Either a single slash or localhost should be specified after http in the cURL URL, not http:// (double slash)
Signed-off-by: ohadschn <ohad188@gmail.com>
Following #19995 and #17409 this PR enables skipping userns re-mapping
when creating a container (or when executing a command). Thus, enabling
privileged containers running side by side with userns remapped
containers.
The feature is enabled by specifying ```--userns:host```, which will not
remapped the user if userns are applied. If this flag is not specified,
the existing behavior (which blocks specific privileged operation)
remains.
Signed-off-by: Liron Levin <liron@twistlock.com>
Prior to this change, the "docker network inspect" contains only the
endpoints that have active local container. This excludes all the remote
and stale endpoints. By including all the endpoints, it makes debugging
much simpler and also allows the user to cleanup any stale endpoints
using "docker network disconnect -f {network} {endpoint-name}".
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Docker creates a UTS namespace by default, even with --net=host, so it
is reasonable to let the user set the hostname. Note that --hostname is
forbidden if the user specifies --uts=host.
Closes#12076
Signed-off-by: Jason Heiss <jheiss@aput.net>
Update unit test and documentation to handle the new case where Username
is set to <token> to indicate an identity token is involved.
Change the "Password" field in communications with the credential helper
to "Secret" to make clear it has a more generic purpose.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Dump from 1.10.1 has this fields.
Signed-off-by: Kanstantsin Shautsou <kanstantsin.sha@gmail.com>
Close and carry #20377
Include David's request
Signed-off-by: Mary Anthony <mary@docker.com>
Once thin pool gets full, bad things can happen. Especially in case of xfs
it is possible that xfs keeps on retrying IO infinitely (for certain kind
of IO) and container hangs.
One way to mitigate the problem is that once thin pool is about to get full,
start failing some of the docker operations like pulling new images or
creation of new containers. That way user will get warning ahead of time
and can try to rectify it by creating more free space in thin pool. This
can be done either by deleting existing images/containers or by adding more
free space to thin pool.
This patch adds a new option dm.min_free_space to devicemapper graph
driver. Say one specifies dm.min_free_space=10%. This means atleast
10% of data and metadata blocks should be free in pool before new device
creation is allowed, otherwise operation will fail.
By default min_free_space is 10%. User can change it by specifying
dm.min_free_space=X% on command line. A value of 0% will disable the
check.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
The documentation for Docker 1.10.2 (API version 1.22) mentions under
the "Create a container"[1] section that `HostConfig.Binds` can be given
a "container path" which will automatically "create a new volume for the
container."
I interpreted this to mean it that the following two commands should
have the same net result:
# Create container with data volume via REST API
curl --unix-socket /var/run/docker.sock -XPOST \
http://localhost/containers/create \
-H"Content-Type: application/json" \
-d'{
"Image": "<image-id>",
...
"HostConfig": {
"Binds": [
"/some/data/volume"
]
}
}'
# Create container with data volume via CLI
docker create -v /some/data/volume <image-id> <command>
However, this turned out not the be the case, as the former would create
a mount with no source and no corresponding volume:
...
"Mounts": [
{
"Source": "",
"Destination": "/some/data/volume",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": "rprivate"
}
],
...
"Config": {
...
"Volumes": null,
...
}
...whereas the latter would create a volume and mount it:
...
"Mounts": [
{
"Name": "9b38af46d6..."
"Source": "/var/lib/docker/volumes/9b38af46d6.../_data",
"Destination": "/some/data/volume",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
}
],
...
"Config": {
...
"Volumes": {
"/some/data/volume": {}
},
...
}
However, if you instead specify the data volume via the `Volumes` key,
then it works as expected, e.g.
curl --unix-socket /var/run/docker.sock -XPOST \
http://localhost/containers/create \
-H"Content-Type: application/json" \
-d'{
"Image": "...",
...
"Volumes": {"/some/data/volume": {}}
}'
...will create a data volume and mount it.
Thus the documentation is either incorrect, or this is a bug and the
ability to create a data volume via `HostConfig.Binds` does not
work as advertised for API version 1.22 (and likely others).
I concluded that the documentation was incorrect. Since I've only
verified this behavior for Docker 1.10.2, I updated the docs for
API versions 1.22 and 1.23, but this may apply to other versions as
well.
[1] https://docs.docker.com/engine/reference/api/docker_remote_api_v1.22/#create-a-container
Signed-off-by: Shane da Silva <shane@dasilva.io>
Allows users to submit options similar to the `mount` command when
creating a volume with the `local` volume driver.
For example:
```go
$ docker volume create -d local --opt type=nfs --opt device=myNfsServer:/data --opt o=noatime,nosuid
```
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This change adds "KernelMemory" to the /info endpoint and
shows a warning if KernelMemory is not supported by the kernel.
This makes it more consistent with the other memory-limit
options.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Move the note more up, to prevent people from starting
the daemon with --userns-remap before touching the files.
Also clarify that these steps must be done *before* enabling
userns-remap and starting the daemon.
Also fixed some minor Markup formatting issues.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This removes the email prompt when you use docker login, and also removes the ability to register via the docker cli. Docker login, will strictly be used for logging into a registry server.
Signed-off-by: Ken Cochrane <kencochrane@gmail.com>
This change implements communication with an external credentials store,
ala git-credential-helper. The client falls back the plain text store,
what we're currently using, if there is no remote store configured.
It shells out to helper program when a credential store is
configured. Those programs can be implemented with any language as long as they
follow the convention to pass arguments and information.
There is an implementation for the OS X keychain in https://github.com/calavera/docker-credential-helpers.
That package also provides basic structure to create other helpers.
Signed-off-by: David Calavera <david.calavera@gmail.com>
