/`(*name*) -: Remove the image `name` from the filesystem +`DELETE /images/(name)` + +Remove the image `name` from the filesystem **Example request**: @@ -800,10 +817,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **409** – conflict - **500** – server error -#### [Search images](#id27) +### Search images - `GET /images/search` -: Search for an image in the docker index +`GET /images/search` + +Search for an image on [Docker.io](https://index.docker.io) **Example request**: @@ -833,12 +851,13 @@ page_keywords: API, Docker, rcli, REST, documentation :statuscode 200: no error :statuscode 500: server error -### [2.3 Misc](#id28) +## 2.3 Misc -#### [Build an image from Dockerfile via stdin](#id29) +### Build an image from Dockerfile via stdin - `POST /build` -: Build an image from Dockerfile via stdin +`POST /build` + +Build an image from Dockerfile via stdin **Example request**: @@ -873,10 +892,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Check auth configuration](#id30) +### Check auth configuration - `POST /auth` -: Get the default username and email +`POST /auth` + +Get the default username and email **Example request**: @@ -899,10 +919,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **204** – no error - **500** – server error -#### [Display system-wide information](#id31) +### Display system-wide information - `GET /info` -: Display system-wide information +`GET /info` + +Display system-wide information **Example request**: @@ -931,10 +952,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Show the docker version information](#id32) +### Show the docker version information - `GET /version` -: Show the docker version information +`GET /version` + +Show the docker version information **Example request**: @@ -956,10 +978,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Create a new image from a container’s changes](#id33) +### Create a new image from a container's changes - `POST /commit` -: Create a new image from a container’s changes +`POST /commit` + +Create a new image from a container's changes **Example request**: @@ -987,7 +1010,7 @@ page_keywords: API, Docker, rcli, REST, documentation - **tag** – tag - **m** – commit message - **author** – author (eg. "John Hannibal Smith - \<[hannibal@a-team.com](mailto:hannibal%40a-team.com)\>") + <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>") Status Codes: @@ -995,11 +1018,12 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Monitor Docker’s events](#id34) +### Monitor Docker's events - `GET /events` -: Get events from docker, either in real time via streaming, or via - polling (using since) +`GET /events` + +Get events from docker, either in real time via streaming, or via +polling (using since) **Example request**: @@ -1026,33 +1050,33 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -## [3. Going further](#id35) +# 3. Going further -### [3.1 Inside ‘docker run’](#id36) +## 3.1 Inside `docker run` -Here are the steps of ‘docker run’ : +Here are the steps of `docker run` : -- Create the container + - Create the container -- If the status code is 404, it means the image doesn’t exists: - : - Try to pull it - - Then retry to create the container + - If the status code is 404, it means the image doesn't exists: + - Try to pull it + - Then retry to create the container -- Start the container + - Start the container -- If you are not in detached mode: - : - Attach to the container, using logs=1 (to have stdout and - stderr from the container’s start) and stream=1 + - If you are not in detached mode: + - Attach to the container, using logs=1 (to have stdout and + stderr from the container's start) and stream=1 -- If in detached mode or only stdin is attached: - : - Display the container’s id + - If in detached mode or only stdin is attached: + - Display the container's id -### [3.2 Hijacking](#id37) +## 3.2 Hijacking In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. -### [3.3 CORS Requests](#id38) +## 3.3 CORS Requests To enable cross origin requests to the remote api add the flag "–api-enable-cors" when running docker in daemon mode. diff --git a/docs/sources/reference/api/archive/docker_remote_api_v1.4.md b/docs/sources/reference/api/docker_remote_api_v1.4.md similarity index 82% rename from docs/sources/reference/api/archive/docker_remote_api_v1.4.md rename to docs/sources/reference/api/docker_remote_api_v1.4.md index 32733708b3..2e7e94f7d4 100644 --- a/docs/sources/reference/api/archive/docker_remote_api_v1.4.md +++ b/docs/sources/reference/api/docker_remote_api_v1.4.md @@ -2,24 +2,25 @@ page_title: Remote API v1.4 page_description: API Documentation for Docker page_keywords: API, Docker, rcli, REST, documentation -# [Docker Remote API v1.4](#id1) +# Docker Remote API v1.4 -## [1. Brief introduction](#id2) +# 1. Brief introduction -- The Remote API is replacing rcli -- Default port in the docker daemon is 4243 -- The API tends to be REST, but for some complex commands, like attach - or pull, the HTTP connection is hijacked to transport stdout stdin - and stderr +- The Remote API is replacing rcli +- Default port in the docker daemon is 4243 +- The API tends to be REST, but for some complex commands, like attach + or pull, the HTTP connection is hijacked to transport stdout stdin + and stderr -## [2. Endpoints](#id3) +# 2. Endpoints -### [2.1 Containers](#id4) +## 2.1 Containers -#### [List containers](#id5) +### List containers - `GET /containers/json` -: List containers +`GET /containers/json` + +List containers **Example request**: @@ -94,10 +95,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **400** – bad parameter - **500** – server error -#### [Create a container](#id6) +### Create a container - `POST /containers/create` -: Create a container +`POST /containers/create` + +Create a container **Example request**: @@ -143,7 +145,7 @@ page_keywords: API, Docker, rcli, REST, documentation   - - **config** – the container’s configuration + - **config** – the container's configuration Status Codes: @@ -152,10 +154,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **406** – impossible to attach (container not running) - **500** – server error -#### [Inspect a container](#id7) +### Inspect a container - `GET /containers/`(*id*)`/json` -: Return low-level information on the container `id` +`GET /containers/(id)/json` + +Return low-level information on the container `id` **Example request**: @@ -222,10 +225,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **409** – conflict between containers and images - **500** – server error -#### [List processes running inside a container](#id8) +### List processes running inside a container - `GET /containers/`(*id*)`/top` -: List processes running inside the container `id` +`GET /containers/(id)/top` + +List processes running inside the container `id` **Example request**: @@ -260,7 +264,7 @@ page_keywords: API, Docker, rcli, REST, documentation   - - **ps\_args** – ps arguments to use (eg. aux) + - **ps_args** – ps arguments to use (eg. aux) Status Codes: @@ -268,10 +272,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Inspect changes on a container’s filesystem](#id9) +### Inspect changes on a container's filesystem - `GET /containers/`(*id*)`/changes` -: Inspect changes on container `id` ‘s filesystem +`GET /containers/(id)/changes` + +Inspect changes on container `id`'s filesystem **Example request**: @@ -303,10 +308,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Export a container](#id10) +### Export a container - `GET /containers/`(*id*)`/export` -: Export the contents of container `id` +`GET /containers/(id)/export` + +Export the contents of container `id` **Example request**: @@ -325,10 +331,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Start a container](#id11) +### Start a container - `POST /containers/`(*id*)`/start` -: Start the container `id` +`POST /containers/(id)/start` + +Start the container `id` **Example request**: @@ -349,7 +356,7 @@ page_keywords: API, Docker, rcli, REST, documentation   - - **hostConfig** – the container’s host configuration (optional) + - **hostConfig** – the container's host configuration (optional) Status Codes: @@ -357,10 +364,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Stop a container](#id12) +### Stop a container - `POST /containers/`(*id*)`/stop` -: Stop the container `id` +`POST /containers/(id)/stop` + +Stop the container `id` **Example request**: @@ -382,10 +390,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Restart a container](#id13) +### Restart a container - `POST /containers/`(*id*)`/restart` -: Restart the container `id` +`POST /containers/(id)/restart` + +Restart the container `id` **Example request**: @@ -407,10 +416,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Kill a container](#id14) +### Kill a container - `POST /containers/`(*id*)`/kill` -: Kill the container `id` +`POST /containers/(id)/kill` + +Kill the container `id` **Example request**: @@ -426,10 +436,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Attach to a container](#id15) +### Attach to a container - `POST /containers/`(*id*)`/attach` -: Attach to the container `id` +`POST /containers/(id)/attach` + +Attach to the container `id` **Example request**: @@ -464,11 +475,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Wait a container](#id16) +### Wait a container - `POST /containers/`(*id*)`/wait` -: Block until container `id` stops, then returns - the exit code +`POST /containers/(id)/wait` + +Block until container `id` stops, then returns the exit code **Example request**: @@ -487,10 +498,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Remove a container](#id17) +### Remove a container - `DELETE /containers/`(*id*) -: Remove the container `id` from the filesystem +`DELETE /containers/(id)` + +Remove the container `id` from the filesystem **Example request**: @@ -514,10 +526,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Copy files or folders from a container](#id18) +### Copy files or folders from a container - `POST /containers/`(*id*)`/copy` -: Copy files or folders of container `id` +`POST /containers/(id)/copy` + +Copy files or folders of container `id` **Example request**: @@ -541,13 +554,13 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -### [2.2 Images](#id19) +## 2.2 Images -#### [List Images](#id20) +### List Images - `GET /images/`(*format*) -: List images `format` could be json or viz (json - default) +`GET /images/(format)` + +List images `format` could be json or viz (json default) **Example request**: @@ -617,11 +630,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **400** – bad parameter - **500** – server error -#### [Create an image](#id21) +### Create an image - `POST /images/create` -: Create an image, either by pull it from the registry or by importing - it +`POST /images/create` + +Create an image, either by pull it from the registry or by importing it **Example request**: @@ -652,11 +665,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Insert a file in an image](#id22) +### Insert a file in an image - `POST /images/`(*name*)`/insert` -: Insert a file from `url` in the image - `name` at `path` +`POST /images/(name)/insert` + +Insert a file from `url` in the image `name` at `path` **Example request**: @@ -677,10 +690,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Inspect an image](#id23) +### Inspect an image - `GET /images/`(*name*)`/json` -: Return low-level information on the image `name` +`GET /images/(name)/json` + +Return low-level information on the image `name` **Example request**: @@ -727,10 +741,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **409** – conflict between containers and images - **500** – server error -#### [Get the history of an image](#id24) +### Get the history of an image - `GET /images/`(*name*)`/history` -: Return the history of the image `name` +`GET /images/(name)/history` + +Return the history of the image `name` **Example request**: @@ -760,10 +775,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### [Push an image on the registry](#id25) +### Push an image on the registry - `POST /images/`(*name*)`/push` -: Push the image `name` on the registry +`POST /images/(name)/push` + +Push the image `name` on the registry **Example request**: @@ -789,10 +805,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error :statuscode 404: no such image :statuscode 500: server error -#### [Tag an image into a repository](#id26) +### Tag an image into a repository - `POST /images/`(*name*)`/tag` -: Tag the image `name` into a repository +`POST /images/(name)/tag` + +Tag the image `name` into a repository **Example request**: @@ -817,10 +834,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **409** – conflict - **500** – server error -#### [Remove an image](#id27) +### Remove an image - `DELETE /images/`(*name*) -: Remove the image `name` from the filesystem +`DELETE /images/(name)` + +Remove the image `name` from the filesystem **Example request**: @@ -844,10 +862,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **409** – conflict - **500** – server error -#### [Search images](#id28) +### Search images - `GET /images/search` -: Search for an image in the docker index +`GET /images/search` + +Search for an image on [Docker.io](https://index.docker.io) **Example request**: @@ -877,12 +896,13 @@ page_keywords: API, Docker, rcli, REST, documentation :statuscode 200: no error :statuscode 500: server error -### [2.3 Misc](#id29) +## 2.3 Misc -#### [Build an image from Dockerfile via stdin](#id30) +### Build an image from Dockerfile via stdin - `POST /build` -: Build an image from Dockerfile via stdin +`POST /build` + +Build an image from Dockerfile via stdin **Example request**: @@ -918,10 +938,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Check auth configuration](#id31) +### Check auth configuration - `POST /auth` -: Get the default username and email +`POST /auth` + +Get the default username and email **Example request**: @@ -945,10 +966,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **204** – no error - **500** – server error -#### [Display system-wide information](#id32) +### Display system-wide information - `GET /info` -: Display system-wide information +`GET /info` + +Display system-wide information **Example request**: @@ -975,35 +997,38 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Show the docker version information](#id33) +### Show the docker version information - `GET /version` -: Show the docker version information - > - > **Example request**: - > - > GET /version HTTP/1.1 - > - > **Example response**: - > - > HTTP/1.1 200 OK - > Content-Type: application/json - > - > { - > "Version":"0.2.2", - > "GitCommit":"5a2a5cc+CHANGES", - > "GoVersion":"go1.0.3" - > } +`GET /version` + +Show the docker version information + + + **Example request**: + + GET /version HTTP/1.1 + + **Example response**: + + HTTP/1.1 200 OK + Content-Type: application/json + + { + "Version":"0.2.2", + "GitCommit":"5a2a5cc+CHANGES", + "GoVersion":"go1.0.3" + } Status Codes: - **200** – no error - **500** – server error -#### [Create a new image from a container’s changes](#id34) +### Create a new image from a container's changes - `POST /commit` -: Create a new image from a container’s changes +`POST /commit` + +Create a new image from a container's changes **Example request**: @@ -1031,7 +1056,7 @@ page_keywords: API, Docker, rcli, REST, documentation - **tag** – tag - **m** – commit message - **author** – author (eg. "John Hannibal Smith - \<[hannibal@a-team.com](mailto:hannibal%40a-team.com)\>") + <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>") Status Codes: @@ -1039,11 +1064,12 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Monitor Docker’s events](#id35) +### Monitor Docker's events - `GET /events` -: Get events from docker, either in real time via streaming, or via - polling (using since) +`GET /events` + +Get events from docker, either in real time via streaming, or via +polling (using since) **Example request**: @@ -1070,35 +1096,35 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -## [3. Going further](#id36) +# 3. Going further -### [3.1 Inside ‘docker run’](#id37) +## 3.1 Inside `docker run` -Here are the steps of ‘docker run’ : +Here are the steps of `docker run` : -- Create the container + - Create the container -- If the status code is 404, it means the image doesn’t exists: - : - Try to pull it - - Then retry to create the container + - If the status code is 404, it means the image doesn't exists: + - Try to pull it + - Then retry to create the container -- Start the container + - Start the container -- If you are not in detached mode: - : - Attach to the container, using logs=1 (to have stdout and - stderr from the container’s start) and stream=1 + - If you are not in detached mode: + - Attach to the container, using logs=1 (to have stdout and + stderr from the container's start) and stream=1 -- If in detached mode or only stdin is attached: - : - Display the container’s id + - If in detached mode or only stdin is attached: + - Display the container's id -### [3.2 Hijacking](#id38) +## 3.2 Hijacking In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. -### [3.3 CORS Requests](#id39) +## 3.3 CORS Requests To enable cross origin requests to the remote api add the flag "–api-enable-cors" when running docker in daemon mode. - docker -d -H="192.168.1.9:4243" --api-enable-cors + $ docker -d -H="192.168.1.9:4243" --api-enable-cors diff --git a/docs/sources/reference/api/archive/docker_remote_api_v1.5.md b/docs/sources/reference/api/docker_remote_api_v1.5.md similarity index 82% rename from docs/sources/reference/api/archive/docker_remote_api_v1.5.md rename to docs/sources/reference/api/docker_remote_api_v1.5.md index adef571b3f..08457bfd94 100644 --- a/docs/sources/reference/api/archive/docker_remote_api_v1.5.md +++ b/docs/sources/reference/api/docker_remote_api_v1.5.md @@ -2,24 +2,25 @@ page_title: Remote API v1.5 page_description: API Documentation for Docker page_keywords: API, Docker, rcli, REST, documentation -# [Docker Remote API v1.5](#id1) +# Docker Remote API v1.5 -## [1. Brief introduction](#id2) +# 1. Brief introduction -- The Remote API is replacing rcli -- Default port in the docker daemon is 4243 -- The API tends to be REST, but for some complex commands, like attach - or pull, the HTTP connection is hijacked to transport stdout stdin - and stderr +- The Remote API is replacing rcli +- Default port in the docker daemon is 4243 +- The API tends to be REST, but for some complex commands, like attach + or pull, the HTTP connection is hijacked to transport stdout stdin + and stderr -## [2. Endpoints](#id3) +# 2. Endpoints -### [2.1 Containers](#id4) +## 2.1 Containers -#### [List containers](#id5) +### List containers - `GET /containers/json` -: List containers +`GET /containers/json` + +List containers **Example request**: @@ -94,10 +95,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **400** – bad parameter - **500** – server error -#### [Create a container](#id6) +### Create a container - `POST /containers/create` -: Create a container +`POST /containers/create` + +Create a container **Example request**: @@ -142,7 +144,7 @@ page_keywords: API, Docker, rcli, REST, documentation   - - **config** – the container’s configuration + - **config** – the container's configuration Status Codes: @@ -151,10 +153,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **406** – impossible to attach (container not running) - **500** – server error -#### [Inspect a container](#id7) +### Inspect a container - `GET /containers/`(*id*)`/json` -: Return low-level information on the container `id` +`GET /containers/(id)/json` + +Return low-level information on the container `id` **Example request**: @@ -219,10 +222,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [List processes running inside a container](#id8) +### List processes running inside a container - `GET /containers/`(*id*)`/top` -: List processes running inside the container `id` +`GET /containers/(id)/top` + +List processes running inside the container `id` **Example request**: @@ -257,7 +261,7 @@ page_keywords: API, Docker, rcli, REST, documentation   - - **ps\_args** – ps arguments to use (eg. aux) + - **ps_args** – ps arguments to use (eg. aux) Status Codes: @@ -265,10 +269,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Inspect changes on a container’s filesystem](#id9) +### Inspect changes on a container's filesystem - `GET /containers/`(*id*)`/changes` -: Inspect changes on container `id` ‘s filesystem +`GET /containers/(id)/changes` + +Inspect changes on container `id`'s filesystem **Example request**: @@ -300,10 +305,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Export a container](#id10) +### Export a container - `GET /containers/`(*id*)`/export` -: Export the contents of container `id` +`GET /containers/(id)/export` + +Export the contents of container `id` **Example request**: @@ -322,10 +328,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Start a container](#id11) +### Start a container - `POST /containers/`(*id*)`/start` -: Start the container `id` +`POST /containers/(id)/start` + +Start the container `id` **Example request**: @@ -346,7 +353,7 @@ page_keywords: API, Docker, rcli, REST, documentation   - - **hostConfig** – the container’s host configuration (optional) + - **hostConfig** – the container's host configuration (optional) Status Codes: @@ -354,10 +361,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Stop a container](#id12) +### Stop a container - `POST /containers/`(*id*)`/stop` -: Stop the container `id` +`POST /containers/(id)/stop` + +Stop the container `id` **Example request**: @@ -379,10 +387,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Restart a container](#id13) +### Restart a container - `POST /containers/`(*id*)`/restart` -: Restart the container `id` +`POST /containers/(id)/restart` + +Restart the container `id` **Example request**: @@ -404,10 +413,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Kill a container](#id14) +### Kill a container - `POST /containers/`(*id*)`/kill` -: Kill the container `id` +`POST /containers/(id)/kill` + +Kill the container `id` **Example request**: @@ -423,10 +433,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Attach to a container](#id15) +### Attach to a container - `POST /containers/`(*id*)`/attach` -: Attach to the container `id` +`POST /containers/(id)/attach` + +Attach to the container `id` **Example request**: @@ -461,11 +472,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Wait a container](#id16) +### Wait a container - `POST /containers/`(*id*)`/wait` -: Block until container `id` stops, then returns - the exit code +`POST /containers/(id)/wait` + +Block until container `id` stops, then returns the exit code **Example request**: @@ -484,10 +495,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Remove a container](#id17) +### Remove a container - `DELETE /containers/`(*id*) -: Remove the container `id` from the filesystem +`DELETE /containers/(id)` + +Remove the container `id` from the filesystem **Example request**: @@ -511,10 +523,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Copy files or folders from a container](#id18) +### Copy files or folders from a container - `POST /containers/`(*id*)`/copy` -: Copy files or folders of container `id` +`POST /containers/(id)/copy` + +Copy files or folders of container `id` **Example request**: @@ -538,13 +551,13 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -### [2.2 Images](#id19) +## 2.2 Images -#### [List Images](#id20) +### List Images - `GET /images/`(*format*) -: List images `format` could be json or viz (json - default) +`GET /images/(format)` + +List images `format` could be json or viz (json default) **Example request**: @@ -614,11 +627,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **400** – bad parameter - **500** – server error -#### [Create an image](#id21) +### Create an image - `POST /images/create` -: Create an image, either by pull it from the registry or by importing - it +`POST /images/create` + +Create an image, either by pull it from the registry or by importing it **Example request**: @@ -653,11 +666,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Insert a file in an image](#id22) +### Insert a file in an image - `POST /images/`(*name*)`/insert` -: Insert a file from `url` in the image - `name` at `path` +`POST /images/(name)/insert` + +Insert a file from `url` in the image `name` at `path` **Example request**: @@ -678,10 +691,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Inspect an image](#id23) +### Inspect an image - `GET /images/`(*name*)`/json` -: Return low-level information on the image `name` +`GET /images/(name)/json` + +Return low-level information on the image `name` **Example request**: @@ -727,10 +741,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### [Get the history of an image](#id24) +### Get the history of an image - `GET /images/`(*name*)`/history` -: Return the history of the image `name` +`GET /images/(name)/history` + +Return the history of the image `name` **Example request**: @@ -760,10 +775,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### [Push an image on the registry](#id25) +### Push an image on the registry - `POST /images/`(*name*)`/push` -: Push the image `name` on the registry +`POST /images/(name)/push` + +Push the image `name` on the registry **Example request**: @@ -794,10 +810,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### [Tag an image into a repository](#id26) +### Tag an image into a repository - `POST /images/`(*name*)`/tag` -: Tag the image `name` into a repository +`POST /images/(name)/tag` + +Tag the image `name` into a repository **Example request**: @@ -822,10 +839,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **409** – conflict - **500** – server error -#### [Remove an image](#id27) +### Remove an image - `DELETE /images/`(*name*) -: Remove the image `name` from the filesystem +`DELETE /images/(name)` + +Remove the image `name` from the filesystem **Example request**: @@ -849,10 +867,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **409** – conflict - **500** – server error -#### [Search images](#id28) +### Search images - `GET /images/search` -: Search for an image in the docker index +`GET /images/search` + +Search for an image on [Docker.io](https://index.docker.io) **Example request**: @@ -889,12 +908,13 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -### [2.3 Misc](#id29) +## 2.3 Misc -#### [Build an image from Dockerfile via stdin](#id30) +### Build an image from Dockerfile via stdin - `POST /build` -: Build an image from Dockerfile via stdin +`POST /build` + +Build an image from Dockerfile via stdin **Example request**: @@ -931,10 +951,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Check auth configuration](#id31) +### Check auth configuration - `POST /auth` -: Get the default username and email +`POST /auth` + +Get the default username and email **Example request**: @@ -958,10 +979,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **204** – no error - **500** – server error -#### [Display system-wide information](#id32) +### Display system-wide information - `GET /info` -: Display system-wide information +`GET /info` + +Display system-wide information **Example request**: @@ -988,10 +1010,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Show the docker version information](#id33) +### Show the docker version information - `GET /version` -: Show the docker version information +`GET /version` + +Show the docker version information **Example request**: @@ -1013,10 +1036,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Create a new image from a container’s changes](#id34) +### Create a new image from a container's changes - `POST /commit` -: Create a new image from a container’s changes +`POST /commit` + +Create a new image from a container's changes **Example request**: @@ -1044,7 +1068,7 @@ page_keywords: API, Docker, rcli, REST, documentation - **tag** – tag - **m** – commit message - **author** – author (eg. "John Hannibal Smith - \<[hannibal@a-team.com](mailto:hannibal%40a-team.com)\>") + <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>") Status Codes: @@ -1052,11 +1076,12 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Monitor Docker’s events](#id35) +### Monitor Docker's events - `GET /events` -: Get events from docker, either in real time via streaming, or via - polling (using since) +`GET /events` + +Get events from docker, either in real time via streaming, or via +polling (using since) **Example request**: @@ -1083,30 +1108,30 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -## [3. Going further](#id36) +# 3. Going further -### [3.1 Inside ‘docker run’](#id37) +## 3.1 Inside `docker run` -Here are the steps of ‘docker run’ : +Here are the steps of `docker run`: -- Create the container -- If the status code is 404, it means the image doesn’t exists: \* Try - to pull it \* Then retry to create the container -- Start the container -- If you are not in detached mode: \* Attach to the container, using - logs=1 (to have stdout and stderr from the container’s start) and - stream=1 -- If in detached mode or only stdin is attached: \* Display the - container’s id + - Create the container + - If the status code is 404, it means the image doesn't exists: + Try to pull it - Then retry to create the container + - Start the container + - If you are not in detached mode: + Attach to the container, using logs=1 (to have stdout and stderr + from the container's start) and stream=1 + - If in detached mode or only stdin is attached: + Display the container's id -### [3.2 Hijacking](#id38) +## 3.2 Hijacking In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. -### [3.3 CORS Requests](#id39) +## 3.3 CORS Requests To enable cross origin requests to the remote api add the flag "–api-enable-cors" when running docker in daemon mode. - docker -d -H="192.168.1.9:4243" --api-enable-cors + $ docker -d -H="192.168.1.9:4243" --api-enable-cors diff --git a/docs/sources/reference/api/archive/docker_remote_api_v1.6.md b/docs/sources/reference/api/docker_remote_api_v1.6.md similarity index 84% rename from docs/sources/reference/api/archive/docker_remote_api_v1.6.md rename to docs/sources/reference/api/docker_remote_api_v1.6.md index 5bd0e46d50..bca09a3a0e 100644 --- a/docs/sources/reference/api/archive/docker_remote_api_v1.6.md +++ b/docs/sources/reference/api/docker_remote_api_v1.6.md @@ -2,27 +2,27 @@ page_title: Remote API v1.6 page_description: API Documentation for Docker page_keywords: API, Docker, rcli, REST, documentation -# [Docker Remote API v1.6](#id1) +# Docker Remote API v1.6 -## [1. Brief introduction](#id2) +# 1. Brief introduction -- The Remote API has replaced rcli -- The daemon listens on `unix:///var/run/docker.sock` -, but you can [*Bind Docker to another host/port or a Unix - socket*](../../../../use/basics/#bind-docker). -- The API tends to be REST, but for some complex commands, like - `attach` or `pull`, the HTTP - connection is hijacked to transport `stdout, stdin` - and `stderr` + - The Remote API has replaced rcli + - The daemon listens on `unix:///var/run/docker.sock` but you can + [*Bind Docker to another host/port or a Unix socket*]( + /use/basics/#bind-docker). + - The API tends to be REST, but for some complex commands, like `attach` + or `pull`, the HTTP connection is hijacked to transport `stdout, stdin` + and `stderr` -## [2. Endpoints](#id3) +# 2. Endpoints -### [2.1 Containers](#id4) +## 2.1 Containers -#### [List containers](#id5) +### List containers - `GET /containers/json` -: List containers +`GET /containers/json` + +List containers **Example request**: @@ -97,10 +97,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **400** – bad parameter - **500** – server error -#### [Create a container](#id6) +### Create a container - `POST /containers/create` -: Create a container +`POST /containers/create` + +Create a container **Example request**: @@ -144,7 +145,7 @@ page_keywords: API, Docker, rcli, REST, documentation   - - **config** – the container’s configuration + - **config** – the container's configuration Query Parameters: @@ -202,10 +203,11 @@ page_keywords: API, Docker, rcli, REST, documentation **Now you can ssh into your new container on port 11022.** -#### [Inspect a container](#id7) +### Inspect a container - `GET /containers/`(*id*)`/json` -: Return low-level information on the container `id` +`GET /containers/(id)/json` + +Return low-level information on the container `id` **Example request**: @@ -271,10 +273,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [List processes running inside a container](#id8) +### List processes running inside a container - `GET /containers/`(*id*)`/top` -: List processes running inside the container `id` +`GET /containers/(id)/top` + +List processes running inside the container `id` **Example request**: @@ -309,7 +312,7 @@ page_keywords: API, Docker, rcli, REST, documentation   - - **ps\_args** – ps arguments to use (eg. aux) + - **ps_args** – ps arguments to use (eg. aux) Status Codes: @@ -317,10 +320,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Inspect changes on a container’s filesystem](#id9) +### Inspect changes on a container's filesystem - `GET /containers/`(*id*)`/changes` -: Inspect changes on container `id` ‘s filesystem +`GET /containers/(id)/changes` + +Inspect changes on container `id`'s filesystem **Example request**: @@ -352,10 +356,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Export a container](#id10) +### Export a container - `GET /containers/`(*id*)`/export` -: Export the contents of container `id` +`GET /containers/(id)/export` + +Export the contents of container `id` **Example request**: @@ -374,10 +379,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Start a container](#id11) +### Start a container - `POST /containers/`(*id*)`/start` -: Start the container `id` +`POST /containers/(id)/start` + +Start the container `id` **Example request**: @@ -403,7 +409,7 @@ page_keywords: API, Docker, rcli, REST, documentation   - - **hostConfig** – the container’s host configuration (optional) + - **hostConfig** – the container's host configuration (optional) Status Codes: @@ -411,10 +417,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Stop a container](#id12) +### Stop a container - `POST /containers/`(*id*)`/stop` -: Stop the container `id` +`POST /containers/(id)/stop` + +Stop the container `id` **Example request**: @@ -436,10 +443,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Restart a container](#id13) +### Restart a container - `POST /containers/`(*id*)`/restart` -: Restart the container `id` +`POST /containers/(id)/restart` + +Restart the container `id` **Example request**: @@ -461,10 +469,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Kill a container](#id14) +### Kill a container - `POST /containers/`(*id*)`/kill` -: Kill the container `id` +`POST /containers/(id)/kill` + +Kill the container `id` **Example request**: @@ -488,10 +497,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Attach to a container](#id15) +### Attach to a container - `POST /containers/`(*id*)`/attach` -: Attach to the container `id` +`POST /containers/(id)/attach` + +Attach to the container `id` **Example request**: @@ -530,8 +540,8 @@ page_keywords: API, Docker, rcli, REST, documentation When using the TTY setting is enabled in [`POST /containers/create` -](../../docker_remote_api_v1.9/#post--containers-create "POST /containers/create"), - the stream is the raw data from the process PTY and client’s stdin. + ](/api/docker_remote_api_v1.9/#post--containers-create "POST /containers/create"), + the stream is the raw data from the process PTY and client's stdin. When the TTY is disabled, then the stream is multiplexed to separate stdout and stderr. @@ -570,11 +580,11 @@ page_keywords: API, Docker, rcli, REST, documentation 4. Read the extracted size and output it on the correct output 5. Goto 1) -#### [Wait a container](#id16) +### Wait a container - `POST /containers/`(*id*)`/wait` -: Block until container `id` stops, then returns - the exit code +`POST /containers/(id)/wait` + +Block until container `id` stops, then returns the exit code **Example request**: @@ -593,10 +603,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Remove a container](#id17) +### Remove a container - `DELETE /containers/`(*id*) -: Remove the container `id` from the filesystem +`DELETE /containers/(id)` + +Remove the container `id` from the filesystem **Example request**: @@ -620,10 +631,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Copy files or folders from a container](#id18) +### Copy files or folders from a container - `POST /containers/`(*id*)`/copy` -: Copy files or folders of container `id` +`POST /containers/(id)/copy` + +Copy files or folders of container `id` **Example request**: @@ -647,13 +659,13 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -### [2.2 Images](#id19) +## 2.2 Images -#### [List Images](#id20) +### List Images - `GET /images/`(*format*) -: List images `format` could be json or viz (json - default) +`GET /images/(format)` + +List images `format` could be json or viz (json default) **Example request**: @@ -723,11 +735,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **400** – bad parameter - **500** – server error -#### [Create an image](#id21) +### Create an image - `POST /images/create` -: Create an image, either by pull it from the registry or by importing - it +`POST /images/create` + +Create an image, either by pull it from the registry or by importing it **Example request**: @@ -762,11 +774,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Insert a file in an image](#id22) +### Insert a file in an image - `POST /images/`(*name*)`/insert` -: Insert a file from `url` in the image - `name` at `path` +`POST /images/(name)/insert` + +Insert a file from `url` in the image `name` at `path` **Example request**: @@ -787,10 +799,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Inspect an image](#id23) +### Inspect an image - `GET /images/`(*name*)`/json` -: Return low-level information on the image `name` +`GET /images/(name)/json` + +Return low-level information on the image `name` **Example request**: @@ -836,10 +849,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### [Get the history of an image](#id24) +### Get the history of an image - `GET /images/`(*name*)`/history` -: Return the history of the image `name` +`GET /images/(name)/history` + +Return the history of the image `name` **Example request**: @@ -869,10 +883,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### [Push an image on the registry](#id25) +### Push an image on the registry - `POST /images/`(*name*)`/push` -: Push the image `name` on the registry +`POST /images/(name)/push` + +Push the image `name` on the registry **Example request**: @@ -900,10 +915,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error :statuscode 404: no such image :statuscode 500: server error -#### [Tag an image into a repository](#id26) +### Tag an image into a repository - `POST /images/`(*name*)`/tag` -: Tag the image `name` into a repository +`POST /images/(name)/tag` + +Tag the image `name` into a repository **Example request**: @@ -928,10 +944,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **409** – conflict - **500** – server error -#### [Remove an image](#id27) +### Remove an image - `DELETE /images/`(*name*) -: Remove the image `name` from the filesystem +`DELETE /images/(name)` + +Remove the image `name` from the filesystem **Example request**: @@ -955,10 +972,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **409** – conflict - **500** – server error -#### [Search images](#id28) +### Search images - `GET /images/search` -: Search for an image in the docker index +`GET /images/search` + +Search for an image on [Docker.io](https://index.docker.io) **Example request**: @@ -988,12 +1006,13 @@ page_keywords: API, Docker, rcli, REST, documentation :statuscode 200: no error :statuscode 500: server error -### [2.3 Misc](#id29) +## 2.3 Misc -#### [Build an image from Dockerfile via stdin](#id30) +### Build an image from Dockerfile via stdin - `POST /build` -: Build an image from Dockerfile via stdin +`POST /build` + +Build an image from Dockerfile via stdin **Example request**: @@ -1029,10 +1048,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Check auth configuration](#id31) +### Check auth configuration - `POST /auth` -: Get the default username and email +`POST /auth` + +Get the default username and email **Example request**: @@ -1056,10 +1076,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **204** – no error - **500** – server error -#### [Display system-wide information](#id32) +### Display system-wide information - `GET /info` -: Display system-wide information +`GET /info` + +Display system-wide information **Example request**: @@ -1086,10 +1107,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Show the docker version information](#id33) +### Show the docker version information - `GET /version` -: Show the docker version information +`GET /version` + +Show the docker version information **Example request**: @@ -1111,10 +1133,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Create a new image from a container’s changes](#id34) +### Create a new image from a container's changes - `POST /commit` -: Create a new image from a container’s changes +`POST /commit` + +Create a new image from a container's changes **Example request**: @@ -1142,7 +1165,7 @@ page_keywords: API, Docker, rcli, REST, documentation - **tag** – tag - **m** – commit message - **author** – author (eg. "John Hannibal Smith - \<[hannibal@a-team.com](mailto:hannibal%40a-team.com)\>") + <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>") Status Codes: @@ -1150,11 +1173,12 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Monitor Docker’s events](#id35) +### Monitor Docker's events - `GET /events` -: Get events from docker, either in real time via streaming, or via - polling (using since) +`GET /events` + +Get events from docker, either in real time via streaming, or via +polling (using since) **Example request**: @@ -1181,35 +1205,35 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -## [3. Going further](#id36) +# 3. Going further -### [3.1 Inside ‘docker run’](#id37) +## 3.1 Inside `docker run` -Here are the steps of ‘docker run’ : +Here are the steps of `docker run` : - Create the container -- If the status code is 404, it means the image doesn’t exists: - : - Try to pull it +- If the status code is 404, it means the image doesn't exists: + - Try to pull it - Then retry to create the container - Start the container - If you are not in detached mode: - : - Attach to the container, using logs=1 (to have stdout and - stderr from the container’s start) and stream=1 + - Attach to the container, using logs=1 (to have stdout and + stderr from the container's start) and stream=1 - If in detached mode or only stdin is attached: - : - Display the container’s id + - Display the container's id -### [3.2 Hijacking](#id38) +## 3.2 Hijacking In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. -### [3.3 CORS Requests](#id39) +## 3.3 CORS Requests To enable cross origin requests to the remote api add the flag "–api-enable-cors" when running docker in daemon mode. - docker -d -H="192.168.1.9:4243" --api-enable-cors + $ docker -d -H="192.168.1.9:4243" --api-enable-cors diff --git a/docs/sources/reference/api/archive/docker_remote_api_v1.7.md b/docs/sources/reference/api/docker_remote_api_v1.7.md similarity index 82% rename from docs/sources/reference/api/archive/docker_remote_api_v1.7.md rename to docs/sources/reference/api/docker_remote_api_v1.7.md index ac02aa5d0e..818fbba11c 100644 --- a/docs/sources/reference/api/archive/docker_remote_api_v1.7.md +++ b/docs/sources/reference/api/docker_remote_api_v1.7.md @@ -2,27 +2,27 @@ page_title: Remote API v1.7 page_description: API Documentation for Docker page_keywords: API, Docker, rcli, REST, documentation -# [Docker Remote API v1.7](#id1) +# Docker Remote API v1.7 -## [1. Brief introduction](#id2) +# 1. Brief introduction -- The Remote API has replaced rcli -- The daemon listens on `unix:///var/run/docker.sock` -, but you can [*Bind Docker to another host/port or a Unix - socket*](../../../../use/basics/#bind-docker). -- The API tends to be REST, but for some complex commands, like - `attach` or `pull`, the HTTP - connection is hijacked to transport `stdout, stdin` - and `stderr` + - The Remote API has replaced rcli + - The daemon listens on `unix:///var/run/docker.sock` but you can + [*Bind Docker to another host/port or a Unix socket*]( + /use/basics/#bind-docker). + - The API tends to be REST, but for some complex commands, like `attach` + or `pull`, the HTTP connection is hijacked to transport `stdout, stdin` + and `stderr` -## [2. Endpoints](#id3) +# 2. Endpoints -### [2.1 Containers](#id4) +## 2.1 Containers -#### [List containers](#id5) +### List containers - `GET /containers/json` -: List containers +`GET /containers/json` + +List containers **Example request**: @@ -97,10 +97,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **400** – bad parameter - **500** – server error -#### [Create a container](#id6) +### Create a container - `POST /containers/create` -: Create a container +`POST /containers/create` + +Create a container **Example request**: @@ -149,7 +150,7 @@ page_keywords: API, Docker, rcli, REST, documentation   - - **config** – the container’s configuration + - **config** – the container's configuration Status Codes: @@ -158,10 +159,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **406** – impossible to attach (container not running) - **500** – server error -#### [Inspect a container](#id7) +### Inspect a container - `GET /containers/`(*id*)`/json` -: Return low-level information on the container `id` +`GET /containers/(id)/json` + +Return low-level information on the container `id` **Example request**: @@ -227,10 +229,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [List processes running inside a container](#id8) +### List processes running inside a container - `GET /containers/`(*id*)`/top` -: List processes running inside the container `id` +`GET /containers/(id)/top` + +List processes running inside the container `id` **Example request**: @@ -265,7 +268,7 @@ page_keywords: API, Docker, rcli, REST, documentation   - - **ps\_args** – ps arguments to use (eg. aux) + - **ps_args** – ps arguments to use (eg. aux) Status Codes: @@ -273,10 +276,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Inspect changes on a container’s filesystem](#id9) +### Inspect changes on a container's filesystem - `GET /containers/`(*id*)`/changes` -: Inspect changes on container `id` ‘s filesystem +`GET /containers/(id)/changes` + +Inspect changes on container `id`'s filesystem **Example request**: @@ -308,10 +312,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Export a container](#id10) +### Export a container - `GET /containers/`(*id*)`/export` -: Export the contents of container `id` +`GET /containers/(id)/export` + +Export the contents of container `id` **Example request**: @@ -330,10 +335,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Start a container](#id11) +### Start a container - `POST /containers/`(*id*)`/start` -: Start the container `id` +`POST /containers/(id)/start` + +Start the container `id` **Example request**: @@ -360,7 +366,7 @@ page_keywords: API, Docker, rcli, REST, documentation   - - **hostConfig** – the container’s host configuration (optional) + - **hostConfig** – the container's host configuration (optional) Status Codes: @@ -368,10 +374,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Stop a container](#id12) +### Stop a container - `POST /containers/`(*id*)`/stop` -: Stop the container `id` +`POST /containers/(id)/stop` + +Stop the container `id` **Example request**: @@ -393,10 +400,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Restart a container](#id13) +### Restart a container - `POST /containers/`(*id*)`/restart` -: Restart the container `id` +`POST /containers/(id)/restart` + +Restart the container `id` **Example request**: @@ -418,10 +426,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Kill a container](#id14) +### Kill a container - `POST /containers/`(*id*)`/kill` -: Kill the container `id` +`POST /containers/(id)/kill` + +Kill the container `id` **Example request**: @@ -437,10 +446,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Attach to a container](#id15) +### Attach to a container - `POST /containers/`(*id*)`/attach` -: Attach to the container `id` +`POST /containers/(id)/attach` + +Attach to the container `id` **Example request**: @@ -479,8 +489,8 @@ page_keywords: API, Docker, rcli, REST, documentation When using the TTY setting is enabled in [`POST /containers/create` -](../../docker_remote_api_v1.9/#post--containers-create "POST /containers/create"), - the stream is the raw data from the process PTY and client’s stdin. + ](/api/docker_remote_api_v1.9/#post--containers-create "POST /containers/create"), + the stream is the raw data from the process PTY and client's stdin. When the TTY is disabled, then the stream is multiplexed to separate stdout and stderr. @@ -519,11 +529,11 @@ page_keywords: API, Docker, rcli, REST, documentation 4. Read the extracted size and output it on the correct output 5. Goto 1) -#### [Wait a container](#id16) +### Wait a container - `POST /containers/`(*id*)`/wait` -: Block until container `id` stops, then returns - the exit code +`POST /containers/(id)/wait` + +Block until container `id` stops, then returns the exit code **Example request**: @@ -542,10 +552,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Remove a container](#id17) +### Remove a container - `DELETE /containers/`(*id*) -: Remove the container `id` from the filesystem +`DELETE /containers/(id)` + +Remove the container `id` from the filesystem **Example request**: @@ -569,10 +580,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Copy files or folders from a container](#id18) +### Copy files or folders from a container - `POST /containers/`(*id*)`/copy` -: Copy files or folders of container `id` +`POST /containers/(id)/copy` + +Copy files or folders of container `id` **Example request**: @@ -596,12 +608,13 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -### [2.2 Images](#id19) +## 2.2 Images -#### [List Images](#id20) +### List Images - `GET /images/json` -: **Example request**: +`GET /images/json` + +**Example request**: GET /images/json?all=0 HTTP/1.1 @@ -635,11 +648,11 @@ page_keywords: API, Docker, rcli, REST, documentation } ] -#### [Create an image](#id21) +### Create an image - `POST /images/create` -: Create an image, either by pull it from the registry or by importing - it +`POST /images/create` + +Create an image, either by pull it from the registry or by importing it **Example request**: @@ -680,11 +693,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Insert a file in an image](#id22) +### Insert a file in an image - `POST /images/`(*name*)`/insert` -: Insert a file from `url` in the image - `name` at `path` +`POST /images/(name)/insert` + +Insert a file from `url` in the image `name` at `path` **Example request**: @@ -705,10 +718,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Inspect an image](#id23) +### Inspect an image - `GET /images/`(*name*)`/json` -: Return low-level information on the image `name` +`GET /images/(name)/json` + +Return low-level information on the image `name` **Example request**: @@ -754,10 +768,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### [Get the history of an image](#id24) +### Get the history of an image - `GET /images/`(*name*)`/history` -: Return the history of the image `name` +`GET /images/(name)/history` + +Return the history of the image `name` **Example request**: @@ -787,10 +802,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### [Push an image on the registry](#id25) +### Push an image on the registry - `POST /images/`(*name*)`/push` -: Push the image `name` on the registry +`POST /images/(name)/push` + +Push the image `name` on the registry **Example request**: @@ -825,10 +841,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### [Tag an image into a repository](#id26) +### Tag an image into a repository - `POST /images/`(*name*)`/tag` -: Tag the image `name` into a repository +`POST /images/(name)/tag` + +Tag the image `name` into a repository **Example request**: @@ -853,10 +870,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **409** – conflict - **500** – server error -#### [Remove an image](#id27) +### Remove an image - `DELETE /images/`(*name*) -: Remove the image `name` from the filesystem +`DELETE /images/(name)` + +Remove the image `name` from the filesystem **Example request**: @@ -880,14 +898,15 @@ page_keywords: API, Docker, rcli, REST, documentation - **409** – conflict - **500** – server error -#### [Search images](#id28) +### Search images - `GET /images/search` -: Search for an image in the docker index. +`GET /images/search` + +Search for an image on [Docker.io](https://index.docker.io). > **Note**: > The response keys have changed from API v1.6 to reflect the JSON -> sent by the registry server to the docker daemon’s request. +> sent by the registry server to the docker daemon's request. **Example request**: @@ -934,12 +953,13 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -### [2.3 Misc](#id29) +## 2.3 Misc -#### [Build an image from Dockerfile via stdin](#id30) +### Build an image from Dockerfile via stdin - `POST /build` -: Build an image from Dockerfile via stdin +`POST /build` + +Build an image from Dockerfile via stdin **Example request**: @@ -958,9 +978,9 @@ page_keywords: API, Docker, rcli, REST, documentation following algorithms: identity (no compression), gzip, bzip2, xz. The archive must include a file called `Dockerfile` - at its root. It may include any number of other files, + at its root. It may include any number of other files, which will be accessible in the build context (See the [*ADD build - command*](../../../builder/#dockerbuilder)). + command*](/builder/#dockerbuilder)). Query Parameters: @@ -983,10 +1003,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Check auth configuration](#id31) +### Check auth configuration - `POST /auth` -: Get the default username and email +`POST /auth` + +Get the default username and email **Example request**: @@ -1010,10 +1031,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **204** – no error - **500** – server error -#### [Display system-wide information](#id32) +### Display system-wide information - `GET /info` -: Display system-wide information +`GET /info` + +Display system-wide information **Example request**: @@ -1040,10 +1062,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Show the docker version information](#id33) +### Show the docker version information - `GET /version` -: Show the docker version information +`GET /version` + +Show the docker version information **Example request**: @@ -1065,10 +1088,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Create a new image from a container’s changes](#id34) +### Create a new image from a container's changes - `POST /commit` -: Create a new image from a container’s changes +`POST /commit` + +Create a new image from a container's changes **Example request**: @@ -1090,7 +1114,7 @@ page_keywords: API, Docker, rcli, REST, documentation - **tag** – tag - **m** – commit message - **author** – author (eg. "John Hannibal Smith - \<[hannibal@a-team.com](mailto:hannibal%40a-team.com)\>") + <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>") - **run** – config automatically applied when the image is run. (ex: {"Cmd": ["cat", "/world"], "PortSpecs":["22"]}) @@ -1100,11 +1124,12 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Monitor Docker’s events](#id35) +### Monitor Docker's events - `GET /events` -: Get events from docker, either in real time via streaming, or via - polling (using since) +`GET /events` + +Get events from docker, either in real time via streaming, or via +polling (using since) **Example request**: @@ -1131,11 +1156,12 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Get a tarball containing all images and tags in a repository](#id36) +### Get a tarball containing all images and tags in a repository - `GET /images/`(*name*)`/get` -: Get a tarball containing all images and metadata for the repository - specified by `name`. +`GET /images/(name)/get` + +Get a tarball containing all images and metadata for the repository +specified by `name`. **Example request** @@ -1152,10 +1178,11 @@ page_keywords: API, Docker, rcli, REST, documentation :statuscode 200: no error :statuscode 500: server error -#### [Load a tarball with a set of images and tags into docker](#id37) +### Load a tarball with a set of images and tags into docker - `POST /images/load` -: Load a set of images and tags into the docker repository. +`POST /images/load` + +Load a set of images and tags into the docker repository. **Example request** @@ -1172,35 +1199,35 @@ page_keywords: API, Docker, rcli, REST, documentation :statuscode 200: no error :statuscode 500: server error -## [3. Going further](#id38) +# 3. Going further -### [3.1 Inside ‘docker run’](#id39) +## 3.1 Inside `docker run` -Here are the steps of ‘docker run’ : +Here are the steps of `docker run` : - Create the container -- If the status code is 404, it means the image doesn’t exists: - : - Try to pull it +- If the status code is 404, it means the image doesn't exists: + - Try to pull it - Then retry to create the container - Start the container - If you are not in detached mode: - : - Attach to the container, using logs=1 (to have stdout and - stderr from the container’s start) and stream=1 + - Attach to the container, using logs=1 (to have stdout and + stderr from the container's start) and stream=1 - If in detached mode or only stdin is attached: - : - Display the container’s id + - Display the container's id -### [3.2 Hijacking](#id40) +## 3.2 Hijacking In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. -### [3.3 CORS Requests](#id41) +## 3.3 CORS Requests To enable cross origin requests to the remote api add the flag "–api-enable-cors" when running docker in daemon mode. - docker -d -H="192.168.1.9:4243" --api-enable-cors + $ docker -d -H="192.168.1.9:4243" --api-enable-cors diff --git a/docs/sources/reference/api/archive/docker_remote_api_v1.8.md b/docs/sources/reference/api/docker_remote_api_v1.8.md similarity index 83% rename from docs/sources/reference/api/archive/docker_remote_api_v1.8.md rename to docs/sources/reference/api/docker_remote_api_v1.8.md index eb29699e62..0d2997693c 100644 --- a/docs/sources/reference/api/archive/docker_remote_api_v1.8.md +++ b/docs/sources/reference/api/docker_remote_api_v1.8.md @@ -2,27 +2,27 @@ page_title: Remote API v1.8 page_description: API Documentation for Docker page_keywords: API, Docker, rcli, REST, documentation -# [Docker Remote API v1.8](#id1) +# Docker Remote API v1.8 -## [1. Brief introduction](#id2) +# 1. Brief introduction -- The Remote API has replaced rcli -- The daemon listens on `unix:///var/run/docker.sock` -, but you can [*Bind Docker to another host/port or a Unix - socket*](../../../../use/basics/#bind-docker). -- The API tends to be REST, but for some complex commands, like - `attach` or `pull`, the HTTP - connection is hijacked to transport `stdout, stdin` - and `stderr` + - The Remote API has replaced rcli + - The daemon listens on `unix:///var/run/docker.sock` but you can + [*Bind Docker to another host/port or a Unix socket*]( + /use/basics/#bind-docker). + - The API tends to be REST, but for some complex commands, like `attach` + or `pull`, the HTTP connection is hijacked to transport `stdout, stdin` + and `stderr` -## [2. Endpoints](#id3) +# 2. Endpoints -### [2.1 Containers](#id4) +## 2.1 Containers -#### [List containers](#id5) +### List containers - `GET /containers/json` -: List containers +`GET /containers/json` + +List containers **Example request**: @@ -97,10 +97,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **400** – bad parameter - **500** – server error -#### [Create a container](#id6) +### Create a container - `POST /containers/create` -: Create a container +`POST /containers/create` + +Create a container **Example request**: @@ -179,11 +180,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **406** – impossible to attach (container not running) - **500** – server error -#### [Inspect a container](#id7) +### Inspect a container - `GET /containers/`(*id*)`/json` -: Return low-level information on the container `id` +`GET /containers/(id)/json` +Return low-level information on the container `id` **Example request**: @@ -264,10 +265,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [List processes running inside a container](#id8) +### List processes running inside a container - `GET /containers/`(*id*)`/top` -: List processes running inside the container `id` +`GET /containers/(id)/top` + +List processes running inside the container `id` **Example request**: @@ -302,7 +304,7 @@ page_keywords: API, Docker, rcli, REST, documentation   - - **ps\_args** – ps arguments to use (eg. aux) + - **ps_args** – ps arguments to use (eg. aux) Status Codes: @@ -310,10 +312,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Inspect changes on a container’s filesystem](#id9) +### Inspect changes on a container's filesystem - `GET /containers/`(*id*)`/changes` -: Inspect changes on container `id` ‘s filesystem +`GET /containers/(id)/changes` + +Inspect changes on container `id`'s filesystem **Example request**: @@ -345,10 +348,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Export a container](#id10) +### Export a container - `GET /containers/`(*id*)`/export` -: Export the contents of container `id` +`GET /containers/(id)/export` + +Export the contents of container `id` **Example request**: @@ -367,10 +371,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Start a container](#id11) +### Start a container - `POST /containers/`(*id*)`/start` -: Start the container `id` +`POST /containers/(id)/start` + +Start the container `id` **Example request**: @@ -411,10 +416,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Stop a container](#id12) +### Stop a container - `POST /containers/`(*id*)`/stop` -: Stop the container `id` +`POST /containers/(id)/stop` + +Stop the container `id` **Example request**: @@ -436,10 +442,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Restart a container](#id13) +### Restart a container - `POST /containers/`(*id*)`/restart` -: Restart the container `id` +`POST /containers/(id)/restart` + +Restart the container `id` **Example request**: @@ -461,10 +468,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Kill a container](#id14) +### Kill a container - `POST /containers/`(*id*)`/kill` -: Kill the container `id` +`POST /containers/(id)/kill` + +Kill the container `id` **Example request**: @@ -480,10 +488,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Attach to a container](#id15) +### Attach to a container - `POST /containers/`(*id*)`/attach` -: Attach to the container `id` +`POST /containers/(id)/attach` + +Attach to the container `id` **Example request**: @@ -522,8 +531,8 @@ page_keywords: API, Docker, rcli, REST, documentation When using the TTY setting is enabled in [`POST /containers/create` -](../../docker_remote_api_v1.9/#post--containers-create "POST /containers/create"), - the stream is the raw data from the process PTY and client’s stdin. + ](/api/docker_remote_api_v1.9/#post--containers-create "POST /containers/create"), + the stream is the raw data from the process PTY and client's stdin. When the TTY is disabled, then the stream is multiplexed to separate stdout and stderr. @@ -562,11 +571,11 @@ page_keywords: API, Docker, rcli, REST, documentation 4. Read the extracted size and output it on the correct output 5. Goto 1) -#### [Wait a container](#id16) +### Wait a container - `POST /containers/`(*id*)`/wait` -: Block until container `id` stops, then returns - the exit code +`POST /containers/(id)/wait` + +Block until container `id` stops, then returns the exit code **Example request**: @@ -585,10 +594,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Remove a container](#id17) +### Remove a container - `DELETE /containers/`(*id*) -: Remove the container `id` from the filesystem +`DELETE /containers/(id)` + +Remove the container `id` from the filesystem **Example request**: @@ -612,10 +622,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Copy files or folders from a container](#id18) +### Copy files or folders from a container - `POST /containers/`(*id*)`/copy` -: Copy files or folders of container `id` +`POST /containers/(id)/copy` + +Copy files or folders of container `id` **Example request**: @@ -639,12 +650,13 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -### [2.2 Images](#id19) +## 2.2 Images -#### [List Images](#id20) +### List Images - `GET /images/json` -: **Example request**: +`GET /images/json` + +**Example request**: GET /images/json?all=0 HTTP/1.1 @@ -678,11 +690,11 @@ page_keywords: API, Docker, rcli, REST, documentation } ] -#### [Create an image](#id21) +### Create an image - `POST /images/create` -: Create an image, either by pull it from the registry or by importing - it +`POST /images/create` + +Create an image, either by pull it from the registry or by importing it **Example request**: @@ -723,11 +735,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Insert a file in an image](#id22) +### Insert a file in an image - `POST /images/`(*name*)`/insert` -: Insert a file from `url` in the image - `name` at `path` +`POST /images/(name)/insert` + +Insert a file from `url` in the image `name` at `path` **Example request**: @@ -748,10 +760,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Inspect an image](#id23) +### Inspect an image - `GET /images/`(*name*)`/json` -: Return low-level information on the image `name` +`GET /images/(name)/json` + +Return low-level information on the image `name` **Example request**: @@ -797,10 +810,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### [Get the history of an image](#id24) +### Get the history of an image - `GET /images/`(*name*)`/history` -: Return the history of the image `name` +`GET /images/(name)/history` + +Return the history of the image `name` **Example request**: @@ -830,10 +844,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### [Push an image on the registry](#id25) +### Push an image on the registry - `POST /images/`(*name*)`/push` -: Push the image `name` on the registry +`POST /images/(name)/push` + +Push the image `name` on the registry **Example request**: @@ -868,10 +883,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### [Tag an image into a repository](#id26) +### Tag an image into a repository - `POST /images/`(*name*)`/tag` -: Tag the image `name` into a repository +`POST /images/(name)/tag` + +Tag the image `name` into a repository **Example request**: @@ -896,10 +912,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **409** – conflict - **500** – server error -#### [Remove an image](#id27) +### Remove an image - `DELETE /images/`(*name*) -: Remove the image `name` from the filesystem +`DELETE /images/(name)` + +Remove the image `name` from the filesystem **Example request**: @@ -923,14 +940,15 @@ page_keywords: API, Docker, rcli, REST, documentation - **409** – conflict - **500** – server error -#### [Search images](#id28) +### Search images - `GET /images/search` -: Search for an image in the docker index. +`GET /images/search` + +Search for an image on [Docker.io](https://index.docker.io). > **Note**: > The response keys have changed from API v1.6 to reflect the JSON -> sent by the registry server to the docker daemon’s request. +> sent by the registry server to the docker daemon's request. **Example request**: @@ -977,12 +995,13 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -### [2.3 Misc](#id29) +## 2.3 Misc -#### [Build an image from Dockerfile via stdin](#id30) +### Build an image from Dockerfile via stdin - `POST /build` -: Build an image from Dockerfile via stdin +`POST /build` + +Build an image from Dockerfile via stdin **Example request**: @@ -1003,9 +1022,9 @@ page_keywords: API, Docker, rcli, REST, documentation following algorithms: identity (no compression), gzip, bzip2, xz. The archive must include a file called `Dockerfile` - at its root. It may include any number of other files, + at its root. It may include any number of other files, which will be accessible in the build context (See the [*ADD build - command*](../../../builder/#dockerbuilder)). + command*](/reference/builder/#dockerbuilder)). Query Parameters: @@ -1029,10 +1048,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Check auth configuration](#id31) +### Check auth configuration - `POST /auth` -: Get the default username and email +`POST /auth` + +Get the default username and email **Example request**: @@ -1056,10 +1076,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **204** – no error - **500** – server error -#### [Display system-wide information](#id32) +### Display system-wide information - `GET /info` -: Display system-wide information +`GET /info` + +Display system-wide information **Example request**: @@ -1086,10 +1107,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Show the docker version information](#id33) +### Show the docker version information - `GET /version` -: Show the docker version information +`GET /version` + +Show the docker version information **Example request**: @@ -1111,10 +1133,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Create a new image from a container’s changes](#id34) +### Create a new image from a container's changes - `POST /commit` -: Create a new image from a container’s changes +`POST /commit` + +Create a new image from a container's changes **Example request**: @@ -1136,7 +1159,7 @@ page_keywords: API, Docker, rcli, REST, documentation - **tag** – tag - **m** – commit message - **author** – author (eg. "John Hannibal Smith - \<[hannibal@a-team.com](mailto:hannibal%40a-team.com)\>") + <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>") - **run** – config automatically applied when the image is run. (ex: {"Cmd": ["cat", "/world"], "PortSpecs":["22"]}) @@ -1146,11 +1169,12 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### [Monitor Docker’s events](#id35) +### Monitor Docker's events - `GET /events` -: Get events from docker, either in real time via streaming, or via - polling (using since) +`GET /events` + +Get events from docker, either in real time via streaming, +or via polling (using since) **Example request**: @@ -1177,11 +1201,12 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Get a tarball containing all images and tags in a repository](#id36) +### Get a tarball containing all images and tags in a repository - `GET /images/`(*name*)`/get` -: Get a tarball containing all images and metadata for the repository - specified by `name`. +`GET /images/(name)/get` + +Get a tarball containing all images and metadata for the repository +specified by `name`. **Example request** @@ -1199,10 +1224,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### [Load a tarball with a set of images and tags into docker](#id37) +### Load a tarball with a set of images and tags into docker - `POST /images/load` -: Load a set of images and tags into the docker repository. +`POST /images/load` + +Load a set of images and tags into the docker repository. **Example request** @@ -1219,35 +1245,35 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -## [3. Going further](#id38) +# 3. Going further -### [3.1 Inside ‘docker run’](#id39) +## 3.1 Inside `docker run` -Here are the steps of ‘docker run’ : +Here are the steps of `docker run`: -- Create the container + - Create the container -- If the status code is 404, it means the image doesn’t exists: - : - Try to pull it - - Then retry to create the container + - If the status code is 404, it means the image doesn't exists: + - Try to pull it + - Then retry to create the container -- Start the container + - Start the container -- If you are not in detached mode: - : - Attach to the container, using logs=1 (to have stdout and - stderr from the container’s start) and stream=1 + - If you are not in detached mode: + - Attach to the container, using logs=1 (to have stdout and + stderr from the container's start) and stream=1 -- If in detached mode or only stdin is attached: - : - Display the container’s id + - If in detached mode or only stdin is attached: + - Display the container's id -### [3.2 Hijacking](#id40) +## 3.2 Hijacking In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. -### [3.3 CORS Requests](#id41) +## 3.3 CORS Requests To enable cross origin requests to the remote api add the flag "–api-enable-cors" when running docker in daemon mode. - docker -d -H="192.168.1.9:4243" --api-enable-cors + $ docker -d -H="192.168.1.9:4243" --api-enable-cors diff --git a/docs/sources/reference/api/docker_remote_api_v1.9.md b/docs/sources/reference/api/docker_remote_api_v1.9.md index aaa8dc194b..d8be62a7a7 100644 --- a/docs/sources/reference/api/docker_remote_api_v1.9.md +++ b/docs/sources/reference/api/docker_remote_api_v1.9.md @@ -4,25 +4,25 @@ page_keywords: API, Docker, rcli, REST, documentation # Docker Remote API v1.9 -## 1. Brief introduction +# 1. Brief introduction -- The Remote API has replaced rcli -- The daemon listens on `unix:///var/run/docker.sock` -, but you can [*Bind Docker to another host/port or a Unix - socket*](../../../use/basics/#bind-docker). -- The API tends to be REST, but for some complex commands, like - `attach` or `pull`, the HTTP - connection is hijacked to transport `stdout, stdin` - and `stderr` + - The Remote API has replaced rcli + - The daemon listens on `unix:///var/run/docker.sock` but you can + [*Bind Docker to another host/port or a Unix socket*]( + /use/basics/#bind-docker). + - The API tends to be REST, but for some complex commands, like `attach` + or `pull`, the HTTP connection is hijacked to transport `stdout, stdin` + and `stderr` -## 2. Endpoints +# 2. Endpoints -### 2.1 Containers +## 2.1 Containers -#### List containers +### List containers - `GET /containers/json` -: List containers +`GET /containers/json` + +List containers. **Example request**: @@ -97,10 +97,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **400** – bad parameter - **500** – server error -#### Create a container +### Create a container - `POST /containers/create` -: Create a container +`POST /containers/create` + +Create a container **Example request**: @@ -179,11 +180,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **406** – impossible to attach (container not running) - **500** – server error -#### Inspect a container +### Inspect a container - `GET /containers/`(*id*)`/json` -: Return low-level information on the container `id` +`GET /containers/(id)/json` +Return low-level information on the container `id` **Example request**: @@ -264,10 +265,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### List processes running inside a container +### List processes running inside a container - `GET /containers/`(*id*)`/top` -: List processes running inside the container `id` +`GET /containers/(id)/top` + +List processes running inside the container `id` **Example request**: @@ -302,7 +304,7 @@ page_keywords: API, Docker, rcli, REST, documentation   - - **ps\_args** – ps arguments to use (eg. aux) + - **ps_args** – ps arguments to use (eg. aux) Status Codes: @@ -310,10 +312,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### Inspect changes on a container’s filesystem +### Inspect changes on a container's filesystem - `GET /containers/`(*id*)`/changes` -: Inspect changes on container `id` ‘s filesystem +`GET /containers/(id)/changes` + +Inspect changes on container `id`'s filesystem **Example request**: @@ -345,10 +348,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### Export a container +### Export a container - `GET /containers/`(*id*)`/export` -: Export the contents of container `id` +`GET /containers/(id)/export` + +Export the contents of container `id` **Example request**: @@ -367,10 +371,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### Start a container +### Start a container - `POST /containers/`(*id*)`/start` -: Start the container `id` +`POST /containers/(id)/start` + +Start the container `id` **Example request**: @@ -411,10 +416,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### Stop a container +### Stop a container - `POST /containers/`(*id*)`/stop` -: Stop the container `id` +`POST /containers/(id)/stop` + +Stop the container `id` **Example request**: @@ -436,10 +442,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### Restart a container +### Restart a container - `POST /containers/`(*id*)`/restart` -: Restart the container `id` +`POST /containers/(id)/restart` + +Restart the container `id` **Example request**: @@ -461,10 +468,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### Kill a container +### Kill a container - `POST /containers/`(*id*)`/kill` -: Kill the container `id` +`POST /containers/(id)/kill` + +Kill the container `id` **Example request**: @@ -474,16 +482,22 @@ page_keywords: API, Docker, rcli, REST, documentation HTTP/1.1 204 OK + Query Parameters + + - **signal** - Signal to send to the container: integer or string like "SIGINT". + When not set, SIGKILL is assumed and the call will waits for the container to exit. + Status Codes: - **204** – no error - **404** – no such container - **500** – server error -#### Attach to a container +### Attach to a container - `POST /containers/`(*id*)`/attach` -: Attach to the container `id` +`POST /containers/(id)/attach` + +Attach to the container `id` **Example request**: @@ -521,9 +535,8 @@ page_keywords: API, Docker, rcli, REST, documentation **Stream details**: When using the TTY setting is enabled in - [`POST /containers/create` -](#post--containers-create "POST /containers/create"), the - stream is the raw data from the process PTY and client’s stdin. When + [`POST /containers/create`](#post--containers-create), the + stream is the raw data from the process PTY and client's stdin. When the TTY is disabled, then the stream is multiplexed to separate stdout and stderr. @@ -562,11 +575,11 @@ page_keywords: API, Docker, rcli, REST, documentation 4. Read the extracted size and output it on the correct output 5. Goto 1) -#### Wait a container +### Wait a container - `POST /containers/`(*id*)`/wait` -: Block until container `id` stops, then returns - the exit code +`POST /containers/(id)/wait` + +Block until container `id` stops, then returns the exit code **Example request**: @@ -585,10 +598,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### Remove a container +### Remove a container - `DELETE /containers/`(*id*) -: Remove the container `id` from the filesystem +`DELETE /containers/(id)` + +Remove the container `id` from the filesystem **Example request**: @@ -612,10 +626,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### Copy files or folders from a container +### Copy files or folders from a container - `POST /containers/`(*id*)`/copy` -: Copy files or folders of container `id` +`POST /containers/(id)/copy` + +Copy files or folders of container `id` **Example request**: @@ -639,12 +654,13 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -### 2.2 Images +## 2.2 Images -#### List Images +### List Images - `GET /images/json` -: **Example request**: +`GET /images/json` + +**Example request**: GET /images/json?all=0 HTTP/1.1 @@ -678,11 +694,11 @@ page_keywords: API, Docker, rcli, REST, documentation } ] -#### Create an image +### Create an image - `POST /images/create` -: Create an image, either by pull it from the registry or by importing - it +`POST /images/create` + +Create an image, either by pull it from the registry or by importing it **Example request**: @@ -723,11 +739,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### Insert a file in an image +### Insert a file in an image - `POST /images/`(*name*)`/insert` -: Insert a file from `url` in the image - `name` at `path` +`POST /images/(name)/insert` + +Insert a file from `url` in the image `name` at `path` **Example request**: @@ -748,10 +764,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### Inspect an image +### Inspect an image - `GET /images/`(*name*)`/json` -: Return low-level information on the image `name` +`GET /images/(name)/json` + +Return low-level information on the image `name` **Example request**: @@ -797,10 +814,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### Get the history of an image +### Get the history of an image - `GET /images/`(*name*)`/history` -: Return the history of the image `name` +`GET /images/(name)/history` + +Return the history of the image `name` **Example request**: @@ -830,10 +848,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### Push an image on the registry +### Push an image on the registry - `POST /images/`(*name*)`/push` -: Push the image `name` on the registry +`POST /images/(name)/push` + +Push the image `name` on the registry **Example request**: @@ -868,10 +887,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such image - **500** – server error -#### Tag an image into a repository +### Tag an image into a repository - `POST /images/`(*name*)`/tag` -: Tag the image `name` into a repository +`POST /images/(name)/tag` + +Tag the image `name` into a repository **Example request**: @@ -896,9 +916,9 @@ page_keywords: API, Docker, rcli, REST, documentation - **409** – conflict - **500** – server error -#### Remove an image +### Remove an image - `DELETE /images/`(*name*) +`DELETE /images/(name*) : Remove the image `name` from the filesystem **Example request**: @@ -923,14 +943,15 @@ page_keywords: API, Docker, rcli, REST, documentation - **409** – conflict - **500** – server error -#### Search images +### Search images - `GET /images/search` -: Search for an image in the docker index. +`GET /images/search` + +Search for an image on [Docker.io](https://index.docker.io). > **Note**: > The response keys have changed from API v1.6 to reflect the JSON -> sent by the registry server to the docker daemon’s request. +> sent by the registry server to the docker daemon's request. **Example request**: @@ -977,12 +998,13 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -### 2.3 Misc +## 2.3 Misc -#### Build an image from Dockerfile +### Build an image from Dockerfile - `POST /build` -: Build an image from Dockerfile using a POST body. +`POST /build` + +Build an image from Dockerfile using a POST body. **Example request**: @@ -1005,7 +1027,7 @@ page_keywords: API, Docker, rcli, REST, documentation The archive must include a file called `Dockerfile` at its root. It may include any number of other files, which will be accessible in the build context (See the [*ADD build - command*](../../builder/#dockerbuilder)). + command*](/reference/builder/#dockerbuilder)). Query Parameters: @@ -1030,10 +1052,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### Check auth configuration +### Check auth configuration - `POST /auth` -: Get the default username and email +`POST /auth` + +Get the default username and email **Example request**: @@ -1057,10 +1080,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **204** – no error - **500** – server error -#### Display system-wide information +### Display system-wide information - `GET /info` -: Display system-wide information +`GET /info` + +Display system-wide information **Example request**: @@ -1087,10 +1111,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### Show the docker version information +### Show the docker version information - `GET /version` -: Show the docker version information +`GET /version` + +Show the docker version information **Example request**: @@ -1112,14 +1137,42 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### Create a new image from a container’s changes +### Create a new image from a container's changes - `POST /commit` -: Create a new image from a container’s changes +`POST /commit` + +Create a new image from a container's changes **Example request**: POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 + Content-Type: application/json + + { + "Hostname":"", + "User":"", + "Memory":0, + "MemorySwap":0, + "AttachStdin":false, + "AttachStdout":true, + "AttachStderr":true, + "PortSpecs":null, + "Tty":false, + "OpenStdin":false, + "StdinOnce":false, + "Env":null, + "Cmd":[ + "date" + ], + "Volumes":{ + "/tmp": {} + }, + "WorkingDir":"", + "DisableNetwork": false, + "ExposedPorts":{ + "22/tcp": {} + } + } **Example response**: @@ -1128,6 +1181,12 @@ page_keywords: API, Docker, rcli, REST, documentation {"Id":"596069db4bf5"} + Json Parameters: + + + + - **config** - the container's configuration + Query Parameters:   @@ -1137,9 +1196,7 @@ page_keywords: API, Docker, rcli, REST, documentation - **tag** – tag - **m** – commit message - **author** – author (eg. "John Hannibal Smith - \<[hannibal@a-team.com](mailto:hannibal%40a-team.com)\>") - - **run** – config automatically applied when the image is run. - (ex: {"Cmd": ["cat", "/world"], "PortSpecs":["22"]}) + <[hannibal@a-team.com](mailto:hannibal%40a-team.com)>") Status Codes: @@ -1147,11 +1204,12 @@ page_keywords: API, Docker, rcli, REST, documentation - **404** – no such container - **500** – server error -#### Monitor Docker’s events +### Monitor Docker's events - `GET /events` -: Get events from docker, either in real time via streaming, or via - polling (using since) +`GET /events` + +Get events from docker, either in real time via streaming, or via +polling (using since) **Example request**: @@ -1178,11 +1236,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### Get a tarball containing all images and tags in a repository +### Get a tarball containing all images and tags in a repository - `GET /images/`(*name*)`/get` -: Get a tarball containing all images and metadata for the repository - specified by `name`. +`GET /images/(name)/get` + +Get a tarball containing all images and metadata for the repository specified by `name`. **Example request** @@ -1200,10 +1258,11 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -#### Load a tarball with a set of images and tags into docker +### Load a tarball with a set of images and tags into docker - `POST /images/load` -: Load a set of images and tags into the docker repository. +`POST /images/load` + +Load a set of images and tags into the docker repository. **Example request** @@ -1220,35 +1279,38 @@ page_keywords: API, Docker, rcli, REST, documentation - **200** – no error - **500** – server error -## 3. Going further +# 3. Going further -### 3.1 Inside ‘docker run’ +## 3.1 Inside `docker run` -Here are the steps of ‘docker run’ : +Here are the steps of `docker run` : -- Create the container + - Create the container -- If the status code is 404, it means the image doesn’t exists: - : - Try to pull it - - Then retry to create the container + - If the status code is 404, it means the image doesn't exists: -- Start the container + - Try to pull it + - Then retry to create the container -- If you are not in detached mode: - : - Attach to the container, using logs=1 (to have stdout and - stderr from the container’s start) and stream=1 + - Start the container -- If in detached mode or only stdin is attached: - : - Display the container’s id + - If you are not in detached mode: -### 3.2 Hijacking + - Attach to the container, using logs=1 (to have stdout and + - stderr from the container's start) and stream=1 + + - If in detached mode or only stdin is attached: + + - Display the container's id + +## 3.2 Hijacking In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. -### 3.3 CORS Requests +## 3.3 CORS Requests To enable cross origin requests to the remote api add the flag "–api-enable-cors" when running docker in daemon mode. - docker -d -H="192.168.1.9:4243" --api-enable-cors + $ docker -d -H="192.168.1.9:4243" --api-enable-cors diff --git a/docs/sources/reference/api/docker_remote_api_v1.9.rst b/docs/sources/reference/api/docker_remote_api_v1.9.rst deleted file mode 100644 index 4bbffcbd36..0000000000 --- a/docs/sources/reference/api/docker_remote_api_v1.9.rst +++ /dev/null @@ -1,1293 +0,0 @@ -:title: Remote API v1.9 -:description: API Documentation for Docker -:keywords: API, Docker, rcli, REST, documentation - -:orphan: - -====================== -Docker Remote API v1.9 -====================== - -1. Brief introduction -===================== - -- The Remote API has replaced rcli -- The daemon listens on ``unix:///var/run/docker.sock``, but you can - :ref:`bind_docker`. -- The API tends to be REST, but for some complex commands, like - ``attach`` or ``pull``, the HTTP connection is hijacked to transport - ``stdout, stdin`` and ``stderr`` - -2. Endpoints -============ - -2.1 Containers --------------- - -List containers -*************** - -.. http:get:: /containers/json - - List containers - - **Example request**: - - .. sourcecode:: http - - GET /containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id": "8dfafdbc3a40", - "Image": "base:latest", - "Command": "echo 1", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":[{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "9cd87474be90", - "Image": "base:latest", - "Command": "echo 222222", - "Created": 1367854155, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "3176a2479c92", - "Image": "base:latest", - "Command": "echo 3333333333333333", - "Created": 1367854154, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - }, - { - "Id": "4cb07b47f9fb", - "Image": "base:latest", - "Command": "echo 444444444444444444444444444444444", - "Created": 1367854152, - "Status": "Exit 0", - "Ports":[], - "SizeRw":12288, - "SizeRootFs":0 - } - ] - - :query all: 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default - :query limit: Show ``limit`` last created containers, include non-running ones. - :query since: Show only containers created since Id, include non-running ones. - :query before: Show only containers created before Id, include non-running ones. - :query size: 1/True/true or 0/False/false, Show the containers sizes - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 500: server error - - -Create a container -****************** - -.. http:post:: /containers/create - - Create a container - - **Example request**: - - .. sourcecode:: http - - POST /containers/create HTTP/1.1 - Content-Type: application/json - - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "CpuShares":0, - "AttachStdin":false, - "AttachStdout":true, - "AttachStderr":true, - "PortSpecs":null, - "Tty":false, - "OpenStdin":false, - "StdinOnce":false, - "Env":null, - "Cmd":[ - "date" - ], - "Dns":null, - "Image":"base", - "Volumes":{ - "/tmp": {} - }, - "VolumesFrom":"", - "WorkingDir":"", - "ExposedPorts":{ - "22/tcp": {} - } - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/json - - { - "Id":"e90e34656806" - "Warnings":[] - } - - :jsonparam Hostname: Container host name - :jsonparam User: Username or UID - :jsonparam Memory: Memory Limit in bytes - :jsonparam CpuShares: CPU shares (relative weight) - :jsonparam AttachStdin: 1/True/true or 0/False/false, attach to standard input. Default false - :jsonparam AttachStdout: 1/True/true or 0/False/false, attach to standard output. Default false - :jsonparam AttachStderr: 1/True/true or 0/False/false, attach to standard error. Default false - :jsonparam Tty: 1/True/true or 0/False/false, allocate a pseudo-tty. Default false - :jsonparam OpenStdin: 1/True/true or 0/False/false, keep stdin open even if not attached. Default false - :query name: Assign the specified name to the container. Must match ``/?[a-zA-Z0-9_-]+``. - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 406: impossible to attach (container not running) - :statuscode 500: server error - - -Inspect a container -******************* - -.. http:get:: /containers/(id)/json - - Return low-level information on the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Id": "4fa6e0f0c6786287e131c3852c58a2e01cc697a68231826813597e4994f1d6e2", - "Created": "2013-05-07T14:51:42.041847+02:00", - "Path": "date", - "Args": [], - "Config": { - "Hostname": "4fa6e0f0c678", - "User": "", - "Memory": 0, - "MemorySwap": 0, - "AttachStdin": false, - "AttachStdout": true, - "AttachStderr": true, - "PortSpecs": null, - "Tty": false, - "OpenStdin": false, - "StdinOnce": false, - "Env": null, - "Cmd": [ - "date" - ], - "Dns": null, - "Image": "base", - "Volumes": {}, - "VolumesFrom": "", - "WorkingDir":"" - - }, - "State": { - "Running": false, - "Pid": 0, - "ExitCode": 0, - "StartedAt": "2013-05-07T14:51:42.087658+02:01360", - "Ghost": false - }, - "Image": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "NetworkSettings": { - "IpAddress": "", - "IpPrefixLen": 0, - "Gateway": "", - "Bridge": "", - "PortMapping": null - }, - "SysInitPath": "/home/kitty/go/src/github.com/dotcloud/docker/bin/docker", - "ResolvConfPath": "/etc/resolv.conf", - "Volumes": {}, - "HostConfig": { - "Binds": null, - "ContainerIDFile": "", - "LxcConf": [], - "Privileged": false, - "PortBindings": { - "80/tcp": [ - { - "HostIp": "0.0.0.0", - "HostPort": "49153" - } - ] - }, - "Links": null, - "PublishAllPorts": false - } - } - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -List processes running inside a container -***************************************** - -.. http:get:: /containers/(id)/top - - List processes running inside the container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/top HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Titles":[ - "USER", - "PID", - "%CPU", - "%MEM", - "VSZ", - "RSS", - "TTY", - "STAT", - "START", - "TIME", - "COMMAND" - ], - "Processes":[ - ["root","20147","0.0","0.1","18060","1864","pts/4","S","10:06","0:00","bash"], - ["root","20271","0.0","0.0","4312","352","pts/4","S+","10:07","0:00","sleep","10"] - ] - } - - :query ps_args: ps arguments to use (eg. aux) - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Inspect changes on a container's filesystem -******************************************* - -.. http:get:: /containers/(id)/changes - - Inspect changes on container ``id`` 's filesystem - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/changes HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Path":"/dev", - "Kind":0 - }, - { - "Path":"/dev/kmsg", - "Kind":1 - }, - { - "Path":"/test", - "Kind":1 - } - ] - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Export a container -****************** - -.. http:get:: /containers/(id)/export - - Export the contents of container ``id`` - - **Example request**: - - .. sourcecode:: http - - GET /containers/4fa6e0f0c678/export HTTP/1.1 - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Start a container -***************** - -.. http:post:: /containers/(id)/start - - Start the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/(id)/start HTTP/1.1 - Content-Type: application/json - - { - "Binds":["/tmp:/tmp"], - "LxcConf":{"lxc.utsname":"docker"}, - "PortBindings":{ "22/tcp": [{ "HostPort": "11022" }] }, - "PublishAllPorts":false, - "Privileged":false - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 No Content - Content-Type: text/plain - - :jsonparam Binds: Create a bind mount to a directory or file with [host-path]:[container-path]:[rw|ro]. If a directory "container-path" is missing, then docker creates a new volume. - :jsonparam LxcConf: Map of custom lxc options - :jsonparam PortBindings: Expose ports from the container, optionally publishing them via the HostPort flag - :jsonparam PublishAllPorts: 1/True/true or 0/False/false, publish all exposed ports to the host interfaces. Default false - :jsonparam Privileged: 1/True/true or 0/False/false, give extended privileges to this container. Default false - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Stop a container -**************** - -.. http:post:: /containers/(id)/stop - - Stop the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/stop?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Restart a container -******************* - -.. http:post:: /containers/(id)/restart - - Restart the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/restart?t=5 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query t: number of seconds to wait before killing the container - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Kill a container -**************** - -.. http:post:: /containers/(id)/kill - - Kill the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/e90e34656806/kill HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :statuscode 204: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Attach to a container -********************* - -.. http:post:: /containers/(id)/attach - - Attach to the container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/vnd.docker.raw-stream - - {{ STREAM }} - - :query logs: 1/True/true or 0/False/false, return logs. Default false - :query stream: 1/True/true or 0/False/false, return stream. Default false - :query stdin: 1/True/true or 0/False/false, if stream=true, attach to stdin. Default false - :query stdout: 1/True/true or 0/False/false, if logs=true, return stdout log, if stream=true, attach to stdout. Default false - :query stderr: 1/True/true or 0/False/false, if logs=true, return stderr log, if stream=true, attach to stderr. Default false - :statuscode 200: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - **Stream details**: - - When using the TTY setting is enabled in - :http:post:`/containers/create`, the stream is the raw data - from the process PTY and client's stdin. When the TTY is - disabled, then the stream is multiplexed to separate stdout - and stderr. - - The format is a **Header** and a **Payload** (frame). - - **HEADER** - - The header will contain the information on which stream write - the stream (stdout or stderr). It also contain the size of - the associated frame encoded on the last 4 bytes (uint32). - - It is encoded on the first 8 bytes like this:: - - header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4} - - ``STREAM_TYPE`` can be: - - - 0: stdin (will be writen on stdout) - - 1: stdout - - 2: stderr - - ``SIZE1, SIZE2, SIZE3, SIZE4`` are the 4 bytes of the uint32 size encoded as big endian. - - **PAYLOAD** - - The payload is the raw stream. - - **IMPLEMENTATION** - - The simplest way to implement the Attach protocol is the following: - - 1) Read 8 bytes - 2) chose stdout or stderr depending on the first byte - 3) Extract the frame size from the last 4 byets - 4) Read the extracted size and output it on the correct output - 5) Goto 1) - - - -Wait a container -**************** - -.. http:post:: /containers/(id)/wait - - Block until container ``id`` stops, then returns the exit code - - **Example request**: - - .. sourcecode:: http - - POST /containers/16253994b7c4/wait HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"StatusCode":0} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Remove a container -******************* - -.. http:delete:: /containers/(id) - - Remove the container ``id`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /containers/16253994b7c4?v=1 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 204 OK - - :query v: 1/True/true or 0/False/false, Remove the volumes associated to the container. Default false - :statuscode 204: no error - :statuscode 400: bad parameter - :statuscode 404: no such container - :statuscode 500: server error - - -Copy files or folders from a container -************************************** - -.. http:post:: /containers/(id)/copy - - Copy files or folders of container ``id`` - - **Example request**: - - .. sourcecode:: http - - POST /containers/4fa6e0f0c678/copy HTTP/1.1 - Content-Type: application/json - - { - "Resource":"test.txt" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/octet-stream - - {{ STREAM }} - - :statuscode 200: no error - :statuscode 404: no such container - :statuscode 500: server error - - -2.2 Images ----------- - -List Images -*********** - -.. http:get:: /images/json - - **Example request**: - - .. sourcecode:: http - - GET /images/json?all=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "RepoTags": [ - "ubuntu:12.04", - "ubuntu:precise", - "ubuntu:latest" - ], - "Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c", - "Created": 1365714795, - "Size": 131506275, - "VirtualSize": 131506275 - }, - { - "RepoTags": [ - "ubuntu:12.10", - "ubuntu:quantal" - ], - "ParentId": "27cf784147099545", - "Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "Created": 1364102658, - "Size": 24653, - "VirtualSize": 180116135 - } - ] - - -Create an image -*************** - -.. http:post:: /images/create - - Create an image, either by pull it from the registry or by importing it - - **Example request**: - - .. sourcecode:: http - - POST /images/create?fromImage=base HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pulling..."} - {"status":"Pulling", "progress":"1 B/ 100 B", "progressDetail":{"current":1, "total":100}} - {"error":"Invalid..."} - ... - - When using this endpoint to pull an image from the registry, - the ``X-Registry-Auth`` header can be used to include a - base64-encoded AuthConfig object. - - :query fromImage: name of the image to pull - :query fromSrc: source to import, - means stdin - :query repo: repository - :query tag: tag - :query registry: the registry to pull from - :reqheader X-Registry-Auth: base64-encoded AuthConfig object - :statuscode 200: no error - :statuscode 500: server error - - - -Insert a file in an image -************************* - -.. http:post:: /images/(name)/insert - - Insert a file from ``url`` in the image ``name`` at ``path`` - - **Example request**: - - .. sourcecode:: http - - POST /images/test/insert?path=/usr&url=myurl HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Inserting..."} - {"status":"Inserting", "progress":"1/? (n/a)", "progressDetail":{"current":1}} - {"error":"Invalid..."} - ... - - :statuscode 200: no error - :statuscode 500: server error - - -Inspect an image -**************** - -.. http:get:: /images/(name)/json - - Return low-level information on the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/base/json HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "id":"b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "parent":"27cf784147099545", - "created":"2013-03-23T22:24:18.818426-07:00", - "container":"3d67245a8d72ecf13f33dffac9f79dcdf70f75acb84d308770391510e0c23ad0", - "container_config": - { - "Hostname":"", - "User":"", - "Memory":0, - "MemorySwap":0, - "AttachStdin":false, - "AttachStdout":false, - "AttachStderr":false, - "PortSpecs":null, - "Tty":true, - "OpenStdin":true, - "StdinOnce":false, - "Env":null, - "Cmd": ["/bin/bash"] - ,"Dns":null, - "Image":"base", - "Volumes":null, - "VolumesFrom":"", - "WorkingDir":"" - }, - "Size": 6824592 - } - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Get the history of an image -*************************** - -.. http:get:: /images/(name)/history - - Return the history of the image ``name`` - - **Example request**: - - .. sourcecode:: http - - GET /images/base/history HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "Id":"b750fe79269d", - "Created":1364102658, - "CreatedBy":"/bin/bash" - }, - { - "Id":"27cf78414709", - "Created":1364068391, - "CreatedBy":"" - } - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Push an image on the registry -***************************** - -.. http:post:: /images/(name)/push - - Push the image ``name`` on the registry - - **Example request**: - - .. sourcecode:: http - - POST /images/test/push HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"Pushing..."} - {"status":"Pushing", "progress":"1/? (n/a)", "progressDetail":{"current":1}}} - {"error":"Invalid..."} - ... - - :query registry: the registry you wan to push, optional - :reqheader X-Registry-Auth: include a base64-encoded AuthConfig object. - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 500: server error - - -Tag an image into a repository -****************************** - -.. http:post:: /images/(name)/tag - - Tag the image ``name`` into a repository - - **Example request**: - - .. sourcecode:: http - - POST /images/test/tag?repo=myrepo&force=0 HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - - :query repo: The repository to tag in - :query force: 1/True/true or 0/False/false, default false - :statuscode 201: no error - :statuscode 400: bad parameter - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Remove an image -*************** - -.. http:delete:: /images/(name) - - Remove the image ``name`` from the filesystem - - **Example request**: - - .. sourcecode:: http - - DELETE /images/test HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-type: application/json - - [ - {"Untagged":"3e2f21a89f"}, - {"Deleted":"3e2f21a89f"}, - {"Deleted":"53b4f83ac9"} - ] - - :statuscode 200: no error - :statuscode 404: no such image - :statuscode 409: conflict - :statuscode 500: server error - - -Search images -************* - -.. http:get:: /images/search - - Search for an image in the docker index. - - .. note:: - - The response keys have changed from API v1.6 to reflect the JSON - sent by the registry server to the docker daemon's request. - - **Example request**: - - .. sourcecode:: http - - GET /images/search?term=sshd HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "description": "", - "is_official": false, - "is_trusted": false, - "name": "wma55/u1210sshd", - "star_count": 0 - }, - { - "description": "", - "is_official": false, - "is_trusted": false, - "name": "jdswinbank/sshd", - "star_count": 0 - }, - { - "description": "", - "is_official": false, - "is_trusted": false, - "name": "vgauthier/sshd", - "star_count": 0 - } - ... - ] - - :query term: term to search - :statuscode 200: no error - :statuscode 500: server error - - -2.3 Misc --------- - -Build an image from Dockerfile -****************************** - -.. http:post:: /build - - Build an image from Dockerfile using a POST body. - - **Example request**: - - .. sourcecode:: http - - POST /build HTTP/1.1 - - {{ STREAM }} - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"stream":"Step 1..."} - {"stream":"..."} - {"error":"Error...", "errorDetail":{"code": 123, "message": "Error..."}} - - - The stream must be a tar archive compressed with one of the - following algorithms: identity (no compression), gzip, bzip2, - xz. - - The archive must include a file called ``Dockerfile`` at its - root. It may include any number of other files, which will be - accessible in the build context (See the :ref:`ADD build command - `). - - :query t: repository name (and optionally a tag) to be applied to the resulting image in case of success - :query q: suppress verbose build output - :query nocache: do not use the cache when building the image - :query rm: Remove intermediate containers after a successful build - :reqheader Content-type: should be set to ``"application/tar"``. - :reqheader X-Registry-Config: base64-encoded ConfigFile object - :statuscode 200: no error - :statuscode 500: server error - - - -Check auth configuration -************************ - -.. http:post:: /auth - - Get the default username and email - - **Example request**: - - .. sourcecode:: http - - POST /auth HTTP/1.1 - Content-Type: application/json - - { - "username":"hannibal", - "password:"xxxx", - "email":"hannibal@a-team.com", - "serveraddress":"https://index.docker.io/v1/" - } - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 204: no error - :statuscode 500: server error - - -Display system-wide information -******************************* - -.. http:get:: /info - - Display system-wide information - - **Example request**: - - .. sourcecode:: http - - GET /info HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Containers":11, - "Images":16, - "Debug":false, - "NFd": 11, - "NGoroutines":21, - "MemoryLimit":true, - "SwapLimit":false, - "IPv4Forwarding":true - } - - :statuscode 200: no error - :statuscode 500: server error - - -Show the docker version information -*********************************** - -.. http:get:: /version - - Show the docker version information - - **Example request**: - - .. sourcecode:: http - - GET /version HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "Version":"0.2.2", - "GitCommit":"5a2a5cc+CHANGES", - "GoVersion":"go1.0.3" - } - - :statuscode 200: no error - :statuscode 500: server error - - -Create a new image from a container's changes -********************************************* - -.. http:post:: /commit - - Create a new image from a container's changes - - **Example request**: - - .. sourcecode:: http - - POST /commit?container=44c004db4b17&m=message&repo=myrepo HTTP/1.1 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Content-Type: application/vnd.docker.raw-stream - - {"Id":"596069db4bf5"} - - :query container: source container - :query repo: repository - :query tag: tag - :query m: commit message - :query author: author (eg. "John Hannibal Smith ") - :query run: config automatically applied when the image is run. (ex: {"Cmd": ["cat", "/world"], "PortSpecs":["22"]}) - :statuscode 201: no error - :statuscode 404: no such container - :statuscode 500: server error - - -Monitor Docker's events -*********************** - -.. http:get:: /events - - Get events from docker, either in real time via streaming, or via polling (using `since`) - - **Example request**: - - .. sourcecode:: http - - GET /events?since=1374067924 - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/json - - {"status":"create","id":"dfdf82bd3881","from":"base:latest","time":1374067924} - {"status":"start","id":"dfdf82bd3881","from":"base:latest","time":1374067924} - {"status":"stop","id":"dfdf82bd3881","from":"base:latest","time":1374067966} - {"status":"destroy","id":"dfdf82bd3881","from":"base:latest","time":1374067970} - - :query since: timestamp used for polling - :statuscode 200: no error - :statuscode 500: server error - -Get a tarball containing all images and tags in a repository -************************************************************ - -.. http:get:: /images/(name)/get - - Get a tarball containing all images and metadata for the repository specified by ``name``. - - **Example request** - - .. sourcecode:: http - - GET /images/ubuntu/get - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Content-Type: application/x-tar - - Binary data stream - - :statuscode 200: no error - :statuscode 500: server error - -Load a tarball with a set of images and tags into docker -******************************************************** - -.. http:post:: /images/load - - Load a set of images and tags into the docker repository. - - **Example request** - - .. sourcecode:: http - - POST /images/load - - Tarball in body - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - - :statuscode 200: no error - :statuscode 500: server error - -3. Going further -================ - -3.1 Inside 'docker run' ------------------------ - -Here are the steps of 'docker run' : - -* Create the container -* If the status code is 404, it means the image doesn't exists: - * Try to pull it - * Then retry to create the container -* Start the container -* If you are not in detached mode: - * Attach to the container, using logs=1 (to have stdout and stderr from the container's start) and stream=1 -* If in detached mode or only stdin is attached: - * Display the container's id - - -3.2 Hijacking -------------- - -In this version of the API, /attach, uses hijacking to transport stdin, stdout and stderr on the same socket. This might change in the future. - -3.3 CORS Requests ------------------ - -To enable cross origin requests to the remote api add the flag "--api-enable-cors" when running docker in daemon mode. - -.. code-block:: bash - - docker -d -H="192.168.1.9:4243" --api-enable-cors diff --git a/docs/sources/reference/api/index.rst b/docs/sources/reference/api/index.rst deleted file mode 100644 index 3c84a505c6..0000000000 --- a/docs/sources/reference/api/index.rst +++ /dev/null @@ -1,20 +0,0 @@ -:title: API Documentation -:description: docker documentation -:keywords: docker, ipa, documentation - -APIs -==== - -Your programs and scripts can access Docker's functionality via these interfaces: - -.. toctree:: - :maxdepth: 3 - - registry_index_spec - registry_api - index_api - docker_remote_api - remote_api_client_libraries - docker_io_oauth_api - docker_io_accounts_api - diff --git a/docs/sources/reference/api/index_api.rst b/docs/sources/reference/api/index_api.rst deleted file mode 100644 index 5191fc8992..0000000000 --- a/docs/sources/reference/api/index_api.rst +++ /dev/null @@ -1,556 +0,0 @@ -:title: Index API -:description: API Documentation for Docker Index -:keywords: API, Docker, index, REST, documentation - -================= -Docker Index API -================= - -1. Brief introduction -===================== - -- This is the REST API for the Docker index -- Authorization is done with basic auth over SSL -- Not all commands require authentication, only those noted as such. - -2. Endpoints -============ - -2.1 Repository -^^^^^^^^^^^^^^ - -Repositories -************* - -User Repo -~~~~~~~~~ - -.. http:put:: /v1/repositories/(namespace)/(repo_name)/ - - Create a user repository with the given ``namespace`` and ``repo_name``. - - **Example Request**: - - .. sourcecode:: http - - PUT /v1/repositories/foo/bar/ HTTP/1.1 - Host: index.docker.io - Accept: application/json - Content-Type: application/json - Authorization: Basic akmklmasadalkm== - X-Docker-Token: true - - [{"id": "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f"}] - - :parameter namespace: the namespace for the repo - :parameter repo_name: the name for the repo - - **Example Response**: - - .. sourcecode:: http - - HTTP/1.1 200 - Vary: Accept - Content-Type: application/json - WWW-Authenticate: Token signature=123abc,repository="foo/bar",access=write - X-Docker-Token: signature=123abc,repository="foo/bar",access=write - X-Docker-Endpoints: registry-1.docker.io [, registry-2.docker.io] - - "" - - :statuscode 200: Created - :statuscode 400: Errors (invalid json, missing or invalid fields, etc) - :statuscode 401: Unauthorized - :statuscode 403: Account is not Active - - -.. http:delete:: /v1/repositories/(namespace)/(repo_name)/ - - Delete a user repository with the given ``namespace`` and ``repo_name``. - - **Example Request**: - - .. sourcecode:: http - - DELETE /v1/repositories/foo/bar/ HTTP/1.1 - Host: index.docker.io - Accept: application/json - Content-Type: application/json - Authorization: Basic akmklmasadalkm== - X-Docker-Token: true - - "" - - :parameter namespace: the namespace for the repo - :parameter repo_name: the name for the repo - - **Example Response**: - - .. sourcecode:: http - - HTTP/1.1 202 - Vary: Accept - Content-Type: application/json - WWW-Authenticate: Token signature=123abc,repository="foo/bar",access=delete - X-Docker-Token: signature=123abc,repository="foo/bar",access=delete - X-Docker-Endpoints: registry-1.docker.io [, registry-2.docker.io] - - "" - - :statuscode 200: Deleted - :statuscode 202: Accepted - :statuscode 400: Errors (invalid json, missing or invalid fields, etc) - :statuscode 401: Unauthorized - :statuscode 403: Account is not Active - -Library Repo -~~~~~~~~~~~~ - -.. http:put:: /v1/repositories/(repo_name)/ - - Create a library repository with the given ``repo_name``. - This is a restricted feature only available to docker admins. - - When namespace is missing, it is assumed to be ``library`` - - **Example Request**: - - .. sourcecode:: http - - PUT /v1/repositories/foobar/ HTTP/1.1 - Host: index.docker.io - Accept: application/json - Content-Type: application/json - Authorization: Basic akmklmasadalkm== - X-Docker-Token: true - - [{"id": "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f"}] - - :parameter repo_name: the library name for the repo - - **Example Response**: - - .. sourcecode:: http - - HTTP/1.1 200 - Vary: Accept - Content-Type: application/json - WWW-Authenticate: Token signature=123abc,repository="library/foobar",access=write - X-Docker-Token: signature=123abc,repository="foo/bar",access=write - X-Docker-Endpoints: registry-1.docker.io [, registry-2.docker.io] - - "" - - :statuscode 200: Created - :statuscode 400: Errors (invalid json, missing or invalid fields, etc) - :statuscode 401: Unauthorized - :statuscode 403: Account is not Active - -.. http:delete:: /v1/repositories/(repo_name)/ - - Delete a library repository with the given ``repo_name``. - This is a restricted feature only available to docker admins. - - When namespace is missing, it is assumed to be ``library`` - - **Example Request**: - - .. sourcecode:: http - - DELETE /v1/repositories/foobar/ HTTP/1.1 - Host: index.docker.io - Accept: application/json - Content-Type: application/json - Authorization: Basic akmklmasadalkm== - X-Docker-Token: true - - "" - - :parameter repo_name: the library name for the repo - - **Example Response**: - - .. sourcecode:: http - - HTTP/1.1 202 - Vary: Accept - Content-Type: application/json - WWW-Authenticate: Token signature=123abc,repository="library/foobar",access=delete - X-Docker-Token: signature=123abc,repository="foo/bar",access=delete - X-Docker-Endpoints: registry-1.docker.io [, registry-2.docker.io] - - "" - - :statuscode 200: Deleted - :statuscode 202: Accepted - :statuscode 400: Errors (invalid json, missing or invalid fields, etc) - :statuscode 401: Unauthorized - :statuscode 403: Account is not Active - -Repository Images -***************** - -User Repo Images -~~~~~~~~~~~~~~~~ - -.. http:put:: /v1/repositories/(namespace)/(repo_name)/images - - Update the images for a user repo. - - **Example Request**: - - .. sourcecode:: http - - PUT /v1/repositories/foo/bar/images HTTP/1.1 - Host: index.docker.io - Accept: application/json - Content-Type: application/json - Authorization: Basic akmklmasadalkm== - - [{"id": "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f", - "checksum": "b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087"}] - - :parameter namespace: the namespace for the repo - :parameter repo_name: the name for the repo - - **Example Response**: - - .. sourcecode:: http - - HTTP/1.1 204 - Vary: Accept - Content-Type: application/json - - "" - - :statuscode 204: Created - :statuscode 400: Errors (invalid json, missing or invalid fields, etc) - :statuscode 401: Unauthorized - :statuscode 403: Account is not Active or permission denied - - -.. http:get:: /v1/repositories/(namespace)/(repo_name)/images - - get the images for a user repo. - - **Example Request**: - - .. sourcecode:: http - - GET /v1/repositories/foo/bar/images HTTP/1.1 - Host: index.docker.io - Accept: application/json - - :parameter namespace: the namespace for the repo - :parameter repo_name: the name for the repo - - **Example Response**: - - .. sourcecode:: http - - HTTP/1.1 200 - Vary: Accept - Content-Type: application/json - - [{"id": "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f", - "checksum": "b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087"}, - {"id": "ertwetewtwe38722009fe6857087b486531f9a779a0c1dfddgfgsdgdsgds", - "checksum": "34t23f23fc17e3ed29dae8f12c4f9e89cc6f0bsdfgfsdgdsgdsgerwgew"}] - - :statuscode 200: OK - :statuscode 404: Not found - -Library Repo Images -~~~~~~~~~~~~~~~~~~~ - -.. http:put:: /v1/repositories/(repo_name)/images - - Update the images for a library repo. - - **Example Request**: - - .. sourcecode:: http - - PUT /v1/repositories/foobar/images HTTP/1.1 - Host: index.docker.io - Accept: application/json - Content-Type: application/json - Authorization: Basic akmklmasadalkm== - - [{"id": "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f", - "checksum": "b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087"}] - - :parameter repo_name: the library name for the repo - - **Example Response**: - - .. sourcecode:: http - - HTTP/1.1 204 - Vary: Accept - Content-Type: application/json - - "" - - :statuscode 204: Created - :statuscode 400: Errors (invalid json, missing or invalid fields, etc) - :statuscode 401: Unauthorized - :statuscode 403: Account is not Active or permission denied - - -.. http:get:: /v1/repositories/(repo_name)/images - - get the images for a library repo. - - **Example Request**: - - .. sourcecode:: http - - GET /v1/repositories/foobar/images HTTP/1.1 - Host: index.docker.io - Accept: application/json - - :parameter repo_name: the library name for the repo - - **Example Response**: - - .. sourcecode:: http - - HTTP/1.1 200 - Vary: Accept - Content-Type: application/json - - [{"id": "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f", - "checksum": "b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087"}, - {"id": "ertwetewtwe38722009fe6857087b486531f9a779a0c1dfddgfgsdgdsgds", - "checksum": "34t23f23fc17e3ed29dae8f12c4f9e89cc6f0bsdfgfsdgdsgdsgerwgew"}] - - :statuscode 200: OK - :statuscode 404: Not found - - -Repository Authorization -************************ - -Library Repo -~~~~~~~~~~~~ - -.. http:put:: /v1/repositories/(repo_name)/auth - - authorize a token for a library repo - - **Example Request**: - - .. sourcecode:: http - - PUT /v1/repositories/foobar/auth HTTP/1.1 - Host: index.docker.io - Accept: application/json - Authorization: Token signature=123abc,repository="library/foobar",access=write - - :parameter repo_name: the library name for the repo - - **Example Response**: - - .. sourcecode:: http - - HTTP/1.1 200 - Vary: Accept - Content-Type: application/json - - "OK" - - :statuscode 200: OK - :statuscode 403: Permission denied - :statuscode 404: Not found - - -User Repo -~~~~~~~~~ - -.. http:put:: /v1/repositories/(namespace)/(repo_name)/auth - - authorize a token for a user repo - - **Example Request**: - - .. sourcecode:: http - - PUT /v1/repositories/foo/bar/auth HTTP/1.1 - Host: index.docker.io - Accept: application/json - Authorization: Token signature=123abc,repository="foo/bar",access=write - - :parameter namespace: the namespace for the repo - :parameter repo_name: the name for the repo - - **Example Response**: - - .. sourcecode:: http - - HTTP/1.1 200 - Vary: Accept - Content-Type: application/json - - "OK" - - :statuscode 200: OK - :statuscode 403: Permission denied - :statuscode 404: Not found - - -2.2 Users -^^^^^^^^^ - -User Login -********** - -.. http:get:: /v1/users - - If you want to check your login, you can try this endpoint - - **Example Request**: - - .. sourcecode:: http - - GET /v1/users HTTP/1.1 - Host: index.docker.io - Accept: application/json - Authorization: Basic akmklmasadalkm== - - **Example Response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Vary: Accept - Content-Type: application/json - - OK - - :statuscode 200: no error - :statuscode 401: Unauthorized - :statuscode 403: Account is not Active - - -User Register -************* - -.. http:post:: /v1/users - - Registering a new account. - - **Example request**: - - .. sourcecode:: http - - POST /v1/users HTTP/1.1 - Host: index.docker.io - Accept: application/json - Content-Type: application/json - - {"email": "sam@dotcloud.com", - "password": "toto42", - "username": "foobar"'} - - :jsonparameter email: valid email address, that needs to be confirmed - :jsonparameter username: min 4 character, max 30 characters, must match the regular expression [a-z0-9\_]. - :jsonparameter password: min 5 characters - - **Example Response**: - - .. sourcecode:: http - - HTTP/1.1 201 OK - Vary: Accept - Content-Type: application/json - - "User Created" - - :statuscode 201: User Created - :statuscode 400: Errors (invalid json, missing or invalid fields, etc) - -Update User -*********** - -.. http:put:: /v1/users/(username)/ - - Change a password or email address for given user. If you pass in an email, - it will add it to your account, it will not remove the old one. Passwords will - be updated. - - It is up to the client to verify that that password that is sent is the one that - they want. Common approach is to have them type it twice. - - **Example Request**: - - .. sourcecode:: http - - PUT /v1/users/fakeuser/ HTTP/1.1 - Host: index.docker.io - Accept: application/json - Content-Type: application/json - Authorization: Basic akmklmasadalkm== - - {"email": "sam@dotcloud.com", - "password": "toto42"} - - :parameter username: username for the person you want to update - - **Example Response**: - - .. sourcecode:: http - - HTTP/1.1 204 - Vary: Accept - Content-Type: application/json - - "" - - :statuscode 204: User Updated - :statuscode 400: Errors (invalid json, missing or invalid fields, etc) - :statuscode 401: Unauthorized - :statuscode 403: Account is not Active - :statuscode 404: User not found - - -2.3 Search -^^^^^^^^^^ -If you need to search the index, this is the endpoint you would use. - -Search -****** - -.. http:get:: /v1/search - - Search the Index given a search term. It accepts :http:method:`get` only. - - **Example request**: - - .. sourcecode:: http - - GET /v1/search?q=search_term HTTP/1.1 - Host: example.com - Accept: application/json - - - **Example response**: - - .. sourcecode:: http - - HTTP/1.1 200 OK - Vary: Accept - Content-Type: application/json - - {"query":"search_term", - "num_results": 3, - "results" : [ - {"name": "ubuntu", "description": "An ubuntu image..."}, - {"name": "centos", "description": "A centos image..."}, - {"name": "fedora", "description": "A fedora image..."} - ] - } - - :query q: what you want to search for - :statuscode 200: no error - :statuscode 500: server error diff --git a/docs/sources/reference/api/registry_api.md b/docs/sources/reference/api/registry_api.md index 09035515f5..f8bdd6657d 100644 --- a/docs/sources/reference/api/registry_api.md +++ b/docs/sources/reference/api/registry_api.md @@ -6,51 +6,51 @@ page_keywords: API, Docker, index, registry, REST, documentation ## Introduction -- This is the REST API for the Docker Registry -- It stores the images and the graph for a set of repositories -- It does not have user accounts data -- It has no notion of user accounts or authorization -- It delegates authentication and authorization to the Index Auth - service using tokens -- It supports different storage backends (S3, cloud files, local FS) -- It doesn’t have a local database -- It will be open-sourced at some point + - This is the REST API for the Docker Registry + - It stores the images and the graph for a set of repositories + - It does not have user accounts data + - It has no notion of user accounts or authorization + - It delegates authentication and authorization to the Index Auth + service using tokens + - It supports different storage backends (S3, cloud files, local FS) + - It doesn't have a local database + - It will be open-sourced at some point We expect that there will be multiple registries out there. To help to grasp the context, here are some examples of registries: -- **sponsor registry**: such a registry is provided by a third-party - hosting infrastructure as a convenience for their customers and the - docker community as a whole. Its costs are supported by the third - party, but the management and operation of the registry are - supported by dotCloud. It features read/write access, and delegates - authentication and authorization to the Index. -- **mirror registry**: such a registry is provided by a third-party - hosting infrastructure but is targeted at their customers only. Some - mechanism (unspecified to date) ensures that public images are - pulled from a sponsor registry to the mirror registry, to make sure - that the customers of the third-party provider can “docker pull” - those images locally. -- **vendor registry**: such a registry is provided by a software - vendor, who wants to distribute docker images. It would be operated - and managed by the vendor. Only users authorized by the vendor would - be able to get write access. Some images would be public (accessible - for anyone), others private (accessible only for authorized users). - Authentication and authorization would be delegated to the Index. - The goal of vendor registries is to let someone do “docker pull - basho/riak1.3” and automatically push from the vendor registry - (instead of a sponsor registry); i.e. get all the convenience of a - sponsor registry, while retaining control on the asset distribution. -- **private registry**: such a registry is located behind a firewall, - or protected by an additional security layer (HTTP authorization, - SSL client-side certificates, IP address authorization...). The - registry is operated by a private entity, outside of dotCloud’s - control. It can optionally delegate additional authorization to the - Index, but it is not mandatory. + - **sponsor registry**: such a registry is provided by a third-party + hosting infrastructure as a convenience for their customers and the + docker community as a whole. Its costs are supported by the third + party, but the management and operation of the registry are + supported by dotCloud. It features read/write access, and delegates + authentication and authorization to the Index. + - **mirror registry**: such a registry is provided by a third-party + hosting infrastructure but is targeted at their customers only. Some + mechanism (unspecified to date) ensures that public images are + pulled from a sponsor registry to the mirror registry, to make sure + that the customers of the third-party provider can “docker pull” + those images locally. + - **vendor registry**: such a registry is provided by a software + vendor, who wants to distribute docker images. It would be operated + and managed by the vendor. Only users authorized by the vendor would + be able to get write access. Some images would be public (accessible + for anyone), others private (accessible only for authorized users). + Authentication and authorization would be delegated to the Index. + The goal of vendor registries is to let someone do “docker pull + basho/riak1.3” and automatically push from the vendor registry + (instead of a sponsor registry); i.e. get all the convenience of a + sponsor registry, while retaining control on the asset distribution. + - **private registry**: such a registry is located behind a firewall, + or protected by an additional security layer (HTTP authorization, + SSL client-side certificates, IP address authorization...). The + registry is operated by a private entity, outside of dotCloud's + control. It can optionally delegate additional authorization to the + Index, but it is not mandatory. > **Note**: > Mirror registries and private registries which do not use the Index -> don’t even need to run the registry code. They can be implemented by any +> don't even need to run the registry code. They can be implemented by any > kind of transport implementing HTTP GET and PUT. Read-only registries > can be powered by a simple static HTTP server. @@ -63,19 +63,19 @@ grasp the context, here are some examples of registries: > - remote docker addressed through SSH. The latter would only require two new commands in docker, e.g. -`registryget` and `registryput`, -wrapping access to the local filesystem (and optionally doing -consistency checks). Authentication and authorization are then delegated -to SSH (e.g. with public keys). +`registryget` and `registryput`, wrapping access to the local filesystem +(and optionally doing consistency checks). Authentication and authorization +are then delegated to SSH (e.g. with public keys). -## Endpoints +# Endpoints -### Images +## Images ### Layer - `GET /v1/images/`(*image\_id*)`/layer` -: get image layer for a given `image_id` +`GET /v1/images/(image_id)/layer` + +Get image layer for a given `image_id` **Example Request**: @@ -87,7 +87,7 @@ to SSH (e.g. with public keys). Parameters: - - **image\_id** – the id for the layer you want to get + - **image_id** – the id for the layer you want to get **Example Response**: @@ -104,8 +104,9 @@ to SSH (e.g. with public keys). - **401** – Requires authorization - **404** – Image not found - `PUT /v1/images/`(*image\_id*)`/layer` -: put image layer for a given `image_id` +`PUT /v1/images/(image_id)/layer` + +Put image layer for a given `image_id` **Example Request**: @@ -118,7 +119,7 @@ to SSH (e.g. with public keys). Parameters: - - **image\_id** – the id for the layer you want to get + - **image_id** – the id for the layer you want to get **Example Response**: @@ -135,10 +136,11 @@ to SSH (e.g. with public keys). - **401** – Requires authorization - **404** – Image not found -### Image +## Image - `PUT /v1/images/`(*image\_id*)`/json` -: put image for a given `image_id` +`PUT /v1/images/(image_id)/json` + +Put image for a given `image_id` **Example Request**: @@ -181,7 +183,7 @@ to SSH (e.g. with public keys). Parameters: - - **image\_id** – the id for the layer you want to get + - **image_id** – the id for the layer you want to get **Example Response**: @@ -197,8 +199,9 @@ to SSH (e.g. with public keys). - **200** – OK - **401** – Requires authorization - `GET /v1/images/`(*image\_id*)`/json` -: get image for a given `image_id` +`GET /v1/images/(image_id)/json` + +Get image for a given `image_id` **Example Request**: @@ -210,7 +213,7 @@ to SSH (e.g. with public keys). Parameters: - - **image\_id** – the id for the layer you want to get + - **image_id** – the id for the layer you want to get **Example Response**: @@ -258,10 +261,11 @@ to SSH (e.g. with public keys). - **401** – Requires authorization - **404** – Image not found -### Ancestry +## Ancestry - `GET /v1/images/`(*image\_id*)`/ancestry` -: get ancestry for an image given an `image_id` +`GET /v1/images/(image_id)/ancestry` + +Get ancestry for an image given an `image_id` **Example Request**: @@ -273,7 +277,7 @@ to SSH (e.g. with public keys). Parameters: - - **image\_id** – the id for the layer you want to get + - **image_id** – the id for the layer you want to get **Example Response**: @@ -293,10 +297,11 @@ to SSH (e.g. with public keys). - **401** – Requires authorization - **404** – Image not found -### Tags +## Tags - `GET /v1/repositories/`(*namespace*)`/`(*repository*)`/tags` -: get all of the tags for the given repo. +`GET /v1/repositories/(namespace)/(repository)/tags` + +Get all of the tags for the given repo. **Example Request**: @@ -330,8 +335,9 @@ to SSH (e.g. with public keys). - **401** – Requires authorization - **404** – Repository not found - `GET /v1/repositories/`(*namespace*)`/`(*repository*)`/tags/`(*tag*) -: get a tag for the given repo. +`GET /v1/repositories/(namespace)/(repository)/tags/(tag*): + +Get a tag for the given repo. **Example Request**: @@ -363,8 +369,9 @@ to SSH (e.g. with public keys). - **401** – Requires authorization - **404** – Tag not found - `DELETE /v1/repositories/`(*namespace*)`/`(*repository*)`/tags/`(*tag*) -: delete the tag for the repo +`DELETE /v1/repositories/(namespace)/(repository)/tags/(tag*): + +Delete the tag for the repo **Example Request**: @@ -395,8 +402,9 @@ to SSH (e.g. with public keys). - **401** – Requires authorization - **404** – Tag not found - `PUT /v1/repositories/`(*namespace*)`/`(*repository*)`/tags/`(*tag*) -: put a tag for the given repo. +`PUT /v1/repositories/(namespace)/(repository)/tags/(tag*): + +Put a tag for the given repo. **Example Request**: @@ -430,10 +438,11 @@ to SSH (e.g. with public keys). - **401** – Requires authorization - **404** – Image not found -### Repositories +## Repositories - `DELETE /v1/repositories/`(*namespace*)`/`(*repository*)`/` -: delete a repository +`DELETE /v1/repositories/(namespace)/(repository)/` + +Delete a repository **Example Request**: @@ -465,11 +474,12 @@ to SSH (e.g. with public keys). - **401** – Requires authorization - **404** – Repository not found -### Status +## Status - `GET /v1/_ping` -: Check status of the registry. This endpoint is also used to - determine if the registry supports SSL. +`GET /v1/_ping` + +Check status of the registry. This endpoint is also used to +determine if the registry supports SSL. **Example Request**: diff --git a/docs/sources/reference/api/registry_api.rst b/docs/sources/reference/api/registry_api.rst deleted file mode 100644 index b5c36cc344..0000000000 --- a/docs/sources/reference/api/registry_api.rst +++ /dev/null @@ -1,504 +0,0 @@ -:title: Registry API -:description: API Documentation for Docker Registry -:keywords: API, Docker, index, registry, REST, documentation - -=================== -Docker Registry API -=================== - - -1. Brief introduction -===================== - -- This is the REST API for the Docker Registry -- It stores the images and the graph for a set of repositories -- It does not have user accounts data -- It has no notion of user accounts or authorization -- It delegates authentication and authorization to the Index Auth service using tokens -- It supports different storage backends (S3, cloud files, local FS) -- It doesn’t have a local database -- It will be open-sourced at some point - -We expect that there will be multiple registries out there. To help to grasp -the context, here are some examples of registries: - -- **sponsor registry**: such a registry is provided by a third-party hosting infrastructure as a convenience for their customers and the docker community as a whole. Its costs are supported by the third party, but the management and operation of the registry are supported by dotCloud. It features read/write access, and delegates authentication and authorization to the Index. -- **mirror registry**: such a registry is provided by a third-party hosting infrastructure but is targeted at their customers only. Some mechanism (unspecified to date) ensures that public images are pulled from a sponsor registry to the mirror registry, to make sure that the customers of the third-party provider can “docker pull” those images locally. -- **vendor registry**: such a registry is provided by a software vendor, who wants to distribute docker images. It would be operated and managed by the vendor. Only users authorized by the vendor would be able to get write access. Some images would be public (accessible for anyone), others private (accessible only for authorized users). Authentication and authorization would be delegated to the Index. The goal of vendor registries is to let someone do “docker pull basho/riak1.3” and automatically push from the vendor registry (instead of a sponsor registry); i.e. get all the convenience of a sponsor registry, while retaining control on the asset distribution. -- **private registry**: such a registry is located behind a firewall, or protected by an additional security layer (HTTP authorization, SSL client-side certificates, IP address authorization...). The registry is operated by a private entity, outside of dotCloud’s control. It can optionally delegate additional authorization to the Index, but it is not mandatory. - -.. note:: - - Mirror registries and private registries which do not use the Index don’t even need to run the registry code. They can be implemented by any kind of transport implementing HTTP GET and PUT. Read-only registries can be powered by a simple static HTTP server. - -.. note:: - - The latter implies that while HTTP is the protocol of choice for a registry, multiple schemes are possible (and in some cases, trivial): - - HTTP with GET (and PUT for read-write registries); - - local mount point; - - remote docker addressed through SSH. - -The latter would only require two new commands in docker, e.g. ``registryget`` -and ``registryput``, wrapping access to the local filesystem (and optionally -doing consistency checks). Authentication and authorization are then delegated -to SSH (e.g. with public keys). - -2. Endpoints -============ - -2.1 Images ----------- - -Layer -***** - -.. http:get:: /v1/images/(image_id)/layer - - get image layer for a given ``image_id`` - - **Example Request**: - - .. sourcecode:: http - - GET /v1/images/088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c/layer HTTP/1.1 - Host: registry-1.docker.io - Accept: application/json - Content-Type: application/json - Authorization: Token signature=123abc,repository="foo/bar",access=read - - :parameter image_id: the id for the layer you want to get - - **Example Response**: - - .. sourcecode:: http - - HTTP/1.1 200 - Vary: Accept - X-Docker-Registry-Version: 0.6.0 - Cookie: (Cookie provided by the Registry) - - {layer binary data stream} - - :statuscode 200: OK - :statuscode 401: Requires authorization - :statuscode 404: Image not found - - -.. http:put:: /v1/images/(image_id)/layer - - put image layer for a given ``image_id`` - - **Example Request**: - - .. sourcecode:: http - - PUT /v1/images/088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c/layer HTTP/1.1 - Host: registry-1.docker.io - Transfer-Encoding: chunked - Authorization: Token signature=123abc,repository="foo/bar",access=write - - {layer binary data stream} - - :parameter image_id: the id for the layer you want to get - - - **Example Response**: - - .. sourcecode:: http - - HTTP/1.1 200 - Vary: Accept - Content-Type: application/json - X-Docker-Registry-Version: 0.6.0 - - "" - - :statuscode 200: OK - :statuscode 401: Requires authorization - :statuscode 404: Image not found - - -Image -***** - -.. http:put:: /v1/images/(image_id)/json - - put image for a given ``image_id`` - - **Example Request**: - - .. sourcecode:: http - - PUT /v1/images/088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c/json HTTP/1.1 - Host: registry-1.docker.io - Accept: application/json - Content-Type: application/json - Cookie: (Cookie provided by the Registry) - - { - id: "088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c", - parent: "aeee6396d62273d180a49c96c62e45438d87c7da4a5cf5d2be6bee4e21bc226f", - created: "2013-04-30T17:46:10.843673+03:00", - container: "8305672a76cc5e3d168f97221106ced35a76ec7ddbb03209b0f0d96bf74f6ef7", - container_config: { - Hostname: "host-test", - User: "", - Memory: 0, - MemorySwap: 0, - AttachStdin: false, - AttachStdout: false, - AttachStderr: false, - PortSpecs: null, - Tty: false, - OpenStdin: false, - StdinOnce: false, - Env: null, - Cmd: [ - "/bin/bash", - "-c", - "apt-get -q -yy -f install libevent-dev" - ], - Dns: null, - Image: "imagename/blah", - Volumes: { }, - VolumesFrom: "" - }, - docker_version: "0.1.7" - } - - :parameter image_id: the id for the layer you want to get - - **Example Response**: - - .. sourcecode:: http - - HTTP/1.1 200 - Vary: Accept - Content-Type: application/json - X-Docker-Registry-Version: 0.6.0 - - "" - - :statuscode 200: OK - :statuscode 401: Requires authorization - -.. http:get:: /v1/images/(image_id)/json - - get image for a given ``image_id`` - - **Example Request**: - - .. sourcecode:: http - - GET /v1/images/088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c/json HTTP/1.1 - Host: registry-1.docker.io - Accept: application/json - Content-Type: application/json - Cookie: (Cookie provided by the Registry) - - :parameter image_id: the id for the layer you want to get - - **Example Response**: - - .. sourcecode:: http - - HTTP/1.1 200 - Vary: Accept - Content-Type: application/json - X-Docker-Registry-Version: 0.6.0 - X-Docker-Size: 456789 - X-Docker-Checksum: b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087 - - { - id: "088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c", - parent: "aeee6396d62273d180a49c96c62e45438d87c7da4a5cf5d2be6bee4e21bc226f", - created: "2013-04-30T17:46:10.843673+03:00", - container: "8305672a76cc5e3d168f97221106ced35a76ec7ddbb03209b0f0d96bf74f6ef7", - container_config: { - Hostname: "host-test", - User: "", - Memory: 0, - MemorySwap: 0, - AttachStdin: false, - AttachStdout: false, - AttachStderr: false, - PortSpecs: null, - Tty: false, - OpenStdin: false, - StdinOnce: false, - Env: null, - Cmd: [ - "/bin/bash", - "-c", - "apt-get -q -yy -f install libevent-dev" - ], - Dns: null, - Image: "imagename/blah", - Volumes: { }, - VolumesFrom: "" - }, - docker_version: "0.1.7" - } - - :statuscode 200: OK - :statuscode 401: Requires authorization - :statuscode 404: Image not found - - -Ancestry -******** - -.. http:get:: /v1/images/(image_id)/ancestry - - get ancestry for an image given an ``image_id`` - - **Example Request**: - - .. sourcecode:: http - - GET /v1/images/088b4505aa3adc3d35e79c031fa126b403200f02f51920fbd9b7c503e87c7a2c/ancestry HTTP/1.1 - Host: registry-1.docker.io - Accept: application/json - Content-Type: application/json - Cookie: (Cookie provided by the Registry) - - :parameter image_id: the id for the layer you want to get - - **Example Response**: - - .. sourcecode:: http - - HTTP/1.1 200 - Vary: Accept - Content-Type: application/json - X-Docker-Registry-Version: 0.6.0 - - ["088b4502f51920fbd9b7c503e87c7a2c05aa3adc3d35e79c031fa126b403200f", - "aeee63968d87c7da4a5cf5d2be6bee4e21bc226fd62273d180a49c96c62e4543", - "bfa4c5326bc764280b0863b46a4b20d940bc1897ef9c1dfec060604bdc383280", - "6ab5893c6927c15a15665191f2c6cf751f5056d8b95ceee32e43c5e8a3648544"] - - :statuscode 200: OK - :statuscode 401: Requires authorization - :statuscode 404: Image not found - - -2.2 Tags --------- - -.. http:get:: /v1/repositories/(namespace)/(repository)/tags - - get all of the tags for the given repo. - - **Example Request**: - - .. sourcecode:: http - - GET /v1/repositories/foo/bar/tags HTTP/1.1 - Host: registry-1.docker.io - Accept: application/json - Content-Type: application/json - X-Docker-Registry-Version: 0.6.0 - Cookie: (Cookie provided by the Registry) - - :parameter namespace: namespace for the repo - :parameter repository: name for the repo - - **Example Response**: - - .. sourcecode:: http - - HTTP/1.1 200 - Vary: Accept - Content-Type: application/json - X-Docker-Registry-Version: 0.6.0 - - { - "latest": "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f", - "0.1.1": "b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087" - } - - :statuscode 200: OK - :statuscode 401: Requires authorization - :statuscode 404: Repository not found - - -.. http:get:: /v1/repositories/(namespace)/(repository)/tags/(tag) - - get a tag for the given repo. - - **Example Request**: - - .. sourcecode:: http - - GET /v1/repositories/foo/bar/tags/latest HTTP/1.1 - Host: registry-1.docker.io - Accept: application/json - Content-Type: application/json - X-Docker-Registry-Version: 0.6.0 - Cookie: (Cookie provided by the Registry) - - :parameter namespace: namespace for the repo - :parameter repository: name for the repo - :parameter tag: name of tag you want to get - - **Example Response**: - - .. sourcecode:: http - - HTTP/1.1 200 - Vary: Accept - Content-Type: application/json - X-Docker-Registry-Version: 0.6.0 - - "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f" - - :statuscode 200: OK - :statuscode 401: Requires authorization - :statuscode 404: Tag not found - -.. http:delete:: /v1/repositories/(namespace)/(repository)/tags/(tag) - - delete the tag for the repo - - **Example Request**: - - .. sourcecode:: http - - DELETE /v1/repositories/foo/bar/tags/latest HTTP/1.1 - Host: registry-1.docker.io - Accept: application/json - Content-Type: application/json - Cookie: (Cookie provided by the Registry) - - :parameter namespace: namespace for the repo - :parameter repository: name for the repo - :parameter tag: name of tag you want to delete - - **Example Response**: - - .. sourcecode:: http - - HTTP/1.1 200 - Vary: Accept - Content-Type: application/json - X-Docker-Registry-Version: 0.6.0 - - "" - - :statuscode 200: OK - :statuscode 401: Requires authorization - :statuscode 404: Tag not found - - -.. http:put:: /v1/repositories/(namespace)/(repository)/tags/(tag) - - put a tag for the given repo. - - **Example Request**: - - .. sourcecode:: http - - PUT /v1/repositories/foo/bar/tags/latest HTTP/1.1 - Host: registry-1.docker.io - Accept: application/json - Content-Type: application/json - Cookie: (Cookie provided by the Registry) - - "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f" - - :parameter namespace: namespace for the repo - :parameter repository: name for the repo - :parameter tag: name of tag you want to add - - **Example Response**: - - .. sourcecode:: http - - HTTP/1.1 200 - Vary: Accept - Content-Type: application/json - X-Docker-Registry-Version: 0.6.0 - - "" - - :statuscode 200: OK - :statuscode 400: Invalid data - :statuscode 401: Requires authorization - :statuscode 404: Image not found - -2.3 Repositories ----------------- - -.. http:delete:: /v1/repositories/(namespace)/(repository)/ - - delete a repository - - **Example Request**: - - .. sourcecode:: http - - DELETE /v1/repositories/foo/bar/ HTTP/1.1 - Host: registry-1.docker.io - Accept: application/json - Content-Type: application/json - Cookie: (Cookie provided by the Registry) - - "" - - :parameter namespace: namespace for the repo - :parameter repository: name for the repo - - **Example Response**: - - .. sourcecode:: http - - HTTP/1.1 200 - Vary: Accept - Content-Type: application/json - X-Docker-Registry-Version: 0.6.0 - - "" - - :statuscode 200: OK - :statuscode 401: Requires authorization - :statuscode 404: Repository not found - -2.4 Status ----------- - -.. http:get:: /v1/_ping - - Check status of the registry. This endpoint is also used to determine if - the registry supports SSL. - - **Example Request**: - - .. sourcecode:: http - - GET /v1/_ping HTTP/1.1 - Host: registry-1.docker.io - Accept: application/json - Content-Type: application/json - - "" - - **Example Response**: - - .. sourcecode:: http - - HTTP/1.1 200 - Vary: Accept - Content-Type: application/json - X-Docker-Registry-Version: 0.6.0 - - "" - - :statuscode 200: OK - - -3 Authorization -=============== -This is where we describe the authorization process, including the tokens and cookies. - -TODO: add more info. diff --git a/docs/sources/reference/api/registry_index_spec.md b/docs/sources/reference/api/registry_index_spec.md index aa18a2e3c5..93ba469221 100644 --- a/docs/sources/reference/api/registry_index_spec.md +++ b/docs/sources/reference/api/registry_index_spec.md @@ -10,16 +10,16 @@ page_keywords: docker, registry, api, index The Index is responsible for centralizing information about: -- User accounts -- Checksums of the images -- Public namespaces + - User accounts + - Checksums of the images + - Public namespaces The Index has different components: -- Web UI -- Meta-data store (comments, stars, list public repositories) -- Authentication service -- Tokenization + - Web UI + - Meta-data store (comments, stars, list public repositories) + - Authentication service + - Tokenization The index is authoritative for those information. @@ -28,46 +28,46 @@ managed by Docker Inc. ### Registry -- It stores the images and the graph for a set of repositories -- It does not have user accounts data -- It has no notion of user accounts or authorization -- It delegates authentication and authorization to the Index Auth - service using tokens -- It supports different storage backends (S3, cloud files, local FS) -- It doesn’t have a local database -- [Source Code](https://github.com/dotcloud/docker-registry) + - It stores the images and the graph for a set of repositories + - It does not have user accounts data + - It has no notion of user accounts or authorization + - It delegates authentication and authorization to the Index Auth + service using tokens + - It supports different storage backends (S3, cloud files, local FS) + - It doesn't have a local database + - [Source Code](https://github.com/dotcloud/docker-registry) We expect that there will be multiple registries out there. To help to grasp the context, here are some examples of registries: -- **sponsor registry**: such a registry is provided by a third-party - hosting infrastructure as a convenience for their customers and the - docker community as a whole. Its costs are supported by the third - party, but the management and operation of the registry are - supported by dotCloud. It features read/write access, and delegates - authentication and authorization to the Index. -- **mirror registry**: such a registry is provided by a third-party - hosting infrastructure but is targeted at their customers only. Some - mechanism (unspecified to date) ensures that public images are - pulled from a sponsor registry to the mirror registry, to make sure - that the customers of the third-party provider can “docker pull” - those images locally. -- **vendor registry**: such a registry is provided by a software - vendor, who wants to distribute docker images. It would be operated - and managed by the vendor. Only users authorized by the vendor would - be able to get write access. Some images would be public (accessible - for anyone), others private (accessible only for authorized users). - Authentication and authorization would be delegated to the Index. - The goal of vendor registries is to let someone do “docker pull - basho/riak1.3” and automatically push from the vendor registry - (instead of a sponsor registry); i.e. get all the convenience of a - sponsor registry, while retaining control on the asset distribution. -- **private registry**: such a registry is located behind a firewall, - or protected by an additional security layer (HTTP authorization, - SSL client-side certificates, IP address authorization...). The - registry is operated by a private entity, outside of dotCloud’s - control. It can optionally delegate additional authorization to the - Index, but it is not mandatory. + - **sponsor registry**: such a registry is provided by a third-party + hosting infrastructure as a convenience for their customers and the + docker community as a whole. Its costs are supported by the third + party, but the management and operation of the registry are + supported by dotCloud. It features read/write access, and delegates + authentication and authorization to the Index. + - **mirror registry**: such a registry is provided by a third-party + hosting infrastructure but is targeted at their customers only. Some + mechanism (unspecified to date) ensures that public images are + pulled from a sponsor registry to the mirror registry, to make sure + that the customers of the third-party provider can “docker pull” + those images locally. + - **vendor registry**: such a registry is provided by a software + vendor, who wants to distribute docker images. It would be operated + and managed by the vendor. Only users authorized by the vendor would + be able to get write access. Some images would be public (accessible + for anyone), others private (accessible only for authorized users). + Authentication and authorization would be delegated to the Index. + The goal of vendor registries is to let someone do “docker pull + basho/riak1.3” and automatically push from the vendor registry + (instead of a sponsor registry); i.e. get all the convenience of a + sponsor registry, while retaining control on the asset distribution. + - **private registry**: such a registry is located behind a firewall, + or protected by an additional security layer (HTTP authorization, + SSL client-side certificates, IP address authorization...). The + registry is operated by a private entity, outside of dotCloud's + control. It can optionally delegate additional authorization to the + Index, but it is not mandatory. > **Note:** The latter implies that while HTTP is the protocol > of choice for a registry, multiple schemes are possible (and @@ -88,36 +88,33 @@ to SSH (e.g. with public keys). On top of being a runtime for LXC, Docker is the Registry client. It supports: -- Push / Pull on the registry -- Client authentication on the Index + - Push / Pull on the registry + - Client authentication on the Index ## Workflow ### Pull -![](../../../_images/docker_pull_chart.png) +![](/static_files/docker_pull_chart.png) 1. Contact the Index to know where I should download “samalba/busybox” -2. Index replies: a. `samalba/busybox` is on - Registry A b. here are the checksums for `samalba/busybox` - (for all layers) c. token -3. Contact Registry A to receive the layers for - `samalba/busybox` (all of them to the base - image). Registry A is authoritative for “samalba/busybox” but keeps - a copy of all inherited layers and serve them all from the same +2. Index replies: a. `samalba/busybox` is on Registry A b. here are the + checksums for `samalba/busybox` (for all layers) c. token +3. Contact Registry A to receive the layers for `samalba/busybox` (all of + them to the base image). Registry A is authoritative for “samalba/busybox” + but keeps a copy of all inherited layers and serve them all from the same location. -4. registry contacts index to verify if token/user is allowed to - download images -5. Index returns true/false lettings registry know if it should proceed - or error out +4. registry contacts index to verify if token/user is allowed to download images +5. Index returns true/false lettings registry know if it should proceed or error + out 6. Get the payload for all layers -It’s possible to run: +It's possible to run: - docker pull https:///repositories/samalba/busybox + $ docker pull https:///repositories/samalba/busybox In this case, Docker bypasses the Index. However the security is not -guaranteed (in case Registry A is corrupted) because there won’t be any +guaranteed (in case Registry A is corrupted) because there won't be any checksum checks. Currently registry redirects to s3 urls for downloads, going forward all @@ -128,60 +125,61 @@ sub-classes for S3 and local storage. Token is only returned when the `X-Docker-Token` header is sent with request. -Basic Auth is required to pull private repos. Basic auth isn’t required +Basic Auth is required to pull private repos. Basic auth isn't required for pulling public repos, but if one is provided, it needs to be valid and for an active account. -#### API (pulling repository foo/bar): +**API (pulling repository foo/bar):** -1. (Docker -\> Index) GET /v1/repositories/foo/bar/images - : **Headers**: - : Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== - X-Docker-Token: true +1. (Docker -> Index) GET /v1/repositories/foo/bar/images: + + **Headers**: + Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== + X-Docker-Token: true + + **Action**: + (looking up the foo/bar in db and gets images and checksums + for that repo (all if no tag is specified, if tag, only + checksums for those tags) see part 4.4.1) + +2. (Index -> Docker) HTTP 200 OK + + **Headers**: + Authorization: Token + signature=123abc,repository=”foo/bar”,access=write + X-Docker-Endpoints: registry.docker.io [,registry2.docker.io] + + **Body**: + Jsonified checksums (see part 4.4.1) + +3. (Docker -> Registry) GET /v1/repositories/foo/bar/tags/latest + + **Headers**: + Authorization: Token + signature=123abc,repository=”foo/bar”,access=write + +4. (Registry -> Index) GET /v1/repositories/foo/bar/images + + **Headers**: + Authorization: Token + signature=123abc,repository=”foo/bar”,access=read + + **Body**: + + + **Action**: + (Lookup token see if they have access to pull.) + + If good: + HTTP 200 OK Index will invalidate the token + + If bad: + HTTP 401 Unauthorized + +5. (Docker -> Registry) GET /v1/images/928374982374/ancestry **Action**: - : (looking up the foo/bar in db and gets images and checksums - for that repo (all if no tag is specified, if tag, only - checksums for those tags) see part 4.4.1) - -2. (Index -\> Docker) HTTP 200 OK - - > **Headers**: - > : - Authorization: Token - > signature=123abc,repository=”foo/bar”,access=write - > - X-Docker-Endpoints: registry.docker.io [, - > registry2.docker.io] - > - > **Body**: - > : Jsonified checksums (see part 4.4.1) - > -3. (Docker -\> Registry) GET /v1/repositories/foo/bar/tags/latest - : **Headers**: - : Authorization: Token - signature=123abc,repository=”foo/bar”,access=write - -4. (Registry -\> Index) GET /v1/repositories/foo/bar/images - - > **Headers**: - > : Authorization: Token - > signature=123abc,repository=”foo/bar”,access=read - > - > **Body**: - > : \ - > - > **Action**: - > : ( Lookup token see if they have access to pull.) - > - > If good: - > : HTTP 200 OK Index will invalidate the token - > - > If bad: - > : HTTP 401 Unauthorized - > -5. (Docker -\> Registry) GET /v1/images/928374982374/ancestry - : **Action**: - : (for each image id returned in the registry, fetch /json + - /layer) + (for each image id returned in the registry, fetch /json + /layer) > **Note**: > If someone makes a second request, then we will always give a new token, @@ -189,7 +187,7 @@ and for an active account. ### Push -![](../../../_images/docker_push_chart.png) +![](/static_files/docker_push_chart.png) 1. Contact the index to allocate the repository name “samalba/busybox” (authentication required with user credentials) @@ -204,7 +202,7 @@ and for an active account. 6. docker contacts the index to give checksums for upload images > **Note:** -> **It’s possible not to use the Index at all!** In this case, a deployed +> **It's possible not to use the Index at all!** In this case, a deployed > version of the Registry is deployed to store and serve images. Those > images are not authenticated and the security is not guaranteed. @@ -218,89 +216,96 @@ the push. When a repository name does not have checksums on the Index, it means that the push is in progress (since checksums are submitted at the end). -#### API (pushing repos foo/bar): +**API (pushing repos foo/bar):** -1. (Docker -\> Index) PUT /v1/repositories/foo/bar/ - : **Headers**: - : Authorization: Basic sdkjfskdjfhsdkjfh== X-Docker-Token: - true +1. (Docker -> Index) PUT /v1/repositories/foo/bar/ - **Action**:: - : - in index, we allocated a new repository, and set to - initialized + **Headers**: + Authorization: Basic sdkjfskdjfhsdkjfh== X-Docker-Token: + true - **Body**:: - : (The body contains the list of images that are going to be - pushed, with empty checksums. The checksums will be set at - the end of the push): - - [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”}] - -2. (Index -\> Docker) 200 Created - : **Headers**: - : - WWW-Authenticate: Token - signature=123abc,repository=”foo/bar”,access=write - - X-Docker-Endpoints: registry.docker.io [, - registry2.docker.io] - -3. (Docker -\> Registry) PUT /v1/images/98765432\_parent/json - : **Headers**: - : Authorization: Token - signature=123abc,repository=”foo/bar”,access=write - -4. (Registry-\>Index) GET /v1/repositories/foo/bar/images - : **Headers**: - : Authorization: Token - signature=123abc,repository=”foo/bar”,access=write - - **Action**:: - : - Index: - : will invalidate the token. - - - Registry: - : grants a session (if token is approved) and fetches - the images id - -5. (Docker -\> Registry) PUT /v1/images/98765432\_parent/json - : **Headers**:: - : - Authorization: Token - signature=123abc,repository=”foo/bar”,access=write - - Cookie: (Cookie provided by the Registry) - -6. (Docker -\> Registry) PUT /v1/images/98765432/json - : **Headers**: - : Cookie: (Cookie provided by the Registry) - -7. (Docker -\> Registry) PUT /v1/images/98765432\_parent/layer - : **Headers**: - : Cookie: (Cookie provided by the Registry) - -8. (Docker -\> Registry) PUT /v1/images/98765432/layer - : **Headers**: - : X-Docker-Checksum: sha256:436745873465fdjkhdfjkgh - -9. (Docker -\> Registry) PUT /v1/repositories/foo/bar/tags/latest - : **Headers**: - : Cookie: (Cookie provided by the Registry) + **Action**: + - in index, we allocated a new repository, and set to + initialized **Body**: - : “98765432” + (The body contains the list of images that are going to be + pushed, with empty checksums. The checksums will be set at + the end of the push): -10. (Docker -\> Index) PUT /v1/repositories/foo/bar/images + [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”}] - **Headers**: - : Authorization: Basic 123oislifjsldfj== X-Docker-Endpoints: +2. (Index -> Docker) 200 Created + + **Headers**: + - WWW-Authenticate: Token + signature=123abc,repository=”foo/bar”,access=write + - X-Docker-Endpoints: registry.docker.io [, + registry2.docker.io] + +3. (Docker -> Registry) PUT /v1/images/98765432_parent/json + + **Headers**: + Authorization: Token + signature=123abc,repository=”foo/bar”,access=write + +4. (Registry->Index) GET /v1/repositories/foo/bar/images + + **Headers**: + Authorization: Token + signature=123abc,repository=”foo/bar”,access=write + + **Action**: + - Index: + will invalidate the token. + - Registry: + grants a session (if token is approved) and fetches + the images id + +5. (Docker -> Registry) PUT /v1/images/98765432_parent/json + + **Headers**:: + - Authorization: Token + signature=123abc,repository=”foo/bar”,access=write + - Cookie: (Cookie provided by the Registry) + +6. (Docker -> Registry) PUT /v1/images/98765432/json + + **Headers**: + - Cookie: (Cookie provided by the Registry) + +7. (Docker -> Registry) PUT /v1/images/98765432_parent/layer + + **Headers**: + - Cookie: (Cookie provided by the Registry) + +8. (Docker -> Registry) PUT /v1/images/98765432/layer + + **Headers**: + X-Docker-Checksum: sha256:436745873465fdjkhdfjkgh + +9. (Docker -> Registry) PUT /v1/repositories/foo/bar/tags/latest + + **Headers**: + - Cookie: (Cookie provided by the Registry) + + **Body**: + “98765432” + +10. (Docker -> Index) PUT /v1/repositories/foo/bar/images + + **Headers**: + Authorization: Basic 123oislifjsldfj== X-Docker-Endpoints: registry1.docker.io (no validation on this right now) - **Body**: - : (The image, id’s, tags and checksums) - + **Body**: + (The image, id`s, tags and checksums) [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”, “checksum”: “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”}] - **Return** HTTP 204 + **Return**: HTTP 204 > **Note:** If push fails and they need to start again, what happens in the index, > there will already be a record for the namespace/name, but it will be @@ -308,8 +313,8 @@ the end). > case could be if someone pushes the same thing at the same time with two > different shells. -If it’s a retry on the Registry, Docker has a cookie (provided by the -registry after token validation). So the Index won’t have to provide a +If it's a retry on the Registry, Docker has a cookie (provided by the +registry after token validation). So the Index won't have to provide a new token. ### Delete @@ -318,11 +323,9 @@ If you need to delete something from the index or registry, we need a nice clean way to do that. Here is the workflow. 1. Docker contacts the index to request a delete of a repository - `samalba/busybox` (authentication required with - user credentials) -2. If authentication works and repository is valid, - `samalba/busybox` is marked as deleted and a - temporary token is returned + `samalba/busybox` (authentication required with user credentials) +2. If authentication works and repository is valid, `samalba/busybox` + is marked as deleted and a temporary token is returned 3. Send a delete request to the registry for the repository (along with the token) 4. Registry A contacts the Index to verify the token (token must @@ -334,74 +337,79 @@ nice clean way to do that. Here is the workflow. > **Note**: > The Docker client should present an "Are you sure?" prompt to confirm -> the deletion before starting the process. Once it starts it can’t be +> the deletion before starting the process. Once it starts it can't be > undone. -#### API (deleting repository foo/bar): +**API (deleting repository foo/bar):** -1. (Docker -\> Index) DELETE /v1/repositories/foo/bar/ - : **Headers**: - : Authorization: Basic sdkjfskdjfhsdkjfh== X-Docker-Token: - true +1. (Docker -> Index) DELETE /v1/repositories/foo/bar/ - **Action**:: - : - in index, we make sure it is a valid repository, and set - to deleted (logically) + **Headers**: + Authorization: Basic sdkjfskdjfhsdkjfh== X-Docker-Token: + true - **Body**:: - : Empty + **Action**: + - in index, we make sure it is a valid repository, and set + to deleted (logically) -2. (Index -\> Docker) 202 Accepted - : **Headers**: - : - WWW-Authenticate: Token - signature=123abc,repository=”foo/bar”,access=delete - - X-Docker-Endpoints: registry.docker.io [, - registry2.docker.io] \# list of endpoints where this - repo lives. + **Body**: + Empty -3. (Docker -\> Registry) DELETE /v1/repositories/foo/bar/ - : **Headers**: - : Authorization: Token - signature=123abc,repository=”foo/bar”,access=delete +2. (Index -> Docker) 202 Accepted -4. (Registry-\>Index) PUT /v1/repositories/foo/bar/auth - : **Headers**: - : Authorization: Token - signature=123abc,repository=”foo/bar”,access=delete + **Headers**: + - WWW-Authenticate: Token + signature=123abc,repository=”foo/bar”,access=delete + - X-Docker-Endpoints: registry.docker.io [, + registry2.docker.io] + # list of endpoints where this repo lives. - **Action**:: - : - Index: - : will invalidate the token. +3. (Docker -> Registry) DELETE /v1/repositories/foo/bar/ - - Registry: - : deletes the repository (if token is approved) + **Headers**: + Authorization: Token + signature=123abc,repository=”foo/bar”,access=delete -5. (Registry -\> Docker) 200 OK - : 200 If success 403 if forbidden 400 if bad request 404 if - repository isn’t found +4. (Registry->Index) PUT /v1/repositories/foo/bar/auth -6. (Docker -\> Index) DELETE /v1/repositories/foo/bar/ + **Headers**: + Authorization: Token + signature=123abc,repository=”foo/bar”,access=delete - > **Headers**: - > : Authorization: Basic 123oislifjsldfj== X-Docker-Endpoints: - > registry-1.docker.io (no validation on this right now) - > - > **Body**: - > : Empty - > - > **Return** HTTP 200 + **Action**: + - Index: + will invalidate the token. + - Registry: + deletes the repository (if token is approved) + +5. (Registry -> Docker) 200 OK + + 200 If success 403 if forbidden 400 if bad request 404 + if repository isn't found + +6. (Docker -> Index) DELETE /v1/repositories/foo/bar/ + + **Headers**: + Authorization: Basic 123oislifjsldfj== X-Docker-Endpoints: + registry-1.docker.io (no validation on this right now) + + **Body**: + Empty + + **Return**: HTTP 200 ## How to use the Registry in standalone mode The Index has two main purposes (along with its fancy social features): -- Resolve short names (to avoid passing absolute URLs all the time) - : - username/projectname -\> - https://registry.docker.io/users/\/repositories/\/ - - team/projectname -\> - https://registry.docker.io/team/\/repositories/\/ + - Resolve short names (to avoid passing absolute URLs all the time): -- Authenticate a user as a repos owner (for a central referenced + username/projectname -> + https://registry.docker.io/users//repositories// + team/projectname -> + https://registry.docker.io/team//repositories// + + - Authenticate a user as a repos owner (for a central referenced repository) ### Without an Index @@ -429,17 +437,17 @@ no write access is necessary). The Index data needed by the Registry are simple: -- Serve the checksums -- Provide and authorize a Token + - Serve the checksums + - Provide and authorize a Token In the scenario of a Registry running on a private network with the need -of centralizing and authorizing, it’s easy to use a custom Index. +of centralizing and authorizing, it's easy to use a custom Index. The only challenge will be to tell Docker to contact (and trust) this custom Index. Docker will be configurable at some point to use a -specific Index, it’ll be the private entity responsibility (basically +specific Index, it'll be the private entity responsibility (basically the organization who uses Docker in a private environment) to maintain -the Index and the Docker’s configuration among its consumers. +the Index and the Docker's configuration among its consumers. ## The API @@ -453,7 +461,7 @@ JSON), basically because Registry stores exactly the same kind of information as Docker uses to manage them. The format of ancestry is a line-separated list of image ids, in age -order, i.e. the image’s parent is on the last line, the parent of the +order, i.e. the image's parent is on the last line, the parent of the parent on the next-to-last line, etc.; if the image has no parent, the file is empty. @@ -468,17 +476,18 @@ file is empty. ### Create a user (Index) -POST /v1/users + POST /v1/users: -**Body**: -: {"email": "[sam@dotcloud.com](mailto:sam%40dotcloud.com)", - "password": "toto42", "username": "foobar"’} -**Validation**: -: - **username**: min 4 character, max 30 characters, must match the - regular expression [a-z0-9\_]. + **Body**: + {"email": "[sam@dotcloud.com](mailto:sam%40dotcloud.com)", + "password": "toto42", "username": "foobar"`} + + **Validation**: + - **username**: min 4 character, max 30 characters, must match the + regular expression [a-z0-9_]. - **password**: min 5 characters -**Valid**: return HTTP 200 + **Valid**: return HTTP 200 Errors: HTTP 400 (we should create error codes for possible errors) - invalid json - missing field - wrong format (username, password, email, @@ -490,10 +499,10 @@ etc) - forbidden name - name already exists ### Update a user (Index) -PUT /v1/users/\ + PUT /v1/users/ -**Body**: -: {"password": "toto"} + **Body**: + {"password": "toto"} > **Note**: > We can also update email address, if they do, they will need to reverify @@ -506,44 +515,44 @@ validate credentials. HTTP Basic Auth for now, maybe change in future. GET /v1/users -**Return**: -: - Valid: HTTP 200 - - Invalid login: HTTP 401 - - Account inactive: HTTP 403 Account is not Active + **Return**: + - Valid: HTTP 200 + - Invalid login: HTTP 401 + - Account inactive: HTTP 403 Account is not Active ### Tags (Registry) The Registry does not know anything about users. Even though -repositories are under usernames, it’s just a namespace for the +repositories are under usernames, it's just a namespace for the registry. Allowing us to implement organizations or different namespaces -per user later, without modifying the Registry’s API. +per user later, without modifying the Registry'sAPI. The following naming restrictions apply: -- Namespaces must match the same regular expression as usernames (See + - Namespaces must match the same regular expression as usernames (See 4.2.1.) -- Repository names must match the regular expression [a-zA-Z0-9-\_.] + - Repository names must match the regular expression [a-zA-Z0-9-_.] ### Get all tags: -GET /v1/repositories/\/\/tags +GET /v1/repositories///tags -**Return**: HTTP 200 -: { "latest": + **Return**: HTTP 200 + { "latest": "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f", “0.1.1”: “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087” } -#### 4.3.2 Read the content of a tag (resolve the image id) + **4.3.2 Read the content of a tag (resolve the image id):** -GET /v1/repositories/\/\/tags/\ + GET /v1/repositories///tags/ -**Return**: -: "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f" + **Return**: + "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f" -#### 4.3.3 Delete a tag (registry) + **4.3.3 Delete a tag (registry):** -DELETE /v1/repositories/\/\/tags/\ + DELETE /v1/repositories///tags/ ### 4.4 Images (Index) @@ -552,12 +561,12 @@ it uses the X-Docker-Endpoints header. In other terms, this requests always add a `X-Docker-Endpoints` to indicate the location of the registry which hosts this repository. -#### 4.4.1 Get the images +**4.4.1 Get the images:** -GET /v1/repositories/\/\/images + GET /v1/repositories///images -**Return**: HTTP 200 -: [{“id”: + **Return**: HTTP 200 + [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”, “checksum”: “[md5:b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087](md5:b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087)”}] @@ -566,22 +575,22 @@ GET /v1/repositories/\/\/images You always add images, you never remove them. -PUT /v1/repositories/\/\/images + PUT /v1/repositories///images -**Body**: -: [ {“id”: + **Body**: + [ {“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”, “checksum”: “sha256:b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”} ] -**Return** 204 + **Return**: 204 ### Repositories ### Remove a Repository (Registry) -DELETE /v1/repositories/\/\ +DELETE /v1/repositories// Return 200 OK @@ -589,16 +598,16 @@ Return 200 OK This starts the delete process. see 2.3 for more details. -DELETE /v1/repositories/\/\ +DELETE /v1/repositories// Return 202 OK ## Chaining Registries -It’s possible to chain Registries server for several reasons: +It's possible to chain Registries server for several reasons: -- Load balancing -- Delegate the next request to another server + - Load balancing + - Delegate the next request to another server When a Registry is a reference for a repository, it should host the entire images chain in order to avoid breaking the chain during the @@ -631,32 +640,30 @@ You have 3 options: 1. Provide user credentials and ask for a token - > **Header**: - > : - Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== - > - X-Docker-Token: true - > - > In this case, along with the 200 response, you’ll get a new token - > (if user auth is ok): If authorization isn’t correct you get a 401 - > response. If account isn’t active you will get a 403 response. - > - > **Response**: - > : - 200 OK - > - X-Docker-Token: Token - > signature=123abc,repository=”foo/bar”,access=read - > + **Header**: + - Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== + - X-Docker-Token: true + + In this case, along with the 200 response, you'll get a new token + (if user auth is ok): If authorization isn't correct you get a 401 + response. If account isn't active you will get a 403 response. + + **Response**: + - 200 OK + - X-Docker-Token: Token + signature=123abc,repository=”foo/bar”,access=read + 2. Provide user credentials only - > **Header**: - > : Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== - > + **Header**: + Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== 3. Provide Token - > **Header**: - > : Authorization: Token - > signature=123abc,repository=”foo/bar”,access=read - > + **Header**: + Authorization: Token + signature=123abc,repository=”foo/bar”,access=read ### 6.2 On the Registry @@ -684,7 +691,7 @@ Next request: ## Document Version -- 1.0 : May 6th 2013 : initial release -- 1.1 : June 1st 2013 : Added Delete Repository and way to handle new + - 1.0 : May 6th 2013 : initial release + - 1.1 : June 1st 2013 : Added Delete Repository and way to handle new source namespace. diff --git a/docs/sources/reference/api/registry_index_spec.rst b/docs/sources/reference/api/registry_index_spec.rst deleted file mode 100644 index 89f6319f5c..0000000000 --- a/docs/sources/reference/api/registry_index_spec.rst +++ /dev/null @@ -1,622 +0,0 @@ -:title: Registry Documentation -:description: Documentation for docker Registry and Registry API -:keywords: docker, registry, api, index - -.. _registryindexspec: - -===================== -Registry & Index Spec -===================== - -1. The 3 roles -=============== - -1.1 Index ---------- - -The Index is responsible for centralizing information about: - -- User accounts -- Checksums of the images -- Public namespaces - -The Index has different components: - -- Web UI -- Meta-data store (comments, stars, list public repositories) -- Authentication service -- Tokenization - -The index is authoritative for those information. - -We expect that there will be only one instance of the index, run and managed by Docker Inc. - -1.2 Registry ------------- -- It stores the images and the graph for a set of repositories -- It does not have user accounts data -- It has no notion of user accounts or authorization -- It delegates authentication and authorization to the Index Auth service using tokens -- It supports different storage backends (S3, cloud files, local FS) -- It doesn’t have a local database -- `Source Code `_ - -We expect that there will be multiple registries out there. To help to grasp the context, here are some examples of registries: - -- **sponsor registry**: such a registry is provided by a third-party hosting infrastructure as a convenience for their customers and the docker community as a whole. Its costs are supported by the third party, but the management and operation of the registry are supported by dotCloud. It features read/write access, and delegates authentication and authorization to the Index. -- **mirror registry**: such a registry is provided by a third-party hosting infrastructure but is targeted at their customers only. Some mechanism (unspecified to date) ensures that public images are pulled from a sponsor registry to the mirror registry, to make sure that the customers of the third-party provider can “docker pull” those images locally. -- **vendor registry**: such a registry is provided by a software vendor, who wants to distribute docker images. It would be operated and managed by the vendor. Only users authorized by the vendor would be able to get write access. Some images would be public (accessible for anyone), others private (accessible only for authorized users). Authentication and authorization would be delegated to the Index. The goal of vendor registries is to let someone do “docker pull basho/riak1.3” and automatically push from the vendor registry (instead of a sponsor registry); i.e. get all the convenience of a sponsor registry, while retaining control on the asset distribution. -- **private registry**: such a registry is located behind a firewall, or protected by an additional security layer (HTTP authorization, SSL client-side certificates, IP address authorization...). The registry is operated by a private entity, outside of dotCloud’s control. It can optionally delegate additional authorization to the Index, but it is not mandatory. - -.. note:: - - The latter implies that while HTTP is the protocol of choice for a registry, multiple schemes are possible (and in some cases, trivial): - - HTTP with GET (and PUT for read-write registries); - - local mount point; - - remote docker addressed through SSH. - -The latter would only require two new commands in docker, e.g. ``registryget`` -and ``registryput``, wrapping access to the local filesystem (and optionally -doing consistency checks). Authentication and authorization are then delegated -to SSH (e.g. with public keys). - -1.3 Docker ----------- - -On top of being a runtime for LXC, Docker is the Registry client. It supports: - -- Push / Pull on the registry -- Client authentication on the Index - -2. Workflow -=========== - -2.1 Pull --------- - -.. image:: /static_files/docker_pull_chart.png - -1. Contact the Index to know where I should download “samalba/busybox” -2. Index replies: - a. ``samalba/busybox`` is on Registry A - b. here are the checksums for ``samalba/busybox`` (for all layers) - c. token -3. Contact Registry A to receive the layers for ``samalba/busybox`` (all of them to the base image). Registry A is authoritative for “samalba/busybox” but keeps a copy of all inherited layers and serve them all from the same location. -4. registry contacts index to verify if token/user is allowed to download images -5. Index returns true/false lettings registry know if it should proceed or error out -6. Get the payload for all layers - -It's possible to run: - -.. code-block:: bash - - docker pull https:///repositories/samalba/busybox - -In this case, Docker bypasses the Index. However the security is not guaranteed -(in case Registry A is corrupted) because there won’t be any checksum checks. - -Currently registry redirects to s3 urls for downloads, going forward all -downloads need to be streamed through the registry. The Registry will then -abstract the calls to S3 by a top-level class which implements sub-classes for -S3 and local storage. - -Token is only returned when the ``X-Docker-Token`` header is sent with request. - -Basic Auth is required to pull private repos. Basic auth isn't required for -pulling public repos, but if one is provided, it needs to be valid and for an -active account. - -API (pulling repository foo/bar): -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -1. (Docker -> Index) GET /v1/repositories/foo/bar/images - **Headers**: - Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== - X-Docker-Token: true - **Action**: - (looking up the foo/bar in db and gets images and checksums for that repo (all if no tag is specified, if tag, only checksums for those tags) see part 4.4.1) - -2. (Index -> Docker) HTTP 200 OK - - **Headers**: - - Authorization: Token signature=123abc,repository=”foo/bar”,access=write - - X-Docker-Endpoints: registry.docker.io [, registry2.docker.io] - **Body**: - Jsonified checksums (see part 4.4.1) - -3. (Docker -> Registry) GET /v1/repositories/foo/bar/tags/latest - **Headers**: - Authorization: Token signature=123abc,repository=”foo/bar”,access=write - -4. (Registry -> Index) GET /v1/repositories/foo/bar/images - - **Headers**: - Authorization: Token signature=123abc,repository=”foo/bar”,access=read - - **Body**: - - - **Action**: - ( Lookup token see if they have access to pull.) - - If good: - HTTP 200 OK - Index will invalidate the token - If bad: - HTTP 401 Unauthorized - -5. (Docker -> Registry) GET /v1/images/928374982374/ancestry - **Action**: - (for each image id returned in the registry, fetch /json + /layer) - -.. note:: - - If someone makes a second request, then we will always give a new token, never reuse tokens. - -2.2 Push --------- - -.. image:: /static_files/docker_push_chart.png - -1. Contact the index to allocate the repository name “samalba/busybox” (authentication required with user credentials) -2. If authentication works and namespace available, “samalba/busybox” is allocated and a temporary token is returned (namespace is marked as initialized in index) -3. Push the image on the registry (along with the token) -4. Registry A contacts the Index to verify the token (token must corresponds to the repository name) -5. Index validates the token. Registry A starts reading the stream pushed by docker and store the repository (with its images) -6. docker contacts the index to give checksums for upload images - -.. note:: - - **It’s possible not to use the Index at all!** In this case, a deployed version of the Registry is deployed to store and serve images. Those images are not authenticated and the security is not guaranteed. - -.. note:: - - **Index can be replaced!** For a private Registry deployed, a custom Index can be used to serve and validate token according to different policies. - -Docker computes the checksums and submit them to the Index at the end of the -push. When a repository name does not have checksums on the Index, it means -that the push is in progress (since checksums are submitted at the end). - -API (pushing repos foo/bar): -^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -1. (Docker -> Index) PUT /v1/repositories/foo/bar/ - **Headers**: - Authorization: Basic sdkjfskdjfhsdkjfh== - X-Docker-Token: true - - **Action**:: - - in index, we allocated a new repository, and set to initialized - - **Body**:: - (The body contains the list of images that are going to be pushed, with empty checksums. The checksums will be set at the end of the push):: - - [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”}] - -2. (Index -> Docker) 200 Created - **Headers**: - - WWW-Authenticate: Token signature=123abc,repository=”foo/bar”,access=write - - X-Docker-Endpoints: registry.docker.io [, registry2.docker.io] - -3. (Docker -> Registry) PUT /v1/images/98765432_parent/json - **Headers**: - Authorization: Token signature=123abc,repository=”foo/bar”,access=write - -4. (Registry->Index) GET /v1/repositories/foo/bar/images - **Headers**: - Authorization: Token signature=123abc,repository=”foo/bar”,access=write - **Action**:: - - Index: - will invalidate the token. - - Registry: - grants a session (if token is approved) and fetches the images id - -5. (Docker -> Registry) PUT /v1/images/98765432_parent/json - **Headers**:: - - Authorization: Token signature=123abc,repository=”foo/bar”,access=write - - Cookie: (Cookie provided by the Registry) - -6. (Docker -> Registry) PUT /v1/images/98765432/json - **Headers**: - Cookie: (Cookie provided by the Registry) - -7. (Docker -> Registry) PUT /v1/images/98765432_parent/layer - **Headers**: - Cookie: (Cookie provided by the Registry) - -8. (Docker -> Registry) PUT /v1/images/98765432/layer - **Headers**: - X-Docker-Checksum: sha256:436745873465fdjkhdfjkgh - -9. (Docker -> Registry) PUT /v1/repositories/foo/bar/tags/latest - **Headers**: - Cookie: (Cookie provided by the Registry) - **Body**: - “98765432” - -10. (Docker -> Index) PUT /v1/repositories/foo/bar/images - - **Headers**: - Authorization: Basic 123oislifjsldfj== - X-Docker-Endpoints: registry1.docker.io (no validation on this right now) - - **Body**: - (The image, id’s, tags and checksums) - - [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”, - “checksum”: “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”}] - - **Return** HTTP 204 - -.. note:: - - If push fails and they need to start again, what happens in the index, there will already be a record for the namespace/name, but it will be initialized. Should we allow it, or mark as name already used? One edge case could be if someone pushes the same thing at the same time with two different shells. - - If it's a retry on the Registry, Docker has a cookie (provided by the registry after token validation). So the Index won’t have to provide a new token. - -2.3 Delete ----------- - -If you need to delete something from the index or registry, we need a nice -clean way to do that. Here is the workflow. - -1. Docker contacts the index to request a delete of a repository ``samalba/busybox`` (authentication required with user credentials) -2. If authentication works and repository is valid, ``samalba/busybox`` is marked as deleted and a temporary token is returned -3. Send a delete request to the registry for the repository (along with the token) -4. Registry A contacts the Index to verify the token (token must corresponds to the repository name) -5. Index validates the token. Registry A deletes the repository and everything associated to it. -6. docker contacts the index to let it know it was removed from the registry, the index removes all records from the database. - -.. note:: - - The Docker client should present an "Are you sure?" prompt to confirm the deletion before starting the process. Once it starts it can't be undone. - -API (deleting repository foo/bar): -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -1. (Docker -> Index) DELETE /v1/repositories/foo/bar/ - **Headers**: - Authorization: Basic sdkjfskdjfhsdkjfh== - X-Docker-Token: true - - **Action**:: - - in index, we make sure it is a valid repository, and set to deleted (logically) - - **Body**:: - Empty - -2. (Index -> Docker) 202 Accepted - **Headers**: - - WWW-Authenticate: Token signature=123abc,repository=”foo/bar”,access=delete - - X-Docker-Endpoints: registry.docker.io [, registry2.docker.io] # list of endpoints where this repo lives. - -3. (Docker -> Registry) DELETE /v1/repositories/foo/bar/ - **Headers**: - Authorization: Token signature=123abc,repository=”foo/bar”,access=delete - -4. (Registry->Index) PUT /v1/repositories/foo/bar/auth - **Headers**: - Authorization: Token signature=123abc,repository=”foo/bar”,access=delete - **Action**:: - - Index: - will invalidate the token. - - Registry: - deletes the repository (if token is approved) - -5. (Registry -> Docker) 200 OK - 200 If success - 403 if forbidden - 400 if bad request - 404 if repository isn't found - -6. (Docker -> Index) DELETE /v1/repositories/foo/bar/ - - **Headers**: - Authorization: Basic 123oislifjsldfj== - X-Docker-Endpoints: registry-1.docker.io (no validation on this right now) - - **Body**: - Empty - - **Return** HTTP 200 - - -3. How to use the Registry in standalone mode -============================================= - -The Index has two main purposes (along with its fancy social features): - -- Resolve short names (to avoid passing absolute URLs all the time) - - username/projectname -> \https://registry.docker.io/users//repositories// - - team/projectname -> \https://registry.docker.io/team//repositories// -- Authenticate a user as a repos owner (for a central referenced repository) - -3.1 Without an Index --------------------- - -Using the Registry without the Index can be useful to store the images on a -private network without having to rely on an external entity controlled by -Docker Inc. - -In this case, the registry will be launched in a special mode (--standalone? ---no-index?). In this mode, the only thing which changes is that Registry will -never contact the Index to verify a token. It will be the Registry owner -responsibility to authenticate the user who pushes (or even pulls) an image -using any mechanism (HTTP auth, IP based, etc...). - -In this scenario, the Registry is responsible for the security in case of data -corruption since the checksums are not delivered by a trusted entity. - -As hinted previously, a standalone registry can also be implemented by any HTTP -server handling GET/PUT requests (or even only GET requests if no write access -is necessary). - -3.2 With an Index ------------------ - -The Index data needed by the Registry are simple: - -- Serve the checksums -- Provide and authorize a Token - -In the scenario of a Registry running on a private network with the need of -centralizing and authorizing, it’s easy to use a custom Index. - -The only challenge will be to tell Docker to contact (and trust) this custom -Index. Docker will be configurable at some point to use a specific Index, it’ll -be the private entity responsibility (basically the organization who uses -Docker in a private environment) to maintain the Index and the Docker’s -configuration among its consumers. - -4. The API -========== - -The first version of the api is available here: https://github.com/jpetazzo/docker/blob/acd51ecea8f5d3c02b00a08176171c59442df8b3/docs/images-repositories-push-pull.md - -4.1 Images ----------- - -The format returned in the images is not defined here (for layer and JSON), -basically because Registry stores exactly the same kind of information as -Docker uses to manage them. - -The format of ancestry is a line-separated list of image ids, in age order, -i.e. the image’s parent is on the last line, the parent of the parent on the -next-to-last line, etc.; if the image has no parent, the file is empty. - -.. code-block:: bash - - GET /v1/images//layer - PUT /v1/images//layer - GET /v1/images//json - PUT /v1/images//json - GET /v1/images//ancestry - PUT /v1/images//ancestry - -4.2 Users ---------- - -4.2.1 Create a user (Index) -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -POST /v1/users - -**Body**: - {"email": "sam@dotcloud.com", "password": "toto42", "username": "foobar"'} - -**Validation**: - - **username**: min 4 character, max 30 characters, must match the regular - expression [a-z0-9\_]. - - **password**: min 5 characters - -**Valid**: return HTTP 200 - -Errors: HTTP 400 (we should create error codes for possible errors) -- invalid json -- missing field -- wrong format (username, password, email, etc) -- forbidden name -- name already exists - -.. note:: - - A user account will be valid only if the email has been validated (a validation link is sent to the email address). - -4.2.2 Update a user (Index) -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -PUT /v1/users/ - -**Body**: - {"password": "toto"} - -.. note:: - - We can also update email address, if they do, they will need to reverify their new email address. - -4.2.3 Login (Index) -^^^^^^^^^^^^^^^^^^^ - -Does nothing else but asking for a user authentication. Can be used to validate -credentials. HTTP Basic Auth for now, maybe change in future. - -GET /v1/users - -**Return**: - - Valid: HTTP 200 - - Invalid login: HTTP 401 - - Account inactive: HTTP 403 Account is not Active - -4.3 Tags (Registry) -------------------- - -The Registry does not know anything about users. Even though repositories are -under usernames, it’s just a namespace for the registry. Allowing us to -implement organizations or different namespaces per user later, without -modifying the Registry’s API. - -The following naming restrictions apply: - -- Namespaces must match the same regular expression as usernames (See 4.2.1.) -- Repository names must match the regular expression [a-zA-Z0-9-_.] - -4.3.1 Get all tags -^^^^^^^^^^^^^^^^^^ - -GET /v1/repositories///tags - -**Return**: HTTP 200 - { - "latest": "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f", - “0.1.1”: “b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087” - } - -4.3.2 Read the content of a tag (resolve the image id) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -GET /v1/repositories///tags/ - -**Return**: - "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f" - -4.3.3 Delete a tag (registry) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -DELETE /v1/repositories///tags/ - -4.4 Images (Index) ------------------- - -For the Index to “resolve” the repository name to a Registry location, it uses -the X-Docker-Endpoints header. In other terms, this requests always add a -``X-Docker-Endpoints`` to indicate the location of the registry which hosts this -repository. - -4.4.1 Get the images -^^^^^^^^^^^^^^^^^^^^^ - -GET /v1/repositories///images - -**Return**: HTTP 200 - [{“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”, “checksum”: “md5:b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”}] - - -4.4.2 Add/update the images -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -You always add images, you never remove them. - -PUT /v1/repositories///images - -**Body**: - [ {“id”: “9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f”, “checksum”: “sha256:b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087”} ] - -**Return** 204 - -4.5 Repositories ----------------- - -4.5.1 Remove a Repository (Registry) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -DELETE /v1/repositories// - -Return 200 OK - -4.5.2 Remove a Repository (Index) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -This starts the delete process. see 2.3 for more details. - -DELETE /v1/repositories// - -Return 202 OK - -5. Chaining Registries -====================== - -It’s possible to chain Registries server for several reasons: - -- Load balancing -- Delegate the next request to another server - -When a Registry is a reference for a repository, it should host the entire -images chain in order to avoid breaking the chain during the download. - -The Index and Registry use this mechanism to redirect on one or the other. - -Example with an image download: - -On every request, a special header can be returned:: - - X-Docker-Endpoints: server1,server2 - -On the next request, the client will always pick a server from this list. - -6. Authentication & Authorization -================================= - -6.1 On the Index ------------------ - -The Index supports both “Basic” and “Token” challenges. Usually when there is a -``401 Unauthorized``, the Index replies this:: - - 401 Unauthorized - WWW-Authenticate: Basic realm="auth required",Token - -You have 3 options: - -1. Provide user credentials and ask for a token - - **Header**: - - Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== - - X-Docker-Token: true - - In this case, along with the 200 response, you’ll get a new token (if user auth is ok): - If authorization isn't correct you get a 401 response. - If account isn't active you will get a 403 response. - - **Response**: - - 200 OK - - X-Docker-Token: Token signature=123abc,repository=”foo/bar”,access=read - -2. Provide user credentials only - - **Header**: - Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== - -3. Provide Token - - **Header**: - Authorization: Token signature=123abc,repository=”foo/bar”,access=read - -6.2 On the Registry -------------------- - -The Registry only supports the Token challenge:: - - 401 Unauthorized - WWW-Authenticate: Token - -The only way is to provide a token on ``401 Unauthorized`` responses:: - - Authorization: Token signature=123abc,repository="foo/bar",access=read - -Usually, the Registry provides a Cookie when a Token verification succeeded. -Every time the Registry passes a Cookie, you have to pass it back the same -cookie.:: - - 200 OK - Set-Cookie: session="wD/J7LqL5ctqw8haL10vgfhrb2Q=?foo=UydiYXInCnAxCi4=×tamp=RjEzNjYzMTQ5NDcuNDc0NjQzCi4="; Path=/; HttpOnly - -Next request:: - - GET /(...) - Cookie: session="wD/J7LqL5ctqw8haL10vgfhrb2Q=?foo=UydiYXInCnAxCi4=×tamp=RjEzNjYzMTQ5NDcuNDc0NjQzCi4=" - - -7 Document Version -==================== - -- 1.0 : May 6th 2013 : initial release -- 1.1 : June 1st 2013 : Added Delete Repository and way to handle new source namespace. diff --git a/docs/sources/reference/api/remote_api_client_libraries.md b/docs/sources/reference/api/remote_api_client_libraries.md index eb1e3a4ee1..4b90afc5b0 100644 --- a/docs/sources/reference/api/remote_api_client_libraries.md +++ b/docs/sources/reference/api/remote_api_client_libraries.md @@ -9,81 +9,124 @@ compatibility. Please file issues with the library owners. If you find more library implementations, please list them in Docker doc bugs and we will add the libraries here. - ------------------------------------------------------------------------- - Language/Framewor Name Repository Status - k - ----------------- ------------ ---------------------------------- ------- - Python docker-py [https://github.com/dotcloud/docke Active - r-py](https://github.com/dotcloud/ - docker-py) - - Ruby docker-clien [https://github.com/geku/docker-cl Outdate - t ient](https://github.com/geku/dock d - er-client) - - Ruby docker-api [https://github.com/swipely/docker Active - -api](https://github.com/swipely/d - ocker-api) - - JavaScript dockerode [https://github.com/apocas/dockero Active - (NodeJS) de](https://github.com/apocas/dock - erode) - Install via NPM: npm install - dockerode - - JavaScript docker.io [https://github.com/appersonlabs/d Active - (NodeJS) ocker.io](https://github.com/apper - sonlabs/docker.io) - Install via NPM: npm install - docker.io - - JavaScript docker-js [https://github.com/dgoujard/docke Outdate - r-js](https://github.com/dgoujard/ d - docker-js) - - JavaScript docker-cp [https://github.com/13W/docker-cp] Active - (Angular) (https://github.com/13W/docker-cp) - **WebUI** - - JavaScript dockerui [https://github.com/crosbymichael/ Active - (Angular) dockerui](https://github.com/crosb - **WebUI** ymichael/dockerui) - - Java docker-java [https://github.com/kpelykh/docker Active - -java](https://github.com/kpelykh/ - docker-java) - - Erlang erldocker [https://github.com/proger/erldock Active - er](https://github.com/proger/erld - ocker) - - Go go-dockercli [https://github.com/fsouza/go-dock Active - ent erclient](https://github.com/fsouz - a/go-dockerclient) - - Go dockerclient [https://github.com/samalba/docker Active - client](https://github.com/samalba - /dockerclient) - - PHP Alvine [http://pear.alvine.io/](http://pe Active - ar.alvine.io/) - (alpha) - - PHP Docker-PHP [http://stage1.github.io/docker-ph Active - p/](http://stage1.github.io/docker - -php/) - - Perl Net::Docker [https://metacpan.org/pod/Net::Doc Active - ker](https://metacpan.org/pod/Net: - :Docker) - - Perl Eixo::Docker [https://github.com/alambike/eixo- Active - docker](https://github.com/alambik - e/eixo-docker) - - Scala reactive-doc [https://github.com/almoehi/reacti Active - ker ve-docker](https://github.com/almo - ehi/reactive-docker) - ------------------------------------------------------------------------- - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Language/FrameworkNameRepositoryStatus
Pythondocker-pyhttps://github.com/dotcloud/docker-pyActive
Rubydocker-clienthttps://github.com/geku/docker-clientOutdated
Rubydocker-apihttps://github.com/swipely/docker-apiActive
JavaScript (NodeJS)dockerodehttps://github.com/apocas/dockerode + Install via NPM: npm install dockerodeActive
JavaScript (NodeJS)docker.iohttps://github.com/appersonlabs/docker.io + Install via NPM: npm install docker.ioActive
JavaScriptdocker-jshttps://github.com/dgoujard/docker-jsOutdated
JavaScript (Angular) WebUIdocker-cphttps://github.com/13W/docker-cpActive
JavaScript (Angular) WebUIdockeruihttps://github.com/crosbymichael/dockeruiActive
Javadocker-javahttps://github.com/kpelykh/docker-javaActive
Erlangerldockerhttps://github.com/proger/erldockerActive
Gogo-dockerclienthttps://github.com/fsouza/go-dockerclientActive
Godockerclienthttps://github.com/samalba/dockerclientActive
PHPAlvinehttp://pear.alvine.io/ (alpha)Active
PHPDocker-PHPhttp://stage1.github.io/docker-php/Active
PerlNet::Dockerhttps://metacpan.org/pod/Net::DockerActive
PerlEixo::Dockerhttps://github.com/alambike/eixo-dockerActive
Scalareactive-dockerhttps://github.com/almoehi/reactive-dockerActive
diff --git a/docs/sources/reference/api/remote_api_client_libraries.rst b/docs/sources/reference/api/remote_api_client_libraries.rst deleted file mode 100644 index c94c68cd48..0000000000 --- a/docs/sources/reference/api/remote_api_client_libraries.rst +++ /dev/null @@ -1,55 +0,0 @@ -:title: Remote API Client Libraries -:description: Various client libraries available to use with the Docker remote API -:keywords: API, Docker, index, registry, REST, documentation, clients, Python, Ruby, JavaScript, Erlang, Go - - -================================== -Docker Remote API Client Libraries -================================== - -These libraries have not been tested by the Docker Maintainers for -compatibility. Please file issues with the library owners. If you -find more library implementations, please list them in Docker doc bugs -and we will add the libraries here. - -+----------------------+----------------+--------------------------------------------+----------+ -| Language/Framework | Name | Repository | Status | -+======================+================+============================================+==========+ -| Python | docker-py | https://github.com/dotcloud/docker-py | Active | -+----------------------+----------------+--------------------------------------------+----------+ -| Ruby | docker-client | https://github.com/geku/docker-client | Outdated | -+----------------------+----------------+--------------------------------------------+----------+ -| Ruby | docker-api | https://github.com/swipely/docker-api | Active | -+----------------------+----------------+--------------------------------------------+----------+ -| JavaScript (NodeJS) | dockerode | https://github.com/apocas/dockerode | Active | -| | | Install via NPM: `npm install dockerode` | | -+----------------------+----------------+--------------------------------------------+----------+ -| JavaScript (NodeJS) | docker.io | https://github.com/appersonlabs/docker.io | Active | -| | | Install via NPM: `npm install docker.io` | | -+----------------------+----------------+--------------------------------------------+----------+ -| JavaScript | docker-js | https://github.com/dgoujard/docker-js | Outdated | -+----------------------+----------------+--------------------------------------------+----------+ -| JavaScript (Angular) | docker-cp | https://github.com/13W/docker-cp | Active | -| **WebUI** | | | | -+----------------------+----------------+--------------------------------------------+----------+ -| JavaScript (Angular) | dockerui | https://github.com/crosbymichael/dockerui | Active | -| **WebUI** | | | | -+----------------------+----------------+--------------------------------------------+----------+ -| Java | docker-java | https://github.com/kpelykh/docker-java | Active | -+----------------------+----------------+--------------------------------------------+----------+ -| Erlang | erldocker | https://github.com/proger/erldocker | Active | -+----------------------+----------------+--------------------------------------------+----------+ -| Go | go-dockerclient| https://github.com/fsouza/go-dockerclient | Active | -+----------------------+----------------+--------------------------------------------+----------+ -| Go | dockerclient | https://github.com/samalba/dockerclient | Active | -+----------------------+----------------+--------------------------------------------+----------+ -| PHP | Alvine | http://pear.alvine.io/ (alpha) | Active | -+----------------------+----------------+--------------------------------------------+----------+ -| PHP | Docker-PHP | http://stage1.github.io/docker-php/ | Active | -+----------------------+----------------+--------------------------------------------+----------+ -| Perl | Net::Docker | https://metacpan.org/pod/Net::Docker | Active | -+----------------------+----------------+--------------------------------------------+----------+ -| Perl | Eixo::Docker | https://github.com/alambike/eixo-docker | Active | -+----------------------+----------------+--------------------------------------------+----------+ -| Scala | reactive-docker| https://github.com/almoehi/reactive-docker | Active | -+----------------------+----------------+--------------------------------------------+----------+ diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 5c332e5c2f..98e9e0f544 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -4,23 +4,21 @@ page_keywords: builder, docker, Dockerfile, automation, image creation # Dockerfile Reference -**Docker can act as a builder** and read instructions from a text -`Dockerfile` to automate the steps you would -otherwise take manually to create an image. Executing -`docker build` will run your steps and commit them -along the way, giving you a final image. +**Docker can act as a builder** and read instructions from a text *Dockerfile* +to automate the steps you would otherwise take manually to create an image. +Executing `docker build` will run your steps and commit them along the way, +giving you a final image. ## Usage -To [*build*](../commandline/cli/#cli-build) an image from a source -repository, create a description file called `Dockerfile` -at the root of your repository. This file will describe the -steps to assemble the image. +To [*build*](../commandline/cli/#cli-build) an image from a source repository, +create a description file called Dockerfile at the root of your repository. +This file will describe the steps to assemble the image. -Then call `docker build` with the path of your -source repository as argument (for example, `.`): +Then call `docker build` with the path of you source repository as argument +(for example, `.`): -> `sudo docker build .` + $ sudo docker build . The path to the source repository defines where to find the *context* of the build. The build is run by the Docker daemon, not by the CLI, so the @@ -30,7 +28,7 @@ whole context must be transferred to the daemon. The Docker CLI reports You can specify a repository and tag at which to save the new image if the build succeeds: -> `sudo docker build -t shykes/myapp .` + $ sudo docker build -t shykes/myapp . The Docker daemon will run your steps one-by-one, committing the result to a new image if necessary, before finally outputting the ID of your @@ -38,12 +36,11 @@ new image. The Docker daemon will automatically clean up the context you sent. Note that each instruction is run independently, and causes a new image -to be created - so `RUN cd /tmp` will not have any -effect on the next instructions. +to be created - so `RUN cd /tmp` will not have any effect on the next +instructions. Whenever possible, Docker will re-use the intermediate images, -accelerating `docker build` significantly (indicated -by `Using cache`): +accelerating `docker build` significantly (indicated by `Using cache`): $ docker build -t SvenDowideit/ambassador . Uploading context 10.24 kB @@ -58,9 +55,9 @@ by `Using cache`): ---> 1a5ffc17324d Successfully built 1a5ffc17324d -When you’re done with your build, you’re ready to look into [*Pushing a -repository to its -registry*](../../use/workingwithrepository/#image-push). +When you're done with your build, you're ready to look into +[*Pushing a repository to its registry*]( +/use/workingwithrepository/#image-push). ## Format @@ -74,7 +71,7 @@ be UPPERCASE in order to distinguish them from arguments more easily. Docker evaluates the instructions in a Dockerfile in order. **The first instruction must be \`FROM\`** in order to specify the [*Base -Image*](../../terms/image/#base-image-def) from which you are building. +Image*](/terms/image/#base-image-def) from which you are building. Docker will treat lines that *begin* with `#` as a comment. A `#` marker anywhere else in the line will @@ -83,84 +80,73 @@ be treated as an argument. This allows statements like: # Comment RUN echo 'we are running some # of cool things' -Here is the set of instructions you can use in a `Dockerfile` +Here is the set of instructions you can use in a Dockerfile for building images. -## `FROM` +## FROM -> `FROM ` + FROM Or -> `FROM :` + FROM : -The `FROM` instruction sets the [*Base -Image*](../../terms/image/#base-image-def) for subsequent instructions. -As such, a valid Dockerfile must have `FROM` as its -first instruction. The image can be any valid image – it is especially -easy to start by **pulling an image** from the [*Public -Repositories*](../../use/workingwithrepository/#using-public-repositories). +The `FROM` instruction sets the [*Base Image*](/terms/image/#base-image-def) +for subsequent instructions. As such, a valid Dockerfile must have `FROM` as +its first instruction. The image can be any valid image – it is especially easy +to start by **pulling an image** from the [*Public Repositories*]( +/use/workingwithrepository/#using-public-repositories). -`FROM` must be the first non-comment instruction in -the `Dockerfile`. +`FROM` must be the first non-comment instruction in the Dockerfile. -`FROM` can appear multiple times within a single -Dockerfile in order to create multiple images. Simply make a note of the -last image id output by the commit before each new `FROM` -command. +`FROM` can appear multiple times within a single Dockerfile in order to create +multiple images. Simply make a note of the last image id output by the commit +before each new `FROM` command. -If no `tag` is given to the `FROM` -instruction, `latest` is assumed. If the +If no `tag` is given to the `FROM` instruction, `latest` is assumed. If the used tag does not exist, an error will be returned. -## `MAINTAINER` +## MAINTAINER -> `MAINTAINER ` + MAINTAINER -The `MAINTAINER` instruction allows you to set the -*Author* field of the generated images. +The `MAINTAINER` instruction allows you to set the *Author* field of the +generated images. -## `RUN` +## RUN RUN has 2 forms: -- `RUN ` (the command is run in a shell - - `/bin/sh -c`) -- `RUN ["executable", "param1", "param2"]` (*exec* - form) +- `RUN ` (the command is run in a shell - `/bin/sh -c`) +- `RUN ["executable", "param1", "param2"]` (*exec* form) -The `RUN` instruction will execute any commands in a -new layer on top of the current image and commit the results. The -resulting committed image will be used for the next step in the -Dockerfile. +The `RUN` instruction will execute any commands in a new layer on top of the +current image and commit the results. The resulting committed image will be +used for the next step in the Dockerfile. -Layering `RUN` instructions and generating commits -conforms to the core concepts of Docker where commits are cheap and -containers can be created from any point in an image’s history, much -like source control. +Layering `RUN` instructions and generating commits conforms to the core +concepts of Docker where commits are cheap and containers can be created from +any point in an image's history, much like source control. -The *exec* form makes it possible to avoid shell string munging, and to -`RUN` commands using a base image that does not -contain `/bin/sh`. +The *exec* form makes it possible to avoid shell string munging, and to `RUN` +commands using a base image that does not contain `/bin/sh`. ### Known Issues (RUN) -- [Issue 783](https://github.com/dotcloud/docker/issues/783) is about - file permissions problems that can occur when using the AUFS file - system. You might notice it during an attempt to `rm` - a file, for example. The issue describes a workaround. -- [Issue 2424](https://github.com/dotcloud/docker/issues/2424) Locale - will not be set automatically. +- [Issue 783](https://github.com/dotcloud/docker/issues/783) is about file + permissions problems that can occur when using the AUFS file system. You + might notice it during an attempt to `rm` a file, for example. The issue + describes a workaround. +- [Issue 2424](https://github.com/dotcloud/docker/issues/2424) Locale will + not be set automatically. -## `CMD` +## CMD CMD has three forms: -- `CMD ["executable","param1","param2"]` (like an - *exec*, preferred form) -- `CMD ["param1","param2"]` (as *default - parameters to ENTRYPOINT*) -- `CMD command param1 param2` (as a *shell*) +- `CMD ["executable","param1","param2"]` (like an *exec*, preferred form) +- `CMD ["param1","param2"]` (as *default parameters to ENTRYPOINT*) +- `CMD command param1 param2` (as a *shell*) There can only be one CMD in a Dockerfile. If you list more than one CMD then only the last CMD will take effect. @@ -169,83 +155,75 @@ then only the last CMD will take effect. container.** These defaults can include an executable, or they can omit the executable, in which case you must specify an ENTRYPOINT as well. -When used in the shell or exec formats, the `CMD` -instruction sets the command to be executed when running the image. +When used in the shell or exec formats, the `CMD` instruction sets the command +to be executed when running the image. -If you use the *shell* form of the CMD, then the `` -will execute in `/bin/sh -c`: +If you use the *shell* form of the CMD, then the `` will execute in +`/bin/sh -c`: FROM ubuntu CMD echo "This is a test." | wc - -If you want to **run your** `` **without a -shell** then you must express the command as a JSON array and give the -full path to the executable. **This array form is the preferred format -of CMD.** Any additional parameters must be individually expressed as -strings in the array: +If you want to **run your** `` **without a shell** then you must +express the command as a JSON array and give the full path to the executable. +**This array form is the preferred format of CMD.** Any additional parameters +must be individually expressed as strings in the array: FROM ubuntu CMD ["/usr/bin/wc","--help"] -If you would like your container to run the same executable every time, -then you should consider using `ENTRYPOINT` in -combination with `CMD`. See +If you would like your container to run the same executable every time, then +you should consider using `ENTRYPOINT` in combination with `CMD`. See [*ENTRYPOINT*](#entrypoint). -If the user specifies arguments to `docker run` then -they will override the default specified in CMD. +If the user specifies arguments to `docker run` then they will override the +default specified in CMD. > **Note**: -> Don’t confuse `RUN` with `CMD`. `RUN` actually runs a command and commits +> don't confuse `RUN` with `CMD`. `RUN` actually runs a command and commits > the result; `CMD` does not execute anything at build time, but specifies > the intended command for the image. -## `EXPOSE` +## EXPOSE -> `EXPOSE [...]` + EXPOSE [...] -The `EXPOSE` instructions informs Docker that the -container will listen on the specified network ports at runtime. Docker -uses this information to interconnect containers using links (see -[*links*](../../use/working_with_links_names/#working-with-links-names)), -and to setup port redirection on the host system (see [*Redirect -Ports*](../../use/port_redirection/#port-redirection)). +The `EXPOSE` instructions informs Docker that the container will listen on the +specified network ports at runtime. Docker uses this information to interconnect +containers using links (see +[*links*](/use/working_with_links_names/#working-with-links-names)), +and to setup port redirection on the host system (see [*Redirect Ports*]( +/use/port_redirection/#port-redirection)). -## `ENV` +## ENV -> `ENV ` + ENV -The `ENV` instruction sets the environment variable -`` to the value ``. -This value will be passed to all future `RUN` -instructions. This is functionally equivalent to prefixing the command -with `=` +The `ENV` instruction sets the environment variable `` to the value +``. This value will be passed to all future `RUN` instructions. This is +functionally equivalent to prefixing the command with `=` -The environment variables set using `ENV` will -persist when a container is run from the resulting image. You can view -the values using `docker inspect`, and change them -using `docker run --env =`. +The environment variables set using `ENV` will persist when a container is run +from the resulting image. You can view the values using `docker inspect`, and +change them using `docker run --env =`. > **Note**: > One example where this can cause unexpected consequenses, is setting -> `ENV DEBIAN_FRONTEND noninteractive`. Which will -> persist when the container is run interactively; for example: -> `docker run -t -i image bash` +> `ENV DEBIAN_FRONTEND noninteractive`. Which will persist when the container +> is run interactively; for example: `docker run -t -i image bash` -## `ADD` +## ADD -> `ADD ` + ADD -The `ADD` instruction will copy new files from -\ and add them to the container’s filesystem at path -``. +The `ADD` instruction will copy new files from `` and add them to the +container's filesystem at path ``. -`` must be the path to a file or directory -relative to the source directory being built (also called the *context* -of the build) or a remote file URL. +`` must be the path to a file or directory relative to the source directory +being built (also called the *context* of the build) or a remote file URL. -`` is the absolute path to which the source -will be copied inside the destination container. +`` is the absolute path to which the source will be copied inside the +destination container. All new files and directories are created with mode 0755, uid and gid 0. @@ -262,79 +240,64 @@ All new files and directories are created with mode 0755, uid and gid 0. The copy obeys the following rules: -- The `` path must be inside the *context* of - the build; you cannot `ADD ../something /something` -, because the first step of a `docker build` - is to send the context directory (and subdirectories) to - the docker daemon. +- The `` path must be inside the *context* of the build; + you cannot `ADD ../something /something`, because the first step of a + `docker build` is to send the context directory (and subdirectories) to the + docker daemon. -- If `` is a URL and `` - does not end with a trailing slash, then a file is - downloaded from the URL and copied to ``. +- If `` is a URL and `` does not end with a trailing slash, then a + file is downloaded from the URL and copied to ``. -- If `` is a URL and `` - does end with a trailing slash, then the filename is - inferred from the URL and the file is downloaded to - `/`. For instance, - `ADD http://example.com/foobar /` would create - the file `/foobar`. The URL must have a - nontrivial path so that an appropriate filename can be discovered in - this case (`http://example.com` will not work). +- If `` is a URL and `` does end with a trailing slash, then the + filename is inferred from the URL and the file is downloaded to + `/`. For instance, `ADD http://example.com/foobar /` would + create the file `/foobar`. The URL must have a nontrivial path so that an + appropriate filename can be discovered in this case (`http://example.com` + will not work). -- If `` is a directory, the entire directory - is copied, including filesystem metadata. +- If `` is a directory, the entire directory is copied, including + filesystem metadata. -- If `` is a *local* tar archive in a - recognized compression format (identity, gzip, bzip2 or xz) then it - is unpacked as a directory. Resources from *remote* URLs are **not** - decompressed. +- If `` is a *local* tar archive in a recognized compression format + (identity, gzip, bzip2 or xz) then it is unpacked as a directory. Resources + from *remote* URLs are **not** decompressed. When a directory is copied or + unpacked, it has the same behavior as `tar -x`: the result is the union of: - When a directory is copied or unpacked, it has the same behavior as - `tar -x`: the result is the union of + 1. whatever existed at the destination path and + 2. the contents of the source tree, with conflicts resolved in favor of + "2." on a file-by-file basis. - 1. whatever existed at the destination path and - 2. the contents of the source tree, +- If `` is any other kind of file, it is copied individually along with + its metadata. In this case, if `` ends with a trailing slash `/`, it + will be considered a directory and the contents of `` will be written + at `/base()`. - with conflicts resolved in favor of "2." on a file-by-file basis. +- If `` does not end with a trailing slash, it will be considered a + regular file and the contents of `` will be written at ``. -- If `` is any other kind of file, it is - copied individually along with its metadata. In this case, if - `` ends with a trailing slash - `/`, it will be considered a directory and the - contents of `` will be written at - `/base()`. +- If `` doesn't exist, it is created along with all missing directories + in its path. -- If `` does not end with a trailing slash, - it will be considered a regular file and the contents of - `` will be written at `` -. - -- If `` doesn’t exist, it is created along - with all missing directories in its path. - -## `ENTRYPOINT` +## ENTRYPOINT ENTRYPOINT has two forms: -- `ENTRYPOINT ["executable", "param1", "param2"]` - (like an *exec*, preferred form) -- `ENTRYPOINT command param1 param2` (as a - *shell*) +- `ENTRYPOINT ["executable", "param1", "param2"]` + (like an *exec*, preferred form) +- `ENTRYPOINT command param1 param2` + (as a *shell*) -There can only be one `ENTRYPOINT` in a Dockerfile. -If you have more than one `ENTRYPOINT`, then only -the last one in the Dockerfile will have an effect. +There can only be one `ENTRYPOINT` in a Dockerfile. If you have more than one +`ENTRYPOINT`, then only the last one in the Dockerfile will have an effect. -An `ENTRYPOINT` helps you to configure a container -that you can run as an executable. That is, when you specify an -`ENTRYPOINT`, then the whole container runs as if it -was just that executable. +An `ENTRYPOINT` helps you to configure a container that you can run as an +executable. That is, when you specify an `ENTRYPOINT`, then the whole container +runs as if it was just that executable. The `ENTRYPOINT` instruction adds an entry command that will **not** be -overwritten when arguments are passed to `docker run`, unlike the -behavior of `CMD`. This allows arguments to be passed to the entrypoint. -i.e. `docker run -d` will pass the "-d" argument to the -ENTRYPOINT. +overwritten when arguments are passed to `docker run`, unlike the behavior +of `CMD`. This allows arguments to be passed to the entrypoint. i.e. +`docker run -d` will pass the "-d" argument to the ENTRYPOINT. You can specify parameters either in the ENTRYPOINT JSON array (as in "like an exec" above), or by using a CMD statement. Parameters in the @@ -342,13 +305,13 @@ ENTRYPOINT will not be overridden by the `docker run` arguments, but parameters specified via CMD will be overridden by `docker run` arguments. -Like a `CMD`, you can specify a plain string for the -ENTRYPOINT and it will execute in `/bin/sh -c`: +Like a `CMD`, you can specify a plain string for the `ENTRYPOINT` and it will +execute in `/bin/sh -c`: FROM ubuntu ENTRYPOINT wc -l - -For example, that Dockerfile’s image will *always* take stdin as input +For example, that Dockerfile's image will *always* take stdin as input ("-") and print the number of lines ("-l"). If you wanted to make this optional but default, you could use a CMD: @@ -356,44 +319,41 @@ optional but default, you could use a CMD: CMD ["-l", "-"] ENTRYPOINT ["/usr/bin/wc"] -## `VOLUME` +## VOLUME -> `VOLUME ["/data"]` + VOLUME ["/data"] -The `VOLUME` instruction will create a mount point -with the specified name and mark it as holding externally mounted -volumes from native host or other containers. For more -information/examples and mounting instructions via docker client, refer -to [*Share Directories via -Volumes*](../../use/working_with_volumes/#volume-def) documentation. +The `VOLUME` instruction will create a mount point with the specified name +and mark it as holding externally mounted volumes from native host or other +containers. For more information/examples and mounting instructions via docker +client, refer to [*Share Directories via Volumes*]( +/use/working_with_volumes/#volume-def) documentation. -## `USER` +## USER -> `USER daemon` + USER daemon -The `USER` instruction sets the username or UID to -use when running the image. +The `USER` instruction sets the username or UID to use when running the image. -## `WORKDIR` +## WORKDIR -> `WORKDIR /path/to/workdir` + WORKDIR /path/to/workdir -The `WORKDIR` instruction sets the working directory -for the `RUN`, `CMD` and +The `WORKDIR` instruction sets the working directory for the `RUN`, `CMD` and `ENTRYPOINT` Dockerfile commands that follow it. It can be used multiple times in the one Dockerfile. If a relative path -is provided, it will be relative to the path of the previous -`WORKDIR` instruction. For example: +is provided, it will be relative to the path of the previous `WORKDIR` +instruction. For example: -> WORKDIR /a WORKDIR b WORKDIR c RUN pwd + WORKDIR /a WORKDIR b WORKDIR c RUN pwd The output of the final `pwd` command in this Dockerfile would be `/a/b/c`. -## `ONBUILD` +## ONBUILD -> `ONBUILD [INSTRUCTION]` + ONBUILD [INSTRUCTION] The `ONBUILD` instruction adds to the image a "trigger" instruction to be executed at a later time, when the image is @@ -410,7 +370,7 @@ daemon which may be customized with user-specific configuration. For example, if your image is a reusable python application builder, it will require application source code to be added in a particular directory, and it might require a build script to be called *after* -that. You can’t just call *ADD* and *RUN* now, because you don’t yet +that. You can't just call *ADD* and *RUN* now, because you don't yet have access to the application source code, and it will be different for each application build. You could simply provide application developers with a boilerplate Dockerfile to copy-paste into their application, but @@ -420,23 +380,23 @@ mixes with application-specific code. The solution is to use *ONBUILD* to register in advance instructions to run later, during the next build stage. -Here’s how it works: +Here's how it works: -1. When it encounters an *ONBUILD* instruction, the builder adds a - trigger to the metadata of the image being built. The instruction - does not otherwise affect the current build. -2. At the end of the build, a list of all triggers is stored in the - image manifest, under the key *OnBuild*. They can be inspected with - *docker inspect*. -3. Later the image may be used as a base for a new build, using the - *FROM* instruction. As part of processing the *FROM* instruction, - the downstream builder looks for *ONBUILD* triggers, and executes - them in the same order they were registered. If any of the triggers - fail, the *FROM* instruction is aborted which in turn causes the - build to fail. If all triggers succeed, the FROM instruction - completes and the build continues as usual. -4. Triggers are cleared from the final image after being executed. In - other words they are not inherited by "grand-children" builds. +1. When it encounters an *ONBUILD* instruction, the builder adds a + trigger to the metadata of the image being built. The instruction + does not otherwise affect the current build. +2. At the end of the build, a list of all triggers is stored in the + image manifest, under the key *OnBuild*. They can be inspected with + *docker inspect*. +3. Later the image may be used as a base for a new build, using the + *FROM* instruction. As part of processing the *FROM* instruction, + the downstream builder looks for *ONBUILD* triggers, and executes + them in the same order they were registered. If any of the triggers + fail, the *FROM* instruction is aborted which in turn causes the + build to fail. If all triggers succeed, the FROM instruction + completes and the build continues as usual. +4. Triggers are cleared from the final image after being executed. In + other words they are not inherited by "grand-children" builds. For example you might add something like this: @@ -445,7 +405,7 @@ For example you might add something like this: ONBUILD RUN /usr/local/bin/python-build --dir /app/src [...] -> **Warning**: Chaining ONBUILD instructions using ONBUILD ONBUILD isn’t allowed. +> **Warning**: Chaining ONBUILD instructions using ONBUILD ONBUILD isn't allowed. > **Warning**: ONBUILD may not trigger FROM or MAINTAINER instructions. diff --git a/docs/sources/reference/builder.rst b/docs/sources/reference/builder.rst deleted file mode 100644 index e8897d1b09..0000000000 --- a/docs/sources/reference/builder.rst +++ /dev/null @@ -1,532 +0,0 @@ -:title: Dockerfile Reference -:description: Dockerfiles use a simple DSL which allows you to automate the steps you would normally manually take to create an image. -:keywords: builder, docker, Dockerfile, automation, image creation - -.. _dockerbuilder: - -==================== -Dockerfile Reference -==================== - -**Docker can act as a builder** and read instructions from a text -``Dockerfile`` to automate the steps you would otherwise take manually -to create an image. Executing ``docker build`` will run your steps and -commit them along the way, giving you a final image. - -.. _dockerfile_usage: - -Usage -===== - -To :ref:`build ` an image from a source repository, create -a description file called ``Dockerfile`` at the root of your -repository. This file will describe the steps to assemble the image. - -Then call ``docker build`` with the path of your source repository as -argument (for example, ``.``): - - ``sudo docker build .`` - -The path to the source repository defines where to find the *context* -of the build. The build is run by the Docker daemon, not by the CLI, -so the whole context must be transferred to the daemon. The Docker CLI -reports "Uploading context" when the context is sent to the daemon. - -You can specify a repository and tag at which to save the new image if the -build succeeds: - - ``sudo docker build -t shykes/myapp .`` - -The Docker daemon will run your steps one-by-one, committing the -result to a new image if necessary, before finally outputting the -ID of your new image. The Docker daemon will automatically clean -up the context you sent. - -Note that each instruction is run independently, and causes a new image -to be created - so ``RUN cd /tmp`` will not have any effect on the next -instructions. - -Whenever possible, Docker will re-use the intermediate images, -accelerating ``docker build`` significantly (indicated by ``Using cache``): - -.. code-block:: bash - - $ docker build -t SvenDowideit/ambassador . - Uploading context 10.24 kB - Uploading context - Step 1 : FROM docker-ut - ---> cbba202fe96b - Step 2 : MAINTAINER SvenDowideit@home.org.au - ---> Using cache - ---> 51182097be13 - Step 3 : CMD env | grep _TCP= | sed 's/.*_PORT_\([0-9]*\)_TCP=tcp:\/\/\(.*\):\(.*\)/socat TCP4-LISTEN:\1,fork,reuseaddr TCP4:\2:\3 \&/' | sh && top - ---> Using cache - ---> 1a5ffc17324d - Successfully built 1a5ffc17324d - -When you're done with your build, you're ready to look into -:ref:`image_push`. - -.. _dockerfile_format: - -Format -====== - -Here is the format of the Dockerfile: - -:: - - # Comment - INSTRUCTION arguments - -The Instruction is not case-sensitive, however convention is for them to be -UPPERCASE in order to distinguish them from arguments more easily. - -Docker evaluates the instructions in a Dockerfile in order. **The -first instruction must be `FROM`** in order to specify the -:ref:`base_image_def` from which you are building. - -Docker will treat lines that *begin* with ``#`` as a comment. A ``#`` -marker anywhere else in the line will be treated as an argument. This -allows statements like: - -:: - - # Comment - RUN echo 'we are running some # of cool things' - -.. _dockerfile_instructions: - - -Here is the set of instructions you can use in a ``Dockerfile`` for -building images. - -.. _dockerfile_from: - -``FROM`` -======== - - ``FROM `` - -Or - - ``FROM :`` - -The ``FROM`` instruction sets the :ref:`base_image_def` for subsequent -instructions. As such, a valid Dockerfile must have ``FROM`` as its -first instruction. The image can be any valid image -- it is -especially easy to start by **pulling an image** from the -:ref:`using_public_repositories`. - -``FROM`` must be the first non-comment instruction in the -``Dockerfile``. - -``FROM`` can appear multiple times within a single Dockerfile in order -to create multiple images. Simply make a note of the last image id -output by the commit before each new ``FROM`` command. - -If no ``tag`` is given to the ``FROM`` instruction, ``latest`` is -assumed. If the used tag does not exist, an error will be returned. - -.. _dockerfile_maintainer: - -``MAINTAINER`` -============== - - ``MAINTAINER `` - -The ``MAINTAINER`` instruction allows you to set the *Author* field of -the generated images. - -.. _dockerfile_run: - -``RUN`` -======= - -RUN has 2 forms: - -* ``RUN `` (the command is run in a shell - ``/bin/sh -c``) -* ``RUN ["executable", "param1", "param2"]`` (*exec* form) - -The ``RUN`` instruction will execute any commands in a new layer on top -of the current image and commit the results. The resulting committed image -will be used for the next step in the Dockerfile. - -Layering ``RUN`` instructions and generating commits conforms to the -core concepts of Docker where commits are cheap and containers can be -created from any point in an image's history, much like source -control. - -The *exec* form makes it possible to avoid shell string munging, and to ``RUN`` -commands using a base image that does not contain ``/bin/sh``. - -Known Issues (RUN) -.................. - -* :issue:`783` is about file permissions problems that can occur when - using the AUFS file system. You might notice it during an attempt to - ``rm`` a file, for example. The issue describes a workaround. -* :issue:`2424` Locale will not be set automatically. - -.. _dockerfile_cmd: - -``CMD`` -======= - -CMD has three forms: - -* ``CMD ["executable","param1","param2"]`` (like an *exec*, preferred form) -* ``CMD ["param1","param2"]`` (as *default parameters to ENTRYPOINT*) -* ``CMD command param1 param2`` (as a *shell*) - -There can only be one CMD in a Dockerfile. If you list more than one -CMD then only the last CMD will take effect. - -**The main purpose of a CMD is to provide defaults for an executing -container.** These defaults can include an executable, or they can -omit the executable, in which case you must specify an ENTRYPOINT as -well. - -When used in the shell or exec formats, the ``CMD`` instruction sets -the command to be executed when running the image. - -If you use the *shell* form of the CMD, then the ```` will -execute in ``/bin/sh -c``: - -.. code-block:: bash - - FROM ubuntu - CMD echo "This is a test." | wc - - -If you want to **run your** ```` **without a shell** then you -must express the command as a JSON array and give the full path to the -executable. **This array form is the preferred format of CMD.** Any -additional parameters must be individually expressed as strings in the -array: - -.. code-block:: bash - - FROM ubuntu - CMD ["/usr/bin/wc","--help"] - -If you would like your container to run the same executable every -time, then you should consider using ``ENTRYPOINT`` in combination -with ``CMD``. See :ref:`dockerfile_entrypoint`. - -If the user specifies arguments to ``docker run`` then they will -override the default specified in CMD. - -.. note:: - Don't confuse ``RUN`` with ``CMD``. ``RUN`` actually runs a - command and commits the result; ``CMD`` does not execute anything at - build time, but specifies the intended command for the image. - -.. _dockerfile_expose: - -``EXPOSE`` -========== - - ``EXPOSE [...]`` - -The ``EXPOSE`` instructions informs Docker that the container will listen -on the specified network ports at runtime. Docker uses this information -to interconnect containers using links (see :ref:`links `), -and to setup port redirection on the host system (see :ref:`port_redirection`). - -.. _dockerfile_env: - -``ENV`` -======= - - ``ENV `` - -The ``ENV`` instruction sets the environment variable ```` to the -value ````. This value will be passed to all future ``RUN`` -instructions. This is functionally equivalent to prefixing the command -with ``=`` - -The environment variables set using ``ENV`` will persist when a container is run -from the resulting image. You can view the values using ``docker inspect``, and change them using ``docker run --env =``. - -.. note:: - One example where this can cause unexpected consequenses, is setting - ``ENV DEBIAN_FRONTEND noninteractive``. - Which will persist when the container is run interactively; for example: - ``docker run -t -i image bash`` - -.. _dockerfile_add: - -``ADD`` -======= - - ``ADD `` - -The ``ADD`` instruction will copy new files from and add them to -the container's filesystem at path ````. - -```` must be the path to a file or directory relative to the -source directory being built (also called the *context* of the build) or -a remote file URL. - -```` is the absolute path to which the source will be copied inside the -destination container. - -All new files and directories are created with mode 0755, uid and gid -0. - -.. note:: - if you build using STDIN (``docker build - < somefile``), there is no build - context, so the Dockerfile can only contain an URL based ADD statement. - -.. note:: - if your URL files are protected using authentication, you will need to use - an ``RUN wget`` , ``RUN curl`` or other tool from within the container as - ADD does not support authentication. - -The copy obeys the following rules: - -* The ```` path must be inside the *context* of the build; you cannot - ``ADD ../something /something``, because the first step of a - ``docker build`` is to send the context directory (and subdirectories) to - the docker daemon. -* If ```` is a URL and ```` does not end with a trailing slash, - then a file is downloaded from the URL and copied to ````. -* If ```` is a URL and ```` does end with a trailing slash, - then the filename is inferred from the URL and the file is downloaded to - ``/``. For instance, ``ADD http://example.com/foobar /`` - would create the file ``/foobar``. The URL must have a nontrivial path - so that an appropriate filename can be discovered in this case - (``http://example.com`` will not work). -* If ```` is a directory, the entire directory is copied, - including filesystem metadata. -* If ```` is a *local* tar archive in a recognized compression - format (identity, gzip, bzip2 or xz) then it is unpacked as a - directory. Resources from *remote* URLs are **not** decompressed. - - When a directory is copied or unpacked, it has the same behavior as - ``tar -x``: the result is the union of - - 1. whatever existed at the destination path and - 2. the contents of the source tree, - - with conflicts resolved in favor of "2." on a file-by-file basis. - -* If ```` is any other kind of file, it is copied individually - along with its metadata. In this case, if ```` ends with a - trailing slash ``/``, it will be considered a directory and the - contents of ```` will be written at ``/base()``. -* If ```` does not end with a trailing slash, it will be - considered a regular file and the contents of ```` will be - written at ````. -* If ```` doesn't exist, it is created along with all missing - directories in its path. - -.. _dockerfile_entrypoint: - -``ENTRYPOINT`` -============== - -ENTRYPOINT has two forms: - -* ``ENTRYPOINT ["executable", "param1", "param2"]`` (like an *exec*, - preferred form) -* ``ENTRYPOINT command param1 param2`` (as a *shell*) - -There can only be one ``ENTRYPOINT`` in a Dockerfile. If you have more -than one ``ENTRYPOINT``, then only the last one in the Dockerfile will -have an effect. - -An ``ENTRYPOINT`` helps you to configure a container that you can run -as an executable. That is, when you specify an ``ENTRYPOINT``, then -the whole container runs as if it was just that executable. - -The ``ENTRYPOINT`` instruction adds an entry command that will **not** -be overwritten when arguments are passed to ``docker run``, unlike the -behavior of ``CMD``. This allows arguments to be passed to the -entrypoint. i.e. ``docker run -d`` will pass the "-d" -argument to the ENTRYPOINT. - -You can specify parameters either in the ENTRYPOINT JSON array (as in -"like an exec" above), or by using a CMD statement. Parameters in the -ENTRYPOINT will not be overridden by the ``docker run`` arguments, but -parameters specified via CMD will be overridden by ``docker run`` -arguments. - -Like a ``CMD``, you can specify a plain string for the ENTRYPOINT and -it will execute in ``/bin/sh -c``: - -.. code-block:: bash - - FROM ubuntu - ENTRYPOINT wc -l - - -For example, that Dockerfile's image will *always* take stdin as input -("-") and print the number of lines ("-l"). If you wanted to make -this optional but default, you could use a CMD: - -.. code-block:: bash - - FROM ubuntu - CMD ["-l", "-"] - ENTRYPOINT ["/usr/bin/wc"] - -.. _dockerfile_volume: - -``VOLUME`` -========== - - ``VOLUME ["/data"]`` - -The ``VOLUME`` instruction will create a mount point with the specified name and mark it -as holding externally mounted volumes from native host or other containers. For more information/examples -and mounting instructions via docker client, refer to :ref:`volume_def` documentation. - -.. _dockerfile_user: - -``USER`` -======== - - ``USER daemon`` - -The ``USER`` instruction sets the username or UID to use when running -the image. - -.. _dockerfile_workdir: - -``WORKDIR`` -=========== - - ``WORKDIR /path/to/workdir`` - -The ``WORKDIR`` instruction sets the working directory for the ``RUN``, ``CMD`` and -``ENTRYPOINT`` Dockerfile commands that follow it. - -It can be used multiple times in the one Dockerfile. If a relative path is -provided, it will be relative to the path of the previous ``WORKDIR`` -instruction. For example: - - WORKDIR /a - WORKDIR b - WORKDIR c - RUN pwd - -The output of the final ``pwd`` command in this Dockerfile would be ``/a/b/c``. - -``ONBUILD`` -=========== - - ``ONBUILD [INSTRUCTION]`` - -The ``ONBUILD`` instruction adds to the image a "trigger" instruction to be -executed at a later time, when the image is used as the base for another build. -The trigger will be executed in the context of the downstream build, as if it -had been inserted immediately after the *FROM* instruction in the downstream -Dockerfile. - -Any build instruction can be registered as a trigger. - -This is useful if you are building an image which will be used as a base to build -other images, for example an application build environment or a daemon which may be -customized with user-specific configuration. - -For example, if your image is a reusable python application builder, it will require -application source code to be added in a particular directory, and it might require -a build script to be called *after* that. You can't just call *ADD* and *RUN* now, -because you don't yet have access to the application source code, and it will be -different for each application build. You could simply provide application developers -with a boilerplate Dockerfile to copy-paste into their application, but that is -inefficient, error-prone and difficult to update because it mixes with -application-specific code. - -The solution is to use *ONBUILD* to register in advance instructions to run later, -during the next build stage. - -Here's how it works: - -1. When it encounters an *ONBUILD* instruction, the builder adds a trigger to - the metadata of the image being built. - The instruction does not otherwise affect the current build. - -2. At the end of the build, a list of all triggers is stored in the image manifest, - under the key *OnBuild*. They can be inspected with *docker inspect*. - -3. Later the image may be used as a base for a new build, using the *FROM* instruction. - As part of processing the *FROM* instruction, the downstream builder looks for *ONBUILD* - triggers, and executes them in the same order they were registered. If any of the - triggers fail, the *FROM* instruction is aborted which in turn causes the build - to fail. If all triggers succeed, the FROM instruction completes and the build - continues as usual. - -4. Triggers are cleared from the final image after being executed. In other words - they are not inherited by "grand-children" builds. - -For example you might add something like this: - -.. code-block:: bash - - [...] - ONBUILD ADD . /app/src - ONBUILD RUN /usr/local/bin/python-build --dir /app/src - [...] - -.. warning:: Chaining ONBUILD instructions using `ONBUILD ONBUILD` isn't allowed. -.. warning:: ONBUILD may not trigger FROM or MAINTAINER instructions. - -.. _dockerfile_examples: - -Dockerfile Examples -====================== - -.. code-block:: bash - - # Nginx - # - # VERSION 0.0.1 - - FROM ubuntu - MAINTAINER Guillaume J. Charmes - - # make sure the package repository is up to date - RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list - RUN apt-get update - - RUN apt-get install -y inotify-tools nginx apache2 openssh-server - -.. code-block:: bash - - # Firefox over VNC - # - # VERSION 0.3 - - FROM ubuntu - # make sure the package repository is up to date - RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list - RUN apt-get update - - # Install vnc, xvfb in order to create a 'fake' display and firefox - RUN apt-get install -y x11vnc xvfb firefox - RUN mkdir /.vnc - # Setup a password - RUN x11vnc -storepasswd 1234 ~/.vnc/passwd - # Autostart firefox (might not be the best way, but it does the trick) - RUN bash -c 'echo "firefox" >> /.bashrc' - - EXPOSE 5900 - CMD ["x11vnc", "-forever", "-usepw", "-create"] - -.. code-block:: bash - - # Multiple images example - # - # VERSION 0.1 - - FROM ubuntu - RUN echo foo > bar - # Will output something like ===> 907ad6c2736f - - FROM ubuntu - RUN echo moo > oink - # Will output something like ===> 695d7793cbe4 - - # You'll now have two images, 907ad6c2736f with /bar, and 695d7793cbe4 with - # /oink. diff --git a/docs/sources/reference/commandline.md b/docs/sources/reference/commandline.md deleted file mode 100644 index 8620a095b9..0000000000 --- a/docs/sources/reference/commandline.md +++ /dev/null @@ -1,7 +0,0 @@ - -# Commands - -## Contents: - -- [Command Line](cli/) - diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index e0d896755b..8e0507cbf8 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -4,12 +4,12 @@ page_keywords: Docker, Docker documentation, CLI, command line # Command Line -To list available commands, either run `docker` with -no parameters or execute `docker help`: +To list available commands, either run `docker` with no parameters +or execute `docker help`: $ sudo docker Usage: docker [OPTIONS] COMMAND [arg...] - -H=[unix:///var/run/docker.sock]: tcp://[host]:port to bind/connect to or unix://[/path/to/socket] to use. When host=[127.0.0.1] is omitted for tcp or path=[/var/run/docker.sock] is omitted for unix sockets, default values are used. + -H, --host=[]: The socket(s) to bind to in daemon mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. A self-sufficient runtime for linux containers. @@ -33,15 +33,13 @@ will set the value to the opposite of the default value. ### Multi -Options like `-a=[]` indicate they can be specified -multiple times: +Options like `-a=[]` indicate they can be specified multiple times: - docker run -a stdin -a stdout -a stderr -i -t ubuntu /bin/bash + $ docker run -a stdin -a stdout -a stderr -i -t ubuntu /bin/bash -Sometimes this can use a more complex value string, as for -`-v`: +Sometimes this can use a more complex value string, as for `-v`: - docker run -v /host:/container example/mysql + $ docker run -v /host:/container example/mysql ### Strings and Integers @@ -49,11 +47,12 @@ Options like `--name=""` expect a string, and they can only be specified once. Options like `-c=0` expect an integer, and they can only be specified once. -## `daemon` +## daemon Usage of docker: + -D, --debug=false: Enable debug mode - -H, --host=[]: Multiple tcp://host:port or unix://path/to/socket to bind in daemon mode, single connection otherwise. systemd socket activation can be used with fd://[socketfd]. + -H, --host=[]: The socket(s) to bind to in daemon mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. -G, --group="docker": Group to assign the unix socket specified by -H when running in daemon mode; use '' (the empty string) to disable setting of a group --api-enable-cors=false: Enable CORS headers in the remote API -b, --bridge="": Attach containers to a pre-existing network bridge; use 'none' to disable container networking @@ -61,6 +60,7 @@ expect an integer, and they can only be specified once. -d, --daemon=false: Enable daemon mode --dns=[]: Force docker to use specific DNS servers --dns-search=[]: Force Docker to use specific DNS search domains + --enable-selinux=false: Enable selinux support for running containers -g, --graph="/var/lib/docker": Path to use as the root of the docker runtime --icc=true: Enable inter-container communication --ip="0.0.0.0": Default IP address to use when binding container ports @@ -78,6 +78,8 @@ expect an integer, and they can only be specified once. --tlsverify=false: Use TLS and verify the remote (daemon: verify client, client: verify daemon) --mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available + Options with [] may be specified multiple times. + The Docker daemon is the persistent process that manages containers. Docker uses the same binary for both the daemon and client. To run the daemon you provide the `-d` flag. @@ -95,42 +97,41 @@ To run the daemon with debug output, use `docker -d -D`. To use lxc as the execution driver, use `docker -d -e lxc`. -The docker client will also honor the `DOCKER_HOST` -environment variable to set the `-H` flag for the -client. +The docker client will also honor the `DOCKER_HOST` environment variable to set +the `-H` flag for the client. - docker -H tcp://0.0.0.0:4243 ps + $ docker -H tcp://0.0.0.0:4243 ps # or - export DOCKER_HOST="tcp://0.0.0.0:4243" - docker ps + $ export DOCKER_HOST="tcp://0.0.0.0:4243" + $ docker ps # both are equal -To run the daemon with [systemd socket -activation](http://0pointer.de/blog/projects/socket-activation.html), -use `docker -d -H fd://`. Using `fd://` -will work perfectly for most setups but you can also specify -individual sockets too `docker -d -H fd://3`. If the -specified socket activated files aren’t found then docker will exit. You +To run the daemon with [systemd socket activation]( +http://0pointer.de/blog/projects/socket-activation.html), use +`docker -d -H fd://`. Using `fd://` will work perfectly for most setups but +you can also specify individual sockets too `docker -d -H fd://3`. If the +specified socket activated files aren't found then docker will exit. You can find examples of using systemd socket activation with docker and -systemd in the [docker source -tree](https://github.com/dotcloud/docker/blob/master/contrib/init/systemd/socket-activation/). +systemd in the [docker source tree]( +https://github.com/dotcloud/docker/blob/master/contrib/init/systemd/socket-activation/). Docker supports softlinks for the Docker data directory -(`/var/lib/docker`) and for `/tmp`. TMPDIR and the data directory can be set like this: +(`/var/lib/docker`) and for `/tmp`. TMPDIR and the data directory can be set +like this: TMPDIR=/mnt/disk2/tmp /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 # or export TMPDIR=/mnt/disk2/tmp /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 -## `attach` +## attach + +Attach to a running container. Usage: docker attach CONTAINER - Attach to a running container. - - --no-stdin=false: Do not attach stdin - --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) + --no-stdin=false: Do not attach stdin + --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) The `attach` command will allow you to view or interact with any running container, detached (`-d`) @@ -141,7 +142,7 @@ progress of your daemonized process. You can detach from the container again (and leave it running) with `CTRL-C` (for a quiet exit) or `CTRL-\` to get a stacktrace of the Docker client when it quits. When -you detach from the container’s process the exit code will be returned +you detach from the container's process the exit code will be returned to the client. To stop a container, use `docker stop`. @@ -182,36 +183,36 @@ To kill the container, use `docker kill`. ^C$ $ sudo docker stop $ID -## `build` +## build + +Build a new container image from the source code at PATH Usage: docker build [OPTIONS] PATH | URL | - - Build a new container image from the source code at PATH - -t, --tag="": Repository name (and optionally a tag) to be applied - to the resulting image in case of success. - -q, --quiet=false: Suppress the verbose output generated by the containers. - --no-cache: Do not use the cache when building the image. - --rm=true: Remove intermediate containers after a successful build -Use this command to build Docker images from a `Dockerfile` + -t, --tag="": Repository name (and optionally a tag) to be applied + to the resulting image in case of success. + -q, --quiet=false: Suppress the verbose output generated by the containers. + --no-cache: Do not use the cache when building the image. + --rm=true: Remove intermediate containers after a successful build + +Use this command to build Docker images from a Dockerfile and a "context". -The files at `PATH` or `URL` are -called the "context" of the build. The build process may refer to any of -the files in the context, for example when using an -[*ADD*](../../builder/#dockerfile-add) instruction. When a single -`Dockerfile` is given as `URL`, -then no context is set. +The files at `PATH` or `URL` are called the "context" of the build. The build +process may refer to any of the files in the context, for example when using an +[*ADD*](/reference/builder/#dockerfile-add) instruction. When a single Dockerfile is +given as `URL`, then no context is set. When a Git repository is set as `URL`, then the repository is used as the context. The Git repository is cloned with its submodules (git clone –recursive). A fresh git clone occurs in a temporary directory on your local host, and then this is sent to the Docker daemon as the context. This way, your local user credentials and -vpn’s etc can be used to access private repositories +vpn's etc can be used to access private repositories -See also +See also: -[*Dockerfile Reference*](../../builder/#dockerbuilder). +[*Dockerfile Reference*](/reference/builder/#dockerbuilder). ### Examples: @@ -243,14 +244,14 @@ See also This example specifies that the `PATH` is `.`, and so all the files in the local directory get -tar’d and sent to the Docker daemon. The `PATH` +`tar`d and sent to the Docker daemon. The `PATH` specifies where to find the files for the "context" of the build on the Docker daemon. Remember that the daemon could be running on a remote -machine and that no parsing of the `Dockerfile` -happens at the client side (where you’re running +machine and that no parsing of the Dockerfile +happens at the client side (where you're running `docker build`). That means that *all* the files at `PATH` get sent, not just the ones listed to -[*ADD*](../../builder/#dockerfile-add) in the `Dockerfile`. +[*ADD*](/reference/builder/#dockerfile-add) in the Dockerfile. The transfer of context from the local machine to the Docker daemon is what the `docker` client means when you see the @@ -268,30 +269,30 @@ and the tag will be `2.0` $ sudo docker build - < Dockerfile -This will read a `Dockerfile` from *stdin* without +This will read a Dockerfile from *stdin* without context. Due to the lack of a context, no contents of any local directory will be sent to the `docker` daemon. Since -there is no context, a `Dockerfile` `ADD` +there is no context, a Dockerfile `ADD` only works if it refers to a remote URL. $ sudo docker build github.com/creack/docker-firefox This will clone the GitHub repository and use the cloned repository as -context. The `Dockerfile` at the root of the -repository is used as `Dockerfile`. Note that you +context. The Dockerfile at the root of the +repository is used as Dockerfile. Note that you can specify an arbitrary Git repository by using the `git://` schema. -## `commit` +## commit + +Create a new image from a container᾿s changes Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]] - Create a new image from a container᾿s changes + -m, --message="": Commit message + -a, --author="": Author (eg. "John Hannibal Smith " - -m, --message="": Commit message - -a, --author="": Author (eg. "John Hannibal Smith " - -It can be useful to commit a container’s file changes or settings into a +It can be useful to commit a container's file changes or settings into a new image. This allows you debug a container by running an interactive shell, or to export a working dataset to another server. Generally, it is better to use Dockerfiles to manage your images in a documented and @@ -309,27 +310,27 @@ maintainable way. REPOSITORY TAG ID CREATED VIRTUAL SIZE SvenDowideit/testimage version3 f5283438590d 16 seconds ago 335.7 MB -## `cp` +## cp + +Copy files/folders from the containers filesystem to the host +path. Paths are relative to the root of the filesystem. Usage: docker cp CONTAINER:PATH HOSTPATH - Copy files/folders from the containers filesystem to the host - path. Paths are relative to the root of the filesystem. - $ sudo docker cp 7bb0e258aefe:/etc/debian_version . $ sudo docker cp blue_frog:/etc/hosts . -## `diff` +## diff + +List the changed files and directories in a container᾿s filesystem Usage: docker diff CONTAINER - List the changed files and directories in a container᾿s filesystem +There are 3 events that are listed in the `diff`: -There are 3 events that are listed in the ‘diff’: - -1. `` `A` `` - Add -2. `` `D` `` - Delete -3. `` `C` `` - Change +1. `A` - Add +2. `D` - Delete +3. `C` - Change For example: @@ -347,12 +348,12 @@ For example: A /go/src/github.com/dotcloud/docker/.git .... -## `events` +## events + +Get real time events from the server Usage: docker events - Get real time events from the server - --since="": Show all events created since timestamp (either seconds since epoch, or date string as below) --until="": Show events created before timestamp @@ -360,24 +361,24 @@ For example: ### Examples -You’ll need two shells for this example. +You'll need two shells for this example. -#### Shell 1: Listening for events +**Shell 1: Listening for events:** $ sudo docker events -#### Shell 2: Start and Stop a Container +**Shell 2: Start and Stop a Container:** $ sudo docker start 4386fb97867d $ sudo docker stop 4386fb97867d -#### Shell 1: (Again .. now showing events) +**Shell 1: (Again .. now showing events):** [2013-09-03 15:49:26 +0200 CEST] 4386fb97867d: (from 12de384bfb10) start [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop -#### Show events in the past from a specified time +**Show events in the past from a specified time:** $ sudo docker events --since 1378216169 [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die @@ -392,24 +393,24 @@ You’ll need two shells for this example. [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop -## `export` +## export + +Export the contents of a filesystem as a tar archive to STDOUT Usage: docker export CONTAINER - Export the contents of a filesystem as a tar archive to STDOUT - For example: $ sudo docker export red_panda > latest.tar -## `history` +## history + +Show the history of an image Usage: docker history [OPTIONS] IMAGE - Show the history of an image - - --no-trunc=false: Don᾿t truncate output - -q, --quiet=false: Only show numeric IDs + --no-trunc=false: Don᾿t truncate output + -q, --quiet=false: Only show numeric IDs To see how the `docker:latest` image was built: @@ -422,15 +423,15 @@ To see how the `docker:latest` image was built: 750d58736b4b6cc0f9a9abe8f258cef269e3e9dceced1146503522be9f985ada 6 weeks ago /bin/sh -c #(nop) MAINTAINER Tianon Gravi - mkimage-debootstrap.sh -t jessie.tar.xz jessie http://http.debian.net/debian 0 B 511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158 9 months ago 0 B -## `images` +## images + +List images Usage: docker images [OPTIONS] [NAME] - List images - - -a, --all=false: Show all images (by default filter out the intermediate image layers) - --no-trunc=false: Don᾿t truncate output - -q, --quiet=false: Only show numeric IDs + -a, --all=false: Show all images (by default filter out the intermediate image layers) + --no-trunc=false: Don᾿t truncate output + -q, --quiet=false: Only show numeric IDs The default `docker images` will show all top level images, their repository and tags, and their virtual size. @@ -447,7 +448,7 @@ by default. 77af4d6b9913 19 hours ago 1.089 GB committest latest b6fa739cedf5 19 hours ago 1.089 GB 78a85c484f71 19 hours ago 1.089 GB - docker latest 30557a29d5ab 20 hours ago 1.089 GB + $ docker latest 30557a29d5ab 20 hours ago 1.089 GB 0124422dd9f9 20 hours ago 1.089 GB 18ad6fad3402 22 hours ago 1.082 GB f9f1e26352f0 23 hours ago 1.089 GB @@ -461,14 +462,14 @@ by default. 77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182 19 hours ago 1.089 GB committest latest b6fa739cedf5ea12a620a439402b6004d057da800f91c7524b5086a5e4749c9f 19 hours ago 1.089 GB 78a85c484f71509adeaace20e72e941f6bdd2b25b4c75da8693efd9f61a37921 19 hours ago 1.089 GB - docker latest 30557a29d5abc51e5f1d5b472e79b7e296f595abcf19fe6b9199dbbc809c6ff4 20 hours ago 1.089 GB + $ docker latest 30557a29d5abc51e5f1d5b472e79b7e296f595abcf19fe6b9199dbbc809c6ff4 20 hours ago 1.089 GB 0124422dd9f9cf7ef15c0617cda3931ee68346455441d66ab8bdc5b05e9fdce5 20 hours ago 1.089 GB 18ad6fad340262ac2a636efd98a6d1f0ea775ae3d45240d3418466495a19a81b 22 hours ago 1.082 GB f9f1e26352f0a3ba6a0ff68167559f64f3e21ff7ada60366e2d44a04befd1d3a 23 hours ago 1.089 GB tryout latest 2629d1fa0b81b222fca63371ca16cbf6a0772d07759ff80e8d1369b926940074 23 hours ago 131.5 MB 5ed6274db6ceb2397844896966ea239290555e74ef307030ebb01ff91b1914df 24 hours ago 1.089 GB -## `import` +## import Usage: docker import URL|- [REPOSITORY[:TAG]] @@ -483,33 +484,33 @@ data from *stdin*. ### Examples -#### Import from a remote location +**Import from a remote location:** This will create a new untagged image. $ sudo docker import http://example.com/exampleimage.tgz -#### Import from a local file +**Import from a local file:** Import to docker via pipe and *stdin*. $ cat exampleimage.tgz | sudo docker import - exampleimagelocal:new -#### Import from a local directory +**Import from a local directory:** - $ sudo tar -c . | docker import - exampleimagedir + $ sudo tar -c . | sudo docker import - exampleimagedir Note the `sudo` in this example – you must preserve the ownership of the files (especially root ownership) during the archiving with tar. If you are not root (or the sudo command) when you tar, then the ownerships might not get preserved. -## `info` +## info + +Display system-wide information. Usage: docker info - Display system-wide information. - $ sudo docker info Containers: 292 Images: 194 @@ -522,44 +523,43 @@ tar, then the ownerships might not get preserved. Kernel Version: 3.8.0-33-generic WARNING: No swap limit support -When sending issue reports, please use `docker version` -and `docker info` to ensure we know how -your setup is configured. +When sending issue reports, please use `docker version` and `docker info` to +ensure we know how your setup is configured. -## `inspect` +## inspect + +Return low-level information on a container/image Usage: docker inspect CONTAINER|IMAGE [CONTAINER|IMAGE...] - Return low-level information on a container/image - - -f, --format="": Format the output using the given go template. + -f, --format="": Format the output using the given go template. By default, this will render all results in a JSON array. If a format is specified, the given template will be executed for each result. -Go’s [text/template](http://golang.org/pkg/text/template/) package +Go's [text/template](http://golang.org/pkg/text/template/) package describes all the details of the format. ### Examples -#### Get an instance’s IP Address +**Get an instance'sIP Address:** For the most part, you can pick out any field from the JSON in a fairly straightforward manner. $ sudo docker inspect --format='{{.NetworkSettings.IPAddress}}' $INSTANCE_ID -#### List All Port Bindings +**List All Port Bindings:** One can loop over arrays and maps in the results to produce simple text output: $ sudo docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID -#### Find a Specific Port Mapping +**Find a Specific Port Mapping:** -The `.Field` syntax doesn’t work when the field name -begins with a number, but the template language’s `index` +The `.Field` syntax doesn't work when the field name +begins with a number, but the template language's `index` function does. The `.NetworkSettings.Ports` section contains a map of the internal port mappings to a list of external address/port objects, so to grab just the numeric public @@ -570,43 +570,43 @@ the public address. $ sudo docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID -#### Get config +**Get config:** -The `.Field` syntax doesn’t work when the field -contains JSON data, but the template language’s custom `json` +The `.Field` syntax doesn't work when the field +contains JSON data, but the template language's custom `json` function does. The `.config` section contains complex json object, so to grab it as JSON, you use `json` to convert config object into JSON $ sudo docker inspect --format='{{json .config}}' $INSTANCE_ID -## `kill` +## kill + +Kill a running container (send SIGKILL, or specified signal) Usage: docker kill [OPTIONS] CONTAINER [CONTAINER...] - Kill a running container (send SIGKILL, or specified signal) - - -s, --signal="KILL": Signal to send to the container + -s, --signal="KILL": Signal to send to the container The main process inside the container will be sent SIGKILL, or any signal specified with option `--signal`. ### Known Issues (kill) -- [Issue 197](https://github.com/dotcloud/docker/issues/197) indicates - that `docker kill` may leave directories behind - and make it difficult to remove the container. -- [Issue 3844](https://github.com/dotcloud/docker/issues/3844) lxc - 1.0.0 beta3 removed `lcx-kill` which is used by - Docker versions before 0.8.0; see the issue for a workaround. +- [Issue 197](https://github.com/dotcloud/docker/issues/197) indicates + that `docker kill` may leave directories behind + and make it difficult to remove the container. +- [Issue 3844](https://github.com/dotcloud/docker/issues/3844) lxc + 1.0.0 beta3 removed `lcx-kill` which is used by + Docker versions before 0.8.0; see the issue for a workaround. -## `load` +## load + +Load an image from a tar archive on STDIN Usage: docker load - Load an image from a tar archive on STDIN - - -i, --input="": Read from a tar archive file, instead of STDIN + -i, --input="": Read from a tar archive file, instead of STDIN Loads a tarred repository from a file or the standard input stream. Restores both images and tags. @@ -626,57 +626,58 @@ Restores both images and tags. fedora heisenbug 58394af37342 7 weeks ago 385.5 MB fedora latest 58394af37342 7 weeks ago 385.5 MB -## `login` +## login + +Register or Login to the docker registry server Usage: docker login [OPTIONS] [SERVER] - Register or Login to the docker registry server - -e, --email="": Email -p, --password="": Password -u, --username="": Username - If you want to login to a private registry you can - specify this by adding the server name. +If you want to login to a private registry you can +specify this by adding the server name. example: - docker login localhost:8080 + $ docker login localhost:8080 -## `logs` +## logs + +Fetch the logs of a container Usage: docker logs [OPTIONS] CONTAINER - Fetch the logs of a container - -f, --follow=false: Follow log output + -t, --timestamps=false: Show timestamps The `docker logs` command batch-retrieves all logs present at the time of execution. -The `docker logs --follow` command combines `docker logs` and `docker -attach`: it will first return all logs from the beginning and then -continue streaming new output from the container’s stdout and stderr. +The ``docker logs --follow`` command will first return all logs from the +beginning and then continue streaming new output from the container's stdout +and stderr. -## `port` +## port Usage: docker port [OPTIONS] CONTAINER PRIVATE_PORT - Lookup the public-facing port which is NAT-ed to PRIVATE_PORT +Lookup the public-facing port which is NAT-ed to PRIVATE_PORT -## `ps` +## ps + +List containers Usage: docker ps [OPTIONS] - List containers - - -a, --all=false: Show all containers. Only running containers are shown by default. - --before="": Show only container created before Id or Name, include non-running ones. - -l, --latest=false: Show only the latest created container, include non-running ones. - -n=-1: Show n last created containers, include non-running ones. - --no-trunc=false: Don᾿t truncate output - -q, --quiet=false: Only display numeric IDs - -s, --size=false: Display sizes, not to be used with -q - --since="": Show only containers created since Id or Name, include non-running ones. + -a, --all=false: Show all containers. Only running containers are shown by default. + --before="": Show only container created before Id or Name, include non-running ones. + -l, --latest=false: Show only the latest created container, include non-running ones. + -n=-1: Show n last created containers, include non-running ones. + --no-trunc=false: Don᾿t truncate output + -q, --quiet=false: Only display numeric IDs + -s, --size=false: Display sizes, not to be used with -q + --since="": Show only containers created since Id or Name, include non-running ones. Running `docker ps` showing 2 linked containers. @@ -685,21 +686,20 @@ Running `docker ps` showing 2 linked containers. 4c01db0b339c ubuntu:12.04 bash 17 seconds ago Up 16 seconds webapp d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db -`docker ps` will show only running containers by -default. To see all containers: `docker ps -a` +`docker ps` will show only running containers by default. To see all containers: +`docker ps -a` -## `pull` +## pull + +Pull an image or a repository from the registry Usage: docker pull NAME[:TAG] - Pull an image or a repository from the registry - Most of your images will be created on top of a base image from the -\([https://index.docker.io](https://index.docker.io)). +[Docker.io](https://index.docker.io) registry. -The Docker Index contains many pre-built images that you can -`pull` and try without needing to define and -configure your own. +[Docker.io](https://index.docker.io) contains many pre-built images that you +can `pull` and try without needing to define and configure your own. To download a particular image, or set of images (i.e., a repository), use `docker pull`: @@ -711,31 +711,32 @@ use `docker pull`: # it is based on. (typically the empty `scratch` image, a MAINTAINERs layer, # and the un-tared base. -## `push` +## push + +Push an image or a repository to the registry Usage: docker push NAME[:TAG] - Push an image or a repository to the registry - Use `docker push` to share your images on public or private registries. -## `restart` +## restart + +Restart a running container Usage: docker restart [OPTIONS] NAME - Restart a running container + -t, --time=10: Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default=10 - -t, --time=10: Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default=10 +## rm -## `rm` +Remove one or more containers Usage: docker rm [OPTIONS] CONTAINER - Remove one or more containers - -l, --link="": Remove the link instead of the actual container - -f, --force=false: Force removal of running container - -v, --volumes=false: Remove the volumes associated to the container + -l, --link="": Remove the link instead of the actual container + -f, --force=false: Force removal of running container + -v, --volumes=false: Remove the volumes associated to the container ### Known Issues (rm) @@ -765,18 +766,18 @@ This command will delete all stopped containers. The command IDs and pass them to the `rm` command which will delete them. Any running containers will not be deleted. -## `rmi` +## rmi + +Remove one or more images Usage: docker rmi IMAGE [IMAGE...] - Remove one or more images - - -f, --force=false: Force - --no-prune=false: Do not delete untagged parents + -f, --force=false: Force + --no-prune=false: Do not delete untagged parents ### Removing tagged images -Images can be removed either by their short or long ID’s, or their image +Images can be removed either by their short or long ID`s, or their image names. If an image has more than one name, each of them needs to be removed before the image is removed. @@ -797,91 +798,90 @@ removed before the image is removed. $ sudo docker images REPOSITORY TAG IMAGE ID CREATED SIZE - test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) + test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) $ sudo docker rmi test Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 -## `run` +## run + +Run a command in a new container Usage: docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] - Run a command in a new container + -a, --attach=[] Attach to stdin, stdout or stderr. + -c, --cpu-shares=0 CPU shares (relative weight) + --cidfile="" Write the container ID to the file + -d, --detach=false Detached mode: Run container in the background, print new container id + --dns=[] Set custom dns servers + --dns-search=[] Set custom dns search domains + -e, --env=[] Set environment variables + --entrypoint="" Overwrite the default entrypoint of the image + --env-file=[] Read in a line delimited file of ENV variables + --expose=[] Expose a port from the container without publishing it to your host + -h, --hostname="" Container host name + -i, --interactive=false Keep stdin open even if not attached + --link=[] Add link to another container (name:alias) + --lxc-conf=[] (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" + -m, --memory="" Memory limit (format: , where unit = b, k, m or g) + --name="" Assign a name to the container + --net="bridge" Set the Network mode for the container + 'bridge': creates a new network stack for the container on the docker bridge + 'none': no networking for this container + 'container:': reuses another container network stack + 'host': use the host network stack inside the contaner + -p, --publish=[] Publish a container's port to the host + format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort + (use 'docker port' to see the actual mapping) + -P, --publish-all=false Publish all exposed ports to the host interfaces + --privileged=false Give extended privileges to this container + --rm=false Automatically remove the container when it exits (incompatible with -d) + --sig-proxy=true Proxify all received signal to the process (even in non-tty mode) + -t, --tty=false Allocate a pseudo-tty + -u, --user="" Username or UID + -v, --volume=[] Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container) + --volumes-from=[] Mount volumes from the specified container(s) + -w, --workdir="" Working directory inside the container - -a, --attach=map[]: Attach to stdin, stdout or stderr - -c, --cpu-shares=0: CPU shares (relative weight) - --cidfile="": Write the container ID to the file - -d, --detach=false: Detached mode: Run container in the background, print new container id - -e, --env=[]: Set environment variables - --env-file="": Read in a line delimited file of ENV variables - -h, --hostname="": Container host name - -i, --interactive=false: Keep stdin open even if not attached - --privileged=false: Give extended privileges to this container - -m, --memory="": Memory limit (format: , where unit = b, k, m or g) - -n, --networking=true: Enable networking for this container - -p, --publish=[]: Map a network port to the container - --rm=false: Automatically remove the container when it exits (incompatible with -d) - -t, --tty=false: Allocate a pseudo-tty - -u, --user="": Username or UID - --dns=[]: Set custom dns servers for the container - --dns-search=[]: Set custom DNS search domains for the container - -v, --volume=[]: Create a bind mount to a directory or file with: [host-path]:[container-path]:[rw|ro]. If a directory "container-path" is missing, then docker creates a new volume. - --volumes-from="": Mount all volumes from the given container(s) - --entrypoint="": Overwrite the default entrypoint set by the image - -w, --workdir="": Working directory inside the container - --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" - --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) - --expose=[]: Expose a port from the container without publishing it to your host - --link="": Add link to another container (name:alias) - --name="": Assign the specified name to the container. If no name is specific docker will generate a random name - -P, --publish-all=false: Publish all exposed ports to the host interfaces +The `docker run` command first `creates` a writeable container layer over the +specified image, and then `starts` it using the specified command. That is, +`docker run` is equivalent to the API `/containers/create` then +`/containers/(id)/start`. A stopped container can be restarted with all its +previous changes intact using `docker start`. See `docker ps -a` to view a list +of all containers. -The `docker run` command first `creates` -a writeable container layer over the specified image, and then -`starts` it using the specified command. That is, -`docker run` is equivalent to the API -`/containers/create` then -`/containers/(id)/start`. A stopped container can be -restarted with all its previous changes intact using -`docker start`. See `docker ps -a` -to view a list of all containers. +The `docker run` command can be used in combination with `docker commit` to +[*change the command that a container runs*](#commit-an-existing-container). -The `docker run` command can be used in combination -with `docker commit` to [*change the command that a -container runs*](#commit-an-existing-container). - -See [*Redirect Ports*](../../../use/port_redirection/#port-redirection) -for more detailed information about the `--expose`, -`-p`, `-P` and -`--link` parameters, and [*Link -Containers*](../../../use/working_with_links_names/#working-with-links-names) -for specific examples using `--link`. +See [*Redirect Ports*](/use/port_redirection/#port-redirection) +for more detailed information about the `--expose`, `-p`, `-P` and `--link` +parameters, and [*Link Containers*]( +/use/working_with_links_names/#working-with-links-names) for specific +examples using `--link`. ### Known Issues (run –volumes-from) -- [Issue 2702](https://github.com/dotcloud/docker/issues/2702): - "lxc-start: Permission denied - failed to mount" could indicate a - permissions problem with AppArmor. Please see the issue for a - workaround. +- [Issue 2702](https://github.com/dotcloud/docker/issues/2702): + "lxc-start: Permission denied - failed to mount" could indicate a + permissions problem with AppArmor. Please see the issue for a + workaround. ### Examples: $ sudo docker run --cidfile /tmp/docker_test.cid ubuntu echo "test" -This will create a container and print `test` to the -console. The `cidfile` flag makes Docker attempt to -create a new file and write the container ID to it. If the file exists -already, Docker will return an error. Docker will close this file when -`docker run` exits. +This will create a container and print `test` to the console. The `cidfile` +flag makes Docker attempt to create a new file and write the container ID to it. +If the file exists already, Docker will return an error. Docker will close this +file when `docker run` exits. $ sudo docker run -t -i --rm ubuntu bash root@bc338942ef20:/# mount -t tmpfs none /mnt mount: permission denied -This will *not* work, because by default, most potentially dangerous -kernel capabilities are dropped; including `cap_sys_admin` -(which is required to mount filesystems). However, the -`--privileged` flag will allow it to run: +This will *not* work, because by default, most potentially dangerous kernel +capabilities are dropped; including `cap_sys_admin` (which is required to mount +filesystems). However, the `--privileged` flag will allow it to run: $ sudo docker run --privileged ubuntu bash root@50e3f57e16e6:/# mount -t tmpfs none /mnt @@ -889,30 +889,27 @@ kernel capabilities are dropped; including `cap_sys_admin` Filesystem Size Used Avail Use% Mounted on none 1.9G 0 1.9G 0% /mnt -The `--privileged` flag gives *all* capabilities to -the container, and it also lifts all the limitations enforced by the -`device` cgroup controller. In other words, the -container can then do almost everything that the host can do. This flag -exists to allow special use-cases, like running Docker within Docker. +The `--privileged` flag gives *all* capabilities to the container, and it also +lifts all the limitations enforced by the `device` cgroup controller. In other +words, the container can then do almost everything that the host can do. This +flag exists to allow special use-cases, like running Docker within Docker. $ sudo docker run -w /path/to/dir/ -i -t ubuntu pwd -The `-w` lets the command being executed inside -directory given, here `/path/to/dir/`. If the path -does not exists it is created inside the container. +The `-w` lets the command being executed inside directory given, here +`/path/to/dir/`. If the path does not exists it is created inside the container. $ sudo docker run -v `pwd`:`pwd` -w `pwd` -i -t ubuntu pwd -The `-v` flag mounts the current working directory -into the container. The `-w` lets the command being -executed inside the current working directory, by changing into the -directory to the value returned by `pwd`. So this +The `-v` flag mounts the current working directory into the container. The `-w` +lets the command being executed inside the current working directory, by +changing into the directory to the value returned by `pwd`. So this combination executes the command using the container, but inside the current working directory. $ sudo docker run -v /doesnt/exist:/foo -w /foo -i -t ubuntu bash -When the host directory of a bind-mounted volume doesn’t exist, Docker +When the host directory of a bind-mounted volume doesn't exist, Docker will automatically create this directory on the host for you. In the example above, Docker will create the `/doesnt/exist` folder before starting your container. @@ -920,49 +917,43 @@ folder before starting your container. $ sudo docker run -t -i -v /var/run/docker.sock:/var/run/docker.sock -v ./static-docker:/usr/bin/docker busybox sh By bind-mounting the docker unix socket and statically linked docker -binary (such as that provided by -[https://get.docker.io](https://get.docker.io)), you give the container -the full access to create and manipulate the host’s docker daemon. +binary (such as that provided by [https://get.docker.io]( +https://get.docker.io)), you give the container the full access to create and +manipulate the host's docker daemon. $ sudo docker run -p 127.0.0.1:80:8080 ubuntu bash -This binds port `8080` of the container to port -`80` on `127.0.0.1` of the host -machine. [*Redirect -Ports*](../../../use/port_redirection/#port-redirection) explains in -detail how to manipulate ports in Docker. +This binds port `8080` of the container to port `80` on `127.0.0.1` of the host +machine. [*Redirect Ports*](/use/port_redirection/#port-redirection) +explains in detail how to manipulate ports in Docker. $ sudo docker run --expose 80 ubuntu bash -This exposes port `80` of the container for use -within a link without publishing the port to the host system’s -interfaces. [*Redirect -Ports*](../../../use/port_redirection/#port-redirection) explains in -detail how to manipulate ports in Docker. +This exposes port `80` of the container for use within a link without publishing +the port to the host system's interfaces. [*Redirect Ports*]( +/use/port_redirection/#port-redirection) explains in detail how to +manipulate ports in Docker. $ sudo docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash -This sets environmental variables in the container. For illustration all -three flags are shown here. Where `-e`, -`--env` take an environment variable and value, or -if no "=" is provided, then that variable’s current value is passed -through (i.e. $MYVAR1 from the host is set to $MYVAR1 in the -container). All three flags, `-e`, `--env` -and `--env-file` can be repeated. +This sets environmental variables in the container. For illustration all three +flags are shown here. Where `-e`, `--env` take an environment variable and +value, or if no "=" is provided, then that variable's current value is passed +through (i.e. $MYVAR1 from the host is set to $MYVAR1 in the container). All +three flags, `-e`, `--env` and `--env-file` can be repeated. -Regardless of the order of these three flags, the `--env-file` -are processed first, and then `-e`, `--env` flags. This way, the -`-e` or `--env` will override variables as needed. +Regardless of the order of these three flags, the `--env-file` are processed +first, and then `-e`, `--env` flags. This way, the `-e` or `--env` will +override variables as needed. $ cat ./env.list TEST_FOO=BAR $ sudo docker run --env TEST_FOO="This is a test" --env-file ./env.list busybox env | grep TEST_FOO TEST_FOO=This is a test -The `--env-file` flag takes a filename as an -argument and expects each line to be in the VAR=VAL format, mimicking -the argument passed to `--env`. Comment lines need -only be prefixed with `#` +The `--env-file` flag takes a filename as an argument and expects each line +to be in the VAR=VAL format, mimicking the argument passed to `--env`. Comment +lines need only be prefixed with `#` An example of a file passed with `--env-file` @@ -991,48 +982,44 @@ This will create and run a new container with the container name being $ sudo docker run --link /redis:redis --name console ubuntu bash -The `--link` flag will link the container named -`/redis` into the newly created container with the -alias `redis`. The new container can access the -network and environment of the redis container via environment -variables. The `--name` flag will assign the name -`console` to the newly created container. +The `--link` flag will link the container named `/redis` into the newly +created container with the alias `redis`. The new container can access the +network and environment of the redis container via environment variables. +The `--name` flag will assign the name `console` to the newly created +container. $ sudo docker run --volumes-from 777f7dc92da7,ba8c0c54f0f2:ro -i -t ubuntu pwd -The `--volumes-from` flag mounts all the defined -volumes from the referenced containers. Containers can be specified by a -comma separated list or by repetitions of the `--volumes-from` -argument. The container ID may be optionally suffixed with -`:ro` or `:rw` to mount the -volumes in read-only or read-write mode, respectively. By default, the -volumes are mounted in the same mode (read write or read only) as the -reference container. +The `--volumes-from` flag mounts all the defined volumes from the referenced +containers. Containers can be specified by a comma separated list or by +repetitions of the `--volumes-from` argument. The container ID may be +optionally suffixed with `:ro` or `:rw` to mount the volumes in read-only +or read-write mode, respectively. By default, the volumes are mounted in +the same mode (read write or read only) as the reference container. -The `-a` flag tells `docker run` -to bind to the container’s stdin, stdout or stderr. This makes it -possible to manipulate the output and input as needed. +The `-a` flag tells `docker run` to bind to the container's stdin, stdout or +stderr. This makes it possible to manipulate the output and input as needed. - $ sudo echo "test" | docker run -i -a stdin ubuntu cat - + $ echo "test" | sudo docker run -i -a stdin ubuntu cat - -This pipes data into a container and prints the container’s ID by -attaching only to the container’s stdin. +This pipes data into a container and prints the container's ID by attaching +only to the container'sstdin. $ sudo docker run -a stderr ubuntu echo test -This isn’t going to print anything unless there’s an error because we’ve -only attached to the stderr of the container. The container’s logs still -store what’s been written to stderr and stdout. +This isn't going to print anything unless there's an error because We've +only attached to the stderr of the container. The container's logs still + store what's been written to stderr and stdout. - $ sudo cat somefile | docker run -i -a stdin mybuilder dobuild + $ cat somefile | sudo docker run -i -a stdin mybuilder dobuild This is how piping a file into a container could be done for a build. -The container’s ID will be printed after the build is done and the build +The container's ID will be printed after the build is done and the build logs could be retrieved using `docker logs`. This is useful if you need to pipe a file or something else into a container and -retrieve the container’s ID once the container has finished running. +retrieve the container's ID once the container has finished running. -#### A complete example +**A complete example:** $ sudo docker run -d --name static static-web-files sh $ sudo docker run -d --expose=8098 --name riak riakserver @@ -1043,45 +1030,33 @@ retrieve the container’s ID once the container has finished running. This example shows 5 containers that might be set up to test a web application change: -1. Start a pre-prepared volume image `static-web-files` - (in the background) that has CSS, image and static HTML in - it, (with a `VOLUME` instruction in the - `Dockerfile` to allow the web server to use - those files); -2. Start a pre-prepared `riakserver` image, give - the container name `riak` and expose port - `8098` to any containers that link to it; -3. Start the `appserver` image, restricting its - memory usage to 100MB, setting two environment variables - `DEVELOPMENT` and `BRANCH` - and bind-mounting the current directory (`$(pwd)` -) in the container in read-only mode as - `/app/bin`; -4. Start the `webserver`, mapping port - `443` in the container to port `1443` - on the Docker server, setting the DNS server to - `dns.dev.org` and DNS search domain to - `dev.org`, creating a volume to put the log - files into (so we can access it from another container), then - importing the files from the volume exposed by the - `static` container, and linking to all exposed - ports from `riak` and `app`. - Lastly, we set the hostname to `web.sven.dev.org` - so its consistent with the pre-generated SSL certificate; -5. Finally, we create a container that runs - `tail -f access.log` using the logs volume from - the `web` container, setting the workdir to - `/var/log/httpd`. The `--rm` - option means that when the container exits, the container’s layer is - removed. +1. Start a pre-prepared volume image `static-web-files` (in the background) + that has CSS, image and static HTML in it, (with a `VOLUME` instruction in + the Dockerfile to allow the web server to use those files); +2. Start a pre-prepared `riakserver` image, give the container name `riak` and + expose port `8098` to any containers that link to it; +3. Start the `appserver` image, restricting its memory usage to 100MB, setting + two environment variables `DEVELOPMENT` and `BRANCH` and bind-mounting the + current directory (`$(pwd)`) in the container in read-only mode as `/app/bin`; +4. Start the `webserver`, mapping port `443` in the container to port `1443` on + the Docker server, setting the DNS server to `dns.dev.org` and DNS search + domain to `dev.org`, creating a volume to put the log files into (so we can + access it from another container), then importing the files from the volume + exposed by the `static` container, and linking to all exposed ports from + `riak` and `app`. Lastly, we set the hostname to `web.sven.dev.org` so its + consistent with the pre-generated SSL certificate; +5. Finally, we create a container that runs `tail -f access.log` using the logs + volume from the `web` container, setting the workdir to `/var/log/httpd`. The + `--rm` option means that when the container exits, the container's layer is + removed. -## `save` +## save + +Save an image to a tar archive (streamed to stdout by default) Usage: docker save IMAGE - Save an image to a tar archive (streamed to stdout by default) - - -o, --output="": Write to an file, instead of STDOUT + -o, --output="": Write to an file, instead of STDOUT Produces a tarred repository to the standard output stream. Contains all parent layers, and all tags + versions, or specified repo:tag. @@ -1098,65 +1073,65 @@ It is used to create a backup that can then be used with $ sudo docker save -o fedora-all.tar fedora $ sudo docker save -o fedora-latest.tar fedora:latest -## `search` +## search + +Search [Docker.io](https://index.docker.io) for images Usage: docker search TERM - Search the docker index for images - --no-trunc=false: Don᾿t truncate output -s, --stars=0: Only displays with at least xxx stars -t, --trusted=false: Only show trusted builds -See [*Find Public Images on the Central -Index*](../../../use/workingwithrepository/#searching-central-index) for +See [*Find Public Images on Docker.io*]( +/use/workingwithrepository/#find-public-images-on-dockerio) for more details on finding shared images from the commandline. -## `start` +## start + +Start a stopped container Usage: docker start [OPTIONS] CONTAINER - Start a stopped container - -a, --attach=false: Attach container᾿s stdout/stderr and forward all signals to the process -i, --interactive=false: Attach container᾿s stdin -## `stop` +## stop + +Stop a running container (Send SIGTERM, and then SIGKILL after grace period) Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...] - Stop a running container (Send SIGTERM, and then SIGKILL after grace period) - - -t, --time=10: Number of seconds to wait for the container to stop before killing it. + -t, --time=10: Number of seconds to wait for the container to stop before killing it. The main process inside the container will receive SIGTERM, and after a grace period, SIGKILL -## `tag` +## tag + +Tag an image into a repository Usage: docker tag [OPTIONS] IMAGE [REGISTRYHOST/][USERNAME/]NAME[:TAG] - Tag an image into a repository - - -f, --force=false: Force + -f, --force=false: Force You can group your images together using names and tags, and then upload -them to [*Share Images via -Repositories*](../../../use/workingwithrepository/#working-with-the-repository). +them to [*Share Images via Repositories*]( +/use/workingwithrepository/#working-with-the-repository). -## `top` +## top Usage: docker top CONTAINER [ps OPTIONS] - Lookup the running processes of a container +Lookup the running processes of a container -## `version` +## version Show the version of the Docker client, daemon, and latest released version. -## `wait` +## wait Usage: docker wait [OPTIONS] NAME - Block until a container stops, then print its exit code. +Block until a container stops, then print its exit code. diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst deleted file mode 100644 index 87c08eb4b4..0000000000 --- a/docs/sources/reference/commandline/cli.rst +++ /dev/null @@ -1,1403 +0,0 @@ -:title: Command Line Interface -:description: Docker's CLI command description and usage -:keywords: Docker, Docker documentation, CLI, command line - -.. _cli: - -Command Line -============ - -To list available commands, either run ``docker`` with no parameters or execute -``docker help``:: - - $ sudo docker - Usage: docker [OPTIONS] COMMAND [arg...] - -H=[unix:///var/run/docker.sock]: tcp://[host]:port to bind/connect to or unix://[/path/to/socket] to use. When host=[127.0.0.1] is omitted for tcp or path=[/var/run/docker.sock] is omitted for unix sockets, default values are used. - - A self-sufficient runtime for linux containers. - - ... - -.. _cli_options: - -Option types ------------- - -Single character commandline options can be combined, so rather than typing -``docker run -t -i --name test busybox sh``, you can write -``docker run -ti --name test busybox sh``. - -Boolean -~~~~~~~ - -Boolean options look like ``-d=false``. The value you see is the -default value which gets set if you do **not** use the boolean -flag. If you do call ``run -d``, that sets the opposite boolean value, -so in this case, ``true``, and so ``docker run -d`` **will** run in -"detached" mode, in the background. Other boolean options are similar --- specifying them will set the value to the opposite of the default -value. - -Multi -~~~~~ - -Options like ``-a=[]`` indicate they can be specified multiple times:: - - docker run -a stdin -a stdout -a stderr -i -t ubuntu /bin/bash - -Sometimes this can use a more complex value string, as for ``-v``:: - - docker run -v /host:/container example/mysql - -Strings and Integers -~~~~~~~~~~~~~~~~~~~~ - -Options like ``--name=""`` expect a string, and they can only be -specified once. Options like ``-c=0`` expect an integer, and they can -only be specified once. - -.. _cli_daemon: - -``daemon`` ----------- - -:: - - Usage of docker: - -D, --debug=false: Enable debug mode - -H, --host=[]: Multiple tcp://host:port or unix://path/to/socket to bind in daemon mode, single connection otherwise. systemd socket activation can be used with fd://[socketfd]. - -G, --group="docker": Group to assign the unix socket specified by -H when running in daemon mode; use '' (the empty string) to disable setting of a group - --api-enable-cors=false: Enable CORS headers in the remote API - -b, --bridge="": Attach containers to a pre-existing network bridge; use 'none' to disable container networking - -bip="": Use this CIDR notation address for the network bridge's IP, not compatible with -b - -d, --daemon=false: Enable daemon mode - --dns=[]: Force docker to use specific DNS servers - --dns-search=[]: Force Docker to use specific DNS search domains - -g, --graph="/var/lib/docker": Path to use as the root of the docker runtime - --icc=true: Enable inter-container communication - --ip="0.0.0.0": Default IP address to use when binding container ports - --ip-forward=true: Enable net.ipv4.ip_forward - --iptables=true: Enable Docker's addition of iptables rules - -p, --pidfile="/var/run/docker.pid": Path to use for daemon PID file - -r, --restart=true: Restart previously running containers - -s, --storage-driver="": Force the docker runtime to use a specific storage driver - -e, --exec-driver="native": Force the docker runtime to use a specific exec driver - -v, --version=false: Print version information and quit - --tls=false: Use TLS; implied by tls-verify flags - --tlscacert="~/.docker/ca.pem": Trust only remotes providing a certificate signed by the CA given here - --tlscert="~/.docker/cert.pem": Path to TLS certificate file - --tlskey="~/.docker/key.pem": Path to TLS key file - --tlsverify=false: Use TLS and verify the remote (daemon: verify client, client: verify daemon) - --mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available - -The Docker daemon is the persistent process that manages containers. Docker uses the same binary for both the -daemon and client. To run the daemon you provide the ``-d`` flag. - -To force Docker to use devicemapper as the storage driver, use ``docker -d -s devicemapper``. - -To set the DNS server for all Docker containers, use ``docker -d --dns 8.8.8.8``. - -To set the DNS search domain for all Docker containers, use ``docker -d --dns-search example.com``. - -To run the daemon with debug output, use ``docker -d -D``. - -To use lxc as the execution driver, use ``docker -d -e lxc``. - -The docker client will also honor the ``DOCKER_HOST`` environment variable to set -the ``-H`` flag for the client. - -:: - - docker -H tcp://0.0.0.0:4243 ps - # or - export DOCKER_HOST="tcp://0.0.0.0:4243" - docker ps - # both are equal - -To run the daemon with `systemd socket activation `_, use ``docker -d -H fd://``. -Using ``fd://`` will work perfectly for most setups but you can also specify individual sockets too ``docker -d -H fd://3``. -If the specified socket activated files aren't found then docker will exit. -You can find examples of using systemd socket activation with docker and systemd in the `docker source tree `_. - -Docker supports softlinks for the Docker data directory (``/var/lib/docker``) and for ``/tmp``. -TMPDIR and the data directory can be set like this: - -:: - - TMPDIR=/mnt/disk2/tmp /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 - # or - export TMPDIR=/mnt/disk2/tmp - /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 - -.. _cli_attach: - -``attach`` ----------- - -:: - - Usage: docker attach CONTAINER - - Attach to a running container. - - --no-stdin=false: Do not attach stdin - --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) - -The ``attach`` command will allow you to view or interact with any -running container, detached (``-d``) or interactive (``-i``). You can -attach to the same container at the same time - screen sharing style, -or quickly view the progress of your daemonized process. - -You can detach from the container again (and leave it running) with -``CTRL-C`` (for a quiet exit) or ``CTRL-\`` to get a stacktrace of -the Docker client when it quits. When you detach from the container's -process the exit code will be returned to the client. - -To stop a container, use ``docker stop``. - -To kill the container, use ``docker kill``. - -.. _cli_attach_examples: - -Examples: -~~~~~~~~~ - -.. code-block:: bash - - $ ID=$(sudo docker run -d ubuntu /usr/bin/top -b) - $ sudo docker attach $ID - top - 02:05:52 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 - Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie - Cpu(s): 0.1%us, 0.2%sy, 0.0%ni, 99.7%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st - Mem: 373572k total, 355560k used, 18012k free, 27872k buffers - Swap: 786428k total, 0k used, 786428k free, 221740k cached - - PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND - 1 root 20 0 17200 1116 912 R 0 0.3 0:00.03 top - - top - 02:05:55 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 - Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie - Cpu(s): 0.0%us, 0.2%sy, 0.0%ni, 99.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st - Mem: 373572k total, 355244k used, 18328k free, 27872k buffers - Swap: 786428k total, 0k used, 786428k free, 221776k cached - - PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND - 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top - - - top - 02:05:58 up 3:06, 0 users, load average: 0.01, 0.02, 0.05 - Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie - Cpu(s): 0.2%us, 0.3%sy, 0.0%ni, 99.5%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st - Mem: 373572k total, 355780k used, 17792k free, 27880k buffers - Swap: 786428k total, 0k used, 786428k free, 221776k cached - - PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND - 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top - ^C$ - $ sudo docker stop $ID - -.. _cli_build: - -``build`` ---------- - -:: - - Usage: docker build [OPTIONS] PATH | URL | - - Build a new container image from the source code at PATH - -t, --tag="": Repository name (and optionally a tag) to be applied - to the resulting image in case of success. - -q, --quiet=false: Suppress the verbose output generated by the containers. - --no-cache: Do not use the cache when building the image. - --rm=true: Remove intermediate containers after a successful build - -Use this command to build Docker images from a ``Dockerfile`` and a "context". - -The files at ``PATH`` or ``URL`` are called the "context" of the build. -The build process may refer to any of the files in the context, for example when -using an :ref:`ADD ` instruction. -When a single ``Dockerfile`` is given as ``URL``, then no context is set. - -When a Git repository is set as ``URL``, then the repository is used as the context. -The Git repository is cloned with its submodules (`git clone --recursive`). -A fresh git clone occurs in a temporary directory on your local host, and then this -is sent to the Docker daemon as the context. -This way, your local user credentials and vpn's etc can be used to access private repositories - -.. _cli_build_examples: - -.. seealso:: :ref:`dockerbuilder`. - -Examples: -~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker build . - Uploading context 10240 bytes - Step 1 : FROM busybox - Pulling repository busybox - ---> e9aa60c60128MB/2.284 MB (100%) endpoint: https://cdn-registry-1.docker.io/v1/ - Step 2 : RUN ls -lh / - ---> Running in 9c9e81692ae9 - total 24 - drwxr-xr-x 2 root root 4.0K Mar 12 2013 bin - drwxr-xr-x 5 root root 4.0K Oct 19 00:19 dev - drwxr-xr-x 2 root root 4.0K Oct 19 00:19 etc - drwxr-xr-x 2 root root 4.0K Nov 15 23:34 lib - lrwxrwxrwx 1 root root 3 Mar 12 2013 lib64 -> lib - dr-xr-xr-x 116 root root 0 Nov 15 23:34 proc - lrwxrwxrwx 1 root root 3 Mar 12 2013 sbin -> bin - dr-xr-xr-x 13 root root 0 Nov 15 23:34 sys - drwxr-xr-x 2 root root 4.0K Mar 12 2013 tmp - drwxr-xr-x 2 root root 4.0K Nov 15 23:34 usr - ---> b35f4035db3f - Step 3 : CMD echo Hello World - ---> Running in 02071fceb21b - ---> f52f38b7823e - Successfully built f52f38b7823e - Removing intermediate container 9c9e81692ae9 - Removing intermediate container 02071fceb21b - - -This example specifies that the ``PATH`` is ``.``, and so all the files in -the local directory get tar'd and sent to the Docker daemon. The ``PATH`` -specifies where to find the files for the "context" of the build on -the Docker daemon. Remember that the daemon could be running on a -remote machine and that no parsing of the ``Dockerfile`` happens at the -client side (where you're running ``docker build``). That means that -*all* the files at ``PATH`` get sent, not just the ones listed to -:ref:`ADD ` in the ``Dockerfile``. - -The transfer of context from the local machine to the Docker daemon is -what the ``docker`` client means when you see the "Uploading context" -message. - -If you wish to keep the intermediate containers after the build is complete, -you must use ``--rm=false``. This does not affect the build cache. - - -.. code-block:: bash - - $ sudo docker build -t vieux/apache:2.0 . - -This will build like the previous example, but it will then tag the -resulting image. The repository name will be ``vieux/apache`` and the -tag will be ``2.0`` - - -.. code-block:: bash - - $ sudo docker build - < Dockerfile - -This will read a ``Dockerfile`` from *stdin* without context. Due to -the lack of a context, no contents of any local directory will be sent -to the ``docker`` daemon. Since there is no context, a ``Dockerfile`` -``ADD`` only works if it refers to a remote URL. - -.. code-block:: bash - - $ sudo docker build github.com/creack/docker-firefox - -This will clone the GitHub repository and use the cloned repository as -context. The ``Dockerfile`` at the root of the repository is used as -``Dockerfile``. Note that you can specify an arbitrary Git repository -by using the ``git://`` schema. - - -.. _cli_commit: - -``commit`` ----------- - -:: - - Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]] - - Create a new image from a container's changes - - -m, --message="": Commit message - -a, --author="": Author (eg. "John Hannibal Smith " - -It can be useful to commit a container's file changes or settings into a new image. -This allows you debug a container by running an interactive shell, or to export -a working dataset to another server. -Generally, it is better to use Dockerfiles to manage your images in a documented -and maintainable way. - -.. _cli_commit_examples: - -Commit an existing container -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker ps - ID IMAGE COMMAND CREATED STATUS PORTS - c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours - 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours - $ docker commit c3f279d17e0a SvenDowideit/testimage:version3 - f5283438590d - $ docker images | head - REPOSITORY TAG ID CREATED VIRTUAL SIZE - SvenDowideit/testimage version3 f5283438590d 16 seconds ago 335.7 MB - - -.. _cli_cp: - -``cp`` ------- - -:: - - Usage: docker cp CONTAINER:PATH HOSTPATH - - Copy files/folders from the containers filesystem to the host - path. Paths are relative to the root of the filesystem. - -.. code-block:: bash - - $ sudo docker cp 7bb0e258aefe:/etc/debian_version . - $ sudo docker cp blue_frog:/etc/hosts . - -.. _cli_diff: - -``diff`` --------- - -:: - - Usage: docker diff CONTAINER - - List the changed files and directories in a container's filesystem - -There are 3 events that are listed in the 'diff': - -1. ```A``` - Add -2. ```D``` - Delete -3. ```C``` - Change - -For example: - -.. code-block:: bash - - $ sudo docker diff 7bb0e258aefe - - C /dev - A /dev/kmsg - C /etc - A /etc/mtab - A /go - A /go/src - A /go/src/github.com - A /go/src/github.com/dotcloud - A /go/src/github.com/dotcloud/docker - A /go/src/github.com/dotcloud/docker/.git - .... - -.. _cli_events: - -``events`` ----------- - -:: - - Usage: docker events - - Get real time events from the server - - --since="": Show all events created since timestamp - (either seconds since epoch, or date string as below) - --until="": Show events created before timestamp - (either seconds since epoch, or date string as below) - -.. _cli_events_example: - -Examples -~~~~~~~~ - -You'll need two shells for this example. - -Shell 1: Listening for events -............................. - -.. code-block:: bash - - $ sudo docker events - -Shell 2: Start and Stop a Container -................................... - -.. code-block:: bash - - $ sudo docker start 4386fb97867d - $ sudo docker stop 4386fb97867d - -Shell 1: (Again .. now showing events) -...................................... - -.. code-block:: bash - - [2013-09-03 15:49:26 +0200 CEST] 4386fb97867d: (from 12de384bfb10) start - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop - -Show events in the past from a specified time -............................................. - -.. code-block:: bash - - $ sudo docker events --since 1378216169 - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop - - $ sudo docker events --since '2013-09-03' - [2013-09-03 15:49:26 +0200 CEST] 4386fb97867d: (from 12de384bfb10) start - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop - - $ sudo docker events --since '2013-09-03 15:49:29 +0200 CEST' - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop - -.. _cli_export: - -``export`` ----------- - -:: - - Usage: docker export CONTAINER - - Export the contents of a filesystem as a tar archive to STDOUT - -For example: - -.. code-block:: bash - - $ sudo docker export red_panda > latest.tar - -.. _cli_history: - -``history`` ------------ - -:: - - Usage: docker history [OPTIONS] IMAGE - - Show the history of an image - - --no-trunc=false: Don't truncate output - -q, --quiet=false: Only show numeric IDs - -To see how the ``docker:latest`` image was built: - -.. code-block:: bash - - $ docker history docker - IMAGE CREATED CREATED BY SIZE - 3e23a5875458790b7a806f95f7ec0d0b2a5c1659bfc899c89f939f6d5b8f7094 8 days ago /bin/sh -c #(nop) ENV LC_ALL=C.UTF-8 0 B - 8578938dd17054dce7993d21de79e96a037400e8d28e15e7290fea4f65128a36 8 days ago /bin/sh -c dpkg-reconfigure locales && locale-gen C.UTF-8 && /usr/sbin/update-locale LANG=C.UTF-8 1.245 MB - be51b77efb42f67a5e96437b3e102f81e0a1399038f77bf28cea0ed23a65cf60 8 days ago /bin/sh -c apt-get update && apt-get install -y git libxml2-dev python build-essential make gcc python-dev locales python-pip 338.3 MB - 4b137612be55ca69776c7f30c2d2dd0aa2e7d72059820abf3e25b629f887a084 6 weeks ago /bin/sh -c #(nop) ADD jessie.tar.xz in / 121 MB - 750d58736b4b6cc0f9a9abe8f258cef269e3e9dceced1146503522be9f985ada 6 weeks ago /bin/sh -c #(nop) MAINTAINER Tianon Gravi - mkimage-debootstrap.sh -t jessie.tar.xz jessie http://http.debian.net/debian 0 B - 511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158 9 months ago 0 B - -.. _cli_images: - -``images`` ----------- - -:: - - Usage: docker images [OPTIONS] [NAME] - - List images - - -a, --all=false: Show all images (by default filter out the intermediate image layers) - --no-trunc=false: Don't truncate output - -q, --quiet=false: Only show numeric IDs - -The default ``docker images`` will show all top level images, their repository -and tags, and their virtual size. - -Docker images have intermediate layers that increase reuseability, decrease -disk usage, and speed up ``docker build`` by allowing each step to be cached. -These intermediate layers are not shown by default. - -Listing the most recently created images -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker images | head - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE - 77af4d6b9913 19 hours ago 1.089 GB - committest latest b6fa739cedf5 19 hours ago 1.089 GB - 78a85c484f71 19 hours ago 1.089 GB - docker latest 30557a29d5ab 20 hours ago 1.089 GB - 0124422dd9f9 20 hours ago 1.089 GB - 18ad6fad3402 22 hours ago 1.082 GB - f9f1e26352f0 23 hours ago 1.089 GB - tryout latest 2629d1fa0b81 23 hours ago 131.5 MB - 5ed6274db6ce 24 hours ago 1.089 GB - -Listing the full length image IDs -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker images --no-trunc | head - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE - 77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182 19 hours ago 1.089 GB - committest latest b6fa739cedf5ea12a620a439402b6004d057da800f91c7524b5086a5e4749c9f 19 hours ago 1.089 GB - 78a85c484f71509adeaace20e72e941f6bdd2b25b4c75da8693efd9f61a37921 19 hours ago 1.089 GB - docker latest 30557a29d5abc51e5f1d5b472e79b7e296f595abcf19fe6b9199dbbc809c6ff4 20 hours ago 1.089 GB - 0124422dd9f9cf7ef15c0617cda3931ee68346455441d66ab8bdc5b05e9fdce5 20 hours ago 1.089 GB - 18ad6fad340262ac2a636efd98a6d1f0ea775ae3d45240d3418466495a19a81b 22 hours ago 1.082 GB - f9f1e26352f0a3ba6a0ff68167559f64f3e21ff7ada60366e2d44a04befd1d3a 23 hours ago 1.089 GB - tryout latest 2629d1fa0b81b222fca63371ca16cbf6a0772d07759ff80e8d1369b926940074 23 hours ago 131.5 MB - 5ed6274db6ceb2397844896966ea239290555e74ef307030ebb01ff91b1914df 24 hours ago 1.089 GB - -.. _cli_import: - -``import`` ----------- - -:: - - Usage: docker import URL|- [REPOSITORY[:TAG]] - - Create an empty filesystem image and import the contents of the tarball - (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then optionally tag it. - -URLs must start with ``http`` and point to a single -file archive (.tar, .tar.gz, .tgz, .bzip, .tar.xz, or .txz) containing a -root filesystem. If you would like to import from a local directory or -archive, you can use the ``-`` parameter to take the data from *stdin*. - -Examples -~~~~~~~~ - -Import from a remote location -............................. - -This will create a new untagged image. - -.. code-block:: bash - - $ sudo docker import http://example.com/exampleimage.tgz - -Import from a local file -........................ - -Import to docker via pipe and *stdin*. - -.. code-block:: bash - - $ cat exampleimage.tgz | sudo docker import - exampleimagelocal:new - -Import from a local directory -............................. - -.. code-block:: bash - - $ sudo tar -c . | docker import - exampleimagedir - -Note the ``sudo`` in this example -- you must preserve the ownership of the -files (especially root ownership) during the archiving with tar. If you are not -root (or the sudo command) when you tar, then the ownerships might not get -preserved. - -.. _cli_info: - -``info`` --------- - -:: - - Usage: docker info - - Display system-wide information. - -.. code-block:: bash - - $ sudo docker info - Containers: 292 - Images: 194 - Debug mode (server): false - Debug mode (client): false - Fds: 22 - Goroutines: 67 - LXC Version: 0.9.0 - EventsListeners: 115 - Kernel Version: 3.8.0-33-generic - WARNING: No swap limit support - -When sending issue reports, please use ``docker version`` and ``docker info`` to -ensure we know how your setup is configured. - -.. _cli_inspect: - -``inspect`` ------------ - -:: - - Usage: docker inspect CONTAINER|IMAGE [CONTAINER|IMAGE...] - - Return low-level information on a container/image - - -f, --format="": Format the output using the given go template. - -By default, this will render all results in a JSON array. If a format -is specified, the given template will be executed for each result. - -Go's `text/template `_ package -describes all the details of the format. - -Examples -~~~~~~~~ - -Get an instance's IP Address -............................ - -For the most part, you can pick out any field from the JSON in a -fairly straightforward manner. - -.. code-block:: bash - - $ sudo docker inspect --format='{{.NetworkSettings.IPAddress}}' $INSTANCE_ID - -List All Port Bindings -...................... - -One can loop over arrays and maps in the results to produce simple -text output: - -.. code-block:: bash - - $ sudo docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID - -Find a Specific Port Mapping -............................ - -The ``.Field`` syntax doesn't work when the field name begins with a -number, but the template language's ``index`` function does. The -``.NetworkSettings.Ports`` section contains a map of the internal port -mappings to a list of external address/port objects, so to grab just -the numeric public port, you use ``index`` to find the specific port -map, and then ``index`` 0 contains first object inside of that. Then -we ask for the ``HostPort`` field to get the public address. - -.. code-block:: bash - - $ sudo docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID - -Get config -.......... - -The ``.Field`` syntax doesn't work when the field contains JSON data, -but the template language's custom ``json`` function does. The ``.config`` -section contains complex json object, so to grab it as JSON, you use ``json`` -to convert config object into JSON - -.. code-block:: bash - - $ sudo docker inspect --format='{{json .config}}' $INSTANCE_ID - - -.. _cli_kill: - -``kill`` --------- - -:: - - Usage: docker kill [OPTIONS] CONTAINER [CONTAINER...] - - Kill a running container (send SIGKILL, or specified signal) - - -s, --signal="KILL": Signal to send to the container - -The main process inside the container will be sent SIGKILL, or any signal specified with option ``--signal``. - -Known Issues (kill) -~~~~~~~~~~~~~~~~~~~ - -* :issue:`197` indicates that ``docker kill`` may leave directories - behind and make it difficult to remove the container. -* :issue:`3844` lxc 1.0.0 beta3 removed ``lcx-kill`` which is used by Docker versions before 0.8.0; - see the issue for a workaround. - -.. _cli_load: - -``load`` --------- - -:: - - Usage: docker load - - Load an image from a tar archive on STDIN - - -i, --input="": Read from a tar archive file, instead of STDIN - -Loads a tarred repository from a file or the standard input stream. -Restores both images and tags. - -.. code-block:: bash - - $ sudo docker images - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE - $ sudo docker load < busybox.tar - $ sudo docker images - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE - busybox latest 769b9341d937 7 weeks ago 2.489 MB - $ sudo docker load --input fedora.tar - $ sudo docker images - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE - busybox latest 769b9341d937 7 weeks ago 2.489 MB - fedora rawhide 0d20aec6529d 7 weeks ago 387 MB - fedora 20 58394af37342 7 weeks ago 385.5 MB - fedora heisenbug 58394af37342 7 weeks ago 385.5 MB - fedora latest 58394af37342 7 weeks ago 385.5 MB - - -.. _cli_login: - -``login`` ---------- - -:: - - Usage: docker login [OPTIONS] [SERVER] - - Register or Login to the docker registry server - - -e, --email="": Email - -p, --password="": Password - -u, --username="": Username - - If you want to login to a private registry you can - specify this by adding the server name. - - example: - docker login localhost:8080 - - -.. _cli_logs: - -``logs`` --------- - -:: - - Usage: docker logs [OPTIONS] CONTAINER - - Fetch the logs of a container - - -f, --follow=false: Follow log output - -The ``docker logs`` command batch-retrieves all logs present at the time of execution. - -The ``docker logs --follow`` command combines ``docker logs`` and ``docker attach``: -it will first return all logs from the beginning and then continue streaming -new output from the container's stdout and stderr. - - -.. _cli_port: - -``port`` --------- - -:: - - Usage: docker port [OPTIONS] CONTAINER PRIVATE_PORT - - Lookup the public-facing port which is NAT-ed to PRIVATE_PORT - - -.. _cli_ps: - -``ps`` ------- - -:: - - Usage: docker ps [OPTIONS] - - List containers - - -a, --all=false: Show all containers. Only running containers are shown by default. - --before="": Show only container created before Id or Name, include non-running ones. - -l, --latest=false: Show only the latest created container, include non-running ones. - -n=-1: Show n last created containers, include non-running ones. - --no-trunc=false: Don't truncate output - -q, --quiet=false: Only display numeric IDs - -s, --size=false: Display sizes, not to be used with -q - --since="": Show only containers created since Id or Name, include non-running ones. - - -Running ``docker ps`` showing 2 linked containers. - -.. code-block:: bash - - $ docker ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 4c01db0b339c ubuntu:12.04 bash 17 seconds ago Up 16 seconds webapp - d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db - -``docker ps`` will show only running containers by default. To see all containers: ``docker ps -a`` - -.. _cli_pull: - -``pull`` --------- - -:: - - Usage: docker pull NAME[:TAG] - - Pull an image or a repository from the registry - -Most of your images will be created on top of a base image from the -(https://index.docker.io). - -The Docker Index contains many pre-built images that you can ``pull`` and try -without needing to define and configure your own. - -To download a particular image, or set of images (i.e., a repository), -use ``docker pull``: - -.. code-block:: bash - - $ docker pull debian - # will pull all the images in the debian repository - $ docker pull debian:testing - # will pull only the image named debian:testing and any intermediate layers - # it is based on. (typically the empty `scratch` image, a MAINTAINERs layer, - # and the un-tared base. - -.. _cli_push: - -``push`` --------- - -:: - - Usage: docker push NAME[:TAG] - - Push an image or a repository to the registry - -Use ``docker push`` to share your images on public or private registries. - -.. _cli_restart: - -``restart`` ------------ - -:: - - Usage: docker restart [OPTIONS] NAME - - Restart a running container - - -t, --time=10: Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default=10 - -.. _cli_rm: - -``rm`` ------- - -:: - - Usage: docker rm [OPTIONS] CONTAINER - - Remove one or more containers - -l, --link="": Remove the link instead of the actual container - -f, --force=false: Force removal of running container - -v, --volumes=false: Remove the volumes associated to the container - -Known Issues (rm) -~~~~~~~~~~~~~~~~~ - -* :issue:`197` indicates that ``docker kill`` may leave directories - behind and make it difficult to remove the container. - - -Examples: -~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker rm /redis - /redis - - -This will remove the container referenced under the link ``/redis``. - - -.. code-block:: bash - - $ sudo docker rm --link /webapp/redis - /webapp/redis - - -This will remove the underlying link between ``/webapp`` and the ``/redis`` containers removing all -network communication. - -.. code-block:: bash - - $ sudo docker rm $(docker ps -a -q) - - -This command will delete all stopped containers. The command ``docker ps -a -q`` will return all -existing container IDs and pass them to the ``rm`` command which will delete them. Any running -containers will not be deleted. - -.. _cli_rmi: - -``rmi`` -------- - -:: - - Usage: docker rmi IMAGE [IMAGE...] - - Remove one or more images - - -f, --force=false: Force - --no-prune=false: Do not delete untagged parents - -Removing tagged images -~~~~~~~~~~~~~~~~~~~~~~ - -Images can be removed either by their short or long ID's, or their image names. -If an image has more than one name, each of them needs to be removed before the -image is removed. - -.. code-block:: bash - - $ sudo docker images - REPOSITORY TAG IMAGE ID CREATED SIZE - test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - test2 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - - $ sudo docker rmi fd484f19954f - Error: Conflict, cannot delete image fd484f19954f because it is tagged in multiple repositories - 2013/12/11 05:47:16 Error: failed to remove one or more images - - $ sudo docker rmi test1 - Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 - $ sudo docker rmi test2 - Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 - - $ sudo docker images - REPOSITORY TAG IMAGE ID CREATED SIZE - test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - $ sudo docker rmi test - Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 - Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 - - -.. _cli_run: - -``run`` -------- - -:: - - Usage: docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] - - Run a command in a new container - - -a, --attach=map[]: Attach to stdin, stdout or stderr - -c, --cpu-shares=0: CPU shares (relative weight) - --cidfile="": Write the container ID to the file - -d, --detach=false: Detached mode: Run container in the background, print new container id - -e, --env=[]: Set environment variables - --env-file="": Read in a line delimited file of ENV variables - -h, --hostname="": Container host name - -i, --interactive=false: Keep stdin open even if not attached - --privileged=false: Give extended privileges to this container - -m, --memory="": Memory limit (format: , where unit = b, k, m or g) - -n, --networking=true: Enable networking for this container - -p, --publish=[]: Map a network port to the container - --rm=false: Automatically remove the container when it exits (incompatible with -d) - -t, --tty=false: Allocate a pseudo-tty - -u, --user="": Username or UID - --dns=[]: Set custom dns servers for the container - --dns-search=[]: Set custom DNS search domains for the container - -v, --volume=[]: Create a bind mount to a directory or file with: [host-path]:[container-path]:[rw|ro]. If a directory "container-path" is missing, then docker creates a new volume. - --volumes-from="": Mount all volumes from the given container(s) - --entrypoint="": Overwrite the default entrypoint set by the image - -w, --workdir="": Working directory inside the container - --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" - --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) - --expose=[]: Expose a port from the container without publishing it to your host - --link="": Add link to another container (name:alias) - --name="": Assign the specified name to the container. If no name is specific docker will generate a random name - -P, --publish-all=false: Publish all exposed ports to the host interfaces - -The ``docker run`` command first ``creates`` a writeable container layer over -the specified image, and then ``starts`` it using the specified command. That -is, ``docker run`` is equivalent to the API ``/containers/create`` then -``/containers/(id)/start``. -A stopped container can be restarted with all its previous changes intact using -``docker start``. See ``docker ps -a`` to view a list of all containers. - -The ``docker run`` command can be used in combination with ``docker commit`` to -:ref:`change the command that a container runs `. - -See :ref:`port_redirection` for more detailed information about the ``--expose``, -``-p``, ``-P`` and ``--link`` parameters, and :ref:`working_with_links_names` for -specific examples using ``--link``. - -Known Issues (run --volumes-from) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -* :issue:`2702`: "lxc-start: Permission denied - failed to mount" - could indicate a permissions problem with AppArmor. Please see the - issue for a workaround. - -Examples: -~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker run --cidfile /tmp/docker_test.cid ubuntu echo "test" - -This will create a container and print ``test`` to the console. The -``cidfile`` flag makes Docker attempt to create a new file and write the -container ID to it. If the file exists already, Docker will return an -error. Docker will close this file when ``docker run`` exits. - -.. code-block:: bash - - $ sudo docker run -t -i --rm ubuntu bash - root@bc338942ef20:/# mount -t tmpfs none /mnt - mount: permission denied - - -This will *not* work, because by default, most potentially dangerous -kernel capabilities are dropped; including ``cap_sys_admin`` (which is -required to mount filesystems). However, the ``--privileged`` flag will -allow it to run: - -.. code-block:: bash - - $ sudo docker run --privileged ubuntu bash - root@50e3f57e16e6:/# mount -t tmpfs none /mnt - root@50e3f57e16e6:/# df -h - Filesystem Size Used Avail Use% Mounted on - none 1.9G 0 1.9G 0% /mnt - - -The ``--privileged`` flag gives *all* capabilities to the container, -and it also lifts all the limitations enforced by the ``device`` -cgroup controller. In other words, the container can then do almost -everything that the host can do. This flag exists to allow special -use-cases, like running Docker within Docker. - -.. code-block:: bash - - $ sudo docker run -w /path/to/dir/ -i -t ubuntu pwd - -The ``-w`` lets the command being executed inside directory given, -here ``/path/to/dir/``. If the path does not exists it is created inside the -container. - -.. code-block:: bash - - $ sudo docker run -v `pwd`:`pwd` -w `pwd` -i -t ubuntu pwd - -The ``-v`` flag mounts the current working directory into the container. -The ``-w`` lets the command being executed inside the current -working directory, by changing into the directory to the value -returned by ``pwd``. So this combination executes the command -using the container, but inside the current working directory. - -.. code-block:: bash - - $ sudo docker run -v /doesnt/exist:/foo -w /foo -i -t ubuntu bash - -When the host directory of a bind-mounted volume doesn't exist, Docker -will automatically create this directory on the host for you. In the -example above, Docker will create the ``/doesnt/exist`` folder before -starting your container. - -.. code-block:: bash - - $ sudo docker run -t -i -v /var/run/docker.sock:/var/run/docker.sock -v ./static-docker:/usr/bin/docker busybox sh - -By bind-mounting the docker unix socket and statically linked docker binary -(such as that provided by https://get.docker.io), you give the container -the full access to create and manipulate the host's docker daemon. - -.. code-block:: bash - - $ sudo docker run -p 127.0.0.1:80:8080 ubuntu bash - -This binds port ``8080`` of the container to port ``80`` on ``127.0.0.1`` of the -host machine. :ref:`port_redirection` explains in detail how to manipulate ports -in Docker. - -.. code-block:: bash - - $ sudo docker run --expose 80 ubuntu bash - -This exposes port ``80`` of the container for use within a link without -publishing the port to the host system's interfaces. :ref:`port_redirection` -explains in detail how to manipulate ports in Docker. - -.. code-block:: bash - - $ sudo docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash - -This sets environmental variables in the container. For illustration all three -flags are shown here. Where ``-e``, ``--env`` take an environment variable and -value, or if no "=" is provided, then that variable's current value is passed -through (i.e. $MYVAR1 from the host is set to $MYVAR1 in the container). All -three flags, ``-e``, ``--env`` and ``--env-file`` can be repeated. - -Regardless of the order of these three flags, the ``--env-file`` are processed -first, and then ``-e``/``--env`` flags. This way, the ``-e`` or ``--env`` will -override variables as needed. - -.. code-block:: bash - - $ cat ./env.list - TEST_FOO=BAR - $ sudo docker run --env TEST_FOO="This is a test" --env-file ./env.list busybox env | grep TEST_FOO - TEST_FOO=This is a test - -The ``--env-file`` flag takes a filename as an argument and expects each line -to be in the VAR=VAL format, mimicking the argument passed to ``--env``. -Comment lines need only be prefixed with ``#`` - -An example of a file passed with ``--env-file`` - -.. code-block:: bash - - $ cat ./env.list - TEST_FOO=BAR - - # this is a comment - TEST_APP_DEST_HOST=10.10.0.127 - TEST_APP_DEST_PORT=8888 - - # pass through this variable from the caller - TEST_PASSTHROUGH - $ sudo TEST_PASSTHROUGH=howdy docker run --env-file ./env.list busybox env - HOME=/ - PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - HOSTNAME=5198e0745561 - TEST_FOO=BAR - TEST_APP_DEST_HOST=10.10.0.127 - TEST_APP_DEST_PORT=8888 - TEST_PASSTHROUGH=howdy - - -.. code-block:: bash - - $ sudo docker run --name console -t -i ubuntu bash - -This will create and run a new container with the container name -being ``console``. - -.. code-block:: bash - - $ sudo docker run --link /redis:redis --name console ubuntu bash - -The ``--link`` flag will link the container named ``/redis`` into the -newly created container with the alias ``redis``. The new container -can access the network and environment of the redis container via -environment variables. The ``--name`` flag will assign the name ``console`` -to the newly created container. - -.. code-block:: bash - - $ sudo docker run --volumes-from 777f7dc92da7,ba8c0c54f0f2:ro -i -t ubuntu pwd - -The ``--volumes-from`` flag mounts all the defined volumes from the -referenced containers. Containers can be specified by a comma separated -list or by repetitions of the ``--volumes-from`` argument. The container -ID may be optionally suffixed with ``:ro`` or ``:rw`` to mount the volumes in -read-only or read-write mode, respectively. By default, the volumes are mounted -in the same mode (read write or read only) as the reference container. - -The ``-a`` flag tells ``docker run`` to bind to the container's stdin, stdout -or stderr. This makes it possible to manipulate the output and input as needed. - -.. code-block:: bash - - $ sudo echo "test" | docker run -i -a stdin ubuntu cat - - -This pipes data into a container and prints the container's ID by attaching -only to the container's stdin. - -.. code-block:: bash - - $ sudo docker run -a stderr ubuntu echo test - -This isn't going to print anything unless there's an error because we've only -attached to the stderr of the container. The container's logs still store -what's been written to stderr and stdout. - -.. code-block:: bash - - $ sudo cat somefile | docker run -i -a stdin mybuilder dobuild - -This is how piping a file into a container could be done for a build. -The container's ID will be printed after the build is done and the build logs -could be retrieved using ``docker logs``. This is useful if you need to pipe -a file or something else into a container and retrieve the container's ID once -the container has finished running. - - -A complete example -.................. - -.. code-block:: bash - - $ sudo docker run -d --name static static-web-files sh - $ sudo docker run -d --expose=8098 --name riak riakserver - $ sudo docker run -d -m 100m -e DEVELOPMENT=1 -e BRANCH=example-code -v $(pwd):/app/bin:ro --name app appserver - $ sudo docker run -d -p 1443:443 --dns=dns.dev.org --dns-search=dev.org -v /var/log/httpd --volumes-from static --link riak --link app -h www.sven.dev.org --name web webserver - $ sudo docker run -t -i --rm --volumes-from web -w /var/log/httpd busybox tail -f access.log - -This example shows 5 containers that might be set up to test a web application change: - -1. Start a pre-prepared volume image ``static-web-files`` (in the background) that has CSS, image and static HTML in it, (with a ``VOLUME`` instruction in the ``Dockerfile`` to allow the web server to use those files); -2. Start a pre-prepared ``riakserver`` image, give the container name ``riak`` and expose port ``8098`` to any containers that link to it; -3. Start the ``appserver`` image, restricting its memory usage to 100MB, setting two environment variables ``DEVELOPMENT`` and ``BRANCH`` and bind-mounting the current directory (``$(pwd)``) in the container in read-only mode as ``/app/bin``; -4. Start the ``webserver``, mapping port ``443`` in the container to port ``1443`` on the Docker server, setting the DNS server to ``dns.dev.org`` and DNS search domain to ``dev.org``, creating a volume to put the log files into (so we can access it from another container), then importing the files from the volume exposed by the ``static`` container, and linking to all exposed ports from ``riak`` and ``app``. Lastly, we set the hostname to ``web.sven.dev.org`` so its consistent with the pre-generated SSL certificate; -5. Finally, we create a container that runs ``tail -f access.log`` using the logs volume from the ``web`` container, setting the workdir to ``/var/log/httpd``. The ``--rm`` option means that when the container exits, the container's layer is removed. - - -.. _cli_save: - -``save`` ---------- - -:: - - Usage: docker save IMAGE - - Save an image to a tar archive (streamed to stdout by default) - - -o, --output="": Write to an file, instead of STDOUT - - -Produces a tarred repository to the standard output stream. -Contains all parent layers, and all tags + versions, or specified repo:tag. - -It is used to create a backup that can then be used with ``docker load`` - -.. code-block:: bash - - $ sudo docker save busybox > busybox.tar - $ ls -sh b.tar - 2.7M b.tar - $ sudo docker save --output busybox.tar busybox - $ ls -sh b.tar - 2.7M b.tar - $ sudo docker save -o fedora-all.tar fedora - $ sudo docker save -o fedora-latest.tar fedora:latest - - -.. _cli_search: - -``search`` ----------- - -:: - - Usage: docker search TERM - - Search the docker index for images - - --no-trunc=false: Don't truncate output - -s, --stars=0: Only displays with at least xxx stars - -t, --trusted=false: Only show trusted builds - -See :ref:`searching_central_index` for more details on finding shared images -from the commandline. - -.. _cli_start: - -``start`` ---------- - -:: - - Usage: docker start [OPTIONS] CONTAINER - - Start a stopped container - - -a, --attach=false: Attach container᾿s stdout/stderr and forward all signals to the process - -i, --interactive=false: Attach container᾿s stdin - -.. _cli_stop: - -``stop`` --------- - -:: - - Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...] - - Stop a running container (Send SIGTERM, and then SIGKILL after grace period) - - -t, --time=10: Number of seconds to wait for the container to stop before killing it. - -The main process inside the container will receive SIGTERM, and after a grace period, SIGKILL - -.. _cli_tag: - -``tag`` -------- - -:: - - Usage: docker tag [OPTIONS] IMAGE [REGISTRYHOST/][USERNAME/]NAME[:TAG] - - Tag an image into a repository - - -f, --force=false: Force - -You can group your images together using names and -tags, and then upload them to :ref:`working_with_the_repository`. - -.. _cli_top: - -``top`` -------- - -:: - - Usage: docker top CONTAINER [ps OPTIONS] - - Lookup the running processes of a container - -.. _cli_version: - -``version`` ------------ - -Show the version of the Docker client, daemon, and latest released version. - - -.. _cli_wait: - -``wait`` --------- - -:: - - Usage: docker wait [OPTIONS] NAME - - Block until a container stops, then print its exit code. diff --git a/docs/sources/reference/commandline/index.rst b/docs/sources/reference/commandline/index.rst deleted file mode 100644 index 5536e1012e..0000000000 --- a/docs/sources/reference/commandline/index.rst +++ /dev/null @@ -1,14 +0,0 @@ -:title: Commands -:description: docker command line interface -:keywords: commands, command line, help, docker - - -Commands -======== - -Contents: - -.. toctree:: - :maxdepth: 1 - - cli diff --git a/docs/sources/reference/index.rst b/docs/sources/reference/index.rst deleted file mode 100644 index d35a19b93d..0000000000 --- a/docs/sources/reference/index.rst +++ /dev/null @@ -1,18 +0,0 @@ -:title: Docker Reference Manual -:description: References -:keywords: docker, references, api, command line, commands - -.. _references: - -Reference Manual -================ - -Contents: - -.. toctree:: - :maxdepth: 1 - - commandline/index - builder - run - api/index diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 236b8065b8..09c2b642a1 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -1,68 +1,69 @@ -page_title: Docker Run Reference +page_title: Docker Run Reference page_description: Configure containers at runtime page_keywords: docker, run, configure, runtime -# [Docker Run Reference](#id2) +# Docker Run Reference **Docker runs processes in isolated containers**. When an operator executes `docker run`, she starts a process with its own file system, its own networking, and its own isolated process tree. -The [*Image*](../../terms/image/#image-def) which starts the process may +The [*Image*](/terms/image/#image-def) which starts the process may define defaults related to the binary to run, the networking to expose, and more, but `docker run` gives final control to -the operator who starts the container from the image. That’s the main -reason [*run*](../commandline/cli/#cli-run) has more options than any +the operator who starts the container from the image. That's the main +reason [*run*](/commandline/cli/#cli-run) has more options than any other `docker` command. -Every one of the [*Examples*](../../examples/#example-list) shows +Every one of the [*Examples*](/examples/#example-list) shows running containers, and so here we try to give more in-depth guidance. -## [General Form](#id3) +## General Form -As you’ve seen in the [*Examples*](../../examples/#example-list), the +As you`ve seen in the [*Examples*](/examples/#example-list), the basic run command takes this form: - docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] + $ docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] To learn how to interpret the types of `[OPTIONS]`, -see [*Option types*](../commandline/cli/#cli-options). +see [*Option types*](/commandline/cli/#cli-options). The list of `[OPTIONS]` breaks down into two groups: -1. Settings exclusive to operators, including: - - Detached or Foreground running, - - Container Identification, - - Network settings, and - - Runtime Constraints on CPU and Memory - - Privileges and LXC Configuration +1. Settings exclusive to operators, including: -2. Setting shared between operators and developers, where operators can - override defaults developers set in images at build time. + - Detached or Foreground running, + - Container Identification, + - Network settings, and + - Runtime Constraints on CPU and Memory + - Privileges and LXC Configuration + +2. Setting shared between operators and developers, where operators can + override defaults developers set in images at build time. Together, the `docker run [OPTIONS]` give complete control over runtime behavior to the operator, allowing them to override all defaults set by the developer during `docker build` and nearly all the defaults set by the Docker runtime itself. -## [Operator Exclusive Options](#id4) +## Operator Exclusive Options Only the operator (the person executing `docker run`) can set the following options. -- [Detached vs Foreground](#detached-vs-foreground) - - [Detached (-d)](#detached-d) - - [Foreground](#foreground) -- [Container Identification](#container-identification) - - [Name (–name)](#name-name) - - [PID Equivalent](#pid-equivalent) -- [Network Settings](#network-settings) -- [Clean Up (–rm)](#clean-up-rm) -- [Runtime Constraints on CPU and + - [Detached vs Foreground](#detached-vs-foreground) + - [Detached (-d)](#detached-d) + - [Foreground](#foreground) + - [Container Identification](#container-identification) + - [Name (–name)](#name-name) + - [PID Equivalent](#pid-equivalent) + - [Network Settings](#network-settings) + - [Clean Up (–rm)](#clean-up-rm) + - [Runtime Constraints on CPU and Memory](#runtime-constraints-on-cpu-and-memory) -- [Runtime Privilege and LXC + - [Runtime Privilege and LXC Configuration](#runtime-privilege-and-lxc-configuration) -### [Detached vs Foreground](#id2) +## Detached vs Foreground When starting a Docker container, you must first decide if you want to run the container in the background in a "detached" mode or in the @@ -70,99 +71,143 @@ default foreground mode: -d=false: Detached mode: Run container in the background, print new container id -#### [Detached (-d)](#id3) +### Detached (-d) In detached mode (`-d=true` or just `-d`), all I/O should be done through network connections or shared volumes because the container is no longer listening to the commandline where you executed `docker run`. You can reattach to a detached container with `docker` -[*attach*](../commandline/cli/#cli-attach). If you choose to run a +[*attach*](commandline/cli/#attach). If you choose to run a container in the detached mode, then you cannot use the `--rm` option. -#### [Foreground](#id4) +### Foreground -In foreground mode (the default when `-d` is not -specified), `docker run` can start the process in -the container and attach the console to the process’s standard input, -output, and standard error. It can even pretend to be a TTY (this is -what most commandline executables expect) and pass along signals. All of -that is configurable: +In foreground mode (the default when `-d` is not specified), `docker run` +can start the process in the container and attach the console to the process's +standard input, output, and standard error. It can even pretend to be a TTY +(this is what most commandline executables expect) and pass along signals. All +of that is configurable: -a=[] : Attach to ``stdin``, ``stdout`` and/or ``stderr`` -t=false : Allocate a pseudo-tty --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) -i=false : Keep STDIN open even if not attached -If you do not specify `-a` then Docker will [attach -everything -(stdin,stdout,stderr)](https://github.com/dotcloud/docker/blob/75a7f4d90cde0295bcfb7213004abce8d4779b75/commands.go#L1797). -You can specify to which of the three standard streams -(`stdin`, `stdout`, -`stderr`) you’d like to connect instead, as in: +If you do not specify `-a` then Docker will [attach everything (stdin,stdout,stderr)]( +https://github.com/dotcloud/docker/blob/ +75a7f4d90cde0295bcfb7213004abce8d4779b75/commands.go#L1797). You can specify to which +of the three standard streams (`stdin`, `stdout`, `stderr`) you'd like to connect +instead, as in: - docker run -a stdin -a stdout -i -t ubuntu /bin/bash + $ docker run -a stdin -a stdout -i -t ubuntu /bin/bash -For interactive processes (like a shell) you will typically want a tty -as well as persistent standard input (`stdin`), so -you’ll use `-i -t` together in most interactive -cases. +For interactive processes (like a shell) you will typically want a tty as well as +persistent standard input (`stdin`), so you'll use `-i -t` together in most +interactive cases. -### [Container Identification](#id5) +## Container Identification -#### [Name (–name)](#id6) +### Name (–name) The operator can identify a container in three ways: - UUID long identifier ("f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778") - UUID short identifier ("f78375b1c487") -- Name ("evil\_ptolemy") +- Name ("evil_ptolemy") The UUID identifiers come from the Docker daemon, and if you do not assign a name to the container with `--name` then the daemon will also generate a random string name too. The name can become a handy way to add meaning to a container since you can use this name when defining -[*links*](../../use/working_with_links_names/#working-with-links-names) +[*links*](/use/working_with_links_names/#working-with-links-names) (or any other place you need to identify a container). This works for both background and foreground Docker containers. -#### [PID Equivalent](#id7) +### PID Equivalent And finally, to help with automation, you can have Docker write the container ID out to a file of your choosing. This is similar to how some -programs might write out their process ID to a file (you’ve seen them as +programs might write out their process ID to a file (you`ve seen them as PID files): --cidfile="": Write the container ID to the file -### [Network Settings](#id8) +## Network Settings - -n=true : Enable networking for this container - --dns=[] : Set custom dns servers for the container + --dns=[] : Set custom dns servers for the container + --net="bridge": Set the Network mode for the container ('bridge': creates a new network stack for the container on the docker bridge, 'none': no networking for this container, 'container:': reuses another container network stack), 'host': use the host network stack inside the container + --net="bridge" Set the Network mode for the container + 'bridge': creates a new network stack for the container on the docker bridge + 'none': no networking for this container + 'container:': reuses another container network stack + 'host': use the host network stack inside the contaner By default, all containers have networking enabled and they can make any outgoing connections. The operator can completely disable networking -with `docker run -n` which disables all incoming and +with `docker run --net none` which disables all incoming and outgoing networking. In cases like this, you would perform I/O through files or STDIN/STDOUT only. Your container will use the same DNS servers as the host by default, but you can override this with `--dns`. -### [Clean Up (–rm)](#id9) +Supported networking modes are: -By default a container’s file system persists even after the container +* none - no networking in the container +* bridge - (default) connect the container to the bridge via veth interfaces +* host - use the host's network stack inside the container +* container - use another container's network stack + +#### Mode: none +With the networking mode set to `none` a container will not have a access to +any external routes. The container will still have a `loopback` interface +enabled in the container but it does not have any routes to external traffic. + +#### Mode: bridge +With the networking mode set to `bridge` a container will use docker's default +networking setup. A bridge is setup on the host, commonly named `docker0`, +and a pair of veth interfaces will be created for the container. One side of +the veth pair will remain on the host attached to the bridge while the other +side of the pair will be placed inside the container's namespaces in addition +to the `loopback` interface. An IP address will be allocated for containers +on the bridge's network and trafic will be routed though this bridge to the +container. + +#### Mode: host +With the networking mode set to `host` a container will share the host's +network stack and all interfaces from the host will be available to the +container. The container's hostname will match the hostname on the host +system. Publishing ports and linking to other containers will not work +when sharing the host's network stack. + +#### Mode: container +With the networking mode set to `container` a container will share the +network stack of another container. The other container's name must be +provided in the format of `--net container:`. + +Example running a redis container with redis binding to localhost then +running the redis-cli and connecting to the redis server over the +localhost interface. + + $ docker run -d --name redis example/redis --bind 127.0.0.1 + $ # use the redis container's network stack to access localhost + $ docker run --rm -ti --net container:redis example/redis-cli -h 127.0.0.1 + +## Clean Up (–rm) + +By default a container's file system persists even after the container exits. This makes debugging a lot easier (since you can inspect the final state) and you retain all your data by default. But if you are running short-term **foreground** processes, these container file -systems can really pile up. If instead you’d like Docker to +systems can really pile up. If instead you'd like Docker to **automatically clean up the container and remove the file system when the container exits**, you can add the `--rm` flag: --rm=false: Automatically remove the container when it exits (incompatible with -d) -### [Runtime Constraints on CPU and Memory](#id10) +## Runtime Constraints on CPU and Memory The operator can also adjust the performance parameters of the container: @@ -181,7 +226,7 @@ the same priority and get the same proportion of CPU cycles, but you can tell the kernel to give more shares of CPU time to one or more containers when you start them via Docker. -### [Runtime Privilege and LXC Configuration](#id11) +## Runtime Privilege and LXC Configuration --privileged=false: Give extended privileges to this container --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" @@ -189,71 +234,63 @@ containers when you start them via Docker. By default, Docker containers are "unprivileged" and cannot, for example, run a Docker daemon inside a Docker container. This is because by default a container is not allowed to access any devices, but a -"privileged" container is given access to all devices (see -[lxc-template.go](https://github.com/dotcloud/docker/blob/master/execdriver/lxc/lxc_template.go) -and documentation on [cgroups -devices](https://www.kernel.org/doc/Documentation/cgroups/devices.txt)). +"privileged" container is given access to all devices (see [lxc-template.go]( +https://github.com/dotcloud/docker/blob/master/execdriver/lxc/lxc_template.go) +and documentation on [cgroups devices]( +https://www.kernel.org/doc/Documentation/cgroups/devices.txt)). When the operator executes `docker run --privileged`, Docker will enable to access to all devices on the host as well as set some configuration in AppArmor to allow the container nearly all the same access to the host as processes running outside containers on the host. Additional information about running with `--privileged` is available on the -[Docker -Blog](http://blog.docker.io/2013/09/docker-can-now-run-within-docker/). +[Docker Blog](http://blog.docker.io/2013/09/docker-can-now-run-within-docker/). -If the Docker daemon was started using the `lxc` -exec-driver (`docker -d --exec-driver=lxc`) then the -operator can also specify LXC options using one or more -`--lxc-conf` parameters. These can be new parameters -or override existing parameters from the -[lxc-template.go](https://github.com/dotcloud/docker/blob/master/execdriver/lxc/lxc_template.go). -Note that in the future, a given host’s Docker daemon may not use LXC, -so this is an implementation-specific configuration meant for operators -already familiar with using LXC directly. +If the Docker daemon was started using the `lxc` exec-driver +(`docker -d --exec-driver=lxc`) then the operator can also specify LXC options +using one or more `--lxc-conf` parameters. These can be new parameters or +override existing parameters from the [lxc-template.go]( +https://github.com/dotcloud/docker/blob/master/execdriver/lxc/lxc_template.go). +Note that in the future, a given host's docker daemon may not use LXC, so this +is an implementation-specific configuration meant for operators already +familiar with using LXC directly. -## Overriding `Dockerfile` Image Defaults +## Overriding Dockerfile Image Defaults -When a developer builds an image from a -[*Dockerfile*](../builder/#dockerbuilder) or when she commits it, the -developer can set a number of default parameters that take effect when -the image starts up as a container. +When a developer builds an image from a [*Dockerfile*](builder/#dockerbuilder) +or when she commits it, the developer can set a number of default parameters +that take effect when the image starts up as a container. -Four of the `Dockerfile` commands cannot be -overridden at runtime: `FROM, MAINTAINER, RUN`, and -`ADD`. Everything else has a corresponding override -in `docker run`. We’ll go through what the developer -might have set in each `Dockerfile` instruction and -how the operator can override that setting. +Four of the Dockerfile commands cannot be overridden at runtime: `FROM`, +`MAINTAINER`, `RUN`, and `ADD`. Everything else has a corresponding override +in `docker run`. We'll go through what the developer might have set in each +Dockerfile instruction and how the operator can override that setting. -- [CMD (Default Command or Options)](#cmd-default-command-or-options) -- [ENTRYPOINT (Default Command to Execute at - Runtime](#entrypoint-default-command-to-execute-at-runtime) -- [EXPOSE (Incoming Ports)](#expose-incoming-ports) -- [ENV (Environment Variables)](#env-environment-variables) -- [VOLUME (Shared Filesystems)](#volume-shared-filesystems) -- [USER](#user) -- [WORKDIR](#workdir) + - [CMD (Default Command or Options)](#cmd-default-command-or-options) + - [ENTRYPOINT (Default Command to Execute at Runtime)]( + #entrypoint-default-command-to-execute-at-runtime) + - [EXPOSE (Incoming Ports)](#expose-incoming-ports) + - [ENV (Environment Variables)](#env-environment-variables) + - [VOLUME (Shared Filesystems)](#volume-shared-filesystems) + - [USER](#user) + - [WORKDIR](#workdir) -### [CMD (Default Command or Options)](#id12) +## CMD (Default Command or Options) Recall the optional `COMMAND` in the Docker commandline: - docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] + $ docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] -This command is optional because the person who created the -`IMAGE` may have already provided a default -`COMMAND` using the `Dockerfile` -`CMD`. As the operator (the person running a -container from the image), you can override that `CMD` -just by specifying a new `COMMAND`. +This command is optional because the person who created the `IMAGE` may have +already provided a default `COMMAND` using the Dockerfile `CMD`. As the +operator (the person running a container from the image), you can override that +`CMD` just by specifying a new `COMMAND`. -If the image also specifies an `ENTRYPOINT` then the -`CMD` or `COMMAND` get appended -as arguments to the `ENTRYPOINT`. +If the image also specifies an `ENTRYPOINT` then the `CMD` or `COMMAND` get +appended as arguments to the `ENTRYPOINT`. -### [ENTRYPOINT (Default Command to Execute at Runtime](#id13) +## ENTRYPOINT (Default Command to Execute at Runtime) --entrypoint="": Overwrite the default entrypoint set by the image @@ -269,20 +306,19 @@ runtime by using a string to specify the new `ENTRYPOINT`. Here is an example of how to run a shell in a container that has been set up to automatically run something else (like `/usr/bin/redis-server`): - docker run -i -t --entrypoint /bin/bash example/redis + $ docker run -i -t --entrypoint /bin/bash example/redis or two examples of how to pass more parameters to that ENTRYPOINT: - docker run -i -t --entrypoint /bin/bash example/redis -c ls -l - docker run -i -t --entrypoint /usr/bin/redis-cli example/redis --help + $ docker run -i -t --entrypoint /bin/bash example/redis -c ls -l + $ docker run -i -t --entrypoint /usr/bin/redis-cli example/redis --help -### [EXPOSE (Incoming Ports)](#id14) +## EXPOSE (Incoming Ports) -The `Dockerfile` doesn’t give much control over -networking, only providing the `EXPOSE` instruction -to give a hint to the operator about what incoming ports might provide -services. The following options work with or override the -`Dockerfile`‘s exposed defaults: +The Dockerfile doesn't give much control over networking, only providing the +`EXPOSE` instruction to give a hint to the operator about what incoming ports +might provide services. The following options work with or override the +Dockerfile's exposed defaults: --expose=[]: Expose a port from the container without publishing it to your host @@ -293,40 +329,34 @@ services. The following options work with or override the (use 'docker port' to see the actual mapping) --link="" : Add link to another container (name:alias) -As mentioned previously, `EXPOSE` (and -`--expose`) make a port available **in** a container -for incoming connections. The port number on the inside of the container -(where the service listens) does not need to be the same number as the -port exposed on the outside of the container (where clients connect), so -inside the container you might have an HTTP service listening on port 80 -(and so you `EXPOSE 80` in the -`Dockerfile`), but outside the container the port -might be 42800. +As mentioned previously, `EXPOSE` (and `--expose`) make a port available **in** +a container for incoming connections. The port number on the inside of the +container (where the service listens) does not need to be the same number as the +port exposed on the outside of the container (where clients connect), so inside +the container you might have an HTTP service listening on port 80 (and so you +`EXPOSE 80` in the Dockerfile), but outside the container the port might be +42800. -To help a new client container reach the server container’s internal -port operator `--expose`‘d by the operator or -`EXPOSE`‘d by the developer, the operator has three -choices: start the server container with `-P` or -`-p,` or start the client container with -`--link`. +To help a new client container reach the server container's internal port +operator `--expose`'d by the operator or `EXPOSE`'d by the developer, the +operator has three choices: start the server container with `-P` or `-p,` or +start the client container with `--link`. -If the operator uses `-P` or `-p` -then Docker will make the exposed port accessible on the host -and the ports will be available to any client that can reach the host. -To find the map between the host ports and the exposed ports, use -`docker port`) +If the operator uses `-P` or `-p` then Docker will make the exposed port +accessible on the host and the ports will be available to any client that +can reach the host. To find the map between the host ports and the exposed +ports, use `docker port`) -If the operator uses `--link` when starting the new -client container, then the client container can access the exposed port -via a private networking interface. Docker will set some environment -variables in the client container to help indicate which interface and -port to use. +If the operator uses `--link` when starting the new client container, then the +client container can access the exposed port via a private networking interface. +Docker will set some environment variables in the client container to help +indicate which interface and port to use. -### [ENV (Environment Variables)](#id15) +## ENV (Environment Variables) -The operator can **set any environment variable** in the container by -using one or more `-e` flags, even overriding those -already defined by the developer with a Dockefile `ENV`: +The operator can **set any environment variable** in the container by using one +or more `-e` flags, even overriding those already defined by the developer with +a Dockefile `ENV`: $ docker run -e "deep=purple" --rm ubuntu /bin/bash -c export declare -x HOME="/" @@ -340,10 +370,10 @@ already defined by the developer with a Dockefile `ENV`: Similarly the operator can set the **hostname** with `-h`. -`--link name:alias` also sets environment variables, -using the *alias* string to define environment variables within the -container that give the IP and PORT information for connecting to the -service container. Let’s imagine we have a container running Redis: +`--link name:alias` also sets environment variables, using the *alias* string to +define environment variables within the container that give the IP and PORT +information for connecting to the service container. Let's imagine we have a +container running Redis: # Start the service container, named redis-name $ docker run -d --name redis-name dockerfiles/redis @@ -352,13 +382,13 @@ service container. Let’s imagine we have a container running Redis: # The redis-name container exposed port 6379 $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 4241164edf6f dockerfiles/redis:latest /redis-stable/src/re 5 seconds ago Up 4 seconds 6379/tcp redis-name + 4241164edf6f $ dockerfiles/redis:latest /redis-stable/src/re 5 seconds ago Up 4 seconds 6379/tcp redis-name # Note that there are no public ports exposed since we didn᾿t use -p or -P $ docker port 4241164edf6f 6379 2014/01/25 00:55:38 Error: No public port '6379' published for 4241164edf6f -Yet we can get information about the Redis container’s exposed ports +Yet we can get information about the Redis container'sexposed ports with `--link`. Choose an alias that will form a valid environment variable! @@ -377,40 +407,43 @@ valid environment variable! declare -x SHLVL="1" declare -x container="lxc" -And we can use that information to connect from another container as a -client: +And we can use that information to connect from another container as a client: $ docker run -i -t --rm --link redis-name:redis_alias --entrypoint /bin/bash dockerfiles/redis -c '/redis-stable/src/redis-cli -h $REDIS_ALIAS_PORT_6379_TCP_ADDR -p $REDIS_ALIAS_PORT_6379_TCP_PORT' 172.17.0.32:6379> -### [VOLUME (Shared Filesystems)](#id16) +Docker will also map the private IP address to the alias of a linked +container by inserting an entry into `/etc/hosts`. You can use this +mechanism to communicate with a linked container by its alias: + + $ docker run -d --name servicename busybox sleep 30 + $ docker run -i -t --link servicename:servicealias busybox ping -c 1 servicealias + +## VOLUME (Shared Filesystems) -v=[]: Create a bind mount with: [host-dir]:[container-dir]:[rw|ro]. If "container-dir" is missing, then docker creates a new volume. --volumes-from="": Mount all volumes from the given container(s) -The volumes commands are complex enough to have their own documentation -in section [*Share Directories via -Volumes*](../../use/working_with_volumes/#volume-def). A developer can -define one or more `VOLUME`s associated with an -image, but only the operator can give access from one container to -another (or from a container to a volume mounted on the host). +The volumes commands are complex enough to have their own documentation in +section [*Share Directories via Volumes*](/use/working_with_volumes/#volume-def). +A developer can define one or more `VOLUME's associated with an image, but only the +operator can give access from one container to another (or from a container to a +volume mounted on the host). -### [USER](#id17) +## USER -The default user within a container is `root` (id = -0), but if the developer created additional users, those are accessible -too. The developer can set a default user to run the first process with -the `Dockerfile USER` command, but the operator can -override it +The default user within a container is `root` (id = 0), but if the developer +created additional users, those are accessible too. The developer can set a +default user to run the first process with the `Dockerfile USER` command, +but the operator can override it: -u="": Username or UID -### [WORKDIR](#id18) +## WORKDIR -The default working directory for running binaries within a container is -the root directory (`/`), but the developer can set -a different default with the `Dockerfile WORKDIR` -command. The operator can override this with: +The default working directory for running binaries within a container is the +root directory (`/`), but the developer can set a different default with the +Dockerfile `WORKDIR` command. The operator can override this with: -w="": Working directory inside the container diff --git a/docs/sources/reference/run.rst b/docs/sources/reference/run.rst deleted file mode 100644 index 0e6247ea28..0000000000 --- a/docs/sources/reference/run.rst +++ /dev/null @@ -1,418 +0,0 @@ -:title: Docker Run Reference -:description: Configure containers at runtime -:keywords: docker, run, configure, runtime - -.. _run_docker: - -==================== -Docker Run Reference -==================== - -**Docker runs processes in isolated containers**. When an operator -executes ``docker run``, she starts a process with its own file -system, its own networking, and its own isolated process tree. The -:ref:`image_def` which starts the process may define defaults related -to the binary to run, the networking to expose, and more, but ``docker -run`` gives final control to the operator who starts the container -from the image. That's the main reason :ref:`cli_run` has more options -than any other ``docker`` command. - -Every one of the :ref:`example_list` shows running containers, and so -here we try to give more in-depth guidance. - -.. _run_running: - -General Form -============ - -As you've seen in the :ref:`example_list`, the basic `run` command -takes this form:: - - docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] - -To learn how to interpret the types of ``[OPTIONS]``, see -:ref:`cli_options`. - -The list of ``[OPTIONS]`` breaks down into two groups: - -1. Settings exclusive to operators, including: - - * Detached or Foreground running, - * Container Identification, - * Network settings, and - * Runtime Constraints on CPU and Memory - * Privileges and LXC Configuration - -2. Setting shared between operators and developers, where operators - can override defaults developers set in images at build time. - -Together, the ``docker run [OPTIONS]`` give complete control over -runtime behavior to the operator, allowing them to override all -defaults set by the developer during ``docker build`` and nearly all -the defaults set by the Docker runtime itself. - -Operator Exclusive Options -========================== - -Only the operator (the person executing ``docker run``) can set the -following options. - -.. contents:: - :local: - -Detached vs Foreground ----------------------- - -When starting a Docker container, you must first decide if you want to -run the container in the background in a "detached" mode or in the -default foreground mode:: - - -d=false: Detached mode: Run container in the background, print new container id - -Detached (-d) -............. - -In detached mode (``-d=true`` or just ``-d``), all I/O should be done -through network connections or shared volumes because the container is -no longer listening to the commandline where you executed ``docker -run``. You can reattach to a detached container with ``docker`` -:ref:`cli_attach`. If you choose to run a container in the detached -mode, then you cannot use the ``--rm`` option. - -Foreground -.......... - -In foreground mode (the default when ``-d`` is not specified), -``docker run`` can start the process in the container and attach the -console to the process's standard input, output, and standard -error. It can even pretend to be a TTY (this is what most commandline -executables expect) and pass along signals. All of that is -configurable:: - - -a=[] : Attach to ``stdin``, ``stdout`` and/or ``stderr`` - -t=false : Allocate a pseudo-tty - --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) - -i=false : Keep STDIN open even if not attached - -If you do not specify ``-a`` then Docker will `attach everything -(stdin,stdout,stderr) -`_. You -can specify to which of the three standard streams (``stdin``, ``stdout``, -``stderr``) you'd like to connect instead, as in:: - - docker run -a stdin -a stdout -i -t ubuntu /bin/bash - -For interactive processes (like a shell) you will typically want a tty -as well as persistent standard input (``stdin``), so you'll use ``-i --t`` together in most interactive cases. - -Container Identification ------------------------- - -Name (--name) -............. - -The operator can identify a container in three ways: - -* UUID long identifier ("f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778") -* UUID short identifier ("f78375b1c487") -* Name ("evil_ptolemy") - -The UUID identifiers come from the Docker daemon, and if you do not -assign a name to the container with ``--name`` then the daemon will -also generate a random string name too. The name can become a handy -way to add meaning to a container since you can use this name when -defining :ref:`links ` (or any other place -you need to identify a container). This works for both background and -foreground Docker containers. - -PID Equivalent -.............. - -And finally, to help with automation, you can have Docker write the -container ID out to a file of your choosing. This is similar to how -some programs might write out their process ID to a file (you've seen -them as PID files):: - - --cidfile="": Write the container ID to the file - -Network Settings ----------------- - -:: - - -n=true : Enable networking for this container - --dns=[] : Set custom dns servers for the container - -By default, all containers have networking enabled and they can make -any outgoing connections. The operator can completely disable -networking with ``docker run -n`` which disables all incoming and outgoing -networking. In cases like this, you would perform I/O through files or -STDIN/STDOUT only. - -Your container will use the same DNS servers as the host by default, -but you can override this with ``--dns``. - -Clean Up (--rm) ---------------- - -By default a container's file system persists even after the container -exits. This makes debugging a lot easier (since you can inspect the -final state) and you retain all your data by default. But if you are -running short-term **foreground** processes, these container file -systems can really pile up. If instead you'd like Docker to -**automatically clean up the container and remove the file system when -the container exits**, you can add the ``--rm`` flag:: - - --rm=false: Automatically remove the container when it exits (incompatible with -d) - - -Runtime Constraints on CPU and Memory -------------------------------------- - -The operator can also adjust the performance parameters of the container:: - - -m="": Memory limit (format: , where unit = b, k, m or g) - -c=0 : CPU shares (relative weight) - -The operator can constrain the memory available to a container easily -with ``docker run -m``. If the host supports swap memory, then the -``-m`` memory setting can be larger than physical RAM. - -Similarly the operator can increase the priority of this container -with the ``-c`` option. By default, all containers run at the same -priority and get the same proportion of CPU cycles, but you can tell -the kernel to give more shares of CPU time to one or more containers -when you start them via Docker. - -Runtime Privilege and LXC Configuration ---------------------------------------- - -:: - - --privileged=false: Give extended privileges to this container - --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" - -By default, Docker containers are "unprivileged" and cannot, for -example, run a Docker daemon inside a Docker container. This is -because by default a container is not allowed to access any devices, -but a "privileged" container is given access to all devices (see -lxc-template.go_ and documentation on `cgroups devices -`_). - -When the operator executes ``docker run --privileged``, Docker will -enable to access to all devices on the host as well as set some -configuration in AppArmor to allow the container nearly all the same -access to the host as processes running outside containers on the -host. Additional information about running with ``--privileged`` is -available on the `Docker Blog -`_. - -If the Docker daemon was started using the ``lxc`` exec-driver -(``docker -d --exec-driver=lxc``) then the operator can also specify -LXC options using one or more ``--lxc-conf`` parameters. These can be -new parameters or override existing parameters from the lxc-template.go_. -Note that in the future, a given host's Docker daemon may not use LXC, -so this is an implementation-specific configuration meant for operators -already familiar with using LXC directly. - -.. _lxc-template.go: https://github.com/dotcloud/docker/blob/master/execdriver/lxc/lxc_template.go - - -Overriding ``Dockerfile`` Image Defaults -======================================== - -When a developer builds an image from a :ref:`Dockerfile -` or when she commits it, the developer can set a -number of default parameters that take effect when the image starts up -as a container. - -Four of the ``Dockerfile`` commands cannot be overridden at runtime: -``FROM, MAINTAINER, RUN``, and ``ADD``. Everything else has a -corresponding override in ``docker run``. We'll go through what the -developer might have set in each ``Dockerfile`` instruction and how the -operator can override that setting. - -.. contents:: - :local: - -CMD (Default Command or Options) --------------------------------- - -Recall the optional ``COMMAND`` in the Docker commandline:: - - docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] - -This command is optional because the person who created the ``IMAGE`` -may have already provided a default ``COMMAND`` using the ``Dockerfile`` -``CMD``. As the operator (the person running a container from the -image), you can override that ``CMD`` just by specifying a new -``COMMAND``. - -If the image also specifies an ``ENTRYPOINT`` then the ``CMD`` or -``COMMAND`` get appended as arguments to the ``ENTRYPOINT``. - - -ENTRYPOINT (Default Command to Execute at Runtime -------------------------------------------------- - -:: - - --entrypoint="": Overwrite the default entrypoint set by the image - -The ENTRYPOINT of an image is similar to a ``COMMAND`` because it -specifies what executable to run when the container starts, but it is -(purposely) more difficult to override. The ``ENTRYPOINT`` gives a -container its default nature or behavior, so that when you set an -``ENTRYPOINT`` you can run the container *as if it were that binary*, -complete with default options, and you can pass in more options via -the ``COMMAND``. But, sometimes an operator may want to run something else -inside the container, so you can override the default ``ENTRYPOINT`` at -runtime by using a string to specify the new ``ENTRYPOINT``. Here is an -example of how to run a shell in a container that has been set up to -automatically run something else (like ``/usr/bin/redis-server``):: - - docker run -i -t --entrypoint /bin/bash example/redis - -or two examples of how to pass more parameters to that ENTRYPOINT:: - - docker run -i -t --entrypoint /bin/bash example/redis -c ls -l - docker run -i -t --entrypoint /usr/bin/redis-cli example/redis --help - - -EXPOSE (Incoming Ports) ------------------------ - -The ``Dockerfile`` doesn't give much control over networking, only -providing the ``EXPOSE`` instruction to give a hint to the operator -about what incoming ports might provide services. The following -options work with or override the ``Dockerfile``'s exposed defaults:: - - --expose=[]: Expose a port from the container - without publishing it to your host - -P=false : Publish all exposed ports to the host interfaces - -p=[] : Publish a container's port to the host (format: - ip:hostPort:containerPort | ip::containerPort | - hostPort:containerPort) - (use 'docker port' to see the actual mapping) - --link="" : Add link to another container (name:alias) - -As mentioned previously, ``EXPOSE`` (and ``--expose``) make a port -available **in** a container for incoming connections. The port number -on the inside of the container (where the service listens) does not -need to be the same number as the port exposed on the outside of the -container (where clients connect), so inside the container you might -have an HTTP service listening on port 80 (and so you ``EXPOSE 80`` in -the ``Dockerfile``), but outside the container the port might be 42800. - -To help a new client container reach the server container's internal -port operator ``--expose``'d by the operator or ``EXPOSE``'d by the -developer, the operator has three choices: start the server container -with ``-P`` or ``-p,`` or start the client container with ``--link``. - -If the operator uses ``-P`` or ``-p`` then Docker will make the -exposed port accessible on the host and the ports will be available to -any client that can reach the host. To find the map between the host -ports and the exposed ports, use ``docker port``) - -If the operator uses ``--link`` when starting the new client container, -then the client container can access the exposed port via a private -networking interface. Docker will set some environment variables in -the client container to help indicate which interface and port to use. - -ENV (Environment Variables) ---------------------------- - -The operator can **set any environment variable** in the container by -using one or more ``-e`` flags, even overriding those already defined by the -developer with a Dockefile ``ENV``:: - - $ docker run -e "deep=purple" --rm ubuntu /bin/bash -c export - declare -x HOME="/" - declare -x HOSTNAME="85bc26a0e200" - declare -x OLDPWD - declare -x PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - declare -x PWD="/" - declare -x SHLVL="1" - declare -x container="lxc" - declare -x deep="purple" - -Similarly the operator can set the **hostname** with ``-h``. - -``--link name:alias`` also sets environment variables, using the -*alias* string to define environment variables within the container -that give the IP and PORT information for connecting to the service -container. Let's imagine we have a container running Redis:: - - # Start the service container, named redis-name - $ docker run -d --name redis-name dockerfiles/redis - 4241164edf6f5aca5b0e9e4c9eccd899b0b8080c64c0cd26efe02166c73208f3 - - # The redis-name container exposed port 6379 - $ docker ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 4241164edf6f dockerfiles/redis:latest /redis-stable/src/re 5 seconds ago Up 4 seconds 6379/tcp redis-name - - # Note that there are no public ports exposed since we didn't use -p or -P - $ docker port 4241164edf6f 6379 - 2014/01/25 00:55:38 Error: No public port '6379' published for 4241164edf6f - - -Yet we can get information about the Redis container's exposed ports -with ``--link``. Choose an alias that will form a valid environment -variable! - -:: - - $ docker run --rm --link redis-name:redis_alias --entrypoint /bin/bash dockerfiles/redis -c export - declare -x HOME="/" - declare -x HOSTNAME="acda7f7b1cdc" - declare -x OLDPWD - declare -x PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - declare -x PWD="/" - declare -x REDIS_ALIAS_NAME="/distracted_wright/redis" - declare -x REDIS_ALIAS_PORT="tcp://172.17.0.32:6379" - declare -x REDIS_ALIAS_PORT_6379_TCP="tcp://172.17.0.32:6379" - declare -x REDIS_ALIAS_PORT_6379_TCP_ADDR="172.17.0.32" - declare -x REDIS_ALIAS_PORT_6379_TCP_PORT="6379" - declare -x REDIS_ALIAS_PORT_6379_TCP_PROTO="tcp" - declare -x SHLVL="1" - declare -x container="lxc" - -And we can use that information to connect from another container as a client:: - - $ docker run -i -t --rm --link redis-name:redis_alias --entrypoint /bin/bash dockerfiles/redis -c '/redis-stable/src/redis-cli -h $REDIS_ALIAS_PORT_6379_TCP_ADDR -p $REDIS_ALIAS_PORT_6379_TCP_PORT' - 172.17.0.32:6379> - -VOLUME (Shared Filesystems) ---------------------------- - -:: - - -v=[]: Create a bind mount with: [host-dir]:[container-dir]:[rw|ro]. - If "container-dir" is missing, then docker creates a new volume. - --volumes-from="": Mount all volumes from the given container(s) - -The volumes commands are complex enough to have their own -documentation in section :ref:`volume_def`. A developer can define one -or more ``VOLUME``\s associated with an image, but only the operator can -give access from one container to another (or from a container to a -volume mounted on the host). - -USER ----- - -The default user within a container is ``root`` (id = 0), but if the -developer created additional users, those are accessible too. The -developer can set a default user to run the first process with the -``Dockerfile USER`` command, but the operator can override it :: - - -u="": Username or UID - -WORKDIR -------- - -The default working directory for running binaries within a container is the root directory (``/``), but the developer can set a different default with the ``Dockerfile WORKDIR`` command. The operator can override this with:: - - -w="": Working directory inside the container - diff --git a/docs/sources/terms.md b/docs/sources/terms.md index 59579d99a1..228b18fbd9 100644 --- a/docs/sources/terms.md +++ b/docs/sources/terms.md @@ -4,10 +4,10 @@ ## Contents: -- [File System](filesystem/) -- [Layers](layer/) -- [Image](image/) -- [Container](container/) -- [Registry](registry/) -- [Repository](repository/) + - [File System](filesystem/) + - [Layers](layer/) + - [Image](image/) + - [Container](container/) + - [Registry](registry/) + - [Repository](repository/) diff --git a/docs/sources/terms/container.md b/docs/sources/terms/container.md index 92a0265d99..5bedc3160e 100644 --- a/docs/sources/terms/container.md +++ b/docs/sources/terms/container.md @@ -6,22 +6,20 @@ page_keywords: containers, lxc, concepts, explanation, image, container ## Introduction -![](../../_images/docker-filesystems-busyboxrw.png) +![](/terms/images/docker-filesystems-busyboxrw.png) -Once you start a process in Docker from an -[*Image*](../image/#image-def), Docker fetches the image and its -[*Parent Image*](../image/#parent-image-def), and repeats the process -until it reaches the [*Base Image*](../image/#base-image-def). Then the -[*Union File System*](../layer/#ufs-def) adds a read-write layer on top. -That read-write layer, plus the information about its [*Parent -Image*](../image/#parent-image-def) and some additional information like -its unique id, networking configuration, and resource limits is called a -**container**. +Once you start a process in Docker from an [*Image*](image.md), Docker fetches +the image and its [*Parent Image*](image.md), and repeats the process until it +reaches the [*Base Image*](image.md/#base-image-def). Then the +[*Union File System*](layer.md) adds a read-write layer on top. That read-write +layer, plus the information about its [*Parent Image*](image.md) and some +additional information like its unique id, networking configuration, and +resource limits is called a **container**. ## Container State -Containers can change, and so they have state. A container may be -**running** or **exited**. +Containers can change, and so they have state. A container may be **running** or +**exited**. When a container is running, the idea of a "container" also includes a tree of processes running on the CPU, isolated from the other processes @@ -33,9 +31,8 @@ processes restart from scratch (their memory state is **not** preserved in a container), but the file system is just as it was when the container was stopped. -You can promote a container to an [*Image*](../image/#image-def) with -`docker commit`. Once a container is an image, you -can use it as a parent for new containers. +You can promote a container to an [*Image*](image.md) with `docker commit`. +Once a container is an image, you can use it as a parent for new containers. ## Container IDs diff --git a/docs/sources/terms/container.rst b/docs/sources/terms/container.rst deleted file mode 100644 index 206664bd82..0000000000 --- a/docs/sources/terms/container.rst +++ /dev/null @@ -1,47 +0,0 @@ -:title: Container -:description: Definitions of a container -:keywords: containers, lxc, concepts, explanation, image, container - -.. _container_def: - -Container -========= - -.. image:: images/docker-filesystems-busyboxrw.png - -Once you start a process in Docker from an :ref:`image_def`, Docker -fetches the image and its :ref:`parent_image_def`, and repeats the -process until it reaches the :ref:`base_image_def`. Then the -:ref:`ufs_def` adds a read-write layer on top. That read-write layer, -plus the information about its :ref:`parent_image_def` and some -additional information like its unique id, networking configuration, -and resource limits is called a **container**. - -.. _container_state_def: - -Container State -............... - -Containers can change, and so they have state. A container may be -**running** or **exited**. - -When a container is running, the idea of a "container" also includes a -tree of processes running on the CPU, isolated from the other -processes running on the host. - -When the container is exited, the state of the file system and -its exit value is preserved. You can start, stop, and restart a -container. The processes restart from scratch (their memory state is -**not** preserved in a container), but the file system is just as it -was when the container was stopped. - -You can promote a container to an :ref:`image_def` with ``docker -commit``. Once a container is an image, you can use it as a parent for -new containers. - -Container IDs -............. -All containers are identified by a 64 hexadecimal digit string (internally a 256bit -value). To simplify their use, a short ID of the first 12 characters can be used -on the commandline. There is a small possibility of short id collisions, so the -docker server will always return the long ID. diff --git a/docs/sources/terms/filesystem.md b/docs/sources/terms/filesystem.md index 2038d009e3..5587e3c831 100644 --- a/docs/sources/terms/filesystem.md +++ b/docs/sources/terms/filesystem.md @@ -6,13 +6,13 @@ page_keywords: containers, files, linux ## Introduction -![](../../_images/docker-filesystems-generic.png) +![](/terms/images/docker-filesystems-generic.png) In order for a Linux system to run, it typically needs two [file systems](http://en.wikipedia.org/wiki/Filesystem): -1. boot file system (bootfs) -2. root file system (rootfs) +1. boot file system (bootfs) +2. root file system (rootfs) The **boot file system** contains the bootloader and the kernel. The user never makes any changes to the boot file system. In fact, soon @@ -22,10 +22,9 @@ initrd disk image. The **root file system** includes the typical directory structure we associate with Unix-like operating systems: -`/dev, /proc, /bin, /etc, /lib, /usr,` and -`/tmp` plus all the configuration files, binaries -and libraries required to run user applications (like bash, ls, and so -forth). +`/dev, /proc, /bin, /etc, /lib, /usr,` and `/tmp` plus all the configuration +files, binaries and libraries required to run user applications (like bash, +ls, and so forth). While there can be important kernel differences between different Linux distributions, the contents and organization of the root file system are @@ -33,4 +32,4 @@ usually what make your software packages dependent on one distribution versus another. Docker can help solve this problem by running multiple distributions at the same time. -![](../../_images/docker-filesystems-multiroot.png) +![](/terms/images/docker-filesystems-multiroot.png) diff --git a/docs/sources/terms/filesystem.rst b/docs/sources/terms/filesystem.rst deleted file mode 100644 index 0af893f198..0000000000 --- a/docs/sources/terms/filesystem.rst +++ /dev/null @@ -1,38 +0,0 @@ -:title: File Systems -:description: How Linux organizes its persistent storage -:keywords: containers, files, linux - -.. _filesystem_def: - -File System -=========== - -.. image:: images/docker-filesystems-generic.png - -In order for a Linux system to run, it typically needs two `file -systems `_: - -1. boot file system (bootfs) -2. root file system (rootfs) - -The **boot file system** contains the bootloader and the kernel. The -user never makes any changes to the boot file system. In fact, soon -after the boot process is complete, the entire kernel is in memory, -and the boot file system is unmounted to free up the RAM associated -with the initrd disk image. - - -The **root file system** includes the typical directory structure we -associate with Unix-like operating systems: ``/dev, /proc, /bin, /etc, -/lib, /usr,`` and ``/tmp`` plus all the configuration files, binaries -and libraries required to run user applications (like bash, ls, and so -forth). - -While there can be important kernel differences between different -Linux distributions, the contents and organization of the root file -system are usually what make your software packages dependent on one -distribution versus another. Docker can help solve this problem by -running multiple distributions at the same time. - -.. image:: images/docker-filesystems-multiroot.png - diff --git a/docs/sources/terms/image.md b/docs/sources/terms/image.md index 721d4c954c..b10debcc6a 100644 --- a/docs/sources/terms/image.md +++ b/docs/sources/terms/image.md @@ -6,7 +6,7 @@ page_keywords: containers, lxc, concepts, explanation, image, container ## Introduction -![](../../_images/docker-filesystems-debian.png) +![](/terms/images/docker-filesystems-debian.png) In Docker terminology, a read-only [*Layer*](../layer/#layer-def) is called an **image**. An image never changes. @@ -14,14 +14,14 @@ called an **image**. An image never changes. Since Docker uses a [*Union File System*](../layer/#ufs-def), the processes think the whole file system is mounted read-write. But all the changes go to the top-most writeable layer, and underneath, the original -file in the read-only image is unchanged. Since images don’t change, +file in the read-only image is unchanged. Since images don't change, images do not have state. -![](../../_images/docker-filesystems-debianrw.png) +![](/terms/images/docker-filesystems-debianrw.png) ## Parent Image -![](../../_images/docker-filesystems-multilayer.png) +![](/terms/images/docker-filesystems-multilayer.png) Each image may depend on one more image which forms the layer beneath it. We sometimes say that the lower image is the **parent** of the upper diff --git a/docs/sources/terms/image.rst b/docs/sources/terms/image.rst deleted file mode 100644 index 6d5c8b2e7c..0000000000 --- a/docs/sources/terms/image.rst +++ /dev/null @@ -1,46 +0,0 @@ -:title: Images -:description: Definition of an image -:keywords: containers, lxc, concepts, explanation, image, container - -.. _image_def: - -Image -===== - -.. image:: images/docker-filesystems-debian.png - -In Docker terminology, a read-only :ref:`layer_def` is called an -**image**. An image never changes. - -Since Docker uses a :ref:`ufs_def`, the processes think the whole file -system is mounted read-write. But all the changes go to the top-most -writeable layer, and underneath, the original file in the read-only -image is unchanged. Since images don't change, images do not have state. - -.. image:: images/docker-filesystems-debianrw.png - -.. _parent_image_def: - -Parent Image -............ - -.. image:: images/docker-filesystems-multilayer.png - -Each image may depend on one more image which forms the layer beneath -it. We sometimes say that the lower image is the **parent** of the -upper image. - -.. _base_image_def: - -Base Image -.......... - -An image that has no parent is a **base image**. - -Image IDs -......... -All images are identified by a 64 hexadecimal digit string (internally a 256bit -value). To simplify their use, a short ID of the first 12 characters can be used -on the command line. There is a small possibility of short id collisions, so the -docker server will always return the long ID. - diff --git a/docs/sources/terms/index.rst b/docs/sources/terms/index.rst deleted file mode 100644 index 40851082b5..0000000000 --- a/docs/sources/terms/index.rst +++ /dev/null @@ -1,24 +0,0 @@ -:title: Glossary -:description: Definitions of terms used in Docker documentation -:keywords: concepts, documentation, docker, containers - - - -Glossary -======== - -Definitions of terms used in Docker documentation. - -Contents: - -.. toctree:: - :maxdepth: 1 - - filesystem - layer - image - container - registry - repository - - diff --git a/docs/sources/terms/layer.md b/docs/sources/terms/layer.md index 7665467aae..b4b2ea4b7a 100644 --- a/docs/sources/terms/layer.md +++ b/docs/sources/terms/layer.md @@ -20,7 +20,7 @@ file system *over* the read-only file system. In fact there may be multiple read-only file systems stacked on top of each other. We think of each one of these file systems as a **layer**. -![](../../_images/docker-filesystems-multilayer.png) +![](/terms/images/docker-filesystems-multilayer.png) At first, the top read-write layer has nothing in it, but any time a process creates a file, this happens in the top layer. And if something diff --git a/docs/sources/terms/layer.rst b/docs/sources/terms/layer.rst deleted file mode 100644 index 509dbe5cba..0000000000 --- a/docs/sources/terms/layer.rst +++ /dev/null @@ -1,40 +0,0 @@ -:title: Layers -:description: Organizing the Docker Root File System -:keywords: containers, lxc, concepts, explanation, image, container - -Layers -====== - -In a traditional Linux boot, the kernel first mounts the root -:ref:`filesystem_def` as read-only, checks its integrity, and then -switches the whole rootfs volume to read-write mode. - -.. _layer_def: - -Layer -..... - -When Docker mounts the rootfs, it starts read-only, as in a traditional -Linux boot, but then, instead of changing the file system to -read-write mode, it takes advantage of a `union mount -`_ to add a read-write file -system *over* the read-only file system. In fact there may be multiple -read-only file systems stacked on top of each other. We think of each -one of these file systems as a **layer**. - -.. image:: images/docker-filesystems-multilayer.png - -At first, the top read-write layer has nothing in it, but any time a -process creates a file, this happens in the top layer. And if -something needs to update an existing file in a lower layer, then the -file gets copied to the upper layer and changes go into the copy. The -version of the file on the lower layer cannot be seen by the -applications anymore, but it is there, unchanged. - -.. _ufs_def: - -Union File System -................. - -We call the union of the read-write layer and all the read-only layers -a **union file system**. diff --git a/docs/sources/terms/registry.md b/docs/sources/terms/registry.md index 0d5af2c65d..2006710607 100644 --- a/docs/sources/terms/registry.md +++ b/docs/sources/terms/registry.md @@ -1,20 +1,20 @@ page_title: Registry page_description: Definition of an Registry -page_keywords: containers, lxc, concepts, explanation, image, repository, container +page_keywords: containers, concepts, explanation, image, repository, container # Registry ## Introduction -A Registry is a hosted service containing -[*repositories*](../repository/#repository-def) of -[*images*](../image/#image-def) which responds to the Registry API. +A Registry is a hosted service containing [*repositories*]( +../repository/#repository-def) of [*images*](../image/#image-def) which +responds to the Registry API. The default registry can be accessed using a browser at -[http://images.docker.io](http://images.docker.io) or using the +[Docker.io](http://index.docker.io) or using the `sudo docker search` command. ## Further Reading -For more information see [*Working with -Repositories*](../../use/workingwithrepository/#working-with-the-repository) +For more information see [*Working with Repositories*]( +../use/workingwithrepository/#working-with-the-repository) diff --git a/docs/sources/terms/registry.rst b/docs/sources/terms/registry.rst deleted file mode 100644 index 90c3ee721c..0000000000 --- a/docs/sources/terms/registry.rst +++ /dev/null @@ -1,16 +0,0 @@ -:title: Registry -:description: Definition of an Registry -:keywords: containers, lxc, concepts, explanation, image, repository, container - -.. _registry_def: - -Registry -========== - -A Registry is a hosted service containing :ref:`repositories` -of :ref:`images` which responds to the Registry API. - -The default registry can be accessed using a browser at http://images.docker.io -or using the ``sudo docker search`` command. - -For more information see :ref:`Working with Repositories` diff --git a/docs/sources/terms/repository.md b/docs/sources/terms/repository.md index 7ccd69ad19..1e035c95f4 100644 --- a/docs/sources/terms/repository.md +++ b/docs/sources/terms/repository.md @@ -1,6 +1,6 @@ page_title: Repository page_description: Definition of an Repository -page_keywords: containers, lxc, concepts, explanation, image, repository, container +page_keywords: containers, concepts, explanation, image, repository, container # Repository @@ -13,26 +13,23 @@ server. Images can be associated with a repository (or multiple) by giving them an image name using one of three different commands: -1. At build time (e.g. `sudo docker build -t IMAGENAME` -), -2. When committing a container (e.g. - `sudo docker commit CONTAINERID IMAGENAME`) or -3. When tagging an image id with an image name (e.g. - `sudo docker tag IMAGEID IMAGENAME`). +1. At build time (e.g. `sudo docker build -t IMAGENAME`), +2. When committing a container (e.g. + `sudo docker commit CONTAINERID IMAGENAME`) or +3. When tagging an image id with an image name (e.g. + `sudo docker tag IMAGEID IMAGENAME`). A Fully Qualified Image Name (FQIN) can be made up of 3 parts: `[registry_hostname[:port]/][user_name/](repository_name:version_tag)` -`username` and `registry_hostname` -default to an empty string. When `registry_hostname` -is an empty string, then `docker push` -will push to `index.docker.io:80`. +`username` and `registry_hostname` default to an empty string. When +`registry_hostname` is an empty string, then `docker push` will push to +`index.docker.io:80`. If you create a new repository which you want to share, you will need to -set at least the `user_name`, as the ‘default’ blank -`user_name` prefix is reserved for official Docker -images. +set at least the `user_name`, as the `default` blank `user_name` prefix is +reserved for official Docker images. -For more information see [*Working with -Repositories*](../../use/workingwithrepository/#working-with-the-repository) +For more information see [*Working with Repositories*]( +../use/workingwithrepository/#working-with-the-repository) diff --git a/docs/sources/terms/repository.rst b/docs/sources/terms/repository.rst deleted file mode 100644 index 04f3950f36..0000000000 --- a/docs/sources/terms/repository.rst +++ /dev/null @@ -1,30 +0,0 @@ -:title: Repository -:description: Definition of an Repository -:keywords: containers, lxc, concepts, explanation, image, repository, container - -.. _repository_def: - -Repository -========== - -A repository is a set of images either on your local Docker server, or -shared, by pushing it to a :ref:`Registry` server. - -Images can be associated with a repository (or multiple) by giving them an image name -using one of three different commands: - -1. At build time (e.g. ``sudo docker build -t IMAGENAME``), -2. When committing a container (e.g. ``sudo docker commit CONTAINERID IMAGENAME``) or -3. When tagging an image id with an image name (e.g. ``sudo docker tag IMAGEID IMAGENAME``). - -A `Fully Qualified Image Name` (FQIN) can be made up of 3 parts: - -``[registry_hostname[:port]/][user_name/](repository_name:version_tag)`` - -``username`` and ``registry_hostname`` default to an empty string. -When ``registry_hostname`` is an empty string, then ``docker push`` will push to ``index.docker.io:80``. - -If you create a new repository which you want to share, you will need to set at least the -``user_name``, as the 'default' blank ``user_name`` prefix is reserved for official Docker images. - -For more information see :ref:`Working with Repositories` diff --git a/docs/sources/toctree.md b/docs/sources/toctree.md index e837c7e3af..ec1832fc21 100644 --- a/docs/sources/toctree.md +++ b/docs/sources/toctree.md @@ -6,12 +6,12 @@ page_keywords: todo, docker, documentation, installation, usage, examples, contr This documentation has the following resources: -- [Installation](../installation/) -- [Use](../use/) -- [Examples](../examples/) -- [Reference Manual](../reference/) -- [Contributing](../contributing/) -- [Glossary](../terms/) -- [Articles](../articles/) -- [FAQ](../faq/) + - [Installation](../installation/) + - [Use](../use/) + - [Examples](../examples/) + - [Reference Manual](../reference/) + - [Contributing](../contributing/) + - [Glossary](../terms/) + - [Articles](../articles/) + - [FAQ](../faq/) diff --git a/docs/sources/toctree.rst b/docs/sources/toctree.rst deleted file mode 100644 index d09bcc313c..0000000000 --- a/docs/sources/toctree.rst +++ /dev/null @@ -1,21 +0,0 @@ -:title: Documentation -:description: -- todo: change me -:keywords: todo, docker, documentation, installation, usage, examples, contributing, faq, command line, concepts - -Documentation -============= - -This documentation has the following resources: - -.. toctree:: - :maxdepth: 1 - - installation/index - use/index - examples/index - reference/index - contributing/index - terms/index - articles/index - faq - diff --git a/docs/sources/use.md b/docs/sources/use.md index ce4a51025c..5b2524361e 100644 --- a/docs/sources/use.md +++ b/docs/sources/use.md @@ -2,12 +2,12 @@ ## Contents: -- [First steps with Docker](basics/) -- [Share Images via Repositories](workingwithrepository/) -- [Redirect Ports](port_redirection/) -- [Configure Networking](networking/) -- [Automatically Start Containers](host_integration/) -- [Share Directories via Volumes](working_with_volumes/) -- [Link Containers](working_with_links_names/) -- [Link via an Ambassador Container](ambassador_pattern_linking/) -- [Using Puppet](puppet/) \ No newline at end of file + - [First steps with Docker](basics/) + - [Share Images via Repositories](workingwithrepository/) + - [Redirect Ports](port_redirection/) + - [Configure Networking](networking/) + - [Automatically Start Containers](host_integration/) + - [Share Directories via Volumes](working_with_volumes/) + - [Link Containers](working_with_links_names/) + - [Link via an Ambassador Container](ambassador_pattern_linking/) + - [Using Puppet](puppet/) \ No newline at end of file diff --git a/docs/sources/use/ambassador_pattern_linking.md b/docs/sources/use/ambassador_pattern_linking.md index 685d155917..2bdd434f6e 100644 --- a/docs/sources/use/ambassador_pattern_linking.md +++ b/docs/sources/use/ambassador_pattern_linking.md @@ -62,8 +62,7 @@ linking to the local redis ambassador. ## How it works The following example shows what the `svendowideit/ambassador` -container does automatically (with a tiny amount of -`sed`) +container does automatically (with a tiny amount of `sed`) On the docker host (192.168.1.52) that redis will run on: @@ -82,8 +81,8 @@ On the docker host (192.168.1.52) that redis will run on: # add redis ambassador $ docker run -t -i -link redis:redis -name redis_ambassador -p 6379:6379 busybox sh -in the redis\_ambassador container, you can see the linked redis -containers’s env +in the redis_ambassador container, you can see the linked redis +containers'senv $ env REDIS_PORT=tcp://172.17.0.136:6379 @@ -147,7 +146,7 @@ remote IP and port - in this case `192.168.1.52:6379`. # then to run it (on the host that has the real backend on it) # docker run -t -i -link redis:redis -name redis_ambassador -p 6379:6379 ambassador # on the remote host, you can set up another ambassador - # docker run -t -i -name redis_ambassador -expose 6379 sh + # docker run -t -i -name redis_ambassador -expose 6379 sh FROM docker-ut MAINTAINER SvenDowideit@home.org.au diff --git a/docs/sources/use/ambassador_pattern_linking.rst b/docs/sources/use/ambassador_pattern_linking.rst deleted file mode 100644 index bbd5816768..0000000000 --- a/docs/sources/use/ambassador_pattern_linking.rst +++ /dev/null @@ -1,183 +0,0 @@ -:title: Link via an Ambassador Container -:description: Using the Ambassador pattern to abstract (network) services -:keywords: Examples, Usage, links, docker, documentation, examples, names, name, container naming - -.. _ambassador_pattern_linking: - -Link via an Ambassador Container -================================ - -Rather than hardcoding network links between a service consumer and provider, Docker -encourages service portability. - -eg, instead of - -.. code-block:: bash - - (consumer) --> (redis) - -requiring you to restart the ``consumer`` to attach it to a different ``redis`` service, -you can add ambassadors - -.. code-block:: bash - - (consumer) --> (redis-ambassador) --> (redis) - - or - - (consumer) --> (redis-ambassador) ---network---> (redis-ambassador) --> (redis) - -When you need to rewire your consumer to talk to a different redis server, you -can just restart the ``redis-ambassador`` container that the consumer is connected to. - -This pattern also allows you to transparently move the redis server to a different -docker host from the consumer. - -Using the ``svendowideit/ambassador`` container, the link wiring is controlled entirely -from the ``docker run`` parameters. - -Two host Example ----------------- - -Start actual redis server on one Docker host - -.. code-block:: bash - - big-server $ docker run -d --name redis crosbymichael/redis - -Then add an ambassador linked to the redis server, mapping a port to the outside world - -.. code-block:: bash - - big-server $ docker run -d --link redis:redis --name redis_ambassador -p 6379:6379 svendowideit/ambassador - -On the other host, you can set up another ambassador setting environment variables for each remote port we want to proxy to the ``big-server`` - -.. code-block:: bash - - client-server $ docker run -d --name redis_ambassador --expose 6379 -e REDIS_PORT_6379_TCP=tcp://192.168.1.52:6379 svendowideit/ambassador - -Then on the ``client-server`` host, you can use a redis client container to talk -to the remote redis server, just by linking to the local redis ambassador. - -.. code-block:: bash - - client-server $ docker run -i -t --rm --link redis_ambassador:redis relateiq/redis-cli - redis 172.17.0.160:6379> ping - PONG - - - -How it works ------------- - -The following example shows what the ``svendowideit/ambassador`` container does -automatically (with a tiny amount of ``sed``) - -On the docker host (192.168.1.52) that redis will run on: - -.. code-block:: bash - - # start actual redis server - $ docker run -d --name redis crosbymichael/redis - - # get a redis-cli container for connection testing - $ docker pull relateiq/redis-cli - - # test the redis server by talking to it directly - $ docker run -t -i --rm --link redis:redis relateiq/redis-cli - redis 172.17.0.136:6379> ping - PONG - ^D - - # add redis ambassador - $ docker run -t -i --link redis:redis --name redis_ambassador -p 6379:6379 busybox sh - -in the redis_ambassador container, you can see the linked redis containers's env - -.. code-block:: bash - - $ env - REDIS_PORT=tcp://172.17.0.136:6379 - REDIS_PORT_6379_TCP_ADDR=172.17.0.136 - REDIS_NAME=/redis_ambassador/redis - HOSTNAME=19d7adf4705e - REDIS_PORT_6379_TCP_PORT=6379 - HOME=/ - REDIS_PORT_6379_TCP_PROTO=tcp - container=lxc - REDIS_PORT_6379_TCP=tcp://172.17.0.136:6379 - TERM=xterm - PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - PWD=/ - - -This environment is used by the ambassador socat script to expose redis to the world -(via the -p 6379:6379 port mapping) - -.. code-block:: bash - - $ docker rm redis_ambassador - $ sudo ./contrib/mkimage-unittest.sh - $ docker run -t -i --link redis:redis --name redis_ambassador -p 6379:6379 docker-ut sh - - $ socat TCP4-LISTEN:6379,fork,reuseaddr TCP4:172.17.0.136:6379 - -then ping the redis server via the ambassador - -.. code-block::bash - - $ docker run -i -t --rm --link redis_ambassador:redis relateiq/redis-cli - redis 172.17.0.160:6379> ping - PONG - -Now goto a different server - -.. code-block:: bash - - $ sudo ./contrib/mkimage-unittest.sh - $ docker run -t -i --expose 6379 --name redis_ambassador docker-ut sh - - $ socat TCP4-LISTEN:6379,fork,reuseaddr TCP4:192.168.1.52:6379 - -and get the redis-cli image so we can talk over the ambassador bridge - -.. code-block:: bash - - $ docker pull relateiq/redis-cli - $ docker run -i -t --rm --link redis_ambassador:redis relateiq/redis-cli - redis 172.17.0.160:6379> ping - PONG - -The svendowideit/ambassador Dockerfile --------------------------------------- - -The ``svendowideit/ambassador`` image is a small busybox image with ``socat`` built in. -When you start the container, it uses a small ``sed`` script to parse out the (possibly multiple) -link environment variables to set up the port forwarding. On the remote host, you need to set the -variable using the ``-e`` command line option. - -``--expose 1234 -e REDIS_PORT_1234_TCP=tcp://192.168.1.52:6379`` will forward the -local ``1234`` port to the remote IP and port - in this case ``192.168.1.52:6379``. - - -:: - - # - # - # first you need to build the docker-ut image - # using ./contrib/mkimage-unittest.sh - # then - # docker build -t SvenDowideit/ambassador . - # docker tag SvenDowideit/ambassador ambassador - # then to run it (on the host that has the real backend on it) - # docker run -t -i --link redis:redis --name redis_ambassador -p 6379:6379 ambassador - # on the remote host, you can set up another ambassador - # docker run -t -i --name redis_ambassador --expose 6379 sh - - FROM docker-ut - MAINTAINER SvenDowideit@home.org.au - - - CMD env | grep _TCP= | sed 's/.*_PORT_\([0-9]*\)_TCP=tcp:\/\/\(.*\):\(.*\)/socat TCP4-LISTEN:\1,fork,reuseaddr TCP4:\2:\3 \&/' | sh && top - diff --git a/docs/sources/use/basics.md b/docs/sources/use/basics.md index e283a9dec8..ee3eeabd9d 100644 --- a/docs/sources/use/basics.md +++ b/docs/sources/use/basics.md @@ -10,24 +10,24 @@ This guide assumes you have a working installation of Docker. To check your Docker install, run the following command: # Check that you have a working install - docker info + $ docker info If you get `docker: command not found` or something like `/var/lib/docker/repositories: permission denied` you may have an incomplete docker installation or insufficient privileges to access Docker on your machine. -Please refer to [*Installation*](../../installation/#installation-list) +Please refer to [*Installation*](/installation/#installation-list) for installation instructions. ## Download a pre-built image # Download an ubuntu image - sudo docker pull ubuntu + $ sudo docker pull ubuntu -This will find the `ubuntu` image by name in the -[*Central Index*](../workingwithrepository/#searching-central-index) and -download it from the top-level Central Repository to a local image +This will find the `ubuntu` image by name on +[*Docker.io*](../workingwithrepository/#find-public-images-on-dockerio) and +download it from [Docker.io](https://index.docker.io) to a local image cache. > **Note**: @@ -37,7 +37,7 @@ cache. > characters of the full image ID - which can be found using > `docker inspect` or `docker images --no-trunc=true` -**If you’re using OS X** then you shouldn’t use `sudo`. +**If you're using OS X** then you shouldn't use `sudo`. ## Running an interactive shell @@ -46,7 +46,7 @@ cache. # To detach the tty without exiting the shell, # use the escape sequence Ctrl-p + Ctrl-q # note: This will continue to exist in a stopped state once exited (see "docker ps -a") - sudo docker run -i -t ubuntu /bin/bash + $ sudo docker run -i -t ubuntu /bin/bash ## Bind Docker to another host/port or a Unix socket @@ -75,9 +75,9 @@ following format: `tcp://[host][:port]` or For example: -- `tcp://host:4243` -\> tcp connection on +- `tcp://host:4243` -> tcp connection on host:4243 -- `unix://path/to/socket` -\> unix socket located +- `unix://path/to/socket` -> unix socket located at `path/to/socket` `-H`, when empty, will default to the same value as @@ -87,70 +87,70 @@ when no `-H` was passed in. `host[:port]` or `:port` # Run docker in daemon mode - sudo /docker -H 0.0.0.0:5555 -d & + $ sudo /docker -H 0.0.0.0:5555 -d & # Download an ubuntu image - sudo docker -H :5555 pull ubuntu + $ sudo docker -H :5555 pull ubuntu You can use multiple `-H`, for example, if you want to listen on both TCP and a Unix socket # Run docker in daemon mode - sudo /docker -H tcp://127.0.0.1:4243 -H unix:///var/run/docker.sock -d & + $ sudo /docker -H tcp://127.0.0.1:4243 -H unix:///var/run/docker.sock -d & # Download an ubuntu image, use default Unix socket - sudo docker pull ubuntu + $ sudo docker pull ubuntu # OR use the TCP port - sudo docker -H tcp://127.0.0.1:4243 pull ubuntu + $ sudo docker -H tcp://127.0.0.1:4243 pull ubuntu ## Starting a long-running worker process # Start a very useful long-running process - JOB=$(sudo docker run -d ubuntu /bin/sh -c "while true; do echo Hello world; sleep 1; done") + $ JOB=$(sudo docker run -d ubuntu /bin/sh -c "while true; do echo Hello world; sleep 1; done") # Collect the output of the job so far - sudo docker logs $JOB + $ sudo docker logs $JOB # Kill the job - sudo docker kill $JOB + $ sudo docker kill $JOB ## Listing containers - sudo docker ps # Lists only running containers - sudo docker ps -a # Lists all containers + $ sudo docker ps # Lists only running containers + $ sudo docker ps -a # Lists all containers ## Controlling containers # Start a new container - JOB=$(sudo docker run -d ubuntu /bin/sh -c "while true; do echo Hello world; sleep 1; done") + $ JOB=$(sudo docker run -d ubuntu /bin/sh -c "while true; do echo Hello world; sleep 1; done") # Stop the container - docker stop $JOB + $ docker stop $JOB # Start the container - docker start $JOB + $ docker start $JOB # Restart the container - docker restart $JOB + $ docker restart $JOB # SIGKILL a container - docker kill $JOB + $ docker kill $JOB # Remove a container - docker stop $JOB # Container must be stopped to remove it - docker rm $JOB + $ docker stop $JOB # Container must be stopped to remove it + $ docker rm $JOB ## Bind a service on a TCP port # Bind port 4444 of this container, and tell netcat to listen on it - JOB=$(sudo docker run -d -p 4444 ubuntu:12.10 /bin/nc -l 4444) + $ JOB=$(sudo docker run -d -p 4444 ubuntu:12.10 /bin/nc -l 4444) # Which public port is NATed to my container? - PORT=$(sudo docker port $JOB 4444 | awk -F: '{ print $2 }') + $ PORT=$(sudo docker port $JOB 4444 | awk -F: '{ print $2 }') # Connect to the public port - echo hello world | nc 127.0.0.1 $PORT + $ echo hello world | nc 127.0.0.1 $PORT # Verify that the network connection worked - echo "Daemon received: $(sudo docker logs $JOB)" + $ echo "Daemon received: $(sudo docker logs $JOB)" ## Committing (saving) a container state @@ -163,14 +163,13 @@ will be stored (as a diff). See which images you already have using the `docker images` command. # Commit your container to a new named image - sudo docker commit + $ sudo docker commit # List your containers - sudo docker images + $ sudo docker images You now have a image state from which you can create new instances. -Read more about [*Share Images via -Repositories*](../workingwithrepository/#working-with-the-repository) or -continue to the complete [*Command -Line*](../../reference/commandline/cli/#cli) +Read more about [*Share Images via Repositories*]( +../workingwithrepository/#working-with-the-repository) or +continue to the complete [*Command Line*](/reference/commandline/cli/#cli) diff --git a/docs/sources/use/basics.rst b/docs/sources/use/basics.rst deleted file mode 100644 index 4164e706f7..0000000000 --- a/docs/sources/use/basics.rst +++ /dev/null @@ -1,199 +0,0 @@ -:title: First steps with Docker -:description: Common usage and commands -:keywords: Examples, Usage, basic commands, docker, documentation, examples - - -First steps with Docker -======================= - -Check your Docker install -------------------------- - -This guide assumes you have a working installation of Docker. To check -your Docker install, run the following command: - -.. code-block:: bash - - # Check that you have a working install - docker info - -If you get ``docker: command not found`` or something like -``/var/lib/docker/repositories: permission denied`` you may have an incomplete -docker installation or insufficient privileges to access Docker on your machine. - -Please refer to :ref:`installation_list` for installation instructions. - -Download a pre-built image --------------------------- - -.. code-block:: bash - - # Download an ubuntu image - sudo docker pull ubuntu - -This will find the ``ubuntu`` image by name in the :ref:`Central Index -` and download it from the top-level Central -Repository to a local image cache. - -.. NOTE:: When the image has successfully downloaded, you will see a - 12 character hash ``539c0211cd76: Download complete`` which is the - short form of the image ID. These short image IDs are the first 12 - characters of the full image ID - which can be found using ``docker - inspect`` or ``docker images --no-trunc=true`` - - **If you're using OS X** then you shouldn't use ``sudo`` - -Running an interactive shell ----------------------------- - -.. code-block:: bash - - # Run an interactive shell in the ubuntu image, - # allocate a tty, attach stdin and stdout - # To detach the tty without exiting the shell, - # use the escape sequence Ctrl-p + Ctrl-q - # note: This will continue to exist in a stopped state once exited (see "docker ps -a") - sudo docker run -i -t ubuntu /bin/bash - -.. _bind_docker: - -Bind Docker to another host/port or a Unix socket -------------------------------------------------- - -.. warning:: Changing the default ``docker`` daemon binding to a TCP - port or Unix *docker* user group will increase your security risks - by allowing non-root users to gain *root* access on the - host. Make sure you control access to ``docker``. If you are binding - to a TCP port, anyone with access to that port has full Docker access; - so it is not advisable on an open network. - -With ``-H`` it is possible to make the Docker daemon to listen on a -specific IP and port. By default, it will listen on -``unix:///var/run/docker.sock`` to allow only local connections by the -*root* user. You *could* set it to ``0.0.0.0:4243`` or a specific host IP to -give access to everybody, but that is **not recommended** because then -it is trivial for someone to gain root access to the host where the -daemon is running. - -Similarly, the Docker client can use ``-H`` to connect to a custom port. - -``-H`` accepts host and port assignment in the following format: -``tcp://[host][:port]`` or ``unix://path`` - -For example: - -* ``tcp://host:4243`` -> tcp connection on host:4243 -* ``unix://path/to/socket`` -> unix socket located at ``path/to/socket`` - -``-H``, when empty, will default to the same value as when no ``-H`` was passed in. - -``-H`` also accepts short form for TCP bindings: -``host[:port]`` or ``:port`` - -.. code-block:: bash - - # Run docker in daemon mode - sudo /docker -H 0.0.0.0:5555 -d & - # Download an ubuntu image - sudo docker -H :5555 pull ubuntu - -You can use multiple ``-H``, for example, if you want to listen on -both TCP and a Unix socket - -.. code-block:: bash - - # Run docker in daemon mode - sudo /docker -H tcp://127.0.0.1:4243 -H unix:///var/run/docker.sock -d & - # Download an ubuntu image, use default Unix socket - sudo docker pull ubuntu - # OR use the TCP port - sudo docker -H tcp://127.0.0.1:4243 pull ubuntu - -Starting a long-running worker process --------------------------------------- - -.. code-block:: bash - - # Start a very useful long-running process - JOB=$(sudo docker run -d ubuntu /bin/sh -c "while true; do echo Hello world; sleep 1; done") - - # Collect the output of the job so far - sudo docker logs $JOB - - # Kill the job - sudo docker kill $JOB - - -Listing containers ------------------- - -.. code-block:: bash - - sudo docker ps # Lists only running containers - sudo docker ps -a # Lists all containers - - -Controlling containers ----------------------- -.. code-block:: bash - - # Start a new container - JOB=$(sudo docker run -d ubuntu /bin/sh -c "while true; do echo Hello world; sleep 1; done") - - # Stop the container - docker stop $JOB - - # Start the container - docker start $JOB - - # Restart the container - docker restart $JOB - - # SIGKILL a container - docker kill $JOB - - # Remove a container - docker stop $JOB # Container must be stopped to remove it - docker rm $JOB - - -Bind a service on a TCP port ------------------------------- - -.. code-block:: bash - - # Bind port 4444 of this container, and tell netcat to listen on it - JOB=$(sudo docker run -d -p 4444 ubuntu:12.10 /bin/nc -l 4444) - - # Which public port is NATed to my container? - PORT=$(sudo docker port $JOB 4444 | awk -F: '{ print $2 }') - - # Connect to the public port - echo hello world | nc 127.0.0.1 $PORT - - # Verify that the network connection worked - echo "Daemon received: $(sudo docker logs $JOB)" - - -Committing (saving) a container state -------------------------------------- - -Save your containers state to a container image, so the state can be re-used. - -When you commit your container only the differences between the image the -container was created from and the current state of the container will be -stored (as a diff). See which images you already have using the ``docker -images`` command. - -.. code-block:: bash - - # Commit your container to a new named image - sudo docker commit - - # List your containers - sudo docker images - -You now have a image state from which you can create new instances. - -Read more about :ref:`working_with_the_repository` or continue to the -complete :ref:`cli` diff --git a/docs/sources/use/chef.md b/docs/sources/use/chef.md index 87e3215ced..897c2b429a 100644 --- a/docs/sources/use/chef.md +++ b/docs/sources/use/chef.md @@ -6,20 +6,20 @@ page_keywords: chef, installation, usage, docker, documentation > **Note**: > Please note this is a community contributed installation path. The only -> ‘official’ installation is using the -> [*Ubuntu*](../../installation/ubuntulinux/#ubuntu-linux) installation +> `official` installation is using the +> [*Ubuntu*](/installation/ubuntulinux/#ubuntu-linux) installation > path. This version may sometimes be out of date. ## Requirements -To use this guide you’ll need a working installation of +To use this guide you'll need a working installation of [Chef](http://www.getchef.com/). This cookbook supports a variety of operating systems. ## Installation The cookbook is available on the [Chef Community -Site](community.opscode.com/cookbooks/docker) and can be installed using +Site](http://community.opscode.com/cookbooks/docker) and can be installed using your favorite cookbook dependency manager. The source can be found on @@ -43,7 +43,7 @@ The next step is to pull a Docker image. For this, we have a resource: This is equivalent to running: - docker pull samalba/docker-registry + $ docker pull samalba/docker-registry There are attributes available to control how long the cookbook will allow for downloading (5 minute default). @@ -68,7 +68,7 @@ managed by Docker. This is equivalent to running the following command, but under upstart: - docker run --detach=true --publish='5000:5000' --env='SETTINGS_FLAVOR=local' --volume='/mnt/docker:/docker-storage' samalba/docker-registry + $ docker run --detach=true --publish='5000:5000' --env='SETTINGS_FLAVOR=local' --volume='/mnt/docker:/docker-storage' samalba/docker-registry The resources will accept a single string or an array of values for any docker flags that allow multiple values. diff --git a/docs/sources/use/chef.rst b/docs/sources/use/chef.rst deleted file mode 100644 index 919eba7a8f..0000000000 --- a/docs/sources/use/chef.rst +++ /dev/null @@ -1,95 +0,0 @@ -:title: Chef Usage -:description: Installation and using Docker via Chef -:keywords: chef, installation, usage, docker, documentation - -.. _install_using_chef: - -Using Chef -============= - -.. note:: - - Please note this is a community contributed installation path. The - only 'official' installation is using the :ref:`ubuntu_linux` - installation path. This version may sometimes be out of date. - -Requirements ------------- - -To use this guide you'll need a working installation of -`Chef `_. This cookbook supports a variety of -operating systems. - -Installation ------------- - -The cookbook is available on the `Chef Community Site -`_ and can be installed -using your favorite cookbook dependency manager. - -The source can be found on `GitHub -`_. - -Usage ------ - -The cookbook provides recipes for installing Docker, configuring init -for Docker, and resources for managing images and containers. -It supports almost all Docker functionality. - -Installation -~~~~~~~~~~~~ - -.. code-block:: ruby - - include_recipe 'docker' - -Images -~~~~~~ - -The next step is to pull a Docker image. For this, we have a resource: - -.. code-block:: ruby - - docker_image 'samalba/docker-registry' - -This is equivalent to running: - -.. code-block:: bash - - docker pull samalba/docker-registry - -There are attributes available to control how long the cookbook -will allow for downloading (5 minute default). - -To remove images you no longer need: - -.. code-block:: ruby - - docker_image 'samalba/docker-registry' do - action :remove - end - -Containers -~~~~~~~~~~ - -Now you have an image where you can run commands within a container -managed by Docker. - -.. code-block:: ruby - - docker_container 'samalba/docker-registry' do - detach true - port '5000:5000' - env 'SETTINGS_FLAVOR=local' - volume '/mnt/docker:/docker-storage' - end - -This is equivalent to running the following command, but under upstart: - -.. code-block:: bash - - docker run --detach=true --publish='5000:5000' --env='SETTINGS_FLAVOR=local' --volume='/mnt/docker:/docker-storage' samalba/docker-registry - -The resources will accept a single string or an array of values -for any docker flags that allow multiple values. diff --git a/docs/sources/use/host_integration.md b/docs/sources/use/host_integration.md index 0aa0dc8314..370c00e20a 100644 --- a/docs/sources/use/host_integration.md +++ b/docs/sources/use/host_integration.md @@ -5,8 +5,7 @@ page_keywords: systemd, upstart, supervisor, docker, documentation, host integra # Automatically Start Containers You can use your Docker containers with process managers like -`upstart`, `systemd` and -`supervisor`. +`upstart`, `systemd` and `supervisor`. ## Introduction @@ -27,7 +26,7 @@ docker. ## Sample Upstart Script -In this example we’ve already created a container to run Redis with +In this example We've already created a container to run Redis with `--name redis_server`. To create an upstart script for our container, we create a file named `/etc/init/redis.conf` and place the following into @@ -42,7 +41,7 @@ it: /usr/bin/docker start -a redis_server end script -Next, we have to configure docker so that it’s run with the option +Next, we have to configure docker so that it's run with the option `-r=false`. Run the following command: $ sudo sh -c "echo 'DOCKER_OPTS=\"-r=false\"' > /etc/default/docker" diff --git a/docs/sources/use/host_integration.rst b/docs/sources/use/host_integration.rst deleted file mode 100644 index cb920a5908..0000000000 --- a/docs/sources/use/host_integration.rst +++ /dev/null @@ -1,74 +0,0 @@ -:title: Automatically Start Containers -:description: How to generate scripts for upstart, systemd, etc. -:keywords: systemd, upstart, supervisor, docker, documentation, host integration - - - -Automatically Start Containers -============================== - -You can use your Docker containers with process managers like ``upstart``, -``systemd`` and ``supervisor``. - -Introduction ------------- - -If you want a process manager to manage your containers you will need to run -the docker daemon with the ``-r=false`` so that docker will not automatically -restart your containers when the host is restarted. - -When you have finished setting up your image and are happy with your -running container, you can then attach a process manager to manage -it. When your run ``docker start -a`` docker will automatically attach -to the running container, or start it if needed and forward all signals -so that the process manager can detect when a container stops and correctly -restart it. - -Here are a few sample scripts for systemd and upstart to integrate with docker. - - -Sample Upstart Script ---------------------- - -In this example we've already created a container to run Redis with -``--name redis_server``. To create an upstart script for our container, -we create a file named ``/etc/init/redis.conf`` and place the following -into it: - -.. code-block:: bash - - description "Redis container" - author "Me" - start on filesystem and started docker - stop on runlevel [!2345] - respawn - script - /usr/bin/docker start -a redis_server - end script - -Next, we have to configure docker so that it's run with the option ``-r=false``. -Run the following command: - -.. code-block:: bash - - $ sudo sh -c "echo 'DOCKER_OPTS=\"-r=false\"' > /etc/default/docker" - - -Sample systemd Script ---------------------- - -.. code-block:: bash - - [Unit] - Description=Redis container - Author=Me - After=docker.service - - [Service] - Restart=always - ExecStart=/usr/bin/docker start -a redis_server - ExecStop=/usr/bin/docker stop -t 2 redis_server - - [Install] - WantedBy=local.target - diff --git a/docs/sources/use/index.rst b/docs/sources/use/index.rst deleted file mode 100644 index dcf6289b41..0000000000 --- a/docs/sources/use/index.rst +++ /dev/null @@ -1,24 +0,0 @@ -:title: Documentation -:description: -- todo: change me -:keywords: todo, docker, documentation, basic, builder - - - -Use -======== - -Contents: - -.. toctree:: - :maxdepth: 1 - - basics - workingwithrepository - port_redirection - networking - host_integration - working_with_volumes - working_with_links_names - ambassador_pattern_linking - chef - puppet diff --git a/docs/sources/use/networking.md b/docs/sources/use/networking.md index 3dfca0cb94..00d0684256 100644 --- a/docs/sources/use/networking.md +++ b/docs/sources/use/networking.md @@ -10,10 +10,10 @@ Docker uses Linux bridge capabilities to provide network connectivity to containers. The `docker0` bridge interface is managed by Docker for this purpose. When the Docker daemon starts it : -- creates the `docker0` bridge if not present -- searches for an IP address range which doesn’t overlap with an existing route -- picks an IP in the selected range -- assigns this IP to the `docker0` bridge + - creates the `docker0` bridge if not present + - searches for an IP address range which doesn't overlap with an existing route + - picks an IP in the selected range + - assigns this IP to the `docker0` bridge @@ -47,7 +47,7 @@ is dedicated to the 52f811c5d3d6 container. ## How to use a specific IP address range Docker will try hard to find an IP range that is not used by the host. -Even though it works for most cases, it’s not bullet-proof and sometimes +Even though it works for most cases, it's not bullet-proof and sometimes you need to have more control over the IP addressing scheme. For this purpose, Docker allows you to manage the `docker0` @@ -56,10 +56,10 @@ parameter. In this scenario: -- ensure Docker is stopped -- create your own bridge (`bridge0` for example) -- assign a specific IP to this bridge -- start Docker with the `-b=bridge0` parameter + - ensure Docker is stopped + - create your own bridge (`bridge0` for example) + - assign a specific IP to this bridge + - start Docker with the `-b=bridge0` parameter @@ -84,7 +84,7 @@ In this scenario: inet addr:192.168.227.1 Bcast:192.168.227.255 Mask:255.255.255.0 # Run a container - $ docker run -i -t base /bin/bash + docker run -i -t base /bin/bash # Container IP in the 192.168.227/24 range root@261c272cd7d5:/# ifconfig eth0 @@ -107,14 +107,12 @@ In this scenario: ## Container intercommunication -The value of the Docker daemon’s `icc` parameter +The value of the Docker daemon's `icc` parameter determines whether containers can communicate with each other over the bridge network. -- The default, `-icc=true` allows containers to - communicate with each other. -- `-icc=false` means containers are isolated from - each other. + - The default, `-icc=true` allows containers to communicate with each other. + - `-icc=false` means containers are isolated from each other. Docker uses `iptables` under the hood to either accept or drop communication between containers. @@ -125,7 +123,7 @@ Well. Things get complicated here. The `vethXXXX` interface is the host side of a point-to-point link between the host and the corresponding container; -the other side of the link is the container’s `eth0` +the other side of the link is the container's `eth0` interface. This pair (host `vethXXX` and container `eth0`) are connected like a tube. Everything that comes in one side will come out the other side. @@ -135,6 +133,6 @@ ip link command) and the namespaces infrastructure. ## I want more -Jérôme Petazzoni has create `pipework` to connect -together containers in arbitrarily complex scenarios : +Jérôme Petazzoni has create `pipework` to connect together containers in +arbitrarily complex scenarios: [https://github.com/jpetazzo/pipework](https://github.com/jpetazzo/pipework) diff --git a/docs/sources/use/networking.rst b/docs/sources/use/networking.rst deleted file mode 100644 index 59c63ed674..0000000000 --- a/docs/sources/use/networking.rst +++ /dev/null @@ -1,153 +0,0 @@ -:title: Configure Networking -:description: Docker networking -:keywords: network, networking, bridge, docker, documentation - - -Configure Networking -==================== - -Docker uses Linux bridge capabilities to provide network connectivity -to containers. The ``docker0`` bridge interface is managed by Docker -for this purpose. When the Docker daemon starts it : - -- creates the ``docker0`` bridge if not present -- searches for an IP address range which doesn't overlap with an existing route -- picks an IP in the selected range -- assigns this IP to the ``docker0`` bridge - - -.. code-block:: bash - - # List host bridges - $ sudo brctl show - bridge name bridge id STP enabled interfaces - docker0 8000.000000000000 no - - # Show docker0 IP address - $ sudo ifconfig docker0 - docker0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx - inet addr:172.17.42.1 Bcast:0.0.0.0 Mask:255.255.0.0 - - - -At runtime, a :ref:`specific kind of virtual -interface` is given to each container which is then -bonded to the ``docker0`` bridge. Each container also receives a -dedicated IP address from the same range as ``docker0``. The -``docker0`` IP address is used as the default gateway for the -container. - -.. code-block:: bash - - # Run a container - $ sudo docker run -t -i -d base /bin/bash - 52f811c5d3d69edddefc75aff5a4525fc8ba8bcfa1818132f9dc7d4f7c7e78b4 - - $ sudo brctl show - bridge name bridge id STP enabled interfaces - docker0 8000.fef213db5a66 no vethQCDY1N - - -Above, ``docker0`` acts as a bridge for the ``vethQCDY1N`` interface -which is dedicated to the 52f811c5d3d6 container. - - -How to use a specific IP address range ---------------------------------------- - -Docker will try hard to find an IP range that is not used by the -host. Even though it works for most cases, it's not bullet-proof and -sometimes you need to have more control over the IP addressing scheme. - -For this purpose, Docker allows you to manage the ``docker0`` bridge -or your own one using the ``-b=`` parameter. - -In this scenario: - -- ensure Docker is stopped -- create your own bridge (``bridge0`` for example) -- assign a specific IP to this bridge -- start Docker with the ``-b=bridge0`` parameter - - -.. code-block:: bash - - # Stop Docker - $ sudo service docker stop - - # Clean docker0 bridge and - # add your very own bridge0 - $ sudo ifconfig docker0 down - $ sudo brctl addbr bridge0 - $ sudo ifconfig bridge0 192.168.227.1 netmask 255.255.255.0 - - # Edit your Docker startup file - $ echo "DOCKER_OPTS=\"-b=bridge0\"" >> /etc/default/docker - - # Start Docker - $ sudo service docker start - - # Ensure bridge0 IP is not changed by Docker - $ sudo ifconfig bridge0 - bridge0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx - inet addr:192.168.227.1 Bcast:192.168.227.255 Mask:255.255.255.0 - - # Run a container - $ docker run -i -t base /bin/bash - - # Container IP in the 192.168.227/24 range - root@261c272cd7d5:/# ifconfig eth0 - eth0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx - inet addr:192.168.227.5 Bcast:192.168.227.255 Mask:255.255.255.0 - - # bridge0 IP as the default gateway - root@261c272cd7d5:/# route -n - Kernel IP routing table - Destination Gateway Genmask Flags Metric Ref Use Iface - 0.0.0.0 192.168.227.1 0.0.0.0 UG 0 0 0 eth0 - 192.168.227.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 - - # hits CTRL+P then CTRL+Q to detach - - # Display bridge info - $ sudo brctl show - bridge name bridge id STP enabled interfaces - bridge0 8000.fe7c2e0faebd no vethAQI2QT - - -Container intercommunication -------------------------------- - -The value of the Docker daemon's ``icc`` parameter determines whether -containers can communicate with each other over the bridge network. - -- The default, ``--icc=true`` allows containers to communicate with each other. -- ``--icc=false`` means containers are isolated from each other. - -Docker uses ``iptables`` under the hood to either accept or -drop communication between containers. - - -.. _vethxxxx-device: - -What is the vethXXXX device? ------------------------------------ -Well. Things get complicated here. - -The ``vethXXXX`` interface is the host side of a point-to-point link -between the host and the corresponding container; the other side of -the link is the container's ``eth0`` -interface. This pair (host ``vethXXX`` and container ``eth0``) are -connected like a tube. Everything that comes in one side will come out -the other side. - -All the plumbing is delegated to Linux network capabilities (check the -ip link command) and the namespaces infrastructure. - - -I want more ------------- - -Jérôme Petazzoni has created ``pipework`` to connect together -containers in arbitrarily complex scenarios : -https://github.com/jpetazzo/pipework diff --git a/docs/sources/use/port_redirection.md b/docs/sources/use/port_redirection.md index a85234f48f..9f2ce98eae 100644 --- a/docs/sources/use/port_redirection.md +++ b/docs/sources/use/port_redirection.md @@ -11,7 +11,7 @@ port. When this service runs inside a container, one can connect to the port after finding the IP address of the container as follows: # Find IP address of container with ID - docker inspect | grep IPAddress | cut -d '"' -f 4 + $ docker inspect | grep IPAddress | cut -d '"' -f 4 However, this IP address is local to the host system and the container port is not reachable by the outside world. Furthermore, even if the @@ -31,52 +31,49 @@ containers, Docker provides the linking mechanism. To bind all the exposed container ports to the host automatically, use `docker run -P `. The mapped host ports will be auto-selected from a pool of unused ports (49000..49900), and -you will need to use `docker ps`, -`docker inspect ` or -`docker port ` to determine -what they are. +you will need to use `docker ps`, `docker inspect ` or +`docker port ` to determine what they are. ## Binding a port to a host interface To bind a port of the container to a specific interface of the host -system, use the `-p` parameter of the -`docker run` command: +system, use the `-p` parameter of the `docker run` command: # General syntax - docker run -p [([:[host_port]])|():][/udp] + $ docker run -p [([:[host_port]])|():][/udp] When no host interface is provided, the port is bound to all available -interfaces of the host machine (aka INADDR\_ANY, or 0.0.0.0).When no +interfaces of the host machine (aka INADDR_ANY, or 0.0.0.0). When no host port is provided, one is dynamically allocated. The possible combinations of options for TCP port are the following: # Bind TCP port 8080 of the container to TCP port 80 on 127.0.0.1 of the host machine. - docker run -p 127.0.0.1:80:8080 + $ docker run -p 127.0.0.1:80:8080 # Bind TCP port 8080 of the container to a dynamically allocated TCP port on 127.0.0.1 of the host machine. - docker run -p 127.0.0.1::8080 + $ docker run -p 127.0.0.1::8080 # Bind TCP port 8080 of the container to TCP port 80 on all available interfaces of the host machine. - docker run -p 80:8080 + $ docker run -p 80:8080 # Bind TCP port 8080 of the container to a dynamically allocated TCP port on all available interfaces of the host machine. - docker run -p 8080 + $ docker run -p 8080 UDP ports can also be bound by adding a trailing `/udp`. All the combinations described for TCP work. Here is only one example: # Bind UDP port 5353 of the container to UDP port 53 on 127.0.0.1 of the host machine. - docker run -p 127.0.0.1:53:5353/udp + $ docker run -p 127.0.0.1:53:5353/udp -The command `docker port` lists the interface and -port on the host machine bound to a given container port. It is useful -when using dynamically allocated ports: +The command `docker port` lists the interface and port on the host machine +bound to a given container port. It is useful when using dynamically allocated +ports: # Bind to a dynamically allocated port - docker run -p 127.0.0.1::8080 --name dyn-bound + $ docker run -p 127.0.0.1::8080 --name dyn-bound # Lookup the actual port - docker port dyn-bound 8080 + $ docker port dyn-bound 8080 127.0.0.1:49160 ## Linking a container @@ -84,54 +81,44 @@ when using dynamically allocated ports: Communication between two containers can also be established in a docker-specific way called linking. -To briefly present the concept of linking, let us consider two -containers: `server`, containing the service, and -`client`, accessing the service. Once -`server` is running, `client` is -started and links to server. Linking sets environment variables in -`client` giving it some information about -`server`. In this sense, linking is a method of -service discovery. +To briefly present the concept of linking, let us consider two containers: +`server`, containing the service, and `client`, accessing the service. Once +`server` is running, `client` is started and links to server. Linking sets +environment variables in `client` giving it some information about `server`. +In this sense, linking is a method of service discovery. -Let us now get back to our topic of interest; communication between the -two containers. We mentioned that the tricky part about this -communication was that the IP address of `server` -was not fixed. Therefore, some of the environment variables are going to -be used to inform `client` about this IP address. -This process called exposure, is possible because `client` -is started after `server` has been -started. +Let us now get back to our topic of interest; communication between the two +containers. We mentioned that the tricky part about this communication was that +the IP address of `server` was not fixed. Therefore, some of the environment +variables are going to be used to inform `client` about this IP address. This +process called exposure, is possible because `client` is started after `server` +has been started. -Here is a full example. On `server`, the port of -interest is exposed. The exposure is done either through the -`--expose` parameter to the `docker run` -command, or the `EXPOSE` build command in -a Dockerfile: +Here is a full example. On `server`, the port of interest is exposed. The +exposure is done either through the `--expose` parameter to the `docker run` +command, or the `EXPOSE` build command in a Dockerfile: # Expose port 80 - docker run --expose 80 --name server + $ docker run --expose 80 --name server The `client` then links to the `server`: # Link - docker run --name client --link server:linked-server + $ docker run --name client --link server:linked-server -`client` locally refers to `server` -as `linked-server`. The following +`client` locally refers to `server` as `linked-server`. The following environment variables, among others, are available on `client`: # The default protocol, ip, and port of the service running in the container - LINKED-SERVER_PORT=tcp://172.17.0.8:80 + $ LINKED-SERVER_PORT=tcp://172.17.0.8:80 # A specific protocol, ip, and port of various services - LINKED-SERVER_PORT_80_TCP=tcp://172.17.0.8:80 - LINKED-SERVER_PORT_80_TCP_PROTO=tcp - LINKED-SERVER_PORT_80_TCP_ADDR=172.17.0.8 - LINKED-SERVER_PORT_80_TCP_PORT=80 + $ LINKED-SERVER_PORT_80_TCP=tcp://172.17.0.8:80 + $ LINKED-SERVER_PORT_80_TCP_PROTO=tcp + $ LINKED-SERVER_PORT_80_TCP_ADDR=172.17.0.8 + $ LINKED-SERVER_PORT_80_TCP_PORT=80 -This tells `client` that a service is running on -port 80 of `server` and that `server` -is accessible at the IP address 172.17.0.8 +This tells `client` that a service is running on port 80 of `server` and that +`server` is accessible at the IP address 172.17.0.8 -Note: Using the `-p` parameter also exposes the -port.. +Note: Using the `-p` parameter also exposes the port. diff --git a/docs/sources/use/port_redirection.rst b/docs/sources/use/port_redirection.rst deleted file mode 100644 index cf5c2100a9..0000000000 --- a/docs/sources/use/port_redirection.rst +++ /dev/null @@ -1,152 +0,0 @@ -:title: Redirect Ports -:description: usage about port redirection -:keywords: Usage, basic port, docker, documentation, examples - - -.. _port_redirection: - -Redirect Ports -============== - -Interacting with a service is commonly done through a connection to a -port. When this service runs inside a container, one can connect to -the port after finding the IP address of the container as follows: - -.. code-block:: bash - - # Find IP address of container with ID - docker inspect | grep IPAddress | cut -d '"' -f 4 - -However, this IP address is local to the host system and the container -port is not reachable by the outside world. Furthermore, even if the -port is used locally, e.g. by another container, this method is -tedious as the IP address of the container changes every time it -starts. - -Docker addresses these two problems and give a simple and robust way -to access services running inside containers. - -To allow non-local clients to reach the service running inside the -container, Docker provide ways to bind the container port to an -interface of the host system. To simplify communication between -containers, Docker provides the linking mechanism. - -Auto map all exposed ports on the host --------------------------------------- - -To bind all the exposed container ports to the host automatically, use -``docker run -P ``. The mapped host ports will be auto-selected -from a pool of unused ports (49000..49900), and you will need to use -``docker ps``, ``docker inspect `` or -``docker port `` to determine what they are. - -Binding a port to a host interface ------------------------------------ - -To bind a port of the container to a specific interface of the host -system, use the ``-p`` parameter of the ``docker run`` command: - -.. code-block:: bash - - # General syntax - docker run -p [([:[host_port]])|():][/udp] - -When no host interface is provided, the port is bound to all available -interfaces of the host machine (aka INADDR_ANY, or 0.0.0.0).When no host port is -provided, one is dynamically allocated. The possible combinations of options for -TCP port are the following: - -.. code-block:: bash - - # Bind TCP port 8080 of the container to TCP port 80 on 127.0.0.1 of the host machine. - docker run -p 127.0.0.1:80:8080 - - # Bind TCP port 8080 of the container to a dynamically allocated TCP port on 127.0.0.1 of the host machine. - docker run -p 127.0.0.1::8080 - - # Bind TCP port 8080 of the container to TCP port 80 on all available interfaces of the host machine. - docker run -p 80:8080 - - # Bind TCP port 8080 of the container to a dynamically allocated TCP port on all available interfaces of the host machine. - docker run -p 8080 - -UDP ports can also be bound by adding a trailing ``/udp``. All the -combinations described for TCP work. Here is only one example: - -.. code-block:: bash - - # Bind UDP port 5353 of the container to UDP port 53 on 127.0.0.1 of the host machine. - docker run -p 127.0.0.1:53:5353/udp - -The command ``docker port`` lists the interface and port on the host -machine bound to a given container port. It is useful when using -dynamically allocated ports: - -.. code-block:: bash - - # Bind to a dynamically allocated port - docker run -p 127.0.0.1::8080 --name dyn-bound - - # Lookup the actual port - docker port dyn-bound 8080 - 127.0.0.1:49160 - - -Linking a container -------------------- - -Communication between two containers can also be established in a -docker-specific way called linking. - -To briefly present the concept of linking, let us consider two -containers: ``server``, containing the service, and ``client``, -accessing the service. Once ``server`` is running, ``client`` is -started and links to server. Linking sets environment variables in -``client`` giving it some information about ``server``. In this sense, -linking is a method of service discovery. - -Let us now get back to our topic of interest; communication between -the two containers. We mentioned that the tricky part about this -communication was that the IP address of ``server`` was not -fixed. Therefore, some of the environment variables are going to be -used to inform ``client`` about this IP address. This process called -exposure, is possible because ``client`` is started after ``server`` -has been started. - -Here is a full example. On ``server``, the port of interest is -exposed. The exposure is done either through the ``--expose`` parameter -to the ``docker run`` command, or the ``EXPOSE`` build command in a -Dockerfile: - -.. code-block:: bash - - # Expose port 80 - docker run --expose 80 --name server - -The ``client`` then links to the ``server``: - -.. code-block:: bash - - # Link - docker run --name client --link server:linked-server - -``client`` locally refers to ``server`` as ``linked-server``. The -following environment variables, among others, are available on -``client``: - -.. code-block:: bash - - # The default protocol, ip, and port of the service running in the container - LINKED-SERVER_PORT=tcp://172.17.0.8:80 - - # A specific protocol, ip, and port of various services - LINKED-SERVER_PORT_80_TCP=tcp://172.17.0.8:80 - LINKED-SERVER_PORT_80_TCP_PROTO=tcp - LINKED-SERVER_PORT_80_TCP_ADDR=172.17.0.8 - LINKED-SERVER_PORT_80_TCP_PORT=80 - -This tells ``client`` that a service is running on port 80 of -``server`` and that ``server`` is accessible at the IP address -172.17.0.8 - -Note: Using the ``-p`` parameter also exposes the port. diff --git a/docs/sources/use/puppet.md b/docs/sources/use/puppet.md index 55f16dd5bc..a0d20ab446 100644 --- a/docs/sources/use/puppet.md +++ b/docs/sources/use/puppet.md @@ -4,15 +4,15 @@ page_keywords: puppet, installation, usage, docker, documentation # Using Puppet -> *Note:* Please note this is a community contributed installation path. The only -> ‘official’ installation is using the -> [*Ubuntu*](../../installation/ubuntulinux/#ubuntu-linux) installation +> *Note:* Please note this is a community contributed installation path. The +> only `official` installation is using the +> [*Ubuntu*](/installation/ubuntulinux/#ubuntu-linux) installation > path. This version may sometimes be out of date. ## Requirements -To use this guide you’ll need a working installation of Puppet from -[Puppetlabs](https://www.puppetlabs.com) . +To use this guide you'll need a working installation of Puppet from +[Puppetlabs](https://puppetlabs.com) . The module also currently uses the official PPA so only works with Ubuntu. @@ -23,10 +23,10 @@ The module is available on the [Puppet Forge](https://forge.puppetlabs.com/garethr/docker/) and can be installed using the built-in module tool. - puppet module install garethr/docker + $ puppet module install garethr/docker It can also be found on -[GitHub](https://www.github.com/garethr/garethr-docker) if you would +[GitHub](https://github.com/garethr/garethr-docker) if you would rather download the source. ## Usage @@ -47,7 +47,7 @@ defined type which can be used like so: This is equivalent to running: - docker pull ubuntu + $ docker pull ubuntu Note that it will only be downloaded if an image of that name does not already exist. This is downloading a large binary so on first run can @@ -71,7 +71,7 @@ managed by Docker. This is equivalent to running the following command, but under upstart: - docker run -d ubuntu /bin/sh -c "while true; do echo hello world; sleep 1; done" + $ docker run -d ubuntu /bin/sh -c "while true; do echo hello world; sleep 1; done" Run also contains a number of optional parameters: diff --git a/docs/sources/use/puppet.rst b/docs/sources/use/puppet.rst deleted file mode 100644 index 4183c14f18..0000000000 --- a/docs/sources/use/puppet.rst +++ /dev/null @@ -1,117 +0,0 @@ -:title: Puppet Usage -:description: Installating and using Puppet -:keywords: puppet, installation, usage, docker, documentation - -.. _install_using_puppet: - -Using Puppet -============= - -.. note:: - - Please note this is a community contributed installation path. The - only 'official' installation is using the :ref:`ubuntu_linux` - installation path. This version may sometimes be out of date. - -Requirements ------------- - -To use this guide you'll need a working installation of Puppet from -`Puppetlabs `_ . - -The module also currently uses the official PPA so only works with Ubuntu. - -Installation ------------- - -The module is available on the `Puppet Forge -`_ and can be installed -using the built-in module tool. - -.. code-block:: bash - - puppet module install garethr/docker - -It can also be found on `GitHub -`_ if you would rather -download the source. - -Usage ------ - -The module provides a puppet class for installing Docker and two defined types -for managing images and containers. - -Installation -~~~~~~~~~~~~ - -.. code-block:: ruby - - include 'docker' - -Images -~~~~~~ - -The next step is probably to install a Docker image. For this, we have a -defined type which can be used like so: - -.. code-block:: ruby - - docker::image { 'ubuntu': } - -This is equivalent to running: - -.. code-block:: bash - - docker pull ubuntu - -Note that it will only be downloaded if an image of that name does -not already exist. This is downloading a large binary so on first -run can take a while. For that reason this define turns off the -default 5 minute timeout for the exec type. Note that you can also -remove images you no longer need with: - -.. code-block:: ruby - - docker::image { 'ubuntu': - ensure => 'absent', - } - -Containers -~~~~~~~~~~ - -Now you have an image where you can run commands within a container -managed by Docker. - -.. code-block:: ruby - - docker::run { 'helloworld': - image => 'ubuntu', - command => '/bin/sh -c "while true; do echo hello world; sleep 1; done"', - } - -This is equivalent to running the following command, but under upstart: - -.. code-block:: bash - - docker run -d ubuntu /bin/sh -c "while true; do echo hello world; sleep 1; done" - -Run also contains a number of optional parameters: - -.. code-block:: ruby - - docker::run { 'helloworld': - image => 'ubuntu', - command => '/bin/sh -c "while true; do echo hello world; sleep 1; done"', - ports => ['4444', '4555'], - volumes => ['/var/lib/couchdb', '/var/log'], - volumes_from => '6446ea52fbc9', - memory_limit => 10485760, # bytes - username => 'example', - hostname => 'example.com', - env => ['FOO=BAR', 'FOO2=BAR2'], - dns => ['8.8.8.8', '8.8.4.4'], - } - -Note that ports, env, dns and volumes can be set with either a single string -or as above with an array of values. diff --git a/docs/sources/use/working_with_links_names.md b/docs/sources/use/working_with_links_names.md index 67ca8004f1..6951e3c26f 100644 --- a/docs/sources/use/working_with_links_names.md +++ b/docs/sources/use/working_with_links_names.md @@ -6,19 +6,18 @@ page_keywords: Examples, Usage, links, linking, docker, documentation, examples, ## Introduction -From version 0.6.5 you are now able to `name` a -container and `link` it to another container by -referring to its name. This will create a parent -\> child relationship -where the parent container can see selected information about its child. +From version 0.6.5 you are now able to `name` a container and `link` it to +another container by referring to its name. This will create a parent -> child +relationship where the parent container can see selected information about its +child. ## Container Naming New in version v0.6.5. -You can now name your container by using the `--name` -flag. If no name is provided, Docker will automatically -generate a name. You can see this name using the `docker ps` -command. +You can now name your container by using the `--name` flag. If no name is +provided, Docker will automatically generate a name. You can see this name +using the `docker ps` command. # format is "sudo docker run --name " $ sudo docker run --name test ubuntu /bin/bash @@ -33,52 +32,45 @@ command. New in version v0.6.5. Links allow containers to discover and securely communicate with each -other by using the flag `-link name:alias`. -Inter-container communication can be disabled with the daemon flag -`-icc=false`. With this flag set to -`false`, Container A cannot access Container B -unless explicitly allowed via a link. This is a huge win for securing -your containers. When two containers are linked together Docker creates -a parent child relationship between the containers. The parent container -will be able to access information via environment variables of the -child such as name, exposed ports, IP and other selected environment -variables. +other by using the flag `-link name:alias`. Inter-container communication +can be disabled with the daemon flag `-icc=false`. With this flag set to +`false`, Container A cannot access Container unless explicitly allowed via +a link. This is a huge win for securing your containers. When two containers +are linked together Docker creates a parent child relationship between the +containers. The parent container will be able to access information via +environment variables of the child such as name, exposed ports, IP and other +selected environment variables. -When linking two containers Docker will use the exposed ports of the -container to create a secure tunnel for the parent to access. If a -database container only exposes port 8080 then the linked container will -only be allowed to access port 8080 and nothing else if inter-container -communication is set to false. +When linking two containers Docker will use the exposed ports of the container +to create a secure tunnel for the parent to access. If a database container +only exposes port 8080 then the linked container will only be allowed to access +port 8080 and nothing else if inter-container communication is set to false. -For example, there is an image called `crosbymichael/redis` -that exposes the port 6379 and starts the Redis server. Let’s -name the container as `redis` based on that image -and run it as daemon. +For example, there is an image called `crosbymichael/redis` that exposes the +port 6379 and starts the Redis server. Let's name the container as `redis` +based on that image and run it as daemon. - $ sudo docker run -d -name redis crosbymichael/redis + $ sudo docker run -d --name redis crosbymichael/redis -We can issue all the commands that you would expect using the name -`redis`; start, stop, attach, using the name for our -container. The name also allows us to link other containers into this -one. +We can issue all the commands that you would expect using the name `redis`; +start, stop, attach, using the name for our container. The name also allows +us to link other containers into this one. -Next, we can start a new web application that has a dependency on Redis -and apply a link to connect both containers. If you noticed when running -our Redis server we did not use the `-p` flag to -publish the Redis port to the host system. Redis exposed port 6379 and -this is all we need to establish a link. +Next, we can start a new web application that has a dependency on Redis and +apply a link to connect both containers. If you noticed when running our Redis +server we did not use the `-p` flag to publish the Redis port to the host +system. Redis exposed port 6379 and this is all we need to establish a link. - $ sudo docker run -t -i -link redis:db -name webapp ubuntu bash + $ sudo docker run -t -i --link redis:db --name webapp ubuntu bash -When you specified `-link redis:db` you are telling -Docker to link the container named `redis` into this -new container with the alias `db`. Environment -variables are prefixed with the alias so that the parent container can -access network and environment information from the containers that are +When you specified `--link redis:db` you are telling Docker to link the +container named `redis` into this new container with the alias `db`. +Environment variables are prefixed with the alias so that the parent container +can access network and environment information from the containers that are linked into it. -If we inspect the environment variables of the second container, we -would see all the information about the child container. +If we inspect the environment variables of the second container, we would see +all the information about the child container. $ root@4c01db0b339c:/# env @@ -98,22 +90,51 @@ would see all the information about the child container. _=/usr/bin/env root@4c01db0b339c:/# -Accessing the network information along with the environment of the -child container allows us to easily connect to the Redis service on the -specific IP and port in the environment. +Accessing the network information along with the environment of the child +container allows us to easily connect to the Redis service on the specific +IP and port in the environment. > **Note**: > These Environment variables are only set for the first process in the > container. Similarly, some daemons (such as `sshd`) > will scrub them when spawning shells for connection. -You can work around this by storing the initial `env` -in a file, or looking at `/proc/1/environ`. +You can work around this by storing the initial `env` in a file, or looking +at `/proc/1/environ`. -Running `docker ps` shows the 2 containers, and the -`webapp/db` alias name for the Redis container. +Running `docker ps` shows the 2 containers, and the `webapp/db` alias name for +the Redis container. $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 4c01db0b339c ubuntu:12.04 bash 17 seconds ago Up 16 seconds webapp d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db + +## Resolving Links by Name + +New in version v0.11. + +Linked containers can be accessed by hostname. Hostnames are mapped by +appending entries to '/etc/hosts' using the linked container's alias. + +For example, linking a container using '--link redis:db' will generate the +following '/etc/hosts' file: + + root@6541a75d44a0:/# cat /etc/hosts + 172.17.0.3 6541a75d44a0 + 172.17.0.2 db + + 127.0.0.1 localhost + ::1 localhost ip6-localhost ip6-loopback + fe00::0 ip6-localnet + ff00::0 ip6-mcastprefix + ff02::1 ip6-allnodes + ff02::2 ip6-allrouters + root@6541a75d44a0:/# + +Using this mechanism, you can communicate with the linked container by +name: + + root@6541a75d44a0:/# echo PING | redis-cli -h db + PONG + root@6541a75d44a0:/# diff --git a/docs/sources/use/working_with_links_names.rst b/docs/sources/use/working_with_links_names.rst deleted file mode 100644 index 4acb6079c1..0000000000 --- a/docs/sources/use/working_with_links_names.rst +++ /dev/null @@ -1,132 +0,0 @@ -:title: Link Containers -:description: How to create and use both links and names -:keywords: Examples, Usage, links, linking, docker, documentation, examples, names, name, container naming - -.. _working_with_links_names: - -Link Containers -=============== - -From version 0.6.5 you are now able to ``name`` a container and -``link`` it to another container by referring to its name. This will -create a parent -> child relationship where the parent container can -see selected information about its child. - -.. _run_name: - -Container Naming ----------------- - -.. versionadded:: v0.6.5 - -You can now name your container by using the ``--name`` flag. If no -name is provided, Docker will automatically generate a name. You can -see this name using the ``docker ps`` command. - -.. code-block:: bash - - # format is "sudo docker run --name " - $ sudo docker run --name test ubuntu /bin/bash - - # the flag "-a" Show all containers. Only running containers are shown by default. - $ sudo docker ps -a - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 2522602a0d99 ubuntu:12.04 /bin/bash 14 seconds ago Exit 0 test - -.. _run_link: - -Links: service discovery for docker ------------------------------------ - -.. versionadded:: v0.6.5 - -Links allow containers to discover and securely communicate with each -other by using the flag ``--link name:alias``. Inter-container -communication can be disabled with the daemon flag -``--icc=false``. With this flag set to ``false``, Container A cannot -access Container B unless explicitly allowed via a link. This is a -huge win for securing your containers. When two containers are linked -together Docker creates a parent child relationship between the -containers. The parent container will be able to access information -via environment variables of the child such as name, exposed ports, IP -and other selected environment variables. - -When linking two containers Docker will use the exposed ports of the -container to create a secure tunnel for the parent to access. If a -database container only exposes port 8080 then the linked container -will only be allowed to access port 8080 and nothing else if -inter-container communication is set to false. - -For example, there is an image called ``crosbymichael/redis`` that exposes the -port 6379 and starts the Redis server. Let's name the container as ``redis`` -based on that image and run it as a daemon. - -.. code-block:: bash - - $ sudo docker run -d --name redis crosbymichael/redis - -We can issue all the commands that you would expect using the name -``redis``; start, stop, attach, using the name for our container. The -name also allows us to link other containers into this one. - -Next, we can start a new web application that has a dependency on -Redis and apply a link to connect both containers. If you noticed when -running our Redis server we did not use the ``-p`` flag to publish the -Redis port to the host system. Redis exposed port 6379 and this is all -we need to establish a link. - -.. code-block:: bash - - $ sudo docker run -t -i --link redis:db --name webapp ubuntu bash - -When you specified ``--link redis:db`` you are telling Docker to link -the container named ``redis`` into this new container with the alias -``db``. Environment variables are prefixed with the alias so that the -parent container can access network and environment information from -the containers that are linked into it. - -If we inspect the environment variables of the second container, we -would see all the information about the child container. - -.. code-block:: bash - - $ root@4c01db0b339c:/# env - - HOSTNAME=4c01db0b339c - DB_NAME=/webapp/db - TERM=xterm - DB_PORT=tcp://172.17.0.8:6379 - DB_PORT_6379_TCP=tcp://172.17.0.8:6379 - DB_PORT_6379_TCP_PROTO=tcp - DB_PORT_6379_TCP_ADDR=172.17.0.8 - DB_PORT_6379_TCP_PORT=6379 - PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - PWD=/ - SHLVL=1 - HOME=/ - container=lxc - _=/usr/bin/env - root@4c01db0b339c:/# - -Accessing the network information along with the environment of the -child container allows us to easily connect to the Redis service on -the specific IP and port in the environment. - -.. note:: - These Environment variables are only set for the first process in - the container. Similarly, some daemons (such as ``sshd``) will - scrub them when spawning shells for connection. - - You can work around this by storing the initial ``env`` in a file, - or looking at ``/proc/1/environ``. - -Running ``docker ps`` shows the 2 containers, and the ``webapp/db`` -alias name for the Redis container. - -.. code-block:: bash - - $ docker ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 4c01db0b339c ubuntu:12.04 bash 17 seconds ago Up 16 seconds webapp - d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db - diff --git a/docs/sources/use/working_with_volumes.md b/docs/sources/use/working_with_volumes.md index e95d3786b1..7d6136b85a 100644 --- a/docs/sources/use/working_with_volumes.md +++ b/docs/sources/use/working_with_volumes.md @@ -8,23 +8,23 @@ page_keywords: Examples, Usage, volume, docker, documentation, examples A *data volume* is a specially-designated directory within one or more containers that bypasses the [*Union File -System*](../../terms/layer/#ufs-def) to provide several useful features +System*](/terms/layer/#ufs-def) to provide several useful features for persistent or shared data: -- **Data volumes can be shared and reused between containers:** - This is the feature that makes data volumes so powerful. You can - use it for anything from hot database upgrades to custom backup or - replication tools. See the example below. -- **Changes to a data volume are made directly:** - Without the overhead of a copy-on-write mechanism. This is good for - very large files. -- **Changes to a data volume will not be included at the next commit:** - Because they are not recorded as regular filesystem changes in the - top layer of the [*Union File System*](../../terms/layer/#ufs-def) -- **Volumes persist until no containers use them:** - As they are a reference counted resource. The container does not need to be - running to share its volumes, but running it can help protect it - against accidental removal via `docker rm`. + - **Data volumes can be shared and reused between containers:** + This is the feature that makes data volumes so powerful. You can + use it for anything from hot database upgrades to custom backup or + replication tools. See the example below. + - **Changes to a data volume are made directly:** + Without the overhead of a copy-on-write mechanism. This is good for + very large files. + - **Changes to a data volume will not be included at the next commit:** + Because they are not recorded as regular filesystem changes in the + top layer of the [*Union File System*](/terms/layer/#ufs-def) + - **Volumes persist until no containers use them:** + As they are a reference counted resource. The container does not need to be + running to share its volumes, but running it can help protect it + against accidental removal via `docker rm`. Each container can have zero or more data volumes. @@ -50,8 +50,8 @@ not. Or, you can use the VOLUME instruction in a Dockerfile to add one or more new volumes to any container created from that image: - # BUILD-USING: docker build -t data . - # RUN-USING: docker run -name DATA data + # BUILD-USING: $ docker build -t data . + # RUN-USING: $ docker run -name DATA data FROM busybox VOLUME ["/var/volume1", "/var/volume2"] CMD ["/bin/true"] @@ -59,7 +59,7 @@ more new volumes to any container created from that image: ### Creating and mounting a Data Volume Container If you have some persistent data that you want to share between -containers, or want to use from non-persistent containers, its best to +containers, or want to use from non-persistent containers, it's best to create a named Data Volume Container, and then to mount the data from it. @@ -82,8 +82,8 @@ Interestingly, you can mount the volumes that came from the $ docker run -t -i -rm -volumes-from client1 -name client2 ubuntu bash This allows you to abstract the actual data source from users of that -data, similar to -[*ambassador\_pattern\_linking*](../ambassador_pattern_linking/#ambassador-pattern-linking). +data, similar to [*Ambassador Pattern Linking*]( +../ambassador_pattern_linking/#ambassador-pattern-linking). If you remove containers that mount volumes, including the initial DATA container, or the middleman, the volumes will not be deleted until there @@ -108,7 +108,7 @@ For example: # Usage: # sudo docker run [OPTIONS] -v /(dir. on host):/(dir. in container):(Read-Write or Read-Only) [ARG..] # Example: - sudo docker run -i -t -v /var/log:/logs_from_host:ro ubuntu bash + $ sudo docker run -i -t -v /var/log:/logs_from_host:ro ubuntu bash The command above mounts the host directory `/var/log` into the container with *read only* permissions as `/logs_from_host`. @@ -117,40 +117,34 @@ New in version v0.5.0. ### Note for OS/X users and remote daemon users: -OS/X users run `boot2docker` to create a minimalist -virtual machine running the docker daemon. That virtual machine then -launches docker commands on behalf of the OS/X command line. The means -that `host directories` refer to directories in the -`boot2docker` virtual machine, not the OS/X -filesystem. +OS/X users run `boot2docker` to create a minimalist virtual machine running +the docker daemon. That virtual machine then launches docker commands on +behalf of the OS/X command line. The means that `host directories` refer to +directories in the `boot2docker` virtual machine, not the OS/X filesystem. -Similarly, anytime when the docker daemon is on a remote machine, the -`host directories` always refer to directories on -the daemon’s machine. +Similarly, anytime when the docker daemon is on a remote machine, the +`host directories` always refer to directories on the daemon's machine. ### Backup, restore, or migrate data volumes -You cannot back up volumes using `docker export`, -`docker save` and `docker cp` -because they are external to images. Instead you can use -`--volumes-from` to start a new container that can -access the data-container’s volume. For example: +You cannot back up volumes using `docker export`, `docker save` and `docker cp` +because they are external to images. Instead you can use `--volumes-from` to +start a new container that can access the data-container's volume. For example: $ sudo docker run -rm --volumes-from DATA -v $(pwd):/backup busybox tar cvf /backup/backup.tar /data -- `-rm` - remove the container when it exits -- `--volumes-from DATA` - attach to the volumes - shared by the `DATA` container -- `-v $(pwd):/backup` - bind mount the current - directory into the container; to write the tar file to -- `busybox` - a small simpler image - good for - quick maintenance -- `tar cvf /backup/backup.tar /data` - creates an - uncompressed tar file of all the files in the `/data` - directory + - `-rm`: + remove the container when it exits + - `--volumes-from DATA`: + attach to the volumes shared by the `DATA` container + - `-v $(pwd):/backup`: + bind mount the current directory into the container; to write the tar file to + - `busybox`: + a small simpler image - good for quick maintenance + - `tar cvf /backup/backup.tar /data`: + creates an uncompressed tar file of all the files in the `/data` directory -Then to restore to the same container, or another that you’ve made -elsewhere: +Then to restore to the same container, or another that you`ve made elsewhere: # create a new data container $ sudo docker run -v /data -name DATA2 busybox true @@ -167,12 +161,11 @@ restore testing using your preferred tools. ## Known Issues -- [Issue 2702](https://github.com/dotcloud/docker/issues/2702): + - [Issue 2702](https://github.com/dotcloud/docker/issues/2702): "lxc-start: Permission denied - failed to mount" could indicate a permissions problem with AppArmor. Please see the issue for a workaround. -- [Issue 2528](https://github.com/dotcloud/docker/issues/2528): the + - [Issue 2528](https://github.com/dotcloud/docker/issues/2528): the busybox container is used to make the resulting container as small and simple as possible - whenever you need to interact with the data in the volume you mount it into another container. - diff --git a/docs/sources/use/working_with_volumes.rst b/docs/sources/use/working_with_volumes.rst deleted file mode 100644 index d2f035dc84..0000000000 --- a/docs/sources/use/working_with_volumes.rst +++ /dev/null @@ -1,164 +0,0 @@ -:title: Share Directories via Volumes -:description: How to create and share volumes -:keywords: Examples, Usage, volume, docker, documentation, examples - -.. _volume_def: - -Share Directories via Volumes -============================= - -A *data volume* is a specially-designated directory within one or more -containers that bypasses the :ref:`ufs_def` to provide several useful -features for persistent or shared data: - -* **Data volumes can be shared and reused between containers.** This - is the feature that makes data volumes so powerful. You can use it - for anything from hot database upgrades to custom backup or - replication tools. See the example below. -* **Changes to a data volume are made directly**, without the overhead - of a copy-on-write mechanism. This is good for very large files. -* **Changes to a data volume will not be included at the next commit** - because they are not recorded as regular filesystem changes in the - top layer of the :ref:`ufs_def` -* **Volumes persist until no containers use them** as they are a reference - counted resource. The container does not need to be running to share its - volumes, but running it can help protect it against accidental removal - via ``docker rm``. - -Each container can have zero or more data volumes. - -.. versionadded:: v0.3.0 - -Getting Started -............... - -Using data volumes is as simple as adding a ``-v`` parameter to the ``docker run`` -command. The ``-v`` parameter can be used more than once in order to -create more volumes within the new container. To create a new container with -two new volumes:: - - $ docker run -v /var/volume1 -v /var/volume2 busybox true - -This command will create the new container with two new volumes that -exits instantly (``true`` is pretty much the smallest, simplest program -that you can run). Once created you can mount its volumes in any other -container using the ``--volumes-from`` option; irrespective of whether the -container is running or not. - -Or, you can use the VOLUME instruction in a Dockerfile to add one or more new -volumes to any container created from that image:: - - # BUILD-USING: docker build -t data . - # RUN-USING: docker run --name DATA data - FROM busybox - VOLUME ["/var/volume1", "/var/volume2"] - CMD ["/bin/true"] - -Creating and mounting a Data Volume Container ---------------------------------------------- - -If you have some persistent data that you want to share between containers, -or want to use from non-persistent containers, its best to create a named -Data Volume Container, and then to mount the data from it. - -Create a named container with volumes to share (``/var/volume1`` and ``/var/volume2``):: - - $ docker run -v /var/volume1 -v /var/volume2 --name DATA busybox true - -Then mount those data volumes into your application containers:: - - $ docker run -t -i --rm --volumes-from DATA --name client1 ubuntu bash - -You can use multiple ``--volumes-from`` parameters to bring together multiple -data volumes from multiple containers. - -Interestingly, you can mount the volumes that came from the ``DATA`` container in -yet another container via the ``client1`` middleman container:: - - $ docker run -t -i --rm --volumes-from client1 --name client2 ubuntu bash - -This allows you to abstract the actual data source from users of that data, -similar to :ref:`ambassador_pattern_linking `. - -If you remove containers that mount volumes, including the initial DATA container, -or the middleman, the volumes will not be deleted until there are no containers still -referencing those volumes. This allows you to upgrade, or effectively migrate data volumes -between containers. - -Mount a Host Directory as a Container Volume: ---------------------------------------------- - -:: - - -v=[]: Create a bind mount with: [host-dir]:[container-dir]:[rw|ro]. - -You must specify an absolute path for ``host-dir``. -If ``host-dir`` is missing from the command, then docker creates a new volume. -If ``host-dir`` is present but points to a non-existent directory on the host, -Docker will automatically create this directory and use it as the source of the -bind-mount. - -Note that this is not available from a Dockerfile due the portability and -sharing purpose of it. The ``host-dir`` volumes are entirely host-dependent and -might not work on any other machine. - -For example:: - - sudo docker run -t -i -v /var/logs:/var/host_logs:ro ubuntu bash - -The command above mounts the host directory ``/var/logs`` into the -container with read only permissions as ``/var/host_logs``. - -.. versionadded:: v0.5.0 - - -Note for OS/X users and remote daemon users: --------------------------------------------- - -OS/X users run ``boot2docker`` to create a minimalist virtual machine running the docker daemon. That -virtual machine then launches docker commands on behalf of the OS/X command line. The means that ``host -directories`` refer to directories in the ``boot2docker`` virtual machine, not the OS/X filesystem. - -Similarly, anytime when the docker daemon is on a remote machine, the ``host directories`` always refer to directories on the daemon's machine. - -Backup, restore, or migrate data volumes ----------------------------------------- - -You cannot back up volumes using ``docker export``, ``docker save`` and ``docker cp`` -because they are external to images. -Instead you can use ``--volumes-from`` to start a new container that can access the -data-container's volume. For example:: - - $ sudo docker run --rm --volumes-from DATA -v $(pwd):/backup busybox tar cvf /backup/backup.tar /data - -* ``--rm`` - remove the container when it exits -* ``--volumes-from DATA`` - attach to the volumes shared by the ``DATA`` container -* ``-v $(pwd):/backup`` - bind mount the current directory into the container; to write the tar file to -* ``busybox`` - a small simpler image - good for quick maintenance -* ``tar cvf /backup/backup.tar /data`` - creates an uncompressed tar file of all the files in the ``/data`` directory - -Then to restore to the same container, or another that you've made elsewhere:: - - # create a new data container - $ sudo docker run -v /data --name DATA2 busybox true - # untar the backup files into the new container's data volume - $ sudo docker run --rm --volumes-from DATA2 -v $(pwd):/backup busybox tar xvf /backup/backup.tar - data/ - data/sven.txt - # compare to the original container - $ sudo docker run --rm --volumes-from DATA -v `pwd`:/backup busybox ls /data - sven.txt - - -You can use the basic techniques above to automate backup, migration and restore -testing using your preferred tools. - -Known Issues -............ - -* :issue:`2702`: "lxc-start: Permission denied - failed to mount" - could indicate a permissions problem with AppArmor. Please see the - issue for a workaround. -* :issue:`2528`: the busybox container is used to make the resulting container as small and - simple as possible - whenever you need to interact with the data in the volume - you mount it into another container. diff --git a/docs/sources/use/workingwithrepository.md b/docs/sources/use/workingwithrepository.md index c71aa60e10..07f130a909 100644 --- a/docs/sources/use/workingwithrepository.md +++ b/docs/sources/use/workingwithrepository.md @@ -6,33 +6,35 @@ page_keywords: repo, repositories, usage, pull image, push image, image, documen ## Introduction -A *repository* is a shareable collection of tagged -[*images*](../../terms/image/#image-def) that together create the file -systems for containers. The repository’s name is a label that indicates +Docker is not only a tool for creating and managing your own +[*containers*](/terms/container/#container-def) – **Docker is also a +tool for sharing**. A *repository* is a shareable collection of tagged +[*images*](/terms/image/#image-def) that together create the file +systems for containers. The repository's name is a label that indicates the provenance of the repository, i.e. who created it and where the original copy is located. -You can find one or more repositories hosted on a *registry*. There can -be an implicit or explicit host name as part of the repository tag. The -implicit registry is located at `index.docker.io`, -the home of "top-level" repositories and the Central Index. This -registry may also include public "user" repositories. +You can find one or more repositories hosted on a *registry*. There are +two types of *registry*: public and private. There's also a default +*registry* that Docker uses which is called +[Docker.io](http://index.docker.io). +[Docker.io](http://index.docker.io) is the home of +"top-level" repositories and public "user" repositories. The Docker +project provides [Docker.io](http://index.docker.io) to host public and +[private repositories](https://index.docker.io/plans/), namespaced by +user. We provide user authentication and search over all the public +repositories. -Docker is not only a tool for creating and managing your own -[*containers*](../../terms/container/#container-def) – **Docker is also -a tool for sharing**. The Docker project provides a Central Registry to -host public repositories, namespaced by user, and a Central Index which -provides user authentication and search over all the public -repositories. You can host your own Registry too! Docker acts as a -client for these services via `docker search, pull, login` -and `push`. +Docker acts as a client for these services via the `docker search, pull, +login` and `push` commands. ## Repositories ### Local Repositories Docker images which have been created and labeled on your local Docker -server need to be pushed to a Public or Private registry to be shared. +server need to be pushed to a Public (by default they are pushed to +[Docker.io](http://index.docker.io)) or Private registry to be shared. ### Public Repositories @@ -41,24 +43,29 @@ which are controlled by the Docker team, and *user* repositories created by individual contributors. Anyone can read from these repositories – they really help people get started quickly! You could also use [*Trusted Builds*](#trusted-builds) if you need to keep -control of who accesses your images, but we will only refer to public -repositories in these examples. +control of who accesses your images. -- Top-level repositories can easily be recognized by **not** having a - `/` (slash) in their name. These repositories - can generally be trusted. -- User repositories always come in the form of - `/`. This is what your - published images will look like if you push to the public Central - Registry. -- Only the authenticated user can push to their *username* namespace - on the Central Registry. -- User images are not checked, it is therefore up to you whether or - not you trust the creator of this image. +- Top-level repositories can easily be recognized by **not** having a + `/` (slash) in their name. These repositories represent trusted images + provided by the Docker team. +- User repositories always come in the form of `/`. + This is what your published images will look like if you push to the + public [Docker.io](http://index.docker.io) registry. +- Only the authenticated user can push to their *username* namespace on + a [Docker.io](http://index.docker.io) repository. +- User images are not curated, it is therefore up to you whether or not + you trust the creator of this image. -## Find Public Images on the Central Index +### Private repositories -You can search the Central Index [online](https://index.docker.io) or +You can also create private repositories on +[Docker.io](https://index.docker.io/plans/). These allow you to store +images that you don't want to share publicly. Only authenticated users +can push to private repositories. + +## Find Public Images on Docker.io + +You can search the [Docker.io](https://index.docker.io) registry or using the command line interface. Searching can find images by name, user name or description: @@ -79,9 +86,9 @@ There you can see two example results: `centos` and `slantview/centos-chef-solo`. The second result shows that it comes from the public repository of a user, `slantview/`, while the first result -(`centos`) doesn’t explicitly list a repository so -it comes from the trusted Central Repository. The `/` -character separates a user’s repository and the image name. +(`centos`) doesn't explicitly list a repository so +it comes from the trusted top-level namespace. The `/` +character separates a user's repository and the image name. Once you have found the image name, you can download it: @@ -91,36 +98,40 @@ Once you have found the image name, you can download it: 539c0211cd76: Download complete What can you do with that image? Check out the -[*Examples*](../../examples/#example-list) and, when you’re ready with +[*Examples*](/examples/#example-list) and, when you're ready with your own image, come back here to learn how to share it. -## Contributing to the Central Registry +## Contributing to Docker.io -Anyone can pull public images from the Central Registry, but if you -would like to share one of your own images, then you must register a -unique user name first. You can create your username and login on the -[central Docker Index online](https://index.docker.io/account/signup/), -or by running +Anyone can pull public images from the +[Docker.io](http://index.docker.io) registry, but if you would like to +share one of your own images, then you must register a unique user name +first. You can create your username and login on +[Docker.io](https://index.docker.io/account/signup/), or by running - sudo docker login + $ sudo docker login This will prompt you for a username, which will become a public namespace for your public repositories. If your username is available then `docker` will also prompt you to enter a password and your e-mail address. It will -then automatically log you in. Now you’re ready to commit and push your +then automatically log you in. Now you're ready to commit and push your own images! +> **Note:** +> Your authentication credentials will be stored in the [`.dockercfg` +> authentication file](#authentication-file). + ## Committing a Container to a Named Image When you make changes to an existing image, those changes get saved to a -container’s file system. You can then promote that container to become -an image by making a `commit`. In addition to -converting the container to an image, this is also your opportunity to -name the image, specifically a name that includes your user name from -the Central Docker Index (as you did a `login` -above) and a meaningful name for the image. +container's file system. You can then promote that container to become +an image by making a `commit`. In addition to converting the container +to an image, this is also your opportunity to name the image, +specifically a name that includes your user name from +[Docker.io](http://index.docker.io) (as you did a `login` above) and a +meaningful name for the image. # format is "sudo docker commit /" $ sudo docker commit $CONTAINER_ID myname/kickassapp @@ -145,66 +156,66 @@ when you push a commit. ### To setup a trusted build -1. Create a [Docker Index account](https://index.docker.io/) and login. -2. Link your GitHub account through the `Link Accounts` - menu. +1. Create a [Docker.io account](https://index.docker.io/) and login. +2. Link your GitHub account through the `Link Accounts` menu. 3. [Configure a Trusted build](https://index.docker.io/builds/). -4. Pick a GitHub project that has a `Dockerfile` - that you want to build. -5. Pick the branch you want to build (the default is the - `master` branch). +4. Pick a GitHub project that has a `Dockerfile` that you want to build. +5. Pick the branch you want to build (the default is the `master` branch). 6. Give the Trusted Build a name. 7. Assign an optional Docker tag to the Build. -8. Specify where the `Dockerfile` is located. The - default is `/`. +8. Specify where the `Dockerfile` is located. The default is `/`. Once the Trusted Build is configured it will automatically trigger a build, and in a few minutes, if there are no errors, you will see your -new trusted build on the Docker Index. It will will stay in sync with -your GitHub repo until you deactivate the Trusted Build. +new trusted build on the [Docker.io](https://index.docker.io) Registry. +It will will stay in sync with your GitHub repo until you deactivate the +Trusted Build. If you want to see the status of your Trusted Builds you can go to your [Trusted Builds page](https://index.docker.io/builds/) on the Docker index, and it will show you the status of your builds, and the build history. -Once you’ve created a Trusted Build you can deactivate or delete it. You -cannot however push to a Trusted Build with the `docker push` -command. You can only manage it by committing code to your -GitHub repository. +Once you`ve created a Trusted Build you can deactivate or delete it. You +cannot however push to a Trusted Build with the `docker push` command. +You can only manage it by committing code to your GitHub repository. You can create multiple Trusted Builds per repository and configure them -to point to specific `Dockerfile`‘s or Git branches. +to point to specific `Dockerfile`'s or Git branches. ## Private Registry -Private registries and private shared repositories are only possible by -hosting [your own -registry](https://github.com/dotcloud/docker-registry). To push or pull -to a repository on your own registry, you must prefix the tag with the -address of the registry’s host (a `.` or -`:` is used to identify a host), like this: +Private registries are possible by hosting [your own +registry](https://github.com/dotcloud/docker-registry). + +> **Note**: +> You can also use private repositories on +> [Docker.io](https://index.docker.io/plans/). + +To push or pull to a repository on your own registry, you must prefix +the tag with the address of the registry's host (a `.` or `:` is used to +identify a host), like this: # Tag to create a repository with the full registry location. # The location (e.g. localhost.localdomain:5000) becomes # a permanent part of the repository name - sudo docker tag 0u812deadbeef localhost.localdomain:5000/repo_name + $ sudo docker tag 0u812deadbeef localhost.localdomain:5000/repo_name # Push the new repository to its home location on localhost - sudo docker push localhost.localdomain:5000/repo_name + $ sudo docker push localhost.localdomain:5000/repo_name -Once a repository has your registry’s host name as part of the tag, you +Once a repository has your registry's host name as part of the tag, you can push and pull it like any other repository, but it will **not** be -searchable (or indexed at all) in the Central Index, and there will be +searchable (or indexed at all) on [Docker.io](http://index.docker.io), and there will be no user name checking performed. Your registry will function completely -independently from the Central Index. +independently from the [Docker.io](http://index.docker.io) registry. See also -[Docker Blog: How to use your own -registry](http://blog.docker.io/2013/07/how-to-use-your-own-registry/) +[Docker Blog: How to use your own registry]( +http://blog.docker.io/2013/07/how-to-use-your-own-registry/) ## Authentication File @@ -212,11 +223,11 @@ The authentication is stored in a json file, `.dockercfg` located in your home directory. It supports multiple registry urls. -`docker login` will create the -"[https://index.docker.io/v1/](https://index.docker.io/v1/)" key. +`docker login` will create the "[https://index.docker.io/v1/]( +https://index.docker.io/v1/)" key. -`docker login https://my-registry.com` will create -the "[https://my-registry.com](https://my-registry.com)" key. +`docker login https://my-registry.com` will create the +"[https://my-registry.com](https://my-registry.com)" key. For example: diff --git a/docs/sources/use/workingwithrepository.rst b/docs/sources/use/workingwithrepository.rst deleted file mode 100644 index c126361f8c..0000000000 --- a/docs/sources/use/workingwithrepository.rst +++ /dev/null @@ -1,256 +0,0 @@ -:title: Share Images via Repositories -:description: Repositories allow users to share images. -:keywords: repo, repositories, usage, pull image, push image, image, documentation - -.. _working_with_the_repository: - -Share Images via Repositories -============================= - -A *repository* is a shareable collection of tagged :ref:`images` -that together create the file systems for containers. The -repository's name is a label that indicates the provenance of the -repository, i.e. who created it and where the original copy is -located. - -You can find one or more repositories hosted on a *registry*. There -can be an implicit or explicit host name as part of the repository -tag. The implicit registry is located at ``index.docker.io``, the home -of "top-level" repositories and the Central Index. This registry may -also include public "user" repositories. - -Docker is not only a tool for creating and managing your own -:ref:`containers ` -- **Docker is also a tool for -sharing**. The Docker project provides a Central Registry to host -public repositories, namespaced by user, and a Central Index which -provides user authentication and search over all the public -repositories. You can host your own Registry too! Docker acts as a -client for these services via ``docker search, pull, login`` and -``push``. - -Local Repositories ------------------- - -Docker images which have been created and labeled on your local Docker server -need to be pushed to a Public or Private registry to be shared. - -.. _using_public_repositories: - -Public Repositories -------------------- - -There are two types of public repositories: *top-level* repositories -which are controlled by the Docker team, and *user* repositories -created by individual contributors. Anyone can read from these -repositories -- they really help people get started quickly! You could -also use :ref:`using_private_repositories` if you need to keep control -of who accesses your images, but we will only refer to public -repositories in these examples. - -* Top-level repositories can easily be recognized by **not** having a - ``/`` (slash) in their name. These repositories can generally be - trusted. -* User repositories always come in the form of - ``/``. This is what your published images will - look like if you push to the public Central Registry. -* Only the authenticated user can push to their *username* namespace - on the Central Registry. -* User images are not checked, it is therefore up to you whether or - not you trust the creator of this image. - -.. _searching_central_index: - -Find Public Images on the Central Index ---------------------------------------- - -You can search the Central Index `online `_ -or using the command line interface. Searching can find images by name, user -name or description: - -.. code-block:: bash - - $ sudo docker help search - Usage: docker search NAME - - Search the docker index for images - - --no-trunc=false: Don't truncate output - $ sudo docker search centos - Found 25 results matching your query ("centos") - NAME DESCRIPTION - centos - slantview/centos-chef-solo CentOS 6.4 with chef-solo. - ... - -There you can see two example results: ``centos`` and -``slantview/centos-chef-solo``. The second result shows that it comes -from the public repository of a user, ``slantview/``, while the first -result (``centos``) doesn't explicitly list a repository so it comes -from the trusted Central Repository. The ``/`` character separates a -user's repository and the image name. - -Once you have found the image name, you can download it: - -.. code-block:: bash - - # sudo docker pull - $ sudo docker pull centos - Pulling repository centos - 539c0211cd76: Download complete - -What can you do with that image? Check out the :ref:`example_list` -and, when you're ready with your own image, come back here to learn -how to share it. - -Contributing to the Central Registry ------------------------------------- - -Anyone can pull public images from the Central Registry, but if you -would like to share one of your own images, then you must register a -unique user name first. You can create your username and login on the -`central Docker Index online -`_, or by running - -.. code-block:: bash - - sudo docker login - -This will prompt you for a username, which will become a public -namespace for your public repositories. - -If your username is available then ``docker`` will also prompt you to -enter a password and your e-mail address. It will then automatically -log you in. Now you're ready to commit and push your own images! - -.. _container_commit: - -Committing a Container to a Named Image ---------------------------------------- - -When you make changes to an existing image, those changes get saved to -a container's file system. You can then promote that container to -become an image by making a ``commit``. In addition to converting the -container to an image, this is also your opportunity to name the -image, specifically a name that includes your user name from the -Central Docker Index (as you did a ``login`` above) and a meaningful -name for the image. - -.. code-block:: bash - - # format is "sudo docker commit /" - $ sudo docker commit $CONTAINER_ID myname/kickassapp - -.. _image_push: - -Pushing a repository to its registry ------------------------------------- - -In order to push an repository to its registry you need to have named an image, -or committed your container to a named image (see above) - -Now you can push this repository to the registry designated by its name -or tag. - -.. code-block:: bash - - # format is "docker push /" - $ sudo docker push myname/kickassapp - -.. _using_private_repositories: - -Trusted Builds --------------- - -Trusted Builds automate the building and updating of images from GitHub, directly -on ``docker.io`` servers. It works by adding a commit hook to your selected repository, -triggering a build and update when you push a commit. - -To setup a trusted build -++++++++++++++++++++++++ - -#. Create a `Docker Index account `_ and login. -#. Link your GitHub account through the ``Link Accounts`` menu. -#. `Configure a Trusted build `_. -#. Pick a GitHub project that has a ``Dockerfile`` that you want to build. -#. Pick the branch you want to build (the default is the ``master`` branch). -#. Give the Trusted Build a name. -#. Assign an optional Docker tag to the Build. -#. Specify where the ``Dockerfile`` is located. The default is ``/``. - -Once the Trusted Build is configured it will automatically trigger a build, and -in a few minutes, if there are no errors, you will see your new trusted build -on the Docker Index. It will will stay in sync with your GitHub repo until you -deactivate the Trusted Build. - -If you want to see the status of your Trusted Builds you can go to your -`Trusted Builds page `_ on the Docker index, -and it will show you the status of your builds, and the build history. - -Once you've created a Trusted Build you can deactivate or delete it. You cannot -however push to a Trusted Build with the ``docker push`` command. You can only -manage it by committing code to your GitHub repository. - -You can create multiple Trusted Builds per repository and configure them to -point to specific ``Dockerfile``'s or Git branches. - -Private Registry ----------------- - -Private registries and private shared repositories are -only possible by hosting `your own registry -`_. To push or pull to a -repository on your own registry, you must prefix the tag with the -address of the registry's host (a ``.`` or ``:`` is used to identify a host), -like this: - -.. code-block:: bash - - # Tag to create a repository with the full registry location. - # The location (e.g. localhost.localdomain:5000) becomes - # a permanent part of the repository name - sudo docker tag 0u812deadbeef localhost.localdomain:5000/repo_name - - # Push the new repository to its home location on localhost - sudo docker push localhost.localdomain:5000/repo_name - -Once a repository has your registry's host name as part of the tag, -you can push and pull it like any other repository, but it will -**not** be searchable (or indexed at all) in the Central Index, and -there will be no user name checking performed. Your registry will -function completely independently from the Central Index. - -.. raw:: html - - - -.. seealso:: `Docker Blog: How to use your own registry - `_ - -Authentication file -------------------- - -The authentication is stored in a json file, ``.dockercfg`` located in your -home directory. It supports multiple registry urls. - -``docker login`` will create the "https://index.docker.io/v1/" key. - -``docker login https://my-registry.com`` will create the "https://my-registry.com" key. - -For example: - -.. code-block:: json - - { - "https://index.docker.io/v1/": { - "auth": "xXxXxXxXxXx=", - "email": "email@example.com" - }, - "https://my-registry.com": { - "auth": "XxXxXxXxXxX=", - "email": "email@my-registry.com" - } - } - -The ``auth`` field represents ``base64(:)`` diff --git a/docs/theme/MAINTAINERS b/docs/theme/MAINTAINERS index 93231b1223..081aa684d4 100644 --- a/docs/theme/MAINTAINERS +++ b/docs/theme/MAINTAINERS @@ -1 +1,2 @@ +O.S. Tezer (@OSTezer) Thatcher Peskens (@dhrp) diff --git a/docs/theme/docker/layout.html b/docs/theme/docker/layout.html deleted file mode 100755 index 0dac9e0680..0000000000 --- a/docs/theme/docker/layout.html +++ /dev/null @@ -1,78 +0,0 @@ - - - - - - - {{ meta['title'] if meta and meta['title'] else title }} - Docker Documentation - - - - - - - {%- set url_root = pathto('', 1) %} - {%- if url_root == '#' %}{% set url_root = '' %}{% endif %} - - {%- if current_version == 'latest' %} - {% set github_tag = 'master' %} - {% else %} - {% set github_tag = current_version %} - {% endif %} - - - - {%- set css_files = css_files + ['_static/css/bootstrap.css'] %} - {%- set css_files = css_files + ['_static/pygments.css'] %} - {%- set css_files = css_files + ['_static/css/main.css'] %} - - {%- set script_files = - ['//code.jquery.com/jquery-1.10.1.min.js'] - + ['//fonts.googleapis.com/css?family=Cabin:400,700,400italic'] - %} - - {# - This part is hopefully complex because things like |cut '/index/' are not available in Sphinx jinja - and will make it crash. (and we need index/ out. - #} - - - {%- for cssfile in css_files %} - - {%- endfor %} - - {%- for scriptfile in script_files if scriptfile != '_static/jquery.js' %} - - {%- endfor %} - - {%- block extrahead %}{% endblock %} - - - - - - -
- - -
- {% block body %}{% endblock %} -
- -
- - - diff --git a/docs/theme/docker/redirect_build.html b/docs/theme/docker/redirect_build.html deleted file mode 100644 index 1f26fc3aaa..0000000000 --- a/docs/theme/docker/redirect_build.html +++ /dev/null @@ -1,12 +0,0 @@ - - - - Page Moved - - - - -This page has moved. Perhaps you should visit the Builder page - - - diff --git a/docs/theme/docker/redirect_home.html b/docs/theme/docker/redirect_home.html deleted file mode 100644 index 109239f819..0000000000 --- a/docs/theme/docker/redirect_home.html +++ /dev/null @@ -1,12 +0,0 @@ - - - - Page Moved - - - - -This page has moved. Perhaps you should visit the Documentation Homepage - - - diff --git a/docs/theme/docker/static/css/bootstrap.css b/docs/theme/docker/static/css/bootstrap.css deleted file mode 100755 index b255056927..0000000000 --- a/docs/theme/docker/static/css/bootstrap.css +++ /dev/null @@ -1,6158 +0,0 @@ -/*! - * Bootstrap v2.3.0 - * - * Copyright 2012 Twitter, Inc - * Licensed under the Apache License v2.0 - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Designed and built with all the love in the world @twitter by @mdo and @fat. - */ - -.clearfix { - *zoom: 1; -} - -.clearfix:before, -.clearfix:after { - display: table; - line-height: 0; - content: ""; -} - -.clearfix:after { - clear: both; -} - -.hide-text { - font: 0/0 a; - color: transparent; - text-shadow: none; - background-color: transparent; - border: 0; -} - -.input-block-level { - display: block; - width: 100%; - min-height: 30px; - -webkit-box-sizing: border-box; - -moz-box-sizing: border-box; - box-sizing: border-box; -} - -article, -aside, -details, -figcaption, -figure, -footer, -header, -hgroup, -nav, -section { - display: block; -} - -audio, -canvas, -video { - display: inline-block; - *display: inline; - *zoom: 1; -} - -audio:not([controls]) { - display: none; -} - -html { - font-size: 100%; - -webkit-text-size-adjust: 100%; - -ms-text-size-adjust: 100%; -} - -a:focus { - outline: thin dotted #333; - outline: 5px auto -webkit-focus-ring-color; - outline-offset: -2px; -} - -a:hover, -a:active { - outline: 0; -} - -sub, -sup { - position: relative; - font-size: 75%; - line-height: 0; - vertical-align: baseline; -} - -sup { - top: -0.5em; -} - -sub { - bottom: -0.25em; -} - -img { - width: auto\9; - height: auto; - max-width: 100%; - vertical-align: middle; - border: 0; - -ms-interpolation-mode: bicubic; -} - -#map_canvas img, -.google-maps img { - max-width: none; -} - -button, -input, -select, -textarea { - margin: 0; - font-size: 100%; - vertical-align: middle; -} - -button, -input { - *overflow: visible; - line-height: normal; -} - -button::-moz-focus-inner, -input::-moz-focus-inner { - padding: 0; - border: 0; -} - -button, -html input[type="button"], -input[type="reset"], -input[type="submit"] { - cursor: pointer; - -webkit-appearance: button; -} - -label, -select, -button, -input[type="button"], -input[type="reset"], -input[type="submit"], -input[type="radio"], -input[type="checkbox"] { - cursor: pointer; -} - -input[type="search"] { - -webkit-box-sizing: content-box; - -moz-box-sizing: content-box; - box-sizing: content-box; - -webkit-appearance: textfield; -} - -input[type="search"]::-webkit-search-decoration, -input[type="search"]::-webkit-search-cancel-button { - -webkit-appearance: none; -} - -textarea { - overflow: auto; - vertical-align: top; -} - -@media print { - * { - color: #000 !important; - text-shadow: none !important; - background: transparent !important; - box-shadow: none !important; - } - a, - a:visited { - text-decoration: underline; - } - a[href]:after { - content: " (" attr(href) ")"; - } - abbr[title]:after { - content: " (" attr(title) ")"; - } - .ir a:after, - a[href^="javascript:"]:after, - a[href^="#"]:after { - content: ""; - } - pre, - blockquote { - border: 1px solid #999; - page-break-inside: avoid; - } - thead { - display: table-header-group; - } - tr, - img { - page-break-inside: avoid; - } - img { - max-width: 100% !important; - } - @page { - margin: 0.5cm; - } - p, - h2, - h3 { - orphans: 3; - widows: 3; - } - h2, - h3 { - page-break-after: avoid; - } -} - -body { - margin: 0; - font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; - font-size: 14px; - line-height: 20px; - color: #333333; - background-color: #ffffff; -} - -a { - color: #0088cc; - text-decoration: none; -} - -a:hover, -a:focus { - color: #005580; - text-decoration: underline; -} - -.img-rounded { - -webkit-border-radius: 6px; - -moz-border-radius: 6px; - border-radius: 6px; -} - -.img-polaroid { - padding: 4px; - background-color: #fff; - border: 1px solid #ccc; - border: 1px solid rgba(0, 0, 0, 0.2); - -webkit-box-shadow: 0 1px 3px rgba(0, 0, 0, 0.1); - -moz-box-shadow: 0 1px 3px rgba(0, 0, 0, 0.1); - box-shadow: 0 1px 3px rgba(0, 0, 0, 0.1); -} - -.img-circle { - -webkit-border-radius: 500px; - -moz-border-radius: 500px; - border-radius: 500px; -} - -.row { - margin-left: -20px; - *zoom: 1; -} - -.row:before, -.row:after { - display: table; - line-height: 0; - content: ""; -} - -.row:after { - clear: both; -} - -[class*="span"] { - float: left; - min-height: 1px; - margin-left: 20px; -} - -.container, -.navbar-static-top .container, -.navbar-fixed-top .container, -.navbar-fixed-bottom .container { - width: 940px; -} - -.span12 { - width: 940px; -} - -.span11 { - width: 860px; -} - -.span10 { - width: 780px; -} - -.span9 { - width: 700px; -} - -.span8 { - width: 620px; -} - -.span7 { - width: 540px; -} - -.span6 { - width: 460px; -} - -.span5 { - width: 380px; -} - -.span4 { - width: 300px; -} - -.span3 { - width: 220px; -} - -.span2 { - width: 140px; -} - -.span1 { - width: 60px; -} - -.offset12 { - margin-left: 980px; -} - -.offset11 { - margin-left: 900px; -} - -.offset10 { - margin-left: 820px; -} - -.offset9 { - margin-left: 740px; -} - -.offset8 { - margin-left: 660px; -} - -.offset7 { - margin-left: 580px; -} - -.offset6 { - margin-left: 500px; -} - -.offset5 { - margin-left: 420px; -} - -.offset4 { - margin-left: 340px; -} - -.offset3 { - margin-left: 260px; -} - -.offset2 { - margin-left: 180px; -} - -.offset1 { - margin-left: 100px; -} - -.row-fluid { - width: 100%; - *zoom: 1; -} - -.row-fluid:before, -.row-fluid:after { - display: table; - line-height: 0; - content: ""; -} - -.row-fluid:after { - clear: both; -} - -.row-fluid [class*="span"] { - display: block; - float: left; - width: 100%; - min-height: 30px; - margin-left: 2.127659574468085%; - *margin-left: 2.074468085106383%; - -webkit-box-sizing: border-box; - -moz-box-sizing: border-box; - box-sizing: border-box; -} - -.row-fluid [class*="span"]:first-child { - margin-left: 0; -} - -.row-fluid .controls-row [class*="span"] + [class*="span"] { - margin-left: 2.127659574468085%; -} - -.row-fluid .span12 { - width: 100%; - *width: 99.94680851063829%; -} - -.row-fluid .span11 { - width: 91.48936170212765%; - *width: 91.43617021276594%; -} - -.row-fluid .span10 { - width: 82.97872340425532%; - *width: 82.92553191489361%; -} - -.row-fluid .span9 { - width: 74.46808510638297%; - *width: 74.41489361702126%; -} - -.row-fluid .span8 { - width: 65.95744680851064%; - *width: 65.90425531914893%; -} - -.row-fluid .span7 { - width: 57.44680851063829%; - *width: 57.39361702127659%; -} - -.row-fluid .span6 { - width: 48.93617021276595%; - *width: 48.88297872340425%; -} - -.row-fluid .span5 { - width: 40.42553191489362%; - *width: 40.37234042553192%; -} - -.row-fluid .span4 { - width: 31.914893617021278%; - *width: 31.861702127659576%; -} - -.row-fluid .span3 { - width: 23.404255319148934%; - *width: 23.351063829787233%; -} - -.row-fluid .span2 { - width: 14.893617021276595%; - *width: 14.840425531914894%; -} - -.row-fluid .span1 { - width: 6.382978723404255%; - *width: 6.329787234042553%; -} - -.row-fluid .offset12 { - margin-left: 104.25531914893617%; - *margin-left: 104.14893617021275%; -} - -.row-fluid .offset12:first-child { - margin-left: 102.12765957446808%; - *margin-left: 102.02127659574467%; -} - -.row-fluid .offset11 { - margin-left: 95.74468085106382%; - *margin-left: 95.6382978723404%; -} - -.row-fluid .offset11:first-child { - margin-left: 93.61702127659574%; - *margin-left: 93.51063829787232%; -} - -.row-fluid .offset10 { - margin-left: 87.23404255319149%; - *margin-left: 87.12765957446807%; -} - -.row-fluid .offset10:first-child { - margin-left: 85.1063829787234%; - *margin-left: 84.99999999999999%; -} - -.row-fluid .offset9 { - margin-left: 78.72340425531914%; - *margin-left: 78.61702127659572%; -} - -.row-fluid .offset9:first-child { - margin-left: 76.59574468085106%; - *margin-left: 76.48936170212764%; -} - -.row-fluid .offset8 { - margin-left: 70.2127659574468%; - *margin-left: 70.10638297872339%; -} - -.row-fluid .offset8:first-child { - margin-left: 68.08510638297872%; - *margin-left: 67.9787234042553%; -} - -.row-fluid .offset7 { - margin-left: 61.70212765957446%; - *margin-left: 61.59574468085106%; -} - -.row-fluid .offset7:first-child { - margin-left: 59.574468085106375%; - *margin-left: 59.46808510638297%; -} - -.row-fluid .offset6 { - margin-left: 53.191489361702125%; - *margin-left: 53.085106382978715%; -} - -.row-fluid .offset6:first-child { - margin-left: 51.063829787234035%; - *margin-left: 50.95744680851063%; -} - -.row-fluid .offset5 { - margin-left: 44.68085106382979%; - *margin-left: 44.57446808510638%; -} - -.row-fluid .offset5:first-child { - margin-left: 42.5531914893617%; - *margin-left: 42.4468085106383%; -} - -.row-fluid .offset4 { - margin-left: 36.170212765957444%; - *margin-left: 36.06382978723405%; -} - -.row-fluid .offset4:first-child { - margin-left: 34.04255319148936%; - *margin-left: 33.93617021276596%; -} - -.row-fluid .offset3 { - margin-left: 27.659574468085104%; - *margin-left: 27.5531914893617%; -} - -.row-fluid .offset3:first-child { - margin-left: 25.53191489361702%; - *margin-left: 25.425531914893618%; -} - -.row-fluid .offset2 { - margin-left: 19.148936170212764%; - *margin-left: 19.04255319148936%; -} - -.row-fluid .offset2:first-child { - margin-left: 17.02127659574468%; - *margin-left: 16.914893617021278%; -} - -.row-fluid .offset1 { - margin-left: 10.638297872340425%; - *margin-left: 10.53191489361702%; -} - -.row-fluid .offset1:first-child { - margin-left: 8.51063829787234%; - *margin-left: 8.404255319148938%; -} - -[class*="span"].hide, -.row-fluid [class*="span"].hide { - display: none; -} - -[class*="span"].pull-right, -.row-fluid [class*="span"].pull-right { - float: right; -} - -.container { - margin-right: auto; - margin-left: auto; - *zoom: 1; -} - -.container:before, -.container:after { - display: table; - line-height: 0; - content: ""; -} - -.container:after { - clear: both; -} - -.container-fluid { - padding-right: 20px; - padding-left: 20px; - *zoom: 1; -} - -.container-fluid:before, -.container-fluid:after { - display: table; - line-height: 0; - content: ""; -} - -.container-fluid:after { - clear: both; -} - -p { - margin: 0 0 10px; -} - -.lead { - margin-bottom: 20px; - font-size: 21px; - font-weight: 200; - line-height: 30px; -} - -small { - font-size: 85%; -} - -strong { - font-weight: bold; -} - -em { - font-style: italic; -} - -cite { - font-style: normal; -} - -.muted { - color: #999999; -} - -a.muted:hover, -a.muted:focus { - color: #808080; -} - -.text-warning { - color: #c09853; -} - -a.text-warning:hover, -a.text-warning:focus { - color: #a47e3c; -} - -.text-error { - color: #b94a48; -} - -a.text-error:hover, -a.text-error:focus { - color: #953b39; -} - -.text-info { - color: #3a87ad; -} - -a.text-info:hover, -a.text-info:focus { - color: #2d6987; -} - -.text-success { - color: #468847; -} - -a.text-success:hover, -a.text-success:focus { - color: #356635; -} - -.text-left { - text-align: left; -} - -.text-right { - text-align: right; -} - -.text-center { - text-align: center; -} - -h1, -h2, -h3, -h4, -h5, -h6 { - margin: 10px 0; - font-family: inherit; - font-weight: bold; - line-height: 20px; - color: inherit; - text-rendering: optimizelegibility; -} - -h1 small, -h2 small, -h3 small, -h4 small, -h5 small, -h6 small { - font-weight: normal; - line-height: 1; - color: #999999; -} - -h1, -h2, -h3 { - line-height: 40px; -} - -h1 { - font-size: 38.5px; -} - -h2 { - font-size: 31.5px; -} - -h3 { - font-size: 24.5px; -} - -h4 { - font-size: 17.5px; -} - -h5 { - font-size: 14px; -} - -h6 { - font-size: 11.9px; -} - -h1 small { - font-size: 24.5px; -} - -h2 small { - font-size: 17.5px; -} - -h3 small { - font-size: 14px; -} - -h4 small { - font-size: 14px; -} - -.page-header { - padding-bottom: 9px; - margin: 20px 0 30px; - border-bottom: 1px solid #eeeeee; -} - -ul, -ol { - padding: 0; - margin: 0 0 10px 25px; -} - -ul ul, -ul ol, -ol ol, -ol ul { - margin-bottom: 0; -} - -li { - line-height: 20px; -} - -ul.unstyled, -ol.unstyled { - margin-left: 0; - list-style: none; -} - -ul.inline, -ol.inline { - margin-left: 0; - list-style: none; -} - -ul.inline > li, -ol.inline > li { - display: inline-block; - *display: inline; - padding-right: 5px; - padding-left: 5px; - *zoom: 1; -} - -dl { - margin-bottom: 20px; -} - -dt, -dd { - line-height: 20px; -} - -dt { - font-weight: bold; -} - -dd { - margin-left: 10px; -} - -.dl-horizontal { - *zoom: 1; -} - -.dl-horizontal:before, -.dl-horizontal:after { - display: table; - line-height: 0; - content: ""; -} - -.dl-horizontal:after { - clear: both; -} - -.dl-horizontal dt { - float: left; - width: 160px; - overflow: hidden; - clear: left; - text-align: right; - text-overflow: ellipsis; - white-space: nowrap; -} - -.dl-horizontal dd { - margin-left: 180px; -} - -hr { - margin: 20px 0; - border: 0; - border-top: 1px solid #eeeeee; - border-bottom: 1px solid #ffffff; -} - -abbr[title], -abbr[data-original-title] { - cursor: help; - border-bottom: 1px dotted #999999; -} - -abbr.initialism { - font-size: 90%; - text-transform: uppercase; -} - -blockquote { - padding: 0 0 0 15px; - margin: 0 0 20px; - border-left: 5px solid #eeeeee; -} - -blockquote p { - margin-bottom: 0; - font-size: 17.5px; - font-weight: 300; - line-height: 1.25; -} - -blockquote small { - display: block; - line-height: 20px; - color: #999999; -} - -blockquote small:before { - content: '\2014 \00A0'; -} - -blockquote.pull-right { - float: right; - padding-right: 15px; - padding-left: 0; - border-right: 5px solid #eeeeee; - border-left: 0; -} - -blockquote.pull-right p, -blockquote.pull-right small { - text-align: right; -} - -blockquote.pull-right small:before { - content: ''; -} - -blockquote.pull-right small:after { - content: '\00A0 \2014'; -} - -q:before, -q:after, -blockquote:before, -blockquote:after { - content: ""; -} - -address { - display: block; - margin-bottom: 20px; - font-style: normal; - line-height: 20px; -} - -code, -pre { - padding: 0 3px 2px; - font-family: Monaco, Menlo, Consolas, "Courier New", monospace; - font-size: 12px; - color: #333333; - -webkit-border-radius: 3px; - -moz-border-radius: 3px; - border-radius: 3px; -} - -code { - padding: 2px 4px; - color: #d14; - white-space: nowrap; - background-color: #f7f7f9; - border: 1px solid #e1e1e8; -} - -pre { - display: block; - padding: 9.5px; - margin: 0 0 10px; - font-size: 13px; - line-height: 20px; - word-break: break-all; - word-wrap: break-word; - white-space: pre; - white-space: pre-wrap; - background-color: #f5f5f5; - border: 1px solid #ccc; - border: 1px solid rgba(0, 0, 0, 0.15); - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; -} - -pre.prettyprint { - margin-bottom: 20px; -} - -pre code { - padding: 0; - color: inherit; - white-space: pre; - white-space: pre-wrap; - background-color: transparent; - border: 0; -} - -.pre-scrollable { - max-height: 340px; - overflow-y: scroll; -} - -form { - margin: 0 0 20px; -} - -fieldset { - padding: 0; - margin: 0; - border: 0; -} - -legend { - display: block; - width: 100%; - padding: 0; - margin-bottom: 20px; - font-size: 21px; - line-height: 40px; - color: #333333; - border: 0; - border-bottom: 1px solid #e5e5e5; -} - -legend small { - font-size: 15px; - color: #999999; -} - -label, -input, -button, -select, -textarea { - font-size: 14px; - font-weight: normal; - line-height: 20px; -} - -input, -button, -select, -textarea { - font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; -} - -label { - display: block; - margin-bottom: 5px; -} - -select, -textarea, -input[type="text"], -input[type="password"], -input[type="datetime"], -input[type="datetime-local"], -input[type="date"], -input[type="month"], -input[type="time"], -input[type="week"], -input[type="number"], -input[type="email"], -input[type="url"], -input[type="search"], -input[type="tel"], -input[type="color"], -.uneditable-input { - display: inline-block; - height: 20px; - padding: 4px 6px; - margin-bottom: 10px; - font-size: 14px; - line-height: 20px; - color: #555555; - vertical-align: middle; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; -} - -input, -textarea, -.uneditable-input { - width: 206px; -} - -textarea { - height: auto; -} - -textarea, -input[type="text"], -input[type="password"], -input[type="datetime"], -input[type="datetime-local"], -input[type="date"], -input[type="month"], -input[type="time"], -input[type="week"], -input[type="number"], -input[type="email"], -input[type="url"], -input[type="search"], -input[type="tel"], -input[type="color"], -.uneditable-input { - background-color: #ffffff; - border: 1px solid #cccccc; - -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); - -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); - -webkit-transition: border linear 0.2s, box-shadow linear 0.2s; - -moz-transition: border linear 0.2s, box-shadow linear 0.2s; - -o-transition: border linear 0.2s, box-shadow linear 0.2s; - transition: border linear 0.2s, box-shadow linear 0.2s; -} - -textarea:focus, -input[type="text"]:focus, -input[type="password"]:focus, -input[type="datetime"]:focus, -input[type="datetime-local"]:focus, -input[type="date"]:focus, -input[type="month"]:focus, -input[type="time"]:focus, -input[type="week"]:focus, -input[type="number"]:focus, -input[type="email"]:focus, -input[type="url"]:focus, -input[type="search"]:focus, -input[type="tel"]:focus, -input[type="color"]:focus, -.uneditable-input:focus { - border-color: rgba(82, 168, 236, 0.8); - outline: 0; - outline: thin dotted \9; - /* IE6-9 */ - - -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 8px rgba(82, 168, 236, 0.6); - -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 8px rgba(82, 168, 236, 0.6); - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 8px rgba(82, 168, 236, 0.6); -} - -input[type="radio"], -input[type="checkbox"] { - margin: 4px 0 0; - margin-top: 1px \9; - *margin-top: 0; - line-height: normal; -} - -input[type="file"], -input[type="image"], -input[type="submit"], -input[type="reset"], -input[type="button"], -input[type="radio"], -input[type="checkbox"] { - width: auto; -} - -select, -input[type="file"] { - height: 30px; - /* In IE7, the height of the select element cannot be changed by height, only font-size */ - - *margin-top: 4px; - /* For IE7, add top margin to align select with labels */ - - line-height: 30px; -} - -select { - width: 220px; - background-color: #ffffff; - border: 1px solid #cccccc; -} - -select[multiple], -select[size] { - height: auto; -} - -select:focus, -input[type="file"]:focus, -input[type="radio"]:focus, -input[type="checkbox"]:focus { - outline: thin dotted #333; - outline: 5px auto -webkit-focus-ring-color; - outline-offset: -2px; -} - -.uneditable-input, -.uneditable-textarea { - color: #999999; - cursor: not-allowed; - background-color: #fcfcfc; - border-color: #cccccc; - -webkit-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.025); - -moz-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.025); - box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.025); -} - -.uneditable-input { - overflow: hidden; - white-space: nowrap; -} - -.uneditable-textarea { - width: auto; - height: auto; -} - -input:-moz-placeholder, -textarea:-moz-placeholder { - color: #999999; -} - -input:-ms-input-placeholder, -textarea:-ms-input-placeholder { - color: #999999; -} - -input::-webkit-input-placeholder, -textarea::-webkit-input-placeholder { - color: #999999; -} - -.radio, -.checkbox { - min-height: 20px; - padding-left: 20px; -} - -.radio input[type="radio"], -.checkbox input[type="checkbox"] { - float: left; - margin-left: -20px; -} - -.controls > .radio:first-child, -.controls > .checkbox:first-child { - padding-top: 5px; -} - -.radio.inline, -.checkbox.inline { - display: inline-block; - padding-top: 5px; - margin-bottom: 0; - vertical-align: middle; -} - -.radio.inline + .radio.inline, -.checkbox.inline + .checkbox.inline { - margin-left: 10px; -} - -.input-mini { - width: 60px; -} - -.input-small { - width: 90px; -} - -.input-medium { - width: 150px; -} - -.input-large { - width: 210px; -} - -.input-xlarge { - width: 270px; -} - -.input-xxlarge { - width: 530px; -} - -input[class*="span"], -select[class*="span"], -textarea[class*="span"], -.uneditable-input[class*="span"], -.row-fluid input[class*="span"], -.row-fluid select[class*="span"], -.row-fluid textarea[class*="span"], -.row-fluid .uneditable-input[class*="span"] { - float: none; - margin-left: 0; -} - -.input-append input[class*="span"], -.input-append .uneditable-input[class*="span"], -.input-prepend input[class*="span"], -.input-prepend .uneditable-input[class*="span"], -.row-fluid input[class*="span"], -.row-fluid select[class*="span"], -.row-fluid textarea[class*="span"], -.row-fluid .uneditable-input[class*="span"], -.row-fluid .input-prepend [class*="span"], -.row-fluid .input-append [class*="span"] { - display: inline-block; -} - -input, -textarea, -.uneditable-input { - margin-left: 0; -} - -.controls-row [class*="span"] + [class*="span"] { - margin-left: 20px; -} - -input.span12, -textarea.span12, -.uneditable-input.span12 { - width: 926px; -} - -input.span11, -textarea.span11, -.uneditable-input.span11 { - width: 846px; -} - -input.span10, -textarea.span10, -.uneditable-input.span10 { - width: 766px; -} - -input.span9, -textarea.span9, -.uneditable-input.span9 { - width: 686px; -} - -input.span8, -textarea.span8, -.uneditable-input.span8 { - width: 606px; -} - -input.span7, -textarea.span7, -.uneditable-input.span7 { - width: 526px; -} - -input.span6, -textarea.span6, -.uneditable-input.span6 { - width: 446px; -} - -input.span5, -textarea.span5, -.uneditable-input.span5 { - width: 366px; -} - -input.span4, -textarea.span4, -.uneditable-input.span4 { - width: 286px; -} - -input.span3, -textarea.span3, -.uneditable-input.span3 { - width: 206px; -} - -input.span2, -textarea.span2, -.uneditable-input.span2 { - width: 126px; -} - -input.span1, -textarea.span1, -.uneditable-input.span1 { - width: 46px; -} - -.controls-row { - *zoom: 1; -} - -.controls-row:before, -.controls-row:after { - display: table; - line-height: 0; - content: ""; -} - -.controls-row:after { - clear: both; -} - -.controls-row [class*="span"], -.row-fluid .controls-row [class*="span"] { - float: left; -} - -.controls-row .checkbox[class*="span"], -.controls-row .radio[class*="span"] { - padding-top: 5px; -} - -input[disabled], -select[disabled], -textarea[disabled], -input[readonly], -select[readonly], -textarea[readonly] { - cursor: not-allowed; - background-color: #eeeeee; -} - -input[type="radio"][disabled], -input[type="checkbox"][disabled], -input[type="radio"][readonly], -input[type="checkbox"][readonly] { - background-color: transparent; -} - -.control-group.warning .control-label, -.control-group.warning .help-block, -.control-group.warning .help-inline { - color: #c09853; -} - -.control-group.warning .checkbox, -.control-group.warning .radio, -.control-group.warning input, -.control-group.warning select, -.control-group.warning textarea { - color: #c09853; -} - -.control-group.warning input, -.control-group.warning select, -.control-group.warning textarea { - border-color: #c09853; - -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); - -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); -} - -.control-group.warning input:focus, -.control-group.warning select:focus, -.control-group.warning textarea:focus { - border-color: #a47e3c; - -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #dbc59e; - -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #dbc59e; - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #dbc59e; -} - -.control-group.warning .input-prepend .add-on, -.control-group.warning .input-append .add-on { - color: #c09853; - background-color: #fcf8e3; - border-color: #c09853; -} - -.control-group.error .control-label, -.control-group.error .help-block, -.control-group.error .help-inline { - color: #b94a48; -} - -.control-group.error .checkbox, -.control-group.error .radio, -.control-group.error input, -.control-group.error select, -.control-group.error textarea { - color: #b94a48; -} - -.control-group.error input, -.control-group.error select, -.control-group.error textarea { - border-color: #b94a48; - -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); - -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); -} - -.control-group.error input:focus, -.control-group.error select:focus, -.control-group.error textarea:focus { - border-color: #953b39; - -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #d59392; - -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #d59392; - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #d59392; -} - -.control-group.error .input-prepend .add-on, -.control-group.error .input-append .add-on { - color: #b94a48; - background-color: #f2dede; - border-color: #b94a48; -} - -.control-group.success .control-label, -.control-group.success .help-block, -.control-group.success .help-inline { - color: #468847; -} - -.control-group.success .checkbox, -.control-group.success .radio, -.control-group.success input, -.control-group.success select, -.control-group.success textarea { - color: #468847; -} - -.control-group.success input, -.control-group.success select, -.control-group.success textarea { - border-color: #468847; - -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); - -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); -} - -.control-group.success input:focus, -.control-group.success select:focus, -.control-group.success textarea:focus { - border-color: #356635; - -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #7aba7b; - -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #7aba7b; - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #7aba7b; -} - -.control-group.success .input-prepend .add-on, -.control-group.success .input-append .add-on { - color: #468847; - background-color: #dff0d8; - border-color: #468847; -} - -.control-group.info .control-label, -.control-group.info .help-block, -.control-group.info .help-inline { - color: #3a87ad; -} - -.control-group.info .checkbox, -.control-group.info .radio, -.control-group.info input, -.control-group.info select, -.control-group.info textarea { - color: #3a87ad; -} - -.control-group.info input, -.control-group.info select, -.control-group.info textarea { - border-color: #3a87ad; - -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); - -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); -} - -.control-group.info input:focus, -.control-group.info select:focus, -.control-group.info textarea:focus { - border-color: #2d6987; - -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #7ab5d3; - -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #7ab5d3; - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #7ab5d3; -} - -.control-group.info .input-prepend .add-on, -.control-group.info .input-append .add-on { - color: #3a87ad; - background-color: #d9edf7; - border-color: #3a87ad; -} - -input:focus:invalid, -textarea:focus:invalid, -select:focus:invalid { - color: #b94a48; - border-color: #ee5f5b; -} - -input:focus:invalid:focus, -textarea:focus:invalid:focus, -select:focus:invalid:focus { - border-color: #e9322d; - -webkit-box-shadow: 0 0 6px #f8b9b7; - -moz-box-shadow: 0 0 6px #f8b9b7; - box-shadow: 0 0 6px #f8b9b7; -} - -.form-actions { - padding: 19px 20px 20px; - margin-top: 20px; - margin-bottom: 20px; - background-color: #f5f5f5; - border-top: 1px solid #e5e5e5; - *zoom: 1; -} - -.form-actions:before, -.form-actions:after { - display: table; - line-height: 0; - content: ""; -} - -.form-actions:after { - clear: both; -} - -.help-block, -.help-inline { - color: #595959; -} - -.help-block { - display: block; - margin-bottom: 10px; -} - -.help-inline { - display: inline-block; - *display: inline; - padding-left: 5px; - vertical-align: middle; - *zoom: 1; -} - -.input-append, -.input-prepend { - display: inline-block; - margin-bottom: 10px; - font-size: 0; - white-space: nowrap; - vertical-align: middle; -} - -.input-append input, -.input-prepend input, -.input-append select, -.input-prepend select, -.input-append .uneditable-input, -.input-prepend .uneditable-input, -.input-append .dropdown-menu, -.input-prepend .dropdown-menu, -.input-append .popover, -.input-prepend .popover { - font-size: 14px; -} - -.input-append input, -.input-prepend input, -.input-append select, -.input-prepend select, -.input-append .uneditable-input, -.input-prepend .uneditable-input { - position: relative; - margin-bottom: 0; - *margin-left: 0; - vertical-align: top; - -webkit-border-radius: 0 4px 4px 0; - -moz-border-radius: 0 4px 4px 0; - border-radius: 0 4px 4px 0; -} - -.input-append input:focus, -.input-prepend input:focus, -.input-append select:focus, -.input-prepend select:focus, -.input-append .uneditable-input:focus, -.input-prepend .uneditable-input:focus { - z-index: 2; -} - -.input-append .add-on, -.input-prepend .add-on { - display: inline-block; - width: auto; - height: 20px; - min-width: 16px; - padding: 4px 5px; - font-size: 14px; - font-weight: normal; - line-height: 20px; - text-align: center; - text-shadow: 0 1px 0 #ffffff; - background-color: #eeeeee; - border: 1px solid #ccc; -} - -.input-append .add-on, -.input-prepend .add-on, -.input-append .btn, -.input-prepend .btn, -.input-append .btn-group > .dropdown-toggle, -.input-prepend .btn-group > .dropdown-toggle { - vertical-align: top; - -webkit-border-radius: 0; - -moz-border-radius: 0; - border-radius: 0; -} - -.input-append .active, -.input-prepend .active { - background-color: #a9dba9; - border-color: #46a546; -} - -.input-prepend .add-on, -.input-prepend .btn { - margin-right: -1px; -} - -.input-prepend .add-on:first-child, -.input-prepend .btn:first-child { - -webkit-border-radius: 4px 0 0 4px; - -moz-border-radius: 4px 0 0 4px; - border-radius: 4px 0 0 4px; -} - -.input-append input, -.input-append select, -.input-append .uneditable-input { - -webkit-border-radius: 4px 0 0 4px; - -moz-border-radius: 4px 0 0 4px; - border-radius: 4px 0 0 4px; -} - -.input-append input + .btn-group .btn:last-child, -.input-append select + .btn-group .btn:last-child, -.input-append .uneditable-input + .btn-group .btn:last-child { - -webkit-border-radius: 0 4px 4px 0; - -moz-border-radius: 0 4px 4px 0; - border-radius: 0 4px 4px 0; -} - -.input-append .add-on, -.input-append .btn, -.input-append .btn-group { - margin-left: -1px; -} - -.input-append .add-on:last-child, -.input-append .btn:last-child, -.input-append .btn-group:last-child > .dropdown-toggle { - -webkit-border-radius: 0 4px 4px 0; - -moz-border-radius: 0 4px 4px 0; - border-radius: 0 4px 4px 0; -} - -.input-prepend.input-append input, -.input-prepend.input-append select, -.input-prepend.input-append .uneditable-input { - -webkit-border-radius: 0; - -moz-border-radius: 0; - border-radius: 0; -} - -.input-prepend.input-append input + .btn-group .btn, -.input-prepend.input-append select + .btn-group .btn, -.input-prepend.input-append .uneditable-input + .btn-group .btn { - -webkit-border-radius: 0 4px 4px 0; - -moz-border-radius: 0 4px 4px 0; - border-radius: 0 4px 4px 0; -} - -.input-prepend.input-append .add-on:first-child, -.input-prepend.input-append .btn:first-child { - margin-right: -1px; - -webkit-border-radius: 4px 0 0 4px; - -moz-border-radius: 4px 0 0 4px; - border-radius: 4px 0 0 4px; -} - -.input-prepend.input-append .add-on:last-child, -.input-prepend.input-append .btn:last-child { - margin-left: -1px; - -webkit-border-radius: 0 4px 4px 0; - -moz-border-radius: 0 4px 4px 0; - border-radius: 0 4px 4px 0; -} - -.input-prepend.input-append .btn-group:first-child { - margin-left: 0; -} - -input.search-query { - padding-right: 14px; - padding-right: 4px \9; - padding-left: 14px; - padding-left: 4px \9; - /* IE7-8 doesn't have border-radius, so don't indent the padding */ - - margin-bottom: 0; - -webkit-border-radius: 15px; - -moz-border-radius: 15px; - border-radius: 15px; -} - -/* Allow for input prepend/append in search forms */ - -.form-search .input-append .search-query, -.form-search .input-prepend .search-query { - -webkit-border-radius: 0; - -moz-border-radius: 0; - border-radius: 0; -} - -.form-search .input-append .search-query { - -webkit-border-radius: 14px 0 0 14px; - -moz-border-radius: 14px 0 0 14px; - border-radius: 14px 0 0 14px; -} - -.form-search .input-append .btn { - -webkit-border-radius: 0 14px 14px 0; - -moz-border-radius: 0 14px 14px 0; - border-radius: 0 14px 14px 0; -} - -.form-search .input-prepend .search-query { - -webkit-border-radius: 0 14px 14px 0; - -moz-border-radius: 0 14px 14px 0; - border-radius: 0 14px 14px 0; -} - -.form-search .input-prepend .btn { - -webkit-border-radius: 14px 0 0 14px; - -moz-border-radius: 14px 0 0 14px; - border-radius: 14px 0 0 14px; -} - -.form-search input, -.form-inline input, -.form-horizontal input, -.form-search textarea, -.form-inline textarea, -.form-horizontal textarea, -.form-search select, -.form-inline select, -.form-horizontal select, -.form-search .help-inline, -.form-inline .help-inline, -.form-horizontal .help-inline, -.form-search .uneditable-input, -.form-inline .uneditable-input, -.form-horizontal .uneditable-input, -.form-search .input-prepend, -.form-inline .input-prepend, -.form-horizontal .input-prepend, -.form-search .input-append, -.form-inline .input-append, -.form-horizontal .input-append { - display: inline-block; - *display: inline; - margin-bottom: 0; - vertical-align: middle; - *zoom: 1; -} - -.form-search .hide, -.form-inline .hide, -.form-horizontal .hide { - display: none; -} - -.form-search label, -.form-inline label, -.form-search .btn-group, -.form-inline .btn-group { - display: inline-block; -} - -.form-search .input-append, -.form-inline .input-append, -.form-search .input-prepend, -.form-inline .input-prepend { - margin-bottom: 0; -} - -.form-search .radio, -.form-search .checkbox, -.form-inline .radio, -.form-inline .checkbox { - padding-left: 0; - margin-bottom: 0; - vertical-align: middle; -} - -.form-search .radio input[type="radio"], -.form-search .checkbox input[type="checkbox"], -.form-inline .radio input[type="radio"], -.form-inline .checkbox input[type="checkbox"] { - float: left; - margin-right: 3px; - margin-left: 0; -} - -.control-group { - margin-bottom: 10px; -} - -legend + .control-group { - margin-top: 20px; - -webkit-margin-top-collapse: separate; -} - -.form-horizontal .control-group { - margin-bottom: 20px; - *zoom: 1; -} - -.form-horizontal .control-group:before, -.form-horizontal .control-group:after { - display: table; - line-height: 0; - content: ""; -} - -.form-horizontal .control-group:after { - clear: both; -} - -.form-horizontal .control-label { - float: left; - width: 160px; - padding-top: 5px; - text-align: right; -} - -.form-horizontal .controls { - *display: inline-block; - *padding-left: 20px; - margin-left: 180px; - *margin-left: 0; -} - -.form-horizontal .controls:first-child { - *padding-left: 180px; -} - -.form-horizontal .help-block { - margin-bottom: 0; -} - -.form-horizontal input + .help-block, -.form-horizontal select + .help-block, -.form-horizontal textarea + .help-block, -.form-horizontal .uneditable-input + .help-block, -.form-horizontal .input-prepend + .help-block, -.form-horizontal .input-append + .help-block { - margin-top: 10px; -} - -.form-horizontal .form-actions { - padding-left: 180px; -} - -table { - max-width: 100%; - background-color: transparent; - border-collapse: collapse; - border-spacing: 0; -} - -.table { - width: 100%; - margin-bottom: 20px; -} - -.table th, -.table td { - padding: 8px; - line-height: 20px; - text-align: left; - vertical-align: top; - border-top: 1px solid #dddddd; -} - -.table th { - font-weight: bold; -} - -.table thead th { - vertical-align: bottom; -} - -.table caption + thead tr:first-child th, -.table caption + thead tr:first-child td, -.table colgroup + thead tr:first-child th, -.table colgroup + thead tr:first-child td, -.table thead:first-child tr:first-child th, -.table thead:first-child tr:first-child td { - border-top: 0; -} - -.table tbody + tbody { - border-top: 2px solid #dddddd; -} - -.table .table { - background-color: #ffffff; -} - -.table-condensed th, -.table-condensed td { - padding: 4px 5px; -} - -.table-bordered { - border: 1px solid #dddddd; - border-collapse: separate; - *border-collapse: collapse; - border-left: 0; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; -} - -.table-bordered th, -.table-bordered td { - border-left: 1px solid #dddddd; -} - -.table-bordered caption + thead tr:first-child th, -.table-bordered caption + tbody tr:first-child th, -.table-bordered caption + tbody tr:first-child td, -.table-bordered colgroup + thead tr:first-child th, -.table-bordered colgroup + tbody tr:first-child th, -.table-bordered colgroup + tbody tr:first-child td, -.table-bordered thead:first-child tr:first-child th, -.table-bordered tbody:first-child tr:first-child th, -.table-bordered tbody:first-child tr:first-child td { - border-top: 0; -} - -.table-bordered thead:first-child tr:first-child > th:first-child, -.table-bordered tbody:first-child tr:first-child > td:first-child, -.table-bordered tbody:first-child tr:first-child > th:first-child { - -webkit-border-top-left-radius: 4px; - border-top-left-radius: 4px; - -moz-border-radius-topleft: 4px; -} - -.table-bordered thead:first-child tr:first-child > th:last-child, -.table-bordered tbody:first-child tr:first-child > td:last-child, -.table-bordered tbody:first-child tr:first-child > th:last-child { - -webkit-border-top-right-radius: 4px; - border-top-right-radius: 4px; - -moz-border-radius-topright: 4px; -} - -.table-bordered thead:last-child tr:last-child > th:first-child, -.table-bordered tbody:last-child tr:last-child > td:first-child, -.table-bordered tbody:last-child tr:last-child > th:first-child, -.table-bordered tfoot:last-child tr:last-child > td:first-child, -.table-bordered tfoot:last-child tr:last-child > th:first-child { - -webkit-border-bottom-left-radius: 4px; - border-bottom-left-radius: 4px; - -moz-border-radius-bottomleft: 4px; -} - -.table-bordered thead:last-child tr:last-child > th:last-child, -.table-bordered tbody:last-child tr:last-child > td:last-child, -.table-bordered tbody:last-child tr:last-child > th:last-child, -.table-bordered tfoot:last-child tr:last-child > td:last-child, -.table-bordered tfoot:last-child tr:last-child > th:last-child { - -webkit-border-bottom-right-radius: 4px; - border-bottom-right-radius: 4px; - -moz-border-radius-bottomright: 4px; -} - -.table-bordered tfoot + tbody:last-child tr:last-child td:first-child { - -webkit-border-bottom-left-radius: 0; - border-bottom-left-radius: 0; - -moz-border-radius-bottomleft: 0; -} - -.table-bordered tfoot + tbody:last-child tr:last-child td:last-child { - -webkit-border-bottom-right-radius: 0; - border-bottom-right-radius: 0; - -moz-border-radius-bottomright: 0; -} - -.table-bordered caption + thead tr:first-child th:first-child, -.table-bordered caption + tbody tr:first-child td:first-child, -.table-bordered colgroup + thead tr:first-child th:first-child, -.table-bordered colgroup + tbody tr:first-child td:first-child { - -webkit-border-top-left-radius: 4px; - border-top-left-radius: 4px; - -moz-border-radius-topleft: 4px; -} - -.table-bordered caption + thead tr:first-child th:last-child, -.table-bordered caption + tbody tr:first-child td:last-child, -.table-bordered colgroup + thead tr:first-child th:last-child, -.table-bordered colgroup + tbody tr:first-child td:last-child { - -webkit-border-top-right-radius: 4px; - border-top-right-radius: 4px; - -moz-border-radius-topright: 4px; -} - -.table-striped tbody > tr:nth-child(odd) > td, -.table-striped tbody > tr:nth-child(odd) > th { - background-color: #f9f9f9; -} - -.table-hover tbody tr:hover > td, -.table-hover tbody tr:hover > th { - background-color: #f5f5f5; -} - -table td[class*="span"], -table th[class*="span"], -.row-fluid table td[class*="span"], -.row-fluid table th[class*="span"] { - display: table-cell; - float: none; - margin-left: 0; -} - -.table td.span1, -.table th.span1 { - float: none; - width: 44px; - margin-left: 0; -} - -.table td.span2, -.table th.span2 { - float: none; - width: 124px; - margin-left: 0; -} - -.table td.span3, -.table th.span3 { - float: none; - width: 204px; - margin-left: 0; -} - -.table td.span4, -.table th.span4 { - float: none; - width: 284px; - margin-left: 0; -} - -.table td.span5, -.table th.span5 { - float: none; - width: 364px; - margin-left: 0; -} - -.table td.span6, -.table th.span6 { - float: none; - width: 444px; - margin-left: 0; -} - -.table td.span7, -.table th.span7 { - float: none; - width: 524px; - margin-left: 0; -} - -.table td.span8, -.table th.span8 { - float: none; - width: 604px; - margin-left: 0; -} - -.table td.span9, -.table th.span9 { - float: none; - width: 684px; - margin-left: 0; -} - -.table td.span10, -.table th.span10 { - float: none; - width: 764px; - margin-left: 0; -} - -.table td.span11, -.table th.span11 { - float: none; - width: 844px; - margin-left: 0; -} - -.table td.span12, -.table th.span12 { - float: none; - width: 924px; - margin-left: 0; -} - -.table tbody tr.success > td { - background-color: #dff0d8; -} - -.table tbody tr.error > td { - background-color: #f2dede; -} - -.table tbody tr.warning > td { - background-color: #fcf8e3; -} - -.table tbody tr.info > td { - background-color: #d9edf7; -} - -.table-hover tbody tr.success:hover > td { - background-color: #d0e9c6; -} - -.table-hover tbody tr.error:hover > td { - background-color: #ebcccc; -} - -.table-hover tbody tr.warning:hover > td { - background-color: #faf2cc; -} - -.table-hover tbody tr.info:hover > td { - background-color: #c4e3f3; -} - -[class^="icon-"], -[class*=" icon-"] { - display: inline-block; - width: 14px; - height: 14px; - margin-top: 1px; - *margin-right: .3em; - line-height: 14px; - vertical-align: text-top; - background-image: url("../img/glyphicons-halflings.png"); - background-position: 14px 14px; - background-repeat: no-repeat; -} - -/* White icons with optional class, or on hover/focus/active states of certain elements */ - -.icon-white, -.nav-pills > .active > a > [class^="icon-"], -.nav-pills > .active > a > [class*=" icon-"], -.nav-list > .active > a > [class^="icon-"], -.nav-list > .active > a > [class*=" icon-"], -.navbar-inverse .nav > .active > a > [class^="icon-"], -.navbar-inverse .nav > .active > a > [class*=" icon-"], -.dropdown-menu > li > a:hover > [class^="icon-"], -.dropdown-menu > li > a:focus > [class^="icon-"], -.dropdown-menu > li > a:hover > [class*=" icon-"], -.dropdown-menu > li > a:focus > [class*=" icon-"], -.dropdown-menu > .active > a > [class^="icon-"], -.dropdown-menu > .active > a > [class*=" icon-"], -.dropdown-submenu:hover > a > [class^="icon-"], -.dropdown-submenu:focus > a > [class^="icon-"], -.dropdown-submenu:hover > a > [class*=" icon-"], -.dropdown-submenu:focus > a > [class*=" icon-"] { - background-image: url("../img/glyphicons-halflings-white.png"); -} - -.icon-glass { - background-position: 0 0; -} - -.icon-music { - background-position: -24px 0; -} - -.icon-search { - background-position: -48px 0; -} - -.icon-envelope { - background-position: -72px 0; -} - -.icon-heart { - background-position: -96px 0; -} - -.icon-star { - background-position: -120px 0; -} - -.icon-star-empty { - background-position: -144px 0; -} - -.icon-user { - background-position: -168px 0; -} - -.icon-film { - background-position: -192px 0; -} - -.icon-th-large { - background-position: -216px 0; -} - -.icon-th { - background-position: -240px 0; -} - -.icon-th-list { - background-position: -264px 0; -} - -.icon-ok { - background-position: -288px 0; -} - -.icon-remove { - background-position: -312px 0; -} - -.icon-zoom-in { - background-position: -336px 0; -} - -.icon-zoom-out { - background-position: -360px 0; -} - -.icon-off { - background-position: -384px 0; -} - -.icon-signal { - background-position: -408px 0; -} - -.icon-cog { - background-position: -432px 0; -} - -.icon-trash { - background-position: -456px 0; -} - -.icon-home { - background-position: 0 -24px; -} - -.icon-file { - background-position: -24px -24px; -} - -.icon-time { - background-position: -48px -24px; -} - -.icon-road { - background-position: -72px -24px; -} - -.icon-download-alt { - background-position: -96px -24px; -} - -.icon-download { - background-position: -120px -24px; -} - -.icon-upload { - background-position: -144px -24px; -} - -.icon-inbox { - background-position: -168px -24px; -} - -.icon-play-circle { - background-position: -192px -24px; -} - -.icon-repeat { - background-position: -216px -24px; -} - -.icon-refresh { - background-position: -240px -24px; -} - -.icon-list-alt { - background-position: -264px -24px; -} - -.icon-lock { - background-position: -287px -24px; -} - -.icon-flag { - background-position: -312px -24px; -} - -.icon-headphones { - background-position: -336px -24px; -} - -.icon-volume-off { - background-position: -360px -24px; -} - -.icon-volume-down { - background-position: -384px -24px; -} - -.icon-volume-up { - background-position: -408px -24px; -} - -.icon-qrcode { - background-position: -432px -24px; -} - -.icon-barcode { - background-position: -456px -24px; -} - -.icon-tag { - background-position: 0 -48px; -} - -.icon-tags { - background-position: -25px -48px; -} - -.icon-book { - background-position: -48px -48px; -} - -.icon-bookmark { - background-position: -72px -48px; -} - -.icon-print { - background-position: -96px -48px; -} - -.icon-camera { - background-position: -120px -48px; -} - -.icon-font { - background-position: -144px -48px; -} - -.icon-bold { - background-position: -167px -48px; -} - -.icon-italic { - background-position: -192px -48px; -} - -.icon-text-height { - background-position: -216px -48px; -} - -.icon-text-width { - background-position: -240px -48px; -} - -.icon-align-left { - background-position: -264px -48px; -} - -.icon-align-center { - background-position: -288px -48px; -} - -.icon-align-right { - background-position: -312px -48px; -} - -.icon-align-justify { - background-position: -336px -48px; -} - -.icon-list { - background-position: -360px -48px; -} - -.icon-indent-left { - background-position: -384px -48px; -} - -.icon-indent-right { - background-position: -408px -48px; -} - -.icon-facetime-video { - background-position: -432px -48px; -} - -.icon-picture { - background-position: -456px -48px; -} - -.icon-pencil { - background-position: 0 -72px; -} - -.icon-map-marker { - background-position: -24px -72px; -} - -.icon-adjust { - background-position: -48px -72px; -} - -.icon-tint { - background-position: -72px -72px; -} - -.icon-edit { - background-position: -96px -72px; -} - -.icon-share { - background-position: -120px -72px; -} - -.icon-check { - background-position: -144px -72px; -} - -.icon-move { - background-position: -168px -72px; -} - -.icon-step-backward { - background-position: -192px -72px; -} - -.icon-fast-backward { - background-position: -216px -72px; -} - -.icon-backward { - background-position: -240px -72px; -} - -.icon-play { - background-position: -264px -72px; -} - -.icon-pause { - background-position: -288px -72px; -} - -.icon-stop { - background-position: -312px -72px; -} - -.icon-forward { - background-position: -336px -72px; -} - -.icon-fast-forward { - background-position: -360px -72px; -} - -.icon-step-forward { - background-position: -384px -72px; -} - -.icon-eject { - background-position: -408px -72px; -} - -.icon-chevron-left { - background-position: -432px -72px; -} - -.icon-chevron-right { - background-position: -456px -72px; -} - -.icon-plus-sign { - background-position: 0 -96px; -} - -.icon-minus-sign { - background-position: -24px -96px; -} - -.icon-remove-sign { - background-position: -48px -96px; -} - -.icon-ok-sign { - background-position: -72px -96px; -} - -.icon-question-sign { - background-position: -96px -96px; -} - -.icon-info-sign { - background-position: -120px -96px; -} - -.icon-screenshot { - background-position: -144px -96px; -} - -.icon-remove-circle { - background-position: -168px -96px; -} - -.icon-ok-circle { - background-position: -192px -96px; -} - -.icon-ban-circle { - background-position: -216px -96px; -} - -.icon-arrow-left { - background-position: -240px -96px; -} - -.icon-arrow-right { - background-position: -264px -96px; -} - -.icon-arrow-up { - background-position: -289px -96px; -} - -.icon-arrow-down { - background-position: -312px -96px; -} - -.icon-share-alt { - background-position: -336px -96px; -} - -.icon-resize-full { - background-position: -360px -96px; -} - -.icon-resize-small { - background-position: -384px -96px; -} - -.icon-plus { - background-position: -408px -96px; -} - -.icon-minus { - background-position: -433px -96px; -} - -.icon-asterisk { - background-position: -456px -96px; -} - -.icon-exclamation-sign { - background-position: 0 -120px; -} - -.icon-gift { - background-position: -24px -120px; -} - -.icon-leaf { - background-position: -48px -120px; -} - -.icon-fire { - background-position: -72px -120px; -} - -.icon-eye-open { - background-position: -96px -120px; -} - -.icon-eye-close { - background-position: -120px -120px; -} - -.icon-warning-sign { - background-position: -144px -120px; -} - -.icon-plane { - background-position: -168px -120px; -} - -.icon-calendar { - background-position: -192px -120px; -} - -.icon-random { - width: 16px; - background-position: -216px -120px; -} - -.icon-comment { - background-position: -240px -120px; -} - -.icon-magnet { - background-position: -264px -120px; -} - -.icon-chevron-up { - background-position: -288px -120px; -} - -.icon-chevron-down { - background-position: -313px -119px; -} - -.icon-retweet { - background-position: -336px -120px; -} - -.icon-shopping-cart { - background-position: -360px -120px; -} - -.icon-folder-close { - width: 16px; - background-position: -384px -120px; -} - -.icon-folder-open { - width: 16px; - background-position: -408px -120px; -} - -.icon-resize-vertical { - background-position: -432px -119px; -} - -.icon-resize-horizontal { - background-position: -456px -118px; -} - -.icon-hdd { - background-position: 0 -144px; -} - -.icon-bullhorn { - background-position: -24px -144px; -} - -.icon-bell { - background-position: -48px -144px; -} - -.icon-certificate { - background-position: -72px -144px; -} - -.icon-thumbs-up { - background-position: -96px -144px; -} - -.icon-thumbs-down { - background-position: -120px -144px; -} - -.icon-hand-right { - background-position: -144px -144px; -} - -.icon-hand-left { - background-position: -168px -144px; -} - -.icon-hand-up { - background-position: -192px -144px; -} - -.icon-hand-down { - background-position: -216px -144px; -} - -.icon-circle-arrow-right { - background-position: -240px -144px; -} - -.icon-circle-arrow-left { - background-position: -264px -144px; -} - -.icon-circle-arrow-up { - background-position: -288px -144px; -} - -.icon-circle-arrow-down { - background-position: -312px -144px; -} - -.icon-globe { - background-position: -336px -144px; -} - -.icon-wrench { - background-position: -360px -144px; -} - -.icon-tasks { - background-position: -384px -144px; -} - -.icon-filter { - background-position: -408px -144px; -} - -.icon-briefcase { - background-position: -432px -144px; -} - -.icon-fullscreen { - background-position: -456px -144px; -} - -.dropup, -.dropdown { - position: relative; -} - -.dropdown-toggle { - *margin-bottom: -3px; -} - -.dropdown-toggle:active, -.open .dropdown-toggle { - outline: 0; -} - -.caret { - display: inline-block; - width: 0; - height: 0; - vertical-align: top; - border-top: 4px solid #000000; - border-right: 4px solid transparent; - border-left: 4px solid transparent; - content: ""; -} - -.dropdown .caret { - margin-top: 8px; - margin-left: 2px; -} - -.dropdown-menu { - position: absolute; - top: 100%; - left: 0; - z-index: 1000; - display: none; - float: left; - min-width: 160px; - padding: 5px 0; - margin: 2px 0 0; - list-style: none; - background-color: #ffffff; - border: 1px solid #ccc; - border: 1px solid rgba(0, 0, 0, 0.2); - *border-right-width: 2px; - *border-bottom-width: 2px; - -webkit-border-radius: 6px; - -moz-border-radius: 6px; - border-radius: 6px; - -webkit-box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); - -moz-box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); - box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); - -webkit-background-clip: padding-box; - -moz-background-clip: padding; - background-clip: padding-box; -} - -.dropdown-menu.pull-right { - right: 0; - left: auto; -} - -.dropdown-menu .divider { - *width: 100%; - height: 1px; - margin: 9px 1px; - *margin: -5px 0 5px; - overflow: hidden; - background-color: #e5e5e5; - border-bottom: 1px solid #ffffff; -} - -.dropdown-menu > li > a { - display: block; - padding: 3px 20px; - clear: both; - font-weight: normal; - line-height: 20px; - color: #333333; - white-space: nowrap; -} - -.dropdown-menu > li > a:hover, -.dropdown-menu > li > a:focus, -.dropdown-submenu:hover > a, -.dropdown-submenu:focus > a { - color: #ffffff; - text-decoration: none; - background-color: #0081c2; - background-image: -moz-linear-gradient(top, #0088cc, #0077b3); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#0088cc), to(#0077b3)); - background-image: -webkit-linear-gradient(top, #0088cc, #0077b3); - background-image: -o-linear-gradient(top, #0088cc, #0077b3); - background-image: linear-gradient(to bottom, #0088cc, #0077b3); - background-repeat: repeat-x; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0088cc', endColorstr='#ff0077b3', GradientType=0); -} - -.dropdown-menu > .active > a, -.dropdown-menu > .active > a:hover, -.dropdown-menu > .active > a:focus { - color: #ffffff; - text-decoration: none; - background-color: #0081c2; - background-image: -moz-linear-gradient(top, #0088cc, #0077b3); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#0088cc), to(#0077b3)); - background-image: -webkit-linear-gradient(top, #0088cc, #0077b3); - background-image: -o-linear-gradient(top, #0088cc, #0077b3); - background-image: linear-gradient(to bottom, #0088cc, #0077b3); - background-repeat: repeat-x; - outline: 0; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0088cc', endColorstr='#ff0077b3', GradientType=0); -} - -.dropdown-menu > .disabled > a, -.dropdown-menu > .disabled > a:hover, -.dropdown-menu > .disabled > a:focus { - color: #999999; -} - -.dropdown-menu > .disabled > a:hover, -.dropdown-menu > .disabled > a:focus { - text-decoration: none; - cursor: default; - background-color: transparent; - background-image: none; - filter: progid:DXImageTransform.Microsoft.gradient(enabled=false); -} - -.open { - *z-index: 1000; -} - -.open > .dropdown-menu { - display: block; -} - -.pull-right > .dropdown-menu { - right: 0; - left: auto; -} - -.dropup .caret, -.navbar-fixed-bottom .dropdown .caret { - border-top: 0; - border-bottom: 4px solid #000000; - content: ""; -} - -.dropup .dropdown-menu, -.navbar-fixed-bottom .dropdown .dropdown-menu { - top: auto; - bottom: 100%; - margin-bottom: 1px; -} - -.dropdown-submenu { - position: relative; -} - -.dropdown-submenu > .dropdown-menu { - top: 0; - left: 100%; - margin-top: -6px; - margin-left: -1px; - -webkit-border-radius: 0 6px 6px 6px; - -moz-border-radius: 0 6px 6px 6px; - border-radius: 0 6px 6px 6px; -} - -.dropdown-submenu:hover > .dropdown-menu { - display: block; -} - -.dropup .dropdown-submenu > .dropdown-menu { - top: auto; - bottom: 0; - margin-top: 0; - margin-bottom: -2px; - -webkit-border-radius: 5px 5px 5px 0; - -moz-border-radius: 5px 5px 5px 0; - border-radius: 5px 5px 5px 0; -} - -.dropdown-submenu > a:after { - display: block; - float: right; - width: 0; - height: 0; - margin-top: 5px; - margin-right: -10px; - border-color: transparent; - border-left-color: #cccccc; - border-style: solid; - border-width: 5px 0 5px 5px; - content: " "; -} - -.dropdown-submenu:hover > a:after { - border-left-color: #ffffff; -} - -.dropdown-submenu.pull-left { - float: none; -} - -.dropdown-submenu.pull-left > .dropdown-menu { - left: -100%; - margin-left: 10px; - -webkit-border-radius: 6px 0 6px 6px; - -moz-border-radius: 6px 0 6px 6px; - border-radius: 6px 0 6px 6px; -} - -.dropdown .dropdown-menu .nav-header { - padding-right: 20px; - padding-left: 20px; -} - -.typeahead { - z-index: 1051; - margin-top: 2px; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; -} - -.well { - min-height: 20px; - padding: 19px; - margin-bottom: 20px; - background-color: #f5f5f5; - border: 1px solid #e3e3e3; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; - -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.05); - -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.05); - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.05); -} - -.well blockquote { - border-color: #ddd; - border-color: rgba(0, 0, 0, 0.15); -} - -.well-large { - padding: 24px; - -webkit-border-radius: 6px; - -moz-border-radius: 6px; - border-radius: 6px; -} - -.well-small { - padding: 9px; - -webkit-border-radius: 3px; - -moz-border-radius: 3px; - border-radius: 3px; -} - -.fade { - opacity: 0; - -webkit-transition: opacity 0.15s linear; - -moz-transition: opacity 0.15s linear; - -o-transition: opacity 0.15s linear; - transition: opacity 0.15s linear; -} - -.fade.in { - opacity: 1; -} - -.collapse { - position: relative; - height: 0; - overflow: hidden; - -webkit-transition: height 0.35s ease; - -moz-transition: height 0.35s ease; - -o-transition: height 0.35s ease; - transition: height 0.35s ease; -} - -.collapse.in { - height: auto; -} - -.close { - float: right; - font-size: 20px; - font-weight: bold; - line-height: 20px; - color: #000000; - text-shadow: 0 1px 0 #ffffff; - opacity: 0.2; - filter: alpha(opacity=20); -} - -.close:hover, -.close:focus { - color: #000000; - text-decoration: none; - cursor: pointer; - opacity: 0.4; - filter: alpha(opacity=40); -} - -button.close { - padding: 0; - cursor: pointer; - background: transparent; - border: 0; - -webkit-appearance: none; -} - -.btn { - display: inline-block; - *display: inline; - padding: 4px 12px; - margin-bottom: 0; - *margin-left: .3em; - font-size: 14px; - line-height: 20px; - color: #333333; - text-align: center; - text-shadow: 0 1px 1px rgba(255, 255, 255, 0.75); - vertical-align: middle; - cursor: pointer; - background-color: #f5f5f5; - *background-color: #e6e6e6; - background-image: -moz-linear-gradient(top, #ffffff, #e6e6e6); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#ffffff), to(#e6e6e6)); - background-image: -webkit-linear-gradient(top, #ffffff, #e6e6e6); - background-image: -o-linear-gradient(top, #ffffff, #e6e6e6); - background-image: linear-gradient(to bottom, #ffffff, #e6e6e6); - background-repeat: repeat-x; - border: 1px solid #cccccc; - *border: 0; - border-color: #e6e6e6 #e6e6e6 #bfbfbf; - border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); - border-bottom-color: #b3b3b3; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#ffe6e6e6', GradientType=0); - filter: progid:DXImageTransform.Microsoft.gradient(enabled=false); - *zoom: 1; - -webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05); - -moz-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05); - box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05); -} - -.btn:hover, -.btn:focus, -.btn:active, -.btn.active, -.btn.disabled, -.btn[disabled] { - color: #333333; - background-color: #e6e6e6; - *background-color: #d9d9d9; -} - -.btn:active, -.btn.active { - background-color: #cccccc \9; -} - -.btn:first-child { - *margin-left: 0; -} - -.btn:hover, -.btn:focus { - color: #333333; - text-decoration: none; - background-position: 0 -15px; - -webkit-transition: background-position 0.1s linear; - -moz-transition: background-position 0.1s linear; - -o-transition: background-position 0.1s linear; - transition: background-position 0.1s linear; -} - -.btn:focus { - outline: thin dotted #333; - outline: 5px auto -webkit-focus-ring-color; - outline-offset: -2px; -} - -.btn.active, -.btn:active { - background-image: none; - outline: 0; - -webkit-box-shadow: inset 0 2px 4px rgba(0, 0, 0, 0.15), 0 1px 2px rgba(0, 0, 0, 0.05); - -moz-box-shadow: inset 0 2px 4px rgba(0, 0, 0, 0.15), 0 1px 2px rgba(0, 0, 0, 0.05); - box-shadow: inset 0 2px 4px rgba(0, 0, 0, 0.15), 0 1px 2px rgba(0, 0, 0, 0.05); -} - -.btn.disabled, -.btn[disabled] { - cursor: default; - background-image: none; - opacity: 0.65; - filter: alpha(opacity=65); - -webkit-box-shadow: none; - -moz-box-shadow: none; - box-shadow: none; -} - -.btn-large { - padding: 11px 19px; - font-size: 17.5px; - -webkit-border-radius: 6px; - -moz-border-radius: 6px; - border-radius: 6px; -} - -.btn-large [class^="icon-"], -.btn-large [class*=" icon-"] { - margin-top: 4px; -} - -.btn-small { - padding: 2px 10px; - font-size: 11.9px; - -webkit-border-radius: 3px; - -moz-border-radius: 3px; - border-radius: 3px; -} - -.btn-small [class^="icon-"], -.btn-small [class*=" icon-"] { - margin-top: 0; -} - -.btn-mini [class^="icon-"], -.btn-mini [class*=" icon-"] { - margin-top: -1px; -} - -.btn-mini { - padding: 0 6px; - font-size: 10.5px; - -webkit-border-radius: 3px; - -moz-border-radius: 3px; - border-radius: 3px; -} - -.btn-block { - display: block; - width: 100%; - padding-right: 0; - padding-left: 0; - -webkit-box-sizing: border-box; - -moz-box-sizing: border-box; - box-sizing: border-box; -} - -.btn-block + .btn-block { - margin-top: 5px; -} - -input[type="submit"].btn-block, -input[type="reset"].btn-block, -input[type="button"].btn-block { - width: 100%; -} - -.btn-primary.active, -.btn-warning.active, -.btn-danger.active, -.btn-success.active, -.btn-info.active, -.btn-inverse.active { - color: rgba(255, 255, 255, 0.75); -} - -.btn-primary { - color: #ffffff; - text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); - background-color: #006dcc; - *background-color: #0044cc; - background-image: -moz-linear-gradient(top, #0088cc, #0044cc); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#0088cc), to(#0044cc)); - background-image: -webkit-linear-gradient(top, #0088cc, #0044cc); - background-image: -o-linear-gradient(top, #0088cc, #0044cc); - background-image: linear-gradient(to bottom, #0088cc, #0044cc); - background-repeat: repeat-x; - border-color: #0044cc #0044cc #002a80; - border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0088cc', endColorstr='#ff0044cc', GradientType=0); - filter: progid:DXImageTransform.Microsoft.gradient(enabled=false); -} - -.btn-primary:hover, -.btn-primary:focus, -.btn-primary:active, -.btn-primary.active, -.btn-primary.disabled, -.btn-primary[disabled] { - color: #ffffff; - background-color: #0044cc; - *background-color: #003bb3; -} - -.btn-primary:active, -.btn-primary.active { - background-color: #003399 \9; -} - -.btn-warning { - color: #ffffff; - text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); - background-color: #faa732; - *background-color: #f89406; - background-image: -moz-linear-gradient(top, #fbb450, #f89406); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#fbb450), to(#f89406)); - background-image: -webkit-linear-gradient(top, #fbb450, #f89406); - background-image: -o-linear-gradient(top, #fbb450, #f89406); - background-image: linear-gradient(to bottom, #fbb450, #f89406); - background-repeat: repeat-x; - border-color: #f89406 #f89406 #ad6704; - border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffbb450', endColorstr='#fff89406', GradientType=0); - filter: progid:DXImageTransform.Microsoft.gradient(enabled=false); -} - -.btn-warning:hover, -.btn-warning:focus, -.btn-warning:active, -.btn-warning.active, -.btn-warning.disabled, -.btn-warning[disabled] { - color: #ffffff; - background-color: #f89406; - *background-color: #df8505; -} - -.btn-warning:active, -.btn-warning.active { - background-color: #c67605 \9; -} - -.btn-danger { - color: #ffffff; - text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); - background-color: #da4f49; - *background-color: #bd362f; - background-image: -moz-linear-gradient(top, #ee5f5b, #bd362f); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#ee5f5b), to(#bd362f)); - background-image: -webkit-linear-gradient(top, #ee5f5b, #bd362f); - background-image: -o-linear-gradient(top, #ee5f5b, #bd362f); - background-image: linear-gradient(to bottom, #ee5f5b, #bd362f); - background-repeat: repeat-x; - border-color: #bd362f #bd362f #802420; - border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffee5f5b', endColorstr='#ffbd362f', GradientType=0); - filter: progid:DXImageTransform.Microsoft.gradient(enabled=false); -} - -.btn-danger:hover, -.btn-danger:focus, -.btn-danger:active, -.btn-danger.active, -.btn-danger.disabled, -.btn-danger[disabled] { - color: #ffffff; - background-color: #bd362f; - *background-color: #a9302a; -} - -.btn-danger:active, -.btn-danger.active { - background-color: #942a25 \9; -} - -.btn-success { - color: #ffffff; - text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); - background-color: #5bb75b; - *background-color: #51a351; - background-image: -moz-linear-gradient(top, #62c462, #51a351); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#62c462), to(#51a351)); - background-image: -webkit-linear-gradient(top, #62c462, #51a351); - background-image: -o-linear-gradient(top, #62c462, #51a351); - background-image: linear-gradient(to bottom, #62c462, #51a351); - background-repeat: repeat-x; - border-color: #51a351 #51a351 #387038; - border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff62c462', endColorstr='#ff51a351', GradientType=0); - filter: progid:DXImageTransform.Microsoft.gradient(enabled=false); -} - -.btn-success:hover, -.btn-success:focus, -.btn-success:active, -.btn-success.active, -.btn-success.disabled, -.btn-success[disabled] { - color: #ffffff; - background-color: #51a351; - *background-color: #499249; -} - -.btn-success:active, -.btn-success.active { - background-color: #408140 \9; -} - -.btn-info { - color: #ffffff; - text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); - background-color: #49afcd; - *background-color: #2f96b4; - background-image: -moz-linear-gradient(top, #5bc0de, #2f96b4); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#5bc0de), to(#2f96b4)); - background-image: -webkit-linear-gradient(top, #5bc0de, #2f96b4); - background-image: -o-linear-gradient(top, #5bc0de, #2f96b4); - background-image: linear-gradient(to bottom, #5bc0de, #2f96b4); - background-repeat: repeat-x; - border-color: #2f96b4 #2f96b4 #1f6377; - border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff2f96b4', GradientType=0); - filter: progid:DXImageTransform.Microsoft.gradient(enabled=false); -} - -.btn-info:hover, -.btn-info:focus, -.btn-info:active, -.btn-info.active, -.btn-info.disabled, -.btn-info[disabled] { - color: #ffffff; - background-color: #2f96b4; - *background-color: #2a85a0; -} - -.btn-info:active, -.btn-info.active { - background-color: #24748c \9; -} - -.btn-inverse { - color: #ffffff; - text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); - background-color: #363636; - *background-color: #222222; - background-image: -moz-linear-gradient(top, #444444, #222222); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#444444), to(#222222)); - background-image: -webkit-linear-gradient(top, #444444, #222222); - background-image: -o-linear-gradient(top, #444444, #222222); - background-image: linear-gradient(to bottom, #444444, #222222); - background-repeat: repeat-x; - border-color: #222222 #222222 #000000; - border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff444444', endColorstr='#ff222222', GradientType=0); - filter: progid:DXImageTransform.Microsoft.gradient(enabled=false); -} - -.btn-inverse:hover, -.btn-inverse:focus, -.btn-inverse:active, -.btn-inverse.active, -.btn-inverse.disabled, -.btn-inverse[disabled] { - color: #ffffff; - background-color: #222222; - *background-color: #151515; -} - -.btn-inverse:active, -.btn-inverse.active { - background-color: #080808 \9; -} - -button.btn, -input[type="submit"].btn { - *padding-top: 3px; - *padding-bottom: 3px; -} - -button.btn::-moz-focus-inner, -input[type="submit"].btn::-moz-focus-inner { - padding: 0; - border: 0; -} - -button.btn.btn-large, -input[type="submit"].btn.btn-large { - *padding-top: 7px; - *padding-bottom: 7px; -} - -button.btn.btn-small, -input[type="submit"].btn.btn-small { - *padding-top: 3px; - *padding-bottom: 3px; -} - -button.btn.btn-mini, -input[type="submit"].btn.btn-mini { - *padding-top: 1px; - *padding-bottom: 1px; -} - -.btn-link, -.btn-link:active, -.btn-link[disabled] { - background-color: transparent; - background-image: none; - -webkit-box-shadow: none; - -moz-box-shadow: none; - box-shadow: none; -} - -.btn-link { - color: #0088cc; - cursor: pointer; - border-color: transparent; - -webkit-border-radius: 0; - -moz-border-radius: 0; - border-radius: 0; -} - -.btn-link:hover, -.btn-link:focus { - color: #005580; - text-decoration: underline; - background-color: transparent; -} - -.btn-link[disabled]:hover, -.btn-link[disabled]:focus { - color: #333333; - text-decoration: none; -} - -.btn-group { - position: relative; - display: inline-block; - *display: inline; - *margin-left: .3em; - font-size: 0; - white-space: nowrap; - vertical-align: middle; - *zoom: 1; -} - -.btn-group:first-child { - *margin-left: 0; -} - -.btn-group + .btn-group { - margin-left: 5px; -} - -.btn-toolbar { - margin-top: 10px; - margin-bottom: 10px; - font-size: 0; -} - -.btn-toolbar > .btn + .btn, -.btn-toolbar > .btn-group + .btn, -.btn-toolbar > .btn + .btn-group { - margin-left: 5px; -} - -.btn-group > .btn { - position: relative; - -webkit-border-radius: 0; - -moz-border-radius: 0; - border-radius: 0; -} - -.btn-group > .btn + .btn { - margin-left: -1px; -} - -.btn-group > .btn, -.btn-group > .dropdown-menu, -.btn-group > .popover { - font-size: 14px; -} - -.btn-group > .btn-mini { - font-size: 10.5px; -} - -.btn-group > .btn-small { - font-size: 11.9px; -} - -.btn-group > .btn-large { - font-size: 17.5px; -} - -.btn-group > .btn:first-child { - margin-left: 0; - -webkit-border-bottom-left-radius: 4px; - border-bottom-left-radius: 4px; - -webkit-border-top-left-radius: 4px; - border-top-left-radius: 4px; - -moz-border-radius-bottomleft: 4px; - -moz-border-radius-topleft: 4px; -} - -.btn-group > .btn:last-child, -.btn-group > .dropdown-toggle { - -webkit-border-top-right-radius: 4px; - border-top-right-radius: 4px; - -webkit-border-bottom-right-radius: 4px; - border-bottom-right-radius: 4px; - -moz-border-radius-topright: 4px; - -moz-border-radius-bottomright: 4px; -} - -.btn-group > .btn.large:first-child { - margin-left: 0; - -webkit-border-bottom-left-radius: 6px; - border-bottom-left-radius: 6px; - -webkit-border-top-left-radius: 6px; - border-top-left-radius: 6px; - -moz-border-radius-bottomleft: 6px; - -moz-border-radius-topleft: 6px; -} - -.btn-group > .btn.large:last-child, -.btn-group > .large.dropdown-toggle { - -webkit-border-top-right-radius: 6px; - border-top-right-radius: 6px; - -webkit-border-bottom-right-radius: 6px; - border-bottom-right-radius: 6px; - -moz-border-radius-topright: 6px; - -moz-border-radius-bottomright: 6px; -} - -.btn-group > .btn:hover, -.btn-group > .btn:focus, -.btn-group > .btn:active, -.btn-group > .btn.active { - z-index: 2; -} - -.btn-group .dropdown-toggle:active, -.btn-group.open .dropdown-toggle { - outline: 0; -} - -.btn-group > .btn + .dropdown-toggle { - *padding-top: 5px; - padding-right: 8px; - *padding-bottom: 5px; - padding-left: 8px; - -webkit-box-shadow: inset 1px 0 0 rgba(255, 255, 255, 0.125), inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05); - -moz-box-shadow: inset 1px 0 0 rgba(255, 255, 255, 0.125), inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05); - box-shadow: inset 1px 0 0 rgba(255, 255, 255, 0.125), inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05); -} - -.btn-group > .btn-mini + .dropdown-toggle { - *padding-top: 2px; - padding-right: 5px; - *padding-bottom: 2px; - padding-left: 5px; -} - -.btn-group > .btn-small + .dropdown-toggle { - *padding-top: 5px; - *padding-bottom: 4px; -} - -.btn-group > .btn-large + .dropdown-toggle { - *padding-top: 7px; - padding-right: 12px; - *padding-bottom: 7px; - padding-left: 12px; -} - -.btn-group.open .dropdown-toggle { - background-image: none; - -webkit-box-shadow: inset 0 2px 4px rgba(0, 0, 0, 0.15), 0 1px 2px rgba(0, 0, 0, 0.05); - -moz-box-shadow: inset 0 2px 4px rgba(0, 0, 0, 0.15), 0 1px 2px rgba(0, 0, 0, 0.05); - box-shadow: inset 0 2px 4px rgba(0, 0, 0, 0.15), 0 1px 2px rgba(0, 0, 0, 0.05); -} - -.btn-group.open .btn.dropdown-toggle { - background-color: #e6e6e6; -} - -.btn-group.open .btn-primary.dropdown-toggle { - background-color: #0044cc; -} - -.btn-group.open .btn-warning.dropdown-toggle { - background-color: #f89406; -} - -.btn-group.open .btn-danger.dropdown-toggle { - background-color: #bd362f; -} - -.btn-group.open .btn-success.dropdown-toggle { - background-color: #51a351; -} - -.btn-group.open .btn-info.dropdown-toggle { - background-color: #2f96b4; -} - -.btn-group.open .btn-inverse.dropdown-toggle { - background-color: #222222; -} - -.btn .caret { - margin-top: 8px; - margin-left: 0; -} - -.btn-large .caret { - margin-top: 6px; -} - -.btn-large .caret { - border-top-width: 5px; - border-right-width: 5px; - border-left-width: 5px; -} - -.btn-mini .caret, -.btn-small .caret { - margin-top: 8px; -} - -.dropup .btn-large .caret { - border-bottom-width: 5px; -} - -.btn-primary .caret, -.btn-warning .caret, -.btn-danger .caret, -.btn-info .caret, -.btn-success .caret, -.btn-inverse .caret { - border-top-color: #ffffff; - border-bottom-color: #ffffff; -} - -.btn-group-vertical { - display: inline-block; - *display: inline; - /* IE7 inline-block hack */ - - *zoom: 1; -} - -.btn-group-vertical > .btn { - display: block; - float: none; - max-width: 100%; - -webkit-border-radius: 0; - -moz-border-radius: 0; - border-radius: 0; -} - -.btn-group-vertical > .btn + .btn { - margin-top: -1px; - margin-left: 0; -} - -.btn-group-vertical > .btn:first-child { - -webkit-border-radius: 4px 4px 0 0; - -moz-border-radius: 4px 4px 0 0; - border-radius: 4px 4px 0 0; -} - -.btn-group-vertical > .btn:last-child { - -webkit-border-radius: 0 0 4px 4px; - -moz-border-radius: 0 0 4px 4px; - border-radius: 0 0 4px 4px; -} - -.btn-group-vertical > .btn-large:first-child { - -webkit-border-radius: 6px 6px 0 0; - -moz-border-radius: 6px 6px 0 0; - border-radius: 6px 6px 0 0; -} - -.btn-group-vertical > .btn-large:last-child { - -webkit-border-radius: 0 0 6px 6px; - -moz-border-radius: 0 0 6px 6px; - border-radius: 0 0 6px 6px; -} - -.alert { - padding: 8px 35px 8px 14px; - margin-bottom: 20px; - text-shadow: 0 1px 0 rgba(255, 255, 255, 0.5); - background-color: #fcf8e3; - border: 1px solid #fbeed5; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; -} - -.alert, -.alert h4 { - color: #c09853; -} - -.alert h4 { - margin: 0; -} - -.alert .close { - position: relative; - top: -2px; - right: -21px; - line-height: 20px; -} - -.alert-success { - color: #468847; - background-color: #dff0d8; - border-color: #d6e9c6; -} - -.alert-success h4 { - color: #468847; -} - -.alert-danger, -.alert-error { - color: #b94a48; - background-color: #f2dede; - border-color: #eed3d7; -} - -.alert-danger h4, -.alert-error h4 { - color: #b94a48; -} - -.alert-info { - color: #3a87ad; - background-color: #d9edf7; - border-color: #bce8f1; -} - -.alert-info h4 { - color: #3a87ad; -} - -.alert-block { - padding-top: 14px; - padding-bottom: 14px; -} - -.alert-block > p, -.alert-block > ul { - margin-bottom: 0; -} - -.alert-block p + p { - margin-top: 5px; -} - -.nav { - margin-bottom: 20px; - margin-left: 0; - list-style: none; -} - -.nav > li > a { - display: block; -} - -.nav > li > a:hover, -.nav > li > a:focus { - text-decoration: none; - background-color: #eeeeee; -} - -.nav > li > a > img { - max-width: none; -} - -.nav > .pull-right { - float: right; -} - -.nav-header { - display: block; - padding: 3px 15px; - font-size: 11px; - font-weight: bold; - line-height: 20px; - color: #999999; - text-shadow: 0 1px 0 rgba(255, 255, 255, 0.5); - text-transform: uppercase; -} - -.nav li + .nav-header { - margin-top: 9px; -} - -.nav-list { - padding-right: 15px; - padding-left: 15px; - margin-bottom: 0; -} - -.nav-list > li > a, -.nav-list .nav-header { - margin-right: -15px; - margin-left: -15px; - text-shadow: 0 1px 0 rgba(255, 255, 255, 0.5); -} - -.nav-list > li > a { - padding: 3px 15px; -} - -.nav-list > .active > a, -.nav-list > .active > a:hover, -.nav-list > .active > a:focus { - color: #ffffff; - text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.2); - background-color: #0088cc; -} - -.nav-list [class^="icon-"], -.nav-list [class*=" icon-"] { - margin-right: 2px; -} - -.nav-list .divider { - *width: 100%; - height: 1px; - margin: 9px 1px; - *margin: -5px 0 5px; - overflow: hidden; - background-color: #e5e5e5; - border-bottom: 1px solid #ffffff; -} - -.nav-tabs, -.nav-pills { - *zoom: 1; -} - -.nav-tabs:before, -.nav-pills:before, -.nav-tabs:after, -.nav-pills:after { - display: table; - line-height: 0; - content: ""; -} - -.nav-tabs:after, -.nav-pills:after { - clear: both; -} - -.nav-tabs > li, -.nav-pills > li { - float: left; -} - -.nav-tabs > li > a, -.nav-pills > li > a { - padding-right: 12px; - padding-left: 12px; - margin-right: 2px; - line-height: 14px; -} - -.nav-tabs { - border-bottom: 1px solid #ddd; -} - -.nav-tabs > li { - margin-bottom: -1px; -} - -.nav-tabs > li > a { - padding-top: 8px; - padding-bottom: 8px; - line-height: 20px; - border: 1px solid transparent; - -webkit-border-radius: 4px 4px 0 0; - -moz-border-radius: 4px 4px 0 0; - border-radius: 4px 4px 0 0; -} - -.nav-tabs > li > a:hover, -.nav-tabs > li > a:focus { - border-color: #eeeeee #eeeeee #dddddd; -} - -.nav-tabs > .active > a, -.nav-tabs > .active > a:hover, -.nav-tabs > .active > a:focus { - color: #555555; - cursor: default; - background-color: #ffffff; - border: 1px solid #ddd; - border-bottom-color: transparent; -} - -.nav-pills > li > a { - padding-top: 8px; - padding-bottom: 8px; - margin-top: 2px; - margin-bottom: 2px; - -webkit-border-radius: 5px; - -moz-border-radius: 5px; - border-radius: 5px; -} - -.nav-pills > .active > a, -.nav-pills > .active > a:hover, -.nav-pills > .active > a:focus { - color: #ffffff; - background-color: #0088cc; -} - -.nav-stacked > li { - float: none; -} - -.nav-stacked > li > a { - margin-right: 0; -} - -.nav-tabs.nav-stacked { - border-bottom: 0; -} - -.nav-tabs.nav-stacked > li > a { - border: 1px solid #ddd; - -webkit-border-radius: 0; - -moz-border-radius: 0; - border-radius: 0; -} - -.nav-tabs.nav-stacked > li:first-child > a { - -webkit-border-top-right-radius: 4px; - border-top-right-radius: 4px; - -webkit-border-top-left-radius: 4px; - border-top-left-radius: 4px; - -moz-border-radius-topright: 4px; - -moz-border-radius-topleft: 4px; -} - -.nav-tabs.nav-stacked > li:last-child > a { - -webkit-border-bottom-right-radius: 4px; - border-bottom-right-radius: 4px; - -webkit-border-bottom-left-radius: 4px; - border-bottom-left-radius: 4px; - -moz-border-radius-bottomright: 4px; - -moz-border-radius-bottomleft: 4px; -} - -.nav-tabs.nav-stacked > li > a:hover, -.nav-tabs.nav-stacked > li > a:focus { - z-index: 2; - border-color: #ddd; -} - -.nav-pills.nav-stacked > li > a { - margin-bottom: 3px; -} - -.nav-pills.nav-stacked > li:last-child > a { - margin-bottom: 1px; -} - -.nav-tabs .dropdown-menu { - -webkit-border-radius: 0 0 6px 6px; - -moz-border-radius: 0 0 6px 6px; - border-radius: 0 0 6px 6px; -} - -.nav-pills .dropdown-menu { - -webkit-border-radius: 6px; - -moz-border-radius: 6px; - border-radius: 6px; -} - -.nav .dropdown-toggle .caret { - margin-top: 6px; - border-top-color: #0088cc; - border-bottom-color: #0088cc; -} - -.nav .dropdown-toggle:hover .caret, -.nav .dropdown-toggle:focus .caret { - border-top-color: #005580; - border-bottom-color: #005580; -} - -/* move down carets for tabs */ - -.nav-tabs .dropdown-toggle .caret { - margin-top: 8px; -} - -.nav .active .dropdown-toggle .caret { - border-top-color: #fff; - border-bottom-color: #fff; -} - -.nav-tabs .active .dropdown-toggle .caret { - border-top-color: #555555; - border-bottom-color: #555555; -} - -.nav > .dropdown.active > a:hover, -.nav > .dropdown.active > a:focus { - cursor: pointer; -} - -.nav-tabs .open .dropdown-toggle, -.nav-pills .open .dropdown-toggle, -.nav > li.dropdown.open.active > a:hover, -.nav > li.dropdown.open.active > a:focus { - color: #ffffff; - background-color: #999999; - border-color: #999999; -} - -.nav li.dropdown.open .caret, -.nav li.dropdown.open.active .caret, -.nav li.dropdown.open a:hover .caret, -.nav li.dropdown.open a:focus .caret { - border-top-color: #ffffff; - border-bottom-color: #ffffff; - opacity: 1; - filter: alpha(opacity=100); -} - -.tabs-stacked .open > a:hover, -.tabs-stacked .open > a:focus { - border-color: #999999; -} - -.tabbable { - *zoom: 1; -} - -.tabbable:before, -.tabbable:after { - display: table; - line-height: 0; - content: ""; -} - -.tabbable:after { - clear: both; -} - -.tab-content { - overflow: auto; -} - -.tabs-below > .nav-tabs, -.tabs-right > .nav-tabs, -.tabs-left > .nav-tabs { - border-bottom: 0; -} - -.tab-content > .tab-pane, -.pill-content > .pill-pane { - display: none; -} - -.tab-content > .active, -.pill-content > .active { - display: block; -} - -.tabs-below > .nav-tabs { - border-top: 1px solid #ddd; -} - -.tabs-below > .nav-tabs > li { - margin-top: -1px; - margin-bottom: 0; -} - -.tabs-below > .nav-tabs > li > a { - -webkit-border-radius: 0 0 4px 4px; - -moz-border-radius: 0 0 4px 4px; - border-radius: 0 0 4px 4px; -} - -.tabs-below > .nav-tabs > li > a:hover, -.tabs-below > .nav-tabs > li > a:focus { - border-top-color: #ddd; - border-bottom-color: transparent; -} - -.tabs-below > .nav-tabs > .active > a, -.tabs-below > .nav-tabs > .active > a:hover, -.tabs-below > .nav-tabs > .active > a:focus { - border-color: transparent #ddd #ddd #ddd; -} - -.tabs-left > .nav-tabs > li, -.tabs-right > .nav-tabs > li { - float: none; -} - -.tabs-left > .nav-tabs > li > a, -.tabs-right > .nav-tabs > li > a { - min-width: 74px; - margin-right: 0; - margin-bottom: 3px; -} - -.tabs-left > .nav-tabs { - float: left; - margin-right: 19px; - border-right: 1px solid #ddd; -} - -.tabs-left > .nav-tabs > li > a { - margin-right: -1px; - -webkit-border-radius: 4px 0 0 4px; - -moz-border-radius: 4px 0 0 4px; - border-radius: 4px 0 0 4px; -} - -.tabs-left > .nav-tabs > li > a:hover, -.tabs-left > .nav-tabs > li > a:focus { - border-color: #eeeeee #dddddd #eeeeee #eeeeee; -} - -.tabs-left > .nav-tabs .active > a, -.tabs-left > .nav-tabs .active > a:hover, -.tabs-left > .nav-tabs .active > a:focus { - border-color: #ddd transparent #ddd #ddd; - *border-right-color: #ffffff; -} - -.tabs-right > .nav-tabs { - float: right; - margin-left: 19px; - border-left: 1px solid #ddd; -} - -.tabs-right > .nav-tabs > li > a { - margin-left: -1px; - -webkit-border-radius: 0 4px 4px 0; - -moz-border-radius: 0 4px 4px 0; - border-radius: 0 4px 4px 0; -} - -.tabs-right > .nav-tabs > li > a:hover, -.tabs-right > .nav-tabs > li > a:focus { - border-color: #eeeeee #eeeeee #eeeeee #dddddd; -} - -.tabs-right > .nav-tabs .active > a, -.tabs-right > .nav-tabs .active > a:hover, -.tabs-right > .nav-tabs .active > a:focus { - border-color: #ddd #ddd #ddd transparent; - *border-left-color: #ffffff; -} - -.nav > .disabled > a { - color: #999999; -} - -.nav > .disabled > a:hover, -.nav > .disabled > a:focus { - text-decoration: none; - cursor: default; - background-color: transparent; -} - -.navbar { - *position: relative; - *z-index: 2; - margin-bottom: 20px; - overflow: visible; -} - -.navbar-inner { - min-height: 40px; - padding-right: 20px; - padding-left: 20px; - background-color: #fafafa; - background-image: -moz-linear-gradient(top, #ffffff, #f2f2f2); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#ffffff), to(#f2f2f2)); - background-image: -webkit-linear-gradient(top, #ffffff, #f2f2f2); - background-image: -o-linear-gradient(top, #ffffff, #f2f2f2); - background-image: linear-gradient(to bottom, #ffffff, #f2f2f2); - background-repeat: repeat-x; - border: 1px solid #d4d4d4; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#fff2f2f2', GradientType=0); - *zoom: 1; - -webkit-box-shadow: 0 1px 4px rgba(0, 0, 0, 0.065); - -moz-box-shadow: 0 1px 4px rgba(0, 0, 0, 0.065); - box-shadow: 0 1px 4px rgba(0, 0, 0, 0.065); -} - -.navbar-inner:before, -.navbar-inner:after { - display: table; - line-height: 0; - content: ""; -} - -.navbar-inner:after { - clear: both; -} - -.navbar .container { - width: auto; -} - -.nav-collapse.collapse { - height: auto; - overflow: visible; -} - -.navbar .brand { - display: block; - float: left; - padding: 10px 20px 10px; - margin-left: -20px; - font-size: 20px; - font-weight: 200; - color: #777777; - text-shadow: 0 1px 0 #ffffff; -} - -.navbar .brand:hover, -.navbar .brand:focus { - text-decoration: none; -} - -.navbar-text { - margin-bottom: 0; - line-height: 40px; - color: #777777; -} - -.navbar-link { - color: #777777; -} - -.navbar-link:hover, -.navbar-link:focus { - color: #333333; -} - -.navbar .divider-vertical { - height: 40px; - margin: 0 9px; - border-right: 1px solid #ffffff; - border-left: 1px solid #f2f2f2; -} - -.navbar .btn, -.navbar .btn-group { - margin-top: 5px; -} - -.navbar .btn-group .btn, -.navbar .input-prepend .btn, -.navbar .input-append .btn, -.navbar .input-prepend .btn-group, -.navbar .input-append .btn-group { - margin-top: 0; -} - -.navbar-form { - margin-bottom: 0; - *zoom: 1; -} - -.navbar-form:before, -.navbar-form:after { - display: table; - line-height: 0; - content: ""; -} - -.navbar-form:after { - clear: both; -} - -.navbar-form input, -.navbar-form select, -.navbar-form .radio, -.navbar-form .checkbox { - margin-top: 5px; -} - -.navbar-form input, -.navbar-form select, -.navbar-form .btn { - display: inline-block; - margin-bottom: 0; -} - -.navbar-form input[type="image"], -.navbar-form input[type="checkbox"], -.navbar-form input[type="radio"] { - margin-top: 3px; -} - -.navbar-form .input-append, -.navbar-form .input-prepend { - margin-top: 5px; - white-space: nowrap; -} - -.navbar-form .input-append input, -.navbar-form .input-prepend input { - margin-top: 0; -} - -.navbar-search { - position: relative; - float: left; - margin-top: 5px; - margin-bottom: 0; -} - -.navbar-search .search-query { - padding: 4px 14px; - margin-bottom: 0; - font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; - font-size: 13px; - font-weight: normal; - line-height: 1; - -webkit-border-radius: 15px; - -moz-border-radius: 15px; - border-radius: 15px; -} - -.navbar-static-top { - position: static; - margin-bottom: 0; -} - -.navbar-static-top .navbar-inner { - -webkit-border-radius: 0; - -moz-border-radius: 0; - border-radius: 0; -} - -.navbar-fixed-top, -.navbar-fixed-bottom { - position: fixed; - right: 0; - left: 0; - z-index: 1030; - margin-bottom: 0; -} - -.navbar-fixed-top .navbar-inner, -.navbar-static-top .navbar-inner { - border-width: 0 0 1px; -} - -.navbar-fixed-bottom .navbar-inner { - border-width: 1px 0 0; -} - -.navbar-fixed-top .navbar-inner, -.navbar-fixed-bottom .navbar-inner { - padding-right: 0; - padding-left: 0; - -webkit-border-radius: 0; - -moz-border-radius: 0; - border-radius: 0; -} - -.navbar-static-top .container, -.navbar-fixed-top .container, -.navbar-fixed-bottom .container { - width: 940px; -} - -.navbar-fixed-top { - top: 0; -} - -.navbar-fixed-top .navbar-inner, -.navbar-static-top .navbar-inner { - -webkit-box-shadow: 0 1px 10px rgba(0, 0, 0, 0.1); - -moz-box-shadow: 0 1px 10px rgba(0, 0, 0, 0.1); - box-shadow: 0 1px 10px rgba(0, 0, 0, 0.1); -} - -.navbar-fixed-bottom { - bottom: 0; -} - -.navbar-fixed-bottom .navbar-inner { - -webkit-box-shadow: 0 -1px 10px rgba(0, 0, 0, 0.1); - -moz-box-shadow: 0 -1px 10px rgba(0, 0, 0, 0.1); - box-shadow: 0 -1px 10px rgba(0, 0, 0, 0.1); -} - -.navbar .nav { - position: relative; - left: 0; - display: block; - float: left; - margin: 0 10px 0 0; -} - -.navbar .nav.pull-right { - float: right; - margin-right: 0; -} - -.navbar .nav > li { - float: left; -} - -.navbar .nav > li > a { - float: none; - padding: 10px 15px 10px; - color: #777777; - text-decoration: none; - text-shadow: 0 1px 0 #ffffff; -} - -.navbar .nav .dropdown-toggle .caret { - margin-top: 8px; -} - -.navbar .nav > li > a:focus, -.navbar .nav > li > a:hover { - color: #333333; - text-decoration: none; - background-color: transparent; -} - -.navbar .nav > .active > a, -.navbar .nav > .active > a:hover, -.navbar .nav > .active > a:focus { - color: #555555; - text-decoration: none; - background-color: #e5e5e5; - -webkit-box-shadow: inset 0 3px 8px rgba(0, 0, 0, 0.125); - -moz-box-shadow: inset 0 3px 8px rgba(0, 0, 0, 0.125); - box-shadow: inset 0 3px 8px rgba(0, 0, 0, 0.125); -} - -.navbar .btn-navbar { - display: none; - float: right; - padding: 7px 10px; - margin-right: 5px; - margin-left: 5px; - color: #ffffff; - text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); - background-color: #ededed; - *background-color: #e5e5e5; - background-image: -moz-linear-gradient(top, #f2f2f2, #e5e5e5); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#f2f2f2), to(#e5e5e5)); - background-image: -webkit-linear-gradient(top, #f2f2f2, #e5e5e5); - background-image: -o-linear-gradient(top, #f2f2f2, #e5e5e5); - background-image: linear-gradient(to bottom, #f2f2f2, #e5e5e5); - background-repeat: repeat-x; - border-color: #e5e5e5 #e5e5e5 #bfbfbf; - border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2f2f2', endColorstr='#ffe5e5e5', GradientType=0); - filter: progid:DXImageTransform.Microsoft.gradient(enabled=false); - -webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.1), 0 1px 0 rgba(255, 255, 255, 0.075); - -moz-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.1), 0 1px 0 rgba(255, 255, 255, 0.075); - box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.1), 0 1px 0 rgba(255, 255, 255, 0.075); -} - -.navbar .btn-navbar:hover, -.navbar .btn-navbar:focus, -.navbar .btn-navbar:active, -.navbar .btn-navbar.active, -.navbar .btn-navbar.disabled, -.navbar .btn-navbar[disabled] { - color: #ffffff; - background-color: #e5e5e5; - *background-color: #d9d9d9; -} - -.navbar .btn-navbar:active, -.navbar .btn-navbar.active { - background-color: #cccccc \9; -} - -.navbar .btn-navbar .icon-bar { - display: block; - width: 18px; - height: 2px; - background-color: #f5f5f5; - -webkit-border-radius: 1px; - -moz-border-radius: 1px; - border-radius: 1px; - -webkit-box-shadow: 0 1px 0 rgba(0, 0, 0, 0.25); - -moz-box-shadow: 0 1px 0 rgba(0, 0, 0, 0.25); - box-shadow: 0 1px 0 rgba(0, 0, 0, 0.25); -} - -.btn-navbar .icon-bar + .icon-bar { - margin-top: 3px; -} - -.navbar .nav > li > .dropdown-menu:before { - position: absolute; - top: -7px; - left: 9px; - display: inline-block; - border-right: 7px solid transparent; - border-bottom: 7px solid #ccc; - border-left: 7px solid transparent; - border-bottom-color: rgba(0, 0, 0, 0.2); - content: ''; -} - -.navbar .nav > li > .dropdown-menu:after { - position: absolute; - top: -6px; - left: 10px; - display: inline-block; - border-right: 6px solid transparent; - border-bottom: 6px solid #ffffff; - border-left: 6px solid transparent; - content: ''; -} - -.navbar-fixed-bottom .nav > li > .dropdown-menu:before { - top: auto; - bottom: -7px; - border-top: 7px solid #ccc; - border-bottom: 0; - border-top-color: rgba(0, 0, 0, 0.2); -} - -.navbar-fixed-bottom .nav > li > .dropdown-menu:after { - top: auto; - bottom: -6px; - border-top: 6px solid #ffffff; - border-bottom: 0; -} - -.navbar .nav li.dropdown > a:hover .caret, -.navbar .nav li.dropdown > a:focus .caret { - border-top-color: #333333; - border-bottom-color: #333333; -} - -.navbar .nav li.dropdown.open > .dropdown-toggle, -.navbar .nav li.dropdown.active > .dropdown-toggle, -.navbar .nav li.dropdown.open.active > .dropdown-toggle { - color: #555555; - background-color: #e5e5e5; -} - -.navbar .nav li.dropdown > .dropdown-toggle .caret { - border-top-color: #777777; - border-bottom-color: #777777; -} - -.navbar .nav li.dropdown.open > .dropdown-toggle .caret, -.navbar .nav li.dropdown.active > .dropdown-toggle .caret, -.navbar .nav li.dropdown.open.active > .dropdown-toggle .caret { - border-top-color: #555555; - border-bottom-color: #555555; -} - -.navbar .pull-right > li > .dropdown-menu, -.navbar .nav > li > .dropdown-menu.pull-right { - right: 0; - left: auto; -} - -.navbar .pull-right > li > .dropdown-menu:before, -.navbar .nav > li > .dropdown-menu.pull-right:before { - right: 12px; - left: auto; -} - -.navbar .pull-right > li > .dropdown-menu:after, -.navbar .nav > li > .dropdown-menu.pull-right:after { - right: 13px; - left: auto; -} - -.navbar .pull-right > li > .dropdown-menu .dropdown-menu, -.navbar .nav > li > .dropdown-menu.pull-right .dropdown-menu { - right: 100%; - left: auto; - margin-right: -1px; - margin-left: 0; - -webkit-border-radius: 6px 0 6px 6px; - -moz-border-radius: 6px 0 6px 6px; - border-radius: 6px 0 6px 6px; -} - -.navbar-inverse .navbar-inner { - background-color: #1b1b1b; - background-image: -moz-linear-gradient(top, #222222, #111111); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#222222), to(#111111)); - background-image: -webkit-linear-gradient(top, #222222, #111111); - background-image: -o-linear-gradient(top, #222222, #111111); - background-image: linear-gradient(to bottom, #222222, #111111); - background-repeat: repeat-x; - border-color: #252525; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff222222', endColorstr='#ff111111', GradientType=0); -} - -.navbar-inverse .brand, -.navbar-inverse .nav > li > a { - color: #999999; - text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); -} - -.navbar-inverse .brand:hover, -.navbar-inverse .nav > li > a:hover, -.navbar-inverse .brand:focus, -.navbar-inverse .nav > li > a:focus { - color: #ffffff; -} - -.navbar-inverse .brand { - color: #999999; -} - -.navbar-inverse .navbar-text { - color: #999999; -} - -.navbar-inverse .nav > li > a:focus, -.navbar-inverse .nav > li > a:hover { - color: #ffffff; - background-color: transparent; -} - -.navbar-inverse .nav .active > a, -.navbar-inverse .nav .active > a:hover, -.navbar-inverse .nav .active > a:focus { - color: #ffffff; - background-color: #111111; -} - -.navbar-inverse .navbar-link { - color: #999999; -} - -.navbar-inverse .navbar-link:hover, -.navbar-inverse .navbar-link:focus { - color: #ffffff; -} - -.navbar-inverse .divider-vertical { - border-right-color: #222222; - border-left-color: #111111; -} - -.navbar-inverse .nav li.dropdown.open > .dropdown-toggle, -.navbar-inverse .nav li.dropdown.active > .dropdown-toggle, -.navbar-inverse .nav li.dropdown.open.active > .dropdown-toggle { - color: #ffffff; - background-color: #111111; -} - -.navbar-inverse .nav li.dropdown > a:hover .caret, -.navbar-inverse .nav li.dropdown > a:focus .caret { - border-top-color: #ffffff; - border-bottom-color: #ffffff; -} - -.navbar-inverse .nav li.dropdown > .dropdown-toggle .caret { - border-top-color: #999999; - border-bottom-color: #999999; -} - -.navbar-inverse .nav li.dropdown.open > .dropdown-toggle .caret, -.navbar-inverse .nav li.dropdown.active > .dropdown-toggle .caret, -.navbar-inverse .nav li.dropdown.open.active > .dropdown-toggle .caret { - border-top-color: #ffffff; - border-bottom-color: #ffffff; -} - -.navbar-inverse .navbar-search .search-query { - color: #ffffff; - background-color: #515151; - border-color: #111111; - -webkit-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1), 0 1px 0 rgba(255, 255, 255, 0.15); - -moz-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1), 0 1px 0 rgba(255, 255, 255, 0.15); - box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1), 0 1px 0 rgba(255, 255, 255, 0.15); - -webkit-transition: none; - -moz-transition: none; - -o-transition: none; - transition: none; -} - -.navbar-inverse .navbar-search .search-query:-moz-placeholder { - color: #cccccc; -} - -.navbar-inverse .navbar-search .search-query:-ms-input-placeholder { - color: #cccccc; -} - -.navbar-inverse .navbar-search .search-query::-webkit-input-placeholder { - color: #cccccc; -} - -.navbar-inverse .navbar-search .search-query:focus, -.navbar-inverse .navbar-search .search-query.focused { - padding: 5px 15px; - color: #333333; - text-shadow: 0 1px 0 #ffffff; - background-color: #ffffff; - border: 0; - outline: 0; - -webkit-box-shadow: 0 0 3px rgba(0, 0, 0, 0.15); - -moz-box-shadow: 0 0 3px rgba(0, 0, 0, 0.15); - box-shadow: 0 0 3px rgba(0, 0, 0, 0.15); -} - -.navbar-inverse .btn-navbar { - color: #ffffff; - text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); - background-color: #0e0e0e; - *background-color: #040404; - background-image: -moz-linear-gradient(top, #151515, #040404); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#151515), to(#040404)); - background-image: -webkit-linear-gradient(top, #151515, #040404); - background-image: -o-linear-gradient(top, #151515, #040404); - background-image: linear-gradient(to bottom, #151515, #040404); - background-repeat: repeat-x; - border-color: #040404 #040404 #000000; - border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff151515', endColorstr='#ff040404', GradientType=0); - filter: progid:DXImageTransform.Microsoft.gradient(enabled=false); -} - -.navbar-inverse .btn-navbar:hover, -.navbar-inverse .btn-navbar:focus, -.navbar-inverse .btn-navbar:active, -.navbar-inverse .btn-navbar.active, -.navbar-inverse .btn-navbar.disabled, -.navbar-inverse .btn-navbar[disabled] { - color: #ffffff; - background-color: #040404; - *background-color: #000000; -} - -.navbar-inverse .btn-navbar:active, -.navbar-inverse .btn-navbar.active { - background-color: #000000 \9; -} - -.breadcrumb { - padding: 8px 15px; - margin: 0 0 20px; - list-style: none; - background-color: #f5f5f5; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; -} - -.breadcrumb > li { - display: inline-block; - *display: inline; - text-shadow: 0 1px 0 #ffffff; - *zoom: 1; -} - -.breadcrumb > li > .divider { - padding: 0 5px; - color: #ccc; -} - -.breadcrumb > .active { - color: #999999; -} - -.pagination { - margin: 20px 0; -} - -.pagination ul { - display: inline-block; - *display: inline; - margin-bottom: 0; - margin-left: 0; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; - *zoom: 1; - -webkit-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.05); - -moz-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.05); - box-shadow: 0 1px 2px rgba(0, 0, 0, 0.05); -} - -.pagination ul > li { - display: inline; -} - -.pagination ul > li > a, -.pagination ul > li > span { - float: left; - padding: 4px 12px; - line-height: 20px; - text-decoration: none; - background-color: #ffffff; - border: 1px solid #dddddd; - border-left-width: 0; -} - -.pagination ul > li > a:hover, -.pagination ul > li > a:focus, -.pagination ul > .active > a, -.pagination ul > .active > span { - background-color: #f5f5f5; -} - -.pagination ul > .active > a, -.pagination ul > .active > span { - color: #999999; - cursor: default; -} - -.pagination ul > .disabled > span, -.pagination ul > .disabled > a, -.pagination ul > .disabled > a:hover, -.pagination ul > .disabled > a:focus { - color: #999999; - cursor: default; - background-color: transparent; -} - -.pagination ul > li:first-child > a, -.pagination ul > li:first-child > span { - border-left-width: 1px; - -webkit-border-bottom-left-radius: 4px; - border-bottom-left-radius: 4px; - -webkit-border-top-left-radius: 4px; - border-top-left-radius: 4px; - -moz-border-radius-bottomleft: 4px; - -moz-border-radius-topleft: 4px; -} - -.pagination ul > li:last-child > a, -.pagination ul > li:last-child > span { - -webkit-border-top-right-radius: 4px; - border-top-right-radius: 4px; - -webkit-border-bottom-right-radius: 4px; - border-bottom-right-radius: 4px; - -moz-border-radius-topright: 4px; - -moz-border-radius-bottomright: 4px; -} - -.pagination-centered { - text-align: center; -} - -.pagination-right { - text-align: right; -} - -.pagination-large ul > li > a, -.pagination-large ul > li > span { - padding: 11px 19px; - font-size: 17.5px; -} - -.pagination-large ul > li:first-child > a, -.pagination-large ul > li:first-child > span { - -webkit-border-bottom-left-radius: 6px; - border-bottom-left-radius: 6px; - -webkit-border-top-left-radius: 6px; - border-top-left-radius: 6px; - -moz-border-radius-bottomleft: 6px; - -moz-border-radius-topleft: 6px; -} - -.pagination-large ul > li:last-child > a, -.pagination-large ul > li:last-child > span { - -webkit-border-top-right-radius: 6px; - border-top-right-radius: 6px; - -webkit-border-bottom-right-radius: 6px; - border-bottom-right-radius: 6px; - -moz-border-radius-topright: 6px; - -moz-border-radius-bottomright: 6px; -} - -.pagination-mini ul > li:first-child > a, -.pagination-small ul > li:first-child > a, -.pagination-mini ul > li:first-child > span, -.pagination-small ul > li:first-child > span { - -webkit-border-bottom-left-radius: 3px; - border-bottom-left-radius: 3px; - -webkit-border-top-left-radius: 3px; - border-top-left-radius: 3px; - -moz-border-radius-bottomleft: 3px; - -moz-border-radius-topleft: 3px; -} - -.pagination-mini ul > li:last-child > a, -.pagination-small ul > li:last-child > a, -.pagination-mini ul > li:last-child > span, -.pagination-small ul > li:last-child > span { - -webkit-border-top-right-radius: 3px; - border-top-right-radius: 3px; - -webkit-border-bottom-right-radius: 3px; - border-bottom-right-radius: 3px; - -moz-border-radius-topright: 3px; - -moz-border-radius-bottomright: 3px; -} - -.pagination-small ul > li > a, -.pagination-small ul > li > span { - padding: 2px 10px; - font-size: 11.9px; -} - -.pagination-mini ul > li > a, -.pagination-mini ul > li > span { - padding: 0 6px; - font-size: 10.5px; -} - -.pager { - margin: 20px 0; - text-align: center; - list-style: none; - *zoom: 1; -} - -.pager:before, -.pager:after { - display: table; - line-height: 0; - content: ""; -} - -.pager:after { - clear: both; -} - -.pager li { - display: inline; -} - -.pager li > a, -.pager li > span { - display: inline-block; - padding: 5px 14px; - background-color: #fff; - border: 1px solid #ddd; - -webkit-border-radius: 15px; - -moz-border-radius: 15px; - border-radius: 15px; -} - -.pager li > a:hover, -.pager li > a:focus { - text-decoration: none; - background-color: #f5f5f5; -} - -.pager .next > a, -.pager .next > span { - float: right; -} - -.pager .previous > a, -.pager .previous > span { - float: left; -} - -.pager .disabled > a, -.pager .disabled > a:hover, -.pager .disabled > a:focus, -.pager .disabled > span { - color: #999999; - cursor: default; - background-color: #fff; -} - -.modal-backdrop { - position: fixed; - top: 0; - right: 0; - bottom: 0; - left: 0; - z-index: 1040; - background-color: #000000; -} - -.modal-backdrop.fade { - opacity: 0; -} - -.modal-backdrop, -.modal-backdrop.fade.in { - opacity: 0.8; - filter: alpha(opacity=80); -} - -.modal { - position: fixed; - top: 10%; - left: 50%; - z-index: 1050; - width: 560px; - margin-left: -280px; - background-color: #ffffff; - border: 1px solid #999; - border: 1px solid rgba(0, 0, 0, 0.3); - *border: 1px solid #999; - -webkit-border-radius: 6px; - -moz-border-radius: 6px; - border-radius: 6px; - outline: none; - -webkit-box-shadow: 0 3px 7px rgba(0, 0, 0, 0.3); - -moz-box-shadow: 0 3px 7px rgba(0, 0, 0, 0.3); - box-shadow: 0 3px 7px rgba(0, 0, 0, 0.3); - -webkit-background-clip: padding-box; - -moz-background-clip: padding-box; - background-clip: padding-box; -} - -.modal.fade { - top: -25%; - -webkit-transition: opacity 0.3s linear, top 0.3s ease-out; - -moz-transition: opacity 0.3s linear, top 0.3s ease-out; - -o-transition: opacity 0.3s linear, top 0.3s ease-out; - transition: opacity 0.3s linear, top 0.3s ease-out; -} - -.modal.fade.in { - top: 10%; -} - -.modal-header { - padding: 9px 15px; - border-bottom: 1px solid #eee; -} - -.modal-header .close { - margin-top: 2px; -} - -.modal-header h3 { - margin: 0; - line-height: 30px; -} - -.modal-body { - position: relative; - max-height: 400px; - padding: 15px; - overflow-y: auto; -} - -.modal-form { - margin-bottom: 0; -} - -.modal-footer { - padding: 14px 15px 15px; - margin-bottom: 0; - text-align: right; - background-color: #f5f5f5; - border-top: 1px solid #ddd; - -webkit-border-radius: 0 0 6px 6px; - -moz-border-radius: 0 0 6px 6px; - border-radius: 0 0 6px 6px; - *zoom: 1; - -webkit-box-shadow: inset 0 1px 0 #ffffff; - -moz-box-shadow: inset 0 1px 0 #ffffff; - box-shadow: inset 0 1px 0 #ffffff; -} - -.modal-footer:before, -.modal-footer:after { - display: table; - line-height: 0; - content: ""; -} - -.modal-footer:after { - clear: both; -} - -.modal-footer .btn + .btn { - margin-bottom: 0; - margin-left: 5px; -} - -.modal-footer .btn-group .btn + .btn { - margin-left: -1px; -} - -.modal-footer .btn-block + .btn-block { - margin-left: 0; -} - -.tooltip { - position: absolute; - z-index: 1030; - display: block; - font-size: 11px; - line-height: 1.4; - opacity: 0; - filter: alpha(opacity=0); - visibility: visible; -} - -.tooltip.in { - opacity: 0.8; - filter: alpha(opacity=80); -} - -.tooltip.top { - padding: 5px 0; - margin-top: -3px; -} - -.tooltip.right { - padding: 0 5px; - margin-left: 3px; -} - -.tooltip.bottom { - padding: 5px 0; - margin-top: 3px; -} - -.tooltip.left { - padding: 0 5px; - margin-left: -3px; -} - -.tooltip-inner { - max-width: 200px; - padding: 8px; - color: #ffffff; - text-align: center; - text-decoration: none; - background-color: #000000; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; -} - -.tooltip-arrow { - position: absolute; - width: 0; - height: 0; - border-color: transparent; - border-style: solid; -} - -.tooltip.top .tooltip-arrow { - bottom: 0; - left: 50%; - margin-left: -5px; - border-top-color: #000000; - border-width: 5px 5px 0; -} - -.tooltip.right .tooltip-arrow { - top: 50%; - left: 0; - margin-top: -5px; - border-right-color: #000000; - border-width: 5px 5px 5px 0; -} - -.tooltip.left .tooltip-arrow { - top: 50%; - right: 0; - margin-top: -5px; - border-left-color: #000000; - border-width: 5px 0 5px 5px; -} - -.tooltip.bottom .tooltip-arrow { - top: 0; - left: 50%; - margin-left: -5px; - border-bottom-color: #000000; - border-width: 0 5px 5px; -} - -.popover { - position: absolute; - top: 0; - left: 0; - z-index: 1010; - display: none; - max-width: 276px; - padding: 1px; - text-align: left; - white-space: normal; - background-color: #ffffff; - border: 1px solid #ccc; - border: 1px solid rgba(0, 0, 0, 0.2); - -webkit-border-radius: 6px; - -moz-border-radius: 6px; - border-radius: 6px; - -webkit-box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); - -moz-box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); - box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2); - -webkit-background-clip: padding-box; - -moz-background-clip: padding; - background-clip: padding-box; -} - -.popover.top { - margin-top: -10px; -} - -.popover.right { - margin-left: 10px; -} - -.popover.bottom { - margin-top: 10px; -} - -.popover.left { - margin-left: -10px; -} - -.popover-title { - padding: 8px 14px; - margin: 0; - font-size: 14px; - font-weight: normal; - line-height: 18px; - background-color: #f7f7f7; - border-bottom: 1px solid #ebebeb; - -webkit-border-radius: 5px 5px 0 0; - -moz-border-radius: 5px 5px 0 0; - border-radius: 5px 5px 0 0; -} - -.popover-title:empty { - display: none; -} - -.popover-content { - padding: 9px 14px; -} - -.popover .arrow, -.popover .arrow:after { - position: absolute; - display: block; - width: 0; - height: 0; - border-color: transparent; - border-style: solid; -} - -.popover .arrow { - border-width: 11px; -} - -.popover .arrow:after { - border-width: 10px; - content: ""; -} - -.popover.top .arrow { - bottom: -11px; - left: 50%; - margin-left: -11px; - border-top-color: #999; - border-top-color: rgba(0, 0, 0, 0.25); - border-bottom-width: 0; -} - -.popover.top .arrow:after { - bottom: 1px; - margin-left: -10px; - border-top-color: #ffffff; - border-bottom-width: 0; -} - -.popover.right .arrow { - top: 50%; - left: -11px; - margin-top: -11px; - border-right-color: #999; - border-right-color: rgba(0, 0, 0, 0.25); - border-left-width: 0; -} - -.popover.right .arrow:after { - bottom: -10px; - left: 1px; - border-right-color: #ffffff; - border-left-width: 0; -} - -.popover.bottom .arrow { - top: -11px; - left: 50%; - margin-left: -11px; - border-bottom-color: #999; - border-bottom-color: rgba(0, 0, 0, 0.25); - border-top-width: 0; -} - -.popover.bottom .arrow:after { - top: 1px; - margin-left: -10px; - border-bottom-color: #ffffff; - border-top-width: 0; -} - -.popover.left .arrow { - top: 50%; - right: -11px; - margin-top: -11px; - border-left-color: #999; - border-left-color: rgba(0, 0, 0, 0.25); - border-right-width: 0; -} - -.popover.left .arrow:after { - right: 1px; - bottom: -10px; - border-left-color: #ffffff; - border-right-width: 0; -} - -.thumbnails { - margin-left: -20px; - list-style: none; - *zoom: 1; -} - -.thumbnails:before, -.thumbnails:after { - display: table; - line-height: 0; - content: ""; -} - -.thumbnails:after { - clear: both; -} - -.row-fluid .thumbnails { - margin-left: 0; -} - -.thumbnails > li { - float: left; - margin-bottom: 20px; - margin-left: 20px; -} - -.thumbnail { - display: block; - padding: 4px; - line-height: 20px; - border: 1px solid #ddd; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; - -webkit-box-shadow: 0 1px 3px rgba(0, 0, 0, 0.055); - -moz-box-shadow: 0 1px 3px rgba(0, 0, 0, 0.055); - box-shadow: 0 1px 3px rgba(0, 0, 0, 0.055); - -webkit-transition: all 0.2s ease-in-out; - -moz-transition: all 0.2s ease-in-out; - -o-transition: all 0.2s ease-in-out; - transition: all 0.2s ease-in-out; -} - -a.thumbnail:hover, -a.thumbnail:focus { - border-color: #0088cc; - -webkit-box-shadow: 0 1px 4px rgba(0, 105, 214, 0.25); - -moz-box-shadow: 0 1px 4px rgba(0, 105, 214, 0.25); - box-shadow: 0 1px 4px rgba(0, 105, 214, 0.25); -} - -.thumbnail > img { - display: block; - max-width: 100%; - margin-right: auto; - margin-left: auto; -} - -.thumbnail .caption { - padding: 9px; - color: #555555; -} - -.media, -.media-body { - overflow: hidden; - *overflow: visible; - zoom: 1; -} - -.media, -.media .media { - margin-top: 15px; -} - -.media:first-child { - margin-top: 0; -} - -.media-object { - display: block; -} - -.media-heading { - margin: 0 0 5px; -} - -.media > .pull-left { - margin-right: 10px; -} - -.media > .pull-right { - margin-left: 10px; -} - -.media-list { - margin-left: 0; - list-style: none; -} - -.label, -.badge { - display: inline-block; - padding: 2px 4px; - font-size: 11.844px; - font-weight: bold; - line-height: 14px; - color: #ffffff; - text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); - white-space: nowrap; - vertical-align: baseline; - background-color: #999999; -} - -.label { - -webkit-border-radius: 3px; - -moz-border-radius: 3px; - border-radius: 3px; -} - -.badge { - padding-right: 9px; - padding-left: 9px; - -webkit-border-radius: 9px; - -moz-border-radius: 9px; - border-radius: 9px; -} - -.label:empty, -.badge:empty { - display: none; -} - -a.label:hover, -a.label:focus, -a.badge:hover, -a.badge:focus { - color: #ffffff; - text-decoration: none; - cursor: pointer; -} - -.label-important, -.badge-important { - background-color: #b94a48; -} - -.label-important[href], -.badge-important[href] { - background-color: #953b39; -} - -.label-warning, -.badge-warning { - background-color: #f89406; -} - -.label-warning[href], -.badge-warning[href] { - background-color: #c67605; -} - -.label-success, -.badge-success { - background-color: #468847; -} - -.label-success[href], -.badge-success[href] { - background-color: #356635; -} - -.label-info, -.badge-info { - background-color: #3a87ad; -} - -.label-info[href], -.badge-info[href] { - background-color: #2d6987; -} - -.label-inverse, -.badge-inverse { - background-color: #333333; -} - -.label-inverse[href], -.badge-inverse[href] { - background-color: #1a1a1a; -} - -.btn .label, -.btn .badge { - position: relative; - top: -1px; -} - -.btn-mini .label, -.btn-mini .badge { - top: 0; -} - -@-webkit-keyframes progress-bar-stripes { - from { - background-position: 40px 0; - } - to { - background-position: 0 0; - } -} - -@-moz-keyframes progress-bar-stripes { - from { - background-position: 40px 0; - } - to { - background-position: 0 0; - } -} - -@-ms-keyframes progress-bar-stripes { - from { - background-position: 40px 0; - } - to { - background-position: 0 0; - } -} - -@-o-keyframes progress-bar-stripes { - from { - background-position: 0 0; - } - to { - background-position: 40px 0; - } -} - -@keyframes progress-bar-stripes { - from { - background-position: 40px 0; - } - to { - background-position: 0 0; - } -} - -.progress { - height: 20px; - margin-bottom: 20px; - overflow: hidden; - background-color: #f7f7f7; - background-image: -moz-linear-gradient(top, #f5f5f5, #f9f9f9); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#f5f5f5), to(#f9f9f9)); - background-image: -webkit-linear-gradient(top, #f5f5f5, #f9f9f9); - background-image: -o-linear-gradient(top, #f5f5f5, #f9f9f9); - background-image: linear-gradient(to bottom, #f5f5f5, #f9f9f9); - background-repeat: repeat-x; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff5f5f5', endColorstr='#fff9f9f9', GradientType=0); - -webkit-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1); - -moz-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1); - box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1); -} - -.progress .bar { - float: left; - width: 0; - height: 100%; - font-size: 12px; - color: #ffffff; - text-align: center; - text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); - background-color: #0e90d2; - background-image: -moz-linear-gradient(top, #149bdf, #0480be); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#149bdf), to(#0480be)); - background-image: -webkit-linear-gradient(top, #149bdf, #0480be); - background-image: -o-linear-gradient(top, #149bdf, #0480be); - background-image: linear-gradient(to bottom, #149bdf, #0480be); - background-repeat: repeat-x; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff149bdf', endColorstr='#ff0480be', GradientType=0); - -webkit-box-shadow: inset 0 -1px 0 rgba(0, 0, 0, 0.15); - -moz-box-shadow: inset 0 -1px 0 rgba(0, 0, 0, 0.15); - box-shadow: inset 0 -1px 0 rgba(0, 0, 0, 0.15); - -webkit-box-sizing: border-box; - -moz-box-sizing: border-box; - box-sizing: border-box; - -webkit-transition: width 0.6s ease; - -moz-transition: width 0.6s ease; - -o-transition: width 0.6s ease; - transition: width 0.6s ease; -} - -.progress .bar + .bar { - -webkit-box-shadow: inset 1px 0 0 rgba(0, 0, 0, 0.15), inset 0 -1px 0 rgba(0, 0, 0, 0.15); - -moz-box-shadow: inset 1px 0 0 rgba(0, 0, 0, 0.15), inset 0 -1px 0 rgba(0, 0, 0, 0.15); - box-shadow: inset 1px 0 0 rgba(0, 0, 0, 0.15), inset 0 -1px 0 rgba(0, 0, 0, 0.15); -} - -.progress-striped .bar { - background-color: #149bdf; - background-image: -webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent)); - background-image: -webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: -moz-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: -o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - -webkit-background-size: 40px 40px; - -moz-background-size: 40px 40px; - -o-background-size: 40px 40px; - background-size: 40px 40px; -} - -.progress.active .bar { - -webkit-animation: progress-bar-stripes 2s linear infinite; - -moz-animation: progress-bar-stripes 2s linear infinite; - -ms-animation: progress-bar-stripes 2s linear infinite; - -o-animation: progress-bar-stripes 2s linear infinite; - animation: progress-bar-stripes 2s linear infinite; -} - -.progress-danger .bar, -.progress .bar-danger { - background-color: #dd514c; - background-image: -moz-linear-gradient(top, #ee5f5b, #c43c35); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#ee5f5b), to(#c43c35)); - background-image: -webkit-linear-gradient(top, #ee5f5b, #c43c35); - background-image: -o-linear-gradient(top, #ee5f5b, #c43c35); - background-image: linear-gradient(to bottom, #ee5f5b, #c43c35); - background-repeat: repeat-x; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffee5f5b', endColorstr='#ffc43c35', GradientType=0); -} - -.progress-danger.progress-striped .bar, -.progress-striped .bar-danger { - background-color: #ee5f5b; - background-image: -webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent)); - background-image: -webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: -moz-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: -o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); -} - -.progress-success .bar, -.progress .bar-success { - background-color: #5eb95e; - background-image: -moz-linear-gradient(top, #62c462, #57a957); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#62c462), to(#57a957)); - background-image: -webkit-linear-gradient(top, #62c462, #57a957); - background-image: -o-linear-gradient(top, #62c462, #57a957); - background-image: linear-gradient(to bottom, #62c462, #57a957); - background-repeat: repeat-x; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff62c462', endColorstr='#ff57a957', GradientType=0); -} - -.progress-success.progress-striped .bar, -.progress-striped .bar-success { - background-color: #62c462; - background-image: -webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent)); - background-image: -webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: -moz-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: -o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); -} - -.progress-info .bar, -.progress .bar-info { - background-color: #4bb1cf; - background-image: -moz-linear-gradient(top, #5bc0de, #339bb9); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#5bc0de), to(#339bb9)); - background-image: -webkit-linear-gradient(top, #5bc0de, #339bb9); - background-image: -o-linear-gradient(top, #5bc0de, #339bb9); - background-image: linear-gradient(to bottom, #5bc0de, #339bb9); - background-repeat: repeat-x; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff339bb9', GradientType=0); -} - -.progress-info.progress-striped .bar, -.progress-striped .bar-info { - background-color: #5bc0de; - background-image: -webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent)); - background-image: -webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: -moz-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: -o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); -} - -.progress-warning .bar, -.progress .bar-warning { - background-color: #faa732; - background-image: -moz-linear-gradient(top, #fbb450, #f89406); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#fbb450), to(#f89406)); - background-image: -webkit-linear-gradient(top, #fbb450, #f89406); - background-image: -o-linear-gradient(top, #fbb450, #f89406); - background-image: linear-gradient(to bottom, #fbb450, #f89406); - background-repeat: repeat-x; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffbb450', endColorstr='#fff89406', GradientType=0); -} - -.progress-warning.progress-striped .bar, -.progress-striped .bar-warning { - background-color: #fbb450; - background-image: -webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent)); - background-image: -webkit-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: -moz-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: -o-linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); -} - -.accordion { - margin-bottom: 20px; -} - -.accordion-group { - margin-bottom: 2px; - border: 1px solid #e5e5e5; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; -} - -.accordion-heading { - border-bottom: 0; -} - -.accordion-heading .accordion-toggle { - display: block; - padding: 8px 15px; -} - -.accordion-toggle { - cursor: pointer; -} - -.accordion-inner { - padding: 9px 15px; - border-top: 1px solid #e5e5e5; -} - -.carousel { - position: relative; - margin-bottom: 20px; - line-height: 1; -} - -.carousel-inner { - position: relative; - width: 100%; - overflow: hidden; -} - -.carousel-inner > .item { - position: relative; - display: none; - -webkit-transition: 0.6s ease-in-out left; - -moz-transition: 0.6s ease-in-out left; - -o-transition: 0.6s ease-in-out left; - transition: 0.6s ease-in-out left; -} - -.carousel-inner > .item > img, -.carousel-inner > .item > a > img { - display: block; - line-height: 1; -} - -.carousel-inner > .active, -.carousel-inner > .next, -.carousel-inner > .prev { - display: block; -} - -.carousel-inner > .active { - left: 0; -} - -.carousel-inner > .next, -.carousel-inner > .prev { - position: absolute; - top: 0; - width: 100%; -} - -.carousel-inner > .next { - left: 100%; -} - -.carousel-inner > .prev { - left: -100%; -} - -.carousel-inner > .next.left, -.carousel-inner > .prev.right { - left: 0; -} - -.carousel-inner > .active.left { - left: -100%; -} - -.carousel-inner > .active.right { - left: 100%; -} - -.carousel-control { - position: absolute; - top: 40%; - left: 15px; - width: 40px; - height: 40px; - margin-top: -20px; - font-size: 60px; - font-weight: 100; - line-height: 30px; - color: #ffffff; - text-align: center; - background: #222222; - border: 3px solid #ffffff; - -webkit-border-radius: 23px; - -moz-border-radius: 23px; - border-radius: 23px; - opacity: 0.5; - filter: alpha(opacity=50); -} - -.carousel-control.right { - right: 15px; - left: auto; -} - -.carousel-control:hover, -.carousel-control:focus { - color: #ffffff; - text-decoration: none; - opacity: 0.9; - filter: alpha(opacity=90); -} - -.carousel-indicators { - position: absolute; - top: 15px; - right: 15px; - z-index: 5; - margin: 0; - list-style: none; -} - -.carousel-indicators li { - display: block; - float: left; - width: 10px; - height: 10px; - margin-left: 5px; - text-indent: -999px; - background-color: #ccc; - background-color: rgba(255, 255, 255, 0.25); - border-radius: 5px; -} - -.carousel-indicators .active { - background-color: #fff; -} - -.carousel-caption { - position: absolute; - right: 0; - bottom: 0; - left: 0; - padding: 15px; - background: #333333; - background: rgba(0, 0, 0, 0.75); -} - -.carousel-caption h4, -.carousel-caption p { - line-height: 20px; - color: #ffffff; -} - -.carousel-caption h4 { - margin: 0 0 5px; -} - -.carousel-caption p { - margin-bottom: 0; -} - -.hero-unit { - padding: 60px; - margin-bottom: 30px; - font-size: 18px; - font-weight: 200; - line-height: 30px; - color: inherit; - background-color: #eeeeee; - -webkit-border-radius: 6px; - -moz-border-radius: 6px; - border-radius: 6px; -} - -.hero-unit h1 { - margin-bottom: 0; - font-size: 60px; - line-height: 1; - letter-spacing: -1px; - color: inherit; -} - -.hero-unit li { - line-height: 30px; -} - -.pull-right { - float: right; -} - -.pull-left { - float: left; -} - -.hide { - display: none; -} - -.show { - display: block; -} - -.invisible { - visibility: hidden; -} - -.affix { - position: fixed; -} diff --git a/docs/theme/docker/static/css/bootstrap.min.css b/docs/theme/docker/static/css/bootstrap.min.css deleted file mode 100755 index fd5ed73407..0000000000 --- a/docs/theme/docker/static/css/bootstrap.min.css +++ /dev/null @@ -1,9 +0,0 @@ -/*! - * Bootstrap v2.3.0 - * - * Copyright 2012 Twitter, Inc - * Licensed under the Apache License v2.0 - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Designed and built with all the love in the world @twitter by @mdo and @fat. - */.clearfix{*zoom:1}.clearfix:before,.clearfix:after{display:table;line-height:0;content:""}.clearfix:after{clear:both}.hide-text{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.input-block-level{display:block;width:100%;min-height:30px;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}article,aside,details,figcaption,figure,footer,header,hgroup,nav,section{display:block}audio,canvas,video{display:inline-block;*display:inline;*zoom:1}audio:not([controls]){display:none}html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}a:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}a:hover,a:active{outline:0}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{width:auto\9;height:auto;max-width:100%;vertical-align:middle;border:0;-ms-interpolation-mode:bicubic}#map_canvas img,.google-maps img{max-width:none}button,input,select,textarea{margin:0;font-size:100%;vertical-align:middle}button,input{*overflow:visible;line-height:normal}button::-moz-focus-inner,input::-moz-focus-inner{padding:0;border:0}button,html input[type="button"],input[type="reset"],input[type="submit"]{cursor:pointer;-webkit-appearance:button}label,select,button,input[type="button"],input[type="reset"],input[type="submit"],input[type="radio"],input[type="checkbox"]{cursor:pointer}input[type="search"]{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-appearance:textfield}input[type="search"]::-webkit-search-decoration,input[type="search"]::-webkit-search-cancel-button{-webkit-appearance:none}textarea{overflow:auto;vertical-align:top}@media print{*{color:#000!important;text-shadow:none!important;background:transparent!important;box-shadow:none!important}a,a:visited{text-decoration:underline}a[href]:after{content:" (" attr(href) ")"}abbr[title]:after{content:" (" attr(title) ")"}.ir a:after,a[href^="javascript:"]:after,a[href^="#"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100%!important}@page{margin:.5cm}p,h2,h3{orphans:3;widows:3}h2,h3{page-break-after:avoid}}body{margin:0;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:20px;color:#333;background-color:#fff}a{color:#08c;text-decoration:none}a:hover,a:focus{color:#005580;text-decoration:underline}.img-rounded{-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px}.img-polaroid{padding:4px;background-color:#fff;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.2);-webkit-box-shadow:0 1px 3px rgba(0,0,0,0.1);-moz-box-shadow:0 1px 3px rgba(0,0,0,0.1);box-shadow:0 1px 3px rgba(0,0,0,0.1)}.img-circle{-webkit-border-radius:500px;-moz-border-radius:500px;border-radius:500px}.row{margin-left:-20px;*zoom:1}.row:before,.row:after{display:table;line-height:0;content:""}.row:after{clear:both}[class*="span"]{float:left;min-height:1px;margin-left:20px}.container,.navbar-static-top .container,.navbar-fixed-top .container,.navbar-fixed-bottom .container{width:940px}.span12{width:940px}.span11{width:860px}.span10{width:780px}.span9{width:700px}.span8{width:620px}.span7{width:540px}.span6{width:460px}.span5{width:380px}.span4{width:300px}.span3{width:220px}.span2{width:140px}.span1{width:60px}.offset12{margin-left:980px}.offset11{margin-left:900px}.offset10{margin-left:820px}.offset9{margin-left:740px}.offset8{margin-left:660px}.offset7{margin-left:580px}.offset6{margin-left:500px}.offset5{margin-left:420px}.offset4{margin-left:340px}.offset3{margin-left:260px}.offset2{margin-left:180px}.offset1{margin-left:100px}.row-fluid{width:100%;*zoom:1}.row-fluid:before,.row-fluid:after{display:table;line-height:0;content:""}.row-fluid:after{clear:both}.row-fluid [class*="span"]{display:block;float:left;width:100%;min-height:30px;margin-left:2.127659574468085%;*margin-left:2.074468085106383%;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}.row-fluid [class*="span"]:first-child{margin-left:0}.row-fluid .controls-row [class*="span"]+[class*="span"]{margin-left:2.127659574468085%}.row-fluid .span12{width:100%;*width:99.94680851063829%}.row-fluid .span11{width:91.48936170212765%;*width:91.43617021276594%}.row-fluid .span10{width:82.97872340425532%;*width:82.92553191489361%}.row-fluid .span9{width:74.46808510638297%;*width:74.41489361702126%}.row-fluid .span8{width:65.95744680851064%;*width:65.90425531914893%}.row-fluid .span7{width:57.44680851063829%;*width:57.39361702127659%}.row-fluid .span6{width:48.93617021276595%;*width:48.88297872340425%}.row-fluid .span5{width:40.42553191489362%;*width:40.37234042553192%}.row-fluid .span4{width:31.914893617021278%;*width:31.861702127659576%}.row-fluid .span3{width:23.404255319148934%;*width:23.351063829787233%}.row-fluid .span2{width:14.893617021276595%;*width:14.840425531914894%}.row-fluid .span1{width:6.382978723404255%;*width:6.329787234042553%}.row-fluid .offset12{margin-left:104.25531914893617%;*margin-left:104.14893617021275%}.row-fluid .offset12:first-child{margin-left:102.12765957446808%;*margin-left:102.02127659574467%}.row-fluid .offset11{margin-left:95.74468085106382%;*margin-left:95.6382978723404%}.row-fluid .offset11:first-child{margin-left:93.61702127659574%;*margin-left:93.51063829787232%}.row-fluid .offset10{margin-left:87.23404255319149%;*margin-left:87.12765957446807%}.row-fluid .offset10:first-child{margin-left:85.1063829787234%;*margin-left:84.99999999999999%}.row-fluid .offset9{margin-left:78.72340425531914%;*margin-left:78.61702127659572%}.row-fluid .offset9:first-child{margin-left:76.59574468085106%;*margin-left:76.48936170212764%}.row-fluid .offset8{margin-left:70.2127659574468%;*margin-left:70.10638297872339%}.row-fluid .offset8:first-child{margin-left:68.08510638297872%;*margin-left:67.9787234042553%}.row-fluid .offset7{margin-left:61.70212765957446%;*margin-left:61.59574468085106%}.row-fluid .offset7:first-child{margin-left:59.574468085106375%;*margin-left:59.46808510638297%}.row-fluid .offset6{margin-left:53.191489361702125%;*margin-left:53.085106382978715%}.row-fluid .offset6:first-child{margin-left:51.063829787234035%;*margin-left:50.95744680851063%}.row-fluid .offset5{margin-left:44.68085106382979%;*margin-left:44.57446808510638%}.row-fluid .offset5:first-child{margin-left:42.5531914893617%;*margin-left:42.4468085106383%}.row-fluid .offset4{margin-left:36.170212765957444%;*margin-left:36.06382978723405%}.row-fluid .offset4:first-child{margin-left:34.04255319148936%;*margin-left:33.93617021276596%}.row-fluid .offset3{margin-left:27.659574468085104%;*margin-left:27.5531914893617%}.row-fluid .offset3:first-child{margin-left:25.53191489361702%;*margin-left:25.425531914893618%}.row-fluid .offset2{margin-left:19.148936170212764%;*margin-left:19.04255319148936%}.row-fluid .offset2:first-child{margin-left:17.02127659574468%;*margin-left:16.914893617021278%}.row-fluid .offset1{margin-left:10.638297872340425%;*margin-left:10.53191489361702%}.row-fluid .offset1:first-child{margin-left:8.51063829787234%;*margin-left:8.404255319148938%}[class*="span"].hide,.row-fluid [class*="span"].hide{display:none}[class*="span"].pull-right,.row-fluid [class*="span"].pull-right{float:right}.container{margin-right:auto;margin-left:auto;*zoom:1}.container:before,.container:after{display:table;line-height:0;content:""}.container:after{clear:both}.container-fluid{padding-right:20px;padding-left:20px;*zoom:1}.container-fluid:before,.container-fluid:after{display:table;line-height:0;content:""}.container-fluid:after{clear:both}p{margin:0 0 10px}.lead{margin-bottom:20px;font-size:21px;font-weight:200;line-height:30px}small{font-size:85%}strong{font-weight:bold}em{font-style:italic}cite{font-style:normal}.muted{color:#999}a.muted:hover,a.muted:focus{color:#808080}.text-warning{color:#c09853}a.text-warning:hover,a.text-warning:focus{color:#a47e3c}.text-error{color:#b94a48}a.text-error:hover,a.text-error:focus{color:#953b39}.text-info{color:#3a87ad}a.text-info:hover,a.text-info:focus{color:#2d6987}.text-success{color:#468847}a.text-success:hover,a.text-success:focus{color:#356635}.text-left{text-align:left}.text-right{text-align:right}.text-center{text-align:center}h1,h2,h3,h4,h5,h6{margin:10px 0;font-family:inherit;font-weight:bold;line-height:20px;color:inherit;text-rendering:optimizelegibility}h1 small,h2 small,h3 small,h4 small,h5 small,h6 small{font-weight:normal;line-height:1;color:#999}h1,h2,h3{line-height:40px}h1{font-size:38.5px}h2{font-size:31.5px}h3{font-size:24.5px}h4{font-size:17.5px}h5{font-size:14px}h6{font-size:11.9px}h1 small{font-size:24.5px}h2 small{font-size:17.5px}h3 small{font-size:14px}h4 small{font-size:14px}.page-header{padding-bottom:9px;margin:20px 0 30px;border-bottom:1px solid #eee}ul,ol{padding:0;margin:0 0 10px 25px}ul ul,ul ol,ol ol,ol ul{margin-bottom:0}li{line-height:20px}ul.unstyled,ol.unstyled{margin-left:0;list-style:none}ul.inline,ol.inline{margin-left:0;list-style:none}ul.inline>li,ol.inline>li{display:inline-block;*display:inline;padding-right:5px;padding-left:5px;*zoom:1}dl{margin-bottom:20px}dt,dd{line-height:20px}dt{font-weight:bold}dd{margin-left:10px}.dl-horizontal{*zoom:1}.dl-horizontal:before,.dl-horizontal:after{display:table;line-height:0;content:""}.dl-horizontal:after{clear:both}.dl-horizontal dt{float:left;width:160px;overflow:hidden;clear:left;text-align:right;text-overflow:ellipsis;white-space:nowrap}.dl-horizontal dd{margin-left:180px}hr{margin:20px 0;border:0;border-top:1px solid #eee;border-bottom:1px solid #fff}abbr[title],abbr[data-original-title]{cursor:help;border-bottom:1px dotted #999}abbr.initialism{font-size:90%;text-transform:uppercase}blockquote{padding:0 0 0 15px;margin:0 0 20px;border-left:5px solid #eee}blockquote p{margin-bottom:0;font-size:17.5px;font-weight:300;line-height:1.25}blockquote small{display:block;line-height:20px;color:#999}blockquote small:before{content:'\2014 \00A0'}blockquote.pull-right{float:right;padding-right:15px;padding-left:0;border-right:5px solid #eee;border-left:0}blockquote.pull-right p,blockquote.pull-right small{text-align:right}blockquote.pull-right small:before{content:''}blockquote.pull-right small:after{content:'\00A0 \2014'}q:before,q:after,blockquote:before,blockquote:after{content:""}address{display:block;margin-bottom:20px;font-style:normal;line-height:20px}code,pre{padding:0 3px 2px;font-family:Monaco,Menlo,Consolas,"Courier New",monospace;font-size:12px;color:#333;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px}code{padding:2px 4px;color:#d14;white-space:nowrap;background-color:#f7f7f9;border:1px solid #e1e1e8}pre{display:block;padding:9.5px;margin:0 0 10px;font-size:13px;line-height:20px;word-break:break-all;word-wrap:break-word;white-space:pre;white-space:pre-wrap;background-color:#f5f5f5;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.15);-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}pre.prettyprint{margin-bottom:20px}pre code{padding:0;color:inherit;white-space:pre;white-space:pre-wrap;background-color:transparent;border:0}.pre-scrollable{max-height:340px;overflow-y:scroll}form{margin:0 0 20px}fieldset{padding:0;margin:0;border:0}legend{display:block;width:100%;padding:0;margin-bottom:20px;font-size:21px;line-height:40px;color:#333;border:0;border-bottom:1px solid #e5e5e5}legend small{font-size:15px;color:#999}label,input,button,select,textarea{font-size:14px;font-weight:normal;line-height:20px}input,button,select,textarea{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif}label{display:block;margin-bottom:5px}select,textarea,input[type="text"],input[type="password"],input[type="datetime"],input[type="datetime-local"],input[type="date"],input[type="month"],input[type="time"],input[type="week"],input[type="number"],input[type="email"],input[type="url"],input[type="search"],input[type="tel"],input[type="color"],.uneditable-input{display:inline-block;height:20px;padding:4px 6px;margin-bottom:10px;font-size:14px;line-height:20px;color:#555;vertical-align:middle;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}input,textarea,.uneditable-input{width:206px}textarea{height:auto}textarea,input[type="text"],input[type="password"],input[type="datetime"],input[type="datetime-local"],input[type="date"],input[type="month"],input[type="time"],input[type="week"],input[type="number"],input[type="email"],input[type="url"],input[type="search"],input[type="tel"],input[type="color"],.uneditable-input{background-color:#fff;border:1px solid #ccc;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-webkit-transition:border linear .2s,box-shadow linear .2s;-moz-transition:border linear .2s,box-shadow linear .2s;-o-transition:border linear .2s,box-shadow linear .2s;transition:border linear .2s,box-shadow linear .2s}textarea:focus,input[type="text"]:focus,input[type="password"]:focus,input[type="datetime"]:focus,input[type="datetime-local"]:focus,input[type="date"]:focus,input[type="month"]:focus,input[type="time"]:focus,input[type="week"]:focus,input[type="number"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type="search"]:focus,input[type="tel"]:focus,input[type="color"]:focus,.uneditable-input:focus{border-color:rgba(82,168,236,0.8);outline:0;outline:thin dotted \9;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6)}input[type="radio"],input[type="checkbox"]{margin:4px 0 0;margin-top:1px \9;*margin-top:0;line-height:normal}input[type="file"],input[type="image"],input[type="submit"],input[type="reset"],input[type="button"],input[type="radio"],input[type="checkbox"]{width:auto}select,input[type="file"]{height:30px;*margin-top:4px;line-height:30px}select{width:220px;background-color:#fff;border:1px solid #ccc}select[multiple],select[size]{height:auto}select:focus,input[type="file"]:focus,input[type="radio"]:focus,input[type="checkbox"]:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.uneditable-input,.uneditable-textarea{color:#999;cursor:not-allowed;background-color:#fcfcfc;border-color:#ccc;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.025);-moz-box-shadow:inset 0 1px 2px rgba(0,0,0,0.025);box-shadow:inset 0 1px 2px rgba(0,0,0,0.025)}.uneditable-input{overflow:hidden;white-space:nowrap}.uneditable-textarea{width:auto;height:auto}input:-moz-placeholder,textarea:-moz-placeholder{color:#999}input:-ms-input-placeholder,textarea:-ms-input-placeholder{color:#999}input::-webkit-input-placeholder,textarea::-webkit-input-placeholder{color:#999}.radio,.checkbox{min-height:20px;padding-left:20px}.radio input[type="radio"],.checkbox input[type="checkbox"]{float:left;margin-left:-20px}.controls>.radio:first-child,.controls>.checkbox:first-child{padding-top:5px}.radio.inline,.checkbox.inline{display:inline-block;padding-top:5px;margin-bottom:0;vertical-align:middle}.radio.inline+.radio.inline,.checkbox.inline+.checkbox.inline{margin-left:10px}.input-mini{width:60px}.input-small{width:90px}.input-medium{width:150px}.input-large{width:210px}.input-xlarge{width:270px}.input-xxlarge{width:530px}input[class*="span"],select[class*="span"],textarea[class*="span"],.uneditable-input[class*="span"],.row-fluid input[class*="span"],.row-fluid select[class*="span"],.row-fluid textarea[class*="span"],.row-fluid .uneditable-input[class*="span"]{float:none;margin-left:0}.input-append input[class*="span"],.input-append .uneditable-input[class*="span"],.input-prepend input[class*="span"],.input-prepend .uneditable-input[class*="span"],.row-fluid input[class*="span"],.row-fluid select[class*="span"],.row-fluid textarea[class*="span"],.row-fluid .uneditable-input[class*="span"],.row-fluid .input-prepend [class*="span"],.row-fluid .input-append [class*="span"]{display:inline-block}input,textarea,.uneditable-input{margin-left:0}.controls-row [class*="span"]+[class*="span"]{margin-left:20px}input.span12,textarea.span12,.uneditable-input.span12{width:926px}input.span11,textarea.span11,.uneditable-input.span11{width:846px}input.span10,textarea.span10,.uneditable-input.span10{width:766px}input.span9,textarea.span9,.uneditable-input.span9{width:686px}input.span8,textarea.span8,.uneditable-input.span8{width:606px}input.span7,textarea.span7,.uneditable-input.span7{width:526px}input.span6,textarea.span6,.uneditable-input.span6{width:446px}input.span5,textarea.span5,.uneditable-input.span5{width:366px}input.span4,textarea.span4,.uneditable-input.span4{width:286px}input.span3,textarea.span3,.uneditable-input.span3{width:206px}input.span2,textarea.span2,.uneditable-input.span2{width:126px}input.span1,textarea.span1,.uneditable-input.span1{width:46px}.controls-row{*zoom:1}.controls-row:before,.controls-row:after{display:table;line-height:0;content:""}.controls-row:after{clear:both}.controls-row [class*="span"],.row-fluid .controls-row [class*="span"]{float:left}.controls-row .checkbox[class*="span"],.controls-row .radio[class*="span"]{padding-top:5px}input[disabled],select[disabled],textarea[disabled],input[readonly],select[readonly],textarea[readonly]{cursor:not-allowed;background-color:#eee}input[type="radio"][disabled],input[type="checkbox"][disabled],input[type="radio"][readonly],input[type="checkbox"][readonly]{background-color:transparent}.control-group.warning .control-label,.control-group.warning .help-block,.control-group.warning .help-inline{color:#c09853}.control-group.warning .checkbox,.control-group.warning .radio,.control-group.warning input,.control-group.warning select,.control-group.warning textarea{color:#c09853}.control-group.warning input,.control-group.warning select,.control-group.warning textarea{border-color:#c09853;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.control-group.warning input:focus,.control-group.warning select:focus,.control-group.warning textarea:focus{border-color:#a47e3c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #dbc59e;-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #dbc59e;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #dbc59e}.control-group.warning .input-prepend .add-on,.control-group.warning .input-append .add-on{color:#c09853;background-color:#fcf8e3;border-color:#c09853}.control-group.error .control-label,.control-group.error .help-block,.control-group.error .help-inline{color:#b94a48}.control-group.error .checkbox,.control-group.error .radio,.control-group.error input,.control-group.error select,.control-group.error textarea{color:#b94a48}.control-group.error input,.control-group.error select,.control-group.error textarea{border-color:#b94a48;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.control-group.error input:focus,.control-group.error select:focus,.control-group.error textarea:focus{border-color:#953b39;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #d59392;-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #d59392;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #d59392}.control-group.error .input-prepend .add-on,.control-group.error .input-append .add-on{color:#b94a48;background-color:#f2dede;border-color:#b94a48}.control-group.success .control-label,.control-group.success .help-block,.control-group.success .help-inline{color:#468847}.control-group.success .checkbox,.control-group.success .radio,.control-group.success input,.control-group.success select,.control-group.success textarea{color:#468847}.control-group.success input,.control-group.success select,.control-group.success textarea{border-color:#468847;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.control-group.success input:focus,.control-group.success select:focus,.control-group.success textarea:focus{border-color:#356635;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7aba7b;-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7aba7b;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7aba7b}.control-group.success .input-prepend .add-on,.control-group.success .input-append .add-on{color:#468847;background-color:#dff0d8;border-color:#468847}.control-group.info .control-label,.control-group.info .help-block,.control-group.info .help-inline{color:#3a87ad}.control-group.info .checkbox,.control-group.info .radio,.control-group.info input,.control-group.info select,.control-group.info textarea{color:#3a87ad}.control-group.info input,.control-group.info select,.control-group.info textarea{border-color:#3a87ad;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.control-group.info input:focus,.control-group.info select:focus,.control-group.info textarea:focus{border-color:#2d6987;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7ab5d3;-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7ab5d3;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7ab5d3}.control-group.info .input-prepend .add-on,.control-group.info .input-append .add-on{color:#3a87ad;background-color:#d9edf7;border-color:#3a87ad}input:focus:invalid,textarea:focus:invalid,select:focus:invalid{color:#b94a48;border-color:#ee5f5b}input:focus:invalid:focus,textarea:focus:invalid:focus,select:focus:invalid:focus{border-color:#e9322d;-webkit-box-shadow:0 0 6px #f8b9b7;-moz-box-shadow:0 0 6px #f8b9b7;box-shadow:0 0 6px #f8b9b7}.form-actions{padding:19px 20px 20px;margin-top:20px;margin-bottom:20px;background-color:#f5f5f5;border-top:1px solid #e5e5e5;*zoom:1}.form-actions:before,.form-actions:after{display:table;line-height:0;content:""}.form-actions:after{clear:both}.help-block,.help-inline{color:#595959}.help-block{display:block;margin-bottom:10px}.help-inline{display:inline-block;*display:inline;padding-left:5px;vertical-align:middle;*zoom:1}.input-append,.input-prepend{display:inline-block;margin-bottom:10px;font-size:0;white-space:nowrap;vertical-align:middle}.input-append input,.input-prepend input,.input-append select,.input-prepend select,.input-append .uneditable-input,.input-prepend .uneditable-input,.input-append .dropdown-menu,.input-prepend .dropdown-menu,.input-append .popover,.input-prepend .popover{font-size:14px}.input-append input,.input-prepend input,.input-append select,.input-prepend select,.input-append .uneditable-input,.input-prepend .uneditable-input{position:relative;margin-bottom:0;*margin-left:0;vertical-align:top;-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0}.input-append input:focus,.input-prepend input:focus,.input-append select:focus,.input-prepend select:focus,.input-append .uneditable-input:focus,.input-prepend .uneditable-input:focus{z-index:2}.input-append .add-on,.input-prepend .add-on{display:inline-block;width:auto;height:20px;min-width:16px;padding:4px 5px;font-size:14px;font-weight:normal;line-height:20px;text-align:center;text-shadow:0 1px 0 #fff;background-color:#eee;border:1px solid #ccc}.input-append .add-on,.input-prepend .add-on,.input-append .btn,.input-prepend .btn,.input-append .btn-group>.dropdown-toggle,.input-prepend .btn-group>.dropdown-toggle{vertical-align:top;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.input-append .active,.input-prepend .active{background-color:#a9dba9;border-color:#46a546}.input-prepend .add-on,.input-prepend .btn{margin-right:-1px}.input-prepend .add-on:first-child,.input-prepend .btn:first-child{-webkit-border-radius:4px 0 0 4px;-moz-border-radius:4px 0 0 4px;border-radius:4px 0 0 4px}.input-append input,.input-append select,.input-append .uneditable-input{-webkit-border-radius:4px 0 0 4px;-moz-border-radius:4px 0 0 4px;border-radius:4px 0 0 4px}.input-append input+.btn-group .btn:last-child,.input-append select+.btn-group .btn:last-child,.input-append .uneditable-input+.btn-group .btn:last-child{-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0}.input-append .add-on,.input-append .btn,.input-append .btn-group{margin-left:-1px}.input-append .add-on:last-child,.input-append .btn:last-child,.input-append .btn-group:last-child>.dropdown-toggle{-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0}.input-prepend.input-append input,.input-prepend.input-append select,.input-prepend.input-append .uneditable-input{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.input-prepend.input-append input+.btn-group .btn,.input-prepend.input-append select+.btn-group .btn,.input-prepend.input-append .uneditable-input+.btn-group .btn{-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0}.input-prepend.input-append .add-on:first-child,.input-prepend.input-append .btn:first-child{margin-right:-1px;-webkit-border-radius:4px 0 0 4px;-moz-border-radius:4px 0 0 4px;border-radius:4px 0 0 4px}.input-prepend.input-append .add-on:last-child,.input-prepend.input-append .btn:last-child{margin-left:-1px;-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0}.input-prepend.input-append .btn-group:first-child{margin-left:0}input.search-query{padding-right:14px;padding-right:4px \9;padding-left:14px;padding-left:4px \9;margin-bottom:0;-webkit-border-radius:15px;-moz-border-radius:15px;border-radius:15px}.form-search .input-append .search-query,.form-search .input-prepend .search-query{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.form-search .input-append .search-query{-webkit-border-radius:14px 0 0 14px;-moz-border-radius:14px 0 0 14px;border-radius:14px 0 0 14px}.form-search .input-append .btn{-webkit-border-radius:0 14px 14px 0;-moz-border-radius:0 14px 14px 0;border-radius:0 14px 14px 0}.form-search .input-prepend .search-query{-webkit-border-radius:0 14px 14px 0;-moz-border-radius:0 14px 14px 0;border-radius:0 14px 14px 0}.form-search .input-prepend .btn{-webkit-border-radius:14px 0 0 14px;-moz-border-radius:14px 0 0 14px;border-radius:14px 0 0 14px}.form-search input,.form-inline input,.form-horizontal input,.form-search textarea,.form-inline textarea,.form-horizontal textarea,.form-search select,.form-inline select,.form-horizontal select,.form-search .help-inline,.form-inline .help-inline,.form-horizontal .help-inline,.form-search .uneditable-input,.form-inline .uneditable-input,.form-horizontal .uneditable-input,.form-search .input-prepend,.form-inline .input-prepend,.form-horizontal .input-prepend,.form-search .input-append,.form-inline .input-append,.form-horizontal .input-append{display:inline-block;*display:inline;margin-bottom:0;vertical-align:middle;*zoom:1}.form-search .hide,.form-inline .hide,.form-horizontal .hide{display:none}.form-search label,.form-inline label,.form-search .btn-group,.form-inline .btn-group{display:inline-block}.form-search .input-append,.form-inline .input-append,.form-search .input-prepend,.form-inline .input-prepend{margin-bottom:0}.form-search .radio,.form-search .checkbox,.form-inline .radio,.form-inline .checkbox{padding-left:0;margin-bottom:0;vertical-align:middle}.form-search .radio input[type="radio"],.form-search .checkbox input[type="checkbox"],.form-inline .radio input[type="radio"],.form-inline .checkbox input[type="checkbox"]{float:left;margin-right:3px;margin-left:0}.control-group{margin-bottom:10px}legend+.control-group{margin-top:20px;-webkit-margin-top-collapse:separate}.form-horizontal .control-group{margin-bottom:20px;*zoom:1}.form-horizontal .control-group:before,.form-horizontal .control-group:after{display:table;line-height:0;content:""}.form-horizontal .control-group:after{clear:both}.form-horizontal .control-label{float:left;width:160px;padding-top:5px;text-align:right}.form-horizontal .controls{*display:inline-block;*padding-left:20px;margin-left:180px;*margin-left:0}.form-horizontal .controls:first-child{*padding-left:180px}.form-horizontal .help-block{margin-bottom:0}.form-horizontal input+.help-block,.form-horizontal select+.help-block,.form-horizontal textarea+.help-block,.form-horizontal .uneditable-input+.help-block,.form-horizontal .input-prepend+.help-block,.form-horizontal .input-append+.help-block{margin-top:10px}.form-horizontal .form-actions{padding-left:180px}table{max-width:100%;background-color:transparent;border-collapse:collapse;border-spacing:0}.table{width:100%;margin-bottom:20px}.table th,.table td{padding:8px;line-height:20px;text-align:left;vertical-align:top;border-top:1px solid #ddd}.table th{font-weight:bold}.table thead th{vertical-align:bottom}.table caption+thead tr:first-child th,.table caption+thead tr:first-child td,.table colgroup+thead tr:first-child th,.table colgroup+thead tr:first-child td,.table thead:first-child tr:first-child th,.table thead:first-child tr:first-child td{border-top:0}.table tbody+tbody{border-top:2px solid #ddd}.table .table{background-color:#fff}.table-condensed th,.table-condensed td{padding:4px 5px}.table-bordered{border:1px solid #ddd;border-collapse:separate;*border-collapse:collapse;border-left:0;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.table-bordered th,.table-bordered td{border-left:1px solid #ddd}.table-bordered caption+thead tr:first-child th,.table-bordered caption+tbody tr:first-child th,.table-bordered caption+tbody tr:first-child td,.table-bordered colgroup+thead tr:first-child th,.table-bordered colgroup+tbody tr:first-child th,.table-bordered colgroup+tbody tr:first-child td,.table-bordered thead:first-child tr:first-child th,.table-bordered tbody:first-child tr:first-child th,.table-bordered tbody:first-child tr:first-child td{border-top:0}.table-bordered thead:first-child tr:first-child>th:first-child,.table-bordered tbody:first-child tr:first-child>td:first-child,.table-bordered tbody:first-child tr:first-child>th:first-child{-webkit-border-top-left-radius:4px;border-top-left-radius:4px;-moz-border-radius-topleft:4px}.table-bordered thead:first-child tr:first-child>th:last-child,.table-bordered tbody:first-child tr:first-child>td:last-child,.table-bordered tbody:first-child tr:first-child>th:last-child{-webkit-border-top-right-radius:4px;border-top-right-radius:4px;-moz-border-radius-topright:4px}.table-bordered thead:last-child tr:last-child>th:first-child,.table-bordered tbody:last-child tr:last-child>td:first-child,.table-bordered tbody:last-child tr:last-child>th:first-child,.table-bordered tfoot:last-child tr:last-child>td:first-child,.table-bordered tfoot:last-child tr:last-child>th:first-child{-webkit-border-bottom-left-radius:4px;border-bottom-left-radius:4px;-moz-border-radius-bottomleft:4px}.table-bordered thead:last-child tr:last-child>th:last-child,.table-bordered tbody:last-child tr:last-child>td:last-child,.table-bordered tbody:last-child tr:last-child>th:last-child,.table-bordered tfoot:last-child tr:last-child>td:last-child,.table-bordered tfoot:last-child tr:last-child>th:last-child{-webkit-border-bottom-right-radius:4px;border-bottom-right-radius:4px;-moz-border-radius-bottomright:4px}.table-bordered tfoot+tbody:last-child tr:last-child td:first-child{-webkit-border-bottom-left-radius:0;border-bottom-left-radius:0;-moz-border-radius-bottomleft:0}.table-bordered tfoot+tbody:last-child tr:last-child td:last-child{-webkit-border-bottom-right-radius:0;border-bottom-right-radius:0;-moz-border-radius-bottomright:0}.table-bordered caption+thead tr:first-child th:first-child,.table-bordered caption+tbody tr:first-child td:first-child,.table-bordered colgroup+thead tr:first-child th:first-child,.table-bordered colgroup+tbody tr:first-child td:first-child{-webkit-border-top-left-radius:4px;border-top-left-radius:4px;-moz-border-radius-topleft:4px}.table-bordered caption+thead tr:first-child th:last-child,.table-bordered caption+tbody tr:first-child td:last-child,.table-bordered colgroup+thead tr:first-child th:last-child,.table-bordered colgroup+tbody tr:first-child td:last-child{-webkit-border-top-right-radius:4px;border-top-right-radius:4px;-moz-border-radius-topright:4px}.table-striped tbody>tr:nth-child(odd)>td,.table-striped tbody>tr:nth-child(odd)>th{background-color:#f9f9f9}.table-hover tbody tr:hover>td,.table-hover tbody tr:hover>th{background-color:#f5f5f5}table td[class*="span"],table th[class*="span"],.row-fluid table td[class*="span"],.row-fluid table th[class*="span"]{display:table-cell;float:none;margin-left:0}.table td.span1,.table th.span1{float:none;width:44px;margin-left:0}.table td.span2,.table th.span2{float:none;width:124px;margin-left:0}.table td.span3,.table th.span3{float:none;width:204px;margin-left:0}.table td.span4,.table th.span4{float:none;width:284px;margin-left:0}.table td.span5,.table th.span5{float:none;width:364px;margin-left:0}.table td.span6,.table th.span6{float:none;width:444px;margin-left:0}.table td.span7,.table th.span7{float:none;width:524px;margin-left:0}.table td.span8,.table th.span8{float:none;width:604px;margin-left:0}.table td.span9,.table th.span9{float:none;width:684px;margin-left:0}.table td.span10,.table th.span10{float:none;width:764px;margin-left:0}.table td.span11,.table th.span11{float:none;width:844px;margin-left:0}.table td.span12,.table th.span12{float:none;width:924px;margin-left:0}.table tbody tr.success>td{background-color:#dff0d8}.table tbody tr.error>td{background-color:#f2dede}.table tbody tr.warning>td{background-color:#fcf8e3}.table tbody tr.info>td{background-color:#d9edf7}.table-hover tbody tr.success:hover>td{background-color:#d0e9c6}.table-hover tbody tr.error:hover>td{background-color:#ebcccc}.table-hover tbody tr.warning:hover>td{background-color:#faf2cc}.table-hover tbody tr.info:hover>td{background-color:#c4e3f3}[class^="icon-"],[class*=" icon-"]{display:inline-block;width:14px;height:14px;margin-top:1px;*margin-right:.3em;line-height:14px;vertical-align:text-top;background-image:url("../img/glyphicons-halflings.png");background-position:14px 14px;background-repeat:no-repeat}.icon-white,.nav-pills>.active>a>[class^="icon-"],.nav-pills>.active>a>[class*=" icon-"],.nav-list>.active>a>[class^="icon-"],.nav-list>.active>a>[class*=" icon-"],.navbar-inverse .nav>.active>a>[class^="icon-"],.navbar-inverse .nav>.active>a>[class*=" icon-"],.dropdown-menu>li>a:hover>[class^="icon-"],.dropdown-menu>li>a:focus>[class^="icon-"],.dropdown-menu>li>a:hover>[class*=" icon-"],.dropdown-menu>li>a:focus>[class*=" icon-"],.dropdown-menu>.active>a>[class^="icon-"],.dropdown-menu>.active>a>[class*=" icon-"],.dropdown-submenu:hover>a>[class^="icon-"],.dropdown-submenu:focus>a>[class^="icon-"],.dropdown-submenu:hover>a>[class*=" icon-"],.dropdown-submenu:focus>a>[class*=" icon-"]{background-image:url("../img/glyphicons-halflings-white.png")}.icon-glass{background-position:0 0}.icon-music{background-position:-24px 0}.icon-search{background-position:-48px 0}.icon-envelope{background-position:-72px 0}.icon-heart{background-position:-96px 0}.icon-star{background-position:-120px 0}.icon-star-empty{background-position:-144px 0}.icon-user{background-position:-168px 0}.icon-film{background-position:-192px 0}.icon-th-large{background-position:-216px 0}.icon-th{background-position:-240px 0}.icon-th-list{background-position:-264px 0}.icon-ok{background-position:-288px 0}.icon-remove{background-position:-312px 0}.icon-zoom-in{background-position:-336px 0}.icon-zoom-out{background-position:-360px 0}.icon-off{background-position:-384px 0}.icon-signal{background-position:-408px 0}.icon-cog{background-position:-432px 0}.icon-trash{background-position:-456px 0}.icon-home{background-position:0 -24px}.icon-file{background-position:-24px -24px}.icon-time{background-position:-48px -24px}.icon-road{background-position:-72px -24px}.icon-download-alt{background-position:-96px -24px}.icon-download{background-position:-120px -24px}.icon-upload{background-position:-144px -24px}.icon-inbox{background-position:-168px -24px}.icon-play-circle{background-position:-192px -24px}.icon-repeat{background-position:-216px -24px}.icon-refresh{background-position:-240px -24px}.icon-list-alt{background-position:-264px -24px}.icon-lock{background-position:-287px -24px}.icon-flag{background-position:-312px -24px}.icon-headphones{background-position:-336px -24px}.icon-volume-off{background-position:-360px -24px}.icon-volume-down{background-position:-384px -24px}.icon-volume-up{background-position:-408px -24px}.icon-qrcode{background-position:-432px -24px}.icon-barcode{background-position:-456px -24px}.icon-tag{background-position:0 -48px}.icon-tags{background-position:-25px -48px}.icon-book{background-position:-48px -48px}.icon-bookmark{background-position:-72px -48px}.icon-print{background-position:-96px -48px}.icon-camera{background-position:-120px -48px}.icon-font{background-position:-144px -48px}.icon-bold{background-position:-167px -48px}.icon-italic{background-position:-192px -48px}.icon-text-height{background-position:-216px -48px}.icon-text-width{background-position:-240px -48px}.icon-align-left{background-position:-264px -48px}.icon-align-center{background-position:-288px -48px}.icon-align-right{background-position:-312px -48px}.icon-align-justify{background-position:-336px -48px}.icon-list{background-position:-360px -48px}.icon-indent-left{background-position:-384px -48px}.icon-indent-right{background-position:-408px -48px}.icon-facetime-video{background-position:-432px -48px}.icon-picture{background-position:-456px -48px}.icon-pencil{background-position:0 -72px}.icon-map-marker{background-position:-24px -72px}.icon-adjust{background-position:-48px -72px}.icon-tint{background-position:-72px -72px}.icon-edit{background-position:-96px -72px}.icon-share{background-position:-120px -72px}.icon-check{background-position:-144px -72px}.icon-move{background-position:-168px -72px}.icon-step-backward{background-position:-192px -72px}.icon-fast-backward{background-position:-216px -72px}.icon-backward{background-position:-240px -72px}.icon-play{background-position:-264px -72px}.icon-pause{background-position:-288px -72px}.icon-stop{background-position:-312px -72px}.icon-forward{background-position:-336px -72px}.icon-fast-forward{background-position:-360px -72px}.icon-step-forward{background-position:-384px -72px}.icon-eject{background-position:-408px -72px}.icon-chevron-left{background-position:-432px -72px}.icon-chevron-right{background-position:-456px -72px}.icon-plus-sign{background-position:0 -96px}.icon-minus-sign{background-position:-24px -96px}.icon-remove-sign{background-position:-48px -96px}.icon-ok-sign{background-position:-72px -96px}.icon-question-sign{background-position:-96px -96px}.icon-info-sign{background-position:-120px -96px}.icon-screenshot{background-position:-144px -96px}.icon-remove-circle{background-position:-168px -96px}.icon-ok-circle{background-position:-192px -96px}.icon-ban-circle{background-position:-216px -96px}.icon-arrow-left{background-position:-240px -96px}.icon-arrow-right{background-position:-264px -96px}.icon-arrow-up{background-position:-289px -96px}.icon-arrow-down{background-position:-312px -96px}.icon-share-alt{background-position:-336px -96px}.icon-resize-full{background-position:-360px -96px}.icon-resize-small{background-position:-384px -96px}.icon-plus{background-position:-408px -96px}.icon-minus{background-position:-433px -96px}.icon-asterisk{background-position:-456px -96px}.icon-exclamation-sign{background-position:0 -120px}.icon-gift{background-position:-24px -120px}.icon-leaf{background-position:-48px -120px}.icon-fire{background-position:-72px -120px}.icon-eye-open{background-position:-96px -120px}.icon-eye-close{background-position:-120px -120px}.icon-warning-sign{background-position:-144px -120px}.icon-plane{background-position:-168px -120px}.icon-calendar{background-position:-192px -120px}.icon-random{width:16px;background-position:-216px -120px}.icon-comment{background-position:-240px -120px}.icon-magnet{background-position:-264px -120px}.icon-chevron-up{background-position:-288px -120px}.icon-chevron-down{background-position:-313px -119px}.icon-retweet{background-position:-336px -120px}.icon-shopping-cart{background-position:-360px -120px}.icon-folder-close{width:16px;background-position:-384px -120px}.icon-folder-open{width:16px;background-position:-408px -120px}.icon-resize-vertical{background-position:-432px -119px}.icon-resize-horizontal{background-position:-456px -118px}.icon-hdd{background-position:0 -144px}.icon-bullhorn{background-position:-24px -144px}.icon-bell{background-position:-48px -144px}.icon-certificate{background-position:-72px -144px}.icon-thumbs-up{background-position:-96px -144px}.icon-thumbs-down{background-position:-120px -144px}.icon-hand-right{background-position:-144px -144px}.icon-hand-left{background-position:-168px -144px}.icon-hand-up{background-position:-192px -144px}.icon-hand-down{background-position:-216px -144px}.icon-circle-arrow-right{background-position:-240px -144px}.icon-circle-arrow-left{background-position:-264px -144px}.icon-circle-arrow-up{background-position:-288px -144px}.icon-circle-arrow-down{background-position:-312px -144px}.icon-globe{background-position:-336px -144px}.icon-wrench{background-position:-360px -144px}.icon-tasks{background-position:-384px -144px}.icon-filter{background-position:-408px -144px}.icon-briefcase{background-position:-432px -144px}.icon-fullscreen{background-position:-456px -144px}.dropup,.dropdown{position:relative}.dropdown-toggle{*margin-bottom:-3px}.dropdown-toggle:active,.open .dropdown-toggle{outline:0}.caret{display:inline-block;width:0;height:0;vertical-align:top;border-top:4px solid #000;border-right:4px solid transparent;border-left:4px solid transparent;content:""}.dropdown .caret{margin-top:8px;margin-left:2px}.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;display:none;float:left;min-width:160px;padding:5px 0;margin:2px 0 0;list-style:none;background-color:#fff;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.2);*border-right-width:2px;*border-bottom-width:2px;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;-webkit-box-shadow:0 5px 10px rgba(0,0,0,0.2);-moz-box-shadow:0 5px 10px rgba(0,0,0,0.2);box-shadow:0 5px 10px rgba(0,0,0,0.2);-webkit-background-clip:padding-box;-moz-background-clip:padding;background-clip:padding-box}.dropdown-menu.pull-right{right:0;left:auto}.dropdown-menu .divider{*width:100%;height:1px;margin:9px 1px;*margin:-5px 0 5px;overflow:hidden;background-color:#e5e5e5;border-bottom:1px solid #fff}.dropdown-menu>li>a{display:block;padding:3px 20px;clear:both;font-weight:normal;line-height:20px;color:#333;white-space:nowrap}.dropdown-menu>li>a:hover,.dropdown-menu>li>a:focus,.dropdown-submenu:hover>a,.dropdown-submenu:focus>a{color:#fff;text-decoration:none;background-color:#0081c2;background-image:-moz-linear-gradient(top,#08c,#0077b3);background-image:-webkit-gradient(linear,0 0,0 100%,from(#08c),to(#0077b3));background-image:-webkit-linear-gradient(top,#08c,#0077b3);background-image:-o-linear-gradient(top,#08c,#0077b3);background-image:linear-gradient(to bottom,#08c,#0077b3);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0088cc',endColorstr='#ff0077b3',GradientType=0)}.dropdown-menu>.active>a,.dropdown-menu>.active>a:hover,.dropdown-menu>.active>a:focus{color:#fff;text-decoration:none;background-color:#0081c2;background-image:-moz-linear-gradient(top,#08c,#0077b3);background-image:-webkit-gradient(linear,0 0,0 100%,from(#08c),to(#0077b3));background-image:-webkit-linear-gradient(top,#08c,#0077b3);background-image:-o-linear-gradient(top,#08c,#0077b3);background-image:linear-gradient(to bottom,#08c,#0077b3);background-repeat:repeat-x;outline:0;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0088cc',endColorstr='#ff0077b3',GradientType=0)}.dropdown-menu>.disabled>a,.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{color:#999}.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{text-decoration:none;cursor:default;background-color:transparent;background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.open{*z-index:1000}.open>.dropdown-menu{display:block}.pull-right>.dropdown-menu{right:0;left:auto}.dropup .caret,.navbar-fixed-bottom .dropdown .caret{border-top:0;border-bottom:4px solid #000;content:""}.dropup .dropdown-menu,.navbar-fixed-bottom .dropdown .dropdown-menu{top:auto;bottom:100%;margin-bottom:1px}.dropdown-submenu{position:relative}.dropdown-submenu>.dropdown-menu{top:0;left:100%;margin-top:-6px;margin-left:-1px;-webkit-border-radius:0 6px 6px 6px;-moz-border-radius:0 6px 6px 6px;border-radius:0 6px 6px 6px}.dropdown-submenu:hover>.dropdown-menu{display:block}.dropup .dropdown-submenu>.dropdown-menu{top:auto;bottom:0;margin-top:0;margin-bottom:-2px;-webkit-border-radius:5px 5px 5px 0;-moz-border-radius:5px 5px 5px 0;border-radius:5px 5px 5px 0}.dropdown-submenu>a:after{display:block;float:right;width:0;height:0;margin-top:5px;margin-right:-10px;border-color:transparent;border-left-color:#ccc;border-style:solid;border-width:5px 0 5px 5px;content:" "}.dropdown-submenu:hover>a:after{border-left-color:#fff}.dropdown-submenu.pull-left{float:none}.dropdown-submenu.pull-left>.dropdown-menu{left:-100%;margin-left:10px;-webkit-border-radius:6px 0 6px 6px;-moz-border-radius:6px 0 6px 6px;border-radius:6px 0 6px 6px}.dropdown .dropdown-menu .nav-header{padding-right:20px;padding-left:20px}.typeahead{z-index:1051;margin-top:2px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.well{min-height:20px;padding:19px;margin-bottom:20px;background-color:#f5f5f5;border:1px solid #e3e3e3;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.05);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.05);box-shadow:inset 0 1px 1px rgba(0,0,0,0.05)}.well blockquote{border-color:#ddd;border-color:rgba(0,0,0,0.15)}.well-large{padding:24px;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px}.well-small{padding:9px;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px}.fade{opacity:0;-webkit-transition:opacity .15s linear;-moz-transition:opacity .15s linear;-o-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1}.collapse{position:relative;height:0;overflow:hidden;-webkit-transition:height .35s ease;-moz-transition:height .35s ease;-o-transition:height .35s ease;transition:height .35s ease}.collapse.in{height:auto}.close{float:right;font-size:20px;font-weight:bold;line-height:20px;color:#000;text-shadow:0 1px 0 #fff;opacity:.2;filter:alpha(opacity=20)}.close:hover,.close:focus{color:#000;text-decoration:none;cursor:pointer;opacity:.4;filter:alpha(opacity=40)}button.close{padding:0;cursor:pointer;background:transparent;border:0;-webkit-appearance:none}.btn{display:inline-block;*display:inline;padding:4px 12px;margin-bottom:0;*margin-left:.3em;font-size:14px;line-height:20px;color:#333;text-align:center;text-shadow:0 1px 1px rgba(255,255,255,0.75);vertical-align:middle;cursor:pointer;background-color:#f5f5f5;*background-color:#e6e6e6;background-image:-moz-linear-gradient(top,#fff,#e6e6e6);background-image:-webkit-gradient(linear,0 0,0 100%,from(#fff),to(#e6e6e6));background-image:-webkit-linear-gradient(top,#fff,#e6e6e6);background-image:-o-linear-gradient(top,#fff,#e6e6e6);background-image:linear-gradient(to bottom,#fff,#e6e6e6);background-repeat:repeat-x;border:1px solid #ccc;*border:0;border-color:#e6e6e6 #e6e6e6 #bfbfbf;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);border-bottom-color:#b3b3b3;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff',endColorstr='#ffe6e6e6',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);*zoom:1;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05);box-shadow:inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05)}.btn:hover,.btn:focus,.btn:active,.btn.active,.btn.disabled,.btn[disabled]{color:#333;background-color:#e6e6e6;*background-color:#d9d9d9}.btn:active,.btn.active{background-color:#ccc \9}.btn:first-child{*margin-left:0}.btn:hover,.btn:focus{color:#333;text-decoration:none;background-position:0 -15px;-webkit-transition:background-position .1s linear;-moz-transition:background-position .1s linear;-o-transition:background-position .1s linear;transition:background-position .1s linear}.btn:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.btn.active,.btn:active{background-image:none;outline:0;-webkit-box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05);box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05)}.btn.disabled,.btn[disabled]{cursor:default;background-image:none;opacity:.65;filter:alpha(opacity=65);-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}.btn-large{padding:11px 19px;font-size:17.5px;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px}.btn-large [class^="icon-"],.btn-large [class*=" icon-"]{margin-top:4px}.btn-small{padding:2px 10px;font-size:11.9px;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px}.btn-small [class^="icon-"],.btn-small [class*=" icon-"]{margin-top:0}.btn-mini [class^="icon-"],.btn-mini [class*=" icon-"]{margin-top:-1px}.btn-mini{padding:0 6px;font-size:10.5px;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px}.btn-block{display:block;width:100%;padding-right:0;padding-left:0;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}.btn-block+.btn-block{margin-top:5px}input[type="submit"].btn-block,input[type="reset"].btn-block,input[type="button"].btn-block{width:100%}.btn-primary.active,.btn-warning.active,.btn-danger.active,.btn-success.active,.btn-info.active,.btn-inverse.active{color:rgba(255,255,255,0.75)}.btn-primary{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#006dcc;*background-color:#04c;background-image:-moz-linear-gradient(top,#08c,#04c);background-image:-webkit-gradient(linear,0 0,0 100%,from(#08c),to(#04c));background-image:-webkit-linear-gradient(top,#08c,#04c);background-image:-o-linear-gradient(top,#08c,#04c);background-image:linear-gradient(to bottom,#08c,#04c);background-repeat:repeat-x;border-color:#04c #04c #002a80;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0088cc',endColorstr='#ff0044cc',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-primary:hover,.btn-primary:focus,.btn-primary:active,.btn-primary.active,.btn-primary.disabled,.btn-primary[disabled]{color:#fff;background-color:#04c;*background-color:#003bb3}.btn-primary:active,.btn-primary.active{background-color:#039 \9}.btn-warning{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#faa732;*background-color:#f89406;background-image:-moz-linear-gradient(top,#fbb450,#f89406);background-image:-webkit-gradient(linear,0 0,0 100%,from(#fbb450),to(#f89406));background-image:-webkit-linear-gradient(top,#fbb450,#f89406);background-image:-o-linear-gradient(top,#fbb450,#f89406);background-image:linear-gradient(to bottom,#fbb450,#f89406);background-repeat:repeat-x;border-color:#f89406 #f89406 #ad6704;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffbb450',endColorstr='#fff89406',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-warning:hover,.btn-warning:focus,.btn-warning:active,.btn-warning.active,.btn-warning.disabled,.btn-warning[disabled]{color:#fff;background-color:#f89406;*background-color:#df8505}.btn-warning:active,.btn-warning.active{background-color:#c67605 \9}.btn-danger{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#da4f49;*background-color:#bd362f;background-image:-moz-linear-gradient(top,#ee5f5b,#bd362f);background-image:-webkit-gradient(linear,0 0,0 100%,from(#ee5f5b),to(#bd362f));background-image:-webkit-linear-gradient(top,#ee5f5b,#bd362f);background-image:-o-linear-gradient(top,#ee5f5b,#bd362f);background-image:linear-gradient(to bottom,#ee5f5b,#bd362f);background-repeat:repeat-x;border-color:#bd362f #bd362f #802420;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffee5f5b',endColorstr='#ffbd362f',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-danger:hover,.btn-danger:focus,.btn-danger:active,.btn-danger.active,.btn-danger.disabled,.btn-danger[disabled]{color:#fff;background-color:#bd362f;*background-color:#a9302a}.btn-danger:active,.btn-danger.active{background-color:#942a25 \9}.btn-success{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#5bb75b;*background-color:#51a351;background-image:-moz-linear-gradient(top,#62c462,#51a351);background-image:-webkit-gradient(linear,0 0,0 100%,from(#62c462),to(#51a351));background-image:-webkit-linear-gradient(top,#62c462,#51a351);background-image:-o-linear-gradient(top,#62c462,#51a351);background-image:linear-gradient(to bottom,#62c462,#51a351);background-repeat:repeat-x;border-color:#51a351 #51a351 #387038;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff62c462',endColorstr='#ff51a351',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-success:hover,.btn-success:focus,.btn-success:active,.btn-success.active,.btn-success.disabled,.btn-success[disabled]{color:#fff;background-color:#51a351;*background-color:#499249}.btn-success:active,.btn-success.active{background-color:#408140 \9}.btn-info{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#49afcd;*background-color:#2f96b4;background-image:-moz-linear-gradient(top,#5bc0de,#2f96b4);background-image:-webkit-gradient(linear,0 0,0 100%,from(#5bc0de),to(#2f96b4));background-image:-webkit-linear-gradient(top,#5bc0de,#2f96b4);background-image:-o-linear-gradient(top,#5bc0de,#2f96b4);background-image:linear-gradient(to bottom,#5bc0de,#2f96b4);background-repeat:repeat-x;border-color:#2f96b4 #2f96b4 #1f6377;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de',endColorstr='#ff2f96b4',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-info:hover,.btn-info:focus,.btn-info:active,.btn-info.active,.btn-info.disabled,.btn-info[disabled]{color:#fff;background-color:#2f96b4;*background-color:#2a85a0}.btn-info:active,.btn-info.active{background-color:#24748c \9}.btn-inverse{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#363636;*background-color:#222;background-image:-moz-linear-gradient(top,#444,#222);background-image:-webkit-gradient(linear,0 0,0 100%,from(#444),to(#222));background-image:-webkit-linear-gradient(top,#444,#222);background-image:-o-linear-gradient(top,#444,#222);background-image:linear-gradient(to bottom,#444,#222);background-repeat:repeat-x;border-color:#222 #222 #000;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff444444',endColorstr='#ff222222',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-inverse:hover,.btn-inverse:focus,.btn-inverse:active,.btn-inverse.active,.btn-inverse.disabled,.btn-inverse[disabled]{color:#fff;background-color:#222;*background-color:#151515}.btn-inverse:active,.btn-inverse.active{background-color:#080808 \9}button.btn,input[type="submit"].btn{*padding-top:3px;*padding-bottom:3px}button.btn::-moz-focus-inner,input[type="submit"].btn::-moz-focus-inner{padding:0;border:0}button.btn.btn-large,input[type="submit"].btn.btn-large{*padding-top:7px;*padding-bottom:7px}button.btn.btn-small,input[type="submit"].btn.btn-small{*padding-top:3px;*padding-bottom:3px}button.btn.btn-mini,input[type="submit"].btn.btn-mini{*padding-top:1px;*padding-bottom:1px}.btn-link,.btn-link:active,.btn-link[disabled]{background-color:transparent;background-image:none;-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}.btn-link{color:#08c;cursor:pointer;border-color:transparent;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.btn-link:hover,.btn-link:focus{color:#005580;text-decoration:underline;background-color:transparent}.btn-link[disabled]:hover,.btn-link[disabled]:focus{color:#333;text-decoration:none}.btn-group{position:relative;display:inline-block;*display:inline;*margin-left:.3em;font-size:0;white-space:nowrap;vertical-align:middle;*zoom:1}.btn-group:first-child{*margin-left:0}.btn-group+.btn-group{margin-left:5px}.btn-toolbar{margin-top:10px;margin-bottom:10px;font-size:0}.btn-toolbar>.btn+.btn,.btn-toolbar>.btn-group+.btn,.btn-toolbar>.btn+.btn-group{margin-left:5px}.btn-group>.btn{position:relative;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.btn-group>.btn+.btn{margin-left:-1px}.btn-group>.btn,.btn-group>.dropdown-menu,.btn-group>.popover{font-size:14px}.btn-group>.btn-mini{font-size:10.5px}.btn-group>.btn-small{font-size:11.9px}.btn-group>.btn-large{font-size:17.5px}.btn-group>.btn:first-child{margin-left:0;-webkit-border-bottom-left-radius:4px;border-bottom-left-radius:4px;-webkit-border-top-left-radius:4px;border-top-left-radius:4px;-moz-border-radius-bottomleft:4px;-moz-border-radius-topleft:4px}.btn-group>.btn:last-child,.btn-group>.dropdown-toggle{-webkit-border-top-right-radius:4px;border-top-right-radius:4px;-webkit-border-bottom-right-radius:4px;border-bottom-right-radius:4px;-moz-border-radius-topright:4px;-moz-border-radius-bottomright:4px}.btn-group>.btn.large:first-child{margin-left:0;-webkit-border-bottom-left-radius:6px;border-bottom-left-radius:6px;-webkit-border-top-left-radius:6px;border-top-left-radius:6px;-moz-border-radius-bottomleft:6px;-moz-border-radius-topleft:6px}.btn-group>.btn.large:last-child,.btn-group>.large.dropdown-toggle{-webkit-border-top-right-radius:6px;border-top-right-radius:6px;-webkit-border-bottom-right-radius:6px;border-bottom-right-radius:6px;-moz-border-radius-topright:6px;-moz-border-radius-bottomright:6px}.btn-group>.btn:hover,.btn-group>.btn:focus,.btn-group>.btn:active,.btn-group>.btn.active{z-index:2}.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle{outline:0}.btn-group>.btn+.dropdown-toggle{*padding-top:5px;padding-right:8px;*padding-bottom:5px;padding-left:8px;-webkit-box-shadow:inset 1px 0 0 rgba(255,255,255,0.125),inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:inset 1px 0 0 rgba(255,255,255,0.125),inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05);box-shadow:inset 1px 0 0 rgba(255,255,255,0.125),inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05)}.btn-group>.btn-mini+.dropdown-toggle{*padding-top:2px;padding-right:5px;*padding-bottom:2px;padding-left:5px}.btn-group>.btn-small+.dropdown-toggle{*padding-top:5px;*padding-bottom:4px}.btn-group>.btn-large+.dropdown-toggle{*padding-top:7px;padding-right:12px;*padding-bottom:7px;padding-left:12px}.btn-group.open .dropdown-toggle{background-image:none;-webkit-box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05);box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05)}.btn-group.open .btn.dropdown-toggle{background-color:#e6e6e6}.btn-group.open .btn-primary.dropdown-toggle{background-color:#04c}.btn-group.open .btn-warning.dropdown-toggle{background-color:#f89406}.btn-group.open .btn-danger.dropdown-toggle{background-color:#bd362f}.btn-group.open .btn-success.dropdown-toggle{background-color:#51a351}.btn-group.open .btn-info.dropdown-toggle{background-color:#2f96b4}.btn-group.open .btn-inverse.dropdown-toggle{background-color:#222}.btn .caret{margin-top:8px;margin-left:0}.btn-large .caret{margin-top:6px}.btn-large .caret{border-top-width:5px;border-right-width:5px;border-left-width:5px}.btn-mini .caret,.btn-small .caret{margin-top:8px}.dropup .btn-large .caret{border-bottom-width:5px}.btn-primary .caret,.btn-warning .caret,.btn-danger .caret,.btn-info .caret,.btn-success .caret,.btn-inverse .caret{border-top-color:#fff;border-bottom-color:#fff}.btn-group-vertical{display:inline-block;*display:inline;*zoom:1}.btn-group-vertical>.btn{display:block;float:none;max-width:100%;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.btn-group-vertical>.btn+.btn{margin-top:-1px;margin-left:0}.btn-group-vertical>.btn:first-child{-webkit-border-radius:4px 4px 0 0;-moz-border-radius:4px 4px 0 0;border-radius:4px 4px 0 0}.btn-group-vertical>.btn:last-child{-webkit-border-radius:0 0 4px 4px;-moz-border-radius:0 0 4px 4px;border-radius:0 0 4px 4px}.btn-group-vertical>.btn-large:first-child{-webkit-border-radius:6px 6px 0 0;-moz-border-radius:6px 6px 0 0;border-radius:6px 6px 0 0}.btn-group-vertical>.btn-large:last-child{-webkit-border-radius:0 0 6px 6px;-moz-border-radius:0 0 6px 6px;border-radius:0 0 6px 6px}.alert{padding:8px 35px 8px 14px;margin-bottom:20px;text-shadow:0 1px 0 rgba(255,255,255,0.5);background-color:#fcf8e3;border:1px solid #fbeed5;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.alert,.alert h4{color:#c09853}.alert h4{margin:0}.alert .close{position:relative;top:-2px;right:-21px;line-height:20px}.alert-success{color:#468847;background-color:#dff0d8;border-color:#d6e9c6}.alert-success h4{color:#468847}.alert-danger,.alert-error{color:#b94a48;background-color:#f2dede;border-color:#eed3d7}.alert-danger h4,.alert-error h4{color:#b94a48}.alert-info{color:#3a87ad;background-color:#d9edf7;border-color:#bce8f1}.alert-info h4{color:#3a87ad}.alert-block{padding-top:14px;padding-bottom:14px}.alert-block>p,.alert-block>ul{margin-bottom:0}.alert-block p+p{margin-top:5px}.nav{margin-bottom:20px;margin-left:0;list-style:none}.nav>li>a{display:block}.nav>li>a:hover,.nav>li>a:focus{text-decoration:none;background-color:#eee}.nav>li>a>img{max-width:none}.nav>.pull-right{float:right}.nav-header{display:block;padding:3px 15px;font-size:11px;font-weight:bold;line-height:20px;color:#999;text-shadow:0 1px 0 rgba(255,255,255,0.5);text-transform:uppercase}.nav li+.nav-header{margin-top:9px}.nav-list{padding-right:15px;padding-left:15px;margin-bottom:0}.nav-list>li>a,.nav-list .nav-header{margin-right:-15px;margin-left:-15px;text-shadow:0 1px 0 rgba(255,255,255,0.5)}.nav-list>li>a{padding:3px 15px}.nav-list>.active>a,.nav-list>.active>a:hover,.nav-list>.active>a:focus{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.2);background-color:#08c}.nav-list [class^="icon-"],.nav-list [class*=" icon-"]{margin-right:2px}.nav-list .divider{*width:100%;height:1px;margin:9px 1px;*margin:-5px 0 5px;overflow:hidden;background-color:#e5e5e5;border-bottom:1px solid #fff}.nav-tabs,.nav-pills{*zoom:1}.nav-tabs:before,.nav-pills:before,.nav-tabs:after,.nav-pills:after{display:table;line-height:0;content:""}.nav-tabs:after,.nav-pills:after{clear:both}.nav-tabs>li,.nav-pills>li{float:left}.nav-tabs>li>a,.nav-pills>li>a{padding-right:12px;padding-left:12px;margin-right:2px;line-height:14px}.nav-tabs{border-bottom:1px solid #ddd}.nav-tabs>li{margin-bottom:-1px}.nav-tabs>li>a{padding-top:8px;padding-bottom:8px;line-height:20px;border:1px solid transparent;-webkit-border-radius:4px 4px 0 0;-moz-border-radius:4px 4px 0 0;border-radius:4px 4px 0 0}.nav-tabs>li>a:hover,.nav-tabs>li>a:focus{border-color:#eee #eee #ddd}.nav-tabs>.active>a,.nav-tabs>.active>a:hover,.nav-tabs>.active>a:focus{color:#555;cursor:default;background-color:#fff;border:1px solid #ddd;border-bottom-color:transparent}.nav-pills>li>a{padding-top:8px;padding-bottom:8px;margin-top:2px;margin-bottom:2px;-webkit-border-radius:5px;-moz-border-radius:5px;border-radius:5px}.nav-pills>.active>a,.nav-pills>.active>a:hover,.nav-pills>.active>a:focus{color:#fff;background-color:#08c}.nav-stacked>li{float:none}.nav-stacked>li>a{margin-right:0}.nav-tabs.nav-stacked{border-bottom:0}.nav-tabs.nav-stacked>li>a{border:1px solid #ddd;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.nav-tabs.nav-stacked>li:first-child>a{-webkit-border-top-right-radius:4px;border-top-right-radius:4px;-webkit-border-top-left-radius:4px;border-top-left-radius:4px;-moz-border-radius-topright:4px;-moz-border-radius-topleft:4px}.nav-tabs.nav-stacked>li:last-child>a{-webkit-border-bottom-right-radius:4px;border-bottom-right-radius:4px;-webkit-border-bottom-left-radius:4px;border-bottom-left-radius:4px;-moz-border-radius-bottomright:4px;-moz-border-radius-bottomleft:4px}.nav-tabs.nav-stacked>li>a:hover,.nav-tabs.nav-stacked>li>a:focus{z-index:2;border-color:#ddd}.nav-pills.nav-stacked>li>a{margin-bottom:3px}.nav-pills.nav-stacked>li:last-child>a{margin-bottom:1px}.nav-tabs .dropdown-menu{-webkit-border-radius:0 0 6px 6px;-moz-border-radius:0 0 6px 6px;border-radius:0 0 6px 6px}.nav-pills .dropdown-menu{-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px}.nav .dropdown-toggle .caret{margin-top:6px;border-top-color:#08c;border-bottom-color:#08c}.nav .dropdown-toggle:hover .caret,.nav .dropdown-toggle:focus .caret{border-top-color:#005580;border-bottom-color:#005580}.nav-tabs .dropdown-toggle .caret{margin-top:8px}.nav .active .dropdown-toggle .caret{border-top-color:#fff;border-bottom-color:#fff}.nav-tabs .active .dropdown-toggle .caret{border-top-color:#555;border-bottom-color:#555}.nav>.dropdown.active>a:hover,.nav>.dropdown.active>a:focus{cursor:pointer}.nav-tabs .open .dropdown-toggle,.nav-pills .open .dropdown-toggle,.nav>li.dropdown.open.active>a:hover,.nav>li.dropdown.open.active>a:focus{color:#fff;background-color:#999;border-color:#999}.nav li.dropdown.open .caret,.nav li.dropdown.open.active .caret,.nav li.dropdown.open a:hover .caret,.nav li.dropdown.open a:focus .caret{border-top-color:#fff;border-bottom-color:#fff;opacity:1;filter:alpha(opacity=100)}.tabs-stacked .open>a:hover,.tabs-stacked .open>a:focus{border-color:#999}.tabbable{*zoom:1}.tabbable:before,.tabbable:after{display:table;line-height:0;content:""}.tabbable:after{clear:both}.tab-content{overflow:auto}.tabs-below>.nav-tabs,.tabs-right>.nav-tabs,.tabs-left>.nav-tabs{border-bottom:0}.tab-content>.tab-pane,.pill-content>.pill-pane{display:none}.tab-content>.active,.pill-content>.active{display:block}.tabs-below>.nav-tabs{border-top:1px solid #ddd}.tabs-below>.nav-tabs>li{margin-top:-1px;margin-bottom:0}.tabs-below>.nav-tabs>li>a{-webkit-border-radius:0 0 4px 4px;-moz-border-radius:0 0 4px 4px;border-radius:0 0 4px 4px}.tabs-below>.nav-tabs>li>a:hover,.tabs-below>.nav-tabs>li>a:focus{border-top-color:#ddd;border-bottom-color:transparent}.tabs-below>.nav-tabs>.active>a,.tabs-below>.nav-tabs>.active>a:hover,.tabs-below>.nav-tabs>.active>a:focus{border-color:transparent #ddd #ddd #ddd}.tabs-left>.nav-tabs>li,.tabs-right>.nav-tabs>li{float:none}.tabs-left>.nav-tabs>li>a,.tabs-right>.nav-tabs>li>a{min-width:74px;margin-right:0;margin-bottom:3px}.tabs-left>.nav-tabs{float:left;margin-right:19px;border-right:1px solid #ddd}.tabs-left>.nav-tabs>li>a{margin-right:-1px;-webkit-border-radius:4px 0 0 4px;-moz-border-radius:4px 0 0 4px;border-radius:4px 0 0 4px}.tabs-left>.nav-tabs>li>a:hover,.tabs-left>.nav-tabs>li>a:focus{border-color:#eee #ddd #eee #eee}.tabs-left>.nav-tabs .active>a,.tabs-left>.nav-tabs .active>a:hover,.tabs-left>.nav-tabs .active>a:focus{border-color:#ddd transparent #ddd #ddd;*border-right-color:#fff}.tabs-right>.nav-tabs{float:right;margin-left:19px;border-left:1px solid #ddd}.tabs-right>.nav-tabs>li>a{margin-left:-1px;-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0}.tabs-right>.nav-tabs>li>a:hover,.tabs-right>.nav-tabs>li>a:focus{border-color:#eee #eee #eee #ddd}.tabs-right>.nav-tabs .active>a,.tabs-right>.nav-tabs .active>a:hover,.tabs-right>.nav-tabs .active>a:focus{border-color:#ddd #ddd #ddd transparent;*border-left-color:#fff}.nav>.disabled>a{color:#999}.nav>.disabled>a:hover,.nav>.disabled>a:focus{text-decoration:none;cursor:default;background-color:transparent}.navbar{*position:relative;*z-index:2;margin-bottom:20px;overflow:visible}.navbar-inner{min-height:40px;padding-right:20px;padding-left:20px;background-color:#fafafa;background-image:-moz-linear-gradient(top,#fff,#f2f2f2);background-image:-webkit-gradient(linear,0 0,0 100%,from(#fff),to(#f2f2f2));background-image:-webkit-linear-gradient(top,#fff,#f2f2f2);background-image:-o-linear-gradient(top,#fff,#f2f2f2);background-image:linear-gradient(to bottom,#fff,#f2f2f2);background-repeat:repeat-x;border:1px solid #d4d4d4;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff',endColorstr='#fff2f2f2',GradientType=0);*zoom:1;-webkit-box-shadow:0 1px 4px rgba(0,0,0,0.065);-moz-box-shadow:0 1px 4px rgba(0,0,0,0.065);box-shadow:0 1px 4px rgba(0,0,0,0.065)}.navbar-inner:before,.navbar-inner:after{display:table;line-height:0;content:""}.navbar-inner:after{clear:both}.navbar .container{width:auto}.nav-collapse.collapse{height:auto;overflow:visible}.navbar .brand{display:block;float:left;padding:10px 20px 10px;margin-left:-20px;font-size:20px;font-weight:200;color:#777;text-shadow:0 1px 0 #fff}.navbar .brand:hover,.navbar .brand:focus{text-decoration:none}.navbar-text{margin-bottom:0;line-height:40px;color:#777}.navbar-link{color:#777}.navbar-link:hover,.navbar-link:focus{color:#333}.navbar .divider-vertical{height:40px;margin:0 9px;border-right:1px solid #fff;border-left:1px solid #f2f2f2}.navbar .btn,.navbar .btn-group{margin-top:5px}.navbar .btn-group .btn,.navbar .input-prepend .btn,.navbar .input-append .btn,.navbar .input-prepend .btn-group,.navbar .input-append .btn-group{margin-top:0}.navbar-form{margin-bottom:0;*zoom:1}.navbar-form:before,.navbar-form:after{display:table;line-height:0;content:""}.navbar-form:after{clear:both}.navbar-form input,.navbar-form select,.navbar-form .radio,.navbar-form .checkbox{margin-top:5px}.navbar-form input,.navbar-form select,.navbar-form .btn{display:inline-block;margin-bottom:0}.navbar-form input[type="image"],.navbar-form input[type="checkbox"],.navbar-form input[type="radio"]{margin-top:3px}.navbar-form .input-append,.navbar-form .input-prepend{margin-top:5px;white-space:nowrap}.navbar-form .input-append input,.navbar-form .input-prepend input{margin-top:0}.navbar-search{position:relative;float:left;margin-top:5px;margin-bottom:0}.navbar-search .search-query{padding:4px 14px;margin-bottom:0;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:13px;font-weight:normal;line-height:1;-webkit-border-radius:15px;-moz-border-radius:15px;border-radius:15px}.navbar-static-top{position:static;margin-bottom:0}.navbar-static-top .navbar-inner{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.navbar-fixed-top,.navbar-fixed-bottom{position:fixed;right:0;left:0;z-index:1030;margin-bottom:0}.navbar-fixed-top .navbar-inner,.navbar-static-top .navbar-inner{border-width:0 0 1px}.navbar-fixed-bottom .navbar-inner{border-width:1px 0 0}.navbar-fixed-top .navbar-inner,.navbar-fixed-bottom .navbar-inner{padding-right:0;padding-left:0;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.navbar-static-top .container,.navbar-fixed-top .container,.navbar-fixed-bottom .container{width:940px}.navbar-fixed-top{top:0}.navbar-fixed-top .navbar-inner,.navbar-static-top .navbar-inner{-webkit-box-shadow:0 1px 10px rgba(0,0,0,0.1);-moz-box-shadow:0 1px 10px rgba(0,0,0,0.1);box-shadow:0 1px 10px rgba(0,0,0,0.1)}.navbar-fixed-bottom{bottom:0}.navbar-fixed-bottom .navbar-inner{-webkit-box-shadow:0 -1px 10px rgba(0,0,0,0.1);-moz-box-shadow:0 -1px 10px rgba(0,0,0,0.1);box-shadow:0 -1px 10px rgba(0,0,0,0.1)}.navbar .nav{position:relative;left:0;display:block;float:left;margin:0 10px 0 0}.navbar .nav.pull-right{float:right;margin-right:0}.navbar .nav>li{float:left}.navbar .nav>li>a{float:none;padding:10px 15px 10px;color:#777;text-decoration:none;text-shadow:0 1px 0 #fff}.navbar .nav .dropdown-toggle .caret{margin-top:8px}.navbar .nav>li>a:focus,.navbar .nav>li>a:hover{color:#333;text-decoration:none;background-color:transparent}.navbar .nav>.active>a,.navbar .nav>.active>a:hover,.navbar .nav>.active>a:focus{color:#555;text-decoration:none;background-color:#e5e5e5;-webkit-box-shadow:inset 0 3px 8px rgba(0,0,0,0.125);-moz-box-shadow:inset 0 3px 8px rgba(0,0,0,0.125);box-shadow:inset 0 3px 8px rgba(0,0,0,0.125)}.navbar .btn-navbar{display:none;float:right;padding:7px 10px;margin-right:5px;margin-left:5px;color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#ededed;*background-color:#e5e5e5;background-image:-moz-linear-gradient(top,#f2f2f2,#e5e5e5);background-image:-webkit-gradient(linear,0 0,0 100%,from(#f2f2f2),to(#e5e5e5));background-image:-webkit-linear-gradient(top,#f2f2f2,#e5e5e5);background-image:-o-linear-gradient(top,#f2f2f2,#e5e5e5);background-image:linear-gradient(to bottom,#f2f2f2,#e5e5e5);background-repeat:repeat-x;border-color:#e5e5e5 #e5e5e5 #bfbfbf;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2f2f2',endColorstr='#ffe5e5e5',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.075);-moz-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.075);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.075)}.navbar .btn-navbar:hover,.navbar .btn-navbar:focus,.navbar .btn-navbar:active,.navbar .btn-navbar.active,.navbar .btn-navbar.disabled,.navbar .btn-navbar[disabled]{color:#fff;background-color:#e5e5e5;*background-color:#d9d9d9}.navbar .btn-navbar:active,.navbar .btn-navbar.active{background-color:#ccc \9}.navbar .btn-navbar .icon-bar{display:block;width:18px;height:2px;background-color:#f5f5f5;-webkit-border-radius:1px;-moz-border-radius:1px;border-radius:1px;-webkit-box-shadow:0 1px 0 rgba(0,0,0,0.25);-moz-box-shadow:0 1px 0 rgba(0,0,0,0.25);box-shadow:0 1px 0 rgba(0,0,0,0.25)}.btn-navbar .icon-bar+.icon-bar{margin-top:3px}.navbar .nav>li>.dropdown-menu:before{position:absolute;top:-7px;left:9px;display:inline-block;border-right:7px solid transparent;border-bottom:7px solid #ccc;border-left:7px solid transparent;border-bottom-color:rgba(0,0,0,0.2);content:''}.navbar .nav>li>.dropdown-menu:after{position:absolute;top:-6px;left:10px;display:inline-block;border-right:6px solid transparent;border-bottom:6px solid #fff;border-left:6px solid transparent;content:''}.navbar-fixed-bottom .nav>li>.dropdown-menu:before{top:auto;bottom:-7px;border-top:7px solid #ccc;border-bottom:0;border-top-color:rgba(0,0,0,0.2)}.navbar-fixed-bottom .nav>li>.dropdown-menu:after{top:auto;bottom:-6px;border-top:6px solid #fff;border-bottom:0}.navbar .nav li.dropdown>a:hover .caret,.navbar .nav li.dropdown>a:focus .caret{border-top-color:#333;border-bottom-color:#333}.navbar .nav li.dropdown.open>.dropdown-toggle,.navbar .nav li.dropdown.active>.dropdown-toggle,.navbar .nav li.dropdown.open.active>.dropdown-toggle{color:#555;background-color:#e5e5e5}.navbar .nav li.dropdown>.dropdown-toggle .caret{border-top-color:#777;border-bottom-color:#777}.navbar .nav li.dropdown.open>.dropdown-toggle .caret,.navbar .nav li.dropdown.active>.dropdown-toggle .caret,.navbar .nav li.dropdown.open.active>.dropdown-toggle .caret{border-top-color:#555;border-bottom-color:#555}.navbar .pull-right>li>.dropdown-menu,.navbar .nav>li>.dropdown-menu.pull-right{right:0;left:auto}.navbar .pull-right>li>.dropdown-menu:before,.navbar .nav>li>.dropdown-menu.pull-right:before{right:12px;left:auto}.navbar .pull-right>li>.dropdown-menu:after,.navbar .nav>li>.dropdown-menu.pull-right:after{right:13px;left:auto}.navbar .pull-right>li>.dropdown-menu .dropdown-menu,.navbar .nav>li>.dropdown-menu.pull-right .dropdown-menu{right:100%;left:auto;margin-right:-1px;margin-left:0;-webkit-border-radius:6px 0 6px 6px;-moz-border-radius:6px 0 6px 6px;border-radius:6px 0 6px 6px}.navbar-inverse .navbar-inner{background-color:#1b1b1b;background-image:-moz-linear-gradient(top,#222,#111);background-image:-webkit-gradient(linear,0 0,0 100%,from(#222),to(#111));background-image:-webkit-linear-gradient(top,#222,#111);background-image:-o-linear-gradient(top,#222,#111);background-image:linear-gradient(to bottom,#222,#111);background-repeat:repeat-x;border-color:#252525;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff222222',endColorstr='#ff111111',GradientType=0)}.navbar-inverse .brand,.navbar-inverse .nav>li>a{color:#999;text-shadow:0 -1px 0 rgba(0,0,0,0.25)}.navbar-inverse .brand:hover,.navbar-inverse .nav>li>a:hover,.navbar-inverse .brand:focus,.navbar-inverse .nav>li>a:focus{color:#fff}.navbar-inverse .brand{color:#999}.navbar-inverse .navbar-text{color:#999}.navbar-inverse .nav>li>a:focus,.navbar-inverse .nav>li>a:hover{color:#fff;background-color:transparent}.navbar-inverse .nav .active>a,.navbar-inverse .nav .active>a:hover,.navbar-inverse .nav .active>a:focus{color:#fff;background-color:#111}.navbar-inverse .navbar-link{color:#999}.navbar-inverse .navbar-link:hover,.navbar-inverse .navbar-link:focus{color:#fff}.navbar-inverse .divider-vertical{border-right-color:#222;border-left-color:#111}.navbar-inverse .nav li.dropdown.open>.dropdown-toggle,.navbar-inverse .nav li.dropdown.active>.dropdown-toggle,.navbar-inverse .nav li.dropdown.open.active>.dropdown-toggle{color:#fff;background-color:#111}.navbar-inverse .nav li.dropdown>a:hover .caret,.navbar-inverse .nav li.dropdown>a:focus .caret{border-top-color:#fff;border-bottom-color:#fff}.navbar-inverse .nav li.dropdown>.dropdown-toggle .caret{border-top-color:#999;border-bottom-color:#999}.navbar-inverse .nav li.dropdown.open>.dropdown-toggle .caret,.navbar-inverse .nav li.dropdown.active>.dropdown-toggle .caret,.navbar-inverse .nav li.dropdown.open.active>.dropdown-toggle .caret{border-top-color:#fff;border-bottom-color:#fff}.navbar-inverse .navbar-search .search-query{color:#fff;background-color:#515151;border-color:#111;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1),0 1px 0 rgba(255,255,255,0.15);-moz-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1),0 1px 0 rgba(255,255,255,0.15);box-shadow:inset 0 1px 2px rgba(0,0,0,0.1),0 1px 0 rgba(255,255,255,0.15);-webkit-transition:none;-moz-transition:none;-o-transition:none;transition:none}.navbar-inverse .navbar-search .search-query:-moz-placeholder{color:#ccc}.navbar-inverse .navbar-search .search-query:-ms-input-placeholder{color:#ccc}.navbar-inverse .navbar-search .search-query::-webkit-input-placeholder{color:#ccc}.navbar-inverse .navbar-search .search-query:focus,.navbar-inverse .navbar-search .search-query.focused{padding:5px 15px;color:#333;text-shadow:0 1px 0 #fff;background-color:#fff;border:0;outline:0;-webkit-box-shadow:0 0 3px rgba(0,0,0,0.15);-moz-box-shadow:0 0 3px rgba(0,0,0,0.15);box-shadow:0 0 3px rgba(0,0,0,0.15)}.navbar-inverse .btn-navbar{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#0e0e0e;*background-color:#040404;background-image:-moz-linear-gradient(top,#151515,#040404);background-image:-webkit-gradient(linear,0 0,0 100%,from(#151515),to(#040404));background-image:-webkit-linear-gradient(top,#151515,#040404);background-image:-o-linear-gradient(top,#151515,#040404);background-image:linear-gradient(to bottom,#151515,#040404);background-repeat:repeat-x;border-color:#040404 #040404 #000;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff151515',endColorstr='#ff040404',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.navbar-inverse .btn-navbar:hover,.navbar-inverse .btn-navbar:focus,.navbar-inverse .btn-navbar:active,.navbar-inverse .btn-navbar.active,.navbar-inverse .btn-navbar.disabled,.navbar-inverse .btn-navbar[disabled]{color:#fff;background-color:#040404;*background-color:#000}.navbar-inverse .btn-navbar:active,.navbar-inverse .btn-navbar.active{background-color:#000 \9}.breadcrumb{padding:8px 15px;margin:0 0 20px;list-style:none;background-color:#f5f5f5;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.breadcrumb>li{display:inline-block;*display:inline;text-shadow:0 1px 0 #fff;*zoom:1}.breadcrumb>li>.divider{padding:0 5px;color:#ccc}.breadcrumb>.active{color:#999}.pagination{margin:20px 0}.pagination ul{display:inline-block;*display:inline;margin-bottom:0;margin-left:0;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;*zoom:1;-webkit-box-shadow:0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:0 1px 2px rgba(0,0,0,0.05);box-shadow:0 1px 2px rgba(0,0,0,0.05)}.pagination ul>li{display:inline}.pagination ul>li>a,.pagination ul>li>span{float:left;padding:4px 12px;line-height:20px;text-decoration:none;background-color:#fff;border:1px solid #ddd;border-left-width:0}.pagination ul>li>a:hover,.pagination ul>li>a:focus,.pagination ul>.active>a,.pagination ul>.active>span{background-color:#f5f5f5}.pagination ul>.active>a,.pagination ul>.active>span{color:#999;cursor:default}.pagination ul>.disabled>span,.pagination ul>.disabled>a,.pagination ul>.disabled>a:hover,.pagination ul>.disabled>a:focus{color:#999;cursor:default;background-color:transparent}.pagination ul>li:first-child>a,.pagination ul>li:first-child>span{border-left-width:1px;-webkit-border-bottom-left-radius:4px;border-bottom-left-radius:4px;-webkit-border-top-left-radius:4px;border-top-left-radius:4px;-moz-border-radius-bottomleft:4px;-moz-border-radius-topleft:4px}.pagination ul>li:last-child>a,.pagination ul>li:last-child>span{-webkit-border-top-right-radius:4px;border-top-right-radius:4px;-webkit-border-bottom-right-radius:4px;border-bottom-right-radius:4px;-moz-border-radius-topright:4px;-moz-border-radius-bottomright:4px}.pagination-centered{text-align:center}.pagination-right{text-align:right}.pagination-large ul>li>a,.pagination-large ul>li>span{padding:11px 19px;font-size:17.5px}.pagination-large ul>li:first-child>a,.pagination-large ul>li:first-child>span{-webkit-border-bottom-left-radius:6px;border-bottom-left-radius:6px;-webkit-border-top-left-radius:6px;border-top-left-radius:6px;-moz-border-radius-bottomleft:6px;-moz-border-radius-topleft:6px}.pagination-large ul>li:last-child>a,.pagination-large ul>li:last-child>span{-webkit-border-top-right-radius:6px;border-top-right-radius:6px;-webkit-border-bottom-right-radius:6px;border-bottom-right-radius:6px;-moz-border-radius-topright:6px;-moz-border-radius-bottomright:6px}.pagination-mini ul>li:first-child>a,.pagination-small ul>li:first-child>a,.pagination-mini ul>li:first-child>span,.pagination-small ul>li:first-child>span{-webkit-border-bottom-left-radius:3px;border-bottom-left-radius:3px;-webkit-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-bottomleft:3px;-moz-border-radius-topleft:3px}.pagination-mini ul>li:last-child>a,.pagination-small ul>li:last-child>a,.pagination-mini ul>li:last-child>span,.pagination-small ul>li:last-child>span{-webkit-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-border-bottom-right-radius:3px;border-bottom-right-radius:3px;-moz-border-radius-topright:3px;-moz-border-radius-bottomright:3px}.pagination-small ul>li>a,.pagination-small ul>li>span{padding:2px 10px;font-size:11.9px}.pagination-mini ul>li>a,.pagination-mini ul>li>span{padding:0 6px;font-size:10.5px}.pager{margin:20px 0;text-align:center;list-style:none;*zoom:1}.pager:before,.pager:after{display:table;line-height:0;content:""}.pager:after{clear:both}.pager li{display:inline}.pager li>a,.pager li>span{display:inline-block;padding:5px 14px;background-color:#fff;border:1px solid #ddd;-webkit-border-radius:15px;-moz-border-radius:15px;border-radius:15px}.pager li>a:hover,.pager li>a:focus{text-decoration:none;background-color:#f5f5f5}.pager .next>a,.pager .next>span{float:right}.pager .previous>a,.pager .previous>span{float:left}.pager .disabled>a,.pager .disabled>a:hover,.pager .disabled>a:focus,.pager .disabled>span{color:#999;cursor:default;background-color:#fff}.modal-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;background-color:#000}.modal-backdrop.fade{opacity:0}.modal-backdrop,.modal-backdrop.fade.in{opacity:.8;filter:alpha(opacity=80)}.modal{position:fixed;top:10%;left:50%;z-index:1050;width:560px;margin-left:-280px;background-color:#fff;border:1px solid #999;border:1px solid rgba(0,0,0,0.3);*border:1px solid #999;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;outline:0;-webkit-box-shadow:0 3px 7px rgba(0,0,0,0.3);-moz-box-shadow:0 3px 7px rgba(0,0,0,0.3);box-shadow:0 3px 7px rgba(0,0,0,0.3);-webkit-background-clip:padding-box;-moz-background-clip:padding-box;background-clip:padding-box}.modal.fade{top:-25%;-webkit-transition:opacity .3s linear,top .3s ease-out;-moz-transition:opacity .3s linear,top .3s ease-out;-o-transition:opacity .3s linear,top .3s ease-out;transition:opacity .3s linear,top .3s ease-out}.modal.fade.in{top:10%}.modal-header{padding:9px 15px;border-bottom:1px solid #eee}.modal-header .close{margin-top:2px}.modal-header h3{margin:0;line-height:30px}.modal-body{position:relative;max-height:400px;padding:15px;overflow-y:auto}.modal-form{margin-bottom:0}.modal-footer{padding:14px 15px 15px;margin-bottom:0;text-align:right;background-color:#f5f5f5;border-top:1px solid #ddd;-webkit-border-radius:0 0 6px 6px;-moz-border-radius:0 0 6px 6px;border-radius:0 0 6px 6px;*zoom:1;-webkit-box-shadow:inset 0 1px 0 #fff;-moz-box-shadow:inset 0 1px 0 #fff;box-shadow:inset 0 1px 0 #fff}.modal-footer:before,.modal-footer:after{display:table;line-height:0;content:""}.modal-footer:after{clear:both}.modal-footer .btn+.btn{margin-bottom:0;margin-left:5px}.modal-footer .btn-group .btn+.btn{margin-left:-1px}.modal-footer .btn-block+.btn-block{margin-left:0}.tooltip{position:absolute;z-index:1030;display:block;font-size:11px;line-height:1.4;opacity:0;filter:alpha(opacity=0);visibility:visible}.tooltip.in{opacity:.8;filter:alpha(opacity=80)}.tooltip.top{padding:5px 0;margin-top:-3px}.tooltip.right{padding:0 5px;margin-left:3px}.tooltip.bottom{padding:5px 0;margin-top:3px}.tooltip.left{padding:0 5px;margin-left:-3px}.tooltip-inner{max-width:200px;padding:8px;color:#fff;text-align:center;text-decoration:none;background-color:#000;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.tooltip-arrow{position:absolute;width:0;height:0;border-color:transparent;border-style:solid}.tooltip.top .tooltip-arrow{bottom:0;left:50%;margin-left:-5px;border-top-color:#000;border-width:5px 5px 0}.tooltip.right .tooltip-arrow{top:50%;left:0;margin-top:-5px;border-right-color:#000;border-width:5px 5px 5px 0}.tooltip.left .tooltip-arrow{top:50%;right:0;margin-top:-5px;border-left-color:#000;border-width:5px 0 5px 5px}.tooltip.bottom .tooltip-arrow{top:0;left:50%;margin-left:-5px;border-bottom-color:#000;border-width:0 5px 5px}.popover{position:absolute;top:0;left:0;z-index:1010;display:none;max-width:276px;padding:1px;text-align:left;white-space:normal;background-color:#fff;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.2);-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;-webkit-box-shadow:0 5px 10px rgba(0,0,0,0.2);-moz-box-shadow:0 5px 10px rgba(0,0,0,0.2);box-shadow:0 5px 10px rgba(0,0,0,0.2);-webkit-background-clip:padding-box;-moz-background-clip:padding;background-clip:padding-box}.popover.top{margin-top:-10px}.popover.right{margin-left:10px}.popover.bottom{margin-top:10px}.popover.left{margin-left:-10px}.popover-title{padding:8px 14px;margin:0;font-size:14px;font-weight:normal;line-height:18px;background-color:#f7f7f7;border-bottom:1px solid #ebebeb;-webkit-border-radius:5px 5px 0 0;-moz-border-radius:5px 5px 0 0;border-radius:5px 5px 0 0}.popover-title:empty{display:none}.popover-content{padding:9px 14px}.popover .arrow,.popover .arrow:after{position:absolute;display:block;width:0;height:0;border-color:transparent;border-style:solid}.popover .arrow{border-width:11px}.popover .arrow:after{border-width:10px;content:""}.popover.top .arrow{bottom:-11px;left:50%;margin-left:-11px;border-top-color:#999;border-top-color:rgba(0,0,0,0.25);border-bottom-width:0}.popover.top .arrow:after{bottom:1px;margin-left:-10px;border-top-color:#fff;border-bottom-width:0}.popover.right .arrow{top:50%;left:-11px;margin-top:-11px;border-right-color:#999;border-right-color:rgba(0,0,0,0.25);border-left-width:0}.popover.right .arrow:after{bottom:-10px;left:1px;border-right-color:#fff;border-left-width:0}.popover.bottom .arrow{top:-11px;left:50%;margin-left:-11px;border-bottom-color:#999;border-bottom-color:rgba(0,0,0,0.25);border-top-width:0}.popover.bottom .arrow:after{top:1px;margin-left:-10px;border-bottom-color:#fff;border-top-width:0}.popover.left .arrow{top:50%;right:-11px;margin-top:-11px;border-left-color:#999;border-left-color:rgba(0,0,0,0.25);border-right-width:0}.popover.left .arrow:after{right:1px;bottom:-10px;border-left-color:#fff;border-right-width:0}.thumbnails{margin-left:-20px;list-style:none;*zoom:1}.thumbnails:before,.thumbnails:after{display:table;line-height:0;content:""}.thumbnails:after{clear:both}.row-fluid .thumbnails{margin-left:0}.thumbnails>li{float:left;margin-bottom:20px;margin-left:20px}.thumbnail{display:block;padding:4px;line-height:20px;border:1px solid #ddd;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:0 1px 3px rgba(0,0,0,0.055);-moz-box-shadow:0 1px 3px rgba(0,0,0,0.055);box-shadow:0 1px 3px rgba(0,0,0,0.055);-webkit-transition:all .2s ease-in-out;-moz-transition:all .2s ease-in-out;-o-transition:all .2s ease-in-out;transition:all .2s ease-in-out}a.thumbnail:hover,a.thumbnail:focus{border-color:#08c;-webkit-box-shadow:0 1px 4px rgba(0,105,214,0.25);-moz-box-shadow:0 1px 4px rgba(0,105,214,0.25);box-shadow:0 1px 4px rgba(0,105,214,0.25)}.thumbnail>img{display:block;max-width:100%;margin-right:auto;margin-left:auto}.thumbnail .caption{padding:9px;color:#555}.media,.media-body{overflow:hidden;*overflow:visible;zoom:1}.media,.media .media{margin-top:15px}.media:first-child{margin-top:0}.media-object{display:block}.media-heading{margin:0 0 5px}.media>.pull-left{margin-right:10px}.media>.pull-right{margin-left:10px}.media-list{margin-left:0;list-style:none}.label,.badge{display:inline-block;padding:2px 4px;font-size:11.844px;font-weight:bold;line-height:14px;color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);white-space:nowrap;vertical-align:baseline;background-color:#999}.label{-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px}.badge{padding-right:9px;padding-left:9px;-webkit-border-radius:9px;-moz-border-radius:9px;border-radius:9px}.label:empty,.badge:empty{display:none}a.label:hover,a.label:focus,a.badge:hover,a.badge:focus{color:#fff;text-decoration:none;cursor:pointer}.label-important,.badge-important{background-color:#b94a48}.label-important[href],.badge-important[href]{background-color:#953b39}.label-warning,.badge-warning{background-color:#f89406}.label-warning[href],.badge-warning[href]{background-color:#c67605}.label-success,.badge-success{background-color:#468847}.label-success[href],.badge-success[href]{background-color:#356635}.label-info,.badge-info{background-color:#3a87ad}.label-info[href],.badge-info[href]{background-color:#2d6987}.label-inverse,.badge-inverse{background-color:#333}.label-inverse[href],.badge-inverse[href]{background-color:#1a1a1a}.btn .label,.btn .badge{position:relative;top:-1px}.btn-mini .label,.btn-mini .badge{top:0}@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-moz-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-ms-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-o-keyframes progress-bar-stripes{from{background-position:0 0}to{background-position:40px 0}}@keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}.progress{height:20px;margin-bottom:20px;overflow:hidden;background-color:#f7f7f7;background-image:-moz-linear-gradient(top,#f5f5f5,#f9f9f9);background-image:-webkit-gradient(linear,0 0,0 100%,from(#f5f5f5),to(#f9f9f9));background-image:-webkit-linear-gradient(top,#f5f5f5,#f9f9f9);background-image:-o-linear-gradient(top,#f5f5f5,#f9f9f9);background-image:linear-gradient(to bottom,#f5f5f5,#f9f9f9);background-repeat:repeat-x;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff5f5f5',endColorstr='#fff9f9f9',GradientType=0);-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1);-moz-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1);box-shadow:inset 0 1px 2px rgba(0,0,0,0.1)}.progress .bar{float:left;width:0;height:100%;font-size:12px;color:#fff;text-align:center;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#0e90d2;background-image:-moz-linear-gradient(top,#149bdf,#0480be);background-image:-webkit-gradient(linear,0 0,0 100%,from(#149bdf),to(#0480be));background-image:-webkit-linear-gradient(top,#149bdf,#0480be);background-image:-o-linear-gradient(top,#149bdf,#0480be);background-image:linear-gradient(to bottom,#149bdf,#0480be);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff149bdf',endColorstr='#ff0480be',GradientType=0);-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);-moz-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;-webkit-transition:width .6s ease;-moz-transition:width .6s ease;-o-transition:width .6s ease;transition:width .6s ease}.progress .bar+.bar{-webkit-box-shadow:inset 1px 0 0 rgba(0,0,0,0.15),inset 0 -1px 0 rgba(0,0,0,0.15);-moz-box-shadow:inset 1px 0 0 rgba(0,0,0,0.15),inset 0 -1px 0 rgba(0,0,0,0.15);box-shadow:inset 1px 0 0 rgba(0,0,0,0.15),inset 0 -1px 0 rgba(0,0,0,0.15)}.progress-striped .bar{background-color:#149bdf;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);-webkit-background-size:40px 40px;-moz-background-size:40px 40px;-o-background-size:40px 40px;background-size:40px 40px}.progress.active .bar{-webkit-animation:progress-bar-stripes 2s linear infinite;-moz-animation:progress-bar-stripes 2s linear infinite;-ms-animation:progress-bar-stripes 2s linear infinite;-o-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-danger .bar,.progress .bar-danger{background-color:#dd514c;background-image:-moz-linear-gradient(top,#ee5f5b,#c43c35);background-image:-webkit-gradient(linear,0 0,0 100%,from(#ee5f5b),to(#c43c35));background-image:-webkit-linear-gradient(top,#ee5f5b,#c43c35);background-image:-o-linear-gradient(top,#ee5f5b,#c43c35);background-image:linear-gradient(to bottom,#ee5f5b,#c43c35);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffee5f5b',endColorstr='#ffc43c35',GradientType=0)}.progress-danger.progress-striped .bar,.progress-striped .bar-danger{background-color:#ee5f5b;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-success .bar,.progress .bar-success{background-color:#5eb95e;background-image:-moz-linear-gradient(top,#62c462,#57a957);background-image:-webkit-gradient(linear,0 0,0 100%,from(#62c462),to(#57a957));background-image:-webkit-linear-gradient(top,#62c462,#57a957);background-image:-o-linear-gradient(top,#62c462,#57a957);background-image:linear-gradient(to bottom,#62c462,#57a957);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff62c462',endColorstr='#ff57a957',GradientType=0)}.progress-success.progress-striped .bar,.progress-striped .bar-success{background-color:#62c462;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-info .bar,.progress .bar-info{background-color:#4bb1cf;background-image:-moz-linear-gradient(top,#5bc0de,#339bb9);background-image:-webkit-gradient(linear,0 0,0 100%,from(#5bc0de),to(#339bb9));background-image:-webkit-linear-gradient(top,#5bc0de,#339bb9);background-image:-o-linear-gradient(top,#5bc0de,#339bb9);background-image:linear-gradient(to bottom,#5bc0de,#339bb9);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de',endColorstr='#ff339bb9',GradientType=0)}.progress-info.progress-striped .bar,.progress-striped .bar-info{background-color:#5bc0de;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-warning .bar,.progress .bar-warning{background-color:#faa732;background-image:-moz-linear-gradient(top,#fbb450,#f89406);background-image:-webkit-gradient(linear,0 0,0 100%,from(#fbb450),to(#f89406));background-image:-webkit-linear-gradient(top,#fbb450,#f89406);background-image:-o-linear-gradient(top,#fbb450,#f89406);background-image:linear-gradient(to bottom,#fbb450,#f89406);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffbb450',endColorstr='#fff89406',GradientType=0)}.progress-warning.progress-striped .bar,.progress-striped .bar-warning{background-color:#fbb450;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.accordion{margin-bottom:20px}.accordion-group{margin-bottom:2px;border:1px solid #e5e5e5;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.accordion-heading{border-bottom:0}.accordion-heading .accordion-toggle{display:block;padding:8px 15px}.accordion-toggle{cursor:pointer}.accordion-inner{padding:9px 15px;border-top:1px solid #e5e5e5}.carousel{position:relative;margin-bottom:20px;line-height:1}.carousel-inner{position:relative;width:100%;overflow:hidden}.carousel-inner>.item{position:relative;display:none;-webkit-transition:.6s ease-in-out left;-moz-transition:.6s ease-in-out left;-o-transition:.6s ease-in-out left;transition:.6s ease-in-out left}.carousel-inner>.item>img,.carousel-inner>.item>a>img{display:block;line-height:1}.carousel-inner>.active,.carousel-inner>.next,.carousel-inner>.prev{display:block}.carousel-inner>.active{left:0}.carousel-inner>.next,.carousel-inner>.prev{position:absolute;top:0;width:100%}.carousel-inner>.next{left:100%}.carousel-inner>.prev{left:-100%}.carousel-inner>.next.left,.carousel-inner>.prev.right{left:0}.carousel-inner>.active.left{left:-100%}.carousel-inner>.active.right{left:100%}.carousel-control{position:absolute;top:40%;left:15px;width:40px;height:40px;margin-top:-20px;font-size:60px;font-weight:100;line-height:30px;color:#fff;text-align:center;background:#222;border:3px solid #fff;-webkit-border-radius:23px;-moz-border-radius:23px;border-radius:23px;opacity:.5;filter:alpha(opacity=50)}.carousel-control.right{right:15px;left:auto}.carousel-control:hover,.carousel-control:focus{color:#fff;text-decoration:none;opacity:.9;filter:alpha(opacity=90)}.carousel-indicators{position:absolute;top:15px;right:15px;z-index:5;margin:0;list-style:none}.carousel-indicators li{display:block;float:left;width:10px;height:10px;margin-left:5px;text-indent:-999px;background-color:#ccc;background-color:rgba(255,255,255,0.25);border-radius:5px}.carousel-indicators .active{background-color:#fff}.carousel-caption{position:absolute;right:0;bottom:0;left:0;padding:15px;background:#333;background:rgba(0,0,0,0.75)}.carousel-caption h4,.carousel-caption p{line-height:20px;color:#fff}.carousel-caption h4{margin:0 0 5px}.carousel-caption p{margin-bottom:0}.hero-unit{padding:60px;margin-bottom:30px;font-size:18px;font-weight:200;line-height:30px;color:inherit;background-color:#eee;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px}.hero-unit h1{margin-bottom:0;font-size:60px;line-height:1;letter-spacing:-1px;color:inherit}.hero-unit li{line-height:30px}.pull-right{float:right}.pull-left{float:left}.hide{display:none}.show{display:block}.invisible{visibility:hidden}.affix{position:fixed} diff --git a/docs/theme/docker/static/css/main.css b/docs/theme/docker/static/css/main.css deleted file mode 100755 index ce4ba7b869..0000000000 --- a/docs/theme/docker/static/css/main.css +++ /dev/null @@ -1,477 +0,0 @@ -.debug { - border: 2px dotted red !important; - box-sizing: border-box; - -moz-box-sizing: border-box; -} -body { - min-width: 940px; - font-family: "Cabin", "Helvetica Neue", Helvetica, Arial, sans-serif; -} -p a { - text-decoration: underline; -} -p a.btn { - text-decoration: none; -} -.brand.logo a { - text-decoration: none; -} -.navbar .navbar-inner { - padding-left: 0px; - padding-right: 0px; -} -.navbar .nav li a { - padding: 24.2857142855px 17px 24.2857142855px; - color: #777777; - text-decoration: none; - text-shadow: 0 1px 0 #f2f2f2; -} -.navbar .nav > li { - float: left; -} -.nav-underline { - height: 6px; - background-color: #71afc0; -} -.nav-login li a { - color: white; - padding: 10px 15px 10px; -} -.navbar .brand { - margin-left: 0px; - float: left; - display: block; -} -.navbar-inner { - min-height: 70px; - padding-left: 20px; - padding-right: 20px; - background-color: #ededed; - background-image: -moz-linear-gradient(top, #f2f2f2, #e5e5e5); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#f2f2f2), to(#e5e5e5)); - background-image: -webkit-linear-gradient(top, #f2f2f2, #e5e5e5); - background-image: -o-linear-gradient(top, #f2f2f2, #e5e5e5); - background-image: linear-gradient(to bottom, #f2f2f2, #e5e5e5); - background-repeat: repeat-x; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2f2f2', endColorstr='#ffe5e5e5', GradientType=0); - border: 1px solid #c7c7c7; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; - -webkit-box-shadow: 0 1px 4px rgba(0, 0, 0, 0.065); - -moz-box-shadow: 0 1px 4px rgba(0, 0, 0, 0.065); - box-shadow: 0 1px 4px rgba(0, 0, 0, 0.065); -} -.brand-logo a { - color: white; -} -.brand-logo a img { - width: auto; -} -.inline-icon { - margin-bottom: 6px; -} -.row { - margin-top: 15px; - margin-bottom: 15px; -} -div[class*='span'] { - -moz-box-sizing: border-box; - box-sizing: border-box; -} -.box { - padding: 30px; - background-color: white; - margin-top: 8px; -} -.paper { - background-color: white; - padding-top: 30px; - padding-bottom: 30px; -} -.copy-headline { - margin-top: 0px; -} -.box h1, -.box h2, -.box h3, -.box h4 { - margin-top: -5px; -} -.nested { - padding: 30px; -} -.box.div { - padding: 30px; -} -span.read-more { - margin-left: 15px; - white-space: nowrap; -} -.forcetopalign { - margin-top: 15px !important; -} -.forcetopmargin { - margin-top: 23px !important; -} -.forceleftalign { - margin-left: 15px !important; -} -.forceleftmargin { - margin-left: 21px !important; -} -.textcenter { - text-align: center; -} -.textright { - text-align: right; -} -.textsmaller { - font-size: 12px; -} -.modal-backdrop { - opacity: 0.4; -} -/* generic page copy styles */ -.copy-headline h1 { - font-size: 21px; -} -/* ======================= - Sticky footer -======================= */ -html, -body { - height: 100%; - /* The html and body elements cannot have any padding or margin. */ - -} -/* Wrapper for page content to push down footer */ -#wrap { - min-height: 100%; - height: auto !important; - height: 100%; - /* Negative indent footer by it's height */ - - margin: 0 auto -280px; -} -/* Set the fixed height of the footer here */ -#push-the-footer, -#footer { - height: 280px; -} -.main-row { - padding-top: 50px; -} -#footer .footer { - margin-top: 160px; -} -#footer .footer .ligaturesymbols { - font-size: 30px; - color: black; -} -#footer .footer .ligaturesymbols a { - color: black; -} -#footer .footer .footerlist h3, -#footer .footer .footerlist h4 { - /* correct the top alignment */ - - margin-top: 0px; -} -.footer-landscape-image { - position: absolute: - bottom: 0; - margin-bottom: 0; - background-image: url('https://www.docker.io/static/img/website-footer_clean.svg'); - background-repeat: repeat-x; - height: 280px; -} -.main-row { - margin-top: 40px; -} -.sidebar { - width: 215px; - float: left; -} -.main-content { - padding: 16px 18px inherit; - margin-left: 230px; - /* space for sidebar */ - -} -/* ======================= - Social footer -======================= */ -.social { - margin-left: 0px; - margin-top: 15px; -} -.social .twitter, -.social .github, -.social .googleplus, -.social .facebook, -.social .slideshare, -.social .linkedin, -.social .flickr, -.social .youtube, -.social .reddit { - background: url("../img/social/docker_social_logos.png") no-repeat transparent; - display: inline-block; - height: 32px; - overflow: hidden; - text-indent: 9999px; - width: 32px; - margin-right: 5px; -} -.social :hover { - -webkit-transform: rotate(-10deg); - -moz-transform: rotate(-10deg); - -o-transform: rotate(-10deg); - -ms-transform: rotate(-10deg); - transform: rotate(-10deg); -} -.social .twitter { - background-position: -160px 0px; -} -.social .reddit { - background-position: -256px 0px; -} -.social .github { - background-position: -64px 0px; -} -.social .googleplus { - background-position: -96px 0px; -} -.social .facebook { - background-position: 0px 0px; -} -.social .slideshare { - background-position: -128px 0px; -} -.social .youtube { - background-position: -192px 0px; -} -.social .flickr { - background-position: -32px 0px; -} -.social .linkedin { - background-position: -224px 0px; -} -form table th { - vertical-align: top; - text-align: right; - white-space: nowrap; -} -form .labeldd label { - font-weight: bold; -} -form .helptext { - font-size: 12px; - margin-top: -4px; - margin-bottom: 10px; -} -form .fielddd input { - width: 250px; -} -form .error { - color: #a30000; -} -div.alert.alert-block { - margin-bottom: 15px; -} -/* ======================= ======================= - Documentation -========================= ========================= */ -/* ======================= - Styles for the sidebar -========================= */ -.page-title { - background-color: white; - border: 1px solid transparent; - text-align: center; - width: 100%; -} -.page-title h4 { - font-size: 20px; -} -.bs-docs-sidebar { - padding-left: 5px; - max-width: 100%; - box-sizing: border-box; - -moz-box-sizing: border-box; - margin-top: 18px; -} -.bs-docs-sidebar ul { - list-style: none; - margin-left: 0px; -} -.bs-docs-sidebar .toctree-l2 > ul { - width: 100%; -} -.bs-docs-sidebar ul > li.toctree-l1.has-children { - background-image: url('../img/menu_arrow_right.gif'); - background-repeat: no-repeat; - background-position: 13px 13px; - list-style-type: none; - padding: 0px 0px 0px 0px; - vertical-align: middle; -} -.bs-docs-sidebar ul > li.toctree-l1.has-children.open { - background-image: url('../img/menu_arrow_down.gif'); -} -.bs-docs-sidebar ul > li > a { - box-sizing: border-box; - -moz-box-sizing: border-box; - width: 100%; - display: inline-block; - padding-top: 8px; - padding-bottom: 8px; - padding-left: 35px; - padding-right: 20px; - font-size: 14px; - border-bottom: 1.5px solid #595959; - line-height: 20px; -} -.bs-docs-sidebar ul > li:first-child.active > a { - border-top: 1.5px solid #595959; -} -.bs-docs-sidebar ul > li:last-child > a { - border-bottom: none; -} -.bs-docs-sidebar ul > li:last-child.active > a { - border-bottom: 1.5px solid #595959; -} -.bs-docs-sidebar ul > li.active > a { - border-right: 1.5px solid #595959; - border-left: 1.5px solid #595959; - color: #394d54; -} -.bs-docs-sidebar ul > li:hover { - background-color: #e8e8e8; -} -.bs-docs-sidebar.toctree-l3 ul { - display: inherit; - margin-left: 15px; - font-size: smaller; -} -.bs-docs-sidebar .toctree-l3 a { - border: none; - font-size: 12px; - line-height: 15px; -} -.bs-docs-sidebar ul > li > ul { - display: none; -} -.bs-docs-sidebar ul > li.current > ul { - display: inline-block; - padding-left: 0px; - width: 100%; -} -.toctree-l2.current > a { - font-weight: bold; -} -.toctree-l2.current { - border: 1.5px solid #595959; - color: #394d54; -} -/* ===================================== - Styles for the floating version widget -====================================== */ -.version-flyer { - position: fixed; - float: right; - right: 0; - bottom: 40px; - background-color: #E0E0E0; - border: 1px solid #88BABC; - padding: 5px; - font-size: larger; - max-width: 300px; -} -.version-flyer .content { - padding-right: 45px; - margin-top: 7px; - margin-left: 7px; - background-image: url('../img/container3.png'); - background-position: right center; - background-repeat: no-repeat; -} -.version-flyer .active-slug { - visibility: visible; - display: inline-block; - font-weight: bolder; -} -.version-flyer:hover .alternative { - animation-duration: 1s; - display: inline-block; -} -.version-flyer .version-note { - font-size: 16px; - color: black; -} -/* ===================================== - Styles for -====================================== */ -h1:hover > a.headerlink, -h2:hover > a.headerlink, -h3:hover > a.headerlink, -h4:hover > a.headerlink, -h5:hover > a.headerlink, -h6:hover > a.headerlink, -dt:hover > a.headerlink { - visibility: visible; -} -.headerlink { - font-size: smaller; - color: #666; - font-weight: bold; - float: right; - visibility: hidden; -} -h2, h3, h4, h5, h6 { - margin-top: 0.7em; -} -/* ===================================== - Miscellaneous information -====================================== */ -.admonition.warning, -.admonition.note, -.admonition.seealso, -.admonition.todo { - border: 3px solid black; - padding: 10px; - margin: 5px auto 10px; -} -.admonition .admonition-title { - font-size: larger; -} -.admonition.warning, -.admonition.danger { - border-color: #ac0004; -} -.admonition.note { - border-color: #cbc200; -} -.admonition.todo { - border-color: orange; -} -.admonition.seealso { - border-color: #23cb1f; -} -/* Add styles for other types of comments */ -.versionchanged, -.versionadded, -.versionmodified, -.deprecated { - font-size: larger; - font-weight: bold; -} -.versionchanged { - color: lightseagreen; -} -.versionadded { - color: mediumblue; -} -.deprecated { - color: orangered; -} diff --git a/docs/theme/docker/static/css/main.less b/docs/theme/docker/static/css/main.less deleted file mode 100644 index e248e21c08..0000000000 --- a/docs/theme/docker/static/css/main.less +++ /dev/null @@ -1,691 +0,0 @@ -// Main CSS configuration file -// by Thatcher Peskens, thatcher@dotcloud.com -// -// Please note variables.less is customized to include custom font, background-color, and link colors. - - -@import "variables.less"; - -// Variables for main.less -// ----------------------- - -@box-top-margin: 8px; -@box-padding-size: 30px; -@docker-background-color: #71AFC0; -@very-dark-sea-green: #394D54; - -// Custom colors for Docker -// -------------------------- -@gray-super-light: #F2F2F2; -@deep-red: #A30000; -@deep-blue: #1B2033; -@deep-green: #007035; -@link-blue: #213B8F; - - -.debug { - border: 2px dotted red !important; - box-sizing: border-box; - -moz-box-sizing: border-box; -} - - -// Other custom colors for Docker -// -------------------------- - -// ** are defined in sources/less/variables ** -//@import "bootstrap/variables.less"; - - -// Styles generic for each and every page -// ----------------------------------- // ----------------------------------- - - -// moving body down to make place for fixed navigation -body { - min-width: 940px; - font-family: @font-family-base; - -} - - -p a { - text-decoration: underline; - - &.btn { - text-decoration: none; - } - -} - -.brand.logo a { - text-decoration: none; -} - -// Styles for top navigation -// ---------------------------------- -.navbar .navbar-inner { - padding-left: 0px; - padding-right: 0px; -} - -.navbar .nav { - li a { - padding: ((@navbar-height - @line-height-base) / 2) 17px ((@navbar-height - @line-height-base) / 2); - color: #777777; - text-decoration: none; - text-shadow: 0 1px 0 #f2f2f2; - } -} - - -.navbar .nav > li { - float: left; -} - -.nav-underline { - height: 6px; - background-color: @docker-background-color; -} - -.nav-login { - li { - a { - color: white; - padding: 10px 15px 10px; - } - } -} - - -.navbar .brand { - margin-left: 0px; - float: left; - display: block; -} - -.navbar-inner { - min-height: 70px; - padding-left: 20px; - padding-right: 20px; - background-color: #ededed; - background-image: -moz-linear-gradient(top, #f2f2f2, #e5e5e5); - background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#f2f2f2), to(#e5e5e5)); - background-image: -webkit-linear-gradient(top, #f2f2f2, #e5e5e5); - background-image: -o-linear-gradient(top, #f2f2f2, #e5e5e5); - background-image: linear-gradient(to bottom, #f2f2f2, #e5e5e5); - background-repeat: repeat-x; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2f2f2', endColorstr='#ffe5e5e5', GradientType=0); - border: 1px solid #c7c7c7; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; - border-radius: 4px; - -webkit-box-shadow: 0 1px 4px rgba(0, 0, 0, 0.065); - -moz-box-shadow: 0 1px 4px rgba(0, 0, 0, 0.065); - box-shadow: 0 1px 4px rgba(0, 0, 0, 0.065); -} - -.brand-logo a { - color: white; - img { - width: auto; - } -} - -.logo { -// background-color: #A30000; -// color: white; -} - -.inline-icon { - margin-bottom: 6px; -} - -// Bootstrap elements -// ---------------------------------- - -.row { - margin-top: 15px; - margin-bottom: 15px; -} - -.container { - // background-color: green; -} - -// Styles on blocks of content -// ---------------------------------- - -// everything which is a block should have box-sizing: border-box; - -div[class*='span'] -{ - -moz-box-sizing: border-box; - box-sizing: border-box; -} - - -// Box for making white with a border, and some nice spacings -.box { - padding: @box-padding-size; - background-color: white; - margin-top: @box-top-margin; -} - -.paper { - background-color: white; - padding-top: 30px; - padding-bottom: 30px; -} - -.copy-headline { - margin-top: 0px; -// border-bottom: 1.2px solid @veryDarkSeaGreen; -} - -.box { - h1, h2, h3, h4 { - margin-top: -5px; - } -} - -.nested { - padding: @box-padding-size; -} - -.box.div { - padding: @box-padding-size; -} - -span.read-more { - margin-left: 15px; - white-space: nowrap; -} - - -// set a top margin of @box-top-margin + 8 px to make it show a margin -//instead of the div being flush against the side. Typically only -// required for a stacked div in a column, w.o. using row. -.forcetopalign { - margin-top: 15px !important; -} -.forcetopmargin { - margin-top: 23px !important; -} -.forceleftalign { - margin-left: 15px !important; -} -.forceleftmargin { - margin-left: 21px !important; -} - - -// simple text aligns -.textcenter { - text-align: center; -} - -.textright { - text-align: right; -} - -.textsmaller { - font-size: @font-size-small; -} - -.modal-backdrop { - opacity: 0.4; -} - - -/* generic page copy styles */ - -.copy-headline h1 { - font-size: 21px; -} - - -/* ======================= - Sticky footer -======================= */ - -@sticky-footer-height: 280px; - -html, -body { - height: 100%; - /* The html and body elements cannot have any padding or margin. */ -} - -/* Wrapper for page content to push down footer */ -#wrap { - min-height: 100%; - height: auto !important; - height: 100%; - /* Negative indent footer by it's height */ - margin: 0 auto -@sticky-footer-height; -} - -/* Set the fixed height of the footer here */ -#push-the-footer, -#footer { - height: @sticky-footer-height; -} - -#footer { -// margin-bottom: -60px; -// margin-top: 160px; -} - -.main-row { - padding-top: @navbar-height; -} - - -// Styles on the footer -// ---------------------------------- - -// -#footer .footer { - margin-top: 160px; - .ligaturesymbols { - font-size: 30px; - color: black; - a { - color: black; - } - } - - .footerlist { - h3, h4 { - /* correct the top alignment */ - margin-top: 0px; - } - } - -} - -.footer-landscape-image { - position: absolute: - bottom: 0; - margin-bottom: 0; - background-image: url('https://www.docker.io/static/img/website-footer_clean.svg'); - background-repeat: repeat-x; - height: @sticky-footer-height; -} - -.main-row { - margin-top: 40px; -} - -.sidebar { - width: 215px; - float: left; -} - -.main-content { - padding: 16px 18px inherit; - margin-left: 230px; /* space for sidebar */ -} - - - -/* ======================= - Social footer -======================= */ - -.social { - margin-left: 0px; - margin-top: 15px; -} - -.social { - .twitter, .github, .googleplus, .facebook, .slideshare, .linkedin, .flickr, .youtube, .reddit { - background: url("../img/social/docker_social_logos.png") no-repeat transparent; - display: inline-block; - height: 32px; - overflow: hidden; - text-indent: 9999px; - width: 32px; - margin-right: 5px; - } -} - -.social :hover { - -webkit-transform: rotate(-10deg); - -moz-transform: rotate(-10deg); - -o-transform: rotate(-10deg); - -ms-transform: rotate(-10deg); - transform: rotate(-10deg); -} - -.social .twitter { - background-position: -160px 0px; -} - -.social .reddit { - background-position: -256px 0px; -} - -.social .github { - background-position: -64px 0px; -} - -.social .googleplus { - background-position: -96px 0px; -} - -.social .facebook { - background-position: -0px 0px; -} - -.social .slideshare { - background-position: -128px 0px; -} - -.social .youtube { - background-position: -192px 0px; -} - -.social .flickr { - background-position: -32px 0px; -} - -.social .linkedin { - background-position: -224px 0px; -} - - - -// Styles on the forms -// ---------------------------------- - -form table { - th { - vertical-align: top; - text-align: right; - white-space: nowrap; - } -} - -form { - .labeldd label { - font-weight: bold; - } - - .helptext { - font-size: @font-size-small; - margin-top: -4px; - margin-bottom: 10px; - } - - .fielddd input { - width: 250px; - } - - .error { - color: @deep-red; - } - - [type=submit] { -// margin-top: -8px; - } -} - -div.alert.alert-block { - margin-bottom: 15px; -} - -/* ======================= ======================= - Documentation -========================= ========================= */ - - -/* ======================= - Styles for the sidebar -========================= */ - - -@sidebar-navigation-border: 1.5px solid #595959; -@sidebar-navigation-width: 225px; - - -.page-title { - // border-bottom: 1px solid #bbbbbb; - background-color: white; - border: 1px solid transparent; - text-align: center; - width: 100%; - h4 { - font-size: 20px; - } -} - -.bs-docs-sidebar { - padding-left: 5px; - max-width: 100%; - box-sizing: border-box; - -moz-box-sizing: border-box; - margin-top: 18px; - - ul { - list-style: none; - margin-left: 0px; - } - - .toctree-l2 > ul { - width: 100%; - } - - ul > li { - &.toctree-l1.has-children { - background-image: url('../img/menu_arrow_right.gif'); - background-repeat: no-repeat; - background-position: 13px 13px; - list-style-type: none; - // margin-left: px; - padding: 0px 0px 0px 0px; - vertical-align: middle; - - &.open { - background-image: url('../img/menu_arrow_down.gif'); - } - } - - & > a { - box-sizing: border-box; - -moz-box-sizing: border-box; - width: 100%; - display:inline-block; - padding-top: 8px; - padding-bottom: 8px; - padding-left: 35px; - padding-right: 20px; - font-size: @font-size-base; - border-bottom: @sidebar-navigation-border; - line-height: 20px; - } - - &:first-child.active > a { - border-top: @sidebar-navigation-border; - } - - &:last-child > a { - border-bottom: none; - } - - &:last-child.active > a { - border-bottom: @sidebar-navigation-border; - } - - &.active > a { - border-right: @sidebar-navigation-border; - border-left: @sidebar-navigation-border; - color: @very-dark-sea-green; - } - - &:hover { - background-color: #e8e8e8; - } - } - - &.toctree-l3 ul { - display: inherit; - - margin-left: 15px; - font-size: smaller; - } - - .toctree-l3 a { - border: none; - font-size: 12px; - line-height: 15px; - } - - ul > li > ul { - display: none; - } - - ul > li.current > ul { - display: inline-block; - padding-left: 0px; - width: 100%; - } -} - -.toctree-l2 { - &.current > a { - font-weight: bold; - } - &.current { - border: 1.5px solid #595959; - color: #394d54; - } -} - - -/* ===================================== - Styles for the floating version widget -====================================== */ - -.version-flyer { - position: fixed; - float: right; - right: 0; - bottom: 40px; - background-color: #E0E0E0; - border: 1px solid #88BABC; - padding: 5px; - font-size: larger; - max-width: 300px; - - .content { - padding-right: 45px; - margin-top: 7px; - margin-left: 7px; - background-image: url('../img/container3.png'); - background-position: right center; - background-repeat: no-repeat; - } - - .alternative { - } - - .active-slug { - visibility: visible; - display: inline-block; - font-weight: bolder; - } - - &:hover .alternative { - animation-duration: 1s; - display: inline-block; - } - - .version-note { - font-size: 16px; - color: black; - } - -} - -/* ===================================== - Styles for -====================================== */ - -h1:hover > a.headerlink, -h2:hover > a.headerlink, -h3:hover > a.headerlink, -h4:hover > a.headerlink, -h5:hover > a.headerlink, -h6:hover > a.headerlink, -dt:hover > a.headerlink { - visibility: visible; -} - -.headerlink { - font-size: smaller; - color: #666; - font-weight: bold; - float: right; - visibility: hidden; -} - -h2, h3, h4, h5, h6 { - margin-top: 0.7em; -} - -/* ===================================== - Miscellaneous information -====================================== */ - -.admonition { - &.warning, &.note, &.seealso, &.todo { - border: 3px solid black; - padding: 10px; - margin: 5px auto 10px; - } - - .admonition-title { - font-size: larger; - } - - &.warning, &.danger { - border-color: #ac0004; - } - - &.note { - border-color: #cbc200; - } - - &.todo { - border-color: orange; - } - - &.seealso { - border-color: #23cb1f; - } - -} - -/* Add styles for other types of comments */ - -.versionchanged, -.versionadded, -.versionmodified, -.deprecated { - font-size: larger; - font-weight: bold; -} - -.versionchanged { - color: lightseagreen; -} - -.versionadded { - color: mediumblue; -} - -.deprecated { - color: orangered; -} diff --git a/docs/theme/docker/static/css/variables.css b/docs/theme/docker/static/css/variables.css deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/docs/theme/docker/static/css/variables.less b/docs/theme/docker/static/css/variables.less deleted file mode 100644 index cc1d764364..0000000000 --- a/docs/theme/docker/static/css/variables.less +++ /dev/null @@ -1,622 +0,0 @@ -// -// Variables -// -------------------------------------------------- - - -// Global values -// -------------------------------------------------- - - -// Grays -// ------------------------- - -@gray-darker: lighten(#000, 13.5%); // #222 -@gray-dark: lighten(#000, 20%); // #333 -@gray: lighten(#000, 33.5%); // #555 -@gray-light: lighten(#000, 60%); // #999 -@gray-lighter: lighten(#000, 93.5%); // #eee - -// Brand colors -// ------------------------- - -@brand-primary: #428bca; -@brand-success: #5cb85c; -@brand-warning: #f0ad4e; -@brand-danger: #d9534f; -@brand-info: #5bc0de; - -// Scaffolding -// ------------------------- - -@body-bg: #fff; -@text-color: @gray-dark; - -// Links -// ------------------------- - -@link-color: @brand-primary; -@link-hover-color: darken(@link-color, 15%); - -// Typography -// ------------------------- - -@font-family-sans-serif: "Cabin", "Helvetica Neue", Helvetica, Arial, sans-serif; -@font-family-serif: Georgia, "Times New Roman", Times, serif; -@font-family-monospace: Monaco, Menlo, Consolas, "Courier New", monospace; -@font-family-base: @font-family-sans-serif; - -@font-size-base: 14px; -@font-size-large: ceil(@font-size-base * 1.25); // ~18px -@font-size-small: ceil(@font-size-base * 0.85); // ~12px - -@line-height-base: 1.428571429; // 20/14 -@line-height-computed: floor(@font-size-base * @line-height-base); // ~20px - -@headings-font-family: @font-family-base; -@headings-font-weight: 500; -@headings-line-height: 1.1; - -// Iconography -// ------------------------- - -@icon-font-path: "../fonts/"; -@icon-font-name: "glyphicons-halflings-regular"; - - -// Components -// ------------------------- -// Based on 14px font-size and 1.428 line-height (~20px to start) - -@padding-base-vertical: 6px; -@padding-base-horizontal: 12px; - -@padding-large-vertical: 10px; -@padding-large-horizontal: 16px; - -@padding-small-vertical: 5px; -@padding-small-horizontal: 10px; - -@line-height-large: 1.33; -@line-height-small: 1.5; - -@border-radius-base: 4px; -@border-radius-large: 6px; -@border-radius-small: 3px; - -@component-active-bg: @brand-primary; - -@caret-width-base: 4px; -@caret-width-large: 5px; - -// Tables -// ------------------------- - -@table-cell-padding: 8px; -@table-condensed-cell-padding: 5px; - -@table-bg: transparent; // overall background-color -@table-bg-accent: #f9f9f9; // for striping -@table-bg-hover: #f5f5f5; -@table-bg-active: @table-bg-hover; - -@table-border-color: #ddd; // table and cell border - - -// Buttons -// ------------------------- - -@btn-font-weight: normal; - -@btn-default-color: #333; -@btn-default-bg: #fff; -@btn-default-border: #ccc; - -@btn-primary-color: #fff; -@btn-primary-bg: @brand-primary; -@btn-primary-border: darken(@btn-primary-bg, 5%); - -@btn-success-color: #fff; -@btn-success-bg: @brand-success; -@btn-success-border: darken(@btn-success-bg, 5%); - -@btn-warning-color: #fff; -@btn-warning-bg: @brand-warning; -@btn-warning-border: darken(@btn-warning-bg, 5%); - -@btn-danger-color: #fff; -@btn-danger-bg: @brand-danger; -@btn-danger-border: darken(@btn-danger-bg, 5%); - -@btn-info-color: #fff; -@btn-info-bg: @brand-info; -@btn-info-border: darken(@btn-info-bg, 5%); - -@btn-link-disabled-color: @gray-light; - - -// Forms -// ------------------------- - -@input-bg: #fff; -@input-bg-disabled: @gray-lighter; - -@input-color: @gray; -@input-border: #ccc; -@input-border-radius: @border-radius-base; -@input-border-focus: #66afe9; - -@input-color-placeholder: @gray-light; - -@input-height-base: (@line-height-computed + (@padding-base-vertical * 2) + 2); -@input-height-large: (floor(@font-size-large * @line-height-large) + (@padding-large-vertical * 2) + 2); -@input-height-small: (floor(@font-size-small * @line-height-small) + (@padding-small-vertical * 2) + 2); - -@legend-color: @gray-dark; -@legend-border-color: #e5e5e5; - -@input-group-addon-bg: @gray-lighter; -@input-group-addon-border-color: @input-border; - - -// Dropdowns -// ------------------------- - -@dropdown-bg: #fff; -@dropdown-border: rgba(0,0,0,.15); -@dropdown-fallback-border: #ccc; -@dropdown-divider-bg: #e5e5e5; - -@dropdown-link-active-color: #fff; -@dropdown-link-active-bg: @component-active-bg; - -@dropdown-link-color: @gray-dark; -@dropdown-link-hover-color: #fff; -@dropdown-link-hover-bg: @dropdown-link-active-bg; - -@dropdown-link-disabled-color: @gray-light; - -@dropdown-header-color: @gray-light; - -@dropdown-caret-color: #000; - - -// COMPONENT VARIABLES -// -------------------------------------------------- - - -// Z-index master list -// ------------------------- -// Used for a bird's eye view of components dependent on the z-axis -// Try to avoid customizing these :) - -@zindex-navbar: 1000; -@zindex-dropdown: 1000; -@zindex-popover: 1010; -@zindex-tooltip: 1030; -@zindex-navbar-fixed: 1030; -@zindex-modal-background: 1040; -@zindex-modal: 1050; - -// Media queries breakpoints -// -------------------------------------------------- - -// Extra small screen / phone -@screen-xs: 480px; -@screen-phone: @screen-xs; - -// Small screen / tablet -@screen-sm: 768px; -@screen-tablet: @screen-sm; - -// Medium screen / desktop -@screen-md: 992px; -@screen-desktop: @screen-md; - -// Large screen / wide desktop -@screen-lg: 1600px; -@screen-lg-desktop: @screen-lg; - -// So media queries don't overlap when required, provide a maximum -@screen-xs-max: (@screen-sm - 1); -@screen-sm-max: (@screen-md - 1); -@screen-md-max: (@screen-lg - 1); - - -// Grid system -// -------------------------------------------------- - -// Number of columns in the grid system -@grid-columns: 12; -// Padding, to be divided by two and applied to the left and right of all columns -@grid-gutter-width: 30px; -// Point at which the navbar stops collapsing -@grid-float-breakpoint: @screen-desktop; - - -// Navbar -// ------------------------- - - -// Basics of a navbar -@navbar-height: 50px; -@navbar-margin-bottom: @line-height-computed; -@navbar-default-color: #777; -@navbar-default-bg: #f8f8f8; -@navbar-default-border: darken(@navbar-default-bg, 6.5%); -@navbar-border-radius: @border-radius-base; -@navbar-padding-horizontal: floor(@grid-gutter-width / 2); -@navbar-padding-vertical: ((@navbar-height - @line-height-computed) / 2); - -// Navbar links -@navbar-default-link-color: #777; -@navbar-default-link-hover-color: #333; -@navbar-default-link-hover-bg: transparent; -@navbar-default-link-active-color: #555; -@navbar-default-link-active-bg: darken(@navbar-default-bg, 6.5%); -@navbar-default-link-disabled-color: #ccc; -@navbar-default-link-disabled-bg: transparent; - -// Navbar brand label -@navbar-default-brand-color: @navbar-default-link-color; -@navbar-default-brand-hover-color: darken(@navbar-default-link-color, 10%); -@navbar-default-brand-hover-bg: transparent; - -// Navbar toggle -@navbar-default-toggle-hover-bg: #ddd; -@navbar-default-toggle-icon-bar-bg: #ccc; -@navbar-default-toggle-border-color: #ddd; - - -// Inverted navbar -// -// Reset inverted navbar basics -@navbar-inverse-color: @gray-light; -@navbar-inverse-bg: #222; -@navbar-inverse-border: darken(@navbar-inverse-bg, 10%); - -// Inverted navbar links -@navbar-inverse-link-color: @gray-light; -@navbar-inverse-link-hover-color: #fff; -@navbar-inverse-link-hover-bg: transparent; -@navbar-inverse-link-active-color: @navbar-inverse-link-hover-color; -@navbar-inverse-link-active-bg: darken(@navbar-inverse-bg, 10%); -@navbar-inverse-link-disabled-color: #444; -@navbar-inverse-link-disabled-bg: transparent; - -// Inverted navbar brand label -@navbar-inverse-brand-color: @navbar-inverse-link-color; -@navbar-inverse-brand-hover-color: #fff; -@navbar-inverse-brand-hover-bg: transparent; - -// Inverted navbar search -// Normal navbar needs no special styles or vars -@navbar-inverse-search-bg: lighten(@navbar-inverse-bg, 25%); -@navbar-inverse-search-bg-focus: #fff; -@navbar-inverse-search-border: @navbar-inverse-bg; -@navbar-inverse-search-placeholder-color: #ccc; - -// Inverted navbar toggle -@navbar-inverse-toggle-hover-bg: #333; -@navbar-inverse-toggle-icon-bar-bg: #fff; -@navbar-inverse-toggle-border-color: #333; - - -// Navs -// ------------------------- - -@nav-link-padding: 10px 15px; -@nav-link-hover-bg: @gray-lighter; - -@nav-disabled-link-color: @gray-light; -@nav-disabled-link-hover-color: @gray-light; - -@nav-open-link-hover-color: #fff; -@nav-open-caret-border-color: #fff; - -// Tabs -@nav-tabs-border-color: #ddd; - -@nav-tabs-link-hover-border-color: @gray-lighter; - -@nav-tabs-active-link-hover-bg: @body-bg; -@nav-tabs-active-link-hover-color: @gray; -@nav-tabs-active-link-hover-border-color: #ddd; - -@nav-tabs-justified-link-border-color: #ddd; -@nav-tabs-justified-active-link-border-color: @body-bg; - -// Pills -@nav-pills-active-link-hover-bg: @component-active-bg; -@nav-pills-active-link-hover-color: #fff; - - -// Pagination -// ------------------------- - -@pagination-bg: #fff; -@pagination-border: #ddd; - -@pagination-hover-bg: @gray-lighter; - -@pagination-active-bg: @brand-primary; -@pagination-active-color: #fff; - -@pagination-disabled-color: @gray-light; - - -// Pager -// ------------------------- - -@pager-border-radius: 15px; -@pager-disabled-color: @gray-light; - - -// Jumbotron -// ------------------------- - -@jumbotron-padding: 30px; -@jumbotron-color: inherit; -@jumbotron-bg: @gray-lighter; - -@jumbotron-heading-color: inherit; - - -// Form states and alerts -// ------------------------- - -@state-warning-text: #c09853; -@state-warning-bg: #fcf8e3; -@state-warning-border: darken(spin(@state-warning-bg, -10), 3%); - -@state-danger-text: #b94a48; -@state-danger-bg: #f2dede; -@state-danger-border: darken(spin(@state-danger-bg, -10), 3%); - -@state-success-text: #468847; -@state-success-bg: #dff0d8; -@state-success-border: darken(spin(@state-success-bg, -10), 5%); - -@state-info-text: #3a87ad; -@state-info-bg: #d9edf7; -@state-info-border: darken(spin(@state-info-bg, -10), 7%); - - -// Tooltips -// ------------------------- -@tooltip-max-width: 200px; -@tooltip-color: #fff; -@tooltip-bg: #000; - -@tooltip-arrow-width: 5px; -@tooltip-arrow-color: @tooltip-bg; - - -// Popovers -// ------------------------- -@popover-bg: #fff; -@popover-max-width: 276px; -@popover-border-color: rgba(0,0,0,.2); -@popover-fallback-border-color: #ccc; - -@popover-title-bg: darken(@popover-bg, 3%); - -@popover-arrow-width: 10px; -@popover-arrow-color: #fff; - -@popover-arrow-outer-width: (@popover-arrow-width + 1); -@popover-arrow-outer-color: rgba(0,0,0,.25); -@popover-arrow-outer-fallback-color: #999; - - -// Labels -// ------------------------- - -@label-default-bg: @gray-light; -@label-primary-bg: @brand-primary; -@label-success-bg: @brand-success; -@label-info-bg: @brand-info; -@label-warning-bg: @brand-warning; -@label-danger-bg: @brand-danger; - -@label-color: #fff; -@label-link-hover-color: #fff; - - -// Modals -// ------------------------- -@modal-inner-padding: 20px; - -@modal-title-padding: 15px; -@modal-title-line-height: @line-height-base; - -@modal-content-bg: #fff; -@modal-content-border-color: rgba(0,0,0,.2); -@modal-content-fallback-border-color: #999; - -@modal-backdrop-bg: #000; -@modal-header-border-color: #e5e5e5; -@modal-footer-border-color: @modal-header-border-color; - - -// Alerts -// ------------------------- -@alert-padding: 15px; -@alert-border-radius: @border-radius-base; -@alert-link-font-weight: bold; - -@alert-success-bg: @state-success-bg; -@alert-success-text: @state-success-text; -@alert-success-border: @state-success-border; - -@alert-info-bg: @state-info-bg; -@alert-info-text: @state-info-text; -@alert-info-border: @state-info-border; - -@alert-warning-bg: @state-warning-bg; -@alert-warning-text: @state-warning-text; -@alert-warning-border: @state-warning-border; - -@alert-danger-bg: @state-danger-bg; -@alert-danger-text: @state-danger-text; -@alert-danger-border: @state-danger-border; - - -// Progress bars -// ------------------------- -@progress-bg: #f5f5f5; -@progress-bar-color: #fff; - -@progress-bar-bg: @brand-primary; -@progress-bar-success-bg: @brand-success; -@progress-bar-warning-bg: @brand-warning; -@progress-bar-danger-bg: @brand-danger; -@progress-bar-info-bg: @brand-info; - - -// List group -// ------------------------- -@list-group-bg: #fff; -@list-group-border: #ddd; -@list-group-border-radius: @border-radius-base; - -@list-group-hover-bg: #f5f5f5; -@list-group-active-color: #fff; -@list-group-active-bg: @component-active-bg; -@list-group-active-border: @list-group-active-bg; - -@list-group-link-color: #555; -@list-group-link-heading-color: #333; - - -// Panels -// ------------------------- -@panel-bg: #fff; -@panel-inner-border: #ddd; -@panel-border-radius: @border-radius-base; -@panel-footer-bg: #f5f5f5; - -@panel-default-text: @gray-dark; -@panel-default-border: #ddd; -@panel-default-heading-bg: #f5f5f5; - -@panel-primary-text: #fff; -@panel-primary-border: @brand-primary; -@panel-primary-heading-bg: @brand-primary; - -@panel-success-text: @state-success-text; -@panel-success-border: @state-success-border; -@panel-success-heading-bg: @state-success-bg; - -@panel-warning-text: @state-warning-text; -@panel-warning-border: @state-warning-border; -@panel-warning-heading-bg: @state-warning-bg; - -@panel-danger-text: @state-danger-text; -@panel-danger-border: @state-danger-border; -@panel-danger-heading-bg: @state-danger-bg; - -@panel-info-text: @state-info-text; -@panel-info-border: @state-info-border; -@panel-info-heading-bg: @state-info-bg; - - -// Thumbnails -// ------------------------- -@thumbnail-padding: 4px; -@thumbnail-bg: @body-bg; -@thumbnail-border: #ddd; -@thumbnail-border-radius: @border-radius-base; - -@thumbnail-caption-color: @text-color; -@thumbnail-caption-padding: 9px; - - -// Wells -// ------------------------- -@well-bg: #f5f5f5; - - -// Badges -// ------------------------- -@badge-color: #fff; -@badge-link-hover-color: #fff; -@badge-bg: @gray-light; - -@badge-active-color: @link-color; -@badge-active-bg: #fff; - -@badge-font-weight: bold; -@badge-line-height: 1; -@badge-border-radius: 10px; - - -// Breadcrumbs -// ------------------------- -@breadcrumb-bg: #f5f5f5; -@breadcrumb-color: #ccc; -@breadcrumb-active-color: @gray-light; - - -// Carousel -// ------------------------ - -@carousel-text-shadow: 0 1px 2px rgba(0,0,0,.6); - -@carousel-control-color: #fff; -@carousel-control-width: 15%; -@carousel-control-opacity: .5; -@carousel-control-font-size: 20px; - -@carousel-indicator-active-bg: #fff; -@carousel-indicator-border-color: #fff; - -@carousel-caption-color: #fff; - - -// Close -// ------------------------ -@close-color: #000; -@close-font-weight: bold; -@close-text-shadow: 0 1px 0 #fff; - - -// Code -// ------------------------ -@code-color: #c7254e; -@code-bg: #f9f2f4; - -@pre-bg: #f5f5f5; -@pre-color: @gray-dark; -@pre-border-color: #ccc; -@pre-scrollable-max-height: 340px; - -// Type -// ------------------------ -@text-muted: @gray-light; -@abbr-border-color: @gray-light; -@headings-small-color: @gray-light; -@blockquote-small-color: @gray-light; -@blockquote-border-color: @gray-lighter; -@page-header-border-color: @gray-lighter; - -// Miscellaneous -// ------------------------- - -// Hr border color -@hr-border: @gray-lighter; - -// Horizontal forms & lists -@component-offset-horizontal: 180px; - - -// Container sizes -// -------------------------------------------------- - -// Small screen / tablet -@container-tablet: ((720px + @grid-gutter-width)); - -// Medium screen / desktop -@container-desktop: ((940px + @grid-gutter-width)); - -// Large screen / wide desktop -@container-lg-desktop: ((1140px + @grid-gutter-width)); diff --git a/docs/theme/docker/static/favicon.png b/docs/theme/docker/static/favicon.png deleted file mode 100644 index ee01a5ee8a..0000000000 Binary files a/docs/theme/docker/static/favicon.png and /dev/null differ diff --git a/docs/theme/docker/static/img/container3.png b/docs/theme/docker/static/img/container3.png deleted file mode 100644 index 0e8b59f75d..0000000000 Binary files a/docs/theme/docker/static/img/container3.png and /dev/null differ diff --git a/docs/theme/docker/static/img/docker-letters-logo.gif b/docs/theme/docker/static/img/docker-letters-logo.gif deleted file mode 100644 index b394ae4ecc..0000000000 Binary files a/docs/theme/docker/static/img/docker-letters-logo.gif and /dev/null differ diff --git a/docs/theme/docker/static/img/docker-top-logo.png b/docs/theme/docker/static/img/docker-top-logo.png deleted file mode 100644 index 4955f499bd..0000000000 Binary files a/docs/theme/docker/static/img/docker-top-logo.png and /dev/null differ diff --git a/docs/theme/docker/static/img/docker_letters_500px.png b/docs/theme/docker/static/img/docker_letters_500px.png deleted file mode 100644 index 242cd5901b..0000000000 Binary files a/docs/theme/docker/static/img/docker_letters_500px.png and /dev/null differ diff --git a/docs/theme/docker/static/img/dockerlogo-h.png b/docs/theme/docker/static/img/dockerlogo-h.png deleted file mode 100644 index d0e37e548b..0000000000 Binary files a/docs/theme/docker/static/img/dockerlogo-h.png and /dev/null differ diff --git a/docs/theme/docker/static/img/docs-splash-colhead320.png b/docs/theme/docker/static/img/docs-splash-colhead320.png deleted file mode 100755 index 2f6d1b693d..0000000000 Binary files a/docs/theme/docker/static/img/docs-splash-colhead320.png and /dev/null differ diff --git a/docs/theme/docker/static/img/external-link-icon.png b/docs/theme/docker/static/img/external-link-icon.png deleted file mode 100644 index 2b150908c9..0000000000 Binary files a/docs/theme/docker/static/img/external-link-icon.png and /dev/null differ diff --git a/docs/theme/docker/static/img/fork-us.png b/docs/theme/docker/static/img/fork-us.png deleted file mode 100644 index efb749c1f9..0000000000 Binary files a/docs/theme/docker/static/img/fork-us.png and /dev/null differ diff --git a/docs/theme/docker/static/img/glyphicons-halflings-white.png b/docs/theme/docker/static/img/glyphicons-halflings-white.png deleted file mode 100755 index 3bf6484a29..0000000000 Binary files a/docs/theme/docker/static/img/glyphicons-halflings-white.png and /dev/null differ diff --git a/docs/theme/docker/static/img/glyphicons-halflings.png b/docs/theme/docker/static/img/glyphicons-halflings.png deleted file mode 100755 index a996999320..0000000000 Binary files a/docs/theme/docker/static/img/glyphicons-halflings.png and /dev/null differ diff --git a/docs/theme/docker/static/img/hiring_graphic.png b/docs/theme/docker/static/img/hiring_graphic.png deleted file mode 100644 index b3a6b99644..0000000000 Binary files a/docs/theme/docker/static/img/hiring_graphic.png and /dev/null differ diff --git a/docs/theme/docker/static/img/menu_arrow_down.gif b/docs/theme/docker/static/img/menu_arrow_down.gif deleted file mode 100644 index 8257c3846b..0000000000 Binary files a/docs/theme/docker/static/img/menu_arrow_down.gif and /dev/null differ diff --git a/docs/theme/docker/static/img/menu_arrow_right.gif b/docs/theme/docker/static/img/menu_arrow_right.gif deleted file mode 100644 index 7dd7253952..0000000000 Binary files a/docs/theme/docker/static/img/menu_arrow_right.gif and /dev/null differ diff --git a/docs/theme/docker/static/img/social/docker_social_logos.png b/docs/theme/docker/static/img/social/docker_social_logos.png deleted file mode 100644 index 5bde456365..0000000000 Binary files a/docs/theme/docker/static/img/social/docker_social_logos.png and /dev/null differ diff --git a/docs/theme/docker/static/js/docs.js b/docs/theme/docker/static/js/docs.js deleted file mode 100755 index 03401909fa..0000000000 --- a/docs/theme/docker/static/js/docs.js +++ /dev/null @@ -1,104 +0,0 @@ - -// This script should be included at the END of the document. -// For the fastest loading it does not inlude $(document).ready() - -// This Document contains a few helper functions for the documentation to display the current version, -// collapse and expand the menu etc. - - -// Function to make the sticky header possible -function shiftWindow() { - scrollBy(0, -70); - console.log("window shifted") -} - -window.addEventListener("hashchange", shiftWindow); - -function loadShift() { - if (window.location.hash) { - console.log("window has hash"); - shiftWindow(); - } -} - -$(window).load(function() { - loadShift(); -}); - -$(function(){ - - // sidebar accordian-ing - // don't apply on last object (it should be the FAQ) or the first (it should be introduction) - - // define an array to which all opened items should be added - var openmenus = []; - - var elements = $('.toctree-l2'); - // for (var i = 0; i < elements.length; i += 1) { var current = $(elements[i]); current.children('ul').hide();} - - - // set initial collapsed state - var elements = $('.toctree-l1'); - for (var i = 0; i < elements.length; i += 1) { - var current = $(elements[i]); - if (current.hasClass('current')) { - current.addClass('open'); - currentlink = current.children('a')[0].href; - openmenus.push(currentlink); - - // do nothing - } else { - // collapse children - current.children('ul').hide(); - } - } - - // attached handler on click - // Do not attach to first element or last (intro, faq) so that - // first and last link directly instead of accordian - $('.sidebar > ul > li > a').not(':last').not(':first').click(function(){ - - var index = $.inArray(this.href, openmenus) - - if (index > -1) { - console.log(index); - openmenus.splice(index, 1); - - - $(this).parent().children('ul').slideUp(200, function() { - $(this).parent().removeClass('open'); // toggle after effect - }); - } - else { - openmenus.push(this.href); - - var current = $(this); - - setTimeout(function() { - // $('.sidebar > ul > li').removeClass('current'); - current.parent().addClass('current').addClass('open'); // toggle before effect - current.parent().children('ul').hide(); - current.parent().children('ul').slideDown(200); - }, 100); - } - return false; - }); - - // add class to all those which have children - $('.sidebar > ul > li').not(':last').not(':first').addClass('has-children'); - - - if (doc_version == "") { - $('.version-flyer ul').html('
  • Local
    • '); - } - - if (doc_version == "latest") { - $('.version-flyer .version-note').hide(); - } - - // mark the active documentation in the version widget - $(".version-flyer a:contains('" + doc_version + "')").parent().addClass('active-slug').setAttribute("title", "Current version"); - - - -}); \ No newline at end of file diff --git a/docs/theme/docker/theme.conf b/docs/theme/docker/theme.conf deleted file mode 100755 index 5843e97d70..0000000000 --- a/docs/theme/docker/theme.conf +++ /dev/null @@ -1,11 +0,0 @@ -[theme] -inherit = basic -pygments_style = monokai - -[options] -full_logo = true -textcolor = #444444 -headingcolor = #0c3762 -linkcolor = #8C7B65 -visitedlinkcolor = #AFA599 -hoverlinkcolor = #4e4334 diff --git a/docs/theme/mkdocs/base.html b/docs/theme/mkdocs/base.html index 766afc0c8a..ca418b3cd7 100644 --- a/docs/theme/mkdocs/base.html +++ b/docs/theme/mkdocs/base.html @@ -4,7 +4,8 @@ - {% if page_description %}{% endif %} + {% if meta.page_description %}{% endif %} + {% if meta.page_keywords %}{% endif %} {% if site_author %}{% endif %} {% if canonical_url %}{% endif %} @@ -14,7 +15,6 @@ {% if page_title != '**HIDDEN** - '+site_name %}{{ page_title }}{% else %}{{ site_name }}{% endif %} - {% if page_title != '**HIDDEN** - Docker' %}{{ page_title }}{% else %}{{ site_name }}{% endif %} %v\n", job.Args) + cmd := exec.Command(job.Args[0], job.Args[1:]...) + cmd.Stdout = job.Stdout + cmd.Stderr = os.Stderr + if err := cmd.Run(); err != nil { + return job.Errorf("%v\n", err) + } + return engine.StatusOK +} + +func (w *Worker) Cd(job *engine.Job) engine.Status { + if err := os.Chdir(job.Args[0]); err != nil { + return job.Errorf("%v\n", err) + } + return engine.StatusOK +} + +func (w *Worker) Echo(job *engine.Job) engine.Status { + fmt.Fprintf(job.Stdout, "%s\n", strings.Join(job.Args, " ")) + return engine.StatusOK +} diff --git a/graph/graph.go b/graph/graph.go index 5c3a94bab7..b889139121 100644 --- a/graph/graph.go +++ b/graph/graph.go @@ -98,7 +98,7 @@ func (graph *Graph) Get(name string) (*image.Image, error) { img.SetGraph(graph) if img.Size < 0 { - rootfs, err := graph.driver.Get(img.ID) + rootfs, err := graph.driver.Get(img.ID, "") if err != nil { return nil, fmt.Errorf("Driver %s failed to get image rootfs %s: %s", graph.driver, img.ID, err) } @@ -110,7 +110,7 @@ func (graph *Graph) Get(name string) (*image.Image, error) { return nil, err } } else { - parentFs, err := graph.driver.Get(img.Parent) + parentFs, err := graph.driver.Get(img.Parent, "") if err != nil { return nil, err } @@ -191,11 +191,11 @@ func (graph *Graph) Register(jsonData []byte, layerData archive.ArchiveReader, i } // Create root filesystem in the driver - if err := graph.driver.Create(img.ID, img.Parent, ""); err != nil { + if err := graph.driver.Create(img.ID, img.Parent); err != nil { return fmt.Errorf("Driver %s failed to create image rootfs %s: %s", graph.driver, img.ID, err) } // Mount the root filesystem so we can apply the diff/layer - rootfs, err := graph.driver.Get(img.ID) + rootfs, err := graph.driver.Get(img.ID, "") if err != nil { return fmt.Errorf("Driver %s failed to get image rootfs %s: %s", graph.driver, img.ID, err) } diff --git a/hack/MAINTAINERS b/hack/MAINTAINERS index 18e05a3070..299d9a14af 100644 --- a/hack/MAINTAINERS +++ b/hack/MAINTAINERS @@ -1 +1,2 @@ Tianon Gravi (@tianon) +dind: Jerome Petazzoni (@jpetazzo) diff --git a/hack/bootcamp/README.md b/hack/bootcamp/README.md deleted file mode 100644 index 2c3d356daf..0000000000 --- a/hack/bootcamp/README.md +++ /dev/null @@ -1,91 +0,0 @@ -# Docker maintainer bootcamp - -## Introduction: we need more maintainers - -Docker is growing incredibly fast. At the time of writing, it has received over 200 contributions from 90 people, -and its API is used by dozens of 3rd-party tools. Over 1,000 issues have been opened. As the first production deployments -start going live, the growth will only accelerate. - -Also at the time of writing, Docker has 3 full-time maintainers, and 7 part-time subsystem maintainers. If docker -is going to live up to the expectations, we need more than that. - -This document describes a *bootcamp* to guide and train volunteers interested in helping the project, either with individual -contributions, maintainer work, or both. - -This bootcamp is an experiment. If you decide to go through it, consider yourself an alpha-tester. You should expect quirks, -and report them to us as you encounter them to help us smooth out the process. - - -## How it works - -The maintainer bootcamp is a 12-step program - one step for each of the maintainer's responsibilities. The aspiring maintainer must -validate all 12 steps by 1) studying it, 2) practicing it, and 3) getting endorsed for it. - -Steps are all equally important and can be validated in any order. Validating all 12 steps is a pre-requisite for becoming a core -maintainer, but even 1 step will make you a better contributor! - -### List of steps - -#### 1) Be a power user - -Use docker daily, build cool things with it, know its quirks inside and out. - - -#### 2) Help users - -Answer questions on irc, twitter, email, in person. - - -#### 3) Manage the bug tracker - -Help triage tickets - ask the right questions, find duplicates, reference relevant resources, know when to close a ticket when necessary, take the time to go over older tickets. - - -#### 4) Improve the documentation - -Follow the documentation from scratch regularly and make sure it is still up-to-date. Find and fix inconsistencies. Remove stale information. Find a frequently asked question that is not documented. Simplify the content and the form. - - -#### 5) Evangelize the principles of docker - -Understand what the underlying goals and principle of docker are. Explain design decisions based on what docker is, and what it is not. When someone is not using docker, find how docker can be valuable to them. If they are using docker, find how they can use it better. - - -#### 6) Fix bugs - -Self-explanatory. Contribute improvements to docker which solve defects. Bugfixes should be well-tested, and prioritized by impact to the user. - - -#### 7) Improve the testing infrastructure - -Automated testing is complicated and should be perpetually improved. Invest time to improve the current tooling. Refactor existing tests, create new ones, make testing more accessible to developers, add new testing capabilities (integration tests, mocking, stress test...), improve integration between tests and documentation... - - -#### 8) Contribute features - -Improve docker to do more things, or get better at doing the same things. Features should be well-tested, not break existing APIs, respect the project goals. They should make the user's life measurably better. Features should be discussed ahead of time to avoid wasting time and duplicating effort. - - -#### 9) Refactor internals - -Improve docker to repay technical debt. Simplify code layout, improve performance, add missing comments, reduce the number of files and functions, rename functions and variables to be more readable, go over FIXMEs, etc. - -#### 10) Review and merge contributions - -Review pull requests in a timely manner, review code in detail and offer feedback. Keep a high bar without being pedantic. Share the load of testing and merging pull requests. - -#### 11) Release - -Manage a release of docker from beginning to end. Tests, final review, tags, builds, upload to mirrors, distro packaging, etc. - -#### 12) Train other maintainers - -Contribute to training other maintainers. Give advice, delegate work, help organize the bootcamp. This also means contribute to the maintainer's manual, look for ways to improve the project organization etc. - -### How to study a step - -### How to practice a step - -### How to get endorsed for a step - - diff --git a/hack/dind b/hack/dind index 94147f5324..df2baa2757 100755 --- a/hack/dind +++ b/hack/dind @@ -1,4 +1,5 @@ #!/bin/bash +set -e # DinD: a wrapper script which allows docker to be run inside a docker container. # Original version by Jerome Petazzoni @@ -9,32 +10,34 @@ # Usage: dind CMD [ARG...] +# apparmor sucks and Docker needs to know that it's in a container (c) @tianon +export container=docker + # First, make sure that cgroups are mounted correctly. CGROUP=/sys/fs/cgroup -[ -d $CGROUP ] || - mkdir $CGROUP +mkdir -p "$CGROUP" -mountpoint -q $CGROUP || +if ! mountpoint -q "$CGROUP"; then mount -n -t tmpfs -o uid=0,gid=0,mode=0755 cgroup $CGROUP || { - echo "Could not make a tmpfs mount. Did you use --privileged?" + echo >&2 'Could not make a tmpfs mount. Did you use --privileged?' exit 1 } +fi -if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security -then - mount -t securityfs none /sys/kernel/security || { - echo "Could not mount /sys/kernel/security." - echo "AppArmor detection and -privileged mode might break." - } +if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security; then + mount -t securityfs none /sys/kernel/security || { + echo >&2 'Could not mount /sys/kernel/security.' + echo >&2 'AppArmor detection and -privileged mode might break.' + } fi # Mount the cgroup hierarchies exactly as they are in the parent system. -for SUBSYS in $(cut -d: -f2 /proc/1/cgroup) -do - [ -d $CGROUP/$SUBSYS ] || mkdir $CGROUP/$SUBSYS - mountpoint -q $CGROUP/$SUBSYS || - mount -n -t cgroup -o $SUBSYS cgroup $CGROUP/$SUBSYS +for SUBSYS in $(cut -d: -f2 /proc/1/cgroup); do + mkdir -p "$CGROUP/$SUBSYS" + if ! mountpoint -q $CGROUP/$SUBSYS; then + mount -n -t cgroup -o "$SUBSYS" cgroup "$CGROUP/$SUBSYS" + fi # The two following sections address a bug which manifests itself # by a cryptic "lxc-start: no ns_cgroup option specified" when @@ -49,45 +52,37 @@ do # Systemd and OpenRC (and possibly others) both create such a # cgroup. To avoid the aforementioned bug, we symlink "foo" to # "name=foo". This shouldn't have any adverse effect. - echo $SUBSYS | grep -q ^name= && { - NAME=$(echo $SUBSYS | sed s/^name=//) - ln -s $SUBSYS $CGROUP/$NAME - } + name="${SUBSYS#name=}" + if [ "$name" != "$SUBSYS" ]; then + ln -s "$SUBSYS" "$CGROUP/$name" + fi # Likewise, on at least one system, it has been reported that # systemd would mount the CPU and CPU accounting controllers # (respectively "cpu" and "cpuacct") with "-o cpuacct,cpu" # but on a directory called "cpu,cpuacct" (note the inversion # in the order of the groups). This tries to work around it. - [ $SUBSYS = cpuacct,cpu ] && ln -s $SUBSYS $CGROUP/cpu,cpuacct + if [ "$SUBSYS" = 'cpuacct,cpu' ]; then + ln -s "$SUBSYS" "$CGROUP/cpu,cpuacct" + fi done # Note: as I write those lines, the LXC userland tools cannot setup # a "sub-container" properly if the "devices" cgroup is not in its # own hierarchy. Let's detect this and issue a warning. -grep -q :devices: /proc/1/cgroup || - echo "WARNING: the 'devices' cgroup should be in its own hierarchy." -grep -qw devices /proc/1/cgroup || - echo "WARNING: it looks like the 'devices' cgroup is not mounted." - -# Now, close extraneous file descriptors. -pushd /proc/self/fd >/dev/null -for FD in * -do - case "$FD" in - # Keep stdin/stdout/stderr - [012]) - ;; - # Nuke everything else - *) - eval exec "$FD>&-" - ;; - esac -done -popd >/dev/null +if ! grep -q :devices: /proc/1/cgroup; then + echo >&2 'WARNING: the "devices" cgroup should be in its own hierarchy.' +fi +if ! grep -qw devices /proc/1/cgroup; then + echo >&2 'WARNING: it looks like the "devices" cgroup is not mounted.' +fi # Mount /tmp mount -t tmpfs none /tmp -[ "$1" ] && exec "$@" -echo "You probably want to run hack/make.sh, or maybe a shell?" +if [ $# -gt 0 ]; then + exec "$@" +fi + +echo >&2 'ERROR: No command specified.' +echo >&2 'You probably want to run hack/make.sh, or maybe a shell?' diff --git a/hack/make.sh b/hack/make.sh index 46df398c57..8636756c87 100755 --- a/hack/make.sh +++ b/hack/make.sh @@ -45,7 +45,7 @@ DEFAULT_BUNDLES=( binary - test + test-unit test-integration test-integration-cli diff --git a/hack/make/.ensure-busybox b/hack/make/.ensure-busybox new file mode 100644 index 0000000000..3861faaf11 --- /dev/null +++ b/hack/make/.ensure-busybox @@ -0,0 +1,10 @@ +#!/bin/bash + +if ! docker inspect busybox &> /dev/null; then + if [ -d /docker-busybox ]; then + source "$(dirname "$BASH_SOURCE")/.ensure-scratch" + ( set -x; docker build -t busybox /docker-busybox ) + else + ( set -x; docker pull busybox ) + fi +fi diff --git a/hack/make/.ensure-scratch b/hack/make/.ensure-scratch new file mode 100644 index 0000000000..487e85ae27 --- /dev/null +++ b/hack/make/.ensure-scratch @@ -0,0 +1,21 @@ +#!/bin/bash + +if ! docker inspect scratch &> /dev/null; then + # let's build a "docker save" tarball for "scratch" + # see https://github.com/dotcloud/docker/pull/5262 + # and also https://github.com/dotcloud/docker/issues/4242 + mkdir -p /docker-scratch + ( + cd /docker-scratch + echo '{"scratch":{"latest":"511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158"}}' > repositories + mkdir -p 511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158 + ( + cd 511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158 + echo '{"id":"511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158","comment":"Imported from -","created":"2013-06-13T14:03:50.821769-07:00","container_config":{"Hostname":"","Domainname":"","User":"","Memory":0,"MemorySwap":0,"CpuShares":0,"AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"PortSpecs":null,"ExposedPorts":null,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":null,"Image":"","Volumes":null,"WorkingDir":"","Entrypoint":null,"NetworkDisabled":false,"OnBuild":null},"docker_version":"0.4.0","architecture":"x86_64","Size":0}' > json + echo '1.0' > VERSION + tar -cf layer.tar --files-from /dev/null + ) + ) + ( set -x; tar -cf /docker-scratch.tar -C /docker-scratch . ) + ( set -x; docker load --input /docker-scratch.tar ) +fi diff --git a/hack/make/test-integration-cli b/hack/make/test-integration-cli index 703c9cd95c..f2128a26ac 100644 --- a/hack/make/test-integration-cli +++ b/hack/make/test-integration-cli @@ -13,12 +13,15 @@ bundle_test_integration_cli() { # subshell so that we can export PATH without breaking other things ( export PATH="$DEST/../binary:$DEST/../dynbinary:$PATH" - + if ! command -v docker &> /dev/null; then echo >&2 'error: binary or dynbinary must be run before test-integration-cli' false fi - + + # intentionally open a couple bogus file descriptors to help test that they get scrubbed in containers + exec 41>&1 42>&2 + ( set -x; exec \ docker --daemon --debug \ --storage-driver "$DOCKER_GRAPHDRIVER" \ @@ -26,20 +29,14 @@ bundle_test_integration_cli() { --pidfile "$DEST/docker.pid" \ &> "$DEST/docker.log" ) & - + # pull the busybox image before running the tests sleep 2 - - if ! docker inspect busybox &> /dev/null; then - if [ -d /docker-busybox ]; then - ( set -x; docker build -t busybox /docker-busybox ) - else - ( set -x; docker pull busybox ) - fi - fi + + source "$(dirname "$BASH_SOURCE")/.ensure-busybox" bundle_test_integration_cli - + DOCKERD_PID=$(set -x; cat $DEST/docker.pid) ( set -x; kill $DOCKERD_PID ) wait $DOCKERD_PID || true diff --git a/hack/make/test b/hack/make/test-unit similarity index 80% rename from hack/make/test rename to hack/make/test-unit index 183ce95c24..066865859c 100644 --- a/hack/make/test +++ b/hack/make/test-unit @@ -11,14 +11,19 @@ TEXTRESET=$'\033[0m' # reset the foreground colour # If $TESTFLAGS is set in the environment, it is passed as extra arguments to 'go test'. # You can use this to select certain tests to run, eg. # -# TESTFLAGS='-run ^TestBuild$' ./hack/make.sh test +# TESTFLAGS='-run ^TestBuild$' ./hack/make.sh test-unit # -bundle_test() { +bundle_test_unit() { { date + # Run all the tests if no TESTDIRS were specified. + if [ -z "$TESTDIRS" ]; then + TESTDIRS=$(find_dirs '*_test.go') + fi + TESTS_FAILED=() - for test_dir in $(find_dirs '*_test.go'); do + for test_dir in $TESTDIRS; do echo if ! LDFLAGS="$LDFLAGS $LDFLAGS_STATIC_DOCKER" go_test_dir "$test_dir"; then @@ -47,4 +52,4 @@ bundle_test() { } 2>&1 | tee $DEST/test.log } -bundle_test +bundle_test_unit diff --git a/hack/make/ubuntu b/hack/make/ubuntu index ae0f8d6137..751eacf868 100644 --- a/hack/make/ubuntu +++ b/hack/make/ubuntu @@ -135,7 +135,7 @@ EOF --deb-recommends ca-certificates \ --deb-recommends git \ --deb-recommends xz-utils \ - --deb-suggests cgroup-lite \ + --deb-recommends 'cgroupfs-mount | cgroup-lite' \ --description "$PACKAGE_DESCRIPTION" \ --maintainer "$PACKAGE_MAINTAINER" \ --conflicts docker \ diff --git a/hack/release.sh b/hack/release.sh index d77d454e27..8642a4edb9 100755 --- a/hack/release.sh +++ b/hack/release.sh @@ -54,7 +54,7 @@ RELEASE_BUNDLES=( if [ "$1" != '--release-regardless-of-test-failure' ]; then RELEASE_BUNDLES=( - test test-integration + test-unit test-integration "${RELEASE_BUNDLES[@]}" test-integration-cli ) diff --git a/hack/vendor.sh b/hack/vendor.sh index 4200d90867..79322cd9af 100755 --- a/hack/vendor.sh +++ b/hack/vendor.sh @@ -59,5 +59,5 @@ rm -rf src/code.google.com/p/go mkdir -p src/code.google.com/p/go/src/pkg/archive mv tmp-tar src/code.google.com/p/go/src/pkg/archive/tar -clone git github.com/godbus/dbus cb98efbb933d8389ab549a060e880ea3c375d213 -clone git github.com/coreos/go-systemd 4c14ed39b8a643ac44b4f95b5a53c00e94261475 +clone git github.com/godbus/dbus v1 +clone git github.com/coreos/go-systemd v1 diff --git a/image/image.go b/image/image.go index 239e5cc055..b56cbf08ee 100644 --- a/image/image.go +++ b/image/image.go @@ -98,7 +98,7 @@ func StoreImage(img *Image, jsonData []byte, layerData archive.ArchiveReader, ro return err } } else { - parent, err := driver.Get(img.Parent) + parent, err := driver.Get(img.Parent, "") if err != nil { return err } @@ -159,7 +159,7 @@ func (img *Image) TarLayer() (arch archive.Archive, err error) { return differ.Diff(img.ID) } - imgFs, err := driver.Get(img.ID) + imgFs, err := driver.Get(img.ID, "") if err != nil { return nil, err } @@ -182,7 +182,7 @@ func (img *Image) TarLayer() (arch archive.Archive, err error) { }), nil } - parentFs, err := driver.Get(img.Parent) + parentFs, err := driver.Get(img.Parent, "") if err != nil { return nil, err } diff --git a/integration-cli/docker_cli_links_test.go b/integration-cli/docker_cli_links_test.go new file mode 100644 index 0000000000..55c41e0bbc --- /dev/null +++ b/integration-cli/docker_cli_links_test.go @@ -0,0 +1,30 @@ +package main + +import ( + "fmt" + "os/exec" + "testing" +) + +func TestPingUnlinkedContainers(t *testing.T) { + runCmd := exec.Command(dockerBinary, "run", "--rm", "busybox", "sh", "-c", "ping -c 1 alias1 -W 1 && ping -c 1 alias2 -W 1") + exitCode, err := runCommand(runCmd) + + if exitCode == 0 { + t.Fatal("run ping did not fail") + } else if exitCode != 1 { + errorOut(err, t, fmt.Sprintf("run ping failed with errors: %v", err)) + } +} + +func TestPingLinkedContainers(t *testing.T) { + var out string + out, _, _ = cmd(t, "run", "-d", "--name", "container1", "busybox", "sleep", "10") + idA := stripTrailingCharacters(out) + out, _, _ = cmd(t, "run", "-d", "--name", "container2", "busybox", "sleep", "10") + idB := stripTrailingCharacters(out) + cmd(t, "run", "--rm", "--link", "container1:alias1", "--link", "container2:alias2", "busybox", "sh", "-c", "ping -c 1 alias1 -W 1 && ping -c 1 alias2 -W 1") + cmd(t, "kill", idA) + cmd(t, "kill", idB) + deleteAllContainers() +} diff --git a/integration-cli/docker_cli_logs_test.go b/integration-cli/docker_cli_logs_test.go index 8fcf4d7333..75235b6bb8 100644 --- a/integration-cli/docker_cli_logs_test.go +++ b/integration-cli/docker_cli_logs_test.go @@ -3,7 +3,10 @@ package main import ( "fmt" "os/exec" + "regexp" + "strings" "testing" + "time" ) // This used to work, it test a log of PageSize-1 (gh#4851) @@ -74,3 +77,95 @@ func TestLogsContainerMuchBiggerThanPage(t *testing.T) { logDone("logs - logs container running echo much bigger than page size") } + +func TestLogsTimestamps(t *testing.T) { + testLen := 100 + runCmd := exec.Command(dockerBinary, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("for i in $(seq 1 %d); do echo =; done;", testLen)) + + out, _, _, err := runCommandWithStdoutStderr(runCmd) + errorOut(err, t, fmt.Sprintf("run failed with errors: %v", err)) + + cleanedContainerID := stripTrailingCharacters(out) + exec.Command(dockerBinary, "wait", cleanedContainerID).Run() + + logsCmd := exec.Command(dockerBinary, "logs", "-t", cleanedContainerID) + out, _, _, err = runCommandWithStdoutStderr(logsCmd) + errorOut(err, t, fmt.Sprintf("failed to log container: %v %v", out, err)) + + lines := strings.Split(out, "\n") + + if len(lines) != testLen+1 { + t.Fatalf("Expected log %d lines, received %d\n", testLen+1, len(lines)) + } + + ts := regexp.MustCompile(`^\[.*?\]`) + + for _, l := range lines { + if l != "" { + _, err := time.Parse("["+time.StampMilli+"]", ts.FindString(l)) + if err != nil { + t.Fatalf("Failed to parse timestamp from %v: %v", l, err) + } + } + } + + deleteContainer(cleanedContainerID) + + logDone("logs - logs with timestamps") +} + +func TestLogsSeparateStderr(t *testing.T) { + msg := "stderr_log" + runCmd := exec.Command(dockerBinary, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("echo %s 1>&2", msg)) + + out, _, _, err := runCommandWithStdoutStderr(runCmd) + errorOut(err, t, fmt.Sprintf("run failed with errors: %v", err)) + + cleanedContainerID := stripTrailingCharacters(out) + exec.Command(dockerBinary, "wait", cleanedContainerID).Run() + + logsCmd := exec.Command(dockerBinary, "logs", cleanedContainerID) + stdout, stderr, _, err := runCommandWithStdoutStderr(logsCmd) + errorOut(err, t, fmt.Sprintf("failed to log container: %v %v", out, err)) + + if stdout != "" { + t.Fatalf("Expected empty stdout stream, got %v", stdout) + } + + stderr = strings.TrimSpace(stderr) + if stderr != msg { + t.Fatalf("Expected %v in stderr stream, got %v", msg, stderr) + } + + deleteContainer(cleanedContainerID) + + logDone("logs - separate stderr (without pseudo-tty)") +} + +func TestLogsStderrInStdout(t *testing.T) { + msg := "stderr_log" + runCmd := exec.Command(dockerBinary, "run", "-d", "-t", "busybox", "sh", "-c", fmt.Sprintf("echo %s 1>&2", msg)) + + out, _, _, err := runCommandWithStdoutStderr(runCmd) + errorOut(err, t, fmt.Sprintf("run failed with errors: %v", err)) + + cleanedContainerID := stripTrailingCharacters(out) + exec.Command(dockerBinary, "wait", cleanedContainerID).Run() + + logsCmd := exec.Command(dockerBinary, "logs", cleanedContainerID) + stdout, stderr, _, err := runCommandWithStdoutStderr(logsCmd) + errorOut(err, t, fmt.Sprintf("failed to log container: %v %v", out, err)) + + if stderr != "" { + t.Fatalf("Expected empty stderr stream, got %v", stdout) + } + + stdout = strings.TrimSpace(stdout) + if stdout != msg { + t.Fatalf("Expected %v in stdout stream, got %v", msg, stdout) + } + + deleteContainer(cleanedContainerID) + + logDone("logs - stderr in stdout (with pseudo-tty)") +} diff --git a/integration-cli/docker_cli_run_test.go b/integration-cli/docker_cli_run_test.go index d356f5f4de..b9737feeea 100644 --- a/integration-cli/docker_cli_run_test.go +++ b/integration-cli/docker_cli_run_test.go @@ -4,6 +4,7 @@ import ( "fmt" "os" "os/exec" + "path/filepath" "regexp" "sort" "strings" @@ -91,6 +92,22 @@ func TestDockerRunEchoNamedContainer(t *testing.T) { logDone("run - echo with named container") } +// docker run should not leak file descriptors +func TestDockerRunLeakyFileDescriptors(t *testing.T) { + runCmd := exec.Command(dockerBinary, "run", "busybox", "ls", "-C", "/proc/self/fd") + out, _, _, err := runCommandWithStdoutStderr(runCmd) + errorOut(err, t, out) + + // normally, we should only get 0, 1, and 2, but 3 gets created by "ls" when it does "opendir" on the "fd" directory + if out != "0 1 2 3\n" { + t.Errorf("container should've printed '0 1 2 3', not: %s", out) + } + + deleteAllContainers() + + logDone("run - check file descriptor leakage") +} + // it should be possible to ping Google DNS resolver // this will fail when Internet access is unavailable func TestDockerRunPingGoogle(t *testing.T) { @@ -424,6 +441,48 @@ func TestCreateVolume(t *testing.T) { logDone("run - create docker mangaed volume") } +// Test that creating a volume with a symlink in its path works correctly. Test for #5152. +// Note that this bug happens only with symlinks with a target that starts with '/'. +func TestVolumeWithSymlink(t *testing.T) { + buildDirectory := filepath.Join(workingDirectory, "run_tests", "TestVolumeWithSymlink") + buildCmd := exec.Command(dockerBinary, "build", "-t", "docker-test-volumewithsymlink", ".") + buildCmd.Dir = buildDirectory + err := buildCmd.Run() + if err != nil { + t.Fatal("could not build 'docker-test-volumewithsymlink': %v", err) + } + + cmd := exec.Command(dockerBinary, "run", "-v", "/bar/foo", "--name", "test-volumewithsymlink", "docker-test-volumewithsymlink", "sh", "-c", "mount | grep -q /foo/foo") + exitCode, err := runCommand(cmd) + if err != nil || exitCode != 0 { + t.Fatal("[run] err: %v, exitcode: %d", err, exitCode) + } + + var volPath string + cmd = exec.Command(dockerBinary, "inspect", "-f", "{{range .Volumes}}{{.}}{{end}}", "test-volumewithsymlink") + volPath, exitCode, err = runCommandWithOutput(cmd) + if err != nil || exitCode != 0 { + t.Fatal("[inspect] err: %v, exitcode: %d", err, exitCode) + } + + cmd = exec.Command(dockerBinary, "rm", "-v", "test-volumewithsymlink") + exitCode, err = runCommand(cmd) + if err != nil || exitCode != 0 { + t.Fatal("[rm] err: %v, exitcode: %d", err, exitCode) + } + + f, err := os.Open(volPath) + defer f.Close() + if !os.IsNotExist(err) { + t.Fatal("[open] (expecting 'file does not exist' error) err: %v, volPath: %s", err, volPath) + } + + deleteImages("docker-test-volumewithsymlink") + deleteAllContainers() + + logDone("run - volume with symlink") +} + func TestExitCode(t *testing.T) { cmd := exec.Command(dockerBinary, "run", "busybox", "/bin/sh", "-c", "exit 72") @@ -665,3 +724,47 @@ func TestUnPrivilegedCannotMount(t *testing.T) { logDone("run - test un-privileged cannot mount") } + +func TestSysNotWritableInNonPrivilegedContainers(t *testing.T) { + cmd := exec.Command(dockerBinary, "run", "busybox", "touch", "/sys/kernel/profiling") + if code, err := runCommand(cmd); err == nil || code == 0 { + t.Fatal("sys should not be writable in a non privileged container") + } + + deleteAllContainers() + + logDone("run - sys not writable in non privileged container") +} + +func TestSysWritableInPrivilegedContainers(t *testing.T) { + cmd := exec.Command(dockerBinary, "run", "--privileged", "busybox", "touch", "/sys/kernel/profiling") + if code, err := runCommand(cmd); err != nil || code != 0 { + t.Fatalf("sys should be writable in privileged container") + } + + deleteAllContainers() + + logDone("run - sys writable in privileged container") +} + +func TestProcNotWritableInNonPrivilegedContainers(t *testing.T) { + cmd := exec.Command(dockerBinary, "run", "busybox", "touch", "/proc/sysrq-trigger") + if code, err := runCommand(cmd); err == nil || code == 0 { + t.Fatal("proc should not be writable in a non privileged container") + } + + deleteAllContainers() + + logDone("run - proc not writable in non privileged container") +} + +func TestProcWritableInPrivilegedContainers(t *testing.T) { + cmd := exec.Command(dockerBinary, "run", "--privileged", "busybox", "touch", "/proc/sysrq-trigger") + if code, err := runCommand(cmd); err != nil || code != 0 { + t.Fatalf("proc should be writable in privileged container") + } + + deleteAllContainers() + + logDone("run - proc writable in privileged container") +} diff --git a/integration-cli/run_tests/TestVolumeWithSymlink/Dockerfile b/integration-cli/run_tests/TestVolumeWithSymlink/Dockerfile new file mode 100644 index 0000000000..46bed8540b --- /dev/null +++ b/integration-cli/run_tests/TestVolumeWithSymlink/Dockerfile @@ -0,0 +1,3 @@ +FROM busybox + +RUN mkdir /foo && ln -s /foo /bar diff --git a/integration/MAINTAINERS b/integration/MAINTAINERS new file mode 100644 index 0000000000..d7bef621cf --- /dev/null +++ b/integration/MAINTAINERS @@ -0,0 +1,4 @@ +Solomon Hykes (@shykes) +# WE ARE LOOKING FOR VOLUNTEERS TO HELP CLEAN THIS UP. +# TO VOLUNTEER PLEASE OPEN A PULL REQUEST ADDING YOURSELF TO THIS FILE. +# WE WILL HELP YOU GET STARTED. THANKS! diff --git a/integration/README.md b/integration/README.md new file mode 100644 index 0000000000..41f43a4ba7 --- /dev/null +++ b/integration/README.md @@ -0,0 +1,23 @@ +## Legacy integration tests + +`./integration` contains Docker's legacy integration tests. +It is DEPRECATED and will eventually be removed. + +### If you are a *CONTRIBUTOR* and want to add a test: + +* Consider mocking out side effects and contributing a *unit test* in the subsystem +you're modifying. For example, the remote API has unit tests in `./api/server/server_unit_tests.go`. +The events subsystem has unit tests in `./events/events_test.go`. And so on. + +* For end-to-end integration tests, please contribute to `./integration-cli`. + + +### If you are a *MAINTAINER* + +Please don't allow patches adding new tests to `./integration`. + +### If you are *LOOKING FOR A WAY TO HELP* + +Please consider porting tests away from `./integration` and into either unit tests or CLI tests. + +Any help will be greatly appreciated! diff --git a/integration/container_test.go b/integration/container_test.go index 67b2783ce9..8fe52a3cd6 100644 --- a/integration/container_test.go +++ b/integration/container_test.go @@ -407,7 +407,7 @@ func TestCopyVolumeUidGid(t *testing.T) { defer r.Nuke() // Add directory not owned by root - container1, _, _ := mkContainer(r, []string{"_", "/bin/sh", "-c", "mkdir -p /hello && touch /hello/test.txt && chown daemon.daemon /hello"}, t) + container1, _, _ := mkContainer(r, []string{"_", "/bin/sh", "-c", "mkdir -p /hello && touch /hello/test && chown daemon.daemon /hello"}, t) defer r.Destroy(container1) if container1.State.IsRunning() { @@ -432,6 +432,32 @@ func TestCopyVolumeUidGid(t *testing.T) { if !strings.Contains(stdout1, "daemon daemon") { t.Fatal("Container failed to transfer uid and gid to volume") } + + container2, _, _ := mkContainer(r, []string{"_", "/bin/sh", "-c", "mkdir -p /hello && chown daemon.daemon /hello"}, t) + defer r.Destroy(container1) + + if container2.State.IsRunning() { + t.Errorf("Container shouldn't be running") + } + if err := container2.Run(); err != nil { + t.Fatal(err) + } + if container2.State.IsRunning() { + t.Errorf("Container shouldn't be running") + } + + img2, err := r.Commit(container2, "", "", "unit test commited image", "", nil) + if err != nil { + t.Error(err) + } + + // Test that the uid and gid is copied from the image to the volume + tmpDir2 := tempDir(t) + defer os.RemoveAll(tmpDir2) + stdout2, _ := runContainer(eng, r, []string{"-v", "/hello", img2.ID, "stat", "-c", "%U %G", "/hello"}, t) + if !strings.Contains(stdout2, "daemon daemon") { + t.Fatal("Container failed to transfer uid and gid to volume") + } } // Test for #1582 diff --git a/integration/graph_test.go b/integration/graph_test.go index a7a8137284..c29055edfc 100644 --- a/integration/graph_test.go +++ b/integration/graph_test.go @@ -43,7 +43,7 @@ func TestMount(t *testing.T) { t.Fatal(err) } - if _, err := driver.Get(image.ID); err != nil { + if _, err := driver.Get(image.ID, ""); err != nil { t.Fatal(err) } } diff --git a/integration/https_test.go b/integration/https_test.go index 0b4abea881..34c16cf9f9 100644 --- a/integration/https_test.go +++ b/integration/https_test.go @@ -3,10 +3,12 @@ package docker import ( "crypto/tls" "crypto/x509" - "github.com/dotcloud/docker/api/client" "io/ioutil" + "strings" "testing" "time" + + "github.com/dotcloud/docker/api/client" ) const ( @@ -56,7 +58,7 @@ func TestHttpsInfoRogueCert(t *testing.T) { if err == nil { t.Fatal("Expected error but got nil") } - if err.Error() != errBadCertificate { + if !strings.Contains(err.Error(), errBadCertificate) { t.Fatalf("Expected error: %s, got instead: %s", errBadCertificate, err) } }) @@ -74,7 +76,7 @@ func TestHttpsInfoRogueServerCert(t *testing.T) { t.Fatal("Expected error but got nil") } - if err.Error() != errCaUnknown { + if !strings.Contains(err.Error(), errCaUnknown) { t.Fatalf("Expected error: %s, got instead: %s", errBadCertificate, err) } diff --git a/integration/runtime_test.go b/integration/runtime_test.go index 38b3277afd..c84ea5bed2 100644 --- a/integration/runtime_test.go +++ b/integration/runtime_test.go @@ -627,7 +627,7 @@ func TestRestore(t *testing.T) { // Here are are simulating a docker restart - that is, reloading all containers // from scratch - eng = newTestEngine(t, false, eng.Root()) + eng = newTestEngine(t, false, daemon1.Config().Root) daemon2 := mkDaemonFromEngine(eng, t) if len(daemon2.List()) != 2 { t.Errorf("Expected 2 container, %v found", len(daemon2.List())) @@ -874,12 +874,12 @@ func TestDestroyWithInitLayer(t *testing.T) { driver := daemon.Graph().Driver() // Make sure that the container does not exist in the driver - if _, err := driver.Get(container.ID); err == nil { + if _, err := driver.Get(container.ID, ""); err == nil { t.Fatal("Conttainer should not exist in the driver") } // Make sure that the init layer is removed from the driver - if _, err := driver.Get(fmt.Sprintf("%s-init", container.ID)); err == nil { + if _, err := driver.Get(fmt.Sprintf("%s-init", container.ID), ""); err == nil { t.Fatal("Container's init layer should not exist in the driver") } } diff --git a/integration/server_test.go b/integration/server_test.go index cb3063ded7..226247556d 100644 --- a/integration/server_test.go +++ b/integration/server_test.go @@ -149,7 +149,7 @@ func TestRestartKillWait(t *testing.T) { t.Fatal(err) } - eng = newTestEngine(t, false, eng.Root()) + eng = newTestEngine(t, false, runtime.Config().Root) srv = mkServerFromEngine(eng, t) job = srv.Eng.Job("containers") diff --git a/integration/utils_test.go b/integration/utils_test.go index ab9ca5b72d..6901662ce6 100644 --- a/integration/utils_test.go +++ b/integration/utils_test.go @@ -181,10 +181,9 @@ func newTestEngine(t utils.Fataler, autorestart bool, root string) *engine.Engin root = dir } } - eng, err := engine.New(root) - if err != nil { - t.Fatal(err) - } + os.MkdirAll(root, 0700) + + eng := engine.New() // Load default plugins builtins.Register(eng) // (This is manually copied and modified from main() until we have a more generic plugin system) diff --git a/nat/nat.go b/nat/nat.go index f3af362f8b..7aad775d70 100644 --- a/nat/nat.go +++ b/nat/nat.go @@ -69,7 +69,7 @@ func SplitProtoPort(rawPort string) (string, string) { if l == 1 { return "tcp", rawPort } - return parts[0], parts[1] + return parts[1], parts[0] } // We will receive port specs in the format of ip:public:private/proto and these need to be diff --git a/pkg/apparmor/apparmor.go b/pkg/apparmor/apparmor.go index 0987398124..704ee29ed0 100644 --- a/pkg/apparmor/apparmor.go +++ b/pkg/apparmor/apparmor.go @@ -13,14 +13,14 @@ import ( ) func IsEnabled() bool { - if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil { + if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil && os.Getenv("container") == "" { buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled") return err == nil && len(buf) > 1 && buf[0] == 'Y' } return false } -func ApplyProfile(pid int, name string) error { +func ApplyProfile(name string) error { if name == "" { return nil } diff --git a/pkg/apparmor/apparmor_disabled.go b/pkg/apparmor/apparmor_disabled.go index 77543e4a87..8d86ce9d4a 100644 --- a/pkg/apparmor/apparmor_disabled.go +++ b/pkg/apparmor/apparmor_disabled.go @@ -2,12 +2,10 @@ package apparmor -import () - func IsEnabled() bool { return false } -func ApplyProfile(pid int, name string) error { +func ApplyProfile(name string) error { return nil } diff --git a/pkg/apparmor/setup.go b/pkg/apparmor/setup.go index 2401f63414..ef6333a01a 100644 --- a/pkg/apparmor/setup.go +++ b/pkg/apparmor/setup.go @@ -69,15 +69,8 @@ func InstallDefaultProfile(backupPath string) error { cmd.Dir = "/etc/apparmor.d" output, err := cmd.CombinedOutput() - if err != nil && !os.IsNotExist(err) { - if e, ok := err.(*exec.Error); ok { - // keeping with the current profile load code, if the parser does not - // exist then just return - if e.Err == exec.ErrNotFound || os.IsNotExist(e.Err) { - return nil - } - } - return fmt.Errorf("Error loading docker profile: %s (%s)", err, output) + if err != nil { + return fmt.Errorf("Error loading docker apparmor profile: %s (%s)", err, output) } return nil } diff --git a/pkg/beam/MAINTAINERS b/pkg/beam/MAINTAINERS index db33365bcd..aee10c8421 100644 --- a/pkg/beam/MAINTAINERS +++ b/pkg/beam/MAINTAINERS @@ -1 +1 @@ -Solomon Hykes +Solomon Hykes (@shykes) diff --git a/pkg/beam/unix.go b/pkg/beam/unix.go index b480c47eb9..b2d0d94150 100644 --- a/pkg/beam/unix.go +++ b/pkg/beam/unix.go @@ -21,6 +21,43 @@ func debugCheckpoint(msg string, args ...interface{}) { type UnixConn struct { *net.UnixConn + fds []*os.File +} + +// Framing: +// In order to handle framing in Send/Recieve, as these give frame +// boundaries we use a very simple 4 bytes header. It is a big endiand +// uint32 where the high bit is set if the message includes a file +// descriptor. The rest of the uint32 is the length of the next frame. +// We need the bit in order to be able to assign recieved fds to +// the right message, as multiple messages may be coalesced into +// a single recieve operation. +func makeHeader(data []byte, fds []int) ([]byte, error) { + header := make([]byte, 4) + + length := uint32(len(data)) + + if length > 0x7fffffff { + return nil, fmt.Errorf("Data to large") + } + + if len(fds) != 0 { + length = length | 0x80000000 + } + header[0] = byte((length >> 24) & 0xff) + header[1] = byte((length >> 16) & 0xff) + header[2] = byte((length >> 8) & 0xff) + header[3] = byte((length >> 0) & 0xff) + + return header, nil +} + +func parseHeader(header []byte) (uint32, bool) { + length := uint32(header[0])<<24 | uint32(header[1])<<16 | uint32(header[2])<<8 | uint32(header[3]) + hasFd := length&0x80000000 != 0 + length = length & ^uint32(0x80000000) + + return length, hasFd } func FileConn(f *os.File) (*UnixConn, error) { @@ -33,7 +70,7 @@ func FileConn(f *os.File) (*UnixConn, error) { conn.Close() return nil, fmt.Errorf("%d: not a unix connection", f.Fd()) } - return &UnixConn{uconn}, nil + return &UnixConn{UnixConn: uconn}, nil } @@ -52,7 +89,7 @@ func (conn *UnixConn) Send(data []byte, f *os.File) error { if f != nil { fds = append(fds, int(f.Fd())) } - if err := sendUnix(conn.UnixConn, data, fds...); err != nil { + if err := conn.sendUnix(data, fds...); err != nil { return err } @@ -76,42 +113,104 @@ func (conn *UnixConn) Receive() (rdata []byte, rf *os.File, rerr error) { } debugCheckpoint("===DEBUG=== Receive() -> '%s'[%d]. Hit enter to continue.\n", rdata, fd) }() - for { - data, fds, err := receiveUnix(conn.UnixConn) + + // Read header + header := make([]byte, 4) + nRead := uint32(0) + + for nRead < 4 { + n, err := conn.receiveUnix(header[nRead:]) if err != nil { return nil, nil, err } - var f *os.File - if len(fds) > 1 { - for _, fd := range fds[1:] { - syscall.Close(fd) - } - } - if len(fds) >= 1 { - f = os.NewFile(uintptr(fds[0]), "") - } - return data, f, nil + nRead = nRead + uint32(n) } - panic("impossibru") - return nil, nil, nil + + length, hasFd := parseHeader(header) + + if hasFd { + if len(conn.fds) == 0 { + return nil, nil, fmt.Errorf("No expected file descriptor in message") + } + + rf = conn.fds[0] + conn.fds = conn.fds[1:] + } + + rdata = make([]byte, length) + + nRead = 0 + for nRead < length { + n, err := conn.receiveUnix(rdata[nRead:]) + if err != nil { + return nil, nil, err + } + nRead = nRead + uint32(n) + } + + return } -func receiveUnix(conn *net.UnixConn) ([]byte, []int, error) { - buf := make([]byte, 4096) - oob := make([]byte, 4096) +func (conn *UnixConn) receiveUnix(buf []byte) (int, error) { + oob := make([]byte, syscall.CmsgSpace(4)) bufn, oobn, _, _, err := conn.ReadMsgUnix(buf, oob) if err != nil { - return nil, nil, err + return 0, err } - return buf[:bufn], extractFds(oob[:oobn]), nil + fd := extractFd(oob[:oobn]) + if fd != -1 { + f := os.NewFile(uintptr(fd), "") + conn.fds = append(conn.fds, f) + } + + return bufn, nil } -func sendUnix(conn *net.UnixConn, data []byte, fds ...int) error { - _, _, err := conn.WriteMsgUnix(data, syscall.UnixRights(fds...), nil) - return err +func (conn *UnixConn) sendUnix(data []byte, fds ...int) error { + header, err := makeHeader(data, fds) + if err != nil { + return err + } + + // There is a bug in conn.WriteMsgUnix where it doesn't correctly return + // the number of bytes writte (http://code.google.com/p/go/issues/detail?id=7645) + // So, we can't rely on the return value from it. However, we must use it to + // send the fds. In order to handle this we only write one byte using WriteMsgUnix + // (when we have to), as that can only ever block or fully suceed. We then write + // the rest with conn.Write() + // The reader side should not rely on this though, as hopefully this gets fixed + // in go later. + written := 0 + if len(fds) != 0 { + oob := syscall.UnixRights(fds...) + wrote, _, err := conn.WriteMsgUnix(header[0:1], oob, nil) + if err != nil { + return err + } + written = written + wrote + } + + for written < len(header) { + wrote, err := conn.Write(header[written:]) + if err != nil { + return err + } + written = written + wrote + } + + written = 0 + for written < len(data) { + wrote, err := conn.Write(data[written:]) + if err != nil { + return err + } + written = written + wrote + } + + return nil } -func extractFds(oob []byte) (fds []int) { +func extractFd(oob []byte) int { // Grab forklock to make sure no forks accidentally inherit the new // fds before they are made CLOEXEC // There is a slight race condition between ReadMsgUnix returns and @@ -122,20 +221,27 @@ func extractFds(oob []byte) (fds []int) { defer syscall.ForkLock.Unlock() scms, err := syscall.ParseSocketControlMessage(oob) if err != nil { - return + return -1 } + + foundFd := -1 for _, scm := range scms { - gotFds, err := syscall.ParseUnixRights(&scm) + fds, err := syscall.ParseUnixRights(&scm) if err != nil { continue } - fds = append(fds, gotFds...) for _, fd := range fds { - syscall.CloseOnExec(fd) + if foundFd == -1 { + syscall.CloseOnExec(fd) + foundFd = fd + } else { + syscall.Close(fd) + } } } - return + + return foundFd } func socketpair() ([2]int, error) { diff --git a/pkg/beam/unix_test.go b/pkg/beam/unix_test.go index 09815aa0d6..976f089c23 100644 --- a/pkg/beam/unix_test.go +++ b/pkg/beam/unix_test.go @@ -25,6 +25,30 @@ func TestSocketPair(t *testing.T) { fmt.Printf("still open: %v\n", a.Fd()) } +func TestUSocketPair(t *testing.T) { + a, b, err := USocketPair() + if err != nil { + t.Fatal(err) + } + + data := "hello world!" + go func() { + a.Write([]byte(data)) + a.Close() + }() + res := make([]byte, 1024) + size, err := b.Read(res) + if err != nil { + t.Fatal(err) + } + if size != len(data) { + t.Fatal("Unexpected size") + } + if string(res[0:size]) != data { + t.Fatal("Unexpected data") + } +} + func TestSendUnixSocket(t *testing.T) { a1, a2, err := USocketPair() if err != nil { @@ -83,4 +107,131 @@ func TestSendUnixSocket(t *testing.T) { t.Fatal(err) } fmt.Printf("---> %s\n", data) + +} + +// Ensure we get proper segmenting of messages +func TestSendSegmenting(t *testing.T) { + a, b, err := USocketPair() + if err != nil { + t.Fatal(err) + } + defer a.Close() + defer b.Close() + + extrafd1, extrafd2, err := SocketPair() + if err != nil { + t.Fatal(err) + } + extrafd2.Close() + + go func() { + a.Send([]byte("message 1"), nil) + a.Send([]byte("message 2"), extrafd1) + a.Send([]byte("message 3"), nil) + }() + + msg1, file1, err := b.Receive() + if err != nil { + t.Fatal(err) + } + if string(msg1) != "message 1" { + t.Fatal("unexpected msg1:", string(msg1)) + } + if file1 != nil { + t.Fatal("unexpectedly got file1") + } + + msg2, file2, err := b.Receive() + if err != nil { + t.Fatal(err) + } + if string(msg2) != "message 2" { + t.Fatal("unexpected msg2:", string(msg2)) + } + if file2 == nil { + t.Fatal("didn't get file2") + } + file2.Close() + + msg3, file3, err := b.Receive() + if err != nil { + t.Fatal(err) + } + if string(msg3) != "message 3" { + t.Fatal("unexpected msg3:", string(msg3)) + } + if file3 != nil { + t.Fatal("unexpectedly got file3") + } + +} + +// Test sending a zero byte message +func TestSendEmpty(t *testing.T) { + a, b, err := USocketPair() + if err != nil { + t.Fatal(err) + } + defer a.Close() + defer b.Close() + go func() { + a.Send([]byte{}, nil) + }() + + msg, file, err := b.Receive() + if err != nil { + t.Fatal(err) + } + if len(msg) != 0 { + t.Fatalf("unexpected non-empty message: %v", msg) + } + if file != nil { + t.Fatal("unexpectedly got file") + } + +} + +func makeLarge(size int) []byte { + res := make([]byte, size) + for i := range res { + res[i] = byte(i % 255) + } + return res +} + +func verifyLarge(data []byte, size int) bool { + if len(data) != size { + return false + } + for i := range data { + if data[i] != byte(i%255) { + return false + } + } + return true +} + +// Test sending a large message +func TestSendLarge(t *testing.T) { + a, b, err := USocketPair() + if err != nil { + t.Fatal(err) + } + defer a.Close() + defer b.Close() + go func() { + a.Send(makeLarge(100000), nil) + }() + + msg, file, err := b.Receive() + if err != nil { + t.Fatal(err) + } + if !verifyLarge(msg, 100000) { + t.Fatalf("unexpected message (size %d)", len(msg)) + } + if file != nil { + t.Fatal("unexpectedly got file") + } } diff --git a/pkg/cgroups/cgroups.go b/pkg/cgroups/cgroups.go index 3aac971340..0f93320725 100644 --- a/pkg/cgroups/cgroups.go +++ b/pkg/cgroups/cgroups.go @@ -12,13 +12,17 @@ type Cgroup struct { Name string `json:"name,omitempty"` Parent string `json:"parent,omitempty"` - DeviceAccess bool `json:"device_access,omitempty"` // name of parent cgroup or slice - Memory int64 `json:"memory,omitempty"` // Memory limit (in bytes) - MemorySwap int64 `json:"memory_swap,omitempty"` // Total memory usage (memory + swap); set `-1' to disable swap - CpuShares int64 `json:"cpu_shares,omitempty"` // CPU shares (relative weight vs. other containers) - CpusetCpus string `json:"cpuset_cpus,omitempty"` // CPU to use + DeviceAccess bool `json:"device_access,omitempty"` // name of parent cgroup or slice + Memory int64 `json:"memory,omitempty"` // Memory limit (in bytes) + MemoryReservation int64 `json:"memory_reservation,omitempty"` // Memory reservation or soft_limit (in bytes) + MemorySwap int64 `json:"memory_swap,omitempty"` // Total memory usage (memory + swap); set `-1' to disable swap + CpuShares int64 `json:"cpu_shares,omitempty"` // CPU shares (relative weight vs. other containers) + CpuQuota int64 `json:"cpu_quota,omitempty"` // CPU hardcap limit (in usecs). Allowed cpu time in a given period. + CpuPeriod int64 `json:"cpu_period,omitempty"` // CPU period to be used for hardcapping (in usecs). 0 to use system default. + CpusetCpus string `json:"cpuset_cpus,omitempty"` // CPU to use + Freezer string `json:"freezer,omitempty"` // set the freeze value for the process - UnitProperties [][2]string `json:"unit_properties,omitempty"` // systemd unit properties + Slice string `json:"slice,omitempty"` // Parent slice to use for systemd } type ActiveCgroup interface { diff --git a/pkg/cgroups/fs/apply_raw.go b/pkg/cgroups/fs/apply_raw.go index 60f318e9ef..5f9fc826b3 100644 --- a/pkg/cgroups/fs/apply_raw.go +++ b/pkg/cgroups/fs/apply_raw.go @@ -67,6 +67,7 @@ func Apply(c *cgroups.Cgroup, pid int) (cgroups.ActiveCgroup, error) { } for _, sys := range subsystems { if err := sys.Set(d); err != nil { + d.Cleanup() return nil, err } } diff --git a/pkg/cgroups/fs/blkio_test.go b/pkg/cgroups/fs/blkio_test.go new file mode 100644 index 0000000000..5279ac437b --- /dev/null +++ b/pkg/cgroups/fs/blkio_test.go @@ -0,0 +1,169 @@ +package fs + +import ( + "testing" +) + +const ( + sectorsRecursiveContents = `8:0 1024` + serviceBytesRecursiveContents = `8:0 Read 100 +8:0 Write 400 +8:0 Sync 200 +8:0 Async 300 +8:0 Total 500 +Total 500` + servicedRecursiveContents = `8:0 Read 10 +8:0 Write 40 +8:0 Sync 20 +8:0 Async 30 +8:0 Total 50 +Total 50` + queuedRecursiveContents = `8:0 Read 1 +8:0 Write 4 +8:0 Sync 2 +8:0 Async 3 +8:0 Total 5 +Total 5` +) + +func TestBlkioStats(t *testing.T) { + helper := NewCgroupTestUtil("blkio", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + "blkio.io_service_bytes_recursive": serviceBytesRecursiveContents, + "blkio.io_serviced_recursive": servicedRecursiveContents, + "blkio.io_queued_recursive": queuedRecursiveContents, + "blkio.sectors_recursive": sectorsRecursiveContents, + }) + + blkio := &blkioGroup{} + stats, err := blkio.Stats(helper.CgroupData) + if err != nil { + t.Fatal(err) + } + + // Verify expected stats. + expectedStats := map[string]float64{ + "blkio.sectors_recursive:8:0": 1024.0, + + // Serviced bytes. + "io_service_bytes_recursive:8:0:Read": 100.0, + "io_service_bytes_recursive:8:0:Write": 400.0, + "io_service_bytes_recursive:8:0:Sync": 200.0, + "io_service_bytes_recursive:8:0:Async": 300.0, + "io_service_bytes_recursive:8:0:Total": 500.0, + + // Serviced requests. + "io_serviced_recursive:8:0:Read": 10.0, + "io_serviced_recursive:8:0:Write": 40.0, + "io_serviced_recursive:8:0:Sync": 20.0, + "io_serviced_recursive:8:0:Async": 30.0, + "io_serviced_recursive:8:0:Total": 50.0, + + // Queued requests. + "io_queued_recursive:8:0:Read": 1.0, + "io_queued_recursive:8:0:Write": 4.0, + "io_queued_recursive:8:0:Sync": 2.0, + "io_queued_recursive:8:0:Async": 3.0, + "io_queued_recursive:8:0:Total": 5.0, + } + expectStats(t, expectedStats, stats) +} + +func TestBlkioStatsNoSectorsFile(t *testing.T) { + helper := NewCgroupTestUtil("blkio", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + "blkio.io_service_bytes_recursive": serviceBytesRecursiveContents, + "blkio.io_serviced_recursive": servicedRecursiveContents, + "blkio.io_queued_recursive": queuedRecursiveContents, + }) + + blkio := &blkioGroup{} + _, err := blkio.Stats(helper.CgroupData) + if err == nil { + t.Fatal("Expected to fail, but did not") + } +} + +func TestBlkioStatsNoServiceBytesFile(t *testing.T) { + helper := NewCgroupTestUtil("blkio", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + "blkio.io_serviced_recursive": servicedRecursiveContents, + "blkio.io_queued_recursive": queuedRecursiveContents, + "blkio.sectors_recursive": sectorsRecursiveContents, + }) + + blkio := &blkioGroup{} + _, err := blkio.Stats(helper.CgroupData) + if err == nil { + t.Fatal("Expected to fail, but did not") + } +} + +func TestBlkioStatsNoServicedFile(t *testing.T) { + helper := NewCgroupTestUtil("blkio", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + "blkio.io_service_bytes_recursive": serviceBytesRecursiveContents, + "blkio.io_queued_recursive": queuedRecursiveContents, + "blkio.sectors_recursive": sectorsRecursiveContents, + }) + + blkio := &blkioGroup{} + _, err := blkio.Stats(helper.CgroupData) + if err == nil { + t.Fatal("Expected to fail, but did not") + } +} + +func TestBlkioStatsNoQueuedFile(t *testing.T) { + helper := NewCgroupTestUtil("blkio", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + "blkio.io_service_bytes_recursive": serviceBytesRecursiveContents, + "blkio.io_serviced_recursive": servicedRecursiveContents, + "blkio.sectors_recursive": sectorsRecursiveContents, + }) + + blkio := &blkioGroup{} + _, err := blkio.Stats(helper.CgroupData) + if err == nil { + t.Fatal("Expected to fail, but did not") + } +} + +func TestBlkioStatsUnexpectedNumberOfFields(t *testing.T) { + helper := NewCgroupTestUtil("blkio", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + "blkio.io_service_bytes_recursive": "8:0 Read 100 100", + "blkio.io_serviced_recursive": servicedRecursiveContents, + "blkio.io_queued_recursive": queuedRecursiveContents, + "blkio.sectors_recursive": sectorsRecursiveContents, + }) + + blkio := &blkioGroup{} + _, err := blkio.Stats(helper.CgroupData) + if err == nil { + t.Fatal("Expected to fail, but did not") + } +} + +func TestBlkioStatsUnexpectedFieldType(t *testing.T) { + helper := NewCgroupTestUtil("blkio", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + "blkio.io_service_bytes_recursive": "8:0 Read Write", + "blkio.io_serviced_recursive": servicedRecursiveContents, + "blkio.io_queued_recursive": queuedRecursiveContents, + "blkio.sectors_recursive": sectorsRecursiveContents, + }) + + blkio := &blkioGroup{} + _, err := blkio.Stats(helper.CgroupData) + if err == nil { + t.Fatal("Expected to fail, but did not") + } +} diff --git a/pkg/cgroups/fs/cpu.go b/pkg/cgroups/fs/cpu.go index 8eb0c4ff46..6a7f66c72d 100644 --- a/pkg/cgroups/fs/cpu.go +++ b/pkg/cgroups/fs/cpu.go @@ -1,6 +1,9 @@ package fs import ( + "bufio" + "os" + "path/filepath" "strconv" ) @@ -19,6 +22,16 @@ func (s *cpuGroup) Set(d *data) error { return err } } + if d.c.CpuPeriod != 0 { + if err := writeFile(dir, "cpu.cfs_period_us", strconv.FormatInt(d.c.CpuPeriod, 10)); err != nil { + return err + } + } + if d.c.CpuQuota != 0 { + if err := writeFile(dir, "cpu.cfs_quota_us", strconv.FormatInt(d.c.CpuQuota, 10)); err != nil { + return err + } + } return nil } @@ -27,7 +40,25 @@ func (s *cpuGroup) Remove(d *data) error { } func (s *cpuGroup) Stats(d *data) (map[string]float64, error) { - // we can reuse the cpuacct subsystem to get the cpu stats - sys := subsystems["cpuacct"] - return sys.Stats(d) + paramData := make(map[string]float64) + path, err := d.path("cpu") + if err != nil { + return nil, err + } + + f, err := os.Open(filepath.Join(path, "cpu.stat")) + if err != nil { + return nil, err + } + defer f.Close() + + sc := bufio.NewScanner(f) + for sc.Scan() { + t, v, err := getCgroupParamKeyValue(sc.Text()) + if err != nil { + return nil, err + } + paramData[t] = v + } + return paramData, nil } diff --git a/pkg/cgroups/fs/cpu_test.go b/pkg/cgroups/fs/cpu_test.go new file mode 100644 index 0000000000..698ae921d8 --- /dev/null +++ b/pkg/cgroups/fs/cpu_test.go @@ -0,0 +1,57 @@ +package fs + +import ( + "testing" +) + +func TestCpuStats(t *testing.T) { + helper := NewCgroupTestUtil("cpu", t) + defer helper.cleanup() + cpuStatContent := `nr_periods 2000 + nr_throttled 200 + throttled_time 42424242424` + helper.writeFileContents(map[string]string{ + "cpu.stat": cpuStatContent, + }) + + cpu := &cpuGroup{} + stats, err := cpu.Stats(helper.CgroupData) + if err != nil { + t.Fatal(err) + } + + expected_stats := map[string]float64{ + "nr_periods": 2000.0, + "nr_throttled": 200.0, + "throttled_time": 42424242424.0, + } + expectStats(t, expected_stats, stats) +} + +func TestNoCpuStatFile(t *testing.T) { + helper := NewCgroupTestUtil("cpu", t) + defer helper.cleanup() + + cpu := &cpuGroup{} + _, err := cpu.Stats(helper.CgroupData) + if err == nil { + t.Fatal("Expected to fail, but did not.") + } +} + +func TestInvalidCpuStat(t *testing.T) { + helper := NewCgroupTestUtil("cpu", t) + defer helper.cleanup() + cpuStatContent := `nr_periods 2000 + nr_throttled 200 + throttled_time fortytwo` + helper.writeFileContents(map[string]string{ + "cpu.stat": cpuStatContent, + }) + + cpu := &cpuGroup{} + _, err := cpu.Stats(helper.CgroupData) + if err == nil { + t.Fatal("Expected failed stat parsing.") + } +} diff --git a/pkg/cgroups/fs/cpuacct.go b/pkg/cgroups/fs/cpuacct.go index 4ea2b1f51b..892b5ab6b1 100644 --- a/pkg/cgroups/fs/cpuacct.go +++ b/pkg/cgroups/fs/cpuacct.go @@ -36,9 +36,9 @@ func (s *cpuacctGroup) Remove(d *data) error { func (s *cpuacctGroup) Stats(d *data) (map[string]float64, error) { var ( - startCpu, lastCpu, startSystem, lastSystem float64 - percentage float64 - paramData = make(map[string]float64) + startCpu, lastCpu, startSystem, lastSystem, startUsage, lastUsage float64 + percentage float64 + paramData = make(map[string]float64) ) path, err := d.path("cpuacct") if startCpu, err = s.getCpuUsage(d, path); err != nil { @@ -47,6 +47,10 @@ func (s *cpuacctGroup) Stats(d *data) (map[string]float64, error) { if startSystem, err = s.getSystemCpuUsage(d); err != nil { return nil, err } + startUsageTime := time.Now() + if startUsage, err = getCgroupParamFloat64(path, "cpuacct.usage"); err != nil { + return nil, err + } // sample for 100ms time.Sleep(100 * time.Millisecond) if lastCpu, err = s.getCpuUsage(d, path); err != nil { @@ -55,10 +59,15 @@ func (s *cpuacctGroup) Stats(d *data) (map[string]float64, error) { if lastSystem, err = s.getSystemCpuUsage(d); err != nil { return nil, err } + usageSampleDuration := time.Since(startUsageTime) + if lastUsage, err = getCgroupParamFloat64(path, "cpuacct.usage"); err != nil { + return nil, err + } var ( deltaProc = lastCpu - startCpu deltaSystem = lastSystem - startSystem + deltaUsage = lastUsage - startUsage ) if deltaSystem > 0.0 { percentage = ((deltaProc / deltaSystem) * clockTicks) * cpuCount @@ -66,6 +75,9 @@ func (s *cpuacctGroup) Stats(d *data) (map[string]float64, error) { // NOTE: a percentage over 100% is valid for POSIX because that means the // processes is using multiple cores paramData["percentage"] = percentage + + // Delta usage is in nanoseconds of CPU time so get the usage (in cores) over the sample time. + paramData["usage"] = deltaUsage / float64(usageSampleDuration.Nanoseconds()) return paramData, nil } diff --git a/pkg/cgroups/fs/freezer.go b/pkg/cgroups/fs/freezer.go index ebf5bb9672..70cfcdde72 100644 --- a/pkg/cgroups/fs/freezer.go +++ b/pkg/cgroups/fs/freezer.go @@ -2,21 +2,31 @@ package fs import ( "fmt" - "github.com/dotcloud/docker/pkg/cgroups" "io/ioutil" "os" "path/filepath" "strconv" "strings" + + "github.com/dotcloud/docker/pkg/cgroups" ) type freezerGroup struct { } func (s *freezerGroup) Set(d *data) error { - // we just want to join this group even though we don't set anything - if _, err := d.join("freezer"); err != nil && err != cgroups.ErrNotFound { - return err + dir, err := d.join("freezer") + if err != nil { + if err != cgroups.ErrNotFound { + return err + } + return nil + } + + if d.c.Freezer != "" { + if err := writeFile(dir, "freezer.state", d.c.Freezer); err != nil { + return err + } } return nil } diff --git a/pkg/cgroups/fs/memory.go b/pkg/cgroups/fs/memory.go index cf4bf5ab73..837640c088 100644 --- a/pkg/cgroups/fs/memory.go +++ b/pkg/cgroups/fs/memory.go @@ -2,6 +2,7 @@ package fs import ( "bufio" + "fmt" "os" "path/filepath" "strconv" @@ -13,7 +14,7 @@ type memoryGroup struct { func (s *memoryGroup) Set(d *data) error { dir, err := d.join("memory") // only return an error for memory if it was not specified - if err != nil && (d.c.Memory != 0 || d.c.MemorySwap != 0) { + if err != nil && (d.c.Memory != 0 || d.c.MemoryReservation != 0 || d.c.MemorySwap != 0) { return err } defer func() { @@ -22,12 +23,15 @@ func (s *memoryGroup) Set(d *data) error { } }() - if d.c.Memory != 0 || d.c.MemorySwap != 0 { + // Only set values if some config was specified. + if d.c.Memory != 0 || d.c.MemoryReservation != 0 || d.c.MemorySwap != 0 { if d.c.Memory != 0 { if err := writeFile(dir, "memory.limit_in_bytes", strconv.FormatInt(d.c.Memory, 10)); err != nil { return err } - if err := writeFile(dir, "memory.soft_limit_in_bytes", strconv.FormatInt(d.c.Memory, 10)); err != nil { + } + if d.c.MemoryReservation != 0 { + if err := writeFile(dir, "memory.soft_limit_in_bytes", strconv.FormatInt(d.c.MemoryReservation, 10)); err != nil { return err } } @@ -53,13 +57,14 @@ func (s *memoryGroup) Stats(d *data) (map[string]float64, error) { return nil, err } - f, err := os.Open(filepath.Join(path, "memory.stat")) + // Set stats from memory.stat. + statsFile, err := os.Open(filepath.Join(path, "memory.stat")) if err != nil { return nil, err } - defer f.Close() + defer statsFile.Close() - sc := bufio.NewScanner(f) + sc := bufio.NewScanner(statsFile) for sc.Scan() { t, v, err := getCgroupParamKeyValue(sc.Text()) if err != nil { @@ -67,5 +72,19 @@ func (s *memoryGroup) Stats(d *data) (map[string]float64, error) { } paramData[t] = v } + + // Set memory usage and max historical usage. + params := []string{ + "usage_in_bytes", + "max_usage_in_bytes", + } + for _, param := range params { + value, err := getCgroupParamFloat64(path, fmt.Sprintf("memory.%s", param)) + if err != nil { + return nil, err + } + paramData[param] = value + } + return paramData, nil } diff --git a/pkg/cgroups/fs/memory_test.go b/pkg/cgroups/fs/memory_test.go new file mode 100644 index 0000000000..6c1fb735e9 --- /dev/null +++ b/pkg/cgroups/fs/memory_test.go @@ -0,0 +1,123 @@ +package fs + +import ( + "testing" +) + +const ( + memoryStatContents = `cache 512 +rss 1024` + memoryUsageContents = "2048\n" + memoryMaxUsageContents = "4096\n" +) + +func TestMemoryStats(t *testing.T) { + helper := NewCgroupTestUtil("memory", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + "memory.stat": memoryStatContents, + "memory.usage_in_bytes": memoryUsageContents, + "memory.max_usage_in_bytes": memoryMaxUsageContents, + }) + + memory := &memoryGroup{} + stats, err := memory.Stats(helper.CgroupData) + if err != nil { + t.Fatal(err) + } + expectedStats := map[string]float64{"cache": 512.0, "rss": 1024.0, "usage_in_bytes": 2048.0, "max_usage_in_bytes": 4096.0} + expectStats(t, expectedStats, stats) +} + +func TestMemoryStatsNoStatFile(t *testing.T) { + helper := NewCgroupTestUtil("memory", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + "memory.usage_in_bytes": memoryUsageContents, + "memory.max_usage_in_bytes": memoryMaxUsageContents, + }) + + memory := &memoryGroup{} + _, err := memory.Stats(helper.CgroupData) + if err == nil { + t.Fatal("Expected failure") + } +} + +func TestMemoryStatsNoUsageFile(t *testing.T) { + helper := NewCgroupTestUtil("memory", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + "memory.stat": memoryStatContents, + "memory.max_usage_in_bytes": memoryMaxUsageContents, + }) + + memory := &memoryGroup{} + _, err := memory.Stats(helper.CgroupData) + if err == nil { + t.Fatal("Expected failure") + } +} + +func TestMemoryStatsNoMaxUsageFile(t *testing.T) { + helper := NewCgroupTestUtil("memory", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + "memory.stat": memoryStatContents, + "memory.usage_in_bytes": memoryUsageContents, + }) + + memory := &memoryGroup{} + _, err := memory.Stats(helper.CgroupData) + if err == nil { + t.Fatal("Expected failure") + } +} + +func TestMemoryStatsBadStatFile(t *testing.T) { + helper := NewCgroupTestUtil("memory", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + "memory.stat": "rss rss", + "memory.usage_in_bytes": memoryUsageContents, + "memory.max_usage_in_bytes": memoryMaxUsageContents, + }) + + memory := &memoryGroup{} + _, err := memory.Stats(helper.CgroupData) + if err == nil { + t.Fatal("Expected failure") + } +} + +func TestMemoryStatsBadUsageFile(t *testing.T) { + helper := NewCgroupTestUtil("memory", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + "memory.stat": memoryStatContents, + "memory.usage_in_bytes": "bad", + "memory.max_usage_in_bytes": memoryMaxUsageContents, + }) + + memory := &memoryGroup{} + _, err := memory.Stats(helper.CgroupData) + if err == nil { + t.Fatal("Expected failure") + } +} + +func TestMemoryStatsBadMaxUsageFile(t *testing.T) { + helper := NewCgroupTestUtil("memory", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + "memory.stat": memoryStatContents, + "memory.usage_in_bytes": memoryUsageContents, + "memory.max_usage_in_bytes": "bad", + }) + + memory := &memoryGroup{} + _, err := memory.Stats(helper.CgroupData) + if err == nil { + t.Fatal("Expected failure") + } +} diff --git a/pkg/cgroups/fs/test_util.go b/pkg/cgroups/fs/test_util.go new file mode 100644 index 0000000000..11b90b21d6 --- /dev/null +++ b/pkg/cgroups/fs/test_util.go @@ -0,0 +1,75 @@ +/* +Utility for testing cgroup operations. + +Creates a mock of the cgroup filesystem for the duration of the test. +*/ +package fs + +import ( + "fmt" + "io/ioutil" + "log" + "os" + "testing" +) + +type cgroupTestUtil struct { + // data to use in tests. + CgroupData *data + + // Path to the mock cgroup directory. + CgroupPath string + + // Temporary directory to store mock cgroup filesystem. + tempDir string + t *testing.T +} + +// Creates a new test util for the specified subsystem +func NewCgroupTestUtil(subsystem string, t *testing.T) *cgroupTestUtil { + d := &data{} + tempDir, err := ioutil.TempDir("", fmt.Sprintf("%s_cgroup_test", subsystem)) + if err != nil { + t.Fatal(err) + } + d.root = tempDir + testCgroupPath, err := d.path(subsystem) + if err != nil { + t.Fatal(err) + } + + // Ensure the full mock cgroup path exists. + err = os.MkdirAll(testCgroupPath, 0755) + if err != nil { + t.Fatal(err) + } + return &cgroupTestUtil{CgroupData: d, CgroupPath: testCgroupPath, tempDir: tempDir, t: t} +} + +func (c *cgroupTestUtil) cleanup() { + os.RemoveAll(c.tempDir) +} + +// Write the specified contents on the mock of the specified cgroup files. +func (c *cgroupTestUtil) writeFileContents(fileContents map[string]string) { + for file, contents := range fileContents { + err := writeFile(c.CgroupPath, file, contents) + if err != nil { + c.t.Fatal(err) + } + } +} + +// Expect the specified stats. +func expectStats(t *testing.T, expected, actual map[string]float64) { + for stat, expectedValue := range expected { + actualValue, ok := actual[stat] + if !ok { + log.Printf("Expected stat %s to exist: %s", stat, actual) + t.Fail() + } else if actualValue != expectedValue { + log.Printf("Expected stats %s to have value %f but had %f instead", stat, expectedValue, actualValue) + t.Fail() + } + } +} diff --git a/pkg/cgroups/fs/utils.go b/pkg/cgroups/fs/utils.go index f4c4846b8c..8be65c97ea 100644 --- a/pkg/cgroups/fs/utils.go +++ b/pkg/cgroups/fs/utils.go @@ -3,6 +3,8 @@ package fs import ( "errors" "fmt" + "io/ioutil" + "path/filepath" "strconv" "strings" ) @@ -27,3 +29,12 @@ func getCgroupParamKeyValue(t string) (string, float64, error) { return "", 0.0, ErrNotValidFormat } } + +// Gets a single float64 value from the specified cgroup file. +func getCgroupParamFloat64(cgroupPath, cgroupFile string) (float64, error) { + contents, err := ioutil.ReadFile(filepath.Join(cgroupPath, cgroupFile)) + if err != nil { + return -1.0, err + } + return strconv.ParseFloat(strings.TrimSpace(string(contents)), 64) +} diff --git a/pkg/cgroups/fs/utils_test.go b/pkg/cgroups/fs/utils_test.go new file mode 100644 index 0000000000..c8f1b0172b --- /dev/null +++ b/pkg/cgroups/fs/utils_test.go @@ -0,0 +1,68 @@ +package fs + +import ( + "io/ioutil" + "os" + "path/filepath" + "testing" +) + +const ( + cgroupFile = "cgroup.file" + floatValue = 2048.0 + floatString = "2048" +) + +func TestGetCgroupParamsFloat64(t *testing.T) { + // Setup tempdir. + tempDir, err := ioutil.TempDir("", "cgroup_utils_test") + if err != nil { + t.Fatal(err) + } + defer os.RemoveAll(tempDir) + tempFile := filepath.Join(tempDir, cgroupFile) + + // Success. + err = ioutil.WriteFile(tempFile, []byte(floatString), 0755) + if err != nil { + t.Fatal(err) + } + value, err := getCgroupParamFloat64(tempDir, cgroupFile) + if err != nil { + t.Fatal(err) + } else if value != floatValue { + t.Fatalf("Expected %f to equal %f", value, floatValue) + } + + // Success with new line. + err = ioutil.WriteFile(tempFile, []byte(floatString+"\n"), 0755) + if err != nil { + t.Fatal(err) + } + value, err = getCgroupParamFloat64(tempDir, cgroupFile) + if err != nil { + t.Fatal(err) + } else if value != floatValue { + t.Fatalf("Expected %f to equal %f", value, floatValue) + } + + // Not a float. + err = ioutil.WriteFile(tempFile, []byte("not-a-float"), 0755) + if err != nil { + t.Fatal(err) + } + _, err = getCgroupParamFloat64(tempDir, cgroupFile) + if err == nil { + t.Fatal("Expecting error, got none") + } + + // Unknown file. + err = os.Remove(tempFile) + if err != nil { + t.Fatal(err) + } + _, err = getCgroupParamFloat64(tempDir, cgroupFile) + if err == nil { + t.Fatal("Expecting error, got none") + } +} diff --git a/pkg/cgroups/systemd/apply_nosystemd.go b/pkg/cgroups/systemd/apply_nosystemd.go index 226aa59f9d..4faa749745 100644 --- a/pkg/cgroups/systemd/apply_nosystemd.go +++ b/pkg/cgroups/systemd/apply_nosystemd.go @@ -11,6 +11,6 @@ func UseSystemd() bool { return false } -func systemdApply(c *Cgroup, pid int) (cgroups.ActiveCgroup, error) { +func Apply(c *Cgroup, pid int) (cgroups.ActiveCgroup, error) { return nil, fmt.Errorf("Systemd not supported") } diff --git a/pkg/cgroups/systemd/apply_systemd.go b/pkg/cgroups/systemd/apply_systemd.go index 7c26080d6e..c4b0937b63 100644 --- a/pkg/cgroups/systemd/apply_systemd.go +++ b/pkg/cgroups/systemd/apply_systemd.go @@ -3,9 +3,10 @@ package systemd import ( - "fmt" "io/ioutil" + "os" "path/filepath" + "strconv" "strings" "sync" @@ -16,6 +17,7 @@ import ( ) type systemdCgroup struct { + cleanupDirs []string } type DeviceAllow struct { @@ -69,20 +71,42 @@ func getIfaceForUnit(unitName string) string { return "Unit" } +type cgroupArg struct { + File string + Value string +} + func Apply(c *cgroups.Cgroup, pid int) (cgroups.ActiveCgroup, error) { var ( unitName = c.Parent + "-" + c.Name + ".scope" slice = "system.slice" properties []systemd1.Property + cpuArgs []cgroupArg + cpusetArgs []cgroupArg + memoryArgs []cgroupArg + res systemdCgroup ) - for _, v := range c.UnitProperties { - switch v[0] { - case "Slice": - slice = v[1] - default: - return nil, fmt.Errorf("Unknown unit propery %s", v[0]) + // First set up things not supported by systemd + + // -1 disables memorySwap + if c.MemorySwap >= 0 && (c.Memory != 0 || c.MemorySwap > 0) { + memorySwap := c.MemorySwap + + if memorySwap == 0 { + // By default, MemorySwap is set to twice the size of RAM. + memorySwap = c.Memory * 2 } + + memoryArgs = append(memoryArgs, cgroupArg{"memory.memsw.limit_in_bytes", strconv.FormatInt(memorySwap, 10)}) + } + + if c.CpusetCpus != "" { + cpusetArgs = append(cpusetArgs, cgroupArg{"cpuset.cpus", c.CpusetCpus}) + } + + if c.Slice != "" { + slice = c.Slice } properties = append(properties, @@ -111,17 +135,18 @@ func Apply(c *cgroups.Cgroup, pid int) (cgroups.ActiveCgroup, error) { })}) } - // Always enable accounting, this gets us the same behaviour as the raw implementation, + // Always enable accounting, this gets us the same behaviour as the fs implementation, // plus the kernel has some problems with joining the memory cgroup at a later time. properties = append(properties, systemd1.Property{"MemoryAccounting", dbus.MakeVariant(true)}, - systemd1.Property{"CPUAccounting", dbus.MakeVariant(true)}) + systemd1.Property{"CPUAccounting", dbus.MakeVariant(true)}, + systemd1.Property{"BlockIOAccounting", dbus.MakeVariant(true)}) if c.Memory != 0 { properties = append(properties, systemd1.Property{"MemoryLimit", dbus.MakeVariant(uint64(c.Memory))}) } - // TODO: MemorySwap not available in systemd + // TODO: MemoryReservation and MemorySwap not available in systemd if c.CpuShares != 0 { properties = append(properties, @@ -158,10 +183,114 @@ func Apply(c *cgroups.Cgroup, pid int) (cgroups.ActiveCgroup, error) { return nil, err } } - return &systemdCgroup{}, nil + + if len(cpuArgs) != 0 { + mountpoint, err := cgroups.FindCgroupMountpoint("cpu") + if err != nil { + return nil, err + } + + path := filepath.Join(mountpoint, cgroup) + + for _, arg := range cpuArgs { + if err := ioutil.WriteFile(filepath.Join(path, arg.File), []byte(arg.Value), 0700); err != nil { + return nil, err + } + } + } + + if len(memoryArgs) != 0 { + mountpoint, err := cgroups.FindCgroupMountpoint("memory") + if err != nil { + return nil, err + } + + path := filepath.Join(mountpoint, cgroup) + + for _, arg := range memoryArgs { + if err := ioutil.WriteFile(filepath.Join(path, arg.File), []byte(arg.Value), 0700); err != nil { + return nil, err + } + } + } + + if len(cpusetArgs) != 0 { + // systemd does not atm set up the cpuset controller, so we must manually + // join it. Additionally that is a very finicky controller where each + // level must have a full setup as the default for a new directory is "no cpus", + // so we avoid using any hierarchies here, creating a toplevel directory. + mountpoint, err := cgroups.FindCgroupMountpoint("cpuset") + if err != nil { + return nil, err + } + initPath, err := cgroups.GetInitCgroupDir("cpuset") + if err != nil { + return nil, err + } + + rootPath := filepath.Join(mountpoint, initPath) + + path := filepath.Join(mountpoint, initPath, c.Parent+"-"+c.Name) + + res.cleanupDirs = append(res.cleanupDirs, path) + + if err := os.MkdirAll(path, 0755); err != nil && !os.IsExist(err) { + return nil, err + } + + foundCpus := false + foundMems := false + + for _, arg := range cpusetArgs { + if arg.File == "cpuset.cpus" { + foundCpus = true + } + if arg.File == "cpuset.mems" { + foundMems = true + } + if err := ioutil.WriteFile(filepath.Join(path, arg.File), []byte(arg.Value), 0700); err != nil { + return nil, err + } + } + + // These are required, if not specified inherit from parent + if !foundCpus { + s, err := ioutil.ReadFile(filepath.Join(rootPath, "cpuset.cpus")) + if err != nil { + return nil, err + } + + if err := ioutil.WriteFile(filepath.Join(path, "cpuset.cpus"), s, 0700); err != nil { + return nil, err + } + } + + // These are required, if not specified inherit from parent + if !foundMems { + s, err := ioutil.ReadFile(filepath.Join(rootPath, "cpuset.mems")) + if err != nil { + return nil, err + } + + if err := ioutil.WriteFile(filepath.Join(path, "cpuset.mems"), s, 0700); err != nil { + return nil, err + } + } + + if err := ioutil.WriteFile(filepath.Join(path, "cgroup.procs"), []byte(strconv.Itoa(pid)), 0700); err != nil { + return nil, err + } + } + + return &res, nil } func (c *systemdCgroup) Cleanup() error { - // systemd cleans up, we don't need to do anything + // systemd cleans up, we don't need to do much + + for _, path := range c.cleanupDirs { + os.RemoveAll(path) + } + return nil } diff --git a/pkg/dockerscript/MAINTAINERS b/pkg/dockerscript/MAINTAINERS index db33365bcd..aee10c8421 100644 --- a/pkg/dockerscript/MAINTAINERS +++ b/pkg/dockerscript/MAINTAINERS @@ -1 +1 @@ -Solomon Hykes +Solomon Hykes (@shykes) diff --git a/pkg/graphdb/conn_sqlite3.go b/pkg/graphdb/conn_sqlite3.go index 5b5f8e6bfc..33355ae4dc 100644 --- a/pkg/graphdb/conn_sqlite3.go +++ b/pkg/graphdb/conn_sqlite3.go @@ -1,4 +1,4 @@ -// +build linux,amd64 freebsd,cgo +// +build cgo package graphdb diff --git a/pkg/graphdb/conn_unsupported.go b/pkg/graphdb/conn_unsupported.go index 0a48634336..3895051661 100644 --- a/pkg/graphdb/conn_unsupported.go +++ b/pkg/graphdb/conn_unsupported.go @@ -1,4 +1,4 @@ -// +build !linux,!freebsd linux,!amd64 freebsd,!cgo +// +build !cgo package graphdb diff --git a/pkg/label/label.go b/pkg/label/label.go index 38f026bc5a..434e1c5725 100644 --- a/pkg/label/label.go +++ b/pkg/label/label.go @@ -24,3 +24,7 @@ func GetPidCon(pid int) (string, error) { func Init() { } + +func ReserveLabel(label string) error { + return nil +} diff --git a/pkg/label/label_selinux.go b/pkg/label/label_selinux.go index 9f7463f79b..926f7fffa8 100644 --- a/pkg/label/label_selinux.go +++ b/pkg/label/label_selinux.go @@ -4,8 +4,9 @@ package label import ( "fmt" - "github.com/dotcloud/docker/pkg/selinux" "strings" + + "github.com/dotcloud/docker/pkg/selinux" ) func GenLabels(options string) (string, string, error) { @@ -32,13 +33,13 @@ func GenLabels(options string) (string, string, error) { return processLabel, mountLabel, err } -func FormatMountLabel(src string, mountLabel string) string { - if selinux.SelinuxEnabled() && mountLabel != "" { +func FormatMountLabel(src, mountLabel string) string { + if mountLabel != "" { switch src { case "": - src = fmt.Sprintf("%s,context=%s", src, mountLabel) + src = fmt.Sprintf("context=%q", mountLabel) default: - src = fmt.Sprintf("context=%s", mountLabel) + src = fmt.Sprintf("%s,context=%q", src, mountLabel) } } return src @@ -75,3 +76,8 @@ func GetPidCon(pid int) (string, error) { func Init() { selinux.SelinuxEnabled() } + +func ReserveLabel(label string) error { + selinux.ReserveLabel(label) + return nil +} diff --git a/pkg/libcontainer/MAINTAINERS b/pkg/libcontainer/MAINTAINERS index 1cb551364d..41f04602ee 100644 --- a/pkg/libcontainer/MAINTAINERS +++ b/pkg/libcontainer/MAINTAINERS @@ -1,2 +1,4 @@ Michael Crosby (@crosbymichael) Guillaume J. Charmes (@creack) +Rohit Jnagal (@rjnagal) +Victor Marmol (@vmarmol) diff --git a/pkg/libcontainer/README.md b/pkg/libcontainer/README.md index d6d0fbae44..8e89153bd7 100644 --- a/pkg/libcontainer/README.md +++ b/pkg/libcontainer/README.md @@ -13,87 +13,11 @@ a `container.json` file is placed with the runtime configuration for how the pro should be contained and ran. Environment, networking, and different capabilities for the process are specified in this file. The configuration is used for each process executed inside the container. -Sample `container.json` file: -```json -{ - "hostname" : "koye", - "networks" : [ - { - "gateway" : "172.17.42.1", - "context" : { - "bridge" : "docker0", - "prefix" : "veth" - }, - "address" : "172.17.0.2/16", - "type" : "veth", - "mtu" : 1500 - } - ], - "cgroups" : { - "parent" : "docker", - "name" : "11bb30683fb0bdd57fab4d3a8238877f1e4395a2cfc7320ea359f7a02c1a5620" - }, - "tty" : true, - "environment" : [ - "HOME=/", - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", - "HOSTNAME=11bb30683fb0", - "TERM=xterm" - ], - "capabilities_mask" : [ - "SETPCAP", - "SYS_MODULE", - "SYS_RAWIO", - "SYS_PACCT", - "SYS_ADMIN", - "SYS_NICE", - "SYS_RESOURCE", - "SYS_TIME", - "SYS_TTY_CONFIG", - "MKNOD", - "AUDIT_WRITE", - "AUDIT_CONTROL", - "MAC_OVERRIDE", - "MAC_ADMIN", - "NET_ADMIN" - ], - "context" : { - "apparmor_profile" : "docker-default" - }, - "mounts" : [ - { - "source" : "/var/lib/docker/containers/11bb30683fb0bdd57fab4d3a8238877f1e4395a2cfc7320ea359f7a02c1a5620/resolv.conf", - "writable" : false, - "destination" : "/etc/resolv.conf", - "private" : true - }, - { - "source" : "/var/lib/docker/containers/11bb30683fb0bdd57fab4d3a8238877f1e4395a2cfc7320ea359f7a02c1a5620/hostname", - "writable" : false, - "destination" : "/etc/hostname", - "private" : true - }, - { - "source" : "/var/lib/docker/containers/11bb30683fb0bdd57fab4d3a8238877f1e4395a2cfc7320ea359f7a02c1a5620/hosts", - "writable" : false, - "destination" : "/etc/hosts", - "private" : true - } - ], - "namespaces" : [ - "NEWNS", - "NEWUTS", - "NEWIPC", - "NEWPID", - "NEWNET" - ] -} -``` +See the `container.json` file for what the configuration should look like. Using this configuration and the current directory holding the rootfs for a process, one can use libcontainer to exec the container. Running the life of the namespace, a `pid` file is written to the current directory with the pid of the namespaced process to the external world. A client can use this pid to wait, kill, or perform other operation with the container. If a user tries to run a new process inside an existing container with a live namespace, the namespace will be joined by the new process. - You may also specify an alternate root place where the `container.json` file is read and where the `pid` file will be saved. #### nsinit diff --git a/pkg/libcontainer/console/console.go b/pkg/libcontainer/console/console.go new file mode 100644 index 0000000000..5f06aea225 --- /dev/null +++ b/pkg/libcontainer/console/console.go @@ -0,0 +1,61 @@ +// +build linux + +package console + +import ( + "fmt" + "os" + "path/filepath" + "syscall" + + "github.com/dotcloud/docker/pkg/label" + "github.com/dotcloud/docker/pkg/system" +) + +// Setup initializes the proper /dev/console inside the rootfs path +func Setup(rootfs, consolePath, mountLabel string) error { + oldMask := system.Umask(0000) + defer system.Umask(oldMask) + + stat, err := os.Stat(consolePath) + if err != nil { + return fmt.Errorf("stat console %s %s", consolePath, err) + } + var ( + st = stat.Sys().(*syscall.Stat_t) + dest = filepath.Join(rootfs, "dev/console") + ) + if err := os.Remove(dest); err != nil && !os.IsNotExist(err) { + return fmt.Errorf("remove %s %s", dest, err) + } + if err := os.Chmod(consolePath, 0600); err != nil { + return err + } + if err := os.Chown(consolePath, 0, 0); err != nil { + return err + } + if err := system.Mknod(dest, (st.Mode&^07777)|0600, int(st.Rdev)); err != nil { + return fmt.Errorf("mknod %s %s", dest, err) + } + if err := label.SetFileLabel(consolePath, mountLabel); err != nil { + return fmt.Errorf("set file label %s %s", dest, err) + } + if err := system.Mount(consolePath, dest, "bind", syscall.MS_BIND, ""); err != nil { + return fmt.Errorf("bind %s to %s %s", consolePath, dest, err) + } + return nil +} + +func OpenAndDup(consolePath string) error { + slave, err := system.OpenTerminal(consolePath, syscall.O_RDWR) + if err != nil { + return fmt.Errorf("open terminal %s", err) + } + if err := system.Dup2(slave.Fd(), 0); err != nil { + return err + } + if err := system.Dup2(slave.Fd(), 1); err != nil { + return err + } + return system.Dup2(slave.Fd(), 2) +} diff --git a/pkg/libcontainer/container.go b/pkg/libcontainer/container.go index c7cac35428..5acdff3d29 100644 --- a/pkg/libcontainer/container.go +++ b/pkg/libcontainer/container.go @@ -18,12 +18,12 @@ type Container struct { WorkingDir string `json:"working_dir,omitempty"` // current working directory Env []string `json:"environment,omitempty"` // environment to set Tty bool `json:"tty,omitempty"` // setup a proper tty or not - Namespaces Namespaces `json:"namespaces,omitempty"` // namespaces to apply - CapabilitiesMask Capabilities `json:"capabilities_mask,omitempty"` // capabilities to drop + Namespaces map[string]bool `json:"namespaces,omitempty"` // namespaces to apply + CapabilitiesMask map[string]bool `json:"capabilities_mask,omitempty"` // capabilities to drop Networks []*Network `json:"networks,omitempty"` // nil for host's network stack Cgroups *cgroups.Cgroup `json:"cgroups,omitempty"` // cgroups Context Context `json:"context,omitempty"` // generic context for specific options (apparmor, selinux) - Mounts []Mount `json:"mounts,omitempty"` + Mounts Mounts `json:"mounts,omitempty"` } // Network defines configuration for a container's networking stack @@ -37,12 +37,3 @@ type Network struct { Gateway string `json:"gateway,omitempty"` Mtu int `json:"mtu,omitempty"` } - -// Bind mounts from the host system to the container -// -type Mount struct { - Source string `json:"source"` // Source path, in the host namespace - Destination string `json:"destination"` // Destination path, in the container - Writable bool `json:"writable"` - Private bool `json:"private"` -} diff --git a/pkg/libcontainer/container.json b/pkg/libcontainer/container.json index f045315a41..33d79600d4 100644 --- a/pkg/libcontainer/container.json +++ b/pkg/libcontainer/container.json @@ -1,50 +1,62 @@ { - "hostname": "koye", - "tty": true, - "environment": [ - "HOME=/", - "PATH=PATH=$PATH:/bin:/usr/bin:/sbin:/usr/sbin", - "container=docker", - "TERM=xterm-256color" - ], - "namespaces": [ - "NEWIPC", - "NEWNS", - "NEWPID", - "NEWUTS", - "NEWNET" - ], - "capabilities_mask": [ - "SETPCAP", - "SYS_MODULE", - "SYS_RAWIO", - "SYS_PACCT", - "SYS_ADMIN", - "SYS_NICE", - "SYS_RESOURCE", - "SYS_TIME", - "SYS_TTY_CONFIG", - "MKNOD", - "AUDIT_WRITE", - "AUDIT_CONTROL", - "MAC_OVERRIDE", - "MAC_ADMIN", - "NET_ADMIN" - ], - "networks": [{ - "type": "veth", - "context": { - "bridge": "docker0", - "prefix": "dock" - }, - "address": "172.17.0.100/16", - "gateway": "172.17.42.1", - "mtu": 1500 - } - ], - "cgroups": { - "name": "docker-koye", - "parent": "docker", - "memory": 5248000 + "namespaces": { + "NEWNET": true, + "NEWPID": true, + "NEWIPC": true, + "NEWUTS": true, + "NEWNS": true + }, + "networks": [ + { + "gateway": "localhost", + "type": "loopback", + "address": "127.0.0.1/0", + "mtu": 1500 + }, + { + "gateway": "172.17.42.1", + "context": { + "prefix": "veth", + "bridge": "docker0" + }, + "type": "veth", + "address": "172.17.42.2/16", + "mtu": 1500 } + ], + "capabilities_mask": { + "SYSLOG": false, + "MKNOD": true, + "NET_ADMIN": false, + "MAC_ADMIN": false, + "MAC_OVERRIDE": false, + "AUDIT_CONTROL": false, + "AUDIT_WRITE": false, + "SYS_TTY_CONFIG": false, + "SETPCAP": false, + "SYS_MODULE": false, + "SYS_RAWIO": false, + "SYS_PACCT": false, + "SYS_ADMIN": false, + "SYS_NICE": false, + "SYS_RESOURCE": false, + "SYS_TIME": false + }, + "cgroups": { + "name": "docker-koye", + "parent": "docker" + }, + "hostname": "koye", + "environment": [ + "HOME=/", + "PATH=PATH=$PATH:/bin:/usr/bin:/sbin:/usr/sbin", + "container=docker", + "TERM=xterm-256color" + ], + "tty": true, + "mounts": [ + { + "type": "devtmpfs" + } + ] } diff --git a/pkg/libcontainer/container_test.go b/pkg/libcontainer/container_test.go new file mode 100644 index 0000000000..c02385af3f --- /dev/null +++ b/pkg/libcontainer/container_test.go @@ -0,0 +1,59 @@ +package libcontainer + +import ( + "encoding/json" + "os" + "testing" +) + +func TestContainerJsonFormat(t *testing.T) { + f, err := os.Open("container.json") + if err != nil { + t.Fatal("Unable to open container.json") + } + defer f.Close() + + var container *Container + if err := json.NewDecoder(f).Decode(&container); err != nil { + t.Fatalf("failed to decode container config: %s", err) + } + if container.Hostname != "koye" { + t.Log("hostname is not set") + t.Fail() + } + + if !container.Tty { + t.Log("tty should be set to true") + t.Fail() + } + + if !container.Namespaces["NEWNET"] { + t.Log("namespaces should contain NEWNET") + t.Fail() + } + + if container.Namespaces["NEWUSER"] { + t.Log("namespaces should not contain NEWUSER") + t.Fail() + } + + if _, exists := container.CapabilitiesMask["SYS_ADMIN"]; !exists { + t.Log("capabilities mask should contain SYS_ADMIN") + t.Fail() + } + + if container.CapabilitiesMask["SYS_ADMIN"] { + t.Log("SYS_ADMIN should not be enabled in capabilities mask") + t.Fail() + } + + if !container.CapabilitiesMask["MKNOD"] { + t.Log("MKNOD should be enabled in capabilities mask") + t.Fail() + } + + if container.CapabilitiesMask["SYS_CHROOT"] { + t.Log("capabilities mask should not contain SYS_CHROOT") + t.Fail() + } +} diff --git a/pkg/libcontainer/mount/init.go b/pkg/libcontainer/mount/init.go new file mode 100644 index 0000000000..cfe61d1532 --- /dev/null +++ b/pkg/libcontainer/mount/init.go @@ -0,0 +1,134 @@ +// +build linux + +package mount + +import ( + "fmt" + "os" + "path/filepath" + "syscall" + + "github.com/dotcloud/docker/pkg/label" + "github.com/dotcloud/docker/pkg/libcontainer" + "github.com/dotcloud/docker/pkg/libcontainer/mount/nodes" + "github.com/dotcloud/docker/pkg/system" +) + +// default mount point flags +const defaultMountFlags = syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NODEV + +type mount struct { + source string + path string + device string + flags int + data string +} + +// InitializeMountNamespace setups up the devices, mount points, and filesystems for use inside a +// new mount namepsace +func InitializeMountNamespace(rootfs, console string, container *libcontainer.Container) error { + var ( + err error + flag = syscall.MS_PRIVATE + ) + if container.NoPivotRoot { + flag = syscall.MS_SLAVE + } + if err := system.Mount("", "/", "", uintptr(flag|syscall.MS_REC), ""); err != nil { + return fmt.Errorf("mounting / as slave %s", err) + } + if err := system.Mount(rootfs, rootfs, "bind", syscall.MS_BIND|syscall.MS_REC, ""); err != nil { + return fmt.Errorf("mouting %s as bind %s", rootfs, err) + } + if err := mountSystem(rootfs, container); err != nil { + return fmt.Errorf("mount system %s", err) + } + if err := setupBindmounts(rootfs, container.Mounts); err != nil { + return fmt.Errorf("bind mounts %s", err) + } + if err := nodes.CopyN(rootfs, nodes.DefaultNodes); err != nil { + return fmt.Errorf("copy dev nodes %s", err) + } + if err := SetupPtmx(rootfs, console, container.Context["mount_label"]); err != nil { + return err + } + if err := system.Chdir(rootfs); err != nil { + return fmt.Errorf("chdir into %s %s", rootfs, err) + } + + if container.NoPivotRoot { + err = MsMoveRoot(rootfs) + } else { + err = PivotRoot(rootfs) + } + if err != nil { + return err + } + + if container.ReadonlyFs { + if err := SetReadonly(); err != nil { + return fmt.Errorf("set readonly %s", err) + } + } + + system.Umask(0022) + + return nil +} + +// mountSystem sets up linux specific system mounts like sys, proc, shm, and devpts +// inside the mount namespace +func mountSystem(rootfs string, container *libcontainer.Container) error { + for _, m := range newSystemMounts(rootfs, container.Context["mount_label"], container.Mounts) { + if err := os.MkdirAll(m.path, 0755); err != nil && !os.IsExist(err) { + return fmt.Errorf("mkdirall %s %s", m.path, err) + } + if err := system.Mount(m.source, m.path, m.device, uintptr(m.flags), m.data); err != nil { + return fmt.Errorf("mounting %s into %s %s", m.source, m.path, err) + } + } + return nil +} + +func setupBindmounts(rootfs string, bindMounts libcontainer.Mounts) error { + for _, m := range bindMounts.OfType("bind") { + var ( + flags = syscall.MS_BIND | syscall.MS_REC + dest = filepath.Join(rootfs, m.Destination) + ) + if !m.Writable { + flags = flags | syscall.MS_RDONLY + } + if err := system.Mount(m.Source, dest, "bind", uintptr(flags), ""); err != nil { + return fmt.Errorf("mounting %s into %s %s", m.Source, dest, err) + } + if !m.Writable { + if err := system.Mount(m.Source, dest, "bind", uintptr(flags|syscall.MS_REMOUNT), ""); err != nil { + return fmt.Errorf("remounting %s into %s %s", m.Source, dest, err) + } + } + if m.Private { + if err := system.Mount("", dest, "none", uintptr(syscall.MS_PRIVATE), ""); err != nil { + return fmt.Errorf("mounting %s private %s", dest, err) + } + } + } + return nil +} + +// TODO: this is crappy right now and should be cleaned up with a better way of handling system and +// standard bind mounts allowing them to be more dynamic +func newSystemMounts(rootfs, mountLabel string, mounts libcontainer.Mounts) []mount { + systemMounts := []mount{ + {source: "proc", path: filepath.Join(rootfs, "proc"), device: "proc", flags: defaultMountFlags}, + {source: "sysfs", path: filepath.Join(rootfs, "sys"), device: "sysfs", flags: defaultMountFlags}, + {source: "shm", path: filepath.Join(rootfs, "dev", "shm"), device: "tmpfs", flags: defaultMountFlags, data: label.FormatMountLabel("mode=1777,size=65536k", mountLabel)}, + {source: "devpts", path: filepath.Join(rootfs, "dev", "pts"), device: "devpts", flags: syscall.MS_NOSUID | syscall.MS_NOEXEC, data: label.FormatMountLabel("newinstance,ptmxmode=0666,mode=620,gid=5", mountLabel)}, + } + + if len(mounts.OfType("devtmpfs")) == 1 { + systemMounts = append([]mount{{source: "tmpfs", path: filepath.Join(rootfs, "dev"), device: "tmpfs", flags: syscall.MS_NOSUID | syscall.MS_STRICTATIME, data: label.FormatMountLabel("mode=755", mountLabel)}}, systemMounts...) + } + return systemMounts +} diff --git a/pkg/libcontainer/mount/msmoveroot.go b/pkg/libcontainer/mount/msmoveroot.go new file mode 100644 index 0000000000..b336c86495 --- /dev/null +++ b/pkg/libcontainer/mount/msmoveroot.go @@ -0,0 +1,19 @@ +// +build linux + +package mount + +import ( + "fmt" + "github.com/dotcloud/docker/pkg/system" + "syscall" +) + +func MsMoveRoot(rootfs string) error { + if err := system.Mount(rootfs, "/", "", syscall.MS_MOVE, ""); err != nil { + return fmt.Errorf("mount move %s into / %s", rootfs, err) + } + if err := system.Chroot("."); err != nil { + return fmt.Errorf("chroot . %s", err) + } + return system.Chdir("/") +} diff --git a/pkg/libcontainer/mount/nodes/nodes.go b/pkg/libcontainer/mount/nodes/nodes.go new file mode 100644 index 0000000000..5022f85b0b --- /dev/null +++ b/pkg/libcontainer/mount/nodes/nodes.go @@ -0,0 +1,49 @@ +// +build linux + +package nodes + +import ( + "fmt" + "github.com/dotcloud/docker/pkg/system" + "os" + "path/filepath" + "syscall" +) + +// Default list of device nodes to copy +var DefaultNodes = []string{ + "null", + "zero", + "full", + "random", + "urandom", + "tty", +} + +// CopyN copies the device node from the host into the rootfs +func CopyN(rootfs string, nodesToCopy []string) error { + oldMask := system.Umask(0000) + defer system.Umask(oldMask) + + for _, node := range nodesToCopy { + if err := Copy(rootfs, node); err != nil { + return err + } + } + return nil +} + +func Copy(rootfs, node string) error { + stat, err := os.Stat(filepath.Join("/dev", node)) + if err != nil { + return err + } + var ( + dest = filepath.Join(rootfs, "dev", node) + st = stat.Sys().(*syscall.Stat_t) + ) + if err := system.Mknod(dest, st.Mode, int(st.Rdev)); err != nil && !os.IsExist(err) { + return fmt.Errorf("copy %s %s", node, err) + } + return nil +} diff --git a/pkg/libcontainer/mount/pivotroot.go b/pkg/libcontainer/mount/pivotroot.go new file mode 100644 index 0000000000..447f5904b2 --- /dev/null +++ b/pkg/libcontainer/mount/pivotroot.go @@ -0,0 +1,31 @@ +// +build linux + +package mount + +import ( + "fmt" + "github.com/dotcloud/docker/pkg/system" + "io/ioutil" + "os" + "path/filepath" + "syscall" +) + +func PivotRoot(rootfs string) error { + pivotDir, err := ioutil.TempDir(rootfs, ".pivot_root") + if err != nil { + return fmt.Errorf("can't create pivot_root dir %s", pivotDir, err) + } + if err := system.Pivotroot(rootfs, pivotDir); err != nil { + return fmt.Errorf("pivot_root %s", err) + } + if err := system.Chdir("/"); err != nil { + return fmt.Errorf("chdir / %s", err) + } + // path to pivot dir now changed, update + pivotDir = filepath.Join("/", filepath.Base(pivotDir)) + if err := system.Unmount(pivotDir, syscall.MNT_DETACH); err != nil { + return fmt.Errorf("unmount pivot_root dir %s", err) + } + return os.Remove(pivotDir) +} diff --git a/pkg/libcontainer/mount/ptmx.go b/pkg/libcontainer/mount/ptmx.go new file mode 100644 index 0000000000..f6ca534637 --- /dev/null +++ b/pkg/libcontainer/mount/ptmx.go @@ -0,0 +1,26 @@ +// +build linux + +package mount + +import ( + "fmt" + "github.com/dotcloud/docker/pkg/libcontainer/console" + "os" + "path/filepath" +) + +func SetupPtmx(rootfs, consolePath, mountLabel string) error { + ptmx := filepath.Join(rootfs, "dev/ptmx") + if err := os.Remove(ptmx); err != nil && !os.IsNotExist(err) { + return err + } + if err := os.Symlink("pts/ptmx", ptmx); err != nil { + return fmt.Errorf("symlink dev ptmx %s", err) + } + if consolePath != "" { + if err := console.Setup(rootfs, consolePath, mountLabel); err != nil { + return err + } + } + return nil +} diff --git a/pkg/libcontainer/mount/readonly.go b/pkg/libcontainer/mount/readonly.go new file mode 100644 index 0000000000..0658358ad6 --- /dev/null +++ b/pkg/libcontainer/mount/readonly.go @@ -0,0 +1,12 @@ +// +build linux + +package mount + +import ( + "github.com/dotcloud/docker/pkg/system" + "syscall" +) + +func SetReadonly() error { + return system.Mount("/", "/", "bind", syscall.MS_BIND|syscall.MS_REMOUNT|syscall.MS_RDONLY|syscall.MS_REC, "") +} diff --git a/pkg/libcontainer/mount/remount.go b/pkg/libcontainer/mount/remount.go new file mode 100644 index 0000000000..3e00509ae0 --- /dev/null +++ b/pkg/libcontainer/mount/remount.go @@ -0,0 +1,31 @@ +// +build linux + +package mount + +import ( + "github.com/dotcloud/docker/pkg/system" + "syscall" +) + +func RemountProc() error { + if err := system.Unmount("/proc", syscall.MNT_DETACH); err != nil { + return err + } + if err := system.Mount("proc", "/proc", "proc", uintptr(defaultMountFlags), ""); err != nil { + return err + } + return nil +} + +func RemountSys() error { + if err := system.Unmount("/sys", syscall.MNT_DETACH); err != nil { + if err != syscall.EINVAL { + return err + } + } else { + if err := system.Mount("sysfs", "/sys", "sysfs", uintptr(defaultMountFlags), ""); err != nil { + return err + } + } + return nil +} diff --git a/pkg/libcontainer/nsinit/command.go b/pkg/libcontainer/nsinit/command.go deleted file mode 100644 index 153a48ab59..0000000000 --- a/pkg/libcontainer/nsinit/command.go +++ /dev/null @@ -1,47 +0,0 @@ -package nsinit - -import ( - "github.com/dotcloud/docker/pkg/libcontainer" - "github.com/dotcloud/docker/pkg/system" - "os" - "os/exec" -) - -// CommandFactory takes the container's configuration and options passed by the -// parent processes and creates an *exec.Cmd that will be used to fork/exec the -// namespaced init process -type CommandFactory interface { - Create(container *libcontainer.Container, console string, syncFd *os.File, args []string) *exec.Cmd -} - -type DefaultCommandFactory struct { - Root string -} - -// Create will return an exec.Cmd with the Cloneflags set to the proper namespaces -// defined on the container's configuration and use the current binary as the init with the -// args provided -func (c *DefaultCommandFactory) Create(container *libcontainer.Container, console string, pipe *os.File, args []string) *exec.Cmd { - // get our binary name from arg0 so we can always reexec ourself - command := exec.Command(os.Args[0], append([]string{ - "-console", console, - "-pipe", "3", - "-root", c.Root, - "init"}, args...)...) - - system.SetCloneFlags(command, uintptr(GetNamespaceFlags(container.Namespaces))) - command.Env = container.Env - command.ExtraFiles = []*os.File{pipe} - return command -} - -// GetNamespaceFlags parses the container's Namespaces options to set the correct -// flags on clone, unshare, and setns -func GetNamespaceFlags(namespaces libcontainer.Namespaces) (flag int) { - for _, ns := range namespaces { - if ns.Enabled { - flag |= ns.Value - } - } - return flag -} diff --git a/pkg/libcontainer/nsinit/create.go b/pkg/libcontainer/nsinit/create.go new file mode 100644 index 0000000000..d5cba464d2 --- /dev/null +++ b/pkg/libcontainer/nsinit/create.go @@ -0,0 +1,10 @@ +package nsinit + +import ( + "os" + "os/exec" + + "github.com/dotcloud/docker/pkg/libcontainer" +) + +type CreateCommand func(container *libcontainer.Container, console, rootfs, dataPath, init string, childPipe *os.File, args []string) *exec.Cmd diff --git a/pkg/libcontainer/nsinit/exec.go b/pkg/libcontainer/nsinit/exec.go index e76e060d1c..5d0d772a0f 100644 --- a/pkg/libcontainer/nsinit/exec.go +++ b/pkg/libcontainer/nsinit/exec.go @@ -17,7 +17,7 @@ import ( // Exec performes setup outside of a namespace so that a container can be // executed. Exec is a high level function for working with container namespaces. -func (ns *linuxNs) Exec(container *libcontainer.Container, term Terminal, args []string) (int, error) { +func Exec(container *libcontainer.Container, term Terminal, rootfs, dataPath string, args []string, createCommand CreateCommand, startCallback func()) (int, error) { var ( master *os.File console string @@ -30,10 +30,8 @@ func (ns *linuxNs) Exec(container *libcontainer.Container, term Terminal, args [ if err != nil { return -1, err } - ns.logger.Printf("created sync pipe parent fd %d child fd %d\n", syncPipe.parent.Fd(), syncPipe.child.Fd()) if container.Tty { - ns.logger.Println("creating master and console") master, console, err = system.CreateMasterAndConsole() if err != nil { return -1, err @@ -41,14 +39,12 @@ func (ns *linuxNs) Exec(container *libcontainer.Container, term Terminal, args [ term.SetMaster(master) } - command := ns.commandFactory.Create(container, console, syncPipe.child, args) - ns.logger.Println("attach terminal to command") + command := createCommand(container, console, rootfs, dataPath, os.Args[0], syncPipe.child, args) if err := term.Attach(command); err != nil { return -1, err } defer term.Close() - ns.logger.Println("starting command") if err := command.Start(); err != nil { return -1, err } @@ -57,49 +53,84 @@ func (ns *linuxNs) Exec(container *libcontainer.Container, term Terminal, args [ if err != nil { return -1, err } - ns.logger.Printf("writting pid %d to file\n", command.Process.Pid) - if err := ns.stateWriter.WritePid(command.Process.Pid, started); err != nil { + if err := WritePid(dataPath, command.Process.Pid, started); err != nil { command.Process.Kill() return -1, err } - defer func() { - ns.logger.Println("removing pid file") - ns.stateWriter.DeletePid() - }() + defer DeletePid(dataPath) // Do this before syncing with child so that no children // can escape the cgroup - ns.logger.Println("setting cgroups") - activeCgroup, err := ns.SetupCgroups(container, command.Process.Pid) + cleaner, err := SetupCgroups(container, command.Process.Pid) if err != nil { command.Process.Kill() return -1, err } - if activeCgroup != nil { - defer activeCgroup.Cleanup() + if cleaner != nil { + defer cleaner.Cleanup() } - ns.logger.Println("setting up network") - if err := ns.InitializeNetworking(container, command.Process.Pid, syncPipe); err != nil { + if err := InitializeNetworking(container, command.Process.Pid, syncPipe); err != nil { command.Process.Kill() return -1, err } - ns.logger.Println("closing sync pipe with child") // Sync with child syncPipe.Close() + if startCallback != nil { + startCallback() + } + if err := command.Wait(); err != nil { if _, ok := err.(*exec.ExitError); !ok { return -1, err } } - status := command.ProcessState.Sys().(syscall.WaitStatus).ExitStatus() - ns.logger.Printf("process exited with status %d\n", status) - return status, err + return command.ProcessState.Sys().(syscall.WaitStatus).ExitStatus(), nil } -func (ns *linuxNs) SetupCgroups(container *libcontainer.Container, nspid int) (cgroups.ActiveCgroup, error) { +// DefaultCreateCommand will return an exec.Cmd with the Cloneflags set to the proper namespaces +// defined on the container's configuration and use the current binary as the init with the +// args provided +// +// console: the /dev/console to setup inside the container +// init: the progam executed inside the namespaces +// root: the path to the container json file and information +// pipe: sync pipe to syncronize the parent and child processes +// args: the arguemnts to pass to the container to run as the user's program +func DefaultCreateCommand(container *libcontainer.Container, console, rootfs, dataPath, init string, pipe *os.File, args []string) *exec.Cmd { + // get our binary name from arg0 so we can always reexec ourself + env := []string{ + "console=" + console, + "pipe=3", + "data_path=" + dataPath, + } + + /* + TODO: move user and wd into env + if user != "" { + env = append(env, "user="+user) + } + if workingDir != "" { + env = append(env, "wd="+workingDir) + } + */ + + command := exec.Command(init, append([]string{"init"}, args...)...) + // make sure the process is executed inside the context of the rootfs + command.Dir = rootfs + command.Env = append(os.Environ(), env...) + + system.SetCloneFlags(command, uintptr(GetNamespaceFlags(container.Namespaces))) + command.ExtraFiles = []*os.File{pipe} + + return command +} + +// SetupCgroups applies the cgroup restrictions to the process running in the contaienr based +// on the container's configuration +func SetupCgroups(container *libcontainer.Container, nspid int) (cgroups.ActiveCgroup, error) { if container.Cgroups != nil { c := container.Cgroups if systemd.UseSystemd() { @@ -110,7 +141,9 @@ func (ns *linuxNs) SetupCgroups(container *libcontainer.Container, nspid int) (c return nil, nil } -func (ns *linuxNs) InitializeNetworking(container *libcontainer.Container, nspid int, pipe *SyncPipe) error { +// InitializeNetworking creates the container's network stack outside of the namespace and moves +// interfaces into the container's net namespaces if necessary +func InitializeNetworking(container *libcontainer.Container, nspid int, pipe *SyncPipe) error { context := libcontainer.Context{} for _, config := range container.Networks { strategy, err := network.GetStrategy(config.Type) @@ -123,3 +156,16 @@ func (ns *linuxNs) InitializeNetworking(container *libcontainer.Container, nspid } return pipe.SendToChild(context) } + +// GetNamespaceFlags parses the container's Namespaces options to set the correct +// flags on clone, unshare, and setns +func GetNamespaceFlags(namespaces map[string]bool) (flag int) { + for key, enabled := range namespaces { + if enabled { + if ns := libcontainer.GetNamespace(key); ns != nil { + flag |= ns.Value + } + } + } + return flag +} diff --git a/pkg/libcontainer/nsinit/execin.go b/pkg/libcontainer/nsinit/execin.go index 9017af06e9..40b95093dd 100644 --- a/pkg/libcontainer/nsinit/execin.go +++ b/pkg/libcontainer/nsinit/execin.go @@ -4,26 +4,36 @@ package nsinit import ( "fmt" - "github.com/dotcloud/docker/pkg/label" - "github.com/dotcloud/docker/pkg/libcontainer" - "github.com/dotcloud/docker/pkg/system" "os" "path/filepath" "strconv" "syscall" + + "github.com/dotcloud/docker/pkg/label" + "github.com/dotcloud/docker/pkg/libcontainer" + "github.com/dotcloud/docker/pkg/libcontainer/mount" + "github.com/dotcloud/docker/pkg/system" ) // ExecIn uses an existing pid and joins the pid's namespaces with the new command. -func (ns *linuxNs) ExecIn(container *libcontainer.Container, nspid int, args []string) (int, error) { - for _, nsv := range container.Namespaces { +func ExecIn(container *libcontainer.Container, nspid int, args []string) (int, error) { + // clear the current processes env and replace it with the environment + // defined on the container + if err := LoadContainerEnvironment(container); err != nil { + return -1, err + } + + for key, enabled := range container.Namespaces { // skip the PID namespace on unshare because it it not supported - if nsv.Key != "NEWPID" { - if err := system.Unshare(nsv.Value); err != nil { - return -1, err + if enabled && key != "NEWPID" { + if ns := libcontainer.GetNamespace(key); ns != nil { + if err := system.Unshare(ns.Value); err != nil { + return -1, err + } } } } - fds, err := ns.getNsFds(nspid, container) + fds, err := getNsFds(nspid, container) closeFds := func() { for _, f := range fds { system.Closefd(f) @@ -41,7 +51,6 @@ func (ns *linuxNs) ExecIn(container *libcontainer.Container, nspid int, args []s // foreach namespace fd, use setns to join an existing container's namespaces for _, fd := range fds { if fd > 0 { - ns.logger.Printf("setns on %d\n", fd) if err := system.Setns(fd, 0); err != nil { closeFds() return -1, fmt.Errorf("setns %s", err) @@ -52,8 +61,7 @@ func (ns *linuxNs) ExecIn(container *libcontainer.Container, nspid int, args []s // if the container has a new pid and mount namespace we need to // remount proc and sys to pick up the changes - if container.Namespaces.Contains("NEWNS") && container.Namespaces.Contains("NEWPID") { - ns.logger.Println("forking to remount /proc and /sys") + if container.Namespaces["NEWNS"] && container.Namespaces["NEWPID"] { pid, err := system.Fork() if err != nil { return -1, err @@ -63,10 +71,10 @@ func (ns *linuxNs) ExecIn(container *libcontainer.Container, nspid int, args []s if err := system.Unshare(syscall.CLONE_NEWNS); err != nil { return -1, err } - if err := remountProc(); err != nil { + if err := mount.RemountProc(); err != nil { return -1, fmt.Errorf("remount proc %s", err) } - if err := remountSys(); err != nil { + if err := mount.RemountSys(); err != nil { return -1, fmt.Errorf("remount sys %s", err) } goto dropAndExec @@ -82,7 +90,7 @@ func (ns *linuxNs) ExecIn(container *libcontainer.Container, nspid int, args []s os.Exit(state.Sys().(syscall.WaitStatus).ExitStatus()) } dropAndExec: - if err := finalizeNamespace(container); err != nil { + if err := FinalizeNamespace(container); err != nil { return -1, err } err = label.SetProcessLabel(processLabel) @@ -95,14 +103,19 @@ dropAndExec: panic("unreachable") } -func (ns *linuxNs) getNsFds(pid int, container *libcontainer.Container) ([]uintptr, error) { - fds := make([]uintptr, len(container.Namespaces)) - for i, ns := range container.Namespaces { - f, err := os.OpenFile(filepath.Join("/proc/", strconv.Itoa(pid), "ns", ns.File), os.O_RDONLY, 0) - if err != nil { - return fds, err +func getNsFds(pid int, container *libcontainer.Container) ([]uintptr, error) { + fds := []uintptr{} + + for key, enabled := range container.Namespaces { + if enabled { + if ns := libcontainer.GetNamespace(key); ns != nil { + f, err := os.OpenFile(filepath.Join("/proc/", strconv.Itoa(pid), "ns", ns.File), os.O_RDONLY, 0) + if err != nil { + return fds, err + } + fds = append(fds, f.Fd()) + } } - fds[i] = f.Fd() } return fds, nil } diff --git a/pkg/libcontainer/nsinit/init.go b/pkg/libcontainer/nsinit/init.go index 0e85c0e4be..3bbcfcc654 100644 --- a/pkg/libcontainer/nsinit/init.go +++ b/pkg/libcontainer/nsinit/init.go @@ -6,13 +6,17 @@ import ( "fmt" "os" "runtime" + "strings" "syscall" "github.com/dotcloud/docker/pkg/apparmor" "github.com/dotcloud/docker/pkg/label" "github.com/dotcloud/docker/pkg/libcontainer" - "github.com/dotcloud/docker/pkg/libcontainer/capabilities" + "github.com/dotcloud/docker/pkg/libcontainer/console" + "github.com/dotcloud/docker/pkg/libcontainer/mount" "github.com/dotcloud/docker/pkg/libcontainer/network" + "github.com/dotcloud/docker/pkg/libcontainer/security/capabilities" + "github.com/dotcloud/docker/pkg/libcontainer/security/restrict" "github.com/dotcloud/docker/pkg/libcontainer/utils" "github.com/dotcloud/docker/pkg/system" "github.com/dotcloud/docker/pkg/user" @@ -20,36 +24,35 @@ import ( // Init is the init process that first runs inside a new namespace to setup mounts, users, networking, // and other options required for the new container. -func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, console string, syncPipe *SyncPipe, args []string) error { +func Init(container *libcontainer.Container, uncleanRootfs, consolePath string, syncPipe *SyncPipe, args []string) error { rootfs, err := utils.ResolveRootfs(uncleanRootfs) if err != nil { return err } + // clear the current processes env and replace it with the environment + // defined on the container + if err := LoadContainerEnvironment(container); err != nil { + return err + } + // We always read this as it is a way to sync with the parent as well - ns.logger.Printf("reading from sync pipe fd %d\n", syncPipe.child.Fd()) context, err := syncPipe.ReadFromParent() if err != nil { syncPipe.Close() return err } - ns.logger.Println("received context from parent") syncPipe.Close() - if console != "" { - ns.logger.Printf("setting up %s as console\n", console) - slave, err := system.OpenTerminal(console, syscall.O_RDWR) - if err != nil { - return fmt.Errorf("open terminal %s", err) - } - if err := dupSlave(slave); err != nil { - return fmt.Errorf("dup2 slave %s", err) + if consolePath != "" { + if err := console.OpenAndDup(consolePath); err != nil { + return err } } if _, err := system.Setsid(); err != nil { return fmt.Errorf("setsid %s", err) } - if console != "" { + if consolePath != "" { if err := system.Setctty(); err != nil { return fmt.Errorf("setctty %s", err) } @@ -59,72 +62,49 @@ func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, consol } label.Init() - ns.logger.Println("setup mount namespace") - if err := setupNewMountNamespace(rootfs, container.Mounts, console, container.ReadonlyFs, container.NoPivotRoot, container.Context["mount_label"]); err != nil { + + if err := mount.InitializeMountNamespace(rootfs, consolePath, container); err != nil { return fmt.Errorf("setup mount namespace %s", err) } - if err := system.Sethostname(container.Hostname); err != nil { - return fmt.Errorf("sethostname %s", err) - } - if err := finalizeNamespace(container); err != nil { - return fmt.Errorf("finalize namespace %s", err) + if container.Hostname != "" { + if err := system.Sethostname(container.Hostname); err != nil { + return fmt.Errorf("sethostname %s", err) + } } - if profile := container.Context["apparmor_profile"]; profile != "" { - ns.logger.Printf("setting apparmor profile %s\n", profile) - if err := apparmor.ApplyProfile(os.Getpid(), profile); err != nil { + runtime.LockOSThread() + + if err := apparmor.ApplyProfile(container.Context["apparmor_profile"]); err != nil { + return fmt.Errorf("set apparmor profile %s: %s", container.Context["apparmor_profile"], err) + } + if err := label.SetProcessLabel(container.Context["process_label"]); err != nil { + return fmt.Errorf("set process label %s", err) + } + if container.Context["restrictions"] != "" { + if err := restrict.Restrict("proc", "sys"); err != nil { return err } } - runtime.LockOSThread() - if err := label.SetProcessLabel(container.Context["process_label"]); err != nil { - return fmt.Errorf("SetProcessLabel label %s", err) + if err := FinalizeNamespace(container); err != nil { + return fmt.Errorf("finalize namespace %s", err) } - ns.logger.Printf("execing %s\n", args[0]) return system.Execv(args[0], args[0:], container.Env) } -func setupUser(container *libcontainer.Container) error { - switch container.User { - case "root", "": - if err := system.Setgroups(nil); err != nil { - return err - } - if err := system.Setresgid(0, 0, 0); err != nil { - return err - } - if err := system.Setresuid(0, 0, 0); err != nil { - return err - } - default: - uid, gid, suppGids, err := user.GetUserGroupSupplementary(container.User, syscall.Getuid(), syscall.Getgid()) - if err != nil { - return err - } - if err := system.Setgroups(suppGids); err != nil { - return err - } - if err := system.Setgid(gid); err != nil { - return err - } - if err := system.Setuid(uid); err != nil { - return err - } +// SetupUser changes the groups, gid, and uid for the user inside the container +func SetupUser(u string) error { + uid, gid, suppGids, err := user.GetUserGroupSupplementary(u, syscall.Getuid(), syscall.Getgid()) + if err != nil { + return fmt.Errorf("get supplementary groups %s", err) } - return nil -} - -// dupSlave dup2 the pty slave's fd into stdout and stdin and ensures that -// the slave's fd is 0, or stdin -func dupSlave(slave *os.File) error { - if err := system.Dup2(slave.Fd(), 0); err != nil { - return err + if err := system.Setgroups(suppGids); err != nil { + return fmt.Errorf("setgroups %s", err) } - if err := system.Dup2(slave.Fd(), 1); err != nil { - return err + if err := system.Setgid(gid); err != nil { + return fmt.Errorf("setgid %s", err) } - if err := system.Dup2(slave.Fd(), 2); err != nil { - return err + if err := system.Setuid(uid); err != nil { + return fmt.Errorf("setuid %s", err) } return nil } @@ -147,13 +127,17 @@ func setupNetwork(container *libcontainer.Container, context libcontainer.Contex return nil } -// finalizeNamespace drops the caps and sets the correct user -// and working dir before execing the command inside the namespace -func finalizeNamespace(container *libcontainer.Container) error { +// FinalizeNamespace drops the caps, sets the correct user +// and working dir, and closes any leaky file descriptors +// before execing the command inside the namespace +func FinalizeNamespace(container *libcontainer.Container) error { if err := capabilities.DropCapabilities(container); err != nil { return fmt.Errorf("drop capabilities %s", err) } - if err := setupUser(container); err != nil { + if err := system.CloseFdsFrom(3); err != nil { + return fmt.Errorf("close open file descriptors %s", err) + } + if err := SetupUser(container.User); err != nil { return fmt.Errorf("setup user %s", err) } if container.WorkingDir != "" { @@ -163,3 +147,14 @@ func finalizeNamespace(container *libcontainer.Container) error { } return nil } + +func LoadContainerEnvironment(container *libcontainer.Container) error { + os.Clearenv() + for _, pair := range container.Env { + p := strings.SplitN(pair, "=", 2) + if err := os.Setenv(p[0], p[1]); err != nil { + return err + } + } + return nil +} diff --git a/pkg/libcontainer/nsinit/mount.go b/pkg/libcontainer/nsinit/mount.go deleted file mode 100644 index dd6b1c8a43..0000000000 --- a/pkg/libcontainer/nsinit/mount.go +++ /dev/null @@ -1,265 +0,0 @@ -// +build linux - -package nsinit - -import ( - "fmt" - "github.com/dotcloud/docker/pkg/label" - "github.com/dotcloud/docker/pkg/libcontainer" - "github.com/dotcloud/docker/pkg/system" - "io/ioutil" - "os" - "path/filepath" - "syscall" -) - -// default mount point flags -const defaultMountFlags = syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NODEV - -// setupNewMountNamespace is used to initialize a new mount namespace for an new -// container in the rootfs that is specified. -// -// There is no need to unmount the new mounts because as soon as the mount namespace -// is no longer in use, the mounts will be removed automatically -func setupNewMountNamespace(rootfs string, bindMounts []libcontainer.Mount, console string, readonly, noPivotRoot bool, mountLabel string) error { - flag := syscall.MS_PRIVATE - if noPivotRoot { - flag = syscall.MS_SLAVE - } - if err := system.Mount("", "/", "", uintptr(flag|syscall.MS_REC), ""); err != nil { - return fmt.Errorf("mounting / as slave %s", err) - } - if err := system.Mount(rootfs, rootfs, "bind", syscall.MS_BIND|syscall.MS_REC, ""); err != nil { - return fmt.Errorf("mouting %s as bind %s", rootfs, err) - } - if err := mountSystem(rootfs, mountLabel); err != nil { - return fmt.Errorf("mount system %s", err) - } - - for _, m := range bindMounts { - var ( - flags = syscall.MS_BIND | syscall.MS_REC - dest = filepath.Join(rootfs, m.Destination) - ) - if !m.Writable { - flags = flags | syscall.MS_RDONLY - } - if err := system.Mount(m.Source, dest, "bind", uintptr(flags), ""); err != nil { - return fmt.Errorf("mounting %s into %s %s", m.Source, dest, err) - } - if !m.Writable { - if err := system.Mount(m.Source, dest, "bind", uintptr(flags|syscall.MS_REMOUNT), ""); err != nil { - return fmt.Errorf("remounting %s into %s %s", m.Source, dest, err) - } - } - if m.Private { - if err := system.Mount("", dest, "none", uintptr(syscall.MS_PRIVATE), ""); err != nil { - return fmt.Errorf("mounting %s private %s", dest, err) - } - } - } - - if err := copyDevNodes(rootfs); err != nil { - return fmt.Errorf("copy dev nodes %s", err) - } - if err := setupPtmx(rootfs, console, mountLabel); err != nil { - return err - } - if err := system.Chdir(rootfs); err != nil { - return fmt.Errorf("chdir into %s %s", rootfs, err) - } - - if noPivotRoot { - if err := rootMsMove(rootfs); err != nil { - return err - } - } else { - if err := rootPivot(rootfs); err != nil { - return err - } - } - - if readonly { - if err := system.Mount("/", "/", "bind", syscall.MS_BIND|syscall.MS_REMOUNT|syscall.MS_RDONLY|syscall.MS_REC, ""); err != nil { - return fmt.Errorf("mounting %s as readonly %s", rootfs, err) - } - } - - system.Umask(0022) - - return nil -} - -// use a pivot root to setup the rootfs -func rootPivot(rootfs string) error { - pivotDir, err := ioutil.TempDir(rootfs, ".pivot_root") - if err != nil { - return fmt.Errorf("can't create pivot_root dir %s", pivotDir, err) - } - if err := system.Pivotroot(rootfs, pivotDir); err != nil { - return fmt.Errorf("pivot_root %s", err) - } - if err := system.Chdir("/"); err != nil { - return fmt.Errorf("chdir / %s", err) - } - // path to pivot dir now changed, update - pivotDir = filepath.Join("/", filepath.Base(pivotDir)) - if err := system.Unmount(pivotDir, syscall.MNT_DETACH); err != nil { - return fmt.Errorf("unmount pivot_root dir %s", err) - } - if err := os.Remove(pivotDir); err != nil { - return fmt.Errorf("remove pivot_root dir %s", err) - } - return nil -} - -// use MS_MOVE and chroot to setup the rootfs -func rootMsMove(rootfs string) error { - if err := system.Mount(rootfs, "/", "", syscall.MS_MOVE, ""); err != nil { - return fmt.Errorf("mount move %s into / %s", rootfs, err) - } - if err := system.Chroot("."); err != nil { - return fmt.Errorf("chroot . %s", err) - } - if err := system.Chdir("/"); err != nil { - return fmt.Errorf("chdir / %s", err) - } - return nil -} - -// copyDevNodes mknods the hosts devices so the new container has access to them -func copyDevNodes(rootfs string) error { - oldMask := system.Umask(0000) - defer system.Umask(oldMask) - - for _, node := range []string{ - "null", - "zero", - "full", - "random", - "urandom", - "tty", - } { - if err := copyDevNode(rootfs, node); err != nil { - return err - } - } - return nil -} - -func copyDevNode(rootfs, node string) error { - stat, err := os.Stat(filepath.Join("/dev", node)) - if err != nil { - return err - } - var ( - dest = filepath.Join(rootfs, "dev", node) - st = stat.Sys().(*syscall.Stat_t) - ) - if err := system.Mknod(dest, st.Mode, int(st.Rdev)); err != nil && !os.IsExist(err) { - return fmt.Errorf("copy %s %s", node, err) - } - return nil -} - -// setupConsole ensures that the container has a proper /dev/console setup -func setupConsole(rootfs, console string, mountLabel string) error { - oldMask := system.Umask(0000) - defer system.Umask(oldMask) - - stat, err := os.Stat(console) - if err != nil { - return fmt.Errorf("stat console %s %s", console, err) - } - var ( - st = stat.Sys().(*syscall.Stat_t) - dest = filepath.Join(rootfs, "dev/console") - ) - if err := os.Remove(dest); err != nil && !os.IsNotExist(err) { - return fmt.Errorf("remove %s %s", dest, err) - } - if err := os.Chmod(console, 0600); err != nil { - return err - } - if err := os.Chown(console, 0, 0); err != nil { - return err - } - if err := system.Mknod(dest, (st.Mode&^07777)|0600, int(st.Rdev)); err != nil { - return fmt.Errorf("mknod %s %s", dest, err) - } - if err := label.SetFileLabel(console, mountLabel); err != nil { - return fmt.Errorf("SetFileLabel Failed %s %s", dest, err) - } - if err := system.Mount(console, dest, "bind", syscall.MS_BIND, ""); err != nil { - return fmt.Errorf("bind %s to %s %s", console, dest, err) - } - return nil -} - -// mountSystem sets up linux specific system mounts like sys, proc, shm, and devpts -// inside the mount namespace -func mountSystem(rootfs string, mountLabel string) error { - for _, m := range []struct { - source string - path string - device string - flags int - data string - }{ - {source: "proc", path: filepath.Join(rootfs, "proc"), device: "proc", flags: defaultMountFlags}, - {source: "sysfs", path: filepath.Join(rootfs, "sys"), device: "sysfs", flags: defaultMountFlags}, - {source: "shm", path: filepath.Join(rootfs, "dev", "shm"), device: "tmpfs", flags: defaultMountFlags, data: label.FormatMountLabel("mode=1777,size=65536k", mountLabel)}, - {source: "devpts", path: filepath.Join(rootfs, "dev", "pts"), device: "devpts", flags: syscall.MS_NOSUID | syscall.MS_NOEXEC, data: label.FormatMountLabel("newinstance,ptmxmode=0666,mode=620,gid=5", mountLabel)}, - } { - if err := os.MkdirAll(m.path, 0755); err != nil && !os.IsExist(err) { - return fmt.Errorf("mkdirall %s %s", m.path, err) - } - if err := system.Mount(m.source, m.path, m.device, uintptr(m.flags), m.data); err != nil { - return fmt.Errorf("mounting %s into %s %s", m.source, m.path, err) - } - } - return nil -} - -// setupPtmx adds a symlink to pts/ptmx for /dev/ptmx and -// finishes setting up /dev/console -func setupPtmx(rootfs, console string, mountLabel string) error { - ptmx := filepath.Join(rootfs, "dev/ptmx") - if err := os.Remove(ptmx); err != nil && !os.IsNotExist(err) { - return err - } - if err := os.Symlink("pts/ptmx", ptmx); err != nil { - return fmt.Errorf("symlink dev ptmx %s", err) - } - if console != "" { - if err := setupConsole(rootfs, console, mountLabel); err != nil { - return err - } - } - return nil -} - -// remountProc is used to detach and remount the proc filesystem -// commonly needed with running a new process inside an existing container -func remountProc() error { - if err := system.Unmount("/proc", syscall.MNT_DETACH); err != nil { - return err - } - if err := system.Mount("proc", "/proc", "proc", uintptr(defaultMountFlags), ""); err != nil { - return err - } - return nil -} - -func remountSys() error { - if err := system.Unmount("/sys", syscall.MNT_DETACH); err != nil { - if err != syscall.EINVAL { - return err - } - } else { - if err := system.Mount("sysfs", "/sys", "sysfs", uintptr(defaultMountFlags), ""); err != nil { - return err - } - } - return nil -} diff --git a/pkg/libcontainer/nsinit/nsinit.go b/pkg/libcontainer/nsinit/nsinit.go deleted file mode 100644 index c308692af6..0000000000 --- a/pkg/libcontainer/nsinit/nsinit.go +++ /dev/null @@ -1,29 +0,0 @@ -package nsinit - -import ( - "github.com/dotcloud/docker/pkg/libcontainer" - "log" -) - -// NsInit is an interface with the public facing methods to provide high level -// exec operations on a container -type NsInit interface { - Exec(container *libcontainer.Container, term Terminal, args []string) (int, error) - ExecIn(container *libcontainer.Container, nspid int, args []string) (int, error) - Init(container *libcontainer.Container, uncleanRootfs, console string, syncPipe *SyncPipe, args []string) error -} - -type linuxNs struct { - root string - commandFactory CommandFactory - stateWriter StateWriter - logger *log.Logger -} - -func NewNsInit(command CommandFactory, state StateWriter, logger *log.Logger) NsInit { - return &linuxNs{ - commandFactory: command, - stateWriter: state, - logger: logger, - } -} diff --git a/pkg/libcontainer/nsinit/nsinit/main.go b/pkg/libcontainer/nsinit/nsinit/main.go index 37aa784981..b5325d40b3 100644 --- a/pkg/libcontainer/nsinit/nsinit/main.go +++ b/pkg/libcontainer/nsinit/nsinit/main.go @@ -2,8 +2,6 @@ package main import ( "encoding/json" - "flag" - "io" "io/ioutil" "log" "os" @@ -15,80 +13,65 @@ import ( ) var ( - root, console, logs string - pipeFd int + dataPath = os.Getenv("data_path") + console = os.Getenv("console") + rawPipeFd = os.Getenv("pipe") ) -func registerFlags() { - flag.StringVar(&console, "console", "", "console (pty slave) path") - flag.IntVar(&pipeFd, "pipe", 0, "sync pipe fd") - flag.StringVar(&root, "root", ".", "root for storing configuration data") - flag.StringVar(&logs, "log", "none", "set stderr or a filepath to enable logging") - - flag.Parse() -} - func main() { - registerFlags() - - if flag.NArg() < 1 { - log.Fatalf("wrong number of argments %d", flag.NArg()) + if len(os.Args) < 2 { + log.Fatalf("invalid number of arguments %d", len(os.Args)) } + container, err := loadContainer() if err != nil { - log.Fatalf("Unable to load container: %s", err) - } - l, err := getLogger("[exec] ") - if err != nil { - log.Fatal(err) + log.Fatalf("unable to load container: %s", err) } - ns, err := newNsInit(l) - if err != nil { - log.Fatalf("Unable to initialize nsinit: %s", err) - } - - switch flag.Arg(0) { + switch os.Args[1] { case "exec": // this is executed outside of the namespace in the cwd - var exitCode int - nspid, err := readPid() - if err != nil { - if !os.IsNotExist(err) { - l.Fatalf("Unable to read pid: %s", err) - } + var nspid, exitCode int + if nspid, err = readPid(); err != nil && !os.IsNotExist(err) { + log.Fatalf("unable to read pid: %s", err) } + if nspid > 0 { - exitCode, err = ns.ExecIn(container, nspid, flag.Args()[1:]) + exitCode, err = nsinit.ExecIn(container, nspid, os.Args[2:]) } else { term := nsinit.NewTerminal(os.Stdin, os.Stdout, os.Stderr, container.Tty) - exitCode, err = ns.Exec(container, term, flag.Args()[1:]) + exitCode, err = nsinit.Exec(container, term, "", dataPath, os.Args[2:], nsinit.DefaultCreateCommand, nil) } + if err != nil { - l.Fatalf("Failed to exec: %s", err) + log.Fatalf("failed to exec: %s", err) } os.Exit(exitCode) case "init": // this is executed inside of the namespace to setup the container - cwd, err := os.Getwd() + // by default our current dir is always our rootfs + rootfs, err := os.Getwd() if err != nil { - l.Fatal(err) + log.Fatal(err) } - if flag.NArg() < 2 { - l.Fatalf("wrong number of argments %d", flag.NArg()) + + pipeFd, err := strconv.Atoi(rawPipeFd) + if err != nil { + log.Fatal(err) } syncPipe, err := nsinit.NewSyncPipeFromFd(0, uintptr(pipeFd)) if err != nil { - l.Fatalf("Unable to create sync pipe: %s", err) + log.Fatalf("unable to create sync pipe: %s", err) } - if err := ns.Init(container, cwd, console, syncPipe, flag.Args()[1:]); err != nil { - l.Fatalf("Unable to initialize for container: %s", err) + + if err := nsinit.Init(container, rootfs, console, syncPipe, os.Args[2:]); err != nil { + log.Fatalf("unable to initialize for container: %s", err) } default: - l.Fatalf("command not supported for nsinit %s", flag.Arg(0)) + log.Fatalf("command not supported for nsinit %s", os.Args[0]) } } func loadContainer() (*libcontainer.Container, error) { - f, err := os.Open(filepath.Join(root, "container.json")) + f, err := os.Open(filepath.Join(dataPath, "container.json")) if err != nil { return nil, err } @@ -102,7 +85,7 @@ func loadContainer() (*libcontainer.Container, error) { } func readPid() (int, error) { - data, err := ioutil.ReadFile(filepath.Join(root, "pid")) + data, err := ioutil.ReadFile(filepath.Join(dataPath, "pid")) if err != nil { return -1, err } @@ -112,24 +95,3 @@ func readPid() (int, error) { } return pid, nil } - -func newNsInit(l *log.Logger) (nsinit.NsInit, error) { - return nsinit.NewNsInit(&nsinit.DefaultCommandFactory{root}, &nsinit.DefaultStateWriter{root}, l), nil -} - -func getLogger(prefix string) (*log.Logger, error) { - var w io.Writer - switch logs { - case "", "none": - w = ioutil.Discard - case "stderr": - w = os.Stderr - default: // we have a filepath - f, err := os.OpenFile(logs, os.O_CREATE|os.O_RDWR|os.O_APPEND, 0755) - if err != nil { - return nil, err - } - w = f - } - return log.New(w, prefix, log.LstdFlags), nil -} diff --git a/pkg/libcontainer/nsinit/pid.go b/pkg/libcontainer/nsinit/pid.go new file mode 100644 index 0000000000..bba2f10e1b --- /dev/null +++ b/pkg/libcontainer/nsinit/pid.go @@ -0,0 +1,28 @@ +package nsinit + +import ( + "fmt" + "io/ioutil" + "os" + "path/filepath" +) + +// WritePid writes the namespaced processes pid to pid and it's start time +// to the path specified +func WritePid(path string, pid int, startTime string) error { + err := ioutil.WriteFile(filepath.Join(path, "pid"), []byte(fmt.Sprint(pid)), 0655) + if err != nil { + return err + } + return ioutil.WriteFile(filepath.Join(path, "start"), []byte(startTime), 0655) +} + +// DeletePid removes the pid and started file from disk when the container's process +// dies and the container is cleanly removed +func DeletePid(path string) error { + err := os.Remove(filepath.Join(path, "pid")) + if serr := os.Remove(filepath.Join(path, "start")); err == nil { + err = serr + } + return err +} diff --git a/pkg/libcontainer/nsinit/state.go b/pkg/libcontainer/nsinit/state.go deleted file mode 100644 index 26d7fa4230..0000000000 --- a/pkg/libcontainer/nsinit/state.go +++ /dev/null @@ -1,36 +0,0 @@ -package nsinit - -import ( - "fmt" - "io/ioutil" - "os" - "path/filepath" -) - -// StateWriter handles writing and deleting the pid file -// on disk -type StateWriter interface { - WritePid(pid int, startTime string) error - DeletePid() error -} - -type DefaultStateWriter struct { - Root string -} - -// writePidFile writes the namespaced processes pid to pid in the rootfs for the container -func (d *DefaultStateWriter) WritePid(pid int, startTime string) error { - err := ioutil.WriteFile(filepath.Join(d.Root, "pid"), []byte(fmt.Sprint(pid)), 0655) - if err != nil { - return err - } - return ioutil.WriteFile(filepath.Join(d.Root, "start"), []byte(startTime), 0655) -} - -func (d *DefaultStateWriter) DeletePid() error { - err := os.Remove(filepath.Join(d.Root, "pid")) - if serr := os.Remove(filepath.Join(d.Root, "start")); err == nil { - err = serr - } - return err -} diff --git a/pkg/libcontainer/nsinit/std_term.go b/pkg/libcontainer/nsinit/std_term.go new file mode 100644 index 0000000000..2b8201a71b --- /dev/null +++ b/pkg/libcontainer/nsinit/std_term.go @@ -0,0 +1,49 @@ +package nsinit + +import ( + "io" + "os" + "os/exec" +) + +type StdTerminal struct { + stdin io.Reader + stdout, stderr io.Writer +} + +func (s *StdTerminal) SetMaster(*os.File) { + // no need to set master on non tty +} + +func (s *StdTerminal) Close() error { + return nil +} + +func (s *StdTerminal) Resize(h, w int) error { + return nil +} + +func (s *StdTerminal) Attach(command *exec.Cmd) error { + inPipe, err := command.StdinPipe() + if err != nil { + return err + } + outPipe, err := command.StdoutPipe() + if err != nil { + return err + } + errPipe, err := command.StderrPipe() + if err != nil { + return err + } + + go func() { + defer inPipe.Close() + io.Copy(inPipe, s.stdin) + }() + + go io.Copy(s.stdout, outPipe) + go io.Copy(s.stderr, errPipe) + + return nil +} diff --git a/pkg/libcontainer/nsinit/sync_pipe.go b/pkg/libcontainer/nsinit/sync_pipe.go index f724f525f0..d0bfdda865 100644 --- a/pkg/libcontainer/nsinit/sync_pipe.go +++ b/pkg/libcontainer/nsinit/sync_pipe.go @@ -3,9 +3,10 @@ package nsinit import ( "encoding/json" "fmt" - "github.com/dotcloud/docker/pkg/libcontainer" "io/ioutil" "os" + + "github.com/dotcloud/docker/pkg/libcontainer" ) // SyncPipe allows communication to and from the child processes @@ -36,6 +37,14 @@ func NewSyncPipeFromFd(parendFd, childFd uintptr) (*SyncPipe, error) { return s, nil } +func (s *SyncPipe) Child() *os.File { + return s.child +} + +func (s *SyncPipe) Parent() *os.File { + return s.parent +} + func (s *SyncPipe) SendToChild(context libcontainer.Context) error { data, err := json.Marshal(context) if err != nil { diff --git a/pkg/libcontainer/nsinit/term.go b/pkg/libcontainer/nsinit/term.go index 58dccab2b8..5fc801ab53 100644 --- a/pkg/libcontainer/nsinit/term.go +++ b/pkg/libcontainer/nsinit/term.go @@ -1,7 +1,6 @@ package nsinit import ( - "github.com/dotcloud/docker/pkg/term" "io" "os" "os/exec" @@ -28,91 +27,3 @@ func NewTerminal(stdin io.Reader, stdout, stderr io.Writer, tty bool) Terminal { stderr: stderr, } } - -type TtyTerminal struct { - stdin io.Reader - stdout, stderr io.Writer - master *os.File - state *term.State -} - -func (t *TtyTerminal) Resize(h, w int) error { - return term.SetWinsize(t.master.Fd(), &term.Winsize{Height: uint16(h), Width: uint16(w)}) -} - -func (t *TtyTerminal) SetMaster(master *os.File) { - t.master = master -} - -func (t *TtyTerminal) Attach(command *exec.Cmd) error { - go io.Copy(t.stdout, t.master) - go io.Copy(t.master, t.stdin) - - state, err := t.setupWindow(t.master, os.Stdin) - if err != nil { - command.Process.Kill() - return err - } - t.state = state - return err -} - -// SetupWindow gets the parent window size and sets the master -// pty to the current size and set the parents mode to RAW -func (t *TtyTerminal) setupWindow(master, parent *os.File) (*term.State, error) { - ws, err := term.GetWinsize(parent.Fd()) - if err != nil { - return nil, err - } - if err := term.SetWinsize(master.Fd(), ws); err != nil { - return nil, err - } - return term.SetRawTerminal(parent.Fd()) -} - -func (t *TtyTerminal) Close() error { - term.RestoreTerminal(os.Stdin.Fd(), t.state) - return t.master.Close() -} - -type StdTerminal struct { - stdin io.Reader - stdout, stderr io.Writer -} - -func (s *StdTerminal) SetMaster(*os.File) { - // no need to set master on non tty -} - -func (s *StdTerminal) Close() error { - return nil -} - -func (s *StdTerminal) Resize(h, w int) error { - return nil -} - -func (s *StdTerminal) Attach(command *exec.Cmd) error { - inPipe, err := command.StdinPipe() - if err != nil { - return err - } - outPipe, err := command.StdoutPipe() - if err != nil { - return err - } - errPipe, err := command.StderrPipe() - if err != nil { - return err - } - - go func() { - defer inPipe.Close() - io.Copy(inPipe, s.stdin) - }() - - go io.Copy(s.stdout, outPipe) - go io.Copy(s.stderr, errPipe) - - return nil -} diff --git a/pkg/libcontainer/nsinit/tty_term.go b/pkg/libcontainer/nsinit/tty_term.go new file mode 100644 index 0000000000..fcbd085c82 --- /dev/null +++ b/pkg/libcontainer/nsinit/tty_term.go @@ -0,0 +1,55 @@ +package nsinit + +import ( + "io" + "os" + "os/exec" + + "github.com/dotcloud/docker/pkg/term" +) + +type TtyTerminal struct { + stdin io.Reader + stdout, stderr io.Writer + master *os.File + state *term.State +} + +func (t *TtyTerminal) Resize(h, w int) error { + return term.SetWinsize(t.master.Fd(), &term.Winsize{Height: uint16(h), Width: uint16(w)}) +} + +func (t *TtyTerminal) SetMaster(master *os.File) { + t.master = master +} + +func (t *TtyTerminal) Attach(command *exec.Cmd) error { + go io.Copy(t.stdout, t.master) + go io.Copy(t.master, t.stdin) + + state, err := t.setupWindow(t.master, os.Stdin) + if err != nil { + command.Process.Kill() + return err + } + t.state = state + return err +} + +// SetupWindow gets the parent window size and sets the master +// pty to the current size and set the parents mode to RAW +func (t *TtyTerminal) setupWindow(master, parent *os.File) (*term.State, error) { + ws, err := term.GetWinsize(parent.Fd()) + if err != nil { + return nil, err + } + if err := term.SetWinsize(master.Fd(), ws); err != nil { + return nil, err + } + return term.SetRawTerminal(parent.Fd()) +} + +func (t *TtyTerminal) Close() error { + term.RestoreTerminal(os.Stdin.Fd(), t.state) + return t.master.Close() +} diff --git a/pkg/libcontainer/nsinit/unsupported.go b/pkg/libcontainer/nsinit/unsupported.go index 2412223d28..929b3dba5b 100644 --- a/pkg/libcontainer/nsinit/unsupported.go +++ b/pkg/libcontainer/nsinit/unsupported.go @@ -3,17 +3,26 @@ package nsinit import ( + "github.com/dotcloud/docker/pkg/cgroups" "github.com/dotcloud/docker/pkg/libcontainer" ) -func (ns *linuxNs) Exec(container *libcontainer.Container, term Terminal, args []string) (int, error) { +func Exec(container *libcontainer.Container, term Terminal, rootfs, dataPath string, args []string, createCommand CreateCommand, startCallback func()) (int, error) { return -1, libcontainer.ErrUnsupported } -func (ns *linuxNs) ExecIn(container *libcontainer.Container, nspid int, args []string) (int, error) { - return -1, libcontainer.ErrUnsupported -} - -func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, console string, syncPipe *SyncPipe, args []string) error { +func Init(container *libcontainer.Container, uncleanRootfs, consolePath string, syncPipe *SyncPipe, args []string) error { return libcontainer.ErrUnsupported } + +func InitializeNetworking(container *libcontainer.Container, nspid int, pipe *SyncPipe) error { + return libcontainer.ErrUnsupported +} + +func SetupCgroups(container *libcontainer.Container, nspid int) (cgroups.ActiveCgroup, error) { + return nil, libcontainer.ErrUnsupported +} + +func GetNamespaceFlags(namespaces map[string]bool) (flag int) { + return 0 +} diff --git a/pkg/libcontainer/capabilities/capabilities.go b/pkg/libcontainer/security/capabilities/capabilities.go similarity index 83% rename from pkg/libcontainer/capabilities/capabilities.go rename to pkg/libcontainer/security/capabilities/capabilities.go index 4b81e708c7..ad13e672c7 100644 --- a/pkg/libcontainer/capabilities/capabilities.go +++ b/pkg/libcontainer/security/capabilities/capabilities.go @@ -1,9 +1,10 @@ package capabilities import ( + "os" + "github.com/dotcloud/docker/pkg/libcontainer" "github.com/syndtr/gocapability/capability" - "os" ) // DropCapabilities drops capabilities for the current process based @@ -26,9 +27,11 @@ func DropCapabilities(container *libcontainer.Container) error { // getCapabilitiesMask returns the specific cap mask values for the libcontainer types func getCapabilitiesMask(container *libcontainer.Container) []capability.Cap { drop := []capability.Cap{} - for _, c := range container.CapabilitiesMask { - if !c.Enabled { - drop = append(drop, c.Value) + for key, enabled := range container.CapabilitiesMask { + if !enabled { + if c := libcontainer.GetCapability(key); c != nil { + drop = append(drop, c.Value) + } } } return drop diff --git a/pkg/libcontainer/security/restrict/restrict.go b/pkg/libcontainer/security/restrict/restrict.go new file mode 100644 index 0000000000..e1296b1d7f --- /dev/null +++ b/pkg/libcontainer/security/restrict/restrict.go @@ -0,0 +1,25 @@ +// +build linux + +package restrict + +import ( + "fmt" + "syscall" + + "github.com/dotcloud/docker/pkg/system" +) + +// This has to be called while the container still has CAP_SYS_ADMIN (to be able to perform mounts). +// However, afterwards, CAP_SYS_ADMIN should be dropped (otherwise the user will be able to revert those changes). +func Restrict(mounts ...string) error { + // remount proc and sys as readonly + for _, dest := range mounts { + if err := system.Mount("", dest, "", syscall.MS_REMOUNT|syscall.MS_RDONLY, ""); err != nil { + return fmt.Errorf("unable to remount %s readonly: %s", dest, err) + } + } + if err := system.Mount("/dev/null", "/proc/kcore", "", syscall.MS_BIND, ""); err != nil { + return fmt.Errorf("unable to bind-mount /dev/null over /proc/kcore") + } + return nil +} diff --git a/pkg/libcontainer/security/restrict/unsupported.go b/pkg/libcontainer/security/restrict/unsupported.go new file mode 100644 index 0000000000..464e8d498d --- /dev/null +++ b/pkg/libcontainer/security/restrict/unsupported.go @@ -0,0 +1,9 @@ +// +build !linux + +package restrict + +import "fmt" + +func Restrict() error { + return fmt.Errorf("not supported") +} diff --git a/pkg/libcontainer/types.go b/pkg/libcontainer/types.go index d4818c3ffe..8f056c817d 100644 --- a/pkg/libcontainer/types.go +++ b/pkg/libcontainer/types.go @@ -2,6 +2,7 @@ package libcontainer import ( "errors" + "github.com/syndtr/gocapability/capability" ) @@ -11,6 +12,26 @@ var ( ErrUnsupported = errors.New("Unsupported method") ) +type Mounts []Mount + +func (s Mounts) OfType(t string) Mounts { + out := Mounts{} + for _, m := range s { + if m.Type == t { + out = append(out, m) + } + } + return out +} + +type Mount struct { + Type string `json:"type,omitempty"` + Source string `json:"source,omitempty"` // Source path, in the host namespace + Destination string `json:"destination,omitempty"` // Destination path, in the container + Writable bool `json:"writable,omitempty"` + Private bool `json:"private,omitempty"` +} + // namespaceList is used to convert the libcontainer types // into the names of the files located in /proc//ns/* for // each namespace @@ -18,30 +39,30 @@ var ( namespaceList = Namespaces{} capabilityList = Capabilities{ - {Key: "SETPCAP", Value: capability.CAP_SETPCAP, Enabled: false}, - {Key: "SYS_MODULE", Value: capability.CAP_SYS_MODULE, Enabled: false}, - {Key: "SYS_RAWIO", Value: capability.CAP_SYS_RAWIO, Enabled: false}, - {Key: "SYS_PACCT", Value: capability.CAP_SYS_PACCT, Enabled: false}, - {Key: "SYS_ADMIN", Value: capability.CAP_SYS_ADMIN, Enabled: false}, - {Key: "SYS_NICE", Value: capability.CAP_SYS_NICE, Enabled: false}, - {Key: "SYS_RESOURCE", Value: capability.CAP_SYS_RESOURCE, Enabled: false}, - {Key: "SYS_TIME", Value: capability.CAP_SYS_TIME, Enabled: false}, - {Key: "SYS_TTY_CONFIG", Value: capability.CAP_SYS_TTY_CONFIG, Enabled: false}, - {Key: "MKNOD", Value: capability.CAP_MKNOD, Enabled: false}, - {Key: "AUDIT_WRITE", Value: capability.CAP_AUDIT_WRITE, Enabled: false}, - {Key: "AUDIT_CONTROL", Value: capability.CAP_AUDIT_CONTROL, Enabled: false}, - {Key: "MAC_OVERRIDE", Value: capability.CAP_MAC_OVERRIDE, Enabled: false}, - {Key: "MAC_ADMIN", Value: capability.CAP_MAC_ADMIN, Enabled: false}, - {Key: "NET_ADMIN", Value: capability.CAP_NET_ADMIN, Enabled: false}, + {Key: "SETPCAP", Value: capability.CAP_SETPCAP}, + {Key: "SYS_MODULE", Value: capability.CAP_SYS_MODULE}, + {Key: "SYS_RAWIO", Value: capability.CAP_SYS_RAWIO}, + {Key: "SYS_PACCT", Value: capability.CAP_SYS_PACCT}, + {Key: "SYS_ADMIN", Value: capability.CAP_SYS_ADMIN}, + {Key: "SYS_NICE", Value: capability.CAP_SYS_NICE}, + {Key: "SYS_RESOURCE", Value: capability.CAP_SYS_RESOURCE}, + {Key: "SYS_TIME", Value: capability.CAP_SYS_TIME}, + {Key: "SYS_TTY_CONFIG", Value: capability.CAP_SYS_TTY_CONFIG}, + {Key: "MKNOD", Value: capability.CAP_MKNOD}, + {Key: "AUDIT_WRITE", Value: capability.CAP_AUDIT_WRITE}, + {Key: "AUDIT_CONTROL", Value: capability.CAP_AUDIT_CONTROL}, + {Key: "MAC_OVERRIDE", Value: capability.CAP_MAC_OVERRIDE}, + {Key: "MAC_ADMIN", Value: capability.CAP_MAC_ADMIN}, + {Key: "NET_ADMIN", Value: capability.CAP_NET_ADMIN}, + {Key: "SYSLOG", Value: capability.CAP_SYSLOG}, } ) type ( Namespace struct { - Key string `json:"key,omitempty"` - Enabled bool `json:"enabled,omitempty"` - Value int `json:"value,omitempty"` - File string `json:"file,omitempty"` + Key string `json:"key,omitempty"` + Value int `json:"value,omitempty"` + File string `json:"file,omitempty"` } Namespaces []*Namespace ) @@ -77,9 +98,8 @@ func (n Namespaces) Get(ns string) *Namespace { type ( Capability struct { - Key string `json:"key,omitempty"` - Enabled bool `json:"enabled"` - Value capability.Cap `json:"value,omitempty"` + Key string `json:"key,omitempty"` + Value capability.Cap `json:"value,omitempty"` } Capabilities []*Capability ) diff --git a/pkg/libcontainer/types_linux.go b/pkg/libcontainer/types_linux.go index 1f937e0c97..c14531df20 100644 --- a/pkg/libcontainer/types_linux.go +++ b/pkg/libcontainer/types_linux.go @@ -6,11 +6,11 @@ import ( func init() { namespaceList = Namespaces{ - {Key: "NEWNS", Value: syscall.CLONE_NEWNS, File: "mnt", Enabled: true}, - {Key: "NEWUTS", Value: syscall.CLONE_NEWUTS, File: "uts", Enabled: true}, - {Key: "NEWIPC", Value: syscall.CLONE_NEWIPC, File: "ipc", Enabled: true}, - {Key: "NEWUSER", Value: syscall.CLONE_NEWUSER, File: "user", Enabled: true}, - {Key: "NEWPID", Value: syscall.CLONE_NEWPID, File: "pid", Enabled: true}, - {Key: "NEWNET", Value: syscall.CLONE_NEWNET, File: "net", Enabled: true}, + {Key: "NEWNS", Value: syscall.CLONE_NEWNS, File: "mnt"}, + {Key: "NEWUTS", Value: syscall.CLONE_NEWUTS, File: "uts"}, + {Key: "NEWIPC", Value: syscall.CLONE_NEWIPC, File: "ipc"}, + {Key: "NEWUSER", Value: syscall.CLONE_NEWUSER, File: "user"}, + {Key: "NEWPID", Value: syscall.CLONE_NEWPID, File: "pid"}, + {Key: "NEWNET", Value: syscall.CLONE_NEWNET, File: "net"}, } } diff --git a/pkg/mflag/example/example.go b/pkg/mflag/example/example.go index ce9dd30e4c..2d78baa172 100644 --- a/pkg/mflag/example/example.go +++ b/pkg/mflag/example/example.go @@ -2,6 +2,7 @@ package main import ( "fmt" + flag "github.com/dotcloud/docker/pkg/mflag" ) @@ -19,15 +20,17 @@ func init() { flag.IntVar(&i, []string{"-integer", "-number"}, -1, "a simple integer") flag.StringVar(&str, []string{"s", "#hidden", "-string"}, "", "a simple string") //-s -hidden and --string will work, but -hidden won't be in the usage flag.BoolVar(&h, []string{"h", "#help", "-help"}, false, "display the help") + flag.StringVar(&str, []string{"mode"}, "mode1", "set the mode\nmode1: use the mode1\nmode2: use the mode2\nmode3: use the mode3") flag.Parse() } func main() { if h { flag.PrintDefaults() + } else { + fmt.Printf("s/#hidden/-string: %s\n", str) + fmt.Printf("b: %b\n", b) + fmt.Printf("-bool: %b\n", b2) + fmt.Printf("s/#hidden/-string(via lookup): %s\n", flag.Lookup("s").Value.String()) + fmt.Printf("ARGS: %v\n", flag.Args()) } - fmt.Printf("s/#hidden/-string: %s\n", str) - fmt.Printf("b: %b\n", b) - fmt.Printf("-bool: %b\n", b2) - fmt.Printf("s/#hidden/-string(via lookup): %s\n", flag.Lookup("s").Value.String()) - fmt.Printf("ARGS: %v\n", flag.Args()) } diff --git a/pkg/mflag/flag.go b/pkg/mflag/flag.go index ed6fad3b46..ed85a4a4c5 100644 --- a/pkg/mflag/flag.go +++ b/pkg/mflag/flag.go @@ -83,6 +83,7 @@ import ( "sort" "strconv" "strings" + "text/tabwriter" "time" ) @@ -419,11 +420,12 @@ func Set(name, value string) error { // PrintDefaults prints, to standard error unless configured // otherwise, the default values of all defined flags in the set. func (f *FlagSet) PrintDefaults() { + writer := tabwriter.NewWriter(f.out(), 20, 1, 3, ' ', 0) f.VisitAll(func(flag *Flag) { - format := " -%s=%s: %s\n" + format := " -%s=%s" if _, ok := flag.Value.(*stringValue); ok { // put quotes on the value - format = " -%s=%q: %s\n" + format = " -%s=%q" } names := []string{} for _, name := range flag.Names { @@ -432,9 +434,18 @@ func (f *FlagSet) PrintDefaults() { } } if len(names) > 0 { - fmt.Fprintf(f.out(), format, strings.Join(names, ", -"), flag.DefValue, flag.Usage) + fmt.Fprintf(writer, format, strings.Join(names, ", -"), flag.DefValue) + for i, line := range strings.Split(flag.Usage, "\n") { + if i != 0 { + line = " " + line + } + fmt.Fprintln(writer, "\t", line) + } + // start := fmt.Sprintf(format, strings.Join(names, ", -"), flag.DefValue) + // fmt.Fprintln(f.out(), start, strings.Replace(flag.Usage, "\n", "\n"+strings.Repeat(" ", len(start)+1), -1)) } }) + writer.Flush() } // PrintDefaults prints to standard error the default values of all defined command-line flags. diff --git a/pkg/networkfs/MAINTAINERS b/pkg/networkfs/MAINTAINERS new file mode 100644 index 0000000000..ceeb0cfd18 --- /dev/null +++ b/pkg/networkfs/MAINTAINERS @@ -0,0 +1 @@ +Victor Vieux (@vieux) diff --git a/pkg/networkfs/etchosts/etchosts.go b/pkg/networkfs/etchosts/etchosts.go new file mode 100644 index 0000000000..144a039bff --- /dev/null +++ b/pkg/networkfs/etchosts/etchosts.go @@ -0,0 +1,43 @@ +package etchosts + +import ( + "bytes" + "fmt" + "io/ioutil" +) + +var defaultContent = map[string]string{ + "localhost": "127.0.0.1", + "localhost ip6-localhost ip6-loopback": "::1", + "ip6-localnet": "fe00::0", + "ip6-mcastprefix": "ff00::0", + "ip6-allnodes": "ff02::1", + "ip6-allrouters": "ff02::2", +} + +func Build(path, IP, hostname, domainname string, extraContent *map[string]string) error { + content := bytes.NewBuffer(nil) + if IP != "" { + if domainname != "" { + content.WriteString(fmt.Sprintf("%s\t%s.%s %s\n", IP, hostname, domainname, hostname)) + } else { + content.WriteString(fmt.Sprintf("%s\t%s\n", IP, hostname)) + } + } + + for hosts, ip := range defaultContent { + if _, err := content.WriteString(fmt.Sprintf("%s\t%s\n", ip, hosts)); err != nil { + return err + } + } + + if extraContent != nil { + for hosts, ip := range *extraContent { + if _, err := content.WriteString(fmt.Sprintf("%s\t%s\n", ip, hosts)); err != nil { + return err + } + } + } + + return ioutil.WriteFile(path, content.Bytes(), 0644) +} diff --git a/pkg/networkfs/etchosts/etchosts_test.go b/pkg/networkfs/etchosts/etchosts_test.go new file mode 100644 index 0000000000..44406c81b8 --- /dev/null +++ b/pkg/networkfs/etchosts/etchosts_test.go @@ -0,0 +1,74 @@ +package etchosts + +import ( + "bytes" + "io/ioutil" + "os" + "testing" +) + +func TestBuildHostnameDomainname(t *testing.T) { + file, err := ioutil.TempFile("", "") + if err != nil { + t.Fatal(err) + } + defer os.Remove(file.Name()) + + err = Build(file.Name(), "10.11.12.13", "testhostname", "testdomainname", nil) + if err != nil { + t.Fatal(err) + } + + content, err := ioutil.ReadFile(file.Name()) + if err != nil { + t.Fatal(err) + } + + if expected := "10.11.12.13\ttesthostname.testdomainname testhostname\n"; !bytes.Contains(content, []byte(expected)) { + t.Fatalf("Expected to find '%s' got '%s'", expected, content) + } +} + +func TestBuildHostname(t *testing.T) { + file, err := ioutil.TempFile("", "") + if err != nil { + t.Fatal(err) + } + defer os.Remove(file.Name()) + + err = Build(file.Name(), "10.11.12.13", "testhostname", "", nil) + if err != nil { + t.Fatal(err) + } + + content, err := ioutil.ReadFile(file.Name()) + if err != nil { + t.Fatal(err) + } + + if expected := "10.11.12.13\ttesthostname\n"; !bytes.Contains(content, []byte(expected)) { + t.Fatalf("Expected to find '%s' got '%s'", expected, content) + } +} + +func TestBuildNoIP(t *testing.T) { + file, err := ioutil.TempFile("", "") + if err != nil { + t.Fatal(err) + } + defer os.Remove(file.Name()) + + err = Build(file.Name(), "", "testhostname", "", nil) + if err != nil { + t.Fatal(err) + } + + content, err := ioutil.ReadFile(file.Name()) + if err != nil { + t.Fatal(err) + } + + if expected := ""; !bytes.Contains(content, []byte(expected)) { + t.Fatalf("Expected to find '%s' got '%s'", expected, content) + } +} diff --git a/pkg/networkfs/resolvconf/resolvconf.go b/pkg/networkfs/resolvconf/resolvconf.go new file mode 100644 index 0000000000..d6854fb3b1 --- /dev/null +++ b/pkg/networkfs/resolvconf/resolvconf.go @@ -0,0 +1,87 @@ +package resolvconf + +import ( + "bytes" + "io/ioutil" + "regexp" + "strings" +) + +func Get() ([]byte, error) { + resolv, err := ioutil.ReadFile("/etc/resolv.conf") + if err != nil { + return nil, err + } + return resolv, nil +} + +// getLines parses input into lines and strips away comments. +func getLines(input []byte, commentMarker []byte) [][]byte { + lines := bytes.Split(input, []byte("\n")) + var output [][]byte + for _, currentLine := range lines { + var commentIndex = bytes.Index(currentLine, commentMarker) + if commentIndex == -1 { + output = append(output, currentLine) + } else { + output = append(output, currentLine[:commentIndex]) + } + } + return output +} + +// GetNameservers returns nameservers (if any) listed in /etc/resolv.conf +func GetNameservers(resolvConf []byte) []string { + nameservers := []string{} + re := regexp.MustCompile(`^\s*nameserver\s*(([0-9]+\.){3}([0-9]+))\s*$`) + for _, line := range getLines(resolvConf, []byte("#")) { + var ns = re.FindSubmatch(line) + if len(ns) > 0 { + nameservers = append(nameservers, string(ns[1])) + } + } + return nameservers +} + +// GetNameserversAsCIDR returns nameservers (if any) listed in +// /etc/resolv.conf as CIDR blocks (e.g., "1.2.3.4/32") +// This function's output is intended for net.ParseCIDR +func GetNameserversAsCIDR(resolvConf []byte) []string { + nameservers := []string{} + for _, nameserver := range GetNameservers(resolvConf) { + nameservers = append(nameservers, nameserver+"/32") + } + return nameservers +} + +// GetSearchDomains returns search domains (if any) listed in /etc/resolv.conf +// If more than one search line is encountered, only the contents of the last +// one is returned. +func GetSearchDomains(resolvConf []byte) []string { + re := regexp.MustCompile(`^\s*search\s*(([^\s]+\s*)*)$`) + domains := []string{} + for _, line := range getLines(resolvConf, []byte("#")) { + match := re.FindSubmatch(line) + if match == nil { + continue + } + domains = strings.Fields(string(match[1])) + } + return domains +} + +func Build(path string, dns, dnsSearch []string) error { + content := bytes.NewBuffer(nil) + for _, dns := range dns { + if _, err := content.WriteString("nameserver " + dns + "\n"); err != nil { + return err + } + } + if len(dnsSearch) > 0 { + if _, err := content.WriteString("search " + strings.Join(dnsSearch, " ") + "\n"); err != nil { + return err + } + } + + return ioutil.WriteFile(path, content.Bytes(), 0644) +} diff --git a/pkg/networkfs/resolvconf/resolvconf_test.go b/pkg/networkfs/resolvconf/resolvconf_test.go new file mode 100644 index 0000000000..fd20712376 --- /dev/null +++ b/pkg/networkfs/resolvconf/resolvconf_test.go @@ -0,0 +1,133 @@ +package resolvconf + +import ( + "bytes" + "io/ioutil" + "os" + "testing" +) + +func TestGet(t *testing.T) { + resolvConfUtils, err := Get() + if err != nil { + t.Fatal(err) + } + resolvConfSystem, err := ioutil.ReadFile("/etc/resolv.conf") + if err != nil { + t.Fatal(err) + } + if string(resolvConfUtils) != string(resolvConfSystem) { + t.Fatalf("/etc/resolv.conf and GetResolvConf have different content.") + } +} + +func TestGetNameservers(t *testing.T) { + for resolv, result := range map[string][]string{` +nameserver 1.2.3.4 +nameserver 40.3.200.10 +search example.com`: {"1.2.3.4", "40.3.200.10"}, + `search example.com`: {}, + `nameserver 1.2.3.4 +search example.com +nameserver 4.30.20.100`: {"1.2.3.4", "4.30.20.100"}, + ``: {}, + ` nameserver 1.2.3.4 `: {"1.2.3.4"}, + `search example.com +nameserver 1.2.3.4 +#nameserver 4.3.2.1`: {"1.2.3.4"}, + `search example.com +nameserver 1.2.3.4 # not 4.3.2.1`: {"1.2.3.4"}, + } { + test := GetNameservers([]byte(resolv)) + if !strSlicesEqual(test, result) { + t.Fatalf("Wrong nameserver string {%s} should be %v. Input: %s", test, result, resolv) + } + } +} + +func TestGetNameserversAsCIDR(t *testing.T) { + for resolv, result := range map[string][]string{` +nameserver 1.2.3.4 +nameserver 40.3.200.10 +search example.com`: {"1.2.3.4/32", "40.3.200.10/32"}, + `search example.com`: {}, + `nameserver 1.2.3.4 +search example.com +nameserver 4.30.20.100`: {"1.2.3.4/32", "4.30.20.100/32"}, + ``: {}, + ` nameserver 1.2.3.4 `: {"1.2.3.4/32"}, + `search example.com +nameserver 1.2.3.4 +#nameserver 4.3.2.1`: {"1.2.3.4/32"}, + `search example.com +nameserver 1.2.3.4 # not 4.3.2.1`: {"1.2.3.4/32"}, + } { + test := GetNameserversAsCIDR([]byte(resolv)) + if !strSlicesEqual(test, result) { + t.Fatalf("Wrong nameserver string {%s} should be %v. Input: %s", test, result, resolv) + } + } +} + +func TestGetSearchDomains(t *testing.T) { + for resolv, result := range map[string][]string{ + `search example.com`: {"example.com"}, + `search example.com # ignored`: {"example.com"}, + ` search example.com `: {"example.com"}, + ` search example.com # ignored`: {"example.com"}, + `search foo.example.com example.com`: {"foo.example.com", "example.com"}, + ` search foo.example.com example.com `: {"foo.example.com", "example.com"}, + ` search foo.example.com example.com # ignored`: {"foo.example.com", "example.com"}, + ``: {}, + `# ignored`: {}, + `nameserver 1.2.3.4 +search foo.example.com example.com`: {"foo.example.com", "example.com"}, + `nameserver 1.2.3.4 +search dup1.example.com dup2.example.com +search foo.example.com example.com`: {"foo.example.com", "example.com"}, + `nameserver 1.2.3.4 +search foo.example.com example.com +nameserver 4.30.20.100`: {"foo.example.com", "example.com"}, + } { + test := GetSearchDomains([]byte(resolv)) + if !strSlicesEqual(test, result) { + t.Fatalf("Wrong search domain string {%s} should be %v. Input: %s", test, result, resolv) + } + } +} + +func strSlicesEqual(a, b []string) bool { + if len(a) != len(b) { + return false + } + + for i, v := range a { + if v != b[i] { + return false + } + } + + return true +} + +func TestBuild(t *testing.T) { + file, err := ioutil.TempFile("", "") + if err != nil { + t.Fatal(err) + } + defer os.Remove(file.Name()) + + err = Build(file.Name(), []string{"ns1", "ns2", "ns3"}, []string{"search1"}) + if err != nil { + t.Fatal(err) + } + + content, err := ioutil.ReadFile(file.Name()) + if err != nil { + t.Fatal(err) + } + + if expected := "nameserver ns1\nnameserver ns2\nnameserver ns3\nsearch search1\n"; !bytes.Contains(content, []byte(expected)) { + t.Fatalf("Expected to find '%s' got '%s'", expected, content) + } +} diff --git a/pkg/selinux/selinux.go b/pkg/selinux/selinux.go index edabc4f7dd..6cf7bd7104 100644 --- a/pkg/selinux/selinux.go +++ b/pkg/selinux/selinux.go @@ -146,15 +146,15 @@ func Setfilecon(path string, scon string) error { } func Setfscreatecon(scon string) error { - return writeCon("/proc/self/attr/fscreate", scon) + return writeCon(fmt.Sprintf("/proc/self/task/%d/attr/fscreate", system.Gettid()), scon) } func Getfscreatecon() (string, error) { - return readCon("/proc/self/attr/fscreate") + return readCon(fmt.Sprintf("/proc/self/task/%d/attr/fscreate", system.Gettid())) } func getcon() (string, error) { - return readCon("/proc/self/attr/current") + return readCon(fmt.Sprintf("/proc/self/task/%d/attr/current", system.Gettid())) } func Getpidcon(pid int) (string, error) { @@ -204,6 +204,13 @@ func NewContext(scon string) SELinuxContext { return c } +func ReserveLabel(scon string) { + if len(scon) != 0 { + con := strings.SplitN(scon, ":", 4) + mcsAdd(con[3]) + } +} + func SelinuxGetEnforce() int { var enforce int @@ -229,8 +236,12 @@ func SelinuxGetEnforceMode() int { return Disabled } -func mcsAdd(mcs string) { +func mcsAdd(mcs string) error { + if mcsList[mcs] { + return fmt.Errorf("MCS Label already exists") + } mcsList[mcs] = true + return nil } func mcsDelete(mcs string) { @@ -283,15 +294,21 @@ func uniqMcs(catRange uint32) string { } } mcs = fmt.Sprintf("s0:c%d,c%d", c1, c2) - if mcsExists(mcs) { + if err := mcsAdd(mcs); err != nil { continue } - mcsAdd(mcs) break } return mcs } +func FreeLxcContexts(scon string) { + if len(scon) != 0 { + con := strings.SplitN(scon, ":", 4) + mcsDelete(con[3]) + } +} + func GetLxcContexts() (processLabel string, fileLabel string) { var ( val, key string @@ -344,7 +361,8 @@ func GetLxcContexts() (processLabel string, fileLabel string) { } exit: - mcs := IntToMcs(os.Getpid(), 1024) + // mcs := IntToMcs(os.Getpid(), 1024) + mcs := uniqMcs(1024) scon := NewContext(processLabel) scon["level"] = mcs processLabel = scon.Get() @@ -373,6 +391,8 @@ func CopyLevel(src, dest string) (string, error) { } scon := NewContext(src) tcon := NewContext(dest) + mcsDelete(tcon["level"]) + mcsAdd(scon["level"]) tcon["level"] = scon["level"] return tcon.Get(), nil } diff --git a/pkg/selinux/selinux_test.go b/pkg/selinux/selinux_test.go index fde6ab147d..9a3a5525e4 100644 --- a/pkg/selinux/selinux_test.go +++ b/pkg/selinux/selinux_test.go @@ -31,9 +31,11 @@ func TestSELinux(t *testing.T) { plabel, flabel = selinux.GetLxcContexts() t.Log(plabel) t.Log(flabel) + selinux.FreeLxcContexts(plabel) plabel, flabel = selinux.GetLxcContexts() t.Log(plabel) t.Log(flabel) + selinux.FreeLxcContexts(plabel) t.Log("getenforce ", selinux.SelinuxGetEnforce()) t.Log("getenforcemode ", selinux.SelinuxGetEnforceMode()) pid := os.Getpid() diff --git a/pkg/signal/MAINTAINERS b/pkg/signal/MAINTAINERS index 3300331598..acf6f21b63 100644 --- a/pkg/signal/MAINTAINERS +++ b/pkg/signal/MAINTAINERS @@ -1,2 +1 @@ Guillaume J. Charmes (@creack) - diff --git a/pkg/system/MAINTAINERS b/pkg/system/MAINTAINERS new file mode 100644 index 0000000000..1cb551364d --- /dev/null +++ b/pkg/system/MAINTAINERS @@ -0,0 +1,2 @@ +Michael Crosby (@crosbymichael) +Guillaume J. Charmes (@creack) diff --git a/pkg/system/fds_linux.go b/pkg/system/fds_linux.go new file mode 100644 index 0000000000..53d2299d3e --- /dev/null +++ b/pkg/system/fds_linux.go @@ -0,0 +1,38 @@ +package system + +import ( + "io/ioutil" + "strconv" + "syscall" +) + +// Works similarly to OpenBSD's "closefrom(2)": +// The closefrom() call deletes all descriptors numbered fd and higher from +// the per-process file descriptor table. It is effectively the same as +// calling close(2) on each descriptor. +// http://www.openbsd.org/cgi-bin/man.cgi?query=closefrom&sektion=2 +// +// See also http://stackoverflow.com/a/918469/433558 +func CloseFdsFrom(minFd int) error { + fdList, err := ioutil.ReadDir("/proc/self/fd") + if err != nil { + return err + } + for _, fi := range fdList { + fd, err := strconv.Atoi(fi.Name()) + if err != nil { + // ignore non-numeric file names + continue + } + + if fd < minFd { + // ignore descriptors lower than our specified minimum + continue + } + + // intentionally ignore errors from syscall.Close + syscall.Close(fd) + // the cases where this might fail are basically file descriptors that have already been closed (including and especially the one that was created when ioutil.ReadDir did the "opendir" syscall) + } + return nil +} diff --git a/pkg/system/fds_unsupported.go b/pkg/system/fds_unsupported.go new file mode 100644 index 0000000000..c1e08e82d3 --- /dev/null +++ b/pkg/system/fds_unsupported.go @@ -0,0 +1,12 @@ +// +build !linux + +package system + +import ( + "fmt" + "runtime" +) + +func CloseFdsFrom(minFd int) error { + return fmt.Errorf("CloseFdsFrom is unsupported on this platform (%s/%s)", runtime.GOOS, runtime.GOARCH) +} diff --git a/pkg/system/unsupported.go b/pkg/system/unsupported.go index 4ae2a488aa..96ebc858f5 100644 --- a/pkg/system/unsupported.go +++ b/pkg/system/unsupported.go @@ -3,6 +3,7 @@ package system import ( + "os" "os/exec" ) @@ -23,3 +24,7 @@ func GetClockTicks() int { // just return 100 return 100 } + +func CreateMasterAndConsole() (*os.File, string, error) { + return nil, "", ErrNotSupportedPlatform +} diff --git a/registry/registry.go b/registry/registry.go index 451f30f670..2e3e7e03a7 100644 --- a/registry/registry.go +++ b/registry/registry.go @@ -3,10 +3,10 @@ package registry import ( "bytes" "crypto/sha256" + _ "crypto/sha512" "encoding/json" "errors" "fmt" - "github.com/dotcloud/docker/utils" "io" "io/ioutil" "net" @@ -14,9 +14,13 @@ import ( "net/http/cookiejar" "net/url" "regexp" + "runtime" "strconv" "strings" "time" + + "github.com/dotcloud/docker/dockerversion" + "github.com/dotcloud/docker/utils" ) var ( @@ -25,11 +29,11 @@ var ( errLoginRequired = errors.New("Authentication is required.") ) -func pingRegistryEndpoint(endpoint string) (bool, error) { +func pingRegistryEndpoint(endpoint string) (RegistryInfo, error) { if endpoint == IndexServerAddress() { // Skip the check, we now this one is valid // (and we never want to fallback to http in case of error) - return false, nil + return RegistryInfo{Standalone: false}, nil } httpDial := func(proto string, addr string) (net.Conn, error) { // Set the connect timeout to 5 seconds @@ -48,26 +52,41 @@ func pingRegistryEndpoint(endpoint string) (bool, error) { client := &http.Client{Transport: httpTransport} resp, err := client.Get(endpoint + "_ping") if err != nil { - return false, err + return RegistryInfo{Standalone: false}, err } defer resp.Body.Close() - if resp.Header.Get("X-Docker-Registry-Version") == "" { - return false, errors.New("This does not look like a Registry server (\"X-Docker-Registry-Version\" header not found in the response)") + jsonString, err := ioutil.ReadAll(resp.Body) + if err != nil { + return RegistryInfo{Standalone: false}, fmt.Errorf("Error while reading the http response: %s", err) } + // If the header is absent, we assume true for compatibility with earlier + // versions of the registry. default to true + info := RegistryInfo{ + Standalone: true, + } + if err := json.Unmarshal(jsonString, &info); err != nil { + utils.Debugf("Error unmarshalling the _ping RegistryInfo: %s", err) + // don't stop here. Just assume sane defaults + } + if hdr := resp.Header.Get("X-Docker-Registry-Version"); hdr != "" { + utils.Debugf("Registry version header: '%s'", hdr) + info.Version = hdr + } + utils.Debugf("RegistryInfo.Version: %q", info.Version) + standalone := resp.Header.Get("X-Docker-Registry-Standalone") utils.Debugf("Registry standalone header: '%s'", standalone) - // If the header is absent, we assume true for compatibility with earlier - // versions of the registry - if standalone == "" { - return true, nil - // Accepted values are "true" (case-insensitive) and "1". - } else if strings.EqualFold(standalone, "true") || standalone == "1" { - return true, nil + // Accepted values are "true" (case-insensitive) and "1". + if strings.EqualFold(standalone, "true") || standalone == "1" { + info.Standalone = true + } else if len(standalone) > 0 { + // there is a header set, and it is not "true" or "1", so assume fails + info.Standalone = false } - // Otherwise, not standalone - return false, nil + utils.Debugf("RegistryInfo.Standalone: %q", info.Standalone) + return info, nil } func validateRepositoryName(repositoryName string) error { @@ -221,9 +240,13 @@ func (r *Registry) GetRemoteImageJSON(imgID, registry string, token []string) ([ return nil, -1, utils.NewHTTPRequestError(fmt.Sprintf("HTTP code %d", res.StatusCode), res) } - imageSize, err := strconv.Atoi(res.Header.Get("X-Docker-Size")) - if err != nil { - return nil, -1, err + // if the size header is not present, then set it to '-1' + imageSize := -1 + if hdr := res.Header.Get("X-Docker-Size"); hdr != "" { + imageSize, err = strconv.Atoi(hdr) + if err != nil { + return nil, -1, err + } } jsonString, err := ioutil.ReadAll(res.Body) @@ -292,6 +315,25 @@ func (r *Registry) GetRemoteTags(registries []string, repository string, token [ return nil, fmt.Errorf("Could not reach any registry endpoint") } +func buildEndpointsList(headers []string, indexEp string) ([]string, error) { + var endpoints []string + parsedUrl, err := url.Parse(indexEp) + if err != nil { + return nil, err + } + var urlScheme = parsedUrl.Scheme + // The Registry's URL scheme has to match the Index' + for _, ep := range headers { + epList := strings.Split(ep, ",") + for _, epListElement := range epList { + endpoints = append( + endpoints, + fmt.Sprintf("%s://%s/v1/", urlScheme, strings.TrimSpace(epListElement))) + } + } + return endpoints, nil +} + func (r *Registry) GetRepositoryData(remote string) (*RepositoryData, error) { indexEp := r.indexEndpoint repositoryTarget := fmt.Sprintf("%srepositories/%s/images", indexEp, remote) @@ -327,14 +369,18 @@ func (r *Registry) GetRepositoryData(remote string) (*RepositoryData, error) { } var endpoints []string - var urlScheme = indexEp[:strings.Index(indexEp, ":")] if res.Header.Get("X-Docker-Endpoints") != "" { - // The Registry's URL scheme has to match the Index' - for _, ep := range res.Header["X-Docker-Endpoints"] { - endpoints = append(endpoints, fmt.Sprintf("%s://%s/v1/", urlScheme, ep)) + endpoints, err = buildEndpointsList(res.Header["X-Docker-Endpoints"], indexEp) + if err != nil { + return nil, err } } else { - return nil, fmt.Errorf("Index response didn't contain any endpoints") + // Assume the endpoint is on the same host + u, err := url.Parse(indexEp) + if err != nil { + return nil, err + } + endpoints = append(endpoints, fmt.Sprintf("%s://%s/v1/", u.Scheme, req.URL.Host)) } checksumsJSON, err := ioutil.ReadAll(res.Body) @@ -560,7 +606,6 @@ func (r *Registry) PushImageJSONIndex(remote string, imgList []*ImgData, validat } var tokens, endpoints []string - var urlScheme = indexEp[:strings.Index(indexEp, ":")] if !validate { if res.StatusCode != 200 && res.StatusCode != 201 { errBody, err := ioutil.ReadAll(res.Body) @@ -577,9 +622,9 @@ func (r *Registry) PushImageJSONIndex(remote string, imgList []*ImgData, validat } if res.Header.Get("X-Docker-Endpoints") != "" { - // The Registry's URL scheme has to match the Index' - for _, ep := range res.Header["X-Docker-Endpoints"] { - endpoints = append(endpoints, fmt.Sprintf("%s://%s/v1/", urlScheme, ep)) + endpoints, err = buildEndpointsList(res.Header["X-Docker-Endpoints"], indexEp) + if err != nil { + return nil, err } } else { return nil, fmt.Errorf("Index response didn't contain any endpoints") @@ -668,6 +713,11 @@ type ImgData struct { Tag string `json:",omitempty"` } +type RegistryInfo struct { + Version string `json:"version"` + Standalone bool `json:"standalone"` +} + type Registry struct { client *http.Client authConfig *AuthConfig @@ -696,11 +746,11 @@ func NewRegistry(authConfig *AuthConfig, factory *utils.HTTPRequestFactory, inde // If we're working with a standalone private registry over HTTPS, send Basic Auth headers // alongside our requests. if indexEndpoint != IndexServerAddress() && strings.HasPrefix(indexEndpoint, "https://") { - standalone, err := pingRegistryEndpoint(indexEndpoint) + info, err := pingRegistryEndpoint(indexEndpoint) if err != nil { return nil, err } - if standalone { + if info.Standalone { utils.Debugf("Endpoint %s is eligible for private registry registry. Enabling decorator.", indexEndpoint) dec := utils.NewHTTPAuthDecorator(authConfig.Username, authConfig.Password) factory.AddDecorator(dec) @@ -710,3 +760,40 @@ func NewRegistry(authConfig *AuthConfig, factory *utils.HTTPRequestFactory, inde r.reqFactory = factory return r, nil } + +func HTTPRequestFactory(metaHeaders map[string][]string) *utils.HTTPRequestFactory { + // FIXME: this replicates the 'info' job. + httpVersion := make([]utils.VersionInfo, 0, 4) + httpVersion = append(httpVersion, &simpleVersionInfo{"docker", dockerversion.VERSION}) + httpVersion = append(httpVersion, &simpleVersionInfo{"go", runtime.Version()}) + httpVersion = append(httpVersion, &simpleVersionInfo{"git-commit", dockerversion.GITCOMMIT}) + if kernelVersion, err := utils.GetKernelVersion(); err == nil { + httpVersion = append(httpVersion, &simpleVersionInfo{"kernel", kernelVersion.String()}) + } + httpVersion = append(httpVersion, &simpleVersionInfo{"os", runtime.GOOS}) + httpVersion = append(httpVersion, &simpleVersionInfo{"arch", runtime.GOARCH}) + ud := utils.NewHTTPUserAgentDecorator(httpVersion...) + md := &utils.HTTPMetaHeadersDecorator{ + Headers: metaHeaders, + } + factory := utils.NewHTTPRequestFactory(ud, md) + return factory +} + +// simpleVersionInfo is a simple implementation of +// the interface VersionInfo, which is used +// to provide version information for some product, +// component, etc. It stores the product name and the version +// in string and returns them on calls to Name() and Version(). +type simpleVersionInfo struct { + name string + version string +} + +func (v *simpleVersionInfo) Name() string { + return v.name +} + +func (v *simpleVersionInfo) Version() string { + return v.version +} diff --git a/registry/registry_mock_test.go b/registry/registry_mock_test.go index dd5da6bd50..6b00751318 100644 --- a/registry/registry_mock_test.go +++ b/registry/registry_mock_test.go @@ -291,7 +291,7 @@ func handlerUsers(w http.ResponseWriter, r *http.Request) { func handlerImages(w http.ResponseWriter, r *http.Request) { u, _ := url.Parse(testHttpServer.URL) - w.Header().Add("X-Docker-Endpoints", u.Host) + w.Header().Add("X-Docker-Endpoints", fmt.Sprintf("%s , %s ", u.Host, "test.example.com")) w.Header().Add("X-Docker-Token", fmt.Sprintf("FAKE-SESSION-%d", time.Now().UnixNano())) if r.Method == "PUT" { if strings.HasSuffix(r.URL.Path, "images") { diff --git a/registry/registry_test.go b/registry/registry_test.go index cb56502fc1..0a5be5e543 100644 --- a/registry/registry_test.go +++ b/registry/registry_test.go @@ -1,7 +1,9 @@ package registry import ( + "fmt" "github.com/dotcloud/docker/utils" + "net/url" "strings" "testing" ) @@ -22,11 +24,11 @@ func spawnTestRegistry(t *testing.T) *Registry { } func TestPingRegistryEndpoint(t *testing.T) { - standalone, err := pingRegistryEndpoint(makeURL("/v1/")) + regInfo, err := pingRegistryEndpoint(makeURL("/v1/")) if err != nil { t.Fatal(err) } - assertEqual(t, standalone, true, "Expected standalone to be true (default)") + assertEqual(t, regInfo.Standalone, true, "Expected standalone to be true (default)") } func TestGetRemoteHistory(t *testing.T) { @@ -99,12 +101,23 @@ func TestGetRemoteTags(t *testing.T) { func TestGetRepositoryData(t *testing.T) { r := spawnTestRegistry(t) + parsedUrl, err := url.Parse(makeURL("/v1/")) + if err != nil { + t.Fatal(err) + } + host := "http://" + parsedUrl.Host + "/v1/" data, err := r.GetRepositoryData("foo42/bar") if err != nil { t.Fatal(err) } assertEqual(t, len(data.ImgList), 2, "Expected 2 images in ImgList") - assertEqual(t, len(data.Endpoints), 1, "Expected one endpoint in Endpoints") + assertEqual(t, len(data.Endpoints), 2, + fmt.Sprintf("Expected 2 endpoints in Endpoints, found %d instead", len(data.Endpoints))) + assertEqual(t, data.Endpoints[0], host, + fmt.Sprintf("Expected first endpoint to be %s but found %s instead", host, data.Endpoints[0])) + assertEqual(t, data.Endpoints[1], "http://test.example.com/v1/", + fmt.Sprintf("Expected first endpoint to be http://test.example.com/v1/ but found %s instead", data.Endpoints[1])) + } func TestPushImageJSONRegistry(t *testing.T) { diff --git a/registry/service.go b/registry/service.go new file mode 100644 index 0000000000..1c7a93deac --- /dev/null +++ b/registry/service.go @@ -0,0 +1,104 @@ +package registry + +import ( + "github.com/dotcloud/docker/engine" +) + +// Service exposes registry capabilities in the standard Engine +// interface. Once installed, it extends the engine with the +// following calls: +// +// 'auth': Authenticate against the public registry +// 'search': Search for images on the public registry +// 'pull': Download images from any registry (TODO) +// 'push': Upload images to any registry (TODO) +type Service struct { +} + +// NewService returns a new instance of Service ready to be +// installed no an engine. +func NewService() *Service { + return &Service{} +} + +// Install installs registry capabilities to eng. +func (s *Service) Install(eng *engine.Engine) error { + eng.Register("auth", s.Auth) + eng.Register("search", s.Search) + return nil +} + +// Auth contacts the public registry with the provided credentials, +// and returns OK if authentication was sucessful. +// It can be used to verify the validity of a client's credentials. +func (s *Service) Auth(job *engine.Job) engine.Status { + var ( + err error + authConfig = &AuthConfig{} + ) + + job.GetenvJson("authConfig", authConfig) + // TODO: this is only done here because auth and registry need to be merged into one pkg + if addr := authConfig.ServerAddress; addr != "" && addr != IndexServerAddress() { + addr, err = ExpandAndVerifyRegistryUrl(addr) + if err != nil { + return job.Error(err) + } + authConfig.ServerAddress = addr + } + status, err := Login(authConfig, HTTPRequestFactory(nil)) + if err != nil { + return job.Error(err) + } + job.Printf("%s\n", status) + return engine.StatusOK +} + +// Search queries the public registry for images matching the specified +// search terms, and returns the results. +// +// Argument syntax: search TERM +// +// Option environment: +// 'authConfig': json-encoded credentials to authenticate against the registry. +// The search extends to images only accessible via the credentials. +// +// 'metaHeaders': extra HTTP headers to include in the request to the registry. +// The headers should be passed as a json-encoded dictionary. +// +// Output: +// Results are sent as a collection of structured messages (using engine.Table). +// Each result is sent as a separate message. +// Results are ordered by number of stars on the public registry. +func (s *Service) Search(job *engine.Job) engine.Status { + if n := len(job.Args); n != 1 { + return job.Errorf("Usage: %s TERM", job.Name) + } + var ( + term = job.Args[0] + metaHeaders = map[string][]string{} + authConfig = &AuthConfig{} + ) + job.GetenvJson("authConfig", authConfig) + job.GetenvJson("metaHeaders", metaHeaders) + + r, err := NewRegistry(authConfig, HTTPRequestFactory(metaHeaders), IndexServerAddress()) + if err != nil { + return job.Error(err) + } + results, err := r.SearchRepositories(term) + if err != nil { + return job.Error(err) + } + outs := engine.NewTable("star_count", 0) + for _, result := range results.Results { + out := &engine.Env{} + out.Import(result) + outs.Add(out) + } + outs.ReverseSort() + if _, err := outs.WriteListTo(job.Stdout); err != nil { + return job.Error(err) + } + return engine.StatusOK +} diff --git a/runconfig/hostconfig.go b/runconfig/hostconfig.go index 3235bf1f4e..79ffad723b 100644 --- a/runconfig/hostconfig.go +++ b/runconfig/hostconfig.go @@ -1,11 +1,24 @@ package runconfig import ( + "strings" + "github.com/dotcloud/docker/engine" "github.com/dotcloud/docker/nat" "github.com/dotcloud/docker/utils" ) +type NetworkMode string + +func (n NetworkMode) IsHost() bool { + return n == "host" +} + +func (n NetworkMode) IsContainer() bool { + parts := strings.SplitN(string(n), ":", 2) + return len(parts) > 1 && parts[0] == "container" +} + type HostConfig struct { Binds []string ContainerIDFile string @@ -17,6 +30,7 @@ type HostConfig struct { Dns []string DnsSearch []string VolumesFrom []string + NetworkMode NetworkMode } func ContainerHostConfigFromJob(job *engine.Job) *HostConfig { @@ -24,6 +38,7 @@ func ContainerHostConfigFromJob(job *engine.Job) *HostConfig { ContainerIDFile: job.Getenv("ContainerIDFile"), Privileged: job.GetenvBool("Privileged"), PublishAllPorts: job.GetenvBool("PublishAllPorts"), + NetworkMode: NetworkMode(job.Getenv("NetworkMode")), } job.GetenvJson("LxcConf", &hostConfig.LxcConf) job.GetenvJson("PortBindings", &hostConfig.PortBindings) diff --git a/runconfig/parse.go b/runconfig/parse.go index d395b49e80..9142b175af 100644 --- a/runconfig/parse.go +++ b/runconfig/parse.go @@ -2,14 +2,15 @@ package runconfig import ( "fmt" + "io/ioutil" + "path" + "strings" + "github.com/dotcloud/docker/nat" "github.com/dotcloud/docker/opts" flag "github.com/dotcloud/docker/pkg/mflag" "github.com/dotcloud/docker/pkg/sysinfo" "github.com/dotcloud/docker/utils" - "io/ioutil" - "path" - "strings" ) var ( @@ -49,7 +50,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf flAutoRemove = cmd.Bool([]string{"#rm", "-rm"}, false, "Automatically remove the container when it exits (incompatible with -d)") flDetach = cmd.Bool([]string{"d", "-detach"}, false, "Detached mode: Run container in the background, print new container id") - flNetwork = cmd.Bool([]string{"n", "-networking"}, true, "Enable networking for this container") + flNetwork = cmd.Bool([]string{"#n", "#-networking"}, true, "Enable networking for this container") flPrivileged = cmd.Bool([]string{"#privileged", "-privileged"}, false, "Give extended privileges to this container") flPublishAll = cmd.Bool([]string{"P", "-publish-all"}, false, "Publish all exposed ports to the host interfaces") flStdin = cmd.Bool([]string{"i", "-interactive"}, false, "Keep stdin open even if not attached") @@ -61,7 +62,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf flUser = cmd.String([]string{"u", "-user"}, "", "Username or UID") flWorkingDir = cmd.String([]string{"w", "-workdir"}, "", "Working directory inside the container") flCpuShares = cmd.Int64([]string{"c", "-cpu-shares"}, 0, "CPU shares (relative weight)") - + flNetMode = cmd.String([]string{"-net"}, "bridge", "Set the Network mode for the container\n'bridge': creates a new network stack for the container on the docker bridge\n'none': no networking for this container\n'container:': reuses another container network stack\n'host': use the host network stack inside the contaner") // For documentation purpose _ = cmd.Bool([]string{"#sig-proxy", "-sig-proxy"}, true, "Proxify all received signal to the process (even in non-tty mode)") _ = cmd.String([]string{"#name", "-name"}, "", "Assign a name to the container") @@ -73,7 +74,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf cmd.Var(&flEnv, []string{"e", "-env"}, "Set environment variables") cmd.Var(&flEnvFile, []string{"-env-file"}, "Read in a line delimited file of ENV variables") - cmd.Var(&flPublish, []string{"p", "-publish"}, fmt.Sprintf("Publish a container's port to the host (format: %s) (use 'docker port' to see the actual mapping)", nat.PortSpecTemplateFormat)) + cmd.Var(&flPublish, []string{"p", "-publish"}, fmt.Sprintf("Publish a container's port to the host\nformat: %s\n(use 'docker port' to see the actual mapping)", nat.PortSpecTemplateFormat)) cmd.Var(&flExpose, []string{"#expose", "-expose"}, "Expose a port from the container without publishing it to your host") cmd.Var(&flDns, []string{"#dns", "-dns"}, "Set custom dns servers") cmd.Var(&flDnsSearch, []string{"-dns-search"}, "Set custom dns search domains") @@ -197,6 +198,11 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf // boo, there's no debug output for docker run //utils.Debugf("Environment variables for the container: %#v", envVariables) + netMode, err := parseNetMode(*flNetMode) + if err != nil { + return nil, nil, cmd, fmt.Errorf("--net: invalid net mode: %v", err) + } + config := &Config{ Hostname: hostname, Domainname: domainname, @@ -230,6 +236,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf Dns: flDns.GetAll(), DnsSearch: flDnsSearch.GetAll(), VolumesFrom: flVolumesFrom.GetAll(), + NetworkMode: netMode, } if sysInfo != nil && flMemory > 0 && !sysInfo.SwapLimit { @@ -274,3 +281,17 @@ func parseKeyValueOpts(opts opts.ListOpts) ([]utils.KeyValuePair, error) { } return out, nil } + +func parseNetMode(netMode string) (NetworkMode, error) { + parts := strings.Split(netMode, ":") + switch mode := parts[0]; mode { + case "bridge", "none", "host": + case "container": + if len(parts) < 2 || parts[1] == "" { + return "", fmt.Errorf("invalid container format container:") + } + default: + return "", fmt.Errorf("invalid --net: %s", netMode) + } + return NetworkMode(netMode), nil +} diff --git a/runconfig/parse_test.go b/runconfig/parse_test.go index fd28c4593e..8ad40b9d2d 100644 --- a/runconfig/parse_test.go +++ b/runconfig/parse_test.go @@ -1,8 +1,9 @@ package runconfig import ( - "github.com/dotcloud/docker/utils" "testing" + + "github.com/dotcloud/docker/utils" ) func TestParseLxcConfOpt(t *testing.T) { diff --git a/server/MAINTAINERS b/server/MAINTAINERS index db33365bcd..aee10c8421 100644 --- a/server/MAINTAINERS +++ b/server/MAINTAINERS @@ -1 +1 @@ -Solomon Hykes +Solomon Hykes (@shykes) diff --git a/server/buildfile.go b/server/buildfile.go index 8466f4290e..24b0b58f25 100644 --- a/server/buildfile.go +++ b/server/buildfile.go @@ -6,12 +6,6 @@ import ( "encoding/json" "errors" "fmt" - "github.com/dotcloud/docker/archive" - "github.com/dotcloud/docker/daemon" - "github.com/dotcloud/docker/nat" - "github.com/dotcloud/docker/registry" - "github.com/dotcloud/docker/runconfig" - "github.com/dotcloud/docker/utils" "io" "io/ioutil" "net/url" @@ -22,6 +16,13 @@ import ( "regexp" "sort" "strings" + + "github.com/dotcloud/docker/archive" + "github.com/dotcloud/docker/daemon" + "github.com/dotcloud/docker/nat" + "github.com/dotcloud/docker/registry" + "github.com/dotcloud/docker/runconfig" + "github.com/dotcloud/docker/utils" ) var ( @@ -644,10 +645,9 @@ func (b *buildFile) create() (*daemon.Container, error) { func (b *buildFile) run(c *daemon.Container) error { var errCh chan error - if b.verbose { errCh = utils.Go(func() error { - return <-c.Attach(nil, nil, b.outStream, b.errStream) + return <-b.daemon.Attach(c, nil, nil, b.outStream, b.errStream) }) } diff --git a/server/server.go b/server/server.go index 0ab0a4a00b..47565f0022 100644 --- a/server/server.go +++ b/server/server.go @@ -24,19 +24,6 @@ package server import ( "encoding/json" "fmt" - "github.com/dotcloud/docker/api" - "github.com/dotcloud/docker/archive" - "github.com/dotcloud/docker/daemon" - "github.com/dotcloud/docker/daemonconfig" - "github.com/dotcloud/docker/dockerversion" - "github.com/dotcloud/docker/engine" - "github.com/dotcloud/docker/graph" - "github.com/dotcloud/docker/image" - "github.com/dotcloud/docker/pkg/graphdb" - "github.com/dotcloud/docker/pkg/signal" - "github.com/dotcloud/docker/registry" - "github.com/dotcloud/docker/runconfig" - "github.com/dotcloud/docker/utils" "io" "io/ioutil" "log" @@ -53,6 +40,20 @@ import ( "sync" "syscall" "time" + + "github.com/dotcloud/docker/api" + "github.com/dotcloud/docker/archive" + "github.com/dotcloud/docker/daemon" + "github.com/dotcloud/docker/daemonconfig" + "github.com/dotcloud/docker/dockerversion" + "github.com/dotcloud/docker/engine" + "github.com/dotcloud/docker/graph" + "github.com/dotcloud/docker/image" + "github.com/dotcloud/docker/pkg/graphdb" + "github.com/dotcloud/docker/pkg/signal" + "github.com/dotcloud/docker/registry" + "github.com/dotcloud/docker/runconfig" + "github.com/dotcloud/docker/utils" ) // jobInitApi runs the remote api server `srv` as a daemon, @@ -124,7 +125,7 @@ func InitServer(job *engine.Job) engine.Status { "container_copy": srv.ContainerCopy, "insert": srv.ImageInsert, "attach": srv.ContainerAttach, - "search": srv.ImagesSearch, + "logs": srv.ContainerLogs, "changes": srv.ContainerChanges, "top": srv.ContainerTop, "version": srv.DockerVersion, @@ -137,7 +138,6 @@ func InitServer(job *engine.Job) engine.Status { "events": srv.Events, "push": srv.ImagePush, "containers": srv.Containers, - "auth": srv.Auth, } { if err := job.Eng.Register(name, handler); err != nil { return job.Error(err) @@ -146,24 +146,6 @@ func InitServer(job *engine.Job) engine.Status { return engine.StatusOK } -// simpleVersionInfo is a simple implementation of -// the interface VersionInfo, which is used -// to provide version information for some product, -// component, etc. It stores the product name and the version -// in string and returns them on calls to Name() and Version(). -type simpleVersionInfo struct { - name string - version string -} - -func (v *simpleVersionInfo) Name() string { - return v.name -} - -func (v *simpleVersionInfo) Version() string { - return v.version -} - // ContainerKill send signal to the container // If no signal is given (sig 0), then Kill with SIGKILL and wait // for the container to exit. @@ -213,29 +195,6 @@ func (srv *Server) ContainerKill(job *engine.Job) engine.Status { return engine.StatusOK } -func (srv *Server) Auth(job *engine.Job) engine.Status { - var ( - err error - authConfig = ®istry.AuthConfig{} - ) - - job.GetenvJson("authConfig", authConfig) - // TODO: this is only done here because auth and registry need to be merged into one pkg - if addr := authConfig.ServerAddress; addr != "" && addr != registry.IndexServerAddress() { - addr, err = registry.ExpandAndVerifyRegistryUrl(addr) - if err != nil { - return job.Error(err) - } - authConfig.ServerAddress = addr - } - status, err := registry.Login(authConfig, srv.HTTPRequestFactory(nil)) - if err != nil { - return job.Error(err) - } - job.Printf("%s\n", status) - return engine.StatusOK -} - func (srv *Server) Events(job *engine.Job) engine.Status { if len(job.Args) != 1 { return job.Errorf("Usage: %s FROM", job.Name) @@ -340,7 +299,7 @@ func (srv *Server) ContainerExport(job *engine.Job) engine.Status { // out is the writer where the images are written to. func (srv *Server) ImageExport(job *engine.Job) engine.Status { if len(job.Args) != 1 { - return job.Errorf("Usage: %s CONTAINER\n", job.Name) + return job.Errorf("Usage: %s IMAGE\n", job.Name) } name := job.Args[0] // get image json @@ -640,39 +599,6 @@ func (srv *Server) recursiveLoad(address, tmpImageDir string) error { return nil } -func (srv *Server) ImagesSearch(job *engine.Job) engine.Status { - if n := len(job.Args); n != 1 { - return job.Errorf("Usage: %s TERM", job.Name) - } - var ( - term = job.Args[0] - metaHeaders = map[string][]string{} - authConfig = ®istry.AuthConfig{} - ) - job.GetenvJson("authConfig", authConfig) - job.GetenvJson("metaHeaders", metaHeaders) - - r, err := registry.NewRegistry(authConfig, srv.HTTPRequestFactory(metaHeaders), registry.IndexServerAddress()) - if err != nil { - return job.Error(err) - } - results, err := r.SearchRepositories(term) - if err != nil { - return job.Error(err) - } - outs := engine.NewTable("star_count", 0) - for _, result := range results.Results { - out := &engine.Env{} - out.Import(result) - outs.Add(out) - } - outs.ReverseSort() - if _, err := outs.WriteListTo(job.Stdout); err != nil { - return job.Error(err) - } - return engine.StatusOK -} - // FIXME: 'insert' is deprecated and should be removed in a future version. func (srv *Server) ImageInsert(job *engine.Job) engine.Status { fmt.Fprintf(job.Stderr, "Warning: '%s' is deprecated and will be removed in a future version. Please use 'build' and 'ADD' instead.\n", job.Name) @@ -1455,7 +1381,7 @@ func (srv *Server) ImagePull(job *engine.Job) engine.Status { return job.Error(err) } - r, err := registry.NewRegistry(&authConfig, srv.HTTPRequestFactory(metaHeaders), endpoint) + r, err := registry.NewRegistry(&authConfig, registry.HTTPRequestFactory(metaHeaders), endpoint) if err != nil { return job.Error(err) } @@ -1678,7 +1604,7 @@ func (srv *Server) ImagePush(job *engine.Job) engine.Status { } img, err := srv.daemon.Graph().Get(localName) - r, err2 := registry.NewRegistry(authConfig, srv.HTTPRequestFactory(metaHeaders), endpoint) + r, err2 := registry.NewRegistry(authConfig, registry.HTTPRequestFactory(metaHeaders), endpoint) if err2 != nil { return job.Error(err2) } @@ -1952,6 +1878,7 @@ func (srv *Server) DeleteImage(name string, imgs *engine.Table, first, force, no var ( repoName, tag string tags = []string{} + tagDeleted bool ) repoName, tag = utils.ParseRepositoryTag(name) @@ -2002,7 +1929,7 @@ func (srv *Server) DeleteImage(name string, imgs *engine.Table, first, force, no //Untag the current image for _, tag := range tags { - tagDeleted, err := srv.daemon.Repositories().Delete(repoName, tag) + tagDeleted, err = srv.daemon.Repositories().Delete(repoName, tag) if err != nil { return err } @@ -2016,7 +1943,7 @@ func (srv *Server) DeleteImage(name string, imgs *engine.Table, first, force, no tags = srv.daemon.Repositories().ByID()[img.ID] if (len(tags) <= 1 && repoName == "") || len(tags) == 0 { if len(byParents[img.ID]) == 0 { - if err := srv.canDeleteImage(img.ID); err != nil { + if err := srv.canDeleteImage(img.ID, force, tagDeleted); err != nil { return err } if err := srv.daemon.Repositories().DeleteAll(img.ID); err != nil { @@ -2059,7 +1986,11 @@ func (srv *Server) ImageDelete(job *engine.Job) engine.Status { return engine.StatusOK } -func (srv *Server) canDeleteImage(imgID string) error { +func (srv *Server) canDeleteImage(imgID string, force, untagged bool) error { + var message string + if untagged { + message = " (docker untagged the image)" + } for _, container := range srv.daemon.List() { parent, err := srv.daemon.Repositories().LookupImage(container.Image) if err != nil { @@ -2068,7 +1999,14 @@ func (srv *Server) canDeleteImage(imgID string) error { if err := parent.WalkHistory(func(p *image.Image) error { if imgID == p.ID { - return fmt.Errorf("Conflict, cannot delete %s because the container %s is using it", utils.TruncateID(imgID), utils.TruncateID(container.ID)) + if container.State.IsRunning() { + if force { + return fmt.Errorf("Conflict, cannot force delete %s because the running container %s is using it%s, stop it and retry", utils.TruncateID(imgID), utils.TruncateID(container.ID), message) + } + return fmt.Errorf("Conflict, cannot delete %s because the running container %s is using it%s, stop it and use -f to force", utils.TruncateID(imgID), utils.TruncateID(container.ID), message) + } else if !force { + return fmt.Errorf("Conflict, cannot delete %s because the container %s is using it%s, use -f to force", utils.TruncateID(imgID), utils.TruncateID(container.ID), message) + } } return nil }); err != nil { @@ -2252,6 +2190,96 @@ func (srv *Server) ContainerResize(job *engine.Job) engine.Status { return job.Errorf("No such container: %s", name) } +func (srv *Server) ContainerLogs(job *engine.Job) engine.Status { + if len(job.Args) != 1 { + return job.Errorf("Usage: %s CONTAINER\n", job.Name) + } + + var ( + name = job.Args[0] + stdout = job.GetenvBool("stdout") + stderr = job.GetenvBool("stderr") + follow = job.GetenvBool("follow") + times = job.GetenvBool("timestamps") + format string + ) + if !(stdout || stderr) { + return job.Errorf("You must choose at least one stream") + } + if times { + format = time.StampMilli + } + container := srv.daemon.Get(name) + if container == nil { + return job.Errorf("No such container: %s", name) + } + cLog, err := container.ReadLog("json") + if err != nil && os.IsNotExist(err) { + // Legacy logs + utils.Debugf("Old logs format") + if stdout { + cLog, err := container.ReadLog("stdout") + if err != nil { + utils.Errorf("Error reading logs (stdout): %s", err) + } else if _, err := io.Copy(job.Stdout, cLog); err != nil { + utils.Errorf("Error streaming logs (stdout): %s", err) + } + } + if stderr { + cLog, err := container.ReadLog("stderr") + if err != nil { + utils.Errorf("Error reading logs (stderr): %s", err) + } else if _, err := io.Copy(job.Stderr, cLog); err != nil { + utils.Errorf("Error streaming logs (stderr): %s", err) + } + } + } else if err != nil { + utils.Errorf("Error reading logs (json): %s", err) + } else { + dec := json.NewDecoder(cLog) + for { + l := &utils.JSONLog{} + + if err := dec.Decode(l); err == io.EOF { + break + } else if err != nil { + utils.Errorf("Error streaming logs: %s", err) + break + } + logLine := l.Log + if times { + logLine = fmt.Sprintf("[%s] %s", l.Created.Format(format), logLine) + } + if l.Stream == "stdout" && stdout { + fmt.Fprintf(job.Stdout, "%s", logLine) + } + if l.Stream == "stderr" && stderr { + fmt.Fprintf(job.Stderr, "%s", logLine) + } + } + } + if follow { + errors := make(chan error, 2) + if stdout { + stdoutPipe := container.StdoutLogPipe() + go func() { + errors <- utils.WriteLog(stdoutPipe, job.Stdout, format) + }() + } + if stderr { + stderrPipe := container.StderrLogPipe() + go func() { + errors <- utils.WriteLog(stderrPipe, job.Stderr, format) + }() + } + err := <-errors + if err != nil { + utils.Errorf("%s", err) + } + } + return engine.StatusOK +} + func (srv *Server) ContainerAttach(job *engine.Job) engine.Status { if len(job.Args) != 1 { return job.Errorf("Usage: %s CONTAINER\n", job.Name) @@ -2341,7 +2369,7 @@ func (srv *Server) ContainerAttach(job *engine.Job) engine.Status { cStderr = job.Stderr } - <-container.Attach(cStdin, cStdinCloser, cStdout, cStderr) + <-srv.daemon.Attach(container, cStdin, cStdinCloser, cStdout, cStderr) // If we are in stdinonce mode, wait for the process to end // otherwise, simply return @@ -2454,24 +2482,6 @@ func NewServer(eng *engine.Engine, config *daemonconfig.Config) (*Server, error) return srv, nil } -func (srv *Server) HTTPRequestFactory(metaHeaders map[string][]string) *utils.HTTPRequestFactory { - httpVersion := make([]utils.VersionInfo, 0, 4) - httpVersion = append(httpVersion, &simpleVersionInfo{"docker", dockerversion.VERSION}) - httpVersion = append(httpVersion, &simpleVersionInfo{"go", goruntime.Version()}) - httpVersion = append(httpVersion, &simpleVersionInfo{"git-commit", dockerversion.GITCOMMIT}) - if kernelVersion, err := utils.GetKernelVersion(); err == nil { - httpVersion = append(httpVersion, &simpleVersionInfo{"kernel", kernelVersion.String()}) - } - httpVersion = append(httpVersion, &simpleVersionInfo{"os", goruntime.GOOS}) - httpVersion = append(httpVersion, &simpleVersionInfo{"arch", goruntime.GOARCH}) - ud := utils.NewHTTPUserAgentDecorator(httpVersion...) - md := &utils.HTTPMetaHeadersDecorator{ - Headers: metaHeaders, - } - factory := utils.NewHTTPRequestFactory(ud, md) - return factory -} - func (srv *Server) LogEvent(action, id, from string) *utils.JSONMessage { now := time.Now().UTC().Unix() jm := utils.JSONMessage{Status: action, ID: id, From: from, Time: now} diff --git a/utils/utils.go b/utils/utils.go index 8b6db8c464..4ef44b5617 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -9,7 +9,6 @@ import ( "encoding/json" "errors" "fmt" - "github.com/dotcloud/docker/dockerversion" "index/suffixarray" "io" "io/ioutil" @@ -23,6 +22,8 @@ import ( "strings" "sync" "time" + + "github.com/dotcloud/docker/dockerversion" ) type KeyValuePair struct { @@ -341,18 +342,15 @@ func (r *bufReader) Close() error { type WriteBroadcaster struct { sync.Mutex buf *bytes.Buffer - writers map[StreamWriter]bool -} - -type StreamWriter struct { - wc io.WriteCloser - stream string + streams map[string](map[io.WriteCloser]struct{}) } func (w *WriteBroadcaster) AddWriter(writer io.WriteCloser, stream string) { w.Lock() - sw := StreamWriter{wc: writer, stream: stream} - w.writers[sw] = true + if _, ok := w.streams[stream]; !ok { + w.streams[stream] = make(map[io.WriteCloser]struct{}) + } + w.streams[stream][writer] = struct{}{} w.Unlock() } @@ -362,33 +360,83 @@ type JSONLog struct { Created time.Time `json:"time"` } +func (jl *JSONLog) Format(format string) (string, error) { + if format == "" { + return jl.Log, nil + } + if format == "json" { + m, err := json.Marshal(jl) + return string(m), err + } + return fmt.Sprintf("[%s] %s", jl.Created.Format(format), jl.Log), nil +} + +func WriteLog(src io.Reader, dst io.WriteCloser, format string) error { + dec := json.NewDecoder(src) + for { + l := &JSONLog{} + + if err := dec.Decode(l); err == io.EOF { + return nil + } else if err != nil { + Errorf("Error streaming logs: %s", err) + return err + } + line, err := l.Format(format) + if err != nil { + return err + } + fmt.Fprintf(dst, "%s", line) + } +} + +type LogFormatter struct { + wc io.WriteCloser + timeFormat string +} + func (w *WriteBroadcaster) Write(p []byte) (n int, err error) { + created := time.Now().UTC() w.Lock() defer w.Unlock() + if writers, ok := w.streams[""]; ok { + for sw := range writers { + if n, err := sw.Write(p); err != nil || n != len(p) { + // On error, evict the writer + delete(writers, sw) + } + } + } w.buf.Write(p) - for sw := range w.writers { - lp := p - if sw.stream != "" { - lp = nil - for { - line, err := w.buf.ReadString('\n') + lines := []string{} + for { + line, err := w.buf.ReadString('\n') + if err != nil { + w.buf.Write([]byte(line)) + break + } + lines = append(lines, line) + } + + if len(lines) != 0 { + for stream, writers := range w.streams { + if stream == "" { + continue + } + var lp []byte + for _, line := range lines { + b, err := json.Marshal(&JSONLog{Log: line, Stream: stream, Created: created}) if err != nil { - w.buf.Write([]byte(line)) - break - } - b, err := json.Marshal(&JSONLog{Log: line, Stream: sw.stream, Created: time.Now().UTC()}) - if err != nil { - // On error, evict the writer - delete(w.writers, sw) - continue + Errorf("Error making JSON log line: %s", err) } lp = append(lp, b...) lp = append(lp, '\n') } - } - if n, err := sw.wc.Write(lp); err != nil || n != len(lp) { - // On error, evict the writer - delete(w.writers, sw) + for sw := range writers { + if _, err := sw.Write(lp); err != nil { + delete(writers, sw) + } + } } } return len(p), nil @@ -397,15 +445,20 @@ func (w *WriteBroadcaster) Write(p []byte) (n int, err error) { func (w *WriteBroadcaster) CloseWriters() error { w.Lock() defer w.Unlock() - for sw := range w.writers { - sw.wc.Close() + for _, writers := range w.streams { + for w := range writers { + w.Close() + } } - w.writers = make(map[StreamWriter]bool) + w.streams = make(map[string](map[io.WriteCloser]struct{})) return nil } func NewWriteBroadcaster() *WriteBroadcaster { - return &WriteBroadcaster{writers: make(map[StreamWriter]bool), buf: bytes.NewBuffer(nil)} + return &WriteBroadcaster{ + streams: make(map[string](map[io.WriteCloser]struct{})), + buf: bytes.NewBuffer(nil), + } } func GetTotalUsedFds() int { @@ -727,17 +780,6 @@ func IsGIT(str string) bool { return strings.HasPrefix(str, "git://") || strings.HasPrefix(str, "github.com/") || strings.HasPrefix(str, "git@github.com:") || (strings.HasSuffix(str, ".git") && IsURL(str)) } -// GetResolvConf opens and read the content of /etc/resolv.conf. -// It returns it as byte slice. -func GetResolvConf() ([]byte, error) { - resolv, err := ioutil.ReadFile("/etc/resolv.conf") - if err != nil { - Errorf("Error openning resolv.conf: %s", err) - return nil, err - } - return resolv, nil -} - // CheckLocalDns looks into the /etc/resolv.conf, // it returns true if there is a local nameserver or if there is no nameserver. func CheckLocalDns(resolvConf []byte) bool { @@ -773,46 +815,6 @@ func GetLines(input []byte, commentMarker []byte) [][]byte { return output } -// GetNameservers returns nameservers (if any) listed in /etc/resolv.conf -func GetNameservers(resolvConf []byte) []string { - nameservers := []string{} - re := regexp.MustCompile(`^\s*nameserver\s*(([0-9]+\.){3}([0-9]+))\s*$`) - for _, line := range GetLines(resolvConf, []byte("#")) { - var ns = re.FindSubmatch(line) - if len(ns) > 0 { - nameservers = append(nameservers, string(ns[1])) - } - } - return nameservers -} - -// GetNameserversAsCIDR returns nameservers (if any) listed in -// /etc/resolv.conf as CIDR blocks (e.g., "1.2.3.4/32") -// This function's output is intended for net.ParseCIDR -func GetNameserversAsCIDR(resolvConf []byte) []string { - nameservers := []string{} - for _, nameserver := range GetNameservers(resolvConf) { - nameservers = append(nameservers, nameserver+"/32") - } - return nameservers -} - -// GetSearchDomains returns search domains (if any) listed in /etc/resolv.conf -// If more than one search line is encountered, only the contents of the last -// one is returned. -func GetSearchDomains(resolvConf []byte) []string { - re := regexp.MustCompile(`^\s*search\s*(([^\s]+\s*)*)$`) - domains := []string{} - for _, line := range GetLines(resolvConf, []byte("#")) { - match := re.FindSubmatch(line) - if match == nil { - continue - } - domains = strings.Fields(string(match[1])) - } - return domains -} - // FIXME: Change this not to receive default value as parameter func ParseHost(defaultHost string, defaultUnix, addr string) (string, error) { var ( diff --git a/utils/utils_test.go b/utils/utils_test.go index 501ae67c2c..ccd212202c 100644 --- a/utils/utils_test.go +++ b/utils/utils_test.go @@ -377,20 +377,6 @@ func TestParseRepositoryTag(t *testing.T) { } } -func TestGetResolvConf(t *testing.T) { - resolvConfUtils, err := GetResolvConf() - if err != nil { - t.Fatal(err) - } - resolvConfSystem, err := ioutil.ReadFile("/etc/resolv.conf") - if err != nil { - t.Fatal(err) - } - if string(resolvConfUtils) != string(resolvConfSystem) { - t.Fatalf("/etc/resolv.conf and GetResolvConf have different content.") - } -} - func TestCheckLocalDns(t *testing.T) { for resolv, result := range map[string]bool{`# Dynamic nameserver 10.0.2.3 @@ -464,95 +450,6 @@ func TestParsePortMapping(t *testing.T) { } } -func TestGetNameservers(t *testing.T) { - for resolv, result := range map[string][]string{` -nameserver 1.2.3.4 -nameserver 40.3.200.10 -search example.com`: {"1.2.3.4", "40.3.200.10"}, - `search example.com`: {}, - `nameserver 1.2.3.4 -search example.com -nameserver 4.30.20.100`: {"1.2.3.4", "4.30.20.100"}, - ``: {}, - ` nameserver 1.2.3.4 `: {"1.2.3.4"}, - `search example.com -nameserver 1.2.3.4 -#nameserver 4.3.2.1`: {"1.2.3.4"}, - `search example.com -nameserver 1.2.3.4 # not 4.3.2.1`: {"1.2.3.4"}, - } { - test := GetNameservers([]byte(resolv)) - if !StrSlicesEqual(test, result) { - t.Fatalf("Wrong nameserver string {%s} should be %v. Input: %s", test, result, resolv) - } - } -} - -func TestGetNameserversAsCIDR(t *testing.T) { - for resolv, result := range map[string][]string{` -nameserver 1.2.3.4 -nameserver 40.3.200.10 -search example.com`: {"1.2.3.4/32", "40.3.200.10/32"}, - `search example.com`: {}, - `nameserver 1.2.3.4 -search example.com -nameserver 4.30.20.100`: {"1.2.3.4/32", "4.30.20.100/32"}, - ``: {}, - ` nameserver 1.2.3.4 `: {"1.2.3.4/32"}, - `search example.com -nameserver 1.2.3.4 -#nameserver 4.3.2.1`: {"1.2.3.4/32"}, - `search example.com -nameserver 1.2.3.4 # not 4.3.2.1`: {"1.2.3.4/32"}, - } { - test := GetNameserversAsCIDR([]byte(resolv)) - if !StrSlicesEqual(test, result) { - t.Fatalf("Wrong nameserver string {%s} should be %v. Input: %s", test, result, resolv) - } - } -} - -func TestGetSearchDomains(t *testing.T) { - for resolv, result := range map[string][]string{ - `search example.com`: {"example.com"}, - `search example.com # ignored`: {"example.com"}, - ` search example.com `: {"example.com"}, - ` search example.com # ignored`: {"example.com"}, - `search foo.example.com example.com`: {"foo.example.com", "example.com"}, - ` search foo.example.com example.com `: {"foo.example.com", "example.com"}, - ` search foo.example.com example.com # ignored`: {"foo.example.com", "example.com"}, - ``: {}, - `# ignored`: {}, - `nameserver 1.2.3.4 -search foo.example.com example.com`: {"foo.example.com", "example.com"}, - `nameserver 1.2.3.4 -search dup1.example.com dup2.example.com -search foo.example.com example.com`: {"foo.example.com", "example.com"}, - `nameserver 1.2.3.4 -search foo.example.com example.com -nameserver 4.30.20.100`: {"foo.example.com", "example.com"}, - } { - test := GetSearchDomains([]byte(resolv)) - if !StrSlicesEqual(test, result) { - t.Fatalf("Wrong search domain string {%s} should be %v. Input: %s", test, result, resolv) - } - } -} - -func StrSlicesEqual(a, b []string) bool { - if len(a) != len(b) { - return false - } - - for i, v := range a { - if v != b[i] { - return false - } - } - - return true -} - func TestReplaceAndAppendEnvVars(t *testing.T) { var ( d = []string{"HOME=/"} diff --git a/vendor/src/github.com/coreos/go-systemd/dbus/methods_test.go b/vendor/src/github.com/coreos/go-systemd/dbus/methods_test.go index 9e2f22323f..d943e7ebfc 100644 --- a/vendor/src/github.com/coreos/go-systemd/dbus/methods_test.go +++ b/vendor/src/github.com/coreos/go-systemd/dbus/methods_test.go @@ -18,12 +18,13 @@ package dbus import ( "fmt" - "github.com/guelfey/go.dbus" "math/rand" "os" "path/filepath" "reflect" "testing" + + "github.com/godbus/dbus" ) func setupConn(t *testing.T) *Conn { diff --git a/vendor/src/github.com/coreos/go-systemd/dbus/set.go b/vendor/src/github.com/coreos/go-systemd/dbus/set.go index 88378b29a1..45ad1fb399 100644 --- a/vendor/src/github.com/coreos/go-systemd/dbus/set.go +++ b/vendor/src/github.com/coreos/go-systemd/dbus/set.go @@ -21,6 +21,13 @@ func (s *set) Length() (int) { return len(s.data) } +func (s *set) Values() (values []string) { + for val, _ := range s.data { + values = append(values, val) + } + return +} + func newSet() (*set) { return &set{make(map[string] bool)} } diff --git a/vendor/src/github.com/coreos/go-systemd/dbus/set_test.go b/vendor/src/github.com/coreos/go-systemd/dbus/set_test.go index d8d174d0c4..c4435f8800 100644 --- a/vendor/src/github.com/coreos/go-systemd/dbus/set_test.go +++ b/vendor/src/github.com/coreos/go-systemd/dbus/set_test.go @@ -18,9 +18,22 @@ func TestBasicSetActions(t *testing.T) { t.Fatal("set should contain 'foo'") } + v := s.Values() + if len(v) != 1 { + t.Fatal("set.Values did not report correct number of values") + } + if v[0] != "foo" { + t.Fatal("set.Values did not report value") + } + s.Remove("foo") if s.Contains("foo") { t.Fatal("set should not contain 'foo'") } + + v = s.Values() + if len(v) != 0 { + t.Fatal("set.Values did not report correct number of values") + } } diff --git a/vendor/src/github.com/coreos/go-systemd/fixtures/enable-disable.service b/vendor/src/github.com/coreos/go-systemd/fixtures/enable-disable.service new file mode 100644 index 0000000000..74c9459088 --- /dev/null +++ b/vendor/src/github.com/coreos/go-systemd/fixtures/enable-disable.service @@ -0,0 +1,5 @@ +[Unit] +Description=enable disable test + +[Service] +ExecStart=/bin/sleep 400