This adds an `--oom-score-adjust` flag to the daemon so that the value
provided can be set for the docker daemon's process. The default value
for the flag is -500. This will allow the docker daemon to have a
less chance of being killed before containers do. The default value for
processes is 0 with a min/max of -1000/1000.
-500 is a good middle ground because it is less than the default for
most processes and still not -1000 which basically means never kill this
process in an OOM condition on the host machine. The only processes on
my machine that have a score less than -500 are dbus at -900 and sshd
and xfce( my window manager ) at -1000. I don't think docker should be
set lower, by default, than dbus or sshd so that is why I chose -500.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
(cherry picked from commit a894aec8d8)
Signed-off-by: Tibor Vass <tibor@docker.com>
The output uses tabs, but those don't
translate well to the rendered output in
the docs, so replacing the tabs with spaces.
Also updates the output, because REPLICATED,
and SPREAD are no longer all-caps in the
actual output.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 477a5f8fb0)
Signed-off-by: Tibor Vass <tibor@docker.com>
the executiondriver property was removed in
880484992c, but docs
were only updated for the 1.25 API, not for 1.24
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3c6ef4c29d)
Signed-off-by: Tibor Vass <tibor@docker.com>
Add a `--network` flag which replaces `--net` without deprecating it
yet. The `--net` flag remains hidden and supported.
Add a `--network-alias` flag which replaces `--net-alias` without deprecating
it yet. The `--net-alias` flag remains hidden and supported.
Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
(cherry picked from commit c0c7d5e715)
Signed-off-by: Tibor Vass <tibor@docker.com>
Looks like there's issues with sourceforge project
pages. Given that sourceforge isn't really what
it used to be, trying to find alternative URLs
where possible.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 0e7a1079be)
Signed-off-by: Tibor Vass <tibor@docker.com>
The "none" option was not added to the documentation.
This adds an example, and adds additional information
on manually accepting or rejecting a node.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 06517753c1)
Signed-off-by: Tibor Vass <tibor@docker.com>
Add option to skip kernel check for older kernels which have been patched to support multiple lower directories in overlayfs.
Fixes#24023
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
(cherry picked from commit ff98da0607)
Signed-off-by: Tibor Vass <tibor@docker.com>
This fix fixes a minor typo in swarm tutorial's delete service docs.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 93fa7e7555)
Signed-off-by: Tibor Vass <tibor@docker.com>
The `--pid` flag was added in Docker 1.5.0, but the
API changes were not documented. In Docker 1.12.0,
`--pid=container:<name|id>` was added as an additional
option, but also undocumented.
This adds the missing API documentation for this
option.
Also see commits
47e3da848f (for 1.5.0), and
ebeb5a0422 (for 1.12.0).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 2c9b5addc5)
Signed-off-by: Tibor Vass <tibor@docker.com>
We use containerd and there is no execution driver anymore.
Addresses: https://github.com/docker/docker/issues/24461
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
(cherry picked from commit 1fb1136fec)
Signed-off-by: Tibor Vass <tibor@docker.com>
This fix adds a couple of missed release tag reference links in deprecated.md
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit bc20354b09)
Signed-off-by: Tibor Vass <tibor@docker.com>
This is now up to date with contents of 1.12 tgz
Also change usage to `dockerd` not `docker daemon`
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
(cherry picked from commit 7102e09f29)
Signed-off-by: Tibor Vass <tibor@docker.com>
- Update ps with `--last` flag
- Update commands with current output
- Make sure hugo does not detect the wrong language
- Update usage for `tag` command to be more coherent with the other ones
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit f4cfc6b983)
Signed-off-by: Tibor Vass <tibor@docker.com>
The current behavior of `docker swarm init` is to set up a swarm that
has no secret for joining, and does not require manual acceptance for
workers. Since workers may sometimes receive sensitive data such as pull
credentials, it makes sense to harden the defaults.
This change makes `docker swarm init` generate a random secret if none
is provided, and print it to the terminal. This secret will be needed to
join workers or managers to the swarm. In addition to improving access
control to the cluster, this setup removes an avenue for
denial-of-service attacks, since the secret is necessary to even create
an entry in the node list.
`docker swarm init --secret ""` will set up a swarm without a secret,
matching the old behavior. `docker swarm update --secret ""` removes the
automatically generated secret after `docker swarm init`.
Closes#23785
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 7342e42fce)
Signed-off-by: Tibor Vass <tibor@docker.com>
In the API:
`Writable` changed to `ReadOnly`
`Populate` changed to `NoCopy`
Corresponding CLI options updated to:
`volume-writable` changed to `volume-readonly`
`volume-populate` changed to `volume-nocopy`
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 56f3422468)
Signed-off-by: Tibor Vass <tibor@docker.com>
In #24159, the title field of `docker node ls` has been
changed from NAME to HOSTNAME. However, in the docs the
NAMEs are still used for the output of `docker node ls`.
This fix updates docs so that NAME field is changed to
HOSTNAME for all `docker node ls`.
This fix is related to #24159 and #24090.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 668b8a998f)
Signed-off-by: Tibor Vass <tibor@docker.com>
In order to keep a little bit of "sanity" on the API side, validate
hostname only starting from v1.24 API version.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 6daf3d2a78)
Signed-off-by: Tibor Vass <tibor@docker.com>
the flag is named '--read-only', not '--readonly'
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ac12696ff4)
Signed-off-by: Tibor Vass <tibor@docker.com>
minor typos and punctuation.
Signed-off-by: Alan Thompson <cloojure@gmail.com>
(cherry picked from commit 68b8cc9735)
Signed-off-by: Tibor Vass <tibor@docker.com>
The --auto-accept documentation currently says that both worker and
manager nodes are automatically accepted by default. Correct it.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 9aed7d1a3d)
Signed-off-by: Tibor Vass <tibor@docker.com>
For consistency with other filters (such as
"is-official"), this renames the desired_state
filter to "desired-state".
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d761719eb4)
Signed-off-by: Tibor Vass <tibor@docker.com>
