man/docker: wrap lines consistently

Quite a few changes, as it seems like previous wrapping was done manually, so it's all over the place. As noted in #28424 Signed-off-by: Jonathan Boulle <jonathanboulle@gmail.com>
2022-11-09 12:21:53 -05:00 · 2016-11-15 22:46:25 +09:00 · 2016-11-15 22:46:25 +09:00 · c102ab8711
commit c102ab8711
parent 44b5bcd744
1 changed files with 144 additions and 110 deletions
--- a/man/dockerd.8.md
+++ b/man/dockerd.8.md
@ -71,13 +71,13 @@ dockerd - Enable daemon mode
 [**--userns-remap**[=*default*]]
 # DESCRIPTION
-**dockerd** is used for starting the Docker daemon(i.e., to command the daemon to manage images,
+**dockerd** is used for starting the Docker daemon (i.e., to command the daemon
-containers etc.) So **dockerd** is a server, as a daemon.
+to manage images, containers etc).  So **dockerd** is a server, as a daemon.
 To run the Docker daemon you can specify **dockerd**.
 You can check the daemon options using **dockerd --help**.
-Daemon options should be specified after the **dockerd** keyword in the following
+Daemon options should be specified after the **dockerd** keyword in the
-format.
+following format.
 **dockerd [OPTIONS]**
@ -87,27 +87,31 @@ format.
  Set additional OCI compatible runtime.
 **--api-cors-header**=""
-  Set CORS headers in the remote API. Default is cors disabled. Give urls like "http://foo, http://bar, ...". Give "*" to allow all.
+  Set CORS headers in the remote API. Default is cors disabled. Give urls like
  "http://foo, http://bar, ...". Give "*" to allow all.
 **--authorization-plugin**=""
  Set authorization plugins to load
 **-b**, **--bridge**=""
-  Attach containers to a pre\-existing network bridge; use 'none' to disable container networking
+  Attach containers to a pre\-existing network bridge; use 'none' to disable
  container networking
 **--bip**=""
-  Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of \-b
+  Use the provided CIDR notation address for the dynamically created bridge
  (docker0); Mutually exclusive of \-b
 **--cgroup-parent**=""
-  Set parent cgroup for all containers. Default is "/docker" for fs cgroup driver and "system.slice" for systemd cgroup driver.
+  Set parent cgroup for all containers. Default is "/docker" for fs cgroup
  driver and "system.slice" for systemd cgroup driver.
 **--cluster-store**=""
  URL of the distributed storage backend
 **--cluster-advertise**=""
-  Specifies the 'host:port' or `interface:port` combination that this particular
+  Specifies the 'host:port' or `interface:port` combination that this
-  daemon instance should use when advertising itself to the cluster. The daemon
+  particular daemon instance should use when advertising itself to the cluster.
-  is reached through this value.
+  The daemon is reached through this value.
 **--cluster-store-opt**=""
  Specifies options for the Key/Value store.
@ -122,7 +126,8 @@ format.
  Enable debug mode. Default is false.
 **--default-gateway**=""
-  IPv4 address of the container default gateway; this address must be part of the bridge subnet (which is defined by \-b or \--bip)
+  IPv4 address of the container default gateway; this address must be part of
  the bridge subnet (which is defined by \-b or \--bip)
 **--default-gateway-v6**=""
  IPv6 address of the container default gateway
@ -146,13 +151,15 @@ format.
  Set runtime execution options. See RUNTIME EXECUTION OPTIONS.
 **--exec-root**=""
-  Path to use as the root of the Docker execution state files. Default is `/var/run/docker`.
+  Path to use as the root of the Docker execution state files. Default is
  `/var/run/docker`.
 **--experimental**=""
  Enable the daemon experimental features.
 **--fixed-cidr**=""
-  IPv4 subnet for fixed IPs (e.g., 10.20.0.0/16); this subnet must be nested in the bridge subnet (which is defined by \-b or \-\-bip)
+  IPv4 subnet for fixed IPs (e.g., 10.20.0.0/16); this subnet must be nested in
  the bridge subnet (which is defined by \-b or \-\-bip).
 **--fixed-cidr-v6**=""
  IPv6 subnet for global IPv6 addresses (e.g., 2a00:1450::/64)
@ -173,28 +180,46 @@ unix://[/path/to/socket] to use.
  Print usage statement
 **--icc**=*true*|*false*
-  Allow unrestricted inter\-container and Docker daemon host communication. If disabled, containers can still be linked together using the **--link** option (see **docker-run(1)**). Default is true.
+  Allow unrestricted inter\-container and Docker daemon host communication. If
  disabled, containers can still be linked together using the **--link** option
  (see **docker-run(1)**). Default is true.
 **--init**
-  Run an init process inside containers for signal forwarding and process reaping.
+  Run an init process inside containers for signal forwarding and process
  reaping.
 **--init-path**
  Path to the docker-init binary.
 **--insecure-registry**=[]
-  Enable insecure registry communication, i.e., enable un-encrypted and/or untrusted communication.
+  Enable insecure registry communication, i.e., enable un-encrypted and/or
  untrusted communication.
-  List of insecure registries can contain an element with CIDR notation to specify a whole subnet. Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs.
+  List of insecure registries can contain an element with CIDR notation to
  specify a whole subnet. Insecure registries accept HTTP and/or accept HTTPS
  with certificates from unknown CAs.
-  Enabling `--insecure-registry` is useful when running a local registry.  However, because its use creates security vulnerabilities it should ONLY be enabled for testing purposes.  For increased security, users should add their CA to their system's list of trusted CAs instead of using `--insecure-registry`.
+  Enabling `--insecure-registry` is useful when running a local registry.
  However, because its use creates security vulnerabilities it should ONLY be
  enabled for testing purposes.  For increased security, users should add their
  CA to their system's list of trusted CAs instead of using
  `--insecure-registry`.
 **--ip**=""
  Default IP address to use when binding container ports. Default is `0.0.0.0`.
 **--ip-forward**=*true*|*false*
-  Enables IP forwarding on the Docker host. The default is `true`. This flag interacts with the IP forwarding setting on your host system's kernel. If your system has IP forwarding disabled, this setting enables it. If your system has IP forwarding enabled, setting this flag to `--ip-forward=false` has no effect.
+  Enables IP forwarding on the Docker host. The default is `true`. This flag
  interacts with the IP forwarding setting on your host system's kernel. If
  your system has IP forwarding disabled, this setting enables it. If your
  system has IP forwarding enabled, setting this flag to `--ip-forward=false`
  has no effect.
-  This setting will also enable IPv6 forwarding if you have both `--ip-forward=true` and `--fixed-cidr-v6` set. Note that this may reject Router Advertisements and interfere with the host's existing IPv6 configuration. For more information, please consult the documentation about "Advanced Networking - IPv6".
+  This setting will also enable IPv6 forwarding if you have both
  `--ip-forward=true` and `--fixed-cidr-v6` set. Note that this may reject
  Router Advertisements and interfere with the host's existing IPv6
  configuration. For more information, please consult the documentation about
  "Advanced Networking - IPv6".
 **--ip-masq**=*true*|*false*
  Enable IP masquerading for bridge's IP range. Default is true.
@ -203,12 +228,18 @@ unix://[/path/to/socket] to use.
  Enable Docker's addition of iptables rules. Default is true.
 **--ipv6**=*true*|*false*
-  Enable IPv6 support. Default is false. Docker will create an IPv6-enabled bridge with address fe80::1 which will allow you to create IPv6-enabled containers. Use together with `--fixed-cidr-v6` to provide globally routable IPv6 addresses. IPv6 forwarding will be enabled if not used with `--ip-forward=false`. This may collide with your host's current IPv6 settings. For more information please consult the documentation about "Advanced Networking - IPv6".
+  Enable IPv6 support. Default is false. Docker will create an IPv6-enabled
  bridge with address fe80::1 which will allow you to create IPv6-enabled
  containers. Use together with `--fixed-cidr-v6` to provide globally routable
  IPv6 addresses. IPv6 forwarding will be enabled if not used with
  `--ip-forward=false`. This may collide with your host's current IPv6
  settings. For more information please consult the documentation about
  "Advanced Networking - IPv6".
 **--isolation**="*default*"
-   Isolation specifies the type of isolation technology used by containers. Note
+   Isolation specifies the type of isolation technology used by containers.
-that the default on Windows server is `process`, and the default on Windows client
+   Note that the default on Windows server is `process`, and the default on
-is `hyperv`. Linux only supports `default`.
+   Windows client is `hyperv`. Linux only supports `default`.
 **-l**, **--log-level**="*debug*|*info*|*warn*|*error*|*fatal*"
  Set the logging level. Default is `info`.
@ -217,7 +248,9 @@ is `hyperv`. Linux only supports `default`.
  Set key=value labels to the daemon (displayed in `docker info`)
 **--live-restore**=*false*
-  Enable live restore of running containers when the daemon starts so that they are not restarted. This option is applicable only for docker daemon running on Linux host.
+  Enable live restore of running containers when the daemon starts so that they
  are not restarted. This option is applicable only for docker daemon running
  on Linux host.
 **--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*"
  Default driver for container logs. Default is `json-file`.
@ -239,12 +272,13 @@ is `hyperv`. Linux only supports `default`.
  Path to use for daemon PID file. Default is `/var/run/docker.pid`
 **--raw-logs**
-  Output daemon logs in full timestamp format without ANSI coloring. If this flag is not set,
+  Output daemon logs in full timestamp format without ANSI coloring. If this
-the daemon outputs condensed, colorized logs if a terminal is detected, or full ("raw")
+  flag is not set, the daemon outputs condensed, colorized logs if a terminal
-output otherwise.
+  is detected, or full ("raw") output otherwise.
 **--registry-mirror**=*<scheme>://<host>*
-  Prepend a registry mirror to be used for image pulls. May be specified multiple times.
+  Prepend a registry mirror to be used for image pulls. May be specified
  multiple times.
 **-s**, **--storage-driver**=""
  Force the Docker runtime to use a specific storage driver.
@ -262,9 +296,10 @@ output otherwise.
  Set storage driver options. See STORAGE DRIVER OPTIONS.
 **--swarm-default-advertise-addr**=*IP|INTERFACE*
-  Set default address or interface for swarm to advertise as its externally-reachable address to other cluster
+  Set default address or interface for swarm to advertise as its
-  members. This can be a hostname, an IP address, or an interface such as `eth0`. A port cannot be specified with
+  externally-reachable address to other cluster members. This can be a
-  this option.
+  hostname, an IP address, or an interface such as `eth0`. A port cannot be
  specified with this option.
 **--tls**=*true*|*false*
  Use TLS; implied by --tlsverify. Default is false.
@ -283,13 +318,19 @@ output otherwise.
  Default is false.
 **--userland-proxy**=*true*|*false*
-  Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is true.
+  Rely on a userland proxy implementation for inter-container and
  outside-to-container loopback communications. Default is true.
 **--userland-proxy-path**=""
  Path to the userland proxy binary.
 **--userns-remap**=*default*|*uid:gid*|*user:group*|*user*|*uid*
-  Enable user namespaces for containers on the daemon. Specifying "default" will cause a new user and group to be created to handle UID and GID range remapping for the user namespace mappings used for contained processes. Specifying a user (or uid) and optionally a group (or gid) will cause the daemon to lookup the user and group's subordinate ID ranges for use as the user namespace mappings for contained processes.
+  Enable user namespaces for containers on the daemon. Specifying "default"
  will cause a new user and group to be created to handle UID and GID range
  remapping for the user namespace mappings used for contained processes.
  Specifying a user (or uid) and optionally a group (or gid) will cause the
  daemon to lookup the user and group's subordinate ID ranges for use as the
  user namespace mappings for contained processes.
 # STORAGE DRIVER OPTIONS
@ -402,8 +443,8 @@ exits.
 For example, when a container exits, its associated thin device is removed. If
 that device has leaked into some other mount namespace and can't be removed,
 the container exit still succeeds and this option causes the system to schedule
-the device for deferred removal. It does not wait in a loop trying to remove a busy
+the device for deferred removal. It does not wait in a loop trying to remove a
-device.
+busy device.
 Example use: `dockerd --storage-opt dm.use_deferred_removal=true`
@ -431,23 +472,23 @@ namespaces.
 #### dm.loopdatasize
-**Note**: This option configures devicemapper loopback, which should not be used in production.
+**Note**: This option configures devicemapper loopback, which should not be
 used in production.
-Specifies the size to use when creating the loopback file for the
+Specifies the size to use when creating the loopback file for the "data" device
-"data" device which is used for the thin pool. The default size is
+which is used for the thin pool. The default size is 100G. The file is sparse,
-100G. The file is sparse, so it will not initially take up
+so it will not initially take up this much space.
 this much space.
 Example use: `dockerd --storage-opt dm.loopdatasize=200G`
 #### dm.loopmetadatasize
-**Note**: This option configures devicemapper loopback, which should not be used in production.
+**Note**: This option configures devicemapper loopback, which should not be
 used in production.
-Specifies the size to use when creating the loopback file for the
+Specifies the size to use when creating the loopback file for the "metadata"
-"metadata" device which is used for the thin pool. The default size
+device which is used for the thin pool. The default size is 2G. The file is
-is 2G. The file is sparse, so it will not initially take up
+sparse, so it will not initially take up this much space.
 this much space.
 Example use: `dockerd --storage-opt dm.loopmetadatasize=4G`
@ -455,17 +496,16 @@ Example use: `dockerd --storage-opt dm.loopmetadatasize=4G`
 (Deprecated, use `dm.thinpooldev`)
-Specifies a custom blockdevice to use for data for a
+Specifies a custom blockdevice to use for data for a Docker-managed thin pool.
-Docker-managed thin pool.  It is better to use `dm.thinpooldev` - see
+It is better to use `dm.thinpooldev` - see the documentation for it above for
-the documentation for it above for discussion of the advantages.
+discussion of the advantages.
 #### dm.metadatadev
 (Deprecated, use `dm.thinpooldev`)
-Specifies a custom blockdevice to use for metadata for a
+Specifies a custom blockdevice to use for metadata for a Docker-managed thin
-Docker-managed thin pool.  See `dm.datadev` for why this is
+pool.  See `dm.datadev` for why this is deprecated.
 deprecated.
 #### dm.blocksize
@ -476,24 +516,22 @@ Example use: `dockerd --storage-opt dm.blocksize=512K`
 #### dm.blkdiscard
-Enables or disables the use of `blkdiscard` when removing devicemapper
+Enables or disables the use of `blkdiscard` when removing devicemapper devices.
-devices.  This is disabled by default due to the additional latency,
+This is disabled by default due to the additional latency, but as a special
-but as a special case with loopback devices it will be enabled, in
+case with loopback devices it will be enabled, in order to re-sparsify the
-order to re-sparsify the loopback file on image/container removal.
+loopback file on image/container removal.
-Disabling this on loopback can lead to *much* faster container removal
+Disabling this on loopback can lead to *much* faster container removal times,
-times, but it also prevents the space used in `/var/lib/docker` directory
+but it also prevents the space used in `/var/lib/docker` directory from being
-from being returned to the system for other use when containers are
+returned to the system for other use when containers are removed.
 removed.
 Example use: `dockerd --storage-opt dm.blkdiscard=false`
 #### dm.override_udev_sync_check
-By default, the devicemapper backend attempts to synchronize with the
+By default, the devicemapper backend attempts to synchronize with the `udev`
-`udev` device manager for the Linux kernel.  This option allows
+device manager for the Linux kernel.  This option allows disabling that
-disabling that synchronization, to continue even though the
+synchronization, to continue even though the configuration may be buggy.
 configuration may be buggy.
 To view the `udev` sync support of a Docker daemon that is using the
 `devicemapper` driver, run:
@ -506,10 +544,9 @@ To view the `udev` sync support of a Docker daemon that is using the
 When `udev` sync support is `true`, then `devicemapper` and `udev` can
 coordinate the activation and deactivation of devices for containers.
-When `udev` sync support is `false`, a race condition occurs between
+When `udev` sync support is `false`, a race condition occurs between the
-the `devicemapper` and `udev` during create and cleanup. The race
+`devicemapper` and `udev` during create and cleanup. The race condition results
-condition results in errors and failures. (For information on these
+in errors and failures. (For information on these failures, see
 failures, see
 [docker#4036](https://github.com/docker/docker/issues/4036))
 To allow the `docker` daemon to start, regardless of whether `udev` sync is
@ -517,15 +554,14 @@ To allow the `docker` daemon to start, regardless of whether `udev` sync is
        $ dockerd --storage-opt dm.override_udev_sync_check=true
-When this value is `true`, the driver continues and simply warns you
+When this value is `true`, the driver continues and simply warns you the errors
-the errors are happening.
+are happening.
-**Note**: The ideal is to pursue a `docker` daemon and environment
+**Note**: The ideal is to pursue a `docker` daemon and environment that does
-that does support synchronizing with `udev`. For further discussion on
+support synchronizing with `udev`. For further discussion on this topic, see
 this topic, see
 [docker#4036](https://github.com/docker/docker/issues/4036).
-Otherwise, set this flag for migrating existing Docker daemons to a
+Otherwise, set this flag for migrating existing Docker daemons to a daemon with
-daemon with a supported environment.
+a supported environment.
 #### dm.min_free_space
@ -536,14 +572,13 @@ free space checking logic. If user does not specify a value for this option,
 the Engine uses a default value of 10%.
 Whenever a new a thin pool device is created (during `docker pull` or during
-container creation), the Engine checks if the minimum free space is
+container creation), the Engine checks if the minimum free space is available.
-available. If the space is unavailable, then device creation fails and any
+If the space is unavailable, then device creation fails and any relevant
-relevant `docker` operation fails.
+`docker` operation fails.
 To recover from this error, you must create more free space in the thin pool to
-recover from the error. You can create free space by deleting some images
+recover from the error. You can create free space by deleting some images and
-and containers from tge thin pool. You can also add
+containers from tge thin pool. You can also add more storage to the thin pool.
 more storage to the thin pool.
 To add more space to an LVM (logical volume management) thin pool, just add
 more storage to the  group container thin pool; this should automatically
@ -555,13 +590,13 @@ Example use:: `dockerd --storage-opt dm.min_free_space=10%`
 #### dm.xfs_nospace_max_retries
-Specifies the maximum number of retries XFS should attempt to complete
+Specifies the maximum number of retries XFS should attempt to complete IO when
-IO when ENOSPC (no space) error is returned by underlying storage device.
+ENOSPC (no space) error is returned by underlying storage device.
-By default XFS retries infinitely for IO to finish and this can result
+By default XFS retries infinitely for IO to finish and this can result in
-in unkillable process. To change this behavior one can set
+unkillable process. To change this behavior one can set xfs_nospace_max_retries
-xfs_nospace_max_retries to say 0 and XFS will not retry IO after getting
+to say 0 and XFS will not retry IO after getting ENOSPC and will shutdown
-ENOSPC and will shutdown filesystem.
+filesystem.
 Example use:
@ -572,9 +607,9 @@ Example use:
 #### zfs.fsname
-Set zfs filesystem under which docker will create its own datasets.
+Set zfs filesystem under which docker will create its own datasets.  By default
-By default docker will pick up the zfs filesystem where docker graph
+docker will pick up the zfs filesystem where docker graph (`/var/lib/docker`)
-(`/var/lib/docker`) is located.
+is located.
 Example use: `dockerd -s zfs --storage-opt zfs.fsname=zroot/docker`
@ -582,20 +617,19 @@ Example use: `dockerd -s zfs --storage-opt zfs.fsname=zroot/docker`
 #### btrfs.min_space
-Specifies the mininum size to use when creating the subvolume which is used
+Specifies the mininum size to use when creating the subvolume which is used for
-for containers. If user uses disk quota for btrfs when creating or running
+containers. If user uses disk quota for btrfs when creating or running a
-a container with **--storage-opt size** option, docker should ensure the
+container with **--storage-opt size** option, docker should ensure the **size**
-**size** cannot be smaller than **btrfs.min_space**.
+cannot be smaller than **btrfs.min_space**.
 Example use: `docker daemon -s btrfs --storage-opt btrfs.min_space=10G`
 # CLUSTER STORE OPTIONS
-The daemon uses libkv to advertise
+The daemon uses libkv to advertise the node within the cluster.  Some Key/Value
-the node within the cluster.  Some Key/Value backends support mutual
+backends support mutual TLS, and the client TLS settings used by the daemon can
-TLS, and the client TLS settings used by the daemon can be configured
+be configured using the **--cluster-store-opt** flag, specifying the paths to
-using the **--cluster-store-opt** flag, specifying the paths to PEM encoded
+PEM encoded files.
 files.
 #### kv.cacertfile
@ -604,19 +638,19 @@ Specifies the path to a local file with PEM encoded CA certificates to trust
 #### kv.certfile
 Specifies the path to a local file with a PEM encoded certificate.  This
-certificate is used as the client cert for communication with the
+certificate is used as the client cert for communication with the Key/Value
-Key/Value store.
+store.
 #### kv.keyfile
 Specifies the path to a local file with a PEM encoded private key.  This
-private key is used as the client key for communication with the
+private key is used as the client key for communication with the Key/Value
-Key/Value store.
+store.
 # Access authorization
-Docker's access authorization can be extended by authorization plugins that your
+Docker's access authorization can be extended by authorization plugins that
-organization can purchase or build themselves. You can install one or more
+your organization can purchase or build themselves. You can install one or more
 authorization plugins when you start the Docker `daemon` using the
 `--authorization-plugin=PLUGIN_ID` option.
@ -624,10 +658,10 @@ authorization plugins when you start the Docker `daemon` using the
 dockerd --authorization-plugin=plugin1 --authorization-plugin=plugin2,...
 ```
-The `PLUGIN_ID` value is either the plugin's name or a path to its specification
+The `PLUGIN_ID` value is either the plugin's name or a path to its
-file. The plugin's implementation determines whether you can specify a name or
+specification file. The plugin's implementation determines whether you can
-path. Consult with your Docker administrator to get information about the
+specify a name or path. Consult with your Docker administrator to get
-plugins available to you.
+information about the plugins available to you.
 Once a plugin is installed, requests made to the `daemon` through the command
 line or Docker's remote API are allowed or denied by the plugin.  If you have